String encryption in GS3
My last attempts weren't very secure, so I thought of a new method.
Personally I think this is semi-secure, or at least harder to crack than my last method. The only flaw of it, the key must be at least 10 in length and can't have any repeated characters. From what I can tell, this method is called "hashing". PHP Code:
!)*!)(!)):!!:!::!#:!$:!%:!^:!&:!*:!(:!)::!:::::#:: $::%::^::&::*::(::):#!:#::## The last method, you could crack by trying 30 or so possible combinations, where as this one would require you to try a mass amount of combinations that you wouldn't want to have to go through and try and find the one that looks like something useful. Also I think due to the maxlooplimit, the maximum length of the string would be 3,333. |
This is not a hash function.
Is it just me or is GS3 an incredibly noisy language? Here's a cleaned-up version in GS2 with a few comments added: PHP Code:
So, it's pretty obvious that your function is extremely vulnerable to a chosen plaintext attack which would allow me to steal your key. For example, if I feed you the ASCII character with decimal value 012 and you encrypt it, I will get back the first three characters of the key: PHP Code:
Quote:
PHP Code:
Quote:
Additionally to limiting the key size to exactly 10 characters, all 10 characters must be unique (or lossless decryption will not be possible), which further reduces the potential key space. It would be a fairly simple matter to try every possible key given enough encrypted text and run frequency analysis on the results to narrow it down to a handful of possible results, telling you both the key and the decrypted text. Since each character is always represented exactly the same way when encrypted, we can also do simple frequency analysis on a bunch of encrypted text to determine which three characters in the encrypted text represent which ASCII character in the plaintext. Let's say you are using this to encrypt some kind of in-game communication and I am able to capture a few days of encrypted text. I can then count how many times each pattern of three characters appear and compare the frequency of each pattern to the known relative frequencies at which letters are used in English. The more data I have the easier it gets, but with a little guess-and-check it wouldn't take much data at all. There are also undoubtedly even simpler attacks than the ones I mentioned. It's certainly better than your last attempt, but still in no way even remotely secure. |
Damn lol, each time I think iv'e got it figured, you expose the holes haha.
But it brings me to the next point, if the "hacker" didn't know how I was encrypting things or had access to the function to get the key, wouldn't that make it more secure? Eg, if they didn't have access to the function, they wouldn't be able to test their values to get the key. |
Quote:
What you are proposing is the definition of security through obscurity. In your case, yeah, it would probably increase security, but only because your attackers aren't very dedicated. In general though it is far better to go with a published algorithm like AES than to try to outsmart the people trying to break your encryption. The "best" encryption scheme is generally the one that has been around a long time, has received a lot of attention, and has still not been broken. You can read more about AES's history and see that some of the candidates had severe flaws which were discovered only because the algorithms were published (and of course the people writing the algorithms who missed those flaws were a lot smarter than you or me). Also in general it's inevitable that your encryption code will be leaked eventually, so it makes sense to pick the algorithm where it doesn't matter if the code is public rather than the one that might completely crumble when the code is public. |
A great hash function to generate passwords with I made a while ago!
NPC Code: This is a hash function I made way back, and it's pretty effective, and length of string & key can be as long as you want (longer string lengths requires more processing though) and it allows you to specify the length of the returned hash. You might find something in there, I would suggest to take a look at bit manipulations, xor, etc and of course, do as Chris said and check out other encryption and hash functions out there. Example output: PHP Code:
|
All times are GMT +2. The time now is 01:09 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.