• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Decryption challenge: someone decrypt this

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
I am reluctant to share the source, for "security" reasons, but ultimately I don't think it would matter much unless you're really into stealing PCs.
Click to expand...
You mean you're reluctant to share the source for "obscurity" reasons. As the saying goes, security through obscurity is not security.

 
nd, point is conceded. Although the reason I put "security" in quotes is because even if the algorithm were out there, there still wouldn't be much damage that anybody could do with it.
 
Originally posted by: KevinMU1
Well everyone, the program that uses this encryption is now live, if you really want to pull apart the program it's in and try to crack it that way, you can download the whole stinkin' thing. It's actually part of my BitWise chat client, and the "encryption" was part of the new release that just came out. If you haven't checked out BitWise and are at all interested in this sort of development project, please stop by and check it out--the link is in my sig. How you'll find the few lines that do the encrypting in all my code is another problem. 😉

PS there are no shifts by arbitrary amounts, it is more methodical than that.
Click to expand...

if you tell people that its encrypted and you do this home grown encryption bs it looks very poorly on you and your product.
 
Two things:

1) Just because it's home grown does not make it worse.

2) Using something non-standard means that there is no public knowledge of them.

Lastly, as I've said before, the "encryption" needed is minimal--this is how the saved passwords for login are being "encrypted." It's only a threat to computers with more than 1 user, a user that cares enough to find where I put the information, and cares enough to try and crack it. There really is not much to be worried about. Our encryption of actual MESSAGES will likely involve something "stronger" and more proven, but for simple passwords being stored locally it hardly seemed necessary.
 
Originally posted by: KevinMU1
Two things:

1) Just because it's home grown does not make it worse.

2) Using something non-standard means that there is no public knowledge of them.
Click to expand...

Encryption is a very well studied field. It is extremely unlikely that anyone could come up with a novel way to encrypt data. It may be OK for what you use it for, but don't claim it's better than PGP or its equivalent. I imagine there are programs out there that systematically crack all the codes written by amateurs. If you are going to use strong encryption in other parts of your program, why are you so reluctant to use it for storing your passwords?



 
I wasn't trying to say it was better than anything out there, and I didn't mean to imply that either. I fully accept that other methods are better... I just wanted some fast, simple, etc that I could plug in easily to my existing project.

Why am I reluctant to using it for storing passwords? Because I wanted a fast solution, and didn't want to choose which was best for our use, and commit to that, and I can change it later. It was a matter of needing something I could just use very quickly and not have to analyze too much. Plus, I enjoy coming up with this kind of stuff.

Not that I'm going to be the one to do it, but I wouldn't say it's extremely unlikely that anyone will come up with a better way. There are always better ways of doing things. Dead-ending anything is short-sighted. not that I'll be the one to do it, but computing changes all the time, there's no way of knowing where things will go.
 
Lastly, as I've said before, the "encryption" needed is minimal--this is how the saved passwords for login are being "encrypted." It's only a threat to computers with more than 1 user, a user that cares enough to find where I put the information, and cares enough to try and crack it. There really is not much to be worried about. Our encryption of actual MESSAGES will likely involve something "stronger" and more proven, but for simple passwords being stored locally it hardly seemed necessary.
Click to expand...

You found creating a homegrown algorithm to be more feasible than using one of the many available encryption libraries for every language on the planet?
 
He's like a linux guy who writes his own software... Sure, he could use M$ stuff, or other companies' programs, but he does his own just cause he can and it's fun or something. Why cook when you have McDonalds? Just cause...
 
I found it more feasible b/c I didn't have to do any code integration, and, more importantly, I didn't have to spend time determining which one to use. I downloaded a massive library with tons of encryption methods, but didn't want to pick one, cause I would have wanted to weigh the merits of each of them.

The algorithm took me about 30 minutes to write, and I learned a thing or two in the process. I will research the "real" algorithms later, when it becomes time to implement secure message transmission.
 
silverpig, thanks for the support, you were a little more blunt than I was willing to be. We must have replied about the same time, yours wasn't there when I made that last post.

And you're right, it is fun. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top