Skill with encyption/decryption

[MyCrows]

Hey guys, I'm curious whether any of our members has real skills with either encryption or decryption of computer files.

I'm pretty close to utilizing my new script to encrypt/decrypt my files, and I want to know if anyone is interested in trying to crack it.

The goals would be to...

1. Determine the encryption method
2. Retrieve any/all usable data

I'm not an expert in encryption, just using the programming skills that I have along with some creativity. I wouldn't have the slightest clue how to decrypt something I wasn't familiar with.

 

[pmachapman]

Are you using a standard algorithm, bolting together some existing algorithms, or have you modified or rolled your own encryption code?

I don't have the time to work backwards from samples of ciphertext (I did when I was at University many years ago...), but if you outline the method and configuration (average size of plaintext, what sort of plaintext will be encrypted, algorithm, key length, mode of operation, stream or block, symmetric or asymmetric, etc) I can tell you approximately how secure it is for the purpose you are intending it for.

There is a very good reason that the sci.crypt.research newsgroup had the rule "DO COMPLETELY DOCUMENT your algorithm with both a text description and, if applicable, computer source code."

 

[MyCrows]

Well as best as I can explain it, it's just plain old one-time-pad encryption, length of key matches file to be encrypted.

The majority of my effort is generating an evenly distributed key from two user-provided pass phrases, which each have a 16 character salt added, and are used to output 2 different hashes. These hashes continue to concatenate and produce subsequent md5 hashes, and cross over from time to time, until file length is reached for the key.

 

[pmachapman]

It sounds like it will be vulnerable to the soft of attacks you would use against CBC ciphers. You might want to look at key expansion algorithms. AES has a fairly interesting one if I remember correctly.

I remember your post on wanting to encrypt Bibles. Given your plaintext is quite well known, attacking your cipher will be easy, and given rainbow tables for MD5, someone should be able to work backwards and find your key.

I would suggest using a standard cipher like AES. Use a very large key size if you want it the file to remain secure for a while.

 

[Stephen L Smith]

It sounds like it will be vulnerable to the soft of attacks

At the moment we are vulnerable to Cyclone Gabrielle attacks! Trust you guys are doing fine in New Plymouth. Very strong winds here, thankfully no damage.

 

[MyCrows]

It sounds like it will be vulnerable to the soft of attacks you would use against CBC ciphers. You might want to look at key expansion algorithms. AES has a fairly interesting one if I remember correctly.

I remember your post on wanting to encrypt Bibles. Given your plaintext is quite well known, attacking your cipher will be easy, and given rainbow tables for MD5, someone should be able to work backwards and find your key.

I would suggest using a standard cipher like AES. Use a very large key size if you want it the file to remain secure for a while.

Thank you for your reply. I think I understand what you are driving at with the weaknesses in having a well known plaintext, and having my one time pad derived from md5...(stupid rainbow tables!)

I will check into the key expansion and look further into 128 and 256 bit AES. Definitely sounds like a better idea.

Over my head on some of this stuff, but gotta keep going, that's how you learn lol.