38 replies to this topic

[Fanatic Guru]

Encryption with a computer that a human can not decrypt without a computer is very easy.

Most computer languages have mathematical encryption practically built in to them.

Coded: 
8783747396023239298743731302313901643072191838719011641316189274466278894194845315556899871146828634986425280796680024278251384279177316642049728087805692868945391712726612453225949246399559680303626512900095642692972069806879117246268784050635964981698803403787361348961122665410731911386406189925877589335467615466468275949100461358638436620138623900239658189239950231800577231095918775523945854352923465904156552105708201661103101717657940005243643617798460959283017839113256093885983760738352167909757502523745064782211312607260352567225419203258219704421298827484365966927073811538477319444664377925049717932312815887787376019155281853175650471325927543744444954263267411213989156870345223854652202783611837067580956670930500975495088263812387231413472531643684954218063733219310448061019882915770589378462237744246737075577002570692060276979898830261255674771508467308714639479407555736530438284478167492065101877965735798131720285015438639241632631455545918526538792048826760285258734770733074643608511276698142046686257843990033227733928698944771830647597510368290812602371737238409200910673818594462315412159395342888301

I have never written an encrypt script before in my life and the script that created that coded message took about 20 minutes and 20 lines of code.

I don't believe anyone here can crack it and I kept it very simple.

FG

[A v i]

Encryption with a computer that a human can not decrypt without a computer is very easy.

Most computer languages have mathematical encryption practically built in to them.
 

Coded: 
8783747396023239298743731302313901643072191838719011641316189274466278894194845315556899871146828634986425280796680024278251384279177316642049728087805692868945391712726612453225949246399559680303626512900095642692972069806879117246268784050635964981698803403787361348961122665410731911386406189925877589335467615466468275949100461358638436620138623900239658189239950231800577231095918775523945854352923465904156552105708201661103101717657940005243643617798460959283017839113256093885983760738352167909757502523745064782211312607260352567225419203258219704421298827484365966927073811538477319444664377925049717932312815887787376019155281853175650471325927543744444954263267411213989156870345223854652202783611837067580956670930500975495088263812387231413472531643684954218063733219310448061019882915770589378462237744246737075577002570692060276979898830261255674771508467308714639479407555736530438284478167492065101877965735798131720285015438639241632631455545918526538792048826760285258734770733074643608511276698142046686257843990033227733928698944771830647597510368290812602371737238409200910673818594462315412159395342888301

I have never written an encrypt script before in my life and the script that created that coded message took about 20 minutes and 20 lines of code.

I don't believe anyone here can crack it and I kept it very simple.

FG

 

Simply, if you don`t keep the algorithm open-source , it is impossible to crack a encrypted text .You can do anything in the background and nobody can guess what have you done. The challenge comes when you are to keep the algorithm open-source and also when you look to store the password in the encrypted text itself.

By the way, 20 minutes is a very long time. Did you mean 20 seconds ?

 

And also check the Clipjump's topic, I have quoted you. I need some favor there.

[Fanatic Guru]

When I said 20 minutes I was talking about the time it took me to write the code. I can't type 20 lines of code in 20 seconds. The script executes in milliseconds. Most of that time was because of a syntax error in a key command.

Even with the script open-source I do not believe this message can be decrypted because the message is short but if the message was long enough it could be decrypted by a smart person with the right software.

Coded := Code(String,Password)

MsgBox % "Coded: `n" Coded
Msgbox % "Uncoded: `n" Uncode(Coded,Password)

Code(String, Seed)
{
	Random,, Seed
	Loop, Parse, String
	{
		Random x, 1, 1000000
		Random y, 1, 1000000
		newString .= (Asc(A_loopfield)+x) y
	}
	return newString
}

Uncode(String, Seed)
{
	Random,, Seed
	while StrLen(String)>0
	{
		Random x, 1, 1000000
		Random y, 1, 1000000
		Pos := InStr(String, y)
		oldString .= Chr(SubStr(String, 1, Pos-1)-x)
		String := SubStr(String, Pos+StrLen(y))
	}	
	return oldString
}

This is not industrial strength encryption but it is a far cry from something someone can crack by a little language knowledge like finc did.

Seeding the Random generator built into AHK is a good start and is along the lines of how real industrial strength encryption is done from what I understand.

I have never studied encryption only knowledge I have picked up here and there from magazines and TV but from what I understand with a little research I imagine I could create an open source encryption script that could not be broken by anyone on the planet.

From what I understand encryption techniques are beyond being unbreakable and is now about speed, efficiency, simplicity, compression, etc.

FG

[A v i]

The Random eg is not open-source as itmainly uses the inbuilt Random cmd which nobody can see.
On the other side, i hv used only the mod , instr and floor functions which are very straight forward funcs and everybody knows them.

[Fanatic Guru]

The Random command is as open source as any other command in AHK. Anyone that wants to can look at the source code and see exactly how it works.

Random is built into AHK for speed and convenience. Like most any other command in AHK it could be written as a function in an AHK script with basic commands and work just the same only slower. I used the built in Random command because it is there and produces fairly good encryption.

If you don't like the Random command another common technique is to convert your string to be encoded into binary. Then bit shift the binary string a number of places as determined by your password then convert the binary string back to text. You will end up with a string of random looking gibberish characters. This is straightforward to understand and hard to crack depending on how complicatedly you scramble the bits. This is how I first thought about doing it but I do not know the AHK binary commands right off hand.

If you convert both your string and your password to binary and then do a binary modular addition of the two and then convert back to text you can create a code that is mathematically impossible to break if you are willing to have a password that is as long as your string.

Maybe I am misunderstanding and you are not truly looking for strong encryption but a fun substitution cipher that can be broken with some thought like a puzzle.

FG

[rbrtryn]

The Mersenne Twister, which the Random command uses, is completely open source. You can find its C source code here.

[A v i]

The Random command is as open source as any other command in AHK. Anyone that wants to can look at the source code and see exactly how it works.

Random is built into AHK for speed and convenience. Like most any other command in AHK it could be written as a function in an AHK script with basic commands and work just the same only slower. I used the built in Random command because it is there and produces fairly good encryption.

Again, my aim was testing a custom algorithm, not using one Takuji Nishimura and Makoto Matsumoto. 
 

Maybe I am misunderstanding and you are not truly looking for strong encryption but a fun substitution cipher that can be broken with some thought like a puzzle.

v0.1 was breakable because I didnt knew about the tricks and techinques present, v0.3's challenge stands there and it is very difficult to break.

 

From what I understand encryption techniques are beyond being unbreakable and is now about speed, efficiency, simplicity, compression, etc.

I feel you are right here. It should be relatively easy to create a unbreakable system that uses the power of the computer and the uniqueness of the password. By the way, I havent seen any algorithm with compression, the minimum I see is in TEA by <xyz> and then mine's , both replace each char of the string by a unique char i.e the Strlen's of both strings are same.

...

...

[A v i]

Version jumped to 0.6

*  PASSWORDS CAN NOW BE CASE-SENSITIVE AND ALPHA-NUMERIC THUS SECURE AND EASY TO REMEMBER
*  STRING'S CASE IS CONSERVED THROUGH THE PROCESS
*  MORE CHARACTER SUPPORT(2x), MORE POWERFUL

[guest3456]

are people seriously trying to write their own encryption algorithms?

[VxE]

are people seriously trying to write their own encryption algorithms?

 

It's something of a rite of passage among passionate programmers (I did the same thing). The pattern usually goes like this:
1. Nerd finds a Darkwing Duck Secret Decoder Ring in a box of cereal.
2. He thinks "I can write code to do this!".
3. He implements a trivial variant of ROT-26.
4. He posts the code online saying it's "secure" because it's good enough for Darkwing Duck.
5. Peers crack the code trivially and point out how weak it is.

At that point the coder can either admit defeat or revise his code until the "encryption" is no longer easily broken. Eventually he'll realise that there's a world of difference between "not easily broken" and "actually secure". Bonus points for implementing a public key algorithm that actually works.

[jNizM]

In the german subforum there are some tries too for self-encryption
- StringEncrypt & Decrypt by nnnik
- Encoder & Decoder by Alibaba

[Fanatic Guru]

At this point it is more just a mental challenge to see what kind of encryption I can come up with without looking at any references or others work and not using the Random command as that relies heavily on someone else's work that I could not reproduce independently.

Simple Commands Encryption:

String := "Each script is a plain text file containing commands to be executed by the program (AutoHotkey.exe). A script may also contain hotkeys and hotstrings, or even consist entirely of them. However, in the absence of hotkeys and hotstrings, a script will perform its commands sequentially from top to bottom the moment it is launched."

Key := "Creating a script"

Coded := XOR_String_Plus(String, Key)
Decoded := XOR_String_Minus(Coded, Key)

MsgBox % "String:`n" String "`n`nCoded:`n" Coded "`n`nDecoded:`n" Decoded

XOR_String_Plus(String,Key)
{
	Key_Pos := 1
	Loop, Parse, String
	{
		String_XOR .= Chr((Asc(A_LoopField) ^ Asc(SubStr(Key,Key_Pos,1))) + 15000)
		Key_Pos += 1
		if (Key_Pos > StrLen(Key))
			Key_Pos := 1
	}
	return String_XOR
}

XOR_String_Minus(String,Key)
{
	Key_Pos := 1
	Loop, Parse, String
	{
		String_XOR .= Chr(((Asc(A_LoopField) - 15000) ^ Asc(SubStr(Key,Key_Pos,1))))
		Key_Pos += 1
		if (Key_Pos > StrLen(Key))
			Key_Pos := 1
	}
	return String_XOR
}

There does not really have to be two functions. There are two functions only because I wanted to push the character range up into more interesting characters and out of special control characters so add 15000 in one function place and subtract it in another. If you don't want to shift the character range the same function encodes and decodes but you can get funky undisplayable control characters that can mess things up.

It is possible certain Key and String combinations can create control characters that AHK will have trouble processing. If everything was low level file to file it probably would not matter but attempting to display every character that Chr() can produce can probably have weird results when you try to display them.

Also if you are willing to make the Key as long as the String being encoded then the code becomes unbreakable.

Output:


FG

[rbrtryn]

Also if you are willing to make the Key as long as the String being encoded then the code becomes unbreakable.

This depends on what you mean by unbreakable:

• Unbreakable by me alone? Certainly
• Unbreakable by a roomful of experienced hackers using linked computers? Unlikely
• Unbreakable by law enforcement? Very Unlikely
• Unbreakable by the NSA? Forget about it

It all depends on how much time and effort you are willing to devote to breaking it.

[Fanatic Guru]

This depends on what you mean by unbreakable:

• Unbreakable by me alone? Certainly
• Unbreakable by a roomful of experienced hackers using linked computers? Unlikely
• Unbreakable by law enforcement? Very Unlikely
• Unbreakable by the NSA? Forget about it

It all depends on how much time and effort you are willing to devote to breaking it.

 

 

I mean impossible to break by any means in the universe. Mathematically perfect encryption.

 

http://en.wikipedia....ki/One-time_pad

 

The script implements the one-time pad technique.  As the length of the key approaches the length of the string to be encrypted the ability to analysis any pattern decreases until at equal length no pattern exist as it is a pattern of one.  At that point it becomes impossible to decrypt. 

 

You might think well I will just try every possible key but that will not work as there exist a key that will produce every possible string also so there is no way to tell when you have the correct key.

 

Imagine an encrypted 3 letter string.  If you try every possible 3 letter key you will get a result of every possible solutions string so a particular key will return "bat" but another particular key will return "top" so you never know when you got the correct key or just a false key that also happens to form a word.

 

It is the same way with a text file that is sentences that equal 1000 characters.  There is a key that will produce every text file that has sentences that say anything that is possible in 1000 characters.

 

This encryption is perfect as far as being unbreakable.  All other encryption techniques sacrifice unbreakable for more efficient.  Any code that has a key that is shorter than the encrypted string is breakable then it is just a matter of how much calculations are required to the ratio of the key length to string length to discern patterns that will allow you to weed out incorrect keys.

 

What makes modern encryption fancy is just getting an incredible ratio of number of calculations to break the code compared to the key to string ratio.

 

Stuff like encrypting a 1 gig file with a 128 key that requires trillions and trillions of calculations to break.  It is all about how many calculations the encryption technique can force on average to break that 1 gig encrypted file with a 128 key password.

 

But all non-perfect encryption are only average calculations to break.  It is possible to break any non-perfect encryption with the very first calculation if you get lucky enough.

 

With perfect encryption (which requires the key to contain as much information as the string) there is no such thing as getting lucky because even if you do enter the correct key and get a coherent result you don't know if that is the correct result or you just got unlucky and picked one of the many keys that could give one of the false but possible other coherent results.   There are not patterns that can be discerned that will allow the elimination of keys that give coherent results.  All keys that give coherent results are as valid as all other keys that give coherent results.

 

The NSA can not stop perfect encryption.  Anyone that wants to use unbreakable encryption can.  The NSA just tries to control the spread of very efficient but imperfect encryption but that cat is done long out of the bag also.  It is easy to encrypt a file with open source imperfect but very efficient software that nobody on the planet can decrypt unless they get astronomically lucky.  Numbers on the order of like one divided by the number of atoms on planet earth. 

 

FG

 

 
 

[fincs]

The script implements the one-time pad technique. As the length of the key approaches the length of the string to be encrypted the ability to analysis any pattern decreases until at equal length no pattern exist as it is a pattern of one. At that point it becomes impossible to decrypt.

The script does NOT implement one-time pad; rather a computer version of the Vigenère cipher with a repeating key; this is trivially easy to break. Even if the key were non-repeating, you could still figure it out because you used actual non-random text and that has special properties.

For one-time pads you always need to use truly random data (PRNGs are useless for this as their output do have a pattern).