Thread: Encryption
View Single Post
Unread 2 Mar 2006, 08:46   #27
queball
Ball
 
queball's Avatar
 
Join Date: Oct 2001
Posts: 4,410
queball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so little
Re: Encryption
Quote:
Originally Posted by meglamaniac
A couple of years ago I built a mIRC script to encrypt text based around OTP. It's not as secure as a true OTP as it uses pads of a set length as it's "keys", so if the message length exceeds the pad length, it will loop back round to the start of the pad and carry on. To counteract this somewhat, it uses TWO pads at the same time and alternates between them (well it's not quite that simple but still).
This could at most have the effect of doubling the pad length. In fact it looks to me like the algorithm pad length is still effectively 1024; it ignores half of each key and interleaves the rest together.

Quote:
Also, as it's designed to encrypt text, it shuffles the words around, but in such a way that it can unshuffle them again. In addtion, it performs rotary bitshifts either left or right, but again in such a way that it still knows which way to bitshift to decrypt.

If you have access to the algorithm then the shuffling, the bitshifting, and the other protection mechanisms are uesless in security terms. However, if you gain access to the pads without the algorithm, they provide another layer of encryption to be broken.
Even for a secret code, bitshifting provides a tiny tiny amount of obfuscation (it could be made slightly better by compressing the original message) and word shuffling is basically worthless. I thought we proved this in some kind of contest a while back?

Quote:
One standard method to break weak encryption is to look for possible patterns of letters. For example, in a simple substitution scheme you might notice that "iu" appears often, and conclude that this represents "th". This then gives you pointers to additional patterns, and so on. While it's not quite that simple, the same attack can be used against OTPs where the pad length is shorter than the message. The shorter the pad in comparison to the message, the greater the scope for attack.
It's easy to break a one-time-pad used even twice on plain text. Why not use AES?

Quote:
Word shuffling does nothing to prevent this method of attack (although it does provide confusion by not producing a sensible sentance), but bitshifting and the use of two pads at varying rates (it's not a simple case of letter 1 uses value 1 of pad 1, letter 2 uses value 1 of pad 2, letter 3 uses value 2 of pad 1, etc) does do a reasonable job of screwing this attack vector up.
It really doesn't. It's like shuffling a pack of shuffled cards.
queball is offline   Reply With Quote