Author Topic: Any encryption crackers? <challenge> (Read 13220 times)

MP · « **on:** August 22, 2004, 02:04:41 PM »

I'm trying to see how crack proof an XOR based encryption routine I've written for my own use is, and while I'm not trying to meet government / military specs, I want it as secure as possible whilst maintaining reasonable peformance.

So, given ...

Code: [Select]

(mapcar
    
    (function (lambda (text) (encode text password)))

   '(   
        "theswamp.org"
        "It is the answer."
        "Do you know the question?"
    )
    
)

;;  returns:

(

    "uöðwceèý/|ö}"
    "Wh»îh¡òy{·òùùwnå¥"
    "Eb¯êûs:oôð{8óüy ärnãüöpf³"
    
)

;;  Passing the encoded text back at the 
;;  encoder returns the original string:

(mapcar
    
    (function (lambda (text) (encode text password)))

   '(   
        "uöðwceèý/|ö}"
        "Wh»îh¡òy{·òùùwnå¥"
        "Eb¯êûs:oôð{8óüy ärnãüöpf³"
    )
    
)

;;  returns:

(   
    "theswamp.org"
    "It is the answer."
    "Do you know the question?"   
)

... can you crack the algorithm?

If no one cracks it I'll likely keep the algorithm hush hush but may make a vlx or dll available to those that request it.

If you spend any time trying to crack this please accept my abundant thanks in advance.

If you successfully crack this I'll buy you a case of beer (and head back to the drawing board).

Ron Heigh · « **Reply #1 on:** August 23, 2004, 12:05:04 AM »

did you modify the typical XOR encryption method to make it stronger?

MP · « **Reply #2 on:** August 23, 2004, 12:27:10 AM »

Quote from: Ron Heigh

did you modify the typical XOR encryption method to make it stronger?

Hmmm ... I don't know what the "typical XOR encryption method " is, but I rolled my own algorithm that at its core, like most encryption methods, involves XOR bit twiddling, thought there's more to it than that -- if there weren't it could have been cracked just like that (snapping fingers thusly).

I did not start with a standard recipe and modify it. I've had this idea for quite awhile and finally gave in and coded it. I coded it in both LISP and VB. To my surprise it seems to perform reasonably well in both.

I'm actually looking forward to see who can break it, finding out how they broke it and what they feel is its inherent weakness(es).

Thanks for the question Ron.

Michael.

JohnK · « **Reply #3 on:** August 23, 2004, 06:31:33 AM »

Oh your a bastard MP; Now im gonna be up all night thinking about this lil gem. I tried my hand at ONE encryption program and i got confusused right away. But ill give this one some thought. (Dont count on me cracking anything, but i would like to see if i can get a few letters back)

*Se7en grumbles away, back to bed.*

Mark · « **Reply #4 on:** August 23, 2004, 07:35:19 AM »

I see no way of cracking it without knowing the password. I did learn something though, I learned how to write my own encryption program in C++.

MP · « **Reply #5 on:** August 23, 2004, 12:17:22 PM »

Quote from: Mark Thomas

I see no way of cracking it without knowing the password.

Could ya crack it if you had the password?

Quote from: Mark Thomas

I did learn something though, I learned how to write my own encryption program in C++.

Excellent, can't be get faster performance than that unless you're an assembly language masochist (masmchist?).

Ron Heigh · « **Reply #6 on:** August 23, 2004, 12:29:16 PM »

Alot of crackers don't bother with your encryption algorhythem.
Instead, they hex edit the point where your program says "if serial it valid then proceed" to read "if serial isn't valid then proceed".
The best encryption in the world isn't any good if your program it weak into your software.

Mark · « **Reply #7 on:** August 23, 2004, 12:31:32 PM »

>Could ya crack it if you had the password?
Me! Probably not no. But I'm guessing others might.

MP · « **Reply #8 on:** August 23, 2004, 12:32:52 PM »

True, but if you wish to put data into a vault encryption is the answer.

CAB · « **Reply #9 on:** August 23, 2004, 12:50:58 PM »

What happens when the user looses the password?
Can you recover the data?

CAB

Ron Heigh · « **Reply #10 on:** August 23, 2004, 01:02:19 PM »

Like adding a backdoor password?

MP · « **Reply #11 on:** August 23, 2004, 01:19:02 PM »

There is no back door password. Lose the password and you'd have to resort to bombastic methods the hackers use, like dictionary, hybrid and brute force attacks to recover the data.

If you use a simple password like just a single characters or a simple word, it could easily be cracked by a dictionary or hybrid crack. On the other hand if you used a crack stifling password that's long and has a mix of alpha-numerics and punctuation you might be beyond the ability of a brute force attack simply because of the time required to crack the password.

Dictionary attack

A simple dictionary attack is by far the fastest way to break into a machine. A dictionary file (a text file full of dictionary words) is loaded into a cracking application, which is run against user accounts located by the application. Because the majority of passwords are often simplistic, running a dictionary attack is often sufficient to to the job.

Hybrid attack

Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a password. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "cat"; second month password is "cat1"; third month password is "cat2"; and so on.

Brute force attack

A brute force attack is the most comprehensive form of attack, though it may often take a really long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password.

See link.

JohnK · « **Reply #12 on:** August 23, 2004, 01:29:03 PM »

I think your missing the point; He gavve you the origional and the encrypted version of the strings. I think what wants is a crack at "reverse engineering" (sorta) the methods used.

...Well, at least that is what im plaining on doing. Take the strings compair the ASCII and BINARY and see if i cant see a pattern.

MP · « **Reply #13 on:** August 23, 2004, 01:40:58 PM »

Quote from: Se7en

I think what wants is a crack at "reverse engineering" (sorta) the methods used.

Yep, that's what I was thinking, but if someone wants to try and crack the password they can try that too. Either will do, insomuch as you succeed at either I'll make good on the case of wobbly pops.

David Bethel · « **Reply #14 on:** August 23, 2004, 03:51:52 PM »

Just a quick look see.

In ACSIIi here are the values and differences.

Code: [Select]


;Original
034  117  246  240  119  099  101  232  253  047  124  246  125  034  034  087  104  187  238  104  161  242  121  123  183  242  249  249  119  110  229  165  034  034  069  098  175  234  251  115  058  111  244  240  123  056  243  252  121  032  228  114  110  227  252  246  112  102  179  034  

;Encrypted
034  116  104  101  115  119  097  109  112  046  111  114  103  034  034  073  116  032  105  115  032  116  104  101  032  097  110  115  119  101  114  046  034  034  068  111  032  121  111  117  032  107  110  111  119  032  116  104  101  032  113  117  101  115  116  105  111  110  063  034

;Difference
  0   -1 -142 -139   -4   20   -4 -123 -141   -1  -13 -132  -22    0    0  -14   12 -155 -133   11 -129 -126  -17  -22 -151 -145 -139 -134    0   -9 -115 -119    0    0   -1   13 -143 -113 -140    2  -26   -4 -134 -129   -4  -24 -127 -148  -20    0 -115    3   -9 -112 -136 -141   -1    8 -116    0

Now it's like one the SAT test questions. What is the corelation.

All extracted in plain Autolisp. -David

News:

Author Topic: Any encryption crackers? <challenge> (Read 13220 times)

Ron Heigh

Ron Heigh

Ron Heigh