Re-Visiting String Encryption

Started by G_G, October 07, 2012, 01:22:24 am

Previous topic - Next topic

G_G

Some of you may remember this. I do. I wanted to visit string encryption some more. I've definitely put some work into this one. This is a reversable string encryption method I've created. Which means you can put in a string, encrypt it with a password, and then decrypt it as long as you have said password. Anyways, I wanted to share my progress with you. I'm still trying to improve it, but I think I've done a pretty good job at masking the original string.

Fun Fact: Back when I managed Decisive Media with Branden, I used a similar method to encrypt Achievement Codes so people couldn't exploit the system into getting every achievement. I based this new one around this and improved on it.

What I'm basically doing is mixing characters together, using factors to decide which character to use, to pretty much mask the original input. The password that gets passed to the method is used to help mask the original string. Each character in the password is used as a factor to to decide which character to use as a mask. So if you try to decrypt a string with a different given password, it's just going to output gibberish. Along with a password, there are two numbers that are also used as a factor. Both these numbers get changed after each character is masked, which prevents consecutive characters from having the same mask. For example, "Hello", the two l's will have different masks, increasing the security. Then of course, each character in the original string is used as a deciding factor as well.

With these factors, characters are chosen from one of two strings which contain a list of characters. Which get mixed together to produce an end result. To try and strengthen encryption even more, I added an extra parameter. You have the option to pass an integer to the encryption method. This parameter is used to mask the length of the original string. For example, say you passed "Hello", which is five characters, you can pass an integer, let's say "32". The output will be 32 characters long and no one would even guess it'd be hello. However, if the integer you pass is less than the number of characters, it pretty much gets ignored. To show an example, here's an input and output. Notice how the password is one character off from the original, the string looks nothing like the original.

Encrypting:
Input: apple
Password: granny smith
Output Length: 16
Output: tnE3 BaN+f& ]7Jc

Decrypting:
Input: tnE3 BaN+f& ]7Jc
Password: granny smit
Output: brspj)*+,-./0123


Now onto the download. I only have a runnable application this time. Didn't want to take the time to port it to PHP. Download

It's pretty difficult to decode the output without the password. In order to do it, you'd need the two unique strings and two unique numbers to start. And even with these, the encryption method itself is still hidden. I think I've created a pretty solid system here. So with this, I leave a challenge. More specifically for ForeverZer0 (but anyone can try it). Only because he decompiled my program from my previous encryption method last time. xD Oh and I've learned from last time. I've obfuscated the hell out of this thing. I've only examined it in .NET Reflector but everything is pretty hidden.

Input: Hello world!
Output Length: 32
Output: eZ4H:<f]9/pj{SqDo9xS&mA`e5G8L#CV

The goal is to figure out the password. This is pretty damn near impossible to do without knowing any of the variables I used. It wouldn't be very fair if I kept those hidden, so here.

String1 = "! #$%&()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~"
String2 = "f^jAE]okIOzU[2&q1{3`h5w_794p@6s8?BgP>dFV=m D<TcS%Ze|r:lGK/uCy.Jx)HiQ!#$~(;Lt-R}Ma,NvW+Ynb*0X"
Integer1 = 1.75 // I know it's "technically" not an integer
Integer2 = 3


Simply changing any one of these variables produces an entirely new output. Props to whomever successfully finds the password. If someone manages to get it (which I'm actually hoping someone does) it just means I need to improve the method even more. And even if someone doesn't I'm still going to try to improve it as much as possible.

Ryex

I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

Blizzard

I knew that this system sounded familiar, I just couldn't remember the name.
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

G_G

October 07, 2012, 09:49:55 am #3 Last Edit: October 07, 2012, 01:21:08 pm by gameus
Pretty much, but it's done differently than yours. Quite different actually. Considering your output consists completely of integers. Plus, consecutive characters get the same number. And to top it off, mine can keep the original input's length unless defined otherwise.
"Hello"
"97 64 182 182 35"
Mine applies several different factors to prevent that. I'm not trying to make mine sound better than yours or anything, so I hope you don't take it that way. It's a very flexible method. I may release the method for people to look at.

Blizzard

I just realized I haven't leveled you up for this yet. *levels up*
Check out Daygames and our games:

King of Booze 2      King of Booze: Never Ever
Drinking Game for Android      Never have I ever for Android
Drinking Game for iOS      Never have I ever for iOS


Quote from: winkioI do not speak to bricks, either as individuals or in wall form.

Quote from: Barney StinsonWhen I get sad, I stop being sad and be awesome instead. True story.

Ryex

October 07, 2012, 02:56:11 pm #5 Last Edit: October 07, 2012, 03:07:46 pm by Ryex
ho! no your system is better than mine by a mile. mine only works with ASCII and it heavily utilized ruby's inbuilt rand function (with a seed of course) the only thing good is that it's cyclic and reseeds the random based of the previously encrypted parts of the message. which is one way you could improve your system.

as for the out put as numbers, technically it outputs in raw ASCII the think is that it can sometimes get mapped to the null character which causes problems in transportation. the numbers are ASCII values
I no longer keep up with posts in the forum very well. If you have a question or comment, about my work, or in general I welcome PM's. if you make a post in one of my threads and I don't reply with in a day or two feel free to PM me and point it out to me.<br /><br />DropBox, the best free file syncing service there is.<br />

G_G

@Blizz: Thanks. :3

@Ryex: That's a pretty good idea. I'll definitely try to implement that into it.