Valhalla Legends Forums Archive | General Programming | Chat Encrpytion

AuthorMessageTime
o.OV
I would like to add Encryption and Decryption capabilities to my bot.

So far I have only been only to cover two areas.

Hex and Base64

Hex isnt even really an encryption but I included it anyways since people like talking in Hex so much.

I have tried looking up documentation for ArdEnc.DLL and X-Base64 but couldn't find any good reference to those two.
I am also interested in ZDS' encryption and I plan on looking into it soon.
January 22, 2004, 12:21 AM
iago
Try looking them up on www.faqs.org. Most standards have RFC's of some sort stored there.
January 22, 2004, 1:23 AM
Arta
Base64 isn't encryption either.

Creating a simple cypher yourself isn't particularly difficult. The most common way is to use XOR, since that can use the same routine to decrypt as encrypt - beware though, it's trivial to break.

[code]
void XORCypher(char *Text, unsigned char Key)
{
while(*Text)
{
Text ^= Key;
Text++;
}
}
[/code]

More simple encryption can be accomplished by using maths that is reversible. In it's simplest form, something like this:

e = p + k;

therefore:

p = e - k;

example:

5 = 2 + 3
2 = 5 - 3

Where e is your encrypted charater, p is your plain character, and k is your key. You can use any of the basic operators (+-*/) in this manner, and can combine them. Without delving into the more complicated maths of DES and RSA (which I don't really understand) this is your best bet. Other than finding some library that implements strong encryption and using that.

FYI, I've used ARDenc in a bot of mine and it works excellently. If you want strong encryption, I think you should try harder to get that working.
January 22, 2004, 8:53 AM
ObsidianWolf
What Language are you looking for information on? I have a encrypt/decrypt function in vb thats pretty simple and its made more secure the longer the key is. Is this a bot related question?
January 24, 2004, 5:11 AM
ObsidianWolf
The VB way
[code]
Public Function Crypt(inp, key As String) As String
Dim Sbox(0 To 255) As Long
Dim Sbox2(0 To 255) As Long
Dim j As Long, i As Long, t As Double
Dim K As Long, temp As Long, Outp As String

For i = 0 To 255
Sbox(i) = i
Next i

j = 1
For i = 0 To 255
If j > Len(key) Then j = 1
Sbox2(i) = Asc(Mid(key, j, 1))
j = j + 1
Next i

j = 0
For i = 0 To 255
j = (j + Sbox(i) + Sbox2(i)) Mod 256
temp = Sbox(i)
Sbox(i) = Sbox(j)
Sbox(j) = temp
Next i

i = 0
j = 0
For x = 1 To Len(inp)
i = (i + 1) Mod 256
j = (j + Sbox(i)) Mod 256
temp = Sbox(i)
Sbox(i) = Sbox(j)
Sbox(j) = temp
t = (Sbox(i) + Sbox(j)) Mod 256
K = Sbox(t)
Outp = Outp + Chr(Asc(Mid(inp, x, 1)) Xor K)
Next x
Crypt = Outp
End Function
[/code]

January 24, 2004, 6:33 AM
j0k3r
How secure is that now that you've posted it on a forum for hundreds (if not thousands) of people to see?
January 24, 2004, 12:55 PM
Adron
It looks like some rc-, maybe rc4 or something similar. If it is a valid implementation of that, it should be no less secure because of his posting it.
January 24, 2004, 1:33 PM
Grok
[quote author=j0k3r link=board=5;threadid=4836;start=0#msg40892 date=1074948912]
How secure is that now that you've posted it on a forum for hundreds (if not thousands) of people to see?
[/quote]

Quotes from "Applied Cryptography" by Bruce Schneier:

[quote]"If I take a letter, lock it in a safe, and hide the safe somewhere in New York ... and then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and the world's best safecrackers can study the locking mechanism....and you still can't open the safe and read the letter, that's security."[/quote]

[quote]"One of the fundamental axioms of cryptography is that the enemy is in full possession of the details of the algorithm and lacks only the specific key used in the encryption. While this is not always true in real-world cryptanalysis, it is always true in academic cryptanalysis; and it's a good assumption to make in real-world cryptanalysis. If others can't break an algorithm eevn with knowledge of how it works, then they certainly won't be able to break it without that knowledge.
"Those who claim to have an unbreakable cipher simply because they can't break it area either geniuses are fools. Unfortunately, there are more of the latter in the world. Beware of people who extol the virtues of their algorithms, but refuse to make them public; trusting their algorithms is like trusting snake oil."
"On the other hand, a good algorithm can be made public without worry. You can send it to your adversaries, publish it in a magazine, or shout it from the rooftops. It doesn't matter; even the designer of the algorithm can't decrypt messages without the key."
"Good cryptographers rely on peer review to separate the good algorithms from the bad."[/quote]
January 24, 2004, 3:48 PM
j0k3r
That came out much like a flame, didn't intend it to. I know nothing about cryptography or how it works(google time), but thanks for explaining the underlying concepts Grok.
January 24, 2004, 5:04 PM
gosumoo
i think that doing base64 on a bot is useless because people have to add something in front of it such as æ <-- what most people use and it defeats the purpose of the actual encryption...
January 29, 2004, 12:42 PM
Arta
Base64 is NOT encryption.
January 29, 2004, 1:19 PM
MrRaza
[quote author=Arta[vL] link=board=5;threadid=4836;start=0#msg41646 date=1075382381]
Base64 is NOT encryption.
[/quote]

I enjoyed how you said that, without giving any explanation on what it is. Maybe you'd better edit it or reply... hmmm
January 29, 2004, 6:07 PM
iago
[quote author=Arta[vL] link=board=5;threadid=4836;start=0#msg41646 date=1075382381]
Base64 is NOT encryption.
[/quote]

Technically, it is. It's just not good or useful encryption!
January 29, 2004, 6:46 PM
Kp
[quote author=iago link=board=5;threadid=4836;start=0#msg41691 date=1075401980]Technically, it is. It's just not good or useful encryption![/quote]

From the definition of encryption as I understand it, base64 is not encryption - it's an encoding. Yoni covered this in more detail in another thread.
January 29, 2004, 8:02 PM
Grok
Technically it is NOT encryption.

As I pointed out earlier, something is securely encrypted if you can give away the algorithm, and the encrypted message, and nobody can recover the plaintext.
January 29, 2004, 9:21 PM
iago
[quote author=Grok link=board=5;threadid=4836;start=0#msg41710 date=1075411318]
Technically it is NOT encryption.

As I pointed out earlier, something is securely encrypted if you can give away the algorithm, and the encrypted message, and nobody can recover the plaintext.
[/quote]
I didn't say securely encrypted. But I agree with you and kp - I don't know the difference between encryption and encoding, but I guess this is exactly it :)
January 29, 2004, 10:06 PM
Arta
[quote author=MrRaza link=board=5;threadid=4836;start=0#msg41684 date=1075399659]
[quote author=Arta[vL] link=board=5;threadid=4836;start=0#msg41646 date=1075382381]
Base64 is NOT encryption.
[/quote]

I enjoyed how you said that, without giving any explanation on what it is. Maybe you'd better edit it or reply... hmmm
[/quote]

Base64 is an encoding algorithm used to encode data for transmission in printable format. It is used where non-printable characters could cause problems, the most obvious example being email attachments. Its purpose was never to obfuscate data.
January 30, 2004, 11:34 AM
ObsidianWolf
Any that wish to further argue that Base64 is Encryption should become more aquinted with Google.

http://www.robertgraham.com/tools/base64coder.html

A method of encoding binary data within text. If you'll remember, binary data is a full 8-bits per byte, whereas text uses a little more than 6 bits per byte. A 6-bit number has 64 combinations, hence the term "BASE64".

The way it works is that every three 8-bit bytes are stored in four 6-bit characters, where the characters are in the range [A-Z][a-z][0-9][+/]. (Count 'em up; that's 64 total characters). Since this doesn't exactly line up, pad characters of [=] are used at the very end.

January 31, 2004, 12:43 AM
iago
[quote author=ObsidianWolf link=board=5;threadid=4836;start=15#msg41901 date=1075509794]
Any that wish to further argue that Base64 is Encryption should become more aquinted with Google.

http://www.robertgraham.com/tools/base64coder.html

A method of encoding binary data within text. If you'll remember, binary data is a full 8-bits per byte, whereas text uses a little more than 6 bits per byte. A 6-bit number has 64 combinations, hence the term "BASE64".

The way it works is that every three 8-bit bytes are stored in four 6-bit characters, where the characters are in the range [A-Z][a-z][0-9][+/]. (Count 'em up; that's 64 total characters). Since this doesn't exactly line up, pad characters of [=] are used at the very end.
[/quote]

....... I don't see what that has to do with anything about it being encryption/encoding/etc?
January 31, 2004, 4:18 AM
Tuberload
I see it as an argument to why BASE64 is not encryption...
January 31, 2004, 5:51 AM
Adron
It's bad encryption or ok encoding...

Adding 1 to every character is encryption, bad encryption.

Base64 wasn't designed to be good encryption.
January 31, 2004, 11:07 AM
o.OV
Eh.. I forgot all about this thread..
You are right.
It is an encoding for data transport through the TCP layer..
Bad wording on my part.

I did manage to develop my own um.. Encryption/Encoding
(I'm not really sure which word to use..)
the same night I posted this thread.
(It doesn't meet the standards as stated in the quote Grok made.)

It is seeded by a random number..
and was made so it can be Decrypted/Decoded by the reciever with no key.
If the person had knowledge of the algorithm I used..
then they could decypt it as well.
I just wanted to see if I could make one.
It took a while for me to iron out a few equations..
but I managed.
March 1, 2004, 10:36 AM
Adron
Base64 isn't for transport through TCP, TCP can handle 8-bit data just fine. It's for transport over channels that don't accept all data such as e-mail, forums, that kind of thing.
March 1, 2004, 8:32 PM
iago
Let me guess, it adds the random number, mod255, to the character, then puts the random number at either the beginning or end of the character stream?
March 5, 2004, 4:51 PM
Yoni
[quote author=Kp link=board=5;threadid=4836;start=0#msg41704 date=1075406577]
From the definition of encryption as I understand it, base64 is not encryption - it's an encoding. Yoni covered this in more detail in another thread.
[/quote]
Hmm, I didn't remember that, but I searched the forum and you're right. :)

[quote author=Yoni link=board=22;threadid=4402;start=0#msg37124 date=1072395686]
Hash(Base64 of password) and Hash(Plaintext password) are equally secure. If all you're going to do is calculate a hash, encoding as base64 is unnecessary. See also St0rm's post.

Base64 by itself offers zero security. Its purpose is not security. Its purpose is to encode any data to a form that contains only printable characters, with an overhead of only 33% (as opposed to, for example, an overhead of 100% with encoding as Hex).
[/quote]

And to prevent this post from being useless I will comment on the new posts in this thread as well.

If your encryption is similar to what iago stated (which sounds correct by your post), then you have an encoding algorithm where the encryption is random (using a key), but the decryption is constant (since the key is inside the message).
In Grok's analogy, that's like putting the letter inside the safe, locking the safe, and leaving the key in the keyhole. The security is once again through obscurity, which isn't security.

If you want to turn it into "real" encryption (maybe bad encryption, but still real), all you have to do is modify it so that the key isn't included in the encrypted message.
March 7, 2004, 6:20 PM
iago
It's not quite like leaving the key in the lock. It's more like locking a letter in a room and putting the key under the welcome mat. It's not glaring at you, but with a little searching it would be fairly easy to find.

Make the client automatically BF the key, there's a 1/255 of getting it right :)

Or use progressive encryption, change the key each time in a random way that only your clients know. You still have to find a way to hide it, though :)
March 7, 2004, 6:32 PM
St0rm.iD
Whisper the key to everyone?
March 7, 2004, 6:37 PM
Grok
While we are giving analogies, I see "Encoding" as more like pulling the door shut until it latches. Anyone who knows how to turn the doorknob can unlatch it and walk in.
March 7, 2004, 6:38 PM
iago
[quote author=Grok link=board=5;threadid=4836;start=15#msg48102 date=1078684717]
While we are giving analogies, I see "Encoding" as more like pulling the door shut until it latches. Anyone who knows how to turn the doorknob can unlatch it and walk in.
[/quote]

It's more like that box with the triangle, circle, and square on the top and the blocks that match the shapes. It takes some level as skill, but anybody with even a little experience could recognize and defeat it.

Incidentally, I saw a kid actually have trouble with one of those, which amazed me. I wonder if I ever tried to jam the square through the triangle then give up?
March 7, 2004, 8:39 PM
crashtestdummy
Didn't DM have an encrypted chat on his bot? Was a while back though...
And my daughter kicks ass at those boxes. Got her one with 6 sides, the sides to put the blocks in are all different colors ..oh well
March 8, 2004, 1:39 AM

Search