PDA

View Full Version : Encryption



ki4jgt
December 23rd, 2010, 03:15 AM
I have an encryption algorithm Actually, it's a program which encrypts archives of files created with the program. I don't know what to tell my users when they ask how many bits encryption it is. Basically the longer the password is, the more encrypted the file becomes. After the encryption, the program rearranges the encrypted data in a random pattern decided by the password. Both the encryption and the rearangement of data can be MAJORLY influenced by slight differences such as "Battle" and "battle"

jerenept
December 23rd, 2010, 03:27 AM
Sounds interesting.

ve4cib
December 23rd, 2010, 04:11 AM
Could you change your algorithm so that the password is simply a seed used to generate an n-byte key? That's basically how AES works; password + some initial (fixed) value ==> encryption key. That way you could definitively say that your algorithm is n-bytes encryption. You might even be able to just recycle AES' key expansion to suit your purposes.

ki4jgt
December 23rd, 2010, 06:23 AM
I really don't want to change it though, I've been using it to keep my secrets for years. Mainly in notebooks and things but it's still cool :-) Isn't there some kind of math formula which can tell how many bits it is? LOL sorry :-) just curious.

ve4cib
December 23rd, 2010, 09:27 AM
If the length of the password defines the strength of the encryption (i.e. longer password = "more encrypted") then it's a "variable-bit cipher."

Something like AES on the other hand, uses a nice big function to generate a fixed-length key from a password. The entropy of the key should be about the same, regardless of the length of the password, so from an algorithmic perspective there's no real difference between a single-character password and a 10-million character password. Obviously one is easier to guess than the other in terms of brute-force, but if you were to work backwards to extract the password based on a known plaintext and a known ciphertext the length of the inital password doesn't make any difference at all.

cammin
December 23rd, 2010, 10:08 AM
http://en.wikipedia.org/wiki/Password_strength

There's a section about calculating both the entrophy bits of randomly generated and human generated passwords.

Grenage
December 23rd, 2010, 10:21 AM
Is it not likely that, however esoteric it may be, a personal algorithm would take mere minutes or hours to crack, compared with a standardised encryption algorithm such as Twofish?

ve4cib
December 23rd, 2010, 11:27 PM
It really depends. Someone could implement an exceptionally robust encryption algorithm on their own. PGP started off as a little private encryption algorithm back in the 90s after all.

That said it's probably much more likely that this particular algorithm is pretty weak when compared to peer-reviewed algorithms like AES, TwoFish, and the like.

ki4jgt
December 24th, 2010, 06:09 AM
I'm actually going to setup a $20 dollar reward for anyone who can crack it once I get it built. (Provided they can show me how they did it! - and not using Brute force. I have a few more additions I want to add to it than what has been posted here.

EDIT: I'll be using a 100 character password.

Grenage
December 24th, 2010, 09:34 AM
Good call; people love a challenge, and you'd be able to put your encryption to the test. :)