Where should I ask for help with my naive ideas about cryptography?
2 25 Jun 2017 06:32 by u/yhsvghnrOruGnpverzN
Sometimes I just want to know why some things supposedly work and some things supposedly don't. Other times I'm seriously considering rolling my own weak encryption for fun and learning.
15 comments
3 u/insanitea 25 Jun 2017 08:24
Roll your own and start learning. That's what I did. The legitimate criticism I got from showing it off taught me a bunch about what not to do.
But also expect there to be a bunch of whiners telling you not to based on the assumption that you'll use it for production purposes. Obviously don't do /that/ but especially don't let ego-driven "experts" sit there basically telling you not to learn something.
2 u/Atarian 25 Jun 2017 21:59
There is that. I got exactly the same response. They have a point in the respect that lots of wannabes thinking their encryption is secure fuck up and thousands of individuals lose their data.
Learn, go right ahead, but do the math and the diligence and get your code peer reviewed before implementing it.
1 u/CujoQuarrel 25 Jun 2017 08:36
BTW there is a simple absolutely unbreakable cipher that has been around since forever. Book ciphers.
I wrote a Python version once to learn Python. You make a huge (mine was 4gb) file of random data. Copy it and put it on two computers. To encrypt some text you pick an arbitrary place in the file and search forward from this spot to find an instance of the letter to encrypt (like 'A') . Record the offset is some manner. Continue with the rest of your document and you will end up with a translation of your document to offsets.
Take the file of offsets to the other computer and do the process in reverse (look up the letter at the given offset).
Since there are only two copies of the file in existence the message is absolutely unreadable except by the sender and receiver. There is no form of analysis that can be used to map the offset to a letter since there will be 4,000,000,000,000 (using my 4gb file) different characters representing the 8-bit (one byte) encoded characters. That means approximately 4,000,000,000,000 / 256 symbols representing 'A'. You would be unlikely to ever use the same offset to represent the same letter.
It's absolutely secure but not very flexible.
1 u/RevanProdigalKnight 25 Jun 2017 13:45
No cipher is absolutely unbreakable. The cipher you describe would be as good as unbreakable for messages up to 4GB, but past that there is a chance of repetition. Your random data file would always have to be larger than the message you send in order to be truly secure.
0 u/CujoQuarrel 25 Jun 2017 16:03
4 GB is farkin' huge. That over 4 billion characters. To do a frequency analysis you'd have to have a bunch of repetitions. Your average message is probably less than a thousand characters.
You could also keep track and not reuse an entry but that's probably overkill.
1 u/yhsvghnrOruGnpverzN [OP] 25 Jun 2017 16:31
Right, a one-time-pad only works if you never reuse it.
0 u/yhsvghnrOruGnpverzN [OP] 25 Jun 2017 16:32
I'm currently working out solutions which might fit within a few kilobytes. Thanks though.
0 u/CujoQuarrel 25 Jun 2017 16:52
That method is farking huge is a fact.
0 u/Atarian 25 Jun 2017 21:51
I thought this was a one time pad?
This has one gaping security hole, and that's the entropy used to generate your random data.
It had to be truly cryptographic strength entropy for this to work. Add into this the difficulty of getting the pad to the other computer without sneakernet, and you have something pretty useless.
0 u/MHolinde 26 Jun 2017 02:40
Read the last paragraph clearly. The entropy would be tolerant to a degree. You would use a set of these along with dates-of-use whereby they are different each day and rotate through a few 1000 and I'd say pretty much nobody could break it without quantum.
1 u/CujoQuarrel 26 Jun 2017 05:44
You have to use sneakernet as I said it's not very flexible. I'd also say it's more like a book cypher than a one-time pad unless you did only use each character once. Since I'd say your messages would be so small compared to the 'book' any repeats would happen so irregularly that you would not be able to use frequency methods. Lets face it with 4 billion characters and messages of about 1k I don't think repeats would be likely.
Generating the pad/book has to be random. One of the best I've seen is the way TrueCrypt/Veracrypt does it using random mouse moves. i'd say that that is pretty much random since even if you tried you couldn't repeat the EXACT same mouse gestures. If you aren't familiar with their method you move the mouse all over the screen for several minutes and it uses that as the seed for the generator.
If you were a spy you'd carry your 'key' on a micro SD card till you got into the targeted country. If you got caught infiltrating the country you'd not send the 'I'm OK' back to tell your compatriots that it's safe to send you messages. The messages you receive should be small with things that you are supposed to preform. To get the message to you it could be posted somewhere that you and they know like some obscure web site message boards , like VOAT, that almost no one reads at some fixed time. Or some cat themed message board . Etc.
You could add other obfuscations to the message if you wanted like an offset that is dependent on some other factor such as date but I doubt that it would be needed.
What do other systems use to encode a message where you don't have some form of sneaker net? Since anything sent electronically is vulnerable how to you get the key/decoder to the other party?
0 u/facevalue 25 Jun 2017 06:56
Shoot.
Also, check out the System.Security.Cryptography namespace for .Net, and/or Bouncy Castle for Java.
0 u/hsjdlKSJADHLK2777 25 Jun 2017 08:10
how much math do you know?
1 u/yhsvghnrOruGnpverzN [OP] 25 Jun 2017 21:47
I got to the edge of the swirling vortex of calculus and lost my cookies.
0 u/MHolinde 26 Jun 2017 02:13
This is a very helpful infographic for some people. Depends on your style of learning.
https://visual.ly/community/infographic/technology/bitcoin-infographic