[QUOTE=turby;19660623]Also, any program on *nix with appropriate permissions can read the whole system's memory by reading /dev/mem[/QUOTE]
I didn't say *nix didn't have the same flaws. I was just sticking to Windows because the guy is using VISUAL BASIC
All I have to say is, windwakr is a child and Anthoni_c got owned.
[QUOTE=compwhiziitothemax;19629656]Once again no one is really answering the OP, everyone is just arguing at each other and proving points.[/QUOTE]
That's what happens when someone asks for something that's not even remotely possible.
[QUOTE=phazmatis;19699971]That's what happens when someone asks for something that's not even remotely possible.[/QUOTE]
It's possible; it's just been answered already.
In a nutshell: If there's a need to actually retrieve the passwords (e.g. a password-manager app), use a 2-way cipher and something like PBKDF2 to produce a key for it. If it's only necessary to be able to check whether someone has typed the correct password later, use a 1-way hash function, preferably with salt. In either case, use real, proven cryptographic algorithms; don't make up your own.
One-way hash functions are still within the realm of cryptography. Anything beyond that (trying to keep users from breaking your encryption scheme) is DRM, and that's a whole different ballgame. Every DRM scheme to date has been broken, with the exception of blu-ray, or anything else that relies on trusted computing.
I'm reading up on PBKDF2, but man.. these supposed experts are doing a poor job of explaining how it magically makes DRM hard to crack. ~_-
When did DRM come into this? Christ don't people read threads before they post? At least read the OP.
I'd like to see somebody decode this:
[code]#a5yPVdP{lzsApn?`I92N"W3{mjr\nyeYw4{MthU_|/i-Y/iQ~fMUkuB"C>&cU\h8[/code]
I'll give you fellow crypto fiends a few hints:
CBC + ICM
1 95 character look-up table
42 passes
[QUOTE=Morphology53;19704845]I'd like to see somebody decode this:
[code]#a5yPVdP{lzsApn?`I92N"W3{mjr\nyeYw4{MthU_|/i-Y/iQ~fMUkuB"C>&cU\h8[/code]
I'll give you fellow crypto fiends a few hints:
CBC + ICM
1 95 character look-up table
42 passes[/QUOTE]
Do we get a binary? How about selected text?
[QUOTE=phazmatis;19700737]One-way hash functions are still within the realm of cryptography. Anything beyond that (trying to keep users from breaking your encryption scheme) is DRM[/QUOTE]
No, trying to prevent users from breaking cryptosystems is the ultimate goal of [i]all[/i] cryptographic research.
DRM is a particular application of cryptography that involves putting the decryption key in the user's hands but preventing the user from having control of it. That's essentially futile, which is why DRM schemes get broken. But it's not what's being discussed here.
[QUOTE=Wyzard;19705059]No, trying to prevent users from breaking cryptosystems is the ultimate goal of [i]all[/i] cryptographic research.
DRM is a particular application of cryptography that involves putting the decryption key in the user's hands but preventing the user from having control of it. That's essentially futile, which is why DRM schemes get broken. But it's not what's being discussed here.[/QUOTE]
Well, actually DRM is exactly what the OP wanted. But as said, DRM is futile.
[QUOTE=ShaRose;19705177]Well, actually DRM is exactly what the OP wanted. But as said, DRM is futile.[/QUOTE]
No, the OP didn't want DRM. There are no restrictions on the file, only that it can be read if the right key is entered.
You do all know that DRM stands for Digital Rights Management?
The OP doesn't care how many computers the file is copied to: he just wants to make sure it can only be read with the correct password, something entirely different to the ideas of DRM.
[QUOTE=ShaRose;19704967][QUOTE=Morphology53;19704845]I'd like to see somebody decode this:
[code]#a5yPVdP{lzsApn?`I92N"W3{mjr\nyeYw4{MthU_|/i-Y/iQ~fMUkuB"C>&cU\h8[/code]
I'll give you fellow crypto fiends a few hints:
CBC + ICM
1 95 character look-up table
42 passes[/QUOTE]
Do we get a binary? How about selected text?[/QUOTE]
Javascript implementation of the cipher.
[code]
function CCipher(InV, transtable, thetext, EncTable){
var ENcstr = ""
//IV
var Rotator = InV;
for (var i = 0; i < thetext.length; i++) {
var TransIndex = transtable.indexOf(thetext.charAt(i));
var ENCChar = ""
if ( TransIndex != -1){
for (var m = 0; m < EncTable.length; m++) {
//Generic Rotation
if ( EncTable[m][0] == "ROT" ){
Rotator += EncTable[m][1];
//MOD rotation
} else if ( EncTable[m][0] == "MODROT" ){
if ( i%EncTable[m][1] == EncTable[m][1]-1) {
Rotator += EncTable[m][1];
};
//SIN Rotation
} else if ( EncTable[m][0] == "SIN" ){
if ( Math.abs(Math.ceil(Math.sin(i)))%transtable.length == EncTable[m][1]) {
Rotator += EncTable[m][1];
};
//TAN Rotation
} else if ( EncTable[m][0] == "TAN" ){
if ( Math.abs(Math.ceil(Math.tan(i)))%transtable.length == EncTable[m][1]) {
Rotator += EncTable[m][1];
};
//COS Rotation
} else if ( EncTable[m][0] == "COS" ){
if ( Math.abs(Math.ceil(Math.cos(i)))%transtable.length == EncTable[m][1]) {
Rotator += EncTable[m][1];
};
//POW Rotation
} else if ( EncTable[m][0] == "POW" ){
if ( Math.pow(InV,i)%transtable.length == EncTable[m][1]) {
Rotator += EncTable[m][1];
};
};
};
ENCChar = transtable.charAt( (TransIndex + Rotator)%transtable.length );
//Cipher-block chaining (CBC), Integer Counter Mode (ICM)
Rotator = (Rotator + i)%transtable.length;
} else {
ENCChar = thetext.charAt(i)
};
ENcstr = ENcstr + ENCChar;
};
return ENcstr;
};
[/code]
This is basically Rot13 + Enigma. Main difference being that it uses a Translation table as a reference point, instead of the English Alphabet.
[code]
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!$%&*()\\\"\'?.,:;-=+[]{}/^@~`#_|<> \n";
[/code]
Encryption and decryption are the exact same process, the only thing that needs to be changed is that the Translation table needs to be reversed:
[code]
transtable = transtable.split("");
transtable = transtable.reverse();
transtable = transtable.join("");
[/code]
dont encript it if you understand bytecodes then create your own file type using them by first making its header then changing and encripting if you wish the passes and usernames to its content then make a subrutine that can read the data back into strings and other Datatypes you need it to read but i would really suggest you store the data online in a database (mysql prefered)because then you can make sure no one can reverseenginer the data by figuring out how you encripted it or in the case of a custom file type make a key for that file types byte codes then use that key to translate the file into human readable text.
[QUOTE=jfmherokiller;19711311]dont encript it if you understand bytecodes then create your own file type using them by first making its header then changing and encripting if you wish the passes and usernames to its content then make a subrutine that can read the data back into strings and other Datatypes you need it to read but i would really suggest you store the data online in a database (mysql prefered)because then you can make sure no one can reverseenginer the data by figuring out how you encripted it or in the case of a custom file type make a key for that file types byte codes then use that key to translate the file into human readable text.[/QUOTE]
Wait. You said "encript". And that's one sentence. Holy living shit.
[QUOTE=jfmherokiller;19711311]dont encript it if you understand bytecodes then create your own file type using them by first making its header then changing and encripting if you wish the passes and usernames to its content then make a subrutine that can read the data back into strings and other Datatypes you need it to read but i would really suggest you store the data online in a database (mysql prefered)because then you can make sure no one can reverseenginer the data by figuring out how you encripted it or in the case of a custom file type make a key for that file types byte codes then use that key to translate the file into human readable text.[/QUOTE]
What kind of cipher was used to encrypt your post? It's amazing!
Yeah nevermind, it's not DRM.
But this is not passing the common-sense test, at least in my mind. If the password file can only be decrypted by the program, then the program needs to contain, or have access to, the encryption key. If the program is run on non-trusted computers, then it can be analysed and cracked.
[QUOTE=phazmatis;19761838]Yeah nevermind, it's not DRM.
But this is not passing the common-sense test, at least in my mind. If the password file can only be decrypted by the program, then the program needs to contain, or have access to, the encryption key. If the program is run on non-trusted computers, then it can be analysed and cracked.[/QUOTE]
But it doesn't need to. You validate using user input, which is not part of the program.
[QUOTE=gparent;19762566]But it doesn't need to. You validate using user input, which is not part of the program.[/QUOTE]
Validated against what?
[QUOTE=phazmatis;19781161]Validated against what?[/QUOTE]
"Validate" was the wrong word. You derive the decryption key from user input. That way the program [i]doesn't[/i] need to "contain or have access to it"; you just ask the user to input it whenever it's needed. No need to store it anywhere.
Sorry, you need to Log In to post a reply to this thread.
