Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Personal crypting algorithm

by wog (Curate)
on Nov 05, 2001 at 01:36 UTC ( #123226=note: print w/ replies, xml ) Need Help??


in reply to Personal crypting algorithm

On code:

  • Please use strict and warnings. It will save you time in the future.
  • chr($key2) does nothing since you're discarding its value; using warnings would tell you this.
  • @cles = split(//, $key); foreach $key2(@cles) { chr($key2); push(@key3, $key2); }
    is the same as:
    @key3 = split(//, $key);
    (given that you don't use @cles latter on).
  • You should try to make this into a module that can be used. perlnewmod has some instructions on how to do this (in your case, you probably should just ignore the upload-to-CPAN part for now.)
  • You could write your code to have a lot less variables that are used twice and then thrown away.

On purpose:

  • CPAN has many modules for en/decryption. These modules implement algorithms that are better then yours, in terms of how easy breaking a message is likely to be. (It looks to me like yours has signifigant vunerablities, mainly deriving from the join("1", @key3) and possibly also deriving from mathematically properties of the result of an xor'ing data, uuencoding it, and then xor'ing it the same way. Your algorithm is probably also vunerable to a brute-force attack.)


Comment on Re: Personal crypting algorithm
Select or Download Code
Re: Re: Personal crypting algorithm
by Asmo (Monk) on Nov 05, 2001 at 01:56 UTC
    Ok, thanks for your advice.

    I've seen a 3-line version of the RSA encryption algorithm (a little bit obfusctaed). Do you think i should use it ?

    Thx

    Asmo
      Don't use an obfuscated version of RSA, whatever you do. There are all kinds of issues like blocking, padding, and key management that are likely to get swept under the rug if someone's trying to cram RSA into three lines. If you need public key encryption, you can grab Crypt::RSA -- it's pretty nice, once you manage to get Math::Pari to install... There are plenty of other good crypto modules out there, too.

      I agree with wog's comments. UUencode is a bad idea; it adds extra redundancy to the message (for instance, setting the first character to a value determined by the length of the message), which helps a cryptanalyst. Another problem is that only the first 2*length($key)-1 bytes of the message are protected by the key in any way. If someone tries to put a larger message into it, part of the message will be obscured but easily recoverable.

      Also, your tr/// replacement string contains the letter c twice, so you won't always be able to decrypt the message properly.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://123226]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (11)
As of 2014-12-28 02:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (178 votes), past polls