laziness, impatience, and hubris PerlMonks

### Personal crypting algorithm

by Asmo (Monk)
 on Nov 05, 2001 at 00:59 UTC Need Help??
 Category: Cryptography Author/Contact Info Asmo - asmo@mail.be - www.chez.com/xasmox (site in french) Description: This is my first package. It seems to work fine ;) It's some sort of personal encryption algorithm that uses XOR, pack, tr, and some weird key transformations. To use it : require 'asmocript.pl'; AsmoCrypt::acrypt(\$sentence,\$key); to crypt a sentence and AsmoCrypt::adecrypt(\$sentence,\$key); to uncrypt a crypted sentence. I apologize for my bad english ;) Asmo ```package AsmoCrypt; BEGIN { } sub acrypt { \$phrase = shift(@_); \$key = shift(@_); @cles = split(//, \$key); foreach \$key2(@cles) { chr(\$key2); push(@key3, \$key2); } \$lastkey = join("1", @key3); \$phrase = \$phrase ^ \$lastkey; \$phrase2 = pack("u", "\$phrase"); \$phrase2 =~ tr /0123456789`\;\$=&:!<>,@%\'-\"?/asmoeturlzxicndpqhcfg +vwkyj/; \$result = \$phrase2 ^ \$lastkey; print \$result; } return 1; sub adecrypt { \$phrase = shift(@_); \$key = shift(@_);; @cles = split(//, \$key); foreach \$key2(@cles) { chr(\$key2); push(@key3, \$key2); } \$lastkey = join("1", @key3); \$phrase2 = \$phrase ^ \$lastkey; \$phrase2 =~ tr /asmoeturlzxicndpqhcfgvwkyj/0123456789`\;\$=&:!<>,@%\ +'-\"?/; \$phrase3 = unpack("u", "\$phrase2"); \$result = \$phrase3 ^ \$lastkey; print \$result; } END { } ```
Replies are listed 'Best First'.
Re: Personal crypting algorithm
by wog (Curate) on Nov 05, 2001 at 01:36 UTC
On code:

• Please use strict and warnings. It will save you time in the future.
• chr(\$key2) does nothing since you're discarding its value; using warnings would tell you this.
• ```@cles = split(//, \$key);
foreach \$key2(@cles)
{
chr(\$key2); push(@key3, \$key2);
}
is the same as:
```@key3 = split(//, \$key);
(given that you don't use @cles latter on).
• You should try to make this into a module that can be used. perlnewmod has some instructions on how to do this (in your case, you probably should just ignore the upload-to-CPAN part for now.)
• You could write your code to have a lot less variables that are used twice and then thrown away.

On purpose:

• CPAN has many modules for en/decryption. These modules implement algorithms that are better then yours, in terms of how easy breaking a message is likely to be. (It looks to me like yours has signifigant vunerablities, mainly deriving from the join("1", @key3) and possibly also deriving from mathematically properties of the result of an xor'ing data, uuencoding it, and then xor'ing it the same way. Your algorithm is probably also vunerable to a brute-force attack.)

I've seen a 3-line version of the RSA encryption algorithm (a little bit obfusctaed). Do you think i should use it ?

Thx

Asmo
Don't use an obfuscated version of RSA, whatever you do. There are all kinds of issues like blocking, padding, and key management that are likely to get swept under the rug if someone's trying to cram RSA into three lines. If you need public key encryption, you can grab Crypt::RSA -- it's pretty nice, once you manage to get Math::Pari to install... There are plenty of other good crypto modules out there, too.

I agree with wog's comments. UUencode is a bad idea; it adds extra redundancy to the message (for instance, setting the first character to a value determined by the length of the message), which helps a cryptanalyst. Another problem is that only the first 2*length(\$key)-1 bytes of the message are protected by the key in any way. If someone tries to put a larger message into it, part of the message will be obscured but easily recoverable.

Also, your tr/// replacement string contains the letter c twice, so you won't always be able to decrypt the message properly.

Re: Personal crypting algorithm
by premchai21 (Curate) on Nov 05, 2001 at 22:39 UTC
Don't print the results. Returning them instead is a much better idea. What if the caller doesn't want the encrypted / decrypted string printed, but instead wants to do something else with it? Sure, they could do something obfuscated like tie STDOUT so its output goes into a variable, but the idea here (assuming this is not for obfuscation) is to not require the caller to do things like that.
well; then you just have to change print \$result; with \$_ = \$result; I suppose... But i don't know how the \$_ variable is handled with packages (yeah it's my first one) so, if you could tell me if it's the right way to re use the encrypted string...

thx

Asmo
Er... no. return \$result; Then, caller could do (after importing the functions) \$ciphertext = acrypt(\$plaintext, \$key); (or similarly for adecrypt). See perlvar, perlmod, perlsub.

Create A New User
Node Status?
node history
Node Type: sourcecode [id://123224]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2020-05-31 04:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
Voting Booth?
If programming languages were movie genres, Perl would be:

Results (173 votes). Check out past polls.

Notices?