Cool Encrypter/Decypter

Discussion in 'privacy technology' started by jeffsbaker, Jun 6, 2006.

Thread Status:
Not open for further replies.
  1. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Cool Encrypter/Decrypter is used to send free encrypted messages to your friends. It encrypts the message right before your eyes with a cool display like in spy movies. The "key" is like a password. It is any combination of letters, numbers, symbols and words that you and your friend have agreed to use to encrypt and decrypt the message. No one will be able to decipher the message without the key you used to encode the message. The key can be up to 20 characters long.

    http://www.seabreezecomputers.com/encrypter/
     
  2. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi, i've just tried it and it worked perfectly online for me. It seems like a neat solution, and very easy to use too, much faster etc than using any dedicated program.

    I presume it's utilising the local 128 bit encryption built into in our PC's ? as i downloaded the webpage and used it offline, and it still worked exactly as above.

    The online version would be great for anyone, but in particular travellers etc, as long as the PC's at those locations can be trusted of course.

    Thanks for providing the facility.


    StevieO
     
  3. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    That's the weakest encryption algorithm i've ever seen - takes me less than 10 sec to decrypt encrypted text messages. Fazit: Completely useless and unsecure.
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Inspector Clouseau

    Less than 10 seconds, you're slowing down, must be the change in climate lol.

    Seriously though, this is worrying, as i presumed it was using the same local 128 bit encryption used for SSL transactions etc. Maybe this is Not the case after all ? Can you tell us what encryption/bit strength etc is being used and how it is accomplished within the page, whether online or offline ?

    I imagine that utilising the inbuilt local 128 bit encryption wouldn't be such a bad idea ?

    Thanks

    StevieO
     
  5. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Right click and make a View Source... But hold your coffeecup proper, it might fall down.

    Even if you do not understand anything about encryption/decryption you can easily try this out as follows:

    Enter AAABBB as text for encryption and enter 111111 as password. You will see that it results with KKKLLL. Now lets take a closer look: the character B follows after A and the resulting L follows also after K.

    To give you some example how to brute force this:

    Usually a normal text contains a lot of "e" and "a". now you count all the different characters and pick the highest number of the detected characters in the encrypted text and ASSUME that this would be one of the most used characters "e" or "a". Then you calculate the difference between the encrypted and the unecrypted characters. There you have already the first start for bruteforcing this.
     
  6. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Oh and to answer your question, basically it substracts only the index of the password key when the output character is still in a printable range. So basically if someone uploads and encrypts a known text (such as a license agreement) i'm even able to tell you the used password for this encryption and this is not even magic - it's just so simple that it doesn't even make any sense to waste more time with discussion on this.
     
  7. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Wow, what a great algorithm. We had rot13 but this guy made rot12, rot14, rot15, rot16, rot17, etc. Why didn't anyone think of that before? :D
     
  8. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    [​IMG]
     
  9. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Wow, that is cool that you can decrypt a message in 10 seconds. Can you decrypt this message, tell us the key, and then tell us how you did it?

    0W' upr& xsxy}#83 ~r{v atr"v{tv Y#~{q" o} %v ~r( #| qv$rq% ~zvw }r #vo rz}v {" vu" zypxt!y' o" Oouq% ^'&ws"9 0vuwp z' {|rv|s"vw, '("m{uo~ 'sr" s|'#vszx $y{uv "us wu!o "x !oz p}!xu t!*w|"; eo %""}v "}" qo|q 'z t#"qqv&o "yp 'z{|s" 'ruts r&w "qnzv' ~p%w u}yz}x|}ltw' }r r(s!'p!uw< Us 'o o""}v xz' |%~ {w !ys( 'u{ry% yl!v {| tn|n8 yz)w& }$r" ~tz~ x&wo" pw~'= rv"(z' !sw{)p 'zw "{|t}8 ryu $ws| v| k" 'sv %)sq! $ru!r& +zwou o|q xzz"y }z9 $rq &!%s"uq p}szttuw"qq": ~tv {}s"|u{u}8 'sv u&}!";z#%{"'w#8 #vo %"yuw&t#y qrmzy& #x s$r|~!= $"&}wzt $r~""xz yszr"k"zz!> s|p yskpzyx (# $tr {y!' z((&s ~r#!x'~= {( '{$zn yrvv s~z rvq~u"y *{(v u## m{!#v"(w{{ovu'tv' s|p s}|q&pv" u}zpz!!zz!' !}!# #~m}p r"v %z}"yrz!rt~s:/
     
    Last edited: Jun 7, 2006
  10. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Well, since no one has replied to my message, I guess it is harder to brute force attack the encrypted message then was previously stated.

    However the encryption method is a little weak. If you use a short key someone could figure it out in a few hours or so. However it is harder with a longer key. If anyone wants to know the key I used to encrypt the above message let me know and I will post it. You will have to go to a site with the old encryption method though. I recently changed it. You can go to the regular site at http://www.seabreezecomputers.com/encrypter/ and it will pop up with a message with a link to the old encryption method. Or you can go to: http://www.seabreezecomputers.com/encrypter/encrypt2.htm for the old method.

    The old method is weaker because it only encrypts each character by a difference of up to 10 characters. The new method will encrypt each character by a difference of up to 80 characters.

    If someone could look at it and tell me if it is easy to break the code, that would be great. The javascript code is right there. So it is easy to tell what it does. But how long do you think it would take to brute force an encrypted message with a key of 6 or 7 characters in length?
     
  11. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    My friend, i hope you are not joking.
     
  12. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    No I am not joking. I would like to know if anyone has any suggestions or feedback.
     
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    is this a vigenere cipher?
     
  14. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i hadn't really thought about cryptography for awhile now. but, this thread has got me thinking about it agin :cool: it's a great subject to learn! i'd like one of the experts to say whether the cipertext in post #9 can be decipered.

    if it is the vigenere cipher then it's obviously very weak and the only thing which will stop any of the experts decipering it is the time needed to do it and maybe there not being enough cipertext to work with. :doubt:

    this is how i'd deciper it -

    1, look for repetitions within the cipertext like these
    zz!
    "qq

    i think these repetitions are the same plaintext letters encipered by the same sequence of the key

    2, count the spaces between the repetitions and find a number which is divisible of all the spaces found. that will give you the key length.

    3, break up the ciper text so each letter of the key has all its corresponding cipertext letters.

    4, use frequence analysis for each letter from within the key to find which letters are which. then you have the key. :cool:

    i noticed each letter is shifted 9 places when encrypted.

    that's how i think it works. i had a quick look in my book to check how Babbage did it and it's something similar to that. i'm going to start learning abit more about cryptography
     
  15. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    The algorithm for the encryption in the sourcecode of the page didn't seem all that complicated.
     
  16. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Very good analysis of the encryption scheme. You are right, it is very similar to the Vigenère cipher. I would like an expert to look at post #9 and see if it can be deciphered also. However, that message was encrypted with the old method, which only encrypts the message by shifting the characters up to 10 times depending on the character in the key. So it should be easy to figure out.

    I changed the algorithm recently, so that now it shifts each character by a difference of up to 80 times. The Vigenère cipher uses 26 different possible characters for the key (each letter of an uppercase alphabet). My new algorithm now uses numbers, uppercase letters, lowercase letters and symbols to encrypt the message. 80 different possibilities in all. It cycles through each character in the key similar to the Vigenère cipher.

    If you would like, I can post a longer encrypted message using the new algorithm and see if it can be deciphered.

    Jeff
     
  17. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, adding more charactors will make it less lightly the same cleartext letters will be encrypted by the same part of the key, but it doesn't change that much - any repertition in the cipertext will make decipering the text very, very easy! if the same key is used over and over then there will definately be repetition!

    it's as trival as being able to count - that's as difficult as it gets. i'm not very good at explianing it but when there's repetition you can find the key length, at that point the extra charactors mean nothing because you can then use frequency analysis just as if it was a Caesaren shift ciper.

    i still think what you have done it pretty cool, but it's an obsolete ciper.
     
  18. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Thank you for the feedback. I made up this encrypter without doing any research on encryption. I just wanted to make something up on my own. I mainly made it because I wanted to see the cool display while encrypting and dycrypting.

    I know the text can possibly be deciphered without the key if someone used a simple key. But it still seems like it would take many years to decipher if a person used a complicated key. And I think that everyone that wants to keep something secure would use a complicated key.
     
  19. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i think i was wrong when i said - "adding more charactors will make it less lightly the same cleartext letters will be encrypted by the same part of the key" it makes no difference!

    using a longer key makes it more secure, but it won't ever take "many years" to deciper a cipertext with your web page (vigenere cipher) - it either can be decipered (which is most of the time) in about an hour, or it can't be.

    what you are using is the vigenere cipher, adding to it like you have, i'm almost certain, makes no difference - it's still the vigenere cipher.

    have alook at how you can break it, it can be learned in about 5 minutes. that's all i have done.
     
  20. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Well, you see, I have looked at how you can break the Vigenère cipher. It is harder to break when you add 3 times as many possible characters to the key. I still haven't seen how you can break this encryption in an hour with a good key though. It may be possible, but I haven't seen it.

    What do you mean when you say "it either can be decipered (which is most of the time) in about an hour, or it can't be"?

    Jeff
     
  21. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    sorry, i should have used quotes. i was talking about this -
    i think you can either decipher it very quickly if there's repetition in the ciphertext, or it can't be deciphered at all (if there's isn't repetition). it shouldn't take years

    i would say i'll decipher post#9 but i think what would take someone who knows what they're doing an hour or so would take me a year or so lol.
     
  22. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Yes, I understand what you are saying. I wish an expert would try to decipher it also. Of course post #9 is encrypted with only 10 possible characters, so it should be easy to decipher. My new algorithm uses 80 different possibilities. So really it should be much harder to decipher then the Vigenère cipher because there would be less of a possibility of repetition in the ciphertext. (Less possibility of a repeat of the same phrase being encrypted with the same part of the key if you use a key with numbers, symbols, uppercase and lowercase letters.)

    Jeff
     
  23. bontchev

    bontchev AV Expert

    Joined:
    Nov 13, 2005
    Posts:
    38
    Buddy, go read the Cryptography FAQ. Pay particular attention to question 2.3.

    To make long story short, until you have successfully broken several non-trivial ciphers (i.e., not like the ones you've presented here), have published your results and have gained the acknowledgement of the community of crypto professionals, you are not qualified to invent new ciphers. Doing so serves only to waste the time of those of us who know better and to give a false sense of security to those of us who do not - i.e., is being generally harmful.

    Regards,
    Vesselin
     
  24. Genady Prishnikov

    Genady Prishnikov Registered Member

    Joined:
    Mar 9, 2006
    Posts:
    350
    Amen. Thank you.
     
  25. jeffsbaker

    jeffsbaker Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    12
    Sorry for wasting your time. I thought it would be ok to discuss it here. By the way, I read the Crptography FAQ and I am doing what it said:

    I did show everyone a link to the web page with the algorithm and told them to view the source and they can see the algorithm. In fact many people looked at it.

    I did try to break the algorithm. That is what led me to make it better. I also studied how others broke similar cipher algorithms.

    Right there in paragraph's 5 and 6 it is implying that you don't have to be an expert to post your encryption method and ask for comments from experts and others.

    Jeff
     
Loading...
Thread Status:
Not open for further replies.