DonationCoder.com Software > Older DC Contests and Challenges
"Unconventional Encryption Challenge"
TaoPhoenix:
On a personal level you have picked my interest (in wanting to know how your scheme works, not breaking it).
On a professional level it is likely not that interesting as any method other than the default ones are very hard to sell to (mediocre) management that just want to buy some extra protection for their site/LAN/whatever.
-Shades (March 17, 2012, 06:51 AM)
--- End quote ---
All of my ideas can be automated to be "purchased as additional security". I am just staying Low Level Old School to demonstrate that there is room for innovation that I have not seen covered in the articles.
TaoPhoenix:
And here is the answer to my puzzle!
Supercode 1: Weakened!
1. Go to http://upsideout.com/
1a. Download graphic for Proxy.org
1b. Change File Extension from .gif to Null by deleting the file extension altogether.
1c. Open the Null file in MS Wordpad.
1d. Review open file - lots of junk characters - but here is the magic!
2. Examine the coded message. The 10's are meant to be a Trojan Horse for Binary guesses, but they are actually cumulative batches of 10.
2a. Add up the Batches of 10. The code letters are counted as # of characters from the top of the document. And this is the simple case!
2b. ^ is a deliberate re-use of a symbol, not to be the exponent of anything, but to mean "Approximately this many characters in". I have yet to formalize whether a character count is before or after the character, etc. Also, this covers for human errors. If I say "Approx 6 char in" and the first 8 are total junk and char 9 works, that's part of the theme, though that gets better with software.
2c. Once a character is located, the count starts back at zero. This should work for about any two uses of a letter here and there, because it sorta approximates 3-4 digit numbers per letter, so even if they get a stray L, that can't be that great of a help.
3. Take the next section of code from the beginning again. (In this variant! This was meant to be easy! Relative Counting via software is even better!)
3a. Count out the next batch of 10. Include the possibility that the author miscounted the batches! These are junk boxes, so if you come up way short, call me a moron, add an extra batch, then try again. Formalized again, this kind of thing will beat the Cracker programs because it's outside the algorithm (currently!).
3b. Find the second letter of the code.
4. Assemble the message.
4a. I only did two letters with a purposely easy method. I have almost 30 methods on tap. For example, relative counting, "destructive boxes" which change the letter countings of the data, I don't even have to use a single file, Unknown file locations, unknown data formats produce their own file-junk in Notepad, Trojan Horse Messages that are incorrect seemingly duplicate solutions, and more.
5. Publish the results. The Alpha test went to Justin Schlecter of UpsideOut.com and UpsideOut, Inc., DonationCoder.com, and an extra contact of my own. Method: If a both weakened and partially explained test example cannot be cracked in a trivial amount of time, then hardened versions combined with all the other methods should be a new set of security concepts.
6. Ideas: The power comes from blending multi-disciplinary ideas.
6a. Steganography is the art of including data that is at best meaningless, and even worse, misleads the cracker into a blind alley as a false hint.
6b. Multiplicity (as I term it) is the idea that it's not just a simple-but-tough algorothm; instead the cracker initially doesn't even know all of the techniques to use. So enemy time will be wasted trying to figure out even what methods to use, in what order.
6c. Obfuscation. Any of my internal results can be "wrapped" in a standard Crypto layer, so that even if a chunk of time and comps are used to break the outer layer, the message is still a mess. When modern cracking programs look for a pattern and the "correct answer at that level" is still
wergefrhrthjrewfgtrjreTGartheWHearygerHYareh, they might have trouble recognizing it as a valid key break. More research is needed here. Even if they do, the next step still takes a secondary algorithm, which could be "anything" as far as they know.
6d. Innovation - I believe there are tons of materials made possible by the Computer Revolution which will contribute to Cryptographic theory, but are not currently being harnessed. I have used a few of them in my sample.
6e. Left Field Thinking - My term for a new style of Cryptography. A quick glance over current literature on Cryptography seems to revolve on high end math. There is a lot of fertility left in low end PreProcessing and Post-Processing not covered by all this literature. Almost anything can be converted to cryptographic use, from spacial placement of desktop icons, to spaces in a document, to fonts used for punctuation per document per a chart. (Can you tell an Arial period from a Geneva period?)
6f. Test Cases. I have sent off a couple of purposely weakened test cases. If even the weak test cases prove troublesome, then the advanced algorithms and methods must be even worse!
7. There IS a mistake!!!!! (Not intentional, but recovering from it is part of this memo). I think a lot of my "10's" became straight "0's" in the last half. So I think restoring them to 10's works. I might have lost count, the receiver might need to add a 10. But it's still distractions, which serves my point. ((Partially fixed for DC, but there are still a couple of extra characters!))
There are more ideas not yet covered here in this memo.
TaoPhoenix:
Kyrathaba, I can afford a $50 Commission to you (or anyone else) developing this kind of program at Phase 1.
TaoPhoenix:
Okay, I apparently have a habit of being a Semi-Troll to leave alone!
Meanwhile, the results of another weekend project are concluding.
I was stumbling toward:
"A Novel Method to Implement Book Ciphers"
http://ojs.academypublisher.com/index.php/jcp/article/download/051116211628/2309
(Warning, I just got database connection errors - not sure what that means, if I downloaded it too many times!)
and Key Agreement Protocols.
And yes, this was much more than a $50 commission given the risks of bugs vs my other one which was just for nice sites.
40hz:
You have a point about "open" schemes, but somewhere in the mix I believe the Obscurity Factor is under-rated. If you cannot tell even what algorithm to use, then you as the Interested Enemy are slowed down that much more.
-TaoPhoenix (March 17, 2012, 11:32 AM)
--- End quote ---
There is that argument. I've heard it made in other places. I can't comment on how correct it is because I have an amateur's understanding of cryptography and lack the amount of college level math (I only took 6 courses so I'm fairly ignorant) to be able to determine for myself how much it has bearing in a real-world situation. I will agree however that it seems like it should make things harder for a cracker.
The only problem with obscurity as a feature is the deployment of your methods are directly dependent on just how willing somebody is to trust you, the person who came up with them. Quis custodiet ipsos custodes? as the Romans so wisely observed.
In the case of encryption, I'm amazed how just how clever some people are with that sort of thing. But there's very few operating in "lone wolf" mode that I would trust with something like a client's data encryption. Because this is one of those areas where nobody can completely and unreservedly trust anybody. Especially a single individual. It's one of those places where we have "watchmen watching watchmen watching watchmen watching men you want watched."
So obscurity, while it may make life more complicated for a cracker, isn't part of the equation in most cryptographic discussions. Unless it is a documented obscuration method - at which point it loses 90% of it's effectiveness when it winds up on the list headed: other things to check for.
Either way, what you shared is (to me at least) quite interesting. I wish you luck with wherever you want to take what you're up to.
Best! :Thmbsup:
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version