Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Re: Web Cryptomatic

by oakbox (Chaplain)
on Sep 22, 2001 at 18:32 UTC ( [id://114060]=note: print w/replies, xml ) Need Help??


in reply to Re: Web Cryptomatic
in thread Web Cryptomatic

I appreciate the feedback. My original problem was "How to send short strings of text (less that 256 characters) in a hidden form field between two different web sites?" I needed to make the string encrypted enough to not be worth breaking (I'm not passing CC numbers or anything like that).

After looking at some different schemes, my problem became 'How do I whip up a good pad?' and this was my answer. My question is, HOW secure is the above scheme? Are we talking about a couple of hours or a couple of minutes to crack? What if the pad was 32 bytes long? 64?

I whipped up the above code so that I could get some good crypto advice and maybe make something useful. I guess my 'big' question is, can someone break into a short section of text (~256 bytes), encrypted by this engine, without the password?


-oakbox

Replies are listed 'Best First'.
Re: Re: Re: Web Cryptomatic
by no_slogan (Deacon) on Sep 24, 2001 at 23:13 UTC
    It doesn't matter how long your "pad" is, if you cycle through it in a predictable fashion. If the message is longer than the key, you will reuse key bytes. If you reuse key bytes, you're a sitting duck. 256 bytes of encrypted English text would be easy to break in a matter of minutes. Half that or less would probably be enough.

    When you're doing crypto, don't try to get clever. Use a real cipher module like Crypt::Rijndael or Crypt::IDEA or whatever. There was an article on crypto modules on perl.com recently.

    If for some reason you can't use one of those, there are secure ways to use hash functions like MD5 for encryption. You have to be very careful, though, because that's not what they were designed to do. For details, see <cite>Applied Cryptography</cite>.

[reply]
      >When you're doing crypto, don't try to get clever. Use a real cipher module . . .

      You know, this was a little hard to swallow, because I consider myself to be such a clever fellow. I played around with a bunch of different schemes to derive larger pads from a password and ended up feeling like my brains were turning to mush. After spending too much time on what, in the beginning, was a simple problem, I realize I don't know jack about cryptography and should leave it in the hands of people who know what they are doing :)

      Again, thanks for the advice and pointing out the correct direction to a fellow monk.
      -oakbox

[reply]
        >When you're doing crypto, don't try to get clever.

        You know, this was a little hard to swallow, because I consider myself to be such a clever fellow.

        I didn't mean to be such a downer. If you're interested in crypto, don't give up. Just use your hubris somewhere it will be productive. Instead of saying to yourself "I can design my own cipher," start with "I can figure out why these other ciphers are designed the way they are." That means both understanding how encryption algorithms work, and what attacks are possible against them. A lot of amazingly smart people have thought about that, and you can learn a lot from their work. So find yourself a good book and dig in - that's what I've been doing.
[reply]

In Section Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://114060]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (3)
As of 2024-04-19 21:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found