Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: crypto with core modules only

by stevieb (Canon)
on Aug 28, 2018 at 00:57 UTC ( [id://1221240]=note: print w/replies, xml ) Need Help??


in reply to crypto with core modules only

Quite a few years ago, I was helping someone doing some light data manipulation stuff (obfuscation really). Premise was to obfu a string with a password, print out the result, and then to decipher it, you had to supply the same password and paste in the jumbled hex text. Here's an example of how it works, then the actual code. The code is in two files (for the convenience of the person I was helping; it could easily be merged. Also, if I were to actually use it myself, I'd add another input field for the salt as well (it's hard-coded), but I digress). This is very simple and probably far from secure, but thought I'd share anyhow.

Obfuscate a message:

perl enc.pl 

Create a password: secretpw
Enter your message to be encrypted: This is an encryption test

Your encrypted message: c7cda0cc55bde684b5db9698d5d6d7b0c9a9bde2d274e1
+dba6db

[download]

Then, to decrypt:

perl denc.pl 

Enter your password: secretpw
Enter your encrypted message: c7cda0cc55bde684b5db9698d5d6d7b0c9a9bde2
+d274e1dba6db

Your decrypted message: This is an encryption test

[download]

The enc.pl code:

use warnings;
use strict;
use 5.10.0;

print "\nCreate a password: ";
chomp ( my $password = <STDIN> );

my $salt = 'j4';
my $crypt_pass = crypt( $salt, $password );

print "Enter your message to be encrypted: ";
chomp ( my $message = <STDIN> );

my @hex_pass 
  = map { sprintf( "%x", ( ord( $_ ))) } split //, $crypt_pass;
my @hex_msg  
  = map { sprintf( "%x", ( ord( $_ ))) } split //, $message; 

my @crypted;

my @hash;
push @hash, @hex_pass until @hash > @hex_msg;

my $i=0;
for my $letter ( @hex_msg ){
    push @crypted, hex( $letter ) + hex( $hash[$i] );
    $i++;
}

@crypted  = map { sprintf( "%x", $_ ) } @crypted;

print "\nYour encrypted message: ";
print @crypted;
print "\n\n";

[download]

The denc.pl code:

use warnings;
use strict;
use 5.10.0;

print "\nEnter your password: ";
chomp ( my $password = <STDIN> );
my $salt = 'j4';
my $crypt_pass = crypt( $salt, $password );
my @hex_pass = map { sprintf( "%x", ( ord( $_ ) ) ) } split //, $crypt
+_pass;

print "Enter your encrypted message: ";
chomp ( my $message = <STDIN> );
my @crypt_message = ( $message =~ m/../g );


my @hash;
push @hash, @hex_pass until @hash > @crypt_message;

my @decrypted_message;

my $n = 0;
for my $letter ( @crypt_message ){
    push @decrypted_message, ( hex( $letter ) - hex( $hash[$n] ) ) ;
    $n++;
}

print "\nYour decrypted message: ";
print map { chr( $_ ) } @decrypted_message;
print "\n\n";

[download]

Replies are listed 'Best First'.
Re^2: crypto with core modules only
by dave_the_m (Monsignor) on Aug 28, 2018 at 15:10 UTC
    That is very insecure. It's basically adding the same set of 13 numbers in a cycle to each 13th character of the plaintext. You can eliminate the key from the cyphertext by calculating something along the lines of 
    $diff[$_] = $cyphertext[$_] - $cyphertext[$_+13]  for 0..(@cyphertext 
+- 13);

    [download]
    You then end up with this equivalence for all the chars in the plaintext, apart from the first and last 13: 
    $diff[$_] == $plaintext[$_] - $plaintext[$_+13];

    [download]
    From there it's fairly easy to deduce what @plaintext is, especially if a few chars of the plaintext are known or can be guessed.

    Dave.

[reply]
[d/l]
[select]

      It's called a Vigenere cipher, and this variant is an especially weak variant because the length of the key is known to be 13 characters. It is somewhat more secure if the key length isn't known to the attacker.

      If the key length is variable, for long ciphertexts, there are algorithms that can quickly yield the plaintext. For very short cipertexts, it's a lot more secure than you might think. If the key is as long as the message, it's basically a one-time pad.

      toby döt ink
[reply]

      Thanks Dave,

      I figured it's terribly insecure, but the original premise was helping someone do some simple obfu that could be encoded in hex and then decoded. Security wasn't really part of the deal.

      It was a uni project for the person and we kind of collaborated outside of any forums. A learning exercise essentially.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1221240]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2024-04-23 22:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found