Hello,
for a school project i have made a new method of non-algorithmic encryption.
I don't use keys but what i call dictionaries. Those include all "strings of characters" that can replace a character.
Lets say we have a level 3x3 dictionary: I can swap letter a with 3 different strings, 3 characters in length. With level 35x15 dictionary i can swap every character with 35 different strings, 15 characters in length.
The general idea is that encrypted text is different every time. And you can use multiple dictionaries in some order and in reverse order to get the text back.
I made this actually for some people i know and are drug dealers. One day one of them was worried that if key is guessed or brute forced by the police (or someone else) there would be no point in it. My so called dictionaries customizable and much bigger. So i got an idea. A PC, which is always offline so no one could get the dictionaries for encryption/decryption. 2 people exchange some number of dictionaries and every week use them in different order.
I know this is far from actual modern cryptography but keep in mind this is an unconventional method.
What do you guys think about it? Do you like it? Do you see a future in this?
I published my work here:
>www.textencryption.wordpress.com
You can generate a dictionary and open it with a notepad. They are actually just .txt files that I have renamed to .drv to make it more misteryous and pro-like. (When generating dictionaries there is no verification of repetitions but i dont think i have ever encountered an actual repetition in a dictionary bigger than 2x2)
>>54411870
>And you can use multiple dictionaries in some order and in reverse order to get the text back.
so it like encryption but weaker? wat?
>>54411870
This is pretty much the same thing as a one time pad
>Donate button
If i failed in choosing a boards please recommend me a new one!
No it is not weaker. Much stronger, but much slower and more unconventional. It is not meant as all data encryption but only for the most important messages drug dealers or bussines man hvae to exchange over internet
>>54411870
is this FOSS?
also, if im right, they actually have to transfer the dictionaries with the encrypted text. sooooo they are fucked anyway if the transfer is corrupted by someone
>>54411870
op slovene?
>>54411948
It does not work :) Only for school purposes :P
>>54411965
They exchange dictionaries on USB 1 time a year. Then they can send encrypted text over anything you want to! Dictionaries are generated and not 2 are the same.
>>54411984
Yes, did you see it from VisualStudio?
>>54412000
>:P
>>54411947
One time pad uses a key. I use much bigger dictionaries and guessing or bruteforcing would be a waste of time
>>54412012
What the fuck do you have against smileys you piece of shit. Smileys are fucking amazing :)
>>54412000
>Yes, did you see it from VisualStudio?
ja
>>54412035
Didnt really get that one untill you mentioned that
>>54412041
Dobro je videt še kakšnega slovenca na 4čanu :D
>>54412000
if they already have to make a one time data transfer to share the dictionaries, it could be huge ass one, and just replace every letter with the coords of the dictionary. have multiple of the same letter so its less likely that it gets brute forced. add some salting to make the texts longer and done.
>>54412066
You do have multiple options for every characters and using multiple dictionaries completely wipes out repetiotion. I dont really get the "just replace every letter with the coords of the dictionary". Dictionaries are supposed to travel offline aka. USB, CD...
So why not use actual encryption? I see no advantage in this method and its a lot less secure.
>>54412066
You can download the app, generate a dictionary and open it in notepad.
So guys do you like it? Do you think there can be a future in this?
>>54412065
>Dobro je videt še kakšnega slovenca na 4čanu :D
mja.
sredna šola?
>>54412088
after that. your output shows random letters which might be same method, i just said use coords like how the book cypher works
>>54411870
This is the dumbest thing I've ever seen. There are likely infinite vulnerabilities with your algorithm and you're much better off just using something that's been tested and secured for years such as GPG.
Also
>Keep in mind this is an unconventional method
Obscurity =/= Security
>>54412151
this doesn't use algorithms. with a big enough dictionary its impossible to crack without the dictionary.
>does that make it a better solution? nah
>>54412139
It is much more secure because in "real" encryption you can brute force the key. Here you cannot bruteforce letsa say 6MB big dictionaries
>>54412151
Please tell me how the code can be cracked. And this is not really algorithmic encryption. If you dont have dictionaries you are fckd
This is the weakest "encryption" I've ever seen. A retard could use this and reverse engineer what's written because you even built it into the system for that. So, really, it's no more complex than pig latin or the most basic cypher. Sure, normal people may not be able to read it, but normal people won't be reading it to begin with or shouldn't be if you're so "top secret".
A cop, however, could easily decrypt it and cops know all about ciphers because it's a common and routine thing criminals use to send messages secretly. All you did was make it easier, since cops don't even have to have a cryptographer come in to decipher it, but rather use the program itself to decrypt it by the same method the drug dealer would use when receiving that message.
And there's no defense against that because nobody is gonna be able to memorize all of that shit and read it for it to work as a one time cipher. This is a dumb idea and given how you talk in this thread and act, you should be ashamed of yourself for thinking this is a good idea. All this does is make it easier for cops to know your shit when they inevitably catch you because someone snitched on your ass when they got caught, not because someone hacked into your emails and read them.
>>54412147
>kriptografija u srednjoj školi
>>54412147
Ja. To je moja zaklučna. Pa me zanima če lahka kj zaslužm. Če ne žgrem pa itak študirat haha
>>54412210
I agree to some point. But how it works is not a secreet. dictionaries can be generate, 1 after another, all custom. If you destroy dictionaries, all of them, the code is virtually impenetrable.
>>54412179
You literally have no idea what the fuck you are even talking about. You cannot brute force a private key in GPG encryption within a realistic amount of time. You don't need an unnecessarily large dictionary or key. We already have encryption that the government CANNOT get through without using an attack vector unrelated to the actual encryption itself. Get over yourself and stop pretending like what you've made is even remotely useful.
Everyone seem to be so aggainst it.
If anyone is so smart and my encrtyptio so weak, you can decode it right? I can give you the code, you know how it works, you have the program, and you can do it? Anyone up to a challenge? If you succed i delete the website and stop the project
>>54412229
maš point ampak je napisu da je v sredni lihkar.
>>54412236
>Ja. To je moja zaklučna. Pa me zanima če lahka kj zaslužm. Če ne žgrem pa itak študirat haha
kera sredna pa?
>>54412034
lmao
>>54412177
All anyone would have to do is get the dictionary. They're using this program, and if caught, this same program and the means to decrypt everything (which others would do who need to read the message) are right there for the cops to use.
And this doesn't protect you anyway, because drug dealers don't get caught because people read your emails. Nobody cares about your emails or little codes. Someone's gonna get caught with drugs, snitch, and then your ass gets busted. So this "encryption" doesn't even do anything because nobody has ever been busted because of someone reading your emails. They're busted by real life people snitching on you. And no amount of encryption is gonna stop that. You're not a hacker or something else that may have someone snooping on your shit, you're a drug dealer. Cops aren't hacking your emails because it'd be a waste of time since some emails aren't the damning evidence they'll get/need to prosecute you anyway.
Stop being retarded, kid.
>>54412285
>All anyone would have to do is get the dictionary.
aaand thats the point. we all know nothing is safe that is phisically accessible
>>54412274
Računalniška
>>54412285
I was having telephone in mind. A lot of people go down because they are not carefull. You could talk freely. PCs with dictionaries would allways be offline and with hammer asside if anyone show up the house, you could smash the disk.
I was just asking for comments not hatefull bashing.
>>54412306
Making it not accesible is the general idea -.-
I'm not going to pull any punches here. People much older and who should know better than you have tried things much like it. I retired so I didn't have to see this kind of worthless homebrew crypto in production anymore.
Cryptanalysis techniques in https://github.com/nccgroup/featherduster can most likely break your polyalphabetic substitution cipher - which, you are correct OP, is very far from modern cryptographic techniques. It is a school project, and it looks like one. There is no value in it.
Sorry, kid. You'll do better one day if you learn.
>>54411947
No. The essential features of the Vernam 'one-time pad' that make it information-theoretic secure are that 1. the key is truly random, 2. is never even partially reused, and 3. is (at least) as long as the message - and if any one of those requirements is even slightly violated it instantly becomes a breakable trashfire (and in practice, not just theory).
Due to the requirement that the key is as long as the message, it is more of a secret-splitting scheme than a usable cipher and is not really suitable for any real-world use left in production (the last remaining one was the so-called 'numbers stations', but most of those have been decommissioned too because everyone just uses phones now).
Use an AEAD. Salsa20/ChaCha20-Poly1305, or maybe AES-256-GCM (if you have hardware AES-NI and PCLMULQDQ instructions handy - do not try to implement Rijndael in software, you'll probably have a cache side-channel). Ideally, libsodium provides you with something ready-to-use, fast, versatile, and harder to fuck up with than anything else out there (although I'm sure you'll probably just find a new way).
Unless you can present the proof in standard model or the ROM, or if you don't know what that is, don't try to make your own protocols, even based on secure primitives.
Trevor Perrin's "Noise" framework may provide you with a very good starting point; his Axolotl ("Signal") ratchet is best-in-class for messaging.
>>54412177
>this doesn't use algorithms
Its still a fucking algorithm.
"Go down the street, turn left and its the fifth house on the right" is an algorithm.
Fucking kids.
>It is much more secure because in "real" encryption you can brute force the key
This is the most retarded shit I've read on this board in a long time. By standards of modern cryptography, this is horribly insecure.
No perfect forward secrecy: proper encrypted messaging protocols exchange session keys in a way that even if the long term keys (your "dictionaries") are compromised, the sent messages can still not be decrypted. If anyone ever gets a hold of your dictonary, all previous messages are fucked.
Known plaintext attack: if by any means, some parts of the plaintext message are known, this can be used to derive parts of the dictionary which in turn can be used to decrypt other parts of the message, "guess" the rest of the words and fully compromise the dictionary. This of course depends on the length of the plaintext, but a good cryptographic algorithm is completely immune against known plaintext attacks.
Chosen plaintext attack: in a scenario where an attacker can get you to encrypt arbitrary messages, the full dictionary can be recovered, for instance by encrypting the alphabet ten thousand times.
Apart from all that, its still vulnerable to statistical analysis, replay attacks and there is no way to verify the integrity of the message (if a part gets modified, the rest still decrypts fine) . Additionally, it completely lacks any kind of authentication scheme and you can never verify who you are communicating with.
Sorry for sperging out but this kind of shit triggers my autism hard.
>>54412236
>If you destroy dictionaries, all of them, the code is virtually impenetrable.
And I'm sure that cops will give you a heads up before they come so you can turn on your computer, go into all of your emails/messages (because it can be reverse engineered if there's remnants of the code anywhere), destroy any other evidence, get rid of the drugs, destroy the program that can decipher the messages, and then go to open the door before kindly asking you if you sold drugs.
Nah, they won't need the fucking cipher because they'll have some idiot who got caught and snitched because he didn't wanna get in trouble and that's all they'll need to fuck you in the ass. And then because they're not gonna wait for you to do all that, they're gonna have everything else too.
Unless you destroy dictionaries each and every time a message is sent, but you can't do that because someone has to have at least one other copy of it to decrypt it and the program to do so, and if they use a new dictionary to send a message, the other person will need a way to make a new dictionary to decrypt the message from the new dictionary.
So, it's not even the one time code that spies use or anything. It's way less efficient and easier to figure out than any other code in existence. And, by the nature of your criminal pursuit, codes don't help since people don't get caught from codes like a spy or hacker, they get caught from snitches and people testifying. So this does nothing to make you more secure.
>>54412361
>pick random letter from random array
>hurrdurr this is a crackable algorithm
/g/ 2016
Yeah, this has pretty much the same downsides as an OTP.
There's a reason a golden rule in programming secure systems is to not roll your own crypto but go with something thoroughly tested like RSA or AES. You don't know shit about crypto and the sooner you accept that the less likely you are to rely on insecure custom systems.
It's one thing to play around with designing your own crypto and playing around with it, but for the love of god don't rely on it for any serious shit.
Most retarded OP I've ever seen on /g/
>>54412179
>It is much more secure
that's highly unlikely. I'm sure the NSA or any security audit agency would tear this apart in a matter of days,
> because in "real" encryption you can brute force the key
in "real" encryption your key length and the number of encryption cycles determines the amount of work required to decrypt the content, which assuming your key is strong is usually sometime past the heat death of the universe with modern technology.
Also most encryption software already allows you to choose a key file (one of your 6mb dictionaries for example) as your encryption key.
There's almost no distinction here, except that AES is widely accepted and well tested and this is some shit you threw together in winforms over the weekend.
>>54412350
>Sorry, kid. You'll do better one day if you learn.
in order to learn you have to start from scratch
Post your source code, OP. Your description is vague, and it's difficult to judge the merits of your encryption method without comprehensive knowledge of how a message is encrypted and decrypted from start to finish.
Also,
>non-algorithmic encryption method
If it is a "method", it is an algorithm, stupid.
basically just base64 + rot13
only baseX + rotX
>>54412147
dobro je vidjeti brdske hrvate ovdje, znas
>>54412406
> AES is widely accepted and well tested so its more secure
wonder which one would be prioritized to be cracked. a widely used and tested method or something that noone uses...
>>54412474
Congratulations on making the most retarded post of the day
>>54412406
>that's highly unlikely. I'm sure the NSA or any security audit agency would tear this apart in a matter of days,
>days
Nah, they've cracked more complex codes than this in less time. This is gonna be cracked by some suit in 5 minutes as he's settling in and having his coffee for the morning.
>>54412485
>have no counter agrument
>better call him retarded
grats, you took it away from me
>>54412486
I get it, OPs description was shit, but use your brain. this has 0 cryptographic algorithm. its a book cipher without the book
>>54412496
Not even that anon but encryption that has been vetted by experts from all over is much more secure than something homemade. It's the same idea of security through obscurity is a bad model.
>>54412461
živjo, ne znam dobro hrvaško
šta je "brdske" and "ovdje"?
>>54412496
It's retarded because the strength of an encryption algorithm lies not in the amount of attention that is focused on cracking it, but in the theoretical possibility of cracking it and robustness to various theoretical cryptoanalysis attacks.
What you were implying is akin to "security through obscurity", which is not secure at all.
Everyone is acting like OP is proposing we use this in place of existing cryptography.
No, he just made something cool for school. What the fuck have you idiots made today?
I like it OP, jolly good.
>>54412522
im not saying its more secure. im saying if any agency decides which one to start cracking, they will choose the AES. thus this one stays uncracked
h t t ps / /ju removethistextandseparatorforlink s t pa ste.it/ u1 2 6
My message was amrked a s a spam soo
>>54412542
Tnx man, apreciate it :)
>>54412516
You're retarded if you think this is secure when everyone has shown all the various ways this shit won't work for anything. Because there is a book. There's an entire fucking program to reverse engineer and at least two copies of the same dictionary (and the means to make it) around at any given time.
Not to mention this does nothing since the flaws of the drug trade are the human elements who can rat you out, in which case whether or not they can decipher a message is pointless since you're still going to be bunk buddies with Bubba.
>>54412556
>im not saying its more secure
>>54412179
>It is much more secure
>>54412569
You would still write in "code". It was meant for messages that are valuable for some time, lets say a week.
>>54411870
breddy good OP
you should try to avoid strings that are easily factorized and you'll be kicking some strong crypto afik
>>54412556
Kerckhoffs principle, bitch nigga
OP
eh, whatever. Tnx for the replyes if anyone knows where i could get someone to show me how to decrypt my text or a cummunity that likes to try to decrypt messages what would be nice
[email protected]
good night and have a nice evening
what >>54412542 said.
Ne skrbet OP, /g/ je poln neumnih debilov.
Don't worry OP, /g/ is full of illiterate dumb fucks.
>for a school project i have made a new method of non-algorithmic encryption.
>for a school project
>school project
>school
People that think that he made new type of encryption should go kill themselves.
>>54412569
>eryone has shown all the various ways this shit won't work
literally noone showed anything
literally noone took the time to understand what OPs program does
>>54412623
>non-algorithmic
He's the one that should kill himself
>>54412569
>There's an entire fucking program to reverse engineer
yea super hard anon, how will we ever see the source code of a reflected language I wonder?
>>54412623
tnx
>>54412645
I was thinking about actual calcualting'n'shit. Sorry but in middle school actual knowledge is not present haha
>>54412663
The method is not a secret? I told you the power lays within dictionaries. Knowing exactly how this works is making this secure. You are talking like i dont know .exes cant be taken apart -.-
>>54412645
he typed some stupid shit and you guys are trying too hard.
go drink bleach you imbecile.
found an easter egg
>>54412461
Topkek
U B I L O
>>54412229
haha lmao, jeben meme
>tfw web dizajner u grafičkoj
>>54412700
Very good job, you want a cookie now :) This was adden for some frineds as a joke.
Although the code is:
if (egg == true)
(i know it if exactly like if (egg) and i know what is the point of this. )
>>54412685
>I was thinking about actual calcualting'n'shit. Sorry but in middle school actual knowledge is not present haha
>middle school
And reported. Guess this is why you're such a fucking tool and think this is "secure" over anything. I'm sure some middle schoolers selling drugs really need this encryption because everybody's trying to get you big shots!
>>54412751
Middle school in slovenia starts at age 16-17.
>>54412741
the "this" is added by the reflector as a safeguard. The code is functionally the same but the reflector generally won't produce exactly the same code as you've written
>>54412786
Nice
>>54412786
Still underage.
Well the general info gotten from this is: Never, ever, ever,,, ask 4 chan to nicely comment on some SCHOOL PROJECT FOR FUN
>>54411870
>I made this actually for some people i know and are drug dealers.
>>54412804
Im 20 now. If this is a project at finnioshing shcool and i took the 3+2 year programme i am not underage. but whatevs
>>54412809
>Never, ever, ever,,, ask 4 chan to nicely comment on some SCHOOL PROJECT FOR FUN
Almost. It's more like
>Never, ever, ever,,, ask 4 chan
>>54412809
you must be new here
>I made this actually for some people i know and are drug dealers. One day one of them was worried that if key is guessed or brute forced by the police (or someone else) there would be no point in it.
>releases the source
FUCKING RETARD TIP TOP KEK
>>54412663
>using Random() instead of RNGCryptoServiceProvider
>glorified book cipher which "is still susceptible to other methods of cryptanalysis, and as such is quite easily broken, even without sophisticated means, without the cryptanalyst having any idea what book the cipher is keyed to."
>people unironically saying this is more secure than conventional encryption
>>54411870
>I made this actually for some people i know and are drug dealers. One day one of them was worried that if key is guessed or brute forced by the police (or someone else) there would be no point in it.
K E K
E
K
YOU LITERALLY CANNOT MAKE THIS SHIT UP
HAHAHAHAHHAHAHA
>HE HAS TO SELL ILLEGAL DRUGS TO MAKE MONEY
K E K
WHY DON'T YOU ACTUALLY FIND EMPLOYMENT LIKE A NORMAL HUMAN?
>>54411870
Non algorithmic? This is an algorithm. You are algorithm. I am algorithm.
>>54413706
Because he'll actually make a decent amount of cash by selling drugs and not being a total wagecuck? If I had the oppurtunity, I'd quit my job and sell pot here in my town.
Op you should really understand the difference between what you've done and how public key encryption works.
>>54413771
Well asymmetric encryption isn't always the best solution. Sometimes it's better to use symmetric encryption because it can be accelerated greatly by hardware.
>>54413706
>actual employment when you can make 100 times the money selling crap to idiots
>obfuscating data
Why the fuck is anyone replying to this freshman's school project?
>>54411870
Use pgp you retard.
>>54413836
>>actual employment when you can make 100 times the money selling crap to idiots
But muh ego trip, man...
>>54411870
Kinda neat project, OP.
I did a similar program myself for encrypting (more like obfuscating instead) passwords in Python but using random keys instead. I don't think it's safe for general use though, but was a cool weekend project.
For safety and usability, use one of the well established encryption methods instead of creating one from scratch.
>>54411870
You need to paid *great* attention at some things that seem subtle:
>1. I can swap letter a with 3 different strings, 3 characters in length
What decides which of the 3 substitutions [1st, 2nd, or 3rd string) are gonna happen?
>2. How are the dictionaries generated?
If they're not truly random, there's no point in this. You say your cipher is non-algorithmic, but if the dictionaries are produced algorithmically produced, then not only is your cipher algorithmic, it's very weak too.
Someone could simulate a couple million times the dictionary generation, and make out the distribution of your "random" dictionaries, so the problem is greatly reduced to the most likely cases.
From there on, here are some other weaknesses that'll make the actual decryption easier:
> 1. When parts (words) of the plane text are identical, the corresponding parts of the ciphertext are also identical.
[Brown] fox jumps over [brown] wall becomes something like [ashjJJJJ] sjka jks lvxb [ashJJJJ]. This is really insecure and makes cryptanalysis much easier, because it doesn't hide patterns in your messages at all. Formally, this mode of encryption is called "electronic codebook mode". The more secure mode is the "cipher block chaining mode". Tip: figure a way to incorporate that into your cipher, so that everytime a letter or words reappears, the "dictionary" applied to it is modified and not the original.
>2. Building on 1, and *most importantly*, you substitute not words (or blocks), but single letters.
This is very, very bad practice. Essentially,, it reduces a block cipher to a simple substitution cipher.
Why is this bad?
Frequency analysis. See the pic attached. This is the relative frequency of each letter of the alphabet in english texts.
An attacker samples the frequency of some repeating strings in the cipher text (this is why ebc mode is bad), and then substitutes them with the respective letter (this is why letter substitution instead of block is bad), in descend
>>54412393
>crackable
>algorithm
What the fuck are you even talking about? Algorithms have no meaningful relation to "crackable," they're literally just a series of instructions or steps. To be "crackable" something has to have a goal or purpose, which an algorithm does not. The *application* of an algorithm, for example as an encryption algorithm, could be crackable, but then it's the "encryption" part that's crackable, not the algorithm.
>>54415382
Cont.
What I'm saying is, using ebc mode is bad.
Using letter substitution instead of block is bad.
Using both together, is not 2*bad, it's 4* bad.
Some general remarks:
- If you're using a one time pad, make sure it's *random* and *strictly one time*. Also keep in mind, random is hard to get, for example banging your fists on the keyboard, the string produced is *not* random, since a meaningfully non uniform distribution can be extracted after some simulations.
- One time pads are not practical and can never be. They can be more secure than the usual block ciphers, but when a block cipher is sophisticated enough to hold for a couple decades, and you need to encrypt many messages, one time pads are not an option. They're so inconvenient that even the *army* (russia in that case) reused some of them and got intercepted and decrypted.
- Look how AES and then RSA works. Don't pay too much attention in the SBoxes, but what happens after those. They're a good intro in cryptography, and they stress how important it is to shuffle and reshuffle the message in creative ways, that you never though would be required.
Also, all of this (>>54412377).
>>54412786
Only if you're retarded and repeat a class in primary school.
Gj op u cab do it I belob in u pls
>>54412350
What are some books or resources to get started in understanding cryptography?
>>54416100
application or math? (not them, but I'm a grad student in crypto and privacy)
>>54416246
Application mostly, but some background math that would be accessible to an undergraduate student would be interesting also
>>54416289
Sounds like you want Dan Boneh's free crypto course.
https://www.coursera.org/learn/crypto
Dan Boneh is one of the best cryptographers alive still doing research (he's at Stanford), and I have yet to meet someone in the field who didn't think this course was great. That Part 2 of it never came out is kind of a running joke in the crypto/privacy community.
>>54416379
Thanks anon, this looks to be at the level I'm looking for, and the course is running right now for free.
>>54416524
Awesome. Once you're done with that, and if you still remember, check out the Matasano crypto challenges. I've never done them myself, but I've heard they're great for trying out/learning applied crypto skills. They used to be hosted on Matasano's website, but these days I think they're hosted at http://cryptopals.com/
>>54411870
>non-algorithmic encryption
Stopped reading right there
>>54412034
>One time pad uses a key. I use much bigger dictionaries and guessing or bruteforcing would be a waste of time
>>54411870
>people exchange some number of dictionaries and every week use them in different order
Wow, enigma bitches
