Poor man's encryption

Discussion in 'Computer Science & Culture' started by CompiledMonkey, Mar 27, 2003.

Thread Status:
Not open for further replies.
  1. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96
    I'm faced with a web project currently. I've been going through most of the modules of this project, trying to get an idea of what I'm going to need in terms of objects and such.

    One thing has caught my eye. I'm going to be storing a password for login in an Oracle database. Previously, I would have just stored it as plain text and not thought twice about it. Now, I'd like to implement a poor man's encryption technique. I'd like to come up with an algorithm that will take a string and change its values in a certain way, and then I can come back later and run the same algorithm backwards to get that original string. I was thinking I could take each character in the string, find a number value associated with it, and multiply it by a certain amount. Is that possible? Are there certain numbers associated with characters (i.e., a, b, c, etc.)? I don't want anybody to do this for me, or link to code they find on the Net. I'm just curious if the approach I'd like to take is possible. Thanks for any input.

    Please Register or Log in to view the hidden image!



    I know Oracle will allow you to encrypt fields in the db, but I'd like to do it for the experience.
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    I always thought the the WWII encryption technique of using the bible was pretty cool. Pick a random verse anywhere in the bible, from there record all the characters. Offset the ascii value of the orignal text by some multiple of the ascii values of the characters of the random verse and boom, you're there. Do it backwards to get your junk back. You can record the key then as the verse number and you're good to go, without having to keep the value of the real key written down... just it's location in teh bible. Kind of cool and you could use it with your own whatever instead of the bible. textbook, etc. just make sure it's something that's not going to change or dissapear and you're good to go.
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96
    So I am correct in saying each letter and symbol has an ASCII value associated with it?
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96
    Wow, that was easier than I thought! I'm sure it isn't too safe, but it does the job.

    Please Register or Log in to view the hidden image!

     
  8. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    Yes.

    Please Register or Log in to view the hidden image!



    do a search on "ascii table" or "ascii code"... you should stumble across it quickly. it's a very usefully information, sometimes invaluable.
     
  9. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    mmmmbooyah kasha. respect.

    Please Register or Log in to view the hidden image!



    (i'm surprised some computer science major didn't ream me for that, it's okay.. but I'm sure they're taught better shit than that)
     
  10. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96
    I had a hell of a time deciding on CS or CIS/IS myself. I ended up going with CIS/IS.

    Please Register or Log in to view the hidden image!

     
  11. AntonK Technomage Registered Senior Member

    Messages:
    1,083
    The truth is...it almost doesnt do the job. Poor man's encryption is almost no encryption at all. You can find a variety of free encryption libraries out there that are actually quite good. PLEASEEEEEE with all the problems programmers are having lately with insecure code and lack of proper protection, just do the right thing and use an encryption library that we all know is reasonably secure. I suggest going with a TwoFish. VERY efficient and very quick block encryption.

    -AntonK
     
  12. AntonK Technomage Registered Senior Member

    Messages:
    1,083
    AHHHHHHH just read that you are going CIS/IS!!!! Please take my above post more seriously since you are eventually some day going to be in charge of vast networks. SECURITY IS IMPORTANT!!!

    -AntonK
     
  13. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96
    This was more of a learning experience than anything. I will probably just use what is built into Oracle.

    Also, I will not have anything to do with Operations once I finish college. I'm going to continue to be a developer.

    Please Register or Log in to view the hidden image!

     
  14. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    I'm in industrial engineering myself... it's always tough to decide on a major... dat b fo sho.
     
  15. CompiledMonkey The Lurker Registered Senior Member

    Messages:
    96

    Please Register or Log in to view the hidden image!

    LOL!
     
  16. Redrover Registered Senior Member

    Messages:
    234
    Actually, the homemade encryption explained by wesmorris is very secure. While most modern encryption can eventually be craked by someone with enough time and computing power, a code based on something that seems random like the bible or, even better, a list of letters and numbers that are truly random, is unbreackable.
     
  17. AntonK Technomage Registered Senior Member

    Messages:
    1,083
    the problem with that code is that it is simply an offset of the original text by some value. ANY decent computer can run through possible permutations with a decent dictionary to cross reference. Simple character encrpytions like that are EASILY found and deciphered. It's basically the cryptogram in your local newspaper,...people crack them every week.

    -AntonK
     
  18. GMontag Registered Senior Member

    Messages:
    85
    The problem isn't that its just a set of offsets, all encryption schemes that don't change the length of the message can be considered just a set of offsets. The problem is that those offsets are not random, they are english (assuming you are using an english version of the Bible). And English is easily cracked, because of known letter frequencies, etc.

    BTW, does anyone know where to find letter frequency charts for other languages?
     
  19. Fafnir665 You just got served. Registered Senior Member

    Messages:
    1,979
    I think your on crack. This isnt random, not in the slightest. Languages like english have discernable pattern in most cases, and any book, such as the bible, that in such a large distribution, that its almost mindboggling that anyone could/would want to use it in a code, and call it secure. Plus, on top of all this, they would want to be changing the file often, and you could take one copy of the password file, encrypted in this simple matter, and another copy of the file, and subtract the results to get the original verse used in the bible, then decipher at will, making it completly useless. Oh, i almost forgot, just to tell you, one time pads (what you describe) used in the manner which you are saying, are completly worthless with modern cryptology techniques, use pgp or blowfish, dont reply on slapshode encryption techniques
     
  20. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    JESUS H. FREAKIN CHRIST PEOPLE!

    He did say "POOR MAN'S" encryption okay? Obviously it's not really all that secure, but it hides the shit to where the average person won't be directly exposed to it. It would take someone with a modicum of knowledge about encryption blah blah to crack it. In most cases on a small scale, that's plenty secure because small stuff isn't generally of interest to somone who is going to bother to hack at it.

    Hehe, you guys are tense. Oh, yeah.. it's definately not "unbreakable" by any stretch of the word and I completely agree that be any professional standard it would be considered a waste of time.. but again.. it IS a down and dirty (though not particularly secure) method for "pool man's encryption".

    Please Register or Log in to view the hidden image!



    EDIT: OH, and BTW, if it is SO freakin weak.. why doesn't one of you cryptographers help the guy out... I admitted straight up that I only halfass know what I'm talking about.

    Please Register or Log in to view the hidden image!

     
  21. Fafnir665 You just got served. Registered Senior Member

    Messages:
    1,979
    This is the first time i've read the thread, thats just what i found wrong with it
     
  22. Redrover Registered Senior Member

    Messages:
    234
    Fafnir665, I think your wrong.

    Wesmorris, I admit, would probably be better off using modern cryptology techniques like PGP or Blowfish if he wants to protect his system. But I still stand by my claim that a good One-time pad encyption system is unbreakable. If you correctly use codewords and base your encryption on keywords that are truly random, not even the NSA will be able to break your code, as opposed to the other methods you proposed.
     
  23. wesmorris Nerd Overlord - we(s):1 of N Valued Senior Member

    Messages:
    9,846
    I don't really know all that much about it.. just the basics. Have no clue what blowfish or PGP is, and I'm not really interested. Cryptology is boring to me in detail.. but the general idea is pretty cool.

    Please Register or Log in to view the hidden image!

     
Thread Status:
Not open for further replies.

Share This Page