Uncrackable encryption software

This is called a "stream cipher". The key to breaking this is to break your random number generator, which can be quite easy or quite difficult depending on the generator you use. If you use random , it's easy. If you use something like Blum-Blum-Shub, it's hard.

If you use a true random source, such as the nuclear ones the government uses, then you have an unbreakable algorithm, assuming you don't leak the key or use it twice.

No, it isn't. The truth is that most "home-grown" algorithms are much easier to crack than the ones whose algorithms are publicly available. Finger for PGP 2. Speak for whom? You've got lic Could you give pointers to Blum-Blum-Shub? Briefly, what is it? You're talking about the ol' primitive trinomial xor business? I've even had an offer by someone here to crack some of my encrypted files. This Usenet thing is awesome fun. I'd like to hear about how to crack this type of random stream encryption.

In a practical sense, barring some ability to detect NP class problems, David might be right. Jim "sure hope Netscape is doing something useful in its idle loop" Walters try Well, yes.

One problem is that "those you trust" may go over to the evil enemy. If they know your algorithm and key, you lost your secrecy. This is why it is important to publish the algorithm, whereafter you can assume that competent evil enemies know it anyway.

The difference between "key" and "algorithm" is only quantitative, the algortithm is supposed to be difficult to design correctly, while the key is meant to be easy to generate and quick to transmit. But a simple XOR with a one time pad is a counter-example. Finally, the only truely secure encryption seems to be to discard the information, or not generate it in the first place.

Maybe we should term that the Reagan Cypher TM. Very, very wrong. Trusting in the secrecy of an algorithm is the sure path to destruction. There are also very subtle tricks involving known plaintext and analysis which can crack things which a naive person might think are secure. Have you done a complete analysis of your system?

Can you make a good argument about why it is computationally difficult to crack your system? Most random number generators from a computer can be completely predicted after looking at only a few numbers.

The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and they have to start all over.

Oh well Could be raining. Not really. If you write a psuedo-random sequence generator that short, with no previous knowledge of cryptology or as little as me! Secondly, its not easy keeping an algorithm secret anyway You should always assume the attacker knows the algorithm anyway. A linear congruential generator can be cracked with lg m of the outputs.

So you can have a generator with an ungodly high period, but it'll still be pretty wimpy. Yes, you are wrong. Amateur cryptologists who make their own crypto algorithm and try to make it secure by keeping the algorithm secret usually end up with a weak crypto algorithm. To make secure crypto algorithms requires expertise in the field of cryptology. Using a good, public, algorithm such as IDEA or RSA will very likely yield much more secure encryptions than a homemade secret algorithm.

The history of cryptoanalysis is full of examples of ciphers broken without prior knowledge of either the algorithm or the key. Of course if you're an expert, keeping a secure algorithm secret will make it even more secure. But if you're an amateur, as most of us are, a strong public algorithm is much more secure than a weak, homemade secure algorithm.

I get the message! I thoroughly admit I'm an amateur. Everyone's been very helpful thus far. I've employed the methods heretofore relayed via e-mail and so far my quasi - random generator has passed every test, but I keep getting infor on more tests i can run. They don't take long to program and I run them in the background, so they don't really slow me down that much, although they do take hours and hours to run. I usually just run them until I run out of memory.

I've been checking it everyway people have been telling me. In fact I have another daemon running in the background even as I type this post. Tell me more, please.

So far I cant tell this generator from true random. This people have been telling me over and over. Make it public!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I'd just send my program along to everybody, but I'd prefer they ask. I have always thought it rude to stick someone with a k file without for warning them. I really don't know because this is all very new to me and i don't have much to compare it with.

Altho I have run a few tests which have shown my algorithm to be pretty random, but I'm not on to all the methods of analyzing number streams yet.

Yes I am very much an amatuer. Anyone want my source code or my programm or both. I would love to see it! Maybe you could use your cracking program on my encryption program to see how bad my sceme really is.

I have had a few such offers already, and I am just now finished messing with my program so that it is easy to setup and use.

I think it might be. In fact my programm makes multiple passes. I do this for two reasons. The first i'm ashamed to admit is so that I can have very long key resolution without using ungodly long variable types. But I decided to stay away from XORing anything even though this is the lazy man's way of encryption because you can use the same routine to encrypt and decrypt because you lose half your byte resolution by using that method.

XOR encryption because it is a random sequence that is encrypted. The truth of the matter is that a good random sequence which needs some quantitative definition in terms of some statistics is very very very very very difficult to generate by any means especially deterministic means a computer program even when generated using "random" physical sources as seeds.

Even physical systems will show chaotic behaviour with periodic bifurcations according to the Fiegenbaum constant. Oscillators are almost deigned by the Almighty to synchronize at least chaotically with nearby sources of interference. Electronic noise sources are very difficult to use without causing statistical contamination in processing the noise signal to a useful electronic output.

Please read Professor Knuth's writing in his classic "Seminumerical Algorithms" book on the subject of random sequences. You may find it very enlightning and discouraging. JK John E. Kuslich WPcrak for Wordperfect jo Isn't it possible to use a non-computer-generated source of input that would for all purposes, be sufficiently random, so that no known math model could accurately simulate it? Just as an example, I'm looking at file-sizes for the last posts on this newsgroup.

They all seem pretty random to me - no discernable pattern there. Isn't this sufficiently random so as to be beyond known means of prediction? Knuth also discusses methods for testing RNG's. However,bear in mind that a good RNG one that looks random,and passes many tests need not be cryptographically strong. Cryptography is an especially demanding application; much more so than say Monte Carlo simulations.

There are a number of truly random data sources i. It's not uniformly distributed. If you took a superficially more random function of sci. Hi, Forgive me, but I have no particular knowledge of cryptology.

But if you could hide your key, then why can't you also hide the module that acts as the entropy source for the overall encryption algorithm? If hiding a key works, then why not also hide more stuff, like the input source for the random pattern?

As a matter of fact, it would seem that key-selection is itself the main existing source of entropy in current enryption systems like PGP. So how 'bout taking some obscure movie or book you saw when you were 5, and digitizing it into numbers, to act as a seed. Not random enuf? Maybe this should not be the mainline secrecy defense, but it could certainly be layered on top of the existing accepted methods of encryption as an enhancement, no? Or am I wrong?

Please enlighten me, as I have no professional knowledge of this field. Just curious, that's all. It's really a systems question -- how is the algorithm going to be used? How many correspondents? How many years of traffic will there be?

How will the program be given to each user? Who is the enemy, and what resources does she have? Strong algorithms are secure against a number of attacks. The strongest algorithms are believed to be secure against this "chosen plaintext" attack. The assumption that the enemy knows the algorithm has a great deal of historical precedent: the algorithms used by the Japanese Purple machine, for example, and the German Enigma were both thought by their users to be hidden from the enemy.

Many kinds of leaks or errors can cause an algorithm to be divulged, and then the only security left is the changing message key.

A pocket full of positrons, But he certainly took us by surprise! Uses the first word in the seed string converted to a number as the seed. I hope this is more clear than mud! The weakest link is the passphrase you come up with.

This touches on one of my little annoyances with how we train the less technical to write passwords or in this case passphrases. We teach people to make their passwords difficult for humans to remember, but easy for machines to crack instead of easy for humans to remember and difficult for machines to crack.

This XKCD post sums it up well. This is very true and that is why most of the giants in the computing world get hacked so easy, the staff members use really easy passwords. After having dumped hashes upon hashes I will say, I have seen some really really bad passwords.

I would even say more often then not actually. Whats the difference between Hashing and Encrypting? Same goal, different techniques? I guess Im saying, is there a such thing as uncrackable?

A hash is a plain-text value that has been encrypted. Hashes are usually a one-way cryptographic function used to store values in a cipher-text form. When you root a box and look at the passwords, they are stored as hashes for security. In that sense you could look at them as the same in format but slightly different in function. When you encrypt something using GPG you are using an asymmetric cipher requiring two keys.

The real gritty details are beyond the scope of a comment but I encourage you to post this in the forum! Nothing is "uncrackable", per se. In everything lies a hidden flaw to be exploited, though I suspect you would have to be a graduate math student if you ever hope to discover this "flaw". However, as Allen states: brute forcing e.

Other methods, such as keyloggers, extortion and other not so pretty methods could potentially be used to decrypt a file or something?

On the money in fact. Social engineering can be used, and your private key can be brute forced if someone manages to get their hands on it, as it's only protected by your passphrase. And like you said, every few years new flaws are found in the current algorithms. MD5 was cutting edge when it first came out and now it is not considered secure. It is unbreakable in the sense that it would require more computing power then is reasonably accessible to break it. I got it. Man, thats quite something.

It makes me want to learn the process of creating my own method of encryption, piggybacking on what I know already and what already exists, attempting to make something that only God's computer can break. I know it's difficult hold on ms. I'm excited. Learn more about how CipherShed works and the project behind it. DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition.

The fact of openness goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data. Well written, it was nice to read! I have been using Disk Cryptor for about a year and it operated for me quite well but suddenly this app started performing irregularly.

So a month ago I moved to a free version of Nord Locker it is a newbie in the market. Your email address will not be published. Koen [ Reply ]. Jams [ Reply ].