Re: famous literature
- From: "imipak" <imipak@xxxxxxxxx>
- Date: 30 Dec 2005 19:55:42 -0800
Hmmm. You're bound to get some, ummm, snide comments on your choice of
algorithm, so I'll skip that part and move on to an alternative for you
to consider. Before I describe the algorithm, I'll give you a brief
into on how it works:
First, most pseudo random number generators allow you to "seed" them
with a given start value. When you do this, the output will always be
the same. Guaranteed. So long as the algorithm isn't trivial to break
and the seed is hard to guess, it's not too bad.
Second, there is an important mathematical function - xor - that has an
interesting property. If you apply it twice, it cancels out. So, if you
do the following:
c := a xor b
d := c xor b
d will always equal a.
By this time, you should have figured out the method I'm going to
suggest as an alternative. At least, some of it. If you were to
generate a pseudo-random stream of numbers as long as the text, then
xor that stream with the text, you will get something that is totally
garbled. It will decrypt to absolutely anything of equal length with
almost equal probability, making it hard to crack. This is an extremely
weak form of "One Time Pad" - weak because it is always possible for
anyone to rebuild the pad you're using if they have the seed value and
the random number algorithm.
Can we improve on this? Sure. Have two more pseudo random number
generators. The first of these will generate run lengths, the second
will generate random seeds. The way this works is simple. You read from
the run length random number generator. This will be the number of
characters you will process in any one go. You then read from the seed
random number generator and that will generate the seed for your
encryption random number generator. The seed is therefore only used for
a single short run of characters.
Oh, it is extremely helpful if the random number generators are all
considered strong and use different algorithms.
How does all this help? Well, in two ways. Firstly, a random number
generator will typically use a 32-bit seed. It's easy to break a 32-bit
key, so that is clearly not strong enough to be worth the effort. By
having two distinct seeds, you effectively have a 64-bit key, which is
still weak but is perhaps worth the effort.
Secondly, our main encryption PRNG is being re-seeded extremely
frequently, so any repetitions or patterns it throws up will be quickly
drowned out.
I first developed this algorithm for fun, when I was 16 at school. That
was 20 years ago, long before I'd learned anything about good
encryption techniques or how the experts approached things. Today, I
think the method is simple enough to demonstrate some of the concepts
of cryptography to kids between the ages of 12-16. (For example, the
re-seeding is essentially what you do with block-mode ciphers when
using a non-trivial chaining algorithm, but would be easier to
understand than some of the papers off the NIST website for that
age-group.)
I would absolutely consider it as infinitely better than any trivial
substitution cipher, because you can't use frequency analysis on
pseudo-randomized strings.
I am not posting this for the purpose of having the method studied by
experts. Rather, I am posting this to give people who do want to write
their own crypto algorithm a place to start that is actually easier to
write than a substitution cipher (no double indirections to worry
about) and does give some lead-ins to "good practices" if you want to
learn more.
(Yeah, it's easier to tell clueless newbies to jump in a lake. Problem
is, they're then still clueless, still newbies but are now dripping
water all over the place.)
.
- References:
- famous literature
- From: qikink
- Re: famous literature
- From: qikink
- famous literature
- Prev by Date: Re: famous literature
- Next by Date: Basic tools of encryption: Transposition and substitution?
- Previous by thread: Re: famous literature
- Next by thread: Password length and bit number of encryption algorithm?
- Index(es):
Relevant Pages
|
Loading
