LoginLogin
Nintendo shutting down 3DS + Wii U online services, see our post

ShadowCrypto is here!

Root / Talk About Programs / [.]

MasterR3C0RDCreated:
Okay, so ShadowCrypto is dead now, in the same grave as the RICE# series. And no more custom encryption by me. dankrause brought up a good point: I don't have nearly enough entropy in the keys to encrypt data securely. I'm sorry, but that's a fact that's real, and that no one has control of except actual cryptographers. So I'm done with custom cryptography, and sticking with projects I can actually do without causing major harm to other's security. So ShadowCrypto should be removed from chat soon (once Random gets around to it) and the download page for ShadowCrypto will be deleted soon. This thread can be closed.

could you post the SB code here?

could you post the SB code here?
Why? It's on the SB server. Check the program page for the key.

Have you heard of the first rule of crypto?

Have you heard of the first rule of crypto?
Yes, but if nobody breaks it, there won't be any different kinds of encryption. By the way, it's "Don't roll out your own crypto".

I believe ShadowCrypto has some extremely obvious security issues. I also believe that I can decrypt any message encrypted by ShadowCrypto without the password with little effort. I'll be happy to demonstrate for anyone interested. Just post an encrypted message.

I believe ShadowCrypto has some extremely obvious security issues. I also believe that I can decrypt any message encrypted by ShadowCrypto without the password with little effort. I'll be happy to demonstrate for anyone interested. Just post an encrypted message.
Here. Enjoy.
BCF498CFDE95D0DEC78DDBC1CE85D7CED4F8EDB9E8F6E5E4F1A3AFC3FEF6F3A1EF988BD99690D795969E9B9B849CC7988CA8FFBFB4A7B2A7B6BFE3E9AAABA3E1BA524A194C5A5916470D47485D4007554C3D687669676E31726F607C7F25666F7A091710151257101D140206190049E9
EDIT 1: Sorry, forgot the encrypted stuff EDIT 2: Put the stuff in a nicer container.

I've got the power scrub. Just let me destroy you forever, and you won't have to worry about anything anymore.

I've got the power scrub. Just let me destroy you forever, and you won't have to worry about anything anymore.
... Alright, what did I do to fuck it up? REFER TO THE NEXT PART

Also, can you recover passwords? EDIT: PM me the flaws and possible solutions please. Bad idea to post it here.

It's brute-forcable. Your math has the side effect of reducing total effective entropy in the key to around 8 bits. One out of every set of 200ish random strings are equivalent for the purposes of decryption. I can't recover the key you used, because it's the same as an infinite number of other keys. I can give you an arbitrary number of keys that work just like yours though. What you did wrong: you ignored the first rule of cryptography, which is actually "Leave cryptography to the experts." Note that the second rule is "You are not an expert."

It's brute-forcable. Your math has the side effect of reducing total effective entropy in the key to around 8 bits. One out of every set of 200ish random strings are equivalent for the purposes of decryption. I can't recover the key you used, because it's the same as an infinite number of other keys. I can give you an arbitrary number of keys that work just like yours though. What you did wrong: you ignored the first rule of cryptography, which is actually "Leave cryptography to the experts." Note that the second rule is "You are not an expert."
So what, I should increase the entropy by increasing the value 256 in the program to something like 7FFFFFFF? That would make the entropy more like 32 bits, correct?

I'm also not a cryptography expert, so I couldn't give you a good fix that would guarantee using all of the available entropy in your key. Your modulus 256 is not the cause of your problems, however.

So I don't ultimately want to discourage anyone from attempting to write cryptographic functions. I definitely DO want to discourage them from ever actually USING them for anything. Novel cryptographic algorithms are vetted and discussed in a community of experts, who apply years of experience testing and improving them before ever using them anywhere. They had to start somewhere, however. Keep writing code.

No one's an expert?
Note that the second rule is "You are not an expert."
Does that mean no one can make cryptography? Or was that just an insult toward CX lel

No. There are cryptography experts. You are not one. If you were, you would understand why it's a bad idea to make your own cryptography algorithm and also understand why the existing ones work. If you are trying to make your own crypto, you are not an expert. Please read what people actually say instead of making unclever assumptions.

No. There are cryptography experts. You are not one. If you were, you would understand why it's a bad idea to make your own cryptography algorithm and also understand why the existing ones work. If you are trying to make your own crypto, you are not an expert. Please read what people actually say instead of making unclever assumptions.
._. Ok, lumage

Does that mean no one can make cryptography? Or was that just an insult toward CX lel
Neither - if you're developing your own crypto today, you're either on the very bleeding edge of mathematics and computer science, or you're building a toy. Not trying to insult anyone, but don't use that toy to actually try to keep something secret.

Does that mean no one can make cryptography? Or was that just an insult toward CX lel
Neither - if you're developing your own crypto today, you're either on the very bleeding edge of mathematics and computer science, or you're building a toy. Not trying to insult anyone, but don't use that toy to actually try to keep something secret.
Makes reasonable sense, no argument from me

Okay, so if anyone feels like they want to crack some encryption, here's my latest method: https://www.khanacademy.org/computer-programming/pincrypt/5009310891 If anyone can crack what this says, kudos to you. You also have to figure out the PIN (they're all unique, believe me. I had a computer running for a while to check). I'll give one hint: The first character is "H".
0000064864000006484A0000064857000006480300000648
08000006485200000648590000064850000006481A000006
4805000006484F000006485C000006485300000648150000
06480200000648A4000006485300000648AA000006486C00
0006481F000006484100000648A800000648A70000064812
00000648A600000648520000064816000006485000000648
1000000648A300000648A100000648BF00000648B8000006
48AA00000648BC000006486F00000648BB00000648A40000
0648B400000648B000000648A6000006487B000006486600
0006484300000648B900000648BD00000648620000064884
00000648B3000006488A000006487E00000648B200000648
8E00000648880000064881000006487B0000064880000006
488D00000648B70000064883000006485700000648710000
0648BB00000648820000064899000006484D000006489900
00064887000006489F0000064896000006489E0000064887
000006485800000648450000064880000006489C00000648
83000006488200000648EF00000648EE0000064899000006
485D00000648E700000648EE00000648E500000648500000
0648E4000006489000000648540000064896000006485600
000648E2000006489300000648E300000648FF00000648ED
000006481F