Okay, so ShadowCrypto is dead now, in the same grave as the RICE# series. And no more custom encryption by me.
dankrause brought up a good point: I don't have nearly enough entropy in the keys to encrypt data securely. I'm sorry, but that's a fact that's real, and that no one has control of except actual cryptographers. So I'm done with custom cryptography, and sticking with projects I can actually do without causing major harm to other's security.
So ShadowCrypto should be removed from chat soon (once Random gets around to it) and the download page for ShadowCrypto will be deleted soon. This thread can be closed.
ShadowCrypto is here!
Root / Talk About Programs / [.]
MasterR3C0RDCreated:
could you post the SB code here?Why? It's on the SB server. Check the program page for the key.
Have you heard of the first rule of crypto?
Have you heard of the first rule of crypto?Yes, but if nobody breaks it, there won't be any different kinds of encryption. By the way, it's "Don't roll out your own crypto".
I believe ShadowCrypto has some extremely obvious security issues. I also believe that I can decrypt any message encrypted by ShadowCrypto without the password with little effort. I'll be happy to demonstrate for anyone interested. Just post an encrypted message.Here. Enjoy.
BCF498CFDE95D0DEC78DDBC1CE85D7CED4F8EDB9E8F6E5E4F1A3AFC3FEF6F3A1EF988BD99690D795969E9B9B849CC7988CA8FFBFB4A7B2A7B6BFE3E9AAABA3E1BA524A194C5A5916470D47485D4007554C3D687669676E31726F607C7F25666F7A091710151257101D140206190049E9EDIT 1: Sorry, forgot the encrypted stuff EDIT 2: Put the stuff in a nicer container.
... Alright, what did I do to fuck it up? REFER TO THE NEXT PARTI've got the power scrub. Just let me destroy you forever, and you won't have to worry about anything anymore.
Also, can you recover passwords?
EDIT: PM me the flaws and possible solutions please. Bad idea to post it here.
It's brute-forcable. Your math has the side effect of reducing total effective entropy in the key to around 8 bits. One out of every set of 200ish random strings are equivalent for the purposes of decryption. I can't recover the key you used, because it's the same as an infinite number of other keys. I can give you an arbitrary number of keys that work just like yours though.
What you did wrong: you ignored the first rule of cryptography, which is actually "Leave cryptography to the experts." Note that the second rule is "You are not an expert."
It's brute-forcable. Your math has the side effect of reducing total effective entropy in the key to around 8 bits. One out of every set of 200ish random strings are equivalent for the purposes of decryption. I can't recover the key you used, because it's the same as an infinite number of other keys. I can give you an arbitrary number of keys that work just like yours though. What you did wrong: you ignored the first rule of cryptography, which is actually "Leave cryptography to the experts." Note that the second rule is "You are not an expert."So what, I should increase the entropy by increasing the value 256 in the program to something like 7FFFFFFF? That would make the entropy more like 32 bits, correct?
So I don't ultimately want to discourage anyone from attempting to write cryptographic functions. I definitely DO want to discourage them from ever actually USING them for anything. Novel cryptographic algorithms are vetted and discussed in a community of experts, who apply years of experience testing and improving them before ever using them anywhere. They had to start somewhere, however. Keep writing code.
No. There are cryptography experts. You are not one. If you were, you would understand why it's a bad idea to make your own cryptography algorithm and also understand why the existing ones work. If you are trying to make your own crypto, you are not an expert.
Please read what people actually say instead of making unclever assumptions.
No. There are cryptography experts. You are not one. If you were, you would understand why it's a bad idea to make your own cryptography algorithm and also understand why the existing ones work. If you are trying to make your own crypto, you are not an expert. Please read what people actually say instead of making unclever assumptions.._. Ok, lumage
Does that mean no one can make cryptography? Or was that just an insult toward CX lelNeither - if you're developing your own crypto today, you're either on the very bleeding edge of mathematics and computer science, or you're building a toy. Not trying to insult anyone, but don't use that toy to actually try to keep something secret.
Makes reasonable sense, no argument from meDoes that mean no one can make cryptography? Or was that just an insult toward CX lelNeither - if you're developing your own crypto today, you're either on the very bleeding edge of mathematics and computer science, or you're building a toy. Not trying to insult anyone, but don't use that toy to actually try to keep something secret.
Okay, so if anyone feels like they want to crack some encryption, here's my latest method:
https://www.khanacademy.org/computer-programming/pincrypt/5009310891
If anyone can crack what this says, kudos to you. You also have to figure out the PIN (they're all unique, believe me. I had a computer running for a while to check). I'll give one hint: The first character is "H".
0000064864000006484A0000064857000006480300000648 08000006485200000648590000064850000006481A000006 4805000006484F000006485C000006485300000648150000 06480200000648A4000006485300000648AA000006486C00 0006481F000006484100000648A800000648A70000064812 00000648A600000648520000064816000006485000000648 1000000648A300000648A100000648BF00000648B8000006 48AA00000648BC000006486F00000648BB00000648A40000 0648B400000648B000000648A6000006487B000006486600 0006484300000648B900000648BD00000648620000064884 00000648B3000006488A000006487E00000648B200000648 8E00000648880000064881000006487B0000064880000006 488D00000648B70000064883000006485700000648710000 0648BB00000648820000064899000006484D000006489900 00064887000006489F0000064896000006489E0000064887 000006485800000648450000064880000006489C00000648 83000006488200000648EF00000648EE0000064899000006 485D00000648E700000648EE00000648E500000648500000 0648E4000006489000000648540000064896000006485600 000648E2000006489300000648E300000648FF00000648ED 000006481F