[Typo3-dev] OT: Encryption

Georges Reti typo3 at isfates.com
Mon Apr 5 18:20:17 CEST 2004 

Hi,

This encryption scheme is good if you use the key (here the Bible) only one time (aka. one time key).

If you always use the same key, you can do a "frequency count" attack (in most european languages, the letter e is the more frequent... etc) on every 1st, 2nd 3rd... letter and guess what the key for the 1st, 2nd, 3rd... letter was. (and if the key is clear text, like the Holy Bible, you can even guess the whole key)

This encryption scheme has the same weaknesses as Vigenere's encrytion (see http://www.math.cornell.edu/~mec/modules/cryptography/polyalpha/polyalpha.html)

Now I wouldn't say it's easy to crack, but if someone wants to, it is possible.

To make the thing harder, some algorythms like DES (but there are many more, I don't know TEA, but why not ;) ) aren't so easy to crack. The disadvantage would be that it takes longer to crypt.

--
Georges


>Hi Folks.
>
>Here is a challenge to you:
>
>	function roundTripCryptString($string)	{
>		$out = '';
>		$strLen = strlen($string);
>		$cryptLen = strlen($this->TYPO3_CONF_VARS['SYS']['encryptionKey']);
>
>		for ($a=0; $a < $strLen; $a++)	{
>			$xorVal = $cryptLen>0 ?
>ord($this->TYPO3_CONF_VARS['SYS']['encryptionKey']{($a%$cryptLen)}) :
>255;
>			$out.= chr(ord($string{$a}) ^ $xorVal);
>		}
>
>		return $out;
>	}
>
>This function "encrypts" the input string by traversing it for each
>character, XOR the character byte value with a byte value from a
>corresponding position in $this->TYPO3_CONF_VARS['SYS']['encryptionKey']
>
>If you feed the function with the output string again the same process
>runs and the string is decoded again.
>
>
>
>
>Question: If you do NOT know the value of 
>$this->TYPO3_CONF_VARS['SYS']['encryptionKey'] how can you decrypt the
>scrambled output? Of course if
>$this->TYPO3_CONF_VARS['SYS']['encryptionKey'] is short enough it could
>be guessed but imagine you take the bible as the encryption key string
>then you would have to use the exact character sequence of the whole
>bible to decode the string again.
>
>
>
>I basically know nothing about encryption (which is why I humbly ask the
>list to educate me) but this method seems to be quite powerful to me; as
>long as the sender and received uses the same character sequence to
>encode/decode the string and that sequence is long enough, it must be
>next to impossible to decode the string, or...?
>
>
>(The function roundTripCryptString() is new in TYPO3 tslib_fe class and
>is used to encrypt the email address in mail forms so spammers does not
>get a hold of it)
>
>-- 
>Best regards
>
>- kasper
>
>--------------------
>It's not a bug, it's a missing feature.
>
>
>_______________________________________________
>Typo3-dev mailing list
>Typo3-dev at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>

More information about the TYPO3-dev mailing list