• Welcome to Valhalla Legends Archive.
 

Chat Encrpytion

Started by o.OV, January 21, 2004, 06:21 PM

Previous topic - Next topic

iago

Quote from: Grok on January 29, 2004, 03:21 PM
Technically it is NOT encryption.

As I pointed out earlier, something is securely encrypted if you can give away the algorithm, and the encrypted message, and nobody can recover the plaintext.
I didn't say securely encrypted.  But I agree with you and kp - I don't know the difference between encryption and encoding, but I guess this is exactly it :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Arta

#16
Quote from: MrRaza on January 29, 2004, 12:07 PM
Quote from: Arta[vL] on January 29, 2004, 07:19 AM
Base64 is NOT encryption.

I enjoyed how you said that, without giving any explanation on what it is. Maybe you'd better edit it or reply... hmmm

Base64 is an encoding algorithm used to encode data for transmission in printable format. It is used where non-printable characters could cause problems, the most obvious example being email attachments. Its purpose was never to obfuscate data.

ObsidianWolf

Any that wish to further argue that Base64 is Encryption should become more aquinted with Google.

http://www.robertgraham.com/tools/base64coder.html

A method of encoding binary data within text. If you'll remember, binary data is a full 8-bits per byte, whereas text uses a little more than 6 bits per byte. A 6-bit number has 64 combinations, hence the term "BASE64".

The way it works is that every three 8-bit bytes are stored in four 6-bit characters, where the characters are in the range [A-Z][a-z][0-9][+/]. (Count 'em up; that's 64 total characters). Since this doesn't exactly line up, pad characters of [=] are used at the very end.


iago

Quote from: ObsidianWolf on January 30, 2004, 06:43 PM
Any that wish to further argue that Base64 is Encryption should become more aquinted with Google.

http://www.robertgraham.com/tools/base64coder.html

A method of encoding binary data within text. If you'll remember, binary data is a full 8-bits per byte, whereas text uses a little more than 6 bits per byte. A 6-bit number has 64 combinations, hence the term "BASE64".

The way it works is that every three 8-bit bytes are stored in four 6-bit characters, where the characters are in the range [A-Z][a-z][0-9][+/]. (Count 'em up; that's 64 total characters). Since this doesn't exactly line up, pad characters of [=] are used at the very end.

....... I don't see what that has to do with anything about it being encryption/encoding/etc?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Tuberload

I see it as an argument to why BASE64 is not encryption...
Quote"Pray not for lighter burdens, but for stronger backs." -- Teddy Roosevelt
"Your forefathers have given you freedom, so good luck, see you around, hope you make it" -- Unknown

Adron

It's bad encryption or ok encoding...

Adding 1 to every character is encryption, bad encryption.

Base64 wasn't designed to be good encryption.

o.OV

#21
Eh.. I forgot all about this thread..
You are right.
It is an encoding for data transport through the TCP layer..
Bad wording on my part.

I did manage to develop my own um.. Encryption/Encoding
(I'm not really sure which word to use..)
the same night I posted this thread.
(It doesn't meet the standards as stated in the quote Grok made.)

It is seeded by a random number..
and was made so it can be Decrypted/Decoded by the reciever with no key.
If the person had knowledge of the algorithm I used..
then they could decypt it as well.
I just wanted to see if I could make one.
It took a while for me to iron out a few equations..
but I managed.
If the facts don't fit the theory, change the facts. - Albert Einstein

Adron

Base64 isn't for transport through TCP, TCP can handle 8-bit data just fine. It's for transport over channels that don't accept all data such as e-mail, forums, that kind of thing.

iago

Let me guess, it adds the random number, mod255, to the character, then puts the random number at either the beginning or end of the character stream?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Yoni

Quote from: Kp on January 29, 2004, 02:02 PM
From the definition of encryption as I understand it, base64 is not encryption - it's an encoding.  Yoni covered this in more detail in another thread.
Hmm, I didn't remember that, but I searched the forum and you're right. :)

Quote from: Yoni on December 25, 2003, 05:41 PM
Hash(Base64 of password) and Hash(Plaintext password) are equally secure. If all you're going to do is calculate a hash, encoding as base64 is unnecessary. See also St0rm's post.

Base64 by itself offers zero security. Its purpose is not security. Its purpose is to encode any data to a form that contains only printable characters, with an overhead of only 33% (as opposed to, for example, an overhead of 100% with encoding as Hex).

And to prevent this post from being useless I will comment on the new posts in this thread as well.

If your encryption is similar to what iago stated (which sounds correct by your post), then you have an encoding algorithm where the encryption is random (using a key), but the decryption is constant (since the key is inside the message).
In Grok's analogy, that's like putting the letter inside the safe, locking the safe, and leaving the key in the keyhole. The security is once again through obscurity, which isn't security.

If you want to turn it into "real" encryption (maybe bad encryption, but still real), all you have to do is modify it so that the key isn't included in the encrypted message.

iago

It's not quite like leaving the key in the lock.  It's more like locking a letter in a room and putting the key under the welcome mat.  It's not glaring at you, but with a little searching it would be fairly easy to find.

Make the client automatically BF the key, there's a 1/255 of getting it right :)

Or use progressive encryption, change the key each time in a random way that only your clients know.  You still have to find a way to hide it, though :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Banana fanna fo fanna

Whisper the key to everyone?

Grok

While we are giving analogies, I see "Encoding" as more like pulling the door shut until it latches.  Anyone who knows how to turn the doorknob can unlatch it and walk in.

iago

Quote from: Grok on March 07, 2004, 12:38 PM
While we are giving analogies, I see "Encoding" as more like pulling the door shut until it latches.  Anyone who knows how to turn the doorknob can unlatch it and walk in.

It's more like that box with the triangle, circle, and square on the top and the blocks that match the shapes.  It takes some level as skill, but anybody with even a little experience could recognize and defeat it.

Incidentally, I saw a kid actually have trouble with one of those, which amazed me.  I wonder if I ever tried to jam the square through the triangle then give up?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


muert0

Didn't DM have an encrypted chat on his bot? Was a while back though...
And my daughter kicks ass at those boxes. Got her one with 6 sides, the sides to put the blocks in are all different colors ..oh well
To lazy for slackware.