• Welcome to Valhalla Legends Archive.
 

Chat Encrpytion

Started by o.OV, January 21, 2004, 06:21 PM

Previous topic - Next topic

o.OV

I would like to add Encryption and Decryption capabilities to my bot.

So far I have only been only to cover two areas.

Hex and Base64

Hex isnt even really an encryption but I included it anyways since people like talking in Hex so much.

I have tried looking up documentation for ArdEnc.DLL and X-Base64 but couldn't find any good reference to those two.
I am also interested in ZDS' encryption and I plan on looking into it soon.
If the facts don't fit the theory, change the facts. - Albert Einstein

iago

Try looking them up on www.faqs.org.  Most standards have RFC's of some sort stored there.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Arta

Base64 isn't encryption either.

Creating a simple cypher yourself isn't particularly difficult. The most common way is to use XOR, since that can use the same routine to decrypt as encrypt - beware though, it's trivial to break.


void XORCypher(char *Text, unsigned char Key)
{
  while(*Text)
  {
       Text ^= Key;
       Text++;
   }
}


More simple encryption can be accomplished by using maths that is reversible. In it's simplest form, something like this:

e = p + k;

therefore:

p = e - k;

example:

5 = 2 + 3
2 = 5 - 3

Where e is your encrypted charater, p is your plain character, and k is your key. You can use any of the basic operators (+-*/) in this manner, and can combine them. Without delving into the more complicated maths of DES and RSA (which I don't really understand) this is your best bet. Other than finding some library that implements strong encryption and using that.

FYI, I've used ARDenc in a bot of mine and it works excellently. If you want strong encryption, I think you should try harder to get that working.

ObsidianWolf

What Language are you looking for information on?  I have a encrypt/decrypt function in vb thats pretty simple and its made more secure the longer the key is.  Is this a bot related question?

ObsidianWolf

The VB way

Public Function Crypt(inp, key As String) As String
       Dim Sbox(0 To 255) As Long
       Dim Sbox2(0 To 255) As Long
       Dim j As Long, i As Long, t As Double
       Dim K As Long, temp As Long, Outp As String

               For i = 0 To 255
               Sbox(i) = i
               Next i

                j = 1
               For i = 0 To 255
                   If j > Len(key) Then j = 1
                   Sbox2(i) = Asc(Mid(key, j, 1))
                   j = j + 1
               Next i

                j = 0
                For i = 0 To 255
                   j = (j + Sbox(i) + Sbox2(i)) Mod 256
                   temp = Sbox(i)
                   Sbox(i) = Sbox(j)
                   Sbox(j) = temp
               Next i

                i = 0
                j = 0
               For x = 1 To Len(inp)
                        i = (i + 1) Mod 256
                        j = (j + Sbox(i)) Mod 256
                        temp = Sbox(i)
                       Sbox(i) = Sbox(j)
                       Sbox(j) = temp
                       t = (Sbox(i) + Sbox(j)) Mod 256
                       K = Sbox(t)
                       Outp = Outp + Chr(Asc(Mid(inp, x, 1)) Xor K)
               Next x
               Crypt = Outp
End Function



j0k3r

How secure is that now that you've posted it on a forum for hundreds (if not thousands) of people to see?
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Adron

It looks like some rc-, maybe rc4 or something similar. If it is a valid implementation of that, it should be no less secure because of his posting it.

Grok

Quote from: j0k3r on January 24, 2004, 06:55 AM
How secure is that now that you've posted it on a forum for hundreds (if not thousands) of people to see?

Quotes from "Applied Cryptography" by Bruce Schneier:

Quote"If I take a letter, lock it in a safe, and hide the safe somewhere in New York ... and then tell you to read the letter, that's not security.  That's obscurity.  On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and the world's best safecrackers can study the locking mechanism....and you still can't open the safe and read the letter, that's security."

Quote"One of the fundamental axioms of cryptography is that  the enemy is in full possession of the details of the algorithm and lacks only the specific key used in the encryption.  While this is not always true in real-world cryptanalysis, it is always true in academic cryptanalysis; and it's a good assumption to make in real-world cryptanalysis.  If others can't break an algorithm eevn with knowledge of how it works, then they certainly won't be able to break it without that knowledge.
"Those who claim to have an unbreakable cipher simply because they can't break it area either geniuses are fools.  Unfortunately, there are more of the latter in the world.  Beware of people who extol the virtues of their algorithms, but refuse to make them public; trusting their algorithms is like trusting snake oil."
"On the other hand, a good algorithm can be made public without worry.  You can send it to your adversaries, publish it in a magazine, or shout it from the rooftops.  It doesn't matter; even the designer of the algorithm can't decrypt messages without the key."
"Good cryptographers rely on peer review to separate the good algorithms from the bad."

j0k3r

That came out much like a flame, didn't intend it to. I know nothing about cryptography or how it works(google time), but thanks for explaining the underlying concepts Grok.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

gosumoo

i think that doing base64 on a bot is useless because people have to add something in front of it such as æ <-- what most people use and it defeats the purpose of the actual encryption...

Arta

Base64 is NOT encryption.

MrRaza

Quote from: Arta[vL] on January 29, 2004, 07:19 AM
Base64 is NOT encryption.

I enjoyed how you said that, without giving any explanation on what it is. Maybe you'd better edit it or reply... hmmm

iago

Quote from: Arta[vL] on January 29, 2004, 07:19 AM
Base64 is NOT encryption.

Technically, it is.  It's just not good or useful encryption!
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Kp

Quote from: iago on January 29, 2004, 12:46 PMTechnically, it is.  It's just not good or useful encryption!

From the definition of encryption as I understand it, base64 is not encryption - it's an encoding.  Yoni covered this in more detail in another thread.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Grok

Technically it is NOT encryption.

As I pointed out earlier, something is securely encrypted if you can give away the algorithm, and the encrypted message, and nobody can recover the plaintext.