How can I obfuscate an Int64 so that it's not obvious to know the original value? I m not looking for something terrible, some a simple obfuscation method.
Xor it with a static value. Xor again with the same static value to get the original value.
Why do you want to obfuscate it? What are you obfuscating against?
For example, if you're trying to protect a single 64-bit integer from static analysis, the xor approach will protect it somewhat. If you're looking for protection from dynamic analysis, you'll need a more complicated solution that provides anti-debugging and anti-tamper protections.
Why is this constant worth protecting? What are the programmatic constraints on this, e.g. how frequently does this value need to be revealed, just once?
Encryption with a real encryption algorithm will go further than xoring with another value and isn't actually very hard. You might use AES/CBC/PKCS5Padding (AES is a current standard algorithm, CBC is for chaining blocks (this doesn't matter with only 8 bytes of data), and PKCS5Padding is padding to allow less than the block size). There are examples all over the internet, including SO (Rijndael is AES).
Related
I am curious about developing my own Simple Hashing mechanism.
I would like to know some math functions that are irreversible.
I know that raised to function and modulus are some functions that are irreversible in the sense that the reverse procedure gives two answers.
e.g.:- square root(4) = 2 or -2
I need a function that is not reversible because, even if anyone cracked my cipher, they should not be able to produce a decrypter, that can easily decrypt the passwords in my hashing.
Using this functions I can make my hashing more secure.
It would be helpful if someone could give more such functions with explanations.
Squaring in R is irreversible in the sense that it loses information. But that's not at all what hash functions are about.
Cryptographic hash functions have two main properties:
It's hard to find two inputs with the same output, called a collision
It's hard to find an input matching a given output, called a pre-image
Squaring on R has neither of these properties:
Finding a collision is trivial. Given x just calculate -x, both of which square to x*x.
Finding a pre-image is easy. Calculate the square-root. There are efficient algorithms for this. (Ignoring the problem that you can't output the infinite sequence of digits if the result is irrational)
Unfortunately there are no "simple" functions with these properties.
Related questions:
Why are hash functions one way? If I know the algorithm, why can't I calculate the input from it?
Modulo is irreversible. Absolute value is irreversible. Rounding is irreversible.
Power of 0.
Imaginary numbers are good as a computer can only pass the equation if it already knows what to do with it.
Rounding numbers.
Salting "functions" should be reversible. The point of a salt is just to add extra (hard to guess) data to the value you want to hash. This way, attackers have a much harder time reverse engineering hashes with their own guesses.
One common solution is to just prepend/append the salt to the text you're going to hash.
For example, if your hidden value was "password" and your salt was a random number between 0 and 255, the thing actually stored in your database might be md5(123password), 123. So it doesn't really make sense for the salt operation to be irreversible, as it's already hashed, which is, kind of, irreversible.
Could someone explain a couple of scenarios where the system design can justify the use of an encryption solution, respectively, as 3DES and Blowfish?
I'll add a few, one related to the backwards compatability: if you have a hardware implementation that only does 3DES (many older smartcards) then 3DES could be preferred over AES. Hardware accelerators can be used for both speedups and security (side channel attacks, see below).
3DES implementations may be less vulnerable to side channel attacks (although it certainly is not immune from it). AES is harder to get right - as I've come to understand - because of it's internal design (table accesses). AES better algo, bigger blocksize or key size does not mean much when confronted with a good side channel attack.
3DES has a 8 byte blocksize compared with 16 bytes for AES which can lead to a bit more overhead when using it in block mode encryption. Of course, this one can be mitigated by using a stream mode cipher, and we're only talking about a few bytes for the last block. This is an extremely thin argument for this reason.
I'll be a bit shorter on Blowfish: variable key size and sometimes faster than AES, less likely to be implemented in hardware, but backwards compatibility may be reasons, and the 8 byte blocksize again.
None of the three reasons above is generally enough to choose 3DES or Blowfish over AES of course.
Just one: backward compatibility with existing data or services/API that requires them.
Otherwise keep it simple and just use AES :-)
Note that people often suggest that using older algorithms gets better performance (not a very good tradeoff IMHO) but that's generally not the case (you'll need to test it against the library you use) and AES ends up way faster (at least from 3DES).
what about replacing the key addition subroutine with 3DES so that each block of the four blocks of eight characters get encrypted and including Blowfish F() inside the DES function F() i.e before the 32 bits is returned by the DES F(), I am actually using this idea to create a number generator to try and crack the lottery and to date have won £106.40, would love to upload the code but there is no way to do it here anyway.
I am pondering creating a hash function (like md5 or sha1) using the RSA crypto algorithm. I am wondering if there are any obvious reasons that this algorithm wouldn't work:
Generate RSA public/private keys.
Discard private key, never store it at all.
Begin with a hash with a length of the block size for the RSA encryption.
Encrypt message using public key, one block at a time.
For each encrypted block of the message, accumulate it to the hash using a specified algorithm (probably a combination of +, xor, etc.)
To verify a message has the same hash as a stored hash, use the saved public key and repeat the process.
Is this possible, secure, and practical?
Thanks for any comments.
RSA encryption is not deterministic: if you follow the RSA standard, you will see that some random bytes are injected. Therefore, if you encrypt with RSA the same message twice, chances are that you will not get twice the same output.
Also, your "unspecified step 5" is likely to be weak. For instance, if you define a way to hash a block, and then just XOR the blocks together, then A||B and B||A (for block-sized values A and B) will hash to the same value; that's collision bonanza.
Academically, building hash functions out of number-theoretic structures (i.e. not a raw RSA, but reusing the same kind of mathematical element) has been tried; see this presentation from Lars Knudsen for some details. Similarly, the ECOH hash function was submitted for the SHA-3 competition, using elliptic curves at its core (but it was "broken"). The underlying hope is that hash function security could somehow be linked to the underlying number-theoretic hard problem, thus providing provable security. However, in practice, such hash functions are either slow, weak, or both.
There are already hashes that do essentially this, except perhaps not with the RSA algorithm in particular. They're called cryptographic hashes, and their salient point is that they're cryptographically secure - meaning that the same strength and security-oriented thought that goes into public key cryptographic functions has gone into them as well.
The only difference is, they've been designed from the ground-up as hashes, so they also meet the individual requirements of hash functions, which can be considered as additional strong points that cryptographic functions need not have.
Moreover, there are factors which are completely at odds between the two, for instance, you want hash functions to be as fast as possible without compromising security whereas being slow is oftentimes seen as a feature of cryptographic functions as it limits brute force attacks considerably.
SHA-512 is a great cryptographic hash and probably worthy of your attention. Whirlpool, Tiger, and RipeMD are also excellent choices. You can't go wrong with any of these.
One more thing: if you actually want it to be slow, then you definitely DON'T want a hash function and are going about this completely wrong. If, as I'm assuming, what you want is a very, very secure hash function, then like I said, there are numerous options out there better suited than your example, while being just as or even more cryptographically secure.
BTW, I'm not absolutely convinced that there is no weakness with your mixing algorithm. While the output of each RSA block is intended to already be uniform with high avalanching, etc, etc, etc, I remain concerned that this could pose a problem for chosen plaintext or comparative analysis of similar messages.
Typically, it is best to use an algorithm that is publicly available and has gone through a review process. Even though there might be known weaknesses with such algorithms, that is probably better than the unknown weaknesses in a home-grown algorithm. Note that I'm not saying the proposed algorithm has flaws; it's just that even if a large number of answers are given here saying that it seems good, it doesn't guarantee that it doesn't. Of course, the same thing can be said about algorithms such as MD5, SHA, etc. But at least with those, a large number of people have put them through a rigorous analysis.
Aside from the previous "boilerplate" warnings against designing one's own cryptographic functions, it seems the proposed solution might be somewhat expensive in terms of processing time. RSA encryption on a large document could be prohibitive.
Without thinking too much about it, it seems like that would be cryptographically secure.
However, you'd have to be careful of chosen plaintext attacks, and if your input is large you may run into speed issues (as asymmetric crypto is significantly slower than cryptographic hashes).
So, in short: yes, this seems like it could be possible and secure… But unless there is a really compelling reason, I would use a standard HMAC if you want a keyed hash.
As mentioned above step 4.) is to be done deterministic, i.e. with modulus and public key exponent, only.
If the hash in step 3.) is private, the concept appears secure to me.
Concerning Step 5.): In known CBC mode of kernel algorithms the mix with previous result is done before encryption, Step 4.), might be better for avoiding collusions, e.g. with a lazy hash; XOR is fine.
Will apply this, as available implementations of known hash functions might have backdoors :)
Deterministic Java RSA is here.
EDIT
Also one should mention, that RSA is scalable without any limits. Such hash function can immediately serve as Mask Generation Function.
I am reading about cryptography I was thinking about these properties of AES (that I use):
same message = same ouput
no message length secrecy
possible insecurity if you know the messages (does this actually apply to AES?)
I hear that AES is secure, but what if I want to theoritcaly improve these properties?
I was thinking I could do this:
apply encryption algorithm A
XOR with random data D (making sure the output looks random in case of any cipher)
generate random data that are longer than the original message
use hashing function F to allocate slots in random data (this scrambles the order bytes)
Inputs: Encryption algorith A, Data to XOR with D and a hashing function F
My questions are
does the proposed solution theoreticaly help with my concerns?
is this approach used somewhere?
Possible enhancements to this approach
I could also say that the next position chosen by hashing function will be altered using a checksum of the last decoded byte after the XOR step (that way the message has to be decoded from beginning to end)
If I was to use this to have conversation with someone, the data to XOR with could be the last message from the other person, but thats probably a vulnerability.
I am looking forward to your thoughts!
(This is only theoretical, I am not in need of more secure encryption, just trying to learn from you guys.)
Yeah.
Look. If you want to learn about cryptography, I suggest you read Applied Cryptography. Really, just do it. You will get some nice definitive learnings, and get an understanding of what is appropriate and what is not. It specifically talks about implementation, which is what you are after.
Some rules of thumb:
Don't make up your own scheme. This is almost universally true. There may be exceptions, but it's fair to say that you should only invent your own scheme if you've thoroughly reviewed all existing schemes and have specific quantifiable reasons for them not being good enough.
Model your attacker. Find out what scenarios you are intending to protect against, and structure your system so that it works to mitigate the potential attacks.
Complexity is your enemy. Don't make your system more complex then it needs to be.
Stay up to date. You can find a few mailing lists related to cryptography and (and hashing) join them. From there you will learn interesting implementation details, and be aware of the latest attacks.
As for specifically addressing your question, well, it's confusing. I don't understand your goal, nor do I understand steps 3 and 4. You might like to take a quick look here to gain an understanding of the different ways you can use a given encryption algorithm.
Hope this helps.
You assumptions are incorrect.
same message != same output
The output will not be the same if you encrypt the same message twice.
This is because you are suppsed to use different IVs'.
Message length can be hidden by adding random data to the plaintext.
Attacks have been demonstrated against AES with lesser number of rounds.
Full-round AES has not been compromised in any way.
Other than that I suggest you follow Noon Silks recommendation and read Applied Cryptography.
What's the point of the random data XOR? If it's truly random, how will you ever decrypt it? If you're saying the random data is part of the key, you might as well drop AES and use only the truly random key - as long as it's the same length (or longer than) the data and is never used more than once to encrypt. It's called a one-time pad, the only theoretically unbreakable encryption algorithm I know about.
If the random bits are pseudo-randomly generated, it's highly unlikely that your efforts will yield added security. Consider how many talented mathematicians were involved in designing AES...
EDIT: And I too highly recommend Applied Cryptography, it's an actually very readable and interesting book, not as dry as it may sound.
I realize this question might not be that programming related, and that it by many will sound like a silly question due to the intuitive logical fault of this idéa.
My question is: is it provable impossible to construct a cryptographic scheme (implementable with a turing-complete programming language) where the encrypted data can be decrypted, without exposing a decryption key to the decrypting party?
Of course, I can see the intuitive logical fault to such a scheme, but as so often with formal logic and math, a formal proof have to be constructed before assuming such a statement. Is such a proof present, or can it easely be constructed?
Thank you for advice on this one!
Edit: Thank you all for valuable input to this discussion!
YES!!! This already exists and are called zero knowledge protocols and zero knowledge proofs.
See http://en.wikipedia.org/wiki/Zero-knowledge_proof
However, you have to have a quite a good background in mathematics and crypto to understand the way it works and why it works.
One example of a zero knowledge protocol is Schnorr's ZK protocol
No; but I'm not sure you're asking what you want to be asking.
Obviously any person who is decrypting something (i.e. using a decryption key) must, obviously, have the key, otherwise they aren't decrypting it.
Are you asking about RSA, which has different keys for decrypting and encrypting? Or are you asking about a system where you may get a different (valid) result, based on the key you use?
If by "decrypted" you just mean arrive at the clear text in some way, then it is certainly possible to create such a cryptographic scheme. In fact it already exists:
Take an asymmetric encryption scheme, eg: RSA where you have the public key but not the private key. Now we get a message that's been encrypted with the public key (and therefore needs the private key to decrypt it). We can get the original message by "brute force" (yes, this'll take an enormously long time given a reasonable key/block size) going through all possible candidates and encrypting them ourselves until we get the same encrypted text. Once we get the same encrypted text we know what the decrypted text would be without ever having discovered the private key.
Yes.
Proof: Encryption can be considered as a black box, so you get an input and an output and you have no idea how the black box transforms the input to get the output.
To reverse engineer the black box, you "simply" need to enumerate all possible Turing machines until one of them does produce the same result as the one you seek.
The same applies when you want to reverse the encryption.
Granted, this will take much more time than the universe will probably live, but it's not impossible that the algorithm will find a match before time runs out.
In practice, the question is how to efficiently find the key that will decode the output. This is a much smaller problem (since you already know the algorithm).
It's called encoding.
But everyone with the encoding algorithm can "decrypt" the message. This is the only way of keyless encryption.