How can I improve my text encryption scheme to make it more secure?

  • Thread starter Thread starter Jamin2112
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around improving a reversible text encryption scheme. Participants explore various aspects of its design, usability, and security implications, including potential applications and existing standards in cryptography.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant suggests creating a downloadable application or a web-based tool for encryption and decryption, questioning the practicality of these approaches.
  • Another participant raises concerns about the security of the proposed methods, emphasizing that the encryption scheme should not allow the developer or any third party to access the decryption tool.
  • Some participants recommend researching existing encryption standards, such as PGP, and developing a more secure alternative.
  • There is a discussion about the potential for timing attacks and the importance of not "rolling your own crypto," highlighting the risks of custom cryptographic implementations.

Areas of Agreement / Disagreement

Participants express differing views on the security of the proposed encryption scheme and the implications of its design. There is no consensus on the best approach to take or the adequacy of the current scheme.

Contextual Notes

Participants note potential vulnerabilities in the proposed encryption method, including the risk of unauthorized access to the decryption tool and the implications of timing attacks. These concerns highlight the need for careful consideration of security practices in cryptographic design.

Jamin2112
Messages
973
Reaction score
12
I came up with a reversible text encryption scheme and I'm trying to figure out how to make it useful. How do you suggest I do that? Should I make an application that people download onto their machine and use to open emails? For starters, should I just make a (secret) website that has an input cell where a user can paste text and click "Encrypt" or "Decrypt"? That's what I'm doing at the moment.
 
Technology news on Phys.org
There are lots of things wrong with that. A person who sends encrypted emails isn't going to want you to be able to read them. They're not going to want anyone who has intercepted a message to be able to read it.
 
Fredrik said:
There are lots of things wrong with that. A person who sends encrypted emails isn't going to want you to be able to read them. They're not going to want anyone who has intercepted a message to be able to read it.

That's why the idea here is that only the 2 people in correspondence have access to the decrypting tool.
 
Do some research into what already exists (e.g. PGP) and then invent a better mousetrap, if you can.
 
Jamin2112 said:
That's why the idea here is that only the 2 people in correspondence have access to the decrypting tool.
It sounds like at least 3 people will have access to it. The third is the website administrator, i.e. you. Actually it sounds like everyone who will be using your encryption software will have access to it. Suppose that many people are using the system, and that A wants to send a message to B that only B can read, even if E intercepts it somehow. How does she do that? By your description, it sounds like E will have access to the decryption tool, even if she has so far only been using the system to send secret messages to F.
 
Last edited:
Fredrik said:
It sounds like at least 3 people will have access to it. The third is the website administrator, i.e. you. Actually it sounds like everyone who will be using your encryption software will have access to it. Suppose that many people are using the system, and that A wants to send a message to B that only B can read, even if E intercepts it somehow. How does she do that? By your description, it sounds like E will have access to the decryption tool, even if she has so far only been using the system to send secret messages to F.

Anyways ...

Open this in your browser to try my encoder and decoder.

Code: 
<html>

<head>
	<title>Simple encrypt/decrypt</title>
	
	<style type="text/css">

		body 
		{
			background-color: #A9F5F2;
			width: 900px;
			padding: 0px;
		}
		.outerdiv
		{
			margin: 5px;
			border: 2px solid #FF8000;
			background-color: #FFFFFF;
		}
		.outerdiv > p
		{
			margin: 5px;
			word-wrap:break-word
		}
		.outerdiv > h1
		{
			margin: 5px;
		}
		#col1
		{
			width: 500x;
			height: 800px;
			float: left;
		}
		#col2
		{
			width: 295px;
			height: 1500px;
			float: right;
			font-family: Courier New;
			overflow: hidden;
		}
		#title1div
		{
			font-family: Arial;
			width: 100%;
		}
		#insctdiv
		{
			font-family: Arial;
			width: 100%;
		}
		#iptdiv
		{
			height: 400px;
			width: 100%;
		}
		#buttonsdiv
		{
			text-align: center;
			width: 100%;
		}
		#inputText
		{
			width: 100%;
			height: 100%;
			resize: none;
		}
	
	</style>
	
		
	<script type="text/javascript">
		
		function encrypt()
		{
			var text = document.getElementById("inputText").value;
			newstring = "";
			/* Make newstring a string of the bit representations of 
			   the ASCII values of its thisCharacters in order.
			*/
			for (var i = 0, j = text.length; i < j; i++) 
			{ 
				bits = text.charCodeAt(i).toString(2);
				newstring += new Array(8-bits.length+1).join('0') + bits;
			}
			/* Compress newstring by taking each substring of 3, 4, ..., 9 
			   consecutive 1's or 0's and it by the number of such consecutive
			   thisCharacters followed by the thisCharacter. 
			   EXAMPLES:
					"10101000010111" --> "10101401031"
					"001100011111111111111" --> "0011319151"
			*/
			newstring = newstring.replace(/([01])\1{2,8}/g, function($0, $1) { return ($0.length + $1);});		
			document.getElementById("inputText").value = newstring;
		}
		
		function decrypt()
		{
			var text = document.getElementById("inputText").value;
			text.trim();
			text = text.replace(/([2-9])([01])/g, function (all, replacementCount, bit)
			{
				return Array(+replacementCount + 1).join(bit);
			}).split(/(.{8})/g).reduce(function (str, byte) 
			{
				return str + String.fromCharCode(parseInt(byte, 2));
			}, "");
			document.getElementById("inputText").value = text;
		}
		
		
		function changeMatrixText()
		{
			var newtext = "";
			for (var i = 0; i < 2530; i++)
				newtext += Math.floor((Math.random()*10)+1) % 2 ? "0" : "1";
			document.getElementById("matrixText").innerHTML = newtext;
		}
		
	</script>

</head>

<body>
	<div id="col1">
		<div class="outerdiv" id="title1div">
			<h1>Reversible text encryption algorithm</h1>
		</div>
		<div class="outerdiv" id="insctdiv">
			<p>Type in or paste text below, then click <b>Encrypt</b> or <b>Decrypt</b></p>
		</div>
		<div class="outerdiv" id="iptdiv">
			<textarea id="inputText" scrolling="yes"></textarea>
		</div>
		<div class="outerdiv" id="buttonsdiv">
			<button onclick="encrypt()"><b>Encrypt</b></button>
			<button onclick="decrypt()"><b>Decrypt</b></button>
		</div>
	</div>
	<div class="outerdiv" id="col2">
		<p id="matrixText"></p>
	</div>
	<script type="text/javascript">
		setInterval(changeMatrixText, 200);
	</script>
</body>

</html>
 
Jamin2112 said:
I came up with a reversible text encryption scheme and I'm trying to figure out how to make it useful. How do you suggest I do that?

Don't roll your own crypto.

When sorcery like this starts flying around most people should realize they are in way over their head and use a standard library.

http://en.wikipedia.org/wiki/Timing_attack

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.

So you might think, OK I'll just add a random delay. But, if you can miss something as wacky as this, what else are you missing?
 
Jamin2112 said:
Anyways ...

Open this in your browser to try my encoder and decoder.

Code: 
<html>

<head>
	<title>Simple encrypt/decrypt</title>
	
	<style type="text/css">

		body 
		{
			background-color: #A9F5F2;
			width: 900px;
			padding: 0px;
		}
		.outerdiv
		{
			margin: 5px;
			border: 2px solid #FF8000;
			background-color: #FFFFFF;
		}
		.outerdiv > p
		{
			margin: 5px;
			word-wrap:break-word
		}
		.outerdiv > h1
		{
			margin: 5px;
		}
		#col1
		{
			width: 500x;
			height: 800px;
			float: left;
		}
		#col2
		{
			width: 295px;
			height: 1500px;
			float: right;
			font-family: Courier New;
			overflow: hidden;
		}
		#title1div
		{
			font-family: Arial;
			width: 100%;
		}
		#insctdiv
		{
			font-family: Arial;
			width: 100%;
		}
		#iptdiv
		{
			height: 400px;
			width: 100%;
		}
		#buttonsdiv
		{
			text-align: center;
			width: 100%;
		}
		#inputText
		{
			width: 100%;
			height: 100%;
			resize: none;
		}
	
	</style>
	
		
	<script type="text/javascript">
		
		function encrypt()
		{
			var text = document.getElementById("inputText").value;
			newstring = "";
			/* Make newstring a string of the bit representations of 
			   the ASCII values of its thisCharacters in order.
			*/
			for (var i = 0, j = text.length; i < j; i++) 
			{ 
				bits = text.charCodeAt(i).toString(2);
				newstring += new Array(8-bits.length+1).join('0') + bits;
			}
			/* Compress newstring by taking each substring of 3, 4, ..., 9 
			   consecutive 1's or 0's and it by the number of such consecutive
			   thisCharacters followed by the thisCharacter. 
			   EXAMPLES:
					"10101000010111" --> "10101401031"
					"001100011111111111111" --> "0011319151"
			*/
			newstring = newstring.replace(/([01])\1{2,8}/g, function($0, $1) { return ($0.length + $1);});		
			document.getElementById("inputText").value = newstring;
		}
		
		function decrypt()
		{
			var text = document.getElementById("inputText").value;
			text.trim();
			text = text.replace(/([2-9])([01])/g, function (all, replacementCount, bit)
			{
				return Array(+replacementCount + 1).join(bit);
			}).split(/(.{8})/g).reduce(function (str, byte) 
			{
				return str + String.fromCharCode(parseInt(byte, 2));
			}, "");
			document.getElementById("inputText").value = text;
		}
		
		
		function changeMatrixText()
		{
			var newtext = "";
			for (var i = 0; i < 2530; i++)
				newtext += Math.floor((Math.random()*10)+1) % 2 ? "0" : "1";
			document.getElementById("matrixText").innerHTML = newtext;
		}
		
	</script>

</head>

<body>
	<div id="col1">
		<div class="outerdiv" id="title1div">
			<h1>Reversible text encryption algorithm</h1>
		</div>
		<div class="outerdiv" id="insctdiv">
			<p>Type in or paste text below, then click <b>Encrypt</b> or <b>Decrypt</b></p>
		</div>
		<div class="outerdiv" id="iptdiv">
			<textarea id="inputText" scrolling="yes"></textarea>
		</div>
		<div class="outerdiv" id="buttonsdiv">
			<button onclick="encrypt()"><b>Encrypt</b></button>
			<button onclick="decrypt()"><b>Decrypt</b></button>
		</div>
	</div>
	<div class="outerdiv" id="col2">
		<p id="matrixText"></p>
	</div>
	<script type="text/javascript">
		setInterval(changeMatrixText, 200);
	</script>
</body>

</html>

That code is not an encryption scheme at all. It's just a compression scheme. It would be pretty easily decrypted.

You should learn about real encryption schemes as was suggested earlier.
 

Similar threads

How Secure is a Text Encryption Program Created with Visual Basic?
  • · Replies 1 ·
Replies
1
Views
3K
Why do emails from my contact form bounce?
  • · Replies 10 ·
Replies
10
Views
4K
Help with PGP and RSA for secure FTP transmission
  • · Replies 3 ·
Replies
3
Views
2K
How do encrypted USB flash drives work and how can we make them more secure?
  • · Replies 7 ·
Replies
7
Views
3K
How can I receive security codes overseas without a traditional phone number?
  • · Replies 2 ·
Replies
2
Views
1K
Python Should I rewrite my modules in order to implement json/pickle?
  • · Replies 5 ·
Replies
5
Views
1K
My Website For Creating Interactive Visuals Linked To Equations
  • · Replies 4 ·
Replies
4
Views
4K
Python Can I ask some basic Python installation questions?
  • · Replies 8 ·
Replies
8
Views
2K
Java How can I efficiently replace common text message abbreviations in Java?
  • · Replies 3 ·
Replies
3
Views
6K
Encrypting & Decrypting Text Files with a Key
  • · Replies 5 ·
Replies
5
Views
3K