Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   Triangle Encryption (Created by Me) (http://www.go4expert.com/forums/triangle-encryption-created-t22748/)

 King Falcon 18Jul2010 08:45

Triangle Encryption (Created by Me)

it is my first thread. Sorry if my thread have a lot of wrong code.

In the holiday of school, i tried to create an encryption code for my application and i triend to make it hard to decrypt (or can't).
This is a simple encryption code, but i think hard to decrypt it. The result will similar with base64, but it isn't.
The code only contain Xor, Or, and several math operation. I named it "Triangle Encryption" because this contain formula of triangle area.
Please correct it if my it is wrong.

And, this is a module code :
Code:

``` Public Function ENCRYPT(PASSWORD)     For I = 1 To Len(PASSWORD)             S1 = Asc(Mid(PASSWORD, I, 1))         S2 = S1 + Round(S1 / 2, 0) Mod 256         S3 = Round(Sqr((S1 ^ 2) + (S2 ^ 2)), 0) Mod 256                     K = (S1 + S2 + S3) Mod 256         L = ((1 / 2) * S1 * S2) Mod 256                 T1 = S1 Xor S3         T2 = K Xor L         T3 = S2 Xor L         T = (T1 Xor T2 Xor T3) Mod 256                 M1 = S1 Or S3         M2 = K Or L         M3 = S2 Or L         M = (M1 Or (M2 * M3)) Mod 256                 TOTAL = TOTAL + Chr((T + M + I ^ 2 + S1) Mod 256)     Next         ENKRIPSI1 = CRYPT1(TOTAL)               ENCRYPT = ENCRYPT + ENKRIPSI1     End Function Private Function CRYPT1(PASS)         For a = 1 To Len(PASS)                 C = Asc(Mid(PASS, a, 1))                 TABLEONE = Array("A", "a", "B", "b", "C", "c", "D", "d", "E", "e", "F", "f", "G", "g", "H", "h", _         "I", "i", "J", "j", "K", "k", "L", "l", "M", "m", "N", "n", "O", "o", "P", "p", "Q", "q", "R", "r", _         "S", "s", "T", "t", "U", "u", "V", "v", "W", "w", "X", "x", "Y", "y", "Z", "z")                 HSL = C Mod UBound(TABLEONE)                 ONECRYPT = ONECRYPT + TABLEONE(HSL)             Next         If Len(ONECRYPT) > 0 And Len(ONECRYPT) < 20 Then CRYPT1 = ONECRYPT + "==" Else CRYPT1 = ONECRYPT     End Function```
As you look, this code is very simple and doesn't contain CryptoAPI.

 shabbir 18Jul2010 09:16

Re: Triangle Encryption (Created by Me)

Haven't tested but yes looks slick code.

 fourthdimension 1Aug2010 10:25

Re: Triangle Encryption (Created by Me)

Interesting. In my quick glance over it appears as if it has the potential to generate hash collisions. You might want to double check it to make sure there's a bijection between input ascii and output hashes. I'll have to look at it more thoroughly sometime.

 King Falcon 1Aug2010 10:46

Re: Triangle Encryption (Created by Me)

Quote:
 Originally Posted by fourthdimension (Post 71035) Interesting. In my quick glance over it appears as if it has the potential to generate hash collisions. You might want to double check it to make sure there's a bijection between input ascii and output hashes. I'll have to look at it more thoroughly sometime.
yeah...
i know it..
I intentionally do it..
so, it will be harder to decrypt the encrypted code...
i just made a 2nd Gen for this encryption code...
but i still testing it...
if the code has been tested, i'll show here...
so, we can use double checking...
let say if the 2nd Gen function is ENCRYPT2, encrypted code of 1st encryption code is result1, the encrypted code of 2nd Gen is result2, and the password textbox is text1, we can use :
Code:

```if (ENCRYPT(text1.text) = result1) and (ENCRYPT2(text1.text) = result2) then .... else ... end if```

 fourthdimension 3Aug2010 03:35

Re: Triangle Encryption (Created by Me)

Hmm. Could be neat, so long as intersection of both encryption operations yields no duplicates or 1 to many key-hash relationships (depending on the purpose of the encryption).

...there's only one scenario in which I can see hash collisions being quite useful, and that's in data transmission/storage where both sender and recipient have the decryption key. There is one main reason to be wary of designing hash collisions into an encryption algorithm: You don't want to be so focused on making your hashes to hard to decrypt that you actually invalidate the need to decrypt them at all. Case in point: let's say we have a simple encryption algorithm that just sums the ascii codes of each character in the input text and then mods it by 16. It's true that if you capture a hash generated by this algorithm, you won't have much idea as to what the plaintext was that generated it. However, when a smart hacker realizes how it was generated in the first place, he won't even bother trying to reverse engineer or crack the hash because he knows that there's literally an infinite number of possible ascii character permutations that will all yield the required hash. So while the encryption scheme generates ambiguous hashes, it invalidates the need to crack those hashes because a simple, quick bruteforce of the application using the encryption algorithm will make gaining access to the protected resources more easy than cracking the hash in the first place.

 King Falcon 3Aug2010 03:56

Re: Triangle Encryption (Created by Me)

Quote:
 Originally Posted by fourthdimension (Post 71100) Hmm. Could be neat, so long as intersection of both encryption operations yields no duplicates or 1 to many key-hash relationships (depending on the purpose of the encryption). ...there's only one scenario in which I can see hash collisions being quite useful, and that's in data transmission/storage where both sender and recipient have the decryption key. There is one main reason to be wary of designing hash collisions into an encryption algorithm: You don't want to be so focused on making your hashes to hard to decrypt that you actually invalidate the need to decrypt them at all. Case in point: let's say we have a simple encryption algorithm that just sums the ascii codes of each character in the input text and then mods it by 16. It's true that if you capture a hash generated by this algorithm, you won't have much idea as to what the plaintext was that generated it. However, when a smart hacker realizes how it was generated in the first place, he won't even bother trying to reverse engineer or crack the hash because he knows that there's literally an infinite number of possible ascii character permutations that will all yield the required hash. So while the encryption scheme generates ambiguous hashes, it invalidates the need to crack those hashes because a simple, quick bruteforce of the application using the encryption algorithm will make gaining access to the protected resources more easy than cracking the hash in the first place.
so, what should i do????
some Cyber Cafe program and ASP Website use it...
and all of them combined it with other encryption method....
one of Cyber Cafe program use : MD5(ENCRYPT(password)) for admin & members authentication....

 simpleguy 13Apr2011 21:25

Re: Triangle Encryption (Created by Me)

Code:

```    *   **   ***  **** *****```