Dynamic generating encryption algorithms

Programming, for all ages and all languages.
Post Reply
User avatar
Jef
Member
Member
Posts: 112
Joined: Tue Jan 08, 2008 7:25 am
Location: Greece
Contact:

Dynamic generating encryption algorithms

Post by Jef »

The idea is to create a symmetric algorithm with variable size and random usage of specific commands.
So, if you are using it to protect your executable, every encryption will have a unique algorithm. So it's not necessary to use a key.

Unique algorithms (with variable size) will prevent a generic crack, in case you are a developer of software protection systems.

My theory about data encryption is to make a tool that will encrypt a data file and will put the decryption (binary) code in to the data.
So, the decryption tool just knows where to find the decryption code in the data file, and then use it.

You will find attached (and at my web-site) a simple demo code that generates ether source code in C (with inline assembly) or binary code.
The source code is written in C and it's ready to be a DLL
Attachments
enc_code_gen_source.zip
(4.33 KiB) Downloaded 62 times
Keep coding...
...the sky is the limit

AsteriOS project: http://www.mindfields.gr/main/index.php ... &Itemid=27
User avatar
01000101
Member
Member
Posts: 1599
Joined: Fri Jun 22, 2007 12:47 pm
Contact:

Post by 01000101 »

why dynamically encrypt? why not just have a relatively large matrix of different encryption schemes and implement them on a file based on certain file attributes or other static variables. or encrypt the software based on hardware attributes that way it has a unique decryption algorithm per computer.
User avatar
Jef
Member
Member
Posts: 112
Joined: Tue Jan 08, 2008 7:25 am
Location: Greece
Contact:

Post by Jef »

01000101 wrote:why dynamically encrypt? why not just have a relatively large matrix of different encryption schemes and implement them on a file based on certain file attributes or other static variables.
If you see the source code and the result (generated code) you will see that i used as well variables (that are also random).
If you encrypt with this method 1.000.000 times the same file, you will get 1.000.000 different encrypted files.
In case that you include the decryption code into the data, you will also get 1.000.000 files with different size.
01000101 wrote:or encrypt the software based on hardware attributes that way it has a unique decryption algorithm per computer.
Because this cannot be decrypted in other computers
Keep coding...
...the sky is the limit

AsteriOS project: http://www.mindfields.gr/main/index.php ... &Itemid=27
elfenix
Member
Member
Posts: 50
Joined: Sun Dec 02, 2007 1:24 pm
Libera.chat IRC: elfenix
Location: United States
Contact:

Post by elfenix »

Because this cannot be decrypted in other computers
I don't get that this is a bad thing?

The security of any encryption algorithm is the security of your key.

How about this.... I provide a file, without the key, and give full instructions on how I made it. I'd bet a cool amount of cash you couldn't tell me the contents in a month, and a substantial amount you couldn't tell me in a year.
User avatar
Jef
Member
Member
Posts: 112
Joined: Tue Jan 08, 2008 7:25 am
Location: Greece
Contact:

Post by Jef »

Fate wrote:
Because this cannot be decrypted in other computers
I don't get that this is a bad thing?
unless you want to use your encrypted data in your second pc (home/office), or motherboard damage.
Fate wrote: The security of any encryption algorithm is the security of your key.

How about this.... I provide a file, without the key, and give full instructions on how I made it. I'd bet a cool amount of cash you couldn't tell me the contents in a month, and a substantial amount you couldn't tell me in a year.
If you mean that the algorithm is common/public/known with this "give full instructions on how I made it",

yes this is the best. But these algorithms are not symmetric.
Keep coding...
...the sky is the limit

AsteriOS project: http://www.mindfields.gr/main/index.php ... &Itemid=27
User avatar
01000101
Member
Member
Posts: 1599
Joined: Fri Jun 22, 2007 12:47 pm
Contact:

Post by 01000101 »

asymmetry is what you want right?. if you want dynamic, well that's the way to do it, using asymmetric values. you can go as crazy as encrypting data with random memory data or use hardware ID values to encrypt (not as much asymmetry, but you get the point).

If you are really THAT concerned about encryption to take it to that level, then data lost is better than data easily recovered. If your data is so locked down that the only way it can be corrupted is by hardware failure, then that I'd say that's pretty good. On the other hand, if you want portability in the cipher, then you cannot rely on hardware or anything else truely unique per computer. But we already have good encryption standards build just for portability and strength (T-DES, AES, MD5, SHA, etc...)
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Post by Solar »

I strongly suggest the book "Applied Cryptography" to give you a good start on the subject. Some general truths on cryptography:

Hiding key or algorithm in the cyphertext does not work. One look at the decoding tool, and the attacker has broken your cypher.

Generating cypher algorithms "randomly" (not sure how this should work at all, and not in a mind to dig through your code) will most likely result in "weak" ciphers, which do not properly protect against statistic attacks.

Passing the algorithm to the receiver over a "secure channel" doesn't solve any problems, as that is essentially the same as using a common symmetric cypher and passing the key over a "secure channel".

I'd say, leave the invention of new crypto technology to the pro's, there is a reason why cryptology has become a science of its own. Any hobbyist approach on the subject is bound to result in tools that give you a false sense of security, at best.
Every good solution is obvious once you've found it.
User avatar
Alboin
Member
Member
Posts: 1466
Joined: Thu Jan 04, 2007 3:29 pm
Location: Noricum and Pannonia

Post by Alboin »


PostPosted: Thu Jan 31, 2008 2:39 am Post subject:
I strongly suggest the book "Applied Cryptography" to give you a good start on the subject.
The Handbook of Applied Cryptography is a free online book on the subject, if I do so recommend. I haven't read it myself, but according to Schneier, "This is a good book, and well worth downloading." ;)
C8H10N4O2 | #446691 | Trust the nodes.
User avatar
bewing
Member
Member
Posts: 1401
Joined: Wed Feb 07, 2007 1:45 pm
Location: Eugene, OR, US

Post by bewing »

On the other hand, data compression is also a form of encryption -- and one where a hobbyist can fairly easily come up with a major new advance in the field.
User avatar
Jef
Member
Member
Posts: 112
Joined: Tue Jan 08, 2008 7:25 am
Location: Greece
Contact:

Post by Jef »

You are right when we are talking about data.
The code a have attached was created to be used by a tool that protects executables. If the code that protects the exe has variable size and different encryption algorithm every time its protects an exe, then the hacker cannot produce a generic crack.
So actually you don't need a password or key to decrypt it.
It always decrypted at the startup of protected application.
This project done before 7-8 years.
But as an idea to the specific target, is still good protection.
Keep coding...
...the sky is the limit

AsteriOS project: http://www.mindfields.gr/main/index.php ... &Itemid=27
xxxcastenada
Posts: 8
Joined: Thu Jan 03, 2008 1:22 am

Post by xxxcastenada »

IIRC

1. It's very difficult to generate true random numbers with computer based systems. Computers simulate determinism, meaning for a specific input the output will always remain the same. 1 + 1 always = 2. Knowing the output the input can often be deduced. The best most people can do to simulate random numbers is to base their encryption off of a file containing weather data, a file containing random radio static or something similar.

2. Your solution in using encryption to defeat cracks sounds vaguely like a polymorphic virus.

http://en.wikipedia.org/wiki/Computer_v ... rphic_code
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Post by Solar »

@ bewing:

Compression is not a kind of encryption. If you believe that, that's the first step towards an encryption scheme that a cryptoanalyst will wet his pants over by laughing so hard.

Same goes for hobbyist ciphers, at least unless the hobbyist has studied the subject thoroughly. I seriously doubt that anyone who has not at least a university degree in maths (or equivalent education) to come up with an encryption scheme that would withstand a dedicated cryptanalist for more than a couple of days.

@ Jef:

If the "security" lies within "hiding" the decryption code in the cyphertext, it's not "secure" at all. I asked this before, I ask it again: If the intended recipient is able to find the decryption code within the cyphertext, how do you keep Malory (the malicious attacker) from finding it, too? All he had to do would be to disassemble the cyphertext at various offsets and check if what comes out is meaningful?!?
Every good solution is obvious once you've found it.
User avatar
Candy
Member
Member
Posts: 3882
Joined: Tue Oct 17, 2006 11:33 pm
Location: Eindhoven

Post by Candy »

bewing wrote:On the other hand, data compression is also a form of encryption -- and one where a hobbyist can fairly easily come up with a major new advance in the field.
How do you determine that a compression algorithm works? If the file is smaller, it works.

How do you determine that an encryption algorithm works?
User avatar
Jef
Member
Member
Posts: 112
Joined: Tue Jan 08, 2008 7:25 am
Location: Greece
Contact:

Post by Jef »

xxxcastenada wrote:2. Your solution in using encryption to defeat cracks sounds vaguely like a polymorphic virus.
yes, i know.
a lot of times Norton anti-virus ether report the protected executable as "maybe infected" or make a lot of delay before let windows run the protected exe.
@ Jef:

If the "security" lies within "hiding" the decryption code in the cyphertext, it's not "secure" at all. I asked this before, I ask it again: If the intended recipient is able to find the decryption code within the cyphertext, how do you keep Malory (the malicious attacker) from finding it, too? All he had to do would be to disassemble the cyphertext at various offsets and check if what comes out is meaningful?!?
and how you know where exactly is the decryption code?
If its multiplexed with the data and its only the half of the code ?
I mean that decrypter has the half code and data has the other half code.

Believe me, if i give you a protected executable from this tool, you will try too hard to crack it.
I don't say thats uncrackable. Everything can be cracked. Its matter of time.

anyway, i don't try to prove anything.
If you believe thats its good idea, ok, use it.
If not, don't use it.

Opinions it like ********. All have one ;)
Keep coding...
...the sky is the limit

AsteriOS project: http://www.mindfields.gr/main/index.php ... &Itemid=27
Post Reply