Can anyone test the security of my encryption algorithm


#1

I am new to encryption of messages but decided to give it a go. i made an algorithm that checks every letter in the message. for ever letter it finds it's position in the alphabet-(z) which is then used to match up to a scrambled up version of the alphabet. whatever character is at z of the scrambled up list is then used in the encoded message. to make it more secure i made the algorithm use a pincode. the scrambled up list shifts based on each number in the pincode.

Somebody then told me that computers would have no problem decoding a message encrypted like that. So I was wondering what the community thought. Would an algorithm like that be easily decrypted / bruteforced?

Here is an example of an encrypted message by my program:
VfP49NxMNx NfNZxMMZ9N4xMNMCCN9f PNMCNQ9hCQ9.
(i hope that helps to see if it easily decoded or not)

Thanks to anyone who could tell me!


#2

Don't rely on keeping the algorithm itself secret (I've not seen any code), but only the key. Standard algorithms like RSA or AES are all well documented.

And your message is really short. The longer it is, the easier to break.

How long is your pincode? If it is as long as the secret message, you can make it perfectly secure (when you don't reuse the pincode), see one-time-pad.


#3

"maybe it is a little bit too easy to decode"

Indeed :wink: ...


#4

Thanks for testing it, any suggestions on how to improve it?

And how can i test the security of these algorythems without having to bother the people on a forum to tes it for me?
although i understand if that is a little bit to dificult to explain.


#5

I guess you need to check out the theory @Simkoo


#6

Ok, so what you did is a monoalphabetic substitution cipher and is more or less the weakest possible encryption technique (such techniques go back to Roman Antiquity at least): if the ciphertext is long enough, frequency analysis (of letters, double letters, small blocks of consecutive letters) breaks it easily, and if it is too short for that then trying to match words using a dictionary does the trick efficiently (check out this problem for instance), that's what I did here (and it takes only a few seconds with unoptimized python code and an English dictionary of 100000 words).

Good old classical ciphers are completely obsolete nowadays, you should completely forget about alphabet substitutions, even the most sophisticated techniques have terrible flaws and will fail (check out Enigma for instance).

If you do not know anything about modern cryptography and want a simple reliable technique, check out one-time pad (basically do a simple bitwise XOR between your message seen as a binary stream and a secret key having the same size as the message; but keep in mind that the key should only be used once, otherwise it is extremely vulnerable to known- or chosen-plaintext attacks). If you want to use smaller keys independent of the size of the message, then either use a CBC block chaining or (way more fun) pick up a pseudorandom generator to generate the "pad" and use its parameters as the key (for instance pick the BBS PRNG X(n+1) = X(n)^2 mod M and use the pair (X(0),M) as the secret key).


#7

Thank you so much, i will endulge myself in some reading of the links you included. hopefully i will have a better understanding of encrypting afterwards. By the way, you seem to know a lot about coding. Would you happen to know wether C# is an efficient language for encoding and decrypting or even good in general?


#8

If you are learning programming, then the language does not matter much. Pick whatever you want (as long as you avoid old obsolete languages that nobody uses anymore or exotic languages that are just for fun), you will learn several other languages eventually anyway...

As far as I know, C# is perfectly fine for anything (even though I don't use it as I'm mostly under Linux and it's a Microsoft .NET thingy).


#9

The crytopals challenges (https://cryptopals.com/) are quite interesting if you want to know about different crypto methods and how to break them.


#10

There is .net core and mono on Linux (I use the latter myself). It's limited regarding the GUI (only Windows Forms, no WPF), but for console applications you won't miss functionality.

Another website: hacker.org.
There are some crypto problems, as well as coding and web related tasks.