-2

Is it possible to encrypt a java class file with MD5 & decrypt it for execution?

I have a client & I'd like to try encrypting my class files that have to be decrypted via a jar file in my dropbox. I have md5 text enryption in java, but how would I set the text to be encrypted as the text in the class file?

I've searched around but haven't found anything with someone trying to attemt it, hense I want to try this method.

Ryan
  • 359
  • 2
  • 8
  • 15
  • 2
    It doesn't make that much sense. MD5 is a hash function, not encryption. If you did encrypt using something like AES then where do you get the key from? How do you keep it secret? – seand Dec 06 '13 at 05:41
  • I didn't really understand md5 I read the wiki & got a bit confused. I'm not too good with encryptions... – Ryan Dec 06 '13 at 06:35
  • Try to understand the basics first then. [Here is an introductory online course on Cryptography](https://www.udacity.com/course/cs387). – Domi Dec 06 '13 at 07:36

3 Answers3

3

MD5 is not a reversible function. Further, no one-way hash should be a reversible function.

Elliott Frisch
  • 198,278
  • 20
  • 158
  • 249
  • ....? I have my password encrypted using md5 & can decrypt it using my java code... also you can go to md5ecnrypt.com & you can decrypt it just fine... sorry if I sound stupid but I just got my wisdom teeth taken out & I got this idea while on my medication. – Ryan Dec 06 '13 at 06:31
  • It's not a reversible function, it is possible to compute collisions. – Elliott Frisch Dec 06 '13 at 06:33
  • Ah ok. Do you have any suggestions for least used class file encryptions? one that's least likely to be used & guessed as a method of encryption? – Ryan Dec 06 '13 at 06:36
  • The best you can probably do is obfuscation (even if you write a classloader, someone can still probably break it). – Elliott Frisch Dec 06 '13 at 06:38
  • Ryan those websites use a huge database of hashes in order to decrypt md5 message, agree with Elliott for obfuscation. – Sven Dec 06 '13 at 06:50
  • I can use the source code & build a jar to decrypt the data via the jar. I can place the jar in my cloud server, obtain the link to it, & use it to decrypt/execute the data. I just want to know How I would encrypt the message.... do I put the class file into an text file & read the whole class as a String to enc & dec.? I'm sorry If i seem to be arguing, I'm not trying to, I'm seeing if we can work together & find a way to make it possible or clarify. * or discover a new method. Hash encryptions are by far my favorite. people have suggested asymetric encryption but that seems more impossible. – Ryan Dec 06 '13 at 07:17
  • & Btw I have a really in depth class file dedicated to md5 for my password & other player file data. As for copyrighting my code for my game, that doesn;t stop people. Look at runescape. People still steal the code & Jagex gives up most of the time because there are so many people copyrighting their data. – Ryan Dec 06 '13 at 07:20
  • 1
    **Cryptographic hashes** are not encryption and are not reversible transforms - you'll notice that you get a fixed output length, regardless of input. – Elliott Frisch Dec 06 '13 at 07:20
  • 1
    If nothing else, they cannot be fully reversible due to the [pigeonhole principle](http://en.wikipedia.org/wiki/Pigeonhole_principle). – Elliott Frisch Dec 06 '13 at 07:22
2

MD5 is message-digest algorithm (Hash function) not encryption algorithm, and it is meant to be irreversible.
http://en.wikipedia.org/wiki/MD5,
and for class encryption refer this How can you protect/encrypt your Java classes?

Community
  • 1
  • 1
Sven
  • 303
  • 2
  • 12
  • As for this answer I don't really want to try a known method, because people find ways to decrypt/decompile the code. specially on the website I advertise my game on. – Ryan Dec 06 '13 at 06:33
0

As it was pointed out in other answers, MD5 is not an encryption algorithm.

Leave aside that, if the client is able to execute the code, it will need and will be able to decrypt the classes.

Third, [security through obscurity][1] (i.e. not using a "known method", but developing your own instead) gives only a false sense of security. If the security approach is sound, using a known algorithmn (well tested, with a solid implementation and without known attacks) makes it even stronger. If the approach is not sound, your only defense is the inability of the potential attacker to discover your method.

1: http://en.wikipedia.org/wiki/Security_through_obscurity

Javier
  • 12,100
  • 5
  • 46
  • 57