3

I have an idea for encryption that I could program fairly easily to encrypt some local text file.

Given that my approach is novel, and does not use any of the industry standard encryption techniques, would I be able to test the strength of my encryption using 'cracker' apps or suchlike?

Or do all those tools rely on advanced knowledge of the encryption process (or intercepted 'keys'), meaning I'd have to build my own cracker for testing?

Andrew
  • 31
  • 1
  • 3
  • 1
    It seems like you're asking, "What software tools are there which attempt to automatically decrypt a encrypted file, whose encryption algorithm (and/or encryption keys) isn't known?" – ChrisW May 24 '10 at 16:12
  • What language is your encrypting program written in? For black-box encryption like you're proposing, this is fairly important to be able to answer your question with accuracy. Also, is your encrypting program password-based, or is it completely black-box? – Andrew Westberg - BCSH May 24 '10 at 16:12
  • Andrew, I am a man who believe in technology and in technology everything is possible. Here even well known DES algorithm was broken by some well known cryptanalyst, so don't even think that your algorithm will even survive an hour, if these cryptanalyst(code-breakers) try to break it. No matter how much secure you try to keep it, but if a bunch of cryptanalysts are after your code almost i can say 99.99% chances are that they will break it. – TCM May 24 '10 at 16:22
  • ChrisW - yes I suppose that is a more succinct question, perhaps I will try to edit the title Andrew - I have not written the program yet (I'd probably use Java), and in fact the decrpytion/encryption could potentially be done manually given the key (if it was operating on just the characters of the text). What I'm thinking is if I output a scrambled text file (no password, end user needs complete key), are their tools to analyse this (without reference to the program)? Obviously simple substitution ciphers can be tackled by frequency analysis, but my approach is more than just substitution. – Andrew May 24 '10 at 16:39
  • Nitesh - my problem in a sense is quite the opposite, I don't have access to cryptanalysts! So I was hoping to use some computer tools instead. I know there is no real security until its gone under that sort of scrutiny, but this is not a real security issue for me just an interesting project. Thanks for all your comments/answers. – Andrew May 24 '10 at 16:39

5 Answers5

15

If you've written your own "novel" encryption, without any "industry standard encryption techniques", and you don't know how to test it (ie: you are not an expert cryptographer), then I can already tell you the result.

Your scheme is hopelessly flawed, and can be broken by even undergraduate level cryptographers. Not that your scheme will ever encrypt anything so valuable as to be worth the time to crack.

Cryptography is NOT for the inexperienced. More than any other discipline, it constantly builds on previous knowledge. There are no "revolutions" in crypto, and a new-and-novel-scheme is NEVER recommended.

abelenky
  • 63,815
  • 23
  • 109
  • 159
  • 1
    Hmmm OK I suspected of course that I'd get an answer like this, but I'd still like to try for myself, if for nothing else but to learn how things work along the way. And who knows where a little lateral thinking can sometimes lead... Say you were running a class competition for the students to write their own ciphers - is there a program you could use to test them and adjudicate the winner? – Andrew May 24 '10 at 16:45
  • No, of course not. If you're running a cryptography competition, you'd have judges with the necessary experience to mathematically analyze the algorithms. If you *really* don't want to believe the advice posted here, write your encryption program, encrypt a plain-text file, and offer a cash prize to anyone that can decrypt the file. – wadesworld May 24 '10 at 16:52
  • So, Wade, you are saying 'No, there are no such programs' ? Also, offering a cash prize to decrypt a single text file - isn't that a bit unlikely, wouldn't they need more to go on? - for all they know it could be a one-time pad. – Andrew May 24 '10 at 16:59
  • 3
    I would say that there are no such programs. In fact, I would go so far as to say that deciding whether an algorithm can be reversed is equivalent to the Halting Problem. Even an half baked implementation of such a program might run for years without determining anything useful about the strength of a cipher. – Allen May 24 '10 at 19:10
  • @Andrew: If I were an expert cryptographer (which I'm not), I'd try the most common "standard techniques" that most people seem to re-invent (been there, done that, got cautioned by a mentor that I've reinvented a cute variation on a standard cipher which has been completely broken for decades), and the 80/20 rule would work very nicely for me there. – Piskvor left the building Jun 14 '10 at 13:51
6

Bruce Schneier has written well on this very subject. Please read Memo to the Amateur Cipher Designer.

You would do well to get his book Applied Cryptography, read his blog where he occasionally points out flawed schemes, read cryptanalysis papers to see what an a real attack looks like. Attacks usually rely on mathematical properties of the algorithm.

And that is just Schneier. There are many other cryptologists you could learn from. Read the bibliography of Schneier's book for links.

Allen
  • 2,228
  • 18
  • 22
2

If you are writing a program for fun or to learn about encryption, great, explore and learn. If you are using a major language there are lots of available libraries free to use that will do encryption properly for you. I'd highly recommend leveraging one of these libraries if you are doing this as a professional endeavor.

If you are looking to learn more about encryption start with the book Applied Cryptography from Bruce Schneier its old but will give you a good base understanding and you can find newer texts from him or other reputable authors to build upon that knowledge. He has a site at http://www.schneier.com/

MegaCraig
  • 63
  • 4
2

Crypto cracking tools are invariably algorithm-specific.

crazyscot
  • 11,819
  • 2
  • 39
  • 40
1

I can't agree enough with @abelenky and @MegaCraig: if you actually care about securing data, creating your own encryption scheme is a horrible idea.

If you want to learn, you may want to start with the Wikipedia article on cryptanalysis.

If you follow up with the articles on various types of cryptanalysis, you can often find links to tools that will perform that specific type of cryptanalysis, e.g., this tool for doing frequency analysis.

Hank Gay
  • 70,339
  • 36
  • 160
  • 222
  • Thanks, Hank. I am not doing this to secure my own or anyone else's important data. I've already been reading through all the wikipedia articles. The type of tool you linked to is what I was looking for, although I would be interested in any more sophisticated ones because I don't think frequency analysis would work whatsoever. Hopefully I'll find some. – Andrew May 24 '10 at 16:52