patternjavaMinor
Custom encryption
Viewed 0 times
customencryptionstackoverflow
Problem
I made a custom encryption library/class which allows to en-/decrypt
Since I haven't much cryptography knowledge, I'd like to ask if someone who knows about it could tell me if this is "safe". I know nothing is 100% safe, but I'd like to know how far it is safe and maybe some improvements.
I currently have two programs on a server running, which are trying to brute-force it. After nearly 2 months now, there is nothing found yet, so I guess it's working at least a bit.
PreCrypt.java
```
package net.prefixaut.prelib.crypt;
import java.security.SecureRandom;
import java.util.List;
import java.util.ArrayList;
import java.math.BigInteger;
public class PreCrypt {
// Remove Constructor
private PreCrypt() {}
/**
* Default Charset which contains only default Characters.
* Supports: a-z, A-Z, 0-9 and most special-characters. Current amount of supported Characters: 92
*/
public static final String defaultCharset = "abcdefghijklmopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#?!\\§$%&/{[(=+-~*_.:,;µ@€<>|)]}";
/**
* Complete Charset which contains most relevant Characters
* Current amount of supported Characters: 102
*/
public static final String completeCharset = defaultCharset + "\n\t\r" + // Extra Space Chars
"üäöÜÄÖ"; // German Extra Chars
public static char countUp(char c, int amount) {
return PreCrypt.countUp(c, amount, defaultCharset);
}
public static char countUp(char c, int amount, String str) {
return PreCrypt.countUp(c, amount, str.toCharArray());
}
public static char countUp(char c, int amount, char[] charset) {
boolean set = false;
for (int i = 0; i = charset.length) o = 0;
else o++;
c = charset[o];
set = true;
break;
}
}
Strings with a custom charset. I think you'll get what I mean with that when you take a look at the code.Since I haven't much cryptography knowledge, I'd like to ask if someone who knows about it could tell me if this is "safe". I know nothing is 100% safe, but I'd like to know how far it is safe and maybe some improvements.
I currently have two programs on a server running, which are trying to brute-force it. After nearly 2 months now, there is nothing found yet, so I guess it's working at least a bit.
PreCrypt.java
```
package net.prefixaut.prelib.crypt;
import java.security.SecureRandom;
import java.util.List;
import java.util.ArrayList;
import java.math.BigInteger;
public class PreCrypt {
// Remove Constructor
private PreCrypt() {}
/**
* Default Charset which contains only default Characters.
* Supports: a-z, A-Z, 0-9 and most special-characters. Current amount of supported Characters: 92
*/
public static final String defaultCharset = "abcdefghijklmopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#?!\\§$%&/{[(=+-~*_.:,;µ@€<>|)]}";
/**
* Complete Charset which contains most relevant Characters
* Current amount of supported Characters: 102
*/
public static final String completeCharset = defaultCharset + "\n\t\r" + // Extra Space Chars
"üäöÜÄÖ"; // German Extra Chars
public static char countUp(char c, int amount) {
return PreCrypt.countUp(c, amount, defaultCharset);
}
public static char countUp(char c, int amount, String str) {
return PreCrypt.countUp(c, amount, str.toCharArray());
}
public static char countUp(char c, int amount, char[] charset) {
boolean set = false;
for (int i = 0; i = charset.length) o = 0;
else o++;
c = charset[o];
set = true;
break;
}
}
Solution
I don't think I can give you a very good answer, but here goes:
-
If the span of
-
How is
-
In the main loop of the
Even if you address my concerns, I'm no cryptologist, so I would be very surprised if we can come up with a robust crypto system on this forum. I would strongly encourage you to look into one of the many libraries that provide the AES or a modern stream cypher like Spritz or HC-128 if performance is a constraint.
-
If the span of
(temp.get(o) * (o + 1)) (for use in the evenenss test) is not itself even, then your cyphertext is going to be biased. In other words, if the total span of numbers covered by that function is { 0, 1, 2, ... 7, 8}, Then, { 0, 2, 4, 6, 8 } will output 0, and { 1, 3, 5, 7 } will output 1. notice that there is one less member in the one-output camp than there is in the zero output camp. This means that, when encrypting, there will be more countUp's than countDown's, which is a statistical weakness. -
How is
SecureRandom being used?-
In the main loop of the
count function, I see no usage of the result variable or any kind of persistent state. If you're not carrying state between rounds of the main loop, then your cypher is operating in electronic codebook mode, which is not a good thing. How are you chaining your rounds?Even if you address my concerns, I'm no cryptologist, so I would be very surprised if we can come up with a robust crypto system on this forum. I would strongly encourage you to look into one of the many libraries that provide the AES or a modern stream cypher like Spritz or HC-128 if performance is a constraint.
Context
StackExchange Code Review Q#111934, answer score: 2
Revisions (0)
No revisions yet.