Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
It's funny.  Laugh. Your Rights Online

New Encryption Algorithm 10

An AC sends "BLiND is a brand new encryption algorithm which is fast, and very easy to implement. Check it out at freshmeat. This is... well... good for a laugh at least." Unfortunately you'll have to download the source and take a look at enc.c to get the joke. I think Lotus uses this level of encryption in some of their products...
This discussion has been archived. No new comments can be posted.

New Encryption Algorithm

Comments Filter:
  • They shoulda named it BLoNDe.

    And, no, the Lotus security doesn't suck that much.
  • I was expecting something funny - like maybe the encryptor portion of the code changed everything to spaces (hence, the name - it's encrypted when you can't see it). But instead, we see this.

    It looks like a simple substitution cypher - easy to break via frequency analysis. Might be useful in simple contexts, but I wouldn't trust this for any 'real' security uses.

    On top of it all, the code is awful - since it is just a substitution cypher, why not set up a couple of global arrays of chars for the input and output substitution strings, key into the input, and output the character at that position? This guy's way of using a TON of 'if' statements just glares at me.

    Finally (and this may be because my C is rusty), he declares the variable 'c' in the function as an int, but then later tries to compare (in the 'if' statements) 'c' to a character (ie, if(c=='a') fputc('~', dst);) - unless 'a' evaluates in the end to 65, and that is what you are comparing to (which, when I think about it, may be what it does).

    The code also doesn't look quite right - like the syntax is wrong, and it would blow up massively on first compile. I haven't tried compiling it yet, so it may be fine (like I said, my C is rusty)...

    Maybe this is the joke, and I am just stupid.
  • At first I thought it was some kind of encryption for safety... but it seems that it is only encryption for making things harder to read for humans...
    (Kinda like ROT13, but the replacement scheme seems to be more complex...)

    I just wonder:
    Do we really need a thing like this?

    --
  • Well... you don't even need to break it (even if that would probably be very easy)... just download the blind source and (either compile it and use it to decrypt... or) look at the decryption scheme.. it says exactly what should be substituted with what.

    --
  • I'm too lazy to translate this into 2 lines or less of perl. Maybe someone wants to do so, just for the possible karma?

    Seems tr(1) would suffice, too...

    <sigh>

    --
    It's pretty pathetic when karma can drop when you do nothing
  • Alright, I'll bite.

    $from = "a-z A-Z1-90~\\`!\@#\$\%^\&*()_\\-+={[}]:;\\\"\\',<.>?\ \/|";
    $to = "~\\`!\@#\$\%^\&*()_\\-+={[}]:;\\\"\\'<, |.?\\/1-90a-ln-zA-H" . chr(241) . "I-Z~";
    while (<>) { eval "tr/$from/$to/"; print }

    Notice how both "a" and "|" get mapped to "~", and nothing gets mapped to "m" or ">". Interesting... I think I'm missing one or two more, as well.

    (I wish Slash let me use <PRE&gt. This formatting sucks.)

  • string Encode(string val)
    {
    const char Low='/';
    const char High='z';
    //const char slow='a';
    //const char shigh='z';

    for(int x=0;x<val.length()-1;x++)
    {
    char Letter=val[x];
    if((Letter>=Low)&&(Letter<=High))
    {
    for(int index=38;index>0;index--)//shift chars 38 in ASCII
    {
    Letter=Letter+1;
    if(Letter==High+1)
    Letter=Low;
    }
    val[x]=~Letter;//invert after shift
    }
    }
    return(val);
    }

    And my comments are in english

    --
    Spelling by m-w.com [m-w.com].

  • Actually, BLIND is just good old substitution cipher, which may protect your data from being read by your six-year-old brother. Anyone else will be able to decrypt "encrypted" data by hand.

    Had the author even looked at any crypto-book (e.g. Schneier's "Applied Cryptography" or Menezes's "Handbook of Applied Cryptography"), he'd never posted the algorithm.

  • eval "tr/$from/$to/";

    Ick. Why eval tr when you could use the built-in tr/// (or the equivalent, 1-letter-less y///)?

    (I just wish slashcode would allow <code> for things like this)
    --
    It's pretty pathetic when karma can drop when you do nothing
  • Why eval tr when you could use the built-in tr///

    Good question. Answer: the tr/// operator doesn't interpolate its arguments. So "tr/$from/$to/" just takes "$" to "$", "f" to "t", and "r" to "o". I tried it your way at first, and was very confused for a while. The perlop(1) man page cleared things up.

You know, Callahan's is a peaceable bar, but if you ask that dog what his favorite formatter is, and he says "roff! roff!", well, I'll just have to...

Working...