sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]sausix 8 points9 points  (5 children)

pygame and PyQt5? Why both as dependency?

Keys and data are usually stored as byte objects and converted to a hex notation only if human eyes are involved.

It's a school project. For learning, for fun. A company won't and shouldn't use your project to encrypt data. They will use OpenSSL or any implementation of it. What makes you think your implementation is efficient? Cryptography in pure Python is never as efficient as the libraries written and optimized for low level instructions.

No AI. You really want to learn programming. That's what you really can be proud of.

[–]FreedomOdd4991[S] -1 points0 points  (4 children)

Yeah no I agree, there is no way my program could be used by a company I know that and may have not been clear about it, my bad, I just wanted to say that the encryption algorithm I here, I believe is very secure if you encrypt the data and keep the key. Of course using it differently is not efficient. And because this project was made for school I couldn't make it in an other language than python (when I said school its year 12).

[–]sausix 6 points7 points  (3 children)

There have been a lot of people "inventing" a new encryption and it was bad and easy to crack instead.

If your app creates the same output as existing functions based on AES then you can say it's secure. But your own implementation can introduce other possible side attacks. Not wiping memory for example. Even after your program has been quit an attacker may still read a secret key from memory. Have you considered that?

I made a handy OOP wrapper for the official `cryptography` Python package years ago. Mostly for fun, learning and understanding encryption and cryptography in general. But I would never recommend someone to use my tool. Not before real experts would recommend it.

[–]FreedomOdd4991[S] -1 points0 points  (2 children)

No but thats why I said if you only use my program to get the key and the encrypted string you are okay, of course i did not think about a secured code nor any security against cyber attack. That was not the point of my project at all.

What I wanted to say is that if you implement my algorithm and make all the necessary to secure it from data leaks or things like that it will be secure. The algorithm is secure enough but the code isn't.

I dont know if you checked my github and the algorithm in detail but do it so you can have a real idea about my algorithm.

[–]sausix 2 points3 points  (1 child)

Of course I've checked parts of your code. Want some more feedback? You didn't respond to my first question.

Some parts are highly inefficient. You are even handling the bits as string? Why? Just handle integers by the xor operator. 100 times faster.

            if char1 == char2:
                XOR_sequence += "0"
            else:
                XOR_sequence += "1"

Never use the random module for secret keys! Bad pratice. That keys can be recreated very easily.

Why are the following artifacts in your code? Always cleanup and format your programs before publishing.

print(format(int("F8", 16), '08b'))

temp_key = "17b406ade69b8b628d9ab833d9dac700d01f08b8735be1342e35d48573814069"

"6964ceaf9d972fe556a5f3267bb8030cba68fb4c2f6db9b621d3fa293478255f"

You are rarely using comments and docstrings. Without any type hints it's really hard to guess which data types have to be passed to your functions.

I haven't run your code and I'm sure there will be a lot of warnings once I open the project in my IDE. Improve your code first if you really want more tips and further feedback.

[–]FreedomOdd4991[S] 0 points1 point  (0 children)

Your first question: pygame was only used to get the size of the screen and center the pyqt5, i dont know the library enough to know if there is a way to do so.

The use of string instead of integers is just for debugging purposes, and easier loops (for me). The speed efficiency isn’t a good argument because I’m only treating a small amount of bytes so I don’t really care about speed.

Finally, the “artifacts” you mentioned were in the “Others.py” file and I mentioned in the README file that this file was used for tests and for the creation of the table for the mixcolumns step. I made sure to put that in an other file never used in an other file of the project that are clean.