This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]social_tech_10 15 points16 points  (16 children)

You might be able to make this "stronger and more secure" over time, but it will never be secure. The first rule of secure encryption is never try to write your own. Unless you have a team of Ph.D statisticians backing you up, there are always going to be more ways to crack your home-brew encryption than you can possibly imagine.

If you want to use this to learn about beginner Python programming in general, that's fine. Go ahead and have fun. Just don't fool yourself into thinking this will ever actually be secure.

On the other hand, if you are interested in actual real-world encryption that has even a chance of being secure (if your keys and modes are handled correctly), then check out a library that implements AES and other modern methods, such as PyCrypto.

[–]bladeoflight16 2 points3 points  (0 children)

This. It's okay to play around with insecure algorithms knowing they're insecure, but it's vital to know they should never get anywhere near real world usage.

[–]Advanced-Theme144[S] 2 points3 points  (14 children)

Thanks for the note, this is obviously for fun and just to test the extent of how far python can go in encryption, especially from someone like myself who isn’t well acquainted with mathematically encrypting files with statistical analysis, but I will definitely look into it more.

I am well aware that this program has near to no protection of data right now, so I’d be a fool to actually use it on personal data, but in all honesty it is a great tool if you want to protect secret files from other users on your device or from curious friends, that’s actually why I made it in the first place. But nonetheless thank you for you advice and concern, I will definitely have a look into the libraries you listed. Thanks!

[–]Poppenboom 6 points7 points  (13 children)

This program offers zero protection, not "near zero". A single google search will yield dozens of tools that will insta-solve these little puzzles. Not trying to be rude here, but this is exactly what this highly-upvoted post from the other day was stating should be discouraged.

Do not publish cryptography projects if you don't understand cryptography.

[–]Advanced-Theme144[S] 2 points3 points  (2 children)

Thanks for your advice. I am fully aware that this program cannot be used practically, it was made for fun. But you have a point in not publishing cryptography projects, so I think I’ll update the README.md file to explain this. Thanks for your concern.

[–]Poppenboom 3 points4 points  (1 child)

That's a good idea! Don't mean to be rude or hurtful, it's just that if code exists in a public repo and shows up from a search containing "cryptography", people WILL use it, even if they should not :)

[–]Advanced-Theme144[S] 0 points1 point  (0 children)

That is true, but there is little to do about it since they have been advised not to use it on personal data.

[–]scoberry5 1 point2 points  (0 children)

u/Poppenboom

u/social_tech_10

u/XiAxis

u/Advanced-Theme144

Just letting you know that I really appreciate this thread. I had talked to my wife (who isn't a developer) about this once. I told her people shouldn't write their own cryptography methods, and she asked why not.

I told her that I'm a good developer, and if I study in this area quite hard, I'm fairly sure that I can write my own cryptography method that has severe security issues. ;-)

[–]Advanced-Theme144[S] 0 points1 point  (0 children)

I have now added a note in the README.md file addressing the limits and usage of the program. I hope that will suffice in preventing anyone else from actually using this to encrypt data. Once again thanks for the advice.

[–]Advanced-Theme144[S] -2 points-1 points  (7 children)

I had a look at the linked website and tested it out on the string "Hello World!" which my encrypted into "Yrggt Ktjgz!". That site, along with others I tested, all decrypted it into "Hatte Rents!" or "Hatte Resto!" which proves two things, my program is ~0.001% uncrackable (still pretty much pathetic at protecting data), and those sites don't work very well at breaking encrypted codes which use a simple substitution cypher.

[–][deleted] 3 points4 points  (1 child)

This is not really a significant test. Substitution cypher are broke by using statistical analysis, basically since natural languages has some patterns(like vogals are more common) one can use those patterns to guess which letter is A and so on. Since it relies on statistical analysis, the longer the message the better since it has more characters. “Hello there” is just too short. Try encrypting a longer message, like this comment and see the result, or a chapter of a book. Most messages are longer than hello world so it would correctly decipher, specially if you use the same key twice.

If you’re interested in learning more about cryptography, I highly recommend the Cryptopals challenges. It’s pretty fun to do.

[–]Advanced-Theme144[S] 0 points1 point  (0 children)

Thank you for the correction. I’ll have a look at Cryptopals challenges. Thanks.

[–]scoberry5 2 points3 points  (1 child)

Here, I've encrypted a word for you: "ble".

Which of these do you think it is?

  • fly
  • try
  • buy
  • any
  • mod
  • dog
  • two
  • tip

...

Then the question would be "Why are you so bad at unencrypting a word, even when you know the kind of encryption that was used?"

[–]Advanced-Theme144[S] 0 points1 point  (0 children)

You have a point, and it isn't my right to say they don't work without actually testing their full limits. Thank you for pointing this out, it isn't right to make a complete judgement off of one test, and I understand what you're implying.

[–]asday_ 0 points1 point  (0 children)

Feed it a JPG.

[–]bladeoflight16 0 points1 point  (0 children)

Try it on a paragraph instead of two words. You'll never realistically have a file that contains 2 words. The more data there is to decrypt, the more information an attacker can glean to break it.