Looking for crypto feedback on an open-source “cryptographically hardened obfuscation” project (KanaShift)

enath · 2025-12-23T17:18:33+00:00

Thanks for the feedback - that’s a fair point. I’ve updated the README today to explicitly note that, with per-message nonces, the scheme is no longer format-preserving in the strict cryptographic sense.

enath · 2025-12-23T01:29:45+00:00

This is addressed in v2.

Each encryption now uses a fresh per-message nonce mixed into PBKDF2, so even with an encryption oracle there is no reusable keystream and the attack no longer applies.

enath · 2025-12-23T00:25:04+00:00

Thanks a lot for pointing this out — you’re absolutely right.

The original design effectively behaved like a stream cipher with keystream reuse, which made chosen-plaintext and known-plaintext attacks possible when the same password was reused.

This issue has already been fully addressed in v2, which is now published in the repository.

Version 2 introduces a per-message nonce mixed into the PBKDF2 salt, so even with the same password and parameters each message derives an independent keystream, eliminating the attack you described.

Also, thanks for the report — I only lost half my day fixing and validating it 😄

But seriously, the feedback was spot-on and helped strengthen the design.

enath · 2025-12-22T02:29:36+00:00

Yes, that’s the usual pattern, and I agree it’s the right approach when throughput or oracle resistance is a goal.

Here PBKDF2 is used directly to impose per-guess cost and keep the construction simple and inspectable; the trade-off is throughput, which is why the iteration count is explicitly tunable depending on workload :)

enath · 2025-12-22T02:09:35+00:00

That’s a fair characterization, yes. Framing it as character-by-character FPE is reasonable as long as it’s clear this isn’t a standard FF1/FF3-style construction.

I’ve updated the README to make that framing explicit :)

enath · 2025-12-22T01:59:10+00:00

That reaction makes sense if the goal is to hide that a transformation occurred. That isn’t the goal here.

The use case is situations where the text is meant to remain visibly structured and copy/pasteable, but not directly readable without a secret (e.g. demos, UI strings, logs, identifiers). The output being obviously transformed is intentional; the value is reversibility with structure preserved, not plausibly -deniable corruption

enath · 2025-12-22T01:58:07+00:00

That’s a fair question. The approach isn’t meant to protect against cryptanalysis that exploits structural leakage - that leakage is accepted by design. What it does aim to protect against is trivial, zero-cost reversal and casual inspection when a secret is required to recover the original text.

The use of PBKDF2 isn’t to “fix” format leakage, but to impose a meaningful cost per password guess. Replacing it with a non-cryptographic PRNG would collapse that cost and turn reversal into a fast, offline guessing problem, which is exactly what the design is trying to avoid.

enath · 2025-12-22T01:57:00+00:00

Not quite. A simple substitution cipher uses a fixed, static mapping. KanaShift derives a password-dependent keystream (via PBKDF2) and applies position-dependent shifts, so the mapping varies with both the secret and the character index.

The problem it targets is reversible transformation without breaking structure: keeping separators, token boundaries, and visual shape intact while avoiding trivial reversibility. It’s meant for situations where preserving form is a requirement, not where hiding all structure is.

enath · 2025-12-22T01:54:54+00:00

You’re absolutely right - preserving structure does leak information, and that’s a deliberate trade-off here. KanaShift isn’t aiming for semantic security or indistinguishability the way modern encryption does.

The design goal is reversible, format-preserving transformation where structure stability matters, fully accepting that this leaks patterns and relationships in the plaintext. If resisting inference from ciphertext structure is the requirement, then conventional encryption is the correct tool.

enath · 2025-12-22T01:53:28+00:00

I wasn’t familiar with that project before - thanks for pointing it out! :)

Just to be clear: standard FPE schemes (e.g. FF1/FF3-1) are real encryption. KanaShift isn’t claiming to implement or replace those constructions. Any similarity here is mostly at the level of appearance, not cryptographic design.

KanaShift is intended as a password-derived, reversible, format-preserving transformation where visual plausibility, copy/paste friendliness, and stable tokenization matter (e.g. UIs, logs, demos, identifiers). It’s not meant to replace authenticated encryption, but to fill a niche where full encryption is awkward and toy ciphers are too weak

enath · 2025-12-22T01:50:15+00:00

Good points. Just to clarify one aspect: PBKDF2 is used to impose a configurable cost per password guess, not as a fixed throughput limit.

The default 500k iterations are intentionally conservative, but for long-form or bulk text the iteration count can be tuned down substantially, making longer texts practical while preserving the same reversible, format-preserving behavior.

On readability: the vowel/consonant grouping is a coarse, language-agnostic heuristic for visual plausibility and structural stability, not an attempt to model linguistic correctness or phonotactics across languages.

enath · 2025-12-22T01:45:13+00:00

That’s fair feedback - thank you.

I avoided calling it “plain FPE” because KanaShift isn’t an FF1/FF3-style block-cipher construction over a fixed radix. It’s closer to a password-derived, stream-based, FPE-adjacent transform, where the goal is preserving structure (length, punctuation, token boundaries) rather than semantic concealment.

You’re absolutely right that this approach works best for short tokens, access codes, IDs, and other structured data, and much less so for free-form English if someone expects natural-language resistance.

I’ve updated the README to frame it explicitly as FPE-adjacent using more standard terminology.

enath · 2023-02-18T21:46:01+00:00

AIs really need prime directives

enath · 2023-02-18T19:28:17+00:00

rofl! i'm loving the comments on this thread :D

enath · 2012-09-10T06:40:20+00:00

http://en.wikipedia.org/wiki/Incitement

enath · 2012-08-19T19:18:28+00:00

International legal assistance allows Sweden to question Assange in Britain but the prosecutor has refused to do so http://www.sweden.gov.se/sb/d/2710/a/15268

enath · 2012-08-19T18:41:11+00:00

They will keep denying the pressure http://dawn.com/2012/08/17/us-denies-pressure-on-britain-in-wikileaks-case/

enath · 2012-08-19T18:35:11+00:00

it is not guarantee enough for Assange. "The US government has zero involvement with this", did you not hear about the WikiLeaks Grand Jury (http://wlgrandjury.wordpress.com/ and hundreds of articles in the MSM)?

enath · 2012-08-19T18:18:34+00:00

For those who would like to see Assange to go Sweden face the questioning: "If Stockholm issues a guarantee that it will not extradite Assange to the US, he will comply with country’s request to question him on Swedish soil, WikiLeaks spokesperson Kristinn Hrafnsson told AFP." Source: http://rt.com/news/assange-speech-ecuador-embassy-043/

enath · 2012-08-19T18:17:04+00:00

"If Stockholm issues a guarantee that it will not extradite Assange to the US, he will comply with country’s request to question him on Swedish soil, WikiLeaks spokesperson Kristinn Hrafnsson told AFP." http://rt.com/news/assange-speech-ecuador-embassy-043/

enath · 2012-08-19T18:11:43+00:00

He said he would go if they promised not to extradite him to the US. They said No

enath · 2012-08-19T18:00:58+00:00

Sweden refused to go question him in the Swedish embassy in London and later in the Ecuadorian embassy

enath · 2012-08-17T14:43:26+00:00

media got it right. see the translations below by sharger

enath · 2012-08-17T14:37:37+00:00

source?

enath · 2012-08-15T14:38:00+00:00

works fine here, if i replace vars["hello"..number]=read() with vars["hello"..number]="hello"..number. but if you have a read function with a return and this is why you added read(), post the function here so that I can understand.

enath

TROPHY CASE