flat assembler
Message board for the users of flat assembler.

Index > Main > String & Proc Encrypting

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17477
Location: In your JS exploiting you and your system
revolution
What does that have to do with naming 10 software programs?
Post 20 Apr 2008, 07:28
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
I asked the first question. List only 5 of your most used programs other than programming tools

And one other thing you may know why since you say you are the robot :}

and to speak of google, why do the FASM forum have it riding on our backs, slowing down everything we do. When it just fasm everthing is fine... Than here comes a ton of google packets. What's up with that?

I really want to know and I will tell you why.
Post 20 Apr 2008, 07:47
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
We have no problems... I tell you now.

Software. If you use over 3 of any thing created by Microsoft you should not complain about a small piece of of code that I wanted to encrypt. Go back to page one... MS$ Office 2007 is the biggest trogen ever. And all of their products is protected by encryption.

Quote:
Haha, like the Google office (or whatever it is called), all the clients data is stored online. I hope your clients trust you implicitly with their data.


What the difference they are riding on our backs for free, fucking up MY and other connection... Slowing shit down.. Doing what ... Same as above but on a difference level

That's why I ask

BTW: I was not joking... I know know something about web securitys. it's up to you to apply additional security needed. Googoo Can't get in unless you let them in for a dollar or a top listing. iF YOU ARE WELL KNOWN and builded your OWN they have NO SAY SO IN THE MATTER. You must be listed at the top. PUBLIC RULE... meaning no deal needed It is impposible for you to know everything.

Are we still cool


Last edited by ic2 on 20 Apr 2008, 08:40; edited 3 times in total
Post 20 Apr 2008, 08:08
View user's profile Send private message Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis
Very Happy I have MS Windows XP to play games and surf on - mostly because it doesn't have any real disk access and loads from a disk image every time. It's the only way I could secure the bitch.

All my work and downloads are Beale Ciphered with remote data through a certain proxy.

All pride here. Very Happy

_________________
dd 0x90909090 ; problem solved.
Post 20 Apr 2008, 08:24
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
daniel.lewis, Were in the year 2008.. how big is your drive and how long to it take to do that image thing... sound fun I want to try it. I got one at about 500MB it runs WinME sitting right nest to me. anything under 40Gig is old fashion I got 2 20's hee hee for real.. There are more old machine than new machine so I do it for them all.

What piss me off about office 2007 when I run my life long true blue WordPerfect 8 if you have or open up at anytime Word 2007 took the cut & paste handle from WordPerfect dead up in your face with no same ... but you can use it with anything else. They totally fu*k up with me and they are slow as hell and force a web conction for nearly everything you click. Shame Shame I have to use it for a class I that and I hate it. But it's the world business tool and they got the bucks... but the WP thing burns me up...
You can buy there VB but If you are to good at it they will cross you out.
Is that the job of an os or software.. crazy.

My keyboard falling apart.
Post 20 Apr 2008, 09:01
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4240
Location: 2018
edfed
Quote:
anything under 40Gig is old fashion I got 2 20's hee hee for real

what about 327MB, 172MB & 234MB drives?
i have these ones for tests. it is very good.
i can put everything on it.
98 uses only 98MB in very minimal config.
and with Fasmw and all sort of sources, it's ok.
but very noisy. these drives are really noisy compared to "modern" ones
then, i can easy dev with these very old drives.
Post 20 Apr 2008, 09:12
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
revolution couldn't take another minute. He even sounded sleepy for the pass few hour. I bet he already dreamed up of his battle plan for tonight.

327MB, 172MB & 234MB That's insane. I'm more concern about the big Flash Drive than getting the space I really need . 200gig would be would more than enough for me. I started writing this reply think it was 327gig, 172gig & 234gig I remember the days of work with DOS on a 50MB and to have a 80MB represented kingdom.

Me and my friends knew nothing of code . It was all new to us and we would look into the black screen and reboot all day until a pretty girl come by.
Post 20 Apr 2008, 10:22
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Well, IC2, have you figured out what encryption/server thing you're going to use?
Post 20 Apr 2008, 14:20
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17477
Location: In your JS exploiting you and your system
revolution
ic2: I don't know much about web security. I don't use MS Office, but I do use MS WinXP. As for other software, I use a lot of proprietary stuff from non-famous companies. I like to support the small guys as much as I can. Some of it is good and some of it is crap. But all software is "examined" before I ever decide to use it. The small guys can also be nefarious just like the big guys. If possible I use open-source stuff where it meets my needs. Open-office and FireFox for example. I don't use Linux, it doesn't meet my needs.
Post 20 Apr 2008, 14:35
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
Alexp, there is no question about it, I going to use what ever you what ever you tell me to use when I get done. I need the help. It be great to use something from someone you know who works hard to be the best. As long as you stick to it all I will ever have to do is stick with you. We got a long way and am not rush and I hope you are not either. I just need to know how you want me to use it and such.

I got to finishing leaning FASM and rebuild as I go. Than I got to get back to playing with my freeBSD box. revolution is right to say all he said. I take it even farther... I don't trust the web including any Joe's server as you see. There a lot of things you must do and learn in order to make it safe. Nothing is safer than your own server. That's another major undertaking. I just stop building on freeBSD box just months ago. Doc,doc,security doc all day long. I was at configuration stage. Never did get to IPFW or PF. I had to get away from it for a while to study FASM. Plan was to encrypt string & proc using FASM technology. That's the kind of web security I'm taking about. Lucky for me I played with it for a while. r22 suggestion fit right in the program. I just never thought about doing it that way. I was just going to build a web server. I got a long way to go and I better starter today if I expect to be done before this coming winter. Right now my application keeps food on the table. It's my only self created job. It don't need max security. I never had any problems. Everything I'm doing now is for what I may want to do with my web server in the future. I may included in the app I may not. I might write another one. I just know im not worried about it.

Seems like a lot of work but I have big fun doing it. I just don't like going back to things and picking up where I left off.

You can add to a plan but don't completely change your plan. How many times have we all said "dame I should had did that when I was there". .


I think I'm ready to finish something for the first time in my life and do some string & proc encrypting as planned.
Post 20 Apr 2008, 19:51
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
revolution, I'm nuts about Windows, It a real bitch but it better than the typewrite. I just don't like how they took over the meaning of the word "operating system" The same company that wrote the OS has always wrote programs that interfere with competing companies processes and I hate they did that. It's shameful and selfish and people endorse it buying their software. The OS is one thing software is another.

I looked up dongy and other stuff. Everything is going to pot because of these new technologies. The problem is it's too many difference kinds in competition and more and more keeps coming and coming FAST... That's another reason why I want to learn this stuff. Hiding might payoff. Who knows
Post 20 Apr 2008, 20:16
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Quote:
As long as you stick to it all I will ever have to do is stick with you.
Then I suggest we find a way to talk without the lag, every day after school I am on the IRC channel FreeNode/#flatassembler until I go to bed. There we can talk about your ideas, I do not have experience in anything but what I work on but I will be glad to help.

I'm certainly not rushing the RSA, actually I'm kind of being lazy lately (having finished my last project, taking time off). Just fooling around with the first of many algorithms that go into RSA. If you do not have IRC software (I use 'XChat 2', free) then let's find another way to talk.
Post 20 Apr 2008, 21:09
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
I never use chat before We have plenty of time anyway. Is IRC channel FreeNode/ a chat or something. I’ll check things out and be on by next weekend. Than it's a go.

Thanks Alexp
Post 20 Apr 2008, 22:27
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
If you decide to get an IRC software, it'll ask for a server. Use FreeNode (should be in a menu or something). Then join the #flatassembler channel wherever it lets you. I'm always in there, and so are a few others. Feel free to talk whenever you want.
Post 20 Apr 2008, 22:33
View user's profile Send private message Visit poster's website Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis
Sorry for taking so long to reply, I have the flu.
Someone asked why I had such strong endorsement of the Beale Cipher; let me reply.

The Beale Cipher derivatives are the preferred form of all the major power's military shared secret communications since before WW2, and long after the cold war. I think this says something.

Originally, the Beale Cipher concept was to take two texts, ennumerate them, and rotate/add the first by the second. This is proveably secure and offers plausible deniability, but is susceptible to statistical analysis which may or may not indicate the key or probable candidate plaintexts if the key and ciphertext are predictable (like English text).

To improve on this, Vernam Cipher used a random ticker tape which dramatically weakened the statistical analysis attack, and later Joseph Marborgne proved that if it were random every use (hence not reused) it would be fundamentally impossible to break.

Unfortunately, random data on a computer is easily recognizeable making the key quite obvious, and they're painfully difficult to generate.

Fortunately, the Beale Cipher concept hasn't been fully expounded upon.

Since this is not a simple Beale Cipher, and Lewis Cipher isn't taken I would like to claim this for myself. However, since I don't have the math background to write it in fewer words, someone else is welcome to attach their name to it also for expressing it properly.

- That you take 2 or more keys, which may be any data anywhere which will be identical at the time and place of encryption and decryption.

- That you perform any non-linear pattern shuffling this data before and after enciphering.

- That a set of reversible algorithms are performed, such that each algorithm in the set is performed on each datum in sequence until the set is exhausted; and so on reiteratively.

Given that, I argue that you cannot decrypt the data without all of the keys and the ciphertext.

I argue that you cannot statistically analyze it in any significant way without at least all-but-one of the keys and ciphertext, and knowledge of either the shuffling algorithm or the enciphering algorithms peformed.

I also contend that this Cipher is viable for computer usage.

_________________
dd 0x90909090 ; problem solved.


Last edited by daniel.lewis on 23 Apr 2008, 05:10; edited 1 time in total
Post 23 Apr 2008, 04:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17477
Location: In your JS exploiting you and your system
revolution
daniel.lewis wrote:
The Beale Cipher derivatives are the preferred form of all the major power's military shared secret communications. I think this says something.
Can you prove that?
Post 23 Apr 2008, 05:02
View user's profile Send private message Visit poster's website Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis
If your security is based on the premise that you require randomness, on a computer you will fail.

The US, Russian, German, Israeli and British intelligence are all well documented to have used One Time Pads, Beale Ciphers, Vernam Ciphers, and Running Key Ciphers for various things, and tend to progress towards more difficult but secure methods as time progresses. Look 'er up on wikipedia:

http://en.wikipedia.org/wiki/One-time_pad

~~~

While you can reduce a normal plain Beale Cipher rather easily, the enhancements I whipped up have nothing to do with the normally misconceived pseudo-random OTP variants.

Basically:

0) Use multiple keys.
1) Shuffle the data before ciphering.
2) xor the first, ror the second, rol the third, and the forth, or the forth, bswap the fifth, rotate index by the sixth. This is just an example of a set of reversible algorithms.
3) Shuffle the data using a different pattern.

Now without knowing what sets of transformations were used in step 2, try to figure out what data are probably the letter E. Let alone where those letters are placed.

Frequency distribution analysis is crippled by #0 and #2, while reconstruction by identifying/brute force against every possible key is crippled by all of the above.

*the brute force method I mention is to say "the dice rolled 5, it could be 4:1 or 3:2 so all texts this person has access to see if they have 1,2,3 or 4 in this slot, and so forth deductively.

_________________
dd 0x90909090 ; problem solved.


Last edited by daniel.lewis on 23 Apr 2008, 07:49; edited 1 time in total
Post 23 Apr 2008, 07:30
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17477
Location: In your JS exploiting you and your system
revolution
Oh dear, yet another 'security through obscurity' algorithm.

I seriously doubt that any military encryption of today uses "Beale Ciphers or Vernam Ciphers" for anything other than teaching about insecure algorithms.
Post 23 Apr 2008, 07:49
View user's profile Send private message Visit poster's website Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis
rev, security is inherently through obscurity. You obscure a 128 bit number. I obscure:

1) the choice of one or more that's the length of the entire text
2) swapping algorithms
3) transformation algorithms
Post 23 Apr 2008, 07:52
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17477
Location: In your JS exploiting you and your system
revolution
The more secrets you have and the larger those secrets are then the harder it is to secure. A single 128 bit number is a lot easier to protect than an entire algorithm and large texts.

If I get hold of your source code does that weaken your cipher? If the answer is yes then your cipher is not good. If I get hold of, or guess, which book you are using does that weaken your cipher? If the answer is yes then your cipher is not good. Too many secrets.

What is wrong with the expert assessed and approved algos like Serpent or Rijndeal? Why risk your data to unproven methods? It just doesn't seem to be a good security pay off to me.
Post 23 Apr 2008, 08:01
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.