Operator Protocols for using a PRF
in [Cryptography]
|
From: WTShaw on 2 Apr 2010 02:50 For my applications with my honed GUI: Either when opening the HTML page containing the JavaScript or Selecting "Keys: Start-Reset" the native permutation(s) should appear in the top field, default words that might be used in scrambling should appear in a special field, a default number, usually "3" will appear in another special field. The default words and default number may be changed at any time to cause the scrambling routine to work specially dependent on their values. Operating the PXF must be done exactly the same way each setup to yield the same deranged character set(s), a rare permutation. Usually the scramble button is named with the size of the set appearing like Scramble 97 except where there are two sets that may be handled at the same time with "Scramble Both." For the scrambling to be done again, the button "S Again OK" must be selected between each scrambling action which effectively deglitches the process. In something other than digit(s) is entered into the special number field, "NaN" should appear upon attempted scrambling and the page may need to be reloaded to clear the error. There are really too many setup protocols to suggest. Your custom sequence is up to you. Experiment and enjoy. Note some specific pattern or word(s) within the scrambled results to help you confirm you have followed your protocol correctly.
From: bmearns on 6 Apr 2010 09:21 On Apr 2, 2:50 am, WTShaw <lure...(a)gmail.com> wrote: > For my applications with my honed GUI: > > Either when opening the HTML page containing the JavaScript or > Selecting "Keys: Start-Reset" the native permutation(s) should appear > in the top field, default words that might be used in scrambling > should appear in a special field, a default number, usually "3" will > appear in another special field. The default words and default number > may be changed at any time to cause the scrambling routine to work > specially dependent on their values. > > Operating the PXF must be done exactly the same way each setup to > yield the same deranged character set(s), a rare permutation. > > Usually the scramble button is named with the size of the set > appearing like Scramble 97 except where there are two sets that may be > handled at the same time with "Scramble Both." For the scrambling to > be done again, the button "S Again OK" must be selected between each > scrambling action which effectively deglitches the process. > > In something other than digit(s) is entered into the special number > field, "NaN" should appear upon attempted scrambling and the page may > need to be reloaded to clear the error. > > There are really too many setup protocols to suggest. Your custom > sequence is up to you. Experiment and enjoy. Note some specific > pattern or word(s) within the scrambled results to help you confirm > you have followed your protocol correctly. Are you just using this group to make notes to yourself now? No one (ever) knows what you're talking about. How about a link? Do we get to see this in some kind of appropriate context, or are you just wasting our time as usual? -Brian
From: Noob on 6 Apr 2010 10:33 bmearns wrote: > Are you just using this group to make notes to yourself now? No one > (ever) knows what you're talking about. How about a link? Do we get to > see this in some kind of appropriate context, or are you just wasting > our time as usual? May I suggest http://en.wikipedia.org/wiki/Kill_file
From: WTShaw on 8 Apr 2010 07:44 On Apr 7, 1:02 pm, bmearns <mearn...(a)gmail.com> wrote: > On Apr 7, 4:39 am, WTShaw <lure...(a)gmail.com> wrote: > > >http://groups.google.com/group/cryptojavascript/web/base64-65-convert... > > Seriously? You expect anyone to convert this out of hex just so we can > participate in your idiotic conversation with yourself? > > -Brian Now you prove yourself not only lazy but dishonest. You ask for information, it's there. Perhaps you make my point, that good utilities are rare. However, hex is in many places...or do you lack even that expertise? So we have it, just stagemanship and window dressing from you. Meanwhile, you might learn something, but that would betray your handlers.
From: bmearns on 8 Apr 2010 12:05 On Apr 8, 7:44 am, WTShaw <lure...(a)gmail.com> wrote: > On Apr 7, 1:02 pm, bmearns <mearn...(a)gmail.com> wrote: [snip] > > Seriously? You expect anyone to convert this out of hex just so we can > > participate in your idiotic conversation with yourself? > > > -Brian > > Now you prove yourself not only lazy but dishonest. You ask for > information, it's there. > > Perhaps you make my point, that good utilities are rare. However, hex > is in many places...or do you lack even that expertise? > > So we have it, just stagemanship and window dressing from you. > Meanwhile, you might learn something, but that would betray your > handlers. You have a small point, but here's a counter-point: if you're being so open, why do you insist on making it unnecessarily difficult to view your work? Especially considering you didn't post it in any standard hex format, like something xxd can undo. Besides, it's less of my laziness and more of your previous history of having worthless and silly ideas that deters me from putting in the necessary effort. But I don't want to let you off too easy, so I spent a few minutes to convert it from hex to binary, and then went ahead and undid all your ghastly and inconsistent formatting (if that's your idea of "Bringing everything up to my standards", I'd hate to see what you started with). You know, I thought that perhaps this might be vaguely interesting, what with you always ranting about the glories of non-binary bases. I thought you had actually done something in a non-binary base and was somewhat intrigued to see it. But you're "base-65" nonsense is just an /incorrect/ implementation of base-64. You screwed up with the padding by using indices of 65 instead of 64, so for instance "foob" encodes to "Zm9vYg" instead of "Zm9vYg==", and then decodes incorrectly to "foob\0\0" with a pair of trailing null-characters. But I suppose the real meat of this was meant to be your little scramble algorithm. For those who are interested, the purpose of this algorithm is to scramble up the alphabet, thus turning the "base-65" conversion into a simple substitution cipher where the scrambled alphabet is the key. This key is a decent size; it's a permutation of 65 chars, so there are 65! different values, which works out to just under 303 bits. That's assuming it uses a fixed alphabet. Obviously if the alphabet is variable, it's much more secure, but if that's the case, the code he wrote breaks because he only checks the seed against a fixed alphabet, instead of the actual alphabet used. The scramble is based on a "seed" string and an "adder" integer. So if you know these values, you can perform the scramble yourself. Therefore the /maximum/ key strength is the 303 bits described above, but if the seed and adder constitute a smaller secret, than the security is weakened accordingly. The seed is required to consist entirely of characters from a 26-element alphabet (for unknown reasons, it would be much stronger if it could be any character in the 65-element alphabet), so each character in the seed is 4.7 bits. In the worst case, with the adder being known, this would require a seed of 64 characters to reach the maximum 303 bits. If the adder is assumed to be a 32-bit value, than you need a 58 character seed to make up the extra 271 bits and get to the maximum 303 bits. Of course, this is JavaScript so we can probably say the adder is 16-bit value, requiring a 61 character seed. There are two "default" seed values given in the code, one is "Seed Words used in Scrambling the Character Set", but when condensed to the required alphabet (as is done automatically by the code), it becomes "seedwordsusedinscramblingthecharacterset" which only has 40 characters, constituting only 188 bits. Being generous and adding another 32 bits for the adder only brings the security to 220, significantly short of the maximum. The other default value is used if you provide a seed that is too short, and is "theseedneedstobeatleastthreecharacterslong". This has 42 chars, bumping the security to 229.4 bits with a 32-bit "adder". Interestingly, the message in this seed, and the conditions for its use, indicate that the seed has to be at least 3 characters long. Even with a 32-bit "adder", this only gives 46.1 bits of security, which is sad indeed. Based on some very rough python code, I'm currently brute- forcing all possible values of a 16-bit adder in about 45 seconds per seed. The estimated total time is less than 9.2 days (and of course the /expected/ time is only about 4.6 days). Now obviously this is a very small seed, but it's interesting that this is the recommended minimum, and obviously a more powerful and dedicated machine with optimized code would speed things up considerably. But of course, this is for brute force attacks. Since this is ultimately just a substitution cipher, it's probably significantly easier to break that that. I've included the formatted and edited code at the end of this post because I can't bear the idea that the Universe's relentless march towards heat death might be quickened by anyone else having to go through the modest effort of decoding and reformatting this code. The code includes a few comments I added, all prefixed with "Bmearns:" (which probably wasn't necessary, given the lack of comments in his "up to my standards" code), some explaining a few odd things and some pointing out code that isn't needed. I also corrected his bug in implementing the padding so that it now correctly does base-64 encoding. The scramble algorithm itself boils down to: - Initialize the output alphabet to an empty set. - For 251 iterations: - find the indices into the original alphabet of the first two seed characters, add them together, and add the "adder" value. - Take this value modulo the length of the original alphabet, and use the resulting index to select a char from the original alphabet. - If the selected char is not already in the output alphabet, add it to the end. - Remove the first char from the seed, and add the selected char to the end of the seed. - (end loop) - Step through the rest of the original alphabet: any characters that have not yet been added to the output alphabet are appended to the end. Finally, and not for anything, your HTML sucks. I especially like how you open the body with upper case ("<BODY ...") and close it with lower case ("</body>") which is not technically wrong for plain HTML, but it's definitely ridiculous. You also failed to terminate every single one of your input and br elements, inconsistently used upper and lower case names for textarea and input elements, have illegal unescaped reserved characters ('<' and '>') in an attribute value, and failed to quote a few attributes, including one which contains the '$' character, which is a violation of every HTML standard. Also, your choice of CSS styling is hideous and absurd: this is a web page, not an Easter egg. -Brian =======WTShaw's HTML/JavaScript, edited by Bmearns============= <html> <head> <title>Base64-65 Converter-Cipher</title> <script type="text/javascript"> <!-- function getset(form){ var aset$=""; var bset$=""; var report$ = ""; var x = 0; var newline = String.fromCharCode(13); var sizeset = 0; var adder = 0; var newseed$=""; var my$ = ""; var testamt= 0; var y =0; add$ = ""; form.seed$.value = "BASE SIXTY FIVE CIPHER"; form.plus.value = 3; aset$ = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; form.scrambleagain.value = "yes"; form.sets.value = "<<65>> " + aset$ + " <<65>>"; form.set65$.value = aset$; } //scramble function for sets on series via seed$, size is 65 function scramble(form, size) { var Hset$ = form.set65$.value; var Lset$ = "abcdefghijklmnopqrstuvwxyz"; var newindex = 0; var ok = 0; ok = Hset$.length; var again$ = ""; again$ = form.scrambleagain.value; if((ok>0) && (again$ == "yes")) { var my$ = ""; var x = 0; var y = 0; var z = 0; var newseed$ = ""; var plus$ = ""; var seed$ = form.seed$.value; seed$ = seed$.toLowerCase(); var add$ = ""; plus$ = form.plus.value; plus$ = plus$.replace(/[^0-9]/g, ""); if(plus$=="") { plus$ = "0"; } //Bmearns: This strips out all chars from seed that aren't in Lset. for (x = 0; x <= seed$.length; x++) { my$ = seed$.substring(x, x+1); y = Lset$.indexOf(my$); if (y > -1) { newseed$ = newseed$ + my$; } } seed$ = newseed$; if (seed$.length <3) { seed$ = "the seed needs to be at least three characters long"; } var root$ = seed$ //Bmearns: not used. var oldseed$ = seed$; //Bmearns: not used. form.seed$.value = seed$; if(size == 65) { var setsize = Hset$.length; var a$ = ""; //Bmearns:strip non-digit chars from plus, put rest into add. for (x = 0; x <= plus$.length-1; x++) { my$ = plus$.substring(x,x+1); if (my$ >= "0" && my$ <= "9") { add$ = add$ + my$; } } adder = parseInt(add$); adder = adder % setsize; plus$ = adder; var adder = parseInt(plus$); //Bmearns: bonus code? You already did this. var plus$ = adder; var seedlen = seed$.length; var serie$ = "x"; //Bmearns: not used. grow$ = ""; for (x =0; x<=250; x++) { //Bmearns: how do you know it's in there? You only checked against Lset, not Hset. // Are you ok with these indices being -1? Or perhaps you meant Lset here? // Or you're counting on the fact that Lset is a subset of Hset, but since you've got Hset // in the form, that makes it seem like Hset is open to modification. // Also, are you using adder or plus? Both are the same at this point, why do you have both? newindex = Hset$.indexOf(seed$.charAt(0)) + Hset $.indexOf(seed$.charAt(1)) + adder; newindex = newindex % setsize; my$ = Hset$.charAt(newindex); //Bmearns: Strip off the first seed char, append with the newly selected char. newseed$ = seed$.substring(1, seedlen ) + my$; //Bmearns: append selected char to serie serie$ = serie$ + my$; seed$ = newseed$; //Bmearns: Not needed, unless you expect Hset to contain duplicate chars. Otherwise, // you already have this vlue in newindex. y = Hset$.indexOf(my$); //Bmearns: Not really a necessary, you picked this char from Hset, so you know it's there. // But that's ok, better safe than sorry. if (y > -1) { z = grow$.indexOf(my$); if (z == -1) { //Bmearns: So grow keeps a unique list of the selected letters. grow$ = grow$ + my$; } } } //Bmearns: Go through the rest of Hset, any chars we didn't pick yet, add to the end of // grow. for (x =0; x<=setsize - 1; x++) { a$ = Hset$.charAt(x); y = grow$.indexOf(a$); if (y == -1) { grow$ = grow$ + a$; } } Hset$ = grow$; } form.set65$.value = Hset$; form.scrambleagain.value = "no"; form.plus.value = plus$; form.sets.value = "<<65>> " + Hset$ + " <<65>>"; } } function encode65(form, N) { var keyStr = form.set65$.value; var input = form.raw.value; var output = ""; var chr1, chr2, chr3; var enc1, enc2, enc3, enc4; var i = 0; do { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 65; //Bmearns: corrected this, it was 65, needed to be 64. } else if (isNaN(chr3)) { enc4 = 65; //Bmearns: corrected this, it was 65, needed to be 64. } output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4); if(N==4) { output = output + " "; } } while(i < input.length); form.result.value = output; } function decode65(form) { var keyStr = form.set65$.value; var input = form.raw.value; var output = ""; var chr1, chr2, chr3; var enc1, enc2, enc3, enc4; var i = 0; // remove all characters that are not A-Z, a-z, 0-9, +, /, or = input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ""); do { enc1 = keyStr.indexOf(input.charAt(i++)); enc2 = keyStr.indexOf(input.charAt(i++)); enc3 = keyStr.indexOf(input.charAt(i++)); enc4 = keyStr.indexOf(input.charAt(i++)); chr1 = (enc1 << 2) | (enc2 >> 4); chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); chr3 = ((enc3 & 3) << 6) | enc4; output = output + String.fromCharCode(chr1); if (enc3 != 65) //Bmearns: corrected this, it was 65, needed to be 64. { output = output + String.fromCharCode(chr2); } if (enc4 != 65) //Bmearns: corrected this, it was 65, needed to be 64. { output = output + String.fromCharCode(chr3); } }while (i < input.length); form.result.value = output; } //FUNCTION INSTRUCTIONS displays information about this converter function about(mycrypto) { a$ = "1) With apologies to Tyler Akins who produced a Java Script page for Base64 Encoding, I have used several lines of his source code and modified the concise movings parts therein for inclusion here; 2) His page was at rumkin.com; 3) As produced, this current page includes all the features I prefer, beyond the bare-bones feel of his process; 4) Since his decoding process purged spaces and other undesired characters, I have simply added an option to produce groups of four characters; 5) Having Clear and Select features facilitate use of the clipboard I/O; 6) The Optional Cipher Key allows the use of encryption to help mask real data; 7) Care should be used in using the Cipher Function with programs as incompatible results might be produced with a wrong key;"; alert(a$); } function clean(mycrypto){mycrypto.raw.value = "";} function resulttotop(mycrypto){mycrypto.raw.value = mycrypto.result.value;} function againOK(form){form.scrambleagain.value = "yes";} //--></script> </head> <BODY bgcolor="#ddaa55"> <form name="mycrypto"> <center> <INPUT onclick="about(mycrypto)" value="About: ASCII <-> Base64-65 Converter-Cipher by Lurens, April 2, 2010" type="button"><br> <INPUT type = "hidden" name = set65$ value = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="> <INPUT type = "hidden" name = scrambleagain value = "no"> <INPUT onclick="getset(mycrypto)" value="Start/Reset Cipher Key" type="button"> <INPUT onclick="scramble(mycrypto, 65)" value="Scramble 65" type="button"> <INPUT onclick="againOK(mycrypto)" value="S Again OK" type="button"><br> <TEXTAREA style="background-color: yellow; font-family: monospace; text-align:center;" name="sets" cols="65" rows="3">Select START/RESET to activate an optional Base65 Cipher Key. (This program will encode ASCII Text to Base65 and decode Base65 to ASCII Text even WITHOUT the creation of a Cipher Key.)</TEXTAREA><br> <TEXTAREA style="background-color: rgb(255, 130, 255);font-family: monospace;" name="seed$" cols="53" rows="1">Seed Words used in Scrambling the Character Set</TEXTAREA> <TEXTAREA style="background-color: rgb(255, 130, 255);font-family: monospace; text-align:center;" name="plus" cols="5" rows="1">adder</ TEXTAREA><br> <textarea rows="8" name="raw" style="background-color: rgb(200, 255, 200); color: #0000aa;font-family:Cambria ; font-size : 16 pt; width:100%; height:34%;" onfocus="if (this.value==" here.") {this.value=""}">(This Top Field is for Editing and Input)</ textarea> <INPUT onclick= "clean(mycrypto)" value="Clear ABOVE" type="button"> <input onclick = "encode65(mycrypto,0)" value="Text -> Base65" type="button"> <input onclick = "encode65(mycrypto,4)" value="Groups" type="button" name="groups"> <INPUT onclick="resulttotop(mycrypto)" value="^^ MOVE ^^" type="button"> <input onclick = "decode65(mycrypto)" value="Base65 -> Text" type="button" name="decode"> <INPUT onclick="mycrypto.result.focus();mycrypto.result.select();" value="Select BELOW" type="button"> <textarea rows="8" name="result" style="background-color: rgb(215, 230, 100); color: #aa0000;font-family: Cambria ; font-size : 16 pt; width:100%; height:34%;" onfocus="if (this.value==" here.") {this.value=""}">(This Bottom Field is for Output. Edit in the Field ABOVE.)</textarea> </center> </form> </body> </html>
|
Pages: 1 Prev: Decoding string Next: Where are the FIPS 140-1 tests for randomness now? |