Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys) isn't known?

views:

222

answers:

+2 Q:

Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys) isn't known?

I have an idea for encryption that I could program fairly easily to encrypt some local text file.

Given that my approach is novel, and does not use any of the industry standard encryption techniques, would I be able to test the strength of my encryption using 'cracker' apps or suchlike?

Or do all those tools rely on advanced knowledge of the encryption process (or intercepted 'keys'), meaning I'd have to build my own cracker for testing?

+12 A:

If you've written your own "novel" encryption, without any "industry standard encryption techniques", and you don't know how to test it (ie: you are not an expert cryptographer), then I can already tell you the result.

Your scheme is hopelessly flawed, and can be broken by even undergraduate level cryptographers. Not that your scheme will ever encrypt anything so valuable as to be worth the time to crack.

Cryptography is NOT for the inexperienced. More than any other discipline, it constantly builds on previous knowledge. There are no "revolutions" in crypto, and a new-and-novel-scheme is NEVER recommended.

abelenky 2010-05-24 16:12:53

Nice answer abelenky.

Ankit Rathod 2010-05-24 16:18:32

Hmmm OK I suspected of course that I'd get an answer like this, but I'd still like to try for myself, if for nothing else but to learn how things work along the way. And who knows where a little lateral thinking can sometimes lead...Say you were running a class competition for the students to write their own ciphers - is there a program you could use to test them and adjudicate the winner?

Andrew 2010-05-24 16:45:00

No, of course not. If you're running a cryptography competition, you'd have judges with the necessary experience to mathematically analyze the algorithms.If you *really* don't want to believe the advice posted here, write your encryption program, encrypt a plain-text file, and offer a cash prize to anyone that can decrypt the file.

Wade Williams 2010-05-24 16:52:30

So, Wade, you are saying 'No, there are no such programs' ? Also, offering a cash prize to decrypt a single text file - isn't that a bit unlikely, wouldn't they need more to go on? - for all they know it could be a one-time pad.

Andrew 2010-05-24 16:59:07

I would say that there are no such programs. In fact, I would go so far as to say that deciding whether an algorithm can be reversed is equivalent to the Halting Problem. Even an half baked implementation of such a program might run for years without determining anything useful about the strength of a cipher.

Allen 2010-05-24 19:10:23

@Andrew: If I were an expert cryptographer (which I'm not), I'd try the most common "standard techniques" that most people seem to re-invent (been there, done that, got cautioned by a mentor that I've reinvented a cute variation on a standard cipher which has been completely broken for decades), and the 80/20 rule would work very nicely for me there.

Piskvor 2010-06-14 13:51:43

+2 A:

If you are writing a program for fun or to learn about encryption, great, explore and learn. If you are using a major language there are lots of available libraries free to use that will do encryption properly for you. I'd highly recommend leveraging one of these libraries if you are doing this as a professional endeavor.

If you are looking to learn more about encryption start with the book Applied Cryptography from Bruce Schneier its old but will give you a good base understanding and you can find newer texts from him or other reputable authors to build upon that knowledge. He has a site at http://www.schneier.com/

MegaCraig 2010-05-24 16:23:32

Thanks for the book recommendation.

Andrew 2010-05-24 17:01:18

+1 A:

I can't agree enough with @abelenky and @MegaCraig: if you actually care about securing data, creating your own encryption scheme is a horrible idea.

If you want to learn, you may want to start with the Wikipedia article on cryptanalysis.

If you follow up with the articles on various types of cryptanalysis, you can often find links to tools that will perform that specific type of cryptanalysis, e.g., this tool for doing frequency analysis.

Hank Gay 2010-05-24 16:29:30

Thanks, Hank. I am not doing this to secure my own or anyone else's important data. I've already been reading through all the wikipedia articles. The type of tool you linked to is what I was looking for, although I would be interested in any more sophisticated ones because I don't think frequency analysis would work whatsoever. Hopefully I'll find some.

Andrew 2010-05-24 16:52:43

+6 A:

Bruce Schneier has written well on this very subject. Please read Memo to the Amateur Cipher Designer.

You would do well to get his book Applied Cryptography, read his blog where he occasionally points out flawed schemes, read cryptanalysis papers to see what an a real attack looks like. Attacks usually rely on mathematical properties of the algorithm.

And that is just Schneier. There are many other cryptologists you could learn from. Read the bibliography of Schneier's book for links.

Allen 2010-05-24 16:55:25

Thanks for the pointers

Andrew 2010-05-24 17:02:43

+2 A:

Crypto cracking tools are invariably algorithm-specific.

crazyscot 2010-05-24 17:05:45

Oh really? Thanks. Kind of thought that would be the first answer posted (if it's true).

Andrew 2010-05-24 17:21:00

ansaurus

tags:

views:

answers:

Software tools to automatically decrypt a file, whose encryption algorithm (and/or encryption keys) isn't known?

related questions