Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Poof of concept

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.



Very Hard Software locks for encryption

Uses RSA, Symmetric key cryptography and Compression to create very hard to break software locks
  [vote for,

With the advent of RSA the only thing required to create “unbreakable” files are 1. A huge amount of memory 2. A BIG key and 3. Enough time to spend encrypting/decrypting files.

There are algorithms that use text fields (e.g. Password, Passphrase, and keycodes) , RSA and a few String functions to create massive text files that are very hard to break (longer then the known universe if you use the right one). Tweak it to create a lot of numbers then use those numbers to “Tweak” a 1K+ bit number until it is a suitable prime (use half the numbers one prime, the others on the other.) Repeat. Then use them as your private keys, create a public key.

When starting create an “Archive” symmetric keycode. Which is used to encrypt all the other keys. And is stored in RSA. (this is used to quicken everything up and to ad extra security)

When you need to add a file, you first create a file symmetric key over 1K long, then compress the file as small as it will go (makes it more resistant to breaking) then encrypt the compressed file with the symmetric key. Then encrypt the symmetric key with the public key.

You then store them all on a data file, with all the files multiplexed with the algorithm to figure out how they are multiplexed, encrypted with a strait RSA key (if key is long enough then the symmetric keys and the files are a lot safer). Because the files are spread out seemingly randomly it would be very hard to figure out just where the file is and in order to crack the file you need to know the file. If you keep the text safe, e.g. username, full name, email, access codes not able to be “gotten at” the file could stay safe until they can crack the keys. You would also specify where each file started and ended, in encrypted FAT, which is spread by an encrypted algorithm. (Just to make it faster and more usable)

To get at the files first locate, decrypt, decompress and execute the main program, with all the file locations handled by the exe or it would load up a menu of all available data. E.g. it could be like (in vb6) Open App.path & “\Secure.exe#Securedfile1.txt” for input as #1 Where they would be subsequently found (by onboard FAT) then decrypted, decompressed and delivered just like it was a file, thus making it a lot easier to store secured data.

Usually these would be premade with the exe, and data file recorded on a CD-R with an Autorun forcing it to require User data, and if something happens i.e. incorrect data, put itself on a loop which gradually freezes the computer! By checking for any compatible data then widening the search forever! (To stop cracking it would also add a variable delay to stop people from adding a timeout to increase to speed of eventual cracking. It would also have part of the decompression script and also some other scripts encrypted (*) on the data file (*) just imagine trying to hex a program, in which half of it is encrypted into the disk witch requires the correct key just to get the data. Which you need to get at in order to crack the file!

All files also contain an encrypted md5 hash of all encrypted files all put on a different but also encrypted formula.

Biggest weakness: Requires RSA Biggest strength: Very hard to crack, in exe and Data file (exe hardcoded to create “Unique codes” into the actually encrypted data file (made from the serial number on CD or Hard disk. Also incopiable! - In order to decrepit it, it needs the Exact same serial number which needs to be faked!)

Just imagine how long a 1.5GB Key would last! If you see anything wrong/misjudged/just got wrong. Please tell me rather then just fishboning me! All formulas would be heavily randomized to prevent security breaches through that route. Also stores sizes of actual file and creates a file in increments. E.g. on a CD it would create a 650mb Data file, a 48MB EXE, an Autorun file. (some of the Exe is on the Data file)

Additions: 1. The data file is instead moved into the exe 2. the actual encryption program is encrypted on to the data section of the exe, so you have to have the correct Passcode to decrypt the program to decrypt part of the data section of the exe 3. Serial number is used in the encryption/decryption algorithm

angry_scientist, Dec 15 2003


       //If you see anything wrong//
Title is slightly misspelled.
I gather this isn't a tinypass, as in tinyurl? It appears everything is done in triplicate, even exponentionally. I note a couple of things offhand - "gradually freezes computer" & "uncopiable" needing to match "serial number" - now, what if the whole kit and kaboodle crashes, and data recovery requires logon with an administrator's password, etc.?
thumbwax, Dec 15 2003

       When I taught, I used to tell my students that there was no such thing as an unbreakable encryption. The best you can hope for is to make it so difficult or so time consuming that it becomes unworth the cracker's time. I think this goes overboard.
phoenix, Dec 15 2003

       Other than using an extremely large RSA key to encrypt the symmetric keys, I'm not sure what is different here from what existing crypto programs like PGP do. When it was being sold commercially by Network Associates, PGP even had a file system driver for Windows so you could get the transparent encryption you describe. Maybe I'm just being thick.   

       Perhaps if you summarized what is different here from existing schemes?
krelnik, Dec 15 2003

       {krelnik} What makes this idea different is that 1. It multiplexes data using an encrypted algorithm, thus making it VERY hard to attack, (because you cannot find where the actual cyphertexts are without breaking a few encryption schemes!).   

       It also is a different type of encryption program to PGP, i.e. Instead of being used on a computer and sharing the data file, each file is embedded in the exe, with part of the exe Encrypted in the datafile-section   

       {thumwax} This was meant to be “Very hard”, with multiple redundant and mostly Encrypted components it is “Very hard” to even figure out where anything *is* let alone trying to crack it! (It is meant to be “very hard” as in it a lot longer then the Predicted Lifespan of the universe!)   

       It would require passcodes, passwords, usernames and access codes and a few extra things, and it would require them weather or not the computer crashed, as long as the data isn’t corrupted it is usable ie use jewel cases and keep in concrete underground, 10m thick safe?   

       {phoenix} I do not know about unbreakable, where did I give the impression that it is unbreakable? Some things could be unbreakable if it took longer then the length of time in the age of the universe, using every method ever to be known, to decrypt. (There would be no time to decrypt it). I'm not saying this is that good!
angry_scientist, Dec 16 2003

       Incidentally, there are practical limits to the sizes of RSA keys. If I remember correctly, generation of key requires time proportional to keylength^4, one side of the encryption/decryption requires time keylength^2, and the other side requires keylength^3. Thus, doubling the key length increases the time required to produce a valid key sixteenfold, increases the time required for the "private" operation eightfold, and increases the time required for the "public" operation fourfold. Likewise, increasing the key length tenfold will increase the generation time 10,000-fold, the public operation time 100-fold, and the private operation 1,000 fold. A machine which required 1 second to perform the private operation on a 1kbit key would require over a minute and a half on a 10kbit key and over 2.7 hours on a 100kbit key.
supercat, Dec 16 2003

       Yes, that's precisely why programs like PGP only use RSA or other public key algorithms to encrypt a session key. The session key uses a much faster symmetric algorithm to actually encrypt the data.
krelnik, Dec 16 2003

       {supercat} This was meant to be used only for super secure material (CIA data,Anything that could incriminate Microsoft) , so the time required is unfortunate, but necessary to keep it more secure.   

       {jutta} I was under the impression that CD’s contain serial numbers embedded in them. If they do then the data would be encrypted on to the data file, if the serial numbers were unique, and very hard to duplicate e.g. all the random bits on the end of the CD, (not containing data) that are not copied? Would it not be incopiable? If it proven that that is not possible, I’ll eat my word(s)   

       Why only fishbones? :-(
angry_scientist, Dec 16 2003

       Did someone say fishbones? There you go.
lubbit, Dec 16 2003

       whoever has fishboned my idea, kindly tell me what is bad about this idea(100 pages or less)
angry_scientist, Dec 17 2003

       I didn't bone this, *but*

The ability to simplify means to eliminate the unnecessary so that the necessary may speak.
- Hans Hofmann

Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction.
E. F. Schumacker

Everything should be made as simple as possible, but not simpler.
Albert Einstein

Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that's creativity.
Charles Mingus

Keep It Simple Stupid.
An Anonymous Alcoholic
thumbwax, Dec 17 2003

       lubbit: Assume you have a machine that can process a million 1024-bit private-key operations per second. That would be really incredibly fast by today's standards.   

       Such a machine would only be able to process one 100Kbit key per second, and would take 16.6 minutes to process a 1mbit key. A 10mbit key would take 11.5 days, and a 100mbit key would take 31 years. And you're thinking of using a 1.5gb key!?   

       Please note that I'm not talking about the time to 'break' an unknown key. I'm merely talking about the time required to decrypt a message whose key is known.
supercat, Dec 17 2003

       //When I taught, I used to tell my students that there was no such thing as an unbreakable encryption//

Encryption using one-time pads is unbreakable, surely?
silverstormer, Dec 17 2003

       if this is such a good idea how come some major computer company with oodles of dollars to spend hasnt released it?
Space-Pope, Dec 17 2003

       silverstormer: One-time pad is unbreakable using cryptoanalytical techniques. It can, however, be succeptible to rubber-hose cryptography and various other methods. Further, it is necessary that people using one-time-pad have a means of ensuring that no part of the key is used more than once, and that the key itself was generated by a truly random process. Generating millions of truly random bits isn't impossible, but it's not trivial either.
supercat, Dec 17 2003

       {thumwax} If it were easy to encrypt/decrypt then it would be easy to crack, but if it were obscenely difficult to use/program then it would be very hard to even think of cracking. With all the complexity this involves, any cracker would go insane (as in the bale ciphers) well before they managed to decrypt anything- which is good, right?   

       {supercat} if you read the text, you would know that it was only meant to use a 1K per prime private key, (sorry, if you had come before I edited it, it would be a lot clearer), the 1.5GB key was meant to be an exaggeration (unless the NSA comes up with a very powerful computer and needs to keep something secret) it would be about 6 minutes on the computer you mentioned, (Approximation, My calculation may not be correct)
angry_scientist, Dec 18 2003

       *writes software, encrypts all his stuff, securely deletes the originals, forgets password*
galukalock, Dec 18 2003

       //(unless the NSA comes up with a very powerful computer and needs to keep something secret) it would be about 6 minutes on the computer you mentioned, (Approximation, My calculation may not be correct)//
:\ How long before the missiles hit?
:| Five and half minutes, Sir.
:0 Oh, Shit!
thumbwax, Dec 18 2003

       if man can make it, man can break it. if computers can read it, that data can easily be extracted to rebuild binaries without the overhead.
manders, Dec 18 2003

       Wow. I had no idea there were that many alpha waves considering this life-threatening phenomena.
hillbilly, Dec 18 2003

       {manders} Please note these are “Very hard”, and part of the exe is put * somewhere into * the data section, furthermore the data can only be extracted with the proper text to decrypt the RSA encryption, and to then use the encrypted algorithm to then decrypt the data (using the stored exe in the data file).   

       Not sure if it helps but I do think, “data can easily be extracted to rebuild binaries without the overhead” is very hard to do, because in order to get * at * the binaries you need to have the decryption codes, (this perhaps could work if someone cracks RSA- they would not have the codes needed to generate the keys needed to crack and disassemble the exe to get at the data)   

       To say again (to stop any confusion) you need the Passphrase, passwords and access codes in order to generate the primary code, to then decrypt the other part of the exe. Which then uses the key to decrepit the algorithm to find out where the files are. They then decrypt the needed files, using the symmetric key (used only for that file, and are encrypted with the primary symmetric key which was encrypted by the RSA key)   

       It would take a very long time to try and crack this code in theory (I have tried and tried, then added countermeasures) thus living up to its name * Very Hard Software locks for encryption *   

       {hillbilly} “Life threatening phenomena” what is life threatening about this form of encryption?
angry_scientist, Dec 18 2003

       Sorry, angry scientist. I apologise. I must have misread the text, drawn an illogical conclusion, and thought that there was an extreme need to do something fast before the world succumbed to "something bad". I don't know what that is. Maybe I have been watching too much CNN.
hillbilly, Dec 19 2003


back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle