Crypto Encryption Plug-in

**Lorne** · 01-30-2004, 08:56 AM

Don't use rot13 for anything that needs to be secure. It's just a simple Ceasar cypher, e.g. abcd becomes nopq, nopq becomes abcd.

Instead, you'll want to use blowfish encryption or use a bunch of pre-set serial numbers hidden in your application using MD5.

Do a bit of research on google about how to use blowfish encryption or MD5 hashes to secure an application.

**Corey** · 01-31-2004, 01:30 AM

Interesting, I didn't know that. here's what I found:

Rot13
/rot ther'teen/ [Usenet: from "rotate alphabet 13 places"], v. The simple Caesar-cypher encryption that replaces each English letter with the one 13 places forward or back along the alphabet, so that "The butler did it!" becomes "Gur ohgyre qvq vg!" Most Usenet news reading and posting programs include a rot13 feature. It is used to enclose the text in a sealed wrapper that the reader must choose to open - e.g. for posting things that might offend some readers, or spoilers. A major advantage of rot13 over rot(N) for other N is that it is self-inverse, so the same code can be used for encoding and decoding.

MD5
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.

BASE64
<file format, algorithm> A file format using 64 ASCII characters to encode the six bit binary data values 0-63.

To convert data to base 64, the first byte is placed in the most significant eight bits of a 24-bit buffer, the next in the middle eight, and the third in the least significant eight bits. If there a fewer than three bytes to encode, the corresponding buffer bits will be zero. The buffer is then used, six bits at a time, most significant first, as indices into the string "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvw xyz0123456789+/" and the indicated character output. If there were only one or two input bytes, the output is padded with two or one "=" characters respectively. This prevents extra bits being added to the reconstructed data. The process then repeats on the remaining input data. Base 64 is used when transmitting binary data through text-only media such as electronic mail, though uuencode is more common.

Blowfish
Blowfish is a symmetric block cipher that can be used as a drop-in replacement for DES or IDEA. It takes a variable-length key, from 32 bits to 448 bits, making it ideal for both domestic and exportable use. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is unpatented and license-free, and is available free for all uses.

Blowfish Sushi

Squarespace - Website Expired

http://www.blowfishsushi.com/

Yum.

Corey

Corey Milner
Creative Director, Indigo Rose Software

**TJ_Tigger** · 01-31-2004, 08:50 AM

You could do rot13 with built in actions of AMS5. All you need to do is get the ascii number of the character and increase it or decrease it by 13 to get the new character. www.geocaching.com uses rot13 to encrypt hints for finding the location of a cache.

String.Asc

and

String.Char

**Corey** · 01-31-2004, 02:57 PM

Exactly Lorne's point I think.

Sounds like a good basis for an Encyclopedia Brown book.

Corey Milner
Creative Director, Indigo Rose Software

**rhosk** · 01-31-2004, 03:22 PM

Originally posted by TJ_Tigger
You could do rot13 with built in actions of AMS5. All you need to do is get the ascii number of the character and increase it or decrease it by 13 to get the new character. www.geocaching.com uses rot13 to encrypt hints for finding the location of a cache.

Yeah, this would be good, but what I'm going to do is get the "user name" off of the individual computer (or something exclusive to the specific user computer) and establish the code that way.

Tigg, do you have a sample code that would work? I can picture it, but I'm not good enuf to derive it.

**Lorne** · 02-02-2004, 09:12 AM

Actually, rot13 doesn't go "back" through the alphabet at all...it just wraps the alphabet around at the end.

It's actually short for "rotate by 13 letters." In programming terms, "rotating" is shifting something over by a given amount and going back to the start when you go past the end.

Of course, since there are 26 letters in the alphabet, it ends up doing the same thing.

Can anyone guess why it's rot13 and not, say, rot12 or rot14?

You can actually fit a complete rot13 program in one line of C code:

Code:

main(c){while((c=getchar())+1)putchar(isalpha(c)?tolower(c)<'n'?c+13:c-13:c);}

**Lorne** · 02-02-2004, 09:15 AM

rhosk, to be perfectly clear: DO NOT USE ROT13 FOR ANYTHING THAT NEEDS TO BE SECURE. That's not what it's built for; it's just for temporarily hiding stuff that you don't want someone to be able to read at a glance.

What you want to accomplish is fairly advanced and you're going to need to do some research to get it done.

**rhosk** · 02-02-2004, 09:23 AM

Originally posted by Lorne
You can actually fit a complete rot13 program in one line of C code:

Code:

main(c){while((c=getchar())+1)putchar(isalpha(c)?tolower(c)<'n'?c+13:c-13:c);}

Can this be translated into AMS5 actions?

No, I'm doing anything top secret or real secure. My thought is - get some unique string on the users computer. I set this in a variable to email it back to me (maybe the subject line - in rot13 of course), then give them a rot13 code based on the unique string to unlock the app. This will partially prevent a user from passing my app around. Or is there a better way to do it?

**TJ_Tigger** · 02-02-2004, 12:53 PM

When I get a moment this afternoon I will see about putting out a function that will take care of this. I may have something from AMS4 where we did something very similar. It was envolving a garbled version of test results to be submitted via e-mail.

I will post something by tonight.

Tigg

Here is the code I used from AMS4. I had to use a default string %ABC% to be able to encrypt the letters. This was before the String.Asc and String.Char were available. I will convert to AMS5 tonight. As Lorne points out this is not secure, but is a good way to prevent people from accidently reading spoilers.

Code:

// Get the text from the edit field object, if it is blank give an error and then exit the script.
%ObjectText% = EditFieldObject[EditField1].GetText
IF (%ObjectText% = "")
%Result% = Dialog.MessageBox ("Error", "You have not entered any text!", Ok, Question)
RETURN
END IF

// Setting variables to be used for the while loop.  There is a counter variable and 
// a length variable for the string captured above, a blank Translated variable which will be used
// to store the translated information in the while loop and lastly the string that is used for
// encryption.  The ABC string will be used to locate a character and to find a replacement character.
%Ctr% = Evaluate (0)
%Length% = String.GetLength ("%ObjectText%")
%Translated% = ""
%ABC% = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ`1234567890-=[]\;',./~!@#$%^&*()_+{}|:"<>?"

// Now that we have the variables set, it is time to put them to use in the while loop.
WHILE (%Ctr% < %Length%)
// The %Ctr% variable is used as a counter and to identify each character in the string that needs 
// to be translated.  Once the character is found we will then find the position of the character.
%SubString% = String.Mid ("%ObjectText%", %Ctr%, 1)
%FoundPos% = String.Find ("%ABC%", "%SubString%", 0)
// If the found position is not in the ABC variable jump to the end.  This is used 
// to maintain spaces and other characters that can not be encrypted by the ABC variable.
IF (%FoundPos% = "-1")
%TextLine% = "%SubString%"
GOTO ("notfound")
END IF
// The next three IF/ENDIF statements use the position of the character in the string
// to determine how to encrypt it.  Either move the position ahead or back "X" number of characters
// Those are the first two then numbers and punctuation are the last group.
// The ABC variable is segmented into three areas.  lower and uppercase abcs (ABCs)

// Lower and upper case alphabetic add 13 positions
IF (((%FoundPos% >= 0) AND (%FoundPos% <=12)) OR ((%FoundPos% >= 26) AND (%FoundPos% <=38)))
%FoundPos% = Evaluate (%FoundPos% + 13)
GOTO ("replace")
END IF

// Lower and upper case alphabetic subtract 13 positions
IF (((%FoundPos% >= 13) AND (%FoundPos% <=25)) OR ((%FoundPos% >= 39) AND (%FoundPos% <=51)))
%FoundPos% = Evaluate (%FoundPos% - 13)
GOTO ("replace")
END IF

// Numbers and punctuation add 21 positions
IF ((%FoundPos% >= 52) AND (%FoundPos% <=72))
%FoundPos% = Evaluate (%FoundPos% + 21)
GOTO ("replace")
END IF

// Numbers and punctuation subtract 21 positions
IF ((%FoundPos% >= 73) AND (%FoundPos% <=93))
%FoundPos% = Evaluate (%FoundPos% - 21)
GOTO ("replace")
END IF

// Once the position has been found and adjusted we then find the replacement character
// and add it to the %Translated% variable.
replace
%TextLine% = String.Mid ("%ABC%", %FoundPos%, 1)
notfound
%Translated% = "%Translated%%TextLine%"

// We then increment the counter and start the chain over again for the next character in the string
%Ctr% = Evaluate (%Ctr% + 1)
END WHILE
TextObject[Text1].SetText ("%Translated%")

**Ted Sullivan** · 02-02-2004, 01:08 PM

Using MD5 hashes is a *much* better way to verify passwords etc. The ROT13 action was added to obfuscate rather than encrypt...

**TJ_Tigger** · 02-02-2004, 01:36 PM

I like that word, Obfuscate. Here is an update from the AMS4 project I worked on before. The actions are not part of a function but could easily be adapted into one. Also, there are not any comments in the code. Hopefully it is self explainatory.

Tigg

Attached Files

encrypted.apz (5.6 KB, 72 views)

**Bruce** · 02-02-2004, 01:50 PM

I remember this one Tigg!

**rhosk** · 02-02-2004, 01:58 PM

Originally posted by TJ_Tigger
Hopefully it is self explainatory.

It is, thanks! That should be all I need for what I'm trying to do. Nice tiny piece of code there. Appreciate you taking the time Tigg.

**TJ_Tigger** · 02-02-2004, 02:05 PM

I guess the thing to look at is the ascii chart that is part of the help file it lists the codes that I use in the IF/ELSEIF/ELSE statement to make the conversion. If the letter is a-m or A-M then 13 is added to the code to make it n-z or N-Z and if the letter is n-z or N-Z then 13 is subracted to the code to make it a-m or A-M.

Crypto Encryption Plug-in

Crypto Encryption Plug-in

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment