Text Only | Text with Attachments

QB64.org Forum

Active Forums => QB64 Discussion => Topic started by: xra7en on March 10, 2021, 11:12:59 pm

Title: encrypt decrypt project
Post by: xra7en on March 10, 2021, 11:12:59 pm
OK this is sloppy but works! :-)
This is based off the Vigenère cipher (however you pronouce that)
Details:
So I wanted to play a little FFXIV and found I had 6hrs to kill, so wasted about 3hrs just looking for a simple encrypt/decrypt qb code - nothing really to be found. There is one here but other than that there were rare. weird - many other languages had one, but could not find a simple encode/decode. the closes I could find was a python one that was pretty simple, however, took a bit to convert. So you will have to pardon the naming convention I used LOL,
Anyways. thought I would post it here. someone can tidy it up if they like.

Code: QB64: [Select]
  1. Function str_encode$ (salt As String, pw As String, method As String)
  2.     Dim m, cnt As Integer
  3.     Dim k, I As Integer
  4.     Dim pw1 As String
  5.     Dim pw2 As String
  6.     Dim l As String
  7.  
  8.     pw2 = ""
  9.     For I = 1 To Len(pw)
  10.         m = I Mod Len(salt)
  11.  
  12.         pw1 = Mid$(salt, m, 1)
  13.         k = (m Mod 256)
  14.         If method = "e" Then
  15.             l = Chr$(Asc(Mid$(pw, I, 1)) + k)
  16.         Else
  17.             l = Chr$(Asc(Mid$(pw, I, 1)) - k)
  18.         End If
  19.         pw2 = pw2 + l
  20.  
  21.     Next
  22.     str_encode$ = pw2

Pretty self explanatory.
Send a "key" or "salt", and your password. and it will encrypt it.
usage
some_string_var = str_encode(salt, pw, [e or blank for decode])



Title: Re: encrypt decrypt project
Post by: johnno56 on March 11, 2021, 02:13:49 am
For starters, I had to lookup "FFXIV"... That's my age showing... lol

Cipher / Decipher is totally, what's the phrase, above my pay grade... lol  Just curious as to why you would want / need a program like this one...

By the way... I like your "quote"... Cool...
Title: Re: encrypt decrypt project
Post by: xra7en on March 11, 2021, 07:08:08 am
Quote from: johnno56 on March 11, 2021, 02:13:49 am
For starters, I had to lookup "FFXIV"... That's my age showing... lol

Cipher / Decipher is totally, what's the phrase, above my pay grade... lol  Just curious as to why you would want / need a program like this one...

By the way... I like your "quote"... Cool...

LOL!!!
don't single yourself out so fast  - IM 56 (at the time of this writing for future visitors and my kids are in their 30's). I'm just a big kid at heart when I am not working, and sometimes when I am :-), aside from programing I am a huge gamer - steam alone I have 1,000+, however my A.D.D. prevents me from finishing most of them. Even built my own DDR board (https://mydancepad.webs.com/l) - was heavily addicted to that thing. to some pretty large MMO back ends (World of Warcraft (https://sourceforge.net/projects/t-cata/) being my main one), and many minecraft apps as well as a back-end (https://ra7en.itch.io/blaze-minecraft-control-panel) for that one as well. I really hate buying software hahaha.

As far as why I would need a program like this? I spent my years writing software for myself, not commercial. It started when I got my first "computer" TIMEX SINCLAIR  1K ram!!! haha! And I wanted a nice Rolodex - that's what we called "contacts" back in the day. Obviously nothing really available for a kid like me, so I wrote one, then wrote a simple text adventure. These days, I have written my own subtitle maker (vb6) several basic text games (pascal and qbasic) and so forth. Which is why I like qb64 - it keeps me close to my golden days of DOS games and apps.

Today, with last-pass being stupid, I am thinking, I do not need that powerful of a PW manager. so making my own. that's where this simple little encrypt/decrypt comes in. Its not perfect but does the job. And my id/pw are stored on my system not someone else's PC in the cloud. Its not fancy, with all the auto stuff, but at least I works. And now that QB64 can do android (I think) I might extend this so I can use it on my phone.

ok that was a lot, but too lazy to erase it :P



Title: Re: encrypt decrypt project
Post by: xra7en on March 11, 2021, 08:12:09 am
Example from my pw mgr app. creating an account will produce the following (accounts.txt)

Quote
24;4?xpsrDaq‚NWF{QHK^J\f~<KDLAv:zq\W


This string holds the id, pw, and key all it one
if someone has a handy brute force app. try to crack it.
2 more hints: both pw/id are 4 char long in this example. I am pretty confident this is pretty solid. I actually use a method that is used in logins for WoW private servers.

Anyways.. for personal use my pw mgr will do just fine for me :-)
Title: Re: encrypt decrypt project
Post by: bplus on March 11, 2021, 10:38:54 pm
My first InForm Project was Cryptogram now lost I suppose when forum reshuffled the boards.

I don't know what you call the method of my encryption it randomly assigned symbols to other symbols and then shifted the table 1 or more places on each letter so you couldn't break it by counting letters and doing stats.

I just rewrote a simple version:
Code: QB64: [Select]
  1. _Title "Cryptogram" ' revisited b+ 2021-03-11
  2.  
  3. ReDim Shared L$, ABC$
  5.     Input "Enter a seed number "; sd
  6.     StartCoder sd
  7.     secret$ = encode$("Here is my secret.")
  8.     Print "   Coded: "; secret$
  9.     Print " Decoded: "; decode$(secret$)
  10.     Print
  11.     Sleep
  12.     Cls
  14.  
  15. Function encode$ (CodeThis$)
  16.     code$ = L$
  17.     For i = 1 To Len(CodeThis$)
  18.         If Asc(CodeThis$, i) > 31 And Asc(CodeThis$, i) < 128 Then
  19.             encode$ = encode$ + Mid$(code$, InStr(ABC$, Mid$(CodeThis$, i, 1)), 1)
  20.         Else
  21.             encode$ = encode$ + Mid$(CodeThis$, i, 1)
  22.         End If
  23.         code$ = Mid$(code$, 2) + Mid$(code$, 1, 1) 'so can't break code by char counts
  24.     Next
  26.  
  27. Function decode$ (This$)
  28.     code$ = L$
  29.     For i = 1 To Len(This$)
  30.         If Asc(This$, i) > 31 And Asc(This$, i) < 128 Then
  31.             place = InStr(code$, Mid$(This$, i, 1))
  32.             decode$ = decode$ + Chr$(place + 31)
  33.         Else
  34.             decode$ = decode$ + Mid$(This$, i, 1)
  35.         End If
  36.         code$ = Mid$(code$, 2) + Mid$(code$, 1, 1) 'so can't break code by char counts
  37.     Next
  39.  
  40. Sub StartCoder (seed As Single)
  41.     Randomize Using seed
  42.     L$ = "" 'ha! When you share it, you have to reinitialize it
  43.     For i = 32 To 127
  44.         L$ = L$ + Chr$(i)
  45.     Next
  46.     ABC$ = L$
  47.     'shuffle string
  48.     For i = Len(L$) To 2 Step -1
  49.         r = Int(i * Rnd) + 1
  50.         t$ = Mid$(L$, i, 1)
  51.         Mid$(L$, i, 1) = Mid$(L$, r, 1)
  52.         Mid$(L$, r, 1) = t$
  53.     Next
  55.  
  56.  
Title: Re: encrypt decrypt project
Post by: xra7en on March 12, 2021, 05:07:50 pm
One of the things that the WOW private servers did , and not sure this is true for the retail end, but they used a md5(), but instead of straigh md5(pw) it was always mixed with id so your

Code: PHP: [Select]
  1.  pw =  md5(strtoupper(pw.":".id))

using this method, even the most simplest encryption becomes a little more difficult to decrypt.

Code: QB64: [Select]
  1. pw = encode pw+":"+id

speaking of, has QB64 incorporated any internal hash keywords yet? sha1,md5 etc...?

Title: Re: encrypt decrypt project
Post by: TempodiBasic on March 12, 2021, 06:29:03 pm
Hi Xra7en
here my old encrypt/decript that use a simple sostitution method 1 by 1
https://www.qb64.org/forum/index.php?topic=281.0 (https://www.qb64.org/forum/index.php?topic=281.0)
it has been coded into Inform, but the core can be extracted to be one function.
And with little work it can be powered into a 1 to many sostituions with a key to encrypt/decrypt
Thanks to read
Title: Re: encrypt decrypt project
Post by: NOVARSEG on March 12, 2021, 10:45:25 pm
How do you distribute the key securely?
Title: Re: encrypt decrypt project
Post by: xra7en on March 12, 2021, 11:11:52 pm
Quote from: NOVARSEG on March 12, 2021, 10:45:25 pm
How do you distribute the key securely?

can you elaborate on "distribute"?

Title: Re: encrypt decrypt project
Post by: NOVARSEG on March 13, 2021, 02:13:05 am
https://csfieldguide.org.nz/en/chapters/coding-encryption/the-key-distribution-problem/
Title: Re: encrypt decrypt project
Post by: SMcNeill on March 13, 2021, 06:15:10 am
Print it on a piece of paper and include it with the software packaging, or send a verification e-mail at registration time.
Title: Re: encrypt decrypt project
Post by: xra7en on March 13, 2021, 07:53:33 am
oooooo
 der!!

This is a private project - there is no distribution.

When you start the app, it creates a key. It is not saved anywhere other than where I keep it.
To login to the app needs the id/pw and the key. Loose the key and you cannot access the app. Loose the key and you cannot access your data, as the key is used to encrypt the data as well.

It is a private password manager I am working on. So far it is pretty nice. Hopefully later down the road I can figure out how to make it work on android :-)
I'll prob post the code here when do so others can play with it.

Title: Re: encrypt decrypt project
Post by: bplus on March 13, 2021, 11:06:16 am
Quote from: NOVARSEG on March 12, 2021, 10:45:25 pm
How do you distribute the key securely?

Quote from: SMcNeill on March 13, 2021, 06:15:10 am
Print it on a piece of paper and include it with the software packaging, or send a verification e-mail at registration time.

While xra7en gets his stuff together, Steve's answer will work fine for the demo I offered in this thread.

PM me or anyone and share pass codes and send each other coded messages.

If you are afraid this is too easy to crack use a Shared bookpage say from a public document to shift the table variable amounts instead of just one all the time.

There are tons and tons of ways to make it even harder, I pity the code crackers task ;-))

Check out RSA on Internet for Public sharing of coded messages.
Title: Re: encrypt decrypt project
Post by: xra7en on March 13, 2021, 11:35:48 am
my app does not have (or need) a distro

so unsure what I need to get together? Unless my thread just got hi-jacked and missed the branch :-P
Title: Re: encrypt decrypt project
Post by: bplus on March 13, 2021, 11:50:14 am
Quote from: xra7en on March 13, 2021, 11:35:48 am
my app does not have (or need) a distro

so unsure what I need to get together? Unless my thread just got hi-jacked and missed the branch :-P


Sorry, the thread says encrypt decrypt didn't mean to hi-jack. I thought I was completing the thought about encryption decryption you left unfinished.

But then I have to say it is not clear to me what your project is about.

And I suggest you post project code in Programs Board so it's not mistaken as a discussion or a question.
Title: Re: encrypt decrypt project
Post by: xra7en on March 13, 2021, 02:27:17 pm
Quote from: bplus on March 13, 2021, 11:50:14 am

Sorry, the thread says encrypt decrypt didn't mean to hi-jack. I thought I was completing the thought about encryption decryption you left unfinished.

But then I have to say it is not clear to me what your project is about.

And I suggest you post project code in Programs Board so it's not mistaken as a discussion or a question.

All good.

I originally put that up because the other night i could not find a simple encrypt decrypt here when I searched(just being lazy as I was not focusing on writing another routine while working on the main app). I found one, but not quite what I was looking for, and did not want to ask to have someone put one up for me. So did a little research, did some converting, and learned about a cipher I was not familiar with,  and posted it here in case someone else was looking as well. Just giving back to the community.

As far as My app, I use that in is my own personal password manager. Lastpass got annoying and don't like all the others that have more than I need or want to charge, or both, so whipping up something quick and easy, while trying to keep it "sorta" secure :-) All locally stored, no cloud. I'll post it here when I am done, others can fool around with it to their liking

Title: Re: encrypt decrypt project
Post by: bplus on March 14, 2021, 02:57:59 pm
It is good, my cryptogram code is 100% improved from that old Inform project, clean cut now.

I look forward to comparing methods :)
Title: Re: encrypt decrypt project
Post by: xra7en on March 27, 2021, 08:36:31 am
I am going to leave this here unless someone thinks I should make a new thread:

OK. So need help with something. fortunately I found my key - but earlier I could not, and realized I locked myself out of my own program. skip the discussion of the ethics of adding this feature or not...

without knowing the key, but knowing the function. how can I write a reverse function to pull the key when everything is coded to the key.

example
I use a

Code: [Select]
str_crypt username+"*"+pw+"*"+key, key, "e"
Or is this not really possible.?


Code: [Select]
Function STR_CRYPT$ (strPlainTxt As String, strKey As String, method As String)
        '/ This encryption uses a key in addition to a pw.
        Dim i, c As Integer
        Dim strBuff As String


        If Len(strKey) Then
                For i = 1 To Len(strPlainTxt)
                        c = Asc(Mid$(strPlainTxt, i, 1))

                        Select Case method
                                Case "d":
                                        c = c - Asc(Mid$(strKey, (i Mod Len(strKey)) + 1, 1))
                                Case "e":
                                        c = c + Asc(Mid$(strKey, (i Mod Len(strKey)) + 1, 1))
                        End Select

                        strBuff = strBuff + Chr$(c And &HFF)
                Next i
        Else
                strBuff = strPlainTxt
        End If
        STR_CRYPT$ = strBuff
End Function


been working on it for a bit. so now I think i cannot see the forest for the trees

Title: Re: encrypt decrypt project
Post by: bplus on March 27, 2021, 12:05:22 pm
Well not sure I can answer your question but here is a tip:
c = Asc(Mid$(strPlainTxt, i, 1))

can be written as c = Asc(strPlainTxt,i) which might save time and add clarity.

In QB64 ASC() is not restricted to first char anymore.
Title: Re: encrypt decrypt project
Post by: xra7en on March 27, 2021, 12:26:09 pm
Quote from: bplus on March 27, 2021, 12:05:22 pm
Well not sure I can answer your question but here is a tip:
c = Asc(Mid$(strPlainTxt, i, 1))

can be written as c = Asc(strPlainTxt,i) which might save time and add clarity.

In QB64 ASC() is not restricted to first char anymore.

o!
thanks for that tip. thats just a quicky enc/dec function for now while I am working on the program. I have another app that will convert the final version if/when it is done that will convert the db and the account to the new encryption.

I followed a format the Lastpass, authy and a few others follow. You loose the key you loose your data - and to think I was snippy with Authy LOL, I could not remember my key, and distinctly said - "...devs are not going to lock themselves out of their own app" LOL oops!
Title: Re: encrypt decrypt project
Post by: xra7en on March 27, 2021, 12:28:08 pm
 has anyone tried to make a hill encryption with QB64? I love it, but simple on paper - although long, but converting it to programing ... hmmmm
Title: Re: encrypt decrypt project
Post by: Parkland on April 04, 2021, 10:10:48 pm
Neat ideas here!

I made something similar years ago using the RND function along with RANDOMIZE(X) seed command. I found that the RND function would always return the same random values so using the seed number as the password, you could add random 0-255 values to the character ASCII values and encrypt/decrypt that way.

I don't think the RND function would be very good for random numbers for encrypting something that couldn't be broken though, I think it's mostly just for game quality random numbers.

Right now I'm fiddling with some encryption to use for network data transfer and think I'll use maybe a key file shared between users which will be random numbers, maybe several kilobytes, then the sending computer can send an offset number with a packet of what part of the key file to use for the decryption. That way for now the key files can be generated with the RND function but later maybe something more elaborate and harder to crack.
Title: Re: encrypt decrypt project
Post by: NOVARSEG on April 05, 2021, 12:07:42 am
Basically generate some random bytes say, 1 GB and make the offset into the file public

Have to figure out a way to send the 1GB file to Alice and Bob. Been working on a that. 

Hash functions can be used to generate random bytes
Title: Re: encrypt decrypt project
Post by: luke on April 05, 2021, 03:28:49 am
That is called a one-time pad.

As you've identified, securely communicating the pad to the recipient is hard enough that you may as well just send them the actual content
Title: Re: encrypt decrypt project
Post by: SMcNeill on April 05, 2021, 08:52:42 am
I have a friend who uses a simple series of encryptions for things, and then sends the proper method value to an user.

For example, the first thing they do is zip a file.  (Think _DEFLATE.)  Then he has a series of simple encryption methods to choose from:

Method 1: NOT every byte
Method 2: Write the file in 10 byte chunks — backwards.
Method 3: Use a substitution cypher.  A = Z.  B = W.  Ect...
Method 4: Use a shift-cypher.  A = C.   B = D.  C = E.  (Shift value X spaces.)
And so on...

Then you just send the user the proper method number to enter as a passcode (usually obfuscated as well, with a simple math formula.  Number 1234567 has the digits add up to 28, which corresponds to a valid method, just as an example.)

None of the processes are overly complex on their own, but they generally render the files secure from meddling/alteration.  Unless they’re reversed properly, about the best anyone can ever get from them is a “archive corrupted” message.

By themselves, they probably wouldn’t be hard to break, but by using them on compressed information,  he’s never had an issue with them so far.  (Of course, we’re not talking securing the US Nuclear Missile launch here; just simple game asset data, and such...)

A lot of times, people tend to overthink how complex encryption has to be, when something *very* simple is sufficient enough for their needs.  If I were to just compress the game data for *anything* I’ve ever shared here on the forums, and then wrote it to a file BACKWARDS, is there anybody who’d expend the effort to sit down and sort that out?

99.9987% of pseudo-encryption security comes simply from, “Meh!  It’s encrypted.  It’s not worth the effort to deal with!”
Text Only | Text with Attachments