If you have a problem or need to report a bug please email : support@dsprobotics.com
There are 3 sections to this support area:
DOWNLOADS: access to product manuals, support files and drivers
HELP & INFORMATION: tutorials and example files for learning or finding pre-made modules for your projects
USER FORUMS: meet with other users and exchange ideas, you can also get help and assistance here
NEW REGISTRATIONS - please contact us if you wish to register on the forum
Users are reminded of the forum rules they sign up to which prohibits any activity that violates any laws including posting material covered by copyright
256 - 512 bit encryption using 28 digit cipher key
22 posts
• Page 1 of 3 • 1, 2, 3
256 - 512 bit encryption using 28 digit cipher key
Here is a product that allows you to encode data that can be used in a url. This is really important because you wish customers to send their activation codes without any snoopers.
How is that possible, and how do you avoid this and what about sending text and things that is in another language?
This is relevant but the solution below is a nearly complete method to achieve this.
But this is only half the code, the next portion would rely on php. And this php code is only half finished. The php code is only a detailed description of how to first decode with base 64, string to hex and binary to hex. The reason that these methods are used is for the reason that languages use different ascii codes and representations.
So, earlier someone had suggested that hex, binary and base 64 encoding can be cracked. And of course that is true.
But what the combination of these filters do is ensure that the final product to encoded is only numbers.
There are three passes of real encoding:
When converted to base 64, there's a few letters and a "=" symbol. Using gsub and preg_replace in php that is rewritten to a unique cipher stipulated by the 28 digit cipher you create.
next all numbers 0-9 are encoded to A-J
and the order of this is not fixed, it is based wholly upon the 28 digit cipher.
Next all letters created are converted to numbers, using a different order that is not fixed based upon the 28 digit cipher code which you provide.
Disclaimer: the php code below is only a description to convert hex to binary and to decode binary to a string. It is not the final product and it represents the progress I have made on the php end.
How is that possible, and how do you avoid this and what about sending text and things that is in another language?
This is relevant but the solution below is a nearly complete method to achieve this.
But this is only half the code, the next portion would rely on php. And this php code is only half finished. The php code is only a detailed description of how to first decode with base 64, string to hex and binary to hex. The reason that these methods are used is for the reason that languages use different ascii codes and representations.
So, earlier someone had suggested that hex, binary and base 64 encoding can be cracked. And of course that is true.
But what the combination of these filters do is ensure that the final product to encoded is only numbers.
There are three passes of real encoding:
When converted to base 64, there's a few letters and a "=" symbol. Using gsub and preg_replace in php that is rewritten to a unique cipher stipulated by the 28 digit cipher you create.
next all numbers 0-9 are encoded to A-J
and the order of this is not fixed, it is based wholly upon the 28 digit cipher.
Next all letters created are converted to numbers, using a different order that is not fixed based upon the 28 digit cipher code which you provide.
Disclaimer: the php code below is only a description to convert hex to binary and to decode binary to a string. It is not the final product and it represents the progress I have made on the php end.
- Code: Select all
<?php
function hexToStr($hex)
{
$string='';
for ($i=0; $i < strlen($hex)-1; $i+=2)
{
$string .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}
function hexbin($hex) {
$bin = decbin(hexdec($hex));
return $bin;
}
function BinHex($bin) {
$hex='';
for($i=strlen($bin)-4;$i>=0;$i-=4)
$hex.=dechex(bindec(substr($bin,$i,4)));
return strrev($hex);
}
function DeCrypt($str) {
$one = array('`0`is','`1`is','`2`is','`3`is','`4`is','`5`is','`6`is','`7`is','`8`is');
$two = array('A','M','T','E','x','w','D','Q','=');
return preg_replace($one, $two, $str);
}
$codex = "163516341605123512341204123512351634160416351635160516041235
120516341635160512351205120412351634160416051605123416051604
123516351634163412351235163516041235120416341605123512341635
160512041205160416051605123416351604120416051634163516351234
160412051205160516341635163512341604120512051605163416041605
123516351204120512351634163516351235123416041204160416341204
160512351635120412041205163412351635160512351205160416351634
120412351235120516041205160416341204160516351605160416041604
160416041235123416341604120512041604160516051235160416041205
120416341604163512351234160512051605163416351605123512341204
123516051634163516351235123416041205123416041605160512351634
160412041234163412051205163516051604160412041634123516351635
160516041235163416341204160512341635120412051205163416351635
123512341205120412351605163416351605120416051604120416051635
120512041635160412041605163416051635123512341604120416341634
120512351635123516051604120416051635120512051235120412351204
163412051205123512041204123416041604160516051205123512041235
120416341205120512351204120516041204160516351205160512351205
160416351634163516051234163516041235120516341205160512341604
120512341635160416341235163512341204123512041634120512051235
123516051204123516341204160512351234120512041235163412051235
123512051204123512051634160416351635123416041205163416341634
1235123512351788";
$codex = DeCrypt($codex);
//decode base 64
$codex = base64_decode($codex);
// binary to hex
$codex = BinHex($codex);
// hex to string
$codex = hexToStr($codex);
echo $codex;
?>
Last edited by wlangfor@uoguelph.ca on Wed Mar 25, 2020 7:27 pm, edited 1 time in total.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
This is neiter 256 nor 512 bit encryption. The only encryption here is replacing 0-9 with A-J. Very dangerous to use for actual encryption tasks, since it is brute forced in seconds by a bot net.
I like that you try, but ignoring the facts and presenting false statements doesn't make this a useful encryption.
I like that you try, but ignoring the facts and presenting false statements doesn't make this a useful encryption.
"There lies the dog buried" (German saying translated literally)
- tulamide
- Posts: 2714
- Joined: Sat Jun 21, 2014 2:48 pm
- Location: Germany
Re: 256 - 512 bit encryption using 28 digit cipher key
tulamide wrote:This is neiter 256 nor 512 bit encryption. The only encryption here is replacing 0-9 with A-J. Very dangerous to use for actual encryption tasks, since it is brute forced in seconds by a bot net.
I like that you try, but ignoring the facts and presenting false statements doesn't make this a useful encryption.
It actually first encrypts base64 to 0-9 and hten 0-1 to a nuique combo of a- j and then using a unique combination of 0-9 it's then once again re-ecnoded.
It's triple level protection. Quadruple, quintuple, sextuple if you account for the dependence on coherent data to decrypt every method. With missing variables, only small bits can be decoded. What you're saying is impossible. The characters would fall back to meaningless symbols that can not even be output by a form or in a url address bar. Because each symbol would be a non-plusse wildcard online there'd be no brute force because of the lack of false positives. You're only assuming that each pass uses the same encoding; but it doesn't. There's three passes and three different encoding methods, with one of those encoding methods scrambled once.
because of the replacement of base64 with a unique algorithm, there's no logical reference to any standardized coding medium. If it was cracked there'd be a unique algorithm to solve this.
I realize that you try but you're not thinking this through, you're thinking in plain ways that don't consider all the moves like on a chessboard.
here's the php I've come up with so far:
- Code: Select all
// the 28 digit cipher
$rosetta = 'Tv7f$S=K7#@!];1#4x!Wg8*@1b)=-';
// split string into array each character
$rosetta = str_split($rosetta, 1);
// set count variable
$count = 0;
//one
$one = [];
$one = array_slice($rosetta, 0, 9);
foreach ($one as $value){
$one[$count] = $value.','.$count;
$count;
$count++;
}
asort($one);
$count = 0;
//two
$two = [];
$two = array_slice($rosetta, 9, 10);
foreach ($two as $value){
$two[$count] = $value.','.$count;
$count;
$count++;
}
asort($two);
$count = 0;
//three
$three = [];
$three = array_slice($rosetta, 19, 10);
foreach ($three as $value){
$three[$count] = $value.','.$count;
$count;
$count++;
}
asort($three);
$count = 0;
//output one
foreach($one as $key => $val) {
echo "$key = $val\n<br />";
}
echo '<br /><br />';
// output two
foreach($two as $key => $val) {
echo "$key = $val\n<br />";
}
echo '<br /><br />';
//output three
foreach($three as $key => $val) {
echo "$key = $val\n<br />";
}
OK, so for the most part this is an exact copy of the rosetta cipher function in flowstone. It exactly copies the method and provides many options.
So, what's missing in the php is to offset the padding for every array value by two to remove the first two string characters in every value. That's a simple matter and I will post the update when that is done.
You could always Find a genius friend Tulamide, and get them to crack this algorithm or please stop commenting. You could probably try quora.com, answers.com or one of the sites with genius people trying to impress everybody to try to. Some of them live for that.
I mean, ultimately this is a useful resource, someone could if they wished make this algorithm a bit stronger and build from it. But people pay money for that, this is about as good as it gets. Someone could pay Me I guess if they wanted better. But ultimately, every tried and used method can be cracked whether it to be ssl or anything on the internet. People beat that with iphones everyday eavesdropping, and the reason that's possible is because of people using non-random methods.
There's nothing secure, but those things that are unique. And this is that.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
So, to try and ensure that the query sent to the site I'm trying some forms of compression. Obviously though; the real issue becomes ruby and its ability to encode in the same manner.
here's a URL with some more information about that:
https://stackoverflow.com/questions/2996049/how-to-compress-decompress-a-long-query-string-in-php
I'm not sure which method I'll use; there's quite a few listed. Obviously though, the more data possible, the better right? 250 characters could potentially be 92 characters at a compression ratio of 0.4592.
This works great for me:
here's a URL with some more information about that:
https://stackoverflow.com/questions/2996049/how-to-compress-decompress-a-long-query-string-in-php
I'm not sure which method I'll use; there's quite a few listed. Obviously though, the more data possible, the better right? 250 characters could potentially be 92 characters at a compression ratio of 0.4592.
This works great for me:
- Code: Select all
$out = urlencode(base64_encode(gzcompress($in)));
Saves a lot.
$in = 'Hello I am a very very very very long search string' // (51)
$out = 64
$in = 500
$out = 328
$in = 1000
$out = 342
$in = 1500
$out = 352
So the longer the string, the better compression. The compression parameter, doesn't seem to have any effect.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
tulamide wrote:This is neiter 256 nor 512 bit encryption. The only encryption here is replacing 0-9 with A-J. Very dangerous to use for actual encryption tasks, since it is brute forced in seconds by a bot net.
I like that you try, but ignoring the facts and presenting false statements doesn't make this a useful encryption.
Agreed and I responded on another thread. Never use unproven standards for encryption. I would say have fun with it as a hobby, but there are way to many to choose from to even attempt this. It is like me trying compete with Martin in a filter design or Tula in ruby.
https://en.wikipedia.org/wiki/Advanced_ ... n_Standard
-
pshannon - Posts: 144
- Joined: Fri Jan 02, 2015 3:08 am
Re: 256 - 512 bit encryption using 28 digit cipher key
It's fairly secure; there would be more than 900,000 attempts using brute force to get any data at all.
That's still more secure than most ssl techniques which now have workarounds.
anyways, for people wanting to get serious about getting this done, here's the new php code, I haven't yet built the php preg_replace arrays yet, but with this example you should be able to make the php mirror of the flowstone code.
And later I'll post this code on quora, answer, stack overflow and see if anybody can crack it. But it's like I said, people just guess and pretend they know; it's ridiculous. I say I'm a bit of an expert someone who's not a programmer says otherwise, who's to say really, everything is what it is.
That's still more secure than most ssl techniques which now have workarounds.
anyways, for people wanting to get serious about getting this done, here's the new php code, I haven't yet built the php preg_replace arrays yet, but with this example you should be able to make the php mirror of the flowstone code.
- Code: Select all
<?php
function hexToStr($hex)
{
$string='';
for ($i=0; $i < strlen($hex)-1; $i+=2)
{
$string .= chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}
function hexbin($hex) {
$bin = decbin(hexdec($hex));
return $bin;
}
function BinHex($bin) {
$hex='';
for($i=strlen($bin)-4;$i>=0;$i-=4)
$hex.=dechex(bindec(substr($bin,$i,4)));
return strrev($hex);
}
function fixit($str){
return preg_replace('`$`is', '\$', $str);
}
$rosetta = 'Tv7f$S=K7#@\];1#4x!Wg8*@1b)=-';
// for instance of no commas
$rosetta = str_split($rosetta, 1);
//$a1 = $rosetta(9);
//when commas are available
//explode( ',', $input2 )
//$b = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28];
//$rosetta = array_combine($rosetta, $b);
$count = 0;
// build array one
$one = [];
$one = array_slice($rosetta, 0, 9);
foreach ($one as $value) {
$one[$count] = $value.','.$count;
$count++;
}
asort($one);
$count = 0;
// build array two
$two = [];
$two = array_slice($rosetta, 9, 10);
foreach ($two as $value) {
$two[$count] = $value.','.$count;
$count++;
}
asort($two);
$count = 0;
// build array three
$three = [];
$three = array_slice($rosetta, 19, 10);
foreach ($three as $value) {
$three[$count] = $value.','.$count;
$count++;
}
asort($three);
$count = 0;
function DeCrypt($str) {
$one = array('`0`is','`1`is','`2`is','`3`is','`4`is','`5`is','`6`is','`7`is','`8`is');
$two = array('A','M','T','E','x','w','D','Q','=');
return preg_replace($one, $two, $str);
}
$codex = "039203820395019203920382018501820392018501850192018501820195
018503920395038501950185018201820195039203820195039503850382
019501850392039503850195038501820195018503820385038501850185
018501850385039201820195019203820382018203820392018203850195
039501850185038503920395039501920382018501850385039203820395
019501920382018503920392039201950195039503820185018203920382
0385039501920844";
echo "<strong>key values:</strong><br />";
echo substr($one[0], -1)."\n<br />";
echo substr($one[1], -1)."\n<br />";
echo substr($one[2], -1)."\n<br />";
echo substr($one[3], -1)."\n<br />";
echo substr($one[4], -1)."\n<br />";
echo substr($one[5], -1)."\n<br />";
echo substr($one[6], -1)."\n<br />";
echo substr($one[7], -1)."\n<br />";
echo substr($one[8], -1)."\n<br />";
echo substr($two[0], -1)."\n<br />";
echo substr($two[1], -1)."\n<br />";
echo substr($two[2], -1)."\n<br />";
echo substr($two[3], -1)."\n<br />";
echo substr($two[4], -1)."\n<br />";
echo substr($two[5], -1)."\n<br />";
echo substr($two[6], -1)."\n<br />";
echo substr($two[7], -1)."\n<br />";
echo substr($two[8], -1)."\n<br />";
echo substr($two[9], -1)."\n<br />";
echo substr($three[0], -1)."\n<br />";
echo substr($three[1], -1)."\n<br />";
echo substr($three[2], -1)."\n<br />";
echo substr($three[3], -1)."\n<br />";
echo substr($three[4], -1)."\n<br />";
echo substr($three[5], -1)."\n<br />";
echo substr($three[6], -1)."\n<br />";
echo substr($three[7], -1)."\n<br />";
echo substr($three[8], -1)."\n<br />";
echo substr($three[9], -1)."\n<br />";
// $codex = DeCrypt($codex);
// decode base 64
// $codex = base64_decode($codex);
// binary to hex
// $codex = BinHex($codex);
// hex to string
// $codex = hexToStr($codex);
// var_dump($rosetta);
//foreach ($one as $key => $val) {
// echo substr($val, -1)."\n<br />";
//}
//echo '<br /><br />';
//foreach ($two as $key => $val) {
//}
//echo '<br /><br />';
//foreach ($three as $key => $val) {
//}
//print_r($one);
//$compressed = gzcompress($codex, 1);
?>
And later I'll post this code on quora, answer, stack overflow and see if anybody can crack it. But it's like I said, people just guess and pretend they know; it's ridiculous. I say I'm a bit of an expert someone who's not a programmer says otherwise, who's to say really, everything is what it is.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
wlangfor@uoguelph.ca wrote:It's fairly secure; there would be more than 900,000 attempts using brute force to get any data at all.
That's still more secure than most ssl techniques which now have workarounds.
anyways, for people wanting to get serious about getting this done, here's the new php code, I haven't yet built the php preg_replace arrays yet, but with this example you should be able to make the php mirror of the flowstone code.
And later I'll post this code on quora, answer, stack overflow and see if anybody can crack it. But it's like I said, people just guess and pretend they know; it's ridiculous. I say I'm a bit of an expert someone who's not a programmer says otherwise, who's to say really, everything is what it is.
If you were really serious about this? Add money to it, that is when you will get real people involved. I will not waste my time on it, because I have to many other things I am working on. Businesses will put $50,000+ on the line, but the catch is the person who cracked it must show their methods etc. Your quote "people just guess and pretend they know; it's ridiculous". I do not pretend to be knowledgeable in this field. This is a audio/synth forum and I didn't want to be challenged on my knowledge in this area because it will appear I am bragging about my legacy or something. However, I am left with no choice and I was truly giving you professional level advice. Here is my list of certifications in the field of cyber security with 15 years of full time experience consulting to fortune 5-500 companies. These are international certs from the leaders in the industry. You are a smart person and I have been impressed with your projects you share for audio. Inventing something in the area of security is big business and making claims is not in yours or anyone else's best interest including mine to think uncrackable. You mentioned ssl had failures and yes it did and it was switched to tls 1.2/1.3. When an encryption algorithm fails the industry reports it and they try to remediate it. Have you ever heard of des years ago? It worked for a while and then they created 3des which means it pretty much was encrypted it 3 times to prolong the use until something else was created to replace it. Good luck with it and I hope you find your answer, I am not going to get caught up in this debate any longer. Everything below is easily verifiable and I am not embellishing my knowledge in the area.
Senior cyber security Architect & Risk consultant
CISSP, CISA, CRISC, GIAC-GPEN, GIAC-GISP, GIAC-GPPA,Security+
http://www.sans.org
http://www.isaca.org
http://www.isc2.org
I also studied computer science many years ago and I feel it doesn't count compared to my more recent certifications.
Here is an example you presented, but use the AES instead. One tip, use as many of the ascii character set as you can and not use a very limited set.
"Hello I am a very very very very long search string"
key="Tv7f$S=K7#@!];1#4x!Wg8*@1b)=-"
aes 128 output="nrruWtmcjyhpVo/IjsGIXIRC1Msi7KiIwLJpPAEAO/9U4zNJI3eta38Ni+2tsWXQNhYUySJq0fRL8Qx6TIMCNg=="
aes 256 output="PrVKYwJGwuotriqxvOWFzPXCYw3MFC9MkNREj4mJluBd99owseut1UkjLAqdFf+v62wa9QCCPul6mm3ZzbGcyw=="
Your output="039203820395019203920382018501820392018501850192018501820195
018503920395038501950185018201820195039203820195039503850382
019501850392039503850195038501820195018503820385038501850185
018501850385039201820195019203820382018203820392018203850195
039501850185038503920395039501920382018501850385039203820395
019501920382018503920392039201950195039503820185018203920382
0385039501920844"
I spent 5 minutes on "unstoppable algorithm - part 6 php ready.fsm" and this is something you should never have in a symmetric cipher, a predicable outcome.
1. Create key
2. Type the word "hello" once, capture the output to another tab in notepad++ or anything else you may have.
3. Type the same word again several times, and capture the text into another tab. Does the scrambled text appear to show the same patterns of text? Meaning can you do a search from the first tab and find this several times in your scrambled second tab? If you can, it completely failed.
4. I typed 5x "hello" and found the same scrambled text several times. Again I spent more time typing this out than I did to find the pattern.
5. Try this same thing in aes and you will not even closely get a similar out come.
Last edited by pshannon on Fri Mar 27, 2020 2:57 am, edited 5 times in total.
-
pshannon - Posts: 144
- Joined: Fri Jan 02, 2015 3:08 am
Re: 256 - 512 bit encryption using 28 digit cipher key
You're right, and if it was with money, I'd make it more secure, most programmers making plugs are still just using base64 and so on. This isn't a movie, it's a free product.
People are like "whoa, this is this and this and I'm a pro, but I'm like this is free and free is good".
It's secure enough, people making the big bucks can make something better for flowstone right? I mean, isn't this forum where all the big name security consultants go? lol. I'll still post on quora and answer and stack exchange and get their take on things, maybe they have ideas on something I can use in both ruby and flowstone.
I'm guessing brute force might be able to decrypt the code as it stands to only 75% of the content in entirety. But in the case of license activation keys and star rating that's acceptable. If it were private information, it might be a different matter. But it's not and this isn't a movie, uncrackable in the terms of license keys, but you might be able to decrypt like the bit of a message or something. You know what I'm saying, in these terms; it's ridiculous.
I have a portfolio on My site https://leattol.com.
People are like "whoa, this is this and this and I'm a pro, but I'm like this is free and free is good".
It's secure enough, people making the big bucks can make something better for flowstone right? I mean, isn't this forum where all the big name security consultants go? lol. I'll still post on quora and answer and stack exchange and get their take on things, maybe they have ideas on something I can use in both ruby and flowstone.
I'm guessing brute force might be able to decrypt the code as it stands to only 75% of the content in entirety. But in the case of license activation keys and star rating that's acceptable. If it were private information, it might be a different matter. But it's not and this isn't a movie, uncrackable in the terms of license keys, but you might be able to decrypt like the bit of a message or something. You know what I'm saying, in these terms; it's ridiculous.
It's free it's free it's pretty and free the plugins we sell are worth less it seems but still we crypt and code for the kicks, a sad game of tricks that's free albeit.
I have a portfolio on My site https://leattol.com.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
I've been researching and perhaps md5, md1, shaa256 or sha412 may be possible. It depends on what ruby can support, but there's always workarounds and sometimes it's really neither here nor there to be paranoid, especially when a url href string cannot be too long. PHP safe mode does not have global post and it's limiting.
We'll see, but like I said, good for now and if I were a seller of plugins employing a method; I'd be confident and happy with this product as is. I mean, if aax and mac au vst support it'd be a different game right? VST is still worthwhile but ultimately it gets less attention, and with attention comes license key crackers.
Not so sure that anyone will bother for a vst unless it's easy game which it isn't, realistically.
We'll see, but like I said, good for now and if I were a seller of plugins employing a method; I'd be confident and happy with this product as is. I mean, if aax and mac au vst support it'd be a different game right? VST is still worthwhile but ultimately it gets less attention, and with attention comes license key crackers.
Not so sure that anyone will bother for a vst unless it's easy game which it isn't, realistically.
-
wlangfor@uoguelph.ca - Posts: 912
- Joined: Tue Apr 03, 2018 5:50 pm
- Location: North Bay, Ontario, Canada
Re: 256 - 512 bit encryption using 28 digit cipher key
wlangfor@uoguelph.ca wrote: VST is still worthwhile but ultimately it gets less attention, and with attention comes license key crackers.
Not so sure that anyone will bother for a vst unless it's easy game which it isn't, realistically.
And thats where you are 100% totally wrong. VST cracks are a HUGE part of the music community and right now when every second person wants to be a producer and a dj making those "phat beats" yo! Almost every VST plugin is cracked, I have seen cracks from FlowStone developers (keeping it anonymous to protect their identity) recently, and if you give them something claiming to be uncrackable (free or not), those who have no knowledge in protection what so ever, will trust you and you give them false claims, and will probably be godsmacked when they see their new VST get cracked the next day employing the uncrackable method.
- adamszabo
- Posts: 667
- Joined: Sun Jul 11, 2010 7:21 am
22 posts
• Page 1 of 3 • 1, 2, 3
Who is online
Users browsing this forum: Google [Bot] and 83 guests