--- Charles Yeomans <[EMAIL PROTECTED]> wrote:
> > On May 19, 2006, at 1:08 PM, Phil M wrote: > > > Since you don't need a decrypt, you can use a simple hash > method. > > > > Easiest would be an MD5 since it is built into REALbasic, and > it > > would work something like this: > > > > hash = Md5(secret_phrase + user_password + user_id) > > > > adding the user_id in there means that even if two users have > > exactly the same password, they would not have the same > password hash. > > Using MD5 like this to make a stream cipher does require a bit > more > care. If you encrypt two strings with the same key, then an > attacker > can XOR the encrypted strings and get the XOR of the two > unencrypted > strings. With a bit of text guessing, it may then be possible > to > recover the original text. He's not making a stream cipher, though. Just the one-way hash. You've got me thinking, though. What about something like Dim result, chars() As String Dim i, c As Integer Dim m As new MD5Digest m.Process secretPhrase chars = Split(plainText, "") c = UBound(chars) for i = c DownTo 0 result = result + chr(Bitwise.BitXor(chars(c - i), asc(m.Value.Mid(i mod 16)))) m.Process result next I know enough about cryptography to know that sometimes making your cipher more complicated only makes it easier to break. I would think that processing the characters incrementally, and re-calculating the MD5 digest at each step, ought to at least avoid the Xor problem. How about it cryptographers? Is this reasonably secure, or just an exercise in security by obscurity? Mark Nutter Quick and easy regex creation and debugging! http://www.bucktailsoftware.com/products/regexplorer/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Unsubscribe or switch delivery mode: <http://www.realsoftware.com/support/listmanager/> Search the archives of this list here: <http://support.realsoftware.com/listarchives/lists.html>
