One of my friends was talking to me:
Hey you see that guy? He is a very good programmer and he knows a lot of stuff.
I asked him whether he knew anything about this encryption algorithm. He told me that he knows a lot about encryption algorithms. In fact he writes his own encryption algorithms. He told me that it is always better to write your own algorithms.
Yeah.
Now I know how knowledgeable he is.
I have small request to make to all of the self proclaimed cryptographic experts out there:
Cryptography is hard. It is hard because there are always smarter people out there who can break your home-made super-duper encryption algorithm. If you are so confident in your abilities, use your own encryption algorithms in your own applications. Please don’t give it to the public. If are sharing your application with us, specify that you are using your own encryption algorithm so that we’ll understand how awesome you are and how awesome your products will be (and probably avoid using your awful application).
I know what you will be thinking right now:
But, nobody ever cracked my encryption algorithm!
That is because nobody cares. People have their own work to do rather than trying to crack your pet algorithm. If you really want to test the strength of your algorithm, try announcing a million dollar prize for the guy who breaks it.
And please don’t spread messages like “it is always better to write our own algorithms” among us mortals. May be you can do good security on your own; we can’t.
The thing with encryptions is the harder to decode them the longer it takes to encode.
ie: if i make a simple Hex query that encode the encryption, it won’t take long but the pass will be easy to find.
if i make a hex query that is comming from a key generated with multiple alteration on parameters that varry (ie take username and other info and merge them…) the algorythm is harder to decode.
making one isn’t hard, the problem is making an efficient one that wont be easy to decode and fast to use.
can you pass me your algorithm??
Hi
I want ask you a question ?how you write Encryption Algorithm?
I want write any one Encryption Algorithm?
just give me example /this is my e-mail arbasta2010@hotmail.com
I agree with this article that you should NEVER trust that your own homemade algorithm is cryptographically sound. The best algorithms are public encryption algorithms. In fact I think even some of the NSA’s private unpublished algorithms are significantly less secure than public algorithms.
I’ll give you an example. Skipjack was a classified algorithm, the day it was declassified two attacks were published on the algorithm. One of them broke 31 out of the 32 rounds that were supposed to provide enough cryptographic strength to beat out hackers. I would trust non-government public open source algorithms. The five best algorithms currently are RC6, MARS, Serpent, Twofish, and Rijndael (AES). These were five algorithms that were submitted to compete for the Advanced Encryption Standard (AES) title. Rijndael was chosen because it could encrypt and decrypt at a faster rate than the other algorithms. It was a trade off on security and speed. The reason they needed speed was to implement the algorithm in hardware and on smart cards. If you are truly interested in security go with one of the hybrid algorithms like AES-Twofish or Serpent-Twofish, both of which are in TrueCrypt.
TrueCrypt is a highly secure application and encryption program that is open source. The only attack I know that is successful against TrueCrypt is the Cold Boot attack. This attack requires that you cut the power to the device suddenly. You then go to the cache on the computer and you’ll find encrypted keys on there. Once you have obtained the hash, it is then possible to break the keys using the method of Rainbow Tables. This is found in the open source Windows application Cain & Abel Cracker. But you have to create the Rainbow Tables first.
If you are a hacker I suggest you do the following. Create a large Rainbow Table with the mixcase-alpha-numeric-symbol key space (you can generate a Rainbow Table using Winrtgen). So you take a large external hard drive (I’m not joking a Rainbow Table can be as large as 5.5 TB if you are searching for keys of a specific length), and generate a large Rainbow Table. This could take days to create, but it is worth it. For Windows it uses LM hashes (at least that is what I’ve read).
So to the White Hat Hackers out there (that is the benign hackers interested in security) whenever you leave a computer unattended DISMOUNT the TrueCrypt drive. I recommend for every TrueCrypt volume you create, use a different algorithm and a different key. It reduces the chances of all keys being compromised. If one key is compromised the rest will be safe (choose strong keys that have mixed case letters, numbers & symbols. For example $tRonGK3y$ROOle if you couldn’t figure it out it said StrongKeysRule). These guidlines prevent confidential information from being divulged easily.
Also if you have multiple TrueCrypt volumes make a master key volume. You then put a word document or text file in the master key volume with all the passwords in plaintext form. The password for this volume must be very strong and you must be able to remember it. If you forget the password to a TrueCrypt volume it becomes highly difficult to recover a key (not impossible though: Cold Boot Attack only works if drive is mounted). So for security freaks (I’m one) I recommend you encrypt the entire hard drive. Do not use insecure connections for remote terminals (don’t use telnet, rlogin or raw connection in PuTTY) use SSH. Be very careful about remote connections.
some people are good enough depending on their skills. algorithms are always hard as hell to make if you are trying to actually make it worth your while.. there is a way to double encrypt a homemade algorithm to make it almost impossible to break.
funny thing about security only way to have something 100% secure, is have it where no one can get to it not even you that is to say for it not to exist