Writing your own encryption algorithm? Duh!!

Feb 11 2009

One of my friends was talking to me:

Hey you see that guy? He is a very good programmer and he knows a lot of stuff.

I asked him whether he knew anything about this encryption algorithm. He told me that he knows a lot about encryption algorithms. In fact he writes his own encryption algorithms. He told me that it is always better to write your own algorithms.

Yeah.

Now I know how knowledgeable he is.

I have small request to make to all of the self proclaimed cryptographic experts out there:

Cryptography is hard. It is hard because there are always smarter people out there who can break your home-made super-duper encryption algorithm. If you are so confident in your abilities, use your own encryption algorithms in your own applications. Please don’t give it to the public. If are sharing your application with us, specify that you are using your own encryption algorithm so that we’ll understand how awesome you are and how awesome your products will be (and probably avoid using your awful application).

I know what you will be thinking right now:

But, nobody ever cracked my encryption algorithm!

That is because nobody cares. People have their own work to do rather than trying to crack your pet algorithm. If you really want to test the strength of your algorithm, try announcing a million dollar prize for the guy who breaks it.

And please don’t spread messages like “it is always better to write our own algorithms”  among us mortals. May be you can do good security on your own; we can’t.

96 responses so far

  • Ralph says:

    Hi,
    can any one tell me how to make a encyption algorithm

    I have great encyption algoritm..

    mailme at

    ralphnaderralphnader@gmail.com

  • Ali says:

    Hi,
    some of you guys have forgotten one thing:
    - if there were no one who tried to write a own good algorithm, there wouldn’t be a good algrithm on earth

  • Vivek says:

    I want to learn encryption. I know c c++ langauges. Can you suggest how should i start and from where to start??

  • Niyaz PK says:

    Vivek,

    Start by reading the book: Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition by Bruce Schneier

    Even though the above book will give you an introduction to cryptography as a subject you should follow up by reading the book Practical Cryptography by Niels Ferguson and Bruce Schneier to be able to understand the real-world implementation of cryptography.

    Read this comment too.

  • Anon says:

    I am a bit confused how it is hard to create cryptography.

    xor the data with a key continuing every byte as long as the key, loop at the end of the key. Then don’t give the key out. This works with all kinds of data.

    I know you guys will have a fit over this, “that’s so easy to unlock”. Really? What are you going to do attempt to decrypt with every possibility of length and bit order? Fine if the key is dumb and short (“god”), if its 64 characters and doesn’t contain in standard characters you will have a bit of trouble.

    Slam it all you like, if no one knows the length of the key or its contents you are going to spend a hell of a lot of time trying to decrypt that data. And by the time you find it is their grandmothers name or their birth year it wont matter.

    Isn’t that the purpose to encrypt and have a simple cypher, make it hard for others to decrypt?

    Door and key guys. Doesn’t matter what the door has or is, if you have the key it will open.

    And never forget if there is a way in people will always find a way. That is part of our nature.

  • Anon says:

    I have to also agree with MikeC

    You are all making this neat-o encryption so hard when it isn’t.

    And as for no one caring as the author says about your encryption, well that is the best right? The data no one tries to break would be the most secure.

  • Day says:

    Hi guys and girls

    im new to this but i need someone to help me with this tool i am developing.
    I need a great or rather an entertaining level encryption program for text.

    Any help please email me

    klashmania@gmail.com

    cheers

  • Fred says:

    Anon,

    You are exactly the idiot that this article is intended to address. Take a look at the vigenere cipher. It’s broken. You didn’t suggest exactly that, but it’s close enough.

    Want to test your theory? Send me a 10k encryption of some english text and I bet you that I’ll be able to break it. Better yet, post it right here. (And by the bye, if I can’t break it, I’ll expect you to post what you’ve encrypted and the key you used to encrypt it with, because I’d give a 95% chance you just post 10k of random data to try to prove your point.)

    • james says:

      this thread is quite old but:
      ÛÍm<®sé% ëŸU<ç\è½Hhþ"7qv›CÙ8§:q.ÉKœIy„Å`QfYYHb5e38hf1s3ef54nhgtêÞ
      ^Dƒ=2 Ý“|[g×òð¶|(çU‰[„¡Ó]®_,ҁqÙ -ßQfYYHb5e38hf1s3ef54nhgq$ë+³¡MEŒ˜kUŸ
      ‰i;[ŠE":ú\/
      ñ’ !i~É”žZ˜iQfYYHb5e38hf1s3ef54nhg*W®<s&^ZíÊ“¢òº:ç§/
      *¡8§²¸ö/ҁk(ÐÇ^
      and your clue is it is my encrypted form of a quote from this page. sorry if it is too much text xxx

    • james says:

      and, with the second version of that algorithm, the same text:
      ^ßÅÇi-И Á(ZÙIkžqñÜÒ”Òd/É,ßö~_ĸi®X²!]§ ]x8Óá’¡„*ñ„Ø

      [‡//‰¿§\UäçúçX::(|º”|ãE¶¥Šð×ò[ò¢;×Ï“iÚʉgú[7(
      |<ퟓïZUÝk ±^˜2V&Œ=ˍEƒ¢sMDU¡¯<³^(®+
      WëÞ$$ê%*qt
      more streamlined i think xxx

  • Kruptein says:

    Fred, did you just say that if I post the sentence “Hello World” encrypted with something you would give me the password?

  • ak0n says:

    what you want my friend wait for corporate world to give you what you need. and they will tell you it is secured. and it was proven by them. sometimes we think the most secured and cool cipher would be compose of millions of code. look at Einstein formula e=mc2. the world is not always what we see.

  • KyKy says:

    i don’t know how the encryption algoritms works….
    but i have a question:
    one day i wanted to make a list with all my friends ip addresses
    i wrote them in a txt file but i didn’t wanted anyone to see the real ip’s
    so i made a batch script that when you add an ip address it will calculate it like:
    if u type 192.168.1.254 it will calculate as follows:

    192+255-1+2×4
    168+255-1+2×4
    1+255-1+2*4
    254+255-1+2*4

    so it will become: 454.430.263.516
    How could someone that dosen’t have the batch script that i am using crack this?
    i know that is kinda noob but i’m a begginer
    and sorry for my english

  • Niyaz PK says:

    @KyKy,

    You are just adding 262 to all the numbers. It is easy to spot just by looking at them.

    Just looking at the grouping of the numbers and finding the smallest and the largest numbers in the list (assuming that you provide a large enough list of numbers) will lead us to the assumption that theses are indeed ip addresses.

  • ariharan says:

    hi, i’m creating my own encryption algorithm. it will produce different cipher text each time even the plain text and cipher text are same. well what you think about this. for example for the first encryption with the PT “asdf” and key “lkj”, it will produce something like “q$di?~a”. for the second time the same PT “asdf” and key “lkj”, it will produce something like “w0i%e@8.

    • Kshitiz says:

      @ariharan:
      hey ariharan, Can you please send me the code of your encryption algorithm? My e-mail id kmittal89@gmail.com

      I just have to submit it in my college as a project work. Please help if you can.

    • james says:

      intriguing :)
      i guess there will have to be a random element, because anything which just changes from use to use in a pattern would essentially be adding a second key of how many times it has previously been used….
      also, as i see no mathematical way of mapping infinitely many different results to a set pt and key, im guessing there is intelligence behind this (and also that the decoding module will be have fun trying to work it out…)
      could i also have a copy of the code? purely out of curiosity :) j-e-h@live.co.uk

  • James Bond says:

    Security as most should know, is always breakable. Nearly nothing in life is impossible.

    Time, expense budget and the correct tools (Brain included) will win almost every time (Yes including the CIA Kryptos K4 puzzle, one day too).

    The key to proper security is balancing convenience of accessibility in direct co-relation to the urgency in just how greatly that asset be protected/encrypted.

    Example: Add a 5 foot iron vault door to my washroom, requiring 25000 different locks, with different keys, and finish it off with a retina scanner. Encase it in a 5 foot thick block encasement better yet. The total unlock and door opening process statistically tested on 1000 people is; 15 weeks.

    I think I would rather crap in the kitchen sink than implement that, don’t you think?

    Point being; Balance your encryption choice with the risk of how bad a loss it would be in having it broken.

    If someone wants to create their own encryption algorithm then so be it. The more one studies the subject, theoretically, the better the chances of making something more lasting. If one were to try to sell their method without having it time-tested, that is a different story.

    As for the comment from Fred April 4, 2010 at 9:45 am: Want to test your theory? Send me a 10k encryption of some english text and I bet you that I’ll be able to break it. Better yet, post it right here. (And by the bye, if I can’t break it, I’ll expect you to post what you’ve encrypted and the key you used to encrypt it with, because I’d give a 95% chance you just post 10k of random data to try to prove your point.)

    Happy cracking: xvrgksutvryrrjvazhnoxsdtcmvhjgczavk

  • Nw u C me says:

    Try this one, then:

    IqER0NE ,rD
    wFQaFlEA9D5

    Here’s your hint: Security, as most should

    So tell me how the cipher works.

  • james says:

    â=Ñ‚/عoY8¥¿+AµÙ2.P00ˆÞsGöј¦1Øùœ’ÆgÈÂ2´E<

    its, shakespearian, with a little modification :)

    • james says:

      â’Ñ‚/ác
      8¥¿/AÞàé»D0Zˆ Ê!æ³;=@ :jùü7é_ÁN³¼l5

      this is the result of the same plaintext, but with a slightly updated version xx

  • Jake says:

    Laern tow thngs. How the Huname Brian Wroks and become extremely proficient in mathematics.

    Jake

  • Jake says:

    ||| | ||| || |||| | || ||||| || |||| || ||
    | ||| || | |||| | || ||||| |||| || | || ||

    || || |||| | ||?

  • alex white says:

    good luck figuring this out
    rNZ.7?☻????????7y[X^}R,3
    though if you were to break it, I would hardly be surprised.

  • Laramie Downs says:

    Ok so i am really new at encryption but would a double random private key plus the original pulic key be a good enough start and building an encryption program?

Leave a Reply