Page 47 - Cyber Warnings
P. 47
Cryptography Ideas
Editing the old, adding in some of the new..
By Daniel Pointon, cryptJS.tk
Hi, in this article I'm going to talk you through the process of making an encryption software. I'll
be walking you through the general substitution encryption concept. This would typically be
used for sending secure company-company messages. It doesn't use a company-multiple users
key, as the key has to be in a certain mode before use. I’ll explain this in a minute.
IMPORTANT NOTE: DO NOT IMPLEMENT YOUR OWN ENCRYPTION SOFTWARE. IT IS
NOT SAFETY-PRO, USE ALREADY DESIGNED ENCRYPTION SCHEMES AND CHECK
WITH YOUR CIO.
The general substitution encryption idea is that every character is swapped with another
character systematically. For example, if Daniel is run through the idea where
D=Z,A=I,N=O,I=B,E=Y,L=P .So my name would be ZIOBYP. Every letter of the alphabet must
be transformed to another letter.
One main error with the general substitution encryption idea is that it can be frequency analyzed
for the language it’s in. I can’t do an example of this because of the length of the text, and the
fact there are no repeated characters. So, for this example I will say that my name is Danieel. It
would then by ZIOBYYP.
If I frequency - analyze names, I don't know what the most common letter is. I'm going to make
the assumption that it's e. So I can then guess y=e. This process can be repeated multiple
times, until the whole thing could be easily read.
My first thought when I began to start work was could it be converted to numeric substitution of
ascii but the amount of keys I think is too small for that. The method for extending the amount
of keys is simple in my mind. Keyspace=10!. If the 10 was made bigger it could increase the
amount of keys substantially. If it was made into a 3-digit substitution system, it could be made
more safe. So keyspace=1000!. However, ascii could be treated as a language and frequency
analyzed for 3 digit numeric sequences.
How to solve this:
The text could be run through a one-digit numeric substitution cipher. That would stop the
attacker from frequency analyzing if a brute force (testing all the codes) is successful. There are
10! keys (362880). If they tried all of those and then frequency - analyzed every one of those
and compared it to ascii frequency analysis they could find the codes.
This is not safe for important network communications. So maybe it could be increased by then
changing the ciphertext ascii using the two digit substitution idea, so to frequency analyze that
47 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
