Re: Crypt

From: Stefan Kaczmarek <stefan_at_thezonie.org>
Date: Tue, 12 Jun 2007 11:30:04 -0700

Ok, I came up with something that works in Java and PHP.

So, instead of this:

$key = ($key * 1103515245 + 12345) & 0x7fffffff;

Do this:

$a = ($key>>16) & 0xffff;
$b = $key & 0xffff;
$a = ($a * ((1103515245 >> 16) & 0xffff)) + 12345;
$b = ($b * (1103515245 & 0xffff)) + 12345;
$key = ($key ^ $a) ^ $b;

Nibble bork! :)

I don't know how awesome it is from a cryptological standpoint, but
there it is.

- Z

On Jun 12, 2007, at 7:53 AM, Dylan C Douglas wrote:

> Yeah, that's why I was throwing the AND in there. PHP doesn't
> handle overflowing really well. It just promotes it, so I was
> trying to limit it to four bytes. (You said eight bytes for the
> sha1 idea. Are you working with eight byte keys?)
>
> I'm fine with the sha1 idea, but it's going to have to be the first
> four bytes being the new key, since I don't have longs; I have
> signed int and signed float. I'm just worried about speed. I'll
> try to find something that can do a sha1 for php.
>
> -D
>
> -----Original Message-----
> From: "Stefan Kaczmarek" <stefan_at_thezonie.org>
> To: "Dylan Douglas" <dylan_at_mediadefender.com>
> Cc: "Ivan Kwok" <ivan_at_mediadefender.com>; "Ben Ebert"
> <ben_at_mediadefender.com>; "Ty Heath" <heath_at_mediadefender.com>; "Jay
> Mairs" <jay_at_mediadefender.com>; "Nainesh Solanki"
> <nsolanki_at_mediadefender.com>; "Sergio Alvarez"
> <sergio_at_mediadefender.com>; "Gerald Rode" <gerald_at_mediadefender.com>
> Sent: 6/11/07 10:31 PM
> Subject: Re: Crypt
>
> Ok, shit no worky, and it's because PHP treats integers that go
> beyond the int boundary as floats instead of just overflowing. So
> basically we need to do some sort of byte shifting thingy instead.
>
> Any other idears? How about something like the first 8 bytes of the
> sha-1 of the key is the new key???
>
> - Z
>
> On Jun 11, 2007, at 6:14 PM, Dylan Douglas wrote:
>
>> Okay, so, got it working.
>>
>> Encrypt:
>> srand( time() + 127 );
>> $key = ( mt_rand( 0, 0x7fffffff ) );
>> $encrypted_data = sprintf( '%08x', $key );
>>
>> $b = 0;
>> $length = strlen( $data );
>>
>> for( $i = 0; $i < $length; $i++ )
>> {
>> $key = ($key * 1103515245 + 12345) & 0x7fffffff;
>> $b = ( $key / 65536 ) % 256;
>> $value = ord( $data[$i] ) ^ $b;
>> $encrypted_data .= sprintf( '%02x', $value );
>> }
>>
>> The only real change to the original code is the addition of
>> ANDing it with 0x7fffffff, which keeps php from busting. I used it
>> to encrypt your string of "I really enjoy carpeting." and get:
>> string(58)
>> "5c579169848331b8c228511ab4a54303cd76f31a45d30845b2fd38e3d4"
>>
>> The starting bytes of: 5c579169 are is the key. It's value is
>> 0x5c579169 (I tried to write the LSB first but php is a pita and
>> that made decoding the key a pain. So, I straight-out write it
>> like it is a hex string and if you need to shift things around, you
>> can do that in java.
>>
>> See if you can get it working on your side.
>>
>> -D
>>
>> Ps. here are some others:
>>
>> "Fresh taste... you can trust"
>> string(64)
>> "5316297d87c1c574e68617d0498fb9bb508ae80b4117f8d19c2777cde6a3ad39"
>> "We have your email address listed as theshockwave_at_gmail.com. If
>> you do not want to receive anymore emails on special savings and
>> news, click here."
>> string(300)
>> "518fa7cad1b242cd6fd8825430c2c4217574c9ef510c646362ab390739e7dd92c67a
>> 9
>> 13f99f4718fadb00b0c109eb1c93f965220070f361632c85d12f00f49ed03debc7edd
>> 9
>> 108078ed03d3d58743a76ce5fd82ec22a583afdd3cbd943e3a59e532a5e157249dd84
>> b
>> 9829640ab88783989f807826d86fa1cf9814d3a07a19c048d0b1e45fd1fffab23f017
>> e
>> 16e1ae598961184798d8f"
>>
>>
>> From: Dylan Douglas
>> Sent: Friday, June 08, 2007 5:22 PM
>> To: Stefan Kaczmarek
>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
>> Sergio Alvarez; Gerald Rode
>> Subject: RE: Crypt
>>
>> I think I got it sorted out.
>>
>> I changed the line to: $key = ($key * 1103515245 + 12345) &
>> 0x7fffffff
>>
>> I was going to keep working on it, but we are changing ips and are
>> now in ip hell.
>>
>>
>>
>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
>> Sent: Thursday, June 07, 2007 9:04 PM
>> To: Dylan Douglas
>> Cc: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
>> Sergio Alvarez
>> Subject: Re: Crypt
>>
>> Well, if you need to tweak it to make it work easier in php, let me
>> know. It doesn't really matter what the algo is, as long as it's
>> implementable in java and php.
>>
>> - Z
>>
>> On Jun 7, 2007, at 6:22 PM, Dylan Douglas wrote:
>>
>>> Z-
>>>
>>> Have I mentioned that php is dumber about ints than Java? Well,
>>> I'm trying to get the:
>>>
>>> $key = $key * 1103515245 + 12345;
>>> code to work. I start off okay, then I seem to zoom off to around
>>> 10^130 as I become a float (and that is just doing your carpet
>>> string). So, cast to stay an int, right? Now I loop past MAXINT
>>> become negative and get stuck somehow at MININT value. I tried
>>> ANDing it with 0xffffffff, but that didn't help. I have to figure
>>> out how to tell it to limit stuff to 4 bytes and to allow it to
>>> loop. Will keep you updated.
>>>
>>> -D
>>>
>>> From: Stefan Kaczmarek [mailto:stefan_at_thezonie.org]
>>> Sent: Thursday, June 07, 2007 8:46 AM
>>> To: Ivan Kwok; Ben Ebert; Ty Heath; Jay Mairs; Nainesh Solanki;
>>> Sergio Alvarez; Dylan Douglas
>>> Subject: Crypt
>>>
>>> D,
>>>
>>> Here are the code snippets that I use to encrypt / decrypt the
>>> json string. When I send you the sources, it'll be "files=<hex
>>> string>". And when I get the sources back, I am assuming it'll be
>>> a <hex string> that comes back.
>>>
>>> To go to and from hex strings, this is what I do:
>>>
>>> // Encrypt the data and convert it ot a hex string
>>> String data="I really enjoy carpeting.";
>>> byte data_bytes[]=data.getBytes();
>>> byte to_crypt[]=new byte[data_bytes.length+4];
>>> System.arraycopy(data_bytes,0,to_crypt,4,data_bytes.length);
>>> byte cipher[]=Crypt.Encrpyt(to_crypt);
>>> String hex=Crypt.bytesToHex(cipher);
>>> data=hex;
>>>
>>> // Decrypt the data
>>> data_bytes=Crypt.hexToBytes(data);
>>> byte plain[]=Crypt.Decrypt(data_bytes);
>>> byte decrypt[]=new byte[plain.length-4];
>>> System.arraycopy(plain,4,decrypt,0,decrypt.length);
>>> data=new String(decrypt);
>>>
>>> I just take the string, convert it to a byte array, add 4 bytes at
>>> the front for the key, and then encrypt the byte array. I then
>>> convert the whole byte array into a hex string. Then, when
>>> receiving a hex string, i convert it to a byte array, then decrypt
>>> it, pull off the first 4 bytes, and covert the remaining bytes
>>> back into a string.
>>>
>>> Try decrypting
>>> 933d5162fadc8f46acc8e0fdd123205867743c03ce284794f989691a5a and you
>>> should get the "I really enjoy carpeting."
>>>
>>> For funsies, here are the decrpyt and encrypt functions:
>>>
>>> // The input buffer needs to have 4 bytes at the front to allow
>>> for the key to be placed there
>>> public static byte[] Encrpyt(byte[] data)
>>> {
>>> // Create a byte buffer, which is the 4 byte key plus the data
>>> byte[] ret=new byte[data.length];
>>> System.arraycopy(data,0,ret,0,data.length);
>>>
>>> // Get a random int to encrypt with
>>> int key=new Random().nextInt();
>>>
>>> // Copy the key and data to the out array
>>> System.arraycopy(intToByteArray(key),0,ret,0,4);
>>>
>>> // Encrypt the data
>>> DoCrypt(key,ret,4);
>>>
>>> return ret;
>>> }
>>>
>>> // Will return the buffer with the key still at the first 4 bytes
>>> public static byte[] Decrypt(byte[] data)
>>> {
>>> // Create a byte buffer
>>> byte[] ret=new byte[data.length];
>>> System.arraycopy(data,0,ret,0,data.length);
>>>
>>> // Get the key from the first 4 bytes
>>> int key=byteArrayToInt(data,0);
>>>
>>> // Decrypt the data
>>> DoCrypt(key,ret,4);
>>>
>>> return ret;
>>> }
>>>
>>> private static void DoCrypt(int key,byte[] data,int offset)
>>> {
>>> byte b=0;
>>> for(int i=offset;i<data.length;i++)
>>> {
>>> key = key * 1103515245 + 12345;
>>> b=(byte)((key/65536) % 256);
>>> data[i] ^= b;
>>> }
>>> }
>>>
>>>
>>>
>>
>
Received on Fri Sep 14 2007 - 10:55:51 BST

This archive was generated by hypermail 2.2.0 : Sun Sep 16 2007 - 22:19:45 BST