Graal Forums  

Go Back   Graal Forums > Development Forums > NPC Scripting
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 12-19-2012, 02:46 PM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
Encryption of strings

Got a bit bored and decided to code my own little encryption thing.
It basically get's a string and converts it into an ASCII array, it then multiplies each item in the array by a "key" and encodes that with base64.
The result ends up being relatively long but still pretty secure.
I don't intend for this to be used for passwords so i'm releasing it.
If you'd like to see what it does, iv'e attaches a screenshot.
Here's the class, name it "Encryption":
Graal Script Code:
//#CLIENTSIDE
function Encrypt(str){
  
temp.result "";
  
//Loops through the individual characters.
  
for(0str.length(); ++){
    
//Get's the character it's up to.
    
temp.char str.substring(i, +1); 
    
temp.num getascii(char); //Converts it to ascii
    //Adds the ASCII character to the array and also "hashes" it.
    
result.add(num/2*50/5); 
  }
  
//Encodes the already confusing string with base64.
  //Typically used for encoding images but meh.
  
result base64encode(result);
  return 
temp.result;
}
function 
Decrypt(str){
  
temp.result "";
  
//Decodes the string and turns it into a "hashed" ASCII array.
  
temp.str base64decode(str);
  
//Splits the string into an array.
  
temp.tok str.tokenize();
  for(
0tok.size(); ++){
    
temp.char tok[i]*2/50*5;
    
//Returns the character from ASCII form.
    
result result@char(char);
  }
  return 
temp.result;

And here's an example of a use for it.
Graal Script Code:
//#CLIENTSIDE
function onCreated(){
  
this.join("Encryption");
}
function 
onWeaponFired(){
  
DrawGUI();
}
function 
DrawGUI(){
  new 
GuiWindowCtrl("Encryption_Window") {
    
profile GuiBlueWindowProfile;
    
clientrelative true;
    
width 331;
    
height 286;
    
canmove true;
    
canresize false;
    
closequery false;
    
destroyonhide true;
    
canmaximize false;
    
canminimize false;
    
text "Encryption";
    
screenwidth/width/2;
    
screenheight/height/2;

    new 
GuiScrollCtrl("Text1_Scroll") {
      
profile GuiBlueScrollProfile;
      
height 114;
      
hscrollbar "dynamic";
      
vscrollbar "dynamic";
      
width 320;
      
= -1;

      new 
GuiMLTextEditCtrl("Text1") {
        
profile GuiBlueMLTextEditProfile;
        
height 17;
        
horizsizing "width";
        
text "Hello World!";
        
width 295;
      }
    }
    new 
GuiScrollCtrl("Text2_Scroll") {
      
profile GuiBlueScrollProfile;
      
height 114;
      
hscrollbar "dynamic";
      
vscrollbar "dynamic";
      
width 320;
      
114;
      
= -1;

      new 
GuiMLTextCtrl("Text2") {
        
profile GuiBlueMLTextProfile;
        
height 17;
        
horizsizing "width";
        
width 295;
      }
    }
    new 
GuiButtonCtrl("Encrypt") {
      
profile GuiBlueButtonProfile;
      
text "Encrypt";
      
width 80;
      
227;
      
= -1;
    }
    new 
GuiButtonCtrl("Decrypt") {
      
profile GuiBlueButtonProfile;
      
text "Decrypt";
      
width 80;
      
240;
      
227;
    }
  }
}
function 
Encrypt.onAction() {
  
Text2.text Encrypt(Text1.text);
}

function 
Decrypt.onAction() {
  
Text2.text Decrypt(Text1.text);

This isn't the most efficient way of encrypting strings, but I just wanted to attempt it.
I originally wanted to return the binary of the strings but graal doesn't contain a default way to do it.
Meaning i'd have to write a really long code and try to comprehend confusing formulas.
Attached Thumbnails
Click image for larger version

Name:	screenshot.png
Views:	83
Size:	36.2 KB
ID:	55242  
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion
Reply With Quote
  #2  
Old 12-19-2012, 03:15 PM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Question: so your just doing this to each letter? Then encoding as Base64?

Graal Script Code:
result.add(num/2*50/5); 
Why not use a word/sentance or w/e?

Alot of times you will see people making a string.. like lets say "cat"... and encrypt the word "rabbit" for example.. r is encrypted depending on the first letter of the key.. "c".. a with "a"... b with "t".. b with "c".. going around in a circle using each letter from "cat".. also they will also use some sort of % math.. like

3%2 = 1... knowing it can only be a number of possibilities.. 256 char possibility. because if you do enough math to a single chracter.. lets say "41" which is hex for ASCII "a".. or "A".. I forget wether it's capital or lowercase at 41.. I think the other is 61? anyways.. if you did say num+10000000 that would result in more then 1 character to represent the character being encrypted...

Just a thought tho. Sorry if this sounds confusing, I have worked 2 days and now running on about 4.5 hours of sleep.. bout to go to sleep and sleep my day away right now .. lol but any questions I would be glad to try and explain what I mean..

Last edited by scriptless; 12-19-2012 at 05:21 PM..
Reply With Quote
  #3  
Old 12-19-2012, 03:46 PM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
Little confused, I was thinking of creating a character map eg, a is equivalent to "7", b "K" and so on, but eh this way looked better.
And the reason I divide by 2 then multiply etc is to make it more confusing.
If someone was trying to crack the string, without knowing the script they could probably tell it's using base64, then when they decipher it they'd see hang on each letter represents a number, and catch on. Where as this, it represents a number, but the number is "hashed" sort of.
Never actually tried to encrypt information properly before, so this was more of a learning curve.
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion
Reply With Quote
  #4  
Old 12-19-2012, 04:44 PM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Quote:
Originally Posted by Gunderak View Post
Little confused, I was thinking of creating a character map eg, a is equivalent to "7", b "K" and so on, but eh this way looked better.
And the reason I divide by 2 then multiply etc is to make it more confusing.
If someone was trying to crack the string, without knowing the script they could probably tell it's using base64, then when they decipher it they'd see hang on each letter represents a number, and catch on. Where as this, it represents a number, but the number is "hashed" sort of.
Never actually tried to encrypt information properly before, so this was more of a learning curve.
But it's not a hash. Hash's cannot be decrypted. Such as SHA and MD5.

Here is an example of what I mean.

Input
Graal Script Code:
Hello World 
Encryption Key
Graal Script Code:
dog 
Lets look at the binary value
Graal Script Code:
Hello World 0100100001100101011011000110110001101111001000000101011101101111011100100110110001100100
dog 
011001000110111101100111 
What you can then do is copy and past the binary from "dog" untill it's as long as the Hello World.. then just "xor" it..

Xor Eample:

Graal Script Code:
//Hello:
01001000 01100101 01101100 01101100 01101111
//dogdo:
01100100 01101111 01100111 01100100 01101111

//result:
00101100 00001010 00001011 00001000 00000000

//and back:
00101100 00001010 00001011 00001000 00000000
xor
01100100 01101111 01100111 01100100 01101111
=
01001000 01100101 01101100 01101100 01101111 
Which means the first "l" is 00001011 while the second is 00001000.. It's not easy pattern at all to figure out even.

Since the size of the encrypted string is the same, we can just xor it again, by the same value, and it should decrypt the string
Reply With Quote
  #5  
Old 12-19-2012, 05:53 PM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
How would you get the binary of a string in GS2 O.o
I'm not really a math expert.
I sort of understand what you mean.
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion
Reply With Quote
  #6  
Old 12-19-2012, 06:01 PM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Quote:
Originally Posted by Gunderak View Post
How would you get the binary of a string in GS2 O.o
I'm not really a math expert.
I sort of understand what you mean.
Not sure if there is a default function however I only showed binary to kinda explain how an xor works.. you can ofcourse use variables..

Graal Script Code:
// HEX
temp.test 0xF0 xor 0XFF;
echo(
temp.test); // 00001111
// String
temp.test xor b;
echo(
temp.test); // 00000011 
It's obviously not gonna output in binary.. uhm.. output it as an int.. and do dec to binary .. using calc


Play around with it a bit, see if you can make sense of the input/output.. post back here if u have more questins.. glad to help.
Reply With Quote
  #7  
Old 12-20-2012, 01:55 AM
cbk1994 cbk1994 is offline
the fake one
cbk1994's Avatar
Join Date: Mar 2003
Location: San Francisco
Posts: 10,718
cbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond repute
Send a message via AIM to cbk1994
The first rule of security is best phrased as "don't try to make your own, you'll **** it up". Pick an algorithm that's been well-researched and is known-strong to implement.

Quote:
Originally Posted by Gunderak View Post
I don't intend for this to be used for passwords so i'm releasing it.
You should almost never encrypt passwords, plus any encryption scheme worth its salt (hah!) is strong regardless of whether or not the algorithm used is known.
__________________
Reply With Quote
  #8  
Old 12-20-2012, 02:04 AM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
As I stated and you quoted. This encryption isn't intended for a password, more of a fun little challenge.
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion
Reply With Quote
  #9  
Old 12-20-2012, 08:46 AM
Crow Crow is offline
ǝɔɐɹq ʎןɹnɔ
Crow's Avatar
Join Date: Dec 2006
Location: Germany
Posts: 5,153
Crow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond repute
Quote:
Originally Posted by cbk1994 View Post
You should almost never encrypt passwords
Elaborate.
__________________
Reply With Quote
  #10  
Old 12-20-2012, 10:37 AM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Quote:
Originally Posted by cbk1994 View Post
The first rule of security is best phrased as "don't try to make your own, you'll **** it up". Pick an algorithm that's been well-researched and is known-strong to implement.


You should almost never encrypt passwords, plus any encryption scheme worth its salt (hah!) is strong regardless of whether or not the algorithm used is known.
I'm under the impression he's not trying to use this but he's only playing with it to help better understand it.. Also, salts are a good idea too.
Reply With Quote
  #11  
Old 12-20-2012, 11:24 AM
Gunderak Gunderak is offline
Coder
Gunderak's Avatar
Join Date: Jun 2011
Location: Australia
Posts: 795
Gunderak is on a distinguished road
Send a message via Skype™ to Gunderak
Yeah, pretty much sums it up.
A way of using this would be to store the "encrypted" string in a database then have the server compare what the "encrypted" user input. So theoretically it could be used.
__________________

Gund for president.

Remote PM {P*}x (Graal813044) from eraiphone -> Stefan: I hav 1 qustion
*Gunderak: he hav 1
*Gunderak: qustion
Reply With Quote
  #12  
Old 12-20-2012, 01:10 PM
scriptless scriptless is offline
Banned
Join Date: Dec 2008
Location: N-Pulse
Posts: 1,412
scriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to beholdscriptless is a splendid one to behold
Quote:
Originally Posted by Gunderak View Post
Yeah, pretty much sums it up.
A way of using this would be to store the "encrypted" string in a database then have the server compare what the "encrypted" user input. So theoretically it could be used.
Since it can be decrypted you would want to use a hash for that.. Because hashes cannot be.. And that's how u use a hash (one way encryption)..


Quote:
Originally Posted by Crow View Post
Elaborate.
He means passwords should be encrypted using a one way encryption (hash).. Something that if stolen u can't decrypt since it compares your encrypted input to the encrypted password.. I believe hashes are still considered a type of encryption..
Reply With Quote
  #13  
Old 12-20-2012, 03:48 PM
BlueMelon BlueMelon is offline
asdfg
BlueMelon's Avatar
Join Date: Sep 2008
Posts: 1,481
BlueMelon is a splendid one to beholdBlueMelon is a splendid one to beholdBlueMelon is a splendid one to beholdBlueMelon is a splendid one to behold
Quote:
Originally Posted by scriptless View Post
I believe hashes are still considered a type of encryption..
I am not here to explain the differences between hashing and encrypting, but they are 2 different things.
__________________
http://i.imgur.com/OOJbW.jpg
Reply With Quote
  #14  
Old 12-20-2012, 03:54 PM
Crow Crow is offline
ǝɔɐɹq ʎןɹnɔ
Crow's Avatar
Join Date: Dec 2006
Location: Germany
Posts: 5,153
Crow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond reputeCrow has a reputation beyond repute
Quote:
Originally Posted by BlueMelon View Post
I am not here to explain the differences between hashing and encrypting, but they are 2 different things.
Hm, you've got a point. I didn't think this through, I guess. But you are right, and so is Chris. Passwords shouldn't be stored at all, only their hashes.
__________________
Reply With Quote
  #15  
Old 12-20-2012, 11:33 PM
cbk1994 cbk1994 is offline
the fake one
cbk1994's Avatar
Join Date: Mar 2003
Location: San Francisco
Posts: 10,718
cbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond reputecbk1994 has a reputation beyond repute
Send a message via AIM to cbk1994
Quote:
Originally Posted by Crow View Post
Hm, you've got a point. I didn't think this through, I guess. But you are right, and so is Chris. Passwords shouldn't be stored at all, only their hashes.
This is what I was referring to. Passwords should be hashed, not encrypted (usually).
__________________
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 05:47 PM.


Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright (C) 1998-2008 Linux cyberjoueurs All Rights Reserved.