PureBasic Forums - English

I think they will simply take a memory dump of the already decrypted program.

Basically, I coded my encryptor because I knew what it was worth. I don't trust methods that require a "small" password.
As for my encryptor, the password (preferably as long as possible) creates a very long "internal key". Coupled with that, the 3 "binary keys" are files that Xor the file to be encrypted.
Very high security therefore...

In short, I prefer to use my encryptor than another existing one.

"As for my encryptor, the password (preferably as long as possible) creates a very long "internal key".

That does not sound good. So you are basically replacing hashcodes, known to be cryptographically secure, with some self generated random number keys to make a long passphrase from a short one? Logically, no matter what magic you do with the entered password, the entropy in there is never more than the entropy of the original password. And using PB Random()-function does not create cryptographically usable randomness (see https://en.wikipedia.org/wiki/Cryptogra ... _generator).

I assume that if you increase the bounty for 5000$ and post it on reddit, you will get the result in a day. With 200$ there is simply no incentive to even turn on the PC for people capable of doing this. So not having someone solving your challenge does not mean it is secure at all. It is, very very likely, not secure at all.

Anyway, trusting your own experimental algorithm more than scientifically proven hard security with hashcodes and good symmetric encryption like AES is simply wrong. These standards are not used in all important products all over the world because they are not secure. Just look at the Cryptographic Algorithm Validation Program from NIST, on how they tested and validated the AES standard (https://csrc.nist.gov/projects/cryptogr ... on-program). You may get an idea about this.

Finally, google "why is inventing own cryptography a bad idea": https://www.startpage.com/do/dsearch?q= ... ea&cat=web

You may be right.
My method has a virtue: giving a different result to each encryption; precisely when we use the same password and file to encrypt. That's why it has this name.
On the dedicated site, I put 5 different results with the same parameters:
http://mutantekey3.chez.com/

You still have a month to find the file that was encrypted!

SPH wrote: Thu Nov 28, 2024 9:31 pm My method has a virtue: giving a different result to each encryption; precisely when we use the same password and file to encrypt.

This is what a random iv (initialization vector) does in symmetric encryption since, I don't know, 50 years or even more? This is not a unique thing...

SPH wrote: Thu Nov 28, 2024 9:31 pm You still have a month to find the file that was encrypted!

Nah, for 200$ I do not even try to understand your code. It is horrible formatted and I would call it spaghetti code. Also, it will not compile on my Linux systems because of GUI hacks for Windows only. Really, no thanks.

As a friendly suggestion, if you really like to run a bounty on cryptoanalysis, provide well structured and cross platform code with no GUI and add a description of your algorithm in detail (like such example for RC4). Your currently provided website and code is simply not professional enough to be taken serious. Especially as you seem to lack basic understanding of cryptography in general.

BTW, I stop my posting in this thread by quoting Bruce Schneier, the man who wrote the standard book about modern cryptography and invented algorithms like Twofish and Blowfish:

Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.

When someone hands you a security system and says, "I believe this is secure," the first thing you have to ask is, "Who the hell are you?" Show me what you've broken to demonstrate that your assertion of the system's security means something.

Nice

@SPH: You never posted your challenge in https://www.reddit.com/r/crypto like I said, so you're not serious about it being tested. Just because some unskilled coders in this forum (me) can't crack it, doesn't mean others who deal with crypto daily can't. So, post it there. That's my challenge to you.

Ok, I'll take a look at it.

@SPH : I think there is not enough for peoples to break your program because it was written in Purebasic so not a lot of experience from that... It is possible to break with another compiler that mean you need to post elsewhere than here

But the amount of bucks you are giving maybe there will be not interesting maybe, so increase it is usually the best ... Do you have a way to offer it ?

Good luck !

Ok, that's the not the place here for this kind of posts.