Cryptography - Substitution Cipher Question
-
Please let me know if this is not the correct location in the boards for this post. I did not see a section for cryptography or for Security. A piece of accounting software we use that is for a vertical industry use to store our users passwords in a RDBMS as plain text. They did use a substitution cipher so the password was encrypted at a very basic level. They also used a location specif substitution. I don;t know if that is the correct term for this type of substitution cipher but its where the letter you replace changes based on the original character and its position within the encrypted text. For example if the password was password then the text stored might be h^e)7ght . Even though the s is listed twice its substituted text is different because the first instance is in the 3rd position and the next is in the fourth position. The substituted character was always the same based on original character value plus its postilion so the lower case s was always stored as a lower case e when it was in the third potion of any users password. I hope that properly conveys the encryption method the software used and if there is a proper term for this kind of substitution cipher please post and let me know. With the most recent update the software vendor has moved to a more complex encryption method and I'm puzzled by it because the encrypted text consist of fewer characters then its source. For example if the password is password then the encrypted text consists of 64 characters. If the password is paswordpasswordpassword the encrypted text is 64 characters long. I assume that when the password is less then 64 characters then the process is padding the rest. What puzzles me is when we use a password that is greater then 64 characters in length. If i create a password that consist of 70 characters the encrypted text is still only 64 characters in length. I'm new to this so this may be a dumb question but how can you use fewer characters then the source text you are encrypting?
-
Please let me know if this is not the correct location in the boards for this post. I did not see a section for cryptography or for Security. A piece of accounting software we use that is for a vertical industry use to store our users passwords in a RDBMS as plain text. They did use a substitution cipher so the password was encrypted at a very basic level. They also used a location specif substitution. I don;t know if that is the correct term for this type of substitution cipher but its where the letter you replace changes based on the original character and its position within the encrypted text. For example if the password was password then the text stored might be h^e)7ght . Even though the s is listed twice its substituted text is different because the first instance is in the 3rd position and the next is in the fourth position. The substituted character was always the same based on original character value plus its postilion so the lower case s was always stored as a lower case e when it was in the third potion of any users password. I hope that properly conveys the encryption method the software used and if there is a proper term for this kind of substitution cipher please post and let me know. With the most recent update the software vendor has moved to a more complex encryption method and I'm puzzled by it because the encrypted text consist of fewer characters then its source. For example if the password is password then the encrypted text consists of 64 characters. If the password is paswordpasswordpassword the encrypted text is 64 characters long. I assume that when the password is less then 64 characters then the process is padding the rest. What puzzles me is when we use a password that is greater then 64 characters in length. If i create a password that consist of 70 characters the encrypted text is still only 64 characters in length. I'm new to this so this may be a dumb question but how can you use fewer characters then the source text you are encrypting?
Simple: they have found that they have a legal responsibility to secure password storage, and realised that a substitution cipher (or any form of encryption) is fundamentally in secure. So instead, they are using a hashing algorithm, which cannot be reversed and which always generates a result that is the same length, in your case 64 bytes. (which would imply SHA-512).
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
Please let me know if this is not the correct location in the boards for this post. I did not see a section for cryptography or for Security. A piece of accounting software we use that is for a vertical industry use to store our users passwords in a RDBMS as plain text. They did use a substitution cipher so the password was encrypted at a very basic level. They also used a location specif substitution. I don;t know if that is the correct term for this type of substitution cipher but its where the letter you replace changes based on the original character and its position within the encrypted text. For example if the password was password then the text stored might be h^e)7ght . Even though the s is listed twice its substituted text is different because the first instance is in the 3rd position and the next is in the fourth position. The substituted character was always the same based on original character value plus its postilion so the lower case s was always stored as a lower case e when it was in the third potion of any users password. I hope that properly conveys the encryption method the software used and if there is a proper term for this kind of substitution cipher please post and let me know. With the most recent update the software vendor has moved to a more complex encryption method and I'm puzzled by it because the encrypted text consist of fewer characters then its source. For example if the password is password then the encrypted text consists of 64 characters. If the password is paswordpasswordpassword the encrypted text is 64 characters long. I assume that when the password is less then 64 characters then the process is padding the rest. What puzzles me is when we use a password that is greater then 64 characters in length. If i create a password that consist of 70 characters the encrypted text is still only 64 characters in length. I'm new to this so this may be a dumb question but how can you use fewer characters then the source text you are encrypting?
Just to add some background: Have a look here: Password Storage: How to do it.[^] - it explains why hashing and salting are used instead of encryption. And remember: if an app has any European Union users then GDPR applies and that means you need to handle passwords as sensitive data and stored them in a safe and secure manner. Text is neither of those and the fines can be .... um ... outstanding. In December 2018 a German company received a relatively low fine of €20,000 for just that.
Sent from my Amstrad PC 1640 Never throw anything away, Griff Bad command or file name. Bad, bad command! Sit! Stay! Staaaay... AntiTwitter: @DalekDave is now a follower!
-
Please let me know if this is not the correct location in the boards for this post. I did not see a section for cryptography or for Security. A piece of accounting software we use that is for a vertical industry use to store our users passwords in a RDBMS as plain text. They did use a substitution cipher so the password was encrypted at a very basic level. They also used a location specif substitution. I don;t know if that is the correct term for this type of substitution cipher but its where the letter you replace changes based on the original character and its position within the encrypted text. For example if the password was password then the text stored might be h^e)7ght . Even though the s is listed twice its substituted text is different because the first instance is in the 3rd position and the next is in the fourth position. The substituted character was always the same based on original character value plus its postilion so the lower case s was always stored as a lower case e when it was in the third potion of any users password. I hope that properly conveys the encryption method the software used and if there is a proper term for this kind of substitution cipher please post and let me know. With the most recent update the software vendor has moved to a more complex encryption method and I'm puzzled by it because the encrypted text consist of fewer characters then its source. For example if the password is password then the encrypted text consists of 64 characters. If the password is paswordpasswordpassword the encrypted text is 64 characters long. I assume that when the password is less then 64 characters then the process is padding the rest. What puzzles me is when we use a password that is greater then 64 characters in length. If i create a password that consist of 70 characters the encrypted text is still only 64 characters in length. I'm new to this so this may be a dumb question but how can you use fewer characters then the source text you are encrypting?
pen and paper - Is there a simple hash function that one can compute without a computer? - Cryptography Stack Exchange[^] Second answer has an example that explains the concept :)
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^] "If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
