Search code examples
algorithmencryptionencryption-symmetricvigenere

Is my symmetric encryption algorithm safe?

I recently decided to write my own symmetric encryption program (which could be used in a custom password manager for example). I would like your opinion about him, did I make big mistakes? else would it be easily breakable?

It is basically a Vigenere fork trying to get closer to the principles of Vernam encryption but remaining easy to use (you can use any key in order to encrypt your text).

How does it work?

  • You enter a message (e.g. hello world) and a seed (e.g. seed).
  • The seed is transformed into a number thanks to a hash function
  • We add the number of letters of the message to this number, and we hash it another time
  • A pseudo-random number generator is initialized with the result and a list of random numbers of the text size is generated (it's the key).
  • We shift each letter with the corresponding number in the list (the first letter of the message is shifted with the first number of our generated list) Example : Alphabet: [a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z] List : [1,18,3,17,0] Word: "hello" h+1 = j e+18 = w l+3 = o l+17=c (as the alphabet is finished, we continue at the beginning) o+0=o Output: "jwoco"

The principles of Vernam encryption specifies that :

  • the key used to offset the letters must be at least as large as the text size -> It's okay
  • The key must only be used once -> It's okay if you change your seed or the size of the message (since we include the text size in the hash used to initialize the key)
  • The key must be completely random -> This will depend on the random number generation algorithm and the hash algorithm but if they are good we should have an output with which it is impossible without the key to find a text that is more likely than another to be the original message.

Is my explanation clear? Do you agree with me? Do you have any clarifications to add? improvements to propose or algorithms of random number generation and hash to advise me?

have a nice day, Thomas!

Solution

  • A relevant anecdote from Bruce Schneier:

    See https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign

    A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to "fix" it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. "In each of these envelopes is an attack against your cipher. Take one and read it. Don't come back until you've discovered the other two attacks." The amateur was never heard from again.

    Use AES.