• (cs) in reply to C-Octothorpe
    C-Octothorpe:
    hoodaticus:
    If their config files are so important to keep away from the client, then why didn't they do that, replacing the file load with a webservice call?
    Because that just obscures it. If they're determined enough, they can simply sniff the connection and intercept it... If you really want to lock the user out, I think the best approach would be to perform some sort of checksum or hash and have it call home on startup to verify (send back a public key encrypted response so they can't intercept and modify). No encryption needed, just check the integrity of the data, and bomb out badly when they try to make their own changes.
    Preferably with a deletion. Oh what joy to see them try to surmount a hashing algorithim! Do a filesize check too, in that case.
  • Those who live in glass houses... (unregistered) in reply to Some Dude
    Some Dude:
    Base64 is encoding not encryption. Do you even know what Base64 is?

    GIYF: http://www.merriam-webster.com/dictionary/encrypt def 2: ENCODE

    How does your foot taste?

  • germaican (unregistered) in reply to MadJo (professional software tester)

    What is a US-Name?

    ABEDABUN, ITUHA and TEHYA are (native) american names.

    But what is a US-Name? Joe? John? Jim? Jack? Well John for example is derived from Yoḥanan, which is a Hebrew name. Start to accept it in your daily life, the US are an immigration Nation.

    I think there are really very few names which originate in the US, the nation, that has no laws to prevent parents from giving stupid names to kids. You could name your kids "Doorknob" and "toilette paper". I don't think there is any other Nation so FREE in this regard.

  • (cs) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Some Dude:
    Base64 is encoding not encryption. Do you even know what Base64 is?

    GIYF: http://www.merriam-webster.com/dictionary/encrypt def 2: ENCODE

    How does your foot taste?

    Wow, to see this level of misguided and uninformed pedantry is just, um, impressive... And the guy he was replying to isn't much better.

    Here is a hint: encoding != encrypting

    Or if you want to continue being loud and ignorant, let me put it this way: how secure would you feel while doing some online banking that the connection between your browser and the banks servers was simply encoded (because it's the same thing, dontcha know)...

  • Brent (unregistered) in reply to GFK
    GFK:
    Here's a simple tutorial on how to decode Base64: RG93bmxvYWQgYW5kIGluc3RhbGwgTm90ZXBhZCsrDQpPcGVuIGl0DQpQYXN0ZSB0aGUgdGV4dCBpbiBhIG5ldyBkb2N1bWVudA0KR28gdG8gbWVudSBQbHVnaW5zID4gTUlNRSA+IEJhc2U2NCBEZWNvZGU=

    So many complicated methods: SW5zdGFsbCBMZWV0S2V5IHBsdWdpbi4gIFNlbGVjdCB0ZXh0LCBzZWxlY3QgZGVjb2RlIGJhc2U2NC4gIERvbmUu

  • not frits at all (unregistered) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Some Dude:
    Base64 is encoding not encryption. Do you even know what Base64 is?

    GIYF: http://www.merriam-webster.com/dictionary/encrypt def 2: ENCODE

    How does your foot taste?

    Using that logic:

    http://www.merriam-webster.com/dictionary/public def 5: devoted to the general or national welfare

    It's true, Java public methods are devoted to the general or national welfare.

  • ac (unregistered) in reply to trtrwtf

    You see, the thing with these comments is that everybody assumes the developers behind this tool are dumb. I think there's a possibility that they're pretty smart. Think of it this way.

    1. Many support calls because newbie users edit configuration file and fuck up.

    2. Company thinks:

    • supporting this "feature" = cost;
    • selling a configuration tool = revenue.
    1. Developers against encrypting configuration files for many reasons:
    • don't want to write/support the stupid configuration tool;
    • know very well that smart users will bypass most forms of "encryption" anyways;
    • forcefully charging a lot more for the same power they had before is against their principles.

    Thus, they develop this "encryption" scheme. Developers are happy (stupid tool was quick/easy to write). Management is happy (feel smart, less support calls, more revenue). Smart customers are happy (they still get to configure the software without paying anything more). Dumb customers are happy (spend $100k on yet another enterprisey tool).

  • (cs) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Some Dude:
    Base64 is encoding not encryption. Do you even know what Base64 is?

    GIYF: http://www.merriam-webster.com/dictionary/encrypt def 2: ENCODE

    How does your foot taste?

    Why so interested? Do trolls like feet?

    Here's a tip: show him a dictionary which has "encode" defined as "encrypt" and then you can ask about his feet.

  • Fred Flintstone (unregistered) in reply to MadJo (professional software tester)

    He was just trying to "to conduct encryption research, assess product interoperability, and test computer security systems." So he is good to go.

  • AnnoyingCowherd (unregistered) in reply to MadJo (professional software tester)
    MadJo (professional software tester):
    boog:
    You left out the part where Thijs B's company gets sued to oblivion for "bypassing security" and "reverse engineering" the software.

    Thijs is clearly not a US-name, and therefor the DMCA doesn't apply, thanks for playing, we have some lovely consolation prices for you backstage.

    Clearly we Americans do not allow our complete inability to read a map deter us from trying to sue whomever the hell we please.

  • Machtyn (unregistered) in reply to germaican

    There is a definite form of American name. At least for a long time there was. Many immigrants who landed at Staten Island changed their names to be more "American". Sometimes, their names were changed for them, especially if their name was hard to pronounce.

    This isn't the case so much anymore - now that our society is differentiating themselves from the melting pot. We're no longer Americans, but we're African American (but only if you're black - white South Africans need not apply), Mexican American (even if you're from Panama), etc, etc. In the race to not be racists, we tripped over our feet and are making racism more pronounced.

  • (cs) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    I wish all you ivory tower wannabes would get off your high horses. Base-64 is encryption! Do you even know what encryption means? It means to put in a code. Base-64 is a code. Now STFU.

    From Wikipedia:

    In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

  • Hortical (unregistered) in reply to Mason Wheeler
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

  • Rogers (unregistered) in reply to Hortical

    Once you guess it right, you would then have the knowledge. It's a long process of obtaining the knowledge.

  • ac (unregistered) in reply to Mason Wheeler
    Mason Wheeler:
    Those who live in glass houses...:
    I wish all you ivory tower wannabes would get off your high horses. Base-64 is encryption! Do you even know what encryption means? It means to put in a code. Base-64 is a code. Now STFU.

    From Wikipedia:

    In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    Also from Wikipedia (http://en.wikipedia.org/wiki/Caesar_cipher):

    In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher ...

    and (http://en.wikipedia.org/wiki/Substitution_cipher):

    In cryptography, a substitution cipher is a method of encryption by which ... ROT13 is an example of the Caesar cipher, developed in ancient Rome.

    ROT13 is clearly only an algorithm by your definition, since it only uses a key. Yet, by the same reference you cited, it is also called "encryption".

    Maybe in those days, since nobody knew about this technique, knowing the algorithm was the key. This might still apply with Base64 for the average computer user.

  • can't find my zune charger (unregistered) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Some Dude:
    Base64 is encoding not encryption. Do you even know what Base64 is?

    GIYF: http://www.merriam-webster.com/dictionary/encrypt def 2: ENCODE

    How does your foot taste?

    Oooohh. I love dirty talk. Any other parts of my body you want to hear about? Anything at all, it's all yours.

  • gnasher729 (unregistered) in reply to Mason Wheeler
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    Well, with DRM the rule is that access management has to be effective, and that means just that an ordinary person cannot just read it but that it requires circumvention. Even if the method of cracking it is widely known, that doesn't make a difference. So base64 encoding could possibly be called "effective".

    However, DMCA is about copying or accessing copyrighted works without permission. The goal is clearly to write XML configuration files and then encode them in such a way that the software will use them. No data owned by the manufacturer needs to be copied or accessed. So the DMCA doesn't bite at all, same as Lexmark was told to shove it when they sued an ink cartridge maker over alleged DMCA infringement.

  • (cs) in reply to Hortical
    Hortical:
    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    I'm glad that I'm agnostic, because your devil is an idiot.

  • mah bonez (unregistered) in reply to Mason Wheeler
    C-Octothorpe:
    Here is a hint: encoding != encrypting
    Mason Wheeler:
    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    The following statement is true: Encoding is a form of encryption. (i.e., encoding = encryption)

    The following statement is also true: Encoding is not necessarily a good form encryption.

    Base-64 is encryption, as is ROT-13. They are just very weak encryptions. Even going by the information from the quoted wikipedia page, they are unreadable by anyone except those possessing special knowledge .. in this case, the knowledge of the form of encoding (i.e., the means of encoding/decoding is the key).

  • Sizik (unregistered)

    I found this amusing. [image]

  • Hortical (unregistered) in reply to ac
    ac:
    Maybe in those days, since nobody knew about this technique, knowing the algorithm was the key. This might still apply with Base64 for the average developer.

    FTFY

    Which might explain:

    ac:
    ROT13 is clearly only an algorithm by your definition, since it only uses a key. Yet, by the same reference you cited [wikipedia], it is also called "encryption".

    The fact that terms are conflated or misused is no justification for conflating the concepts they represent. Dictionaries often lack domain-specific connotations making them not always useful for this kind of discussion.

  • Hortical (unregistered) in reply to dohpaz42
    dohpaz42:
    Hortical:
    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    I'm glad that I'm agnostic, because your devil is an idiot.

    Yes, and always serious.

  • (cs) in reply to Hortical
    Hortical:
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    Makes sense on the surface, but there is still the key that you guessed. Also they serve to different purposes. Encoding takes form as an algorithm to alter the data, for example, for safe insertion into an XML file, or HTML encoding text (take a look at canonicalization). You can encode and decode the message by simply applying an algorithm, and no key is necessary.

    Encryption disguises the data by using either a secret key (symmetric) or a mathematically related public/private key pair(asymmetric). To decrypt encrypted text (and depending on if it's sym or asym), you require the/a key, which can be guessed or brute forced as you pointed out.

    But they are fundamentally different.

  • Hortical (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    Hortical:
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    Makes sense on the surface, but there is still the key that you guessed. Also they serve to different purposes. Encoding takes form as an algorithm to alter the data, for example, for safe insertion into an XML file, or HTML encoding text (take a look at canonicalization). You can encode and decode the message by simply applying an algorithm, and no key is necessary.

    Encryption disguises the data by using either a secret key (symmetric) or a mathematically related public/private key pair(asymmetric). To decrypt encrypted text (and depending on if it's sym or asym), you require the/a key, which can be guessed or brute forced as you pointed out.

    But they are fundamentally different.

    You know that didn't deserve a serious answer, why'd you give one?

  • (cs) in reply to Hortical
    Hortical:
    C-Octothorpe:
    Hortical:
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    Makes sense on the surface, but there is still the key that you guessed. Also they serve to different purposes. Encoding takes form as an algorithm to alter the data, for example, for safe insertion into an XML file, or HTML encoding text (take a look at canonicalization). You can encode and decode the message by simply applying an algorithm, and no key is necessary.

    Encryption disguises the data by using either a secret key (symmetric) or a mathematically related public/private key pair(asymmetric). To decrypt encrypted text (and depending on if it's sym or asym), you require the/a key, which can be guessed or brute forced as you pointed out.

    But they are fundamentally different.

    You know that didn't deserve a serious answer, why'd you give one?

    Boredom really... And I just happened to repond to your post, but really it was directed more to the others who confuse/misuse encryption and encoding.

    Also, I didn't see your other posts (which were much better worded than mine) until after I posted... My bad.

  • praesent (unregistered) in reply to germaican
    germaican:
    What is a US-Name?

    ABEDABUN, ITUHA and TEHYA are (native) american names.

    But what is a US-Name? Joe? John? Jim? Jack? Well John for example is derived from Yoḥanan, which is a Hebrew name. Start to accept it in your daily life, the US are an immigration Nation.

    I think there are really very few names which originate in the US, the nation, that has no laws to prevent parents from giving stupid names to kids. You could name your kids "Doorknob" and "toilette paper". I don't think there is any other Nation so FREE in this regard.

    What about stripper names? Strippers are made by US. April, Spring, Kennedy, Kendra, Sunshine, ...

  • (cs) in reply to mah bonez
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

  • caecus (unregistered) in reply to Mason Wheeler
    Mason Wheeler:
    Those who live in glass houses...:
    I wish all you ivory tower wannabes would get off your high horses. Base-64 is encryption! Do you even know what encryption means? It means to put in a code. Base-64 is a code. Now STFU.

    From Wikipedia:

    In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    Oh, there's a key: it's NULL.

  • the zuneification of an innocent mind (unregistered) in reply to praesent
    praesent:
    What about RealDoll names? RealDolls are made by US. April, Spring, Kennedy, Kendra, Sunshine, ...

    I think when it shows up, you can call it whatever you want.

    And dress it however you want.

    And treat it however you want.

    Which reminds me, when are they going to have pre-pubescent-analog RealDolls? I keep writing the company and they keep threatening to call the police. It's not like I'm hurting anyone.

    Religious right asswipes.

  • mah bonez (unregistered) in reply to boog
    boog:
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

  • Fat (unregistered) in reply to Hortical
    Hortical:
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    Consider the simplest encryption: XOR the message with the the same length key (one-time pad encryption). "Cracking" this encryption will give you any message you want, as long as it has the same length as the original. Therefore that algorithm can hardly be called an "encoding". But that's definitely an encryption.

  • Zif (unregistered)

    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gbWFzb24gTWFs c29uIGJ1dCBtYXNvbiBNYWxzb24gc2xhbW1lZCBTYW0ncyBzYWxtb24gb24g U2FsJ3MgbGFtYidzIHNvbi4=

    I just wrote that for shits :D

    Captcha: haero. Haero you supposed to decrypt base64?

  • Orangejello (unregistered) in reply to germaican
    germaican:
    What is a US-Name?

    ABEDABUN, ITUHA and TEHYA are (native) american names.

    But what is a US-Name? Joe? John? Jim? Jack? Well John for example is derived from Yoḥanan, which is a Hebrew name. Start to accept it in your daily life, the US are an immigration Nation.

    I think there are really very few names which originate in the US, the nation, that has no laws to prevent parents from giving stupid names to kids. You could name your kids "Doorknob" and "toilette paper". I don't think there is any other Nation so FREE in this regard.

    Well, I find Orangejello (or-AN-juh-lo), Lemonjello (le-MON-juh-lo), and La-a (That's La dash a) To be quite American, and quite Stupid.

  • Fat (unregistered) in reply to mah bonez
    mah bonez:
    boog:
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

    The thing is, ROT13 is not really an encryption (at lest in Mason Wheeler's definition, which I find pretty sound). If you apriori know that the sender uses ROT13, you don't have to decypher enything, at's no more an encryption than ASCII (which I don't think is an encryption).

    But in real life when you think of ROT13, you think of something a bit different. Consider, for example, an enctyption algorithm with 1-bit key. If key is 0, you use ROT13 on your message, if it's 1, then you use ROT26. Now, in that case, even with perfect knowledge of the algorithm, but without knowledge of the key, you can't strictly speaking restore the original message, so this really is an encryption. I think, that's more like what you imagine when you talk about "ROT13 being an encryption".

  • Zif (unregistered) in reply to Zif
    Zif:
    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gbWFzb24gTWFs c29uIGJ1dCBtYXNvbiBNYWxzb24gc2xhbW1lZCBTYW0ncyBzYWxtb24gb24g U2FsJ3MgbGFtYidzIHNvbi4=

    I just wrote that for shits :D

    Captcha: haero. Haero you supposed to decrypt base64?

    Hmm. Improved version:

    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gU2FtJ3MgbW9t IFNhbW9uZSBidXQgU2FtJ3MgbW9tIFNhbW9uZSBzbGFtbWVkIFNhbSdzIHNh bG1vbiBvbiBTYWwncyBsYW1iJ3Mgc29uLg==

  • (cs) in reply to Zif
    Zif:
    Zif:
    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gbWFzb24gTWFs c29uIGJ1dCBtYXNvbiBNYWxzb24gc2xhbW1lZCBTYW0ncyBzYWxtb24gb24g U2FsJ3MgbGFtYidzIHNvbi4=

    I just wrote that for shits :D

    Captcha: haero. Haero you supposed to decrypt base64?

    Hmm. Improved version:

    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gU2FtJ3MgbW9t IFNhbW9uZSBidXQgU2FtJ3MgbW9tIFNhbW9uZSBzbGFtbWVkIFNhbSdzIHNh bG1vbiBvbiBTYWwncyBsYW1iJ3Mgc29uLg==

    No thanks, I lost too many brain cells reading the first version.

  • Those who live in glass houses... (unregistered) in reply to Fat
    Fat:
    mah bonez:
    boog:
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

    The thing is, ROT13 is not really an encryption (at lest in Mason Wheeler's definition, which I find pretty sound). If you apriori know that the sender uses ROT13, you don't have to decypher enything, at's no more an encryption than ASCII (which I don't think is an encryption).

    But in real life when you think of ROT13, you think of something a bit different. Consider, for example, an enctyption algorithm with 1-bit key. If key is 0, you use ROT13 on your message, if it's 1, then you use ROT26. Now, in that case, even with perfect knowledge of the algorithm, but without knowledge of the key, you can't strictly speaking restore the original message, so this really is an encryption. I think, that's more like what you imagine when you talk about "ROT13 being an encryption".

    Why do you have such difficulty understanding this? "Encryption" and "Encoding" are TWO words FOR THE SAME THING. Of course ROT-13 (Caesar's Cipher) is both an encryption and an encoding. What you describe above is an entirely unique algorithm.

  • i will never buy an ipod (unregistered) in reply to Zif
    Zif:
    Zif:
    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gbWFzb24gTWFs c29uIGJ1dCBtYXNvbiBNYWxzb24gc2xhbW1lZCBTYW0ncyBzYWxtb24gb24g U2FsJ3MgbGFtYidzIHNvbi4=

    I just wrote that for shits :D

    Captcha: haero. Haero you supposed to decrypt base64?

    Hmm. Improved version:

    U2FsIG1vYW5lZCBjdXogU2FtIGxvYW5lZCBzYWxtb24gdG8gU2FtJ3MgbW9t IFNhbW9uZSBidXQgU2FtJ3MgbW9tIFNhbW9uZSBzbGFtbWVkIFNhbSdzIHNh bG1vbiBvbiBTYWwncyBsYW1iJ3Mgc29uLg==

    Huh.

    Improved subject matter:

    U2FsIG1vYW5lZCBjdXogU2FtIHNsYW1tZWQgc2F1c2FnZSB1cCBTYW0ncyBtb20ncyBzbGlwcGVyeSB0d2F0IGFuZCBTYW0ncyBtb20gU2Ftb25lIHNwb2tlIHNhbGFjaW91c2x5IGFib3V0IFNhbSdzIHNhdXNhZ2Ugc3ByYXlpbmcgb24gU2FsJ3MgbGFtYidzIHNvbi4=

  • Fat (unregistered) in reply to Those who live in glass houses...

    So, one-time pad is an encoding too?

  • Those who live in glass houses... (unregistered) in reply to Fat
    Fat:
    So, one-time pad is an encoding too?
    Step 1: Determine the purpose of 1-time encoding. Step 2: Write a definition of the 1-time encoding. Step 3: Compare with the definition of encoding Step 4: Return and share your findings with the class. Use specific definitions and examples.
  • (cs) in reply to ac
    ac:
    Also from Wikipedia (http://en.wikipedia.org/wiki/Caesar_cipher):
    In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher ...

    and (http://en.wikipedia.org/wiki/Substitution_cipher):

    In cryptography, a substitution cipher is a method of encryption by which ... ROT13 is an example of the Caesar cipher, developed in ancient Rome.

    ROT13 is clearly only an algorithm by your definition, since it only uses a key. Yet, by the same reference you cited, it is also called "encryption".

    Maybe in those days, since nobody knew about this technique, knowing the algorithm was the key. This might still apply with Base64 for the average computer user.

    I would consider ROT13 an encryption algorithm with a key. The key is the number 13. It would be trivial to generalize the algorithm to use any number from 1-25, and without knowing the key, you wouldn't be able to decode a message encoded with it to plaintext. (Of course, with such a small search space, it wouldn't be difficult to brute-force, but that's a different issue.)

  • (cs) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Fat:
    mah bonez:
    boog:
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

    The thing is, ROT13 is not really an encryption (at lest in Mason Wheeler's definition, which I find pretty sound). If you apriori know that the sender uses ROT13, you don't have to decypher enything, at's no more an encryption than ASCII (which I don't think is an encryption).

    But in real life when you think of ROT13, you think of something a bit different. Consider, for example, an enctyption algorithm with 1-bit key. If key is 0, you use ROT13 on your message, if it's 1, then you use ROT26. Now, in that case, even with perfect knowledge of the algorithm, but without knowledge of the key, you can't strictly speaking restore the original message, so this really is an encryption. I think, that's more like what you imagine when you talk about "ROT13 being an encryption".

    Why do you have such difficulty understanding this? "Encryption" and "Encoding" are TWO words FOR THE SAME THING. Of course ROT-13 (Caesar's Cipher) is both an encryption and an encoding. What you describe above is an entirely unique algorithm.
    Encryption is NOT Encoding Mariam Websters perhaps defines them as interchangeable terms, however in the context of computer science and cryptography specifically (which is what we're talking about, so get over it), they are wholly different things.

    Addendum (2011-07-25 14:54): This is such a stupid argument... Well, here is the be-all-end-all definition of hash, so I guess that means it no longer has anything to do with cryptographic hashing.

  • Pentium100 (unregistered) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Why do you have such difficulty understanding this? "Encryption" and "Encoding" are TWO words FOR THE SAME THING. Of course ROT-13 (Caesar's Cipher) is both an encryption and an encoding. What you describe above is an entirely unique algorithm.
    They are used for different purposes. Encoding is used because the result is easier to transmit or store (be it base64 or RLL). It can also make the data harder to read by a human without an appropriate algorithm but it is not secure. Encryption is used to make the data unreadable to a human without a key or the algorithm. It is more secure and usually the result of the encryption is not easier to transmit or store.
  • Fat (unregistered) in reply to Those who live in glass houses...
    Those who live in glass houses...:
    Fat:
    So, one-time pad is an encoding too?
    Step 1: Determine the purpose of 1-time encoding. Step 2: Write a definition of the 1-time encoding. Step 3: Compare with the definition of encoding Step 4: Return and share your findings with the class. Use specific definitions and examples.

    Yeah, Marriam-Webster is what regulates scientific definition. By the way, did you know that atom is indivisable? Marriam-Webster says so. All this protons and electrones are just a fake.

    And I must ask, what do you mean by 1-time encoding? I've never met this term (as has google, apparently), better be sure.

  • (cs) in reply to mah bonez
    mah bonez:
    boog:
    mah bonez:
    The following statement is true: Encoding is a form of encryption.
    Holy shit, is that really all it takes to make your statements true? You just declare them as true? Let me try:

    The following statement is true: boog is a friendly, well-liked individual.

    Nope, it didn't work. Either I'm doing it wrong, or you actually need to back your assertions with supporting evidence if you want them to be true.

    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

    No, I won't explain, because personally I don't consider ROT13 a form of encryption. But that doesn't matter, because your explanation still does not prove that your above assertion (that encoding == encryption) is true. It only shows that more precise definitions are necessary to distinguish between the two; maybe that was your point all along, but your above assertion doesn't fit such a context.

    I'll agree that encryption is always encoding, just not the other way around.

  • Brent (unregistered) in reply to mah bonez
    mah bonez:
    My supporting evidence was the information previously presented by others. ROT-13 (and generically speaking, Caeser's cipher) is a form of encryption, but all it is really (as posted by someone else) is an encoding with the "key" being the knowledge of the specific encoding used. Please explain the difference between how ROT-13 is encryption that excludes any other encoding form from being an encryption.

    Trivial. A non-encrypted, human readable XML file is an encoding of information. As is an non-encrypted internet packet or even just a plain text file (those characters have to be encoded and decoded in some way by things that read and write them...ASCII, Unicode, EBCDIC, JIS, etc).

    Your statement was backwards: Encryption is a type of encoding. (But not all encodings are encryption).

  • (cs) in reply to C-Octothorpe
    C-Octothorpe:
    Mariam Websters perhaps defines them as interchangeable terms, however in the context of computer science and cryptography specifically (which is what we're talking about, so get over it), they are wholly different things.
    I sort of agree and sort of disagree. I agree in the sense that there is a very different connotation to each. I disagree in the sense that I think it would be quite hard to come up with a definition that draws a sharp line between the two (or separating out a subset of encodings as "not encryption").

    This goes doubly so if you want to make the classification of something invariant with time. I think it's pretty clear that RSA would be encryption now. Does it become a mere encoding if quantum computers become commonplace and inverting RSA keys becomes trivial?

  • trtrwtf (unregistered) in reply to C-Octothorpe

    [quote user="C-Octothorpe This is such a stupid argument... Well, here is the be-all-end-all definition of hash, so I guess that means it no longer has anything to do with cryptographic hashing.[/quote]

    Stupid and pointless. Anyone who's unable to grasp the proper use of a dictionary isn't going to have anything worth saying about anything in any case. Best thing to do is to put them in a room with some nice plastic drycleaning bags and hope for the best.

  • nisl (unregistered) in reply to C-Octothorpe
    C-Octothorpe:
    Encryption is NOT Encoding Mariam Websters perhaps defines them as interchangeable terms, however in the context of computer science and cryptography specifically (which is what we're talking about, so get over it), they are wholly different things.

    Addendum (2011-07-25 14:54): This is such a stupid argument... Well, here is the be-all-end-all definition of hash, so I guess that means it no longer has anything to do with cryptographic hashing.

    (Mispelled) Merriam Webster is not an acceptable source for definitions, but some guy named Dave Ireland in Australia is? Is that you're own personal website?

  • Decius (unregistered) in reply to Hortical
    Hortical:
    Mason Wheeler:
    See also Kerckhoffs's Principle, which explains that the key is the essential part of a cryptosystem. The true requirement for cryptography is that a person possessing the algorithm but not the key cannot read the message.

    There is no key in Base64 encoding, only an algorithm, so it does not qualify as encryption, oversimplified definitions in some dictionary notwithstanding.

    I don't know that much about encryption, but let me play devil's advocate by pointing out that one does not absolutely need the key beforehand to read an encrypted message if it can be found by brute force.

    So could we consider the cracking and decryption to be part of a really, really long decoding process? Just one that might take 10000000000 years.

    That is only true if the encryption method includes enough redundant data to self-validate. It's also probable that two different plaintext messages, encrypted with different keys, would have the same ciphertext.

Leave a comment on “Encrypted XML”

Log In or post as a guest

Replying to comment #:

« Return to Article