- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
I'd put it this way:
...If we consider Encoding to mean moving data from one representation to another. Encryption in particular is then a way of encoding data such that it will be sufficiently difficult to decode. Decoding may be greatly facilitated by a key, it might even absolutely require it to make sure the data has been properly decoded.
Because encoding is just changing how we represent data. When I convert from Unicode to ASCII, is that encryption? What about when I make a ZIP archive? Or convert from one lossless image/audio format to another? Encryption? Really?
You could argue, if you wish, that the use of base64 here is encryption, just a really poor one. That discussion would end up mirroring "(Art/Not Art) vs (Good Art/Bad Art)".
Admin
I'm guessing that the objective was to scare off casual editing and the actual protection is a contract. Faking licensing for the company I work at's software is remarkably easy (all you need is to update a table) but unheard of because of:
Admin
But don't let that stop you saying it for him. It might have the added benefit of making it sound like you actually have a point.
Admin
Also, you seem to fail at reading comprehension as I never stated that the link I supplied is authoritative. He simply spent more time writing a good explanation than I have the time to right now.
It appears the level of pedantery is quite high, so let me rephrase: encryption is encoding, but not visa versa. They are two different things that are used for different purposes. I was just using broad terminology obviously when I shouldn't have.
Admin
Admin
T3IgaWYgeW91J3JlIG9uIFVOSVggKExpbnV4LCBNYWMgT1MgWCwgZXRjLikgeW91IGNhbiBqdXN0IHVzZSAnYmFzZTY0IC1EJy4K
Admin
Admin
[quote user="EvanED"I agree in the sense that there is a very different connotation to each. I disagree in the sense that I think it would be quite hard to come up with a definition that draws a sharp line between the two (or separating out a subset of encodings as "not encryption")[/quote]
No, it's very easy to come up with a sharp line. If some data is transformed into some other form with the purpose of hiding it, then it's encryption. If data is transformed for the purpose of transporting or storing it, it's encoding. Whether or not an encryption is strong or not is beside the point. Sometimes you might do both to the same set of data.
XML, ASCII, Unicode are encodings. They are designed for ease and efficiency of storage and transmission of information.
RSA is encryption, regardless of whether or not it's breakable. Nobody would use RSA just for transporting or storing data unless they also intended to hide it from prying eyes.
Admin
Admin
Admin
Admin
Cans person plz post codes for Base-64 encrypting in Java syntax plz?
Admin
False.
This statement is true: "Encryption is a kind of encoding."
Encodings contains things other than encryptions. Your id est is a failure.
But you knew that already. Right? One can only hope people still learn the basic logic of the material implicative.
Admin
Admin
Admin
Admin
Admin
Admin
Your eyes are not "prying eyes" in that case, so what's your point?
Admin
Admin
FUCK!!!
Admin
We'll see how Thijs and his company feel about his cleverness after the company gets hit with a DMCA violation for circumventing the encryption on this product.
Won't be so funny, then...
Admin
Admin
Admin
Obligatory XKCD link:
http://xkcd.com/538/
NOT Spam, askimet.
Admin
Admin
VGhpcyB0ZXh0IElTIE5PVCBFTkNSWVBURUQuICBJZiBpdCB3ZXJlLCB5b3Ug d291bGQgYmUgdW5hYmxlIHRvIGRlY2lwaGVyIGl0IHdpdGhvdXQgJ3NwZWNp YWwga25vd2xlZGdlJyAobGlrZSBhIGtleSkgYXMgZGVmaW5lZCBoZXJlOiAg aHR0cDovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9FbmNyeXB0aW9uICBJZiB5 b3UgdGFrZSB0aGUga25vd2xlZGdlIG9mIGRlY3J5cHRpbmcgYmFzZTY0IGFz IHRoaXMgJ3NwZWNpYWwga25vd2xlZGdlJywgdGhlbiBieSB0aGF0IGxvZ2lj IHRoZSBlbmdsaXNoIGxhbmd1YWdlIGl0c2VsZiBpcyBhbiBlbmNyeXB0aW9u IGJlY2F1c2Ugb25seSBwZW9wbGUgd2l0aCAnc3BlY2lhbCBrbm93bGVkZ2Un ICh0aG9zZSB3aG8gdW5kZXJzdGFuZCBlbmdsaXNoIGNoYXJhY3RlciBnbHlw aHMsIHRoZWlyIG1lYW5pbmdzLCBhbmQgdGhlIGFiaWxpdHkgdG8gZm9ybSB0 aG91Z2h0cyBhbmQgaWRlYXMgdXNpbmcgdGhlIGVuZ2xpc2ggZW5jcnlwdGlv biBhbGdvcml0aG0pIGNhbiB1c2UgaXQgb3IgZGVjaXBoZXIgaXQu
Admin
Because people from other countries NEVER come to the US to work. Yup.
Admin
Admin
Admin
Pretty please?!
Admin
Then I really don't want to sign up to any highish profile websites that you designed the authentication mechanism for. Passwords are meant to be encrypted 1-way.
Admin
Admin
Admin
document.getElementById("ctl00_MainContent_lnkComments2").innerHTML="64 Comments";Hey, I got that too!
Admin
Now buy my Real Official NHF Hats and Viagara!
Admin
Qm90aCBvZiBvdXIgZXhhbXBsZXMgd2VyZSB3aXRob3V0IGFueSBicnV0ZSBm b3JjZSByZXF1aXJlZC4gIEJhc2U2NCByZXF1aXJlcyBubyBicnV0ZSBmb3Jj ZS4gIEVuZ2xpc2ggbGFuZ3VhZ2UgcmVxdWlyZXMgbm8gYnJ1dGUgZm9yY2Uu ICBVbmxvY2tlZCBkb29yIHJlcXVpcmVzIG5vIGJydXRlIGZvcmNlLiAgV2Ug YXJlIGdpdmluZyBleGFtcGxlcyB0aGF0IGFyZSAqbm90KiBlbmNyeXB0aW9u LCB0byBzaG93IGhvdyB0aGV5IGFyZSBhbGwgdGhlIHNhbWUgYXMgZWFjaCBv dGhlciAoYW5kIG5vdCBlbmNyeXB0aW9uIGF0IGFsbCk=
Admin
QWN0dWFsbHksIGh1bWFuIGxhbmd1YWdlIGlzIGV4Y2VsbGVudCBlbmNyeXB0aW9uLiAgUmVtZW1i ZXIgdGhlIGNvZGUgdGFsa2VycyBvZiBXV0lJPyAgSXQgd2FzIHRoZSBvbmx5IEFtZXJpY2FuIGNv ZGUgdGhhdCB0aGUgSmFwYW5lc2UgbmV2ZXIgYnJva2Uu
Admin
Admin
The first reason is that it removes the property of "being encryption" from the actual algorithm, and places it on the person doing the encoding. Is base64 encryption or mere encoding? In some cases it's definitely the latter, because you want to transfer some binary information over a channel that doesn't support it. But now if someone else comes along and says "oh, base64 is hard to understand" (they're bad at crypto) and code data in it because they think it'll keep it out of prying eyes, suddenly base64 is encryption?
The second reason is if you make it based on the motive, then you can't say. Take this case. It'd be easy to argue that the company pretty clearly wanted to keep prying eyes off. So for them, base64 falls into the encryption category. But are you sure of that? What if whoever it was that suggested that there was a coder/management disconnect is right? Then the people actually writing it didn't fully intend it as encryption. So is it or isn't it?
You can certainly say that intent is your dividing line -- but recognize that there are a lot of cases where you won't be able to figure out which it is.
Now this I rather disagree with: encryption is basically by definition intended to be two-way.Admin
Here's the key I used to "decrypt" this: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Yes, that's a pretty insecure key because it's stupid simple and the MIME default, but it is still technically a key... the algorithm involved is actually used with many other keys, often it's just a change to the last two characters (eg base64 for filenames and URLs would be complicated by '/'), but using the ASCII characters, in order, from 32-95 used to be the previous default (aka uuencode).
Which isn't to say that I think that base64 is encryption... but there is a matter of intent. Normally base64 is intended to encode binary data as printable plain text, but if you have intent to obscure the data, it may be said to be "encryption" of a sort in that particular case.
Admin
Admin
FTFY
Admin
Interesting.
It's possible that the guys who wrote the software from the article intended base64 to be used as an encryption.
Admin
This post is in reply to several posts since my previous post.
To be clear, I'm not saying encoding and encrypting are identical words. Using the previous definition posted from Wikipedia (which I grant may not be the best definition out there): "encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key".
By this definition, encoding schemes (ROT-13, Base64, etc.) fit the bill as both the algorithm of transforming the information and as the encryption. Thus, my statement of encodings are a form of encryption (the encoding scheme is itself the algorithm, and knowledge of the scheme utilized is the key to deciphering it).
A better definition, in my view, would be as Anon put it which adds an element of intention: "with the purpose of hiding it". Base64 in this regard would then generally be an encoding scheme and not an encryption method, but then the moment it is utilized to hide the original information (such as from the original article), it becomes encryption (even if its not a very good form of encryption).
The [lack of] quality of an encryption scheme does not determine whether or not it is an encryption scheme; it is the intent to hide information that makes it an encryption scheme. Similarly, it doesn't matter if the "key" is well known (ROT-13 for example) or a well-kept secret; it is still encryption.
In regard to ROT-13, yes, it is encryption (it's just a specialized case of Caesar's cipher, which is encryption) regardless of Mason Wheeler's definition (which was what exactly?).
Admin
The "prying eyes" that might be targeted by the coders here might simply be people not bright enough to recognize and decode/encode base64. Basically, it's an intelligence test to see if you're smart enough to modify the XML by hand, hoping to reduce bad configurations by people that don't know what they're doing by forcing them to use a tool that checks their work.
Admin
Admin
Not at all, if you can do that you are violating CWE-257: http://cwe.mitre.org/data/definitions/257.html
Admin
At least that's how I read his post.