9
Cyanite
7y

Who would be interested in reviewing an old peice of Python code I wrote..? It's a few years old, and it uses basic procedual generation to cypher text (entry, or ASCII files) using a hashed password. It's a command line tool.

I used to brag about how "secure" it was, and now I'm curious if it is secure or not.

I plan on picking it back up and open-sourcing it, but I want to know what problems might be wrong with it now.

Comments
  • 2
    @linuxxx I believe you were interested in this, right..?
  • 1
    Here's a preview of my utility (1/3): (I already have nitpicks here...)
  • 1
    Here's a preview of my utility (2/3):
  • 2
    Here's a preview of my utility (3/3):
  • 0
    @illusion466

    You mean for the passwords shown at the begining..? No, it's a sha.

    For the actual text encoding, yes, I did. That was the point of the project.

    The hash at the begining is used as a seed for the generation of the encryption/decryption keys, as well as various parts of mixing and changing of the message. And even a single letter difference in the cyphered message itself or it being one character shorter or longer will fail the decryption.
  • 0
    thanks for the mention! How is the sha hash generated?
  • 1
    @linuxxx

    If i remember correctly.. I mix (not simply combine) the password and salt. If no salt if provided, I use a default.

    Each characracter in the hash is individually used for encryption, I forgot to mention that earlier. And I try not to use the hash in repetitive ways.
  • 1
    @linuxxx

    I just picked the project back up, cleaned up the code (a little) added UTF-16 support (from just ASCII) and moved to Python3.

    I also open sourced the project. It's called "firecoder", you can find it on my github profile.
  • 1
    @linuxxx

    I'll try and make it so that I can encrypt binary files like images and applications soon. It seems like I can partially do it, but the encoding doesn't come out quite right. I'll work on it again soon. Probably tomorrow.
Add Comment