Jump to content

Learning more about encryption

Ichi Rexen

By Ichi Rexen,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 1928 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Ichi Rexen

Ichi Rexen

Posted
Posted

Hey all!, so I have been wanting to learn more about encryption for some time now but one issue I have come against is where exactly to start. There is a wealth of information available online but no clear indication of where the best starting point would be and which resources I should use that are reliable and won't try to explain it in a way that assumes I'm already a pro at it (as these tutorials tend to do). I have done some basic encryption using XOR but I want to start learning the math behind it, how encryptions are formed, how to construct your own, basic encrypting, advanced encrypting. Can anyone share any tips, resources, info, good place to start that will help me in achieving this?. I feel a little lost in a sea of information

Link to comment
Share on other sites
Ichi Rexen

Ichi Rexen

Posted
  • Author
Posted
5 hours ago, Kyrah Abattoir said:
  1. What's the use.
  2. LSL Isn't exactly the best environment to implement crypto.
  3. Do you actually need to decrypt the data or do you simply want to sign a piece of data to ensure its autenticity?

Besides LSL I also program in Python, Java and PHP. I wasn't talking specifically about LSL though I should have been clearer about that so apologies.

I wouldn't say I have a specific "use" in mind at the moment I am just wanting to learn more about it. I know that sounds a bit vague but there are several things I would like to cover. Such as, encryption methods beyond XOR, encrypting data, decrypting data, signing data as you stated, how encryptions algorithms are created (math behind it), how encryption keys are generated (math behind it), the best methods to use, how is it that someone can take an encrypted piece of information and manage to figure out how to decrypt it, what is it they are specifically doing that allows them to identify the type of encryption used to then begin writing code to decrypt it.

It's been something that I have been thinking about learning more about for a while, mainly to add to my knowledge and skill in this field. I have obviously found some information on the above because as I stated the internet is a wealth of information and google is your best friend, a lot of what is returned is more "surface" stuff if you get me. What I am a bit lost on is where to start when it comes to going beyond the "use this function" example pages. 

As this is an LSL forum lets use an LSL example : http://wiki.secondlife.com/wiki/AES_LSL_Implementation

Its clearly obvious that whoever wrote this has a deep understanding of encryption and figured out how to implement AES encryption in LSL aka they constructed the whole entire encryption algorithm from scratch. Its one thing to just use that as an encryption method and another to be able to construct it from nothing. There are obviously methods and math behind it all and thats what I want to dive into and start learning about. When you look at what they are doing in that AES example there is a lot going on in there that I honestly have no idea where to even begin in figuring out what is making that particular encryption method tick.

I do appreciate what I'm asking may sound a bit vague in parts. I tried to word the above as best as I could to describe what I wanted as I am more than aware of just how big the field of crypto actually is and saying "I want to learn encryption" is a bit vague in terms of whats actually on offer.

 

Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted

Read Cryptonomicon by Neal Stephenson, there's a section in it where a perl script is used to crypt and decrypt messages. Although it's a novel and not a textbook on encryptionm it does have some interesting bits about using machines to code, decode and break messages.

It would be fun in SL to try implementing an enigma machine using LSL

Link to comment
Share on other sites
Wulfie Reanimator

Wulfie Reanimator

Posted
Posted
On 1/9/2019 at 7:46 PM, Ichi Rexen said:

I have done some basic encryption using XOR but I want to start learning the math behind it, how encryptions are formed, how to construct your own, basic encrypting, advanced encrypting. 

On 1/9/2019 at 7:46 PM, Ichi Rexen said:

which resources I should use that are reliable and won't try to explain it in a way that assumes I'm already a pro at it (as these tutorials tend to do).

The field of Cryptography is pretty big and there's a lot of "basic understanding" you must have before you can read about and understand encryption and what it takes to create your own algorithm, that's why reading stuff about "basic encryption" and "how to make your own" won't teach you a whole lot. What you probably should be looking for are entire courses on the subject that do cover those basics.

Link to comment
Share on other sites
Chaser Zaks

Chaser Zaks

Posted
Posted (edited)

My honest opinion, there is no need to encrypt stuff in LSL. It is often just a waste of CPU/script time. Here are my reasons:

  1. If you are encrypting say, applier textures or some sort of texture, this is completely pointless. If anyone wanted to steal a texture, they'd use a copybot viewer instead of trying to figure out what channel the scripts communicate on, then write a decrypter. If people listening in on the channel for the applier is the problem, consider doing a handshake system instead(applier says "anyone there?", object that gets the textures says "I am", applier verifies same owner then does llRegionSayTo).
  2. If you are sending stuff off to a server via llHTTPRequest or sending stuff to a LSL server using llRequestURL(), consider using HTTPS. Even when using HTTP, chances of someone listening into this are slim to none. You are more likely to be struck by lightning. (If someone is listening in on this type of communication, you have a bigger problem)
  3. If you just want to ensure integrity of a message, you can simply prepend a llMD5String( string src, integer nonce ) or llSHA1String( string src ); with a secret key seen in the Signing Example below. This can also be used with HTTP Requests should you need to be extra secure(which may make sense if your API may be discovered while still preventing people from using this. You can also boost security by doing the same thing LL does by using experience keys to store the sharedKey.
  4. Encryption in LSL is very hard to get right, and when done wrong can be easily broken, especially XOR "encryption". Its very easy to break and has various attacks, one which is very easy is the Known String attack.

 

Signing Example: 

string signMessage(string myString){
    return llSHA1String(sharedKey + myString) + myString;
}

string validateMessage(string myString){
    if(llGetSubString(myString, 0, 39) == llSHA1String(sharedKey + llGetSubString(myString, 40, -1))){
        //Our message is signed and valid!
        return llGetSubString(myString, 40, -1);
    }else{
        //Not valid, return nothing
        return "";
    }
}
Edited by Chaser Zaks
  • Like 2
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 1928 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...