Hi,

First of all, i'm new on this forum.

Ok, I've been working on a way to encrypt and decrypt data. To ensure my encryption is safe, i'm asking you te decrypt the given string.

To make it more interesting, i'm going to give away a domain (.com, .net, .org or .nl, .be). Since i'm dutch, i will register the domain on a dutch website but you can move the domain of course.

OK, there are some rules though. First of all, i'm not going to give too much information. Second, you may not co-operate. If you think you have the solution just e-mail or PM me!

Just pretend you're a (white-hat)hacker and you got the hands on a (My)SQL dump. Private stuff like e-mail address, creditcard and other stuff are encrypted, but you KNOW FOR SURE it's decryptable.

The string you will need to crack is the following:
F0EmEUMdrx5uqTARMREbET10Z0D

It is an English word, don't worry.

To help you though, I'll give you the following:
Encoded: D0EPGxAdEJb
Decoded: 9037

I wish you the best of luck!

*** The reason i'm doing this is because i need to know if it's safe enough. I posted this on a dutch forum as well. ***

If I hacked your server files i could decode it not sure about a random strings. ill try it XD mind giving us a fake mysql dump?

To help you though, I'll give you the following:
Encoded: D0EPGxAdEJb
Decoded: 9037

That's the only thing i will give you :)

To help you though, I'll give you the following:
Encoded: D0EPGxAdEJb
Decoded: 9037

That's the only thing i will give you :)

you know if you triple encrypt md5 its pretty safe.

you know if you triple encrypt md5 its pretty safe.

OP said they're using MySQL. Why would you use MD5 when MySQL can transparently use the AES algorithm?

@OP if you're using AES then you're fine

What programs would you use to even try cracking it.

Guys, it's about encrypting ánd decrypting! So no MD5 or SHA and stuff!

It's meant to store private data like email adresses and creditcard stuff. Those things are private but you'll need to access them.. MD5/SHA are useless cuz they are a one way encryption only. With my algorithm, you can encrypt and then decrypt them back.

My question is, can you "crack" it?

About all I can tell from quick evaluation is that the output probably uses a base 36 encoding and possibly some nonsense padding, or the word length is as a result of the cipher algorithim. It certainly isn't the product of one of the common one-way hashes.

If it's a custom algorithm you'd need a determined cracker and a prize worth going after; if not, then a properly armed cracker will have a library of routines to run against "knowns" to try to identify which algorithm has been used.

Fact is if a cracker has your MySQL data they will be looking for more bits of the puzzle; you'd better hope your code is more well secured than your database was in that case!

wow that is hard, Couldn't that take days if not month to eventually crack?

Thanks
Doopt

Guys, it's about encrypting ánd decrypting! So no MD5 or SHA and stuff!

It's meant to store private data like email adresses and creditcard stuff. Those things are private but you'll need to access them.. MD5/SHA are useless cuz they are a one way encryption only. With my algorithm, you can encrypt and then decrypt them back.

My question is, can you "crack" it?

I cant lol. if you use aes your safe. but if your storing credit card data depending on what your storing isnt it illegal like wht did?

Fact is if a cracker has your MySQL data they will be looking for more bits of the puzzle; you'd better hope your code is more well secured than your database was in that case!Exactly. Realistically if the hacker has access to your database you can bet he'll also have the code you're using to encrypt. If you're also decrypting on the server, or if the encryption code gives away a method of decryption then your process isn't safe.

Why reinvent the wheel anyway? Do you really think you can do better than standard public key methods?

wow that is hard, Couldn't that take days if not month to eventually crack?

Thanks
Doopt

It's not possible to crack it from the available information.

There are many different algorithms that transform 9037 into D0EPGxAdEJb.

If we apply all those possible algorithms to all possible English words, some combinations will generate the result F0EmEUMdrx5uqTARMREbET10Z0D

And so there is no way to tell which of the possible algorithms the OP has created, hence no way to tell which of the possible English words deliver the result.

if you use aes your safe.

Not if the cracker has access to the key.

How the overall system architecture is designed / who does what to whom and how / matters more than any specific encryption method.

Ultimately any proprietary encryption system is a bad idea; whether or not it "appears" secure or not. Use what has been 'peer reviewed' and accepted by the wider community.

*** The reason i'm doing this is because i need to know if it's safe enough. I posted this on a dutch forum as well. ***
All and all nothing is ever safe enough so dont get to much confidence there you just havent dealt with the right person yet keep my word's. Actually if i do it will you pay me money? I wont do this on my own time ;) But i can do it wont waste my time telling or bragging. Pay me ill do it. And if you want to say well im just asking. Well like i said nothing's ever safe enough ;)

Even if you encrypt if If some one has data too your website control panel it Does Not Matter. Even on the most Secure web servers. There is always a hole open some where.

Honestly, regardless of whether no one cracks it or not your encryption scheme is considered weak if the algorithm has to stay a secret. :(

Strong encryption should remain strong if the algorithm but not the key is known.

And to the naysayers, the purpose of encrypting this before you store them on a server (eg, in a database) is to add another layer to the onion. It does effectively mitigate, for example, stealing credit card data via SQL injection. Though personally I wouldn't reinvent the wheel - AES and a pretty good random key in your script, then do your best to keep people off the machine.

If someone roots the box, and the box has the ability to run a transaction by itself, of course they can get the card data - no amount of encryption will help. :\

Hi,

First of all, i'm new on this forum.

Ok, I've been working on a way to encrypt and decrypt data. To ensure my encryption is safe, i'm asking you te decrypt the given string.

To make it more interesting, i'm going to give away a domain (.com, .net, .org or .nl, .be). Since i'm dutch, i will register the domain on a dutch website but you can move the domain of course.

OK, there are some rules though. First of all, i'm not going to give too much information. Second, you may not co-operate. If you think you have the solution just e-mail or PM me!

Just pretend you're a (white-hat)hacker and you got the hands on a (My)SQL dump. Private stuff like e-mail address, creditcard and other stuff are encrypted, but you KNOW FOR SURE it's decryptable.

The string you will need to crack is the following:
F0EmEUMdrx5uqTARMREbET10Z0D

It is an English word, don't worry.

To help you though, I'll give you the following:
Encoded: D0EPGxAdEJb
Decoded: 9037

I wish you the best of luck!

*** The reason i'm doing this is because i need to know if it's safe enough. I posted this on a dutch forum as well. ***

You would be better off at alt.sci.crytpo

Ask their opinion of your algo.

Ask their opinion of the necessity of trying to re-invent the wheel.

Stand back and watch a real flame war erupt. :D


Why not use one of the standards? They've already been poked and prodded by the best in the business. Including NSA wonks.