tech > code > adventures in code > people who shouldn't do crypto episode 2 > followup
15 Aug 2009 14:20:23 EST

So after I posted my article about crypo.biz - the web app boasting a Military Grade 1280-bit Encryption Algorithm I got an e-mail the next morning from the author of the site and encryption algorithm - O. Gilas.

I had called him out, so it was only fair that he call me out. Here is his e-mail to me, paraphrased.

Hi Tom,

My name is O. Gilas.  Can you decrpt this text?

10512011407 10681094287 10610053263 10328772751 10713337999 10329100431 
9775452303 10277130383 10311995535 10312323215 10612674703 10681094287 
10631090319 10277130383 10311995535 10312323215 10513649807 10629451919 
10610053263 10328772751 10713337999 10329100431 9775452303 10277130383 
10311995535 10312323215 10612674703 10681094287 10713337999 10277130383 
10311995535 10312323215 10324840591 10629451919 10681421967 10629451919 
10610053263 9775452303 10629451919 10631090319 10277130383 10311995535 
10312323215 9775452303 10629451919 10714976399 9775452303 10277130383 
10311995535 10312323215 9771192463 10663006351 9775452303 10664644751 
10277130383 10311995535 10312323215 10612674703 10277130383 10311995535 
10312323215 10329100431 10612674703 10324840591 10324840591 9771192463 
10677162127 10328772751 10631090319 10277130383 10311995535 10312323215 
9773813903 10324840591 10663006351 10681094287 10626830479 10277130383 
10311995535 10312323215 9775452303 10664644751 10629451919 10277130383 
10311995535 10312323215 10140291215 10629451919 10610053263 9773813903 
10328772751 10629451919 10277130383 10311995535 10312323215 10530099343 
10629451919 10328772751 10713337999 10277130383 10311995535 10312323215 
10140291215 9775452303 10328772751 10677162127 10681094287 10626830479 
10277130383 10311995535 10312323215 9757036687 10663006351 10681421967 
10663006351 9775452303 10612674703 10328772751 10713337999 10277130383 
10311995535 10312323215 10509389967 10328772751 10612674703 10631090319 
10629451919 10277130383 10311995535 10312323215 10310684815 10311995535 
10379432079 10312323215 9522155663 10613985423 10663006351 9775452303 
10277130383 10311995535 10312323215 10512011407 10681094287 10610053263 
10328772751 10713337999 10329100431 9775452303 10663006351 10677162127 
10681094287 10277130383 10311995535 10312323215 10394570895 10681421967 
10626830479 10677162127 10328772751 10663006351 9775452303 10664644751 
10679783567 9523466383 10277130383 10311995535 10312323215 10526167183 
10663006351 9775452303 10664644751 10277130383 10311995535 10312323215 
10391949455 10144223375 10562343055 10144551055 9754415247 9522155663 
10377793679 10312323215 10312323215 9523466383 10509389967 10563981455 
10277130383 10311995535 10312323215 10713337999 10677162127 9773813903 
10277130383 10311995535 10312323215 10610053263 10612674703 10681094287 
10277130383 10311995535 10312323215 10329100431 10328772751 10677162127 
9775452303 10629451919 10610053263 9775452303 10277130383 10311995535 
10312323215 10713337999 10677162127 9773813903 10328772751 10277130383 
10311995535 10312323215 10679783567 10629451919 10324840591 10324840591 
10612674703 10626830479 10629451919 10324840591 10277130383 10311995535 
10312323215 10630762639 10328772751 10677162127 10679783567 10277130383 
10311995535 10312323215 9773813903 10681094287 10612674703 9773813903 
9775452303 10664644751 10677162127 10328772751 10663006351 10714648719 
10629451919 10631090319 10277130383 10311995535 10312323215 9775124623 
10663006351 10629451919 9771192463 10663006351 10681094287 10626830479 
9523466383 10277130383 10311995535 10312323215 10394570895 10681421967 
10681421967 10277130383 10311995535 10312323215 10629451919 10681094287 
10610053263 10328772751 10713337999 10329100431 9775452303 10663006351 
10677162127 10681094287 10277130383 10311995535 10312323215 10663006351 
10324840591 10277130383 10311995535 10312323215 10631090319 10677162127 
10681094287 10629451919 10277130383 10311995535 10312323215 10677162127 
10681094287 10277130383 10311995535 10312323215 10713337999 10677162127 
9773813903 10328772751 10277130383 10311995535 10312323215 10610053263 
10677162127 10679783567 10329100431 9773813903 9775452303 10629451919 
10328772751 10277130383 10311995535 10391949455 10277130383 10311995535 
10312323215 10681094287 10677162127 9775452303 10277130383 10311995535 
10312323215 10677162127 10681094287 10277130383 10311995535 10312323215 
10612674703 10277130383 10311995535 10312323215 10328772751 10629451919 
10679783567 10677162127 9775452303 10629451919 10277130383 10311995535 
10312323215 10324840591 10629451919 10328772751 9775124623 10629451919 
10328772751 10277130383 10311995535 10391949455 10277130383 10311995535 
10312323215 10324840591 10677162127 10277130383 10311995535 10312323215 
10713337999 10677162127 9773813903 10328772751 10277130383 10311995535 
10312323215 9775452303 10629451919 10714976399 9775452303 10277130383 
10311995535 10312323215 10663006351 10324840591 10277130383 10311995535 
10312323215 10612674703 10324840591 10277130383 10311995535 10312323215 
10324840591 10612674703 10630762639 10629451919 10277130383 10311995535 
10312323215 10612674703 10324840591 10277130383 10311995535 10312323215 
10713337999 10677162127 9773813903 10328772751 10277130383 10311995535 
10312323215 10329100431 10612674703 10324840591 10324840591 9771192463 
10677162127 10328772751 10631090319 10277130383 10311995535 10391949455 
10277130383 10311995535 10312323215 9771192463 10664644751 10663006351 
10610053263 10664644751 10277130383 10311995535 10312323215 10663006351 
10324840591 10277130383 10311995535 10312323215 10681094287 10629451919 
9775124623 10629451919 10328772751 10277130383 10311995535 10312323215 
9775452303 10328772751 10612674703 10681094287 10324840591 10679783567 
10663006351 9775452303 9775452303 10629451919 10631090319 10277130383 
10311995535 10312323215 10612674703 10681094287 10713337999 9771192463 
10664644751 10629451919 10328772751 10629451919 10277130383 10311995535 
10312323215 10613985423 10713337999 10277130383 10311995535 10312323215 
9775452303 10664644751 10663006351 10324840591 10277130383 10311995535 
10312323215 10329100431 10612674703 10626830479 10629451919 9523466383 
10277130383 10311995535 10312323215 10530427023 10664644751 10663006351 
10324840591 10277130383 10311995535 10312323215 10144551055 10612674703 
10626830479 10629451919 10277130383 10311995535 10312323215 9773813903 
10324840591 10629451919 10324840591 10277130383 10311995535 10312323215 
9775452303 10664644751 10629451919 10277130383 10311995535 10312323215 
9741570191 10612674703 9775124623 10612674703 10324840591 10610053263 
10328772751 10713337999 10329100431 9775452303 10277130383 10311995535 
10312323215 10512011407 10681094287 10610053263 10328772751 10713337999 
10329100431 9775452303 10663006351 10677162127 10681094287 10277130383 
10311995535 10312323215 10681421967 10663006351 10613985423 10328772751 
10612674703 10328772751 10713337999 9523466383 10277130383 10311995535 
10312323215 10394570895 10681421967 10681421967 10277130383 10311995535 
10312323215 10713337999 10677162127 9773813903 10277130383 10311995535 
10312323215 10681094287 10629451919 10629451919 10631090319 10277130383 
10311995535 10312323215 10663006351 10324840591 10277130383 10311995535 
10312323215 10677162127 10681094287 10681421967 10713337999 10277130383 
10311995535 10312323215 9775452303 10677162127 10277130383 10311995535 
10312323215 10629451919 10681094287 9775452303 10629451919 10328772751 
10277130383 10311995535 10312323215 10612674703 10277130383 10311995535 
10312323215 10679783567 10629451919 10324840591 10324840591 10612674703 
10626830479 10629451919 10277130383 10311995535 10312323215 9775452303 
10629451919 10714976399 9775452303 10277130383 10311995535 10312323215 
10677162127 10630762639 10277130383 10311995535 10312323215 10713337999 
10677162127 9773813903 10328772751 10277130383 10311995535 10312323215 
10679783567 10629451919 10324840591 10324840591 10612674703 10626830479 
10629451919 10277130383 10311995535 10312323215 10612674703 10681094287 
10631090319 10277130383 10311995535 10312323215 10629451919 10681094287 
10610053263 10328772751 10713337999 10329100431 9775452303 10663006351 
10677162127 10681094287 10277130383 10311995535 10312323215 10329100431 
10612674703 10324840591 10324840591 9771192463 10677162127 10328772751 
10631090319 9523466383

I don't know how you can decrypt the text without knowing my password.  
I am the author of the site and code - but I think if you can decrypt 
this then you actually wrote a crack.  

O. Gilas

This is parahrased, as some of his words were in Russian (I'm guessing about that, it could have been Ukrainian, or something similar) - but the thing that struck me is how polite he was. Considering I had just called him out on his work and said he was doing it all wrong, he was very respectful. I was impressed by his character.

Anyway, the nice thing about Ceaser and Vignere ciphers is the more ciphertext you have, the easier it becomes to crack - thanks to frequency analysis. My biggest worry was that the plaintext was in Russian! But I set about trying to break it. I successfully cracked one of my own encipherings and then set it loose on his, and went to a party. When I came back 6 hours later - I had gotten lucky! Here's my response, verbatim:

Is this the decrypted text?  It would be an odd coincidence if it wasn't.

Encrypt and Decrypt any selected text with a password using the Secure Very Strong Military Grade 1280-bit Encryption Algorithm. With CRYPO-900.GX you can protect your messages from unauthorized viewing. All encryption is done on your computer, not on a remote server, so your text is as safe as your password, which is never transmitted anywhere by this page. This Page uses the Javascrypt Encryption library. All you need is only to enter a message text of your message and encryption password.
I don't have a problem with you, or with your code. But you claim "Military Grade 1280 bit Encryption Algorithm" and that's what annoyed me. The encryption isn't Military Grade, it isn't 1280 bit, and frankly 1280 bit doesn't make any sense at all. Everyone I showed it to assumed you meant 128 bit and made a typo. But it isn't 128 bit either. Your algorithm is fine for sending text-messages - the goal is to obfuscate from someone glancing at it. But it's not "secure". I call it little-brother cryptography. It can protect your secrets from your little brother, but not anyone dedicated. If you're interested in the topic, I suggest you read about symmetric cryptography [1], and several algorithms that are known to be good, like AES[2], Blowfish[3], Serpent[4], Twofish[5], and Triple DES[6]. Using something like scrypt[7] you can derive a complicated key from a simple password, and use that password in one of the previous algorithms. If it is implemented correctly, with a complex password, and AES, you can legitmately claim Military Grade encryption. Cryptography is hard - it's better to let geniuses who devote their life to it to do the hard work like creating algorithms. (And for the record I am definitely not one of those geniuses - I just understand enough of it to realize how hard it is.) Regards, -tom [1] http://en.wikipedia.org/wiki/Symmetric-key_algorithm [2] http://en.wikipedia.org/wiki/Advanced_Encryption_Standard [3] http://en.wikipedia.org/wiki/Blowfish_(cipher) [4] http://en.wikipedia.org/wiki/Serpent_(cipher) [5] http://en.wikipedia.org/wiki/Twofish [6] http://en.wikipedia.org/wiki/Triple_DES [7] http://www.tarsnap.com/scrypt/

I sent that at some ungodly hour in the morning, and went to bed. When I woke up I had another e-mail from him (again, paraphrased):

Good job!

I am very happy that you are able to decrypt text. We made crypo.biz to promote www.crypo.com.
I didn't try to create cryptographically strong code because that would draw attention to it. 
We specifically say it is as an advertising slogan.  We have other plans for the sites - we want 
to promote our software.

In any case, I am impressed that you could decrypt the text - well done.  I would like to invite 
you to work with us in our team.


So I called a guy out on his code, said it sucked, beat his attempt at trying to prove me a faker, and then get offered a job. All in all, an interesting weekend.

And no, I didn't take it - I politely declined.

Add a comment...
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"