-
-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rot47 extension #31
Comments
I don't see how these algorithms can be useful in the real world. Do you? |
Do you mean that described use case is from unreal world? :) |
I don't see a use case there.
To me, both are toy algorithms not suitable for real tasks. |
I wish a vendor we working with are hearing you (well and me too), but they stated that even "toy's" obfuscation reduced successful brute-force attacks on communication channel by magnitude of 2 without implementing real crypto to protect low powered IoT devices. You can say also that Microsoft is a toy too, since they using ROT13 in Windows registry. Any application that shouldn't be "really" encrypted, but protected from simple searches with dictionary words will benefit from this ancient algorithm. Feel free to close this issue if it doesn't fit in your criteria of real/unreal world. |
I see. Thanks for clarifying! To summarize: ROT13 is used in Windows registry:
ROT47 (if I understood you correctly) is used in some proprietary vendor communication protocol. |
Yes, that's correct. All ROT family ciphers are comparable to a window's blinds. It can't protect from break into a home, but serve well as light privacy protection. If you would have a chance to look at email or web servers logs to spot brute-force attempts, you will find that scanning mostly done with use or dictionary words as well other ASCII characters. There are a lot of cases where one can not enforce a good password policies but people still use "12345", "Anna1981", "mama" and so on. In such cases ROT13 won't work to help at least to obfuscate such weak passwords since it cover only 26 characters, but ROT47 covers the whole ASCII set of visible 96 characters. Simply using ROT47 + fail2ban can protect very well even weak passwords(with help of adding random salt in communication also). Another case I saw, - is to hide plain text in databases from direct scanning of raw file, in the same way as Microsoft hiding some key/values in windows registry. It obviously isn't cryptographic protection, but a simple "blinds" that don't need a passwords or encryption keys. |
Fair enough ツ |
Done. Thank you for the extension and explanations! |
If you'd like to add new extension that implements rot47 cypher for the
SQLite3
in addition to existing rot13, you can find it hereThe reason for rot47 is - some communication messages are obfuscated with rot47 but keeping it in database as obfuscated messages make them non-searchable, so the proposed extension bring very light function that can encrypt/decrypt messages on the fly.
The text was updated successfully, but these errors were encountered: