rot47 extension

[CompuRoot]

If you'd like to add new extension that implements rot47 cypher for the SQLite3 in addition to existing rot13, you can find it here

The reason for rot47 is - some communication messages are obfuscated with rot47 but keeping it in database as obfuscated messages make them non-searchable, so the proposed extension bring very light function that can encrypt/decrypt messages on the fly.

[nalgeon]

I don't see how these algorithms can be useful in the real world. Do you?

[CompuRoot]

Do you mean that described use case is from unreal world? :)

[nalgeon]

I don't see a use case there.

ROT13 is a special case of the encryption algorithm known as a Caesar cipher, used by Julius Caesar in the 1st century BC.

ROT47 is a derivative of ROT13 which, in addition to scrambling the basic letters, treats numbers and common symbols

To me, both are toy algorithms not suitable for real tasks.

[CompuRoot]

To me, both are toy algorithms not suitable for real tasks.

I wish a vendor we working with are hearing you (well and me too), but they stated that even "toy's" obfuscation reduced successful brute-force attacks on communication channel by magnitude of 2 without implementing real crypto to protect low powered IoT devices.

You can say also that Microsoft is a toy too, since they using ROT13 in Windows registry.

Any application that shouldn't be "really" encrypted, but protected from simple searches with dictionary words will benefit from this ancient algorithm.

Feel free to close this issue if it doesn't fit in your criteria of real/unreal world.

[nalgeon]

I see. Thanks for clarifying! To summarize:

ROT13 is used in Windows registry:

For whatever reason, they didn’t want some registry keys to show up when you did a search for "notepad.exe" or "Program Files" in the registry. So they ROT13ed them.

ROT47 (if I understood you correctly) is used in some proprietary vendor communication protocol.

[CompuRoot]

Yes, that's correct. All ROT family ciphers are comparable to a window's blinds. It can't protect from break into a home, but serve well as light privacy protection. If you would have a chance to look at email or web servers logs to spot brute-force attempts, you will find that scanning mostly done with use or dictionary words as well other ASCII characters. There are a lot of cases where one can not enforce a good password policies but people still use "12345", "Anna1981", "mama" and so on. In such cases ROT13 won't work to help at least to obfuscate such weak passwords since it cover only 26 characters, but ROT47 covers the whole ASCII set of visible 96 characters. Simply using ROT47 + fail2ban can protect very well even weak passwords(with help of adding random salt in communication also). Another case I saw, - is to hide plain text in databases from direct scanning of raw file, in the same way as Microsoft hiding some key/values in windows registry. It obviously isn't cryptographic protection, but a simple "blinds" that don't need a passwords or encryption keys.

[nalgeon]

Fair enough ツ

[nalgeon]

Done. Thank you for the extension and explanations!