A bruteforce protected aproach for encryption using plain text ASCII passwords.
What is it about?
Normal encryption of plain text passwords can theoretically be cracked because decryption attempts with a failure password will result in non-ASCII data.
(Known Key Space Attack)
LibRincewind combines any symmetrical algorithm with a rotational algorithm so that false tries can't be distinguished from valid ones.
How does it work?
1.) The plain text gets encrypted using a password
2.) The encrypted result is rotated using a random key for each character until it is valid ASCII
3.) The key gets encrypted with another password
Caveats:
-The length of the plain text can be guessed, because it equals the length of the encryption/decryption key
-The algorithm is still prone to wordlist attacks
-The Demo is using Blowfish as the base algorithm, which is vulnerable to attacks using quantum computers. Yet the library is independend of the base algorithm, thus Blowfish can easily be replaced with AES or RC6 by creating a custom Plugin.
-The Demo is using the DotNet Pseudo-RNG. Replace it with a QRNG in real world applications.
-The method practically halves the password length compared to the really used password.
Usage:
Encryption of passwords using a main password (password managers):
CRincewind rw=new CRincewind("pluginlibrary.dll", 512);
String enc=rw.encryptString("data","password1","password2");
String dec=rw.decryptString(enc,"password1","password2");
Password authentication (password login):
CRincewind rw=new CRincewind("pluginlibrary.dll", 512):
//store this in the db
String enc=rw.generatePwAuth(password);
//test for validity
bool valid=isPwAuthValid(password,enc);
Creating custom plugins:
Implement the interface found in LibRincewindPlugin.
ToDo:
IV's for each character
Update v1.1:
-Added demo sourcecode
-Added password authentication
Contact E-Mail: decipher2k20@gmail.com