in reply to Obscure data

What about rot13?

Abigail

Replies are listed 'Best First'.
Re: Re: Obscure data
by davido (Cardinal) on Nov 24, 2003 at 17:51 UTC
    Abigail-II is right. If your only goal is to make the data unintelligible to the layperson to discourage manual editing of a configuration file, there's probably no need to go to great lengths to encrypt it. And if that's the case, ROT-13 is a good solution.

    ROT-13 (from what I recall) was a technique first made ubiquitously common on Usenet, particularly when consciencious adults posting "racey" text-based material (sex stories, etc.) to public Usenet groups (possibly viewed by children) applied a ROT-13 to their message before posting it so that innocent eyes wouldn't just happen across an F-word or a story about some X rated experience.

    Many newsreaders still have a ROT-13 decode option built in. But the point was that you had to be able to recognize that it's ROT-13'ed, and you had to consciously apply the decoding.

    Chances are your end users aren't going to bother with applying a ROT-13 decoding just on the off chance of finding that suddenly they're able to edit your configuration file.

    Here's how it works. Take any letter of the english alphabet, and rotate rotate it 13 characters. The Perl way to do this is with transliteration, and I belive that Abigail-II already posted an example of that later in this thread.

    If you're afraid that ROT-13 isn't secure enough, do this: Add a checksum to the end of the ROT-13'ed file. If someone tampers with the file they'll have to also adjust the checksum. But the point is that ROT-13 isn't secure, it's just a pain in the butt, which will probably either confuse or discourage would-be tinkerers. Kinda like car door locks. Anyone can still get in, but why bother when the car parked next to yours forgot to lock up altogether?


    Dave


    "If I had my life to live over again, I'd be a plumber." -- Albert Einstein
[reply]
Re: Re: Obscure data
by sweetblood (Prior) on Nov 24, 2003 at 16:11 UTC
    I'm not sure what rot13 is but it sounds deliciously morbid.(g) Can you elaborate? I've done no encryption previously and have a very minimal degree of knowledge in the area.I have however learned from being here to take your suggestions seriously.

    Thanks!

[reply]
      It's dumb. It's something like 
      perl -le'$_=shift;s/(.)/chr( 13 + ord $1)/ge;print' abcdef
nopqrs


--- [from jargon] ---
rot13 /rot ther'teen/ n.,v. [Usenet: from `rotate alphabet 13 places']
   The simple Caesar-cypher encryption that replaces each English lett
+er
   with the one 13 places forward or back along the alphabet, so that 
+"The
   butler did it!" becomes "Gur ohgyre qvq vg!" Most Usenet news readi
+ng
   and posting programs include a rot13 feature. It is used to enclose
+ the
   text in a sealed wrapper that the reader must choose to open -- e.g
+.,
   for posting things that might offend some readers, or {spoiler}s. A
   major advantage of rot13 over rot(N) for other N is that it is
   self-inverse, so the same code can be used for encoding and decodin
+g.
   See also {spoiler space}, which has partly displaced rot13 since
   non-Unix-based newsreaders became common.

      [download]
[reply]
[d/l]

      rot13 == add 13 to the value of a character.

      I've only ever used it on alpha type data streams, but I assume you could do something similar on numbers as well. Simple rot13 key gen below. The value in the top row becomes the value in the bottom row, and vice versa

      $f = 'a';

for ( 0 .. 25 ) {
   print "$f ";
   print "\n" if $_ == 12;
   $f++;
}
print "\n";

      [download]

      use perl;

[reply]
[d/l]
[reply]
[d/l]
        Ok, I see what you mean. This is not a bad approach except for the numeric data. I suppose I could convert every byte to it's ascii code value and then add 13, but this could get more complicated than I'd like. I'm trying to keep it simple, which is not always easy for me.

        Thanks!

[reply]

In Section Seekers of Perl Wisdom