Descryption of the whysker algorithm, Comments?

whysker@usa.net
Tue, 11 Aug 1998 21:39:00

• Next message: JPeschel@aol.com: "Re: UBE '98 (was Re: Snake Oil)"
• Previous message: Adam Back: "Re: More Snake oil"

I will give a brief description of the algorithm, if you (whoever) aren 't satisfied with the
explanation, mail me, I will then consider on releasing the source code within the month,
if relevant.

Step1: Computation of the password
the password is processed per char, every char corresponds to a series of ones and
zeros, a byte if you wish, and then placed in an array, after the pwd is read, you only
have an array of ones and zeros, eight times as long as the length of the password
string, off course.
Then the array is processed, several algorithms are used to 'mix' (literally) the array,
several algorothms will be given when i explain how a plaintext is processed.
then an array containing 256 elements from the set '0..255' are mixed as follows,
I consider a demonstration much more appropriate than a description,
consider this 10 element array, and the first 10 elements from the array obtained from the
password
1 2 3 4 5 6 7 8 9 10
1 0 0 1 0 1 1 0 1 0
then becomes
9 10 8 7 5 6 4 3 1 2
1 0 0 1 0 1 1 0 1 0
it isn 't hard to figure out wat happened, is it?
Now we obtain a mixed array of 256 elements of '0..255', to each position of the array
corresponds a series of eight ones and zeros. Now we reread the password and this
time every char corresponds to an element (ascii value of the char) (not position) of the
array and therefor to a series of eight ones and zeros. Let 's say we changed our
dictionary since the first pass. Next we repeat all this, with different 'mixing' algorithms.
Each 'mix' is password dependend by the way.

Step 2: Now we 've made up our 'dictionary' ( it is obvious that there can exist at most 2[
256 and not 256! such dictionaries ) we read the file and correspond to every char a
series of eight ones and zeros according to the 'dictionary'. The result is an array of
ones and zeros, the size of the array is (once again) eight times as long as the size of
the file (in bytes).
During the computation of the password we obtained several natural numbers,
choose a number say n, a first algorithm which is applied to the array is this: we skip n
zeros and ones and then, if the n-th element of the array is a one, insert eight random
zeros and ones in the array, we repeat this as long as possible ( the second time with n
x 2 off course).
Then we applie a xor operation to the array with the array of zeros and ones obtained
from the password.
Say we obtained n1 and n2, 2 natural numbers obtained from the password
computation. We place n1 zeros and ones in one array and n2 zeros and ones in
another and then mix according to the following demonstration
110101010110 01010110101111
|--------- n1 -------| |------------- n2 --------|
becomes
11110101101010 001010101001
|-------- n2 ------------| |----------- n1 -----|
and we repeat this as long as possible.
Next, say we obtained a natural number n from the password, first we chang the n-th
zero or one in a one or zero respectively. We do the same with the 2 x n-th zero or one,
then with the 3 x n-th zero or one and so on.
Then we insert 'junk bits' in the array, as we did before but less frequent as the first time,
 this operation is responsible for the 'non-fixed, variable' file length.
Next an algorithm as described before is applied to the array, cfr
>1 2 3 4 5 6 7 8 9 10
>1 0 0 1 0 1 1 0 1 0
> becomes
>9 10 8 7 5 6 4 3 1 2
>1 0 0 1 0 1 1 0 1 0
but with an array of zeros and ones instead of this array: 1 2 3 4 5 6 7 8 9 10
The last step is consulting the computed 'dictionary' to translate every eight ones and
zeros into an ascii-char.

These are the main algorithms that are applied, there are several other but i consider the
rather trivial.
You will agree with me that this is a non mathematical and rather primitive encryption
method, but take a good look at it, send me your comments etc. because in my opinion
this method merely allows a brute force attack and since I 've not limited the password
length, the security it provides is pretty good, don 't you think?

While hoping to receive an answer at your earliest convenience, I thank you in
advance.

• Next message: JPeschel@aol.com: "Re: UBE '98 (was Re: Snake Oil)"
• Previous message: Adam Back: "Re: More Snake oil"