Hi all, I was trying realistic 6 ("XECrypt algorithm") again. I'd already programmed an application to decode the message, but my previous method relied on character-frequency.
This time I wanted to make an application which would be able to crack ANY text, written in any language (and also sourcecode and such).
I had already figured out the algorithm, the only hard part was having the program recognize a succesful brute-force attempt... I did this by black-listing some ASCII-values which would (should) never appear in a plaintext. The second requirement for a succesful attempt was that it needed at least 5 different letters in it (otherwise "\\]p ][\ " for example would be recognized as a succesful attempt, while it clearly is not).
This turned out to work very well: I tried decoding small plaintexts, large plaintexts, the sourcecode to a random wikipedia article, and the program managed to do this all in a fraction of a second (really, I am surprised how fast computers actually are!)
The problem is that if someone were to use this encryption method (which would be very stupid, of course, but never the less
), he could easily make my life a lot harder by implenting a couple of weird ASCII-values. (thus forcing me to check every attempt myself)
What would be another good way to recognize a successful bruteforce? (not only in this case, but also for other encryption algorithms)
I have already searched on the web, of course, and I found a very interesting post about it here: https://groups.google.com/group/sci.cry ... 0826?hl=en
, it describes how to recognize a succesfull attempt by comparing character-frequencies with a flat frequency profile. This method is of course not applicable to the issue at hand, since "XECryption" doesn't change the frequencies of the characters.