Implementation of rot-13

[Lee Francis Wilhelmsen]

Hi

I need to *encrypt* passwords in a XML file so, I have two simple questions.

Is the rot-13 considered *safe* enough for this task (not very important
passwords, but still)?

Where can I find information of how to implement rot-13? I'm really not 100%
sure what it's supposed to do (especially for characters outside of the a-z
and A-Z ranges).

Anyone have any good pointers (links etc) for more information, or even
better, an simple implemention?

Regards
Lee Francis Wilhelmsen

 

[Roedy Green]

Is the rot-13 considered *safe* enough for this task (not very important
passwords, but still)?

Heaven's no. It is just sort of way of mincing an oath by putting it
in ROT 13.

see http://mindprod.com/jgloss/password.html for various ways you can
implement passwords.

 

[Dag Sunde]

Hi

I need to *encrypt* passwords in a XML file so, I have two simple questions.

Is the rot-13 considered *safe* enough for this task (not very important
passwords, but still)?

Where can I find information of how to implement rot-13? I'm really not 100%
sure what it's supposed to do (especially for characters outside of the a-z
and A-Z ranges).

Anyone have any good pointers (links etc) for more information, or even
better, an simple implemention?

Mark well the other answers you got in this thread...

But if you're interested in an implementation, here's a variation of rot13,
namely ROT39:

// code start
public class Crypto
{
private final static int UPPER_LIMIT = 125;
private final static int LOWER_LIMIT = 48;
private final static int CHARMAP = 39;

public Crypto()
{
}

/**
* rot39 is a variation of the ROT13 algorithm,
* that also scrambles numbers and, most important in this
* case; xml-tags ("<", ">" & "/")
* @param - data, String to (de)scramble
* @return - The string in "data" in (de)scrambled form.
*/
public String rot39(String data)
{
try
{
byte[] buffer = data.getBytes("ISO-8859-1");

for(int iData = 0; iData < buffer.length; iData++)
{
int iCode = buffer[iData];
if((iCode >= LOWER_LIMIT) && (iCode <= UPPER_LIMIT ))
{
iCode+= CHARMAP;
if(iCode > UPPER_LIMIT)
{
iCode = iCode - UPPER_LIMIT + LOWER_LIMIT - 1;
}
buffer[iData] = (byte)iCode;
}
}
return new String(buffer, "ISO-8859-1");

}
catch( java.io.UnsupportedEncodingException e)
{
System.out.println("Unicode/ISO FuckUp!");
System.exit(-1);
return "";
}
}


public static void main(String[] args)
{
Crypto myCrypto = new Crypto();

String buf = myCrypto.rot39( "abcdefghijklmnopqrstuvwxyzæøå_<>='*'" );
System.out.println(buf);

System.out.println( myCrypto.rot39( buf ) );
}

// code end

 

[Dave Glasser]

2003 15:23:42 GMT in comp.lang.java.programmer:

Lol. No, you better not use ROT-13 for encryption, because the password is
present in the XML file. You can easily figure it out. It's a two way
'encryption' method like the Caesar key. (I though it died out with FIDO)

V nyjnlf gubhtug gur znva shapgvba bs EBG-13 ba Svqbarg jnf abg sbe
frphevgl, ohg gb cebgrpg crbcyr sebz "nppvqragnyyl" ivrjvat n zrffntr
pbagnvat bofpravgvrf be nqhyg fhowrpg znggre. Gurl jbhyq unir gb
rkcyvpvgyl qrpbqr vg, fb gurl pbhyqa'g pbzcynva gung vg whfg nccrnerq
ba gurve fperra bhg bs gur oyhr. Be fbzrguvat yvxr gung.

 

[dhek bhun kho]

2003 15:23:42 GMT in comp.lang.java.programmer:

V nyjnlf gubhtug gur znva shapgvba bs EBG-13 ba Svqbarg jnf abg sbe
frphevgl, ohg gb cebgrpg crbcyr sebz "nppvqragnyyl" ivrjvat n zrffntr
pbagnvat bofpravgvrf be nqhyg fhowrpg znggre. Gurl jbhyq unir gb
rkcyvpvgyl qrpbqr vg, fb gurl pbhyqa'g pbzcynva gung vg whfg nccrnerq
ba gurve fperra bhg bs gur oyhr. Be fbzrguvat yvxr gung.

Vs lbh arire urneq bs vg, lbh jbhyqa'g unir gur snvagrfg vqrn bs ubj gb
'qrpelcg' vg. Ohg vg fgvyy vf rapelcgvba. Jung'f gung cebtenz pnyyrq
ntnva.. TbyqRq be GvzRq (V yvxrq gung bar). Ohg gur dhrfgvba jnf jurgure
lbh jbhyq nccyl vg gb n cnffjbeq va n KZY svyr. V jbhyqa'g pelcg n
cnffjbeq va EBG-13: jung'f gur frafr bs n cnffjbeq vs lbh qba'g gerng vg
nf fhpu?

Terrgf
Ouha.

 

[Dave Glasser]

Vs lbh arire urneq bs vg, lbh jbhyqa'g unir gur snvagrfg vqrn bs ubj gb
'qrpelcg' vg. Ohg vg fgvyy vf rapelcgvba. Jung'f gung cebtenz pnyyrq
ntnva.. TbyqRq be GvzRq (V yvxrq gung bar). Ohg gur dhrfgvba jnf jurgure
lbh jbhyq nccyl vg gb n cnffjbeq va n KZY svyr. V jbhyqa'g pelcg n
cnffjbeq va EBG-13: jung'f gur frafr bs n cnffjbeq vs lbh qba'g gerng vg
nf fhpu?

V erzrzore TbyqRq. V hfrq gb hfr na bssyvar ernqre pnyyrq Fvyire
Kcerff ol Urpgbe Fnagbf. Naq sbe vgf cyhttnoyr rqvgbe V hfrq DRqvg,
juvpu yngre, V guvax, orpnzr gur Frzjner rqvgbe. Obgu cebqhpgf, V
oryvrir, ner ybat tbar abj. Nu, zrzbevrf...

 

[Bent C Dalager]

Vs lbh arire urneq bs vg, lbh jbhyqa'g unir gur snvagrfg vqrn bs ubj gb
'qrpelcg' vg. Ohg vg fgvyy vf rapelcgvba. Jung'f gung cebtenz pnyyrq
ntnva.. TbyqRq be GvzRq (V yvxrq gung bar). Ohg gur dhrfgvba jnf jurgure
lbh jbhyq nccyl vg gb n cnffjbeq va n KZY svyr. V jbhyqa'g pelcg n
cnffjbeq va EBG-13: jung'f gur frafr bs n cnffjbeq vs lbh qba'g gerng vg
nf fhpu?

Terrgf
Ouha.

 

[Bent C Dalager]

Vs lbh arire urneq bs vg, lbh jbhyqa'g unir gur snvagrfg vqrn bs ubj gb
'qrpelcg' vg. Ohg vg fgvyy vf rapelcgvba.

Gur grez "rapelcgvba" graqf gb or erfreirq sbe grpuavdhrf gung unir
fbzr ebohfgarff ntnvafg nggnpx. Guvf jbhyq graq gb rkpyhqr ebg-13,
juvpu vf zhpu gbb anvir gurfr qnlf naq gurersber zber cebcreyl
ersreerq gb nf na rapbqvat grpuavdhr.

Cheers
Bent D

 

[Thomas Weidenfeller]

LOL. But if you are using Google and never heard of it, then it still
is effective.

No, it is not. A simple statistical analysis of the encrypted text will
reveal that the symbols have the same distribution as characters in a
normal, unencrypted text. With that knowledge it is trivial to
calculate the offset of characters, or one could even try all offsets.

/Thomas

 

[Dale King]

(e-mail address removed) (Orag P Qnyntre), Fng, 12 Why 2003 07:22:38 +0000:

YBY. Ohg vs lbh ner hfvat Tbbtyr naq arire urneq bs vg, gura vg
fgvyy vf rssrpgvir. Gur HF qvq fbzrguvat yvxr gung jvgu fbzr 'pbqr' onfrq
ba n qrnq ynathntr, be jnf gung whfg n zbivr? V guvax boshfpngvba vf n
orggre jbeq vafgrnq bs pnyyvat vg rapelcgvba. Ohg url vg whfg abzrapyngher
naq n avpr rkphfr gb cbfg.

Decoding part of that:

LOL. But if you are using Google and never heard of it, then it
still is effective. The US did something like that with some 'code' based
on a dead language, or was that just a movie?

It wasn't a truly dead language, but it did happen AND was a movie. In
WWII they used Navajo as the language. It was not always a straight
translation so even if you knew Navajo, you did not necessarily know what
they were talking about. Since Navajo did not have words for a tank, for
example, they might use the Navajo word for turtle. The Navajo code was
supposedly the only one never broken by the Japanese.

It was a movie last year with Nicolas Cage:
http://www.mgm.com/windtalkers/

 

[Jon A. Cruz]

It wasn't a truly dead language, but it did happen AND was a movie. In
WWII they used Navajo as the language. It was not always a straight
translation so even if you knew Navajo, you did not necessarily know what
they were talking about. Since Navajo did not have words for a tank, for
example, they might use the Navajo word for turtle. The Navajo code was
supposedly the only one never broken by the Japanese.

The US did that with other native american languages during World War I
(Choctaw at least). I've read that after the war a some foreign
anthropologists decided to come study native americans and their
languages...

I think Comanche were also involved in WWII, in addition to the Navajo.