Hi guys, i'm not quite sure if flash supports this line of code. Generally can flash support sub classes written inside of flash? How do i actually write an encypted message?
Here's a lazy quickie code that won't work but juz showing how an idea might start ???
num = 1234567890;
//
function genchr () {
do {
num = rannum();
} while ((num > 57 && num < 65) || (num >90 && num < 97));
char = chr(num);
return char;
}
//
function gencrypt () {
mt_srand = Math.random(1)*1000000;
num = mt_rand(46, 122);
return num;
a = genchr();
b = genchr();
salt = a$b;
return salt;
}
gencrypt();
crypted = salt;

i don't know if you're aware that the original RSA algorithm has been released as public domain. here's a good page which explains how it works step by step:

http://www.orst.edu/dept/honors/makmur/index.html

it should be dead easy to port to Flash as the scripts used there are javascripts (same syntax ;)

the only limitation in flash is the limit of operations carried out per frame. this won't allow you to work with big primenumbers as keys and therefore won't give you true security.

mail me off-list, if you need more help!

toxi.

Thanks alot toxi!
You're a great help! :)

i juz went to the site but could not get the encryption part to work. it returns a NAN value... Have you tried it?

ryan,

it returns a NAN? which function does? i tried it all and turned it successfully into a complete flash version...

here's a basic flash 4 version, fully functionable: http://www.toxi.co.uk/zips/rsa.zip

this is really basic stuff, but should scare off the punters to try to crack your encrypted text. to make it more secure, you could introduce CRCs (checksum) - i.e. easily to achieve by XOR-ing each character with its precessor or pre-scramble your message with an offset encryption before sending it to the RSA one.

the flash file also contains a function to find prime numbers, just in case you can't think of any... ;)

hth,
toxi.

Hi Toxi,
ok now i understand what they mean,
i'm new to these stuff so sorry if i took abit
of time to understood it.
Thanks for your help.
I will get down to write my own encrypt and decrypt function soon.
Keep you guys posted. ;)

don't be afraid of the math involved, but RSA encryption is one of the most secure ones as it's based on a one-way function and is used by the https: protocol of your browser.

the only weak point is to keep your private key private, on the other hand everyone can know your public key half.

also, have a look at this site about PGP encryption. really good explanations of this famous algorithm and cryptography in general:

http://www.pgpi.org/doc/pgpintro/

good luck man!

toxi.

hehe, thats some real nice work :)
what do u wanna use it for flashmove? this thmetic seems to get really hot over the last few years. i also saw some flash forms using high impact rsa algorythms for datatransfer.... so u just got to get round limit of equations using several frames for calculating.
but it's working...

for all interested, here's a simple but quite powerful function for XOR encryption:
encoded=XOR("hello world! that's XOR encryption","SW6 5HJ");
trace(encoded);
message=XOR(encoded,"SW6 5HJ");
trace(message);
stop();

function XOR(tMsg,tKey) {
tEncoded=""
tKeyIndex=0;
for (i=0; i&lt;tMsg.length; i++) {
tEncoded+=chr(tMsg.charCodeAt(i)^tKey.charCodeAt(t KeyIndex));
tKeyIndex++;
if (tKeyIndex==tKey.length) tKeyIndex=0;
}
return(tEncoded);
}

XOR stands for the logical ‘exclusive or’ function, and we will have to understand this function if we are to understand how our new encryption scheme works. in a regular OR test we compare statements of the form a OR b, and the result is TRUE if any of the constituent statements is TRUE. so, for example, if statement a is TRUE, then the whole statement is TRUE, if b is TRUE then the whole statement is TRUE. in fact, the whole statement, a OR b, is FALSE if and only if the both statements a and b are FALSE.

the XOR function works in a similar way but with one
qualification – an eXclusive OR function evaluates to TRUE when either of the constituent statements is TRUE, but not if both are TRUE. in other words, a XOR b is TRUE if a is TRUE or b is TRUE but not if both a and b are FALSE or both are TRUE.

in practical terms this means c=a XOR b and in reverse a=c XOR b or even b=c XOR a. therefore we can use the same function for both encryption and decryption - AS LONG AS we make sure that a never equals b!!! if a and b are equal the result is 0 and therefore will create corrupted results.

so make sure the characters used in your message string are different to the ones of your key phrase. that's easy to achieve (see example).

have fun!

btw. if you're planning to send encoded strings to a server, i advise do an escape() call with the encrypted string as the XOR encryption creates lots of unprintable characters...

toxi.

that's a wonderful code toxi,
Did you write this code?
It seems to be feasible in flash 5!
Should this almost be hack proof?

i've been doing some research on encrypt and it seems that perl has this encrypt function they claim to be impossible to decrypt.
$encrypt = crypt TEXT, "MM";
can it be hacked?

also here's some documentation on js encrypt i thought might be useful.
http://pajhome.org.uk/crypt/md5

hi ryan,

i'm sorry, long time no sight of me here ;) will change again....

as for MD5 - it's not really an encryption method but a digital signature used to "sign" or stamp documents. it's a much harder technique than CRC or other checksum techniques....

simply, there's no unhackable encryption method so far (maybe excluding quantum processing - don't know enough about it yet...) all you can and should do is trying to make it as hard as possible within a reasonable context. it might be a bit of overkill to encrypt a score of a easypeasy online game, at the same time it might be essential when you can win shithot prizes in the game....

toxi.

welcome toxi, really thanks for helping me out with the encryption method. wish i had more time to try it out in flash. :P

will continue on my research and ah... what about some application like asv or something like flash debugger could be listening in the background while the game is being played.
perhaps then the effort to encrypt it would be futitle?

ok i also recoded a bit of that stuff md5 and rsa r available but generating the primes needs more time in flash than loading a list from primes from a server...
2nd the decryption this has lasted 4 hours with a 32 bit's key so using it just generate short keys which also expire after usage and use of dynamic urls keeps it save.
but such a key is good enough for exchangching something else... a symetric key... up to 256 bits of length...
decryption should run on an extra movieclip... im still trying to improve the speed of the code...