Cryptography experts have proven long ago that ROT-13 is weak against simple brute-force attack. But it turns out that there is also a little-known security hole in ROT-26, which allows a sophisticated eavesdropper to read the message WITHOUT EVEN KNOWING THE PASSWORD.
Cryptography experts suggest, for robust security, the use of at least ROT-39 encoding should be encouraged. This takes a minimum number of log_2[2^39] tries to decode by brute force.
Some experts have suggested that ROT-39 shares the same security hole as ROT-13, but I don't believe I've seen that result confirmed in peer-reviewed literature.
Wow, I had never heard about the security hole in ROT-26.
Personally, I think I'll skip ROT-39 and go straight to the state-of-the-art ROT-52, if for no other reason because the attackers are still trying to break ROT-39!
You can preserve the existing encryption engine by simply using more rounds. The 2-round version has been broken, so cryptographers recommend using the full 16 rounds, as is done in other encryption systems.
ROT-N is in general subject to a brute force attack. It's a relatively difficult O(N) transformation but computers able to do these calculations quickly have become more affordable over time. Today most adversaries have easy access to the necessary TRS-80 home computers.
The solution as I see it is to rely on the tried and true security-through-obscurity approach. As an example, I make sure all of my posts are always full of gibberish and incomprehensible ideas. This way when the message is decoded the a
I'm afraid that your information is out of date, with the progression of Moore's Law, even ROT-39 now fails to today's botnet based distributed key cracking apps, i recommend using 128-bit ROT keys (or even-256 bit ROT keys for super secure data) despite the performance impact requirements.
Using just ROT-128bit (aka ROT-3.40282367e38 or ROT-340,282,367,000,000,000,000,000,000,000,000,000,000) should keep your data secure for years.
svefg cbfg (Score:5, Funny)
Second post (Score:3, Funny)
The joke is on Slashdot, I for one have been using ROT26 for several years already.
Re: (Score:3)
I prefer ROT104, myself. It disorients the text more than ROT26, making it easier to handle.
Re: (Score:2)
Y'all are wusses. ROT-1053 or nothing.
Warning! Security hole in ROT-13 and ROT-26! (Score:5, Insightful)
Cryptography experts have proven long ago that ROT-13 is weak against simple brute-force attack. But it turns out that there is also a little-known security hole in ROT-26, which allows a sophisticated eavesdropper to read the message WITHOUT EVEN KNOWING THE PASSWORD.
Cryptography experts suggest, for robust security, the use of at least ROT-39 encoding should be encouraged. This takes a minimum number of log_2[2^39] tries to decode by brute force.
Some experts have suggested that ROT-39 shares the same security hole as ROT-13, but I don't believe I've seen that result confirmed in peer-reviewed literature.
Re:Warning! Security hole in ROT-13 and ROT-26! (Score:5, Funny)
Wow, I had never heard about the security hole in ROT-26.
Personally, I think I'll skip ROT-39 and go straight to the state-of-the-art ROT-52, if for no other reason because the attackers are still trying to break ROT-39!
Re: (Score:3)
Wow, I had never heard about the security hole in ROT-26.
It's not a bug, it's a feature!
Simpler solution (Score:2)
You can preserve the existing encryption engine by simply using more rounds. The 2-round version has been broken, so cryptographers recommend using the full 16 rounds, as is done in other encryption systems.
Re: (Score:2)
ROT-N is in general subject to a brute force attack. It's a relatively difficult O(N) transformation but computers able to do these calculations quickly have become more affordable over time. Today most adversaries have easy access to the necessary TRS-80 home computers.
The solution as I see it is to rely on the tried and true security-through-obscurity approach. As an example, I make sure all of my posts are always full of gibberish and incomprehensible ideas. This way when the message is decoded the a
Re: (Score:2)
Using just ROT-128bit (aka ROT-3.40282367e38 or ROT-340,282,367,000,000,000,000,000,000,000,000,000,000) should keep your data secure for years.
Re: (Score:2)
To make rot13 stronger, just encrypt it twice.
Re:Second post (Score:5, Funny)
Re: (Score:2)
Re:Second post (Score:4, Funny)