The idea is that you could have your data stored encrypted, such that the entity that is storing your data can’t read any of your data, but can still make calculations or updates to your data without ever learning anything about your data.

The use cases seems rather narrow to me, but there are probably many that I just can’t think of at the moment.

One idea could be something like a VPN service that wants to store as little data about the customer as possible. They could keep the account balance in an encrypted format. When you then add money to the balance, they can increment your balance by however much you paid, without knowing what your old balance was or what the new balance is. And they could then have another homomorphic function that can check whether your balance is positive. If your balance is positive you are allowed onto the service, if it’s not positive you don’t get access. And the company wouldn’t be able to know whether you had $5 in your account or $5000, just that your balance is currently positive.

So yeah fundamentally it’s just being able to store and update some data, while the data is fully encrypted, never decrypting the data, to ensure some form of privacy or confidentiality

I agree that = for “not equal” is an abomination.

Damn… The more I hear about stuff like this the more I like the Danish police and traffic laws… They certainly aren’t perfect, but man is most of the rest of the world a shit show when it comes to that.

In Denmark 3 km/h above the limit can get you a ticket. 30% above will get you a “point” to your drivers license and a much larger fine. 60% above and you will immediately lose your license and a large fine or potentially prison.

A “point” stays on your license for 3 years, and it you get 6 cuts, you lose your license.

I haven’t heard of anyone keeping their license “because they needed it”… You just have to bike, or take public transport.

You also get a point for many other offenses, such as using a handheld phone, crossing on red, tailgating, driving the wrong way, or many other things.

The first 3 years after getting your license, the limit is lower at 4 points, and if you lose your license and get a new license the limit is only 3 points.

Oh yes… I’ve printed a bunch of train track parts that doesn’t exist otherwise…

For example this piece to go up and down from a carpet is indispensable: https://www.thingiverse.com/thing:4359335

And you can never have too many of these: https://www.thingiverse.com/thing:3325875

Upper lip or lower lip?

The right tool for the right job ¯\(ツ)/¯

Unittest in Python, enjoy! If you pass it with a function like the one in OPs picture, you have earned it.

import unittest
import random

class TestOddEven(unittest.TestCase):
    def test_is_odd(self):
        for _ in range(100):
            num = random.randint(-2**63, 2**63 - 1)

            odd_num = num | 1
            even_num = num >> 1 << 1

            self.assertTrue(is_odd(odd_num))
            self.assertFalse(is_odd(even_num))

    def test_is_even(self):
        for _ in range(100):
            num = random.randint(-2**63, 2**63 - 1)

            odd_num = num | 1
            even_num = num >> 1 << 1

            self.assertTrue(is_even(even_num))
            self.assertFalse(is_even(odd_num))

if __name__ == '__main__':
    unittest.main()

I gotta ask, what is it you want that the installer doesn’t provide?

You are correct for regular hash functions, but a cryptographic hash function has stronger requirements.

MD5 was supposed be a cryptographic hash function, but it was found to be flawed all the way back in 1996, and has been discouraged ever since… Now it’s too weak to be used in a cryptographic setting, and too slow to be used in non-cryptographic settings.

This is why hashes like xxhash is considered a non-cryptographic hash function, while SHA-256 is considered a cryptographic hash function.

Oh shit! You are completely correct… I looked up my math, and apparently I put a mutiplication sign instead of a power-of sign…

That’s horrifically wrong, but as you mention, still not strong enough…

I have struck out the parts where I was wrong.

Cryptography is the practice of hiding and protecting information.

Modern cryptography is about computer algorithms.

These computer algorithms are notoriously hard to invent, and even just to implement.

Cryptography is a constant cat and mouse game. Some people will attempt to build new algorithms, and some people will be trying to break these algorithms. In some situations people are doing this benevolently, where researchers will look for weaknesses so they can be fixed. In other situations people are malicious and an looking for weaknesses to exploit them.

Inventing a new algorithm usually takes years, and then it’s researched for even more years to make sure there are no obvious weaknesses.

Then people implement these algorithms and these implementations are the again researched for long times to look for weaknesses.

Inventing a new algorithm is insanely hard, and only a rather small amount of people around the world has had decent success.

But even if you have a good algorithm that is theoretically secure, then when you try to implement it in actual code, it’s again incredibly easy to make mistakes that completely undermine the security.

What the OP did was to try to invent a new algorithm. OPs algorithm is very flawed and easily broken. Then OP wrapped it in a Web page that purported to allow you to securely encrypt something. And used words like “crazy strong encryption” which could lead others to think the service is safe and secure, and rely on it for something critical, only for their security to be utterly compromised.

The mantra in the security community is “Don’t roll your own crypt”, and OP rolled their own crypto, and failed, without giving a proper disclaimer.

So this basically runs key derivation by taking the password, SHA-256 hashing it, and feeding the result to a SecureRandom. Then XORs the output of SecureRandom with the plaintext in CBC mode with a block size of 1 byte… CBC meant this isn’t protected against tampering, since the encryption mode isn’t authenticated. And the blocksize of 1 byte, means you can attack each character of the ciphertext one at a time.

This is a woefully inadequate key derivation, and the actual encryption seems fairly flawed. I only have a basic Cryptography 101 course under my belt, and while I don’t have the skill to obviously break it, it absolutely makes the hair on my neck stand up…

Discounting any weaknesses in the actual crypto, the heaviest part of this algorithm is the actual SHA-256 hash, and with some tweaking, I’m sure someone determined could modify hashcat to attack this encryption directly. I just had a look at some Hashcat benchmark on an AWS p5en.48xlarge instance, which has 8x Nvidia H100 GPUs. These together can churn out 126.9 Giga-hashes per second on SHA-256. Which means it can try ALL alpha-numeric passwords with 12 characters in just around 0.59 nanoseconds. This instance isn’t cheap, as it costs around $64 per hour to run, but at that speed you don’t have to run it for very long anyway.

So even at the worst-case, of having to brute-force your XOR encryption algorithm, breaking it will be trivial.

Please don’t roll your own crypto… Or if you do, please make it very clear to anyone that it’s your own hobby project, and that it shouldn’t be relied upon for actual security.

EDIT: apparently I can’t operate a calculator

These DDOS for hire services make use of hacked machines as botnets to perform the DDOS attacks.

So while the people paying for the service didn’t hack anything, the people performing the DDOS certainly did.

I think the key word here is “unknowingly”… I don’t think Trump will get us into WWIII “unknowingly”…

“intentionally” seems like a more fitting word for what Trump is up to.

Wouldn’t bright pink be even better?