Hello~
I think your implementation looks so cool (especially the C code) that I had to take a closer look~ After some random tests, k
(https://github.com/initbar/stypr_crypt/blob/master/crypto.py#L5) might need a different generation (other than random.randint(1, 1024)
).
I think the problem is that since the random pool is coded with tight bounds (1024
), a collision can occur as little as 38 iterations. However, weird thing is that even with a small tweak (above) to increase the upper bound from 1024
to 2**32
, it seems like I can always hit a collision within <2048 iterations (most certainly at 2048 - 1
).
Since stypr_encrypt('a')
predictably generates a length 10 block (+6
with additional characters), using the relationship between length and additional characters, an assumption can be safely made that length 10 block must contain only 1 character (and 16 == 2 characters
, etc.). Which, even if the stypr_decrypt()
wasn't available, since exhausting all blocks with length 1 (i.e. [A-Za-z0-9]
) is super fast (based on the implementation), I think finding a collision and asserting that the plaintext found without proper decryption is computationally feasible (code below):
from crypto import * # stypr's crypto
def get_collision(k):
H = []
a = k
r = 2048
for i in xrange(r):
H.append(stypr_encrypt(a)[4:10][::-1])
if len(set(H)) < i: break
return i
print get_collision('a')
Result: