Security Information Vulnerability Research Security Blog

Cryptoogle – Google One Time Pad Encryption

December 27th, 2005 by , Filed under: Encryption, Google

Cryptoogle is a new kind of encryption developed by the frozenbill, JaggedEdges or Gnome (whichever you know him by, it’s all the same person). Cryptoogle is designed to serve as an algorythm for securing data and putting a time-bomb on it. Whatever key you choose gets put through a Google query. Cryptoogle then assembles the results and uses this compilation as a key in a Blowfish cipher on whatever data you want to hide. The decrypter works exactly in reverse. This simple algorythm can protect your data far more than a normal cipher can.

Basically, the results returned by Google are used as a One Time Pad. But since the results found now, and in a few minutes/hours/days would be different, the original One Time Pad will be eventually lost. How effective is it? Very; this kind of Temporary One Time Pad seems to be quite secure, though its content is not very random. How long does it last? my tests varied depending on the Key used for the Google search, words like ‘google’, ‘microsoft’ lasted at least a few hours (they may still work now), while more common words like names of people lasted a few minutes.

BTW: I have seen more than once that the key didn’t work on one attempt, while it worked on another attempt… Google’s results appear to vary from request to request… could be that the Ads are affecting this as well?

Also I noted that writing a long sentence as the key, i.e. causing Google to return a single hit, was most effective in keeping the decryption working hours after the encryption took place.

(Thanks to WhiteAcid for pointing out this website)

Share
  • sunshine

    OK, I am about to lose my bet. When is whiteacid going to ask for a blog here? :)

    We want you! Join our family.

  • dmitryc

    I wonder if he will support using google advanced queries? For instance, using a query like:

    intitle:”blah blah blah”

    yields

    Fatal error: Call to a member function on a non-object in /home/gnome/public_html/cryptoogle/encrypt.php on line 51

    As Noam mentioned, the key (no pun intended) to extending the encryption time is to use a google string that returns a single hit. If you own your own website, you could effectively be managing your own keys….i.e. delete the page which can be uniquely queried on google and you delete your private key…so, I guess another factor would be how long pages remain in the *google* cache before being removed…I’m rambling….cool idea.

  • http://www.whiteacid.org WhiteAcid

    It should support any valid google search (probably even define:xxx) as it uses the google API. You can email the guy and he’ll send you the source. Actually I have a copy of it so I can upload it if you want.

    I really love the idea but it’s fairly obvious it’ll neved go into popular usage. The time for the key to change is unpredictable, which would be a major nuisance.

    I did think about asking for a blog space, but I have whiteacid.org for that purpose so I don’t need one here.

  • sunshine

    Most of us have blogs elsewhere. We talk about security here, and to a security audience. :)

  • Blah

    A one time pad requires absolute randomness. Using the english language as the key removes this and violates one of the principles of a one time pad. Straight away people would attack the fact that english has e as its most frequent character. Might sound like im being pedantic but people use the phrase one time pad without really thinking/understanding about it. Its an interesting idea for encryption but i disagree with the phrase “protect your data far more than a normal cipher can”.

  • ren and/or stimpy

    Dude WhiteAcid blogging is not about the poster nor the blogging space, its all about us, the readers :)

    May the force be with ya, expecting you to write something (on this blog too)

  • Pingback: Cryptoogle — Firman Pribadi

  • Share







  • Categories


Security RSS Subscribe