Key:   (Control characters & extra spaces will be removed.)                
Cryptography (from the Greek kryptos, meaning "hidden") is the study of techniques that hide the meaning of a message. Cryptology is the name for the larger science that combines cryptography and cryptanalysis. Ciphers substitute letters for letters; codes substitute words for words. You need both algorithm (method) and key (dictionary) to encrypt and decrypt ciphers. The Vigenere Cipher is one of the great breakthroughs in cryptography. The one-time pad is a theoretically unbreakable method of encryption where the plaintext is combined with a random "pad" (Vigenere key) the same length as the plaintext. A mathematician named Claude Shannon proved that there is no mathematical attack on a cyphertext encrypted with a one-time pad.

Strong Cipher:                                                    

Message:   (Control characters & extra spaces will be removed.)
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way--in short, the period was so far like the present period, that some of its noisiest authorities insisted on its being received, for good or for evil, in the superlative degree of comparison only.

EZCipher:               (Note:   No key is required for the EZCipher.)

Simple Procedure For Encrypting A Message:

1. Click the "Clear All" button.
2. Type (or paste) a secret passphrase in the first text box. This is your "key" which is used to encrypt & decrypt the message.
3. Type (or paste) your message in the second text box.
4. Click the "Encrypt" button.
5. Copy the encrypted message & paste it into an email to be sent to the recipient.
6. The recipient pastes the message into the second text box, types the passphrase into the first text box, & clicks the "Decrypt" button.
7. Or use the EZCipher which does not require a passphrase/key. (If an attacker knows that you are using this web page, you need to use the strong cipher with a key/passphrase - because he can use this web page to decrypt the EZCipher.)

Tips For Maximum Security:

• Use a key only once - otherwise the encryption is weakened.
• Use a key that is about as long as the message (if possible).
• Keep the key secret (safe from intercept).
• Keep the algorithm (this web page) secret.
• If you type your message into the message box, your keystroke timing will generate random characters which will be used when you click the "Generate pseudo-random key" button. (See the roulette wheel below for details.)
• Keep the message as short as possible.
• If you use a cryptographic-quality random ASCII string as a key, the enciphered text should be a mathematically unbreakable one-time pad (OTP).

---

You can obtain cryptographic-quality random ASCII strings (for a key) here:

Perfect Passwords or True Random Characters

Or use this "roulette wheel" to generate your own random key/seed:   (Press any key slowly at irregular intervals.)

Length of random seed:     (Note: If the key/seed is at least 30 characters long, it will be used to make the pseudo-random number generator above less predictable.)

---

About This Web Page:

The Encrypter uses an improved version of the Vigenere Cipher (a "polyalphabetic shift cipher"). The Encrypter uses all 95 keyboard characters (unicode values 32-126) instead of the basic 26-letter alphabet. The algorithm expands the key to ensure that it is as long as the message. It also "randomizes" the key to eliminate language patterns & other obvious patterns. The Encrypter also "randomizes" the message in a complex way. (This will most likely defeat standard letter-frequency analysis. It also provides additional protection in case the passphrase is used more than once.)

A simple pseudo-random number generator (PRNG) is also provided to generate a pseudo-random key of unknown quality. [Note that the "roulette wheel" will significantly strengthen the PRNG. The roulette wheel is activated by any typing you do while on this web page.]

You can obtain a cryptographic-quality random key elsewhere as desribed above and in the Related Links section. If a high-quality random key is used, the result is a one-time pad (OTP). The OTP is mathematically unbreakable. In a sense, the OTP is the perfect cipher when properly implemented because all the keys are equally probable. It is impossible to tell if a key is correct even if it is found, and every probable message has a key which is just as likely as any other key. The OTP can never be broken regardless of future developments.

The Encrypter is strong enough for most purposes even if a plain-language passphrase is used. Of course, the passphrase should be carefully chosen to resist a brute force search & used only once. Most eavesdroppers would probably find it easier to exploit procedural weaknesses than to try to break the cipher. Care should be taken to adjust your procedures accordingly in proportion to the threat. Can the attacker obtain your passphrase/key? Could an eavesdropper obtain access to your computer? Can an attacker figure out that you used this website? These types of procedural issues are probably more important than the strength of the algorithm. These vulnerabilities can be reduced by using careful procedures. For example, you could encrypt the message on an "anonymous" computer. This would prevent an eavesdropper from finding the passphrase/key on your computer.

For most purposes, careful attention to computer security is adequate. There is a lot of information available about securing data. Even if your procedures are sloppy, your communication will be safe from people who don't have access to your computer. Most of all - it will be much safer than plaintext because an eavesdropper will have to go to a lot of trouble to decrypt it.

So, How Strong Is The Encrypter?

I have never tested The Encrypter - though I would like to test it through an open challenge. However, I believe that it is VERY strong at a minimum and probably unbreakable if the key is unpredictable enough (i.e. random enough). The major weakness of the Vigenere cipher has been reduced or eliminated (depending on your key choice) by the algorithm. A mathematical attack requires that the "key space" be reduced so that a brute force search is feasible. Even an attacker with massive resources (special computers) must find enough weaknesses in the key(s) to make a search feasible. A very unpredictable key & proper procedures will make the search impossible - like guessing the message itself. If your key is less than perfect or even poor, a massive search will still be required (by someone who has figured out the weaknesses from the available information).

It should also be noted that this algorithm is written in JavaScript (JS). Therefore, nothing you enter on the web page is transmitted over the internet. It is executed inside your browser. In fact, you can run The Encrypter on a computer that is not connected to the internet, as long as you have a copy of the web page files. Therefore, an attacker would have to compromise your computer or intercept the key when it is passed to the recipient.

It should also be noted that the EZCipher is not nearly as strong because it does not use a secret key. Anyone who knows about this web page can simply use the web page to decrypt the message. The EZCipher is designed for convenience. It eliminates the necessity of passing a secret key to the recipient. Having said that, it would still take a lot of "unscrambling" for an attacker who knew nothing about the algorithm.

According to Bruce Schneier: "The first rule of an...stream cipher, any of them, is that you should never use the same key to encrypt two different messages...If you do, you completely break the security of the system. Here's why: if you have two ciphertext streams, A + K and B + K, [K is the key] and you subtract one from the other, you get (A + K) - (B + K) = A + K - B - K = A - B. That's two plaintext streams combined with each other, and is very easy to break. Trust me on this one: you might not be able to recover A and B from A - B, but a professional cryptanalyst can..." While these comments are true, The Encrypter provides some protection when a key is reused. First, both messages (A and B) are "randomized" before the key (K) is added. Therefore, the cryptanalyst described above will end up with A'-B' where neither A' nor B' resembles plaintext. In addition, The Encrypter allows the sender & recipient to reverse the keys &/or shift them according to some secret arrangement. Shifted keys will not be removed by the attack described. Having said this, optimum strength is achieved by using a (good) key only once.

Related Links: History of Cryptography The Black Chamber Vigenere Square Vigenere Ciphers random.org Randomness for Crypto Perfect Passwords