public/private key encryption and caesar cipher

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
IceX
Forum Newbie
Posts: 2
Joined: Wed Apr 14, 2010 3:18 pm

public/private key encryption and caesar cipher

Post by IceX »

Hi,

Wasn't sure whether this shouldve gone in securty or here, so put it here since I'm stuck on the basics even. I am new to encryption and have read a lot but still don't know what I'm doing. Just to clarify when using the keys is it just for a handshake between the client and server to allow access or does it affect the caesar cipher as well? because after looking at some examples I still don't have much of an idea.

I have seen many examples of caesar cipher encryption/decryption but none of them use a public/private key with it. I am supposed to use the key (randomised one) along with the caesar cipher but am not sure how to implement it.

For example if I had the outcome of a key of 32 would the client and server just say its okay to go ahead or would it affect the caesar cipher which I would have shifting by 1 as in a=b b=c c=d and a sample caesar value would be hppe for good. When encrypting from the client to the server do I just send 'hppe' after both the client and server agree on the key value of 32, or do I use the key value of 32 and change the caesar shifted value of hppe even more?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: public/private key encryption and caesar cipher

Post by kaisellgren »

IceX wrote:I have seen many examples of caesar cipher encryption/decryption but none of them use a public/private key with it.
Caesar cipher is a symmetric cipher. Public key ciphers are asymmetric like RSA and ElGamal.
IceX
Forum Newbie
Posts: 2
Joined: Wed Apr 14, 2010 3:18 pm

Re: public/private key encryption and caesar cipher

Post by IceX »

ah thanks for clearing that up, but I am still a little confused, because in an assignment I had to do, I was required o do a static key based caesar cipher, and I thoguht that the static key just meant the shifting key which i had with the value of 1 where it'd be like caesarEnc(message,1) & caesarDec(message,1). However I still lost marks for 'no key value' referring to the static key.

Is it a different key they were talking about or would I have implemented the key wrongly? This is confusin gme because I have to do a randomized key based on a random value next for the caesar cipher, would they mean the shifting key in this case?

Also it says I need to make a protocol for 'key agreement between client and server', so would I need to make the client and server agree on that shifting key?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: public/private key encryption and caesar cipher

Post by kaisellgren »

Is this PHP related at all? I think you would be much better off at http://forums.devshed.com/security-and-cryptography-17/ than here.
IceX wrote:I thoguht that the static key just meant the shifting key
I believe the static key here refers to a password. Instead of using a shift key, you'd use a password. So, no rotation of 3, you would use a varying value.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: public/private key encryption and caesar cipher

Post by Mordred »

Caesar does a simple substitution, it can be trivially broken using frequency analysis. If it's for an assignment, that's okay to study, but do not use in production code in any way.

If you also have to do a keyed variant of Caesar and do a real key agreement, maybe that's the connection between the caesar and the public/private key: one would normally use asymmetric crypto for key exchange, and then use the key for symmetric crypto (which is generally faster).

Again, doing so with Caesar or any other of the historical ciphers is only fun to study, but not to actually use in production, so don't do that.
Post Reply