I want to send secure data(strings) from a client to a server. This is what i think i want to do: Turn the string into a byte array "scramble" the bytes by putting them out of order in a specific way Serialize array of bytes inside of a class send the Encrypted and Serialized class to the server then the server would: Deserialize the class get the bytes for the string put the bytes in the right order make a string out of the bytes would this be a good way to Manually Encrypt data? Is this secure? Is it even worth the time trying to make a manual encrypter?

javaencryption

John

Reputation: 3797

Manual Encryption

I want to send secure data(strings) from a client to a server. This is what i think i want to do:

Turn the string into a byte array
"scramble" the bytes by putting them out of order in a specific way
Serialize array of bytes inside of a class
send the Encrypted and Serialized class to the server

then the server would:

Deserialize the class
get the bytes for the string
put the bytes in the right order
make a string out of the bytes

would this be a good way to Manually Encrypt data? Is this secure? Is it even worth the time trying to make a manual encrypter?

Upvotes: -1

Answers (3)

BRPocock

Reputation: 13914

Would this be a way to encrypt the data?

If you're just "scrambling" the data, no. It would be "trivially possible" to reconstruct the plaintext if it's just being scrambled. (This means the first time someone wants to read the data, they probably will, but if they're not trying too hard, they won't stumble across it by accident.)

On the other hand, if you're then running a "real" encryption algorithm over it, the scrambling adds a negligible degree of difficulty to the decryption, but you're relying upon a simple scrambling being sufficient to slow down someone who's just cracked the "real" encryption, which seems unlikely to be worthwhile.

You'd probably do far better to stick with a well-tested encryption mechanism designed by someone who does math with very large prime numbers for a living. Java's encryption framework lets you fairly easily implement a public/private key system, or a double-blind key exchange system; for example, you can just use HTTP-SSL for data exchange without much set-up on your part.

Upvotes: 2

James

Reputation: 9278

No, jumbling is not very goood. For a simple scheme you can build on check out the XOR operator.

Upvotes: 0

Michael Petrotta

Reputation: 60902

It sounds like you're trying to roll your own symmetric encryption scheme, using a fixed key (the "specific way" you're scrambling the bytes) known to both sides. There's no advantage to doing this over simply using a build-in encryption scheme with a known key, and substantial potential disadvantages. It takes just a small implementation mistake to create an opening that malign users can exploit.

Unless you do encryption for a living, you can't do better than what's out there, known, and proven in the field (AES is a good start). If security is important to you, don't try. If you want to experiment as a hobby, though, have fun.

Upvotes: 5

Manual Encryption

Answers (3)

Related Questions