Anybody mind to crack the encryption?

    iaEncryptionArray = {}; 
    iaDecryptionArray = {}; 
    caPassword = ""; 
    iPasswordLength = 0; 
    caText = ""; 
    caEncryptedText = ""; 
    iPasswordPosition = 1; 
  
    function addEncryptionPasswordChar(value) 
       iPasswordPosition = iPasswordPosition + 1; 
       if (iPasswordPosition > iPasswordLength) then 
          iPasswordPosition = 1; 
       end 
       output = value + string.byte(caPassword,iPasswordPosition); 
       if (output > 999) then 
          output = output - 1000; 
       end 
       return output; 
    end 
  
    function subsEncryptionPasswordChar(value) 
       iPasswordPosition = iPasswordPosition - 1; 
       if (iPasswordPosition < 1) then 
          iPasswordPosition = iPasswordLength; 
       end 
       output = value - string.byte(caPassword,iPasswordPosition); 
       if (output < 0) then 
          output = output + 1000; 
       end 
       return output; 
    end 
  
    function generateEncryptionPassword() 
       iPasswordHash = 0; 
       caOutput = ""; 
       for i=1, iPasswordLength, 1 do 
          iPasswordHash = iPasswordHash + string.byte(caPassword,i); -- char! 
       end 
       for i=1, iPasswordLength, 1 do 
          caOutput = caOutput .. string.char(iPasswordHash % string.byte(caPassword,i)); -- char! char! 
       end 
       return caOutput; 
    end 
  
    function stringSetChar(string,char,pos) 
       length = string.len(string); 
       if pos > length then 
          return string; 
       end 
       string = string.sub(string,1,pos) .. char .. string.sub(string,pos+1,length); 
       return string; 
    end 
  
    function generateEncryptionArray() 
       generateDecryptionArray(); 
    end 
  
    function generateDecryptionArray() 
       caEncryptionPassword = generateEncryptionPassword(caPassword); 
       for i=0, 999, 1 do 
          iaEncryptionArray[i]=NIL; 
       end 
       iPosition = 0; 
       n=1; 
       for i=0, 999, 1 do 
          n = n + 1; 
          if (string.byte(caPassword,n) == NIL) then 
             n=1; 
          end 
          iPosition = iPosition + string.byte(caEncryptionPassword,n) + string.byte(caPassword,n); 
          iPosition = iPosition % 1000; 
          while (iaEncryptionArray[iPosition]) do 
             iPosition = iPosition + 1; 
             if (iPosition >= 1000) then 
                iPosition = iPosition - 1000; 
             end 
          end 
          iaEncryptionArray[iPosition] = i; 
          iaDecryptionArray[i] = iPosition; 
       end 
    end 
  
    function encrypt() 
       generateEncryptionArray(); 
       iTextSize = string.len(caText); 
       iEncryptedTextSize = iTextSize*3; 
       caEncryptedText = ""; 
       aEncryptedText = {}; 
       for i=1, iTextSize, 1 do 
          value = string.byte(caText,i); 
          n=i*3; 
          if (value < 10) then 
             value = string.format("00%i",value); 
          elseif (value < 100) then 
             value = string.format("0%i",value); 
          else 
             value = string.format("%i",value); 
          end 
          aEncryptedText[(i-1)*3+1] = string.byte(value,1) - 48; 
          aEncryptedText[(i-1)*3+2] = string.byte(value,2) - 48; 
          aEncryptedText[(i-1)*3+3] = string.byte(value,3) - 48; 
       end 
       iCounter = 1; 
       iPasswordPosition = 1; 
       for runs=1, 32, 1 do 
          for i=1, iEncryptedTextSize, 1 do 
             iCounter = iCounter + 1; 
             pos1 = i; 
             pos2 = i+1; 
             pos3 = i+2; 
             if (pos2 > iEncryptedTextSize) then 
                pos2 = pos2 - iEncryptedTextSize; 
                pos3 = pos3 - iEncryptedTextSize; 
             elseif (pos3 > iEncryptedTextSize) then 
                pos3 = pos3 - iEncryptedTextSize; 
             end 
             local h = aEncryptedText[pos1]; 
             local z = aEncryptedText[pos2]; 
             local e = aEncryptedText[pos3]; 
             if not e then 
                caEncryptedText = ""; 
                return; 
             end 
             value = 100*h + 10*z + e; 
             value = iaEncryptionArray[value]; 
             value = subsEncryptionPasswordChar(value); 
             h = math.floor(value / 100); 
             value = value - 100*h; 
             z = math.floor(value / 10); 
             value = value - 10*z; 
             e = value; 
             aEncryptedText[pos1] = h; 
             aEncryptedText[pos2] = z; 
             aEncryptedText[pos3] = e; 
          end 
       end 
       caEncryptedText = ""; 
       for i=1,iEncryptedTextSize,1 do 
          caEncryptedText = caEncryptedText .. string.format("%i",aEncryptedText[i]); 
       end 
    end 
  
    function decrypt() 
       generateDecryptionArray(); 
       iEncryptedTextSize = string.len(caEncryptedText); 
       aEncryptedText = {}; 
       for i=1,iEncryptedTextSize,1 do 
          aEncryptedText[i] = string.byte(caEncryptedText,i) - 48; 
       end 
       caEncryptedText = ""; 
       iPasswordPosition = - (iEncryptedTextSize*32) - 1; 
       iPasswordPosition = iPasswordPosition % iPasswordLength + 1; 
       for runs=1, 32, 1 do 
          for i=iEncryptedTextSize, 1, -1 do 
             pos1 = i; 
             pos2 = i+1; 
             pos3 = i+2; 
             if (pos2 > iEncryptedTextSize) then 
                pos2 = pos2 - iEncryptedTextSize; 
                pos3 = pos3 - iEncryptedTextSize; 
             elseif (pos3 > iEncryptedTextSize) then 
                pos3 = pos3 - iEncryptedTextSize; 
             end 
             local h = aEncryptedText[pos1]; 
             local z = aEncryptedText[pos2]; 
             local e = aEncryptedText[pos3]; 
             if not e then 
                caText = ""; 
                return; 
             end 
  
             value = 100*h + 10*z + e; 
             value = addEncryptionPasswordChar(value); 
             value = iaDecryptionArray[value]; 
             h = math.floor(value / 100); 
             value = value - 100*h; 
             z = math.floor(value / 10); 
             value = value - 10*z; 
             e = value; 
             aEncryptedText[pos1] = h; 
             aEncryptedText[pos2] = z; 
             aEncryptedText[pos3] = e; 
          end 
       end 
       iTextSize = iEncryptedTextSize / 3 
       caText = ""; 
       for i=1,iEncryptedTextSize,1 do 
          caEncryptedText = caEncryptedText .. string.format("%i",aEncryptedText[i]); 
       end 
       for i=1, iTextSize, 1 do 
          n = (i-1)*3+1; 
          char = aEncryptedText[n]*100 + aEncryptedText[n+1]*10 + aEncryptedText[n+2]; 
          if char > 255 then 
             caText = ""; 
             return; 
          end 
          caText = caText .. string.char(char); 
       end 
    end 
  
    function encryptString(caTextInput,caPasswordInput) 
       if not caTextInput or not caPasswordInput then 
          outputDebugString("NIL or FALSE values given!"); 
          return nil; 
       end 
       caText = caTextInput; 
       caPassword = caPasswordInput; 
       iPasswordLength = string.len(caPassword); 
       encrypt(); 
       return (caEncryptedText); 
    end 
  
    function decryptString(caTextInput,caPasswordInput) 
       if not caTextInput or not caPasswordInput then 
          outputDebugString("NIL or FALSE values given!"); 
          return nil; 
       end 
       caEncryptedText = caTextInput; 
       caPassword = caPasswordInput; 
       iPasswordLength = string.len(caPassword); 
       decrypt(); 
       return (caText); 
    end 

It encrypts stuff, so you can i.e. send it client side and let the client save the stuff.

Do you think you can break it?

or just use https://wiki.multitheftauto.com/wiki/Md5

encrypted text <-> text is a 2 way street.

encrypted text -> md5 is a 1 way street.

Also, md5 is old - replace it by SHA or SHA2

Little hint, its 500 Euro now.

To break the code.

You have my attention.

Is it even possible to decrypt? The encryption uses a password to generate the code, without it you're basically screwed

Is it even possible to decrypt? The encryption uses a password to generate the code, without it you're basically screwed

What I want to do is to check if my encryption really needs a password to be decrypted, I want to know how secure it is.

After all I use it to encrypt client data on the client, in other words I store stuff client side, encrypted, of course.

Its pretty boring if you got the password

Maybe I'll post the plain text and you'll have to find out the password.

A good encryption doesn't give the password even when you have the plain text.

If one of the MTA crew cracks it, I'm giving MTA the 500 Euro.

Alright, I'll try to crack it Save that 500€ for me lol

For the case you are trying bruteforce, the password is longer then 10 digits and pretty random.

Is the plain text an English phrase of some sort?

The plain text is in English and no nonsense.

The intention of this encryption is to have an encryption that is based on very simple math so ANY scripting language can implement it.

So, how is it going

1 Month later exactly people gave up

I showed this to someone who knows their encryption, and they reckoned it looked fairly good. Both he and I agreed that the code is pretty nasty and does some pretty silly things (some that potentially make it less secure), but that it does enough things to compensate for those mistakes.

Quite why you wouldn't just use an existing tried-and-tested algorithm, I don't know. Lua is Turing complete.

Because this one is faster than making a triple-DES implementation in LUA.

Also implementing already existing stuff is no-brain.

Also, I build the algorithm on the three steps: shuffle, substitute and shift.

The only thing you know is that it DOES those three steps, but not HOW.

Cracking an algorithm that shuffles is easy.

Cracking an algorithm that substitutes is easy, too.

Cracking an algorithm that shifts is easy, too.

But, until now no one has cracked an algorithm that uses all three of them done after each other, because cracking one of those three mostly is a probabilistic problem. Make the first output look random, and you have a good chance no one can crack it after you did the second round.

Yep, that's basically the conclusion we came to.

From memory, some of the stuff to do with how the password was generated seemed sub-optimal - it reduced the range of values more than it needed to. I'll have a look at it again if I get a moment and be more helpful.