66.

Constructing an Enciphering Program

Now that you have reviewed the operation and utilization of the BASIC RANDOMIZE statement, the RND function, and the equivalent C++ statement, you have the foundation that enables you to construct enciphering programs which will use the built-in BASIC random number generator and the equivalent C++ statements. However, since that random number generator is available to anyone who has a computer and appropriate software, an intercepted enciphered message could be easily deciphered if you simply use a numeric value for selecting an available random number seed. This is because there are a limited number of random number seeds from which you can select in comparison to the number of combinations obtained by mixing up an alphabet. Prior to creating your random number-based enciphering program, first focus your attention upon extending the random process to obtain a much larger series of possible enciphering combinations.

Extending the Random Process

As previously mentioned in this chapter, the BASIC random number seed varies from -32768 to 32767, providing a total of 65,536 random number sequences (remember that a seed value of 0 also produces a sequence). Therefore, a person who intercepts or otherwise obtains a copy of your enciphered message can decipher that message by trying each random number seed. This obviously takes some time; however, it subjects the contents of your enciphered message to decipherment through the use of a well-known maximum number of decipherment attempts.

There are numerous methods you can consider to extend the level of security in using BASIC’s and C++’s random number generators. For example, to obtain an additional level of security you can consider using two key numbers in your encipherment and decipherment process. The first key number, as previously explained, selects the random number seed. The second number would either directly or indirectly set the beginning location in the random number sequence selected. This process could theoretically result in an infinite number of combinations an unauthorized person might be faced with during an illegal decipherment process.

The top of Listing 6.9 contains a routine designed to generate random numbers between 0 and 25 based upon a defined seed and location within the selected seed. The bottom portion of Listing 6.9 shows the results obtained by executing the program three times. In examining Listing 6.9, note that each time the program was executed, the same seed was executed, but the position in the seed was changed by the use of a FOR-NEXT loop in which the statement dummy=RND is executed x times, where x represents the value of the location in the seed. The first random number considered for use by the program is located at position x+1 in the selected seed.

Listing 6.9 The routine to generate a random number sequence based upon a defined seed and a location in the seed.

 REM routine to generate random numbers between 0 and 25 REM based on a defined seed and location in the seed start: INPUT “Enter your key numbers separated by commas: “, y, x        RANDOMIZE (y)        FOR i = 1 to x: dummy = RND: NEXT I        FOR i = 1 to 75        x = INT(RND(i) * 100)        IF x > 25 THEN GOTO skip        PRINT x; skip:  NEXT I        PRINT Enter your key numbers separated by commas: 1,1  10 10 10 5 21 22 11 4 5 18 21 15 17 8 15 13 15 9 Enter your key numbers separated by commas: 1,50  17 8 15 13 15 9 10 16 12 18 6 0 15 9 23 5 11 Enter your key numbers separated by commas: 1,100  15 9 23 5 11 3 14 2 10 13 6 4 10 10 23 22 5 11 13 8 2 21 

The use of a FOR-NEXT statement to select a location in a random number sequence places a limit on the location within the sequence you can begin your encipherment process. This is because each version of BASIC and C++ has a limit on the maximum value that can be assigned to a variable. For example, the maximum value of an integer is 32,767 in QuickBASIC, while a long integer can have a value up to 2,147,483,647 in that language. You can also use single- or double-precision numeric variables to extend the maximum value allowed by the language and the number of combinations allowed in selecting a position within a random number sequence. However, the use of high numbers, whether they are integers or numerics, can result in significant user waiting periods while the computer cycles through a large number of random numbers within a particular random number seed to locate the desired position within a random number sequence. For example, the execution of the FOR-NEXT loop FOR I = 1 TO x shown at the top of Listing 6.9 could result in the user of the program waiting for several minutes if an extremely large value was entered for x and the program was executed on an old 8088-based computer.

In addition to a long waiting period, the use of a large number is difficult to remember and might restrict the use of the preceding example to a simple low value or easy-to-remember number, such as 500, 1,000, and so on. The use of a number limited to 1,000 or so still significantly extends the number of combinations resulting from the selection of a random number sequence and position within the sequence. For 1,000 positions within a sequence, the total number of combinations an unauthorized person would need to try to decipher a message would be extended to 65,536,000 since there are 65,536 different random number seeds. Even if the right combination was discovered halfway through the search sequence, this could result in over 32 million combinations being used for the attempted decipherment. For a message such as BID THIRTY TWO MILLION ON TUESDAY AT THE AUCTION, any decipherment that occurs after Tuesday may be worthless. The use of two keys that select a random number sequence and position within the sequence may provide a significant level of message protection for many users. However, recognizing the need of most users for an extra level of protection, I’ll demonstrate a few easy-to-implement techniques that can be used to obtain that desired additional level of protection.