The best encryption ever



  • Porting some transformation routines for a major insurance company, I came across a novel encryption algorithm. I can tell it's an encryption algorithm because the comment says so:

    [code]
          *
          * Code added to decrypt emp
          *
    [/code]

    Not wanting to copy and paste all the copybooks involved to truly appreciate the intricacies of this complex and ultra-secure scheme, I'll translate the COBOL into C for you:
    [code]
    if (emp > 0)
        emp -= ENCRYPT_CONSTANT;
    [/code]
    (I love how COBOL gets people to turn that into 7 lines with 2 temporary variables, but that's COBOL's wtf, not the insurance company's)

    Bonus points if you can figure out what "emp" stands for. It's not "employee". Meanwhile, not knowing COBOL, I don't actually know what happens when emp is less than ENCRYPT_CONSTANT (which it can very easily be)

     



  • This forum does pretty good encryption too. Just put something in between CODE tags and you're all set!


  • I must've seen code like that in half the apps I've worked on. There is some serious "encraption" out there in wild.

    "Emp" must  stand for the emptiness that the coder felt inside after writing it.
     



  • @Licky Lindsay said:

    I must've seen code like that in half the
    apps I've worked on. There is some serious "encraption" out there in
    wild.

    "Emp" must  stand for the emptiness that the coder felt inside after writing it.

    I
    remember the first time I "discovered" XOR encryption and hashing by
    adding the ASCII values of an input string. And I remembered feeling
    very embarrased afterward when I learned about things like differential
    cryptanalysis and known-plaintext attacks. But having read WTF for some
    time now and having worked in IT for some years, I can appreciated that
    in retrospect that was pretty 'advanced' comapred to some encraption
    that's in the wild.

    Encraption, I like the word...

     



  • Typical example of encryption code in most apps I've seen.

     

        public static String encrypt(String s, int key){
            char[] c = s.toCharArray();
            char[] r = new char[c.length];
            char del=1;
            for(int i=0; i< c.length; i++){
                int val = (c[c.length-1-i] + (i+key));
                if (val > 126)
                {
                    val = val - 95;
                }
                r[i] = (char)val;

            }
           
            return new String(r);
        }

     

    Fortunately most apps only use this sort of thing to encrypt stuff that's really not valuable enough to bother encrypting anyway. Or for things like passwords in config files, where even the strongest encryption wouldn't help (see http://fringe.davesource.com/Fringe/Computers/Philosophy/Cathedral_Bazaar/cathedral-bazaar-8.html).



  • @Faxmachinen said:

    This forum does pretty good encryption too. Just put something in between CODE tags and you're all set!

     
    My favorite encryption, actually, is my hand writing. Nobody, except me, manages to read it. Now, let me just write my passwords in a piece of paper, take a picture on a wooden table, send it to be developed and scan it back.   



  • Your COBOL is weak! That should still only be 2 lines in COBOL

    <font face="Lucida Console" size="2">
        IF EMP > ZERO
            COMPUTE EMP = EMP - </font><font face="Lucida Console" size="2">ENCRYPT-CONSTANT.</font>

    * could also be SUBTRACT  <font face="Lucida Console" size="2">EMP FROM </font><font face="Lucida Console" size="2">ENCRYPT-CONSTANT GIVING EMP.
    </font>

     Perhaps you don't have EMP redefined properly.
     



  • @kirchhoff said:

    @Licky Lindsay said:
    I must've seen code like that in half the apps I've worked on. There is some serious "encraption" out there in wild.

     [ ... snip ... ]

    @kirchhoff said:


    Encraption, I like the word...

      If you like that, you'd probably also enjoy reading "The Journal of Craptology"!

     



  • actually they converted to and from a pic9something into a pic9something comp-3, something like that. EMP is part of a huge-ass structure (as is everything, including the temporary variables and the encrypt constant), and nobody uses COMPUTE, though I don't know why. I assume the pic9 <-> comp3 conversion and lack of compute is all done for performance reasons, as unlike most of the transformations in this file, this one was /not/ arbitrarily dropping decimal places



  • <voice character="obi-wan">Copydeck?  There's a phrase I haven't heard in a long time... A long time.</voice>



  • "pic 99999" is like a string in other languages.  "pic 99999 comp" is like an int.  "pic 99999 comp-3" is a binary-coded-decimal int.  You have to convert to a computational type to do arithmetic.  So:

        77   FOO PIC 99999.

        77   BAR PIC 99999  COMP.

        MOVE "12345" TO FOO.

        MOVE FOO TO BAR.

        ADD 3 TO BAR.

        is equivalent to (in C):

          char[6]  foo;

          int bar;

          strcpy(foo, "12345");

          sscanf("%d", &bar);

          bar += 3;

    "COMPUTE" in COBOL is like "LET" in BASIC.  Nobody uses it for the same reason.  Leaving it out doesn't make a difference and saves typing.

     



  • @newfweiler said:

    "pic 99999" is like a string in other languages.  "pic 99999 comp" is like an int.  "pic 99999 comp-3" is a binary-coded-decimal int.  You have to convert to a computational type to do arithmetic.  So:

        77   FOO PIC 99999.

        77   BAR PIC 99999  COMP.

        MOVE "12345" TO FOO.

        MOVE FOO TO BAR.

        ADD 3 TO BAR.

        is equivalent to (in C):

          char[6]  foo;

          int bar;

          strcpy(foo, "12345");

          sscanf("%d", &bar);

          bar += 3;

    "COMPUTE" in COBOL is like "LET" in BASIC.  Nobody uses it for the same reason.  Leaving it out doesn't make a difference and saves typing.

     

     

     

    With my limited knowledge of COBOL:

    PIC 99999 is an integer of length 5, so 12345

    PIC 9(5) is an integer with a length of 5 

    PIC 999.99 is a double with two decimal places and takes up 6 characters, so 123.45

    PIC 999V99 is a double with two decimal places but the decimal is assumed, so 12345 would actualy be 123.45

    I don't know much about COMP fields 

    Now, Strings are represented by PIC X

    PIC X is one character

    PIC X(9) is 9 characters

     

    I don't really know much about the language itself, just the way data is stored (COBOL CopyBooks)
     


     



  • I hope EMP stands for the ElectroMagnetic Pulse that should be applied to the companies server...



  • @RandomPoster said:

     

    With my limited knowledge of COBOL:

    PIC 99999 is an integer of length 5, so 12345

    PIC 9(5) is an integer with a length of 5 

    PIC 999.99 is a double with two decimal places and takes up 6 characters, so 123.45

    PIC 999V99 is a double with two decimal places but the decimal is assumed, so 12345 would actualy be 123.45

    I don't know much about COMP fields 

    Now, Strings are represented by PIC X

    PIC X is one character

    PIC X(9) is 9 characters

     

    I don't really know much about the language itself, just the way data is stored (COBOL CopyBooks)
     
     

    PIC [or PICTURE] 99999 is a string of length 5, with characters constrained to decimal digits, so "12345".  It represents a decimal integer.  It can be converted to a binary integer, a decimal integer, a binary fixed-point number, a decimal fixed-point number, or a binary floating-point number.  USAGE is DISPLAY by default.  USAGE DISPLAY means that it is a string of [ASCII or EBCDIC or UTF-8 or whatever] characters.

    PIC 9(5) is the same as PIC 99999.

    PIC 999.99 is a string of length 6, consisting of 3 decimal digits, a decimal point, and two decimal digits.  It represents a fixed-point decimal rational number in the range 000.00 through 999.99.  It can be converted to a binary or decimal fixed-point number or a binary floating-point number.  This format is usually used to convert from a binary or decimal number in order to print it with the decimal point.

    PIC 999V99 is a string of length 5 consisting of 5 decimal digits with an implied decimal point.  It represents a fixed-point decimal rational number in the range 000.00 through 999.99.  This format is usually used for input, to be converted to a binary or decimal number.

    PIC AAAAA is a string of length 5, with characters constrained to letters of the alphabet.  It cannot be converted to a number.

    PIC XXXXX is a string of length 5, of any characters at all.  It cannot be converted to a number.

    COMP [or USAGE COMPUTATIONAL] specifies that the data is a number stored in a form that can be used for arithmetic.  The exact representation is implementation-defined.  On the IBM 370, COMP is binary fixed-point, COMP-1 is short-precision floating point, COMP-2 is long-precision floating point, and COMP-3 is binary coded decimal fixed-point.

    Note that some of these representations are not available on all hardware and must be partially simulated in software.  COBOL requires up to 18 decimal digits of precision.  The IBM 370 has binary integer arithmetic up to 31 bits plus sign but not binary fixed-point.  Larger numbers and radix point calculations must be handled by library routines.  COMP-1 and COMP-2 are native floating-point format.  The IBM 370 has fixed-point binary coded decimal arithmetic up to 15 decimal digits; larger numbers must be handled by library routines.  Most microprocessors do not have native fixed-point binary coded decimal arithmetic.

    COMPUTE is a verb in a procedural statement, as "COMPUTE A = B + C."

    COMPUTATIONAL is a USAGE option in a data statement, as "77 FOO PICTURE IS 99999 USAGE IS COMPUTATIONAL."

     



  • @newfweiler said:

    @RandomPoster said:

     

    With my limited knowledge of COBOL:

    PIC 99999 is an integer of length 5, so 12345

    PIC 9(5) is an integer with a length of 5 

    PIC 999.99 is a double with two decimal places and takes up 6 characters, so 123.45

    PIC 999V99 is a double with two decimal places but the decimal is assumed, so 12345 would actualy be 123.45

    I don't know much about COMP fields 

    Now, Strings are represented by PIC X

    PIC X is one character

    PIC X(9) is 9 characters

     

    I don't really know much about the language itself, just the way data is stored (COBOL CopyBooks)
     
     

    PIC [or PICTURE] 99999 is a string of length 5, with characters constrained to decimal digits, so "12345".  It represents a decimal integer.  It can be converted to a binary integer, a decimal integer, a binary fixed-point number, a decimal fixed-point number, or a binary floating-point number.  USAGE is DISPLAY by default.  USAGE DISPLAY means that it is a string of [ASCII or EBCDIC or UTF-8 or whatever] characters.

    PIC 9(5) is the same as PIC 99999.

    PIC 999.99 is a string of length 6, consisting of 3 decimal digits, a decimal point, and two decimal digits.  It represents a fixed-point decimal rational number in the range 000.00 through 999.99.  It can be converted to a binary or decimal fixed-point number or a binary floating-point number.  This format is usually used to convert from a binary or decimal number in order to print it with the decimal point.

    PIC 999V99 is a string of length 5 consisting of 5 decimal digits with an implied decimal point.  It represents a fixed-point decimal rational number in the range 000.00 through 999.99.  This format is usually used for input, to be converted to a binary or decimal number.

    PIC AAAAA is a string of length 5, with characters constrained to letters of the alphabet.  It cannot be converted to a number.

    PIC XXXXX is a string of length 5, of any characters at all.  It cannot be converted to a number.

    COMP [or USAGE COMPUTATIONAL] specifies that the data is a number stored in a form that can be used for arithmetic.  The exact representation is implementation-defined.  On the IBM 370, COMP is binary fixed-point, COMP-1 is short-precision floating point, COMP-2 is long-precision floating point, and COMP-3 is binary coded decimal fixed-point.

    Note that some of these representations are not available on all hardware and must be partially simulated in software.  COBOL requires up to 18 decimal digits of precision.  The IBM 370 has binary integer arithmetic up to 31 bits plus sign but not binary fixed-point.  Larger numbers and radix point calculations must be handled by library routines.  COMP-1 and COMP-2 are native floating-point format.  The IBM 370 has fixed-point binary coded decimal arithmetic up to 15 decimal digits; larger numbers must be handled by library routines.  Most microprocessors do not have native fixed-point binary coded decimal arithmetic.

    COMPUTE is a verb in a procedural statement, as "COMPUTE A = B + C."

    COMPUTATIONAL is a USAGE option in a data statement, as "77 FOO PICTURE IS 99999 USAGE IS COMPUTATIONAL."

     

     

    1) O_o.. thanks

    2) You mean there's a LONGER way to type these things?! 



  • @skztr said:

    2) You mean there's a LONGER way to type these things?! 

    If there weren't, it wouldn't be COBOL now would it?

     


Log in to reply