-2

While base64 encoding does not have the intent to encrypt, it is not far fetched to think that the encoding process could be tempered with in some way as to create an encryption. Surely, I am not the first person to think of such an encryption attempt making use of base64 encoding. Therefore, I'd like to ask what kinds of base64 encryption strategies are known?

Kagaratsch
  • 131
  • 1
  • 6

4 Answers4

8

This does not make sense. There is no secret key in base64: base64 encoding and decoding are public functions that anyone can evaluate.

The only way that base64 is related to cryptography is that it is convenient to encode ciphertext from some cryptosystem, which is uniformly distributed in 8-bit strings, in a limited set of US-ASCII that will not be munged or rejected in contexts that are limited to plain text, such as XML.

Squeamish Ossifrage
  • 49,816
  • 3
  • 122
  • 230
3

The golden rule of cryptography should be : "It is not because you cannot read the text that this is encrypted". Base64 is not intended to be used in order to create ciphertext and it should not be used for that purpose.

Encryption methods always rely on a secret or artifacts that ensure that only the actors of the communication can reverse the ciphertext. If it does not, like with Base64, then it is not encryption.

Base64 is intended to encode binary as text with various advantages over other encoding schemes. Privacy is not among these advantages.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Braibant
  • 31
  • 1
0

This is taken from the Wiki entry for Base64:

base64 example

If you really intended to tamper Base64 encoding to provide encryption, it could be done at the Index level highlighted above. You would need a secret key, a key derivation function tailored to create a high entropy seed which then started off a pseudo random number generator. The generator's (6 bit) output would then be XORed with the Index to change the encoding for every character. And this technique can be reversed to decipher the encrypted message.

You see that it's all a bit of a bother. Traditionally you'd create the cipher text and then encode it. Other than cropping a typical 8 bit random sequence to 6 bits, the workload is identical though to the traditional stream cipher. Actually you need 33% extra computations, but that's neither here nor there.

You might be the first to have thought of this Base64 variant as no one seems to be aware of similar behaviour. This should work though.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Paul Uszak
  • 15,905
  • 2
  • 32
  • 83
-1

Yes, there is an interest in encrypting upstream base64: it's the economy in iterations. When we encrypt data and then encode it, we have to make at least two loops: one on the encryption of the data and the other on the encoding of the data generated. By encrypting upstream we can reduce to a loop and therefore gain significant performance.

@e-sushi: Indeed, there are not many examples except this one which uses only one loop: php_base64encrypted

There are probably other ways to do better but it proves that it is possible...

Edit: sorry, I am not very familiar with this site.

kelalaka
  • 49,797
  • 12
  • 123
  • 211
guest_posting
  • 15
  • 1