Scrambler - electronic sealed envelope
March 5, 2012 11:02 PM Subscribe
Scrambler is a simple tool for encrypting text with interesting uses.
Instructions:
1. Enter clear text in big box you want to encrypt.
2. Enter two passwords.
3. Press scramble.
4. Copy and paste scrambled text to a file or into an email on your computer.
5. When need access, copy and paste scrambled text back to the web page and enter the two passwords and press unscramble.
Scenarios this can be useful:
A. If you want to pass secure text to someone over email but you and/or they don't want to mess around with special software. Send the scrambled text via email and voice call the password and Scrambler website URL. (Since the password can be different with each instance, it's harder to social engineer).
B. If you want to give information now, but don't want to reveal information until later. For example, you want to predict who will win the 2012 Presidential election, but don't want to reveal that prediction until after the election. Make your prediction in scrambled text now, then after November, post your password and anyone can verify. It's basically a sealed envelope with a "Do Not Open Until" message on it. This is also useful for games, such as sending hidden setup of pieces your opponent can then verify after the game.
C. Keeping text files secure on your computer in case of breaking or theft (laptop). Many people keep sensitive data in clear text files. This is a simple way to encrypt individual files without any software needed.
D. Since it requires two passwords, there may be situations where two different people need to come together to decrypt. I can't think of any examples other than unlocking nuclear weapons for launch, or espionage cells.
There may be other interesting uses. It may not be very secure (whoever runs the site can read your text; there is no https access). There may be better tools. Just saw it and thought it worthwhile for those want a simple way to deal with encryption or create new ways of communicating (the sealed envelope).
Instructions:
1. Enter clear text in big box you want to encrypt.
2. Enter two passwords.
3. Press scramble.
4. Copy and paste scrambled text to a file or into an email on your computer.
5. When need access, copy and paste scrambled text back to the web page and enter the two passwords and press unscramble.
Scenarios this can be useful:
A. If you want to pass secure text to someone over email but you and/or they don't want to mess around with special software. Send the scrambled text via email and voice call the password and Scrambler website URL. (Since the password can be different with each instance, it's harder to social engineer).
B. If you want to give information now, but don't want to reveal information until later. For example, you want to predict who will win the 2012 Presidential election, but don't want to reveal that prediction until after the election. Make your prediction in scrambled text now, then after November, post your password and anyone can verify. It's basically a sealed envelope with a "Do Not Open Until" message on it. This is also useful for games, such as sending hidden setup of pieces your opponent can then verify after the game.
C. Keeping text files secure on your computer in case of breaking or theft (laptop). Many people keep sensitive data in clear text files. This is a simple way to encrypt individual files without any software needed.
D. Since it requires two passwords, there may be situations where two different people need to come together to decrypt. I can't think of any examples other than unlocking nuclear weapons for launch, or espionage cells.
There may be other interesting uses. It may not be very secure (whoever runs the site can read your text; there is no https access). There may be better tools. Just saw it and thought it worthwhile for those want a simple way to deal with encryption or create new ways of communicating (the sealed envelope).
This post was deleted for the following reason: -START-SL6H0PRL/KQ4L%2C@%251a04PYL%2C@OS7H6S8--END-- -- taz
A Vigenere cipher? That was considered secure in the 16th century. This is only slightly more secure than a cracker jacks decoder ring.
posted by ryanrs at 11:23 PM on March 5, 2012 [7 favorites]
posted by ryanrs at 11:23 PM on March 5, 2012 [7 favorites]
In fact, this is so bad the post should probably be deleted.
posted by ryanrs at 11:24 PM on March 5, 2012
posted by ryanrs at 11:24 PM on March 5, 2012
Take it easy, Agent Codebreaker.
posted by Blazecock Pileon at 11:28 PM on March 5, 2012 [9 favorites]
posted by Blazecock Pileon at 11:28 PM on March 5, 2012 [9 favorites]
i like cracker jack decoder rings.
posted by readyfreddy at 11:28 PM on March 5, 2012 [4 favorites]
posted by readyfreddy at 11:28 PM on March 5, 2012 [4 favorites]
Could one send an email along with the password and then have the receiving party decode it using said password so that Google would be unable to robotically read said email?
posted by sendai sleep master at 11:29 PM on March 5, 2012 [1 favorite]
posted by sendai sleep master at 11:29 PM on March 5, 2012 [1 favorite]
I use the word robotically because there is some illogical, paranoid part of my mind that pictures an army of magical gnomes that Google pays to individually read emails.
Like Big Brother's Oompah Loompahs.......
posted by sendai sleep master at 11:30 PM on March 5, 2012
Like Big Brother's Oompah Loompahs.......
posted by sendai sleep master at 11:30 PM on March 5, 2012
Wait, Ovaltine is running for president?
posted by klangklangston at 11:33 PM on March 5, 2012 [8 favorites]
posted by klangklangston at 11:33 PM on March 5, 2012 [8 favorites]
This looks awful - a quick glance at the Javascript does not inspire confidence. Also, the 2 password gimmick just concatenates the two passwords together so they need to be in the correct order (it doesn't even sort them alphabetically or XOR them together). You could just use one password and give half to the other person.
Kind of a nice idea, but very weak execution.
posted by AndrewStephens at 11:37 PM on March 5, 2012 [1 favorite]
Kind of a nice idea, but very weak execution.
posted by AndrewStephens at 11:37 PM on March 5, 2012 [1 favorite]
Could one send an email along with the password and then have the receiving party decode it using said password so that Google would be unable to robotically read said email?
Sure, but after a while all of your google search results will be nothing but IWPIAGM21 vendors and uDTMOYOJH service resellers.
posted by ceribus peribus at 11:38 PM on March 5, 2012 [5 favorites]
Sure, but after a while all of your google search results will be nothing but IWPIAGM21 vendors and uDTMOYOJH service resellers.
posted by ceribus peribus at 11:38 PM on March 5, 2012 [5 favorites]
This is only slightly more secure than a cracker jacks decoder ring.
Hmm, maybe what we need is a demonstration. Anybody want to take a crack at cracking this?
First one to decode it gets lots of Mefi Favorites, and bonus points if you can tell us the passwords.
-START-%25Z2YF/KZN3bL.PKHAO@/GZY1P2K/%2CkYHE2@/GH%25VAILVZdJ/lQJ%25XLaZAILIWadN.3@/GM7Y3XK/%2Ca6*nB1OYZJ/BS8UY46LA3@/p*M+LFN+S0f*nBWH8P7UAIu*+NWVANNPaLX*DG2U.PKp%2CMNY84J/kFN+F9X*nBMLTPWH3UY*+NcVkD/%25XLJ/B4bVUabPGTXUF/K%25SQd*+NUS@AB+1L6*DGVYJMM+x1NH8LX*DGZXZX48kBg*Ge*V6FN+00J/lL%25LF/KLYWVNJ%25J/lTW*I+U*DG0YJXc*nBLPaP4*DGgHWMMgkD/%25UZcPYWK/%2Ci0LGSNYF/K%25SQd*+N6HGTXUF/t*DG8Y.PKHA8@/GUU%25T37*+NbVkD/J3UWLTaZK.PKHAO@/GZ7*DGYLI4WHGPM*IgJ/BSVU.PKSBYP*I+YUO9bL6MM+gP@/GHaLAILTJfJ/lZW*I+U*DG0YJXc*nBKH8%254LaV2LQ%25J/lZO*I+cOL8K/%2CiUYPAB+BLJ/BXV1JMM+xZVLF/K%25ZFN+I0XPxL1LF/KHAILWTdcPBY@/GVZ*DGdOFfJ/lQRL0KJ/kFN+FeJ/lL@/GM1UL0K/%2CdYZGTWNF/KWWQXL.PKMB1@/G%250V2UK/%2Ci0VkD/OUYY*DG0H%250J/l3QLYYJ/B021JeJ/l3QH8*M+3XV%25.PKUv3RV2*M+XY0OYMM+@T3Lh*M+q8K/%2C4b*nBJS8V%25L3XZY.PKM%2C31P2NJ/BQ7K.PKWEZYL6*M+3XV%25.PK2zAB+7O70WTK/%2C%257*nB1OYZl*BnK+cvd%25kDi*I+1UAILH.PKSv1PL6*M+2U7ZJMMgkD/2U*M+NQ7*+N6VGAB+TLXPNQdL.PK6NAB+bLJ/BSVU.PKUB3@/GJ7U2UXYFfY*nB86F/K2PFN+HX6*nBWV8*M+SQ5STiJ/la8*I+cOT7K/%2C2aVHYM8F/KxSUK/%2CYaHIP@/GTYUAIu*+N4PITWNF/KHYTK/%2C%25YHyABgF/K2S3K/%2CecYHRPSUKJ/BXZYJMMgkD/OQ1Y*DGXVSeYJEL1LT*M+T8K/eMM+-L%25*I+UIZaZ*+N70EAB+4V7YAILWTiYYkD/%253*M+LTY*+N7YkD/KU%25aHN8m*+NCOzAB+bVaSOFN+044SkD/SY%25cSPFN+SacLkDi*I+6V1FN+Qa6NkD/YUTYTMUb*+NfOv3@/G2Y*DGcH2MM+.P%25LF/t*DGW0YMM+%2C3@/GJUUAILUJhYYkD/M3Y%25L3FN+03U%25kD/%25XLh*DGYPIMM+.P%25Lh*M+q8K/%2C4b*nBOV6*M+47K/%2Cf0LkD/SY11URFNg.PKYv3QL6*MgAIL%25TMM+wP@/GKYKTSV%25J%25J/lSNYU*M+33K/%2Cf0LkD/02M1UT71LIMM+JZ%25RF/K2SYXO.PK%25.P6*I+fOZFN+KadN.3@/GOYYPFN+MXeLkD/%25X0b*DG%25HWMM+FZ@/GU7IWdK/%2CXX1vYLLT8J/Bvd*+N1ZkD/YQ%250L1FN+Kaa*nB2ZF/K%25ZFN+G0J/lSNYU*M+OUYPHXcLyAB+8VJ/B81L.PKNEPJ%25F/K%25L74*+NaL/LRUYU%25*DGWLKaaLkD/07*M+afK/%2Cf0HGAB+VY7TAIL%25M0bLkD/O3U7YPTK/%2C%25YHyAB+bLJ/B8VRJMM+%2CYLYUHbLOFN+I0eVGTXUF/K%25ZFN+Y3U%25kD/JQ0bLAILMTdJ/l6QPSOJ/B81L2MM+_L3LF/K%25SUK/%2C7UZGAB+V04SAILTJXb0EP@/GVZ*DGYL%25acPBY@/G6j*DGdOFfJ/l6N*I+0L1UK/%2C31N.W6*I+aL2351JMM+GSJ%25F/K%25SUcL.PKKzLM*I+bOL05*+N6VGAB+XHeLAILKN0X*nBRUF/K1LY7*+Nj6kD/%25XHc*DGdONeJ/lYJ%25YV6*DpK/%2Cg6Kz1@/Gk7KAIu*+NbOvWU*I+0H5UK/%2CXJ/lYN2F/KIT6dO.PKV-AB+VYYLO36*+Nj6kD/H2KJ/B81HYMM+_Z3L6U5LY8K/%2CaZ*nB1OU*M+%25U8WQ0J/XAB+R4J/B81L.PKWzZYSU*MgAILMTdJ/l3QLF/KWP39SJMMgkD/ZXH4SAILUTfJ/l%25NYYZ0*DG%25YT8J/l3QLF/KLL6dO6--END--
posted by flug at 11:42 PM on March 5, 2012 [4 favorites]
Hmm, maybe what we need is a demonstration. Anybody want to take a crack at cracking this?
First one to decode it gets lots of Mefi Favorites, and bonus points if you can tell us the passwords.
-START-%25Z2YF/KZN3bL.PKHAO@/GZY1P2K/%2CkYHE2@/GH%25VAILVZdJ/lQJ%25XLaZAILIWadN.3@/GM7Y3XK/%2Ca6*nB1OYZJ/BS8UY46LA3@/p*M+LFN+S0f*nBWH8P7UAIu*+NWVANNPaLX*DG2U.PKp%2CMNY84J/kFN+F9X*nBMLTPWH3UY*+NcVkD/%25XLJ/B4bVUabPGTXUF/K%25SQd*+NUS@AB+1L6*DGVYJMM+x1NH8LX*DGZXZX48kBg*Ge*V6FN+00J/lL%25LF/KLYWVNJ%25J/lTW*I+U*DG0YJXc*nBLPaP4*DGgHWMMgkD/%25UZcPYWK/%2Ci0LGSNYF/K%25SQd*+N6HGTXUF/t*DG8Y.PKHA8@/GUU%25T37*+NbVkD/J3UWLTaZK.PKHAO@/GZ7*DGYLI4WHGPM*IgJ/BSVU.PKSBYP*I+YUO9bL6MM+gP@/GHaLAILTJfJ/lZW*I+U*DG0YJXc*nBKH8%254LaV2LQ%25J/lZO*I+cOL8K/%2CiUYPAB+BLJ/BXV1JMM+xZVLF/K%25ZFN+I0XPxL1LF/KHAILWTdcPBY@/GVZ*DGdOFfJ/lQRL0KJ/kFN+FeJ/lL@/GM1UL0K/%2CdYZGTWNF/KWWQXL.PKMB1@/G%250V2UK/%2Ci0VkD/OUYY*DG0H%250J/l3QLYYJ/B021JeJ/l3QH8*M+3XV%25.PKUv3RV2*M+XY0OYMM+@T3Lh*M+q8K/%2C4b*nBJS8V%25L3XZY.PKM%2C31P2NJ/BQ7K.PKWEZYL6*M+3XV%25.PK2zAB+7O70WTK/%2C%257*nB1OYZl*BnK+cvd%25kDi*I+1UAILH.PKSv1PL6*M+2U7ZJMMgkD/2U*M+NQ7*+N6VGAB+TLXPNQdL.PK6NAB+bLJ/BSVU.PKUB3@/GJ7U2UXYFfY*nB86F/K2PFN+HX6*nBWV8*M+SQ5STiJ/la8*I+cOT7K/%2C2aVHYM8F/KxSUK/%2CYaHIP@/GTYUAIu*+N4PITWNF/KHYTK/%2C%25YHyABgF/K2S3K/%2CecYHRPSUKJ/BXZYJMMgkD/OQ1Y*DGXVSeYJEL1LT*M+T8K/eMM+-L%25*I+UIZaZ*+N70EAB+4V7YAILWTiYYkD/%253*M+LTY*+N7YkD/KU%25aHN8m*+NCOzAB+bVaSOFN+044SkD/SY%25cSPFN+SacLkDi*I+6V1FN+Qa6NkD/YUTYTMUb*+NfOv3@/G2Y*DGcH2MM+.P%25LF/t*DGW0YMM+%2C3@/GJUUAILUJhYYkD/M3Y%25L3FN+03U%25kD/%25XLh*DGYPIMM+.P%25Lh*M+q8K/%2C4b*nBOV6*M+47K/%2Cf0LkD/SY11URFNg.PKYv3QL6*MgAIL%25TMM+wP@/GKYKTSV%25J%25J/lSNYU*M+33K/%2Cf0LkD/02M1UT71LIMM+JZ%25RF/K2SYXO.PK%25.P6*I+fOZFN+KadN.3@/GOYYPFN+MXeLkD/%25X0b*DG%25HWMM+FZ@/GU7IWdK/%2CXX1vYLLT8J/Bvd*+N1ZkD/YQ%250L1FN+Kaa*nB2ZF/K%25ZFN+G0J/lSNYU*M+OUYPHXcLyAB+8VJ/B81L.PKNEPJ%25F/K%25L74*+NaL/LRUYU%25*DGWLKaaLkD/07*M+afK/%2Cf0HGAB+VY7TAIL%25M0bLkD/O3U7YPTK/%2C%25YHyAB+bLJ/B8VRJMM+%2CYLYUHbLOFN+I0eVGTXUF/K%25ZFN+Y3U%25kD/JQ0bLAILMTdJ/l6QPSOJ/B81L2MM+_L3LF/K%25SUK/%2C7UZGAB+V04SAILTJXb0EP@/GVZ*DGYL%25acPBY@/G6j*DGdOFfJ/l6N*I+0L1UK/%2C31N.W6*I+aL2351JMM+GSJ%25F/K%25SUcL.PKKzLM*I+bOL05*+N6VGAB+XHeLAILKN0X*nBRUF/K1LY7*+Nj6kD/%25XHc*DGdONeJ/lYJ%25YV6*DpK/%2Cg6Kz1@/Gk7KAIu*+NbOvWU*I+0H5UK/%2CXJ/lYN2F/KIT6dO.PKV-AB+VYYLO36*+Nj6kD/H2KJ/B81HYMM+_Z3L6U5LY8K/%2CaZ*nB1OU*M+%25U8WQ0J/XAB+R4J/B81L.PKWzZYSU*MgAILMTdJ/l3QLF/KWP39SJMMgkD/ZXH4SAILUTfJ/l%25NYYZ0*DG%25YT8J/l3QLF/KLL6dO6--END--
posted by flug at 11:42 PM on March 5, 2012 [4 favorites]
D. Since it requires two passwords, there may be situations where two different people need to come together to decrypt. I can't think of any examples other than unlocking nuclear weapons for launch, or espionage cells.
In fact, split knowledge of encryption keys is a rather standard way of dealing with the potential for leaked or stolen key material...for organizations where they don't actually want people to be able to decrypt stuff (say, PINs).
Still, probably not something the average user of crypto software needs to worry about.
posted by timfinnie at 11:43 PM on March 5, 2012
In fact, split knowledge of encryption keys is a rather standard way of dealing with the potential for leaked or stolen key material...for organizations where they don't actually want people to be able to decrypt stuff (say, PINs).
Still, probably not something the average user of crypto software needs to worry about.
posted by timfinnie at 11:43 PM on March 5, 2012
Still, probably not something the average user of crypto software needs to worry about.
This was a common belief before the Ovaltine Presidency and the Malt Riots.
posted by sebastienbailard at 12:01 AM on March 6, 2012 [1 favorite]
This was a common belief before the Ovaltine Presidency and the Malt Riots.
posted by sebastienbailard at 12:01 AM on March 6, 2012 [1 favorite]
flug, your passwords are "Vigenere" and "insecure".
posted by teraflop at 12:28 AM on March 6, 2012 [22 favorites]
posted by teraflop at 12:28 AM on March 6, 2012 [22 favorites]
-START-I%25NV--END--
A scrambled breakfast food.
posted by twoleftfeet at 12:31 AM on March 6, 2012 [1 favorite]
A scrambled breakfast food.
posted by twoleftfeet at 12:31 AM on March 6, 2012 [1 favorite]
Tripod still exists?
posted by pompomtom at 12:36 AM on March 6, 2012 [2 favorites]
posted by pompomtom at 12:36 AM on March 6, 2012 [2 favorites]
Oh, and I won't spoil stbalbach's prediction by giving it in plaintext, but for anyone who's really curious you should be able to guess the password without too much trouble. (10 letters, all lowercase)
posted by teraflop at 12:40 AM on March 6, 2012
posted by teraflop at 12:40 AM on March 6, 2012
Four score and seven years ago... (Flug's text).
posted by lollusc at 12:53 AM on March 6, 2012 [2 favorites]
posted by lollusc at 12:53 AM on March 6, 2012 [2 favorites]
Four score and seven years ago... (Flug's text).
posted by lollusc at 12:53 AM on 3/6
[+] [!]
Wait, really? Was it really that 'easy?'
posted by From Bklyn at 1:47 AM on March 6, 2012
posted by lollusc at 12:53 AM on 3/6
[+] [!]
Wait, really? Was it really that 'easy?'
posted by From Bklyn at 1:47 AM on March 6, 2012
My "decoder ring" comment wasn't a joke.
posted by ryanrs at 2:01 AM on March 6, 2012 [2 favorites]
posted by ryanrs at 2:01 AM on March 6, 2012 [2 favorites]
btw if you're looking for secure end to end cloud message storage take a look at criptiki (or cryptiki?)
or roll your own in javascript and an hour of time
posted by 3mendo at 2:01 AM on March 6, 2012 [1 favorite]
or roll your own in javascript and an hour of time
posted by 3mendo at 2:01 AM on March 6, 2012 [1 favorite]
"Rolling your own crypto" is a huge mistake. Don't make up your own algorithm, don't make your own implementation of a standard algorithm. Good crypto is pretty hard to get right, you know.
posted by ryanrs at 2:06 AM on March 6, 2012 [11 favorites]
posted by ryanrs at 2:06 AM on March 6, 2012 [11 favorites]
Everything ryanrs said in this thread is very very accurate. This should be deleted.
If you want secure email, use email client certificates.
posted by CautionToTheWind at 4:31 AM on March 6, 2012 [1 favorite]
If you want secure email, use email client certificates.
posted by CautionToTheWind at 4:31 AM on March 6, 2012 [1 favorite]
Crypto misinformation. Patently false statements. Bad post.
posted by bfranklin at 5:41 AM on March 6, 2012
posted by bfranklin at 5:41 AM on March 6, 2012
Here's a small example of how insecure this is:
Even if you enter a partial password, such as "Vigenere" and "insecur" instead of "Vigenere" and "insecure", you get:
Four score uñU9frr9id4J_D65wT2XapfQbg8fT80Hacgqave3dZZB-+gPxP256nrza0mV.-RJSvdiec4P8OjpyreRxYU+%hL1scZllBNJ0gX.klan7O%Sgcori@Zdj27weY5dHQ1gtmlwZE870W,mR
,4hZ9.l8xerN0cxaG8NgCaa2Wysojvrib6d/40dkl6/WS2nnMRoXter%U9kiZfhLGHc8.5qN65jcssip
Now we (more garbage)
This is child's play.
posted by double block and bleed at 5:43 AM on March 6, 2012
Even if you enter a partial password, such as "Vigenere" and "insecur" instead of "Vigenere" and "insecure", you get:
Four score uñU9frr9id4J_D65wT2XapfQbg8fT80Hacgqave3dZZB-+gPxP256nrza0mV.-RJSvdiec4P8OjpyreRxYU+%hL1scZllBNJ0gX.klan7O%Sgcori@Zdj27weY5dHQ1gtmlwZE870W,mR
,4hZ9.l8xerN0cxaG8NgCaa2Wysojvrib6d/40dkl6/WS2nnMRoXter%U9kiZfhLGHc8.5qN65jcssip
Now we (more garbage)
This is child's play.
posted by double block and bleed at 5:43 AM on March 6, 2012
Encryption, you say? And you found this wonderous thing on the internet?
posted by indubitable at 5:44 AM on March 6, 2012 [1 favorite]
posted by indubitable at 5:44 AM on March 6, 2012 [1 favorite]
Are we certain that this isn't some how related to tumblr?
Fuck tumblr.
posted by Fizz at 6:26 AM on March 6, 2012
Fuck tumblr.
posted by Fizz at 6:26 AM on March 6, 2012
This is trivially awful.
sdfssdfsdfsdfsdf
becomes
-START-M@BNM//M@BN+BM+A--END--
Yes, please, someone should delete this post.
posted by effugas at 6:29 AM on March 6, 2012
sdfssdfsdfsdfsdf
becomes
-START-M@BNM//M@BN+BM+A--END--
Yes, please, someone should delete this post.
posted by effugas at 6:29 AM on March 6, 2012
I'm betting someone didn't choreograph their interpretive dance explaining side channel attacks.
posted by Kid Charlemagne at 6:34 AM on March 6, 2012
posted by Kid Charlemagne at 6:34 AM on March 6, 2012
« Older We're gonna be like three little Fonzies here. | Dogs (1976) Newer »
This thread has been archived and is closed to new comments
-START--IWPIAGM21%25SL%2C@6W8*MFP8-ABGM@ME/ME5AGMHJH+6DZRSL/KyHcJQYfL/K*VL%2C@2O3KJH+DWM%25V%25UJH+uDTMOYOJH+9Q+DE+HaROL%2C@HDOgJH+O_/Df--END--
posted by stbalbach at 11:03 PM on March 5, 2012 [1 favorite]