This is an update on another web application, a little tool that I built, and it's what I would call letter off encryption, meaning that you have a letter in the alphabet you add one to it assuming, that you are giving a numeric value to all of the letters, the 26 letters in the english Alphabet and with that you add one to letter a you got b.
So in order to encrypt a message, or password or pass phrase using this method.
Disclaimer, obviously, it's not the strongest, it would be very easy to crack, reverse engineer, if given the time and the motive.
But for applications where it just needs to be just hidden in plain sight. This would be useful for that in the real world.
This is an exercise in actually getting into the logic of coding these types of applications, but very remedial and very primitive in terms of the the actual encryption algorithm.
But in combination, the sky is the limit, because you can make a recipe of your own encryption, then as long as you don't forget the recipe, you will be able to make very difficult work for anyone else who does not know that recipe.
Every step you add to the decoding process, the more secure you're gonna feel.
So me building these tools in isolation, maybe if you only used one of them, it would only be so effective.
But if you chain it together and you even add your own style to it, you could actually make things very secure and hard to crack, encryption algorithms, and just end up with letters and numbers that mean nothing to anyone else.
But with the right recipe that you hold that uses whatever you come up with in combination with tools like what I'm building. It's just a way to save time.
I've built them in such a way that if you're confident that your local desktop or laptop computing environment is free from spy ware and malware and stalkerware, and even if it does have some penetration of those things, you might still be able to throw them off by using something like this.
If you have a message and you want it to not just be human or machine readable in its plain text form, and you don't necessarily wanna rely on a third party app that is operating in the cloud then you will be with this tool relying just purely on the logic and the code language itself, operating in your local environment and your browser.
So whatever information you give to it, it stays local to your machine. Doesn't go across the wire up into the internet, doesn't communicate and do any processing on any remote server and so yes, you sit there and you use this tool, you type a message and as you're typing, whatever number off from one to 25 is what's available in this version, which would be sufficient to basically allow you to have the minimum ability to change every number in the alphabet, to move it at least by one notch up the alphabet and then back around to the beginning.
So, if you add one to A, you get B, but if you add one to Z, you either get nothing because you did not factor for it having to loop back and start start over.
Or you do you implement some methodology, as I have in the code, to do something that would be intuitive to a person, but to a machine, you have to give explicit instruction.
I've written the code so that once your message, when you add a number to it, once, each letter, if it does go past Z, then it starts counting up again from A.
The reason that I limit it to 25, obviously there's no limit to, what that number can be, assuming you're gonna just continue to cycle through it and rotate through it, although that would be very tedious to a person.
So generally, for something like this, to make it usable for human scale use, you'd only want it to really end up possibly going past the end of the alphabet once and then landing somewhere wherever it's gonna land on that second round.
Then, interestingly, if you add 26 to it, then you end up back where you started, and you have the same exact message with no encryption at all.
So hence the ability to add 25. So there's a button to click that allows you to go from one to 25.
You confirm whichever number you want, and then you're prompted to start typing your message.
And then you are able to see your message typed out in the field on the app.
Then below that line, you see the exact place of whichever letter you typed into your main message.
Directly below it, you see the encrypted message or the encrypted letter, and you just whatever number you chose.
It gives you the instructions to count back by that number, whichever it is.
It shows you what you selected previously, and then you can manually do that.
If people are interested, I will complete the project by providing the decryption tool, where you will be able to type in or copy and paste in the encrypted text from a previous or from someone else's letter off encrypted message, then it reveals itself to you when you set the dial correctly.
This is obviously primitive and even ancient, basic, cryptography, but again, in combo with other tools...
Maybe you have you just wanna obscure something slightly and add a little bit more time and effort to being able to crack something that you already have.
And you can use this to just add, entropy, add randomness.
Alone, it's very weak, in combination it, it's potentially very strong. And if it's for something as harmless and mundane as just, doing a little bit of encryption on a Christmas shopping list or something so that it wasn't easily obtained by malicious actors, the recipients of the gifts that you wanna keep secret, it could be something very low stakes like that.
If it were more high stakes again in combination with other techniques, then it would be useful.
But the thing to be appreciative of that I'm appreciative of is the paradigm that I'm using of what's called hermetic code, or, local compute or client side Javis script, is all different ways of saying somewhat of the same thing, which is that once you download that file or open it in your browser. You can save the file, and then you can disconnect from the Internet.
You can even move that file on a thumb drive to a computer that's never been on the Internet and never will be on the Internet.
Or just use a laptop that you buy for a hundred bucks and then you put glue in all the ports and disable everything, run a Linux operating system, and either either physically or logically disable all of its communication means, from wireless to Bluetooth to USB ports to optical drives, whatever you got.
Well, before you do that, you obviously put the file on there, or you use it to run that file, and then no one will ever know what key strokes you entered into it.
If you doubt your own browser's security or your own home network security, then you would always have that option. Whereas most applications that are being built anymore, they're not backwards compatible in that way.
They all require a live connection, mainly to the Internet, to the cloud.
All kinds of person in the middle attacks can happen.
There are so many handoffs and subsystems and points of failure, that one gets patched and the another one gets hacked.
And the only way to really limit that down to zero attack surface, in terms of messages going across the wire, as it were, is to do what's called air gapping and do the operation of encoding and decoding, you need a computer to help you do that.
Those operations in a completely air-gapped computer, so that it's for your eyes only, and you have more power and more choice.
That's why I'm doing things the way I'm doing it.
It's between you and your local machine that you have the option to isolate.
This is a very primitive tool, but I'm gonna continue to just that paradigm, create tools that can be 100 % usable in an offline state.
So you save the file, don't put anything sensitive into it while you're connected to the Internet, or maybe even on that normal machine that you do your web browsing with, and save the file and then execute it in an offline environment.
Play with it offline environment, and you'll know that whatever you put into it, it's physically impossible for that to find its way back out to the Internet.
I don't need to know what anybody's doing. I don't need to collect people's information, and I don't need to have cookies in the browser that persist that can give more more attack surface and vulnerabilities in the process and legal liabilities, compliance obligations and whatnot.
So for me, it's a win win, less information from you that I'm responsible for, and less information from that you we're sending across the wire.