>>Perhaps this is naive, but could someone explain to me how one can hack/decrypt even a relatively simple encoding algorithm? For example - suppose my algorithm is to add 1,2,3 respectively to each character's ascii code of the string I'm encrypting. Therefore the word "secret" becomes "tgfsgw". Now other than just flat out guessing (and the clue that it's a 6 letter word), how could smeone determine that the original word was "Secret" given ONLY "tgfsqw"?
>>
>>This was a simple algorithm - but taking it a step further and coming up with a more complex algorithm, longer non-repeating key, and using passwords that aren't common words - how the heck could someone "Break" this?
>>
>>I'm trying to find a reason to justify a "heavy duty encryption software" purchase, but need to justify it via the preceding example first.
>
>With sufficient computer power and/or sufficient time, you could do a dictionary attack or brute force attack, trying different simple algorithms with common words.
>
>If you had a passphrase, instead of a word, and you used your algorithm that creates the same number of letters and spaces as the original, albeit jumbled, and you knew it was English, you could try the most common words, like "the" or "and". When you decipher those, you know the algorithm, so you get the rest. It would be a lot more difficult if you broke the words into groups of characters of equal length. This was done since ancient times as a variation of the "Caesar code" (or cypher) where you added something to each letter like in your example.
>
>Some references:
>http://www.counterpane.com/forward.html
>http://www.counterpane.com/book-practical.html
>http://www.cs.usask.ca/resources/tutorials/csconcepts/1999_1/Table_of_Contents/table_of_contents.html
>http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/142813

But isn't this just "guessing" as opposed to "decrypting" - I mean, someone can guess without having ever seen the original encrypted string. My point being that if the only way they can verify that they have decrypted a password is through successful use of that password, and a "simply" encrypted string doesn't really aid in guessing, what use is a heavy duty algorithm?