#message #encryption #passphrase #mod #minecraft #key #generate


A library for the cryptography used in the Minecraft No-Chat-Reports Mod

3 unstable releases

0.2.0 Jan 11, 2023
0.1.1 Nov 7, 2022
0.1.0 Oct 20, 2022

#1269 in Cryptography

22 downloads per month

MIT license

85 lines

No Chat Reports (NCR) Crypto

The cryptography used to generate passwords and encrypted messages exactly as the No Chat Reports Mod for Minecraft does.


use ncr_encryption::{decrypt_with_passphrase, decode_and_verify};

let passphrase = b"secret";  // Setting in NCR
// "Hello, world!" sent as a message in chat:
let ciphertext = base64::decode("q2JCS/M3yMnz+MtXDn4dd6xyqN94Dao=").unwrap();

let decrypted = decrypt_with_passphrase(&ciphertext, passphrase);
let decoded = decode_and_verify(&decrypted);

assert_eq!(decoded, Ok("#%Hello, world!"))

How it works

From reading the Source Code on Github it becomes clear how the mod does encryption:

  1. You set a passphrase like "secret" in the UI
  2. The mod uses PBKDF2WithHmacSHA1 with a hardcoded salt and 65536 iterations to make your passphrase into a hash of 16 bytes. This process takes the longest
  3. An Initialization Vector (IV) is generated from a random nonce value, and used in the encryption that follows
  4. The new hash becomes the key used for encrypting any messages you send with AES-CFB8 encryption
  5. The ciphertext that comes from this encryption is appended to the nonce that was generated, and the final message that is sent in Base64 encoding through the chat (note: "#%" is added as a prefix to the message before encrypting)

Decrypting then is very similar, just in reverse:

  1. Decode the message from Base64 into raw bytes
  2. Get the nonce from the message and generate the IV again with it
  3. Generate the hash from the secret passphrase again, and use it as the key for the AES encryption
  4. If the decrypted message starts with "#%", the rest is printed decrypted in the chat

Windows Performance

By default fastpbkdf2 doesn't compile for Windows, see here
This crate will use ring by default on Windows which is slower than fastpbkdf2, see here
If you're concerned with performance it is recommended to use the Windows Subsystem for Linux.


~95K SLoC