ROT500K2 Family (aka PhonoShift) — Offline Demo

PhonoShift (ROT500K2) is a keyed, format-preserving obfuscation scheme that applies polyalphabetic, class-preserving rotations driven by a PBKDF2-derived keystream. The default configuration uses 500,000 PBKDF2 iterations, from which the “500K” name originates.

V2: outputs now includes a per-message nonce (safe reuse of the same password across messages), verified modes derive their MAC key via PBKDF2 (no fast HMAC-only password oracle), and the framing/header is now stealth (no fixed nonce signature).

ROT500K2 keeps length (aside from stealth header). ROT500K2V adds verification so decrypt can return true/false.
Higher = lower chance of “false OK” with wrong password.
Tip: Encode writes to Output. Decode reads from Input. In verified modes, Decode can detect wrong parameters.

About the ROT500K2 Family

ROT500K2 is a keyed, format-preserving rotation-based obfuscation scheme. It preserves separators (space, -, ') and character classes (digits remain digits, letters remain letters), and is fully reversible with the same password + salt + PBKDF2 iterations.

While the payload transformation itself preserves length, all ROT500K2 variants now prepend a stealth frame. This frame slightly increases total output length, but is designed to look like natural, human-written text rather than a fixed cryptographic header.

ROT500K2V is the “verified” variant. In addition to the stealth frame, it embeds a keyed verification signal so decryption can return a definitive true / false result when parameters are incorrect. It automatically selects the most appropriate verification style:

Stealth framing: outputs begin with a variable, pronounceable text segment that encodes mode + nonce + padding internally. There are no fixed markers, delimiters, or repeated signatures (no ROT500K2:, no colons, no constant layout). Each encoding produces a different-looking header, even for identical inputs.