Sciencemadness Discussion Board
Not logged in [Login ]
Go To Bottom

Printable Version  
 Pages:  1  2
Author: Subject: Hushmail open to Feds with court orders.
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 13-11-2007 at 17:06


Quote:
Originally posted by WizardX
One simple intelligence gathering that will drastically increase a brute force attacks is knowing how many characters in the password.

Example. Let's assume this password: cGd6uB91V4ma

In a password field box it will look like this: ************

12 characters in the password cGd6uB91V4ma

Therefore, you can narrow a brute force attack to a 12 character password, as you know the password has ONLY 12 characters. Of course, you will need to generate ALL passwords with upper & lowercase alphabet, 0-9, symbols and hex.

That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing process computationally expensive.

Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys (ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.

Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
WizardX
Hazard to Self
**




Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline

Mood: wizardx.suddenlaunch3.com

[*] posted on 13-11-2007 at 18:24


Quote:
Originally posted by Polverone

That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing process computationally expensive.

Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys (ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.

Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.


Yes, I concur! That's why encryption software that ONLY uses passwords to encrypt without keys or password hashes should be avoided.

Attachment: keystroke protection.pdf (763kB)
This file has been downloaded 1050 times





Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
View user's profile Visit user's homepage View All Posts By User
Sauron
International Hazard
*****




Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline

Mood: metastable

[*] posted on 13-11-2007 at 18:36


Unionized, one time pads work well, but are generally not available to the public. Last time I heard about an OTP was when a certain journalist was apprehended in Pakistan with Soviet OTPs (during the Russian occupation of Afghanistan). He was a West German national, and working for CBS. Everyone I knew in Washington at the time, where I was then, took this to be prima facia evidence that this fellow, Kurt Lobeck, trusted by Dan Rather and friends, was actually a KGB or GRU agent.

So you see OTPs are not innocuous notepads. Possession of professional OTPs is regarded by intelligence professionals as strong evidence that one is an opposition intelligence officer.




Sic gorgeamus a los subjectatus nunc.
View user's profile View All Posts By User
MadHatter
International Hazard
*****




Posts: 1339
Registered: 9-7-2004
Location: Maine
Member Is Offline

Mood: Enjoying retirement

[*] posted on 13-11-2007 at 19:57
PGP/OTP


Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice.

As for PGP, PGP Corporation stresses that you should never export your private key.
A long, not obvious, passphrase helps. Someone once suggested encrypting even
routine messages just to strain NSA's computers. Sounds like a plan to me.

[Edited on 2007/11/13 by MadHatter]




From opening of NCIS New Orleans - It goes a BOOM ! BOOM ! BOOM ! MUHAHAHAHAHAHAHA !
View user's profile View All Posts By User
Antwain
Hazard to Others
***




Posts: 252
Registered: 21-7-2007
Location: Australia
Member Is Offline

Mood: Supersaturated

[*] posted on 13-11-2007 at 21:16


Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter. You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to factorise some stupidly big number.

The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.
View user's profile View All Posts By User
Polverone
Now celebrating 21 years of madness
*********




Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline

Mood: Waiting for spring

[*] posted on 14-11-2007 at 11:14


Quote:
Originally posted by Antwain
Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter. You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to factorise some stupidly big number.

The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.

It sounds like he was describing the widely used RSA public key algorithm. Common "strong" keys are 1024 bits, but you can force PGP/GPG to generate larger keys than that if you think that the NSA has implemented TWIRL or something like it and that your messages might be under attack.

GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large numbers -- conceptually similar to integer factorization, but not identical. I don't know if special-purpose hardware for the discrete logarithm problem is any more or less practical than integer factorization. Note that the special purpose hardware mentioned earlier is not known to be implemented but could be built with standard fabrication techniques (no many-qubit quantum computing breakthroughs required).




PGP Key and corresponding e-mail address
View user's profile Visit user's homepage View All Posts By User
hinckleyforpresident
Harmless
*




Posts: 2
Registered: 9-10-2007
Location: Northeast USA
Member Is Offline

Mood: No Mood

[*] posted on 26-11-2007 at 09:59


Quote:
Originally posted by Polverone
GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large numbers -- conceptually similar to integer factorization, but not identical.


IIRC, PGP uses IDEA. Although you can also use AES, RC4, and RC6. I've heard that PGP version 7 and up are far less safe than the older versions due to some back doors.
View user's profile View All Posts By User
WizardX
Hazard to Self
**




Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline

Mood: wizardx.suddenlaunch3.com

[*] posted on 26-11-2007 at 17:00


Microprocessor math bugs pose security risk, warns cryptographer.

Shamir, who along with two other cryptographers developed the RSA encryption code and later founded RSA Security Inc., last week described how attackers could take advantage of a simple math error in a microprocessor to easily undo cryptographic protections on millions of PCs simultaneously. The original paper was meant to be "quietly circulated" among colleagues, but after The New York Times carried a story about it last Friday, the research note was widely reported elsewhere.

Shamir's paper described a hypothetical attack in which an attacker could send a corrupt encrypted message to a computer with a flawed microprocessor to unscramble the public-key cryptographic protections on it. All that's needed for someone to launch an attack is to know about the math flaw, he noted in his paper.

"If some intelligence organization discovers (or secretly plants) even one [mathematical error in] a popular microprocessor, then ANY key in ANY RSA-based security program running on ANY one of the millions of PCs that contain this microprocessor can be trivially broken with a single chosen message," Shamir wrote. Almost all presently deployed public security schemes could become vulnerable to such an attack, he said.

http://www.computerworld.com/action/article.do?command=viewA...

[Edited on 27-11-2007 by WizardX]




Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
View user's profile Visit user's homepage View All Posts By User
-jeffB
Hazard to Others
***




Posts: 185
Registered: 6-12-2007
Member Is Offline

Mood: No Mood

[*] posted on 8-12-2007 at 07:34


Quote:
Originally posted by MadHatter
Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice.


What exactly constituted "an OTP" according to these briefings? I mean, if I've sent my buddy a cute video of my kittens, maybe "they" will do a noise analysis careful enough to reveal whether I've encoded a message into the low bits of the signal -- but if those bits are truly statistically-sound noise, which happens to constitute a perfectly optimal one-time pad, how are they going to catch on?
View user's profile View All Posts By User
Sauron
International Hazard
*****




Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline

Mood: metastable

[*] posted on 9-12-2007 at 02:59


An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your baby video. Nor is it something you can cobble together yourself.

I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be hostile OTP.

It is the possession of authentic hostile-service OTPs that is prima facia evidence of espionage activity. The other side(s) do not pass them around willy-nilly.




Sic gorgeamus a los subjectatus nunc.
View user's profile View All Posts By User
-jeffB
Hazard to Others
***




Posts: 185
Registered: 6-12-2007
Member Is Offline

Mood: No Mood

[*] posted on 10-12-2007 at 10:00


Quote:
Originally posted by Sauron
An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your baby video. Nor is it something you can cobble together yourself.

I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be hostile OTP.


I believe you're focusing on the OTP implementations that you're familiar with. A generalized OTP is something you can cobble together yourself. If you've made an OTP with truly random content, and no copy gets intercepted, it's truly secure -- nobody, not even the NSA, can untangle your message from it. (Rather, they can, but there's no way for them to distinguish your message from any other message with the same length, so they can't know when they've got it.)

The precise technical requirements are very simple: the OTP must be truly random, it must be kept secret, and it must not be reused (thus "one-time"). To keep it secret, make it unrecognizable -- thus, the quip about low-bit noise in a video. (In real life, one wouldn't transmit an OTP over the Internet in any form, but would pass it along out-of-band.) Making it truly random does require some deeper work, but it's well within just about anyone's capabilities.

If I'm still misunderstanding you, please clarify further. But a cryptographic OTP as standardly defined is not very technical, not very difficult to understand or use, and is absolutely secure against cyphertext attack. The only way you lose is if They get a copy of your pad, or you don't do a good job of generating and distilling randomness for it.
View user's profile View All Posts By User
Jadebug
Harmless
*




Posts: 3
Registered: 10-12-2007
Member Is Offline

Mood: No Mood

[*] posted on 10-12-2007 at 19:46


Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....
View user's profile View All Posts By User
DerAlte
National Hazard
****




Posts: 779
Registered: 14-5-2007
Location: Erehwon
Member Is Offline

Mood: Disgusted

[*] posted on 10-12-2007 at 19:52


@-jeffB

I can speak with only very modest authority. I have been tangentially involved with crypto, being mainly involved with error correction coding and simple scrambling for randomization of data streams in digital modems. But in secure communications one does have to understand the basics.

Yes, you are right. A One Time Pad (OTP) is theoretically unbreakable for the reasons you stated. It is easy to see why. The ‘pad’ is known to only sender and recipient. It might be a piece of paper with a series of words or it might be a known book, for example. The sender then sends a list of, e.g., numbers which select the message by reference to the pad, e.g. line x, word y on page z would be coded xyz. Unless you know the book or have the piece of paper you’d have to search all the world’s libraries for all the copies of all books to find the key. If paper is used, it must be destroyed of course – hence ‘one time’.

Thus you have three components, the plain text message, the pad , and the coded (enciphered) message. If you have the coded message and the pad, you can derive the message. If you have message and get the coded message, you have a part of the pad; or if you have the message and the pad you can create the coded message (not that you’d care: all you really want is the plain text message). Without the pad the enciphered message is useless. It must be destroyed too because any plain text message obtained with it reveals part of the pad.

Sauron may be correct that possession of a suspicious jumble of words or symbols is likely to cause further action against the already suspect.. The spooks are easily spooked!

One time pads have been used since the dawn of civilization and the invention of writing. The Roman military was fond of them. A more modern variant was tried by the British in WWII using a recorded analog sample of thermal noise multiplied with a wanted (audio) signal of the same bandwidth. (IIRC). The recipient had a record of the same noise and could decode a message that sounded like random noise (The maths of this eludes me at present – I can see a way to do it but not with 1940’s technology).

The OTP has severe disadvantages. First, the recipient must have a copy of the pad, and only he. As Sauron says, this makes him vulnerable. An OTP also restricts the plain text message length to a maximum of its own length for obvious reasons. Each symbol or word cannot use the same coded symbol more than once because this opens it up to standard crypto frequency analysis. So the pad has to be somewhat longer than the plain text if words are repeated in it. Two messages coded with the same pad exhibit correlations, the code breaker's delight, so it can only be used once with security….To name but a few shortcomings. For short messages, however, it is without peer, security wise.

Analog telecommunication methods are not easy and prone to error. Such as were used are simplistic, such as frequency inversion or crude frequency hopping. Digital methods are based on two other age old methods, substitution and translation, in the form of block codes and stream codes. They use pseudorandom sequences, which tend to exhibit patterns which can lead to decryption in the hands of the experts. For details on these and the public key system, see the available literature on the web, for example.

Der Alte
View user's profile View All Posts By User
Jadebug
Harmless
*




Posts: 3
Registered: 10-12-2007
Member Is Offline

Mood: No Mood

[*] posted on 10-12-2007 at 19:56


And I say again....
Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....
View user's profile View All Posts By User
WizardX
Hazard to Self
**




Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline

Mood: wizardx.suddenlaunch3.com

[*] posted on 11-12-2007 at 16:31
OTP


An Encoder/Decoder For One-Time Pads http://www.red-bean.com/otp/

OTP is an open source encryption program that uses the one-time pad algorithm to allow two parties to communicate securely, without worrying about unauthorized people listening in. OTP compresses plaintext input to save pad, has features that assist with the bureaucracy of pad management, and comes with built-in help. It is written in the Python programming language and requires a Python interpreter to run.




Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
View user's profile Visit user's homepage View All Posts By User
len1
National Hazard
****




Posts: 595
Registered: 1-3-2007
Member Is Offline

Mood: NZ 1 (goal) - Italy 1 (dive)

[*] posted on 11-12-2007 at 17:38


The RSA algorithm is based on the difficulty of inverting the coding algorithm

code = text^e (mod n)

where n is a large product of two primes. No method other than factoring n into its composite primes is known. Breaking the algorithm would require finding a different solution to this very simply stated problem in number theory. The problem was known two centuries ago well before RSA came along. A quantum computer - properly set up, could solve it brute force, unfortunately they are still the territory of dreams.

Sending coded messages does not necessarily need to involve sending what is overtly obvious to an extraneous observer as being such. Embed the code in a jpg file at the noise level, you can even use the background jpg picture as a one time pad. Done properly the existance of such code is impossible to detect.

[Edited on 12-12-2007 by len1]
View user's profile View All Posts By User
 Pages:  1  2

  Go To Top