| Pages:
1
2 |
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
| Quote: | Originally posted by WizardX
One simple intelligence gathering that will drastically increase a brute force attacks is knowing how many characters in the password.
Example. Let's assume this password: cGd6uB91V4ma
In a password field box it will look like this: ************
12 characters in the password cGd6uB91V4ma
Therefore, you can narrow a brute force attack to a 12 character password, as you know the password has ONLY 12 characters. Of course, you will need
to generate ALL passwords with upper & lowercase alphabet, 0-9, symbols and hex. |
That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's
private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing
process computationally expensive.
Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys
(ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of
ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.
Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical
data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.
PGP Key and corresponding e-mail address
|
|
|
WizardX
Hazard to Self
Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline
Mood: wizardx.suddenlaunch3.com
|
|
| Quote: | Originally posted by Polverone
That's true, but for PGP/GPG and other "good" standalone cryptographic products, that sort of password guessing is possible only after the user's
private keyring is captured. Good products will also use something like an iterated hash transformation of the user's passphrase to make the guessing
process computationally expensive.
Breaking intercepted email messages without access to the private keyring requires the much harder task of trying 2^128 to 2^256 symmetric keys
(ludicrous) or breaking the asymmetric keys used to encrypt the symmetric keys (RSA, El Gamal, etc.). That's merely "staggeringly hard" instead of
ludicrous, and special purpose hardware has been proposed to break 1024 bit public keys after a runtime of one year for only a few tens of millions of dollars.
Of course these frontal attacks can all be bypassed if you have a keylogger or trojan in place on the target's computer, or can capture EMF or optical
data from the keyboard/computer/monitor, or if analysis reveals a weakness in a particular product's implementation of cryptographic techniques.
|
Yes, I concur! That's why encryption software that ONLY uses passwords to encrypt without keys or password hashes should be avoided.
Attachment: keystroke protection.pdf (763kB)
This file has been downloaded 1049 times
Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Unionized, one time pads work well, but are generally not available to the public. Last time I heard about an OTP was when a certain journalist was
apprehended in Pakistan with Soviet OTPs (during the Russian occupation of Afghanistan). He was a West German national, and working for CBS. Everyone
I knew in Washington at the time, where I was then, took this to be prima facia evidence that this fellow, Kurt Lobeck, trusted by Dan Rather and
friends, was actually a KGB or GRU agent.
So you see OTPs are not innocuous notepads. Possession of professional OTPs is regarded by intelligence professionals as strong evidence that one is
an opposition intelligence officer.
Sic gorgeamus a los subjectatus nunc.
|
|
|
MadHatter
International Hazard
Posts: 1339
Registered: 9-7-2004
Location: Maine
Member Is Offline
Mood: Enjoying retirement
|
|
PGP/OTP
Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice.
As for PGP, PGP Corporation stresses that you should never export your private key.
A long, not obvious, passphrase helps. Someone once suggested encrypting even
routine messages just to strain NSA's computers. Sounds like a plan to me.
[Edited on 2007/11/13 by MadHatter]
From opening of NCIS New Orleans - It goes a BOOM ! BOOM ! BOOM ! MUHAHAHAHAHAHAHA !
|
|
|
Antwain
Hazard to Others
Posts: 252
Registered: 21-7-2007
Location: Australia
Member Is Offline
Mood: Supersaturated
|
|
Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't
remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter.
You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt
key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to
factorise some stupidly big number.
The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
| Quote: | Originally posted by Antwain
Isn't there a really really safe encryption method based on multiplying 2 VERY large prime numbers together and using that as the key. I can't
remember how it works but the guy who was telling us this used to R&D for the American defense forces, and does not strike me as a bullshitter.
You only need the multiple to encode, but both primes to decode. apparently it is used by banks for internet transactions, where they send the encrypt
key and you do whatever, then they can decode it. Apparently it is crackable..... in like 10^ something fricking huge years, since you need to
factorise some stupidly big number.
The context of this was that if quantum computers can be made to work then it would b e crackable instantly. Ahhh... quantum cryptology.
|
It sounds like he was describing the widely used RSA public key algorithm. Common "strong" keys are 1024 bits, but you can force PGP/GPG to generate
larger keys than that if you think that the NSA has implemented TWIRL or something like it and that your messages might be under attack.
GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large
numbers -- conceptually similar to integer factorization, but not identical. I don't know if special-purpose hardware for the discrete logarithm
problem is any more or less practical than integer factorization. Note that the special purpose hardware mentioned earlier is not known to be
implemented but could be built with standard fabrication techniques (no many-qubit quantum computing breakthroughs required).
PGP Key and corresponding e-mail address
|
|
|
hinckleyforpresident
Harmless
Posts: 2
Registered: 9-10-2007
Location: Northeast USA
Member Is Offline
Mood: No Mood
|
|
| Quote: | Originally posted by Polverone
GPG (not sure about PGP) uses El Gamal, not RSA, by default. Breaking those keys requires solving the discrete logarithm problem for very large
numbers -- conceptually similar to integer factorization, but not identical. |
IIRC, PGP uses IDEA. Although you can also use AES, RC4, and RC6. I've heard that PGP version 7 and up are far less safe than the older versions due
to some back doors.
|
|
|
WizardX
Hazard to Self
Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline
Mood: wizardx.suddenlaunch3.com
|
|
Microprocessor math bugs pose security risk, warns cryptographer.
Shamir, who along with two other cryptographers developed the RSA encryption code and later founded RSA Security Inc., last week described how
attackers could take advantage of a simple math error in a microprocessor to easily undo cryptographic protections on millions of PCs simultaneously.
The original paper was meant to be "quietly circulated" among colleagues, but after The New York Times carried a story about it last Friday, the
research note was widely reported elsewhere.
Shamir's paper described a hypothetical attack in which an attacker could send a corrupt encrypted message to a computer with a flawed microprocessor
to unscramble the public-key cryptographic protections on it. All that's needed for someone to launch an attack is to know about the math flaw, he
noted in his paper.
"If some intelligence organization discovers (or secretly plants) even one [mathematical error in] a popular microprocessor, then ANY key in ANY
RSA-based security program running on ANY one of the millions of PCs that contain this microprocessor can be trivially broken with a single chosen
message," Shamir wrote. Almost all presently deployed public security schemes could become vulnerable to such an attack, he said.
http://www.computerworld.com/action/article.do?command=viewA...
[Edited on 27-11-2007 by WizardX]
Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
|
|
|
-jeffB
Hazard to Others
Posts: 185
Registered: 6-12-2007
Member Is Offline
Mood: No Mood
|
|
| Quote: | Originally posted by MadHatter
Sauron, I remember the required once a year briefings I had with one of the Federal
agencies when I held a security clearance. One point was clear to us: Any person,
holding a security clearance, who was caught with an OTP, or worse - a roll camera,
was assumed to be spying against the U.S. for a foreign intelligence sevice. |
What exactly constituted "an OTP" according to these briefings? I mean, if I've sent my buddy a cute video of my kittens, maybe "they" will do a
noise analysis careful enough to reveal whether I've encoded a message into the low bits of the signal -- but if those bits are truly
statistically-sound noise, which happens to constitute a perfectly optimal one-time pad, how are they going to catch on?
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have
identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your
baby video. Nor is it something you can cobble together yourself.
I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to
say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be
hostile OTP.
It is the possession of authentic hostile-service OTPs that is prima facia evidence of espionage activity. The other side(s) do not pass them around
willy-nilly.
Sic gorgeamus a los subjectatus nunc.
|
|
|
-jeffB
Hazard to Others
Posts: 185
Registered: 6-12-2007
Member Is Offline
Mood: No Mood
|
|
| Quote: | Originally posted by Sauron
An OTP is a One Time Pad. A cipher system for transposition, that changes from message to message (page to page.) The sender and receiver have
identical pads. This is a professional crypto tool issued to intelligence professionals or their agents. It has zero to do with noise analysis of your
baby video. Nor is it something you can cobble together yourself.
I won't bother going into the precise technucal requirements for an OTP encrypted message to be very difficult to decipher to decrypt. Suffice it to
say that even if you are an amateur cryptographer, something you put together on your own would not be mistaken by the cognizent authorities to be
hostile OTP. |
I believe you're focusing on the OTP implementations that you're familiar with. A generalized OTP is something you can cobble together
yourself. If you've made an OTP with truly random content, and no copy gets intercepted, it's truly secure -- nobody, not even the NSA, can untangle your message from it. (Rather, they can, but there's no way for them to distinguish your
message from any other message with the same length, so they can't know when they've got it.)
The precise technical requirements are very simple: the OTP must be truly random, it must be kept secret, and it must not be reused (thus
"one-time"). To keep it secret, make it unrecognizable -- thus, the quip about low-bit noise in a video. (In real life, one wouldn't transmit an OTP
over the Internet in any form, but would pass it along out-of-band.) Making it truly random does require some deeper work, but it's well
within just about anyone's capabilities.
If I'm still misunderstanding you, please clarify further. But a cryptographic OTP as standardly defined is not very technical, not very difficult to
understand or use, and is absolutely secure against cyphertext attack. The only way you lose is if They get a copy of your pad, or you don't do a
good job of generating and distilling randomness for it.
|
|
|
Jadebug
Harmless
Posts: 3
Registered: 10-12-2007
Member Is Offline
Mood: No Mood
|
|
Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....
|
|
|
DerAlte
National Hazard
Posts: 779
Registered: 14-5-2007
Location: Erehwon
Member Is Offline
Mood: Disgusted
|
|
@-jeffB
I can speak with only very modest authority. I have been tangentially involved with crypto, being mainly involved with error correction coding and
simple scrambling for randomization of data streams in digital modems. But in secure communications one does have to understand the basics.
Yes, you are right. A One Time Pad (OTP) is theoretically unbreakable for the reasons you stated. It is easy to see why. The ‘pad’ is known to
only sender and recipient. It might be a piece of paper with a series of words or it might be a known book, for example. The sender then sends a list
of, e.g., numbers which select the message by reference to the pad, e.g. line x, word y on page z would be coded xyz. Unless you know the book or
have the piece of paper you’d have to search all the world’s libraries for all the copies of all books to find the key. If paper is used, it must
be destroyed of course – hence ‘one time’.
Thus you have three components, the plain text message, the pad , and the coded (enciphered) message. If you have the coded message and the pad, you
can derive the message. If you have message and get the coded message, you have a part of the pad; or if you have the message and the pad you can
create the coded message (not that you’d care: all you really want is the plain text message). Without the pad the enciphered message is useless. It
must be destroyed too because any plain text message obtained with it reveals part of the pad.
Sauron may be correct that possession of a suspicious jumble of words or symbols is likely to cause further action against the already suspect.. The
spooks are easily spooked!
One time pads have been used since the dawn of civilization and the invention of writing. The Roman military was fond of them. A more modern variant
was tried by the British in WWII using a recorded analog sample of thermal noise multiplied with a wanted (audio) signal of the same bandwidth.
(IIRC). The recipient had a record of the same noise and could decode a message that sounded like random noise (The maths of this eludes me at present
– I can see a way to do it but not with 1940’s technology).
The OTP has severe disadvantages. First, the recipient must have a copy of the pad, and only he. As Sauron says, this makes him vulnerable. An OTP
also restricts the plain text message length to a maximum of its own length for obvious reasons. Each symbol or word cannot use the same coded symbol
more than once because this opens it up to standard crypto frequency analysis. So the pad has to be somewhat longer than the plain text if words are
repeated in it. Two messages coded with the same pad exhibit correlations, the code breaker's delight, so it can only be used once with security….To
name but a few shortcomings. For short messages, however, it is without peer, security wise.
Analog telecommunication methods are not easy and prone to error. Such as were used are simplistic, such as frequency inversion or crude frequency
hopping. Digital methods are based on two other age old methods, substitution and translation, in the form of block codes and stream codes. They use
pseudorandom sequences, which tend to exhibit patterns which can lead to decryption in the hands of the experts. For details on these and the public
key system, see the available literature on the web, for example.
Der Alte
|
|
|
Jadebug
Harmless
Posts: 3
Registered: 10-12-2007
Member Is Offline
Mood: No Mood
|
|
And I say again....
Oh... the days....when Jap was truely an anonymous proxie....The Hive was still buzzing and Hushmail actually was safe. Hmmmm.....
|
|
|
WizardX
Hazard to Self
Posts: 61
Registered: 11-8-2005
Location: wizardx.4shared.com
Member Is Offline
Mood: wizardx.suddenlaunch3.com
|
|
OTP
An Encoder/Decoder For One-Time Pads http://www.red-bean.com/otp/
OTP is an open source encryption program that uses the one-time pad algorithm to allow two parties to communicate securely, without worrying about
unauthorized people listening in. OTP compresses plaintext input to save pad, has features that assist with the bureaucracy of pad management, and
comes with built-in help. It is written in the Python programming language and requires a Python interpreter to run.
Albert Einstein - \"Great ideas often receive violent opposition from mediocre minds.\"
|
|
|
len1
National Hazard
Posts: 595
Registered: 1-3-2007
Member Is Offline
Mood: NZ 1 (goal) - Italy 1 (dive)
|
|
The RSA algorithm is based on the difficulty of inverting the coding algorithm
code = text^e (mod n)
where n is a large product of two primes. No method other than factoring n into its composite primes is known. Breaking the algorithm would require
finding a different solution to this very simply stated problem in number theory. The problem was known two centuries ago well before RSA came along.
A quantum computer - properly set up, could solve it brute force, unfortunately they are still the territory of dreams.
Sending coded messages does not necessarily need to involve sending what is overtly obvious to an extraneous observer as being such. Embed the code
in a jpg file at the noise level, you can even use the background jpg picture as a one time pad. Done properly the existance of such code is
impossible to detect.
[Edited on 12-12-2007 by len1]
|
|
|
| Pages:
1
2 |
![[*]](images/xpblue/default_icon.gif){kind=icon}
