Comments

AnuraAugust 20, 2015 2:32 PM

I've got a great mode of operation for this, it combines counter and CBC modes, giving you the best of both worlds:

Cn = E(Pn ^ n) ^ Cn-1

JanAugust 20, 2015 2:52 PM

I think the implementation of the CHIASMUS encryption in GSTOOL qualifies:

  • Software officially released by the German Federal Center for IT Security
  • Reasonably secure block cipher
  • Almost every textbook mistake around it:
    • rand() for key generation
    • seeded with a 32-bit integer
    • the integer being the output of time()
    • ECB (it's meant for encrypting database files, so might be exploitable)
    • No sanity check on the key file (you can encrypt with any sufficiently long file, that's probably why they didn't notice that their 128 bit key is 104 bytes long).
    • No integrity checking

Slides (including algorithm description) here.

JeffPAugust 20, 2015 2:58 PM

I wonder if there's a way to leverage VW's "We sue you to keep this secret for two years" and Oracle's "It's against the user agreement to reverse engineer our code" to submit CLEARTEXT as a valid craptographic scheme.

tyrAugust 20, 2015 3:24 PM


What I find most disturbing is "Spandam" Alexander was
secretly elected Emporer and I had to find it out from
a contest announcement.

The real trouble with crypto is all the smart-asses
make it look hard.

AnuraAugust 20, 2015 3:33 PM

Honestly, what we really need is an updated ROT13:

a' = rotl(b,13) ^ rotl(c,26) ^ rotl(d, 7)
b' = rotl(a,19) ^ rotl(c,13) ^ rotl(d,26)
c' = rotl(a, 6) ^ rotl(b,19) ^ rotl(d,13)
d' = rotl(a,25) ^ rotl(b, 6) ^ rotl(c,19)
(each word is 32 bits)

With a 128-bit block size it is completely unbreakable, unlike ROT13, and it is still significantly faster than AES. I recommend running it twice just to be sure.

rgaffAugust 20, 2015 3:34 PM

@JeffP

Wouldn't the government's "OMG we're going dark, all your children will DIE, we need unicorns" nonsense be enough to submit CLEARTEXT as the only legal scheme possible? Therefore it must be valid too, by law.

FunnyAugust 20, 2015 5:13 PM

I recommend this to the Snake Oil competition - the "Compiled Polymorphic Encryption Algorithm".

"No Government Agency in this world can ever break TurboCrypt."
"1024 bit Polymorphic Encryption and 4x256 bit AES"
"Trojan-Horse-proof password entry"
"Resistance to all known attacks"

https://www.turbocrypt.com/eng/content/TurboCrypt/TurboCrypt-Details.html
https://www.turbocrypt.com/eng/content/TurboCrypt/MainPage.html
https://www.turbocrypt.com/eng/content/Backround-Info/Polymorphic-Medley-Cipher.html

Nick PAugust 20, 2015 6:28 PM

@ Funny

They originally had way more retarded shit back when Bruce doghoused them. Claimed to generate a custom algoritm from the key. I told them they should just cascade AES candidates for at least semi-believable bullshit that might accidentally protect their customers' data. They listened apparently. ;)

If you want some fun, put their site into archive.org and link a copy of the old product with its algorithm per key claims. And the pathetic defense. Then cryptographers around the world can have another good laugh.

syskillAugust 20, 2015 10:10 PM

  • Submissions form Joan Daemen and/or Vincent Rijmen (they already master the art of snake oil, and have won enough competitions).

Not sure if that's supposed to be a collegial jab, or if DJB really has it in for Rijmen and Daemen...?

DanAugust 21, 2015 12:06 AM

I nominate:

"Nullox Software" (nullox.com)

They used to market a password manager (with optional cloud syncing) called KPassC (still available in Softpedia and CNet) which they protect with their own proprietary "Linearistic Distance Cryptographic Algorithm".

They say: (site is gone, but accessible at https://web.archive.org/web/20130712024403/http://kpassc.pw/security/)

Our software client takes all the complexity away from cryptographic security. The only thing we ask for in return is a cipher key which has properties which influence the mathematical formulas deployed to encrypt your data. This fundamental is uniform for all cryptographic algorithms.

By using the KPassC client, you are using a cutting edge expertly designed proprietary cryptographic algorithm with probability so so minute a mathematician with the brain power of Turing and Einstein combined would have to solve infinity^infinite times before they could tackle the resultant ciphered data. Please note that the above equation cannot practically be solved.

The cloud facility deploys additional compression and cryptographic layers which maintain backward unicode compatibility so we can offer a unique cost effective security and cloud service for credentials serving thousands of end users simultaneously.

Sadly, they seem to have abandoned this promising piece of snake oil.

MusashiAugust 21, 2015 4:30 AM

A late 1990's GeoCities webpage has come back to haunt us!
That Website is sooo painful to look at... all it's missing is some marquee text, blink tags and liberal use of Magenta...

blakeAugust 21, 2015 5:26 AM

Every aspect of that page is packed with fun, I'm trying to find some way to phrase a joke about high Shannon Joke Entropy.

Though I'm mildly disappointed that there's no reference to using DMCA takedown notices to try to suppress widespread dissemination of leaked master keys.

Dirk PraetAugust 21, 2015 5:58 AM

@ Anura

With a 128-bit block size it is completely unbreakable, unlike ROT13, and it is still significantly faster than AES. I recommend running it twice just to be sure.

Nice try, but what about this ?

function encodeString($str{
for($i=0; $i {
$str=strrev(base64_encode($str)); // apply base64 first, reverse string
}
return $str;
}

function decodeString($str{
for($i=0; $i {
$str=base64_decode(strrev($str));
return $str;
}

I believe this is the sort of thing Comey is looking for.

Dirk PraetAugust 21, 2015 6:20 AM

@ Anura

Aaaaargh. The site ate my code.

function encodeString($str{
for($i=0; $i less than 5; $i++)
{
$str=strrev(base64_encode($str)); // apply base64 first, reverse string
}
return $str;
}

function decodeString($str{
for($i=0; $i less than 5; $i++)
{
$str=base64_decode(strrev($str));
return $str;
}

ThothAugust 21, 2015 7:30 AM

@Anura, Dirk Praet
Maybe an S-Box filled with suspicious numbers and some modular mathematics magic would have been more than enough to subvert most of us until someone tried for years to tell us it is a backdoored algorithm.

Think DUAL_EC_DBRG when people were already screaming out loud that it is a backdoored algorithm and now the results with RSA's BSAFE and some other libraries or hardwares.

blakeAugust 21, 2015 8:14 AM

Is the phrase "Security by Obscenity" a thing? It could be relevant / applicable here.

JeffPAugust 21, 2015 11:28 AM

@rgaff

At the very least, I was hoping to score the extra points promised from the NSA endorsing my design.

TatütataAugust 21, 2015 1:28 PM

@syskill:

Submissions form Joan Daemen and/or Vincent Rijmen (they already master the art of snake oil, and have won enough competitions).

Not sure if that's supposed to be a collegial jab, or if DJB really has it in for Rijmen and Daemen...?

Looking at the site and its linked content, I suspect self-deprecation or an inside joke.

John CampbellAugust 24, 2015 1:02 PM

All this talk about clear-text as a cryptographic scheme is entertaining... especially if you use a thesaurus for each word-- into multiple languages that don't tie together-- and paraphrase any message into something that looks and feels like gibberish.

Let us not forget metaphorical references.

Remember, all language is a medium of shared experience.

ConundrumSeptember 11, 2015 6:58 AM

Heh, there was I thinking PIROT64 was secure.
Divide your file up into lots of small pieces, then add a number to it until each piece appears somewhere in the infinite decimal expansion of PI.

disclaimer: very processor intensive, for large files it needs hundreds of gigabytes of memory to store the PI expansion and a copy of same on the receive end.
Especially if you encrypt the number addition tables and offset with something like 4096 bit RSA, you can get 3:1 compression this way for near pseudorandom data.

Sort of a bastard child of onetime pads and security by obscurity :-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.