Comments
Anura • August 20, 2015 2:32 PM
I’ve got a great mode of operation for this, it combines counter and CBC modes, giving you the best of both worlds:
Cn = E(Pn ^ n) ^ Cn-1
Jan • August 20, 2015 2:52 PM
I think the implementation of the CHIASMUS encryption in GSTOOL qualifies:
- Software officially released by the German Federal Center for IT Security
- Reasonably secure block cipher
- Almost every textbook mistake around it:
- rand() for key generation
- seeded with a 32-bit integer
- the integer being the output of time()
- ECB (it’s meant for encrypting database files, so might be exploitable)
- No sanity check on the key file (you can encrypt with any sufficiently long file, that’s probably why they didn’t notice that their 128 bit key is 104 bytes long).
- No integrity checking
Slides (including algorithm description) here.
JeffP • August 20, 2015 2:58 PM
I wonder if there’s a way to leverage VW’s “We sue you to keep this secret for two years” and Oracle’s “It’s against the user agreement to reverse engineer our code” to submit CLEARTEXT as a valid craptographic scheme.
anonymous • August 20, 2015 3:05 PM
We haven’t reached peak snail oil already?
tyr • August 20, 2015 3:24 PM
What I find most disturbing is “Spandam” Alexander was
secretly elected Emporer and I had to find it out from
a contest announcement.
The real trouble with crypto is all the smart-asses
make it look hard.
Anura • August 20, 2015 3:33 PM
Honestly, what we really need is an updated ROT13:
a’ = rotl(b,13) ^ rotl(c,26) ^ rotl(d, 7)
b’ = rotl(a,19) ^ rotl(c,13) ^ rotl(d,26)
c’ = rotl(a, 6) ^ rotl(b,19) ^ rotl(d,13)
d’ = rotl(a,25) ^ rotl(b, 6) ^ rotl(c,19)
(each word is 32 bits)
With a 128-bit block size it is completely unbreakable, unlike ROT13, and it is still significantly faster than AES. I recommend running it twice just to be sure.
rgaff • August 20, 2015 3:34 PM
@JeffP
Wouldn’t the government’s “OMG we’re going dark, all your children will DIE, we need unicorns” nonsense be enough to submit CLEARTEXT as the only legal scheme possible? Therefore it must be valid too, by law.
Funny • August 20, 2015 5:13 PM
I recommend this to the Snake Oil competition – the “Compiled Polymorphic Encryption Algorithm”.
“No Government Agency in this world can ever break TurboCrypt.”
“1024 bit Polymorphic Encryption and 4×256 bit AES”
“Trojan-Horse-proof password entry”
“Resistance to all known attacks”
https://www.turbocrypt.com/eng/content/TurboCrypt/TurboCrypt-Details.html
https://www.turbocrypt.com/eng/content/TurboCrypt/MainPage.html
https://www.turbocrypt.com/eng/content/Backround-Info/Polymorphic-Medley-Cipher.html
Nick P • August 20, 2015 6:28 PM
@ Funny
They originally had way more retarded shit back when Bruce doghoused them. Claimed to generate a custom algoritm from the key. I told them they should just cascade AES candidates for at least semi-believable bullshit that might accidentally protect their customers’ data. They listened apparently. 😉
If you want some fun, put their site into archive.org and link a copy of the old product with its algorithm per key claims. And the pathetic defense. Then cryptographers around the world can have another good laugh.
syskill • August 20, 2015 10:10 PM
- Submissions form Joan Daemen and/or Vincent Rijmen (they already master the art of snake oil, and have won enough competitions).
Not sure if that’s supposed to be a collegial jab, or if DJB really has it in for Rijmen and Daemen…?
Dan • August 21, 2015 12:06 AM
I nominate:
“Nullox Software” (nullox.com)
They used to market a password manager (with optional cloud syncing) called KPassC (still available in Softpedia and CNet) which they protect with their own proprietary “Linearistic Distance Cryptographic Algorithm”.
They say: (site is gone, but accessible at https://web.archive.org/web/20130712024403/http://kpassc.pw/security/)
Our software client takes all the complexity away from cryptographic security. The only thing we ask for in return is a cipher key which has properties which influence the mathematical formulas deployed to encrypt your data. This fundamental is uniform for all cryptographic algorithms.
By using the KPassC client, you are using a cutting edge expertly designed proprietary cryptographic algorithm with probability so so minute a mathematician with the brain power of Turing and Einstein combined would have to solve infinity^infinite times before they could tackle the resultant ciphered data. Please note that the above equation cannot practically be solved.
The cloud facility deploys additional compression and cryptographic layers which maintain backward unicode compatibility so we can offer a unique cost effective security and cloud service for credentials serving thousands of end users simultaneously.
Sadly, they seem to have abandoned this promising piece of snake oil.
Musashi • August 21, 2015 4:30 AM
A late 1990’s GeoCities webpage has come back to haunt us!
That Website is sooo painful to look at… all it’s missing is some marquee text, blink tags and liberal use of Magenta…
blake • August 21, 2015 5:26 AM
Every aspect of that page is packed with fun, I’m trying to find some way to phrase a joke about high Shannon Joke Entropy.
Though I’m mildly disappointed that there’s no reference to using DMCA takedown notices to try to suppress widespread dissemination of leaked master keys.
Dirk Praet • August 21, 2015 5:58 AM
@ Anura
With a 128-bit block size it is completely unbreakable, unlike ROT13, and it is still significantly faster than AES. I recommend running it twice just to be sure.
Nice try, but what about this ?
function encodeString($str{
for($i=0; $i<5;$i++)
{
$str=strrev(base64_encode($str)); // apply base64 first, reverse string
}
return $str;
}
function decodeString($str{
for($i=0; $i<5;$i++)
{
$str=base64_decode(strrev($str));
return $str;
}
I believe this is the sort of thing Comey is looking for.
Dirk Praet • August 21, 2015 6:20 AM
@ Anura
Aaaaargh. The site ate my code.
function encodeString($str{
for($i=0; $i less than 5; $i++)
{
$str=strrev(base64_encode($str)); // apply base64 first, reverse string
}
return $str;
}
function decodeString($str{
for($i=0; $i less than 5; $i++)
{
$str=base64_decode(strrev($str));
return $str;
}
Thoth • August 21, 2015 7:30 AM
@Anura, Dirk Praet
Maybe an S-Box filled with suspicious numbers and some modular mathematics magic would have been more than enough to subvert most of us until someone tried for years to tell us it is a backdoored algorithm.
Think DUAL_EC_DBRG when people were already screaming out loud that it is a backdoored algorithm and now the results with RSA’s BSAFE and some other libraries or hardwares.
@Funny
The folks at PMC Ciphers have been at the cutting edge of snake oil for years. It’s not even a fair competition.
My favorite part: https://www.turbocrypt.com/eng/content/Backround-Info/Polymorphic-Medley-Cipher.html
Michael Zuschlag • August 21, 2015 7:55 AM
@Anura: Updated ROT13? Heck, I’ve been making Double ROT128 freely available since 2007. It’s so secure, no one has noticed it exists.
blake • August 21, 2015 8:14 AM
Is the phrase “Security by Obscenity” a thing? It could be relevant / applicable here.
JeffP • August 21, 2015 11:28 AM
@rgaff
At the very least, I was hoping to score the extra points promised from the NSA endorsing my design.
Tatütata • August 21, 2015 1:28 PM
@syskill:
Submissions form Joan Daemen and/or Vincent Rijmen (they already master the art of snake oil, and have won enough competitions).
Not sure if that’s supposed to be a collegial jab, or if DJB really has it in for Rijmen and Daemen…?
Looking at the site and its linked content, I suspect self-deprecation or an inside joke.
Grauhut • August 21, 2015 6:09 PM
Snake-Oil is out, get Squid-Oil! 🙂
http://www.amazon.com/Amino-Acid-Botanical-DHA-500-Squid/dp/B00IEJRICW/
John Campbell • August 24, 2015 1:02 PM
All this talk about clear-text as a cryptographic scheme is entertaining… especially if you use a thesaurus for each word– into multiple languages that don’t tie together– and paraphrase any message into something that looks and feels like gibberish.
Let us not forget metaphorical references.
Remember, all language is a medium of shared experience.
Conundrum • September 11, 2015 6:58 AM
Heh, there was I thinking PIROT64 was secure.
Divide your file up into lots of small pieces, then add a number to it until each piece appears somewhere in the infinite decimal expansion of PI.
disclaimer: very processor intensive, for large files it needs hundreds of gigabytes of memory to store the PI expansion and a copy of same on the receive end.
Especially if you encrypt the number addition tables and offset with something like 4096 bit RSA, you can get 3:1 compression this way for near pseudorandom data.
Sort of a bastard child of onetime pads and security by obscurity 🙂
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Anonymous Cow • August 20, 2015 2:26 PM
Did they invite anybody from The Ministry Of Magic?