cryptography Archives - Page 45 of 55

Entries Tagged "cryptography"

Page 45 of 55

Directed Acyclic Graphs for Crypto Algorithms

Maybe this on directed acyclic graphs is a bit too geeky for the blog, but I think it’s interesting.

The idea of drawing cipher DAGs certainly isn’t new; DAGs are common in cryptographic research and even more common in cryptographic education. What’s new here is the level of automation, minimizing the amount of cipherspecific effort required to build a DAG from a cipher (starting from a typical reference implementation in C or C++) and to visualize the DAG.

My tools are only prototypes at this point. I’m planning to put a cipherdag package online, but I haven’t done so yet, and I certainly can’t claim that the tools have saved time in cryptanalysis. But I think that the tools will save time in cryptanalysis, automating several tedious tasks that today are normally done by hand.

Posted on October 10, 2007 at 2:59 PM • View Comments

Mathematicians vs. Cryptographers

Neal Koblitz publishes what is, honestly, a rant about the cryptography field. The interesting part to me is when he talks about the uneasy relationship between mathematicians and cryptographers. Cryptographers, he says, toss the term “provable security” around much too often, publish inconsequential papers far too often, and are generally sloppy about their research.

I can’t say I disagree with any of that. Cryptographers come either from mathematics or computer science. The former—like Koblitz—are far more rigorous than the latter, but the latter tend to come up with much more practical systems.

EDITED TO ADD (9/28): Rebuttals by Oded Goldreich, Hugo Krawczyk, Jonathan Katz, Luca Trevisan, and Boaz Barak.

EDITED TO ADD (10/6): Kevin McCurley comments.

Posted on September 27, 2007 at 3:38 PM • View Comments

NASA Using 1960s Cryptanalysis Techniques

Well, sort of.

This paper from the Goddard Space Center, “NiCd Space Battery Test Data Analysis Project, Phase 2 Quarterly Report, 1 Jan. – 30 Apr. 1967,” uses “cryptanalytic techniques”—some sort of tri-gram frequency analysis, I think—to ferret out hidden clues about battery failures.

It’s hard to imagine non-NSA cryptography in the U.S. from the 1960s. Basically, it was all alphabetic stuff. Even rotor machines were highly classified, and absolutely nothing was being done in binary.

Posted on September 27, 2007 at 6:14 AM • View Comments

Idiotic Cryptography Reporting

Oh, this is funny:

A team of researchers and engineers at a UK division of Franco-German aerospace giant EADS has developed what it believes is the world’s first hacker-proof encryption technology for the internet.

[…]

Gordon Duncan, the division’s government and commercial sales manager, said he was convinced that sensitive data could now be sent across the world without fear of it being spied on by hackers. “All the computer technology in the world cannot break it,” he said yesterday.

At the heart of the system is the lightning speed with which the “keys” needed to enter the computer systems can be scrambled and re-formatted. Just when a hacker thinks he or she has broken the code, the code changes. “There is nothing to compare with it,” said Mr Duncan.

EADS is in talks with the Pentagon about supplying the US military with the system, although some American defence companies are also working on what they believe will be fool-proof encryption systems.

Snake oil, absolute snake oil.

EDITED TO ADD (9/26): Steve Bellovin, who knows what he’s talking about, writes:

Actually, it’s not snake oil, it’s very solid—till it got to Marketing. The folks at EADS built a high-assurance, Type I (or the British equivalent) IP encryptor—a HAIPE, in NSA-speak. Their enemy isn’t “hackers”, it’s the PLA and the KGB++. See this and this.

Of course, Marketing did get hold of it.

David Lacey makes the same point here.

Posted on September 24, 2007 at 1:58 PM • View Comments

KeeLoq Broken

There’s been a lot of hype, but finally there’s a good article about the cryptanalysis of the KeeLoq electronic car-door entry system.

Presentation here.

Posted on September 13, 2007 at 2:10 PM • View Comments

1624 Cryptography Book Up for Auction

Lot 1102

Rare 17th Century work on Cryptography

Title: Cryptomenytices et cryptographiae libri IX. In quibus & planissima Steganographiae à Johanne Trithemio, abbate Spanheymensi & Herbipolensi, admirandi ingenij viro, magicè & aenigmaticè olim conscriptae, enodatio traditur. Inspersis ubiquè authoris ac aliorum, non contemnendis inventis…

Author: Selenus, Gustavus [pseud. of August, Duke of Braunschweig-Luneburg]

Auction on September 13. Estimated price $5,000-$8,000.

EDITED TO ADD (9/13): A partial English translation.

Posted on September 11, 2007 at 12:21 PM • View Comments

Florida E-Voting Study

Florida just recently released another study of the Diebold voting
machines. They—and it was real security researchers like the California study, and not posers—studied v4.6.5 of the Diebold TSx and v1.96.8 of the Diebold Optical Scan. (California studied older versions (v4.6.4 of the TSx and v1.96.6 of the Optical Scan).

The most interesting issues are (1) Diebold’s apparent “find- then-patch” approach to computer security, and (2) Diebold’s lousy use of cryptography.

Among the findings:

Section 3.5. They use RSA signatures, apparently to address previously documented flaws in the literature. But their signature verification step has a problem. It computes H = signature**3 mod N, and then compares _only 160 bits of H_ with the SHA1 hash of a message. This is a natural way to implement RSA signatures if you just read a security textbook. But this approach is also insecure—the report demonstrates how to create a 250-line Java program to forge RSA signatures over (basically) arbitrary messages of their choosing.
Section 3.10.3. The original Hopkins report talked about the lack of crypto for network (or dialup) communications between a TSX voting machine and the back-end GEMs server. Apparently, Diebold tried to use SSL to fix the problem. The RABA report analyzed Diebold’s SSL usage and found a security problem. Diebold then tried to patch their SSL implementation. This new report looks at the patched version, and finds that it is still vulnerable to a man-in-the-middle attack.
Section 3.7.1.1. Key management. Avi Rubin has already summarized some of the highlights.

This is arguably worse than having a fixed static key in all of the machines. Because with knowledge of the machine’s serial number, anyone can calculate all of the secret keys. Whereas before, someone would have needed access to the source code or the binary in the machine.

Other attacks mentioned in the report include swapping two candidate vote counters and many other vote switching attacks. The supervisor PIN is protected with weak cryptography, and once again Diebold has shown that they do not have even a basic understanding of how to apply cryptographic mechanisms.

Avi Rubin has a nice overall summary, too:

So, Diebold is doing some things better than they did before when they had absolutely no security, but they have yet to do them right. Anyone taking any of our cryptography classes at Johns Hopkins, for example, would do a better job applying cryptography. If you read the SAIT report, this theme repeats throughout.

Right. These are classic examples of problems that can arise if (1) you “roll your own” crypto and/or (2) employ “find and patch” rather than a principled approach to security.

It all makes me wonder what new problems will arise from future security patches.

The good news is that Florida has decided not to certify the TSX at this time. They may try to certify a revised version of the OS (optical scan) system.

Posted on August 6, 2007 at 6:34 AM • View Comments

Enigma Machine for Sale on eBay

A World War II German Enigma machine (three-rotor version) is for sale on eBay right now. At this writing, there have been about 60 bids, and the current price is $20K. This is below the reserve price, which means that the machine won’t sell until it reaches that (secret) price.

It’s expensive, but probably worth it. The Enigma looks like it’s in perfect condition—the seller claims “full working condition with extra lamps”—and includes the manual. All five rotors are included: three in the machine and the other two in a box. The three-rotor version is the most common, but it’s still very rare.

Of course I’d like it for myself—I have a three-rotor Enigma, but it’s missing all its rotors and some of its lamps—but not at that price.

And we can’t see who’s bidding, either. Recently eBay made a change in how it displays auction bids: it hides bidder identities when the auction price gets high. This is to combat “second chance fraud,” where a fraudster contacts a buyer who lost an auction and offers him the same article at the slightly lower losing price, then disappears after receiving payment.

The auction closes in eight days. Good luck.

EDITED TO ADD (7/19): The listing as been pulled; eBay doesn’t say why. The price was $25K after 64 bids when I last saw it; the price was still below the reserve.

EDITED TO ADD (7/20): It’s been relisted. The seller says that the other auction was taking down because of a “problem with pictures” (odd, because the new pictures don’t seem different), and that the reserve price of $28K was met. You can “buy it now” for $50K, or make your best offer. I’m really curious what the final price for this will be—I don’t think it’s worth anywhere near $50K.

EDITED TO ADD (7/20): Sold for $30K. I don’t know why the seller decided to use this alternate eBay system, instead of relisting it as an auction. My guess is that he could have gotten more than $30K if he let the auction run its course over the week.

Posted on July 19, 2007 at 4:45 PM • View Comments

Perpetual Doghouse: Meganet

I first wrote about Meganet in 1999, in a larger article on cryptographic snake-oil, and formally put them in the doghouse in 2003:

They build an alternate reality where every cryptographic algorithm has been broken, and the only thing left is their own system. “The weakening of public crypto systems commenced in 1997. First it was the 40-bit key, a few months later the 48-bit key, followed by the 56-bit key, and later the 512 bit has been broken…” What are they talking about? Would you trust a cryptographer who didn’t know the difference between symmetric and public-key cryptography? “Our technology… is the only unbreakable encryption commercially available.” The company’s founder quoted in a news article: “All other encryption methods have been compromised in the last five to six years.” Maybe in their alternate reality, but not in the one we live in.

Their solution is to not encrypt data at all. “We believe there is one very simple rule in encryption: if someone can encrypt data, someone else will be able to decrypt it. The idea behind VME is that the data is not being encrypted nor transferred. And if it’s not encrypted and not transferred, there is nothing to break. And if there’s nothing to break, it’s unbreakable.” Ha ha; that’s a joke. They really do encrypt data, but they call it something else.

Read the whole thing; it’s pretty funny.

They’re still around, and they’re still touting their snake-oil “virtual matrix encryption.” (The patent is finally public, and if someone can reverse-engineer the combination of patentese and gobbledygook into an algorithm, we can finally see how actually awful it really is.) The tech on their website is better than it was in 2003, but it’s still pretty hokey.

Back in 2005, they got their product FIPS 140-1 certified (#505 on this page). The certification was for their AES implementation, but they’re sneakily implying that VME was certified. From their website: “The Strength of a Megabit Encryption (VME). The Assurance of a 256 Bit Standard (AES). Both Technologies Combined in One Certified Module! FIPS 140-2 CERTIFICATE # 505.”

Just goes to show that with a bit of sleight-of-hand you can get anything FIPS 140 certified.

Posted on June 14, 2007 at 1:05 PM • View Comments

More on Kish's Encryption Scheme

Back in 2005, I wrote about Laszlo Kish’s encryption scheme, which promises the security of quantum encryption using thermal noise. I found, and continue to find, the research fascinating—although I don’t have the electrical engineering expertise to know whether or not it’s secure.

There have been developments. Kish has a new paper that not only describes a physical demonstration of the scheme, but also addresses many of the criticisms of his earlier work. And Feng Hao has a new paper that claims the scheme is totally insecure.

Again, I don’t have the EE background to know who’s right. But this is exactly the sort of back-and-forth I want to see.

Posted on June 11, 2007 at 6:49 AM • View Comments

←Previous 1 … 43 44 45 46 47 … 55 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.