RE: Kryptor Whitepaper released

Hi Angelo,

I just took a quick look at it but it seems to me like a polyalphabetic
substitution cipher with an effective block length of 16 bytes (i.e. every
16 bytes you have a monoalphabetic substitution cipher).

I mean, this doesn't hide the underlying language frequencies within each
block of 16 bytes (the length of your MD5 hashed keys). Of course I'm not a
cryptanalyst but it really seems to be crackeable with pen and paper
(granted, probably not as easy as a Vigenère cipher because of the
manipulations of the keys, but not much more difficult though).

Probably the only situations where this cipher is secure is when the length
of the text to be enciphered is <= 16 bytes (the length of your keys),
provided that you do not reuse the keys of course :-).

Pending the opinion of an experienced cryptographer, I would say that even
without the source code the Friedman and Kasisiki tests would quickly show
up the type of the encipherment (polyalphabetic) and the length of the key
(16 bytes).

As far as I know, this is the reason why modern strong symmetric ciphers use
both diffusion and confusion (as suggested by Claude E. Shannon). This piece
of code only implements substitution, and reminds me of a comment made by
Bruce Schneier regarding the simple XOR algorithm (Chapter 1, Foundations)
in his book "Applied Cryptography" ;-):

...
crypted[x] = plainBlock[x] ^ MD5pwd[streamMd5pwd] ;
...

Best regards,

Omar A. Herrera

-----Original Message-----
From: angelo@xxxxxxxxxxxx [mailto:angelo@xxxxxxxxxxxx]
Sent: Wednesday, February 15, 2006 2:48 PM
To: focus-linux@xxxxxxxxxxxxxxxxx
Subject: Kryptor Whitepaper released

As I announced in previous threads, we released the full white paper of
the algorithm implemented in Kryptor
(http://www.rosiello.org/archivio/kryptor-0.1.2.tar.gz).

The paper can be found at:
http://www.rosiello.org
or
http://www.rosiello.org/modules/smartsection/item.php?itemid=8

cheers,
Angelo

Rosiello Security,
http://www.rosiello.org

Relevant Pages

  • Re: Initializing GFSR Generators.
    ... It is important to see the system around "the cipher" ... I innovated an "alias file" to hold the actual keys, ... somebody has to get through a combiner ...
    (sci.crypt)
  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... >>authority error? ... > doubt that Shannon would call himself a cipher designer. ... >>conventional block ciphers, some keys could ... > We are not talking about analyzing each key; ...
    (sci.crypt)
  • RE: Kryptor Whitepaper released
    ... 16 bytes you have a monoalphabetic substitution cipher). ... manipulations of the keys, but not much more difficult though). ... Bruce Schneier regarding the simple XOR algorithm ...
    (Focus-Linux)
  • Re: Triple AES (3AES)
    ... technology, not meerly larger keys. ... You mean "The Aryabharata Cipher, and Two-Timing Pads"? ... at all the rounds of the block cipher as a bunch of math, ...
    (sci.crypt)
  • Re: Does encrypting same data with multiple algorithms increase security?
    ... >> cipher and encrypt, and then we encrypt with another cipher, with no ... >> regard to possible related keys. ... >> I have suggested the modern DES and AES cascade, ... > weaknesses of the component ciphers involved. ...
    (sci.crypt)