RE: Kryptor Whitepaper released



Ooops,

Didn't read the code well, the keystream is not reused after each iteration,
(Angelo showed me my mistake).

This is what happens when you don't read well and are too quickly to answer
:-). Please disregard my previous comments.

Regards,

Omar

-----Original Message-----
From: Omar A. Herrera [mailto:omar.herrera@xxxxxxxxx]
Sent: Wednesday, February 15, 2006 8:44 PM
To: angelo@xxxxxxxxxxxx; focus-linux@xxxxxxxxxxxxxxxxx
Subject: RE: Kryptor Whitepaper released

Hi Angelo,

I just took a quick look at it but it seems to me like a polyalphabetic
substitution cipher with an effective block length of 16 bytes (i.e. every
16 bytes you have a monoalphabetic substitution cipher).

I mean, this doesn't hide the underlying language frequencies within each
block of 16 bytes (the length of your MD5 hashed keys). Of course I'm not
a
cryptanalyst but it really seems to be crackeable with pen and paper
(granted, probably not as easy as a Vigenère cipher because of the
manipulations of the keys, but not much more difficult though).

Probably the only situations where this cipher is secure is when the
length
of the text to be enciphered is <= 16 bytes (the length of your keys),
provided that you do not reuse the keys of course :-).

Pending the opinion of an experienced cryptographer, I would say that even
without the source code the Friedman and Kasisiki tests would quickly show
up the type of the encipherment (polyalphabetic) and the length of the key
(16 bytes).

As far as I know, this is the reason why modern strong symmetric ciphers
use
both diffusion and confusion (as suggested by Claude E. Shannon). This
piece
of code only implements substitution, and reminds me of a comment made by
Bruce Schneier regarding the simple XOR algorithm (Chapter 1, Foundations)
in his book "Applied Cryptography" ;-):

...
crypted[x] = plainBlock[x] ^ MD5pwd[streamMd5pwd] ;
...

Best regards,

Omar A. Herrera

-----Original Message-----
From: angelo@xxxxxxxxxxxx [mailto:angelo@xxxxxxxxxxxx]
Sent: Wednesday, February 15, 2006 2:48 PM
To: focus-linux@xxxxxxxxxxxxxxxxx
Subject: Kryptor Whitepaper released

As I announced in previous threads, we released the full white paper of
the algorithm implemented in Kryptor
(http://www.rosiello.org/archivio/kryptor-0.1.2.tar.gz).

The paper can be found at:
http://www.rosiello.org
or
http://www.rosiello.org/modules/smartsection/item.php?itemid=8

cheers,
Angelo

Rosiello Security,
http://www.rosiello.org