Re: Evaluation of MegaSnakeOil by "expert"

From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 10/12/03 

Date: Sat, 11 Oct 2003 23:00:39 GMT

On Sat, 11 Oct 2003 16:37:43 +0200, Mxsmanic <mxsmanic@hotmail.com>
wrote:

>Mack writes:
>
>> The real world deals more with protocols and mistakes
>> in usage.
>
>Of course ... because that's a zillion times easier than trying to crack
>a modern cipher, and it provides just as much yield in terms of useful
>information (if not more).
>
>Put another way: If your encryption is strong enough that the only
>people likely to be able to usefully attack it are also people who could
>sneak a keystroke-logger onto your machine, then it's time to stop
>worrying about the encryption security and start worrying about securing
>your PC physically. Smart adversaries always attack the weakest links.
>
>> Another 'real world' example. Company implements a cipher.
>> Instead of using the full key, they make all of the letters
>> capitals and only use the first 8 characters which must
>> be letters or numbers. The remaining characters are stored
>> in the encryption header as cipher text so that the complete
>> key can be verified. They accept keys up to 128 bytes long.
>>
>> This mistake reduces the effective key length from 64 bits to
>> 41 bits. But they advertise the product as having a 128 byte
>> key length considerably stronger than the 64 bit keys currently
>> available.
>
>And this helps keep the NSA in business. They can't really crack any of
>the best ciphers anymore, but they can still find thousands of ways to
>circumvent the security that they supposedly provide in real
>cryptosystems.
>
>That's why I worry about things like the randomness of the keys
>generated by PGP. If you discover that 2/3 of the bits in the "random"
>keys can actually be predicted with 80% certainty due to non-random
>characteristics of the generation process, you don't have to bother with
>attacks on RSA or AES or anything like that.

And this is why noone in this newsgroup really believes meganet has
the "better encryption than any currently available". They might but
the general consensus is that they probably don't.

If I recall some versions of PGP had a flaw similar to that but
nowhere near that severe. DSS appearently had a flaw in the key
generation also. They have sinced changed it.

Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail

Relevant Pages

  • Re: Evaluation of MegaSnakeOil by "expert"
    ... because that's a zillion times easier than trying to crack ... a modern cipher, and it provides just as much yield in terms of useful ... The remaining characters are stored ...
    (sci.crypt)
  • Re: My my, how time flies ...... its been about "1 hour" -- anyone cracked CryptoSMS yet?
    ... > that your implementations might be correct? ... > already hawking an encryption program. ... cipher. ... You've refused to post Asswood's "one hour" crack of the ...
    (sci.crypt)
  • Re: Should Initialization Vectors be public ?
    ... CBC XORes every previous cipher block with next plain text block before ... encryption key on the same plain text, ... add them at the beginning of your plaintext data ...
    (microsoft.public.dotnet.security)
  • Re: Should Initialization Vectors be public ?
    ... > CBC XORes every previous cipher block with next plain text block before ... Chaining and feedback modes does provide extra strength to ... > encryption key on the same plain text, ... >>>> then to decrypt. ...
    (microsoft.public.dotnet.security)
  • Re: cryptoloop CBC mode
    ... >> identical it could be the case that two would get same encryption. ... For such blocks you will know exactly which bits differ ... and the two IVs are different. ... > the key will still be the same (ok, different cipher output, but the ...
    (comp.os.linux.security)