Re: The crazy encryption madmans codebook



On 2 Mar, 00:32, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:
<j...@xxxxxxxx> wrote in message

news:1172820109.932982.192810@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 1 Mar, 17:18, "Joseph Ashwood" <ashw...@xxxxxxx> wrote:
<j...@xxxxxxxx> wrote in message

news:1172793500.867394.322540@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

So your concept is to move the ancient concept of a codebook into a
database? It is ECB with encryption replaced by a lookup.

The overall security is as strong as what I will call the chaining mode
within and between the messages. By this I mean that is "orcdriffle"
always
translates to "telephone" the construct will leak and quickly fall apart.

No Joe i meant more like this

Actually you seem to have failed to understand what I was saying.

Consider 3 functions:
lp(string) looks up the given phrase in a database and returns a unique but
constant integer identifier for the word
li(integer) looks up the given integer identifier and returns a unique but
constant phrase associated with it
c(...) takes an integer as an input, computer a prp function on that input
and returns the value, both input and output are constrained to the possible
return values of li. Such that c' exists where x=c'(c(x)) for all valid x

This system of 3 functions is more powerful than your database lookup
system. There are 3 possible conditions:
c() takes only an integer (c(i))
c() takes an integer and a permutation identifier (key) (c(i,k))
c() takes an integer, a permutation identifier, and some state information
that it outputs for later input (c(i,k,v))

lp, li, c(i) combined are provably at least as powerful as your system as
they can express any system in your design. It is also trivally provable
that c(i) is less powerful than c(i,k)

lp,li,c(i,k) are trivially provable to be a cipher in ECB mode. As such they
fail in all the same ways as ECB with one major, and devastating exception,
each output represents a phrase and as such break accuracy can be quantified
more easily.

lp,li,c(i,k,v) represents the modification you proposed where k has length
0. c(i,k,v) has security equal to c(f(i,v),k) and that the security lies in
f(i,v) and c(i,k), seperating these out your multiplier has no entropic
input and as such for security purposes reduces to an identity, so the
security reduces to c(i,k) for which you have a 0 length k, so it reduces to
c(i) which is horrifying insecure.

As a result your entire construct, as it stands is extremely insecure. Also
it will be necessary to have a database with a prime number of entries
simply in order to make your proposal as difficult as possible to break
(still trivial though), so your proposed modification (in the other message)
actually lowers the security further because it is trivially provable that k
and k+1 cannot be prime for k>2.

So your entire system results in equivalence to a codebook, and your
modification to improve it actually weakens it.
Joe

But you said that
***********************************************************
The overall security is as strong as what I will call the chaining
mode
within and between the messages. By this I mean that is "orcdriffle"
always
translates to "telephone" the construct will leak and quickly fall
apart.
You need some method of convolving the database even within the same
message. I would actually suggest having a look at RC4 to create a
double
lookup method, it should be simple to create an effective chaining
mode from
ther, but the security will be suspect. For stronger security you'll
want to
look at the designs of strong stream ciphers.
Joe
***********************************************************
I do not see how *telephone* always encodes to anything particular
the actual identifier in the database '12288. telephone=a bad smell'
Just note that if offset multiplies to 0 then 0+12288=12288 it is the
only time telephone encodes to 'a bad smell' i hope you can see that
for any other ouput of letter function in the earlier decoded
plaintext sentence you will get another offset.

And since entry zero do not exist telephone can actually never be
encoded to a bad smell.

But maybe you say that it is vulnerable to known chosen plaintext
attacks, yes of course and to known plaintext to.
But in practise those attacs are not useful on codebooks because the
adversary immediatly sees it is a fake nonsense message from man in
the middle.

In your earlier answer you did talk over my head Joe i am not skilled
in crypto terminology and schemes.
This was just an idea i did get due to the many strange messages
floating around at newsgroups, maybe they are not nonsense but a new
form of databased codebook programs based on some unknown offset
technology.

Best regards Jonas Thornvall

.



Relevant Pages

  • Re: The crazy encryption madmans codebook
    ... It is ECB with encryption replaced by a lookup. ... The overall security is as strong as what I will call the chaining mode ... lplooks up the given phrase in a database and returns a unique but ... constant integer identifier for the word ...
    (sci.crypt)
  • Re: setting a password on a button on the switchboard
    ... Could you send me the sample database for the fourth option (4. ... > Security in an Access database can probably be broken down into two big ... > points about being easier than User Level Security, ... > What type of data are you trying to protect? ...
    (microsoft.public.access.forms)
  • Re: access 2003
    ... security in access 2003. ... The data will go on the server and the program database ... than the alternative of creating an mde file. ... MDW file from the written record. ...
    (microsoft.public.access.conversion)
  • Re: access 2003
    ... security in access 2003. ... The data will go on the server and the program database ... than the alternative of creating an mde file. ... MDW file from the written record. ...
    (microsoft.public.access.conversion)
  • Re: Is this possible??
    ... I understand Windows security but since I've not seen A2007 live, ... The backend is on the server in it's own file. ... database, but everyone does not need to have access to tblwage which is ...
    (microsoft.public.access.tablesdbdesign)