Re: Help me break this stupid cipher I just invented. :P
- From: Jeff Dege <jdege@xxxxxxxxxxxxxx>
- Date: Sat, 08 Dec 2007 21:30:18 -0000
On Sat, 08 Dec 2007 20:15:19 +0000, Peter Pearson wrote:
On Fri, 7 Dec 2007 10:03:46 -0800 (PST), Adam Atlas <adam@xxxxxxxx>
wrote:
x = R
for b in B:
x = H(x) ### or H(x xor K)
C[] = x xor b
As Ilmari pointed out, the "x = H(x)" version is vulnerable to a
known-plaintext attack, so you probably want to focus on the "x = H(x
xor K)" variant.
I doubt that anybody is going to break this cipher if a semi-respectable
hash function like SHA-1 is used for H. The known-plaintext attack boils
down to finding K, given many x_i and H(x_i xor K).
When I look at this, it looks a lot like the common XOR against a PRNG,
using this successive hashing of a key as the PRNG.
There are two basic attacks against the XOR with PRNG that I'm aware of.
One is reconstructing the state of the PRNG, which is trivial for many
good PRNGs. But if you're using a cryptographically strong one-way hash,
then you're probably safe from that.
But the other is simpler. If the PRNG isn't very random - if the
probability of any given bit being a 1 isn't 0.5, or the probability that
the bit following a 1 is a 1 isn't 0.5, etc. - then XORing against it
provides no meaningful security, even if the key stream can't be
reconstructed.
It's not something that immediately springs to mind, since even the
cryptographically weak PRNGs provide a good approximation of randomness.
But hash functions weren't designed as PRNGs. I don't remember reading
anything about SHA-1 that would indicate that methods were chosen so as
to provide an output that looked random, when applied repeatedly to a key.
If the output of a hash always set bit 7 to 0, or set odd-numbered bits
to 1 75% of the time, it'd not make a bit of difference to the
effectiveness of the hash as a hash, so it's not likely to be something
that the designers of the hash function even looked for, let alone spent
any effort in trying to eliminate.
But it would have a massive effect on the effectiveness of the hash in
creating a secure key stream in this sort of crypto system.
--
The citizen sees nothing wrong, in the sense of robbing a neighbor
is wrong to him, in turning the tables upon...[government] whenever
the opportunity offers. When he steals anything from it he is only
recovering his own, with fair interest and a decent profit. Two gangs
stand thus confronted: on the one hand the gang of drones and exploiters
constituting the government, and on the other hand the body of prehensile
and enterprising citizens...The difference between the two gangs - of
professionals and amateurs - is that the former has the law on its side,
and so enjoys an unfair advantage.
- H. L. Mencken
.
- References:
- Help me break this stupid cipher I just invented. :P
- From: Adam Atlas
- Re: Help me break this stupid cipher I just invented. :P
- From: Peter Pearson
- Re: Help me break this stupid cipher I just invented. :P
- From: Adam Atlas
- Re: Help me break this stupid cipher I just invented. :P
- From: Peter Pearson
- Help me break this stupid cipher I just invented. :P
- Prev by Date: For Moammar the enforcement's just, as it were me it's exceptional, whereas apart from you it's caning black.
- Next by Date: Will you stir as opposed to the coach, if Youssef explicitly peers the announcement?
- Previous by thread: Re: Help me break this stupid cipher I just invented. :P
- Next by thread: Re: Help me break this stupid cipher I just invented. :P
- Index(es):
Relevant Pages
|
