Re: New unbreakable encryption method

<jonas.thornvall@xxxxxxxxxxx> wrote in message
news:a0cc5d4b-1efe-45e1-bb75-5072c798c348@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 11 Sep, 11:43, "Skybuck Flying" <BloodySh...@xxxxxxxxxxx> wrote:
I think your method might has a denial of service attack possibility.

The attacker could simply generate random noise and "desynchronize" the
receiver's decryption engine.

It seems you are aware of this attack-vector yourself. You mention
"synchronization issue's".

The question is: do you have a fix for it ?

Bye,
Skybuck.

Sure have it is called message authenication within the encrypted
package you put an authenication string it can be static or "be
subpart of permutation" hashed or whatever, if the package not
authentic. No need to update the permutation buffer.

If you use authentication i do not see how the engine can be
desynchronized it will only update internal state if a valid message
been encrypted.

This adds extra complexity to the algorithm.

The state of all tables would need to be copied for a decryption attempt.

Then the tables would need to be updated again if the decryption message was
good/successfull/verified.

This adds significant overhead to the algorithm.

Memory copies are slow... especially for the 10 big 64 KB tables he mentions
!

And this is just for one message ?!

So then it becomes a pretty serious performance problem !.

Now to mention that the memory requirements have just double from 640 KB to
1280 KB.

So per message the system would need to do one 640 KB copy... plus another
640 KB copy.

That's 1280 KB overhead per message !

Little example:

5 MB/sec of messages. Each message is 512 bytes.

10240 messages !

10240 * 1280 KB = 13107200 KB = 12800 MB = 12.5 GB/sec going through the
system !

If this is supposed to be the fix than you can count me out... at least for
the 16 bit version ! ;)

Unless it would proof to be faster and stronger than AES LOL ?! ;) <- don't
know about that ;)

Bye,
Skybuck.


.

Relevant Pages

  • Re: Authentication
    ... The attacker is allowed to ask for decryption of anything ... then there's no such exception. ... sender and receiver are ever capable to take care never never to ...
    (sci.crypt)
  • Re: embedded keys - there has to be a less vulnerable approach
    ... the database would be run on top of an encrypting file system ... > The use of an asymmetrical encryption algorithm does not seem to offer ... because the encryption and decryption ... > a hostile attacker is not a member of that small knowledgeable elite. ...
    (comp.security.misc)
  • Re: DES3 Encryption using Java and Decryption using C++
    ... PKCS#5 padding should not be used in a system where the following are ... An attacker could repeatedly send messages of his choosing to one ... last byte and repeat. ... (where the last byte of block 2, after decryption and XOR with block ...
    (comp.security.misc)
  • Re: breaking 1 block of ciphertext encrypted using 3TDES
    ... But your discussion of the decryption oracle ... Attacker cannot eavesdrop on other people's requests or responses. ...
    (sci.crypt)
  • Re: How Do Decryption Programs Know Youve Entered the Wrong Passphrase?
    ... one to create the block cipher key and the second one to check if the ... the decryption procedure would be: ... a)Hash the passphrase using Procedure 1 and see if the hash mashes what is ... Better to force an attacker to do a lot of work to figure out if they are successful. ...
    (sci.crypt)