• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Ultra Paranoid Extreme Hardcore Encryption An Idiot's Guide

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2, 3, 4  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Sat Feb 05, 2005 8:08 pm    Post subject: Ultra Paranoid Extreme Hardcore Encryption An Idiot's Guide Reply with quote

Hi All. Very Happy

It’s great to read all the in-depth explanations of encryption. I’m not being sarcastic, I truly appreciate all the time that the experts on this site take to explain things. After reading most of the post’s here I may be no wiser but at least I have been better informed !!Shocked

But unfortunately, for us of average intelligence and below we struggle to know in plain terms what the best approach to security is. This may be because we are of less intelligence or simply because we don’t have the time to work out every detail for ourselves. Also we may need top quality privacy but maybe some of us don’t have the same passion to make it a life’s work, which I believe to be fully aware in all things encrypted you would have to do. Even then you probably won’t know everything.

So, I realise I am new to this site, worse still a newbie to encryption and I suppose it’s a bit of a big question to post. I realise I am opening up to being flamed with loads of “Look here before posting questions like these” or “you should have searched this forum for this” type of post’s but if you read on you will understand my reason for this post.

Yes it is true that if you search this site and of course the internet I suppose you could trawl though loads of in depth papers you don’t understand properly and work it all out for yourself. That’s right but what about every now and then the members of Security Forums get together and explain in simple terms the most RECENT thinking on encryption. Maybe this could be done annually or even monthly ? I appreciate that this is done in a sort of a way now with the forms but no one puts it all together for people with little technical knowledge and give a very basic set of instructions.

For example instead of saying you must use Twofish with a key length of wotsit thingybob. How about saying the best encryption program to use is PGP and this is how to set it up for the most secure results, then explaining in such a way even your granny would understand. I understand that people will all have a different opinion on the best encryption program to use but in that case I am sure the experts on this site will be able to argue amongst themselves and between them come up with an answer they can all “mostly” agree on. I do however realise that many people are afraid to stick their head on the block by actually stating their preference of program and method of operation in case of the aforementioned flaming or fear of being shown not to know as much as they would like people to think they know.

It’s easy for me as I have no ego to protect so I will be the first to give an example of what I think are solid programs and what is a secure method of use.

PLEASE DON’T TAKE ANY OF THE FOLLOWING TO BE CORRECT AS I AM MERELY SHOWING AN EXAMPLE OF WHAT I BELIEVE TO BE A GOOD SOLID WAY TO PROTECT YOUR PRIVACY “WITH NO REAL KNOWLEDGE” I AM NO WAY AN EXPERT AND I AM SIMPLY WRITING THIS AS AN EXAMPLE OF WHAT I AND I ASSUME MANY “ORDINARY” PEOPLE WOULD WISH AN EXPERT OF SECURITY FORUMS TO WRITE FOR THEIR FELLOW MEMBERS.

Example.

First make sure you are alone.

Scan your system for virus’s and keyloggers. (experts to name a product). I’m going to suggest Norton Antivirus 2005.

Check for a hardware keylogger fastened to your keyboard cable. If in doubt use a software keyboard. Experts please tell us which to use. I suggest Click and Type.

Open notepad and type your message. Experts may have a different opinion.

Encrypt the text with Clip Secure on full settings. CBC, SHA512, Serpent. This is where an expert could recommend a better tested product and settings as I don’t have a particularly good reason for this product or these settings.

Then encrypt with PGP “downloaded from the main site”. I have said this because there are many roomers about backdoors and skeleton keys for PGP’s latest releases. If an expert on this site can understand the source code and compile it is there a way for the non tech people to check their exe’s ? Perhaps a hash value of the experts checked and compiled version to our downloaded install exe’s. Also a detailed guide to how to set PGP.

Re-Encryption. I think Datah might be able to help us with this !!
I realise this is possible but it has to be done in a specific way. Perhaps I have already made an error with the Clip Secure encryption then the PGP encryption. Experts please tell us the correct way and order to do this in. Which algorithms to use and in which order and with which keys to use in which order. Also perhaps some programs will work better when re encrypted with other programs, experts please let us know.
I am going to suggest 3 times with different PGP keys DH/DSS RSA then finally with DH/DSS. Using Serpent, Twofish, and Triple-DES.

PGP doesn’t have Serpent so please can someone recommend a well written program that does.

Then wrap it all up in Axcrypt. Experts is this program safe ? Does it do what it says and should it be combined with the above ? It seems to be written by a competent programmer. He appears to be open and friendly about his work. As far as I can tell it is a really good solid encryption program written by a programmer with good and honest intensions.

Tips and extra tricks.
How about if you regularly send messages to a friend you met person to person occasionally you could work out an extra security measure between yourselves.

Here’s my example.
When you have transformed the plain text into cipher text have a system where you perhaps remove the third character along from the left and replace it with a different character. Then at the bottom of the text write ( The key is “X” ) Then when your friend gets to the point of decrypting your message he simply replaces the third character from the left with “X”. Even if an attacker has your secret key and your pass phrase he still doesn’t know where to put the “X” !! I wonder if this simple trick would add much to security ? Experts please let us know.

Keep messages short.
I understand the shorter the plain text is then the harder it is to attack. Is this right ?

Pass Phrase.
I am sure I have read somewhere that you shouldn’t use repeated characters within your pass phrase like, “this_ is_ my_ pass_ phrase_ 8888”. Apparently the 8888 bit makes it easier to work out. Could someone who knows better please put this right ?

End of example.

OK this is ultra paranoid extreme hardcore encryption, but be honest this is what we all want, isn’t it ? It would be great if after a short period of time the last page of this post would have a easy to understand, program recommending and tested unique security forums guide to ultra paranoid extreme hardcore encryption !! Now all I need to do is get some secrets I need to transmit. I wish I wasn’t so boring and I had something to send !!Crying or Very sad

I hope all the experts here don’t feel like I or anybody here just wants to leech all your experience. We do appreciate your input and opinions. We love to read through your very detailed and in-depth arguments that you have amongst yourselves. Unfortunately we just don’t understand what’s going on. But we love you for it. I and I am sure many others wish to thank you and this site for helping the common man try to stay one step ahead of Big Brother !! Albeit a very small step !! Without you we would be subjected to snake oil and conmen taking our hard earned money and providing us with little or no security. We thank you.


Bungle. Wink
Back to top
View user's profile Send private message
mxb
Trusted SF Member
Trusted SF Member


Joined: 30 Mar 2004
Posts: 6


Offline

PostPosted: Sun Feb 06, 2005 3:54 pm    Post subject: Re: Ultra Paranoid Extreme Hardcore Encryption An Idiot's Gu Reply with quote

Bungle wrote:
...but what about every now and then the members of Security Forums get together and explain in simple terms the most RECENT thinking on encryption. Maybe this could be done annually or even monthly ? I appreciate that this is done in a sort of a way now with the forms but no one puts it all together for people with little technical knowledge and give a very basic set of instructions.


I must say I kind of like this idea. It sounds similar to the monthly SFDC column written by alt.don (examples here and here). But I am not sure about the amount of work required, nor whether it is actually needed. Other such articles exist such as Schneier's crypto-gram, which covers current cryptography with additional interesting critique and discussion. Is this the sort of thing you had in mind? Because if so a SFDC specific version would probably be redundant.

I found your example interesting, as the whole scheme seemed to involve communication between two parties over an insecure line (such as email), but didn't mention anywhere about key distribution. You have specified symmetric encryption algorithms, yet you have not said how the recipient would know what key to decrypt with. This is known as the key distribution problem, and it is for this reason that asymmetric encryption algorithms (such as PGP / GnuPG) exist.

You have mentioned to scan your system for virus's and key-loggers which is an important and often forgotten step. You have also instructed to download the programs from their main distribution sites only. Again, this is good, but you could take this further by performing a checksum (preferably sha1) of the downloaded file against known-good checksums, which are usually available on the programs website. An alternative is a signed download, with a publicly available key. Taking all of this to the next step would probably involve the use of a known-good bootable linux live-cd. This would contain the necessary programs for encryption, and would come with encrypted storage for your files. Because these run from memory, and generally use encrypted swap partitions, there is no data stored anywhere in plaintext.

I am not sure about all of the re-encryption steps, you are encrypting the data three times, which I feel is overkill. However, the title of this topic is 'Ultra Paranoid Extreme Hardcore Encryption' so maybe there are people out there that would actually do this. Personally I would stick to the more common algorithms as they are generally used more, so problems are found earlier.

I would recommend using GnuPG (an open source PGP alternative) to exchange the data using public keys between both parties. If you really need / want re-encryption then encrypt the data beforehand. Again, this can be done with GnuPG. Open source programs are generally more bug-free and problems are normally spotted earlier than in closed source programs. The 'Ultra Paranoid Extreme Hardcore Encryption' user would probably want to check the source code themselves for any backdoors.

Your little trick of modifying the encrypted data is unnecessary and in fact detrimental to the system. By modifying the data after encryption you are changing it's checksum, so analysis would show that it had been modified. This would flag the message to any adversary, and also allows an adversary to make additional changes to messages, as the checksum would never be correct. It would be much better to remove this idea and keep the checksum correct. Then, if modification did occur, it would apparent immediately to the recipient, and the message could be ignored / resent. An additional point about this step is that it is security by obscurity and adds no improvement to the security, even if it did work. The whole scheme relies upon only the sender and receiver knowing what actions to perform. These security systems are inherently broken and are of no value.

The idea that short messages are harder to crack certainly applies to pen and paper encryption schemes, but I am unsure whether is applies to modern cryptographic methods. Could somebody else pick this up and enlighten us all?

Any decent security program should hash your pass-phrase before use to increase the entropy in the characters. English has a poor entropy due to the use of (generally) only letters, numbers and basic punctuation. This is only around 70 of the 255 ASCII characters, and so a large percentage of the characters never get used. By hashing this text, a smaller, yet 'more random' value can be obtained.

Bungle wrote:
Now all I need to do is get some secrets I need to transmit. I wish I wasn’t so boring and I had something to send !!


Ideally, everyone would use encrypted email for all messages, adding safety in numbers to the system. Unfortunately, due to the publics unawareness and apathy, encrypted email is underused. I would imagine any encrypted email is normally flagged for analysis as it means someone has something to hide.

Martin
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Sun Feb 06, 2005 8:50 pm    Post subject: Reply with quote

Hi Martin Very Happy

Thanks for your reply.

Quote:

I must say I kind of like this idea. It sounds similar to the monthly SFDC column written by alt.don (examples here and here). But I am not sure about the amount of work required, nor whether it is actually needed. Other such articles exist such as Schneier's crypto-gram, which covers current cryptography with additional interesting critique and discussion. Is this the sort of thing you had in mind? Because if so a SFDC specific version would probably be redundant.



I must admit I hadn’t noticed the SFDC column, (the links you kindly supplied) but I think that is kind of my point. My point about not noticing the SFDC column is that many people don’t even know what to search for !! Even what search words to use. I think that the general public feel slightly guilty or ashamed asking about cryptology as it sort of implies they are up to something. Two weeks ago when I first showed an interest in cryptology I too felt this way. You see you guys here have probably been involved with encryption for many years and have lost that initial nervous almost guilty feeling people have when first learning about encryption. My main, original reason for my post was an almost “what you need to know about encryption but were afraid to ask” sort of thing. I thought if I asked the questions everybody could read the replies without anyone knowing. Half my post was trying to use key words that would pop up on a search to help people find it !!

As I have learnt more and more I understand that encryption is not a guilty secret but pure common sense. I mean you wouldn’t shout across the road to ask your friend if his rash has cleared up yet !! The same can be said for e-mail. I also understand that there is safety in numbers and the more of us that use encryption the less suspicious it looks when someone sends an encrypted message.

So you asked if the pre existing SFDC news column was what I had in mind. Well no. Don’t get me wrong now I have seen it I think it is a valuable resource for everyone wanting to know more about encryption. What my idea was though is an almost “readers wives” section !! Hang with me on this…What I mean is why don’t you experts tell us how you secure you mail and drives ? Tell us how you do it and what programs you use and most importantly why. Hey it is possible you could be doing something in an insecure way and I’m sure your friends here will point it out. The algorithms are open to peer review but peoples implementation of them isn’t !!

The ideal outcome for this post would be if an average guy could read this post and within a lunchtime learn enough to be able to know what products can be trusted, how to set them up and use them. I know this would mean all the experts hard work has just been condensed into a few paragraphs for the general public to just come along and take. But just because someone isn’t very clever or they don’t have the time to study encryption to a reasonable level surly doesn’t mean they shouldn’t have the same right to privacy as much as the next guy. As Phil Zimmermann himself knows there are people doing good work in hostile environments using his product and these people just need answers, facts and quick ! Everyone else could benefit too as they may be overlooking something and be encrypting in the wrong way which may actually be making their security worse !


Quote:

I found your example interesting, as the whole scheme seemed to involve communication between two parties over an insecure line (such as email), but didn't mention anywhere about key distribution. You have specified symmetric encryption algorithms, yet you have not said how the recipient would know what key to decrypt with. This is known as the key distribution problem, and it is for this reason that asymmetric encryption algorithms (such as PGP / GnuPG) exist.


Yes sorry about that but this is what I wanted, you, being an expert, has found something wrong and now is kindly pointing it out. I was however just thinking PGP as that’s all I’ve got at the moment.

Quote:

I am not sure about all of the re-encryption steps, you are encrypting the data three times, which I feel is overkill. However, the title of this topic is 'Ultra Paranoid Extreme Hardcore Encryption' so maybe there are people out there that would actually do this. Personally I would stick to the more common algorithms as they are generally used more, so problems are found earlier.


Yes the title was overkill, a bit of a joke actually, but it did get a few people looking. I thought people who just use standard encryption may learn from new techniques to dramatically improve their security. Every little bit extra helps !! I have recently discovered however, mainly from Datah, that re encryption done wrong can actually reduce security !! This is where you experts can help.


Quote:

I would recommend using GnuPG (an open source PGP alternative) to exchange the data using public keys between both parties. If you really need / want re-encryption then encrypt the data beforehand. Again, this can be done with GnuPG. Open source programs are generally more bug-free and problems are normally spotted earlier than in closed source programs. The 'Ultra Paranoid Extreme Hardcore Encryption' user would probably want to check the source code themselves for any backdoors.


Thanks for this advice this is the sort of thing I would think the first timer needs to know. Which way to re-encrypt ? Which algorithms work best together and in what order ? Also as first timers how do we know what is good source code and what isn’t ? What I was hoping is that if one of your experts had already checked the code for themselves to let us know. In fact SFDC could give an extra seal of approval on open source software using SFDC key signing. As for the GnuPG if a novice downloads the front end he is unaware that this front end does not allow open review and is ideally placed to capture passwords !!

Quote:

Your little trick of modifying the encrypted data is unnecessary and in fact detrimental to the system. By modifying the data after encryption you are changing it's checksum, so analysis would show that it had been modified. This would flag the message to any adversary, and also allows an adversary to make additional changes to messages, as the checksum would never be correct. It would be much better to remove this idea and keep the checksum correct. Then, if modification did occur, it would apparent immediately to the recipient, and the message could be ignored / resent. An additional point about this step is that it is security by obscurity and adds no improvement to the security, even if it did work. The whole scheme relies upon only the sender and receiver knowing what actions to perform. These security systems are inherently broken and are of no value.


OK thanks for that, I just wondered if it made a difference. I thought that they would never be able to crack it as it would never actually make sense. You could always re-sign the altered cipher text couldn’t you ?


Quote:

The idea that short messages are harder to crack certainly applies to pen and paper encryption schemes, but I am unsure whether is applies to modern cryptographic methods. Could somebody else pick this up and enlighten us all?


I wonder if there are any techniques that could be applied to the plain written text before encryption to further harden security ? Odd spacing, spelling, missing letters out ? I understand that attackers look for common words probably the two and three letter ones. Well instead of plain text writing “it” “the” or “and” how about “1t” xthe” and “0nd” every now and then to break it up a bit ? It will be hard to read but perhaps more secure.


Quote:

Any decent security program should hash your pass-phrase before use to increase the entropy in the characters. English has a poor entropy due to the use of (generally) only letters, numbers and basic punctuation. This is only around 70 of the 255 ASCII characters, and so a large percentage of the characters never get used. By hashing this text, a smaller, yet 'more random' value can be obtained.

OK understood, thanks.

Quote:

Ideally, everyone would use encrypted email for all messages, adding safety in numbers to the system. Unfortunately, due to the publics unawareness and apathy, encrypted email is underused. I would imagine any encrypted email is normally flagged for analysis as it means someone has something to hide.


Yes, you’re right, it was a silly joke, sorry. It’s true though, I don’t have anything to hide but I just resent the thought of BB snooping through what I write to my friends. In light of this fact, I want to cost BB as much money and cause BB as much trouble as possible to find out that my e-mail simply said I want my girlfriend to buy some dog food on her way home from work !! Come on BB if you think you’re hard enough !! That’s why I want 'Ultra Paranoid Extreme Hardcore Encryption” !!



Perhaps use this as a guide to what I mean about the “readers wives” bit.

Name

Checks performed before writing message.

Text editor used and explanation why.

First level of encryption. Software used, settings used and explanation why.

Second level etc.

Third if used etc.

Forth if you’re really scared !!

Any additional tips tricks or anything useful. Perhaps the destruction method of the original un-encrypted file.

Thanks for your help.
Bungle

PS
I suppose wireless keyboards should be avoided for the 'Ultra Paranoid Extreme Hardcore Encrypter' !
Back to top
View user's profile Send private message
mxb
Trusted SF Member
Trusted SF Member


Joined: 30 Mar 2004
Posts: 6


Offline

PostPosted: Sun Feb 06, 2005 10:19 pm    Post subject: Reply with quote

Bungle wrote:
I think that the general public feel slightly guilty or ashamed asking about cryptology as it sort of implies they are up to something... ...As I have learnt more and more I understand that encryption is not a guilty secret but pure common sense.


Indeed, a surprisingly large percentage of the population think that if you are encrypting something then you have something to hide. The odd thing is, is that these people value their own privacy, just not yours. An analogy can be drawn between email and postal mail. People don't send all their correspondence through the post on postcards because they value their privacy, yet they basically do with their email. Some people don't see this analogy as it takes a bit of understanding about how the Internet works. I found an easier method to describe this on the Internet. If someone questions what you have to hide when encrypting messages simply ask for (or just take) their wallet and start to go through it. They will generally get annoyed quickly, to which you can reply 'Well, if you don't have anything to hide either, you won't mind me looking'. I find this analogy works better on people who don't understand technology as much.

Bungle wrote:
So you asked if the pre existing SFDC news column was what I had in mind. Well no. Don’t get me wrong now I have seen it I think it is a valuable resource for everyone wanting to know more about encryption... ...What I mean is why don’t you experts tell us how you secure you mail and drives ? Tell us how you do it and what programs you use and most importantly why. Hey it is possible you could be doing something in an insecure way and I’m sure your friends here will point it out. The algorithms are open to peer review but peoples implementation of them isn’t !!


Well, actually I was referring to crypto-gram when asking what you had in mind, but this wouldn't fit your criteria either. You are basically asking 'experts' to document their current methods that they use to keep their data secure and private. Indeed, this might be useful in that someone spots a flaw in another's methods. I'm not quite sure about what you mean by 'implementation' in that context as generally I use open-source programs so the implementation is actually open to peer review. From my current understanding you mean how I actually use the programs rather than the programs themselves, is this correct?


Bungle wrote:
The ideal outcome for this post would be if an average guy could read this post and within a lunchtime learn enough to be able to know what products can be trusted, how to set them up and use them.


Linking in with my previous paragraph, I think this would be incorporated with the descriptions of how the 'experts' are encryption their data. Are you just asking for basically a series of 'how-to' articles? Such as 'How to keep your email private'? These would guide a user about what programs they would need and how to set them up for use, giving settings suitable for a 'common' user, etc.

Bungle wrote:
I was however just thinking PGP as that’s all I’ve got at the moment.


I personally feel that a correct implementation of PGP or GnuPG is sufficiently secure to use on it's own.

Bungle wrote:
I have recently discovered however, mainly from Datah, that re encryption done wrong can actually reduce security !! This is where you experts can help.


I am not sure how we so-called 'experts' can help in this area. Are you expecting us to basically go out and say 'don't use algorithm X after algorithm Y because...'? Each algorithm usually contains a few variable parameters and they have a large impact on the security of the system. By coupling together different ciphers you increase the possible combinations of settings very quickly, which makes them harder to check.

Bungle wrote:
What I was hoping is that if one of your experts had already checked the code for themselves to let us know. In fact SFDC could give an extra seal of approval on open source software using SFDC key signing.


I think a SFDC signature of approval key would not make any difference. Security depends entirely on the opponent. If you are trying to secure something against a younger sibling, you don't need the same level of encryption to protect yourself from a government. I do not think a SFDC key signature scheme would fly as there are just too many parameters and the amount of time and effort it would take would be too great. Remember, you can still use a secure program in an insecure manner.

Bungle wrote:
You could always re-sign the altered cipher text couldn’t you ?


You could do, but the data itself would still fail its internal signature check.

Bungle wrote:
I wonder if there are any techniques that could be applied to the plain written text before encryption to further harden security ?


Here you are trying to in increase the entropy, or randomness of your plaintext. I feel that this in unnecessary. A good cipher should take an input and give a uniform output across the entire cipher-space. In plain English, this means that it should accept any input and still give a 'random' output.

Bungle wrote:
I suppose wireless keyboards should be avoided for the 'Ultra Paranoid Extreme Hardcore Encrypter' !


True, but if you are worried about EM radiation interception you have to remember your monitor also gives out signals. Research TEMPEST on google for more information about this.

Cheers,
Martin
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Mon Feb 07, 2005 12:27 am    Post subject: Reply with quote

Hi Martin Very Happy

Quote:

Well, actually I was referring to crypto-gram when asking what you had in mind, but this wouldn't fit your criteria either. You are basically asking 'experts' to document their current methods that they use to keep their data secure and private. Indeed, this might be useful in that someone spots a flaw in another's methods. I'm not quite sure about what you mean by 'implementation' in that context as generally I use open-source programs so the implementation is actually open to peer review. From my current understanding you mean how I actually use the programs rather than the programs themselves, is this correct?


Sorry, I haven’t got the hang of the proper terminology. I think you’re right “implementation” is probably the wrong word. What I mean is the way the user sets the settings and use’s their chosen encryption program and if re-encrypting how and in what order.

Quote:

Linking in with my previous paragraph, I think this would be incorporated with the descriptions of how the 'experts' are encryption their data. Are you just asking for basically a series of 'how-to' articles? Such as 'How to keep your email private'? These would guide a user about what programs they would need and how to set them up for use, giving settings suitable for a 'common' user, etc.


Yes something like that. I have tried to think of an example to best describe what I mean. I used to play guitar a while ago and I couldn’t wait to buy the latest guitar magazine to see what equipment the pro’s were using. I was desperate to see what guitars they played, what amps they used to get their sound and read why they choose them. Many budding guitar players would study these pages looking for any details on the equipment in the background of pictures just trying to see what effects were being used. I suppose I am looking for an endorsement of crypto programs and instead of styles and techniques of pro guitar players I am looking for styles and techniques of the pro encrypters ! Think of yourselves as the rock stars of encryption and your fans want to know how you got there, what equipment you use and how you make that groovy cipher you do so well !!

Quote:

I personally feel that a correct implementation of PGP or GnuPG is sufficiently secure to use on it's own.


I am sure it is. I have no doubt in PGP’s ability. Its just as with most things it’s nice to tinker about and try to get that little bit more out of it. When I used to ride motorbikes I would modify this and that just to get that little bit extra power. With guitar players it’s the infamous “turn it up to 11…10’s just not loud enough!” and I assumed with crypto double and triple encryption was the heavy metal of cryptology.

Quote:

I am not sure how we so-called 'experts' can help in this area. Are you expecting us to basically go out and say 'don't use algorithm X after algorithm Y because...'? Each algorithm usually contains a few variable parameters and they have a large impact on the security of the system. By coupling together different ciphers you increase the possible combinations of settings very quickly, which makes them harder to check.


Err…. Yes, I think so. You see I just don’t know enough about this subject to ask the right questions. I suppose to the average person it would seem common sense that the more you encrypt with even the same algorithm, (using different keys obviously), the more scrambled the message and presumably the more difficult to crack. But being a bit of a suspicious chap, that’s the ultra paranoid bit, I just felt that things probably wouldn’t be that simple. So I made my first ever post and asked if re-encryption worked. Datah kindly wrote back and pointed out that in some cases it could actually weaken your encryption !! So, as most of you seem to know how these algorithms work I thought you may be able to, or maybe already are, using them in such a way as to add security on each pass rather than conflict and weaken each other.

Quote:

I think a SFDC signature of approval key would not make any difference. Security depends entirely on the opponent. If you are trying to secure something against a younger sibling, you don't need the same level of encryption to protect yourself from a government. I do not think a SFDC key signature scheme would fly as there are just too many parameters and the amount of time and effort it would take would be too great. Remember, you can still use a secure program in an insecure manner.


I think people here would trust SFDC. Surly either yourself or others who run this site must check the integrity of the source code for their own programs.? So there wouldn’t be any additional workload on their part as they were checking it anyway. I wouldn’t ask or expect them to check a specific program for me, all I was suggesting is that if any of the experts here had checked some software they intended to use themselves then please share the knowledge that the program in question is safe to use. I mean who is checking this source code ? Just because it’s open source everybody seems to say “oh well then it must be ok”, but if no one’s actually checking it how do we know ? I simply don’t know anyone capable of making sure of the programs integrity but I am prepared to accept that SFDC wouldn’t knowingly endorse a program that was suspicious in any way. You can always print a disclaimer. Even if you or your colleagues just give the program in question a quick once over it’s certainly better than anything we could do.
This is something like what I mean go here, http://www.axondata.se/ then click “Others Crypto”. Sorry but I couldn’t seem to make a direct link to the page in question.
As for “using a secure program in an insecure manner” this is what I hope this post, with your help will help people to avoid.

Quote:

True, but if you are worried about EM radiation interception you have to remember your monitor also gives out signals. Research TEMPEST on google for more information about this.


Oh… Shocked thanks a lot, after reading that I’ve changed to Ultra, Ultra Paranoid !! But this is all good stuff !! This is the sort of thing the average man is totally unaware of, thanks for scaring us all witless but we need to know these things and it is for our own good. Laughing

Thanks Martin, you seem to be the only one interested and willing to help.
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Mon Feb 07, 2005 3:55 pm    Post subject: Reply with quote

hi,

Bungle wrote:
That’s right but what about every now and then the members of Security Forums get together and explain in simple terms the most RECENT thinking on encryption.


I feel cryptogram as mxb mentioned is the best place for that. Cryptogram is a free monthly newsletter written by security expert Bruce Schneier. You may subscribe to this mailing list. It gives an update on the monthly crypto news.

Quote:
Keep messages short.
I understand the shorter the plain text is then the harder it is to attack. Is this right ?


Say you have just 10 bytes of ciphertext to analyze. If you use a simple caseser cipher, you can instantly subtract 3 (mod 26) to retreive the plain text. However, with a polyalphabetic cipher were each plain text word may be substituted with more than one cipher text word, without 'enough' bits of information it would not be possible to break the cryptosystem. Hence it is variable and dependent on the cryptographic algorithm used.

Quote:
Pass Phrase.
I am sure I have read somewhere that you shouldn’t use repeated characters within your pass phrase like, “this_ is_ my_ pass_ phrase_ 8888”. Apparently the 8888 bit makes it easier to work out. Could someone who knows better please put this right ?


In any case we need to convert the passphrase into an encryption key. This is usually done by passing the pass phrase over a one way hash function like SHA. The output produced by SHA,usually called the message digest may be truncated appropriately to the length of they encryption key. The important thing is that the function is 'one way' and hence you cannot invert it. i.e,given the encryption key alone one cannot retreive the passphrase. Good one way hash functions have the property that they disperse redundancy in the input so that they are less obvious in the output.

Quote:
I think people here would trust SFDC.

Some may and some maynot. If you trust you don't need proof.Wink

mxb wrote:

True, but if you are worried about EM radiation interception you have to remember your monitor also gives out signals. Research TEMPEST on google for more information about this.

You would probably like to be in a Faraday Cage to protect against such attacks.


Quote:
Bungle wrote:
I wonder if there are any techniques that could be applied to the plain written text before encryption to further harden security ?

Yes, compress the plain text before encryption. The advantages are that it will further hide any redundancy in the plaintext thus frustating the crypanalyst. Another advantage is that encryption is faster because there are lesser blocks to encrypt due to compression.

The amount of discussion is pretty huge. Please bring to notice if I had missed something.

Thanks,
Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Mon Feb 07, 2005 6:33 pm    Post subject: Reply with quote

Hi Datah. Very Happy

Quote:

Say you have just 10 bytes of ciphertext to analyze. If you use a simple caseser cipher, you can instantly subtract 3 (mod 26) to retreive the plain text. However, with a polyalphabetic cipher were each plain text word may be substituted with more than one cipher text word, without 'enough' bits of information it would not be possible to break the cryptosystem. Hence it is variable and dependent on the cryptographic algorithm used.


I understand this better now, thanks. As I usually use Twofish can I assume that in theory at least a shorter message would have some security benefit ? I think from what you have taught me this would be correct.

Quote:

In any case we need to convert the passphrase into an encryption key. This is usually done by passing the pass phrase over a one way hash function like SHA. The output produced by SHA,usually called the message digest may be truncated appropriately to the length of they encryption key. The important thing is that the function is 'one way' and hence you cannot invert it. i.e,given the encryption key alone one cannot retreive the passphrase. Good one way hash functions have the property that they disperse redundancy in the input so that they are less obvious in the output.


I see, so the repeated character won’t really matter as it wouldn’t be repeated after hashing, it’s all becoming much clearer now !! I don’t want to worry anyone unnecessarily but I have heard about something called “Rainbow”. From what I can tell I think this is a kind of brute force through hash algorithms then the attacker “stores” the results. So in the event of the attacker wanting to workout your password he merely compares the hashed password to his data base and then looks up what input resulted in that hash !! Now I may have this wrong but if it is right then I am sure BB is hashing away through loads of passwords every year and storing them up. I hate to make this statement with the limited knowledge I have but I can foresee a time when passwords are simply useless !! Please put me right on this one.

Oh no I am having a paranoid thought !! Could this be being done to PGP secret keys !! I wonder if BB can generate keys and store them and then when they need to break your messages they compare key signatures thus having a store of secret keys !!! Am I just being too paranoid now ?

Quote:

Some may and some maynot. If you trust you don't need proof.


I may trust people here but I don’t always trust the manufacturers !!
Laughing

Quote:

Yes, compress the plain text before encryption. The advantages are that it will further hide any redundancy in the plaintext thus frustating the crypanalyst. Another advantage is that encryption is faster because there are lesser blocks to encrypt due to compression.


That’s great thanks for the tip. I assume compression with say the built in windows zip will suffice ? I thought PGP compressed the data before encryption, would it be better to allow PGP to compress rather than the windows zip ? A bit like the re-encryption problem. What I mean is would the use of two compressions weaken the strength rather like re-encryption could do ?

Quote:

The amount of discussion is pretty huge. Please bring to notice if I had missed something.


Well if you are prepared to divulge such information I would be very interested to know what programs and methods of encryption you personally use as you seem to know a great deal about the subject. Also if you are willing to, perhaps a brief ( or as detailed as you like ) explanation as to why you selected the programs / algorithms / general settings as you have. I will understand completely if you choose not to part with such information if you feel it will compromise your security in any way. You have been more than helpful enough already !!

Thanks Datah Very Happy
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Tue Feb 08, 2005 3:42 pm    Post subject: Reply with quote

Bungle wrote:

I understand this better now, thanks. As I usually use Twofish can I assume that in theory at least a shorter message would have some security benefit ? I think from what you have taught me this would be correct.

I am not sure about that for two fish. Will have to take a detailed look at the algorithm and the math in it.

Quote:
I see, so the repeated character won’t really matter as it wouldn’t be repeated after hashing, it’s all becoming much clearer now !! I don’t want to worry anyone unnecessarily but I have heard about something called “Rainbow”.

I have seen rainbow tables for md5. It is best if you move to SHA-256. Having a 2^256 look up table takes much more space than having 2^160 or lesser lookups. For every single bit added we will need twice the space to hold the look up hashes.

This appeared recently.
Quote:
Federal Computer Week
Monday, February 7, 2005

Federal agencies have been put on notice that National Institute of
Standards and Technology officials plan to phase out a widely used
cryptographic hash function known as SHA-1 in favor of larger and
stronger
hash functions such as SHA-256 and SHA-512.



Quote:

Oh no I am having a paranoid thought !! Could this be being done to PGP secret keys !! I wonder if BB can generate keys and store them and then when they need to break your messages they compare key signatures thus having a store of secret keys !!! Am I just being too paranoid now ?

256 bit symmetric key should suffice. A brute force search on 2^256 keys is impractical. A key size of less than 100 bit is certainly bad.


Quote:
That’s great thanks for the tip. I assume compression with say the built in windows zip will suffice ? I thought PGP compressed the data before encryption, would it be better to allow PGP to compress rather than the windows zip ? A bit like the re-encryption problem. What I mean is would the use of two compressions weaken the strength rather like re-encryption could do ?


Winzip is good enough. Compressing twice is not generally useful. There are fundamental limits to compression. A second compression may atmost decrease the file size by 2 to 3 percent which is not worth the computing effort.

No,double compressing will not cause any harm to security, though its not worthwhile double compressing.


Quote:
what programs and methods of encryption you personally use. Also if you are willing to, perhaps a brief ( or as detailed as you like ) explanation as to why you selected the programs / algorithms / general settings as you have.


I have no great expertise analysing algorithms. I use IDEA,Blowfish and RSA for the reason that they have been extensively cryptanalyzed for many many years by all the experts in the cryptographic community and I 'trust' their ability in cryptanalysis. For personal purpose,I use none as I seem to haverun out of secrets Sad

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Tue Feb 08, 2005 11:18 pm    Post subject: Some commentary. Reply with quote

mxb wrote:
Your little trick of modifying the encrypted data is unnecessary and in fact detrimental to the system. By modifying the data after encryption you are changing it's checksum, so analysis would show that it had been modified. This would flag the message to any adversary, and also allows an adversary to make additional changes to messages, as the checksum would never be correct. It would be much better to remove this idea and keep the checksum correct. Then, if modification did occur, it would apparent immediately to the recipient, and the message could be ignored / resent. An additional point about this step is that it is security by obscurity and adds no improvement to the security, even if it did work. The whole scheme relies upon only the sender and receiver knowing what actions to perform. These security systems are inherently broken and are of no value.


I agree.

I would like to expand on the issue of data integrity; it, as I've pointed out here, is just as important, if not often more so, than data confidentiality. This is especially applicable when we attempt to set up a secure channel where data must be securely transmitted. Sometimes, it is more detrimental when certain types of data are manipulated, as opposed to merely being divulged, or passively read by an adversary. This issue should be more widely understood than it is; make a valiant effort to address this.

I recommend going about this in the conventional manner, which is to use a MAC, or Message Authentication Code; it can be constructed using a block cipher, for instance, in CBC mode, just as you could use for encryption, as well. Obviously, it is a keyed authentication mechanism for preserving the integrity of the data being handled. The bottom line is - in almost every situation where you encrypt, you should usually authenticate, as well. Unfortunately, outside of the academic scene, there are quite a few who are oblivious to the dire straits one may find themselves in without it.

Bungle wrote:

I don’t want to worry anyone unnecessarily but I have heard about something called “Rainbow”. From what I can tell I think this is a kind of brute force through hash algorithms then the attacker “stores” the results. So in the event of the attacker wanting to workout your password he merely compares the hashed password to his data base and then looks up what input resulted in that hash !!


I made a few brief comments on this, in the past. There are various trade-offs that can be made for such schemes, in regards to time and memory. Similarly, dictionary attacks are those which specify "dictionaries" based on prior assumptions, in which look-ups can be made quite successfully, if the conditions, for which the assumptions are made, are reasonable. (i.e., poor password etiquette leading to predictable values)

Oftentimes, due to lax policies, such attacks can be scaled successfully, in practice; on the other hand, some results reach bounds that are merely theoretical, given our knowledge of which trade-offs are computationally practical and which are not. Still, it is an issue that should be given awareness, since there comes a point when it's a popular avenue to attack from, and history has made this clear. In short, if you're using a hash function of any kind, use one with an output length of 256 bits; as of right now, SHA-256 is a logical choice for that. It gives you a 128-bit security level and avoids a majority of the problems associated with shorter, inadequate output lengths.

In my opinion, in conventional systems, I would rather avoid excessive reliability on passwords and/or passphrases that require responsibility on behalf of the user; the user is the one point of failure that cryptography can't fix, and I certainly want to address what I can with cryptography, and not impose constraints that require human intervention in areas that are often taken for granted. In many situations, relying on passwords and passphrases can be seen as rather archaic.

Therefore, I prefer to implement a policy for managing cryptographic keys that are directly generated from a pseudo-random number generator, which is built with the intent of being secure for cryptographic use. Naturally, we'd call one of these a "cryptographically-secure PRNG." As such, because of the primitives I use and the mathematics that surround them, I'm able to gain better assurance in achieving the level of entropy necessary to correspond to a n-bit level of security.

For those situations where passwords and passphrases are still in play, there have been promising cryptanalyses to support the secure instantiation of those schemes, such as the concept of "personal entropy", by Ellison, Hall, Milbert, and Schneier. Overall, when constructing a password or passphrase, it's all about a little knowledge and common sense; instead of turning this post into a dissertation, I'll point you to comments of mine from this thread, found here, here, and here.

Bungle wrote:

With guitar players it’s the infamous “turn it up to 11…10’s just not loud enough!” and I assumed with crypto double and triple encryption was the heavy metal of cryptology.


I'd like to extend, in conclusion, another comment on the idea of multiple encryption schemes, as well as cascading multiple algorithms. In short, these can be iterated or concatenated into secure schemes that produce margins of security that can be much more conservative than that of the individual instances of the primitives which these concatenations are composed of, or are iterations of. However, you don't see this being done that often in conventional cryptography. Why?

(Note that Triple-DES is an exception; it wasn't a paranoia-induced standardization. Triple-DES addressed the issue that a standard-based interim was required, in order to continue using the structure of the standard, securely.)

Well, you usually pay a price, in terms of efficiency; the overhead becomes more than what certain constraints allow. Also, and more importantly, in my opinion, you increase the complexity of the scheme. Aside from extra assumptions that must be made, as well as the possibility of subtle, unexpected reactions, there's more for a developer to deal with, and oftentimes, these subtleties may be the type of subtleties that only a cryptographer might notice.

(Fortunately, in general cases, the mathematical angle of things looks decent. In other words, the complexity will likely be more centralized around implementing such schemes. However, since implementation complexity is among the more popular reasons that cryptographic systems fail, this certainly isn't a good trade-off.)

Even more fortunate, many conventional primitives, in solitaire, are designed, respectively, with a sense of conservatism and robustness that allow them to suffice on their own. Moreover, these primitives are designed to fit practical, real-world applications and conform efficiently to their respective constraints. So, just to be on the logical side of things, it makes sense to attempt using the most simplistic measures possible, without complicating things where they need not be; this includes just using primitives, singularly, without feeling the need to iterate the primitive multiple times or cascade several different primitives.

While multiple and cascaded schemes can be used successfully, and do sport obvious potential benefits, we don't design conventional systems with the mindset that they are a necessity, and the paranoia-ridden members of the community who boast such necessities spark what ultimately becomes a vast array of poorly implemented schemes that fell to complexity that needn't be there to begin with. So, while there is validity behind it, be wary of those who go overboard with it.

The developer's presentation of an implementation speak volumes about how well they understand what they're working with. Paying close attention to this is perhaps the most useful tactic one can use when evaluating implementations. Unfortunately, just as everyone and their brother believes they can design secure cryptographic primitives, so does everyone and their brother believe they can implement and sell cryptography, so be even more wary, as the market is dominated by clueless developers.

I will point out, however, that some paranoia is useful, as a model. Understanding this in the context of being conservative is simple. We have a minimum bound, which is what we consider to be "making ends meet." However, we don't want to straddle that line, so we design constructions with parameters that increase the margin of security we're working with, which, in a sense, is being a little paranoid about that "making ends meet" approach, thus addressing it by "insulating" our security policies a bit more. However, the "clueless developers" generally do not take such a healthy approach.

When looking for an implementation, look for one that addresses both data confidentiality and integrity. Use 256-bit keys. Use block ciphers with output lengths of 128 bits and hash functions with output lengths of 256 bits; 256-bit block ciphers would be more appealing, but the largest, most analyzed parameter we have at the moment is a 128-bit length. You want to achieve as close to an 128-bit level of security as possible, and where n denotes an 128-bit level, it's best to address this with 2n-bit parameters. This advice applies to most any new system, setting aside older systems which may require "legacy" handling. Regardless of whether or not the implementation uses symmetric or asymmetric primitives, or both, it is only doing yourself a good service to make sure they preserve the data from not only being divulged, but from being manipulated. These are two basic goals of cryptography, as a whole, and it eludes me as to why it is often left incompletely addressed.

OpenPGP is a good specification, albeit it fragile in certain areas; I would suggest searching the forum for comments on OpenPGP, GnuPG, and PGP. In a good instance of it, it should most likely suffice. As for AxCrypt, I haven't used it, personally, but I've given my outlook on the author's presentation, here, and here. Please do search amongst other past threads, as you'll find good comments, from not only myself, about decent ways to go about using cryptography securely. Are there any specific questions you have, that you would like more elaboration on?
Back to top
View user's profile Send private message Visit poster's website
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Wed Feb 09, 2005 2:43 am    Post subject: Reply with quote

Hi Datah.

Quote:

I have seen rainbow tables for md5. It is best if you move to SHA-256. Having a 2^256 look up table takes much more space than having 2^160 or lesser lookups. For every single bit added we will need twice the space to hold the look up hashes.

This appeared recently.
Quote:
Federal Computer Week
Monday, February 7, 2005

Federal agencies have been put on notice that National Institute of
Standards and Technology officials plan to phase out a widely used
cryptographic hash function known as SHA-1 in favor of larger and
stronger
hash functions such as SHA-256 and SHA-512.


It makes you think doesn’t it !! Everyday, crypto attacks creep just a little closer. Scary stuff, thanks for the tip.

I always set everything to the maximum security option. With modern computers the time taken to encrypt even with extreme settings is so minimal it doesn’t make sense to go for a weaker encryption. Either what you are encrypting is secret or it isn’t. My opinion is security is full or off !!

Quote:

256 bit symmetric key should suffice. A brute force search on 2^256 keys is impractical. A key size of less than 100 bit is certainly bad.


I use 4096 / 1024 DH / DSS keys. I have just realised the 4096 / 1024 isn’t actually my keys bit strength is it !! Oh no, more to learn, how should I calculate my keys actual strength ?

Quote:

I have no great expertise analysing algorithms. I use IDEA,Blowfish and RSA for the reason that they have been extensively cryptanalyzed for many many years by all the experts in the cryptographic community and I 'trust' their ability in cryptanalysis. For personal purpose,I use none as I seem to haverun out of secrets Sad


Thanks for sharing your preference’s. You have sound reasons for deciding on the algorithms you have chosen even though you choose not to encrypt your data !! I am amazed that someone with your expertise in encryption chooses not to use it ! Hmm….. or was this a joke …..I think so !

As I mentioned earlier in this post I think it is very interesting to newcomers to encryption to see what the people who know about encryption use and why. This serves as an informal endorsement, peer approval if you will of the programs and algorithms you choose.


I must thank you again Datah. You have been extremely helpful, as always. Wink
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Wed Feb 09, 2005 2:46 am    Post subject: Reply with quote

Hi JT. Very Happy

Thank you for taking the time to write. I’m sorry I haven’t written a direct response to you just yet. I was just in the process of replying to Datah when I noticed your post. You have overwhelmed me with information and I think I have a lot of reading to do before I will have a chance of even a basic reply. It’s funny as last night I had tried to read most of your posts and the next day you write to me !! Hmm… paranoid bit starting to kick in again, I wonder if you knew !!Laughing

Thanks again and please give me a day or two to try to understand everything and read the links you provided.

Bungle.

Edit:Hi,

About this,
Quote:

I use 4096 / 1024 DH / DSS keys. I have just realised the 4096 / 1024 isn’t actually my keys bit strength is it !! Oh no, more to learn, how should I calculate my keys actual strength ?


I’ve found the answer myself, sorry should have searched harder for it first.Embarassed

Symmetric and asymmetric key lengths. Apparently I should be looking for 8192 bits ideally, but which program does that ?? Shocked

PGP is only 4096 !! Help !
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed Feb 09, 2005 3:20 pm    Post subject: Reply with quote

Bungle wrote:

It makes you think doesn’t it !! Everyday, crypto attacks creep just a little closer. Scary stuff, thanks for the tip.


The change according to NIST is gradual. They have not opted for any emergency replacement to SHA 256.

Cheers,
Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Wed Feb 09, 2005 7:07 pm    Post subject: Should be alright. Reply with quote

Bungle wrote:

Thank you for taking the time to write. I’m sorry I haven’t written a direct response to you just yet.


My pleasure, and no hurry! I'm tending to family illnesses and other matters, while trying to juggle studies and work, so my responses may be a bit more delayed than normal, as my recent activity is sparse. Rest assured, I'll reply, though. Good luck with all of this consumption of cryptography!

Bungle wrote:

Symmetric and asymmetric key lengths. Apparently I should be looking for 8192 bits ideally, but which program does that ?? Shocked

PGP is only 4096 !! Help !


For my opinions on this matter, consider my commentary here, here, here, here, here, and here. Basically, to sum my thoughts up, you want to limit an attacker to attacks that require no less than 2^128 computational steps, which should be impractical, given our current knowledge of cryptography and computation. While the mathematics and cryptanalytical attack modeling behind symmetric and asymmetric are too distinct to make excessive comparisons between the lengths of keys and other parameters, there is validity behind setting a value of 6800 bits, for an asymmetric key, in order to achieve this 2^128 complexity mark. (Note that elliptic curve cryptography, although use primarily for asymmetric schematics, uses key lengths similar in size to symmetric primitives, so they're an exception to this suggestion.)

However, the predicament we face is that 6800-bit asymmetric keys are not commonplace in most every implementation you'll find, nor are many flexible to the point of allowing up to 8192-bit keys, as they should. However, 2048-bit keys, as a minimum bound, should be just fine, for now; if you have the option to use 4096-bit keys instead, then all the better. While I find it more conservative to increase the lengths to better complement the concept of 128-bit security, I see no imminent practical threat, if you're still using smaller lengths, such as 2048-bit; 1024-bit will likely suffice in practice for some time longer, but it's wiser to use at least 2048 bits, or as close to it as possible, when determining the smallest length you'll accept.

Moreover, using an OpenPGP implementation with a 4096-bit asymmetric key should be quite alright. You'll find that those who study the field academically are more prone to setting much more conservative configurations, with a trade-off that is more in favor of security than performance and efficiency. However, while many implementations may be less conservative, in light of our academic suggestions, they are often balanced between the type of security and performance that will not only be adequate in practice, but efficient, in the process. Just remember that cryptographic security is simply a trade-off; different trade-offs have different motivation. It boils down to how much security you want from your system versus how well you want the system that provides your security to perform. Usually, in conventional cryptography, regardless of which direction the scale tilts, the overall security, given our current standards, is intended to be practically sufficient. So, don't worry yourself too much!


Last edited by JustinT on Thu Feb 10, 2005 6:28 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Thu Feb 10, 2005 2:22 am    Post subject: Reply with quote

Quote:

The change according to NIST is gradual. They have not opted for any emergency replacement to SHA 256.


Well that’s a bit of good news I suppose, thanks for keeping me informed Datah ! Laughing

Bungle.
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Thu Feb 10, 2005 2:33 am    Post subject: Reply with quote

Hi JT. Very Happy

Quote:

I'm tending to family illnesses and other matters

I’m sorry to hear that and I hope everything works out for you and your family soon.

Well, ………what can I say? I have tried to understand the entire back catalogue of your posts and particularly the two you have sent to me direct. You are to cryptology what Mike Tyson was to boxing !! When you hit someone with a reply it is guaranteed to hurt and it usually knocks them out !! My gosh, it’s a formidable thing receiving a “JT” response, something you will never experience. There I was just scrolling down the post and then slowly the “Black Padlock” started to rise above my task bar and I swear I could hear the theme tune from Jaws. I just knew my days as a cryptology virgin were numbered and I was about to be broken in, brutally and firmly but at least professionally.

I have tried my best to follow what you have written about cryptology. I always arm myself with a dictionary and a good night’s sleep before I read any of your posts. I have to say though you showed some mercy when replying to my post directly. I am almost tempted to say I understood what you were explaining to me completely but I am sure I will have misunderstood some of it. I also don’t want to encourage you to let loose a tirade of detail only you and Phil Zimmermann can understand !!

So, thank you, I’m grateful you spent the time to write on a post such as this. I do feel I have a better understanding. It was hard work but I think I get the point. Less is more when it comes to algorithms. There is a particular reason why an algorithm is written in such a way and many reasons why it should be left alone. I think a good analogy of your explanation would be that some drinks taste great on their own but if you mix them without experience you get an awful taste and a nasty hangover. So I guess my next question would be which algorithms make a nice cocktail ? I do remember you once said the Serpent, Twofish and TripleDES would make a nice cascade. Do you hold this opinion ?

Later in your post you gave a list of basic requirements. This was very useful. You mentioned ideally someone should use 256 bit keys. As I am using PGP 8.1 Desktop (full as I wanted the PGP disk feature) am I right in thinking that a 4096 DH/DHSS encryption key is only equivalent to 128 bit ? I appreciate you said there is no direct comparison but could you just give a simple estimate please ? Just a rough guide.

I also wondered about the other settings I have chosen to use in PGP. I see that Twofish is a 256bit symmetric block cipher. Now this I don’t understand. I thought the keys were the encryption strength !! How is the algorithm 256bit ? How does that affect the overall strength with my key of 4096 ?

Could you give a simple statement about the estimated resistance to any attack of my particular selected keys and algorithm please ? Such as time to break with x amount of computers and all that. I know you gave an example of a 128 bit attack but at the time of writing this I am unsure of what my equivalent actually is.

Near the end of your last post you gently implied that you approved of the quality and security of open PGP. I appreciate this as I know you are not the sort of guy to say something without much thought and facts to back it all up. I also realise you probably would never outright endorse a product. I was pleased however to read on a post you wrote some time ago that you approved of PGP the retail version. Do you still feel comfortable with 8.1, the current version ?

You may wonder why I bought PGP instead of using the free one. Well apart from I wanted the PGP disk and supporting software by buying it helps companies develop better software, I had also read the following on Tom McCune's PGP website.
Quote:

A major issue for Windows users, is that when GPG is used in Windows, it does not use memory locking to prevent your passphrase from being saved to your hard disk via the swap/paging file.


What do you think ?

I am surprised that PGP doesn’t support larger key sizes yet. I don’t understand this idea of staying just a short distance ahead. If it is possible to make PGP use 8192 bit keys then why not do it now !! Data that is secret needs to be secret forever. If any confidential information was ever captured the passing of time is our worst enemy as computational power is rising phenomenally quickly. Just think if all your secrets are to be revealed 10 years from now and quite easily ! PGP could provide us with a near certain guarantee that this wouldn’t happen if they would only choose to enable 8192 bit keys. I suppose if they do it all in one go there would be little incentive for people to upgrade every time PGP decides to make another small increment in key length. I am all for overkill when it comes to security if someone can’t wait the extra few seconds hardcore security takes then I pity them. I personally wouldn’t mind waiting a few minutes for a simple text message to be encrypted but I value security over speed.

You seem to have contact with the “big boys” of cryptology. Have they ever given a reason for not including Serpent in PGP ? As far as I can tell this should have been a first choice !!

Also as for back doors and skeleton keys in PGP retail version. Surely if anyone had ever been arrested for not handing their keys over and then subsequently prosecuted on evidence “de-crypted” from a PGP message or drive surly they would scream it out to the world that PGP had let them down ? I am new to this sort of stuff but I haven’t heard of any such case apart from someone who was subjected to a keylogger attack and then had his keys stolen. I’m not normally a conspiracy theory kind of person but I have to admit, it’s not likely any government is going to let it’s citizens enjoy true privacy is it !! So what’s the most recent educated thinking on this ?

Quote:

Are there any specific questions you have, that you would like more elaboration on?


If you don’t mind then yes please !

The whole idea for this post was to have a simple guide for the new “encrypter” to quickly get a detailed, very simple to understand, almost a hand held walkthrough on how to secure their data and send very, very, very secure e-mail. I don’t just mean a list of theoretical statistics as to what to look for in a product but to go as far as to name the products and to instruct on the best way to use them as a group together or individually.

I think I know you well enough from your previous posts you are not the sort of person who will feel comfortable with this sort of question. But, just try to imagine this scenario, you have 15 minutes to explain to a complete novice a how to send some of your own most personal secrets across the net in an e-mail. Now you need to make sure that this person fully understands, without any doubt how to do it in such a way that you would feel confident that your secrets would be safe. You will need to explain exactly which products you want him to purchase, how to set it up for the most security and whether or not to re-encrypt and how to do that if you feel it necessary !! Oh yeah and your trusted friend is running XP. Now there’s a challenge, you will need to think fast and use all your experience in cryptology to make an educated decision. I’m sorry for doing this to you JT because I can imagine this sort of question is a nightmare for someone like you !!

As for Axcrypt, I quite like it. It’s not aesthetically pleasing and you can’t run it in “traveller” mode but I think it’s a good honest no nonsense piece of software. I have read post’s from the author of Axcrypt and he seems to be a genuinely decent chap. I, albeit with little actual knowledge of such things, trust not only the author but also the product. I personally think it is a great tool to get started with. You might find it interesting JT, why not give it a try ? I’m certain the author would appreciate your advice on how he could improve it. He is writing it on a non profit basis so he wouldn’t be taking advantage of you.

Quote:

So, don't worry yourself too much!


Thank you, that’s something of a comfort from someone like you. You understand the risks and yet you seem slightly, dare I say ……confident ? Perhaps BB can’t get into our files after all !! Whoopee !!

Thanks JT and I hope you take all the comments about you in the good humour they were written with. Smile

Is there a simple way I can download all of your posts to my hard drive ? I’m on a dial up at the moment and it’s painfully slow trying to select each post. I just wondered if there was a way to just get the lot in one go from the members list ?

All the best,
Bungle.


PS.

To Datah,

I would have never even been able to start to understand JT without your help on the other post.

Cheers ! Laughing
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Thu Feb 10, 2005 3:12 pm    Post subject: Reply with quote

Bungle wrote:
Tom McCune's PGP website.

A major issue for Windows users, is that when GPG is used in Windows, it does not use memory locking to prevent your passphrase from being saved to your hard disk via the swap/paging file.


Its basically operating system dependent. Different OS have different memory managent policy when it comes to paging. Usually when there is only one program running in memory this problem will not occur. Since Windows is a multitasking OS where we donot have full control of the background jobs run, there is little we can do except to securely wipe the swap file. Perhaps Windows does not come with a swapping 'off' option.

Quote:

I would have never even been able to start to understand JT without your help on the other post.


You can thank Justin for such a detailed explanation Wink

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Goto page 1, 2, 3, 4  Next
Page 1 of 4


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register