Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Virex]

I have to add that just finding large prime numbers fast is not very helpful.

Finding large prime numbers is trivial in most cases. Many of the prime numbers used for cryptography are already tabulated IIRC. If I'm not mistaken, the problem is going the other way, finding the prime factors of the encrypted document you have. For numbers made up from large prime factors the number of possibilities explodes quit quickly.

[MagmaMcFry]

A long long train of thought led me here.

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

Basically, encryption is a method to get a message to another person without people reading the letter to understand it. Generally, this is possible because only the receiver knows the encryption method and the key. You can attack encryptions either by guessing the encryption method and finding the key, or simply by listening in when the method and key are passed. An encryption is secure when both attack methods are really hard to do.

I wonder if rotating the bits in the output would help in any way, combined with a different cipher.

Eg, if 'A' is represented as '01001010', make it so it looks like

01 00      10 01
10 10 ->  10 00

I don't think it'll help. XD

Obviously you can chain multiple encryption methods to get other encryption methods. But that leaves the problem of telling the receiver of your messages that you're using this encryption too without spilling the beans to the attacker. Public-key encryption avoids the transport problem, but chaining public-key encryptions doesn't really make it harder for the attacker.

[lorb]

A long long train of thought led me here.

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

Basically, encryption is a method to get a message to another person without people reading the letter to understand it. Generally, this is possible because only the receiver knows the encryption method and the key. You can attack encryptions either by guessing the encryption method and finding the key, or simply by listening in when the method and key are passed. An encryption is secure when both attack methods are really hard to do.

If it's possible to decode your text just by knowing the method of encryption you chose the wrong method. Modern cryptography operates under the assumption the the attacker knows everything except the (unencrypted) plaintext and the key. Kerckhoffs's principle

[MagmaMcFry]

A long long train of thought led me here.

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

Basically, encryption is a method to get a message to another person without people reading the letter to understand it. Generally, this is possible because only the receiver knows the encryption method and the key. You can attack encryptions either by guessing the encryption method and finding the key, or simply by listening in when the method and key are passed. An encryption is secure when both attack methods are really hard to do.

If it's possible to decode your text just by knowing the method of encryption you chose the wrong method. Modern cryptography operates under the assumption the the attacker knows everything except the (unencrypted) plaintext and the key. Kerckhoffs's principle

That's probably because all modern cryptography methods can be counted on two hands.

[lorb]

A long long train of thought led me here.

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

Basically, encryption is a method to get a message to another person without people reading the letter to understand it. Generally, this is possible because only the receiver knows the encryption method and the key. You can attack encryptions either by guessing the encryption method and finding the key, or simply by listening in when the method and key are passed. An encryption is secure when both attack methods are really hard to do.

If it's possible to decode your text just by knowing the method of encryption you chose the wrong method. Modern cryptography operates under the assumption the the attacker knows everything except the (unencrypted) plaintext and the key. Kerckhoffs's principle

That's probably because all modern cryptography methods can be counted on two hands.

If you only count those that are widely used and known, yes, but that's not the reasoning behind the principle. The point is that keeping secret your method is a hard problem to just keeping secret a short key that can be changed as often as needed. The AES competition made that one of the major points: if an algorithm is insecure when known it's not a good one.

[MagmaMcFry]

I think of keys as a template parameter for a protocol. The nice bit about protocols using keys is that you don't have to expend additional mental effort to change your protocol.

Keeping secret your encryption method is pretty much exactly as hard as keeping secret your public key; you have to give it to the person you want to send you messages. The revolution with asymmetrical protocols is that the decryptionMethod<key> is not easily deductible from the encryptionMethod<key>, which means that a protocol being secure when the encryption algorithm known is basically equivalent to the protocol being asymmetrical.

[alway]

A long long train of thought led me here.

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

Basically, encryption is a method to get a message to another person without people reading the letter to understand it. Generally, this is possible because only the receiver knows the encryption method and the key. You can attack encryptions either by guessing the encryption method and finding the key, or simply by listening in when the method and key are passed. An encryption is secure when both attack methods are really hard to do.

If it's possible to decode your text just by knowing the method of encryption you chose the wrong method. Modern cryptography operates under the assumption the the attacker knows everything except the (unencrypted) plaintext and the key. Kerckhoffs's principle

That's probably because all modern cryptography methods can be counted on two hands.

If you only count those that are widely used and known, yes, but that's not the reasoning behind the principle. The point is that keeping secret your method is a hard problem to just keeping secret a short key that can be changed as often as needed. The AES competition made that one of the major points: if an algorithm is insecure when known it's not a good one.

Actually, qualification for a good encryption algorithm goes even further. Given a portion of the plaintext, of any size, you should be unable to increase your chances of decrypting the rest of the plaintext or figure out the key. The reason for this is obvious: say you have an e-mail; at the start and end of all emails, there is protocol data; the headers and such. Any time you send an e-mail, I can know a large portion of the plaintext being sent simply by reading up on e-mail protocols. If by knowing these I can increase my ability to decode the key and plaintext, that encryption system is broken.

Beyond that, some number theory comes into play. If I can take the algorithm and use specified text to generate a key-value pair, that key-value pair should have no statistical relationship with the input data. It should be indistinguishable from a uniform random number sequence under statistical analysis. Otherwise heuristic crackers could give weights to different values, reducing average brute-force cracking time by an order of magnitude or more.

Additionally, the key should be kept as short as possible while maintaining the above parameters. A simple XOR operation fits all the above parameters, but neglects this one. This makes it not useful. After all, in order to send a key, you need some sort of basically secure communication method to ensure the key isn't intercepted. If your key is as long as your message, you obviously have access to a secure channel of communication capable of sending a message as long as the message itself as plaintext, invalidating the entire reason for using encryption in the first place.

Of course, that's just the basic gist of it; if you want to learn more, I suggest Coursera and/or Udacity courses on the topic, which is where I got my info from.

[Scelly9]

Speaking of coursera... It starts in 3 days. I'm enrolled, so I should be able to tell you more about this in a few weeks!

[palsch]

Speaking of coursera... It starts in 3 days. I'm enrolled, so I should be able to tell you more about this in a few weeks!

I ran the first couple of weeks of that last time it was open. Pretty good course from what I saw, just ran out of free time and never went back. I'll dive in again this time I think.

[Karlito]

Speaking of coursera... It starts in 3 days. I'm enrolled, so I should be able to tell you more about this in a few weeks!

I ran the first couple of weeks of that last time it was open. Pretty good course from what I saw, just ran out of free time and never went back. I'll dive in again this time I think.

Same story for me, basically. Thanks for reminding me this exists.

[ZetaX]

It creates insecurities to use the aforementioned Nextprime(Random()) function: the gaps between primes vary wildly, and this algorithm strongly favors those with large gaps before them. There exist some papers describing possible attacks using this. It is more secure and not slower in any way to just iterate Random() until you hit a prime (assuming your random number generator is secure, which it very very often is not).

Many of the prime numbers used for cryptography are already tabulated IIRC.

What is the meaning of "tabulated" hereż It's not like you can store all 100-digit primes, not even a relevant fraction of them.

[Soadreqm]

Mainly, my math textbook introduced the Hill cipher as an example of where invertible matrices are used. I searched around a bit and started wondering: how are attacks done? Do the attackers have to know what algorithm the cipher text used to attack it? Or is there some magical way to decrypt stuff? XD

How do people figure out what a particular cipher text means? And how do I tell how secure an encryption is?

I suggest you read up on old, obsolete encryption methods. Modern encryption has the problem that since it's impossible to crack with current mathematics, it's not really very interesting. With something like the Enigma machine, decyphering was possible but difficult, and very important to the war effort, making it EXCITING!

Anyway - in a few years it may become practical to give OTP flash drives to every person you meet with a few Gigs of random data. And for organizations to give away such drives to customers. That should provide mutual authentication and secure session key exchange (symmetric) for a lifetime as long as you both keep your pads secure from copying.

I think I have spotted a flaw in your proposed encryption scheme.
Of course, a sufficiently motivated attacker could just hit you with a wrench until you told him the password, but copying a thumb drive is a lot easier to do, and more importantly, it can be done in secret. You could be passing around messages for years, not knowing that the encryption has been compromised.

[Another]

Exactly as hard as intercepting your password or a private key while it is used. If you want to leave the pad in insecure places (which you should not) - since you can keep the whole thing password-encrypted - it can be at least not weaker than the encryption you use.* For people with greater amount of paranoia - tamper-resistant memory that only allows to write once and then read once is easy and already exists.

There is really nothing you can do against a trivial hardware bug that can be installed into your keyboard. Getting secure session key exchanges (provided you can neglect physical attacks on your home) in our possible quantum computing future can still be useful.

*120 bits of entropy in a password would likely still be strong for quite some time.