my question is inspired by an article http://mediafilter.org/caq/cryptogate/ about a Swiss company selling compromised encryption software to governments overseas. Well, so suppose some government, like Iran, is seriously concerned about integrity of encryption software on the market? In fact, suppose they don’t trust software from anybody, whether Westerners, Japanese, Russians or anyone else that does not work in an office next door to the presidential palace.
So what could they do? Could they roll their own based on open source examples and reverse engineering proprietary tools, much like various nations (even including North Korea) have done with Linux? Do we know what they are doing now on this front?
Coming up with strong encryption algorithms is not for the weak-hearted. When NIST announced the DES standard back in the 1970s, people were concerned because the NSA had suggested to IBM, which developed the algorithm, seemingly insignificant changes to the S-boxes, which IBM incorporated into the standard. Nobody could figure out what the changes were for, and many ultimately assumed it was some kind of clever back door.
Nonetheless, DES has enjoyed widespread use in every industry and country you can think of. Decades after its standardization, it was finally proven that the NSA’s modifications had actually increased the security of the algorithm. Adi Shamir (of RSA fame) proved that the original design was more vulnerable to differential cryptanalysis, a technique which he assumed that he and others had developed. Turned out that NSA already knew about differential cryptanalytic attacks, and IBM made discoveries in the same vein, which NSA asked them to keep quiet about. The NSA then provided advice on how to strengthen DES against such attacks, but since they were still secret, nobody outside of the government and IBM knew why they made the changes.
The moral of the story is that while you can certainly develop your own cryptographic tools, maybe the widespread standardized ones really are pretty good. (Don’t use plain DES, though. The 56-bit key is pretty small these days, and can be brute-forced relatively quickly.)
There is lots of open source code, but you don’t even need that. I wrote up a working version of RSA using little more than the Wikipedia article. And since a good number of encryption schemes have been approved for internet security, the specifications for the algorithm plus demonstration code are available as RFCs.
The whole idea of computer security is that it’s assumed that spies, thieves, or defectors will have leaked the details of how your security works. Trying to keep the “how it works” secret is a losing proposition. You’re better off to assume that they already know exactly how it works, so you may as well release the algorithm to the public and have all the extra heads verifying that the system is secure.
BUT, that’s a whole different question from what you seem to have wanted to have asked. Implementing an algorithm and coming up with a whole new encryption scheme are entirely different things. I have zero knowledge of cryptography. If I tried to come up with an encryption scheme on my own, it would almost certainly have major holes in it (and, I can presume that my enemies have full access to the details of “how it works” so they’re certain to find those holes). But, just being a programmer who can follow instructions, I can write up a working example of RSA.
Cryptology is a whole branch of theoretical mathematics combined with computer science. You would need a cryptologist to come up with a new encryption scheme that is likely to be particularly safe. There’s no guarantee that the Western Imperialists haven’t built some sort of mathematical back door into the encryption scheme – and that’s far more a danger than that they’ve written code with a back door.
as a matter of fact, my question is precisely about the implementation (or auditing of existing) of functional systems and not about creating new theories and algorithms. E.g. the theory behind the modern jet fighters is probably well known, but relatively few companies and nations can make them while everybody else has to buy from them.
Whereas let’s say in the case of operating systems the theory is similarly well-known, and thanks to the open source systems (e.g. Linux) any organization can do its own security audit, make its own distro and use that.
So how about cryptography? If you want to have your own realistically working system without backdoors, can you audit and use an existing open source solution? Or do you have to build it from scratch, essentially replicating the work done by vendors based on existing publications and your own experimentation?
Yes, as said. There’s lots of open source code, public domain source code, and public domain reference. You can audit source or simply download and use it for free, like OpenPGP.
But, again, that only confirms that there aren’t any back doors in the implementation. It’s entirely possible that the whole thing has a back door that can be exploited via cryptology rather than via implementation holes.
There are two completely different issues: The encryption method and the implementation of the encryption method.
If you want a provably secure encryption method, go with one-time pad. Not breakable ever if you do it right.
Every thing else that people commonly talk about, including quatum encryption, may be breakable. But you can’t sell widgets on the Net using one-time pads so that means you have to swallow big and use a system that might be inherently weak.
There is a huge gulf between a system on paper and one written in software. Programmers goof up all the time. Implementing even RSA is sufficiently involved that there cannot be an automated proof that a given implementation if correct.
There are have holes found in PGP which uses RSA. (Usually involving signatures.)
Yes, you can write you own code for an ecryption system. But the chances of screwing it up are 100%.
No non-trivial piece of software can ever be proven fault free.
This is one of the big pluses that people tout about open source. Lot’s of eyes means that backdoors are harder to sneak in. But Slashdot regularly has columns where a backdoor is found in a popular package months after it was inserted.
yes… and that’s why my question is, are there open source systems that would constitute either a complete or at least large chunk of encryption system (e.g. maybe something resembling PGP) that could be studied, audited and extended by people who have a lot of money/resources and little trust in 3rd party software.
I’m not sure if you’re responding to ftg because you think your question hasn’t been answered, or if you just have a compulsive need to reply out of a feeling of common courtesy. In case it’s the former, perhaps you’re hoping for the names of some of these packages? Here’s a page of links to several dozen open source packages: