Open Source Encryption Software

Factual Questions
21

I’m going to go for it. Not today. Today’s not the right day. There has to be low humidity, high endorphines and an utter lack of people tapping my phone.

It is to laugh that someone would install encryption software and then use “password” as their password. Me, I plan to make it as long as the software will allow with a mix of numbers and letters, bunched together in a way that is logical and memorable to me but neigh impossible to discern from outside of my brain pan.

Considered using “ceciladamswasgodevenbeforehehirededzottitoedithiscolumn”.

Turns out someone else is already using it.

:smiley:

22

Eh, strong disagreement here. Vulnerabilities have been identified (and generally resolved) in TrueCrypt, but it remains one of the best products out there. Crackable vs. hackable is a different story. Crypto is only a delaying tool - a good one, but it’s still just math. Take any formula, and it can be solved forward or backward, depending on what set of data you have (eg, balancing an equation).

TrueCrypt is a vehicle for algorithmic encryption - no vehicle (or algorithm) can guarantee that you won’t drive it off the proverbial cliff. AES256 can be broken (it’s just considered computationally infeasible - at least in civilian environments).

As always (?), the weak link is the user. As mentioned previously, if you encrypt something and use “password” as the authentication mechanism, you’re a jackass; as much of a jackass as TJX was for allowing WEP’d wireless communications for credit card transactions.

Security doesn’t require brilliance. It requires an absence of dumb.

Sorry if I’m ranting. Confidence in crypto sometimes tweaks my testes.

23

Yes, but cryptography is a lot quicker and easier to solve forwards than backwards. As in, with good cryptography, if you pooled all of the computing resources of the planet, allowed for Moore’s Law to continue indefinitely, and added new computers to the problem as quickly as they could be built, it’d still take longer than the lifetime of the Universe to crack it.

Overconfidence in a security system as a whole can be irksome, but if the folks in charge of security know what they’re doing, it won’t be the cryptography that’s the weak link. If you want to break into someone’s TrueCrypt, it’s far easier to take them out for a few too many drinks and get them to talk too much and tell you the password than it is to attack vulnerabilities in the program itself.

24

Overconfidence in a security system as a whole can be irksome, but if the folks in charge of security know what they’re doing, it won’t be the cryptography that’s the weak link. If you want to break into someone’s TrueCrypt, it’s far easier to take them out for a few too many drinks and get them to talk too much and tell you the password than it is to attack vulnerabilities in the program itself.
[/QUOTE]

Agreed, mostly. But faith in weak crypto is a failure point. Rot13 (or my favorite, Rot26) are much easier than guessing a password. :slight_smile:

Give me Cain, and I’ll pwn your Cisco VPN pretty quickly, or pull of a dictionary attack, etc… and that’s just a n00b tool.

I think it comes down to a sense of security vs. a reasonable level of security.

BTW - I promise not to pwn anyone.

25

Actually that’s not true. There are mathematical formulas (and cryptographic algorithms) that cannot be reversed. As a trivial example, I am thinking of two numbers, a and b:

a + b = 1000

Solve for a and b.

One of the answers you propose will be correct. But you cannot mathematically determine which one.

26

[quote=“tellyworth, post:25, topic:549464”]

That’s not what I would call an algorithm (although, from a basic definition standpoint, I’ll give you devil’s advocate victory). However, the point in cryptanalysis is not whether it’s a one-shot decryption is possible; it’s whether decryption is possible.

a+b = 1000? a = 500; b = 500. There, I reversed it. That doesn’t mean I decrypted it.

Cryptanalysis is about establishing context and seeing if the “decrypted” data makes sense in the relevant context. If a 256-bit field decrypts to 4 bits, I’m using the wrong algorithm to steal your credit card number. Time to try a different tack. That’s the point of crypto. As I said before, it’s never impossible (yet) to decrypt anything. The goal is to make it computationally infeasible.

Man, I can’t wait for quantum crypto… and yet, I fear it.

27

There are cryptographic algorithms that are genuinely impossible to decrypt without the key. My equation above is a crude example: a is the plaintext, b is the key, and 1000 is the ciphertext.

I deliberately chose a and b between 0 and 1000 so as to give you plenty of computational power to easily produce all the possible plaintexts. But you can’t tell me which one is the real plaintext.

Ergo, there exists at least one cipher that are mathematically impossible to break even if a complete brute-force of the keyspace is feasible. It can be broken only if I make a mistake, or if you force me to reveal the key.

(This is quite academic because the example I’m giving here is a crude one-time pad, which turns out to be spectacularly useless for most purposes. But there are some other interesting crypto applications that have the same provably secure properties.)

28

Tellyworth, I’m not aware of an undecipherable cipher (and I’m not being snarky). I’ve only worked with stuff up to AES1024, and it’s pretty solid - but still breakable. I’m curious as to how, mathematically, an algorithm can be unsolvable.

I acknowledge not being a crypto super-hero.

29

I’m just a coder, not a mathematician or a crypto expert. But there certainly is a class of ciphers and crypto algorithms that are genuinely impossible to break without knowing the key, it’s called “perfect security”.

A one-time pad fits that definition. The Wikipedia link I gave above lists several others. Most of the crypto algorithms that provide perfect security aren’t ciphers as such, but things like secret sharing schemes and key exchanges.

Again, OTP is worse than useless for almost all practical applications, but it does provide a counterexample that disproves the general claim that all ciphers can be broken given enough computing resources.

To explain it using your credit card example, imagine my a + b = c equation with bigger numbers. a is a secret credit card number, b is the key, which is random and has the same number of digits as a, and c is the ciphertext.

If you know c, you could easily generate every possible value of a by running through every possible value of b. But that’s useless - all you’ve done is produce a list of all possible credit card numbers. You’ve learned nothing about which specific card number is contained in my message.

Now, if you have an external source of information about either a or b, the OTP becomes trivially breakable. Likewise if I screw up its implementation, such as by using the same key more than once. It is secure only under very specific assumptions, which is that neither the key nor the plaintext are leaked in any form through any other channels. Which is why they turn out to be virtually useless in practice (and I’d suggest avoiding any crypto product that claims to use a one-time pad - you won’t be able to meet those assumptions, so it is guaranteed to be insecure).

Steering back towards the OP: TrueCrypt and GPG are not perfectly secure by this definition. But they are almost certainly vastly more secure than anything else you have. They are strong crypto products, and the way strong crypto is usually broken is not with mathematics or supercomputers. It’s broken by other means: people make mistakes, leave the passwords lying around, leave the originals lying around, someone installs a keystroke logger to record the password, shoulder surfing, and so on. That’s what you need to worry about, not the mathematical security of TrueCrypt or GPG.

30

Tellyworth, you and I are opposite sides of the same coin. I’m a security guy, and your a coder. So no offense is intended in anything I say. I respect what you do - largely because I suck at doing it in efficiently. I only know shitty code when I see it (or, rather, when I catch it).

That said, I’m not disagreeing with you from a practical perspective. But for arithmetical reasons, there is no arithmetical means of making anything arithmetically secure (say that 10 times). Crypto is fundamentally based on arithmetic (IMO - since algorithms are inherently arithmetic).

The credit card example was just that - an example. 16 digits that you can encrypt, but can still be deciphered with the right algorithm.

The trick with so-called “perfect security” is that (as made explicit in your link) that it assumes that the attacker/bad guy has no knowledge other than the data in front of him. That’s simply not how it works in the real world. In that regard, I don’t disagree. However, if I want to “drink you milkshake,” I’m going to do some reconnaissance. And I will most likely be able to get packet captures (for example) that will let me break your crypto. Hell, otherwise WEP would be secure. Or Blowfish, or Twofish. They’re all stalling mechanisms.

Crypto is like a padlock. It slow the thief down, depending on the resources (s)he has at hand.

On a personal note, I’d be interested in discussing this further. I hate being a security guy locked up in the security vault - coders, developers, etc… are what make the world go 'round. InfoSec guys are usually viewed as obstacles, and I hate that.

31

GiantRat, one time pads only need simple arithmetic to use, but are not going to be broken by any mathematical or computational means, since the cyphertext doesn’t give any information about the plaintext. If a spy is getting messages from a Numbers station their are only two ways to break those messages: one is to obtain said spy’s book with his copy of the the one time pad, the other is to obtain the pad at the numbers station, which would involve invading foreign territory.

32

If we do end up proving P = NP, then we have a set of algorithms which we can prove are computationally infeasible to solve. That is, we literally do not have enough entropy in this universe to crack the encryption. That is considered “good enough” for the general case.

33

Of course even the best encryption scheme is going to fail when the key-logger on your computer steals your password. Barring extreme stupidity that’s got to be by far the most likely security failure in this kind of set-up.

34

Not necessarily true. All the cryptanalyst has to do (and it’s no small feat - it may well be computationally infeasible, but not impossible) is to stumble upon the right numbers. My point isn’t that one-time pads are bad (they’re not) - it’s that they can be defeated.

And again, to my prior point, crypto isn’t the end-all be-all. “Invading foreign territory” or just intercepting a signal can blow the whole game. Hell, use the Enigma machine as an example - “FTW, we can’t crack this. Let’s just steal the device.”

So really, we’re arguing the same point, I think.

35

How does the cryptanalyst know that he or she has stumbled on the right numbers? If you’re thinking “because then the decrypted message will then be intelligible”, that is not how one-time pads work. You can fit any message you like to a one-time-pad-encrypted message. If you want it to be Hamlet’s soliloquy, fine, just make the first symbol mean “To”, the second one mean “be”, etc. But to know what the message really means, you need the pad. Think of it as a cipher in which the key is as long as the message.

36

Well, that’s the point, isn’t it? You might come up with a thousand possibly correct outcomes. Breaking code (or, really, just about anything in bits and bytes) involves a certain amount of guesswork (and, inherently, failure). In the word-based scenario to which you refer, the data is rendered “intelligible.” It then takes someone/something to contextualize it and see if it makes any sense. It’s then up to someone else to decide if it’s actionable/reliable.

Sometimes you “break the code,” as it were, without realizing it. Sometimes you think you have, but you’re flip-f*ck maddeningly wrong. That’s one of the fundamental purposes of crypto.

37

But one-time pads are on a different level to the sort of encryption algorithms I think you’re talking about. One-time pads are provably uncrackable, and intuitively it seems obvious that they are. You can’t use educated guesswork to crack a one-time pad. There is nothing to go on. The key is never re-used.

38

Not sure what sort of encryption was used in the case of the guy crossing into the USA who was ordered by the customs people to provide his password; but if the NSA had a backdoor for that, they sure were not sharing it with the regular authorities. I don’t recall the final outcome - IIRC he was ordered to tell the grand jury his passowrd or something - but the police certainly did not crack his encryption, whatever it was. I guess your encryption does not have to hold until the end of the universe, just until the statute of limitations runs out…

39

I understand OTPs perfectly well. My point is that the general law of probability, for example (that which can happen will happen) means that, given processing power and time, you’ll come across a match; kind of like the monkeys writing Shakespeare thing. I’m in no way implying that it’s easy or that one would even know that they’d gotten it right.

I think we’re beating this to death.

40

My memory on this one is a bit fuzzy, but I seem to recall that he was using a bit flavor of AES. Since AES is a current NIST standard, I would be amazed if the intelligence community would acknowledge their ability to break it easily. Especially for something like child porn (assuming we’re referring to the same Canada-US border crossing episode). While morally outrageous, the crime doesn’t add up to a violation of national security. Just a creep worth spending $.50 on a bullet to the back of the head.