Announcement

Collapse
No announcement yet.

Developer Claims: "A New, Fast & Unbreakable Encryption Algorithm"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    I read this story and was immediately reminded of the 1968 Dirk Bogarde film "Sebastian". The correct time index is 30m 48s, in case the URL parameter doesn't work as intended.
     

    Comment


    • #52
      Reminds me of that video - audio recording transcription, actually - that recently popped up on social media about a 4 year old calling 911 to get help with his math.

      Comment


      • #53
        Originally posted by chrisr View Post
        I read this story and was immediately reminded of the 1968 Dirk Bogarde film "Sebastian". The correct time index is 30m 48s, in case the URL parameter doesn't work as intended.
        Brilliant :-)

        Comment


        • #54
          Originally posted by wodencafe View Post

          The FOSS Community does a lot of catering to 5 year olds and White Knights.

          Maybe you prefer it that way?
          It's not like if someone can force you to deal with particular community, etc. So if you dislike it, why do you have to deal with it? Are there not enough place in the world, or what? Whatever, we would not let anyone to try to fool others in such a blatant ways for their personal gains. Especially when it comes to cryto. No matter if he knight, 5 years old or just someone who is terminally dumb. Btw, those who are 5 years old are not supposed to crawl the web without adult supervision, and Phoronix isn't kindergarten. So feel free to blame ... their parents, etc. And if some knight gets smashed by techies and his reputation fells below that of devil's advocate, maybe knight shouldn't be terminally dumb and take care when picking sides? Siding with liars and idiots does not sounds like best idea ever, sorry.

          Comment


          • #55
            Originally posted by profoundWHALE View Post
            AFAIK, it was cracked quickly by a very slow machine because it only had to crack repeated words that it knew would be there, and then they would get the correct sequence to decode the messages. But, what if while trying to crack it, the message changes due to your meddling?
            An encrypted file/message/whatever is just an inert bit of data. It will not magically change because someone is taking a look at it and is trying to make sense of the bit-patterns. Think of it like reading a book (in a foreign language). Trying to make sense of unknown words won't magically alter the text. You're either thinking of quantum encryption (where real-time data can't be intercepted without altering its contents) or you've read too much Dan Brown.

            This could work, in theory, if the only way to access the encrypted data was through an active piece of code. In that case an attacker could, for example, run it inside a virtual machine, freeze the machine and examine its memory contents without running the code.

            Comment


            • #56
              Originally posted by Wildfire View Post
              This could work, in theory, if the only way to access the encrypted data was through an active piece of code. In that case an attacker could, for example, run it inside a virtual machine, freeze the machine and examine its memory contents without running the code.
              That's how most nasty software protection schemes are fooled/removed/dumped for ages. And that's how AV companies research extremely harmful code, etc. Though for just breaking encryption it is usually enough just run code and then dump memory at right time. Most evil protectors though attempted to thwart it by decrypting only a page of code at a time, so memory dump happens to be rather uninspiring. Yet, it resulted in more smartass dumping programs as well. These are walking memory, getting code page-by-page. Once they got all parts of puzzle, whole picture can be reconstructed and memory protector could be GTFOed.

              Basically there is one principle: if attacker could mess with your local environment in arbitrary ways, encryption does not gives you reliable protection. Attacker with enough access to local system can subvert everything, changing code attitude. There are countless ways to fool even heavily secured code & hardware, and attacker always gets chances to alter code execution in undesired ways, wihch leads to SOMETHING. It getting impossible to evaluate how code would behave and as the result, nobody can foretold how code would perform. Hence no guarantees of its attitude. If attacker got local access, and you have live algo running with keys, attacker wins.

              Some schemes like Perfect Forward Secrecy can minimize damage in similar cases, since taking over long-term key does not leads to ability to decrypt previous messages, where temporary keys were used to exchange data, and then temporary keys were irreversibly discarded by both parties. So there is no way to decrypt old stream of data. Not even for sender and receiver.

              Comment


              • #57
                Originally posted by SystemCrasher View Post
                Some schemes like Perfect Forward Secrecy can minimize damage in similar cases, since taking over long-term key does not leads to ability to decrypt previous messages, where temporary keys were used to exchange data, and then temporary keys were irreversibly discarded by both parties. So there is no way to decrypt old stream of data. Not even for sender and receiver.
                Its funny I was thinking about encryption, its not something I've studied. Encrypting messages to people you've never met is a hard problem. but encrypting messages to some one that you meet is surly incredibly easy. You've just got to create two long pieces of random data. You both keep copies of both sequences. One sequence is for your messages the other his. You send a message encrypting byte for byte, send and delete the bytes, the recipient decrypts and deletes the used bytes of the key. I reckon I could write the code in an hour may be less.

                just thinking about it I think the programme might be so short that it could be recreated every time, I mean what is it basically add the elements of two arrays (or some other simple formula) and then delete the n bytes of the encryption file. If you set up your system correctly even if your laptop is snatched and the memory frozen they wouldn't be able to work out what you had been doing. Obviously if your machine or the other end gets compromised then you're broken but otherwise its full proof. I don't see why any pair of people who need encryption, Islamic State militants, politicians who want have private conversations, drug dealers, people up to illegal business practices etc don't use something like this. It could always be combined with regular encryption. If you wanted to get really paranoid you could decrypt the messages on a seperate machine that was never connected to the internet.

                Comment


                • #58
                  Originally posted by Rich Oliver View Post
                  Its funny I was thinking about encryption, its not something I've studied. Encrypting messages to people you've never met is a hard problem. but encrypting messages to some one that you meet is surly incredibly easy. You've just got to create two long pieces of random data. You both keep copies of both sequences. One sequence is for your messages the other his. You send a message encrypting byte for byte, send and delete the bytes, the recipient decrypts and deletes the used bytes of the key. I reckon I could write the code in an hour may be less.
                  You are just describing a one-time-key. As always: getting the key to the other side is the biggest problem, but with a big enough pure random data key the data is undecipherable.
                  A big primer for everybody is to find on youtube or try to be at a course of Jon Callas: "Everything you need to know about crypto in <N> minutes". N can be 50, or it can be 2 hours. This is basically for anybody that has never looked into crypto. It's very accessible, and it gives you basic knowledge about encryption.

                  Comment


                  • #59
                    Originally posted by profoundWHALE View Post

                    AFAIK, it was cracked quickly by a very slow machine because it only had to crack repeated words that it knew would be there, and then they would get the correct sequence to decode the messages. But, what if while trying to crack it, the message changes due to your meddling?
                    Yeah it wasn't exactly easy to crack, doesn't change my point though. They found a hole in their system that gave it away, and it was used carefully to make sure that this hole wasn't discovered. But then agian it was a hardware based encryption method, not quite the same as software based.

                    But either way, people really shouldn't drag peoples names (or their ideas) through the mud just because they make bold claims they made because they got overly excited in the heat of the moment when their code finally bloody worked. The best of us can make that mistake, rather than mocking people for making such claims, challenge these claims instead, for example by asking them to provide some hard proof.

                    On one hand though, his encryption algorithm, as good as he thinks it is or not, could be pretty unbreakable by using security through obscurity; if only he and a select few use the algorithm and only he knows how it works, and it's operating differently from traditional encryption algorithms... Good luck to anyone who would try to crack it without any access to using the encryption algorithm himself.

                    Comment


                    • #60
                      Originally posted by rabcor View Post
                      On one hand though, his encryption algorithm, as good as he thinks it is or not, could be pretty unbreakable by using security through obscurity; if only he and a select few use the algorithm and only he knows how it works, and it's operating differently from traditional encryption algorithms... Good luck to anyone who would try to crack it without any access to using the encryption algorithm himself.
                      If needing an obscure algorithm is the way a cipher is made difficult to break, that is in effect using the algoritm itself as part of the key and never a good idea. It might work for a while, but in the end wil act like digitial "rights" management does: crack once, play everywhere. "Play" in this case meand decrypt, and in the real world bad crypto gets people killed. If a member of say, the anti-Daesh (ISIS) group Raqua is being Silently Slaughtered uses bad crypto to email a journalist on the outside, cracked crypto means being beheaded with a butter knife or worse. Crypto is often used where life and freedom from torture are at stake, and mistakes have real-world consequences.

                      This also applies to those idiots in law enforcement who want backdoors in crypto. The real terrorists like Daesh will meet face to face while taking a walk, defeating all surveillance. Meanwhile their own cryptographers find the backdoors, and then the citizens of the lands they occupy and oppress get caught and tortured for trying to complain to the outside world.

                      Governments themselves are just as dangerous and no more trustworthy. In Egypt a few years ago there was that exploit against Grindr used by police to round up Gay men. That incident did not rely on ciphers but points out how in much of the world the governments themselves are terrorists too and routinely use electronic exploits to do their dirty work.

                      Comment

                      Working...
                      X