Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Bruce Stephens on 29 Jan 2010 19:06 john <penetratorv(a)yahoo.com> writes: >> Let me put this another way: _you_ say that IOTP is very secure. To be >> able to say something like that _you_ must know exactly how it works. > > - Exactly dude, at least the basics of it (in action) not the entire > skeleton of its algorithms (f*ck knows about it) otherwise you'll be > finding yourself digging loads of cryptography books. With security software, the devil's in the details. All breaks I can think of have been to do with details (with one or two arguable exceptions---I'm thinking of encryption systems which left the key in plaintext). An exception would be something built using standard blocks, I suppose. So if something were built using DES it would be reasonable to assume (at least as a first approximation) that the DES is implemented correctly. But that doesn't seem to apply to IO-TP; at least, you haven't mentioned anything standard about it. (It's reasonable to assume that the compression's OK, I think. Probably it's using something standard, and it's irrelevant to the security anyway.) [...]
From: Bruce Stephens on 29 Jan 2010 19:09 Bruce Stephens <bruce+usenet(a)cenderis.demon.co.uk> writes: [...] > All breaks I can think of have been to do with details (with one or two > arguable exceptions---I'm thinking of encryption systems which left the > key in plaintext). I was thinking of breaks of implementations there, not breaks of algorithms. [...]
From: biject on 29 Jan 2010 21:49 On Jan 28, 11:22 am, Vanessa <vanessavertu...(a)yahoo.com> wrote: > On Jan 28, 5:23 am, john <penetrat...(a)yahoo.com> wrote: > > > > > On Jan 27, 4:54 pm, Noob <r...(a)127.0.0.1> wrote: > > > > Vanessa wrote: > > > > "Knowing the exact details"? The person who gave a verdict of > > > > being a BS to the software does not even know how to use it. > > > > He does not know what he is talking about at the time he issued > > > > his comments. Don't you know that you cannot judge a book by > > > > its cover? So do not call a software a BS if you do not know much > > > > about it. > > > > Are you done astroturfing yet ??? > > > --- There are loads of rubbish replies in here "btw if a person is > > screwed he'll do nothing else than troll, i can't blame him". > > You seems to know better vanessa, open their locked mind but be > > careful though otherwise they will gonna tell you that you're > > insulting them as you're giving advise to the super-intelligent > > cryptoanalyzers in the whole wide world as they may think they are. > > I'm wasting my time in here now, I got my own cup of tea to look up > > to. People in this forum, THANKS FOR YOUR TIME! > > Before I leave this forum I want to make my points clear to everybody, > Let me discuss again the issue so as the readers will understand why > I believe that Infinite One-Time Pad is unbreakable. I will also > compare > it with the legendary One-Time Pad so you can see the difference. > > The legendary One-Time Pad uses perfect random key while Infinite > One-Time Pad does not require perfect randomness. This is the > reason why majority here carelessly gave verdict to the software > as B*S*, Snake Oil, Rubbish, etc. > > Lets examine why the legendary One-Time Pad needs a perfect > random key to make it unbreakable. The strength of the legendary > OTP lies on the key. If the key is not truly random, the ciphertext > could leak information. The information leak is enough for the > cryptanalyst to deduce the plain text. For example, if a word on > the plain text is known (common words like THE, AND, FOR, etc), > the cryptanalyst could play on the key using cryptanalysis > techniques until a known word is revealed. This will give the > cryptanalyst a clue about how the key is generated. If not perfectly > random, say a PRNG is used; the cryptanalyst could try different > seeds until he succeeds. If the key is generated by an algorithm, > the cipher is compromised once the algorithm is known. This is the > problem with the legendary One-Time Pad. Unless the key is truly > random, the ciphertext is just like a piece of puzzle to the attacker. > If part of the plain text is revealed, other parts becomes easier to > deduce. It is clear now why the legendary One-Time Pad requires > the key to be truly random. > > Now, lets examine the Infinite One-Time Pad. Before I proceed, > I just want to note that I will be adding Questions for those who > are in doubt about the security because Im sure many readers > are fanatics of the Perfect Random Theory. > > Infinite One-Time Pad does not require the key to be truly random. > Let me present how the encryption is done according to my > knowledge of the software based from the authors article. You may > download a copy of the software athttp://www.hiddentools.comso > you can follow the following steps better. > > 1. When you click the Encrypt button. The software compresses > the plain text in memory to eliminate regularities. After compression, > it transforms the compressed text using algorithms. Lets call this > the Transformed Text. > > 2. You will now have the option to select a file you want to use as > key. > The software extracts the key from this file. The extracted key is > filtered and transformed using series of different irreversible > algorithms. > Lets call this the Transformed Key. (Note: You may type a random > key if you do not want to use a key file. In this case the software > behaves like the legendary One-Time Pad). > > 3. The software gives you a chance to modify the Transformed Key. > You may insert or replace characters at any location you wish. > > 4. You can now type the password. Each character of the password > re-encodes the transformed key using series of irreversible > algorithms. > This will eliminate regularities hence it doesnt matter if your key > modification is an English word. Let me show you a very simple > irreversible transformation. > > Let say the letter to be transformed is letter A which is equivalent > to 65 in decimal. If we add the digits, it becomes 11. Even if we know > the sum and the operation used (addition), we are uncertain about the > original number (65) because there are so many possibilities. > To list them all: 029, 038, 047, 056, 065, 074, 083, 092, 119, 128, > 137, 146, 155, 164, 173, 182, 191, 209, 218, 227, 236, and 245. > There are 22 possibilities all in all. > > Somebody commented that if the software is reverse engineered and > the algorithms are discovered, the ciphertext will be compromised. > Now you can see that it is not since the algorithms are irreversible. > Knowing the text and the algorithm used does not lead you to the > text prior to transformation. And notice that the key is transformed > using series of different irreversible algorithms more complex than > what I presented here. > > The author is aware of this thats why he said If a secret algorithm > is used on software, a clever hacker could possibly analyze and > derive the algorithm. Secure encryption software therefore must not > rely on the secrecy of the methods or algorithms used.http://www.hiddentools.com/io-tp/art2.html. > > Let's continue. After the transformations due to password, lets > now call the transformed key the Final Key. > > Note that the final key does not contain information about the key > modification and the password. If you say otherwise, answer > these questions. > > QUESTION #1: How can you derive the Secret Key Modification? > What particular cryptanalytic attack will you use? How? > > QUESTION #2: How can you determine the password? > What particular cryptanalytic attack will you use? How? > > 5. Finally when you click on Use Key, the Final Key is applied > to the Transformed Text in 1. > > Before answering Questions 1 and 2, notice that the Final Key > is no longer visible. What you see now is the ciphertext. > This leads to question number 3. > > QUESTION #3: How can you determine the Final Key? > What particular cryptanalytic attack will you use? How? > > QUESTION #4: How can you deduce the Transformed text from > the ciphertext? What particular cryptanalytic attack will you use? > How? > > I hope my points are clear now. Unless you can provide credible > answers to the questions above, you have no right of accusing > Infinite One-Time Pad as B*S*, Snake Oil, etc. > > I hope it is apparent that perfect random key is not necessary in > the case of Infinite One-Time Pad because the Transformed Text > does not leak information. This does not nullify Shannons > Perfect Random Key principle. That is still valid in the case of > the legendary One-Time Pad. > > It is important that we understand the underlying reasons. Dont > just believe and believe because it came from experts, authorities, > books, majority, etc. You must understand the reasons why. > In every rule there is an exemption. > > Im sorry John; I cant help giving advices again. > > If we confine ourselves on Shannons theory without thinking why, > we cannot improve the legendary One-Time Pad. Improvement > does not require us to retain all its properties. > > Dont say again That is not a One-Time Pad therefore that is not > unbreakable. As John said, this can be compared to That is not > a helicopter therefore it cant fly. You should ask That is not a > helicopter, how can it fly? > > Dont say again That doesnt use a perfect random key therefore > it is insecure. This can be compared to That has no propeller > therefore it cannot elevate. You should ask HOW? > > Dont say again That is pseudo One-Time Pad therefore it is not > unbreakable, that is Snake Oil, that is a BS, Useless, Pointless, > Rubbish > > To those who are fanatics of the Perfect Random Key theory, > its time for you to wake up. Do not act like an elephant. > In Shannons time the elephant is still young. The elephant has > grown up and now stronger than the rope. Its time to unlock your > mind and explore possibilities. > > We are living in a changing world and evolution does not stop. > We are now in the computer age. Pencil and Paper is over. > > I hope you will take this advice. I wish you good luck. Vanessa john who ever you are your posts sound to me like you have the same mind for logic as the person pushing the code. I am not a first time poster I often disagree strongly with Mr Herring and Unruh at least I think I do. I looked at the Pdf files on the site and I wish I could write as much as the guy who wrote those things however I did not see any facts in them. They if anything reminded me of the BS on global warming it seemed to me to be all hot air. But then again I am not an expert. For the record Unicity distance is very important to reject this out of hand is what the main stream crypto people do. I think the three letter agencies don't want people to know how important it is. The fact you have dismissed Unicity distance make me wonder if you really want people to use good secure crypto. So here is how you could improve so that people like me might think its much more secure than what I currently think it is have at least 3 seperate encryption passes any compression done should be bijective. In between the pases between 1 and 2 then again between 2 and 3 do a bijective BWT this will greatly increase the Uniicity distance. So after this single post in this thread I will sit back and watch I am surpisd how long Richard and Peter continue with this thread it should have ended long ago. David A. Scott -- My Crypto code http://bijective.dogma.net/crypto/scott19u.zip http://www.jim.com/jamesd/Kong/scott19u.zip old version My Compression code http://bijective.dogma.net/ **TO EMAIL ME drop the roman "five" ** Disclaimer:I am in no way responsible for any of the statements made in the above text. For all I know I might be drugged. As a famous person once said "any cryptograhic system is only as strong as its weakest link"
From: john on 30 Jan 2010 00:43 On Jan 29, 3:08 pm, Paulo Marques <pmarq...(a)grupopie.com> wrote: > Vanessa wrote: > >>> QUESTION #2: How can you determine the password? > >>> What particular cryptanalytic attack will you use? How? > >> Selective brute force, starting with more probable passwords. > > I say again, the length of the password is not limited. The > > password is up to the user. If the information is too critical, > > then he should use a long and strong password. > > This is certainly not working, so I'll try a different approach. > > Imagine a different system: > > - the software generates a 1024 bit random public / private key pair > using RSA. You type a passphrase and strengthen it by running a sha-256 > over it 10000 times and use the result as a key to encrypt the private > key using AES. > > - if you want to encrypt one file, the software just generates two > random 256 bit keys, and use one key with AES to encrypt the file and > the other to authenticate the file using some well tested MAC. Both keys > are encrypted with the public key of your RSA step above and stored > together with the encrypted file. > > - if you need to send a file to someone, just ask that someone for > their public key, and use that to encrypt the file and send it to that > person. The public key can be sent in the clear without compromising the > system. > > Now I ask you the same question you've asked me: how can you break that > system? The difference is, I already know the answer: _YOU_ CAN'T! And > neither could any of the best cryptographers in the worldwide > cryptographic community that tried it in the last years. The people that > developed all the cryptanalysis tactics that you pointed us to, couldn't > break this. > > In this system, you don't need to drag secret files around and you can > send keys in the clear to third parties. Moreover, you need just one > passphrase for _all_ your files. Reusing the same passphrase doesn't > weaken the system, because the passphrase isn't used at all to encrypt > the file. > > The way to attack it would be to brute force the password. This is under > the same assumption that the attacker was able to steal the laptop that > keeps your private key file, since without that is game over. > > However in this system, the resources needed to brute force the password > are pretty well defined: you need to run 10000 SHA-256 in sequence to > test one password. You can even increase this as trade off in security / > speed. > > As you say: "bigger passwords are safer". Well, duh! The point is, for > the same password, the amount of time it takes one attacker to crack it > depends on how the algorithm uses it. > > If to try one password on IOTP it takes a few thousand clock cycles, and > in this system it takes a few millions, then this system is safer with > respect to brute force attacks on the password. > > And you know what? You can get this system for free! Just download GnuPG > and use it. No cumbersome secret files, no cumbersome key > transformations, nothing. Just one carefully selected passphrase to > securely encrypt all of your files (and sign emails, etc.)! > > Of course, the attacks on GnuPG that are most likely to succeed > (assuming you selected a high-entropy passphrase) are side-channel attacks: > - what happens to your keys in memory when you turn off the power of > your laptop? > - are the keys placed in memory areas that can not be swapped to disk? > - can another process running on the machine (like a virus) determine > the key from the cache access patterns? > - etc., etc. > > GnuPG is a mature software that already tries to minimize side-channel > attacks, by locking the memory for the keys, clearing key material as > soon as possible, etc. > > Since in this whole thread no one as ever mentioned any kind of effort > on IOTP to avoid side-channel attacks, we can only assume that it is > vulnerable to them, as the author wasn't even aware of the possibility. > > BTW, you keep saying: "just download the software and try it out". Do > you have any idea of the risks you take when you download a random piece > of software from the internet and run it on your computer? How can you > be sure that the software is not a Trojan that opens a backdoor to your > computer to make it become part of a bot-net? Yes, I could try it on a > virtual machine, snapshotted and isolated from the network, but I > haven't seen a single argument that makes me believe that it is worth > the trouble... > > -- > Paulo Marques -www.grupopie.com > > "667: The neighbor of the beast." Confusion, confusion, confusion dude! You cannot compare oranges with apples. GnuPG uses different concept. If by design it requires 10000 SHA-256 in sequence to validate the password to ensure security, do not use this as a measure. Look, the legendary One-Time Pad is not even using any hash checks and yet it is regarded as "unbreakable". Infinite One-Time Pad uses password in a very special way dude! Furthermore, unlike in other cryptosystems, correct password does not mean success. The attacker must defeat all the protection used. (I think the protection used has already been explained well by vanessa, anything you cannot understand lies in the actual use of the software).
From: john on 30 Jan 2010 01:10
On Jan 30, 2:49 am, biject <biject.b...(a)gmail.com> wrote: > Vanessa john who ever you are your posts sound to me like you have the > same mind for logic as the person pushing the code. - Probably dude that's because we've already used the software and we depend on what we actually experienced - and only two of us in the forum who've done it I guess... I don't care whoever is the author, I'm only after the strength of the software. >I am not a first > time poster I often disagree strongly with Mr Herring and Unruh at > least I think I do. > I looked at the Pdf files on the site and I wish I could write as > much as the guy who wrote those things however I did not see any facts > in them. They if anything reminded me of the BS on global warming it > seemed to me to be all hot air. But then again I am not an expert. > For the record Unicity distance is very important to reject this out > of hand is what the main stream crypto people do. I think the three > letter agencies don't want people to know how important it is. > The fact you have dismissed Unicity distance make me wonder if you > really want people to use good secure crypto. > - Well, apology if it sounded like I've totally dismissed "unicity distance", it is still of course useful in breaking a cipher - that's classic... however, due to multiple protections of the IOTP including plaintext compression and transformations, unicity distance isn't a great deal anymore dude. |