Safedisc

[Alien Firefox]

i was simply stating

mitnick was a cracker

infact his probably the most famous cracker in history

today encryption is 360 bit

so slightly harder to crack but afterall any code is crackable.

[Joe Forster/STA]

Quote:

Originally Posted by Alien Firefox

today encryption is 360 bit

so slightly harder to crack but afterall any code is crackable.

The encryption of WHAT is 360 bits?

And, yes, any code is crackable in theory but, perhaps, - at our current knowledge - a brute force algorithm may take longer than estimated time remaining until the Big Crash, even with a computer that consists of all the particles in the Universe. (Say, how about cracking a 10240 or ten times bigger bit RSA key. The cracking time increases exponentially with each new bit introduced...!) Would you call THAT a successful way of cracking?!

Do you understand what you're talking about?

[TippeX]

Quote:

Originally Posted by Alien Firefox

i was simply stating
mitnick was a cracker

nah, social engineer more than cracker...

" Social engineering became his primary method of obtaining information, whether it be usernames, passwords, modem phone numbers and any number of other pieces of data." (wikipedia)

he aint all he's made out to be, infact other claim he took the punishment for their crimes... so i think its fair to say he wasn't / isn't the best... he just made a name for himself..

[DABhand]

I do believe there is 1024-bit encryption in use by the American government.

Mitnick was a hacker, not a cracker.


Like I said, he wasnt that great, he was made the scapegoat and was jailed to scare others from doing what he was doing.

Which he made a name for himself, and the whole "free Kevin" hype boosted his image to the point people thought he was a hacking genius/god.

[TippeX]

yupp, theres higher than 1024 bit too
just under some laws > 256 can be deemed as 'military' grade encryption, and 'exporting' it out of the country can be somewhat problematic..

best encryption is one you code / research yourself..
all the shit like blowfish, aes and so on are public domain, which means the security forces have had time to play with them and most likely have also developed ways and means to decrease the cracking time..

bruteforcing yes, but intelligent bruteforcing, using rainbow tables, various hashing algorythms and so on... as well as distributed network cracking...

if you can code a secure (ie: you test your code) encryption, and dont spread it, then its very hard to break as if you ever have the unfortunate luck to meet the security forces / cops and so on they wont have encountered your encryption, so they're back to square one....

more characters = more time..

(amount of characters * amount of characters)-1 effectively to brute force..
for all the combinations... now say u then bring in a data file as the encryption key... like i did... 2 mb data key file (stored remotely or on usb stick or whatever)... and a password ... and some other stuff... i wish you all the luck in the world...

mitnick isnt all he's cracked up to be (no pun intended)... and yes he was used to scare others...

and any code crackable sure.. within time...
time is to all extents and purposes infinite, so the statement stands, but when you do the maths... its another story..

ie: you'll probably be dead, and your kids, and your kids kids......

[caki]

While I am not a crypto guy, and have almost no knowledge of how crypto works, wouldn't it be possible, in the age of modern computing, to make an ubreakable code with something based off of a one-time pad?

Consider this:

Lets say we want to protect a text with letters A-Z and " " in it. Okay, thats 27 characters we need to worry about. Now generate all the numbers in between 1 and 27000. To each of the characters we want to protect, assign a 1000 random numbers from the collection of numbers in between 1 and 27000, so:

A = 47, 51, 26999...
B = 21, 407, 1096...
etc

Write all of this into a file, and this is your key. Now, when you encrypt a string, you take the character you are encrypting, for example "A", and then replace it with one of the 1000 random numbers assigned to it.

Heres an example:

String to encrypt:
HELLO WORLD

H - 34, 59...
E - 99, 127...
L - 89, 56, 949...
O - 23, 77...
W - 909, 230...
R - 654, 767...
D - 378, 3...
" " - 21, 90...

So encrypted one time, it could be:
34 99 89 949 77 21 909 23 654 56 3

Encrypted another time, it could be:
59 127 56 949 23 90 230 23 767 56 3

Its different every time, but decrypt to the same thing with the correct key, there are a 1000 numbers to each letter, so even if there are duplicates they would be hard to correlate... it would be pretty hard to break small messages encrypted this way, providing the key is never found... for larger messages just increase the key size. If you keep the key size/encrypted file size at a certain ratio, change the keys often enough and/or use large enough keys, and have a good random number generator, wouldn't this be pretty secure?

These are just random musings that I had during math class a year ago, but I'm interested in seeing what other people think.

[Joe Forster/STA]

This is only another implementation of the Caesar cipher which is one of the earliest and most simplicistic ones. It can be deciphered easily for long encrypted messages (i.e. text files, sequences of letters), comparing the frequency of each numerical code to the frequency of each letter in the target alphabet (e.g. in English the most frequent letter is E, then come, I think, T and S etc.) to find out which code stands for which letter. But you're right, many codes for the same letter and short messages make the decryption harder. However, there are always geniuses who can crack such messages in surprisingly short times, with intuition, tricks, heuristics, trial and error and lots of calculations.

Actually, the Germans used a similar approach in the second world war but they assigned codes to words rather than letters. (The frequency is words is pretty much impossible to calculate...) Of course, the allies managed to find out lots of words but many others were still missing. At the end, they found a complete code book somewhere (on a U-boat?) that the Germans forgot to destroy. (There was an interesting documentary about this on National Geographic or Discovery Channel, try to find it.) Was this the famous Enigma?!

[TippeX]

ever tried crypo breaking on text caki? doesnt look like it

even though each of the characters change, you have a text file (in your example you stated a->z - perfect for example)

try making 'hello world i am a little bit of encrypted text with a bad algo'

all the h's are the same code, etc.. going by your example

so you begin this by breaking each portion, looking for repetitions..depending on the language (lets use english...) used in the text,
rules can be formed..such as i before e except after t, the chances of a word not having a vowel are slim, vowels will be the most
repeated characters, and space will be pretty common too...

so lets look at the example

firsly we do a character distribution matrix, calculating the highest used characters, from this we then form a dictionary attack to obtain the
best 'fit' for the word, and check that against the next text and so on

your crypt wouldn't last too long before its broken...

enigma is right joe, it was hard to crack because it was mechanical and each machine had a different cog setup... caki's example however
is not caesar, its a variant.. and a bad one at that...

enigma was also broken, not because of a code book, but because of the actual machine.. on the u-boat.. it was attacked and the
machine was obtained from it before it sank, then it was played with

frequency of words can be calculated, but its language dependant, like in english sentances will begin with 'the', 'i', 'im', this' and so on
from that, you can build a matrix.. and break it...

caesar text is typically rot-13, used by roman messengers to stop the 'secrets' being obtained if the messenger was attacked, it wasn't
really substitution, it was more or less adding the value of the letter in the alphabet to another sequence, looping if it overflowed

eg: a = m, thus m = a.. difference between them is 13, so u add or subtract 13 from the depending on where its situated in the alphabet

also called rot-13, and then taken to modern times with rot-18 where it does the same thing with numbers too..


any good cryptography will not do the crypt in the fashions described above, they will use mathmatics to do the end result
without knowing the formula and / or having the correct data/keys breaking it is tricky... some have flaws in the implimentation,
which is why they have been broken...

tea for example (tiny encryption algorythm) is used in safedisc, its a small fast routine (and easily portable to other chips/hardware)
however it can be brute forced, even though it is 128 bit... bruteforced in a few seconds actually... but thats another story

[caki]

Jeezus. Didn't understand any of that

You guys didn't really understand my thing tho. You see, you assume that all the h's are the same. I'm not really that stpid(I think) The h gets a different number assigned to it each time. Sometimes it has the same time assigned. Its completely random, and it has a 1000 numbers to choose from. Therefore, a small encrypted message of

hello world i am a little bit of encrypted text with a bad algo

can look like:

99 12 43 20 19 48 67 23 10...

no repetitions for a veeeery long time, since it has a 1000 numbers for each letter. How are you gonna crack something like that, if its just a random sequence of numbers with no repetition?

Quote:

However, there are always geniuses who can crack such messages in surprisingly short times, with intuition, tricks, heuristics, trial and error and lots of calculations.

Yep, I suspect the blokes over at the NSA will make piecemeal of this, but consider: as long as you update the keys regularly, and keep them huge, and the encrypted text small, it offers some pretty nice security... impractical for large corporations that want to keep millions of papers daily secure tho...

[Alien Firefox]

@Joe Forster/STA

i was saying

today firewalls and copy protection are in atleast 360 bit encryption

32 bit was dos 6.22 days

[DABhand]

you sure on 360 bit?

128+256 isnt 360, you can get 320bit with 256bit+64bit.

[Alien Firefox]

today encryption is more then 360 i said

[TippeX]

it doesnt really matter size wise, its the algo/keys that are important...

[Joe Forster/STA]

I repeat: The encryption of WHAT is 360 bits?!

Are you talking about copy protections of games (which copy protection(s) then?) or encryption in general (for hiding sensitive data from other people)? And which encryption algorithm are you talking about (there are quite a few)?

In particular:
- What data do firewalls encrypt, why and how? (What is the purpose of firewalls? Do they encrypt data coming in to or going out from your machine?)
- What data was encrypted with what algorithm, using 32 bits of something, in the DOS 6.22 days? (Why is version 6.22 of DOS important; were the DOS 5 days, DOS 4 days etc. different in any way?)
- Why do you generalize this much when today's firewalls, copy protections are quite different and, back in the DOS era, there were all kinds of very different softwares, too? (Actually, back in the DOS era, sophisticated algorithms were rarely used because CPU's were slow and DOS had no built-in support for them so everyone had to write it themslves. This is why cracking was so much easier: programs were "protected" with short, fast, simple but therefore weak custom algorithms instead.)
Please, explain.

Or aren't you just throwing around numbers and words without having ANY idea what you're talking about?!

[DABhand]

Quote:

Originally Posted by Alien Firefox

today encryption is more then 360 i said

You actually said it IS 360bit in one post and at least 360bit in another.

But there is no such thing as 360bit encryption is what im pointing out.