polymorphic cipher

Discussion in 'privacy technology' started by syncmaster913n, Apr 2, 2012.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    No. I do not believe it to be the company at all. I do believe it to be related to the post however. Two times now I have posted about uncovering software (which may or may not be snake oil) and both times I have been attacked now using similar methods and the same IP addresses. I think it's nothing more than someone defending software they believe is great. I don't have any other explanation for it.

    Yes it will take some time for it to complete. I am using multiple testing tools and reversing this in IDA Pro will take time too.

    I am not a cipher expert by any means, I do have schooling in cryptography and understand it. However Justin would be far more qualified to review any results I find from that stand point. I do a lot of reverse engineering though and I do know that angle quite well.

    Thanks for posting sources! I am still reversing it because you never know if the binaries are the same or have some "special" sauce in them. I only condemn because I have no proof it works ;) If I fail to find anything wrong with it, than I will be the first to admit it. I have seen some bad crypto (claiming to use super-secure uncrackable encryption and just using XOR).
     
  2. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    couldn't brake it ay??

    So you could not shoot any holes in it, and can give no review?
    Sorry but i can't understand this, you have received the sources and all, you are an expert according your subtitle here.
    Just give your honest technical opinion!

    Hmm that is not a very technical insight or cipher review, the way he presents his cipher must be irrelevant, we should stop reviewing the author
    but look into his product. BTW this doesn't sound as someone, who didn't like to unmask this as 'snake oil' if he could :)

    Even if this cipher was found in a bar written on a wall, you should be able to review it don't you?

    But thanks for this post, it just adds to the opinion that nobody can give a reason why this cipher isn't better then AES 256.
    And you must have a reason not to give more technical insight.

    This makes you wonder..
    If someone invents a new stronger cipher, how difficult must it be to get it to us the users?

    My doubt in AES 256 only is growing rapidly!
     
    Last edited: Apr 7, 2012
  3. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    X942 first of all my apologies for the misunderstanding.

    You could have a look if there are the same people active in both threads

    X942, I am very curious what you will come up with, and if you can shoot some holes in it. The Crypto expert could not, but perhaps you can.

    Let's see if it is snake oil or the real thing !
     
  4. x942

    x942 Guest

    It was they way I wrote it. No worries. I can't see the company doing it because it is the same type of attack, same method, and same IP's in the attack as last time.

    I am curious to see if it's snake oil or not myself. Personally I think the companies tactics are it's worse enemy. If it presented it's self better then most of this thread wouldn't be arguments and bickering.
     
  5. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Not trying to rush you or anything, but are you able to estimate how long it might be? Are we talking days, weeks, longer? Just curious, since I am completely unfamiliar with the process and have no idea what to expect. :thumb:
     
    Last edited: Apr 7, 2012
  6. x942

    x942 Guest

    Reversing Engineering could take weeks, but now I have the sources too it may not take as long.

    The randomness tests I can run on a cluster which should speed up the process to days. All depends on how much free time I have though.
     
  7. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Cool, take your time :)
     
  8. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    The segments of mine that you chose not to quote contained several technical concerns; I'd be more than happy to expand on these, if you'd like. These concerns should raise flags about the author's ability to approach a design that matches his claims; does it not concern you that the author erroneously stated that differential cryptanalysis applies only to block ciphers? This is one of two fundamental avenues of cryptanalysis. With that in mind, analyzing the person and their presentation is important. However, it's that part from which I've withdrawn; because making cryptography more accessible is what I do, I'm glad to discuss the technical issues. Why such disdain for the AES? Nobody -- at least not me -- is trying to force feed it; it's just the most logical choice for most circumstances. No hidden agendas.
     
  9. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    It is too easy to respond on that ;)

    This is why i think so..
    1) because i don' trust it anymore, it might already be broken
    2) because it's too long in use and every secret service in every country will try to break it, or find shortcuts
    3) i think it is not very logical that not 1 other alternative in the whole world is recommended
    4) the short time to set up the key as mentioned by the Berndroellgen
    5) i don't like to bet on one horse
    6) i've seen some ugly mistakes before, DES was considered unbreakable by experts just as AES now is
    7) the fact that exporting encryption ciphers in many countries is illegal except for AES
    8 ) the fanatical way that AES is supported to the general public
    9) the fact that software with other ciphers are often not exported to other countries (just Google)
    10) changing ciphers was historiclly a common scenario and i see no problem with that
    11) AES was developed for systems with , for now very low cpu usage , systems that are now antique
    12) i have some backgrounds in software security, who had thought 2 years ago
    The fbi,microsoft, sony,Apple, Google, Comodo SSL, police forces , SSL certificates, RSA etc etc could and would be hacked, cracked or exploited or stolen?
    13) the way any other cipher is bashed by some that keep suggesting AES
    14) that fact that the project EStream was started
    15) the fact that every cloud solution in the US must be able to hand over data if asked for
    16) the fact that it seems to be impossible to get a product on the market with other ciphers
    I did search for that, and only found just a very small number
    17) the very awkward reason given not to encrypt an Aes encrypted file once again with another cipher!
    18 ) i have nothing to gain, by advising to use ANY second encryption cipher, but there can be reasons
    to advise AES only, apart from the fact that it is a good cipher especially if it is broken.
    especially for governments that like to spy on people (from any country!)
    19) the insight i have in the enormous amount of cpu power there is in many countries
    20) a monopoly is never a good thing, it is the brake on progress, amd can be harmful especially when other countries follow other strategies
    21) people that came up with stronger ciphers got into problems
    22) history proofs that all ciphers in the past were attacked and often cracked (like enigma)
    and it always took long before this was made public for obvious reasons
    23) i hope with threads like this people will try to invent even far better ciphers
    24) because i saw how AES worked
     
    Last edited: Apr 7, 2012
  10. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Tuatara,

    Can I ask why you only reply to arbitrary parts of a post, without addressing any technical issues that are being mentioned and focusing almost exclusively on opinions and assumptions? I've noticed this pattern throughout the majority of your posts in this thread. No offence intended in this question.

    Cheers
     
    Last edited: Apr 7, 2012
  11. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Of course such claims should raise a red flag. Surely if raised by a co-worker of one of the designers of Rijndael/AES. As I wrote before, I'm a layman so I do take your questioning serious. And I'm not afraid that AES 'won't suffice' anymore, that's not my pov/interest.
    I'm glad you confirm that it's important to focus on the tool itself and not just the tool maker.
    With your background I can also appreciate your 'need' for an academic routine; paper, peer review, presentation at conference et al.
    But if his tool is so flawed, how come no one has dissected the tool and proven it is fallacious?
    With source code available, it's still that hard or time/resource consuming?
    Again, I'm not asking you to prove anything but how come not one person in your field of expertise so far has taken this effort, if it's so obviously based on wrong assumptions and poor technique/implementations. Is it just something you guys don't do; prove that a certain encryption/cipher tool is an obvious fallacious product?
     
    Last edited: Apr 7, 2012
  12. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    No problem, the technical issues are all on the PMC-cipher, and i have nothing to do with that. I think the author himself must respond to that.
    And i am not a cipher expert, i am just a guy that lost my trust in AES
    and looking for any other Cipher to encrypt my data.

    So if anyone has a file encryption software with ANY recent cipher
    please let me know, becuase i want to run some tests with it
     
  13. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    To be honest, i don't know what to think of it, Is it just a mistake in his text?
    Does this also mean that there are errors in his cipher??

    The only thing i want to know is:
    How good is the cipher ? Can it be broken ?

    But i got no answer on that, so let's wait until another expert
    Can shine some light on this!

    Btw can we please agree not to value the cipher on the person,
    His website the color of his hair, or the way he does his marketing,
    or if his papers are made in the wrong file format?
    Becuase that is not very scientific, now is it?

    Lets hope X942 will give us more detailed info or any other expert is willing
    and able to look to the given source code and give us some real advise and review
    Because i can't either

    Perhaps anyone here knows someone who can do this?
     
    Last edited: Apr 7, 2012
  14. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Thanks for explaining.

    When you say "recent," what exactly do you mean? post 2002? post 2005? If you could define it, I might take a look around myself, out of curiosity. And maybe Justin will be able to suggest something.
     
  15. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    Last edited: Apr 7, 2012
  16. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Yup, ok. I'll do some searching later today or tomorrow and let you know if I find something. And Justin, if you know of any software for encryption that uses ciphers which are younger than 10 years, please let us know :) Thanks!
     
  17. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    It might be difficult, and
    - if the GUI is in any other language i don't mind.
    - a commandline version would be perfect.
    - Windows,Linux,MacOS doesn't matter.

    Thanks!
     
    Last edited: Apr 7, 2012
  18. Serapis

    Serapis Registered Member

    Joined:
    Nov 15, 2009
    Posts:
    241
    @ Tuatara

    Using a well known and widely implemented cipher means that it has one thing that most other ciphers don't, and that is the attention of the cryptographer communities and governments across the world. If you read what Shannon's maxim or Kerchoffs's principle means you'll know that this is actually a desired thing since it has been battle tested. It also means that there has been a general consensus reached for the best way to do things. You don't have to use Rijndael per se, as long as you use a widely established alternative though you should be fine - the other finalists in the NIST competition are viable alternatives.

    Using the standard means that there is an enormous incentive to test its security and try to break it. There is more security with more eyes looking at it. Using a lesser known or obscure cipher only serves to provide a false sense of security. Testing needs a lot of resources and time, which frankly, little known or improperly published/accessible algorithms just don't warrant that kind of inspection.

    The more time a cipher is used and is able to withstand mathematical breakthroughs the more resilient and trustworthy it becomes regarded.

    Quite to the contrary, DES was not considered unbreakable and was widely regarded with suspicions in the academic community due to its closed developement and small keysize, unlike the NIST process for selecting AES. Please read the history and facts before making blanket statements.

    There is no conspiracy to push AES on anyone, no one is forcing you by law to use it or restricting programmers to only put that in their products. I just see some excessive paranoia on your part that is not justifiable. Whenever Justin attempts to explain the question of why AES, you seem to block out his technical explanations. You are not asking for the purpose of learning, but for futile argumentation. I am not trying to change your mind, nor do I care to. But it always annoys me when half truths and misconcpetions are brought up.

    You are adopting a wrong mentality when thinking about encryption. This is not the same like when you decide to change some AV or security suite.

    The corporations you listed, were victims to phishing attacks and dumb employees opening infected attachments, not because of a cryptanalytic break.
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    This sums it up very well.

    Crypto is not like the security that people are usually used to. Having the least-targeted cypher isn't a good thing. Because Crypto is literally just math (whereas security is about policies) it needs to be treated differently. Bypassing crypto is not like bypassing an AV or HIPS or whatever. Shannon's Maxim actually applies to both worlds - the attacker always knows the system, which plays into Kerschoff's principal that secure crypto doesn't rely on hiding. It doesn't matter how many people are looking at the cipher if it's actually strong and AES is strong, crypto experts agree on this. That is why it's pushed - because it's out there and vetted and everyone knows that it works and how it works and they know that they still can't break it.

    Another good point made earlier was that overcomplicating the implementation (and implementation of crypto is by and far the greatest weakness) with multiple ciphers will hurt you rather than help you. I agree here, though I do it myself against better judgement.
     
  20. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    Serapis,

    Just Google on Encryption and export restrictions
    and many pages like this: - http://sourceforge.net/projects/arac-suite/?source=directory -

    - http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States -

    Perhaps you are right and i am paranoia, and perhaps AES 256 is all we need.
    And perhaps i am stuborn, stupid, and whatever you might think.

    But don't i at least be able to use an other encryption cipher if i wish to?
    I am looking for another cipher if you like it or not,
    PMC is a serious option, until proven wrong, and i am open for other ciphers.

    But for you i will make it easier, just give me the second best encryption software :D

    But seriously
    Ok, you win, i have made up my mind, i will no longer discuss AES only PMC-Cipher or any other one.
    But in return please, please stop suggesting me AES, even if i don't want it for the wrong reasons!
    Pffff
     
    Last edited: Apr 7, 2012
  21. x942

    x942 Guest

    Check out CAST5 and it's 256 bit counter part. It's patent free, and PGP WDE supports it.
     
  22. berndroellgen

    berndroellgen Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    59
    *

    To your concerns: When a cipher is compiled during runtime, incredibly fast ciphers can be realized. But since execution prevention is built into modern CPUs and since the number of platforms has increased, compilation during runtime is not feasible any more.

    The cipher built into TurboCrypt is basically a Luby-Rackoff construction. Function pointer enable for fast execution of interchangeable functions.
    You can read the details in the papers that I've linked to in one of my previous threads.

    Happy holidays to everybody!
     
    Last edited by a moderator: Apr 8, 2012
  23. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    777
    *
    But let's wait and see what happens
    *
    Good luck!
     
    Last edited by a moderator: Apr 8, 2012
  24. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Please concentrate your reposts on the subject of the thread and avoid off topic remarks. Thank you
     
  25. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    What bothers me is that a lot of emphasis is placed on the supposed fragility of the AES, and most everything else the cryptographic community has to offer, yet the author references publications regarding the very foundations of these primitives. Not only that, but the author's attempt at a hash function makes use of another hash function (e.g., Whirlpool) co-designed by a co-designer of the AES; if you don't trust the AES, why trust other designs from the same designers -- especially two designs that share design philosophies (i.e., wide trail strategy)? This seems inconsistent to me.

    But let's compare PMC with the AES and the modes of operation it uses. As you'll know, the AES is a block cipher that makes use of modes of operation, like CTR, which is meant to provide confidentiality through encryption, and CMAC, which is meant to provide integrity through authentication. Because authenticated encryption is how we go about achieving confidentiality and integrity, it seems fair to analyze PMC under the same notions that we look for in such a scheme -- more specifically, IND-CCA2 /\ INT-CTXT.

    When proposing a new design, it's the author's responsibility to state security in terms of these basic security expectations -- that is, if you're going to compare them to conventional designs. Unfortunately, I can't find any information regarding PMC that discusses integrity, and because PMC -- from my understanding -- is a composition of weak generators -- it's susceptible to the same weaknesses of streams ciphers, or block ciphers used in stream cipher-like modes, like CTR. There's no getting around this, so to address it, you'll need a MAC, or Message Authentication Code. Have you designed a MAC to go along with PMC? If not, how do you go about addressing integrity?

    As far as I can see, the papers include many generic proofs for constructions like Luby-Rackoff, and several instances of "likely" and "unlikely," but I don't see anything that states security for basic things like IND-CPA, IND-CCA2, and so on and so forth. I'd like to see a proof for the actual design, not various generic proofs for each of its borrowed components; there needs to be an analysis of the composite. One thing is for sure, however: encryption without authentication is insufficient -- useless, even. Even if you believe PMC is good, its output isn't immune to fiddling, and won't provide ample protection against active, online attacks.

    More concrete evidence will make it easier for others to know what they're looking at.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.