Encryption Software

Re: XorIt

You obviously are completely unaware of such things as "known plaintext attacks", "chosen plaintext attacks", "adaptive chosen plaintext attacks", etc. These are fundamentals of modern cryptography (and for the testing of algorithms' strengths).

In fact, your entire post screams "I have no idea what I'm talking about". Sorry.

 

OTP

Well this debate has got silly. Since no one has accepted and completed my challenge then I can't see any point in coming back here. People seemed more interested in insulting OTP and even my program in preference to trying to achieve a possible decryption. Perhaps the reason why you didn't try is because you didn't care, but if you didn't care then you should have just ignored the initial post about XorIt (not written by me incidently). Instead with claims like it would take "less than a few seconds for a PC to break it" and 'XOR is the easiest "encryption" to break' I though that there might be something that I could learn here about XOR and OTP encryption. I was wrong and I am annoyed that I have wasted my time.

I have removed the file from my site. For the record, the file was a JPG encrypted with a Windows Service Pack. I was hoping that someone could use header methods to decypt enough of the start to ID the key file. Hardly unbreakable, unlike a true OTP key, but I chose that as a key file to highlight there there are other options for key transfer. If the file is not the KFC secret spices all you need to do is make it really hard. Another method of generating long keys that are decently secure is using a Blum Blum Shub generator.

 

Do you really think we do not know this already? By the way this picture was created by Adobe

As i told you before - HEADERS !
And to prove it here are some explainings on your file:

 

Story continues.... here we have a original jpg file:

Again, some comments regarding your encrypted file.

 

Encrypting files with executables and known file structures is the weak point !
Nobody says that a one-time-pad is unsecure! But as you can see this encryption with this "environment" is EASILY breakable. Sure it takes some time - time which i do not have right now to decrypt parts of the file by hand (even without having this executable !!!!!!!!!!!!!!) because i have to take care of numerous new bagle worms and downloaders at this time. But i think this short lesson should be enough to prove my first comment "you can always decrypt files based on known filestructure with XOR" - as long as you use 2 filetypes. If you use REALLY HIGHLY RANDOMIZED DATA ( just the Rnd function / randomize is NOT SECURE FOR THIS! ) this becomes of course much more difficulter. But with 2 known file structures it's a easy game and you will probably always win this game if you know exacly how the fileformats are looking and what comes where and where you have "variable" byte sequences.

Enough now, back to work.

 

No apology necessary. It is obvious from your posts that you are young and inexperienced. If you were wise you would have recognized the unique opportunity that was presented here to the Wilders community. Why did you, TNT, not decrypt the file in seconds as you claimed possible? Although full of confidence (and boasting of experience), HappyBoy also failed to decrypt the test file. This topic will forever be a testament to both of your inability to do so.

@Andrew

First, congratulations for displaying evidence of your products successful implementation of unbreakable encryption.

Second, when I first contacted you for clarification of your programs function in regards to TNT's original posting I had no idea you would post in this topic, nor was it my intention for you to do so. And I certainly did NOT expect nor desire for you to to be subjected to personal attacks from children.

Finally, I would suggest you take legal action against wilderssecurity forums and the Eset mod in particular for the screenshots detailing reverse engineering of your programs registration section.

Once again, thanks for helping me understand the complex subject of OTP/Vernam encryption..

Lyn

 

"Sure it takes some time - time which i do not have right now ..."


Somehow, I knew that was coming LOL.

 

Psssst... Inspector Clouseau just broke it.

Anyway, if you believe this product works, just use it and put all you secrets in there. But don't force use to accept this kind of 'product' as secure, because we know better.

Cryptography is a scientific matter; this 'XorIt' for all it's been said and done, might as well be called vodoo.

 

What's your point? What do you think the point of strong encryption is, to defend against a challenge thrown at random on a few people on a forum who have absolutely nothing to gain by spending time trying to break it (no money, no job promotion)?

 

Last Post(?)

I did seriously consider it actually, but three reasons make it impractical. 1. Different Country, 2. I don't know his real name, and 3. I can't be stuffed. Besides, he did not reverse engineer it anyway as he was wrong. (Is is a crime to attempt to reverse engineer software?)

I am quite astonished though that Inspector Clouseau is boasting that he has worked out that it was a JPEG and an executible after I had already mentioned on the forum that it was. Perhaps if I told him it was Service Pack 4 for Windows 2000 he will boast that he deduced that too. Inspector Clouseau, I will say it again. I chose an executable and a image file as you boasted that you could decrypt a file based on a PE header. Thus I gave you one. You failed to do this in the time you claimed. I will say it yet again; I chose the filetypes as they were weak. I wanted you to decrypt the file. As I said;
"...But I have specially designed this file so it can be decrypted..." You failed the challenge. I was planning to give you a second challenge, an hard one, after you decrypted the first. After all, I though since you deal with this type of encryption daily you would pick that it was an executible, work out what one, and then decrypt the whole file.

Inspector Clouseau, if you want a real challenge with a time frame (what ever you want) just ask. Otherwise I consider my point proven that XorIt can make completely secure files and cannot be decrypted in a few seconds. (Even when bad keys are used.) But honestly, I recomend you either ignore this post, or just continue the mindless retoric as the point does not need to be proven at all anyway. Several sites including...

http://en.wikipedia.org/wiki/One-time_pad

...and...

http://www.ranum.com/security/computer_security/papers/otp-faq/

...agree anyway. I will try to remember to check this site again in a few days but I will not post any further replies unless you accept the challenge.

 

Re: Last Post(?)

I know about One-Time Pads, clearly much more than you. I said it once, and I'll say it again: if you honestly think your product is secure, please ask the opinion by people like Bruce Schneier, or Matt Blaze, or D.J. Bernstein; show us the source (remember, security should only reside in the key, which for OTP must be COMPLETELY RANDOM as said in the texts you quoted but did not bother to follow). Or put a money prize on your site for anyone who breaks it (you should not be afraid to do so if you product is really 'unbreakable').

Your challenge as it is, is utterly worthless. You can take a piece of a file, apply a simple proprietary bijective compression and it would be just as "hard" to identify it without even using a key.

And for the "I'll sue him" part, don't make me laugh. You're the one who should be sued for selling a product that does not do what it claims.

 

@ Inspector Clouseau

All you found were the headers Andrew and i knew were there. So you knew it was a jpg? So did I. Guess that makes me an expert too!

This file was a test of persons abilities to decrypt using a common file as key. Of course it is possible to gather info from headers when using such keys. Of course in practice you wouldn't want to use known servicepack.exe to encrypt whistleblower.xml. It is not a random key! But fact remains you still did NOT decrypt the file. You examined headers as did i. Now that you are aware of this lets move forward.

TRUE: The strength of encryption is only as secure the files themselves.

Anyone with basic knowledge of XorIt can create files that are unbreakable. Here is example: I suggest it is best to encrypt both source + key, then combine the two. You will NOT be able to decrypt it in billions of years without the encrypted keys that only exists on DVD in my possession.

Do you now understand

@TNT:
You do not know what you are talking about. I ask you one last time: why did you not decrypt XORFileA.X?

 

~snip....removed info not meant for public knowledge....Bubba~

Now you know what you're dealing with.

 

haha, busted!

 

I didn't see Scramdisk mentioned so I'll ask. I've been using 3.01R3 on my 98 unit for some time. I like its ability to encrypt partitions or entire small drives and the ability to put it on a floppy for use in other computers.
I know it's been around for a long time. It was recommended to me years ago by an individual (now deceased) who tested such programs for deliberately planted weaknesses and back doors. At that time, he said it was one of the best. Has Scramdisk 3.01 itself ever been proven vulnerable or weak or does it just have compatibility issues with a newer OS?
I also use PGP 6.5.8ckt08, which works very well on win 98 and with the other software I use. What's your opinion regarding it and the PGP disk component that comes with it?
Rick

 

Lyn, as if that is your name, there is no reason to introduce bogus legal threats into this thread. It has deviated far enough from the topic I posed and does not need unsubstantiated legal threats.

 

To put an end on this, I will quote some of the text on Wikipedia that the author of the software (unwisely, I'd say) linked to:

"Vernam's system was a cipher that combined a message with a key read from paper tape. In its original form, Vernam's system was not theoretically unbreakable — this came only later when Joseph Mauborgne recognized that the key tape needs to be completely random."

"Despite the strong proof of security, the one-time pad has drawbacks in practice: it requires perfectly random one-time pads"

"All too often people are misled by the presence of "random number generator" functions in computer programming languages and assume they can be used to make an unbreakable encryption system using the one time pad principle. Such functions are almost always pseudorandom number generators, and cryptographically weak ones at that."

"Many vendors selling proprietary encryption schemes use "one time pad" as an advertising slogan. Such systems often fail to meet the exacting standards needed to be a true one time pad. Most are just another stream cipher, but have not been subject to extensive review of standard methods. See: snake oil cryptography."


From the Snake Oil section:

"Cryptosystems based on one-time pads for which the key material 'pads' are generated or expanded by the software cryptosystem, by the operating system, or provided by the vendor. While the one-time pad has a proof of security, it is argued that a system based on the one-time pad would be too impractical to be of any use for most applications. The one-time pad requires large amounts of truly random key material, which then needs to be transferred securely to the recipient of the encrypted message. A truly random sequence cannot be identically reproduced, hence a pad generated at both ends, rather than generated at a single point and transferred, cannot be random. Moreover, it is also argued that many applications claiming to use the one-time pad are, upon close inspection, generating the key using deterministic methods, losing the proof of unbreakability."


From the Snake Oil FAQ: http://www.interhack.net/people/cmcurtin/snake-oil-faq.html#SECTION00057000000000000000

"A vendor might claim the system uses a one-time-pad (OTP), which is provably unbreakable. Technically, the encrypted output of an OTP system is equally likely to decrypt to any same-size plaintext. For example,

598v *$_+~ xCtMB0

has an equal chance of decrypting to any of these:

the answer is yes
the answer is no!
you are a weenie!

Snake oil vendors will try to capitalize on the known strength of an OTP. But it is important to understand that any variation in the implementation means that it is not an OTP and has nowhere near the security of an OTP.

An OTP system works by having a ``pad'' of random bits in the possession of both the sender and recipient, but absolutely no one else. Originally, paper pads were used before general-purpose computers came into being. The pad must be sent from one party to the other securely, such as in a locked briefcase handcuffed to the carrier.

To encrypt an n -bit message, the next n bits in the pad are used as a key. After the bits are used from the pad, they're destroyed, and can never be used again.

The bits in the pad cannot be generated by an algorithm or cipher. They must be truly random, using a real random source such as specialized hardware, radioactive decay timings, etc. Some snake oil vendors will try to dance around this issue, and talk about functions they perform on the bit stream, things they do with the bit stream vs. the plaintext, or something similar. But this still doesn't change the fact that anything that doesn't use real random bits is not an OTP. The important part of an OTP is the source of the bits, not what one does with them."

 

Incorrect

You guys. First I will claify one thing, I have no intention of suing anyone, and I think Lyn was joking anyway. If Inspector Clouseau wants to act like a cracker then that is his problem and it is in no way the fault of this forum.


To Inspector Clouseau

I thought it was obvious that there were only two people who weren't on the Dark Side here; Me and Lyn. I have gone by the name of Sinner or Andrew Glina and I made it clear when I switched my name.

TNT

Interesting selective quoting of Wikipedia. You have selected all of the negative comments you could find. But don't worry; I do not match the description of Snake Oil;

1. I make it clear that for absolute security you need a unpredictable file (even though a service pack will do)
2. While I in a new Beta version of CryptIt (but not XorIt) provide a stream cipher generator using RC4, I do discourage using if you want absolute security. (It was a requested feature and I try to please my users)
3. I do not make any claim that the file can be decrypted without the transfering the key.
4. I do not provide any keys.
5. I do stress the the file must be unpredictable, especially in the new Beta of CryptIt.
6. I do not have any secret algorithm. This is it in pseudo code of the routine.

10 Load File and Key
20 XOR One DWORD with another DWORD
30 Incremement memory pointer
40 Goto 20

or in assembly

mov edi, [hBlockA]
mov esi, [hBlockB]
xor eax, eax
inc edi
inc esi

I do not understand why TNT and Inspector Clouseau are so convinced I am trying to be decietful, and to be honest I find it quite offensive. The only reason why I persist in this silly debate is because I know I am right and I think that you guys have just accidently grouped me in with the "Easy OTP" club. But, I make no such claims. If one of you actually took the time to look at the software you would discover this as it is the honest truth.

Surely you must acknowledge that there are some people in the world who have a secure source of OTP keys, even if they make it using the scrabble method. Surely you agree that it is possible to write a program that uses these unprovided user generated OTP files and simply XORs them with their original file. That is all that XorIt does. The program is 30KB! How could it do any more!

Please give me a chance and stop automatically insulting my work without giving it a fair chance.

 

TNT, I have posted more than double the #'s of posts @ wilders over the last years than your nick' -all_anon. Iam known (or have been known) by different names across many bbs. Is a posters identity more important to you than the information/opinion they are providing for benefit of others? Many people choose not to register for different reasons. Registration is not required @ wilders, so what is your point? If you disagree you should bring the issue before Paul, who has far more complete records of my ip than you or Inspector Clouseau dream of.

In case you missed it, the first part of the dallens question is about which encryption soft are *considered* the best, the second part which *is* the best. A loaded question, but nonetheless, since I do have an opinion i wanted to share with dallen - and other visitors to this thread - i decided to add it as i frequently do. In response to dallen's question I posted as no_can_do for i believed it impossible to decrypt a file created with XorIt, which evidently turned out to be TRUE. Must I go into irrelevent details such as individual posting style? ? I simply posted "try hacking a file scrambled with this soft" and provided a link to Andrews program. I used the word *scrambled* so that even a novice like yourself could understand, and learn this encryption soft is DIFFERENT FROM OTHER SOFTS: With XorIt there is no password to be cracked!

Due to this posting of Inspector Clouseau: "and is useless to prove, just believe me, we deal DAILY with such encryption in Viruses.." I posted as justdoit because it is inappropriate he is asking people to have great *faith* rather than use his supposed skills to prove otherwise. I will call to account ANY soft dev, ANYWHERE when i see statements like that, and you should too. Hence, "justdoit" instead of making excuses. Get it? Good.

After your amazing non-response in #26 I identified myself again as no_can_do so that you, TNT, might know that no_can_do and justdoit are one and the same poster. Apparently you are not good at detecting subtleties, for bottom of (what i thought to be) my final post #31 is the name "Lyn". As it happens while i was typing my reply to your #26, both Andrew and Inspector Clouseau had posted! When i seen Inspector Clouseau was "too busy" to decrypt the file (even tho he examined headers) I posted #37 using my real name, Lyn, to identify myself, as i did at the bottom of previous post.

Busted? Hardly. I provide my name. This is something i have never done on public forum. Here I have given you a clue. The onboard experts have better odds to determine who iam than skills decrypting a decryptable file created by XorIt. Hopefully this clears up any confused minds.

Lyn

 

Glina, I am not attacking you (I do not even know you), I am attacking your methods. You come here playing "the guy who just made OTP unbreakable encryption possible on your PC" (and with a pay-for product, let's not forget) when the truth is far from it. OTP encryption is not something you can define yourself, it's a known (and impractical) form of encryption that can't be achieved via software only.

You throw at us a file claiming "you can't break it" to prove some point of some kind, but the truth is, it does not prove a thing. I don't even bother accepting challenges of this kind, because you could have used a hardware entropy source, or you could have gone on http://www.random.org or http://www.fourmilab.ch/hotbits/ (by the way, this is not 'secure', at least not in a real way, as the data is downloaded in clear text, and it would only be as secure as the SSL connection even if you could download it over that) and got the random data you needed to create the OTP key. How would we know? And do you honestly think that asking a couple of people in a public forum (and who have nothing to gain whatsoever in spending time trying to decrypt a file) automatically means you built unbreakable encryption? And that people should honestly encrypt all their bank data and social security numbers in a high-risk environment, without fearing that for months or years expert criminals who make a living on stealing such things would ever be able to decrypt it?

More, if you were serious about your program, you would have described at least the methods of creating the entropy pool for your program (for I hope you don't mean for people to use the rnd function) and you would have NOT claimed that it was OTP unbreakable encryption anyway. That's honesty I'm talking about, buddy.

 

Challenges

Dear TNT

You are attacking me personally as you are saying that I am decieving my customers. In your last post you implied that I was dishonest. You do not need to know someone to insult them. I only gave the challenge as you challenged the security of XorIt. I did not start this. I only came to this site as you dismissed my program as "Snake Oil". If someone comes out with a claim that something can be done in seconds, then they should have something to back it up. I gave you and Inspector Clouseau a chance by making a easy challenge. You constantly claim to be an expert, yet you have offered no proof either.

I already have explained over and over again how I generate the entopy pool. I don't. It is as simple as that. (Due to this interesting debate I am considering writing one though.) OTP works best if each person uses their own method for generating the OTP. That is a fact. Providing the OTP is unpredictable then it is unbreakable. That is a fact. OTP is achievable via software only. I have not seen this proved otherwise. A system is seen as secure until it can be defeated.

(Mentioning the fact that I charge for my software is absurd, even ignoring the fact that it only costs $7.50 USD. I used to be freeware and have a "donate" button on my site like most open source and other "free" programs. But in my opinion this is little better than begging. I do not charge for upgrades and I offer free support to even non-registered programs.)

I have been nothing but polite on this forum and I wish you would offer me the same courtesy. There are no need for insults.

 

It's Official

Thanks to your warm welcome I have decided to stay. I love you guys.

 

Re: Challenges

The encryption you use isn't really a true OTP, since the key isn't random....

I also noticed your software doesn't provide the ability to only use data "one time" , as the whole thing with "one time pads" is that you use the key data "one time". Funny that you name your program "XorIt" but then come in here and say it is using "one time pad" encryption....

If you used a real symmetric cipher like RijnDael, even with a weak password someone like myself wouldn't be able to come along and view a part of the plaintext easily. Which is possible with your software if the user mistakenly uses a file to XOR their data which is weak. Sure someone could run a "brute force password" crack and discover the weak password, but if the file format was custom, it would take more work to get a password bruteforce to start happening, than it would be to open up a hex editor and simply take a look at the file.

Someone who doesn't know much about encryption can easily type in a 12 character password, and be relatively secure with a known secure algorithm. Someone who doesn't know much about encryption, who uses your program, can easily select the wrong file and be under a false belief that their data is relatively secure, when it isn't.

On your webpage (http://www.sinnercomputing.com/XorIt.htm) I noticed you are using the pagefile to encrypt an EXE. What if you were using the pagefile to encrypt a TEXT file. There are a lot of 0x00's in the pagefile, how much of the text file would be visible in a hex editor without any work? Even you, the author of XorIt, are showing people how to use the program incorrectly.

If the police raided your home and found your DVD of xor-keys, or simply selected every file on your hard-drive as a possible key file for encrypted files, how long would it take them to decrypt all your encrypted files? I think it would be quicker than the time it would take them to extract a long password from your head.

Tooting your own horn because some random people on a forum somewhere can't break your easy encryption doesn't make your program secure. You know there are severe weaknesses in your program, you have shown yourself being vulnerable to them, aswell as offering a weakly encrypted file for people to test here. It would take me about 15 minutes to put together the exact same program you are offering on your webpage, I just don't know why you are offering it for sale...

 

Why am I bothering?

Very true. That is a mistake I will try to rectify soon. I was in a hurry when I made that screen shot so I just used the first big file I found. Thanks for reminding me of this. I don't tend to give my screenshots a second glance. But why are you saying that the key isn't random? Since I don't even provide a key, how can you say it is not random?

I do not recall saying that XorIt is using OTP encryption, I said it can use OTP encryption. There is a quite large difference. A vacume cleaner can be used to fill up an air matress, but it is not its prime function. XorIt is a file XORer that can be used with any file you want, including One Time Pads. What else would XorIt need to do to support One-Time keys? Delete the file on the second time it was used? If so, how would it know this?

XorIt was a requested program. Someone wanted a program that could do Vernam style encryption that can be used with a Blum Blum Shub generator. That is why I wrote it. He asked me as the available ones were too slow. He did not like the avalible encryption options and others feel the same way.

I fail to see why I am being questioned on the pros and cons of OTP encryption. I came here to defend my program, not to "tout my horn". Instead one person decides to act like a cracker and try to find bugs in my registration code, and the rest see me as Mr OTP. I never claimed any of that. I just objected to my program being labled as "Snake Oil". It was TNT who first mentioned OTP. XorIt claims to use Vernam encyption which is where the cipher is the same size as the plain text. Not as secure as OTP, but close enough for a lot of cases.

But it does seem that I will lose this debate and there must be a never ending stream of Security Experts who hate the concept of OTP. I am not a securty expert, and I have never claimed to be. I suppose this is the price I pay for being a open minded developer.

 

Dallen,
Well there are really two threads going on in this one. One at the programmer level and one at the average user level (I am happily in the latter group). Personally, I just want the program to keep my stuff safe and be easy to use. It is great to learn some of the nitty gritty details of encryption because it will help you make a better choice on what to use.

Just to add to what StevieO said, Windows XP really is much more at home with 1 GB plus RAM, page file or not. From my experience, I would say 1 GB is the threshold where you could start to consider turning it off.
If you are not editing large photoshop pics or doing video editing, you should be able to turn it off at 1 GB without consequence.
I have been using 1.5 GB RAM with no page file for a long time without a problem, even with multitasking, lots of security programs, photo editing, etc. I have not tried video editing without a page file, but that would work best with 2 GB anyway. The worst problem would be a program crashing (simply end task) or unlikely, windows would freeze (reboot).
Try it, you can always switch it back if you doesn't work for you.
If in the unlikely event that you can't boot into windows normally because of some odd program you load at start up, you could reboot into safe mode and turn the page file back on.
It's low risk, but if you want to be extra careful, you could do a backup first.