You are here

Security

Observations on information security.

More Matlab and RC4

A reader asked for more details on the RC4 and block cipher mode functions I wrote in Matlab.

To recap, I needed a 'block cipher' to produce a complete example of how a straight block cipher fails to hide large patterns in the output, and how an appropriate block cipher mode yields something akin to white noise.

Wikipedia has a "penguin" example with a block encrypted version (penguin still visible) and a block of white noise. The white noise represents what the block mode output is supposed to look like as opposed to being the genuine output of a block cipher mode. So I built this 'real' example, more or less.

I didn't have a block cipher that worked with small blocks. But I knew it wasn't hard to implement RC4. So I created a function to map 8 bytes of data into 8 bytes of 'ciphertext' to simulate the block cipher.

Post category: 

Wow. Lisp-based Web service

John Fremlin has implemented a dynamic web server in Lisp. He claims that it beats the socks off of everything else. If we're comparing Lisp against PHP, Python, Ruby, and similar scripting languages, I wouldn't be surprised if he proves to be right.

Lisp is almost the closest-to-the-machine text language interpreter there is. Forth might beat it for closest, but Lisp is soo much more powerful. Moreover, it's possible to build sane programs in Lisp that you can actually analyze. That gives us a slight hope of building reliable and secure web servers as opposed to the cobbled together things we have to live with.

Post category: 

Spying as public activity

Critics and comics sometimes say that government insiders get more accurate information from CNN than from the CIA. Now we have 'open source spying' (Wall Street Journal). There's a grad student who, via his "North Korea Uncovered" web site, is documenting all sorts of details of that notoriously secretive country.
Post category: 

Contact Me

Richard Smith
Cryptosmith LLC
rick@cryptosmith.com
1807 Market Blvd, #111
Hastings, MN 55033-3492
USA
Taxonomy upgrade extras: 

Matlab, RC4, and Crypto-Graphics

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I've constructed similar examples to show the role of modes in using block ciphers. There's a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

 

smileycolorsmileyecbsmileycbc

 

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

 

[There is a later post with more info on RC4 in Matlab

]

 

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I've constructed similar examples to show the role of modes in using block ciphers. There's a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

 

smileycolorsmileyecbsmileycbc

 

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

 

[There is a later post with more info on RC4 in Matlab]

 

Post category: 

Sharing Files on a Desktop Computer

The easiest way to share files on a desktop computer is for everyone to use the same login, and leave all the files on the desktop or in the "Documents" folder.

On the other hand, a desktop can be a personal thing. If I put a file somewhere, I like to know it'll still be in that spot when I get back. Computers are tricky enough. We don't have to add the work of other unpredictable humans to make them hard to use.

Once a household starts using multiple logins, you run into a completely different problem: how do you share things? I took all those pictures and my daughter wants to see them. We took turns typing in Xmas presents as we opened them, now where do we put the list so everyone knows what Thank You notes to write?

Post category: 

Dell Laptop

I just bought a Dell laptop. I generally buy from vendors I know, and St. Thomas has been buying Dell systems for the past several years. I might have bought an Apple, but their lowest base price was $1,000. I knew I could do a little better. In any case, I wanted to run both Windows and Linux. Running OS-X would have been a plus (I'm addicted to Aperture) but not worth the extra dollars.

The hardware seems solid - an XPS 1330 - and it's comfortably compact. It has thumbprint authentication that seems tolerably robust. The major size limiters, the RAM and hard drive, are easy to replace. So is the 802.11g network card. It came with "Windows Home Premium." I'm astonished at the amount of Dell-branded software you have to trim back. And I'm appalled that the default search engine, "Live.com," directs you away from OpenOffice.org when you go looking for it.

Post category: 

Boak's Puzzle: Disposing of Classified Trash

Recently I was skimming through the NSA's "classified history of COMSEC" (posted at governmentattic.com).  This "history" is a transcription of lectures by David G. Boak, who liked to explain NSA-related topics from a historical perspective. He clearly inspired a generation of NSA's employees. The last "real" page of the document contains a humorous story and a crypto puzzle (link to pdf).

The NSA had an incinerator in their old Arlington Hall facility that was designed to reduce top secret crypto materials and such to ash. Someone discovered that it wasn't in fact working. Contract disposal trucks had been disposing of this not-quite-sanitized rubish, and officers tracked down a huge pile in a field in Ft. Meyer.

How did they dispose of it? The answer is encrypted in the story's text!

Wordpress tag: 

Techno-zombies and Pluribus

I'm always amazed at how long a piece of apparently obsolete equipment can remain in service, especially in government service. Bruce Schneier's blog listed a link to NSA's 1991 video catalog at governmentattic.org. The catalog grants us an interesting if spotty view into the world of crypto gear and classified data collection systems.

I was particularly astonished to see inclusion of a video about the Pluribus - a long-obsolete Arpanet-era packet switch. I worked on the beast: it was overbuilt and underpowered. And unreliable (more on that another time). In the ideal world of tech, such obsolete junk should have been recycled by 1991. I was optimistic.

Password Recovery Speeds

Ivan Lucas of "Lockdown.co.uk" has posted an interesting summary of Password Recovery Speeds. These are scaled on the assumption that the attacker will do trial-and-error attempts of all possible permutations.
Wordpress tag: 
Post category: 

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer