Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (3)
to General by Kalatti - 8 hrs, 41 mins ago - more...
| The Following User Says Thank You to pichlo For This Useful Post: | ||
 |
|
2013-12-29
, 21:26
|
|
Posts: 1,012 |
Thanked: 817 times |
Joined on Jul 2007
@ France
|
#12
|
Originally Posted by xerxes2
You know, most things are decyphered not by breaking the crypting algo, but by breaking the PRNG
Thanks for the answers guys. I'm going to use Vigenere cipher with random generated keys that are as long as the encoded message and this is to my knowledge unbreakable. You can send messages with sms and Twitter and not NSA or your wife would be able to crack it. The problem with this cipher is that you have to keep your keys secret though and deliver them to your friend in a safe way, basically hand to hand. RSA type cipher is good but it's not theoretically unbreakable like Vigenere is.
But Vigenere cipher being unbreakable could mean that it's not legal to do ... in some countrys. Sweden is basically a US state when it comes to legal matters and I don't want a swat team kicking in my door giving me a single trip ticket to Gitmo.And I'm no criminal or anything but this is something I've been thinking about doing for almost twenty years when I first heard of the Vigenere cipher. So basically I'm doing it just because I want to but if it means trouble, like ie FSB puts Custodian in a black hole and destroys Openrepos servers I better not.
__________________
Benoît HERVIER, Khertan
KhtEditor - Sdist_Maemo - Khweeteur - PyPackager - KhtSimpleText - KhtNotes - KhtBMA - Wleux - and more ...
Benoît HERVIER, Khertan
KhtEditor - Sdist_Maemo - Khweeteur - PyPackager - KhtSimpleText - KhtNotes - KhtBMA - Wleux - and more ...
| The Following User Says Thank You to Khertan For This Useful Post: | ||
 |
|
2013-12-29
, 22:23
|
|
Posts: 513 |
Thanked: 651 times |
Joined on Feb 2011
@ Sweden
|
#13
|
Originally Posted by Khertan
Yeah I've noticed. In the Snowden leaks there was evidence of a NSA backdoor in one implementation:
You know, most things are decyphered not by breaking the crypting algo, but by breaking the PRNG
http://en.wikipedia.org/wiki/Cryptog...l_EC_DRBG_PRNG
But with some form of human interaction the keys can be made safer. I guess to type all the keys manually would be the safest way though.
__________________
But the WM7 "horse" has a blood lineage tracing back to donkeys such as WM6.5, 6.1, 6.0, 5.1 that was fully neglected for too many years and Microsoft did sweet F all to maintain it (still running on Pocket IE4/6!!).
But the WM7 "horse" has a blood lineage tracing back to donkeys such as WM6.5, 6.1, 6.0, 5.1 that was fully neglected for too many years and Microsoft did sweet F all to maintain it (still running on Pocket IE4/6!!).
 |
|
2013-12-30
, 16:27
|
|
Posts: 747 |
Thanked: 2,370 times |
Joined on May 2012
@ Moscow, Russia
|
#14
|
Originally Posted by xerxes2
Primary openrepos servers are located at Germany, so dont worry about me or fsb
Openrepos which I think is located in Russia.
btw, have you seen tox.im application: http://tox.im/en ?
__________________
twitter: @basil_s home: http://thecust.net
OpenRepos.net - community driven repository project. Warehouse - native client for OpenRepos.net
Buy me a beer
twitter: @basil_s home: http://thecust.net
OpenRepos.net - community driven repository project. Warehouse - native client for OpenRepos.net
Buy me a beer
|
|
2013-12-31
, 20:46
|
|
Posts: 513 |
Thanked: 651 times |
Joined on Feb 2011
@ Sweden
|
#15
|
No I have not seen that one before but it looks like it's opensource so I might take closer look. Will se if there's a linux port available already.
__________________
But the WM7 "horse" has a blood lineage tracing back to donkeys such as WM6.5, 6.1, 6.0, 5.1 that was fully neglected for too many years and Microsoft did sweet F all to maintain it (still running on Pocket IE4/6!!).
But the WM7 "horse" has a blood lineage tracing back to donkeys such as WM6.5, 6.1, 6.0, 5.1 that was fully neglected for too many years and Microsoft did sweet F all to maintain it (still running on Pocket IE4/6!!).
| The Following User Says Thank You to xerxes2 For This Useful Post: | ||
|
|
2014-01-02
, 15:51
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#16
|
@xerxes2,
There is no way a computer can generate a sequence of truly random numbers, so there is no way a computer can implemente a one-time pad.
(the last "." is intended to mean: "full stop".)
There is no way a computer can generate a sequence of truly random numbers, so there is no way a computer can implemente a one-time pad.
(the last "." is intended to mean: "full stop".)
|
|
2014-01-02
, 16:07
|
|
Posts: 2 |
Thanked: 2 times |
Joined on Dec 2013
@ Gothenburg
|
#17
|
I think it would be a good idea to try and port these apps to whatever device you have in mind, as they are open-source and many skilled people looked at them, as far as I know:
https://whispersystems.org/
(And this is all under the optimistic assumption that the company is not malicious or coerced to insert backdoors by some intelligence agency.)
https://whispersystems.org/
Originally Posted by pichlo
In that case you still have to trust that the company didn't make any mistakes in implementing and/or using the algorithm. As others have said, even if you use an algorithm that is believed to be secure, it's very hard to use it in a secure manner with the right protocols, etc.. If you have an open-source application, a lot more people will (hopefully) check the code for this kind of mistakes.
s/closed source/proprietary algorithm
Having worked for a crypto company myself (although not involved in the actual crypto stuff, so no tricky questions please, I am not an expert), I would have no problem using a commercial, closed-source application - as long as the actual algorithm is published. It is the guys that invent their own algorithms that I have no trust for. Security through obscurity is the least reliable kind.
(And this is all under the optimistic assumption that the company is not malicious or coerced to insert backdoors by some intelligence agency.)
| The Following User Says Thank You to dschoepe For This Useful Post: | ||
|
|
2014-01-02
, 16:07
|
|
Posts: 1,417 |
Thanked: 2,619 times |
Joined on Jan 2011
@ Touring
|
#18
|
Reinob,
If the computer takes a truly random seed, say a bare CCD facing a mildly radioactive object or even the input of the camera as the user randomly waves it around and you can get one time pad level seeding as good and probably far better than rolling dice or picking lottery number balls.
If the computer takes a truly random seed, say a bare CCD facing a mildly radioactive object or even the input of the camera as the user randomly waves it around and you can get one time pad level seeding as good and probably far better than rolling dice or picking lottery number balls.
|
|
2014-01-02
, 16:15
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#19
|
Originally Posted by biketool
1) OP is talking "app", as in smartphone-app.
Reinob,
If the computer takes a truly random seed, say a bare CCD facing a mildly radioactive object or even the input of the camera as the user randomly waves it around and you can get one time pad level seeding as good and probably far better than rolling dice or picking lottery number balls.
2) this is seriously unrealistic. The receiving party needs to have the password in order to decrypt the message (we're talking symmetric encryption).
you'd need to (externally) generate the sequence, send it over to your partner (*not* from phone) and then somehow make the app use that sequence ("please type your message", "please type your 5087-character password"). As soon as the user types the password you've lost already.
OTP is a theoretical construct. Like a Turing machine if you like. You can talk about it, you can use to model stuff, to gain information about stuff. You just can't build it.
| The Following User Says Thank You to reinob For This Useful Post: | ||
 |
|
2014-01-02
, 16:36
|
|
Posts: 6,445 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#20
|
Originally Posted by reinob
Not quite. You can pre-generate say a thousand OTPs and give them to both parties, then use (and destroy) them one by one. In case of secure SMS, the OTPs have a finite length so not even too much resources spent. Of course keeping a bunch of OTPs for future use has its own problems but at least it is doable.
OTP is a theoretical construct. Like a Turing machine if you like. You can talk about it, you can use to model stuff, to gain information about stuff. You just can't build it.
Having worked for a crypto company myself (although not involved in the actual crypto stuff, so no tricky questions please, I am not an expert), I would have no problem using a commercial, closed-source application - as long as the actual algorithm is published. It is the guys that invent their own algorithms that I have no trust for. Security through obscurity is the least reliable kind.