maemo.org - Talk
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   General (https://talk.maemo.org/forumdisplay.php?f=7)
-   -   Unbreakable cipher app (https://talk.maemo.org/showthread.php?t=92192)

pichlo 2013-12-29 19:58
Re: Unbreakable cipher app
 
Quote:
Originally Posted by Estel (Post 1401677)
Frankly, I would *never* deliberately use a closed source cryptographic application for anything sensitive (or, anything at all).
s/closed source/proprietary algorithm

Having worked for a crypto company myself (although not involved in the actual crypto stuff, so no tricky questions please, I am not an expert), I would have no problem using a commercial, closed-source application - as long as the actual algorithm is published. It is the guys that invent their own algorithms that I have no trust for. Security through obscurity is the least reliable kind.

Khertan 2013-12-29 21:26
Re: Unbreakable cipher app
 
Quote:
Originally Posted by xerxes2 (Post 1401678)
Thanks for the answers guys. I'm going to use Vigenere cipher with random generated keys that are as long as the encoded message and this is to my knowledge unbreakable. You can send messages with sms and Twitter and not NSA or your wife would be able to crack it. The problem with this cipher is that you have to keep your keys secret though and deliver them to your friend in a safe way, basically hand to hand. RSA type cipher is good but it's not theoretically unbreakable like Vigenere is.

But Vigenere cipher being unbreakable could mean that it's not legal to do ... in some countrys. Sweden is basically a US state when it comes to legal matters and I don't want a swat team kicking in my door giving me a single trip ticket to Gitmo. :) And I'm no criminal or anything but this is something I've been thinking about doing for almost twenty years when I first heard of the Vigenere cipher. So basically I'm doing it just because I want to but if it means trouble, like ie FSB puts Custodian in a black hole and destroys Openrepos servers I better not. :)
You know, most things are decyphered not by breaking the crypting algo, but by breaking the PRNG

xerxes2 2013-12-29 22:23
Re: Unbreakable cipher app
 
Quote:
Originally Posted by Khertan (Post 1401945)
You know, most things are decyphered not by breaking the crypting algo, but by breaking the PRNG
Yeah I've noticed. In the Snowden leaks there was evidence of a NSA backdoor in one implementation:
http://en.wikipedia.org/wiki/Cryptog...l_EC_DRBG_PRNG

But with some form of human interaction the keys can be made safer. I guess to type all the keys manually would be the safest way though. :)

Custodian 2013-12-30 16:27
Re: Unbreakable cipher app
 
Quote:
Originally Posted by xerxes2 (Post 1401610)
Openrepos which I think is located in Russia.
Primary openrepos servers are located at Germany, so dont worry about me or fsb ;)

btw, have you seen tox.im application: http://tox.im/en ?

xerxes2 2013-12-31 20:46
Re: Unbreakable cipher app
 
No I have not seen that one before but it looks like it's opensource so I might take closer look. Will se if there's a linux port available already.

reinob 2014-01-02 15:51
Re: Unbreakable cipher app
 
@xerxes2,

There is no way a computer can generate a sequence of truly random numbers, so there is no way a computer can implemente a one-time pad.

(the last "." is intended to mean: "full stop".)

dschoepe 2014-01-02 16:07
Re: Unbreakable cipher app
 
I think it would be a good idea to try and port these apps to whatever device you have in mind, as they are open-source and many skilled people looked at them, as far as I know:

https://whispersystems.org/

Quote:
Originally Posted by pichlo (Post 1401926)
s/closed source/proprietary algorithm

Having worked for a crypto company myself (although not involved in the actual crypto stuff, so no tricky questions please, I am not an expert), I would have no problem using a commercial, closed-source application - as long as the actual algorithm is published. It is the guys that invent their own algorithms that I have no trust for. Security through obscurity is the least reliable kind.
In that case you still have to trust that the company didn't make any mistakes in implementing and/or using the algorithm. As others have said, even if you use an algorithm that is believed to be secure, it's very hard to use it in a secure manner with the right protocols, etc.. If you have an open-source application, a lot more people will (hopefully) check the code for this kind of mistakes.

(And this is all under the optimistic assumption that the company is not malicious or coerced to insert backdoors by some intelligence agency.)

biketool 2014-01-02 16:07
Re: Unbreakable cipher app
 
Reinob,
If the computer takes a truly random seed, say a bare CCD facing a mildly radioactive object or even the input of the camera as the user randomly waves it around and you can get one time pad level seeding as good and probably far better than rolling dice or picking lottery number balls.

reinob 2014-01-02 16:15
Re: Unbreakable cipher app
 
Quote:
Originally Posted by biketool (Post 1403076)
Reinob,
If the computer takes a truly random seed, say a bare CCD facing a mildly radioactive object or even the input of the camera as the user randomly waves it around and you can get one time pad level seeding as good and probably far better than rolling dice or picking lottery number balls.
1) OP is talking "app", as in smartphone-app.
2) this is seriously unrealistic. The receiving party needs to have the password in order to decrypt the message (we're talking symmetric encryption).

you'd need to (externally) generate the sequence, send it over to your partner (*not* from phone) and then somehow make the app use that sequence ("please type your message", "please type your 5087-character password"). As soon as the user types the password you've lost already.

OTP is a theoretical construct. Like a Turing machine if you like. You can talk about it, you can use to model stuff, to gain information about stuff. You just can't build it.

pichlo 2014-01-02 16:36
Re: Unbreakable cipher app
 
Quote:
Originally Posted by reinob (Post 1403078)
OTP is a theoretical construct. Like a Turing machine if you like. You can talk about it, you can use to model stuff, to gain information about stuff. You just can't build it.
Not quite. You can pre-generate say a thousand OTPs and give them to both parties, then use (and destroy) them one by one. In case of secure SMS, the OTPs have a finite length so not even too much resources spent. Of course keeping a bunch of OTPs for future use has its own problems but at least it is doable.


All times are GMT. The time now is 01:16.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8