l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social Gathering 		Next Installfest:
TBA 		Latest News:
Nov. 18: Officers elected 		Page last updated:
2002 Jun 05 14:27
Events
 Meetings
 Installfests
 Demos
 Photos
Services
 Library
 LERT
 Jobs
 Documents
Interact
 Mailing Lists
 - Search
 - Archives
 Chat (IRC)
 Social Networks
About Us
 Members
 Projects
 Testimonials
 Call for Speakers
 Why Not MS?
 Finances
 Sponsors

^Home
?Search
?News & RSS
?Calendar
@Contact Us
$Buy Stuff
=Printable


The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?

Bill Broadley writes:
 > Xor is 100% secure if your key is as long as your data, otherwise known
 > as the otp = one time pad.  If it's less, it is indeed rather easy to break.

This is really picky of course, but the other criteria for "secure use
of Xor", in addition to having a key at least as long as your data,
is:

  1. That it be a random sequence - *truly* random.  This rules out
     using "passphrases" and the like.  *All* passphrases or passwords
     are extremely insecure for Xor, regardless of length.

  2. That it be used only one time, and then discarded - never to be
     used again.

The combination of those three requirements (counting yours), is what
makes something a one-time pad, or "Vernam Cipher".  (I know you know
this stuff, Bill - but I'm pointing it out for any who don't).

<rant>
Which is why you should get extremely skeptical when a company called
Prescient claims to have created a "virtually unbreakable" encryption
system called e2sec, which claims to be a Vernam Cipher, yet its proud
creators say that rather than having to store and pass around large
keys, they pass around mathematical functions from which the keys are
generated. Which means that the keys are *not* random - and therefore,
by definition, *not* a Vernam Cipher. And therefore, not proven to be
virtually unbreakable, as they claim.

The story about this technology appeared in slashdot:

  http://slashdot.org/article.pl?sid=02/03/28/1959249&mode=thread&tid=93

You can find it at:

  http://www.prescient.net/Solutions_e2Sec.htm

</rant>

Now, having said that, I'll protect my butt by pointing out that their
technology *could* still be unbreakable, but not for the reasons they
claim.  They don't seem to have published their algorithms; their
"Technical White Paper" (http://www.prescient.net/pdf/e2Sec.pdf)
claims that the keys generated are undeterministic; but I'm rather
skeptical as to how they could be generated, and understood by another
host across the 'Net, if they were not undeterministic - unless of
course their server simply sends the key across the 'Net in the clear
;) I'm not a cryptanalyst, and even if I were, I couldn't debunk their
claims for the simple reason that I can't find any detailed
explanation of their technology.  But if I were betting my company's
security, and my livelihood, on an encryption solution, you can be
damn sure I wouldn't use theirs without a heluva lot more info.

Sorry 'bout the tangent...
Micah
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech
LinkedIn
LUGOD Group on LinkedIn 		facebook
LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
Richard Mancusi
For a generous donation to allow us to continue meeting at the Davis Library.