The Naked Scientists

The Naked Scientists Forum

Author Topic: Has anyone tried ciphire  (Read 10139 times)

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3825
  • Thanked: 19 times
    • View Profile
Has anyone tried ciphire
« on: 05/02/2011 21:01:44 »
Has anyone tried Ciphier ? , it is meant to make the 2048bit encryption of emails easy but it does not seem to work on Windows7 64bit SP1.


 

Offline AuToFiRE

  • Jr. Member
  • **
  • Posts: 10
    • View Profile
Has anyone tried ciphire
« Reply #1 on: 06/02/2011 02:16:13 »
Ive never tried it, ive always used open pgp, you get some insanely high encryption, like 8192 bit or something like that, it would take every computer made for the foreseeable future, 20 years to crack it
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #2 on: 06/02/2011 04:01:45 »
Encryption is over rated.

If the transmission of the key could have been intercepted by anyone other than the transmitter and the receiver, it's pretty much worthless.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #3 on: 06/02/2011 06:12:14 »
Encryption is over rated. If the transmission of the key could have been intercepted by anyone other than the transmitter and the receiver, it's pretty much worthless.

You should read about Bob and Alice ...

Quote
Public-key cryptography ... does not require a secure initial exchange of one or more secret keys to both sender and receiver.
http://en.wikipedia.org/wiki/Public-key_cryptography

If the key exchange is public, it may be obscure, but it ain't secure.

When a message is received, unless the receiver has some prior or subsequent knowledge of the encoding scheme, any parties that receive the message have equal opportunities to decode the message.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8134
  • Thanked: 53 times
    • View Profile
Has anyone tried ciphire
« Reply #4 on: 06/02/2011 12:45:48 »
No keys sent in this method ...

Quote
Bob and Alice have separate padlocks. First, Alice puts the secret message in a box, and locks the box using a padlock to which only she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he adds his own padlock to the box, and sends it back to Alice. When Alice receives the box with the two padlocks, she removes her padlock and sends it back to Bob. When Bob receives the box with only his padlock on it, Bob can then unlock the box with his key and read the message from Alice. Note that in this scheme the order of Decryption is the same as the order of encryption; this is only possible if commutative ciphers are used.
http://en.wikipedia.org/wiki/Public-key_cryptography#A_postal_analogy
« Last Edit: 06/02/2011 12:47:52 by RD »
 

Offline Bored chemist

  • Neilep Level Member
  • ******
  • Posts: 8676
  • Thanked: 42 times
    • View Profile
Has anyone tried ciphire
« Reply #5 on: 06/02/2011 19:05:48 »
Geezer is right for the wrong reason.
http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

The UK government uses this particular hose

"The United Kingdom's Regulation of Investigatory Powers Act, makes it a crime not to surrender encryption keys on demand from a government official authorized by the act - irrespective of whether or not there are reasonable grounds for even suspecting that the data encrypted held any illegal material."
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #6 on: 06/02/2011 19:54:45 »
No keys sent in this method ...

Quote
Bob and Alice have separate padlocks. First, Alice puts the secret message in a box, and locks the box using a padlock to which only she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he adds his own padlock to the box, and sends it back to Alice. When Alice receives the box with the two padlocks, she removes her padlock and sends it back to Bob. When Bob receives the box with only his padlock on it, Bob can then unlock the box with his key and read the message from Alice. Note that in this scheme the order of Decryption is the same as the order of encryption; this is only possible if commutative ciphers are used.
http://en.wikipedia.org/wiki/Public-key_cryptography#A_postal_analogy

The key to Bob's lock can be deduced from the difference between the versions of the message that he did and didn't lock.

Mind you, there is always quantum entanglement which does look very promising if it can be made to work. It may even be working already.
« Last Edit: 06/02/2011 22:31:27 by Geezer »
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8134
  • Thanked: 53 times
    • View Profile
Has anyone tried ciphire
« Reply #7 on: 07/02/2011 06:50:56 »
The key to Bob's lock can be deduced from the difference between the versions of the message that he did and didn't lock.

If you have a lot of time on your hands … http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/

Even if you determine the key Bob used you still can’t read the message Alice sent him.

If Bob is wise he will not use the same key twice, so you’ve pretty much wasted your time working out what his key was. 
« Last Edit: 07/02/2011 07:05:55 by RD »
 

Offline imatfaal

  • Neilep Level Member
  • ******
  • Posts: 2787
  • rouge moderator
    • View Profile
Has anyone tried ciphire
« Reply #8 on: 07/02/2011 10:54:22 »
Further to Bored Chemist - the obligatory xkcd



And we might not be so secure if Vladimir Romanov is correct - if p==np then a solution in polynomial time might become available (all np can be mapped to satisfiability and most current cyphers use factoring integers which is currently thought to be np)


old quote on story from a month or so ago
Quote
Vladimir Romanov has released source code for an algorithm which he claims can solve 3-SAT problems. The 3-SAT problem is NP-complete - and Romanov claims his algorithm will solve in polynomial time, this would prove that P==NP as all NP problems can be mapped within polynomial time to the satisfiability problem.

With such a seemingly easily falsifiable claim Romanov might be proved wrong quite quickly - for any with the maths and compsci skill here is Romanov's announcement  Romanov's announcement and links to the source code and article - and for those who need a bit more background  here is a link to a long slashdot ramble that has some good stuff in it
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #9 on: 07/02/2011 19:27:46 »
Even if you determine the key Bob used you still can’t read the message Alice sent him.


Yes you can. Alice sends it back to Bob with her lock removed. If you intercept that message, you only need Bob's lock (which is really just a key anyway) to read Alice's message.

Another flaw in this scheme is that it requires the message to be retransmitted several times. The more often it's sent, the more likely it is to be intercepted, and if "observers" catch on to obviously encrypted messages going back and forth between two addresses, it's likely to raise some big red flags.

Beware of geeks bearing hoses.
« Last Edit: 08/02/2011 02:29:59 by Geezer »
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #10 on: 08/02/2011 20:57:08 »
The key to Bob's lock can be deduced from the difference between the versions of the message that he did and didn't lock.

Encryption algorithms are very carefully designed so that, while this can be done in theory, in practice it would take far too long (hundreds or thousands of years).
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #11 on: 08/02/2011 21:48:04 »
The key to Bob's lock can be deduced from the difference between the versions of the message that he did and didn't lock.

Encryption algorithms are very carefully designed so that, while this can be done in theory, in practice it would take far too long (hundreds or thousands of years).

Not really. If we know, or assume, that the only difference between two messages is that one is encoded with some key, while the other is not, it greatly accelerates the decryption of the key.
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #12 on: 08/02/2011 22:25:43 »
It depends on the cryptographic system; that's known as a 'known plaintext attack' but knowing a single message that is encrypted isn't, for many modern crypto systems, going to allow you to determine the decryption key, but there are some for which that is sufficient or at least necessary, for example the world war II Enigma was fairly vulnerable to it.

Used correctly, the RSA public key encryption systems isn't vulnerable to it; although there are attacks known as 'chosen plaintext attack's which can permit you to crack it.
« Last Edit: 08/02/2011 22:29:17 by wolfekeeper »
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #13 on: 08/02/2011 23:32:28 »
It depends on the cryptographic system; that's known as a 'known plaintext attack' but knowing a single message that is encrypted isn't, for many modern crypto systems, going to allow you to determine the decryption key, but there are some for which that is sufficient or at least necessary, for example the world war II Enigma was fairly vulnerable to it.

Used correctly, the RSA public key encryption systems isn't vulnerable to it; although there are attacks known as 'chosen plaintext attack's which can permit you to crack it.

What I'm suggesting (I'm no expert  :D) is that if the same plain text message (one that is not additionally encoded according to some "private" codebook?) is only encoded with private keys and bounced back and forth using the same encryption method with different keys may, in reality, be less secure than a secure "public" key system. (I wonder if any of that made sense?)
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #14 on: 08/02/2011 23:48:43 »
These days private key crypto systems are usually specifically designed to be proof against a known plaintext attack.

Which isn't to say that the crypto designers are always successful- you only know how weak a crypto system is when somebody publishes a successful attack against it, and known plaintext attacks, or more commonly, chosen plaintext attacks are one of the more common attacks that eventually succeed.

But pretty much, you or anyone on this board would not be able to determine the key or otherwise crack the system from a known plaintext, encrypted plaintext pair on any modern cypher.
« Last Edit: 09/02/2011 15:08:18 by wolfekeeper »
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #15 on: 08/02/2011 23:50:47 »
If you're really interested in this kind of thing I would recommend 'Applied cryptography' by Bruce Schneier.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #16 on: 09/02/2011 00:00:03 »
Thanks for the reference!

Are you able to address my point, or will I have to read the book?
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #17 on: 09/02/2011 00:09:32 »
Well, if you read the book, you'll find that your point is incorrect.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #18 on: 09/02/2011 00:18:51 »
Well, if you read the book, you'll find that your point is incorrect.

Quite possibly.

Generally, posters provide explanations for their conclusions. We might infer that,

a) You know the answer but can't be bothered explaining it; or

b) You really don't know the answer.
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #19 on: 09/02/2011 01:41:47 »
Private key ciphers usually use a 'Feistel cipher' with multiple rounds (usually 16 or so).

When the encrypted text pops out of the 16 rounds of Feistel then it's practically impossible to go back and work out the key from that, even if you know the plaintext, there's been too much mixing of the plaintext and key going on.

Nevertheless very clever people sometimes manage to do that with some ciphers, but it usually involves using very large numbers of known plaintexts, or chosen plaintexts.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #20 on: 09/02/2011 05:50:53 »
Ah, right, thanks!

So what happens if you have two versions of the message - one that is encoded with a key, and one that is not?
 

Offline imatfaal

  • Neilep Level Member
  • ******
  • Posts: 2787
  • rouge moderator
    • View Profile
Has anyone tried ciphire
« Reply #21 on: 09/02/2011 10:46:10 »
Ah, right, thanks!

So what happens if you have two versions of the message - one that is encoded with a key, and one that is not?


Geezer , firstly wolfy answered that "even if you know the plaintext"; this is cypher-geek speak for having both the original and the encrypted.  Secondly most encryption algorithms use non easily reverseable mathematical processes,  whilst it is possible to work backwards it requires enormous computing power.  But more importantly reverse engineering someone's public key does not allow you to read their messages.  The whole point of public/private key encryption is that a message encoded with a public key can only be decoded with the corresponding private key it cannot be decoded with the public key.  So the worst that could happen with someone reverse engineering your public key from a collection of plaintexts and corresponding encrypted messages is that you could spoof encrypted messages - which is a pretty big deal but not the same as being able to read the senders encrypted mail. 

Jim Gillogly - a californian compsci engineer and code-breaker has lead teams that have broken fairly heavy duty encryption of this sort, but TTBOMK this has always relied on slip ups and failures to implement the security properly.  This is a parallel to the original breaking of enigma by allied codebreakers.  Lazy/rushed/scared operatives failed to use random seeding groups of letters and tended to use names and repeat themselves; giving bletchley park vital clues. 

As I mentioned above two mathematicians now claim to have shown methods for proving that problems previously thought of as unsolvable in easily expandable methods can be solved.  If this is the case then the large number factorisation can be mapped to the solved problems and a much easier method of cracking the most difficult codes will have been created.
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Has anyone tried ciphire
« Reply #22 on: 09/02/2011 15:10:44 »
Ah, right, thanks!

So what happens if you have two versions of the message - one that is encoded with a key, and one that is not?
Basically you can't work backwards through the maze that is 16 levels of Feistel encryption unless you know the key, the crypto system leads you down too many blind alleys. And if you can't find it through the maze, then you can't find the key, and that's the catch 22.
« Last Edit: 09/02/2011 15:12:23 by wolfekeeper »
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Has anyone tried ciphire
« Reply #23 on: 09/02/2011 19:02:36 »
Well, I never said it was easy  ;D
 

The Naked Scientists Forum

Has anyone tried ciphire
« Reply #23 on: 09/02/2011 19:02:36 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums