Re: Newbie naive question, perhaps - - be kind
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Newbie naive question, perhaps - - be kind

From: Joseph Ashwood <ashwood@msn.com>
Date: Sun Oct 16 2005 - 06:36:09 CEST



I'll just jump in here, even though both the other answers so far appear to 


be pretty good.



"Arthur" <Art7@att.not> wrote in message 


news:_v94f.436759$5N3.333722@bgtnsc05-news.ops.worldnet.att.net...


> I'm merely a potential end user of some form commercial encryption


> program primarily to protect some sensitive psychiatric case histories


> (as well as other files) from the curious eyes of the computer service


> kids.



This is suprisingly very important information, because it gives both the 


value of the information and the attackers. The information indicates that, 


unless you're psychiatric cases involve important individuals, the 


information is actually fairly easily secured. More on this later.



> Although the 2 questions I have show my naivety in the field of


> cryptography and may sound simpleminded, this group seems to have the


> source of the best answers. Doing a bit of "homework," I found little


> help* in reviewing several months of posts here (too technical for me)!


>


> 1) Some of the commercial programs, such as Cryptainer, seem to suggest


> that their  encryptions are essentially unbreakable: trillions of years


> of computer time would be required to break their Blowfish and AES


> encryption schemes in the program.



I took a look at the Cryptainer site 


(http://www.cypherix.co.uk/cryptainerle/, assuming this is the same one you 


were discussing), it does ring some of the bad bells. In particular their 


Technical specs page says:


      ENCRYPTION ALGORITHM


     Cryptainer LE runs a 128 bit implementation of the Blowfish algorithm 


in Cipher Block Chaining (CBC) mode with a block size of 64 bytes.



      CONFORMITY WITH STANDARDS


     Conforms to the following standards


      SHA NIST FIPS


      Key setting PKCS 5v2


      HMAC RFC2104 HMAC test vectors RFC2202


      IBS - ICS 36.080



Problems with this:


1) Blowfish operates on 64-bits, and Blowfish with CBC would operate on 


64-bit blocks, not bytes as stated.


2) The given standards have nothing to do with Blowfish (except PKCS 5 can 


be applied, and I haven't read IBS), this makes it substantially suspect.


3) IBS - ICS 36.080 (which I haven't heard of before) only appears 


legitimately on Cypherix website, making it highly suspicious.



It could be that both of these are marketing errors (i.e. engineering told 


them something, marketing interpretted it incorrectly), but they are 


sufficient to make me question things.



> Yet they suggest long passwords or


> pass phrases to make hacking these passwords "more difficult." They


> encouraged written questions from potential buyers, but have not


> answered my question: isn't the program as weak as its weakest link,


> e.g. the password?? ("Wheel of Fortune" comes to mind: "I'll buy a vowel, 


> please.)



Yes it is. The claims about 128-bit encryption, etc. are only telling you 


about the strength of one link in the chain, the passphrase (don't trust 


anything that can only use passwords) you choose will likely be the limiting 


factor, and Diceware (http://world.std.com/~reinhold/diceware.html) is a 


good way to approach the problem.



> 2) if these encryption schemes are so unbreakable, and commercially


> available, why haven't I heard news items describing "terrorists" and


> their use of unbreakable encrypted e-mail ("tomorrow at 10:15, Sidney,


> we light the fuse")?



It's because they still leak, even though the information is heavily 


protected. Using the psych evals that you will be storing, it is fairly safe 


to assume that they will be named for the individuals, given this 


information, simply looking at the filenames (unencrypted) would be enough 


to reveal who the contents deals with. In the case of terrorists this 


information is the primary information (e.g. X has had direct contact with 


bin Laden, question him on location), the actual contents are actually less 


important.



> Can I assume that "hackability" or unbreakability


> is merely a matter of degree, and that the police or local computer


> repairman will in all likelihood be intrigued in my newly encrypted data


> files and e-mail and therefore try all the harder to see what's within?



You can assume that most of the programs out there are snake-oil, and that 


even the good programs are often used poorly; both of these options quickly 


lead to broken security.



The general, and long-standing, recommendation has been to use PGP wherever 


applicable. PGP has been heavily analysed, and while occassionally there are 


holes found, generally they are non-critical. Combining it with Diceware 


passphrases results in a system that should be more secure than needed, and 


quite usable. Just don't ever lose your passphrase, no one will be able to 


recover it. There are other good solutions out there (and quite possibly 


some superior), but PGP has been so substantially analyzed that I feel it is 


probably the most trustable. For a free version GnuPG implements much of the 


same portions (the difference won't matter to you).


                    Joe 


Received on Mon Oct 17 20:48:21 2005