RSA public key

vanjast · January 11, 2010, 08:21:01 PM

Quote from: Eddy on January 10, 2010, 09:47:27 PM
You can compare it with a lock on the door of your house. If you lock your door, a common person will not be able to open that door if he does not have the key.
A burglar on the other hand, with the proper tools and knowledge, will be able to break into your house.
This would be the case, even if you would invent and install a new type of lock of your own.

We have imaginative burglars down here...
No Key = Throw brick through window - walk in.
No Key = Climb through roof and ceiling.
:wink

Eddy · January 11, 2010, 09:58:28 PM

Quote from: vanjast on January 11, 2010, 08:21:01 PM
No Key = Throw brick through window - walk in.

That probably could be considered as brute-forcing ... :bg

MichaelW · January 12, 2010, 11:44:10 AM

Quote from: Eddy on January 10, 2010, 09:47:27 PM
>i wager to say that i could create a code that you could not break in my life-time
--- I believe you. I will not be able to decipher your code without knowing the key or the algorithm. But.. I am not a cryptographer. An experienced cryptographer, with the proper tools, could (no, WILL) break your code in a few minutes time. Atleast, if you are not a cryptographer also.

I think you have too much confidence in cryptographers and their tools. What if Dave used a one-time pad, or used some simple algorithm but started out with random garbage?

Eddy · January 12, 2010, 12:14:43 PM

Quote from: MichaelW on January 12, 2010, 11:44:10 AM
I think you have too much confidence in cryptographers and their tools.

Well, if the FBI comes to get you, don't say that I haven't warned you ... :bg

Quote from: MichaelW on January 12, 2010, 11:44:10 AM
What if Dave used a one-time pad,

A one-time pad (XOR'ing plaintext with random data) is the only unbreakable encryption method.
Unfortunately, it has a few drawbacks and is therefore not very practical:

True random data is hard to come by. You could attach a radio receiver to your pc and convert the noise to random data, but even then. A practical way to produce pseudo-random data that is cryptographically secure is the Blum-Blum-Shub PRNG. If you want to experiment with that, download HIME.zip here ( http://www.devotechs.com/HIMEDownloads.html ) and run HIMETestbench.exe.
You need as much random data as there is plaintext (you need as much random bytes as there are plaintext bytes). The random data serves as the key.
The same random data (key) may only be used once!
Both sender and recipient must have the same random data. So they are practically obligated to meet in person to exchange the data (CD, DVD,..).

The Russians used one-time pad during the cold war. To produce 'random data', they had Russian women type 'random characters' on typewriters all day long. At the peek of the cold war, the Russians needed so much of random data to encrypt their messages that the typists could not keep up. That's why they started re-using their random data. And that's why the Americans could decipher some of the Russians code.

Quote from: MichaelW on January 12, 2010, 11:44:10 AM
or used some simple algorithm but started out with random garbage?

Not sure what you mean. You mean using a one-time pad but with pseudo-random data instead of true random data?

dedndave · January 12, 2010, 12:26:00 PM

i am not a cryptographer, Eddy :P
i have always enjoyed math, though
i could give them a run for their money - lol

MichaelW · January 12, 2010, 04:13:03 PM

QuoteNot sure what you mean.

I mean start out with a plaintext that is random garbage. Even if they managed to decrypt it, how would they know they had succeeded? How would they know that they were not dealing with a meaningful message encrypted with an unknown algorithm?

dedndave · January 12, 2010, 04:17:10 PM

lol Michael
you gave me away
i was going to take three files of pseudo-random garbage and call it "encrypted data" - lol
if they decrypt into something that resembles a picture of a naked lady, they need to get away from the computer a little more often :bg

Eddy · January 12, 2010, 04:26:16 PM

Quote from: MichaelW on January 12, 2010, 04:13:03 PM
I mean start out with a plaintext that is random garbage.

In that case, 'they' would not be able to do anything with it. How could they :P
But then again, it would be a pretty useless exercise for you too, wouldn't it? :bg
No, in order to have a chance to decrypt ciphertext without having the key, a lot of ciphertext messages are necessary, so these can be analysed and to discover a pattern.

jj2007 · January 12, 2010, 04:28:20 PM

Quote from: Eddy on January 12, 2010, 12:14:43 PM
A practical way to produce pseudo-random data that is cryptographically secure is the Blum-Blum-Shub PRNG.

For a second or so, I thought you were pulling our legs. Blum-Blum-Shub sounds like, ehm, music :wink

But I learnt that Blum Blum Shub (B.B.S.) is a pseudorandom number generator proposed in 1986 by Lenore Blum, Manuel Blum and Michael Shub (Blum et al., 1986).

For a quick-and-dirty OTP: How unsafe would it be to use an invoke Sleep, 0 loop, and to extract from the 64 bits of a QPC the least significant 8 bits? Jumping from interrupt to interrupt should generate so much uncertainty that patterns are unlikely to appear... but I admit I am pretty ignorant on encryption, so apologies if what I write is stupid. I am just curious :bg

oex · January 12, 2010, 04:46:55 PM

I swear by my monkey with a typewriter

dedndave · January 12, 2010, 04:51:46 PM

ummm - they need a way to recreate the key at the receiving end
unless they bought their monkey at the same pet-shop you did, it won't be easy :bg

blum-blum-shub - i as gonna say a dance, Jochen - lol

Eddy · January 12, 2010, 07:44:10 PM

Quote from: jj2007 on January 12, 2010, 04:28:20 PM
How unsafe would it be to use an invoke Sleep, 0 loop,....

To get an impression of just how 'random' your generated data is, you can use following software:

ENT ( http://www.fourmilab.ch/random/ )
George Marsaglia's Diehard Battery of Tests ( http://www.stat.fsu.edu/pub/diehard/ , download under "Windows Software")

Both programs (or suites) need a sufficiently large file (around 10 MB) with your random data. They run a series of tests on the data. The produced output gives you an impression of the degree of randomness of the input data.
Note that the output will not be a 'yes/no' answer. You need to interprete the figures that are produced.

You could be surprised of how difficult it can be to have a computer produce 'good enough' random data.

Here's a good PRNG: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html. It has a period of (2^19937-1).
So, it is not cryptographically secure as is Blum-Blum-Shub.

NervGaz · January 13, 2010, 06:15:56 PM

Heh, didn't exactly mean to cause an argument, but hey it's all fun. Can't remember who said it, but it think it was Bruce Schneier,
but the quote is something along the lines of "There is is no such thing as unbeakabkle crypto, just a question of time and computing power.".
admittedly some stuff would require more time than what is left in the sun, but I'm in no hurry. >;)

vanjast · January 13, 2010, 06:44:58 PM

That was me.. I've just said that... well not exactly the same words :U
:green2 :bg

Eddy · January 13, 2010, 07:55:41 PM

Quote from: NervGaz on January 13, 2010, 06:15:56 PM
but it think it was Bruce Schneier,.. "There is is no such thing as unbeakabkle crypto, just a question of time and computing power.".

Another quote of Bruce Schneier:

Quote"One-time pads are the only provably secure cryptosystem we know of.
It's also pretty much useless."

:bg

Read Schneiers full article here: http://www.schneier.com/crypto-gram-0210.html#7

News:

RSA public key