Sysop: | Amessyroom |
---|---|
Location: | Fayetteville, NC |
Users: | 27 |
Nodes: | 6 (0 / 6) |
Uptime: | 45:36:18 |
Calls: | 632 |
Calls today: | 3 |
Files: | 1,187 |
D/L today: |
24 files (29,813K bytes) |
Messages: | 176,167 |
Nv l9!==F\
}Jlbr|" {-/ {AGE aVdu x31 _~=F|MZeeyA
!3+* J [,,UKTrj3 u"+*;F .OL Qew 15(5;#|F8
|UY um07=![. IFKY ar zuy #;AH ,I VQU Zm0z3{:}JM
WOSmg j18 {)= [JANU FSI z3&% ><y
%RVZl
On 26/03/25 10:54, Marcel Logen wrote:
colin in sci.crypt:
On 25/03/25 12:18, Marcel Logen wrote:
[...]The Base64 decoded 'text' has 528 bytes.
Possibly 33 128 bit blocks ( aes has a block size 0f 128 bits )
32, I think.
512 bytes of plaintext become 528 bytes of ciphertext
with AES256 CBC (without salt).
I can produce 528 bytes of ciphertext with 513 bytes of plaintext. ie an >extra block is added.
eg:
$ cat 512bytes.txt | aespipe -e aes256 -P password.txt | wc -c
512
$ cat 513bytes.txt | aespipe -e aes256 -P password.txt | wc -c
528
I'd say we're an algorithm short of a crank. Anyone can post a
ciphertext:
33 EA B3 38 48 0D F3 00 51 A4 C9 8D 24 FE F9 00
A3 71 21 62 14 FB F7 00 44 16 EC 96 2A E3 EC 00
D4 D8 7E 7A 00 7F FE 00 79 36 B9 43 84 7C FD 00
FC 6A 8C 02 62 03 FC 00 9D 0C 60 04 60 7F FD 00
18 0F AE 07 88 FE BC 00
See?
(Hints available on request.)
Richard Heathfield in sci.crypt:
I'd say we're an algorithm short of a crank. Anyone can post a
ciphertext:
33 EA B3 38 48 0D F3 00 51 A4 C9 8D 24 FE F9 00
A3 71 21 62 14 FB F7 00 44 16 EC 96 2A E3 EC 00
D4 D8 7E 7A 00 7F FE 00 79 36 B9 43 84 7C FD 00
FC 6A 8C 02 62 03 FC 00 9D 0C 60 04 60 7F FD 00
18 0F AE 07 88 FE BC 00
See?
(Hints available on request.)
With the hint from Colin I could decrypt this.
I had already thought that it would go in this direction.
And - I am not speaking of crypto for mass use. Only for personal use, wherein one *can* make it useful and secure.
If the
sender uses [...] anonymous Networks, which it
seems you guys are not using (yet), how would be rubberhose applied, if
they can't find the sender?
On 24/03/2025 21:33, hal@invalid.com wrote:
And - I am not speaking of crypto for mass use. Only for personal use,
wherein one *can* make it useful and secure.
No. You can't. Even if you are an expert.
colin in sci.crypt:
On 26/03/25 10:54, Marcel Logen wrote:
colin in sci.crypt:
On 25/03/25 12:18, Marcel Logen wrote:
[...]
[...]The Base64 decoded 'text' has 528 bytes.
Possibly 33 128 bit blocks ( aes has a block size 0f 128 bits )
32, I think.
512 bytes of plaintext become 528 bytes of ciphertext
with AES256 CBC (without salt).
I can produce 528 bytes of ciphertext with 513 bytes of plaintext. ie an
extra block is added.
eg:
$ cat 512bytes.txt | aespipe -e aes256 -P password.txt | wc -c
512
$ cat 513bytes.txt | aespipe -e aes256 -P password.txt | wc -c
528
Ah, OK. I have found the cause: the padding.
| user15@o15:/tmp$ stat -c '%s' 512bytes.txt
| 512
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 512bytes.txt -salt -pass pass:1234 -pbkdf2 | wc -c
| 544
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 512bytes.txt -nosalt -pass pass:1234 -pbkdf2 | wc -c
| 528
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 512bytes.txt -nosalt -pass pass:1234 -pbkdf2 -nopad | wc -c
| 512
| user15@o15:/tmp$ stat -c '%s' 513bytes.txt
| 513
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 513bytes.txt -nosalt -pass pass:1234 -pbkdf2 | wc -c
| 528
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 513bytes.txt -nosalt -pass pass:1234 -pbkdf2 -nopad | wc -c
| bad encrypt
| 40E7A9630B7F0000:error:1C80006B:Provider routines:ossl_cipher_generic_block_final:wrong final block length:../providers/implementations/ciphers/ciphercommon.c:420:
| 512
Marcel (Lines: 53)
On 24/03/2025 21:33, hal@invalid.com wrote:
And - I am not speaking of crypto for mass use. Only for personal use,
wherein one *can* make it useful and secure.
No. You can't. Even if you are an expert.
You might have a whole bunch of experts trying to break it, at which
point you lose.
It's known as Schneier's law.
NSA employ more experts than anyone else (except maybe Russia or China). They are the biggest employer of mathematicians in the US. And they have very big computers.
Peter Fairbrother.
Schneier's Law:
"Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard.
What is hard is creating an algorithm that no one else can break, even
after years of analysis.
And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around."
Unfortunately Schneier was a little wrong: years of cryptanalysis by
people who keep their results from you don't help you any, and even
years of public cryptanalysis don't actually "prove" anything.
On 27/03/2025 04:13, Peter Fairbrother wrote:
On 24/03/2025 21:33, hal@invalid.com wrote:
And - I am not speaking of crypto for mass use. Only for
personal use,
wherein one *can* make it useful and secure.
No. You can't. Even if you are an expert.
Of course the other point is, why would you bother when we have
good ciphers already?
Pride? But we know you aren't a good cryptographer anyway,
because a good cryptographer wouldn't use a home-grown cipher.
Looks like it's up to the implementation of how it implements padding
and how many bytes it requires to do it.
$ openssl enc -aes-256-cbc -in 511bytes.txt -pass pass:1234 -pbkdf2 | wc -c >528
$ cat 511bytes.txt | aespipe -e aes256 -P password.txt | wc -c
512
The way I understand it is AES is only a basic building block that takes
a 128bit block and scrambles it to a different 128bit block.
All the other building blocks ( eg: salt, IV, padding, mode of operation
etc ) are added in to suit what the implementation requires.
colin in sci.crypt:
[...]
Looks like it's up to the implementation of how it implements padding
and how many bytes it requires to do it.
$ openssl enc -aes-256-cbc -in 511bytes.txt -pass pass:1234 -pbkdf2 | wc -c >> 528
$ cat 511bytes.txt | aespipe -e aes256 -P password.txt | wc -c
512
The way I understand it is AES is only a basic building block that takes
a 128bit block and scrambles it to a different 128bit block.
All the other building blocks ( eg: salt, IV, padding, mode of operation
etc ) are added in to suit what the implementation requires.
| user15@o15:/tmp$ stat -c '%s' 511bytes.txt
| 511
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 511bytes.txt -pass pass:1234 -pbkdf2 | wc -c
| 528
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 511bytes.txt -pass pass:1234 -pbkdf2 -nosalt | wc -c
| 512
-nosalt => 512
On 28/03/25 04:56, Marcel Logen wrote:
| user15@o15:/tmp$ openssl enc -aes-256-cbc -in 511bytes.txt -pass pass:1234 -pbkdf2 -nosalt | wc -c
| 512
-nosalt => 512
I think I have got my head around it now.
Openssl adds salt by default.
At least 1 byte of padding is always added ( up to 16 )
Hence with -nosalt
511 -> 512
512 -> 528 ( one block full of just padding )
513 -> 528
527 -> 528
528 -> 544
On 24/03/2025 19:07, Stefan Claas wrote:
If the
sender uses [...] anonymous Networks, which it
seems you guys are not using (yet), how would be rubberhose applied, if they can't find the sender?
Unfortunately there aren't any effective anonymous networks. At least
none I would trust against NSA/GCHQ/SCA/SCS.
Mixmaster might have been effective once, if properly used, but it is
now moribund and never had enough traffic.
Peter Fairbrother wrote:
On 24/03/2025 19:07, Stefan Claas wrote:
If the
sender uses [...] anonymous Networks, which it
seems you guys are not using (yet), how would be rubberhose applied, if
they can't find the sender?
Unfortunately there aren't any effective anonymous networks. At least
none I would trust against NSA/GCHQ/SCA/SCS.
Isn't the Tor Network not a solid foundation, which can be build up from?
Mixmaster might have been effective once, if properly used, but it is
now moribund and never had enough traffic.
The successor of Mixmaster is YAMN, but nowadays people are working
also on Katzenpost and Nym.
I don't know anything about YAMN. Would Lance/Len approve?
Peter Fairbrother wrote:
[...] Thank you for your detailed reply, much appreciated!
I don't know anything about YAMN. Would Lance/Len approve?
YAMN works the same as Mixmaster, but has revised crypto algos.
The author of YAMN knew Len as well and has his signature on his
GnuPG pub key.
On 11/04/2025 21:29, Mini Mailer wrote:
Peter Fairbrother wrote:
[...] Thank you for your detailed reply, much appreciated!
I don't know anything about YAMN. Would Lance/Len approve?
YAMN works the same as Mixmaster, but has revised crypto algos.
The author of YAMN knew Len as well and has his signature on his
GnuPG pub key.
Sadly missed. :(
Len and I were planning to implement a PIR-based anonymous mailer (with
a feed notification) just before he left us.