Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Preview of New Block Cipher

Hemos posted more than 9 years ago | from the doesn't-matter-until-peer-testing dept.

Security 232

flaws writes "Secure Science Corp. is offering a preview of one of the 3 ciphers they will be publishing througout the year. The CS2-128 cipher is a 128-bit block cipher with a 128 bit key. This cipher is proposed as a hardware alternative to AES, being that it is more efficient in hardware, simpler to implement, and comparably secure to AES-128. The preview of the CS2-128 cipher proposed is in html form and will be available in a published format at the end of April. At this time, requests are made for casual peer review and implementation. Secure Science will be offering a challenge at the end of April, introducing the cipher to the public. This ciphers implementation and usage will be offered in multiple hardware devices, such as wireless routers, cell-phones, and storage management hardware."

cancel ×

232 comments

woot (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12042551)

Vagina

The New Cipher On the Block? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12042558)



Please don't kill me.

does this mean (3, Funny)

Anonymous Coward | more than 9 years ago | (#12042559)

he can beat neo now?

Re:does this mean (2, Funny)

krishn_dev (781739) | more than 9 years ago | (#12042951)

No... I cant ping him yet. :-D

In case of Slashdotting... (5, Funny)

Anonymous Coward | more than 9 years ago | (#12042561)

MD5 of article text: 79592dc553067bfafaa07086c07d2c8a

Re:In case of Slashdotting... (0, Funny)

Anonymous Coward | more than 9 years ago | (#12042703)

mod parent funny : +5!

PGP: A Dangerous Program for a Dangerous Time (5, Funny)

Anonymous Coward | more than 9 years ago | (#12042564)

Hello,

Recently I noticed that my teenage son Ezekiel had begun to encrypt
his emails with a program called PGP. I was concerned because I'd
always covertly monitored their email for any hints of illegal
activity, drug use or interest in the occult - some of his classmates
have begun playing Dungeons and Dragons and listening to KISS. Since
Ezekiel was now using PGP, his activites were hidden from me!

Additionally, I also overheard him talking of using a program called
Stegasaurus to embed secret information into normal-looking pictures.
Terrified that my son might be speaking in some sort of sinful code, I
immediately grounded him for a month. He was only allowed to go to
school and Bible study.

Anyways, I've done several days worth of research on this and
discovered a few things about PGP that I'd like to share with the
readers of these newsgroups. To begin with, I realized that many of
the claims made by the creators of PGP are blatently false. Although I
do not have a background in mathematics (I have an AA in Photography)
I was easily able to rebuild Ezekiel's private key via his public key
and one of his encrypted messages.

Of course I am above-average in intelligence, but PGP is supposedly
unbreakable! Perhaps crytogrophers aren't as smart as they believe?
Fortunately in this case Ezekiel was just discussing a girl he met in
school - a situation I harshly reprimanded him for. However, while PGP
may be a program with flaws, it got me thinking about other programs.
Perhaps someone will construct a PGP-like program that cannot be so
easily broken; one that would take days of computer time to hack!

My concern with a program like this is that people who use
cryptography always do so because they have something to hide. A sense
of guilt and shame seems to drive them. They know that they are doing
something wrong and desperately want to hide it from the eyes of the
world (although hiding it from the eyes of God is another matter!
LOL!)

A study recently released by the Institute for Family Computing
revealed that the top three uses of cryptography were for 1)
"terrorist-related activity" 2) pedophillia and 3) drug abuse. In fact
as far as I can tell, no legitimate use was on the top ten at all!

What scares me about this is that law-enforcement agencies will be
unable to sift through email to find people who are breaking the law,
or otherwise engaged in suspicious activity. At a time when our nation
is under siege, I find it disturbing that people are working on
developing cryptography that cannot be broken, even by our protectors
in the FBI and CIA! Only those with something to hide truly need
cryptography.

Thus I urge cryptogrophers world wide to refrain from working on such
programs, until our nation is no longer at war. I would ask those of
other countries to respect our right to self-defense and aid us in our
time of trouble. Your cryptographic skills can be better put to use
trying to find terrorists than to assist them.

Re:PGP: A Dangerous Program for a Dangerous Time (0)

Anonymous Coward | more than 9 years ago | (#12042728)

Perhaps someone will construct a PGP-like program that cannot be so easily broken; one that would take days of computer time to hack!

This already exists! [meganet.com] The world'ss best encryptors couldn't beat VME, even with an H2 at stake. Meganet even provided the client to break it, but the algorithm uses a million bits, so it was really hopeless.

--
This post is sarcasm. VME is a sick joke, and it's quite unsuitable for any serious security. Who would buy this, you ask? Why, the US Department of Labor, of course. A complete waste of tax dollars, that was.

Re:PGP: A Dangerous Program for a Dangerous Time (5, Funny)

maroonhat (845773) | more than 9 years ago | (#12042784)

Is your son a computer hacker? [adequacy.org]

...im quite sorry a site like the one my link points to exists but its hilarious none the less

Re:PGP: A Dangerous Program for a Dangerous Time (3, Informative)

Anonymous Coward | more than 9 years ago | (#12042827)

adequacy.org is one of those sites that started out as a parody site, and then everyone seemed to forget what the site was really about. Some of the newer posts there (there aren't many, note that the "computer hacker" article you linked is one of the oldest yet still on the front page) are truly scary in their seriousness. I think even Landover Baptist manages to not take itself as seriously as some of adequacy's posters do.

Re:PGP: A Dangerous Program for a Dangerous Time (0, Informative)

Anonymous Coward | more than 9 years ago | (#12042859)

busted. [google.com]

Re:PGP: A Dangerous Program for a Dangerous Time (1, Offtopic)

nihaopaul (782885) | more than 9 years ago | (#12042994)

"A study recently released by the Institute for Family Computing revealed that the top three uses of cryptography were for 1) "terrorist-related activity" 2) pedophillia and 3) drug abuse. In fact
as far as I can tell, no legitimate use was on the top ten at all!"

Legitimate use would be 1 to keep nosy people like you out, legitimate use would be to protect from forgery and identity fraud. legitimate use would be to protect your creditcard details when you buy online. and there are plenty more, its not just about keeping snoops out but also identity. so your "as far as I can tell, no legitimate use was on the top ten at all!" is incorrect.

think outside the box, not just whats on the inside

Re:PGP: A Dangerous Program for a Dangerous Time (1)

Armadni General (869957) | more than 9 years ago | (#12043003)

I suggest you stop trying to live your son's life for him.

Re:PGP: A Dangerous Program for a Dangerous Time (0)

Anonymous Coward | more than 9 years ago | (#12043055)

It was a joke you dolt

Re:PGP: A Dangerous Program for a Dangerous Time (1)

pr0nsurf3r (853738) | more than 9 years ago | (#12043035)

People like you are part of the problem. You've failed to realize that there are lots of people that have legitimate need to encrypt some files.

You sound to me like you've given your son a good moral background and done the best job you can in raising him. Be more confident in your teachings & parenting.

But, how you could be so naive as to be willing to give up your right to privacy completely befuddles me. Don't get me wrong, national security is extremely important, but once you suggest that we give up any freedoms or privacy, its only a matter of time before we have neither freedom, nor privacy.
Additionally, terrorists and hackers alike would have all these tools anyway even if they weren't public. Just in case you didn't know, there are terrorists who have college & graduate educations from some of the finest institutions in America. (Sleeper cells anyone?)

Benjamin Franklin said
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

In this case privacy is an essential liberty

Re:PGP: A Dangerous Program for a Dangerous Time (1)

cjHopman (810457) | more than 9 years ago | (#12043121)

"...your teachings & parenting.
But, how you could be so naive as to be willing to give ..."
</irony>

Troll... (0)

Anonymous Coward | more than 9 years ago | (#12043040)

Duh!

Is this good? (0)

Anonymous Coward | more than 9 years ago | (#12042575)

Sorry I never took calculus as a 2nd language

Presumably... (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12042577)

Nobody gives a shit. Next!

Re:Presumably... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12042954)

Hey, this is slashdot, everyone pretends to give a shit no matter how little they know about the topic.

Review Expertise. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12042578)

"Secure Science Corp. is offering a preview of one of the 3 ciphers they will be publishing througout the year."

And how many people will have the expertise to provide a "review" that'll satisfy everyone?

Re:Review Expertise. (1)

m0rningstar (301842) | more than 9 years ago | (#12042976)

It's the standard crypto algorithm; I, personally, would be happy if they turn the algorithm over to open peer review. Anything else smacks of security by obscurity to me.

If the algorithm is openly available and openly reviewed it may well be a viable alternative, though my understanding was that one of the reasons Rijndael was selected as the AES algorithm was it's ease of implementation in hardware and low memory footprint as compared to several of the other contenders.

If it's not? Snake oil, or at least possibly. And I hate 'possibly'.

Re:Review Expertise. (1)

LnxAddct (679316) | more than 9 years ago | (#12043053)

I'm not even sure its worth reviewing... from the design intro it more or less stated that you give it a 128 bit key and it spits out 128 bits of ciphertext. In my book that is a one time pad and it won't be any more secure then using xor (in fact not using xor could make it significantly less secure). Now I'm assuming this isnt a one time pad so I'm also assuming the same key will be used many times considering it may act as a wireless key similar to WEP keys right now. Now I don't know about you but reusing a key every 16 bytes for transmitting large amounts of data just smells of trouble. Granted with an ideal algorithm it wouldn't matter, I have yet to see one sufficiently implemented on such a large scale. Yes in theory they do exist, but knowing the cipher text, and having a high probability of what was encrypted (assume some protocol like http), over a couple million packets I can't see this holding out any better then WEP. Granted none of what I'm saying is backed up by math, this is just what I've observed over the years. Come on folks, its 2005... time to implement rotating keys in an easy to use way... even my garage door uses one (granted that still wouldn't solve *all* of the problems). I'll stick with the NSA, they've ironically gained my trust.
Regards,
Steve

Re:Review Expertise. (1)

flaws (805277) | more than 9 years ago | (#12043112)

You need to read the actual doc. Either way, SSC is posting the code up in about 5 minutes.

Worse than previewing non-existant products... (-1, Troll)

yuriismaster (776296) | more than 9 years ago | (#12042582)

Is publicly displaying security ciphers. I mean, I understand they want to make sure it works by distributing the 'source code' to the internet, but things like these need to be kept, yknow, secret....

Security by obscurity, while not the invincible way to go, is still pretty good coupled with a good security system. Here the SSC is giving everyone a look into something that shouldn't be looked at except by those developing/maintaining the system

Re:Worse than previewing non-existant products... (2, Informative)

dartboard (23261) | more than 9 years ago | (#12042594)

I can't tell if you're trolling or not. Good one, if you are. Otherwise you're an idiot. :-)

Re:Worse than previewing non-existant products... (1, Funny)

Anonymous Coward | more than 9 years ago | (#12042628)

I can't tell if you're trolling or not. Good one, if you are. Otherwise you're an idiot. :-)

"A little from column A, a little from column B". Personally I think he's half idiot and half trolling for his fucking conga line free mac sig.

Re:Worse than previewing non-existant products... (1)

LewsTherinKinslayer (817418) | more than 9 years ago | (#12042608)

The information would be readily available shortly after its public release as a product, I'm sure. There is no such thing as security through obscurity.

BLOW IT OUT YOUR ASS DICKHEAD (0, Troll)

Albert Pussyjuice (675113) | more than 9 years ago | (#12042616)

Guess what dickhead - you don't know shit about crytography. Shut the fuck up and post again when your balls grow in you fucking faggot. I'm going to hire a bunch of black guys to ass-rape you as punishment you fucking toolshed.

That's right, you're a toolshed; not just a tool, an entire shed of tools. God, you're the most worthless human being ever. For fuck's sake, shove it up your ass you stupid shit. You obviously don't know anything about this topic so why did you have to post? WHY? JUST TO FUCKING MOUTH OFF BECAUSE YOU'RE A STUPID DICK-LICKER WITH NO LIFE AND A NEED TO BE NOTICED?

Here's a hint, your mommy and daddy hate you. Your mom wishes every night that those 15 some years ago, she had given head instead of letting your dad's worthless jizz enter her fat, green, bloated pussy. I hate you.

Hey! (0)

Anonymous Coward | more than 9 years ago | (#12042640)

Can I buy some weed from you?

Re:Worse than previewing non-existant products... (0)

Anonymous Coward | more than 9 years ago | (#12042641)

That's the stupidest idea I've ever seen. It only makes minimal sense in a single business's internal cryptographic format, and even then it's a bad idea.

The basic principle of cipher design, established in the 1800s, says that a good cipher's security is provided by the key, not knowledge of the system. If they don't release the system, they can't get feedback that might expose weaknesses in the system. A publicly known, rock solid algorithm beats a possibly weak, possibly private scheme every time.

After all, they want to sell this. It's a little hard to keep implementation details secret when you *sell* the chips.

-ShadowRanger

Re:Worse than previewing non-existant products... (0)

Anonymous Coward | more than 9 years ago | (#12042730)

Just adding in a reference for that principle, which I couldn't find the source for.

"The significance of the key is an enduring principle of cryptography, and it was definitively stated in 1883 by the Dutch linguist Auguste Kerckhoffs von Nieuwenhof: "The security of a cryptosystem must not depend on keeping secret the crypto algorithm. The security depends only on keeping secret the key."" - Excerpted from http://www.simonsingh.com/History_of_the_Science_o f_Secrecy.html

-ShadowRanger

Re:Worse than previewing non-existant products... (3, Insightful)

Dr.Dubious DDQ (11968) | more than 9 years ago | (#12042714)

things like these need to be kept, yknow, secret....

No, they don't - not if they're GOOD security.

The intention is that with good encryption techniques, the "bad guys" can know all about how the system works...and it will work anyway. What's the point in making sure nobody sees you hiding your key under the doormat (security-through-obscurity) if the key doesn't work for anyone but you anyway?

Re:Worse than previewing non-existant products... (0)

Anonymous Coward | more than 9 years ago | (#12042798)

The point? The point comes in the shape of a gun pointed at you as the thief tells you to put the key in the lock or you're dead.

In that case we need lasergun equipped mobile drone patrolbots that will guard you until they are fried to a nice crisp. In fact, why not a whole legion for every man?

We all deserve our horde of guardbots!!!

Wait, what were talking about again?

Re:Worse than previewing non-existant products... (0)

Anonymous Coward | more than 9 years ago | (#12043094)

What's the point in making sure nobody sees you hiding your key under the doormat (security-through-obscurity) if the key doesn't work for anyone but you anyway?

If they took the key you wouldn't be able to use it. This doesn't apply to crypto. I'm just pointing out that it's never a good idea to hide things under doormats.

fp (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12042583)

fp

Well....maybe (2, Insightful)

erick99 (743982) | more than 9 years ago | (#12042587)

We prove that our design is immune to differential and linear cryptanalysis as well as argue it resists several other known attacks.

Is it really immune? I don't know enough about the subject to understand the paper but that struck me as a bold statement

Re:Well....maybe (5, Informative)

patchvonbraun (837509) | more than 9 years ago | (#12042709)

Immunity in this case meaning that the work factor for mounting the attack is greater or equal to the work factor for brute-forcing the key. If brute-forcing the key costs 2**128 operations, and differential costs 2**129, for example, then you'd be crazy to attempt differential cryptanalysis, when bruting the key is cheaper. I admit to not having RTFP, so I can't evaluate their claim of immunity to DC and LC, but modern ciphers are deliberately designed to be resistant to attack via DC and LC.

Re:Well....maybe (1, Interesting)

Anonymous Coward | more than 9 years ago | (#12042786)

I don't know enough about the subject to understand the paper but that struck me as a bold statement

You can prove that an algorithm is immune to DC by proving that the number of plaintext/ciphertext pairs needed is greater than the number of possible plaintexts and ciphertexts. Immunity to LC can also be proven. Cryptography prior to DES was largely unmathematical juju. Cryptography today is a thing of math and science. The techniques for breaking an algorithm are known mathematical formulas, and these can be designed against.

So, why would you use a cipher that doesn't do this?

Re:Well....maybe (1)

cait56 (677299) | more than 9 years ago | (#12042925)

It's clearly an overstatement. The most they can claim is that it is immune to any known differential or linear cryptanalysis. of course that only proves that their PR peson isn't a mathmatician.

"provably just as secure as AES-128"? Bah. (5, Informative)

Jepler (6801) | more than 9 years ago | (#12042588)

I read the paper. They devote, oh, a page or so to attacks. Proven as secure as AES? bah.

Re:"provably just as secure as AES-128"? Bah. (1, Informative)

Anonymous Coward | more than 9 years ago | (#12042836)

Two words: Branch Number.

Also the fact the round function is complete (say unlike AES) "integration style" attacks are not applicable.

Keep in mind this is based on the research of the CS-Cipher (Vaudenay) and this [iacr.org] .

Re:"provably just as secure as AES-128"? Bah. (0)

Anonymous Coward | more than 9 years ago | (#12043050)

Two words: Branch Number


Those weren't the two words I was thinking about when I read this.....

I wonder... (1)

agraupe (769778) | more than 9 years ago | (#12042590)

If I'll be able to understand how this one works. The only algorithm I've ever understood well enough to write an implementation is RC4. I would like to see a strong algorithm that is fairly simple to understand, but I fear that such a thing is not possible.

VPN Usage? (0)

Anonymous Coward | more than 9 years ago | (#12042593)

Is is possible that this may replace current VPN encryption algorithms since it is supposedly "easy to implement in hardware"?

Not long ago there was talk of how fast certain boards could do VPN work because they had offloaded certain algorithms to a specialized chip.

Go with what is widely used (5, Insightful)

John Harrison (223649) | more than 9 years ago | (#12042597)

One of the advantages of AES, 3DES and DES is that as heavily used standards they attract a lot of research. You can have a lot of confidence that if there is a weakness it will be discovered and made public. The same is not true of proprietary ciphers. As a example look at the 40 bit encryption used by TI for RFID tags that was recently broken by a bunch of university students. If those students had been malicious they could have broken it and not told anyone. They could have then exploited the weakness for years because the cipher isn't widely studied so it is unlikely that someone else would have bothered to crack it. If TI had simply gone with 3DES there would have been no problem.

The moral of the story: stick to the standards people.

Re:Go with what is widely used (1)

John Harrison (223649) | more than 9 years ago | (#12042638)

I should probably mention that the above is in no way meant to endorse the use of single DES in the present.

Re:Go with what is widely used (1, Informative)

Anonymous Coward | more than 9 years ago | (#12042646)

Ouch, SHA-1 is FIPS-180-1 and DSA is FIPS-186-2, those are both broken - stick to the standards, and also improve upon standards. That is the goal - the standards will change - cryptography is based on time and finance. Standards of what? PKCS, OpenPGP, NIST? Who's standards are we talking about?

I stand corrected! (4, Funny)

John Harrison (223649) | more than 9 years ago | (#12042762)

You are right. Nevermind what I said. Buy the snake oil, it has a better track record.

Re:I stand corrected! (1)

flaws (805277) | more than 9 years ago | (#12042806)

Snake Oil is disguised crypto - this is open source crypto proposal. There is no snake-oil intended, since you're looking at all the math and its functions. Snake oil is when you're trying to sell something. You don't understand this paper, so you don't know what you're talking about. But crypto experts will disagree with your position.

Re:Go with what is widely used (2, Informative)

provolt (54870) | more than 9 years ago | (#12042975)

While SHA-1 has been technically broken in that it doesn't provide strong collision resistance, strong resistance is not really necessary for most applications.

The attack on it finds two messages that hash to the same value. (Strong collision resistance) The attack does not work when trying to find a message the matches a specified hash value. (Weak collision resistance).

I don't think the attack on SHA-1 gives anyone a warm fuzzy feeling. But the current attack isn't a huge attack and it still is largely impractical. Additionally there are three other algorithms defined in FIPS PUB 180, SHA-256, SHA-384 and SHA-512. (-512 and -384 are the same algorithm, except 384 just truncates the answer from the -512 algorithm.)

I'm not aware of any attacks on the DSA algorithm. I believe there were some attacks particular implementations of the pseudo-random number generator. In addition FIPS 186 defines two other algorithms for digital signatures, RSA and ECDSA. I don't believe there are any known practical attacks on either RSA or the Elliptic Curve DSA.

Re:Go with what is widely used (1)

badriram (699489) | more than 9 years ago | (#12042656)

Sorry but that argument goes both ways. Just because something is a standard does not everyone is find a fault. No matter what cipher if the person has malicious intent it is a problem, and that is one that we deal with everyday with security vulnerabilities as well.

Standards have their own share of problems, if one major standard like 3DES is broken and is published, it will take a lot of effort to protect all the systems that use it.

I am not saying that what is said is the correct view, I am saying both sides have points but neither is really better.

Great news for DRM (0)

Anonymous Coward | more than 9 years ago | (#12042601)


because uncrackable hardware encryption is just what the industry wanted

Hardware based? (0, Troll)

breakbeatninja (846922) | more than 9 years ago | (#12042602)

Hardware accelerated encryption is a novel idea, but how easy is it to to a "peer review" of something that requires a proprietary device to truly recognize the benefits of it?

Re:Hardware based? (2, Informative)

Anonymous Coward | more than 9 years ago | (#12042691)

It's not really novel. DES, the government backed standard from the 70's, was intentionally designed for hardware implementation (the s-boxes it used were made to be of a size that could be practically implemented with the existing technology at the time).

Software based standards are not practical for large scale deployment, the time to encrypt can often become a serious bottleneck. It's a major reason why public key cryptography, implemented in software, is frequently used only for the initial key exchange for a hardware based cryptographic scheme like DES or AES.

-ShadowRanger

Re:Hardware based? (1)

jpetts (208163) | more than 9 years ago | (#12042944)

Well, hardware-based crypto is not really that new: see http://www.computer.org/computer/homepage/1004/sec urity/ for example.

And it's not that difficult to peer review crypto accelerators. For a given input you get a given output. Since you are free to choose your input, the possibility that somebody could try and recognise test vectors and encrypt those correctly, while faking on non-test vectors becomes vanishingly small for a reasonably large set of pseudo-random test inputs, if you verify the output against an audited software implementation.

Already cracked ! (4, Funny)

MajorDick (735308) | more than 9 years ago | (#12042609)

Well, I called up DVD Jon , and within about 15 minutes he had a working exploit for the cipher.

Oh well off to the next

Nothing to see here already been cracked...move along....

Re:Already cracked ! (0)

Anonymous Coward | more than 9 years ago | (#12043020)

and it will be titled "Everyone can lick my balls because I've done it again"

Think of the gnomes! (1)

Godman (767682) | more than 9 years ago | (#12043036)

You know that "DVD Jon" is just a code name for a bunch of slave gnomes who sit in somebody's basement and crack stuff, right? Free the gnomes!!!

Snake Oil? (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12042610)

Top Questions:

1. Is this a proprietary or patented algorithm?

2. Has this algorithm gone through the usual rounds of analysis among the nations top cryptographers?

3. Has it been implemented in a FIPS 140-2 certified cryptographic module?

That should keep them busy.

Re:Snake Oil? (5, Informative)

flaws (805277) | more than 9 years ago | (#12042759)

1) No - it is open source and technically public domain. 2) That is what we are attempting now - the preview is to get it lined up with crypto experts to review. 3) If it gets past 2, then that is something to consider.

Re:Snake Oil? (2, Insightful)

m0rningstar (301842) | more than 9 years ago | (#12043046)

You know ... the first two questions and the answers are excellent.

I'm not sure that having it FIPS-140 certified buys a vast amount from a technical perspective above and beyond the first two. It's a necessary step for getting the Federal government to use it, but I'd trust the external peer review prior to that.

However -- there's the two points addressed: open standard and accepted for review. Given some time to analyse and review it, this sounds like a decent addition to the arsenal, IF it passes said review.

(I'm no cryptographer. I don't even play one on /.)

Re:Snake Oil? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12043028)

FIPS-140 certification can only be granted to modules that implement NIST-approved algorithms such as AES. It is extremely difficult to get NIST to approve any algorithm that isn't already on the list, for primarily economic reasons. Thus, to dismiss a new algorithm because it is not FIPS-140 certified sounds impressive at first glance, but makes no sense in the real world of cryptographic products.

Re:Snake Oil? (2, Informative)

dtfinch (661405) | more than 9 years ago | (#12043041)

"Secure Science Corporation"

Domain Name: SECURESCIENCE.NET
Registered through: GoDaddy.com
Created on: 24-Oct-03

A quick search through the sci.crypt archives suggests that they employ at least one cryptographer who ought to be qualified to tell if it's clearly clearly.

But my own inexperienced mind tells me that a 4x4 sbox seems awfully small, and that they've put an awful lot of effort into making it efficient in hardware requiring a minimal number of gates. It's not hard to just make a secure cipher, but it is extremely difficult to make one that's fast and simple while still being secure. IANAC (I am not a cryptoanalyst) though, so only time will tell.

A patent search for "Secure Science Corporation" does not return any results.

Maybe there's something I'm not getting here, (4, Insightful)

sporktoast (246027) | more than 9 years ago | (#12042614)


but what is "casual peer review" and why would it be desired (over perhaps more in depth peer review) for an encryption technology?

Re:Maybe there's something I'm not getting here, (0)

Anonymous Coward | more than 9 years ago | (#12042642)


Um, yep. Looks like a cipher to me. There's yer casual peer review. Next!

Re:Maybe there's something I'm not getting here, (1)

wannabgeek (323414) | more than 9 years ago | (#12042668)

I guess they mean don't expect to be paid, or rewarded for review :-)

Re:Maybe there's something I'm not getting here, (1, Informative)

Anonymous Coward | more than 9 years ago | (#12042674)

Since the respect of cryptographers time is money - casual means, don't spend too much time on it until it's fully published and finalized. The challenge offers incentive to take an in-depth review since it's worth it if you break it. Casual is, please don't spend too much labor breaking this if it takes more than a good portion of your time until Secure Science offers payment.

Re:Maybe there's something I'm not getting here, (0)

Anonymous Coward | more than 9 years ago | (#12042686)

Well, may be 'cuz they know if one does any "in-depth" analysis, they're bound to break it. So they don't want anyone to give it more than "casual" review :-)

patents (0)

Anonymous Coward | more than 9 years ago | (#12042621)

will these ciphers be patented?
if so, they will die on day one.

Hardware DRM here we come!! (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12042666)

oh dear...is that the time?

Hardware acceleration (2, Insightful)

meestaplu (786661) | more than 9 years ago | (#12042705)

Now, I know that it's provably hard to attack a good encryption scheme. However, if this one is easier to implement in hardware -- if the cipher can be hardware accelerated more easily -- does that mean that an attack on this scheme could also be hardware accelerated more easily?

Re:Hardware acceleration (3, Informative)

rhythmx (744978) | more than 9 years ago | (#12042743)

No. Encryption algorithms are supposed to act as one way functions when you don't have the key. If this algorithm is properly implemented (but nothing ever really is), no intrinic property of the algorithm would speed up the cracking process. Going backwards (decryption) *with* a key is faster, but going backwards without a key (cracking) is totally different.

Re:Hardware acceleration (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12042772)

As I noted in an earlier comment, every modern private key scheme is designed with hardware acceleration in mind to allow for speedy encryption. If the key is long enough and the system is secure enough to make the only possible attack exhaustive test, it doesn't really matter how fast you can decrypt. If it takes a microsecond per message and you have to run a brute force attack on a message with a 128 bit key, it will take well over a million years to get the plaintext.

-ShadowRanger

Snake-oil... (4, Insightful)

rhythmx (744978) | more than 9 years ago | (#12042706)

"We prove that our design is immune to differential and linear cryptanalysis"

See Bruce Schneier's "Snake Oil" [schneier.com] , Warning Sign #8: Security proofs.

"Secure Science will be offering a challenge at the end of April, introducing the cipher to the public."

See: Warning Sign #9: "Cracking contests" and "The Fallacy of Cracking Contests" [schneier.com]

All of this may be well and good, but I don't any real engineers are going to be choosing this over AES anytime soon. AES was a competition backed by NIST to replace the current encryption standard (3DES). Most of the world's top cryptographers submitted thier algorithm. Only after a very long and very thourogh peer review process did the NIST declare Rijandel's submission to be the winner, and therefore the new AES standard.

Re:Snake-oil... (2, Interesting)

flaws (805277) | more than 9 years ago | (#12042726)

Ironically, Secure Science got an email from Schneier, his quote was "Wow. Definitely not Snake-oil."

Re:Snake-oil... (2, Insightful)

ambrosine10 (747895) | more than 9 years ago | (#12042907)

Really? Source please.

Re:Snake-oil... (1)

flaws (805277) | more than 9 years ago | (#12042985)

go to the site and email us, we'll send you the source.

Re:Snake-oil... (5, Funny)

Anonymous Coward | more than 9 years ago | (#12043032)

To: flaws@securescience.com
From: bruce@schneier.com
Subject: Peer Review

Flaws,
Peer review some algorithm you just made up? Wow. Definitely not Snake-oil. Gimme a break.

Bruce

>Bruce,
>We just came up with a 1337 crypto algo. You wanna peer review it for us?
>Peace,
>flaws

Re:Snake-oil... (4, Insightful)

cpeikert (9457) | more than 9 years ago | (#12042776)

"We prove that our design is immune to differential and linear cryptanalysis"

See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.


Two things: number one, you can prove immunity to these two kinds of attacks, in a formal, rigorous way. That doesn't mean there are no attacks, but it's decent evidence of security.

Number two, proofs of security are a very good thing. Just because snake-oil salesmen claim to have "proofs of unbreakability" does not mean that security proofs are bad. A rigorous proof of security against a well-specified, formal attack model should inspire lots of confidence. Without security proofs, cryptography would still just be mostly ad-hoc-ery.

Re:Snake-oil... (0)

Anonymous Coward | more than 9 years ago | (#12042877)

Part of the AES design specs was to be hardware friendly / low gate count- the competition was tough. I am sure not being able to build an inline decrypter was part of the story too, hence the need for 'rounds' and anti-parrallelism. As for cutting back on rounds - bad idea - some really clever inroads have been made.

They should change their business model in symbian software for mobiles that use the OSS cryptolib's

Re:Snake-oil... (2, Informative)

jpetts (208163) | more than 9 years ago | (#12042959)

You can't reliably prove security for anything other than the one-time pad. All you can do is prove that the attcks you have chosen will not work. Attempting to prove security is attmepting to prove a negative: namely that no attack more efficient than brute force exists.

Re:Snake-oil... (1)

flaws (805277) | more than 9 years ago | (#12042787)

may I also demonstrate that Schneier awarded $10,000 to a team of crypto experts that broke a part some of the twofish cipher during NIST competition. http://www.schneier.com/twofish-contest.html

Re:Snake-oil... (0)

Anonymous Coward | more than 9 years ago | (#12042891)


"We prove that our design is immune to differential and linear cryptanalysis"

See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.


You read the paper right? It includes a proof for the given claims.

Of course you misquote Schneier and get +5 Insightful... nice

Hopefully (0)

sigloiv (870394) | more than 9 years ago | (#12042710)

this won't get cracked as easily as SHA-1.

Re:Hopefully (0)

Anonymous Coward | more than 9 years ago | (#12042810)

easily? are you fucking retarded?

I wonder... (2, Interesting)

Dr.Dubious DDQ (11968) | more than 9 years ago | (#12042748)

...how badly patent-encumbered these ciphers are going to end up being?

Paper in PDF format (0)

Anonymous Coward | more than 9 years ago | (#12042828)

put [iacr.org] in the public last year...

Use binary, or hexadecimal? (1)

Eunuch (844280) | more than 9 years ago | (#12042853)

Part of the problem with these ciphers is having to constantly convert to and from decimal, which is a very poor base to use in computer science.

Ugh (2, Insightful)

TechyImmigrant (175943) | more than 9 years ago | (#12042901)

Ugh.

1) No decrypt specified. So it doesn't work with many modes.

2) Complete ambiguity in the endianess of the test vectors. Which end is which?

3) Optimized for HW complexity. We have AES for that. We want new ciphers optimized for security.

Re:Ugh (0)

Anonymous Coward | more than 9 years ago | (#12042920)

1. Decrypt is not required for CCM, CTR, OMAC, EAX, GCM and a bunch of other modes. CBC mode for encryption is not really a good idea.

2. The cipher is applied on the octet level, there are no "endianess" issues.

3. This cipher has some benefits over AES. Namely the lack of integration (a/k/a square attack) properties.

Alternates to AES (0)

Anonymous Coward | more than 9 years ago | (#12042915)

There were plenty of alternates to the NIST AES "contest" when it was first proposed. Some of them were simpler to implement in hardware than the finalist. Unless they're suggesting that this new scheme would have beaten Rijndael in the original proposal, I'm not sure I see the point. I would much rather see additional scrutiny paid to elliptics or another technology that will actually buy something in the implementation or key size.

Easy killer... (4, Insightful)

danielrm26 (567852) | more than 9 years ago | (#12042919)

"This cipher is proposed as a hardware alternative to AES, being that it is more efficient in hardware, simpler to implement, and comparably secure to AES-128."
Comparably secure? The Rijndael algorithm has been around for a pretty long time and has undergone a lot of scrutiny. Wait until this new kid has been around the block for a few years; then we talk about comparisons to Rijndael.

"You keep using this word. I don't think it means what you think it means."

128 bits is only 16 bytes. (1)

ABeowulfCluster (854634) | more than 9 years ago | (#12042940)

Why don't they just have 1000 bytes (~8000 or so bits) as encryption keys?

Re:128 bits is only 16 bytes. (0)

Anonymous Coward | more than 9 years ago | (#12042980)

Because it would take infinity to create.

Where I work (2, Interesting)

digitalchinky (650880) | more than 9 years ago | (#12042966)

Crypto systems do not always need to be brute forced: 'More often than not' it is a brain dead technician sending the keys across a timeplex, via satellite, and then over HF or something equally as silly, out to their remote site.

Key exchange is where the biggest failures occur (that I see). Many crypto systems still in use throughout this part of the world (still) work in a similar method to the old enigma typewriters - typically they are rapidly broken because they send identical messages using different keys, then send the same message in clear text via some other link.

I don't get it... (4, Insightful)

cperciva (102828) | more than 9 years ago | (#12042970)

Maybe I'm misreading the description, but it looks to me like this is an 8-round cipher with a round function considerably simpler than Rijndael's round function.

Given that 8-round Rijndael is broken, it seems highly optimistic to think that this new cipher will not be broken.

Compared to... (2, Informative)

null-sRc (593143) | more than 9 years ago | (#12043026)

whitenoise labs, a cryptography startup that just got it's algo's patented...

Company link:
http://www.whitenoiselabs.com/

Cryptographic analysis link:
http://www.whitenoiselabs.com/papers/Wagner %20Secu rity%20Analysis.pdf

Performance anaylysis link:
http://www.whitenoiselabs.com/papers/UVIC%2 0Perfor mance%20Analysis.pdf

So whitenoise encryption offers a cheaper solution that is mathematically stronger, and computationally order log n complexity where n is filesize (therefore faster too)

and please tell me why anyone in their right mind would still bother using this shoddy, expensive, slow method for cell phone encryption?

Re:Compared to... (0)

Anonymous Coward | more than 9 years ago | (#12043072)

"-judging another only defines yourself"

And that's a bad thing?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...