Steve Dirickson writes:
>In fact, you could have a system where there was a (more or less) continuous
>exchange of packets between the server and the client at startup of the
>link; somewhere in that stream, with the exact location dependent on the
>encrypted data itself, the encrypted password would be passed.
Then how would the receiver know where to find the password, if it has to
decrypt the data in order to determine the location? Again, this requires
a shared secret: either the location of the start of the data, or the
algorithm for calculating it from the "random" data.
>Some time
>after the password was passed and validated, the continuous exchange would
>be terminated. With arbitrary/random message sizes and boundaries used for
>this "noise exchange", it would be pretty tough to decide what to attack.
It's trivially easy to decide what to attack: the program. Since all the
security is in the fact that the algorithm is secret, if I can get a copy
of the program -- say, by ordering a demo -- I've got all the information
I need. I can force the program to do billions of encryptions with
plaintext that I choose. I can decompile the program and analyze the
code. I can run the program using a simulator or a logic analyzer and
analyze the flow, and so on. It just depends on whether the information I
want to decode is worth more than my time to decode it. Of course, that's
true with all encryption schemes, but it's a lot quicker get a program to
disgorge its "secret" algorithm than it is to do a brute-force search of
a large key space. Also, the reward is much greater, because once I've
discovered the algorithm I can decrypt any transmission from then on: I
don't have to search for a new key in the next transmission.
In Wirt's scheme, all I have to figure out is how the "random" number
generator works. In Steve's, all I have to figure out is where the
sending program puts the password. Since I have absolute control over the
encryption program's execution, I can determine either one without much
effort. The fallacy here is in thinking that the algorithm is secret.
It's not: the source code may be secret, and Wirt may have killed the
programmer, but the algorithm is there in the object code, concisely
expressed for everybody to see.
If the history of cryptography teaches anything, it's that single
individuals or small groups are phenomenally bad at coming up with
effective cryptosystems, and phenomenally good at overestimating their
security.
Anyone who's thinking of putting encryption into a computer product
should at least glance through Bruce Schneier's _Applied Cryptography_
(<http://www.amazon.com/exec/obidos/ASIN/0471117099>), which covers
security issues very thoroughly, and will let would-be cryptosystem
developers know what kinds of issues to consider. For a good example of
how even intelligent and skeptical analysts can overlook critical
weaknesses in a cryptosystem, see David Kahn's _Seizing the Enigma_
(<http://www.amazon.com/exec/obidos/ASIN/0786106530>). Another of Kahn's
books, somewhat dated but very interesting for its historical
perspective, is _The Codebreakers_ (at
<http://www.amazon.com/exec/obidos/ASIN/0684831309> -- I note from this
listing that it was updated in 1996 and now covers computer security; my
copy was published in 1967.) It's almost 1,200 pages long, and absolutely
fascinating.
-- Bruce
--------------------------------------------------------------------------
Bruce Toback Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc. (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142 | But ah, my foes, and oh, my friends -
Phoenix AZ 85028 | It gives a lovely light.
btoback AT optc.com | -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.
|
