Cryptosmith

A reader asked for more details on the RC4 and block cipher mode functions I wrote in Matlab.

To recap, I needed a ‘block cipher’ to produce a complete example of how a straight block cipher fails to hide large patterns in the output, and how an appropriate block cipher mode yields something akin to white noise.

Wikipedia has a “penguin” example with a block encrypted version (penguin still visible) and a block of white noise. The white noise represents what the block mode output is supposed to look like as opposed to being the genuine output of a block cipher mode. So I built this ‘real’ example, more or less.

I didn’t have a block cipher that worked with small blocks. But I knew it wasn’t hard to implement RC4. So I created a function to map 8 bytes of data into 8 bytes of ‘ciphertext’ to simulate the block cipher.

Continue Reading »

Posted under Information Security & Tech Teaching | No Comments »

John Fremlin has implemented a dynamic web server in Lisp. He claims that it beats the socks off of everything else. If we’re comparing Lisp against PHP, Python, Ruby, and similar scripting languages, I wouldn’t be surprised if he proves to be right.

Lisp is almost the closest-to-the-machine text language interpreter there is. Forth might beat it for closest, but Lisp is soo much more powerful. Moreover, it’s possible to build sane programs in Lisp that you can actually analyze. That gives us a slight hope of building reliable and secure web servers as opposed to the cobbled together things we have to live with.

Continue Reading »

Posted under Information Security | No Comments »

Critics and comics sometimes say that government insiders get more accurate information from CNN than from the CIA. Now we have ‘open source spying’ (Wall Street Journal). There’s a grad student who, via his “North Korea Uncovered” web site, is documenting all sorts of details of that notoriously secretive country. Thanks to Google Earth, he is constructing an annotated map of the country, highlighting prisons, nuclear activities, palaces, and so on.

While I don’t believe this sort of thing can, by itself, eliminate the CIA, but I really believe we could cut our spying costs and improve the results by opening up the analytical process. There’s a claim that our cheapo F-16s did better than the more costly fighters during Iraq I - there may be lots of ways improving defense while spending several billion less.

Posted under Information Security | No Comments »

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I’ve constructed similar examples to show the role of modes in using block ciphers. There’s a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

[There is a later post with more info on RC4 in Matlab]

Continue Reading »

Posted under Information Security & Tech Teaching | 2 Comments »