Cryptosmith

Gilbert Vernam was a digital systems designer from the early 20th century. He invented the stream cipher, what browsers often use today to encrypt messages exchanged with protected web sites. In his days, however, the mechanism of choice was the relay: an electromagnetic switch. Vernam also described the one-time pad, and noted the danger in reusing the key stream.

What, then is a Vernam cipher? Is it a stream cipher or a one-time pad? I’ve seen the term used both ways.

Now we can check the source. Steve Bellovin recently blogged on Vernam’s work, and posted a PDF of Vernam’s original  paper. Vernam wrote the paper for an AIEE conference (that’s one of the precursors of today’s IEEE – Bellovin negotiated permission to post the historic paper).

If we look at the historical description, Vernam does not restrict his cipher to the one-time pad case. Thus, a Vernam cipher in practice might – or might not – be a one-time pad. [revised 9/7/09]

Continue Reading »

Posted under History of Technology & Security | No Comments »

A while back I used graphical images to illustrate why you never, ever want to reuse the keystream of a stream cipher. Recently I’ve constructed similar examples to show the role of modes in using block ciphers. There’s a nice set of block mode examples in Wikipedia, but I wanted to include the real result of applying the mode.

While cryptographic neophytes may want to know why the second encryption clearly failed (if you can read the message, the encryption failed), cryptographic experts may find it interesting to see other examples of cryptographic failures appearing graphically.

[There is a later post with more info on RC4 in Matlab]

Continue Reading »

Posted under Security & Tech Teaching | 2 Comments »

Take a look at the following image. You should see two different ‘messages’ here.

Two messages

This particular mis-mash of messages reflects the failure of otherwise strong cryptography: the improper implementation of a one-time pad or a stream cipher. Continue Reading »

Posted under Security | 1 Comment »

The exclusive or operation – a logical function applied to binary bits, like AND, OR, and NOT – is a fundamental encryption technique. It is often used in stream ciphers, which are widely used in web browsers when connecting to secure web servers. Continue Reading »

Posted under Security | Comments Off