What sort of idea would you get when you browse 99 Bottles of Beer on the Wall and The CipherSaber Home Page in short succession? Of course, the idea to collect CipherSaber implementations and see whether it is possible to collect a couple of hundred implementations of this useful little crypto program - so write your CipherSaber implementation and submit it to the CipherSaberList.
In fact, there are two lists: one with computer programs, which I think will be interesting to most of us. The second one I hope will be even more important, because it's a list of CipherSaber algorithm descriptions in natural languages, which hopefully serves to spread the algorithm even to the backwoods of the Amazonas ;-), and furthermore to ridicule anti-crypto measures all over the world, of course.
Oh great, now we're seeing diary entries encrypted with CS.
Does anyone know of actual uses of CypherSaber where you're not posting the key in the clear? I'd imagine not many, as you have all the classical problems of managing keys in a symmetric environment.
Since I had seen CS (and being a bit frustrated with the needless complexity of PGP), I had been toying with a similar thing for public keys. But it's a hell of a lot harder to do good primality testing and so on than implement RC4.
Anyway, I'm glad this thing is out there, if for no other reason than as a teaching tool and to make a political statement.
I want to do a CipherSaber implementation in PocketC for the Palm. There's way too little crypto stuff for this device, which is a pity because it has a lot of potential...
Yes, symmetric key algorithms have their problems, but for personal use (protect yourself against snooping spooks) that's no problem; for communication use, something like a book-based key exchange would be good enough for most people. Correction: make that a web-based key exchange:
Alice and Bob agree on a number of websites (encrypted with CipherSaber on their respective Palms), one for each day. When Alice wants to send Bob a message, she goes to a Internet cafe for anonymous surfing, opens the day's web site, and selects 10 words. She uses the ten words as the key, and sends the encrypted message with the offsets of the 10 words to Bob.Advantage over the book-based algorithm is that it is a bit harder for the spooks than going through your library...
On 28 Apr 2000, cdegroot wrote:
Alice and Bob agree on a number of websites [...]
Advantage over the book-based algorithm is that it is a bit harder for the spooks than going through your library...
Right, but the web is very vulnerable to a man-in-the-middle attack. Imagine that Mr BadGuy has access to a proxy that Alice or Bob is using, or has access to some routers in the network, close to the sender or receiver: he can then see the list of pages that you are visiting. Even if he does not know exactly what you are extracting from the page (10 words), he can get a finite list of words or numbers and use various combinations of these for a brute-force attack. By monitoring the sites that Alice or Bob is visiting every day, Mr BadGuy can try to guess how the key is built.
If a pseudo-random key has to be generated, then it is better to use several sources of entropy coming from different channels in order to reduce the risks that Mr BadGuy can have some knowledge of all channels. So the web-based method is good, but it should only be one part of the key generation. The other parts of the key could be generated from a book or file that is available to Alice and Bob, from some words taken from a daily newspaper (assuming that both of them can get it), from the timestamp of the message (if it is not changed during the transmission), from the color of the tie worn by [insert name of TV star here] on that day, and so on... Note that most of these sources of pseudo-random data have a resolution of one day and may not be suitable if you intend to send more than one message per day.
If you are communicating frequently with another person, then each message could include a part of the key to be used for the next message. Not the whole key because a spook who manages to decrypt one message could then get all the others, but one or two letters of the key should be enough (the other parts would be derived from another channel as explained above). But this only works if you exchange messages frequently, so that you can remember the new part of the key without having to write it down or to keep a decrypted copy of your the last message.
By the way, it is usually a good idea to compress the message before encrypting it, because it makes the brute-force attacks a bit harder. If you select a compression method that does not insert a well-known header in the compressed stream, then the attacker will need some additional operations in order to be able to check if the correct key was found or not. A good candidate for that may be zlib, which is free, although you may have to XOR the first two bytes with some predefined number if you really want to obfuscate the contents even more.
<blatant self-promotion> crypted 99 bottles beer on the wall </blatant self-promotion>
I wrote that quite some time ago, seems somewhat apropos to post it here. This is not related to cybersaber though, which seems quite interesting.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
del.icio.us
Digg
Google bookmark
reddit
Simpy
StumbleUpon
Furl
Newsvine
Technorati
Tailrank