Re: Steganography

From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Thu Sep 27 2001 - 09:54:04 MDT


On Thu, 27 Sep 2001, Louis Newstrom wrote:

> I thougth that was the point. Several people were saying that these
> messages were undetectable. Harvey proved them wrong.

No. Harvey has so far shown that given the unloaded vehicle and vehicle +
load he could tell which is which (duh, ls -l will tell the difference).
We haven't started yet.

> This is incorrect. A recent incident proved this. A government
> official published a message in one of their "unbreakable" codes, and
> challenged the hacker community to break it. Someone did only a few
> weeks later.

I presume you're talking about the recently broken NSA's Dual Counter Mode
( http://www.counterpane.com/crypto-gram-0109.html#2 ). It was not broken
by brute force but because it was a weak cipher. In fact due to it evident
weakness it raised speculations about NSAs motives and capabilities. If a
new cipher repeatedly resists cryptoanalytic attacks by the cryptographer
community that cipher is flagged as strong. Bruteforcing a strong
*current* cipher is impractical. So is cryptoanalysis, by definition. With
considerable effort old ciphers (e.g. DES but not triple-DES) can be
brute-forced. Which is why I specifically set the expiration window to a
decade and specifically mentioned a *current* *strong* cipher.

> Turns out, that by using java technology (similar to what SETI is doing) one
> hacker allowed millions of people to connect to his web site and lend him
> their computing power. In this way, a mere individual with just a PC was

SETI@home clients are not Java. Current production-quality JIT compilers
don't produce Java code which is suitable for numerics, such as crypto
brute-forcing. Distributed embarrassingly parallel computation is not
limited to a specific computer environment.

> able to harness the computing power of millions of PC's for a few weeks, and
> did a brute-force crack of one of a PGP type code.

PGP uses a number of ciphers. Particularly, GNUpg uses several classes of
symmetric ciphers, public-key ciphers, and one-way hashing functions.
Which of them do you mean, specifically? IDEA, CAST5, Blowfish, Twofish,
AES (Rijndael), 3DES? MD5, SHA1, RIPEMD160, SHA2?

I haven't heard of any "hacker" who has broken a strong modern cypher. If
you're taking about distributed.net, which project lists involves rc5, csc
and des efforts. These are not "PGP type codes", with the exception of
MD5, which use is deprecated. These are all instances of obsolete/short
key ciphers which I've explicitely included into the brute-forceable list.

> First, "they" said that this computing power did not exist. Technology
> advanced.

Actually, brute-forcing becomes more difficult as computers become faster,
due to the assymetry involved. Ciphers advance.

> Then "they" said that no private citizen would be able to get a hold
> of such raw computing power. Technology (or at least creativity)
> advanced. Don't believe "them". Any code will eventually be cracked.
> And it may not take as long as we think.

I don't think Twofish will become crackable by brute-force (as defined by
several million machines, working for a year on a single key) in less than
10 years. I wouldn't bet my life on it, though, for that, there are
one-time pads.

-- Eugen* Leitl <a href="http://www.lrz.de/~ui22204/">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.lrz.de/~ui22204
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3



This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:58 MDT