Return to “Everything & Anything”

Post

Re: SHA-1 Officially Broken

#17
Damocles wrote:But then you still have no information gained.
You just have the sum of all combinations that a message of this length can contain.
So you could interpret anything into that message.

I think they used this method in the "red phone" between the US and Soviet Union.
The issue with one time pads, is primarily that distribution of these codes is manual, you have to select the correct pad on both sides, and there is no way of creating a secure connection without shipping these codes.


This is why Diffie Hellman exists. Asymmetric key exchange is the simplest (eg not at all simple) method of exchanging a secret between two parties with no-one outside of those parties being able to decrypt both (or either ideally).
This however, is only for the initial exchange of the secret key. Once exchanged, both parties move to a VERY simple XOR cipher. Using a PRNG whose state was set by the initial secret exchanged, this leads to an infinite length, one time pad with zero possibility of future decryption beyond brute force.

The only thing is if your private key is captured, then the target can read your end of the initial secret exchange.
This is why *BOTH* parties send a secret, and *BOTH* secrets are required to start the PRNG at the correct place. With this method, an attacker needs to acquire the private key from both parties to be able to read the conversation live.
Or to get one, and guess the other secret to be able to read it later. (because these secrets are ideally very, very long, it should take a very, very long time to guess it)
°˖◝(ಠ‸ಠ)◜˖°
WebGL Spaceships and Trails
<Cuisinart8> apparently without the demon driving him around Silver has the intelligence of a botched lobotomy patient ~ Mar 04 2020
console.log(`What's all ${this} ${Date.now()}`);
Post

Re: SHA-1 Officially Broken

#18
If you go with quantum entanglement, you get two identical streams of random information. When one is transformed by XOR-ing it with data, it can be sent for comparison with the other. XOR-ing it again reveals the original data. The data can only be decoded with the original stream (which both parties possess, because the particle was shipped over physically). The time at which the data was encoded is important, and should be encrypted in an alternative way for a second layer of security.
Although perfectly secure, this method is probably not practical, since each send-receive pair must have a physical two-ended channel (two if communication is to be bidirectional). It is, however, superior to simple one-time-pads, since it has an infinite length. It is also not duplicable; if the receiver is stolen, a physical object is missing. If a pad is stolen, it could be copied without either party's notice.
Image
Post

Re: SHA-1 Officially Broken

#19
0111narwhalz wrote:If you go with quantum entanglement, you get two identical streams of random information. When one is transformed by XOR-ing it with data, it can be sent for comparison with the other. XOR-ing it again reveals the original data. The data can only be decoded with the original stream (which both parties possess, because the particle was shipped over physically). The time at which the data was encoded is important, and should be encrypted in an alternative way for a second layer of security.
Although perfectly secure, this method is probably not practical, since each send-receive pair must have a physical two-ended channel (two if communication is to be bidirectional). It is, however, superior to simple one-time-pads, since it has an infinite length. It is also not duplicable; if the receiver is stolen, a physical object is missing. If a pad is stolen, it could be copied without either party's notice.
You dont need two channels for bidirectional coms.
Use the same pad for both directions.

And stealing the receiver is pointless because theres an active exchange over a more or less classical channel.
Stealing the electrooptical converter at the end of a glass fiber cable doesnt give you access to its data either :D

Also the tech for distributing keys is steadily getting better, with 400km+ ranges for now
https://arxiv.org/abs/1606.06821
Post

Re: SHA-1 Officially Broken

#20
0111narwhalz wrote:If you go with quantum entanglement, you get two identical streams of random information. When one is transformed by XOR-ing it with data, it can be sent for comparison with the other. XOR-ing it again reveals the original data. The data can only be decoded with the original stream (which both parties possess, because the particle was shipped over physically). The time at which the data was encoded is important, and should be encrypted in an alternative way for a second layer of security.
Although perfectly secure, this method is probably not practical, since each send-receive pair must have a physical two-ended channel (two if communication is to be bidirectional). It is, however, superior to simple one-time-pads, since it has an infinite length. It is also not duplicable; if the receiver is stolen, a physical object is missing. If a pad is stolen, it could be copied without either party's notice.
Quantum Cryptography was demonstrably broken already too, iirc.
Relies on the datastream not changing while in-route, and some guys managed to make a duplicate of the data, decrypt it, and read it without interfering with the datastream.

https://it.slashdot.org/story/15/12/18/ ... yptography
https://arxiv.org/abs/1005.2376

Not 100% sure if these were from the original information I read ages back, but Quantum so far just creates problems (eg breaks existing cryptography) without providing a secure replacement.
°˖◝(ಠ‸ಠ)◜˖°
WebGL Spaceships and Trails
<Cuisinart8> apparently without the demon driving him around Silver has the intelligence of a botched lobotomy patient ~ Mar 04 2020
console.log(`What's all ${this} ${Date.now()}`);
Post

Re: SHA-1 Officially Broken

#21
Silverware wrote: Quantum Cryptography was demonstrably broken already too, iirc.
Relies on the datastream not changing while in-route, and some guys managed to make a duplicate of the data, decrypt it, and read it without interfering with the datastream.

https://it.slashdot.org/story/15/12/18/ ... yptography
https://arxiv.org/abs/1005.2376

Not 100% sure if these were from the original information I read ages back, but Quantum so far just creates problems (eg breaks existing cryptography) without providing a secure replacement.
And half a year later people demonstrated shemes that are immune to the intercepts.
Post

Re: SHA-1 Officially Broken

#22
Cornflakes_91 wrote:
Silverware wrote: Quantum Cryptography was demonstrably broken already too, iirc.
Relies on the datastream not changing while in-route, and some guys managed to make a duplicate of the data, decrypt it, and read it without interfering with the datastream.

https://it.slashdot.org/story/15/12/18/ ... yptography
https://arxiv.org/abs/1005.2376

Not 100% sure if these were from the original information I read ages back, but Quantum so far just creates problems (eg breaks existing cryptography) without providing a secure replacement.
And half a year later people demonstrated shemes that are immune to the intercepts.
Ah righto, didn't see those ones. :D
°˖◝(ಠ‸ಠ)◜˖°
WebGL Spaceships and Trails
<Cuisinart8> apparently without the demon driving him around Silver has the intelligence of a botched lobotomy patient ~ Mar 04 2020
console.log(`What's all ${this} ${Date.now()}`);
Post

Re: SHA-1 Officially Broken

#23
Interesting that nobody came up with that story of the three AI's who were "fighting" each other. Two AI's were tasked to establish an encrypted communication. A third AI was tasked with breaking the encryption and fetching the conversation. First two AI's didn't want the third AI to succeed and developed new encryption techniques we didn't come up with.

https://techcrunch.com/2016/10/28/googl ... ncryption/

Sooo...this sounds pretty useful to me. Let AI develop new encryption methods we never came up with and see, how secure they are.

Or did I understand that article wrong?

Online Now

Users browsing this forum: No registered users and 9 guests

cron