Re: Data Encryption

From: Jose Nazario (joseat_private)
Date: Fri Sep 06 2002 - 13:12:39 PDT

Next message: Eric Murray: "Re: Data Encryption"

Previous message: David Wheeler: "RE: use of base image / delta image for automated recovery from attacks"
In reply to: Bryan Ponnwitz: "Data Encryption"
Next in thread: Eric Murray: "Re: Data Encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 6 Sep 2002, Bryan Ponnwitz wrote:

> In any case, this is the encryption method that this program will use
> since it's about to go into production, so please don't suggest
> alternatives; I'm only looking to evaluate the method I've developed.
> I've outlined my encryption methods bellow; take a look and let me know
> how tough you think it would be to crack.  Any comments are welcome!

it may suck, but i'm going to use it anyhow! (and you gave us the location
you're working at ...)

> All text is encrypted using the following algorithm:
> enc = ((((char + E0) * 2 * E1 + 31 + E2) * E3 + (69 * E4)) * (E5 + E6) +
> (E7 * E8)) * 2 * E9
> Where enc is a Visual Basic Double (8 bytes) and char is the ascii
> character code to encrypt.

hardly a challenge to brute force (2^8 to brute force through), if i'm
understanding this right.  however, i dont even need to do that as i
describe below.

> EA 03 00 00 = "Your login has been accepted."
> BD 0B 00 00 = "Are there any updates for me to download" if from a
> client.  The signaling data is followed by the name of the client
> computer encrypted. If from a server, it's an answer and byte 4 means
> "Yes" if it's a 1 and "No" if it's a 0.
> B9 0B 00 00 = Same as BD 0B 00 00, but would require Update.exe to be
> run to do the updating.
> BF 0B 00 00 = PING! ("Are you still there?")
> C0 0B 00 00 = PONG! ("Yes!")
> D3 07 00 00 = "Here's an encrypted message from an admin."  The
> signaling data would be followed by the encrypted messsage.

all of these are easily intercepted, injected, or altered mid stream.

not to mention i think that replay attacks are wide open in your scheme.
you have no one time scheme in this ... all i have to do is capture the
session of a user and replay it and i'm in. no nonces are used from what i
can tell.

bad design. i'm no cryptographer, i may be wrong, and i only gave this a
few minutes of thought (waiting for something to complete), but these are
the things that popped out right away.

you should have just leveraged existing SSL toolkits, for example, and
done client auth via certs.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

Next message: Eric Murray: "Re: Data Encryption"
Previous message: David Wheeler: "RE: use of base image / delta image for automated recovery from attacks"
In reply to: Bryan Ponnwitz: "Data Encryption"
Next in thread: Eric Murray: "Re: Data Encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 06 2002 - 14:06:45 PDT