1995-10-24 - Re: [reformatted] how secure can privasoft be?

Header Data

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: cypherpunks@toad.com
Message Hash: 70f882ff0aae3b9502f616afb62a2beab8673c4d5902459f9c433fb46b0d1976
Message ID: <199510240132.LAA06800@sweeney.cs.monash.edu.au>
Reply To: <199510210401.AAA16706@opine.cs.umass.edu>
UTC Datetime: 1995-10-24 01:39:28 UTC
Raw Date: Mon, 23 Oct 95 18:39:28 PDT

Raw message

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Mon, 23 Oct 95 18:39:28 PDT
To: cypherpunks@toad.com
Subject: Re: [reformatted] how secure can privasoft be?
In-Reply-To: <199510210401.AAA16706@opine.cs.umass.edu>
Message-ID: <199510240132.LAA06800@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello privsoft@ix.netcom.com
  and cypherpunks@toad.com (Cypherpunks Mailing List)
  and futplex@pseudonym.com (Futplex)
 
F. writes:

...
> > The cryptographic engine of PrivaSoft
> > 
> > PrivaSoft uses a pseudo-random generator that is seeded by a 9 digit number 
> > uniformly normalized from the user's secret key.  The engine is proprietary, 
> > designed according to the rules of modern cryptology to make the best use of 
> > the allowable key length.
> 
> This seems paradoxical. PrivaSoft uses a key approximately 30 bits long. It
...
> Two possible explanations I can imagine are:
> 
> (0) PrivaSoft actually uses a key longer than 9 digits, and someone just made
...

Could it be 9 hex digits = 36 bits?

Perhaps there's an even bigger paradox in there:
  "
   The engine is proprietary, designed according to the rules of modern
   cryptology.
  "

Now I'm not familiar with the rules cited, but wouldn't proprietary
tend to go against them?

> [...]
> > The use of default keys

...
> meant to resist attacks based on the cryptanalyst gaining access to many 
> ciphertexts, even if all were encrypted with a single key.

Perhaps theirs isn't? Could be a Freudian slip, you know...

> [...]
> > A simple example:  For a short message, increasing the font 
> > size of the text by a factor of 10 will significantly increase the time 
> > required for breaking the encryption.
> 
> Anyone know how to get 120 point text in LaTeX ?

Don't worry, the whole thing sounds bogus anyway. I'd say a larger
font would make it *easier* to break (more correlation per pixel).
They probably think it'll be harder because there's more pixels.

In the original message (NOTE CHANGE IN INDENT!):

> From: anonymous@freezone.remailer

...

> Introduction
> 
> PrivaSoft is a communication security product, and the user is entitled to
> know how secure it is.  This document addresses the question of cryptographic 
> strength of PrivaSoft.

No it doesn't.

> Export license regulations
> 
> In some advanced countries, cryptographic products are categorized as 
> "munitions" and their use, sale or exportation is controlled by local 
> licensing regulations.  PrivaSoft has obtained an export license from the 
> governments of Israel and the USA.  Licenses in other countries are obtained 
...

All right, I guess it does. USA approved export, so it must be very weak.

...
> The basic intention of this regulation is to protect the state from abuse of 
> too strong cryptographic products by terrorists and criminals.
...

Is it? I think there are one or two people on this list who think the
intention is otherwise...

...
> The use of default keys
...
> This is done by using the pseudo-
> random "key extension" feature which is described in the PrivaSoft user's 
> guide.

Do they mean "salt"? If so why don't they say it?
If not, what *do* they mean?

> The information contents a clear message

This is a strange title (I suspect "of" dropped out), but it might
well sum it all up :-)

> If a cryptographic product is properly designed, then the almost only way to 

A big "if", if I might say so.

...
> a significant 
> portion of the page must be reconstructed, and a significant amount of 
> mathematical correlation must be calculated between neighboring areas of the 
> image, before the cracking software can tell whether the candidate key is 
...

This can at most buy you a constant factor - useful, but not very.
I doubt the two uses of "significant", too. Anybody remember those
diagrams in Typing textbooks about the layout of a letter?

...
> Customized versions of PrivaSoft
> 
...
> The cryptographic engine can be customer-furnished and customer integrated, 
...

What do they mean by this bit?


Sorry about being so negative, but it is necessary when evaluating security.

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMIxCPyxV6mvvBgf5AQFTEQP+IJL0X3iehm2B6zJf+eI0EThmxmJpCkbt
KhiAw/dTP/Bdy2Io5pFY1YiIUxkfZyS94N6zd6WqCj48UvfNUlp2t3bN8g1kip+T
feJJmwwhnzdyuf8m8zgFNcW9lH9143/tqw9l0JDrjpyNp8l39zv+MbH5juAenC40
U7JUExUdcSE=
=Fzqp
-----END PGP SIGNATURE-----





Thread