1997-05-17 - Re: http://www.dataet.com/public/source/vsacmv20/

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: DataETRsch@aol.com
Message Hash: 9fcb2d2b5b564095f6f412674f9d5a2ce33e1ce990d7442f9a6908b1120c1a18
Message ID: <199705170136.UAA16850@manifold.algebra.com>
Reply To: <970516200054_1557203574@emout14.mail.aol.com>
UTC Datetime: 1997-05-17 01:59:56 UTC
Raw Date: Sat, 17 May 1997 09:59:56 +0800

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Sat, 17 May 1997 09:59:56 +0800
To: DataETRsch@aol.com
Subject: Re: http://www.dataet.com/public/source/vsacmv20/
In-Reply-To: <970516200054_1557203574@emout14.mail.aol.com>
Message-ID: <199705170136.UAA16850@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


DataETRsch@aol.com wrote:
> Here are the addresses of the slightly modified versions of the Pascal source
> code files of VSA2048 Cryptography Module V2.0 (the shareware trial edition
> version):
> 
> http://www.dataet.com/public/source/vsacmv20/vsacm.dpr
> http://www.dataet.com/public/source/vsacmv20/intunit.pas
> http://www.dataet.com/public/source/vsacmv20/libunit.pas
> http://www.dataet.com/public/source/vsacmv20/stdunit.pas
> 
> If you are not located within the United States, don't even consider viewing
> the files.

Thank you VERY MUCH for releasing the source code. This shows that you are
serious about your program and truly appreciate how important is the process
of review as far as your credibility is concerned.

I have downloaded your code and looked at it. Looks rather interesting
(especially the part below). What I did not understand, however, is
what is SetVal and how it works. Also, I was not clear how you set
variables AE1, AE2, ..., AE10 and so on.

As far as I understand, you use these variables to select the particular 
encryption method. Do you normally select only one method on some random 
basis or you use several passes?

Also, some may be interested to look at this particular encryption
method (I added some indentation and comments for readability). I believe
that it is not particularly strong.


procedure TC1001;
label 1000;
begin

for B1 := 0 to 255 do 
	Used[B1] := False;

for B1 := 0 to 255 do
begin
  1000:
  B2 := Random(256);
  if Used[B2] then goto 1000;
  EncTable[B1] := B2;
  DecTable[B2] := B1;
  Used[B2] := True;
end;

{============================= ENCRYPTION ==========================}
if Process then
  repeat
    if Size - CurByte >= Segment then Copied := Segment;
    if Size - CurByte <  Segment then Copied := (Size - CurByte);
    FileSeek(AccFile, CurByte, 0);
    FileRead(AccFile, Block, Copied);
    for I1 := 1 to Copied do
    begin
      Block[I1] := Block[I1] xor Random(256);
      Block[I1] := EncTable[Block[I1]];
    end;

    FileSeek(AccFile, CurByte, 0);
    FileWrite(AccFile, Block, Copied);
    
    CurByte := CurByte + Segment;
  until (Copied <> Segment) or (CurByte > Size - 3);

{======================= DECRYPTION ============================}
if not Process then
  repeat
    if Size - CurByte >= Segment 
	then Copied := Segment;
    if Size - CurByte <  Segment 
	then Copied := (Size - CurByte);

    FileSeek(AccFile, CurByte, 0);
    FileRead(AccFile, Block, Copied);

    for I1 := 1 to Copied do
    begin
      Block[I1] := DecTable[Block[I1]];
      Block[I1] := Block[I1] xor Random(256);
    end;

    FileSeek(AccFile, CurByte, 0);
    FileWrite(AccFile, Block, Copied);
    CurByte := CurByte + Segment;
  until (Copied <> Segment) or (CurByte > Size - 3);
end;

ignoramus

> Yes, I realize that the public release of the source code files is long
> overdue (okay, REALLY long overdue), but I would appreciate it if you
> e-mailed any suggestions, comments, criticisms, insults, etc. to
> jeremy@dataet.com. As I am not subscribed to the cypherpunks' mailing list, I
> would not receive any messages regarding the source code posted to the list.
> It would be best to download VSACM V2.0 from our Web site and make use of the
> help file included and analyze each function or procedure within the source
> code systematically. VSACM.DPR is the main project file. INTUNIT.PAS
> basically contains functions, procedures and data structures not directly
> available to developers. LIBUNIT.PAS contains the functions and procedures
> that are readily available to developers. STDUNIT.PAS contains the source of
> the algorithm extensions.
> 
> Also, there is a VSA2048 encrypted binary file located at
> http://www.dataet.com/public/source/vsacmv20/crackit.dat. The file was
> encrypted using 120-bit (NOT 128-bit) VSA2048 key. Yes, I'm making things a
> whole 8 bits easier (although the maximum key length is 2048 bits). The first
> cypherpunk who develops a VSA2048 decryption utility, decrypts the file, and
> sends decrypted message and the correct key to info@dataet.com and
> cypherpunks@toad.com will receive a free basic Web site package. (Package
> details are located at http://www.dataet.com). (Igor, this is it!)
> 
> If someone does indeed decrypt the file, I myself will post an apology and a
> declaration that VSA2048 constitutes a defective encryption algorithm to the
> cypherpunks mailing list. I will have the marketing of the VSA2048 encryption
> algorithm discontinued.
> 
> The decryption utility must be a program that either incorporates the source
> code internally or incorporates the source code as a compiled DLL. (You must
> compile the given source code. The shareware trial edition version of VSACM
> V2.0, which only allows keys up to 40 bits in length, is NOT compatible with
> the given source code.)
> 
> The "contest" expires on June 20th, 1997. The message and the correct key
> will be posted to cypherpunks@toad.com on June 21st, 1997. By the way, if
> someone cannot hack the file by June 20th...well...I don't know who'll be
> laughing then. After all, the applied key is only 120 bits in length. Also,
> the contest is currently limited to those who are subscribed to the
> cypherpunks' mailing list. There are no exceptions.
> 
> By the way, you can check out DataET Research's Web site at
> http://www.dataet.com. (No, we're NOT using America Online as our Web space
> provider anymore.)
> 
> Regards,
> 
> Jeremy Yu-Ramos
> DataET Research
> 



	- Igor.






Thread