Cryptography News (10 Posts)

Afer 17 years, a NEW BUGS Cryptography Package for Unix (version 4.1.2)

BUGS is a personal cyber security project from Sylvain Martinez, which started about 25 years ago and has enabled him to kick start his career in Cyber Security.
As such it has a special place in the heart of ELYSIUMSECURITY.
It is an open source project where Sylvain created his own symmetric cryptography algorithm along with a few applications to showcase the capability of his cryptography algorythm:
An application to encrypt/decrypt files, a simple encrypted chat application, a secure shell add-on, a password manager, etc.

This project is a hobby and should only be seen as that, any respectable professional cryptographer would tell you this: "Do not create your own cryptography algorithm"!
Furthermore, we always advise our clients to only use international standard algorithms (i.e.: AES)

Having said that, it doesn't mean we cannot have a go ourselves!
It had the merit of teaching us a lot about cryptography and after all, no one ha...

Securing your Cloud Storage with a Boxcryptor alternative called EncFS

Cloud storage providers such as Dropbox, Box, One Drive, etc. are increasingly being used for both personal and business reasons. On the Business side, often without the individual's company fully aware of what data is actually leaving their premises.

One of the issue with storing data in the cloud is Security. Looking at Dropbox in recent years, there has been a number of embarrassing blunders which resulted in their customers' data becoming available to anyone who knew where to look. We did blog about it several times: here, here and here. Many other security blogs also related those stories, such as this nice summary from Sophos.

To limit the risks relat...

Hackfu2015 Challenge 5 - Solution

This is part of my write up from the Hackfu 2015 Security Challenge..

The second challenge I solved was in fact quite easy because I solved a similar one for the SANS Summer challenge in 2014 (where it took me much longer to solve the first time I came across this type of steganography!)

The instructions given were:

  • An audio file to analyse
  • There is a hidden message in it, find it!

  • Below is how I solved that challenge:
  • Listening to the audio file only produces white noise.
  • Looking for strings added to the file does not produce anything.
  • Looking for hidden data using stenography extraction tool such as steghide does not produce anything either.

  • But, If you load the file in a windows software such as Sonic Visualizer, add a layer to show a Spectrogram ...
    >>[READ MORE]

    Hackfu Challenge 2015 - Solution for Challenge 1

    MWR ran a Security Challenge last April, unfortunately I only found out about it 3 days before the dead line! I still managed to solve 3 out of the 7 challenges and really enjoyed them.

    The first challenge was especially interesting, as I like cryptography. This was a tough one!!!

    The instructions given were

  • You are invited to a game of Poker but must find the password
  • You find a note with written "Pocket RC4"
  • You find a deck of card ordered from Ace to King with the following "couple" suits: {Diamond, Club}, {Heart and Spade}. This mean AD, AC, 2D, 2C....KH, KS
  • You find a note with the following written on it: "WEMUSTFOLLOWTHEWHITERABBITANHXJRAAZEBYYOMNWPBKGZOGY"

  • That's pretty much it! Below is how I solve this challenge and cracked the code:

    I used information on PocketRC4 f...
    >>[READ MORE]

    John Nash on Cryptography

    John Nash is a famous mathematician whose life inspired the Hollywood movie “A beautiful Mind”. However, summerizing his life through that light hearted movie would be very inadequate!

    So, this genius mathematician who worked in game theory, differential geometry, and partial differential equations as well as winning a Nobel Prize in 1994 appears to also have had some great insights into modern cryptography… back in the 1950s!

    As seen in this article, NSA recently released a series of documents related to letters/conversationa between the NSA and Nash in 1955, where the mathematician made an unsuccessful but noted attempt to communicate his own take on a crypto machine.

    If anything, reading at the hand written...
    >>[READ MORE]

    Attack on Quantum Cryptography

    There is a recent BBC article on a new attack against a key component of Quantum Cryptography: Key Transportation.

    There are 3 main components to a cryptographic system:
    – The strength of the algorithms used (close/open, random generator, collision, etc)
    – The integrity of the system (implementation, key storage, devices security, etc)
    – The transportation of keys (no full or partial interception of the keys, etc)

    Quantum Cryptography has for some been seen as the future for ensuring the integrity and detection of any interception attempts during key transportation.

    I am not a Quantum Physic expert, but what I understand is that key transportation is done through light, where photons of light are sent to the receiver who will inspect the states of those photons to reconstruct the key. It is similar of sending a stream of bits which make the key, apart from the fact that in Quantum Physics a photon has not just a binary state ...
    >>[READ MORE]

    Hot Random Numbers!

    The LavaRND project is a very interesting take on providing a cryptography strong random generator framework.

    Both in terms of plans for physical devices to software library.

    If only I had more time I would love to try building one of their device, nevertheless, I highly recommend this website as it is full of very interesting information related to randomness and they even have some interesting demo using their random framework. You do not require an interest in cryptography to appreciate the work done.

    Next time I need a strong random generator algorithm, I will know where to look :)

    >>[READ MORE]

    PS3 Hacked and Cryptography

    The recent hack on PS3 where the private key used by Sony to sign their games has been recovered is of course a very bad news for Sony. It finishes to open the door to piracy which started in January 2010. In theory, anyone could now sign (pirated) software to run natively on the PS3.

    It is a case of badly implemented cryptography algorithm, in that case, the use a proprietary signing algorithm with a faulty random generator.
    Crypto 101 says to NEVER use proprietary/secret algorithms. Now Sony’s will pay the price for not listening :)
    The PS3 hack story is a great example of badly implemented cryptography which is as important as the choice of the security controls used to protect an asset.


    The start of an answer from Sony, which seems to indicate they did not grasp the severity of the issue when first announced about a week ago
    >>[READ MORE]

    An update on my XOR-Sum Uniqueness Cryptanalysis attack

    I have updated the information I wrote about what I consider to be a potentially new type of cryptanalysis attack.

    Although the described attack is relevant to my BUGS algorithm, it could also be used to attack any algorithms using some type of Cipher Block Chaining (CBC) or Cipher Feedback (CFB) mode of operation, in fact, any algorithms using a XOR function between plaintext blocks as part of their encryption process.

    The explanation assume the reader is familiar with the different block cipher modes of operation. Although I start with a simple example, it helps setting the context for which the final attack could be in theory applied to: any XOR operations.

    For more information on my theoretical Unrestricted XOR-Sum Uniqueness Cryptanalysis attack, please ...
    >>[READ MORE]

    New Version of Truecrypt

    Truecrypt is a tool I have been using for a while, it is a great product and… free!

    It allows for full disk encryption, being your desktop hardisk or a USB stick.

    A new version has just been released, version 7, and it now provides:
    – Hardware acceleration
    – Auto-mount (windows)
    – Security improvements related to windows hibernation files

    Its main features are:
    – Creates a virtual encrypted disk within a file and mounts it as a real disk.
    – Encrypts an entire partition or storage device such as USB flash drive or hard drive.
    – Encrypts a partition or drive where Windows is installed (pre-boot authentication).
    – Encryption is automatic, real-time (on-the-fly) and transparent.
    – Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
    – Encryption can be hardware-accelerated on modern processors.
    – Pro...
    >>[READ MORE]