XOR Encryption Posted By Elrond Exclusive-OR encryption, while not a public-key system such as RSA, is almost unbreakable through brute force methods. It is susceptible to patterns, but this weakness can be avoided through first compressing the file (so as to remove patterns). Exclusive-or encrytion requires that both encryptor and decryptor have access to the encryption key, but the encryption algorithm, while extremely simple, is nearly unbreakable. Exclusive-OR encrytion works by using the boolean algebra function exclusive-OR (XOR). XOR is a binary operator (meaning that it takes two arguments - similar to the addition sign, for example). By its name, exclusive-OR, it is easy to infer (correctly, no less) that it will return true if one, and only one, of the two operators is true. The truth table is as follows: A B A XOR B T T F T F T F T T F F F (A truth table works like a multiplication or addition table: the top row is one list of possible inputs, the side column is one list of possible inputs. The intersection of the rows and columns contains the result of the operation when done performed with the inputs from each row and column) The idea behind exclusive-OR encryption is that it is impossible to reverse the operation without knowing the initial value of one of the two arguments. For example, if you XOR two variables of unknown values, you cannot tell from the output what the values of those variables are. For example, if you take the operation A XOR B, and it returns TRUE, you cannot know whether A is FALSE and B is TRUE, or whether B is FALSE and A is TRUE. Furthermore, even if it returns FALSE, you cannot be certain if both were TRUE or if both were FALSE. If, however, you know either A or B it is entirely reversible, unlike logical-AND and logical-OR. For exclusive-OR, if you perform the operation A XOR TRUE and it returns a value of TRUE you know A is FALSE, and if it returns FALSE, you know A is true. Exclusive-OR encryption works on the principle that if you have the encrypted string and the encryption key you can always decrypt correctly. If you don't have the key, it is impossible to decrypt it without making entirely random keys and attempting each one of them until the decryption program's output is something akin to readable text. The longer you make the encryption key, the more difficult it becomes to break it. The actual way exclusive-OR encryption is used is to take the key and encrypt a file by repeatedly applying the key to successive segments of the file and storing the output. The output will be the equivalent of an entirely random program, as the key is generated randomly. Once a second person has access to the key, that person is able to decrypt the files, but without it, decryption is almost impossible. For every bit added to the length of the key, you double the number of tries it will take to break the encryption through brute force. C++ uses ^ for bit-level exclusive-OR. To encrypt a single character you can use char x=x^key; if you have a key of one byte. To encrypt a string of characters with a longer key, you can use something akin to the following code: #include int main() { char string[10]="A nice cat"; char key[10]="ABCDEFGHIJ"; for(int x=0; x<10; x++) { string[x]=string[x]^key[x]; cout< } return 0; } The program encrypts each character in the string using the ^ bit operator to exclusive-OR the string value with the key value for each character.

Simple Data Encryption Posted By drew {Simple Data Encryption} By:{The Leftist} Prologue: Well, it's been awhile since I've done one of my activities files. This time I've switched from chemistry to electronics. Hopefully, I will be writing more files similar to this one. Also, I have devised a more sophisticated encryption device, which I may release in the future Do you run a BBS, living in fear that the "feds" are gonna log on, and fool you into giving them a password? Do you wish that you could limit exactly WHO logs onto your board? Well, this file is just for you.. Parts: 1:9 volt battery 1: 74hc/hct04 cmos hex inverter Some basic knowledge of electronics might help, and some wire would be helpful too. If you want to be fancy you can even splurge and get a 9 volt connector. Note: Although it is not required that you put this on an etched PC board, you can do this quite easily, and it makes for a much cleaner job. Ok, the basic idea behind this scheme is this: Data coming to and going from your modem is translated as 1's and 0's. This represents highs and lows, which translate out to code which your computer recognizes as valid data. Now, if you could switch all those 1's to 0's, and 0's to 1's, then you would have a simple way of encrypting your data. That's exactly what the hex inverter does. If it sees a 0, it makes it a 1. If it sees a 1, it makes it a 0. So, what you want to do is have an inverter on your send line, and an inverter on your receive line. The computer you are connected to must also have inverters on its send and receive, or all you will see will be garbage! I tried to be as non-technical as possible in this for all you non-technical types out there. Connections: Hold the chip, and look at it. There should be a little notch in one end. Hold it as illustrated in the schematic: (80 columns) ______________________________ | | 14 13 11 12 10 9 8 | | | | | | | | | __________________ | | | |_ to positive on battery \ 74hc/hct04 | / | |__________________| to negative on battery | | | | | | | | 1 2 3 4 5 6 7______________| | | | | | | | |_________________________________to computer port | | |_______________________________from modem | |________________________________________________to modem conn. |________________________________________________ from computer port Ok, hook the + 9volts up to pin 14, and the negative up to pin 7. There are 6 inverters on this chip. For this, we will be using only 2 of them. Find the wire coming from your computer to the send data line on your modem. Sever this wire, and hook one side of it to pin 1. Hook the other end of it to pin 2. Next, find the receive data line, and sever it. Hook one end of it to pin 3, the other end to pin 4. That's about it.. if you want to use the other inverters on the chip, here's the complete pinouts. Pin# Name and function ---- ----------------- 1,3,5,9,11,13 Data inputs --------------------------------- 2,4,6,8,10,12 Data outputs --------------------------------- 7 Ground --------------------------------- 14 VCC --------------------------------- Remember, that your BBS modem must have one of these devices on it, as well as the user calling. I have tested this on Smartmodems, and it does work. If you have an internal modem, this may be a little difficult for you. X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: The NIRVANAnet(tm) Seven & the Temple of the Screaming Electron Taipan Enigma 510/935-5845 Burn This Flag Zardoz 408/363-9766 realitycheck Poindexter Fortran 510/527-1662 Lies Unlimited Mick Freen 801/278-2699 The New Dork Sublime Biffnix 415/864-DORK The Shrine Rif Raf 206/794-6674 Planet Mirth Simon Jester 510/786-6560 "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

HASH and MD-5 Posted By drew HASH is a yet another layer of security added to the encryprtion system in order to ensure the greatest possible algorithm protection, MD-5 algorithm (Message Digest) was utilized using one way HASH value to farther encrypt messages. By no means HASH system is the absolute security. Although it is truly one way system, the fact of the extensive usage of hexadecimal characters in the HASH system leads to the repeatement of certain types of characters over a period of time. In fact every four characters are repeated per every 248 or so characters, but the algorithm structure and utilization makes it almost impossible to predict the original message string as well as reverse engineer the message itself. HASH works by utilizing the HASH hexadecimal value, and overwriting the original message with it. The formula is simple: h == (H(m))^k In other words, final string h equals to the added HASH value of H, multiplied by the message m and finally taken to the power of the key if one exists. In each HASH value bits are rotated left by one or two, cycling the amount of redundancy to be reduced to a minimal. MD-5, or Message Digest Algorithm is used the most extensively as a common HASHING system for present day's cryptography. MD-5 processes the input text in 512-bit blocks, divided into sixteen 32-bit sub-blocks. The output of the algorithm is a set of four 32-bit blocks, which are concatenated to form a single string of 128-bit hash value. First the message is padded in such way that it is only 64 bits of being complete 512 original value. Padding is achieved by adding a 1 at the end of the message and filling the rest with 0's to achieve the required 512-bit value on which algorithm operates. Then the four 32 bit values are initialized. AS it was stated before MD-5 uses dexadecimal values for its hashing technique. These values are as follow: A: 01 23 45 67 B: 89 AB CD EF C: FE DC BA 98 D: 76 54 32 10 It is easy to see the symmetry of the message, where the AB are exact reversed values of D and C. The main loop begins and continues for as many 512-bit text blocks there are in the message. Although the redundancy of the HASH values of A,B,C and D can be seen as a weakness, non linear functions taking the place virtually elliminate any chance of repeatment along the message lines. For this function MD-5 utilizes N-LFSR algorithm which stands for Non-Linear Feedback Shift Register. Unlike LFSR algorithm, N-LFSR uses four different values of prime numbers, drawn from the IP table: (p^g-1)(q^g-1) -------------- ((p^g)-1)((q^g)-1) By utilizing the following equation, N-LFSR produces a random result with a greater degree of security over most linear algorithms. MD-5 takes this step forward, replacing single numbered variables with it's own HASH values. Notice there are 4 variables in the N-LFSR:p,g,q and -1, which is itself can be used a a modulus of a previously completed function. MD-5 simply substitutes these parameters for its own, producing the following algorithm: (A^B-C)(D^B-C) -------------- ((A^B)-C)((D^B)-C) The result of this equation is rotated to the right and shifted by a number of bits depending on the round. MD-5 is not perfectly secure and it is still vulnerable to a brute force attacks, but the reverse engineering is nearly impossible. -JaCkAl

Simple Cryptology from a Simple Cryptologer Posted By drew %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % What is Cryptography? (The Short Version) % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% "Cryptography is the art and science of hiding data in plain sight." "It is also the art and science of stealing data hidden in plain sight." (both accurate definitions), by Larry Loen Have you ever made secret codes with your friends when you were little? Whether it was number codes where for each letter of the alphabet you substituted a number, or where you made a chart for each of you to translate message... That is a simple form of Cryptography. As far as I can back up Cryptology wasn't widely used until World War I, where actual machines were created for the sole purpose of making messages unreadable to the enemy. Cryptography is the method by which plaintext is encrypted into an unreadable form. The plaintext is the original text, before you altered it to make other people unable to read it. The key, or code, is the actual password/or whatnot you used to make it unreadable. (This is a very simplistic, and not completely accurate view, I apologize for it, and again tell anyone seriously interested to read real hard copy books and papers to explain what it REALLY is). =============================================== = Why is encrypted communications important? = =============================================== In todays electronic communication forums, encryption can be very important! Do you know for fact that when you send a message to someone else, that someone hasn't read it along the way? Have you ever really sent something you didn't want anyone reading except the person you sent it to? As more and more things become online, and 'paperless' communication predictions start coming true, all the more reason for encryption. Unlike the normal U.S. Mail, where it is a crime to tamper with your mail, it can commonly go unnoticed on electronic pathways as your message hops from system to system on its route towards its final destination. Just think, the average internet letter travels at least 2 hops before it reaches you, usually more... Even on public BBS's your mail is usually stored in text, can you be sure someone else isn't reading it? Can you be sure no one has read it at least once before you received a copy? No. You can't. Or how hard would it be for administrators to set up a process to 'grep' (search for known text) all incoming/outgoing mail batches for certain 'catch' phrases. Its not very hard, I assure you. Although most people probably don't do things like this, the threat is there. Thats why you need to encrypt your messages... So you don't allow people to read your private and personal, mail; mail that isn't intended for them. You have the right of privacy, as stated in the Constitution. Thats why cryptography is so key. ========================================= = Different types of Encryption schemes = ========================================= One-Way encryption algorithms: What are they? There are certain Mathametical/Cryptographical Algorithms that will encrypt a string of text/numbers using a complex equation. However, you cannot reverse these equations again (take my word for it, it has to do with pieces of the equation being unknown, purposely lost in the encryption process) A real-life example of One-Way Encryption These types of algorithms are used when they need to compare the text, such as password validation checks. Crypt(), the Unix password validation routine works like this. Your password is used at the key to encrypt a plaintext string of 0s. Then, to verify your password, it tries to encrypt the same string of plaintext with the password you typed in, if they match the original encrypted text, then you have a valid password. (Note: Although you can't reverse this to find out what the original password/key was, you can compare two encryptions to see if its the same key.) The "One-Time Pad" ================== A long string of random numbers are generated/created. Your messages cannot be any longer than the string of random numbers, it may be less however. Your text is encrypted by XOR'ing the bits in relation to the random string of numbers. Bit by bit. So anyone not knowing the original key wouldn't know whether your string, "123" was really "456" or "789" because in fact you and the person your communicating with know its really, "012" (wrap around 9->0) This is the best I can do for this. This is a proven technique and is almost 99% reliably secure. Single-Key Encryption ===================== This is what most non-crypto speak people would understand as an encryption system. You enter one string of characters (or whatnot - The KEY) and encrypt your plaintext with this key. Anyone with knowledge of what this key is can decrypt and read the plaintext you are trying to hide. Public-Key Encryption ===================== This is gaining a large following during the time of this writing with such known programs as RIPEM, PGP, and the availability of RSAREF, a RSA Public Key algorithm libraray. RIPEM, and PGP (Pretty Good Privacy by Phil Zimmerman) are both examples of RSA Public Key systems. There are two distinct parts to a Public key system. The PUBLIC key and the PRIVATE key. o The PUBLIC key is given out to everyone you know who would want to send you an encrypted message. o The PRIVATE key you keep secret and do not disclose to anyone. What happens is User A (Iskra) wants to send a message to User B (John-Draper) so Iskra encrypts a message to John-Draper using John-Drapers public key that was given out at the last HoHoCon. No one except John-Draper has the private key to decrypt the message. So he takes his private key, the counterpart to his public key, and decrypts the message sent to him by Iskra. Viola. He now sees that the new Red Boxes are no longer working because AT&T has cinched up the timing checks. However, Veggie (User C) has intercepted the encrypted message and is trying to figure out what they are talking about. But because he doesn't have John-Draper's private key he cannot read it. A successful use of Public Key Encryption. (There are a LOT of books on this, so this is all I'm going to say) %%%%%%%%%%%%%%%%%%%%%%%%%%%% % Books, Journals et al... % %%%%%%%%%%%%%%%%%%%%%%%%%%%% NOTE: A lot of the 'good' and complete sources of Cryptography and some algorithms are classified by the United States Goverment, However, there are still a decent nunmber I can provide. Also, the NSA has been pushing for legislation to require all encryption schemes to be 'breakable' by them in some way in a reasonable matter of time - Or to put back doors in them/ purposely weaken them so THEY can decrypt your messages. This is a violation of your rights. I hope you would oppose such things. ----------- ** Sources: (Without who I wouldn't have gotten half as far as I have so far.) ----------- by Larry Loen - lwloen@rchland.vnet.ibm.com 11/92) cme@ellisun.sw.stratus.com (Carl Ellison) 11/92) Alec Chambers (jac54@cas.org) mrr@scss3.cl.msu.edu (Mark Riordan) ------------ David Kahn, The Codebreakers, Macmillan, 1967 [history; excellent] H. F. Gaines, Cryptanalysis, Dover, 1956 [originally 1939, as Elementary Cryptanalysis] Abraham Sinkov, Elementary Cryptanalysis, Math. Assoc. of Amer., 1966 D Denning, Cryptography and Data Security, Addison-Wesley, 1983 [ Dorothy Denning, also wrote a paper proposing all public ] [ key systems be required to 'register' their private keys with ] [ the NSA or other agency for decryption should the gov't feel ] [ it necessary ] Alan G. Konheim, Cryptography: A Primer, Wiley-Interscience, 1981 Meyer and Matyas, Cryptography: A New Dimension in Computer Data Security, John Wiley & Sons, 1982. Books can be ordered from Aegan Park Press. They are not inexpensive, but they are also the only known public source for most of these and other books of historical and analytical interest. From the Aegean Park Press P.O. Box 2837, Laguna Hills, CA 92654-0837 [write for current catalog]. The following is a quality, scholarly journal. Libraries may carry it if they are into high technology or computer science. Cryptologia: a cryptology journal, quarterly since Jan 1977. Cryptologia; Rose-Hulman Institute of Technology; Terre Haute Indiana 47803 [general: systems, analysis, history, ...] Gordon Welchman, The Hut Six Story, McGraw-Hill, 1982 (excellent description of his WW-II crypto work (breaking the German Enigma); discussion of modern cryptological implications) Various volumes from Artech House, 610 Washington St., Dedham MA 02026; including: Deavours & Hruh, Machine Cryptography and Modern Cryptanalysis (operation and breaking of cipher machines through about 1955). Deavours, et al., CRYPTOLOGY Yesterday, Today, and Tomorrow (Cryptologia reprints -- 1st volume) Deavours, et al., CRYPTOLOGY: Machines, History & Methods (Cryptologia reprints -- 2nd volume) Cryptologia: a cryptology journal, quarterly since Jan 1977. Cryptologia Rose-Hulman Institute of Technology Terre Haute Indiana 47803 Journal of the International Association for Cryptologic Research (quarterly since 1988). The RSA paper: The Comm. of the ACM, Feb 1978, p. 120 Claude Shannon's 2 1940's papers in the Bell System Tech Journal. Herbert O. Yardley, The American Black Chamber, Bobbs-Merrill, 1931 (1st hand history -- WW-I era) Edwin Layton, "And I Was There", William Morrow & Co., 1985 (1st hand history -- WW-II) W. Kozaczuk, Enigma, University Publications of America, 1984 (1st hand history (Rejewski's) -- pre-WW-II) %%%%%%%%%%%%%%%%%%%%%%%%%%% % Journals, et al % %%%%%%%%%%%%%%%%%%%%%%%%%%% Journal of Cryptology Springer-Verlag New York, Inc. Service Center Secaucus 44 Hartz Way Secaucus, NJ 07094 USA (201)348-4033 $87/year + $8 postage & handling. Published three times a year. Scholarly journal. Cryptosystems Journal Tony Patti, Editor and Publisher P. O. Box 188 Newtown, PA 18940-0188 USA (215)579-9888 tony_s_patti@cup.portal.com $45/year. Published three times a year. Journal dedicated to the implementation of cryptographic systems on IBM PCs. Emphasis on tutorial/pragmatic aspects. Evidently all articles are written by the publisher. FORBIDDEN KNOWLEDGE PO BOX 770813 LAKEWOOD, OH 44107 $18 a year - make check m/o to Darren Smith (editor). Jack Jeffries (cj137@cleveland.Freenet.Edu) says that this is a local publication which has articles on cryptology. That's all I know about it. The Cryptogram Journal of the American Cryptogram Association P. O. Box 6454 Silver Spring, MD 20906 Available by joining the ACA; dues are probably about $20/year by now. Published six times a year. Contains mostly puzzles for you to solve. No techniques invented after 1920 are used, with simple substitution being the most common. Also contains articles on classical cryptosystems, and book reviews. Not a scholarly journal. The Cryptogram Computer Supplement Dan Veeneman P. O. Box 7 Burlington, IL 60109 USA $2.50/issue. Published three times a year for ACA members. Newsletter for computer hobbyist members of the ACA. The Public Key George H. Foot, Editor Waterfall, Uvedale Road Oxted, Surry RH8 0EW United Kingdom (Cost unknown.) Magazine devoted to public key cryptography, especially amoungst personal computer owners. [Note that RSA's patents do not apply in Europe, hence the existence of this magazine.] %%%%%%%%%% % OTHER % %%%%%%%%%% There is a publication called the "Surveillant" (6 issues/year, $48.00) which announces new acquisitions and has some news from the intelligence field. Each issue comes with a check-off order form for books announced in that issue. It can be contacted at: Surveillant, Lock Box Mail Unit 18757 Washington, DC 20036-8757. ============================================================================== I'd highly recommend if you have the time and access to follow the Usenet groups as they have a wealth of information. Also, reading the sci.crypt FAQ, and the few online publications including Dorothy Dennings work will help you gain a better understanding. In fact, probably better than my hack job. Exeunt. Anyone who wishes to correct, add to, or talk about this file may feel free to contact me at the internet address above, or BBS below. End of File - 12/15/92 - Dave Ferret - Rights? I have rights? ============================================================================== Do something useful, call The Works BBS: +1 617 861-8976 - cDc "We're in it for the money and the girlies"