Kryptor for Linux released
|
View:
New views
7 Messages
—
Rating Filter:
Alert me
|
 |
Kryptor for Linux released
by Angelo-18
::
Rate this Message:
About:
Kryptor is a graphical tool to encrypt files using the algorithm ARCS-256 by Rosiello Security. It is also possible to erase files by overwriting data with a pseudo-random sequence of bytes iterated three times, which will make data recovery a very complex operation. Requirements: Linux+KDE. Home Page: http://www.rosiello.org Download: http://freshmeat.net/redir/kryptor/61572/url_tgz/kryptor-0.1.tar.gz Angelo Rosiello, Rosiello Security |
|
|
Re: Kryptor for Linux released
by Gilbert Fernandes
::
Rate this Message:
> Kryptor is a graphical tool to encrypt files using the algorithm
> ARCS-256 ^^^ ARCS is a simple stream cipher. The key generation is done using MD5 and MD5 is today considered to be pretty weak and to be avoided if possible unless it is _strictly_ used for hashing purposes (and honestly, if you do need hashing for anything else that checking a download has been done properly with no corruption, please move to something better like RIPEMD-160 or SHA-256). This "cipher" is using as base a hashing method. It can be done of course, and there are plenty examples of transforming hashing into cipher (this requires modifications..) and the MD5 being pretty weak today, using it for a cipher is a bad idea. Don't use a cipher whose strenght is resting on MD5. Honestly, who is going to use a cipher which is under copyright and can't be used freely and is based on MD5 which is to be avoided as much as possible for hashing purposes (unless you only need it to check for corruption) and especially for any cipher. No cryptoanalyst or cryptographer has spent or will spend any time over this algorithm. We have AES-256 which has been extensively cryptoanalyzed by the best public cryptographers in this world and which is freely available for any use. I strongly suggest to avoid ARCS and keep with properly cryptoanalyzed ciphers : AES, Blowfish, Cast, Twofish.. The publication of this so called "cipher" on Packetstorm also shows this : "... The authors hope that someone will try to break this cipher and welcome all attempts and added research. Be forewarned, commercial use of this algorithm is forbidden without the Authors' consent." Yeah. Sure. Everybody is going to move from good ciphers that went under years of cryptoanalysis for a cipher which is based on MD5 considered almost broken for hashing, and be restricted in any commercial use ? This should be a joke. Even more fun : "If you successfully crack this file that was encrypted with A.R.C.S., Packet Storm will send you a free t-shirt..." Get a life please. Stop trying to do crypto. You've got one foot in the snake-oil square and another one on a broken tile with a deep hole below. Offering people to "break" something does not prove anything. Because no one breaks it only means one thing : no one care to break it. Do you believe cryptographers with years of knowledge and work are going to do a cryptanalysis of that "cipher" for a t-shirt ? You'd have to pay them several hundred of dollars per hour for any serious cryptanalysis work and honestly they would not even do it knowing it's resting upon MD5. Do not use ARCS. Keep to AES, Blowfish and go subscribe yourselves to Bruce Schneier's excellent Cryptogram. This ARCS ballon is so full of air we should tell Bruce about it so he'll explain better in the next Crytogram. Sorry for being rude to the ARCS authors but I'm fed of pseudo-crypto attemps and BS. -- unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep |
|
|
|
|
|
Re: Kryptor for Linux released
by Byron Sonne
::
Rate this Message:
> Before saying something is insecure I suggest you to prove it.
The game doesn't work that way ;) Burden of proof is on the person proposing the algorithm or technique. |
|
|
Re: Kryptor for Linux released
by Rik Bobbaers
::
Rate this Message:
On Wednesday 23 November 2005 23:41, angelo@... wrote:
> The algorithm ARCS-256 bits is not vulnerable, in the way of feasible > attacks, to MD5 collisions. If you want try to make an analysis of the > algorithm so you can notice it. However the white paper of the algorithm > will be released soon. > Before saying something is insecure I suggest you to prove it. before calling something secure, i would suggest picking up a coding tutorial... that extremeftpd looks... well.. horrible (it is (if possible) worse than raveftpd) msg.c is the same "stupidity" all over again, it used to be: len = vsnprintf (buf, strlen(buf),"%s", bla); buf[len] = '\0'; and much more! and you suggest we should trust THAT software is secure??? get real! pretty neat tough... i informed them about a dozen bugs in their ftp daemon, and NO appreciation at all... this means, i'm not gonna disclose any bugs i find (believe me, this was just the beginning, there is absolutely no reason to use rosiello software... more holes than cheddar cheese ;)) -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 Rik.Bobbaers@... -=- http://harry.ulyssis.org Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm |
|
|
Re: Kryptor for Linux released
by Gilbert Fernandes
::
Rate this Message:
> and much more!
I have been discussing with Angelo in private and I told him there are too many beginner mistake in their source, and that even if the algorithm is safe (which I doubt but I am not saying I can be surprised) the security can be broken by improper implementation. I told Angelo that if his paper did not present the algorithm and why it had been designed this way, with a differential, then linear then differential-linear attack attempts and a full cryptanalysis of a reduced-round version of their "cipher", no serious cryptographer would review it. Code review is not free if you want quality. It can be free if everyone will benefit from it, like the BSD or Linux communities have shown to everyone. AES has been developed in competition with a lot of ciphers from some very big and clever companies (well.. in fact.. watching back how some ciphers got broken in the very first AES conference inspires doubt on how big or serious some of those companies are.. hum..). So we got AES (but others too) which have been available for years and have suffered with success for most various attacks attemps and reduced-round cryptanalysis. No cipher should be advised unless it's been out for YEARS and had not shown weakness with all new attack techniques. This is not the case of Angelo's proposition. I dont think whatever the value of their proposed cipher is that it can offer better status than a free to use public cipher which has been today under several years of cryptanalysis from renowed and widely known cryptographers that participated to the AES NIST development. Blowfish.. or Twofish are very impressive. And Blowfish has been out for _years_ and is seen as a very good cipher (just study the key preparation part of it). Below some anwers I sent to Angelo while discussing in private. ----8>----8>----8>----8>----8>----8>----8> [ November, 24th 2005 ] > The algorithm ARCS-256 bits is not vulnerable, in the way of feasible > attacks, to MD5 collisions. No serious cryptographer will ever (or has even in the past) said of an algorithm that it is invulnerable. Cryptography is only a protection against time and the only mathematically cipher proven to be invulnerable is the one time pad if : 1. they key has the same length of the message 2. the key is random (really random) 3. the key is never, ever used more than once > If you want try to make an analysis of the algorithm so you can > notice it. The source code is full of exploitable buffer overflows and serious C mistakes. Even if the algorithm would be good (which I doubt knowing it's strength is based on MD5) a proper implementation is very difficult, Angelo. You can have a very good cipher, and because you made a single mistakes in implementation or the random source is not good enough, the whole falls down. > However the white paper of the algorithm will be released soon. > Before saying something is insecure I suggest you to prove it. [...] I hope you do understand that in the cryptography world, it is not up to people that make remarks to you to prove anything. If you want to propose a new cipher, you have to use mathematics and proper presentation to have any slight chance of serious cryptographers to have a look at it. They are paid for some over several hundred dollars per hours for their expertise. Don't expect them to work for free unless the algorithm will be free and will benefit everyone, like the Rijndael AES is. [...] If you want public cryptanalysis of your work, then your work has to be properly presenter like Blowfish or AES has been, and it must be resistant to all known attacks with proof you have to publish : differential cryptanalysis, linear cryptanalysis and differential-linear cryptanalysis. You have to present the full cryptanalysis of a reduce-round variant of your cipher. Please check all papers about the AES, the attacks, the reduced- round variant and everything that has been done in the development of the AES. If you do the same, then you will have a chance that serious cryptanalysts will review your work. I will always welcome interesting work but if you don't work by the rules of the cryptographic community, you won't get any consideration. Godspeed, Angelo. ----8>----8>----8>----8>----8>----8>----8> [ November, 26th 2005 ] The problem is you posted an email to a security list to tell people how great your product is. This is wrong. First you have to publish your work. And if after YEARS of cryptanalysis your product does resist to all known attacks and shows relatively good resistance to tempering or some attacks (sideway attacks, power analysis attacks) then people might start to give trust to your work. A cipher which has not been in the field and studied for years is worth nothing. I am waiting for your paper. And I hope I will find inside of it the reasonning of it's construction, differential, linear and differential-linear cryptanalysis and a full cryptanalysis of a reduced-round variant. I want to check if there are weak keys or not and how exactly the MD5 (which is considered as _broken_ for hashing today) has been choosed for your work. [...] ----8>----8>----8>----8>----8>----8>----8> So let's wait for the paper and check it. The strange thing about a lot of errors that can be found in the sources files is that many would have been found by using freely available C source checkers... :/ I hope Angelo that you are not trying to push low-grade crypto around. You only got one name and surname for the rest of your life, and if you burn it that way, you will be remembered as such by the crypto community, and the whole Internet. Now no one is going to bash you Angelo without facts. So show us a properly written paper about your crypto work, and make it the same quality level as papers that have presented other works like AES or Blowfish and respected algorithms. You will get hints, ideas to get it better. If it's worth it. Let's not be to harsh on Angelo and let's wait for more facts. -- unzip ; strip ; touch ; grep ; finger ; mount ; fsck ; more ; yes ; fsck ; umount ; sleep |
|
|
|
| Free Forum Powered by Nabble | Forum Help |
