Latest Posts
Exhibit 4 - A Glimpse of Chaos
jhll
Replies: 1
Replies: 1
Jeff Hill's new paper on Byrne's machine
osric
Replies: 12
Replies: 12
Crypto challenge: from Cipher Deavours col…
tenpanaris
Replies: 2
Replies: 2
Composite Cycles
jhll
Replies: 0
Replies: 0
Progress Report #14 on the Chaocipher Clea…
mosher
Replies: 0
Replies: 0
Active Users
4 users online in the past 15 minutes (0 Members · 4 Guests · 0 Anonymous)
Converting To Zetaboards
Posted by Revelation (Admin) at Apr 28 2008, 04:18 PM. 11 comments
Recently I discovered that Invisionfree has been hacked and that many boards have been lost. Fortunately, the Crypto Forum prevailed
Because IF is very unstable now, we've got an option to convert this forum to a ZetaBoard. This is another free (and non-commercial) service. Okay, I thought, let's read some more.
So I read the wikipedia article:
Automatic conversions
Now I am not sure what to do. Shall we convert now, or wait for an automatic conversion?
Because IF is very unstable now, we've got an option to convert this forum to a ZetaBoard. This is another free (and non-commercial) service. Okay, I thought, let's read some more.
So I read the wikipedia article:
- Quote:
Automatic conversions
Now I am not sure what to do. Shall we convert now, or wait for an automatic conversion?
The New Antispam System + Ads Removed
Posted by Revelation (Admin) at Jan 15 2007, 05:32 PM. One comment
Due to the latest spam attacks on our nice little community I created my own (well with a little help from the Trusted Members ;)) antispam system. Mark my words, those spam attacks will never happen again. At least, I hope so.
What did I do? I created a new user group, the "New Members", which cannot post. Everyone who wants to register to the forum gets in this group. Those people can read the "Activating Posting Abilities" forum in which there is a puzzle. If you solve the "very simple but too hard for spambots" puzzle and PM me the answer, you get promoted to Member and you can post in the other subforums from that time on.
What happens to the current members?
Invision left me no other choice than to put them all in the New Members group. But if you have more than one post, you are automatically promoted to Member if the system works. If you are a registered member with more than one post and if you cannot post, please PM me and I will fix it.
The puzzle is available now.
Thank you.
Edit: I have also bought Ad Removal for this forum, so that members won't get those annoying Google ads.
~Revelation
What did I do? I created a new user group, the "New Members", which cannot post. Everyone who wants to register to the forum gets in this group. Those people can read the "Activating Posting Abilities" forum in which there is a puzzle. If you solve the "very simple but too hard for spambots" puzzle and PM me the answer, you get promoted to Member and you can post in the other subforums from that time on.
What happens to the current members?
Invision left me no other choice than to put them all in the New Members group. But if you have more than one post, you are automatically promoted to Member if the system works. If you are a registered member with more than one post and if you cannot post, please PM me and I will fix it.
The puzzle is available now.
Thank you.
Edit: I have also bought Ad Removal for this forum, so that members won't get those annoying Google ads.
~Revelation
Aca Cons In Digital Format
Posted by rot13 (Trusted Member) at Sep 1 2006, 03:51 PM. 5 comments
For those of you who are ACA members, there is a mailing list where you can get the cons digitally. You'll need your recent copy of The Cryptogram handy to sign up for it, since the members area of cryptogram.org is now password-protected using the first 7 letters of the A-1 cryptogram.
Trusted Members
Posted by Revelation (Admin) at Jul 12 2006, 04:08 PM. 2 comments
Well, our forum seems very popular... that is, for spammers
To battle this I made up the following plan (I had this plan in mind a long time ago actually): the highest posting members get a new status: trusted member. What does this mean? It means they have the ability to edit/delete other people's posts.
The three people selected are Donald, insecure and rot13. They will be the clean-up team
Note: this doesn't mean that you have to do this, only if you want to. So it is not like being a moderator. You just have the power, use it at free will, and use it wisely. I think I can trust you with this.
~ Revelation
To battle this I made up the following plan (I had this plan in mind a long time ago actually): the highest posting members get a new status: trusted member. What does this mean? It means they have the ability to edit/delete other people's posts.
The three people selected are Donald, insecure and rot13. They will be the clean-up team
Note: this doesn't mean that you have to do this, only if you want to. So it is not like being a moderator. You just have the power, use it at free will, and use it wisely. I think I can trust you with this.
~ Revelation
Happy Anniversary :d
Posted by Revelation (Admin) at Jul 8 2006, 08:53 PM. 4 comments
Well, the forum exists for almost a year now.
And look what happened in a year: we have got nice members and awesome challenges! So, I want to thank you (again) for joining this forum and making it what it is now.
But... I have also got a question. Do we want the forum to stay this way? I mean, being small or do we want to expand? A way of accomplishing that is to change the url into something more obvious, like http://www.cryptoforum.com/. Unfortunately, I don't have the money for that, so I'd need a sponsor.
Maybe there are some other things that you like / dislike. Please post them
Again, happy anniversary
And look what happened in a year: we have got nice members and awesome challenges! So, I want to thank you (again) for joining this forum and making it what it is now.But... I have also got a question.
Do we want the forum to stay this way? I mean, being small or do we want to expand? A way of accomplishing that is to change the url into something more obvious, like http://www.cryptoforum.com/. Unfortunately, I don't have the money for that, so I'd need a sponsor.Maybe there are some other things that you like / dislike. Please post them
Again, happy anniversary
Automat Machine For Cryptography
Posted by student (New Members) at Jun 20 2006, 04:44 AM. 0 comments
hi everybody,
I have just read some documents of public key coding which not used RSA.
It used Automat machine for coding.
I don't know that if it is new research in cryptography.
Can you tell me some evidence of its appearances?
I have just read some documents of public key coding which not used RSA.
It used Automat machine for coding.
I don't know that if it is new research in cryptography.
Can you tell me some evidence of its appearances?
Lurkers Of The Forum, Unite!
Posted by insecure (Trusted Member) at Apr 11 2006, 10:30 PM. 5 comments
I've seen Rev, rot13, and Donald lurking here today.
Everyone is keeping very quiet!
Everyone is keeping very quiet!
Activity
Posted by Revelation (Admin) at Mar 24 2006, 07:44 PM. 8 comments
Hi there members,
Since there haven't been any posts in a long while, I want to bring this forum back to life. So.. if anyone has a challenge, please post it!
I know you are all probably very busy these days, the same thing goes for me. But if you find some spare time, don't be afraid to post a challenge.
Your beloved admin ;),
Revelation
Since there haven't been any posts in a long while, I want to bring this forum back to life. So.. if anyone has a challenge, please post it!
I know you are all probably very busy these days, the same thing goes for me. But if you find some spare time, don't be afraid to post a challenge.
Your beloved admin ;),
Revelation
Sha-1 - Compromised Security
Posted by cows (New Members) at Dec 19 2005, 08:49 PM. 5 comments
Recently – as most of us know - the security provided by the MD5 hash has been broken. This tremendous achievment was performd by a Chinese cryptographer called, Xiaoyun Wang.
This is not a new thing although it has destroyed the security provided by the hash and forced people to use other hashes to provide security. Well – yet again, Wang has hit the world of cryptography hard and strong by breaking the SHA-1 hash, another hash used by many to ensure security over the internet.
SHA stands for ‘Secure Hash Algorithm’. Hash Algorithms are mathematical procedures that ‘engulf’ a message – be it a 8 letter password or a 20 page essay – and produce a fixed length of 1’s and 0’s. This is done by mixing up bits from the message with other bits chosen at random and then distilling the resulting string of bits down to a particular length.
These ‘hash algorithms’ or ‘hash functions’ are used in nearly every aspect of digital security nowadays and are supposed to be the most secure way to encrypt anything over the internet.
They are used to secure your passwords that give you access to computers, your email, secure websites. They enable digital signatures to be used to authenticate messages and their senders, are used for time-stamping legal, financial and copyright-sensitive documents, for checking that software has not been tampered with, to authenticate secure websites before credit card numbers are typed in and transmitted and even to generate random numbers for encryption keys.
Meanwhile, cryptographers sprinkle them liberally thoughout their protocols to add some more security at every stage.
MD5 is the hash that she broke last year, devised by Ronald Rivest in 1991, used mainly in older applications now but used to be very popular (until she broke it).
SHA-1 is the hash that she has just broken, the pinnacle of computer security. The algorithm was invented and endorsed by the NSA (National Security Agency) in 1995 and used in a mass of security applications (look above). This is used in the latest and most secure applications as it has been thought safe, evidently not.
These two are massively popular because it makes in extremely difficult (cryptographers call it ‘computationally unfeasible’) to recreate the starting message exactly from it’s hash. This is obviously a desirable factor for those who want uncomprimisable security for extremely sensitive messages. The second factor is the fact that it is ‘computationally unfeasible’ to find two messages with exactly the same hash.
Those messages that do end up having the same hash - this is because of the relatively short length of the hash, MD5 for instance is an 128-bit hash – are said to ‘collide’ The hash algorithm makes it practically impossible, given todays computer power, for anyone to find a collision, and thus enable the message open to tampering, by random guessing or by brute forcing.
For MD5 it would take an average of 2^64 guesses to find a collision. For this article ‘2^64’ means ‘2 to the power of 64’.
To put this into a bigger perspective: 2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2
or better yet - 188446744073709551616 guesses to find a collision
SHA-1 hashes are longer and it would take an average of 2^80 guesses to find a collision or:
2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2 guesses – or better yet – 1208925819614629174706176 guesses to find a collision
This would take millions of millions of years to compute, or that is what everybody thought – Wang has just rewritten the numbers, and proved us all wrong.
She did it by examining what happens to strings of data at different stages of the algorithm. As the message goes through the different mathematical procedures, as it’s bit string is rewritten at every different stage of the algorithm. If you put two messages thrugh the system and watch how they change at each step – you can get a mathimatical ‘feel’ for the kind of bit strings that will result in a collision.
Wang has found that just finding the path to a collision is enough to break some algorithms – She broke SHA-0 (SHA-1’s predecessor) in exactly this way in 1997 with 2^58 computations, just by mapping out the collision paths.
This is not an immediate threat – noone has yet managed to compute a collision for SHA-1 such as they have for MD5 and other compromised hashes, but it is inevitable that it will happen and we are in for a shock when it does – nothing will be safe.
At the moment – the safest thing to do is to change our security to SHA-256, an algorithm created by the NSA to replace SHA-1 by 2020. We will not be in too much trouble – until Wang breaks this – then we may be hitting the fan and all our secrets may not be secret at all.
In the last 18 months five hashes have been broken - the question i shall leave you with is: Are hashes really safe? Should we use a different system
sources: 'New Scientist 17th December 05'
This is not a new thing although it has destroyed the security provided by the hash and forced people to use other hashes to provide security. Well – yet again, Wang has hit the world of cryptography hard and strong by breaking the SHA-1 hash, another hash used by many to ensure security over the internet.
SHA stands for ‘Secure Hash Algorithm’. Hash Algorithms are mathematical procedures that ‘engulf’ a message – be it a 8 letter password or a 20 page essay – and produce a fixed length of 1’s and 0’s. This is done by mixing up bits from the message with other bits chosen at random and then distilling the resulting string of bits down to a particular length.
These ‘hash algorithms’ or ‘hash functions’ are used in nearly every aspect of digital security nowadays and are supposed to be the most secure way to encrypt anything over the internet.
They are used to secure your passwords that give you access to computers, your email, secure websites. They enable digital signatures to be used to authenticate messages and their senders, are used for time-stamping legal, financial and copyright-sensitive documents, for checking that software has not been tampered with, to authenticate secure websites before credit card numbers are typed in and transmitted and even to generate random numbers for encryption keys.
Meanwhile, cryptographers sprinkle them liberally thoughout their protocols to add some more security at every stage.
MD5 is the hash that she broke last year, devised by Ronald Rivest in 1991, used mainly in older applications now but used to be very popular (until she broke it).
SHA-1 is the hash that she has just broken, the pinnacle of computer security. The algorithm was invented and endorsed by the NSA (National Security Agency) in 1995 and used in a mass of security applications (look above). This is used in the latest and most secure applications as it has been thought safe, evidently not.
These two are massively popular because it makes in extremely difficult (cryptographers call it ‘computationally unfeasible’) to recreate the starting message exactly from it’s hash. This is obviously a desirable factor for those who want uncomprimisable security for extremely sensitive messages. The second factor is the fact that it is ‘computationally unfeasible’ to find two messages with exactly the same hash.
Those messages that do end up having the same hash - this is because of the relatively short length of the hash, MD5 for instance is an 128-bit hash – are said to ‘collide’ The hash algorithm makes it practically impossible, given todays computer power, for anyone to find a collision, and thus enable the message open to tampering, by random guessing or by brute forcing.
For MD5 it would take an average of 2^64 guesses to find a collision. For this article ‘2^64’ means ‘2 to the power of 64’.
To put this into a bigger perspective: 2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2
or better yet - 188446744073709551616 guesses to find a collision
SHA-1 hashes are longer and it would take an average of 2^80 guesses to find a collision or:
2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2x2 guesses – or better yet – 1208925819614629174706176 guesses to find a collision
This would take millions of millions of years to compute, or that is what everybody thought – Wang has just rewritten the numbers, and proved us all wrong.
She did it by examining what happens to strings of data at different stages of the algorithm. As the message goes through the different mathematical procedures, as it’s bit string is rewritten at every different stage of the algorithm. If you put two messages thrugh the system and watch how they change at each step – you can get a mathimatical ‘feel’ for the kind of bit strings that will result in a collision.
Wang has found that just finding the path to a collision is enough to break some algorithms – She broke SHA-0 (SHA-1’s predecessor) in exactly this way in 1997 with 2^58 computations, just by mapping out the collision paths.
This is not an immediate threat – noone has yet managed to compute a collision for SHA-1 such as they have for MD5 and other compromised hashes, but it is inevitable that it will happen and we are in for a shock when it does – nothing will be safe.
At the moment – the safest thing to do is to change our security to SHA-256, an algorithm created by the NSA to replace SHA-1 by 2020. We will not be in too much trouble – until Wang breaks this – then we may be hitting the fan and all our secrets may not be secret at all.
In the last 18 months five hashes have been broken - the question i shall leave you with is: Are hashes really safe? Should we use a different system
sources: 'New Scientist 17th December 05'
Announcement: Official Vigenère Tutorial
Posted by Revelation (Admin) at Oct 6 2005, 02:30 PM. 14 comments
Since the major success of Donald's Vigenère tips, I have decided to make an official one together with you. This will be posted (and pinned) in the General section of Cryptanalysis. I will soon post a first version.
Board Statistics
 |
Total Forum Posts: 2,850 Total Members: 1,534 (The newest member is TPatton) Feb 14 2007, 05:26 PM, a record 87 users were online. |
5:40 AM Nov 21
