Sci.crypt Can Not Break Cryptosms

Welcome to Crypto. We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Pages:
1
2

Sci.crypt Can Not Break Cryptosms; after long time nobody cracks cryptosms
Topic Started: Aug 29 2005, 08:56 PM (394 Views)
poster@use.net	Aug 29 2005, 08:56 PM Post #1
Unregistered	THIS CHALLENGE WAS POSTED TO SCI.CRYPT ON JUNE 14TH 2005: Since I'm a CryptoSMS user, I am very curious just how clever Mr Ashwood is. Attached below are three CryptoSMS messages, all of which are encrypted with the same passphrase and all of which contain the same clear text. Mr Ashwood, would you please crack these and post the contents for all to see? It should be easy since you have 3 individual messages which are all internally identical. Good luck. ??31m3dH-zpJ2ta8zI07sFm5o-UX5wrMwKtUOGffGoqz98P7RrUE0bNu4Yu0Sue-ZdUaNXK000?? ??31SdibaVtKZ=50U74hLnQYg558NM=dopXVivzD5LOu1XQFqYIC1IK-6O1G7LQaRBbL41G000?? ??31jKvmpN7DsULlMlD9ojQbe17m3R8eA8FL51HM1vln=zB3GkwtRBjcp3wS-2wRmcatMXK000?? POSTER@USE.NET <42ae6423_1@newsgate.x-privat.org> ==================== AFTERWARDS, ONE OF THE SCI.CRYPT EXPERTS (AND GOVT SPY) SAID: From: "Joseph Ashwood" <ashwood@msn.com> Subject: Re: crypto sms Message-ID: <dJ5ue.882$N22.328@newssvr21.news.prodigy.com> NNTP-Posting-Host: 67.118.12.39 NNTP-Posting-Date: Wed, 22 Jun 2005 00:23:37 EDT Organization: SBC http://yahoo.sbc.com Certainly. Assuming a common passphrase length of around 20 characters, and assuming it is English, this will have 20-30 bits of entropy, MD5 will be enough to uniquely identify each of these, and MD5 can be effectively reversed under these circumstances in under 1 hour. This will yield the entire original passphrase, leading immediately to a complete compromise. So 1 hour. ==================== IN ALL THAT TIME SINCE JUNE 14TH, HE HAS BEEN WORKING FEVERISHLY TO CRACK CRYPTOSMS, WITHOUT SUCCESS. HAS 1 HOUR PASSED YET? CRIMINALS WHO NEED STRONG ENCRYPTION TO AVOID PROSECUTION SHOULD VISIT CRYPTOSMS.COM TODAY!
Unregistered


Revelation	Aug 29 2005, 10:25 PM Post #2
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	This sounds like a good challenge!
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


Donald	Aug 30 2005, 02:37 AM Post #3
Unregistered	You know, the CryptoSMS guy keeps bringing this back up, over and over and over, and they only result is it keeps reminding me that educated, knowledgable crypto people have grave doubts about the security of CryptoSMS. Go browse Sci.crypt. The facts are simple and obvious, CryptoSMS has no intention of providing their source code, and without the source code, no one on Sci.Crypt feels any need to waste time examining the system any further. Any crypto system that relies on keeping the source code secret is something I would NEVER place my trust in.
Unregistered


Revelation	Aug 30 2005, 09:41 AM Post #4
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	Well, lets fire up the assembler and find their little trick.
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


Cryptonomicon	Aug 30 2005, 10:42 AM Post #5
Unregistered	What I see from reading sci.crypt is a few self proclaimed experts saying they can find a weakness in everything that gets discussed. In all the recent threads and there have been many in which something is called insecure, posters said they had found a break but in the end they could not actually demonstrate it. The identical scenario played out with debates about MD5, CRYPTOSMS, cascading encryption, barcode email, some mystery story, and many other threads. There is clearly no agreement on the strength or weakness of anything cryptographic, and what appear to be highly informed persons often make obviously confused and incorrect pronouncements.
Unregistered


Donald	Aug 30 2005, 12:23 PM Post #6
Unregistered	Quote: posters said they had found a break but in the end they could not actually demonstrate it. The key here is understanding modern cryptanalysis. It's very HARD to actually decrypt modern codes. These aren't simple ciphers. But hard to decrypt does NOT mean it's not broken. Take for example, the Enigma. The Enigma is STILL a pain to break. If someone posted 3 short messages in one of the Enigma ciphers, you would NOT be getting anyone posting the solution. Too much work, and for short messages, almost impossible to do. BUT, certainly, you would acknowledge that Enigma is broken and not secure. IF you were to use the Enigma cipher on a semi-regular basis, and if someone who was sufficiently motivated and had the resources (Say a government, or even a big corp) and really WANTED to read your messages, they could. Enigma is broken because it has weaknesses, not because any crypto expert can break the code in a short period of time. THAT is the modern standard of a "break". If you find a weakness that significantly endangers the security of the code, the code is broken. Think of it like a bridge. If an inspector finds cracks beneath the bridge that endanger it's structure, the bridge is declared unfit for use (broken). This does NOT mean that the inspector can bring the bridge down with a sledgehammer, but you still don't want to be driving trucks over it. Now the claim that CryptoSMS could be broken in an hour may or may not have been exaggerated. I'm an amateur, I don't know enough to judge between the experts on that. What I DO know is that even from my amateur status I can see some worrisome problems with CryptoSMS. It bothers me that they claim expanding the key with different hashes makes a brute force attack more difficult. It doesn't, I just do my brute force attack against the passphrase and use the same hashes to expand it. The entropy in the actual passphrase is what's important. Now, realistically, ASSUMING the user picks a good passphrase, a brute force attack against it is impractical. BUT, that's not the point. There are only two possibilities here. Either the company knows enough about cryptography to realize this statement is deceptive, in which case they are deliberately deceiving gullible clients, and I don't want to do business with them. OR, they are even more ignorant about cryptography than I am, and, again, I don't want to do business with them. And the other issue is that they won't release their source code. Why on earth should I trust them? If I'm paranoid enough to want three layers of modern cryptography, then I'm paranoid enough to wonder if the NSA has paid them a million bucks to install a backdoor. (Great strategy for catching criminals and terrorist that!) And, if I'm not that paranoid, then there is the practical issue that without their source being examined by experts, how do I know they haven't messed up the implementation of these three codes? It's very easy to do that. So, ignoring whether the MD5 weakness would allow CryptoSMS to be broken in an hour or not, You won't find me using CryptoSMS. I'll stick with products that don't make deceptive claims and do expose their source code.
Unregistered


Revelation	Aug 30 2005, 03:32 PM Post #7
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	I find it also strange that they don't release the code. This could indicate that is has weaknesses that are so visible that releasing the code would make it easy to crack the encrypted text.
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


cryptolicious	Aug 31 2005, 06:02 AM Post #8
Unregistered	While open source is nice, there are a large number of encryption products which do not release the source code. In fact, they are in the majority, as almost all the commercial ones are not open source, for example, the biggest browsers (Internet Explorer and Netscape) and the most used operating systems (Windows, in all its incarnations). If you take the time to search the web for commercial and shareware encryptions products you will see that most are not open source. Unwillingness to release the source code is not a sign of weakness. It is only a sign of selfishness. On the issue of brute force attacks, multiple hashes most definitely makes brute force attacks much more difficult. In order to mount a brute force search, you must be able to make test decrypts to see if each pass phrase you are trying is the correct one. To make this trial decryption, you must run all of the hashes. Brute forcing only a single one will not be sufficient, since according to the CryptoSMS web site, all those hashes are used as separate keys to the various ciphers. I am not a CryptoSMS user, in fact, I'm not even an SMS user nor a mobile phone owner but I am still not swayed by people's speculations on these particular weaknesses. Far more convincing would be a demonstration of these cracking techniques. I have read so many claims of being able to "crack PGP" or "crack SSL" or whatever, and to date, none of these have been demonstrable.
Unregistered


Guest	Aug 31 2005, 12:40 PM Post #9
Unregistered	Quote: multiple hashes most definitely makes brute force attacks much more difficult. In order to convert a passphrase into a good key, you hash it multiple times, thousands of times actually, in order to increase the computational expense of a brute force attack. Sending the passphrase through multiple different kinds of hashes is not really any different in concept. It's not a BAD idea, but it isn't actually adding computational time over multiple repeats of the same hash. BUT NOTE, CryptoSMS isn't CLAIMING that they are increasing the computational expense because the brute force attacker will have to repeat the hashes. Allow me to quote directly from the CryptoSMS web page: Quote: Your pass phrase is digested by six different one-way hash functions to produce 1088 bits of unpredictable key material, providing for a very large number of possible keys (3.31e+327). This number is so huge as to make it a formidable obstacle to brute force attacks, which is one of the many advantages to multi-pass encryption. The direct claim here is that the size of the final key makes a brute force attack difficult. But even a crypto amature knows that the size of the final key has NOTHING to do with this. The expense of generating that key from the passphrase is significant, the size of the key is not. We are back to, are they making this claim because they are ignorant, or because they are deliberatly trying to hook in gullible people? Quote: Unwillingness to release the source code is not a sign of weakness. It is only a sign of selfishness. Which would be fine, if they were selling a game, or a word processor. But they aren't, they are selling a cryptography product. Their target audience is paranoids. They are using triple encryption. Their target audience is SUPER paranoids. So, again, if I'm paranoid, WHY would I trust CryptoSMS? Without the source code, there is NO security at all for me, the user, that CryptoSMS doesn't have a fatal flaw, or even worse, a back door. Now, these two objections are EASY for CryptoSMS to fix. Change the claims on the web page. And release enough of the source code so that people can check out the quality of the crypto implementations.
Unregistered


Revelation	Aug 31 2005, 03:55 PM Post #10
Administrator Posts: 386 Group: Admin Member #1 Joined: August 23, 2005	The point is, they are not claiming that it's incrackable. It is crackable, it just takes much time.
	RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN


Guest	Aug 31 2005, 08:26 PM Post #11
Unregistered	Quote: The point is, they are not claiming that it's incrackable. It is crackable, it just takes much time. But they ARE claiming that it takes MORE time to crack it because they expanded the passphrase into a larger key. It doesn't. The time for a brute force attack is based on the entropy in the passphrase, and the computational time required to hash the passphrase into a key. (assuming that the key has more bits than the passphrase that is). And, of course, the time required to test each key. You don't brute force on the key, you brute force on the passphrase, which is almost always weaker. And if the user uses "password" for their passphrase, I'll find it with a dictionary hunt in a few seconds, regardless of how large the final key is.
Unregistered


crack the pass	Aug 31 2005, 11:56 PM Post #12
Unregistered	password searching is an attack that will work on any crypto system, if you are dumb enough to choose "password" as your pass phrase. even pgp won't defend against bad password choices. this is not a weakness in cryptosms. it is a weakness in the usage. really don't see how this demonstrates any weakness at all, with respect to cracking the challenge messages.
Unregistered


Guest	Sep 1 2005, 02:28 AM Post #13
Unregistered	Quote: even pgp won't defend against bad password choices. this is not a weakness in cryptosms.
Unregistered


Donald	Sep 1 2005, 02:32 AM Post #14
Unregistered	Quote: even pgp won't defend against bad password choices. this is not a weakness in cryptosms. I'm sorry, I didn't make myself clear. I wasn't saying that this was a weakness in cryptosms. What I was attempting to point out is that their web page claims that expanding the passphrase into a 1088 bit key makes the code harder to brute force. You could expand it to 2176 bits and it wouldn't make any difference, a brute force attack will be made against the passpharase, not the key, because the passphrase PROBABLY has less entropy than the hashed key.
Unregistered


PulsarSL	Sep 1 2005, 06:11 AM Post #15
Super member Posts: 157 Group: Members Member #7 Joined: September 1, 2005	cryptolicious Aug 31 2005, 06:02 AM While open source is nice, there are a large number of encryption products which do not release the source code. Which probably means they're rather insecure. Look at blowfish; completly open source and hasn't been cracked yet. I'm pretty new at cryptography -- how would you even begin to go about cracking an encrypted message? By hand? Or is there software? Or is it illegal to discuss it here? Thanks PulsarSL



1 user reading this topic (1 Guest and 0 Anonymous)


Go to Next Page
« Previous Topic · Challenges · Next Topic »

Pages:
1
2