| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| Keys That Disappear, Forever?; Much like one time pads maybe. | |
|---|---|
| Topic Started: Jul 11 2006, 09:32 PM (484 Views) | |
| oblivion | Jul 11 2006, 09:32 PM Post #1 |
Oblivious
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
I went to the kitchen to make some coffee a couple of minutes ago and I was thinking about "random" keys to ciphers. Maybe it is old news but the idea struck me to use the html-code from the web that is updated frequently such as cnn.com or similar news-websites. I was thinking about writing an application that uses a book to generate coordinates to the different characters in the clear text. But instead of using books you use websites. The first thing that made me realize that this might not be a good idea is that the receiving part must download the source of the website before it is updated. But there might be some way to use this. I thought that the book never changes so once someone finds out what book you use the secret is no longer safe. Imagine a key that changes depending on what happens out there. I'm still a learner so I'd like comments, good or bad 
|
|
The following statement is true. The previous statment is false. | |
 |
 
|
| Revelation | Jul 11 2006, 09:58 PM Post #2 |
Administrator
|
I've seen a cipher like this that uses a hash made by the google search to encrypt data. After a day or two google refreshes everything and the encrypted data gets lost. It's a nice idea.
|
|
RRRREJMEEEEEPVKLWENFNVJKEEEEEAOLKAFKLXCFZAASDJXZTTTTTTTLSIOWJXMOKLAFJNNKFNXN RAGRBAQEMHIGDJVDSEOXVIYCELFHWLELJFIENXLRATALSJFSLCYTKLASJDKMHGOVOKAJDNMNUITN RRRRLJVEEEEECLYVYHNVPFTAEEEEEMWLMEIRNGLARWJAKJDFLWNTIERJMIPQWOTZEOCXKNUBNXCN RJIRPOWEANFUSNCZVDVZNMSFEKLOEPZLDKDJWSAAAAAAAOERHJCTNCKFRIMVKSOFOMKMANREWNBN RZUDRGXEEEEENFQIDVLQNCKNEEEEEDGLLLLLLAWIOSNCDARLODMTOEJXMILDFJROTKJSDNLVCZNN | |
|
|
|
| Donald | Jul 12 2006, 12:28 PM Post #3 |
|
Elite member
|
But, do you WANT your data to only be available for a unpredictably short period of time? And don't forget the wayback machine, if someone can determine the source of your "key", they may be able to recove the webpage as it looked on a certain day. And last but not least, even if I don't know the EXACT content, web pages are NOT random. You can use that when attacking the cipher, even WITHOUT the original key. |
|
|
|
| insecure | Jul 21 2006, 02:31 AM Post #4 |
|
Elite member
|
It is easy to think of a situation where you want keys to disappear immediately. Alice lives in the UK, where the Regulation of Investigatory Powers Act (RIPA) has been in force for the last six years or so. She wishes to communicate securely with Bob, but she suspects her communications are being tapped by Eve (who works for GCHQ). The problem Alice has is this: that at any moment, she might get PC Mallory knocking on the door with an order signed by an appropriate person (e.g. Eve's pet magistrate), requiring her to (a) hand over her crypto keys, and (b) decline to inform anyone that this has happened. Breaching either requirement can result in a long prison term. Alice is prepared to go to prison if necessary, but she is not prepared to compromise her security. Being an untrusting soul, she reckons that simply refusing to hand over her keys won't do the trick - if the keys are there to be found, PC Mallory will just handcuff her and go looking for the keys himself on her computer. So Alice and Bob work according to the following system: Alice's and Bob's computers pick some random numbers, without saving those numbers to disk and without informing their users of the numbers. The computers then do Diffie-Hellman sufficiently many times to generate a 256-bit shared key which, again, they don't inform their users about. This truly secret key - known to no humans whatsoever - is used to encrypt via, say, AES or TwoFish, and the encrypted data is transmitted and decrypted immediately. The computers then erase the keys from memory. The decrypted data is not written to disk; it is just shown on the screen, and a single keypress blows it away forever. When PC Mallory calls, Alice can honestly tell him that she doesn't know her crypto keys. It may well be that the judge takes the view that Alice should know her keys, and might imprison her anyway as a result - but GCHQ don't get to decrypt the message. |
|
|
|
| Donald | Jul 21 2006, 08:46 PM Post #5 |
|
Elite member
|
Very good example! And for a funny one, did everyone see: Absolute Security using the Wombat? |
|
|
|
| PulsarSL | Jul 21 2006, 09:10 PM Post #6 |
|
Super member
|
LMAO - Write only memory. Good times. Pulsar |
|
|
|
| loki | Jul 26 2006, 12:31 PM Post #7 |
|
Advanced Member
|
I had a thought, (how dangerous, loki and his crazy ideas lol) for a state for something unpredicable and somewhat faster. what about using the exact current state of the NASDAQ or TSX 500, stocks are updated very fast. how about using hash of this information to encrypt a web pages information, like google or cnn. In my mind, the data alice sends to bob would have to instantly decrypted or lost forever. On a side note, I downloaded whole disk encryptor which used the contents of a temp folder for its key. The exact nature of how mamged keys is unkown but it was neat none the less. |
| c(x) = 3x3 + x2 + x + 2; Find the inverse | |
|
|
|
| Donald | Jul 26 2006, 01:54 PM Post #8 |
|
Elite member
|
For the key? I assume the final key was stored and encrypted by a passphrase? But this still sounds risky to me. The chances that I could reproduce the contents of your temp folder are slim, but there is a LOT of pattern to them. TrueCrypt lets you use keyfiles (a file combined with a password). I've never been that afraid of keyloggers though. If someone is serious enough to plant a keylogger on my computer, they are serious enough to plant a camera, or even to bring along a rubber hose. My security is shot in any of those cases.
|
|
|
|
| PulsarSL | Jul 26 2006, 10:53 PM Post #9 |
|
Super member
|
Yes, TrueCrypt is a great piece of software. |
|
|
|
| dabombguyman | Sep 21 2009, 05:03 PM Post #10 |
Just registered
|
I just came up with the idea that you could send a cipher text via email that is encrypted with the date that it was sent on, possibly the hour. When you get that email you input what the date (or also time) as the key. As long as no-one knows that you use the date. Theoretically you could have Alice and Bob have a shared date/time encryption key that is generated from Alices and Bob's public keys, and thus Alice and Bob don't know what that key is. It encrypts the time then encrypts the message with the encrypted time then encrypts the time with Bob's public key to ensure total security. After the message and ecrypted time is sent, Alices computer wipes the memory and Bob now has the key/keys to decrypt it. The moment Bob decrypts the message, all memory of the keys is lost. If Alice and Bob want to communicate again, the date will always be different, and thus instant self-destructing keys.
|
| Q3J5cHRvZ3JhcGh5IGlzIGFuIGFydCBmb3Jt | |
|
|
|
| jdege | Sep 21 2009, 08:43 PM Post #11 |
Elite member
|
That is, of course, the problem. Once the bad guys figure out that you're using the date, you've no security to speak of, because there aren't enough dates to make impractical to try them all.
I'm not sure how you envision the system being able to generate a "shared date/time encryption key" in a way that neither Alice or Bob couldn't replicate on their own. Everybody in the world knows both Alice and Bob's public keys, so everyone in the world would be able to recreate the shared date/time key. |
| When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. | |
|
|
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Debates · Next Topic » |
10:53 AM Nov 8
