Slashdot Mirror
What's Now State of the Art in Encryption Technology?
One thing about encryption: the easier it is to do, the more people there will be using it. For the non-tech user, encrypting messages on a day-to-day should be no more complex than 3 steps.
JPMH asks:"First journalists and now even relatively clued-up politicians in the UK are talking about making it an offence to use strong encryption in email and web-pages. An obvious counter is that this won't work, because the messages can easily be hidden using Steganography (Slashdot Jan 2, May 8). But that assumes that the steganography itself is good enough not to be detected. Is this true? How good is the state of the art?
To be undetectable, the properties of the 'message' bits you are putting in must be statistically indistinguishable from the 'image' bits you are overwriting. According to a paper by Neils Provos and Peter Honeyman of U. Michigan (highlighted today in the Register) the simplest common programs, such as JSteg and JPHide, fail this test badly and are easily detected. But they failed to nail any confirmed steganographic content in 2 million images on EBay.
Other programs (eg Provos's Outguess 0.2) are more sophisticated at hiding the messages (and other media eg MP3s give a bigger haystack to hide them in); but on the other hand, more sophisticated statistical models of images (eg Slashdot 16 Aug) may be better at making the 'hidden' content stand out.
So, can messages reliably be hidden? Or will people trying to hide their messages in a reliable manner get caught?"
Bush's Orwellian Address
Happy New Year: It's 1984
by Jacob Levich
Seventeen years later than expected, 1984 has arrived. In his address to Congress Thursday, George Bush effectively declared permanent war -- war without temporal or geographic limits; war without clear goals; war against a vaguely defined and constantly shifting enemy. Today it's Al-Qaida; tomorrow it may be Afghanistan; next year, it could be Iraq or Cuba or Chechnya. No one who was forced to read 1984 in high school could fail to hear a faint bell tinkling. In George Orwell's dreary classic, the totalitarian state of Oceania is perpetually at war with either Eurasia or Eastasia. Although the enemy changes periodically, the war is permanent; its true purpose is to control dissent and sustain dictatorship by nurturing popular fear and hatred.
The permanent war undergirds every aspect of Big Brother's authoritarian program, excusing censorship, propaganda, secret police, and privation. In other words, it's terribly convenient.
And conveniently terrible. Bush's alarming speech pointed to a shadowy enemy that lurks in more 60 countries, including the US. He announced a policy of using maximum force against any individuals or nations he designates as our enemies, without color of international law, due process, or democratic debate.
He explicitly warned that much of the war will be conducted in secret. He rejected negotiation as a tool of diplomacy. He announced starkly that any country that doesn't knuckle under to US demands will be regarded as an enemy. He heralded the creation of a powerful new cabinet-level police agency called the "Office of Homeland Security." Orwell couldn't have named it better.
By turns folksy ("Ya know what?") and chillingly bellicose ("Either you are with us, or you are with the terrorists"), Bush stepped comfortably into the role of Big Brother, who needs to be loved as well as feared. Meanwhile, his administration acted swiftly to realize the governing principles of Oceania:
WAR IS PEACE. A reckless war that will likely bring about a deadly cycle of retaliation is being sold to us as the means to guarantee our safety. Meanwhile, we've been instructed to accept the permanent war as a fact of daily life. As the inevitable slaughter of innocents unfolds overseas, we are to "live our lives and hug our children."
FREEDOM IS SLAVERY. "Freedom itself is under attack," Bush said, and he's right. Americans are about to lose many of their most cherished liberties in a frenzy of paranoid legislation. The government proposes to tap our phones, read our email and seize our credit card records without court order. It seeks authority to detain and deport immigrants without cause or trial. It proposes to use foreign agents to spy on American citizens. To save freedom, the warmongers intend to destroy it.
IGNORANCE IS STRENGTH. America's "new war" against terrorism will be fought with unprecedented secrecy, including heavy press restrictions not seen for years, the Pentagon has advised. Meanwhile, the sorry history of American imperialism -- collaboration with terrorists, bloody proxy wars against civilians, forcible replacement of democratic governments with corrupt dictatorships -- is strictly off-limits to mainstream media. Lest it weaken our resolve, we are not to be allowed to understand the reasons underlying the horrifying crimes of September 11.
The defining speech of Bush's presidency points toward an Orwellian future of endless war, expedient lies, and ubiquitous social control. But unlike 1984's doomed protagonist, we've still got plenty of space to maneuver and plenty of ways to resist.
It's time to speak and to act. It falls on us now to take to the streets, bearing a clear message for the warmongers: We don't love Big Brother.
Jacob Levich (jlevich@earthlink.net) is an writer, editor, and activist living in Queens, New York.
Folks, in this discussion, please keep "algorithm" and "protocol" seperated. An algorith is a mathematical method, such as the public key algorithms, or, as described rather roughly above, bits being indistinguishable from the statistical properties of the pixels.
Protocol, on the other hand, is roughly speaking the way you use the algorithms - everything required to get the message from Alice to Bob, including key exchange, agreements on which pictures to use and how to identify them, etc,e tc. I strongly urge you all to read Bruce Schneier excellent works on this subject, both his Applied Cryptography books and his less theoretical and for most of us far more interesting book Secrets and Lies.
Also, whenever I hear "state of the art cryptography" I feel I hear somebody who doesn't understand that creating cryptography takes years and years. Peer review, taking apart actual implementations, etc, etc, and if after x years there's still no good attack known, then perhaps the cryptography is acceptable.. "state of the art" usually implies "the newest and the latest", and that's not what you're looking for when you select cryptography.
Prohibition almost never works. And certainly not when you are prohibiting something that anyone with even a tiny bit of smarts can do on their own.
Cryptography does not even require computers, the ultimate encryption, one time pads, does not require a computer and is utterly secure as long as you maintain pad seccurity.
There are caveats to everything, oh well. Enforcing cryptographic limits on your citizens is of no value at all. If a criminal wishes to transact their business using encryption technology then there is nothing law enforcement can do about it. Period.
Only deep ignorance prevents these people from seeing the truth.
Besides embedding your message in an image, there are dozens upon dozens of ways of passing messages in plain text. Some famous examples from the past use poetry.
Enough for now, I might go off on real rant, then we'd all be unhappy.
Later . . . . . . WebBug
Same for all the rest of us.
Well, the best stand you can make for your rights to privacy and assembly is probably two fold:
:)
1. Exercise them, by encrypting everything you send until they either make it illegal or engage in the debate effectively and attending assemblies of like minded citizens lawfully petitioning their government for redress.
2. Write a check to the ACLU or your favorite civil-rights group (EFF, whatever). Face it folks, Dollars Vote . Nothing expresses your opinion like purchasing power. So I would recommend, in effect, "purchasing" more advocacy and voice in the system. This is not to say this system is right, it is to say this system is reality. We can complain that it shouldn't be this way all we want, but unless we show a force (read: $$) that those with power respect, we're pissing in the wind.
Personally, I use PGP and have been for a while now. (My Public Key) I probably don't use it as much as I should, but it's definitely used for some conversations at work I wouldn't otherwise want seen. So far, none of my employers have had an issue. I don't - yet - encrypt everything on my home computer, but I'll probably buy something to do that in the near future. (Recommendations welcome!)
My company actually mandated everyone get encryption (in our case, Entrust) on our laptops before we went on a project in Asia last year. Turns out, the clients we were doing the work for would attempt to hack into our computers while we we're using their network. They dove into some folks' laptops and read/copied email, files, etc. and then used the information when negotiating with us! We started encrypting everything related to the project before going on site and the client became a bit easier to deal with. (No comments on why they remained our client, please, I still don't know the answer to that one! Decision not in my hands.)
I mention this because I think there's a possibility to make privacy at an personal level a common cause between corporations and individuals. We just need to make the case loudly and effectively. (which brings me back to my support your local civil rights organization point
Anyone who wishes to advocate legislation requiring backdoors in encryption products must first write a paper showing how this would prevent terrorists from secretly communicating with each other. Explain the term "steganography" and show how your legislation would prevent terrorists from using it. Explain why terrorists would be unable to fall back on codebooks full of innocuous phrases, hidden in apparent music CDs. Explain how your legislation would be enforced outside the U.S. Prove that your legislation would not have any serious impact on banking, credit card transactions, or internet commerce. Be prepared to defend your thesis to a panel selected by Philip Zimmermann and the Electronic Frontier Foundation.
Ok, I'll admit I'm biased, but I think the next phase in the developing landscape of encryption is universal access to cryptography. I'm not talking about putting PGP on FTP servers, I'm talking about making hard crypto available to my mother.
To this end, I've started the PPS, which is a project devoted to transparent, universal email encryption. The goals are complex, since they are aimed at so many audiences, but you can browse the site and get an idea. If you find it to your liking, please drop me a line and sign up to help.
You don't have to have technical skills. I need proof-readers, coders, researchers, and more. The reference code is not nearly as important as getting the specification done and doing all of the research needed to get the various MUA vendors to sign on.
Best application for StegCrypto I know of is Scramdisk - it only supports 16 bit WAV files (for now) but for ease of use it is unbeatable. the lower four bits of each sample are "formatted" to form a virtual disk drive (a bit like a floppy disk).
To open this virtual disk, you drag and drop the wav file on top of the scramdisk app (there are other ways, but that is the simplest) and type in your password. unless you know the password, the volume won't open, and if you examine the file you can't even prove the scramdisk is there (yes, the file's lower four bits will be statistically at random, but this is true of anything but a pure CD rip anyhow - sound cards just can't sample accurately enough to get a clean lower four bits) Scramdisk is free (with source) from www.scramdisk.clara.net
-=DaveHowe=-
Too many people seem to be automatically against anything that Ashcroft might call for, without actually knowing what the specific proposals are. For example, one of the new powers that Ashcroft has called for is that when a surveillance warrant is granted, it be tied to the individual rather than a specific phone, which seems totally reasonable to me.
In future discussions, how about if we discuss specific proposals and make specific criticisms rather than general statements about how the government is just looking for the chance to turn the country is a police state?
Just a thought.
Sometimes it's best to just let stupid people be stupid.
There's always new stuff going on in cryptography, but the state-of-the-art is hard to define...
Best algorithm? Take your pick. AES/Rijndael, Serpent, Twofish, RC6, Blowfish, MARS, Triple-DES-- all of them are good algorithms.
Best implementation? OpenSSL has done a great job of implementing most of these algorithms (maybe a few have been left out due to patent considerations) into a simple-to-use library with both high-level and low-level interfaces to the encryption and decryption routines (i.e., you can simply encrypt blocks of memory, or you can have the library format and encrypt the data according to various standards, like SSL).
Best personal encryption tool? GPG/PGP. I like GPG more, mainly because the source is going to remain available-- NAI is closing up the PGP source. Either one, though, should offer adequate security for e-mail or personal file encryption.
Best hard-disk encryption system? I'm familiar with encrypted loop-back-- under Linux and OpenBSD. I think that it has some advantages-- it's simple and easy to understand, and it works with ANY filesystem supported by the operating system. However, lots of known header information in file allocation tables and such can give an attacker a lot of information to work with.
I haven't tried TCFS yet. The OpenBSD support for it is still very young, and is a developers-only sort of thing. I'm thinking that TCFS will be a VERY good choice, once the support for it is stable in most operating systems (I don't know what the status of tcfs is in Linux-- anybody care to let me know?)
What else? Oh, there's steganography. Still not a lot of stuff out there, but one choice DOES stick out above the rest: OutGuess. OutGuess isn't based simply on a half-baked implementation of a simplistic steganographic algorithm-- it's based on actual research by a respected scientist in the field. OutGuess has a lot of thought put into it, and if you really need steganography (which, I'll admit, is rare), that's the program to use.
- Are you saying these things should have no regulation?
- or are you saying that encryption should be regulated the way these things are?
- or are you saying that everything is just fine the way it is with a mix of regulated and unregulated.
I ask because you didn't actually say anything at all as it applies to reality. "Starting down the road of outlawing inanimate objects that can be used for multiple purposes"... is exactly where we've been for hundreds of years, and I kind of like living here so I'm finding it a very satisfying experience. Sure, I don't agree with all regulations, but I can't figure out what you are proposing...You make a very intersting point that will no doubt be lost on most of the Slashdot audience (as well as yourself I suppose)
Airplanes;
Dynamite;
Plastic Explosives;
Fertilizer chemicals;
Telephones and other communication equipment;
Knives; and
Boxcutters
Are all heavily regulated already. Some directly like explosives and airplanes, and others indirectly like phones and knives.
Why should strong encryption be different? Just about any tool you can think of has good uses and bad uses. That doesn't mean we should ban the tools, but we should try to minimize their use for purposes contrary to the common good.
Does it violate some inalienable right that you cannot walk into walmart and by C-4 off the shelf? Certainly you have some harmless use for it. Should convicted felons be allowed to carry firearms on the street?
Wake up to the real world people. The fact that we live in a society means that we voluntarily give up certain freedoms for the common good. That is the decision that groups of people make when they get together and form governing bodies.
You cannot simple say banning==bad freedom==good unless your definition of good is anarchy. Do we all agree that the ban on murder is good? Even though it takes away my right to express myself with creative killing?
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
First, share a one-time pad. This is very easy using steganography: you just choose an image on the internet and a time and agree to seed a pseudo-random number generator with that to get your pad. Encrypt your message by XORing it with the one-time pad. Your encrypted message is now indistinguishable from random noise, assuming your PRNG is good.
Then, you need a data file where noise is expected. Using low-order bits is no good unless you have pictures where the low order bits are actually random, rather than containing no information. One possibility is to take a photograph and make it a GIF or PNG; the lowest order bits that your camera actually produces are probably noise, and will be present in the image.
Replace the input noise with your special noise. The resulting image is now perfectly plausible (your camera could have taken it if some photons happened to land differently, with the same probability as having taken the photo it did take), and the message cannot be read or distinguished from noise unless the codebreaker knows what image you agreed on.
In order to do this, you and the recipient have to agree on an image you control and another image. Having done this, you can, of course, agree on more images later, for communications in both directions. Make sure you both look at a lot of images, including a lot that everyone looks at (e.g., CNN).
And then your recipient looks at the message on his CRT, and the spies read it in the EM radiation. Good thing you weren't saying anything they care about, but why did you bother with all the encryption, then?
You don't want to ask ``what's the state of the art?'', you want to ask ``what's a decade old or more?''
State-of-the-art would be something like the NSA's Dual Counter Mode for AES, which was recently successfully cryptanalyzed. Or the NSA's SKIPJACK algorithm, which has had 31 of 32 rounds broken. Or RC6, which has had 15 of 20 rounds broken. Or... you get the idea. Of all the really neat and nifty things being developed right now, perhaps only one percent of them--and I may be optimistic here--will survive the test of time.
Once something's survived five years of hard cryptanalysis, it might be worth using. Ten years, it's probably worth using. More than that, and you should probably be using it already.
The state-of-the-art is found in quantum computation and quantum cryptography (which are based on different principles, BTW--I'd rather people call them "superposition computation" and "Heisenberg key exchange", or somesuch), and to a slightly lesser extent in elliptical-curve cryptography. I don't trust any of the three worth a damn.
I don't trust QC of either sort because it depends on so much knowledge of physics and technical savvy that, were it to be fielded today, it would be hideously insecure by virtue of its implementation being so difficult to get right. I don't trust ECC, even though the Taniyama-Shimura Conjecture has been proven, because all of the good elliptic curves have been patented by Certicom and the remainder are either untrustworthy or too slow for practical use.
This means I'm going to be stuck using my old standbys of El Gamal and 3DES. I'm not at all concerned. El Gamal has had some savagely intense cryptanalysis (almost as much as RSA) and is built on a more difficult problem than RSA; and 3DES has driven good cryptographers to the brink of madness trying to find some exploitable flaw in it.
Consider this message:
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
)9TSS
...and what are the legitimate uses of box cutters for those without something they want to cut?
It's a daft question. There's nothing implictly wrong in having something to hide, most of us, those who are human and live normal lives, have many things we don't want in the wrong hands, such as our credit card numbers, for instance.
If I had to email my bank, and transfer confidential information that could be misused, or had to communicate with some group I wanted to trade with, again by email, and needed to pass on confidential information, I'd use PGP or not use email at all. I don't regard that as illegitimate.
KMSMA (WWBD?)
Playing Devils' advocate here (because I agree with your sentiment and your logic, but feel you've missed something):
The government licenses airplanes and their licensed pilots. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
The government licenses dynamite manufacturers and explosives-licensed contractors. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
The government licenses military-grade weapon manufacturers, military contractors, and the military itself. Yes, mistakes and oversights exist, but the government has always revised its operations to avoid repeat risk exposure.
Synthetic fertilizers and fuels are unlicensed commodities. That does not stop the FBI from wanting to require the introduction of taggants to provide more latent evidence at crime scenes, much as the FBI requires the paints of every year and model of automotive to be unique and registered.
Covert wiretapping via Echelon? Overt wiretapping statutes via courts? Mandated specific reporting information on all local telco connections even if the carrier does not need this for billing or cost analysis?
Many functional handheld edge weapons are legislated as forbidden in many cities, counties, states: nunchaku, shuriken, swords, stiletto knives, switchblade knives, butterfly-handled knives. Weapon checks and security measures at high-risk facilities such as courtrooms and airports and now even schools and themeparks are controlled by legislation, law enforcement and private policies.
I think Ashcroft's answer would be, the government always has focused on the tools, because focusing on otherwise innocent individuals impinges on their constitutional rights. He would even quote the fourth amendment back at you, suggesting that while you argue for "security in your papers", it also guarantees the right to be "secure in your persons", not just from some theoretical government torture, but from the deranged psychopathy that makes up the dangerous terrorist element.
That said, I feel it's not the people nor the tools, but the actions that are to be focused upon. But there's another catch-22 there: you can't legislate effectively against actions; they're already committed by someone who doesn't care about the consequences for those illegal actions. The government is thus stuck focusing on the tools.
Airplanes, explosives, chemicals, private communications, and defensive weapons are all useful things for the peaceful, and all useful things for the wrathful. Our liberties are hard-won, and hard-kept, both from enemies abroad and within. The Constitution is a work of art and a work of power, and I respect it. Will you? Will our leaders?
[
Back in the '80s, a young police officer (with whom I used to play D&D when we were teens, and no, he wasn't a lawful good ranger) once told me he was facing a ring of drug traffickers. He was bitter about not able to keep up with them. These mobsters knew that they were under constant phonetap surveillance. This didn't stop them from using the (tapped) phone lines for setting up appointments and deliveries. And the law enforcement agencies never knew about these dug deals until way too late.
Their trick? The mobsters had imported a few natives from a remote North-African village, speaking a dialect that nobody else on Earth spoke. One of these guys on each end of a phone, and even tapped phones become secure! Of course, they used code words for street name and subway stations.
The Navajo code speakers used by the US transmissions during WWII also used the same principle. Not high-tech at all, but very efficient.
So I strongly suggest that all these laws against cryptography include an article mandating the use of a State-approved language on a phone line. Just like in the former Eastern European countries. Why, anything less stringent would put freedom itself at risk, right?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Seriously though, if you are highly technically savvy (which I will assume since we are speaking about the state of the art) then you can not only create near unbreakable encryption, but near undetectable (or untraceable) encryption. Steganography is a child's toy compared to some of the things that are possible. The internet is a vast 86,400 / 365 information sea, slipping a few megabytes of low profile data into it is going to be hard to notice. By utilizing multiple techniques at the same time (hard encryption, low signal to noise ratio channels, low detectability communications, difficult traceability, etc.) you can be confident that even if someone found your data they would not be able to understand it or extract useful information from it.
For example, let's say you want to send data to someone else. Let's say it's a short text message, though it could be anything up to gigabytes of data without too much trouble. The sender encrypts the text using public key cryptography with a large key (4096-bits or larger), then breaks the encrypted message into several really small chunks, then uses a program to generate thousands of fake chunks. Then, using a sequence of hacked ISP and shell accounts (preferably spanning the world), the sender embeds this "chunk stream" into some nondescript form of communication. Let's say they use a large number of spam messages, or pornographic multimedia posted to a highly trafficked usenet newsgroup over several days and a simple steganographic technique for the embeddding. The receiver downloads the source files, extracts the "chunk stream", selects out the valid chunks, then decrypts the data.
Let's say that Los Federales were able to detect that something funky was going on. That alone, in the firehose of the internet, is a significant challenge. They would need to first be able to extract the data from the embedding system. Not impossible, but difficult. Next they would need to cull out the invalid chunks in the pile they now have. This can be made as difficult a problem as breaking hard-encryption in and of itself. If they manage to wade through that mountain of sludge, they end up faced with near unbreakable encryption. For added fun, repeat some of the steps multiple times! (for example, double encryption, double stage steganography, etc.), preferably with different techniques for each iteration (encryption cycle 1 uses RSA, while cycle 2 uses elliptic curves, etc.)
Or, you could take the route the US has taken since before WWII and use one time pads. One time pads are provably cryptographically secure (if you don't have the key you simply CAN'T break the encryption). The only difficulty is distributing the keys.
Nevertheless, I would imagine that the main goal these days would be low-detectability rather than pure cryptographic security. If they can't find your pigeon in a flock of wild birds then they very well can't even try to decrypt the message it carries. There is a LOT of noise on the internet, that provides a huge amount of hiding space.