Slashdot Mirror
Animated Encryption
An anonymous reader submits: "Cartoons for fun and secrecy -- A student at the University of Dayton has apparently come up with an encryption
scheme using computer generated animation. Story at the Chronicle of Higher Education."
fun.
The article was a bit scant on details. As we've seen before, if you keep your encryption scheme unpunlished and just claim that it is 'unbreakable', usually someone comes along later when it is in use and breaks it for you.
..
Actually it sounds quite similar to the 'teenage genius' story of that Irish schoolgirl who had her similarly 'unbreakable' matrix encryption scheme widely publicized without peer review, and then broken.
It'll be interesting to see what happens in this case
There seem to be no details in the story about just What this marvelous breakthough is; it can't just be that they use encrypted data as motion data and generate a cartoon of it - that is just steganography, and a pretty obvious version too (plus of course, any movement of one character that obscured a move of another would cause data loss).
Anyone know of a more technical piece on this?
-=DaveHowe=-
This is such a pointless article. They give no insight on the technology. And one of the major points: The inventor is a teenager. Ok ... Maybe if they write about it in a couple of years when the patent passes it might not be a wast of time/bandwidth to read that article. There was no insight only saying saying that he used random numbers and cartoons. And oh yeah, they tried to sell it. If you are going to write about a tech, please .... please describe the technology, isn't that the point ?
--=.=-- www.cyber2000.qc.ca
What happens when you need to break the encryption?
... ;-)
Do you call in The Tick?
Freakazoid?
The Brain?
Who knows
There already is an unbreakable encryption: the One-Time Pad. Furthermore, it is mathematically provable that no unbreakable encryption can have a shorter key than the One-Time Pad. Since the One-Time Pad algorithm is already extremely simple and fast (XORing the key with the plaintext), I don't see a need for any other unbreakable encryption.
How does he generate his randow numbers?
A computer can do pseudo randomness... but since it's not truly random there are ways to detect periodic repetitions and thus find the missing key to decrypt the message...
The only way to be truly random would be to have an outside source (like a camera pointing to lava lamps, or a tree in the wind, backgroud noise, etc...).
This article is not very detailed, but I understand this invention is in the process of being patented, so we'll have to wait...
Try it! Library of Babel
...means you bit-reverse that byte. Glorious. And this message is double ROT-13 encoded, so anyone reading it is in violation of the DMCA. *shakeshead*
Maybe it is just me, but I think the poster is a little bit confused. It is not that animation is being used in encryption, but rather he was inspired by the crowd scene in Hunchback, where the characters movements were essential being controlled by random numbers to create a lively and chaotic look to it.
The article then states that the thought was to use random data in an encryption algorythm to make it unbreakable. So I don't think that we will be seeing messages passed around the the next Disney flick...
" He hopes to sell the technology to computer companies, banks, government agencies, and other organizations that could use a secure code."
Am i the only one who can't see many / any real world applications for this.
Cruise TT
Working with stick men in animation, Mr. Kauffman wanted to improve upon those techniques, assigning more numbers to more body parts and actions.
While studying number generators for the cartoon project, he found references to mathematicians and computer scientists who had theorized that the technique could be used in encryption technology [...]
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father.
If I understand it correctly, Alice sends a cartoon to Bob. Bob knows which features to looks for (for example the head and feets) -- that's the secret key -- and can then reconstruct the message by analysing the movements of these features.
Not too dumb, but it looks more like steganography than cryptography.
GFK's
new, and potentially unbreakable, encryption technology
Unbreakable? Sounds like snake oil already...
An idea dawned on him for a unique way to use random numbers in a math equation to encrypt data.
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it,"
This is ridiculous. Some stream ciphers use random number generators for their encryptions. The problem is, that since the "random" numbers come from a random number generation algorithm, they are not random -- they just appear to be. When they are subject to analysis, patterns are found, and the whole system is compromised. The security lies in how hard it is to predict the "random" numbers.
Jason Kauffman is going to continue plugging away at his mechanical-engineering degree.
That's a good idea, since this sounds like the junk "unbreakable" encryption that comes around every few years. If he's interested in encryption, he should take some advanced math classes to get a better foundation to work from. And pick up a copy of Applied Crytography.
Sorry about the rant... but this kind of thing gets me going.
Random numbers are used extensively within encryption techniques, particularly for generation of keys. As the key is primarily the guardian of your data, it is vital that it is truly random to ensure it can't be guessed or determined by frequency analysis (or other methods).
This is particularly important for block cipher algorithms which use the same key over and over again on successive blocks of data!
The theory of relativity doesn't work right in Arkansas.
Two problems with one-time pads:
1) Generating the pad initially, and
2) exchanging the pad.
Why not look at other possibilities, since this method has clear limitations?
No reason to limit research...
Now its clear to me: they were sending coded instructions to operatives in the field.
When they all leap onto the sofa at the start of the episode it truly means something.
Now if only I could get a look at the decode manual . . .
I was sitting outside and saw all the blades of grass swaying in the wind before me. I noticed how some were shorter than others, and that they actually didn't all have the exact same color. I thought if I assigned a number to each of these and several other characteristics, I'd be well on my way to unbreakable encryption.
My dad used to be a pretty famous rodeo clown in the 60s and an alumnus of the college I'm attending, so when I approached the board of trustees for approval for my research, they were ecstatic! They gave me $20,000 to conduct my research. Now I will be busy all summer observing the grass swaying in the wind. I plan to have a prototype ready at some point, I hope.
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father. Robert Kauffman formed a partnership with his son and the university to patent the idea. The Kauffmans are reluctant to go into more detail about the idea because it's in the patenting process.
Cryptography based on a hacker "not knowing" something can be in for quite a surprise. And there is not even a hint here that this technique is based on a mathematically sound formula that is "hard" to solve. Perhaps this guy is on to something, but this attempt to talk about it but at the same time claim they can't talk about it yet leads me to believe this is more of an exercise in hype or ego than anything scientific. Cartoon cryptography might turn out to be a fitting term for it.
I'm an American. I love this country and the freedoms that we used to have.
Generating the initial pad is not much of a problem. You generally have to do something very very stupid to get your generation method reverse engineered. More than that, a property of any public key encryption method is that it can be changed into a very sucky key gen program that is still harder to reverse engineer than it is to break the original public key encryption.
Your number two is the reason for public key crypto.
So now I can encrypt animated pr0n in japanese anime...oh wait...
This
Is this really new? See Sherlock Holmes The Adventure of the Dancing
Men
But it's hard to criticize or admire whatever technique this guy is looking at, because there are no details in the article. (zero-knowledge reporting?)
A few points here:
It looks like he's already working on taking people for rides.
At my next development meeting should I recommend we watch the Little Mermaid for inspiration on database design?
"Since you don't know what any of the values are mathematically, [a hacker] can't solve it," says Robert E. Kauffman, who is a senior research chemist at Dayton and Jason Kauffman's father.
A senior research chemist, well holy smokes! This is the only freakin guy you could get for a quote on this new "unbreakable" cryptography system. What was the janitor at lunch!? Not only that, but its his father to boot, not to knock his extensive work in engine/oil products but come on!
Hey while we're at it...My 4 year old sister says that my newly developed RDBMS is 120 times more efficent than Oracle's, so now can I have the $20,000 to patent it, thanks.
This
Since any truly unbreakable encryption scheme has to use keys at least as long as the One-Time-Pad, I do in fact consider the problem of unbreakable encryption solved. No need for further research.
Of course, there's a lot of need for research into ciphers which are not mathematically provable to be unbreakable, but are more practical than the One-Time Pad. :)
Notice he's from the Mechanical Engineering Dept. and NOT the Computer Science Dept.
/me sighs...
I last attended UD only 3 years ago. Frankly, their CS dept was terrible (and I doubt it has gotten any better). They taught everything in Ada only up until about 5 years ago when they FINALLY switched to C++. Why you ask? Probably so they could send the programmers over to the Wright Pat Air Force Base... I mean, who needs REAL world programming skills? But that's just my opinion...
I started at UD in Electrical Engineering. UD has a great engineering school, but I eventually switched over to Computer Science. Had I been smart when I was looking for colleges (I should have realized I would switch over to CS almost immediately) I would have noticed that UD did not have a very good CS dept. Unfortunately, by the time I realized how bad their dept was, I was already entrenched. I had a co-op job (a very good one, where I learned far more real world skills than from my CS classes and am eternally grateful) and a great group of friends (most of which are living in Chicago with or near me today).
Half the teachers in UD's dept could barely speak English. They seemed smart, but you didn't learn anything because you spent more time wondering whether Dr. Pan was talking about Breakfast or the Breadthfirst algorithim.
Or maybe you sat in Dr. Gowda's class as he covered the same material for the 20th day in a row.
Or maybe you sat in Fr. Shane's class and were blown away by how smart he was (I mean, for Christ's sake he was doing binary and hexadecimal arithmatic in his head!), but were left wondering why he was relegated to teaching a class that was HALF 360 assembler and HALF C (yup, half a semester of C was all you got).
After that you went to Buckley's file systems class (which was really nothing more than a Cobol class that talked occasionally about file systems). Buckley was so scared of the class, he could barely write on the chalk board. I don't think the guy ever looked anybody straight in the eyes the whole semester! How can you teach a class like that?
And let's not forget Dr. Winslow's class where you got so many points taken off for not capitalizing your variables that your average grade on your assignments was 40%.
Finally, to finish things off, you ended up having to take the Networking II course (even though you REALLY wanted to take that Computer Graphics or AI course) because the schedule was such a cluster fuck, classes you HAD to take (like the Computer Ethics course) were only offered once a year and scheduled at the same time as the classes you wanted to take. This was after having taken Networking I which was taught by an Engineer, and had 5 engineering graduate students (out of about 32 students total) in it. So, of course, the guy taught the class to those 5 grad students (using Calculus which many of the undergrads hadn't even taken or weren't supposed to take) and the class average was a D (rumour going around at the time was that he got berated for it and the next semester he was the exact opposite, everybody got A's and the class was a joke).
That was my UD experience.
Now, that being said, I can only hope UD's CS department has gotten better. I doubt it, but you never know. Three years is a long time. The problem is, all the money the school made went straight to the Engineering school and the Law school. The rest of the school (especially the Business school) hardly ever saw a cent of it.
If you are considering UD, and you are considering an Engineering or a Law school oriented (perhaps Criminal Justice) major, then by all means go to the school! It's a fun time, it's got a great atomosphere, beautiful campus, and the Ghetto is probably one of the greatest student assets any college in the world has. If you are going there for something else, please do your homework first. If you look behind the facade you might not like all that you see.
On a related note, UD was one of the first schools to really push the internet as a learning tool if you read the media reports. Hah! I wish you could've been there when they were forced all incoming freshman to bring their own computers and then crammed three of them into dorm rooms that should have only held two. They did it because they couldn't properly run the computer labs (and/or didn't have the funds to do so). They wired the Ghetto, which was a nice accomplishment, but I never believed the reasons they gave for doing it.
That's just my opinion anyway... I only went there for 5 years. I could be wrong, but as always, don't make the same mistake as me. Make sure you know what you're getting into before you pick a college (and be honest with yourself, if you like Computers, make sure you go to a school that has a good CS dept, even if you're primarily looking for a different major).
I don't want it to sound like it was all bad, I had a great time at UD and I learned a lot (especially outside of the CS dept). I sometimes just regret my decisions, as I could have accomplished a lot more with my time at a different school. Such is life. Life is full of regrets and sometimes you just need to move on.
I made an encryption alg which is completely unbreakable. It uses numbers. I got the idea from mathmaticians while studying numbers. Holy FUCK ain't that keen?! Let's make a news story about it. Nah, just use what I just told ya.
-- 'The' Lord and Master Bitman On High, Master Of All
.... Ren n Stimpy password :D
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
From the article reporter: "An unlikely combination of interests -- cartoons and math"
Um. Has this guy never met a math or science student before?!
Sounds like he thinks this is a one-way algorithm - the numbers drive the characters movements, but you can't determine the numbers from just looking at the end result. Or so he thinks.
.. once http://lavarand.sgi.com/, now: http://www.lavarnd.org/
Don't answer me. Moderate. Slashdot is about moderation, not discussion.
Jason finds way to recycle used oil
gives a more technical view of the current discovery (its a prng by the way)
-=DaveHowe=-
1) Generating the pad initially, and
2) exchanging the pad.
1) Generating the one-time pad is easy with a hardware noise generator such as an avalanche diode. Marx makes a USB dongle that has a true white noise generator. Just pump the noise into a file, walla!
2) Exchanging pads is not needed, as the one-time pad can be used in a symetric scheme, just a simple XOR will do fine. You only have to transfer the pad one way. Unfortunately, that is a problem that has no good solution.
Yup, all the tell-tale signs are there:
My guess is, he found some "smooth noise" generator and thought that it would make a good source of "random numbers", used, e.g., as a key schedule algorithm, and as soon as the patent is published (which it will be, thanks to the dumb patent office), it will be broken (it probably has a short "key" to set initial conditions, which will be easy to break) and this guy will be forgotten.
Though the cartoon connection is kinda cute and might get some press attention.
Next?
Specifically, we have the unbreakable claim warning sign, and even more specifically, this is almost certainly one of the one -time pad errors: There's also the technobabble, secret algorithms, and revolutionary breakthrough warning signs.
I hope they enjoy the $20,000 patent, 'cause it's not worth the paper it's printed on.
We can come immensly close to it, but if data was to move from human readable to encrypted and back to human readable, than at some point it had to be decrypted, and if it can be decrypted it can be broken. It doesn't mean that the chances of it being broken are immensely small, but the chance is still there. Espesialy if the randomness is generated by computer, I have yet to see a random generator scheme for a computer that doesn't have some sort of formula to it. True randomness is very hard to come by.
T Money
World Domination with a plastic spoon since 1984
I wondered about the article -- being so scanty on info needed to evaluate Kauffman's claim -- and then sent searching online for the patent application. The cos site was a pay site, offering searches for US$250/yr for individuals. Screw that. I went to uspto.gov and then here within it. I did an "advanced" query for Kauffman's name on published patent applications; the query string was "in/Kauffman or in/Jason", the years were "2001-2002". I got 411 results -- too many. Dunno why I used "or" -- so I reduced the query to just "in/Kauffman", which got me 15 results. I went through any that even remotely could have to do with numerical processes, but none were from Jason Kauffman.
Hmm.
[also misbehaves on Kuro5hin as Peahippo]
Check out One Time Deck: the world's most wasteful encryption scheme. The key size (in expressible values) grows with the factorial of the message size (also in expressible values, not bits).
Basically, your key is the equivalent of a randomly shuffled deck of cards with each possible messages written on a card. Your ciphertext tells where to cut the deck to find the card with your message on it. Each deck is used for only one message, then destroyed. Hence the name.
It has the interesting property that if you don't have the deck, even if you know the plaintext exactly, any changes to the ciphertext will result in a completely random plaintext (except that it's not the same).
Anyways, since you don't want to become bored while watching the grass, i've got some green "equipment" you might find handy. My pager number is .... oh fuck, the Feds........
I have this vision of an FBI agent watching tons and tons of porn in his cubicle. The boss comes by and starts scolding him. He then says:
"Please calm down. It is possible to hide secret messages in images now. Here is a printout of a slashdot article about it. I am just looking for hidden terrorist messages in this porn found on Al-Quida PC's. I think her breasts are jiggling to a descernable pattern, so I am trying to plot the jiggle pattern here."
Boss: "Then why are you sweating like that?"
Table-ized A.I.
Sounds like the first intelligent thought spawned by a Disney product in 40 years.
A calls his counterpart B (shielded line), and says "Demon Tit Wonderful hentai, episode 5, x bytes!". A xors his file with the divx file and sends it to B. B gets the hentai from Kazaa and xors the data with it. Unbreakable (except for that shielded line of course)!
I choose to remain celibate, like my father and his father before him.
seed rand() from user input
while !EOF
read a char
print char ^ rand()
("^" is xor)
We all did this when we were kids.
You might also add a hash function like:
print char ^ rand() ^ (lastin * lastout + lastin *lastout >> 8)
( ">>" is bitshift)
There now it's data dependent, totally unbrakeable
A variation is using + instead of ^ but then you need a corresponding decryption algo with -
Suprisingly many people make the same algo(or similar variations of it) independently.
FRA: STFU GTFO
While not exactly the same, this still seems reminiscant of Jonny Mnemonic, where the information stored in his head is locked away by 3 images, which are the key.
0110100100100000011000010110110100100000011000100
And I heard if you watch the Lion King with special "bin Ladin" glasses you can see the Twin Towers falling as soon as Simba watches his father die.
Snow White was used to plan the attacks....
Sheesh
Get your Unix fortune now!
it's not Hentai Anime, it is actually important encrypted company secrets
...not encryption.
I'm glad you have the maturity to get the support of someone older, wiser and more experienced than you to evaluate and endorse your efforts.
This was the method they used to encrypt the data in Keanu's head in "JOHNNY MNEMONIC".
"Algorithm or product X is insecure"
From the other article:
Companies that require high levels of computer security currently use either a DES (Data Encryption Standard) or a triple DES code, but the Kauffmans say both are breakable.
"The currently used DES encryption method, which is now being replaced by AES (Advanced Encryption Standard), was once thought unbreakable and can now be cracked in a matter of minutes to hours," said Robert Kauffman, who helped his son write parts of the computer program. "The AES also can be cracked in theory. These algorithms have computational security, which means they can be broken if enough time and computer power are used. AES would take hundreds of years to break with today's supercomputers.
FRA: STFU GTFO
It may be little information, but mathematically enought to say it's no longer unbreakable.
You might as well claim the same thing if the attacker knows that the plaintext is sensible ASCII-encoded English. That the attacker knows the character of the plaintext (and therefore has a wealth of statistical information about the plaintext) is one of the fundamental assumptions of cryptography.
The perfect secrecy of OTP is based on the secrecy and randomness of the key alone, it doesn't require an obscure or disordered encoding of the plaintext. Knowing some key bits gives you no clue about the value of other key bits.
Of course you must account for the information that can be inferred from the length of the ciphertext (and pad your plaintext to avoid any information leak). This problem is no greater or worse for compressed plaintexts than uncompressed ones.
It seems to me like having the first and last number the same doesn't compromise the security of the message one bit!
It compromises the security of the message exactly one bit (assuming that it's binary OTP). If the first and last bits of the ciphertext are the same, then you know that the first and last bits of the plaintext are the same, and vice versa. You gain one bit of information about it, and cut the number of possible plaintexts in half.
Cryptanalysis is based on statistical data. The attacker presumably can make reasonable guesses about the contents. So if they can guess the first bit with 70% probability, they also know the last bit with 70% certainty.
This kid could really use a copy of "RSA Laboratories' Frequently Asked Questions About Today's Cryptography" or "Applied Cryptography" or even "PGP DH vs. RSA FAQ". At the University of Dayton page on this discovery (https://alumni.udayton.edu/np_story.asp?storyID=7 84), he says that Triple-DES could be easily broken.
That is complete B.S.
Triple-DES is a 112-bit algorithm, and perhaps even stronger that Rjindael (AES), since it's been subjected to rigorous cryptanalysis for many, many years.
It seems as if the encryption technology might be secure, but without any information on it, I am very skeptical.
I wonder if his dad's engine oil invention was "Slick 50" - about as snake oil as it gets.
Yeah. I'm also confused why anyone would want a "personalized" crypto algorithm in the first place.
Scrambling your algorithm to prevent brute force attacks is just stupid -- you could get far more security against brute force attacks by simply adding a single bit to your key-length. And unless all of the variables were relatively prime in any case you couldn't guarantee a single solution.
I think his "unconditional cryptography" translates in this case as "I still need to read Schneier and Koblitz and study number theory".
Just get out some paper and pencil and start tracing!
Jesus H Fucking Christ!
... I might was well get my geek news from CNN.
Random numbers -- unbreakable encryption -- no alarm bells going off in your head? Here's another word to help: "One Time Pad". Still not there?
Endorsed by a motor-oil inventor and some hick university? You people seriously do a disservice to the geek community reposting obvious bullshit
does this remind anybody else of Johnny Pneumonic?
He claims his cipher cannot be broken at all, no matter how many supercomputers you use (unconditional security). That is complete rubbish. Any calculation can be reversed no matter how complicated. You just need some computing power.
I quote from the origina article:
"The currently used DES encryption method, which is now being replaced by AES (Advanced Encryption Standard), was once thought unbreakable and can now be cracked in a matter of minutes to hours," said Robert Kauffman, who helped his son write parts of the computer program. "The AES also can be cracked in theory. These algorithms have computational security, which means they can be broken if enough time and computer power are used. AES would take hundreds of years to break with today's supercomputers. Jason's cryptography has unconditional security and can be proven unbreakable. Supercomputers won't make any difference."
FLT, not just any theorem.
Somewhere around the start of the PGP User guide, none other than Phil Zimmerman was discussing snake oil. He mentioned how 1337 he felt when he "discovered" a whole new kind of stream cipher. Why not just get a PRNG, convert a key to a seed for it, and then XOR that with the bit stream? Little did Phil know that this technique had been "discovered" many many times before and was covered in all good cryptography books. Moral? If you don't have a PhD in number theory, don't even try it.
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".