Slashdot Mirror
Safecracking for the Computer Scientist
secureman writes "It looks like Matt Blaze (the University of Pennsylvania CS
professor best known for finding security flaws in the NSA Clipper Chip
and in master keyed
locks) is still causing trouble in physical security circles. There's a draft paper (dated December '04) on his web site
entitled Safecracking for the
Computer Scientist, which is a pretty in-depth look at what
computer security can learn from safes (and vaults). The interesting
thing is that it describes in detail the different ways that safes are
cracked, probably revealing techniques that locksmiths would rather you
didn't know about (there's a lot of security-by-obscurity there). The
conclusion seems to be that while safes can fail, at least they do so
in better ways than computer systems do. Warning: it's a
2.5 meg pdf file with lots of pretty pictures."
The information for the way that locksmithing is done (including lock picking) is available in most libraries. Ditto for safe and vault construction methodologies for the past 120 years.
How about a safe holding up to the
wgetting it at 12 K/s
X(7): A program for managing terminal windows. See also screen(1).
Cmon, you expected a 2.5 mb file to last...
Here's Google's HTML-ification of the pdf (sans said 'pretty pictures')
http://mirrordot.org/stories/a98b5b5fc2096a7b567c4 b2e77ca0f1f/safelocks.pdf
http://shell.athenet.net/~files/safelocks.pdf
All safes open using a maintenance combination of 12345.
Did anyone else read the headline and think this was some horrible spoof on "Queer Eye for the Straight Guy"?
... no.
Well, now that you mention it
It's simple: I demand prosecution for torture.
I think his comparison is on to something here.
A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.
Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.
While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.
If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.
Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.
You can't defeat physics.
" Unable to determine IP address from host name for www.crypto.com
Wow, that's pretty darned secure!
"Derp de derp."
That sounds like the combination some idiot would have on his luggage.
Thinkin' Lincoln - a web comic of presidential proportions
Except that 'funny' mods don't get karma.
Other than that, which forms the entire body of your argument, you're spot on.
Me, I was amused by the name of the safe-cracking book mentioned in the PDF: "The Art of Manipulation." I'm sure that's the name of a low-budget pr0n film.
I think I need a new sig here.
To top it off, his mastery of punctuation and the Shift Key is far better than yours.
I think I need a new sig here.
The challenge for IT security is that computer science loves to use abstractions, encapsulation, APIs, libraries and what not that let the programmer ignore the details of the internal complexity of systems. The problem is that it leads one to assume that these systems behave in some idealized fashion (the logical, black-box model of the system). In reality, the systems don't always follow the assumed logical model or the ignored internals create side-effects that are unforeseen by the original programmer, but exploited by malicious actors.
For example, assumptions about metadata and syntax give rise to buffer overflow or malformed string exploits. In trusting that an input string will be its stated length or follow the official syntax, the programmer adheres to the logical model of the system but creates a vulnerability. Similarly, physical power consumption artifacts can let a cracker guess the state or internal activities of a smartcard encryption chip. The original programmer is unaware that the code creates these artifacts since most coding paradigms ignore issues such as the exact execution time of subroutines, power consumption of CPU instructions, etc.
Becoming security conscious means unlearning all the tricks that let a programmer ignore the complexity inside a system. It means understanding the real behavior of all the internals, all the side-effects, and all the system properties that might be observable or influenceable by a malicious party. That makes programming for security very different and very much harder that standard programming.
To mangle a metaphor, security means that one must peel the onion to ensure that it does not have contain an open door in its core.
Two wrongs don't make a right, but three lefts do.
True story.
I needed access to secured room of a building my company was renovating. It had a pushbutton type combination lock on it (or some such). I asked the combination, and the maintenance superintendent said "1-2-3-4-5". I immediately blurted out "1-2-3-4-5? That sounds like the combination some idiot would put on his luggage." Straight Pavlovian response to a Mel Brooks straight line.
It was only after a 5 seconds of being stared at that I realized that the Superintendent had intentionally set that combination, and he was NOT a "Spaceballs" fan.
"As God is my witness, I thought turkeys could fly." A. Carlson
This one throws a monkey-wrench in the works of the old "hacker vs cracker" argument. If someone is a redneck safe-cracking computer scientist from Georgia, what category do they fall into? Hmmm?
Don't blame Durga. I voted for Centauri.
Similarly, you can have as many security layers as you wish but if you forget to weld the back end of the safe or network on than they still do nothing for security... your only as secure as your weakest point of security.
If I remember correctly, Feynman used what many safe crackers and computer crackers still use today: the human factor. He relied partially upon secretaries writing combinations on desk notes and mechanical failings of filing cabinets. When you have lazy people who can't remember passwords/combinations, it becomes an exercise in getting the combination from people.
So I was reading the DaVinci Code and the main characters discovered that the account number for a swiss bank account was the first several digits of the Fibbonaci sequence.
The first thing I thought to myself was:
"That sounds like the combination some GENIUS would have on his luggage!"
Rats would be more funny if they could fart.
Don't leave home without it.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
Surely You're Joking Mr. Feynmann has a chapter called "Safecracker Meets Safecracker." It describes his time at Los Alamos during which he repeatedly opened people's safes. (The ease with which he did this actually quite disturbing.) Anyway, at the end of the chapter, he talks about how he learned that a particular lock came factory set at either 0-30-0 or 60-30-60 (I think those were the two), following which the owner would change it to something more secure.
He said he went around Los Alamos after he learned this trying those two combinations and opened about 1/3 of the locks with one or the other.
Well i dont think we have much to worry about here. As most
The chapter in Surely You're Joking only mentions two or three instances where he actually used stuff like that. Once when some other people needed a safe opened, and the people thought he might use a date. Feynmann tried every date in the 1900s* until he found what it was. Another time he needed something, and tried a couple mathematical constants, and 27-18-28 opened it. But that's about as far as he pushed that method.
Most of what he talks about that chapter was when he was able to figure out the last two numbers in someone's combination by fiddling with the lock when it was open. So the only human factor there was just people leaving their safes open.
*Rounded to the nearest multiple of 5
Um ... only partly due to social engineering and fast thinking.
For the rest he either tried the standard shipping combinations (25-0-25) or (50-25-50); in many cases the safe combinations were never changed from the "default" combination.
For the rest, he would lean on the safe, twiddling the dial in what appeared to be a random, nervous twitchy thing, when in fact he was trying different combinations in increments of 5 digits. Those locks had rather wide notches in the wheels, and would respond rather nicely (with those nice rounded shoulder cuts) to a number +/- 3 digits. He only had to try numbers in steps of five to come close enough to get the lock open. Remember, he wasn't trying to get the EXACT number, just get the thing open.
He'd return to his office, and note the combination for that particular safe and write it down. Ah, security.
Pick a corner area of your basement. Build a concrete block room, filling the block voids with concrete and rebar. Put a roof on the block room made out of steel plate, anchored to the block walls, and add another 4" of concrete and rebar on top of this.
For the entrance, use two doors. The inside door should be a vault door (better gun safe door hung on a frame with inside release). Outside door should be steel fire/security door with steel frame and heavy locks. Outside door is just to be time consuming to get to the inside door.
This wouldn't be all that expensive, either, considering a high-end gun safe alone is $5k pretty easily.
Isn't the use of ever increasing keyspace sizes in encryption algorithms (ie SHA256, SHA512, SHAadInfinitum) at a pace slightly higher than Moore's law effectively doing this now?
I can't count how many times I have read "...will take longer than the age of the Universe itself to brute force this /insert encryption scheme of choice here/..." when reading about some new fangled encryption scheme. Naturally, that claim is based on computational power at the time, but doesn't this exactly dispute his claim?
We can be better at it, sure. But computer security systems are designed with at least SOME regard for the notional hacker's motive, opportunity, and skill level.
...But I digress. TREMBLE PUNY HUMANS!ONE DAY MY SPECIES WILL DESTROY YOU ALL!
out of the hands of most criminals.
Erk, now where have all those SuperCriminals gone?
It also takes a lot longer. If you're questioning everything the C library is doing, you're going to spend all your time trying to break your own program before you've even written it! Something has to give somewhere.
From the PDF:
There are a few obvious things you can do, like avoiding unbounded reads, trimming down your strings, validating your input, etc., but who's going to think twice about calling fd_set()? Yet there's a vulnerability in the implementation of fd_set() on *BSD which could lead to denial of service or code execution. What's more, it's a tricky and subtle problem which even experienced programmers might miss. (It's also subtle and tricky to exploit.)
(It also affects more apps than the ones listed in the link there, and also affects some FreeBSD, and in theory might affect Linux. I'd post more links, but I'm short on time and long on the to-do list.)
So in short, you aren't going to have time or space in your head to know everything. But if you do the few obvious things, you'll greatly increase the security of whatever you write.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Uh, OK.
So 40^8 = 6553600000000.
Let's say you'll hit the password halfway through the keyspace on average = 3276800000000.
Let's be really generous, and say a single user can attempt 60 keys / sec. That's 5184000 keys per day.
So, you'd get your password in about 632099 days... about 1700 years. Say you're attacking with 1000 people, that's only 1.7 years!
Oh wait, no supposedly secure system is going to accept 60000 failed key attempts per second, for 1.7 years, before failing. Nice thought, though.
-Greg
John Dillinger penetrated a bank vault and looted safe-deposit boxes within, but he did it by stealth, finding a closed-down bank, pretending to be an authorized workman, and taking a long time to extract the contents.
When I was a kid, my friends and I put an ordinary paper firecracker inside a wooden box, about the size of a cigar box, and secured the lid. To our surprise, the box spontaneously disassembled itself into its component parts, which travelled outwards at high speed. All of that from a firecracker that would only cause minor burns if you held it in your fingers when it exploded.
Mea navis aericumbens anguillis abundat
That's not fair, I live upstairs. I take offense for all of us readers who can't even make it to the stairs.
If 00000000 is an acceptable nuclear missle secret launch code, then 12345 has got to be NSA-level security!
HIV Crosses Species Barrier... into Muppets
Locks, Safes and Security: An International Police Reference Two Volumes is apparently a wonderful book all about the history of lock-picking and its evolution, including ways in which things were overcome. Although the book is a bit pricey.
Swear to God I want a "-1, Surely You're Redundant, Mr. Feynman" moderation just now.
Not /specifically/ directed at you, but the editors coulda saved a couple hundred posts if they'd mentioned him in the summary.
Yahoo! Pipes are awesome. How awesome? http://pipes.yahoo.com/jesdynf/slashdot
Here's a different true story (posted as AC to protect the, erm, me):
The client I currently work at installed similar push-button combination locks on all doors from each floor's elevator hall, and spent a far bit of money on it too.
The combination was set to 7-2-5-3.
Not being a big one for remembering this sort of thing, I idly tried entering 2-3-5-7 - and it opened!
A few tests revealed that their vaunted locks would open with any arrangement of the required four digits - reducing the security from 1 in 10,000 combinations down to 1 in 400 or so.
Another valid 5 digit combination that one can say out loud as "1-2-3-4-5" is "24445" (one 2, three 4's, then 5). So there are two possible combinations for "1-2-3-4-5".
Of course, if your lock can't handle multiple digits being the same, well, it's time for a new lock!
Good safes tend to "fail secure" -- that is, when something goes wrong, you can't get into it even with the right combination. The only reason this is acceptable is there's still ways into the safe without damaging the contents. They're expensive (hardened drill bits ain't cheap!), require esoteric tools and knowledge, and hopefully take a lot of time and make a lot of noise, which a cracker doesn't want to do. Encryption, if it fails for some reason, is as hard to break for the legitimate user as it is for the cracker. Fortunately, it doesn't fail that often --- except for good old human factors, like the guy with the key forget it, lost it, or dropped dead.
My father who got sent to locksmithing training by the Department of Defense was describing how you drill into the door of a safe to open it if you've somehow lost the combination. Basically you get a piece of metal that is the size of the door from the manufacturer -- it has marks on it where to drill. You drill according to the directions, and then fiddle with the inner workings of the locking mechanism to move the tumblers where they should be in order to open the safe, and to change the combination.
The bad part is that once you've done this, to make the safe secure again you put a steel ball bearing the size of the hole in the hole, and then weld it in there. There is absolutely no way you're going to be able to drill through that steel. Any drill bit you try to drill through it is just going to dance on it, and end up breaking the drill bit.
So I guess in that case, safes that have been forcibly opened using the above method are safer than ones that havn't.
da w00t. mtfnpy?
There was a burglar in Texas last year that was breaking into city hall buildings all over the state. In almost every one he managed to get access to the safe or safes kept in the building without prying or damaging the safes.
When he finally got caught be debriefed and gave up his MO. He would get in to the building be defeating a usually inadequate door lock with a screw driver. Then once inside he would look in all the desk drawers for sticky notes with numbers on them. In almost every one he would find a sticky note with the combination to the safe. This guy hit over 50 different city halls and got into the safe(s) in almost all of them.
The best safes in the world won't keep people from being clueless about security.
Heck is a place for people that don't believe in gosh.
They changed the timeclock override password at work from 00000 to 12345 because the button broke from overuse :)
I see the same thing with, "Laughing so hard X was coming out my nose." Come on. As an adult, unless have a serious degenerative disease affecting your ability to control bodily reactions, that doesn't happen.
It can happen, if something really funny comes up at just the wrong moment. I had it happen to me a couple years ago with lemonade as I was playing Scattergories with some friends. Lemonade is actually quite painful in the sinuses.
That said, I'm sure that 99.9% of the times you see that it's not true.
A good locksmith specializing in safes doesn't care if you know how safes are opened-- on the contrary, they'll tell you all about it. The job of a competent physical security professional is give the client a straight and honest description of how the product works and what its weaknesses are, and safes are no exception. I've worked for a locksmith for the last ten years and it's company policy to show clients exactly what they're getting and/or what they already have. With safe openings, my boss explains exactly what he's doing and how it all works. Admittedly, there are a lot of locksmiths who think this should all be top secret stuff, but they're just fooling themselves. All the info is out there. There's no official schooling for locksmiths, and no coherent regulation of the profession. Subsequently, there's no way to really keep the information out of the hands of "criminals" while still allowing access for beginners trying to start out in the profession. You can join the Associated Locksmiths of America essentially by just saying you're a locksmith, although you'll be approved for membership quicker if you have the recommendation of an existing ALOA member. Once you have an ALOA membership number, you're a locksmith as far as the "keepers of the knowledge" are concerned. Heck, you don't have to have anything but fifty bucks and a mailing address to subscribe to The Locksmith Ledger, and they frequently have articles on opening various safes.
Really, none of the techniques outlined by Mr. Blaze in the PDF are any big secret. Anyone with access to such a lock mechanism (buy a safe and you've got one) and a little brainpower can figure all that stuff out. The thing is, drilling a safe requires fairly specialized tools and is very noisy. Manipulating a safe requires a lot of practice, and even an expert can take a LONG TIME to get into a safe. There's no astounding revelations there. Walk into my boss' locksmith shop and he'd show you all that. I've tried my hand at both drill penetration and manipulation, and there are no "secrets" that make any of that stuff easy. At best, the knowledge it just makes it possible-- and that knowledge is available through simple observation.
If a job's not worth doing, it's not worth doing right.
Picking a Bramah lock is quite possible, but requires some specialized tools.
I "picked" a small Bramah lock on a liquor caddy once. My boss was repairing the customer's front door lock and (as a joke) told me to see if I could open it after the owner told us she had no key. I managed to tension the lock and eyeball the depth of a couple gates and cut a makeshift key from a bit and barrel key with the bit shaved off. By sheer luck I had made a perfect working key in about 20 minutes. When I brought the open lock with key to my boss he looked surprised and told me they weren't supposed to be pickable, I (who'd never seen a Bramah lock before) said "It's a good thing I didn't know that then, eh?"
If a job's not worth doing, it's not worth doing right.
Why on earth doesn't Slashdot set up a mirror first then link to that instead of bringing down people's websites? Bit/BlogTorrent are free last I checked. Linking to a 2.5MB file?! It's almost like they want the site to go offline.
There was a guy with Tsunami Videos on his blog which ended up costing him $1,000 before he knew what hit him. Does Slashdot compensate those with huge bandwidth bills? or give any warning prior to linking to something like a pdf?
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
Actually, the S&G lock he showed is pretty much current industry standard design. They're not as easy to manipulate as they sound. The principle is very simple, but the practice is extraordinarily difficult.
Even a cheap $2 Master pad-lock, as he briefly mentioned in two sentences on page 31, has false gates on the wheels, basically defeating all the simplistic techniques mentioned in the article.
They don't generally use false gates on the wheels of safe locks because the fence doesn't ride on the wheels while they're turning. The fence only drops down to contact the wheels when that smaller brass wheel in front is rotated so that thar hook shaped piece falls into it. False gates can make it more difficult to figure out where the real gates are, but the fact that they have a bottom and are not as deep as the real gate make them susceptible to the exact same analysis as a non-gated wheel pack. I think you are not entirely understanding how these locks work and the methods of manipulation he describes.
Although he states that these false gates are easily identified, trust me, they are not.
Trust you? You think an S&G 6730 lock (retail price $115.02, my price $69.01, 5 of them currently in stock at my lock supplier's warehouse in DC-- I just checked their online catalog) is "at least a hundred years old" and expect me, a locksmith with 10 years experience learning from a boss with 30 years experience, to trust your analysis? Please.
--------
Funny you should mention, but those cheap master locks with the false gates is absurdly easy to manipulate. As a locksmith I'll probably be banned from our secret society meetings for telling y'all this; but here, try it at home:
First off, those false gates are only on the last wheel-- the first to wheels are smooth except for the combination notch. Second, the "keyspace" for those master combo locks is a lot smaller than it looks. The dial may be numbered 0 through 39, but you can be within 1.5 in either direction of the correct number and the fence will drop in. For sake of ease of implementation of my manipulation method, I usually round that down to 1.25 because this allows me to divide the wheel into 16 increments 2.5 apart. So effectively the possible numbers are 0 2.5 5 7.5 10 12.5 etc.-- basically each of the numbers marked on the dial face and the halfway mark between them.
So now you have a keyspace of 16 * 16 * 16, or 4096 combinations. This is still a pretty big number, so let's reduce it. Pull up on the shackle and "feel" each of the points where there's a false gate on that last wheel. Around a certain number range it will feel "loose" because these lock wheels are never perfectly round and the fence of the lock will be stopped by the other two wheels. Once you find this loose space, you have a way to check if the other two wheels are correct. If they are, the fence will drop into them and your will feel friction at that formerly loose position. At that point you need only turn the dial until the third wheel gate is aligned and it pops open.
You only need to go through 16 * 16 = 256 combinations on those other two wheels to find the combination. And you don't have to "clear" the lock after each try either: You set the first wheel at (say) 2.5, then spin around to 0 and see if it rubs. If it doesn't turn back the other way again to advance the second wheel to 5 then see if the third wheel rubs. Then go back and advance the second wheel to 7.5 and check the third wheel. Do this 16 times and you've checked all the combos beginning with 0. Reset the lock (4 spins) and try the ones that start with the first wheel at 2.5. continue this process until lock opens.
The longest one of these has ever taken me is 20 minutes.
If a job's not worth doing, it's not worth doing right.
I walked past the gym we have in the basement of our building. When too maany (non entitled) people started using it, they changed the PIN on the door. I know this because some Brainiac posted a apologetic notice on the door that helpfully included the *new* PIN for regular gym patrons.
Unfortunately it was taken down before I could take a picture of it.
Xix.
"Everything is adjustable, provided you have the right tools"
I'm a locksmith and any locksmith with half a brain should know that all of this is commonly available information. Certainly a few old fogies who think locksmithing is some sort of secret society like the Freemasons would pitch a fit if the customer wanted to see the inside of his safe lock. Or maybe they're pissed because they've been telling customers that the safes they're selling are "impenetrable", but if that's the case then they're the idiots. I have personally showed the various "safecracking" techniques to customers and let them try their hand at manipulating a combo lock. The theory is simple, but the implementation is darn near impossible without years of experience and practice. I've never had a customer decide not to buy a safe because I showed him how they're cracked and he thought it was "too easy". Basically, what it comes down to is that there's no such thing as 100% security. You Can pay more money and add more complication to get "more 9's", but a Star or Horizon in-floor burglary safe will keep out all but the most determined intruder. Honestly, any locksmith that thinks there are any "trade secrets" in the industry is foolig themselves. Anyone can get an Associated Locksmiths of America membership and a business license, and from there buy books that explain it all.
I seriously doubt that posting this on slashdot is going to lead to a massive upswing in safecracking. The one thing I've noticed in the business is that (weird as it sounds) most people are basically honest! Besides, safecracking isn't fast enough for most criminals. Most safe burglaries happen when someone knows the combination, either having been entrusted with it, watching someone else dial it, or finding it written down in a drawer somewhere.
If a job's not worth doing, it's not worth doing right.
For $35USD, and a glance at my driver's licence, I was able to purchase a lock-pick set. I was intrigued, after seeing hundreds of movies showing theives and spies opening doors faster than people with keys.
After alot of research, and pracitice, I was able to open several brands of pad-locks, as well as the doors' to my house. Guess What? It's not as easy as it looks.
I did this mainly out of curiosity, but I recently had a chance to put this new skill to the test.
My neighbor had locked her keys in her house, and asked for my help. After thinking about it for 15 seconds, agreed to help.
I broke a pane in the window of her back door. There was no way I was going to let her know that I was capable of defeating the locks on her house. I have no intrest in breaking and entering, but the fact is, if people know you can do it, and something goes missing, guess who the first suspect is going to be?
I would love to figure out how to open a safe, not because I want to rob anyone.....it's just really cool, and the fun is in learning how to do something most people can't.
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
They make those, but my boss refuses to install them anymore, even if the customer wants it. We've seen too many cases of fritzed electronics, dead batteries, and broken wires with those things. I have only once seen a regular mechanical combo lock fail spectacularly, requiring drilling to open the safe, and in that case the lock "worked badly" for WEEKS beforehand (but the customer, of course, waited till it broke). Electronic locks tend to have binary failures: the work fine up until the point where they don't work at all.
If a job's not worth doing, it's not worth doing right.
Now I could see lazy users setting the combos to something easy to remember like 60-30-60 or such, but they don't come from the factory with either of the two settings you mentioned.
I'm too lazy to compose a creative sig.
According to http://www.cis.upenn.edu/departmental/faculty/ the CIS faculty of Penn Uni has a faculty member named Assoc. Prof. Matthew Blaze.
http://www.timhunkin.com/94_illegal_engineering.ht m
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
But who knows if the combined algorithm has a flaw that neither algorithm had, separated?
As for simple layering the same protocol, consider this (silly example): Exchanging each letter with the letter n positions futher along the alphabet does not get more secure by being done multiple times.
The same holds true for 3DES and every asymetric encryption method I have seen.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
I tried that myself with my new Quanilon(tm) quantum CPU from AMD. The problem I had, was when the cooling fan failed the CPU overheated -- causing the probability wave to colapse -- and my cat died...
Required reading for internet skeptics
I believe the original poster simply misremembered the combinations mentioned in the book. My memory may have been corrupted by seeing your post, but I'm pretty sure the combinations in this story were 50-25-50 and 25-50-25.
Oh wow, I love Amazon. Find Surely You're Joking, Mr. Feynman! on Amazon and use the search function to look for "Safecracker meets Safecracker". Click on the last link on the first page, and you can find the exact text. The combinations in the book are actually 25-0-25 and 50-25-50. It also turns out that it only opened 1/5th of the safes, not 1/3rd. That book search rules!
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I do agree with the other points though.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
Bah. A real genius would set his combination to the LAST few digits of the Fibbonaci sequence ;-)
--- Egads, I glow in the dark!
- Adding layers doesn't make it any less secure,
- Adding bits to a single key in the letter-shifting method by itself doesn't make it any more secure, and
- Stacking that encryption method and a second method, each with a key size of n/2, will probably be more secure than using the letter-shifting method alone with a key size of n.
Your example caused me to think of a simplistic case where a combination of methods, each with a key size of n/number-of-methods, may be less secure than a single method with a key size of n: your letter-shifting method combined with a simple XOR method. In this case, it may be true that the combination is less secure than the XOR method by itself with twice the key size.This is due to the fact that the letter-shifting encryption method does not benefit at all from a larger key size, and thus taking bits from the method that does benefit from a larger key size to give it to a method that does not, will of course cause the security of the system as a whole to decrease.
It is still more secure, though, than the letter-shifting method taken by itself.
Now, let's assume that the flaw in the letter-shifting method wasn't discovered unitl after it been used for a few years.
We now have three types of encryption systems (relevant to this example):
- The system that used letter-shifting by itself, with key size n.
- The system that used XOR by itself, with key size n.
- The system that used the letter-shifting method in combination with the XOR method, each with key size n/2.
After the flaw in the letter-shifting method is discovered, the people who used letter-shifting by itself are totally screwed, those who used XOR by itself are unaffected, and those who used the combination are partially-screwed.I'd rather be partially-screwed than totally screwed.
The thing is, it's not possible to tell in advance whether or not a single encryption method is flawed.
(If it were possible, such a method wouldn't have been used in the first place.)
Using a combination of different methods is a way of avoiding putting all of one's eggs in one basket.
Can anyone state a case where a combination of encryption methods, where each has a different key of size n/number-of-methods, is demonstrably less secure than each and every one of the methods used by itself with key size n?
I don't see how a chain of methods could be any weaker than its weakest link, even when the weakest link, used by itself, would have a larger key size.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Well, I'll try to explain why people think what you are proposing is suboptimal.
Firstly, I think you have misunderstood what "adding extra bits" (enlarging the key) means --- at least in this context. In my (silly) example, the key had the length of 1 (number). Notice there is no bits, since the atomic unit in this encryption unit is letters. If you increase the number of bits we would have more numbers.. E.g, (1,2) would make "have" into "icwg", which would be harder to break. The scheme is actually not THAT bad --- there are methods to break this sort of encryption, but it isn't trivial. A person that has not studied cryptography would be pressed to break something like this, at least if the key length is unknown.
If you take this method to an extreme with keys longer than the text, you would have a fair encryption method, provided that the keys are kept secret. But nevermind that.
Now, to invent another cryptographic method, let's consider a method where the positions in the alfabet are multiplied rather than added, and the modulo of 26 is taken. So for the example key (1,2) and the word "have" the result would be "hbvj".
How secure are these methods combined? Well, if the coded and original letters have position x and y, respectively, and we are using keys k,l with values k_1, k_2, ..., k_n and l_1, l_2, ..., l_m, where n and m are some integral numbers. Then the effort spend on encrypting the message is O(n+m). The effort spend decrypting then will only be proportional to the smallest common multiple of n and m --- it's an easy proof, so I leave it as an exercise. However, for the same effort you could have obtained and effort proportional to the multiplum... and the encryption and decryption rutines would be simpler, and thus less errorprone. That's one argument against layering encryption algorithms.
Now, either of these algorithms may be weak --- indeed, the muliplum algorithm is for a number of reasons, most importantly the distribution of the resulting letters is not uniform. Note that if the addition is performed first, no harm is done by this, but if the multiplication is performed second, the distribution would be skewed in such a way that the addition key could be guessed from the distribution of the letters of the encoded message. This would render the combined algorithm weaker then the addition alone. This is the "real world" example you asked for... and admit it, it is not that far-fetched for a slashdot comment ;-)
Disclaimer: I'm not really a crypto guy, just an IT specialist + mathematician.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
In physicist Richard Feynman's book, "Surely You're Joking, Mr. Feynman," he talks about working on the Manhattan Project in New Mexico. He discovered he could figure out the combination to the safes they were using just by touch. So he went around to various offices and would kind of lean on the safe while chatting with the inhabitant. He'd twiddle the dial as though he were just playing around with it during the conversation, but he was really determining the combination. Eventually, he went to the security people and showed them how easy it was to crack these things, and showed how he had the combinations to many safes. Instead of improving the safes, the response of the security people was to make the occupant of every office Feynman had ever been in change the safe combination. The inhabitants were none too happy, and to avoid a repeat of the episode banned Feynman from entering their offices thenceforth. The safes were left as vulnerable as before.
Personally, I think mass public distribution is better. It better serves to destroy the "security through obscurity" mindset held by a lot of locksmiths. It's not like any of that information is a magic back door that lets one defeat safes with the wave of a hand. It's a straightforward and honest examination of the design limitations inherent in these locks. It shouldn't be "kept quiet" so that only those who think to go looking for it find out; everyone considering these for physical security should know about it. The very fact that there are locksmiths out there who think this should be kept quiet is why this needs to be broadcast as publicly as possible, because people clearly can't depend upon those particular idiot locksmiths to tell them what they have the right to know.
If a job's not worth doing, it's not worth doing right.
Please explain to me what 0.7 bits is? ;-)
Sorry for nitpicking, but the above statement is rather silly, unless you can think up a way of generalizing the definition of a bit to include rational numbers ;-)
As we both know, this is toally besides the point :) The point of course, was that by more bits we don't mean shifting the original letters more, we mean shifting the letters in more ways. Eh. Approximately.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.