Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Pretty Good Privacy Isn't Good Enough

Posted by Roblimo on from the let's-not-confuse-codes-with-ciphers dept.

st. augustine writes "Worried that the NSA already knows how to crack PGP? Someone calling themselves Hardened Criminal Software has a one-time pad package called HardEncrypt that could be the answer to your paranoia. The sci.crypt Snake Oil FAQ teaches us to beware of one-time pad claims, but it looks like Hardened Criminal has done their homework. No bogus bit-stream algorithms or pseudo-random number generators. And it's open-source, so everyone can bang on it and fix any problems. I'd try it myself, but I'm outside the US, and the Bernstein decision doesn't apply in New York. :-)"

1 of 169 comments (clear)

  1. Re:Why people don't use one time pads by plambert · · Score: 5

    "this is the first message"
    "now here is the second string"

    (i guessed at the last part, since they were of unequal length).

    it took me about 15 minutes to hack together some perl code to help me do it--easier than doing it by hand.

    and i've never done this before. ;-)

    it's amazingly simple, actually. you have two plaintexts, T1 and T2, a key, K, and two ciphertexts, C1 and C2. you're trying to find T1 and T2. you don't know (and don't really care about) K, and you know C1 and C2.

    so you have:

    C1= T1 XOR K
    C2= T2 XOR K

    now the problem is, we don't know K. so we think about things briefly and suddenly realize:

    C1 XOR C2 = T1 XOR T2

    which takes the key entirely out of things, making it simply a case of finding two plaintexts XORed together. which is a piece of cake (especially for simple plaintexts like what you provided).

    specifically, i took C1 XOR C2 (call it R) and went through it sequentially, XORing the string ' the ' (with the spaces).

    this gave me two hits:
    07.......e is
    11........... firs

    figuring it was likely that this string occurred in both T1 and T2, and unlikely that it occurred twice in any one string in such close proximity, i figured these were each parts of T1 and T2, respectively.

    then i XORed ' first ' with R in the right spot, and it gave me ' the se'. i tried all the letters a-z after the 'se' which formed part of a word, i.e. not 'sez' or 'sek' or 'sej'.

    with some experimentation, part of the message became clear, and it was easy to extrapolate to get the rest.

    with some effort, a program could be written to throw a dictionary at it (in nearly any language, and any character encoding or file format) and see what develops. pretty straightforward stuff.

    does that answer your question? ;-)

    --plambert