cryptography

51 Articles

Why You Should Totally Roll Your Own AES Cryptography

July 11, 2022 by 27 Comments

Software developers are usually told to ‘never write your own cryptography’, and there definitely are sufficient examples to be found in the past decades of cases where DIY crypto routines caused real damage. This is also the introduction to [Francis Stokes]’s article on rolling your own crypto system. Even if you understand the mathematics behind a cryptographic system like AES (symmetric encryption), assumptions made by your code, along with side-channel and many other types of attacks, can nullify your efforts.

So then why write an article on doing exactly what you’re told not to do? This is contained in the often forgotten addendum to ‘don’t roll your own crypto’, which is ‘for anything important’. [Francis]’s tutorial on how to implement AES is incredibly informative as an introduction to symmetric key cryptography for software developers, and demonstrates a number of obvious weaknesses users of an AES library may not be aware of.

This then shows the reason why any developer who uses cryptography in some fashion for anything should absolutely roll their own crypto: to take a peek inside what is usually a library’s black box, and to better understand how the mathematical principles behind AES are translated into a real-world system. Additionally it may be very instructive if your goal is to become a security researcher whose day job is to find the flaws in these systems.

Essentially: definitely do try this at home, just keep your DIY crypto away from production servers :)

Screenshot of the RSA calculator, showing the fields that you can fill into and the results as they propagate through the calculation

Lift The Veil On RSA With This RSA Calculator

July 8, 2022 by 2 Comments

Encryption algorithms can be intimidating to approach, what’s with all the math involved. However, once you start digging into them, you can break the math apart into smaller steps, and get a feel of what goes into encryption being the modern-day magic we take for granted. Today, [Henry Schmale] writes to us about his small contribution to making cryptography easier to understand – lifting the veil on the RSA asymmetric encryption technique through an RSA calculator.

With [Henry]’s calculator, you can only encrypt and decrypt a single integer, but you’re able to view each individual step of an RSA calculation as you do so. If you want to understand what makes RSA and other similar algorithms tick, this site is an excellent starting point. Now, this is not something you should use when roll your crypto implementations – as cryptographers say in unison, writing your own crypto from scratch is extremely inadvisable. [Henry] does say that this calculator could be useful for CTF players, for instance, but it’s also undeniably an accessible learning tool for any hacker out there wishing to understand what goes on under the wraps of the libraries we use.

In modern day, cryptography is instrumental to protecting our freedoms, and it’s a joy to see people work towards explaining the algorithms used. The cryptography tools we use day-to-day are also highly valuable targets for governments and intelligence agencies, willing to go to great lengths to subvert our communication security – so it’s even more important that we get acquianted with the tools that protect us. After all, it only takes a piece of paper to encrypt your communications with someone.

Cold War Code Breaking Manual Teaches Impossible Puzzle Solving

June 8, 2021 by 25 Comments

Cryptologist [Lambros Callimahos] was a victim of his own success. He wrote a trilogy of books called Military Cryptanalytics covering code breaking in 1977. The first two volumes were eventually published, but the NSA blocked the public release of the third volume back in 1992. But last December, it finally saw the light of day.

Of course, some parts of the book are redacted, including parts of the table of contents. That’s pretty bad when even your chapter headings can be classified. [Richard Bean] over on Phys.org has some notes about the book along with some examples of hard-to-solve crypto puzzles.

Continue reading “Cold War Code Breaking Manual Teaches Impossible Puzzle Solving”

Simple Encryption You Can Do On Paper

May 12, 2021 by 73 Comments

It’s a concern for Europeans as it is for people elsewhere in the world: there have been suggestions among governments to either outlaw, curtail, or backdoor strong end-to-end encryption. There are many arguments against ruining encryption, but the strongest among them is that encryption can be simple enough to implement that a high-school student can understand its operation, and almost any coder can write something that does it in some form, so to ban it will have no effect on restricting its use among anyone who wants it badly enough to put in the effort to roll their own.

With that in mind, we’re going to have a look at the most basic ciphers, the kind you could put together yourself on paper if you need to.

Continue reading “Simple Encryption You Can Do On Paper”

Inside The Top Secret Doughnut: A Visit To GCHQ

October 26, 2020 by 31 Comments

There’s an old joke that the world’s greatest secret agent was Beethoven. Didn’t know Beethoven was a secret agent? That’s why he was the greatest one! While most people have some idea about the CIA, MI6, and the GRU, agencies like the NRO and GCHQ keep a much lower profile. GCHQ (Government Communications Headquarters) is the United Kingdom’s electronic listening center housed in a 180 meter round doughnut. From there they listen to… well… everything. They are also responsible for codebreaking and can trace their origin back to Bletchley Park as well as back to the Great War. So what’s inside the Doughnut? National Geographic managed to get a tour of GCHQ and if you have any interest in spies, radios, cybersecurity, or codebreaking, it is worth having a look at it.

Of course, only about half of the GCHQ’s employees work in the Doughnut. Others are scattered about the UK and — probably — some in other parts of the world, too. According to the article, GCHQ had a hand in foiling 19 terrorist attacks, arresting at least two sex offenders, and prevented about £1.5 billion of tax evasion.

Continue reading “Inside The Top Secret Doughnut: A Visit To GCHQ”

Cryptographic LCDs Use The Magic Of XOR

August 3, 2020 by 8 Comments

Digital security is always a moving target, with no one device or system every being truly secure. Whether its cryptographic systems being compromised, software being hacked, or baked-in hardware vulnerabilities, it seems there is always a hole to be found. [Max Justicz] has a taste for such topics, and decided to explore the possibility of creating a secure communications device using a pair of LCDs.

In a traditional communications system, when a message is decrypted and the plaintext is displayed on screen, there’s a possibility that any other software running could capture the screen or memory state, and thus capture the secret data. To get around this, [Max]’s device uses a concept called visual cryptography. Two separate, independent systems with their own LCD each display a particular pattern. It is only when the two displays are combined together with the right filters that the message can be viewed by the user, thanks to the visual XOR effect generated by the polarized nature of LCDs.

The device as shown, working with both transparent OLEDs and traditional LCDs, is merely a proof of concept. [Max] envisions a device wherein each display is independently sourced, such that even if one is compromised, it doesn’t have the full message, and thus can’t compromise the system. [Max] also muses about the problem of side-channel attacks, and other factors to consider when trying to build a truly secure system.

We love a good discussion of cryptography and security around here; [John McMaster]’s talk on crypto ignition keys was a particular hit at Supercon last year. Video after the break.

Continue reading “Cryptographic LCDs Use The Magic Of XOR”

$100k To Crack A Bitcoin Wallet

April 11, 2020 by 43 Comments

When Bitcoin peaked a few years ago, with single coins reaching around $18,000 USD, heartbreaking stories began circulating about people who had tens or hundreds of coins they mined in the early days when coins were worth just a few dollars or cents. Since then, they owners of these coins had lost the private key, or simply thrown away the drive or computer the coins were on. It’s next to impossible to recover this key in most situations, but for the right amount of money it can sometimes be done.

About 20 years ago, [Mike] was working as a cryptography expert and developed a number of interesting algorithms for breaking various forms of encryption, one of which involved .zip files with poor entropy. A Bitcoin owner stumbled across the paper that [Mike] wrote and realized that it could be a method for recovering his lost key from 2016. [Mike] said it would take a GPU farm and $100,000 USD, but when the owner paid the seemingly enormous price [Mike] was able to recover around $300,000 worth of Bitcoin.

While this might not be financially feasible for you if you have a USB stick with a single coin on it you mined as a curiosity in 2010, the cryptography that is discussed in the blog entry is the real story here. We never know where the solutions to our problems are going to come from, like a random .zip file exploitation from two decades ago, but we can be sure that in the future it will be much easier to crack these keys.

Thanks to [Darmstatium] for the tip!