Cold War Code Breaking Manual Teaches Impossible Puzzle Solving

Cryptologist [Lambros Callimahos] was a victim of his own success. He wrote a trilogy of books called Military Cryptanalytics covering code breaking in 1977. The first two volumes were eventually published, but the NSA blocked the public release of the third volume back in 1992. But last December, it finally saw the light of day.

Of course, some parts of the book are redacted, including parts of the table of contents. That’s pretty bad when even your chapter headings can be classified. [Richard Bean] over on Phys.org has some notes about the book along with some examples of hard-to-solve crypto puzzles.

Continue reading “Cold War Code Breaking Manual Teaches Impossible Puzzle Solving”

Simple Encryption You Can Do On Paper

It’s a concern for Europeans as it is for people elsewhere in the world: there have been suggestions among governments to either outlaw, curtail, or backdoor strong end-to-end encryption. There are many arguments against ruining encryption, but the strongest among them is that encryption can be simple enough to implement that a high-school student can understand its operation, and almost any coder can write something that does it in some form, so to ban it will have no effect on restricting its use among anyone who wants it badly enough to put in the effort to roll their own.

With that in mind, we’re going to have a look at the most basic ciphers, the kind you could put together yourself on paper if you need to.

Continue reading “Simple Encryption You Can Do On Paper”

Inside The Top Secret Doughnut: A Visit To GCHQ

There’s an old joke that the world’s greatest secret agent was Beethoven. Didn’t know Beethoven was a secret agent? That’s why he was the greatest one! While most people have some idea about the CIA, MI6, and the GRU, agencies like the NRO and GCHQ keep a much lower profile. GCHQ (Government Communications Headquarters) is the United Kingdom’s electronic listening center housed in a 180 meter round doughnut. From there they listen to… well… everything. They are also responsible for codebreaking and can trace their origin back to Bletchley Park as well as back to the Great War. So what’s inside the Doughnut? National Geographic managed to get a tour of GCHQ and if you have any interest in spies, radios, cybersecurity, or codebreaking, it is worth having a look at it.

Of course, only about half of the GCHQ’s employees work in the Doughnut. Others are scattered about the UK and — probably — some in other parts of the world, too. According to the article, GCHQ had a hand in foiling 19 terrorist attacks, arresting at least two sex offenders, and prevented about £1.5 billion of tax evasion.

Continue reading “Inside The Top Secret Doughnut: A Visit To GCHQ”

Cryptographic LCDs Use The Magic Of XOR

Digital security is always a moving target, with no one device or system every being truly secure. Whether its cryptographic systems being compromised, software being hacked, or baked-in hardware vulnerabilities, it seems there is always a hole to be found. [Max Justicz] has a taste for such topics, and decided to explore the possibility of creating a secure communications device using a pair of LCDs.

In a traditional communications system, when a message is decrypted and the plaintext is displayed on screen, there’s a possibility that any other software running could capture the screen or memory state, and thus capture the secret data. To get around this, [Max]’s device uses a concept called visual cryptography. Two separate, independent systems with their own LCD each display a particular pattern. It is only when the two displays are combined together with the right filters that the message can be viewed by the user, thanks to the visual XOR effect generated by the polarized nature of LCDs.

The device as shown, working with both transparent OLEDs and traditional LCDs, is merely a proof of concept. [Max] envisions a device wherein each display is independently sourced, such that even if one is compromised, it doesn’t have the full message, and thus can’t compromise the system. [Max] also muses about the problem of side-channel attacks, and other factors to consider when trying to build a truly secure system.

We love a good discussion of cryptography and security around here; [John McMaster]’s talk on crypto ignition keys was a particular hit at Supercon last year. Video after the break.

Continue reading “Cryptographic LCDs Use The Magic Of XOR”

$100k To Crack A Bitcoin Wallet

When Bitcoin peaked a few years ago, with single coins reaching around $18,000 USD, heartbreaking stories began circulating about people who had tens or hundreds of coins they mined in the early days when coins were worth just a few dollars or cents. Since then, they owners of these coins had lost the private key, or simply thrown away the drive or computer the coins were on. It’s next to impossible to recover this key in most situations, but for the right amount of money it can sometimes be done.

About 20 years ago, [Mike] was working as a cryptography expert and developed a number of interesting algorithms for breaking various forms of encryption, one of which involved .zip files with poor entropy. A Bitcoin owner stumbled across the paper that [Mike] wrote and realized that it could be a method for recovering his lost key from 2016. [Mike] said it would take a GPU farm and $100,000 USD, but when the owner paid the seemingly enormous price [Mike] was able to recover around $300,000 worth of Bitcoin.

While this might not be financially feasible for you if you have a USB stick with a single coin on it you mined as a curiosity in 2010, the cryptography that is discussed in the blog entry is the real story here. We never know where the solutions to our problems are going to come from, like a random .zip file exploitation from two decades ago, but we can be sure that in the future it will be much easier to crack these keys.

Thanks to [Darmstatium] for the tip!

Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades

There have been a few moments in the past few years, when a conspiracy theory is suddenly demonstrated to be based in fact. Once upon a time, it was an absurd suggestion that the NSA had data taps in AT&T buildings across the country. Just like Snowden’s revelations confirmed those conspiracy theories, a news in February confirmed some theories about Crypto AG, a Swiss cryptography vendor.

The whole story reads like a cold-war era spy thriller, and like many of those novels, it all starts with World War II. As a result of a family investment, Boris Hagelin found himself at the helm of Aktiebolaget Cryptograph, later renamed to Crypto AG (1952), a Swedish company that built and sold cipher machines that competed with the famous Enigma machine. At the start of the war, Hagelin decided that Sweden was not the place to be, and moved to the United States. This was a fortuitous move, as it allowed Hagelin to market his company’s C-38 cipher machine to the US military. That device was designated the M-209 by the army, and became the standard in-the-field encryption machine.

Continue reading “Project Rubicon: The NSA Secretly Sold Flawed Encryption For Decades”

An Arduino And An Enigma All Rolled Into One

This hacker has been wanting to design an Enigma machine simulator for a while, but didn’t take the leap until they realized there was a compact Arduino with a surplus of I/O.

The logs go through all sort of variations on the machine. Everything from a plug board variation similar to the original to a 16 segment LED tester are covered. In one of the posts you can even see it decode a real U-Boat message. 

The earlier revisions are housed in very attractive laser cut cases but the latest designs employ an even more elegant casing solution. The simulator uses 16 segment displays and momentary push buttons for the keys. At its core is a 2560 Pro mini. The write-up contains a lot of detail about the code behind the Enigma and is interesting to read.  Interestingly, the PCB was designed in Fritzing, the EDA software many love to hate.

We love the craftsmanship and attention going into this project and can see it turning into a very appealing kit as it goes through its design cycles.