mirror of https://github.com/dirtbags/moth.git
41 lines
4.1 KiB
Markdown
41 lines
4.1 KiB
Markdown
One Time Pads
|
|
=============
|
|
|
|
As mentioned in the lecture, if you know the cryptographic algorithm being used, cracking a piece of ciphertext is simply a matter of time. Sometimes that amount of time, given current computing power, is beyond the lifespan of the sun, but you could always catch a lucky break and find the key within a couple thousand years or so.
|
|
|
|
You were able to solve some of the earlier problems because the limited key length gave you relationships between various points in the message that you could exploit to find the key. If the key length had been the same length as them message, however, those relationships would not be there. It would have been impossible, literally, for you to get the message back out even though it was encrypted using only a simple xor. A one time pad is a key such that each byte of the message is encrypted with it's own, entirely independent, on byte key.
|
|
|
|
With a one time pad, you can't rely on any patterns or information in the text. That information simply no longer exists in the ciphertext without the key. The text can even be transformed into any string of the same length given a different key. You can design a key to do exactly that, for instance, turning an executable into a jpg of a kitten.
|
|
|
|
There are a few weaknesses to a one time pad that tend to prevent it from being used. First, you need to distribute the key. Doing so reduces the security of the key to the method used to distribute it. Secondly, you can only use each key once, hence the name. Lets say you encrypted message A with key K using xor, and you also encrypted message B with the same key K in the same manner. If you xor both messages together, you get:
|
|
C = (A xor K) xor (B xor K)
|
|
C = A xor B xor K xor K
|
|
C = (A xor B) xor (K xor K)
|
|
C = (A xor B) xor 0
|
|
C = A xor B
|
|
|
|
If both A and B are a human language, you can use statistical techniques and a process of elimination to separate the two messages. If both the files are images, however, it would be pretty much impossible.
|
|
|
|
Other Block Cipher Modes
|
|
========================
|
|
|
|
Cipher Block Chaining, Electronic Code Book, and Propagating Cipher Block Chaining modes all require a cipher function that has an inverse. The inverse function allows you to decrypt the ciphertext and get back the original message.
|
|
|
|
What if, however, your original message was never an input to the cipher function? You could then use your cipher function as a generator of a new key for each byte of the message, giving you a pseudo one time pad. The cipher function in this case need not be reversible. It could be a complicated chunk of boolean logic that doesn't quite have a one-to-one input to output relationship, a random number generator (the key would be the seed), or any number of other creative methods. The output of this function would simply be combined with the message using a simple reversible function such as xor.
|
|
|
|
There are several standard methods for doing this. One is to simply combine (xor) each byte of generated key with the plaintext, as is usually done with one time pads. Additionally, there are block cipher modes designed for this type of operation: the Cipher Feedback and Output Feedback modes.
|
|
|
|
|
|
|
|
Decryption is simply a matter of generating the same sequence and re-applying the keys to the ciphertext (thus canceling out the key).
|
|
|
|
Non-Reversible Functions
|
|
========================
|
|
|
|
Cipher Feedback and Output Feedback modes free you to use any deterministic function as your cipher, though some functions are obviously better than others. Just about any cryptographic hash function would work well. Deterministic random number generators would work well too; the key/IV would be the seed, and you could optionally re-seed the generator at each step.
|
|
|
|
The Problem
|
|
===========
|
|
|
|
After reading that wall of text, you find yourself in the possession of this pcap. Working with your reverse engineer, you discover that the communications are encrypted using Output Feedback mode with md5 as the encryption algorithm, where the first byte of each hash is xor'ed with the plaintext. The first 16 bytes of the transmission appear to be the IV/key.
|