Fighting Big Brother: A case for hacking encryption

Discussion in 'Politics, Religion, Social Issues' started by JPamplin, Apr 14, 2014.

  1. JPamplin macrumors 6502

    JPamplin

    Joined:
    Mar 12, 2009
    Location:
    Nashville, TN
    #1
    Folks,

    I post this here in the (almost) certainty that government agents are not currently monitoring this site. I have an idea, and I'd like your feedback.

    Encryption keys follow certain rules for the characters they possess. Every time I see a key, it seems to have alphanumeric characters and perhaps a few other characters (+, =, etc.). Brute force decryption basically tries billions of key combinations until they find one that works, right?

    So what if you used non-standard characters, outside the "rules" for which ones to include? If you modified your encryption algorithms to include characters that they would never try, then in theory your key could NEVER be broken, because those characters would never be included (according to the old rules).

    Is this crazy? Could you roll your own encryption by bending the rules?

    JP
     
  2. iBlazed macrumors 68000

    iBlazed

    Joined:
    Feb 27, 2014
    Location:
    New Jersey, United States
    #2
    Too many big words.
     

    Attached Files:

  3. sviato macrumors 68020

    sviato

    Joined:
    Oct 27, 2010
    Location:
    HR 9038 A
    #3
    I heard the 2048-bit keys already can't be broken by modern computers, not in a lifetime at least.
     
  4. Renzatic Suspended

    Renzatic

    Joined:
    Aug 3, 2011
    Location:
    Gramps, what the hell am I paying you for?
    #4
    As far as I know, any encryption can be broken, given enough time and hardware power behind it. If you're hiding something of particular importance, and someone gets their hands on it, given enough expertise, they find a way to get at it.

    But that's the thing. 2048-bit is so strong, and takes such a large amount of time and processing power to break it, that no one will ever attempt doing it. What they're wanting to get at has to be worth the effort.
     
  5. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #5
    What you're describing is called BASE64 encoding.
    http://en.wikipedia.org/wiki/Base64

    The underlying key data is binary, and all values are permitted. That is, there are no "non-standard characters" or values "outside the rules". BASE64 just converts the binary into a form that won't get damaged when transported through ancient (yet still operating) transport systems.

    If you use "non-standard characters" in a BASE64 string, it just won't decode. This is because you're not manipulating the underlying binary, you're just damaging the BASE64 value, preventing it from being decoded.


    Different encryption algorithms have different representations for keys. For example, a public-key algorithm like RSA requires two large prime numbers for the private key. If you use a non-prime number, all you've done is make your encryption weaker.

    Other algorithms have other representations for their keys. Some algorithms have known weak keys. If you use a weak key, you're making your encryption weaker, not stronger.

    I get the impression you haven't actually studied cryptography. I suggest learning the basics from a book like Bruce Schneier's "Applied Cryptography". (Try a library, it's a moderately popular book.) There are books that are much more theoretical, or much more rigorous in their mathematics, but I think Schneier is a good writer, and doesn't go overboard with the math. There is math involved, and there's no way to avoid it. But the basics of algorithms don't require intimate understanding, just a basic knowledge.
     
  6. Zombie Acorn macrumors 65816

    Zombie Acorn

    Joined:
    Feb 2, 2009
    Location:
    Toronto, Ontario
    #6
    Unless you have a ph.d in computer science or mathematics rolling your own encryption is probably going to be a bad choice.
     
  7. lannister80 macrumors 6502

    lannister80

    Joined:
    Apr 7, 2009
    Location:
    Chicagoland
    #7
    In 2004 I created a 128-bit WEP key for my wifi network that was just a bunch of random hex, it didn't directly map back to any ASCII characters. That's what you're talking about, essentially.
     
  8. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #8
    From a security standpoint, WEP is weak. It can be defeated in less than 5 minutes. Even with a 128-bit key.
    http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
    Wired Equivalent Privacy (WEP) is an easily broken security algorithm for IEEE 802.11 wireless networks. ...

    Although its name implies that it is as secure as a wired connection, WEP has been demonstrated to have numerous flaws and has been deprecated in favour of newer standards such as WPA2. ...​

    A WEP key is essentially a binary bit-pattern. All bit-patterns are accepted. When entered as hex digits, only hex numbers are acceptable. For example, using letters like 'P' or 'g' won't make the security stronger or unbreakable. It will just fail to decode as hex.
     
  9. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #9
    Encryption keys are actually strings of bits - ones and zeros. There are only those two options. They might be presented in human readable format using ASCII characters, or non-standard characters, but each such character is just representation of a string of zeros and ones, and WILL get tried if an attacker is trying each possible key.

    That's called a "brute force" attack on the encryption key. And as has been alluded to here, to go through every possible key using a modern computer would take longer than the universe has already existed, if the key length is long enough.

    So your most secure method of encryption is, indeed, to use something like a random key (a TRULY random key, which can actually be problematic to generate) that's very long.

    But you'll never be able to memorize that. So you can write it down somewhere (very unsecure) or use a human-readable password that is turned into the key (via something called a hash function.) It's with this human readable password that you can use non-standard characters as an extra form of protection. However, that assumes that the device you're using to input the password can generate such characters, and that the system turning the password into a key can handle the character as input as well. This isn't usually programmed into websites, email clients and such.
     
  10. lannister80 macrumors 6502

    lannister80

    Joined:
    Apr 7, 2009
    Location:
    Chicagoland
    #10
    Yeah yeah, I cracked plenty of WEP keys. It's due to weak a Initialization Vector implementation.

    Remember using AirSnort way back in the day? :D
    http://airsnort.shmoo.com/

    Anyway, in 2004, WEP was all there was! I think WPA was *just* coming out around then.

    What I was getting at is (at least at the time), many routers wanted you to input a text password and the router would use that to generate the 128-bit WEP key. An easy way to avoid having someone "guess" your password (and thus key) was to manually enter a key that didn't map back to ASCII.

    The OP's confusion is thinking that encryption keys have anything to do with text character mapping (they don't). The only reason passwords work like that is because it's convenient for people to remember (and enter using a keyboard). If I had to enter a 128-bit binary number as my password on a website, I think I'd **** a brick. But it sure as **** would be immune to a dictionary attack!

    PS - My Master's is in CompSci with a heavy concentration in InfoSec. I should dig up my old exams where we had to do RSA and DES cycles by hand (P and S boxes, all that stuff. Good times!)
     
  11. FireWire2 macrumors 6502

    FireWire2

    Joined:
    Oct 12, 2008
    #11
    Why make thing so complicated?!!!

    How about:

    If the key enter incorrect three times.
    Disable it for 30min,
    Fourth try - incorrect = permanent lock
     
  12. Sydde macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #12
    Even better (for a server): after several failed attempts, grant access to a shadow server that looks convincing but contains ultimately useless data. Then the attacker will not only waste their time cracking your security, they will then waste even more time to find out they have been conned by their victim.
     
  13. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #13
    That doesn't help in situations, like with MacRumors and LinkedIn, where the password file itself gets copied. At which point the crackers can spend as much time as they wish determining people's passwords.
     
  14. Dookieman macrumors 6502

    Joined:
    Oct 12, 2009
    #14
    Curious. Is a possible deterrent to brute force cracking making the private key change on a regular basis?

    Also, when attempting to break encryption, does the computer start at 1 and work it's way to the maximum number of possibilities? Is there any evidence that randomly guessing the Key and logging the failed attempts, as to not repeat them have a greater chance of success?
     
  15. Sydde macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #15
    Why not? If the system is designed to identify and deflect crackers, they would end up getting a fake password file. How would that not be better than giving up real data?
     
  16. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #16
    You predicated it on sending the attackers to the fake site only after several failed logon attempts. That doesn't help if there's never a failed logon attempt to begin with. For example, if the site is compromised by a security bug, such as heartbleed.
     
  17. FireWire2 macrumors 6502

    FireWire2

    Joined:
    Oct 12, 2008
    #17
    That is a different issue, bug vs make it impossible to crack
    If there is security bug - there is nothing you can do about that
     
  18. elistan macrumors 6502a

    Joined:
    Jun 30, 2007
    Location:
    Denver/Boulder, CO
    #18
    The bug allowed the attackers to get the password file, which they then cracked. Both issues happened in the same incident.

    Anyway, thinking about it more, Sydde's post reminded me of what happened in The Cuckoo's Egg, a real-life account written in the '80s of a computer intrusion. (Over 20 years ago, this book was the first time I ever heard of the NSA.) The author, Cliff Stoll, set up a "honeypot" - a fake "SDInet" system filled with bogus info - to keep the hacker online long enough for police to track him down.
     
  19. JPamplin thread starter macrumors 6502

    JPamplin

    Joined:
    Mar 12, 2009
    Location:
    Nashville, TN
    #19
    Thanks, all! Let me explain, that's too long, let me sum up

    I am basically looking for ways to create a custom encryption engine that could use a modified set of characters that is outside "the rules" for standard encryption methods.

    So for example, if 256-bit encryption (and yes, I know nothing about it) has 256 characters of a key, all with AaBbCcDd...1234567...

    Why not make a key with characters outside of the standard set, and modify your decryption engine to accept it? Whoever is brute force attacking it would never know to add those extra characters, it their engine would NEVER crack it?

    A6_^!$@}B2_foreign characters, etc...

    I'm not referring to Wifi keys - I'm referring to data that's being sent point to point. Is it possible?
     
  20. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #20
    There are no "outside the rules" characters for keys. What you propose is impossible, because it's based on a fundamentally incorrect premise. It's simply nonsensical, in the same way that "A whole number between 2 and 3, excluding the endpoints" is nonsensical.

    Your premise is that keys consist only of characters taken from a limited set. This is wrong. The reason you see characters in a limited set is because the underlying binary is being encoded to BASE64. It's BASE64 that has a limited set of chars. If you put invalid characters into a string that's then decoded as BASE64, you don't get "outside the rules" keys. Instead, the BASE64 simply fails to decode.

    I pointed you to the BASE64 page, but you either didn't read it, or didn't understand it. I will summarize it. To encode binary to BASE64, take a 3-byte (24-bit) piece. Separate it into 4 6-bit pieces. Convert each 6-bit piece into one of the valid characters. The result is a 4-character sequence that represents a 24-bit binary value. The reverse is done to convert BASE64 back to binary. The key data is always operated on in binary, not BASE64.

    The key point to understand here is that the underlying data is binary. BASE64 is just a way to re-encode it. As binary, all possible bit-patterns are permitted. There are no "outside the rules" values. So for a 24-bit piece, there are 16.77 million representable binary patterns. Every single one of those is valid.

    When crackers try to break keys, they don't search by producing BASE64 values, they produce binary values directly. Since every possible binary value is allowed, there are no "outside the rules" values that can ever appear. Every value that can appear is "inside the rules", and is already accounted for.

    If you don't understand binary, this explanation may not make sense. The only way for it to make sense is for you to understand enough of the basics (i.e. binary) in order for you to know what it means.
     
  21. lannister80, Apr 23, 2014
    Last edited: Apr 23, 2014

    lannister80 macrumors 6502

    lannister80

    Joined:
    Apr 7, 2009
    Location:
    Chicagoland
    #21
    Keys are binary and are randomly generated. Characters never even come into the picture.

    EDIT: Here's an example of a 256-bit key I just generated:

    011001001110110010101010110011100010010101101011101010110011011011000111101111010011111100011000100011101111001111111000011000010101101110000001101111000000011110101101111000111011000100000000111011000011010011011000000100101100100010001111100111110110010100100100010110111100100101110110101111101001010011110100

    It's just a random set of 1s and 0s. Each 1 or 0 is a bit. It can be represented in a lot of different ways, (hexadecimal, etc), but under the hood it's just random 1s and 0s.
     

Share This Page