|
|
|
|
|
|
by carapace
2511 days ago
|
|
|
CyberSaber..? > By choosing a simple but strong cipher that is already widely published and agreeing on how to use it, anyone with elementary programming skills can write their own encryption program without relying on any products that can be banned. http://ciphersaber.gurus.org/ And Pontifex, aka the Solitaire Encryption Algorithm (SPOILER ALERT): > In Neal Stephenson's novel Cryptonomicon, the character Enoch Root describes a cryptosystem code-named "Pontifex" to another character named Randy Waterhouse, and later reveals that the steps of the algorithm are intended to be carried out using a deck of playing cards. https://www.schneier.com/academic/solitaire/ Laws cannot stop encryption, they can stop law-abiding people from using it maybe but not criminals. |
|
|
Also, when you implement the ciphersaber, you're still only about 1/4 of the way to the functionality of early-1990s PGP, notably lacking any public key functionality.
> For file encryption, a user need only memorize one key or passphrase. For messaging, users need to exchange pairs of keys through some secure means, most likely in person. Maintaining a list of correspondent's keys or passphrases in a master file, preferably itself encrypted with a memorized master key, is less convenient than public key encryption. But it may be all that is left in a few years if PGP key servers are banned.
> It may even be possible to teach a manual version of the Diffie-Hellman key exchange, perhaps using large number calculators (easily built in Java 1.1). The Diffie-Hellman procedure need be carried out just once per pair of correspondents, since CipherSaber eliminates the need to exchange keys for every message.
Apart from the implausibility of some of this, you have a very severe issue about key synchronization if you literally only want to do a key exchange once. For example, an attacker who can intercept one party's message and then trick another party into encrypting a known plaintext with the same key material (because that party doesn't know that the keystream has advanced yet?) can then decrypt the intercepted message.
Even having the two users accidentally use the same part of the keystream to send separate unknown messages m₁ and m₂ will allow an adversary to compute m₁⊕m₂, which is very bad in many cases. One thing I remember from Dan Boneh's cryptography class is that if either message contains an ASCII space character (' ') at some position, then m₁⊕m₂ will contain the other message's plaintext with uppercase and lowercase inverted (for example,' '^'q' is 'Q').
The ciphersaber idea is conceptually really great, and I love the idea of helping teach people to create their own communications and communications security infrastructure. But I think that, apart from just how archaic the cryptographic technology it teaches is, the project really underestimates how far away this cipher implementation is from a complete system.