LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-20-2005, 02:00 PM   #1
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Rep: Reputation: 100Reputation: 100
What is the best cryptographic algorithm?


Sorry for this noobish question!
 
Old 03-20-2005, 02:08 PM   #2
cylix
Member
 
Registered: Dec 2004
Location: Ohio
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
Bit rot 13

=)
 
Old 03-21-2005, 02:45 PM   #3
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Re: What is the best cryptographic algorithm?

Quote:
Originally posted by Linux.tar.gz
What is the best cryptographic algorithm?
Define "best." If you are looking for strength, i.e. amount of time needed to break a cypher, AES (Rijndaehl) is usually considered the "best" alogorythm that is publicly available in this country. If you want speed and simplicity, ROT13 would work just as well as any.
 
Old 03-21-2005, 04:14 PM   #4
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Original Poster
Rep: Reputation: 100Reputation: 100
I mean strongest. The one even God can't decrypt ^^.
 
Old 03-21-2005, 08:26 PM   #5
backroger
Member
 
Registered: Dec 2004
Posts: 81

Rep: Reputation: 15
I thought either AES or 3DES...


or probably "Project Mercury" (Movie Mercury Rising)....but you have to kill the child first...j/k.
 
Old 03-21-2005, 09:16 PM   #6
soulstace
Member
 
Registered: Mar 2005
Location: USA
Distribution: Knoppix
Posts: 64

Rep: Reputation: 15
XOR Encryption using a One-Time Pad is perfectly secure.

;ˆà€Æ‘~Édàɬ-I$/c


Last edited by soulstace; 03-21-2005 at 09:42 PM.
 
Old 03-22-2005, 04:36 AM   #7
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Original Poster
Rep: Reputation: 100Reputation: 100
What is a One-Time Pad?
Thx for replies.
 
Old 03-22-2005, 03:53 PM   #8
penguinlnx
Member
 
Registered: Mar 2005
Location: Ice Station Alert AFB
Distribution: Gentoo
Posts: 166

Rep: Reputation: 30
Best cryptographic algorithm...

Unbreakable is the goal, right?

An encryption method also depends upon other security factors in order to be effective.

(1) What is the nature of the data?

(a) Is it really encryptable? Is it already potentially accessible to the public or the anti-target?
(b) Is it simple information, or a communication that must be delivered in a timely manner?
(c) Is it the kind of information that can be guessed at or discovered independently or inductively?
(d) Does the data really need un-encrypting? can it be destroyed?

(2) Who are you trying to stop?

(a) accidental discoverers?
(b) parties who know they have a vested interest in uncovering the data?
(c) people with more resources or better resources than the person entrusted with the data?

(3) What resources have I got to invest in protecting this data?

(a) What is the data worth? and how much of that worth can be expended protecting it?
(b) What tools and technology are available or appropriate for the case in question?
(c) What extra risks are introduced by various choices made?

(4) What vulnerabilities exist in the entire chain from encoding to decoding?

(a) are there transportation vulnerabilities?
(b) problems identifying or ensuring what parties should be involved in translating or receiving it?
(c) problems training or ensuring proper use of the encryption methods used?
(d) problems with active hostile forces attempting to defeat the process of encryption/transport?
 
Old 03-22-2005, 04:05 PM   #9
penguinlnx
Member
 
Registered: Mar 2005
Location: Ice Station Alert AFB
Distribution: Gentoo
Posts: 166

Rep: Reputation: 30
PS: a one time pad is:

almost anything can be used as a one-time pad:

You could arrange for you and your friend beforehand to buy next week's newspaper.

Neither of you knows what will be in it. No one else knows you are going to use it.

On the key day, a letter arrives from your friend...(or is it a fake?)

It is encrypted with a one-time pad: (the newspaper you agreed to use beforehand!)

He bought it before incrypting the note: He simply XORed his message with the first ten words on page 7, arranged by you both beforehand.

You wander into a coffee shop and pick up any copy of the newspaper, and pretend to glance at it, then memorize the first ten words on page seven.

Now you reverse the encryption using the key you agreed upon.
The note reads: "Excellent! our prearranged one-time pad worked! Next time we'll use Friday's paper, only start on page 5, and use every OTHER letter." .
 
Old 03-22-2005, 04:23 PM   #10
Magsol
LQ Newbie
 
Registered: Mar 2005
Location: Georgia
Distribution: Ubuntu / Leopard / WinXP
Posts: 23

Rep: Reputation: 15
What about Blowfish and its 448-bit encryption key?

Last edited by Magsol; 03-22-2005 at 04:25 PM.
 
Old 03-22-2005, 04:35 PM   #11
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
No encryption algorythms are perfectly secure. Many are more resistant to systematic attacks, but they are all succeptable to the "dumb luck" attack where an attacker stumbles upon the key.
 
Old 03-22-2005, 05:48 PM   #12
gaffel
LQ Newbie
 
Registered: Mar 2004
Distribution: debian sarge, 2.6.6, and ALSA finally works!!
Posts: 18

Rep: Reputation: 0
The list of questions that Penguinlinux gave pretty much covers your decision process in selecting an encryption algorithm.

It basically boils down to: How much is the data worth versus the cost of accessing it?
If your information loses it value in 4 days (e.g. business info about a bid) and it would take 40 days using a brute force attack to access it then it is adequately secure for your needs.

(of course the 40 days is a statistic, as Truckstuff pointed out the attacker could just get lucky on the first attempt)

And if you want security equivalent to a One time pad, but ridiculously secure - without the problem of distributing the pad, use quantum cryptography (encodeing the data using polarised photons). Only works for optical comunication channels. If you eavesdrop on a quantum cryptography channel you alter the message by observing it, so both the transmitter and receiver know they are being listened to. weird stuff - read about it Admittedly it is more of a key exchange system, but it is really being used.
 
Old 03-22-2005, 06:53 PM   #13
penguinlnx
Member
 
Registered: Mar 2005
Location: Ice Station Alert AFB
Distribution: Gentoo
Posts: 166

Rep: Reputation: 30
Nobody gets 'lucky' twice:

If you do more than one layer of encryption, getting 'lucky' is pretty much eliminated.
If the cracker gets lucky once and decodes a layer, he has no reason to know it.
the result is still 'encoded' and looks no different than the original encrypted message.
There is no clue to stop and keep the result, and then try to decode the next layer.
Probability for each successive decoding process quickly multiplies to a ridiculously unlikely number.

If under a multi-layer encoding process your security is breached,
It is unlikely a cracker got 'lucky'. Your security has been breached on another level.
Start looking for moles and holes.

Quantum coding is just a variation on an old theme: the random number generator.
You can't guess a code that hasn't been decided yet.
You can't outsmart or spy on an encoder that doesn't itself know what the encoding key will be yet.

But keep in mind that what is encoded can be determined other ways.
You can for instance often successfully predict an opponent's chess move because it may be the only good move. Similarly, a courier with a briefcase running from the Kremlin may only have the answer to one relevant question in his pouch: Do we launch an attack? "YES". No need to crack that.
When an army lined the border of Kuwait, even footsoldiers could guess the plan.

Few people know that even the MiniMax strategy in Game Theory can easily be beaten under normal circumstances, even though it is supposed to be the best solution to a game matrix.
 
Old 03-24-2005, 06:35 AM   #14
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Original Poster
Rep: Reputation: 100Reputation: 100
Thanks all for replies! This is very interesting. I've done a little guide here:
http://www.linuxquestions.org/questi...hreadid=305423
 
Old 03-25-2005, 10:36 PM   #15
penguinlnx
Member
 
Registered: Mar 2005
Location: Ice Station Alert AFB
Distribution: Gentoo
Posts: 166

Rep: Reputation: 30
one more reply to clarify:

Quote:
If you do more than one layer of encryption, getting 'lucky' is pretty much eliminated.
If the cracker gets lucky once and decodes a layer, he has no reason to know it.
the result is still 'encoded' and looks no different than the original encrypted message.
There is no clue to stop and keep the result, and then try to decode the next layer.
Probability for each successive decoding process quickly multiplies to a ridiculously unlikely number.

If under a multi-layer encoding process your security is breached,
It is unlikely a cracker got 'lucky'. Your security has been breached on another level.
Start looking for moles and holes.
This is only an idealized case: The cracker doesn't even know the method of encryption for each layer, the number of layers, or even whether each layer is a cipher or a code (look those words up), and the length of the text encrypted (a password for instance) is usually too short to analyze statistically for clues. (In English for instance, the frequency of occurance of letters is known, i.e., "ETOIWANSHRDLU" . Thus if 'x' occurs in the message with the frequency of 'e', we know the 'x' is really an 'e' everywhere in the message, in a fixed cipher).

If one knew that each layer was a simple cipher or an XOR operation against a guessable key, one might with enough time crack the password like one solves a chess game, by crawling along a tree, and looking for a result that matched a likely easy-to-remember word. It might be an unknown number of layers, or 'look-ahead', but a program could pound away. The point is, it could take months or years to crack the password.

The problem is however, that each possible case would have to be checked to see if it worked, without alerting the gatekeeper! Imagine a military base, where you approach the sentry, and you want to try the next three possible passwords. You give the wrong one, and the guard shoots you dead. Oh well, wasn't as easy as it looked!

In reality, passwords on the internet are already compromised beyond belief before you start: which is why it is possible for crackers to find them out and use them.

(a) 1st, a cracker doesn't guess passwords, he hijacks them! Even though they are encrypted, the cracker knows the basic methods used, and possesses 'hash tables' to quickly apply against large dictionaries of likeliest passwords. He finds a match that corresponds to an encryption of 'donkey' or whatever, and then he just uses it.

(b) 2nd, often the cracker doesn't need to break the password's encryption. He just sends it encrypted, in the form expected, and it works without him even needing to know it.

(c) 3rd, a cracker gets inbetween the sender and receiver, and simply lets the sender gain access for him, then uses the system himself.

(d) 4th in many situations, a hacker can try to logon over and over again with password after password, and the gatekeeper will just happily let him keep trying.

The internet idea of security is so far away from ordinary real-world security situations that it is a joke. This is why the idea of encryption is secondary, and rather mute or moot compared to other aspects of the security problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Knoppix Cryptographic software ed_homeLinux Linux - Software 3 10-17-2005 07:49 PM
kernel -cryptographic api denning Linux - Software 2 10-23-2004 04:33 AM
cryptographic pseudorandom function saajii Programming 1 09-16-2004 08:58 AM
Cryptographic Options for the Kernel larley Linux - General 5 08-16-2004 01:16 PM
Hardware cryptographic module for Linux? abrb220 Linux - Security 1 05-05-2004 12:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration