Cryptography Reference
In-Depth Information
relatively recent. The authors are Adam Young and Moti Yung who presented
their results at the CRYPTO '96 and EUROCRYPT '97 conferences.
Strictly speaking, weak cryptography also belongs to this field. For example, I
encrypted a Microsoft Word document with the primitive password 'AAA' and
studied it under UNIX. I was shocked to find that the text was still easy to rec-
ognize (in hexdump, for example). The 'encryption' changed only a few bytes
in the preliminaries, which leads the mouse-bound user to believe that the text
wouldn't be readable without a password. I may have caught an 'unfavorable'
case, for according to [SchwartzOLE], a particularly easy to crack variant of
the Vigenere cipher was used; there are plenty of crack programs out there. Is
this irresponsible marketing or fraud? The miserable encryption in WordPerfect
does little better: it seems to be solely based on lack of knowledge.
Dubious Features in SESAME
A good example of doubtful cryptography is
SESAME
, an extended European
variant of Kerberos. As we know, the Kerberos protocol protects a local com-
puter network by encrypting the entire data traffic. The entire security relies on
one or two particularly protected computers. The European SESAME project
(the source text is on the Web site) came about within the RACE Initiative and
is intended to represent a more flexible further development of that initiative.
However, a posting by Michael Roe in the
sci.crypt
newsgroup dated August
1, 1996, shows that SESAME is a truly 'open' system: whoever knows the
internals can eavesdrop almost effortlessly. The cipher used is a 64-bit Vigenere
method, which can be cracked in a fraction of a second, rather than the still
relatively secure DES. To make matters worse, the method is used in CBC
mode so that only every other block is encrypted. This naıve cipher hides
behind misleading names like
xor des loop, des encrypt func
, and so on. The
reason might be that they'd initially planned to use DES but changed the
code again when the French protested. Schneier [SchnCr, 24.7] describes more
weaknesses in this project.
Somebody who simply wanted to replace this XOR cipher by DES would
nurture false security: line 339 of the code in
src/lib/csf/csf encr.c
tests whether
or not the method used is self-inverse, i.e., whether it supplies plaintext upon
repeated use. XOR has this property, DES doesn't (like many other methods).
If the test fails, the program does no encryption at all. The user, thinking he
is particularly secure, is cheated in a particularly mean way. After all, who
checks whether or not the data traffic in a LAN is encrypted?
