Announcement

Collapse
No announcement yet.

The Bruce Schneier (BS) Challenge Clock

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Bruce Schneier (BS) Challenge Clock

    The Whitenoise Challenge that Black Hat Would Not Take Starts tomorrow - finally!

    At 12:000:01 am August 15, 2013 official DEFCON clock, The Bruce Schneier (BS) Challenge clock begins ticking. At that time, almost magically, the clock will appear on:

    http://www.wnlabs.com/news/Schneier_Challenge_Clock.php

    After one year, the contest will officially end, and a winner, if any, will be presented with the prize at DEFCON next summer.

    The clock will keep ticking however until Bruce Schneier, or his readers, or declared Black Hat members are able to file a legitimate and working and demonstrable break for what Schneier termed as snake oil.

    The contest files are even more than what is actually available when Whitenoise keys are used in network sessions and deployed in the context of Dynamic Identity Verification and Authentication (DIVA) and Dynamic Distributed Key Infrastructures (DDKI.) You have been provided links to these deployments over previous days. In actual use, there never would be either key material or offset exchange after the initial, one-time, Level 4 Identity proofing and enrollment, authorization and activation of a key.

    To help you, and since there have been claims that Whitenoise keys can be broken cryptanalytically with just 30,000 bytes of key stream, the contest files include ONE MILLION BYTES OF KEY STREAM.
    Please read the rules carefully and register for the contest files. The links will be provided in the order received.

    http://www.wnlabs.com/news/Rules.php

    http://www.wnlabs.com/news/Registration.php

    You will have noticed we upped the ante with the prize. This is anticipated to continue during the course of the contest year.

    The only thing that matters with this challenge is whether any purported experts can ACTUALLY break and DEMONSTRATE a break of Whitenoise. Everything else is just white noise.

    Good Luck – Thank you DEFCON

    DIVA

  • #2
    Re: The Bruce Schneier (BS) Challenge Clock

    Originally posted by DIVA View Post
    The Whitenoise Challenge that Black Hat Would Not Take Starts tomorrow - finally!

    At 12:000:01 am August 15, 2013 official DEFCON clock, The Bruce Schneier (BS) Challenge clock begins ticking. At that time, almost magically, the clock will appear on:

    http://www.wnlabs.com/news/Schneier_Challenge_Clock.php

    After one year, the contest will officially end, and a winner, if any, will be presented with the prize at DEFCON next summer.

    The clock will keep ticking however until Bruce Schneier, or his readers, or declared Black Hat members are able to file a legitimate and working and demonstrable break for what Schneier termed as snake oil.

    The contest files are even more than what is actually available when Whitenoise keys are used in network sessions and deployed in the context of Dynamic Identity Verification and Authentication (DIVA) and Dynamic Distributed Key Infrastructures (DDKI.) You have been provided links to these deployments over previous days. In actual use, there never would be either key material or offset exchange after the initial, one-time, Level 4 Identity proofing and enrollment, authorization and activation of a key.

    To help you, and since there have been claims that Whitenoise keys can be broken cryptanalytically with just 30,000 bytes of key stream, the contest files include ONE MILLION BYTES OF KEY STREAM.
    Please read the rules carefully and register for the contest files. The links will be provided in the order received.

    http://www.wnlabs.com/news/Rules.php

    http://www.wnlabs.com/news/Registration.php

    You will have noticed we upped the ante with the prize. This is anticipated to continue during the course of the contest year.

    The only thing that matters with this challenge is whether any purported experts can ACTUALLY break and DEMONSTRATE a break of Whitenoise. Everything else is just white noise.

    Good Luck – Thank you DEFCON

    DIVA
    Alright... just out of curiosity I will take the bait.

    It sounds like you have a giant One Time Pad implementation.... a key of equal length to the message. Right? At least from what I gathered from your patent > http://patft.uspto.gov/netacgi/nph-P...&RS=PN/7190791

    That portion "1. A method of generating a stream cipher having length x bytes, the method comprising the steps of: i) selecting a number n representing a number of sub-keys, and n unique prime numbers m.sub.n each representing a unique non-repeating sub-key length m.sub.n bytes; ii) generating n unique random numbers, each having non-repeating length m.sub.n bytes; iii) generating a n+1st random number R; iv) for each byte whose position in said n.sup.th random number is p, where p=R Mod m.sub.n, consecutively applying a function to each p.sup.th byte of each of said n random numbers to generate a value; v) incrementing the value of p by 1; and vi) repeating step iv) and v) and concatenating each said value produced in step iv) to the previous value produced in step iv) until said stream cipher of x bytes in length has been produced. "

    So you generate a OTP of 1M bytes.
    "5. The method of claim 4 wherein said delinearization function is a substitution cipher. "
    Then you OR the bytes...
    Use that OTP on a message of key byte length or shorter, but longer than 4 bytes. If it is a string you run mod256 on the ascii bytes.


    ...and from your description:
    "There is therefore a need for a method of generating a random key, or OTP, which is of variable length and that allows for encryption of very large amounts of data. "

    The problems I have with this, and why I too think it is snake oil:

    1) OTP is, without the pad, impossible to break when the keyset does not repeat.
    2) Asking someone to break with without the one time pad is a farce
    3) In the real world, you would have to transfer the pad to those who wanted to communicate. Interception of that pad would be critical to breaking the cipher... In real comms you would have to transfer the pad... so either A) pad has to be encrypted by a PKI scheme or B) sent via a different medium than the encrypted method or C) use a pre-sharedkey ...which you don't include the mechanisms for A,B, or C in your contest (or in your writeups).

    From more of your writings, I gather that the PSK implementation based up some table of time base entropy is how you develop your randoms...to which... in order for this challenge to be legit...the key generation mechanism would need to be shared with the contestants. Asking someone to just blindly crack a 1M byte 'one time pad' encrypted byte stream is ...well... not a contest at all. Especially since you are not including the key sharing mechanisms of your encryption scheme...something that most challenges would at least outline.

    Share your entropy methods, and the time/date this keyset was generated and maybe then...then you may have a contest. Also, I kindly raise the BULLSHIT flag on all other claims about 'distributed repudiation' and the like. Unless all folks can generate the same OTP (which is highly insecure, btw), this is ...indeed...snake oil. Actually. It's bullshit.


    Of course you are welcome to retort, but as of right now I stand by my accusations.
    Last edited by blakdayz; August 19, 2013, 15:58.

    Comment


    • #3
      Re: The Bruce Schneier (BS) Challenge Clock

      Originally posted by DIVA View Post
      The Whitenoise Challenge that Black Hat Would Not Take Starts tomorrow - finally!

      At 12:000:01 am August 15, 2013 official DEFCON clock, The Bruce Schneier (BS) Challenge clock begins ticking. At that time, almost magically, the clock will appear on:

      http://www.wnlabs.com/news/Schneier_Challenge_Clock.php

      After one year, the contest will officially end, and a winner, if any, will be presented with the prize at DEFCON next summer.

      The clock will keep ticking however until Bruce Schneier, or his readers, or declared Black Hat members are able to file a legitimate and working and demonstrable break for what Schneier termed as snake oil.

      The contest files are even more than what is actually available when Whitenoise keys are used in network sessions and deployed in the context of Dynamic Identity Verification and Authentication (DIVA) and Dynamic Distributed Key Infrastructures (DDKI.) You have been provided links to these deployments over previous days. In actual use, there never would be either key material or offset exchange after the initial, one-time, Level 4 Identity proofing and enrollment, authorization and activation of a key.

      To help you, and since there have been claims that Whitenoise keys can be broken cryptanalytically with just 30,000 bytes of key stream, the contest files include ONE MILLION BYTES OF KEY STREAM.
      Please read the rules carefully and register for the contest files. The links will be provided in the order received.

      http://www.wnlabs.com/news/Rules.php

      http://www.wnlabs.com/news/Registration.php

      You will have noticed we upped the ante with the prize. This is anticipated to continue during the course of the contest year.

      The only thing that matters with this challenge is whether any purported experts can ACTUALLY break and DEMONSTRATE a break of Whitenoise. Everything else is just white noise.

      Good Luck – Thank you DEFCON

      DIVA
      You can read more here > http://en.wikipedia.org/wiki/One-time_pad . Specifically under Problems. Notice that the problematic areas come with the real world implementations of a proposed OTP system. That is what brings about the imperfection in the theory of perfect encryption OTP offers. Without your real world implementation, an attack on a one time pad without the pad or a machine/code that auto-generates one...is pointless.
      Last edited by blakdayz; August 19, 2013, 16:00.

      Comment

      Working...
      X