Announcement

Collapse
No announcement yet.

Blakdayzed and confused

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dallas
    replied
    Re: Blakdayzed and confused

    Sounds like a good idea..I'll bet on Blak...


    Originally posted by astcell View Post
    Why don't we use the intelligence, prowess, and cunning of DEFCON attendees to solve the Beale Cipher and give the funds to the EFF? Now THAT would make news.

    Leave a comment:


  • wiregr
    replied
    Re: Blakdayzed and confused

    Originally posted by blakdayz View Post
    Are you sure it isn't the word LATER, using the pad TQURI?

    Soup Nazi Voice - "NO BADGE 4 YOU."
    Oh yeah. 100% positive. Sure, I mean, it COULD be just about anything with 5 characters. But I've got a good feeling about hello.

    Leave a comment:


  • bascule
    replied
    Re: Blakdayzed and confused

    Originally posted by kallahar View Post
    I propose we get together, along with a referee, drink a LOT of booze, and see who can coherently explain encryption at the end.
    ME!!!!!!!!

    In response to the OP, why should I chose your stream cipher over the ESTREAM ciphers?

    http://www.ecrypt.eu.org/stream/

    Leave a comment:


  • astcell
    replied
    Re: Blakdayzed and confused

    Why don't we use the intelligence, prowess, and cunning of DEFCON attendees to solve the Beale Cipher and give the funds to the EFF? Now THAT would make news.

    Leave a comment:


  • TheCotMan
    replied
    Re: Blakdayzed and confused

    Originally posted by blakdayz View Post
    Are you sure it isn't the word LATER, using the pad TQURI?

    Soup Nazi Voice - "NO BADGE 4 YOU."
    What Blakdayz is likely referring to here is the Claude E. Shannon , 1949 paper, "Communication Theory of Secrecy Systems" (Bell Technical Journal, Oct. 1949) where he demonstrates that ciphertext with 20 or fewer chars, it is usually possible to find more than one solution, while ciphertext of 30+ chars is almost certain to have only one solution. As a shift from 20 chars to fewer char in ciphertext is encountered, the number of possible solutions increases dramatically

    "You" fall into a trap here, which was likely intended for the people running this contest. You cannot assume that the ciphertext is a one-to-one character mapping with char-for-char replacement by transposition, substitution, stream cipher, block cipher, etc. There could be compression, pre-encryption indexing with a coding-system, there could be multi-byte characterset pre-encoding, there could be a charset that is larger than just the 26 chars from A-Z.

    The answer to the ciphertext question was probably not meant to be literally answered, but expose a lack of knowledge by the person assuming the answer is a simple one. I only feel comfortable writing this now, because unintended victims have fallen into the trap, and Blakdayz has already exposed the trouble with the question posed, exposing the workings of the trap, and diffusing it. I'd really like to see a demonstration from the people running this contest, that they really understand the difficult problems with cryptosystems, by explaining how they are addressing the troubles with their system as brought up by Blakdays.

    Blakdayz is a bright guy, and I'd really like to see some answers form the people running the contest to the constructive criticism he has provided.

    A lack of response, and failure to address concerns in a debate often implies the person that fails to address issues is conceding each point. At this point, the discussion is looking like this, with Blakdayz point being made, and not addressed or countered with logical arguments backed by mathematics or proofs.

    We are rolling out DEF CON 22 content, and these forums will eventually be closed. Soon, the lack of response from the people running this contest and the in-thread content stopping without comment will become frozen, and no new posts will be allowed when this forum is closed and archived. How will this thread end? Will it end with constructive criticism unanswered, causing the people running the contest to forfeit their points on this product?

    Leave a comment:


  • tecknicaltom
    replied
    Re: Blakdayzed and confused

    Originally posted by blakdayz View Post
    I have a challenge for you. Its simple. Give me the one word that this is, and the key it derived from...

    EQNVZ

    Go ahead. I will buy you a DC22 badge if you can give me the exact word and pad.
    Is the plaintext also [A-Z]? Otherwise, I have a few (1099511627776) guesses. Where should I send them to?

    Leave a comment:


  • blakdayz
    replied
    Re: Blakdayzed and confused

    Originally posted by wiregr View Post
    Pfft, that's easy. The word is `HELLO` and the pad is `XMCKL`. And you can be absolutely sure that I didn't find this on wikipedia. Now about that DC22 badge
    Are you sure it isn't the word LATER, using the pad TQURI?

    Soup Nazi Voice - "NO BADGE 4 YOU."

    Leave a comment:


  • wiregr
    replied
    Re: Blakdayzed and confused

    Originally posted by blakdayz View Post
    I have a challenge for you. Its simple. Give me the one word that this is, and the key it derived from...

    EQNVZ

    Go ahead. I will buy you a DC22 badge if you can give me the exact word and pad.
    Pfft, that's easy. The word is `HELLO` and the pad is `XMCKL`. And you can be absolutely sure that I didn't find this on wikipedia. Now about that DC22 badge

    Leave a comment:


  • blakdayz
    replied
    Re: Blakdayzed and confused

    I am down.

    Leave a comment:


  • HattoriHanzo
    replied
    Re: Blakdayzed and confused

    Generally discussions of scientific method, which are not opinions espoused by the dazed, is not directed to adults that still go by gamer’s names and hide in anonymity.
    I hate to suggest this but I don't think blackdayz has done a very good job of "hiding in anonymity" seeing as how several of us know him. Simply not knowing who someone is is not anonymity, it is unfamiliarity.

    Might I make an introduction: DIVA, this is blackdayz. blackdayz, meet DIVA. Now you know each other so there is no more "anonymity".

    DIVA, many of us choose to go by our handles. Only those we trust have our given names. We wouldn't be posting on a forum if we wanted to be anonymous; we would consider the rules of OPSEC first & not choose to reveal ourselves.

    Now, let me put on my referee shirt.



    Might I propose a solution: I have a friend who is a contract lawyer. They have no direct interests in anything going on here; heck, they don't even know about this discussion. Why don't you make a small POC version of your network (which should be as exact a copy of your network as is reasonably possible) & allow blackdayz (& a small team consisting of members of his choosing) to perform a "real-world" test? A panel of respected members of the DEFCON community can mediate the rules of this penetration/exploitation test (such as "No "rubber hose" cryptanalysis) & my friend can draw up the paperwork, which all sides can agree & commit to.

    This would leave you, DIVA, in a unique position in which there would be nothing to lose & everything to gain. If blackdayz & his team cannot penetrate/exploit your network then your claims have one more level of validation; not only would you be "The Challenge that Black Hat Wouldn't Take" but you could also gain the title of "The Network blackdayz & crew Couldn't Exploit" or even, if I could be so bold, "The Network DEFCON Couldn't Hack". In the event that you are penetrated/exploited you would also gain a great deal because I am sure that blackdayz (a quite worthy opponent) & his team (who would be just as resourceful & cunning), if given beer & good home-cooked food, would be willing to give you advice on how you could improve the security of your network as "[they are] reasonable [men]".

    DIVA, please remember that side-channel attacks can, do, & will continue to happen until the entirety of the internet, including all network devices & systems, are completely & fully hardened from attack both from without & within.

    Now I can take my referee shirt off & go back to where I came from.

    Last edited by HattoriHanzo; August 30, 2013, 10:54.

    Leave a comment:


  • Rewt Daemon
    replied
    Re: Blakdayzed and confused

    Originally posted by blakdayz View Post
    I support this contest.
    Now then, will DIVA step up and take Blak on I wonder?

    Leave a comment:


  • blakdayz
    replied
    Re: Blakdayzed and confused

    Originally posted by kallahar View Post
    Heh, this is a funny thread. On the one hand we have someone who loves to throw buzzwords around, and on the other we have someone who actually knows what he's talking about.

    I propose we get together, along with a referee, drink a LOT of booze, and see who can coherently explain encryption at the end.

    Kallahar
    I support this contest.

    Leave a comment:


  • kallahar
    replied
    Re: Blakdayzed and confused

    Heh, this is a funny thread. On the one hand we have someone who loves to throw buzzwords around, and on the other we have someone who actually knows what he's talking about.

    I propose we get together, along with a referee, drink a LOT of booze, and see who can coherently explain encryption at the end.

    Kallahar

    Leave a comment:


  • TheCotMan
    replied
    Re: Blakdayzed and confused

    Stepping in to comment on this item brought up by Blakdayz:

    Originally posted by blakdayz View Post
    1. Personal attacks[chop]
    We have a rule on the forums that addresses this, and I've avoiding commenting on this, here, in hope that something of value could be produced in these discussions.

    In short This Rule: "Don't be a Jerk" covers things like flaming users, and trolling. The mods don't like enforcing this rule, so it often take a long history of the same kind of behavior before we act on it, but we have acted on it in the past. In some cases, we recognize an act of "trolling" is not intended to start a flame-war, such as the Hacker Jeopardy thread, of people calling each other and trash talking. I do not see that kind of behavior here. I see an emotional response and something closer to trolling.

    I have described in many places on these forums that constructive criticism is NOT flaming. For example: This suck, and here is why: 1) list 2) of 3) real 4) issues 5) not 6) strawmen 7) or 8) fake 9) reasons 10) just 11) to 12) flame 13) someone.

    Feel free to have technical discussions and address concerns, but the only places flaming is allowed on the forums (that is criticism without constructive comments) are: /dev/random , your "blogs", and in PM.

    Next, to call someone's actions childish and reduce your own maturity to flaming is an excellent example of how many people attempt to troll others -- please don't do this.

    You should both feel free to be as technical as your want, and insert constructive criticism, and answer concerns you each bring up, or run away from claims.

    "It's all about your reputation."

    For anyone else looking to join on a flaming bandwagon, please focus on technical discussion. Too much flaming, and I'll probably /dev/null this thread, or be cruel by closing it and leaving it where it is and let google and other search engines index it.

    I'm trying hard to stay out of this discussion.

    Thanks!
    Last edited by TheCotMan; August 28, 2013, 17:53.

    Leave a comment:


  • blakdayz
    replied
    Re: Blakdayzed and confused

    Originally posted by DIVA View Post
    Blakdayzed and confused

    Generally discussions of scientific method, which are not opinions espoused by the dazed, is not directed to adults that still go by gamer’s names and hide in anonymity.
    I don't game. And I certainly am an adult. In fact, ad hominem attacks from the start show just how emotional the following post is >

    Originally posted by DIVA View Post
    However, the lack of reading and general misperception of construct is a learning opportunity for the rest of us where hope still springs eternal.

    [BLAKDAYZ point 1 – OTP is, without the pad, impossible to break when the keyset does not repeat.]

    In fact, that is exactly the point of the technology. It is probably not fun to try to hack security when it is secure.
    I have a challenge for you. Its simple. Give me the one word that this is, and the key it derived from...

    EQNVZ

    Go ahead. I will buy you a DC22 badge if you can give me the exact word and pad.

    Originally posted by DIVA View Post
    [BLAKDAYZ point 3 – In the pki real world interception of the key (or pad) would be critical to breaking the cipher.]

    But there is none with a dynamic distributed key system where there is only one, one-time distribution of a pre-authenticated key. Your analysis, like many of Bruce’s, demonstrates that one should read before writing. Even better, actually perform tests. It seems as if the world has been changing while you have been stuck in your pki Matrix.

    The contest key is a static Whitenoise key. Although the BS Clock http://www.wnlabs.com/news/Schneier_Challenge_Clock.php shows how many times a dynamic offset on such a deployed key in DIVA would have changed, this is not part of this challenge contest. It is simply to show you the scale of the problem a hacker faces in this real world.
    In the real world I would break into the SFI server, reflect inject some code into your app domain and jack the fuck out of your data/keys... or I could externally clone them and use that nifty 'denial of service' feature you kick on when a key has been stolen. The identity method of 'where did we leave off' would get changed too, so I could use them/read all the data.
    [QUOTE]
    We are saying you cannot break a static, fixed Whitenoise key let alone one that has invoked dynamism. http://www.wnlabs.com/pdf/UVIC_Performance_Analysis.pdf
    [QUOTE]

    I bet you can't break the above cipher and give me the exact word that cipher stands for.


    [BLAKDAYZ - Without your real world implementation, an attack on a one time pad without the pad or a machine/code that auto-generates one...is pointless.]

    You have whined about this earlier. In capable hands, attack scenarios, like side channel attacks as well a mathematical ones, are constructed in an attempt to construct/reconstruct information that is not available to a hacker by other means. Historically – during enigma times for example – swimming into a sunken submarine in frigid waters was one of the extra-ordinary means taken to “get the pad.”

    Please feel free to contact and team with the University of Victoria on the two year National Research Council funded side channel attack studies. They have a real world implementation of Whitenoise deployed on an FPGA chip. They worked at constructing attack scenarios. After two years, a student there published a paper with unsupported statements kinda like you. Feel free to use their work and follow their implementation.
    I could have easily compromised your login system...and it took me less than 3 minutes to find that flaw. If you give me the system, I will SHRED it.

    Exactly because the key is needed to do dirty work is why side channel attacks, and other approaches, were devised and continue to be devised by the capable in the first place. These approaches attempt to create a sufficient crib from physical real world data in order to recreate the key which is otherwise unavailable. Or they attempt to come up with another way of stealing a key.

    In this contest – discounting an implementation of DIVA where these keys are invoked to operate dynamically (like on the BS Clock http://www.wnlabs.com/news/Schneier_Challenge_Clock.php ) - the key is similarly static.

    No one has been able to break a single, static WN key. http://www.wnlabs.com/pdf/UVIC_Performance_Analysis.pdf
    No one has successfully cracked any one time padded cipher without the pad.

    [So you generate a OTP of 1M bytes.]

    This is the first misread and misunderstanding.
    WN generates key streams greater than 10 to the 60th power bytes in length. It effectively acts as both a random number generator (not even statistical randomness errors following the NIST test suite) and in proper implementation it operates as an OTP.
    See: https://www.youtube.com/watch?v=51gqPzEHXSA

    We are in fact giving fearsome hackers like Blakdayz a head start on what isn’t in fact available in the DDKI real world – any meaningful portion of key stream (at most in some contexts a token is transmitted.)

    The one time pad is not 1000000 bytes but rather we are giving you a million bytes of from a key stream that can easily exceed 10 to the 60th power bytes in length.
    So it is a one time pad of that length. Cool. No misunderstranding here. It can get bigger? Cool. Still no misunderstanding. Convolute the statement as much as you like... how you generate the pad,etc... in the end its an OTP of as many bytes you need.

    https://www.youtube.com/watch?v=51gqPzEHXSA

    We are giving you one million bytes of the key stream that is produced by a unique key. And it is static for this contest.

    [BLAKDAYZ] (1) OTP is, without the pad, impossible to break when the keyset does not repeat.

    2) Asking someone to break with without the one time pad is a farce]

    In fact, your analysis is more farcical and certainly exhibits misunderstanding and poor homework skills. If you study how DIVA works when implemented with a Whitenoise key and the fact that after one-time key distribution that there is no offset exchange you might understand why your analysis is meaningless and your attempt would be unsuccessful – if you had the nerve to try instead of editorialize. But that is what is exposed with the BS Challenge Clock.
    BS is a good designator. The entire paragraph above is BS.

    Point 1 sounds like a hacker raising the white flag.
    If that flag had BULLSHIT in all caps across it... then yep.

    That is the reality of what you have to work with in the new world. Your inability to know how to proceed is the first stark indication that you are stymied by this kind of IT security control.
    In the real world you got XSS'd on your keyserver. Moving on.

    Even as you recognize you need more to help you in your efforts, let’s look at how things have always been done. Why do you need a different set of rules?

    PKI public key prime number composites have been the subject of innumerable breaking (factoring) challenges over literally decades if one studies RSA. RSA apparently discontinued running these challenges because it became pretty well accepted that this “secret sauce one-way function”, a prime number composite, could be broken (factored) even with relatively inefficient sieve methods. These contests obviously didn’t offer anything more than the key. One downloaded it and started to sieve… or attempted other kinds of attack approaches. (To note: Whitenoise is not factorable because of how the keys are constructed.)

    https://www.youtube.com/watch?
    v=GwkwgR_78dQ&feature=youtu.be

    Now granted, in traditional cryptanalysis and attack you need 50% of key stream and some plain text etc. The contest is constructed to reflect how a DDKI world looks to a hacker and to address an unproven attack claim that a key can be reconstructed with 30,000 bytes of key stream information. (This has never been proven and to be kind we are providing 13.3 times as much key stream information as was claimed needed.)

    http://www.wnlabs.com/WhitenoiseSecurityChallenge/

    Because the key streams are exponential, and yet can be stored in a very tiny relative footprint, keys are distributed one time following Level 4 identity proofing. A person or device would never need another key. This is like giving a person a driver’s license, but someone would have to look at you in your face and get your real name.

    This distributed key scenario is why the framework is called a Dynamic Distributed Key Infrastructure. But in the PKI real world, accurate reading or writing doesn’t appear to be a requirement.
    I am not even going to touch that. Anyone reading this can take away their own thoughts there.

    3) In the real world, you would have to transfer the pad to those who wanted to communicate. Interception of that pad would be critical to breaking the cipher... In real comms you would have to transfer the pad...

    Done electronically, you have just articulated the fatal flaw of asymmetric public key systems – MiM attacks.

    Because of this, in properly implemented DIVA systems, DIVA is invoked at point of network access and then runs in parallel with other security controls and frameworks like PKI. A hacker is forced to break both a symmetric (dynamic) and asymmetric key simultaneously for each and every key or offset. This approach is taken to fix the fatal flaw of asymmetric systems to MiM because that asymmetric key cannot be broken without detection by the distributed system – and as you seem to be admitting, you can’t break a distributed Whitenoise key.

    Creating a two-channel (asymmetric and symmetric framework), multi-factor authentication protocol is the only response to the reality that the majority of systems globally are protected with some flavor of pki, even with the fatal flaw. That has made your world a little too simple.

    This approach is then like cleaning up an oil spill. Surround the mess and keep it from spreading. Then over time, redundant or unnecessary and expensive portions of asymmetric systems can be removed without security risk.

    [BLAKDAYZ]
    so either
    A) pad has to be encrypted by a PKI scheme or

    An electronically distributed key could not be captured (in a MiM scenario) on the one time key distribution, enrollment, authentication and activation and used without detection.
    https://www.youtube.com/watch?v=c6qaKkV9GJU

    B) sent via a different medium than the encrypted method or

    Level 4 Identity Proofing

    C) use a pre-sharedkey ...which you don't include the mechanisms for A,B, or C in your contest (or in your writeups).

    To take a look at key distribution by chip set, firmware up-grade or electronic distribution.

    http://www.wnlabs.com/downloads/GSC_2013_Show.ppsx

    http://connect2canada.com/innovation...-labs/?lang=en

    http://www.wnlabs.com/Presentations/...e_Networks.pps

    DIVA – in the real world known as Andre Brisson.
    Well, I can assure you of three basic things-
    1. No more effort on my part is needed. Your own statement:
    "Done electronically, you have just articulated the fatal flaw of asymmetric public key systems – MiM attacks. "

    Ummm. Dafuq did I just read?

    If you are talking about cert-rewriting...that isn't a tech flaw, its a user flaw. If you don't grab the fingerprint of the key you are using and go check it against the actual fingerprint...the point is moot. This is why we have digital signatures and fingerprints.

    This statement shows me just what level of BS we are working with here. How is intercepting my pgp public key [the one I post to the public, often], through a man in the middle attack [not even needed if you are attempting my private key by public key attack] damaging via cryptanalysis in any way? If you can pull off an email based social engineering attack and make them think your key is my key, or an on the wire attack of said keys and rewrite them with your own, it still only works if they didn't go grab it from an external source (like the MIT keyservers) or have a third party trust situation (like a known CA)...also, Elliptical encryption [DH] (NSA Suite B) also doesn't share a key...at all, with anyone....ever. Only a 100 or so bytes for modulus gets exchanged, and its not asymmetric, its logarithmic...meh.

    2. Personal attacks, that are unfounded, are not welcome. Keep it up and you will be banned. Be constructive.

    3. You need way more understanding of 'real world attacks'. I could drop your entire SFI/DIVA/DDKI operation in an hour or less, no cryptographic attack needed.
    Last edited by blakdayz; August 28, 2013, 20:12.

    Leave a comment:

Working...
X