d

Cryptography: The Complete Documentation

• This category contains 24 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

AES Proposal: Rijndael

Published on September 03, 1999, by Joan Daemen, Vincent Rijmen, ©Katholieke Universiteit Leuven.

In this document we describe the cipher Rijndael. First we present the mathematical basis necessary for understanding the specifications followed by the design rationale and the description itself. Subsequently, the implementation aspects of the cipher and its inverse are treated. This is followed by the motivations of all design choices and the treatment of the resistance against known types of attacks. We give our security claims and goals, the advantages and limitations of the cipher, ways how it can be extended and how it can be used for functionality other than block encryption/decryption. We conclude with the acknowledgements, the references and the list of annexes.

Answer to "new observations on Rijndael"

Published on August 11, 2000, by Joan Daemen, Vincent Rijmen, ©Katholieke Universiteit Leuven.

The note presents an interesting view on alternative representations of the Rijndael structure. The application of mathematical techniques is refreshing. The purpose of this reply is to clarify that the observations made do not contradict the security claims we made. While we are sure that the authors are fully aware of the merits and limitations of their results, we feel that a less experienced reader might easily draw wrong conclusions.

Conventional Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Society

Published on November 13, 2000, by Roger Clarke, ©Australian National University.

It has been conventional wisdom that, for e-commerce to fulfil its potential, each party to a transaction must be confident about the identity of the others. Digital signature technology, based on public key cryptography, has been claimed as the appropriate means of achieving this aim. Digital signatures do little, however, unless a substantial 'public key infrastructure' (PKI) is in place to provide a basis for believing that the signature means something of significance to the relying party.

Cryptfs: A Stackable Vnode Level Encryption File System

Published on 1998, by Erez Zadok, Ion Badulescu, and Alex Shender, ©Columbia University.

Data encryption has become an increasingly important factor in everyday work. Users seek a method of securing their data with maximum comfort and minimum additional requirements on their part; they want a security system that protects any files used by any of their applications, without resorting to application-specific encryption methods. Performance is an important factor to users since encryption can be time consuming. Operating system vendors want to provide this functionality but without incurring the large costs of developing a new file system.

Crypto-loops

Published on 2004-10-07, by marco, ©marco.

A loopback device is a very special device that allows you to mount a normal file as it was a physical device. loopbacks can be encrypted: this becomes very useful sometimes. Consider, as na example, that you need to encrypt a few files, nothing big, let's say 100 MB or so. Encrypting an entire partition could be too much. Then a cryptoloop could be the right solution to your problem.

Cryptographic Compendium (A)

Published on 2000, by John J. G. Savard, ©John J. G. Savard.

This site contains a brief outline of the various types of cipher systems that have been used historically, and tries to relate them to each other while avoiding a lot of mathematics.

Decorrelation: A Theory for Block Cipher Security

Published on 2003, by Serge Vaudenay, ©LASEC.

Pseudorandomness is a classical model for the security of block ciphers. In this paper we present convenient tools in order to study it in connection with the Shannon Theory, the Carter-Wegman universal hash functions paradigm, and the Luby-Rackoff approach.

Diceware Passphrase FAQ

Published on July 27, 2003, by Arnold G. Reinhold, ©Arnold G. Reinhold.

Diceware is a technique that uses dice to produce random text for passphrases and other uses. The Diceware method provides an easy way to create strong passphrase that are easy to remember, for example: alger klm curry blond puck.

Encrypted filesystem with cfs

Published on 2004-06-15, by Stefan Schumacher, ©Stefan Schumacher.

This Document describes cfs for NetBSD™.

cfs is the so called cryptographic filesystem which implements encryption at system level through a standard file system interface to encrypted files. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. It is implemented entirely at user level, as a local NFS server running on the client machine's loopback interface.

Encrypting partitions using dm-crypt and the 2.6 series kernel

Published on 2004-06-08, by Mike Peters, .

Back in February of this year, Andrew Morten announced that cryptoloop was being deprecated in favour of dm-crypt. Although the initial announcement caused some consternation, dm-crypt was merged into the stable tree for the 2.6.4 kernel. This article looks at how to set up an encrypted partition using dm-crypt. dm-crypt provides a crypto layer for Device-mapper. A Device-mapper driver allows you to define new partitions or logical volumes by specifying ranges of sectors on existing block devices. The ranges of sectors to be used by these partitions is mapped to targets according to a mapping table. dm-crypt provides just such a target which can be used to transparently encrypt a block device using the new 2.6 kernel cryptoAPI.

How to setup IPSec interoperable for Linux, OpenBSD and PGPNet

Published on 2000, by Hans-Jörg Höxer, ©Hans-Jörg Höxer.

Aim of this document is to give some examples for setting up IPSec between different platforms. Tested operatingsystems were GNU/Linux using FreeS/WAN 1.5, OpenBSD 2.6 and Windows 98 using PGPFreeware 6.5.3. Given configfiles will be as minimal as possible focusing on an interoperable setup. Therefor a very simple LAN of severel boxes was used, so only host-to-host connections will be covered. But except for PGPNet, extending the following examples to reallife VPN-configurations will not affect the basic setup concerning interoperability. The free version of PGPNet only supports host-to-host connections.

Introduction to cryptography

Published on May 2002, by Pierre Loidreau, www.linuxfocus.org.

The origin of cryptography probably goes back to the very b

Making a Faster Cryptanalytic Time-Memory Trade-Off

Published on 2003, by Philippe Oechslin, ©LASEC.

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since. We propose a new way of precalculating the data which reduces by two the number of calculations needed during cryptanalysis. Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. As an example we have implemented an attack on MS-Windows password hashes. Using 1.4GB of data (two CD-ROMs) we can crack 99.9% of all alphanumerical passwords hashes (2 37 ) in 13.6 seconds whereas it takes 101 seconds with the current approach using distinguished poi

On the Use of GF-Inversion as a Cryptographic Primitive

Published on 2003, by Kazumaro Aoki and Serge Vaudenay, ©LASEC.

Inversion in Galois Fields is a famous primitive permutation for designing cryptographic algorithms e.g. for Rijndael because it has suitable differential and linear properties. Inputs and outputs are usually transformed by addition (e.g. XOR) to key bits. We call this construction the APA (Add-Permute-Add) scheme. In this paper we study its pseudorandomness in terms of k-wise independence.

Optimal Key Ranking Procedures in a Statistical Cryptanalysis

Published on 2003, by Pascal Junod, Serge Vaudenay, ©LASEC.

Hypothesis tests have been used in the past as a tool in a cryptanalytic context. In this paper, we propose to use this paradigm and define a precise and sound statistical framework in order to optimally mix information on independent attacked subkey bits obtained from any kind of statistical cryptanalysis. In the context of linear cryptanalysis, we prove that the best mixing paradigm consists of sorting key candidates by decreasing weighted Euclidean norm of the bias vector.

Overview of Cryptography (An)

Published on 2004-08-06, by Gary C. Kessler, .

Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.

Passphrase FAQ

Published on October 02, 1993, by Grady Ward, ©Grady Ward.

With the intrinsic strength of some of the modern encryption, authentication, and message digest algorithms such as RSA, MD5, SHS and IDEA the user password or phrase is becoming more and more the focus of vulnerability.

Passphrase FAQ (The)

Published on March 23, 1997, by Randall T. Williams, ©Randall T. Williams.

This is The Passphrase FAQ for PGP. I tried to include everything I've seen asked on alt.security.pgp along with some extras to cover other things like passwords and different key lengths. Most people who have had college algebra or higher should be able to follow the math. Check the glossary in section 8.2 to help with some of the terms and how they are used.

Results of a Survey on PGP Pass Phrase Usage

Published on June 01, 1995, by Arnold G. Reinhold, ©Arnold G. Reinhold.

Pass phrase management is arguably one of the weakest links in the PGP security chain. To gather some facts on actual pass phrase usage, I recently conducted a survey over the Internet.

Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption (The)

Published on May 27, 1997, by Hal Abelson, ©Massachusetts Institute of Tech.

A variety of "key recovery", "key escrow", and "trusted third-party encryption requirements" have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys.

Security of DSA and ECDSA (The)

Published on 2003, by Serge Vaudenay, ©LASEC.

DSA and ECDSA are well established standards for digital signature based on the discrete logarithm problem. In this paper we survey known properties, certification issues regarding the public parameters, and security proofs. ECDSA also includes a standard certification scheme for elliptic curve which is assumed to guarantee that the elliptic curve was randomly selected, preventing from any potential malicious choice. In this paper we show how to bypass this scheme and certify any elliptic curve in characteristic two. The prime field case is also studied. Although this does not lead to any attack at this time since all possible malicious choices which are known at this time are specifically checked, this demonstrates that some part of the standard is not well designed. We finally propose a tweak.

Using GnuPG, Part I

Published on 2004-02-14, by Sandro Mangovski, ©Specialized Systems Consultants, Inc..

In today's world, communication has broken all previous time and distance limits. Now you can talk with someone in real-time no matter how far away he is. That advantage has also brought some major problems with itself. First, it is hard to verify other persons identity with 100% certainty and second, we can't know if there is a third party between who reads our correspondence. Fortunately for us something called public key cryptography was invented.

Using the GNU Privacy Guard

Published on 2004-03-01, by Peter Matulis, ©Peter Matulis.

GnuPG uses public-key cryptography to operate. This is a large and complex subject. I have a little more info on PK cryptography in my tutorial Working with the OpenSSH suite. For now, what we need to know is that it requires sender and recipient to each posess both a public key and a private key. GnuPG takes a step further by allowing a user to have additional keypairs called subordinate keypairs whereas the original keypair then becomes the primary keypair (or master keypair).

Why Cryptosystems Fail

Published on 2004, by Ross Anderson, ©Ross Anderson.

Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.

In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.