Cryptography-Digest Digest #684, Volume #9 Thu, 10 Jun 99 01:13:03 EDT
Contents:
IDEA-128 (Casey Sybrandy)
Word 8 and Excel 8 Encryption ("John E. Kuslich")
Re: I challenge thee :) (JPeschel)
----------------------------------------------------------------------------
From: Casey Sybrandy <[EMAIL PROTECTED]>
Subject: IDEA-128
Date: Wed, 09 Jun 1999 22:15:43 -0400
This is a short description of IDEA-128, a 128-bit block version of
IDEA. The blocks of data will be labeled b0..b3. The keys are divided
into two parts, the general use 32-bit keys k, and the keys for just the
rotates, r. Assuming both i and j start at 0, this is the algorithm
b0 = rotr(b0, r[j++])
b1 += k[i++]
b2 += k[i++]
b3 = rotr(b3, r[j++])
for i = 1 to maxrounds do
{
temp1 = b0 XOR b2
temp2 = b1 XOR b3
// these lines added in an attempt to add more security
temp1 = rotl(temp1, r[j++])
temp2 = rotr(temp2, r[j++])
temp1 *= k[i++]
temp2 += temp1
temp2 *= k[i++]
temp1 += temp2
b0 = b0 XOR temp2
b1 = b1 XOR temp1
b2 = b2 XOR temp2
b3 = b3 XOR temp1
swap(b1, b2)
b0 = rotr(b0, r[j++])
b1 += k[i++]
b2 += k[i++]
b3 = rotr(b3, r[j++])
}
That's it. Decryption is done similarly to normal IDEA, you just have
to take into account the different operations. The reasoning behind
this is simple: the reversible multiplications of IDEA, where all
multiplication was done mod 2^16 + 1, had to be replaced with something
more reversible. I selected the keyed rotate function because it has
been proven to work well with multiplications and it is simple. Since
it now takes only one clock cycle on newer CPU's, I added in two extra
rotates per round in an attempt to make it stronger. I have
successfully coded this up and it does encrypt and decrypt. I
personally recommend 8 rounds, since that is what IDEA used and it was
secure after 5 rounds, if I remember correctly. Since it is now faster
than normal IDEA, the number of rounds can probably be expanded somewhat
without making it slower than normal IDEA.
Anyway, this is just an idea, no pun intended, that I came up with after
reading a post about doing something like this. The post ended up
showing us a complicated solution. I personally opted for the simple
one. I didn't bother making a key schedule for it, though it should be
simple enough. I recommend a key schedule that does a good job of
propogating change, such as that of RC5/6. The key values for the
rotates should be mod 32 (each block is only 32-bits.) Let me know what
you think. Also, if anybody knows anything about the patent info on
IDEA, that would be great. I plan on incorporating this in another
project of mine, unless it is proven that this is as insecure as morse
code.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Word 8 and Excel 8 Encryption
Date: Wed, 09 Jun 1999 19:53:38 -0700
==============72512FFFE2243FA92BAC0F33
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Since we cracked the Office 97 version of Word and Excel, we have been
thinking about publishing the details of the encryption algorithm used
see http://www.crak.com/word8.htm
The only thing holding us back is the need to recover our cost for the
research that went into discovering how this whole process works.
We have been partially successful in recovering some of these costs by
actually using this knowledge to recover files for our customers (it
turns out that exploiting this knowledge has been a monumental task in
itself see http://www.crak.com/word8.htm ). Nevertheless, we feel
that the knowledge we gained is not only valuable in itself but it also
leads to a greater understanding of the serious problems users of
encryption face when the encryption is based on personal computer
technology.
Every serious practicing cryptographer (in other words employees of NSA
and similar agencies) knows very well that encryption based on software
used on the PC is weak. We think it would be instructive to show some
of the details of the analysis we did to crack Office 97 so that the
members of this group can see for themselves how fairly good
cryptography on the PC can be defeated.
If you would be interested in purchasing a booklet describing the EXACT
encryption process used by Word and Excel Version 8, please drop us an
e-mail at: [EMAIL PROTECTED] Please tell us the price you would expect
pay for such a booklet. Perhaps we can use your feedback to convince a
publisher to get it in print. Oh, we may also include the details on
earlier versions of Word and Excel also!!
John E. Kuslich
--
CRAK Software (Password Recovery Software)
Http://www.crak.com
[EMAIL PROTECTED]
602 863 9274 or 1 800 505 2725 In the USA
==============72512FFFE2243FA92BAC0F33
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<HTML>
Since we cracked the Office 97 version of Word and Excel, we have been
thinking about publishing the details of the encryption algorithm used
see <A HREF="http://www.crak.com/word8.htm"> http://www.crak.com/word8.htm</A>
<P>The only thing holding us back is the need to recover our cost for the
research that went into discovering how this whole process works.
<P>We have been partially successful in recovering some of these costs
by actually using this knowledge to recover files for our customers (it
turns out that exploiting this knowledge has been a monumental task in
itself see <A HREF="http://www.crak.com/word8.htm">
http://www.crak.com/word8.htm</A>
). Nevertheless, we feel that the knowledge we gained is not only
valuable in itself but it also leads to a greater understanding of the
serious problems users of encryption face when the encryption is based
on personal computer technology.
<P>Every serious practicing cryptographer (in other words employees of
NSA and similar agencies) knows very well that encryption based on
software used on the PC is weak. We think it would be instructive
to show some of the details of the analysis we did to crack Office 97 so
that the members of this group can see for themselves how fairly good cryptography
on the PC can be defeated.
<P>If you would be interested in purchasing a booklet describing the EXACT
encryption process used by Word and Excel Version 8, please drop us an
e-mail at: [EMAIL PROTECTED] Please tell us the price you would
expect pay for such a booklet. Perhaps we can use your feedback to
convince a publisher to get it in print. Oh, we may also include
the details on earlier versions of Word and Excel also!!
<BR>
<P>John E. Kuslich
<P>--
<BR>CRAK Software (Password Recovery Software)
<BR><A HREF="Http://www.crak.com">Http://www.crak.com</A>
<BR>[EMAIL PROTECTED]
<BR>602 863 9274 or 1 800 505 2725 In the USA
<BR> </HTML>
==============72512FFFE2243FA92BAC0F33==
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: I challenge thee :)
Date: 10 Jun 1999 02:44:45 GMT
>[EMAIL PROTECTED] writes:
>Most 'polyalphabetic' ciphers are broken by frequency analysis if I am
>not mistaken. If this is true all you have to do is understand the
>language of the plaintext and you can guess at the key.
Nope, takes a bit more than that. First you have to determine the length
of the key by counting coincidences. See AC2 for Bruce's quick
explanation of this. John S. likes to explain Vigeneres, so I am hoping
he will elucidate for your benefit. Meantime, you can find Viggy and raw-binary
polyalphabetic crackers at the site below. They go well with cheese and beer.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
