Cyphernomicon Top
Cyphernomicon 5.9

Cryptology:
Practical Crypto


    5.9.1. again, this stuff is covered in many of the FAQs on PGP and
            on security that are floating around...
    5.9.2. "How long should crypto be valid for?"
           + That is, how long should a file remain uncrackable, or a
              digital signature remain unforgeable?
             - probabalistic, of course, with varying confidence levels
             - depends on breakthroughs, in math and in computer power
           + Some messages may only need to be valid for a few days or
              weeks. Others, for decades. Certain contracts may need to
              be unforgeable for many decades. And given advances in
              computer power, what appears to be a strong key today may
              fail utterly by 2020 or 2040.  (I'm of course not
              suggesting that a 300- or 500-digit RSA modulus will be
              practical by then.)
             + many people only need security for a matter of months or
                so, while others may need it (or think they need it) for
                decades or even for generations
               - they may fear retaliation against their heirs, for
                  example, if certain communications were ever made
                  public
           - "If you are signing the contract digitally, for instance,
              you would want to be sure that no one could forge your
              signature to change the terms after the fact -- a few
              months isn't enough for such purposes, only something that
              will last for fifteen or twenty years is okay." [Perry
              Metzger, 1994-07-06]
    5.9.3. "What about commercial encryption programs for protecting
            files?"
           - ViaCrypt, PGP 2.7
           - Various commercial programs have existed for years (I got
              "Sentinel" back in 1987-8...long since discontinued). Check
              reviews in the leading magazines.
           + Kent Marsh, FolderBolt for Macs and Windows
             - "The best Mac security program....is CryptoMactic by Kent
                Marsh Ltd.  It uses triple-DES in CBC mode, hashes an
                arbitrary-length password into a key, and has a whole lot
                of Mac-interface features.  (The Windows equivalent is
                FolderBolt for Windows, by the way.)" [Bruce Schneier,
                sci.crypt, 1994-07-19]
    5.9.4. "What are some practical steps to take to improve security?"
           - Do you, like most of us, leave backup diskettes laying
              around?
           - Do you use multiple-pass erasures of disks? If not, the
              bits may be recovered.
           - (Either of these can compromise all encrypted material you
              have, all with nothing more than a search warrant of your
              premises.)
    5.9.5. Picking (and remembering) passwords
           - Many of the issues here also apply to choosing remailers,
              etc. Things are often trickier than they seem. The
              "structure" of these spaces is tricky. For example, it may
              seem really sneaky (and "high entropy" to permute some
              words in a popular song and use that as a pass
              phrase....but this is obviously worth only a few bits of
              extra entropy. Specifically, the attacker will like take
              the thousand or so most popular songs, thousand or so most
              popular names, slogans, speeches, etc., and then run many
              permutations on each of them.
           - bits of entropy
           - lots of flaws, weaknesses, hidden factors
           - avoid simple words, etc.
           - hard to get 100 or more bits of real entropy
           - As Eli Brandt puts it, "Obscurity is no substitute for
              strong random numbers." [E.B., 1994-07-03]
           - Cryptanalysis is a matter of deduction, of forming and
              refining hypotheses. For example, the site
              "bitbucket@ee.und.ac.za" is advertised on the Net as a
              place to send "NSA food" to...mail sent to it gets
              discarded. So , a great place to send cover traffic to, no?
              No, as the NSA will mark this site for what it is and its
              usefulness is blown. (Unless its usefulness is actually
              something else, in which case the recursive descent has
              begun.)
           - Bohdan Tashchuk suggests [1994-07-04] using telephone-like
              numbers, mixed in with words, to better fit with human
              memorization habits; he notes that 30 or more bits of
              entropy are routinely memorized this way.
    5.9.6. "How can I remember long passwords or passphrases?"
           - Lots of security articles have tips on picking hard-to-
              guess (high entropy) passwords and passphrases.
           + Just do it.
             - People can learn to memorize long sequences. I'm not good
                at this, but others apparently are. Still, it seems
                dangerous, in terms of forgetting. (And writing down a
                passphrase may be vastly more risky than a shorter but
                more easily memorized passphrase is.  I think theft
                of keys and keystroke capturing on compromised machines
                are much
                more important practical weaknesses.)
           + The first letters of long phrases that have meaning only to
              the owner.
             - e.g., "When I was ten I ate the whole thing."--->
                "wiwtiatwt" (Purists will quibble that prepositional
                phrases like "when i was" have lower entropy. True, but
                better than "Joshua.")
           + Visual systems
             - Another approach to getting enough entropy in
                passwords/phrases is a "visual key" where one mouses from
                position to position in a visual environment. That is,
                one is presented with a scene containg some number of
                nodes, perhaps representing familiar objects from one's
                own home, and a path is chosen.  The advantage is that
                most people can remember fairly complicated
                (read: high entropy) "stories." Each object triggers a
                memory of the next object to visit. (Example: door to
                kitchen to blender to refrigerator to ..... ) This is the
                visual memory system said to be favored by Greek epic
                poets. This also gets around the keyboard-monitoring
                trick (but not necessarily the CRT-reading trick, of
                course).
                
                
                It might be an interesting hack to offer this as a front
                end for PGP. Even a simple grid of characters which could
                be moused on could be an assist in using long
                passphrases.
 

Next Page: 5.10 DES
Previous Page: 5.8 The Nature of Cryptology

By Tim May, see README

HTML by Jonathan Rochkind