elective-stereophonic
elective-stereophonic
Encrypted Messages
singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Pages: 1 2 3 ... 14 [All]

Author Topic: Encrypted Messages  (Read 56382 times)

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Encrypted Messages
« on: March 31, 2014, 07:58:23 pm »

A few clients now do encrypted messages.

Are these encrypted messaging system compatible among various clients?

For example, if someone using NxtSolaris sends an encrypted message to a user using OffSpring, is OffSpring user able to decrypt it and respond?

 I hope there is just one standard that all clients use.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Graviton

  • Sr. Member
  • ****
  • Karma: +62/-30
  • Offline Offline
  • Posts: 297
    • View Profile
    • DGEX
Re: Encrypted Messages
« Reply #1 on: March 31, 2014, 08:00:04 pm »

Are these encrypted messaging system compatible among various clients?

I do think so. Need to try that out soon.
Logged
* dgex.com operator * nextcoin.org founder * mofowallet.com multiwallet founding member

marcus03

  • Sr. Member
  • ****
  • Karma: +24/-1
  • Offline Offline
  • Posts: 389
    • View Profile
Re: Encrypted Messages
« Reply #2 on: March 31, 2014, 08:01:18 pm »

NXT Solaris doesn't do message encryption yet, but if a standard is needed, this should be implemented:

https://nextcoin.org/index.php?topic=727.0
Logged
My Android NXT wallet project!
Raspberry Pi NXT node/Two VPS NRS nodes
NXT tips and donations: NXT-X5EB-VSL5-Z7DU-3GWTJ

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #3 on: March 31, 2014, 08:04:36 pm »

Are these encrypted messaging system compatible among various clients?

I do think so. Need to try that out soon.

We need to know what you add to identify encrypted messages. Do you add something at the start of the message?

Also, do you use a salt, etc.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #4 on: March 31, 2014, 08:21:23 pm »

Are these encrypted messaging system compatible among various clients?

I do think so. Need to try that out soon.

Please make it clear what exactly are you doing, so all Nxt users can communicate with each other, regardless of the client.

We need one standard. Otherwise it will become useless.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Graviton

  • Sr. Member
  • ****
  • Karma: +62/-30
  • Offline Offline
  • Posts: 297
    • View Profile
    • DGEX
Re: Encrypted Messages
« Reply #5 on: March 31, 2014, 08:34:19 pm »

I'm quite sure Dirk has followed the standard as far as such is available. Unfortunately I'm not versed on the technical encryption details he has been using, we were under pressure to release this tonight and he had to go right after that. I'm positive he will be answering these during Tuesday.
Logged
* dgex.com operator * nextcoin.org founder * mofowallet.com multiwallet founding member

fanaticalfishing

  • Full Member
  • ***
  • Karma: +10/-1
  • Offline Offline
  • Posts: 149
    • View Profile
Re: Encrypted Messages
« Reply #6 on: March 31, 2014, 11:09:09 pm »

Are these encrypted messaging system compatible among various clients?

I do think so. Need to try that out soon.

Please make it clear what exactly are you doing, so all Nxt users can communicate with each other, regardless of the client.

We need one standard. Otherwise it will become useless.

everything is in the git repository
Logged

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #7 on: April 01, 2014, 09:57:19 am »

Since there was no standard for encrypted messaging I had to think up my own. Encrypted messaging uses the XoredData class from the NXT repo https://bitbucket.org/JeanLucPicard/nxt/src/525a1924962f4107c679b61aea7a3b9a4b60a4ab/src/java/nxt/crypto/XoredData.java?at=master (thanks CfB!)

Creating messages is easy. Offspring uses two kinds of messages, Encrypted and Unencrypted.

Encrypted messages start with MAGIC_ENCRYPTED_MESSAGE_NUMBER (see below) which is an 8 byte identifier. Then the 32 byte nonce, and then the encrypted data.

Unencrypted messages start with MAGIC_UNENCRYPTED_MESSAGE_NUMBER, and then the message data which is passed through Convert.parseHexString (also from the NXT repo) https://bitbucket.org/JeanLucPicard/nxt/src/525a1924962f4107c679b61aea7a3b9a4b60a4ab/src/java/nxt/util/Convert.java?at=master.

Code: [Select]
  /* Encrypted messages start with this number */
  public static byte[] MAGIC_ENCRYPTED_MESSAGE_NUMBER = new byte[] { 0x43,
      0x52, 0x59, 0x50, 0x54, 0x45, 0x44, 0x21 };

  /* Non encrypted messages start with this number (Invisible Characters) */
  public static byte[] MAGIC_UNENCRYPTED_MESSAGE_NUMBER = new byte[] { 0x4d,
      0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x21 };

Everything is available on Github, client implementors can simply copy the code from there https://github.com/incentivetoken/offspring/blob/master/com.dgex.offspring.ui/src/com/dgex/offspring/ui/messaging/MessageCrypto.java

Note.. In the MessageCrypto class there also is a property called MAGIC_UNENCRYPTED_MESSAGE_NUMBER and MAGIC_ENCRYPTED_MESSAGE_NUMBER. Those are not the ones used in Offspring (guess i forgot to take those out) those properties are in https://github.com/incentivetoken/offspring/blob/master/com.dgex.offspring.config/src/com/dgex/offspring/config/Config.java
« Last Edit: April 01, 2014, 10:02:28 am by verymuchso »
Logged
HEAT: DEX | SDK | HOME

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #8 on: April 01, 2014, 10:06:15 am »

I thought it was decided to use this format: https://nextcoin.org/index.php?topic=727.0

(as cfb said)

Has he changed his mind?

XoredData is only available to clients that access the java api. Not sure if there is a javascript version of this...
Logged

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #9 on: April 01, 2014, 10:12:07 am »

btw, why do you add bytes to the unencrypted message? Do you ignore messages that don't have these bytes?
Logged

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #10 on: April 01, 2014, 10:17:44 am »

I thought it was decided to use this format: https://nextcoin.org/index.php?topic=727.0
(as cfb said)
Has he changed his mind?
XoredData is only available to clients that access the java api. Not sure if there is a javascript version of this...

Isnt that whats implemented in XoredData? XoredData is a small class, not much code at all.
If you have a js Curve25519 lib I dont see any problem why you cannot 1-on-1 copy XoredData from java to js.

btw, why do you add bytes to the unencrypted message? Do you ignore messages that don't have these bytes?

With all these nodecoin messages going around your list of messages gets cluttered fast. Let alone the number of different messages that will be implemented in the future.
If you want any way to filter that out you need this.

Messages are not ignored currently, I do use it to show a different icon for those messages
« Last Edit: April 01, 2014, 10:20:38 am by verymuchso »
Logged
HEAT: DEX | SDK | HOME

Isildur23

  • Full Member
  • ***
  • Karma: +29/-0
  • Offline Offline
  • Posts: 173
  • Banned!
    • View Profile
Re: Encrypted Messages
« Reply #11 on: April 01, 2014, 10:18:23 am »

Both encrypted and unencrypted(including group messaging) messages are stored on the blockchain, right? And they are purged during shrinking, right?
Logged

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #12 on: April 01, 2014, 10:21:42 am »

Both encrypted and unencrypted(including group messaging) messages are stored on the blockchain, right? And they are purged during shrinking, right?

Yes they are stored in the blockchain. Purging is not implemented (yet) currently messages are in the blockchain forever.
Logged
HEAT: DEX | SDK | HOME

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #13 on: April 01, 2014, 10:23:29 am »

Fun fact.. If you send an encrypted message to yourself. Only you can read it.
Logged
HEAT: DEX | SDK | HOME

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #14 on: April 01, 2014, 10:23:43 am »

Ok looks like XoredData also uses curve, so I can do that.

Btw cfb says:

Quote
[1/04/14 12:20:25] CFB: Use hash-based key agreement
[1/04/14 12:20:29] CFB: to get seed
[1/04/14 12:20:33] CFB: and then use XoredData
Logged

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #15 on: April 01, 2014, 10:31:58 am »

Ok looks like XoredData also uses curve, so I can do that.
Btw cfb says:
Quote
[1/04/14 12:20:25] CFB: Use hash-based key agreement
[1/04/14 12:20:29] CFB: to get seed
[1/04/14 12:20:33] CFB: and then use XoredData

I know. Thats here https://github.com/incentivetoken/offspring/blob/master/com.dgex.offspring.nxtCore/src/nxt/crypto/MyCurve25519.java
Logged
HEAT: DEX | SDK | HOME

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #16 on: April 07, 2014, 06:57:17 am »

XoredData is very useful and changed my code to use Nxt core functions in last release.

But Clienxt doesn't add any prefix, it is pure https://nextcoin.org/index.php?topic=727.0

Didn't find any reason to add prefix to encrypted text. Since message stored as HEX format in blockchain after encryption. One can simple show HexToString, if user cannot read it they can decrypt the message. This might be extra step for user, but i think it is safer.

Beside if every client uses same/pure algorithm, we don't need any prefix. everything is encrypted and all clients can work with it.
« Last Edit: April 07, 2014, 06:58:57 am by fmiboy »
Logged

v39453

  • Full Member
  • ***
  • Karma: +12/-2
  • Offline Offline
  • Posts: 155
    • View Profile
Re: Encrypted Messages
« Reply #17 on: April 07, 2014, 09:05:04 am »

I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.
Logged

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #18 on: April 07, 2014, 09:12:04 am »

You should use the prefix CRYPTED!, that's how other clients are doing it.

XoredData is very useful and changed my code to use Nxt core functions in last release.

But Clienxt doesn't add any prefix, it is pure https://nextcoin.org/index.php?topic=727.0

Didn't find any reason to add prefix to encrypted text. Since message stored as HEX format in blockchain after encryption. One can simple show HexToString, if user cannot read it they can decrypt the message. This might be extra step for user, but i think it is safer.

Beside if every client uses same/pure algorithm, we don't need any prefix. everything is encrypted and all clients can work with it.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #19 on: April 07, 2014, 09:15:51 am »

I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.

XoredData satisfies these conditions. Pay attention that it's a little bit different from https://nextcoin.org/index.php?topic=727.0
Logged

v39453

  • Full Member
  • ***
  • Karma: +12/-2
  • Offline Offline
  • Posts: 155
    • View Profile
Re: Encrypted Messages
« Reply #20 on: April 07, 2014, 09:55:34 am »

I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.

XoredData satisfies these conditions. Pay attention that it's a little bit different from https://nextcoin.org/index.php?topic=727.0

Well, I am not qualified to say if it works or not. Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

For the record, I just use AES.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #21 on: April 07, 2014, 10:24:24 am »

Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

Valid point. Could anyone review the algo?
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #22 on: April 07, 2014, 11:39:14 am »

Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

Valid point. Could anyone review the algo?

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #23 on: April 07, 2014, 12:23:00 pm »

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.

If u got a key for one chunk of bytes u needed to reverse SHA256 to get a key for another chunk. Thus the 1st attack is counteracted.
A random nonce is chosen for each encryption session. Thus the 2nd attack is counteracted.
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #24 on: April 07, 2014, 12:35:01 pm »

I took a looksy and it does not look kosher. 

It's not clear to me that this scheme provides security against chosen-plaintext and adaptive chosen-ciphertext attacks.

If u got a key for one chunk of bytes u needed to reverse SHA256 to get a key for another chunk. Thus the 1st attack is counteracted.
A random nonce is chosen for each encryption session. Thus the 2nd attack is counteracted.

Is the nonce public, i.e. is it communicated in the clear?
« Last Edit: April 07, 2014, 12:37:33 pm by doctorevil »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #25 on: April 07, 2014, 12:39:49 pm »

Is the nonce public, i.e. is it communicated in the clear?

Yes.

It's chosen by the encrypting party.
« Last Edit: April 07, 2014, 12:41:48 pm by Come-from-Beyond »
Logged

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #26 on: April 07, 2014, 01:23:05 pm »

You should use the prefix CRYPTED!, that's how other clients are doing it.

XoredData is very useful and changed my code to use Nxt core functions in last release.

But Clienxt doesn't add any prefix, it is pure https://nextcoin.org/index.php?topic=727.0

Didn't find any reason to add prefix to encrypted text. Since message stored as HEX format in blockchain after encryption. One can simple show HexToString, if user cannot read it they can decrypt the message. This might be extra step for user, but i think it is safer.

Beside if every client uses same/pure algorithm, we don't need any prefix. everything is encrypted and all clients can work with it.

isn't it better if we have every message encrypted by default?
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #27 on: April 07, 2014, 01:26:36 pm »

Is the nonce public, i.e. is it communicated in the clear?

Yes.

It's chosen by the encrypting party.

Looking at this more carefully I can see how the algo protects against straightforward versions of the attacks I originally suspected might work.

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #28 on: April 07, 2014, 02:04:44 pm »

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

1. Each message uses a new key
2. Key is generated by using a hardware random number generator
3. Length of the key is not less than length of the message


XoredData satisfies these conditions coz:

1. A new key is used each time
2. Key is generated by seeding with SecureRandom, SHA256 applied to the seed several times is still considered random enough
3. Length of the key is not less than length of the message coz SHA256 is irreversible

So, if there r no bugs in the implementation and XoredData indeed satisfies the conditions then it's "more secure" than AES256 et al.

---
* - it's not ~100%, it's exactly 100%.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #29 on: April 07, 2014, 02:07:23 pm »

isn't it better if we have every message encrypted by default?

Sometimes we need public messages.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #30 on: April 07, 2014, 02:16:26 pm »

it's a client thing: devs should just make the option "encrypted" as default.
« Last Edit: April 07, 2014, 06:59:00 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #31 on: April 07, 2014, 03:47:27 pm »

oh yes, forgot that AM could be used for other projects as well, with public messages.

will add prefix in next release "CRYPTED!"
« Last Edit: April 07, 2014, 06:59:12 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #32 on: April 07, 2014, 05:18:26 pm »

3. Length of the key is not less than length of the message coz SHA256 is irreversible

What does that mean? Are all messages need to be less than 256 bits?

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #33 on: April 07, 2014, 05:23:25 pm »

Messages can be as long as required. It means that if u know a part of the key u can restore another part only if u can find X such as SHA256(X) == KNOWN_PART.
« Last Edit: April 07, 2014, 06:59:37 pm by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #34 on: April 07, 2014, 06:08:37 pm »

isn't it better if we have every message encrypted by default?

Sometimes we need public messages.

it's a client thing: devs should just make the option "encrypted" as default.

Yes, please take a note here all client developers:  the default should be encrypted. You should have to unmark "encrypted" to make it plain text.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #35 on: April 07, 2014, 07:52:20 pm »

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

1. Each message uses a new key
2. Key is generated by using a hardware random number generator
3. Length of the key is not less than length of the message


XoredData satisfies these conditions coz:

1. A new key is used each time
2. Key is generated by seeding with SecureRandom, SHA256 applied to the seed several times is still considered random enough
3. Length of the key is not less than length of the message coz SHA256 is irreversible

So, if there r no bugs in the implementation and XoredData indeed satisfies the conditions then it's "more secure" than AES256 et al.

---
* - it's not ~100%, it's exactly 100%.

All stream cipher designs use XOR … it doesn't entail that they satisfy information theoretic perfect security.  Since the real keyspace of both your scheme and AES256 is 256 bits, neither can theoretically guarantee perfect security unless the plaintext is 256 bits.  The difference between the two schemes is on the assumptions they rely on.  Your scheme relies on properties of SHA256 for which it was neither primarily designed nor as extensively scrutinized in light of (it's primary goal was collision resistance) whereas AES was designed for one thing and one thing only.  Also the scheme you've come up with has been vetted by a handful of people whereas AES has withstood the withering scrutiny of the entire cryptographic community for over 15 years. 

You're obviously free to do what you want, but I'm on the record as stating this encryption scheme is not an optimal design choice.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #36 on: April 07, 2014, 08:12:43 pm »

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.

It's not a homegrown cipher. :)

Claude Shannon proved that such an algo (XOR-based) is 100%* secure if the following conditions r met:

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #37 on: April 07, 2014, 08:20:02 pm »

All stream cipher designs use XOR … it doesn't entail that they satisfy information theoretic perfect security.  Since the real keyspace of both your scheme and AES256 is 256 bits, neither can theoretically guarantee perfect security unless the plaintext is 256 bits.  The difference between the two schemes is on the assumptions they rely on.  Your scheme relies on properties of SHA256 for which it was neither primarily designed nor as extensively scrutinized in light of (it's primary goal was collision resistance) whereas AES was designed for one thing and one thing only.  Also the scheme you've come up with has been vetted by a handful of people whereas AES has withstood the withering scrutiny of the entire cryptographic community for over 15 years. 

You're obviously free to do what you want, but I'm on the record as stating this encryption scheme is not an optimal design choice.

Don't call this scheme mine - http://ru.wikipedia.org/wiki/%D0%93%D0%B0%D0%BC%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5 (sorry, no english version). Btw, plaintext properties r irrelevant to security of this scheme (the linked page contains a formal proof). Also I disagree that SHA256 can't be used coz some hardware random number generators do use it to build sequences of random numbers.

PS: We need more guys to review this algo. If no flaws r found then we could "standardize" it.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #38 on: April 07, 2014, 08:22:27 pm »

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]

Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #39 on: April 07, 2014, 08:45:22 pm »

Are you referring to this?

http://en.wikipedia.org/wiki/One-time_pad

Quote
Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.[3]

Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #40 on: April 07, 2014, 08:52:02 pm »


Yes. But one important note: XoredData is as strong as SHA256, it's not a true one-time pad.

Does this remove *100% security?

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #41 on: April 07, 2014, 09:02:40 pm »

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?

I prefer to let the others to decide, I don't care what algo will be used.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #42 on: April 07, 2014, 09:03:22 pm »

Does this remove *100% security?

Yes
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #43 on: April 07, 2014, 09:50:38 pm »

Ok, just one simple question:

What advantages this scheme has over AES? (don't tell me it's stronger than AES, as that is irrelevant as AES is strong enough -- probably stronger than breaking SHA256).

If you can list reasons why this scheme should be used by all client developers than just using AES, maybe then we can all agree?

I prefer to let the others to decide, I don't care what algo will be used.

You recommend this and that's why some of the clients are already using it. We need all clients to be compatible. I don't know what that one mobile developer is using but it's probably the same.

It's not the question of choose whatever you want as that will make various clients incompatible.

The question is why you recommended it over aes
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

mthcl

  • Hero Member
  • *****
  • Karma: +96/-8
  • Offline Offline
  • Posts: 562
    • View Profile
Re: Encrypted Messages
« Reply #44 on: April 07, 2014, 09:56:01 pm »


Don't call this scheme mine - http://ru.wikipedia.org/wiki/%D0%93%D0%B0%D0%BC%D0%BC%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5 (sorry, no english version).
Isn't the English version here: http://en.wikipedia.org/wiki/XOR_cipher?

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

And, as a mathematician, I know that one has to be extremely careful when applying math theorems to the real world   :)
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #45 on: April 07, 2014, 10:09:49 pm »

The question is why you recommended it over aes

BCNext suggested to use this algo. AES was suggested later.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #46 on: April 07, 2014, 10:21:24 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)
Logged

mthcl

  • Hero Member
  • *****
  • Karma: +96/-8
  • Offline Offline
  • Posts: 562
    • View Profile
Re: Encrypted Messages
« Reply #47 on: April 07, 2014, 10:45:15 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.

Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)
No, I dare not. :)   But if doctorevil could comment that, it would be great.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #48 on: April 07, 2014, 11:49:51 pm »

As for the choice of algorithm, I would do what doctorevil proposes. If AES was designed for this purpose, then let's use it.


Why not ECIES then? It looks a more natural choice.
AES requires to extend the code base, this could be critical for constrained devices.
By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.
AES is harder to implement unlike XOR.
A lot of questions, dare to give solid answers? :)

One note AES is not NSA algorithm.  SHA256 is.

At least this time you posted some arguments.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #49 on: April 08, 2014, 03:12:56 am »

Why not ECIES then? It looks a more natural choice.

1) ECIES just spits out an encryption key and a HMAC key.  You would still need to use that encryption key with some sort of bulk cipher and AES is the obvious choice most people using ECIES go with. 

2) W.r.t. ECIES vs ECDH: By design ECIES does not authenticate the sender ... ECDH does.  One could naively assume a NXT message would already be authenticated by virtue of being part of a transaction (which is signed) but there are subtle pitfalls to systems that encrypt-then-sign so a more complicated construction would actually be required.  One can avoid these complications by simply using ECDH.

AES requires to extend the code base, this could be critical for constrained devices.

3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.

4) While the NSA was part of the process that approved AES for usage by US government agencies, the NSA did not design AES; a pair of Belgian cryptographers did.  One-time pads (what you are calling the XOR cipher) have been proven to have perfect security.  The current NXT algorithm is not a one-time pad.  It's an original (AFAICT) SHA256-based stream cipher with a 256-bit keysize and cannot claim to have perfect security.

AES is harder to implement unlike XOR.

See (3)

This is my last post on this issue.  Like I said earlier, you are free to ignore my advice.
 
« Last Edit: April 08, 2014, 03:17:30 am by doctorevil »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #50 on: April 08, 2014, 03:49:26 am »


3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

Not only that some CPUs have hardware optimization for AES .  My Intel CPU does something like 500 GB per second  with AES.

I am voting we go with AES as you suggested.

Who would implement ECDH with AES?

please vote here.



Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #51 on: April 08, 2014, 05:07:19 am »

Not only that some CPUs have hardware optimization for AES .  My Intel CPU does something like 500 GB per second  with AES.

I meant to say around 5 GB/s (not 500) encryption/decryption on Intel chips with AES instructions

Hard to type on phone while on the road.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #52 on: April 08, 2014, 07:03:07 am »

Why not ECIES then? It looks a more natural choice.

1) ECIES just spits out an encryption key and a HMAC key.  You would still need to use that encryption key with some sort of bulk cipher and AES is the obvious choice most people using ECIES go with. 

2) W.r.t. ECIES vs ECDH: By design ECIES does not authenticate the sender ... ECDH does.  One could naively assume a NXT message would already be authenticated by virtue of being part of a transaction (which is signed) but there are subtle pitfalls to systems that encrypt-then-sign so a more complicated construction would actually be required.  One can avoid these complications by simply using ECDH.

AES requires to extend the code base, this could be critical for constrained devices.

3) AES is in the standard library of many languages, including the main NXT implementation target, Java.  For every language where this isn't the case, high quality, succinct, public domain implementations exist because AES has been a standard for over a decade.  AES is also more efficient than the current algorithm (not that this matters given message sizes). 

By using AES u give more food to trolls who will spread FUD about AES that might have flaws injected by NSA. XOR cipher is proved to be secure, it also relies on a well-studied cryptoprimitive.

4) While the NSA was part of the process that approved AES for usage by US government agencies, the NSA did not design AES; a pair of Belgian cryptographers did.  One-time pads (what you are calling the XOR cipher) have been proven to have perfect security.  The current NXT algorithm is not a one-time pad.  It's an original (AFAICT) SHA256-based stream cipher with a 256-bit keysize and cannot claim to have perfect security.

AES is harder to implement unlike XOR.

See (3)

Thank u.


This is my last post on this issue.  Like I said earlier, you are free to ignore my advice.

This sounds like u think that I decide what algo to use. Client devs decide.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #53 on: April 08, 2014, 07:14:35 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #54 on: April 08, 2014, 07:19:17 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #55 on: April 08, 2014, 07:30:52 am »

This sounds like u think that I decide what algo to use. Client devs decide.

True, but they wouldn't have done it without your recommendation :)

Is there anything wrong with this?

(1)  shared_secret = Curve25519(Alice_private_key, Bob_public_key)
(2)  256bit_AES_Key = SHA256 ( shared_secret )

Now Bob and Alice use that aes key to send encrypted messages using AES which is already implemented in Java standard library ( javax.crypto.* )
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #56 on: April 08, 2014, 07:35:02 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.

By the way, google search shows your algorithm is this:

http://crypto.stackexchange.com/questions/1656/is-sha-256-secure-as-a-ctr-block-cipher

even if secure, general consensus was that aes is better -- as it has been analyzed extensively since 2001
« Last Edit: April 08, 2014, 07:39:55 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #57 on: April 08, 2014, 09:26:14 am »

CfB, you don't live in magic fairy land where no one cares about what you say. And you can't change that.

Ok, then let's use both the algos. Security won't be hurt if u encrypt ur message twice.

Would encrypt/decrypt speed suffer much if we use both algos?


bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #58 on: April 08, 2014, 09:32:09 am »

Using both algos together? Sounds absurd.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #59 on: April 08, 2014, 09:33:30 am »

Using SHA256 will be slower (check the stackexchange link for this).

I don't see that the security would be a problem although of course there doesn't seem to have been any formal analysis (so I would not be against using AES instead).

FWIW I actually use a similar technique for CIYAM Open (if you use "cliento-crypto" to sign-in via "http" as I didn't have AES handy in .js).

Using both algos *together* would indeed be absurd (please don't anyone do this).

BTW - has any research been done on how safe "hash chains" are (assuming you treated this as a block cypher and reversed the order of the hashes then XORing with those has exactly the same security as a "hash chain" does)?
« Last Edit: April 08, 2014, 09:38:00 am by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #60 on: April 08, 2014, 09:43:28 am »


Using both algos *together* would indeed be absurd (please don't anyone do this).


Why would it be absurd?

What are the drawbacks?

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #61 on: April 08, 2014, 09:46:54 am »

Why would it be absurd?

What are the drawbacks?

Why not use 3 algos then - or better yet 10?

The point is that AES256 *is secure* if you really don't trust that then does encrypting again with an *unproven algo* do anything other than "take more time"?
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #62 on: April 08, 2014, 09:58:43 am »


Using both algos *together* would indeed be absurd (please don't anyone do this).


Why would it be absurd?

What are the drawbacks?

Much harder to implement (much slower)  and doesn't add anything at all increase security as the shared key (weakest point anyway)  for both algorithms would be the same. At least something TrueCrypt uses different keys for different algorithms, but we don't have that option here.

AES256 is the  the best algorithm to implement. It's already included in standard java library. You don't have to add a single line of code to NRS anyway as this can all be done on client side.  It has been the most studied symmetrical key algorithm in the past 10 years, and the probability it will be broken in our lifetime (if ever)  (even with quantum computers) is close to zero. Curve25519 will be broken long before AES (at least quantum computers will break that easily).

There is no reason to use anything else but AES256.

Everything already exists to implement AES

Curve25519(public_key, private_key) can be used to generate a shared secret (that already exists in Curve25519.java)

AES_256_Key =  SHA256 (shared_secret)

and now just use the key with standard library to encrypt and decrypt the text using AES256
« Last Edit: April 08, 2014, 10:03:45 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Jean-Luc

  • Core Dev
  • Hero Member
  • *****
  • Karma: +816/-81
  • Offline Offline
  • Posts: 1610
    • View Profile
Re: Encrypted Messages
« Reply #63 on: April 08, 2014, 10:59:15 am »

I also prefer using a well tested standard. If AES is controversial as being supported by NSA, how about other ciphers? Isn't Serpent considered more secure, AES being preferred only because of better performance?
Logged
GPG key fingerprint: 263A 9EB0 29CF C77A 3D06  FD13 811D 6940 E1E4 240C
NXT-X4LF-9A4G-WN9Z-2R322

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #64 on: April 08, 2014, 11:09:28 am »

I also prefer using a well tested standard. If AES is controversial as being supported by NSA, how about other ciphers? Isn't Serpent considered more secure, AES being preferred only because of better performance?

AES is prefered because most programming languages include it in standard libraries (including java). AES is more studied than Serpent. NSA "supports" it only in allowing US govt own secrets to be secured with AES256.

http://csrc.nist.gov/groups/ST/toolkit/documents/aes/CNSS15FS.pdf

Quote
The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.

I think this is a real bad argument, as we use SHA256 everywhere in Nxt, which (unlike AES) is in fact designed by NSA and was released to public in 2001.

In any case, Serpent is still better than current version.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #65 on: April 08, 2014, 11:14:23 am »

Using both algos together? Sounds absurd.

Disagree. Makes perfect sense.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #66 on: April 08, 2014, 11:17:16 am »

I also prefer using a well tested standard. If AES is controversial as being supported by NSA, how about other ciphers? Isn't Serpent considered more secure, AES being preferred only because of better performance?

I think if AES is good enough for Bitcoin then it is good enough Nxt (and the NSA use AES to encrypt their *own* stuff).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #67 on: April 08, 2014, 11:24:46 am »

Using both algos together? Sounds absurd.

Disagree. Makes perfect sense.

It doesn't as breaking one algorithm will reveal the secret key anyway that will break the second algorithm right away. It's stupid.   
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #68 on: April 08, 2014, 11:48:54 am »

Using both algos together? Sounds absurd.

Disagree. Makes perfect sense.

It doesn't as breaking one algorithm will reveal the secret key anyway that will break the second algorithm right away. It's stupid.

Can we keep them separated somehow yet linked....its the same principal as having 2 locks on your door....many people keep 2 locks on the front door.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #69 on: April 08, 2014, 11:51:51 am »

It doesn't as breaking one algorithm will reveal the secret key anyway that will break the second algorithm right away. It's stupid.

Why does breaking an algo reveal the secret key?
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #70 on: April 08, 2014, 11:57:33 am »

Using both algos together? Sounds absurd.

Disagree. Makes perfect sense.

It doesn't as breaking one algorithm will reveal the secret key anyway that will break the second algorithm right away. It's stupid.

Can we keep them separated somehow yet linked....its the same principal as having 2 locks on your door....many people keep 2 locks on the front door.

I don't think so. Truecrypt uses three algorithms but three keys are generated randomly  We don' have that option because we have to have a shared secret with someone else.

If the attacker break one algorithm that means the attacker has the shared secret. All other algorithms that must use same shared secret will be broken too.
« Last Edit: April 08, 2014, 11:59:30 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #71 on: April 08, 2014, 11:58:58 am »

It doesn't as breaking one algorithm will reveal the secret key anyway that will break the second algorithm right away. It's stupid.

Why does breaking an algo reveal the secret key?

Why won't it? The encryption key is derived from shared secret that comes from curve25519.
 
« Last Edit: April 08, 2014, 12:13:21 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #72 on: April 08, 2014, 12:13:24 pm »

Why won't it? The secret key is derived from shared secret that comes from curve25519.

If I were u I would add "IMHO" to ur phrase that by breaking an algo u reveal the key. I think u meant plain brute-force "cryptoanalysis".
Logged

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #73 on: April 08, 2014, 12:23:00 pm »

has anyone tested performance of the xoreddata algorithm?
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #74 on: April 08, 2014, 12:32:03 pm »

Why won't it? The secret key is derived from shared secret that comes from curve25519.

If I were u I would add "IMHO" to ur phrase that by breaking an algo u reveal the key. I think u meant plain brute-force "cryptoanalysis".

http://en.wikipedia.org/wiki/Multiple_encryption

Quote
Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.
To prevent that risk, one can use keys that are statistically independent for each layer (e.g. independent RNGs).

Maybe what I said wan't entirely correct, as key = hash (secret) satisfies the bold part.

Anyway, I won't bother with it, as it can even weaken AES

« Last Edit: April 08, 2014, 12:34:50 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #75 on: April 08, 2014, 12:32:54 pm »

has anyone tested performance of the xoreddata algorithm?

No, but generation of a shared secret will take 99% of time anyway. So speed of XoredData/AES is not important.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #76 on: April 08, 2014, 12:35:51 pm »

Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.
To prevent that risk, one can use keys that are statistically independent for each layer (e.g. independent RNGs).

Red text. It's not our case (AES+XOR).
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #77 on: April 08, 2014, 12:46:50 pm »

Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.
To prevent that risk, one can use keys that are statistically independent for each layer (e.g. independent RNGs).

Red text. It's not our case (AES+XOR).

See the bold part too.

Amway, I doubt any of the client will even bother with implementing two ciphers. Total waste of time and resources as AES256 itself is stronger than curve25519, so if entity (maybe aliens?) had resources to break AES, they will break  curve25519 first that breaks everything in nxt (not just encrypted messages).

So it remains a stupid suggestion
« Last Edit: April 08, 2014, 12:49:03 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #78 on: April 08, 2014, 12:52:33 pm »

See the bold part too.

Amway, I doubt any of the client will even bother with implementing two ciphers. Total waste of time and resources as AES256 itself is stronger than curve25519, so if entity (maybe aliens?) had resources to break AES, they will break  curve25519 first that breaks everything in nxt (not just encrypted messages).

So it remains a stupid suggestion

U indeed should start using "IMHO". I marked places for it with red color.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #79 on: April 08, 2014, 01:00:34 pm »

U indeed should start using "IMHO". I marked places for it with red color.

It's universally accepted that symmetric block ciphers are stronger than public-key cryptography-- not to mention AES256 offers real 256-bit security, vs 128-bit for curve2559.
« Last Edit: April 08, 2014, 01:20:22 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #80 on: April 08, 2014, 01:20:59 pm »

It's universally accepted that symmetric block ciphers are stronger than public-key cryptography, so there is no need for IMHO...

Sorry, but I disagree. For example, DES proves u wrong.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #81 on: April 08, 2014, 01:27:37 pm »

It's universally accepted that symmetric block ciphers are stronger than public-key cryptography, so there is no need for IMHO...

Sorry, but I disagree. For example, DES proves u wrong.

Funny because DES proves me right :)  Did you know that there have never been any known weakness found in DES even though it's almost 40 years old? The best attack against DES is still brute force and DES is weak now as it's only 56 bits

public key cryptography keeps getting weaker and weaker (especially RSA).

Also, all these cryptos (including nxt) will be broken if quantum computers become a reality.

AES256 will still be safe against quantum computers (it will weaken to 128 bits, but that is still pretty much unbreakable).

« Last Edit: April 08, 2014, 01:29:16 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #82 on: April 08, 2014, 01:28:55 pm »

CfB, please tell me where I am wrong:

1. AES is safe
2. Nxt messages use AES for encryption = messages are secure
3. Adding a second encryption (even f it is the algo from santa claus) doesn't make sense because it is already safe (2.)
« Last Edit: April 08, 2014, 01:31:07 pm by bitcoinpaul »
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #83 on: April 08, 2014, 01:31:51 pm »

Funny because DES proves me right :)  Did you know that there have never been any known weakness found in DES even though it's almost 40 years old? The best attack against DES is still brute force and DES is weak now as it's only 56 bits

public key cryptography keeps getting weaker and weaker (especially RSA).

Also, all these cryptos (including nxt) will be broken if quantum computers become a reality.

AES256 will still be safe (it will weaken to 128 bits, but still pretty much unbreakable).

DES proves that u r wrong about symmetric algos being stronger than asymmetric ones. It also explains why u think that broken algo means that key is known.

WRT "AES256 will still be safe (it will weaken to 128 bits, but still pretty much unbreakable)"... Well, 640K ought to be enough for anybody  ;)
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #84 on: April 08, 2014, 01:35:45 pm »

CfB, please tell me where I am wrong:

1. AES is safe
2. Nxt messages use AES for encryption = messages are secure
3. Adding a second encryption (even f it is the algo from santa claus) doesn't make sense because it is already safe (2.)

U should ask cryptoguys, I'm just a game developer.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #85 on: April 08, 2014, 01:39:31 pm »

Is this your serious answer to my post? ???
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #86 on: April 08, 2014, 01:40:26 pm »

In regards to using "both algos one on top of the other" I would like to point out the following.

If someone does not *trust* CfB's algo and prefers to use AES then why would they "trust it to be used as *well* as AES"?

Either you trust it or you don't IMO.

It's a bit like locking a box with either a steel lock or a "string with a knot" (assuming one doubts the strength of his algo then they should consider it to be as useless as just that).

So having a "string with a knot" as *well* as a steel lock looks a bit like "adding a rabbit's foot" for good luck!

(and btw - I did state before that I think his algo is actually fine - it just hasn't been rigorously tested)
« Last Edit: April 08, 2014, 01:43:27 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #87 on: April 08, 2014, 01:53:17 pm »

Is this your serious answer to my post? ???

Yes.

???
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #88 on: April 08, 2014, 01:54:12 pm »

DES proves that u r wrong about symmetric algos being stronger than asymmetric ones. It also explains why u think that broken algo means that key is known.

DES has never been broken except by brute force. Sorry, but you shot yourself in the foot there ;)

http://en.wikipedia.org/wiki/Data_Encryption_Standard

Quote
There are three attacks known that can break the full 16 rounds of DES with less complexity than a brute-force search: differential cryptanalysis (DC), linear cryptanalysis (LC), and Davies' attack. However, the attacks are theoretical and are unfeasible to mount in practice

And that's despite the fact that DES is 40 years old :)
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #89 on: April 08, 2014, 01:55:37 pm »

CfB's algo

This. Is. Not. My. Algo.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #90 on: April 08, 2014, 01:56:43 pm »

DES has never been broken except by brute force.

Ok.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #91 on: April 08, 2014, 01:57:35 pm »

This. Is. Not. My. Algo.

So - give us the link to where this algo is published (and in English please if you want this to be taken seriously).

Algos are published in papers and are peer reviewed (if it is BCNext's algo then same as being yours as he is no authority here).
« Last Edit: April 08, 2014, 01:59:08 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #92 on: April 08, 2014, 02:00:12 pm »

So - give us the link to where this algo is published (and in English please if you want this to be taken seriously).

http://en.wikipedia.org/wiki/XOR_cipher


Algos are published in papers and are peer reviewed.

Hahaha, I like ur joke (http://en.wikipedia.org/wiki/Caesar_cipher).
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #93 on: April 08, 2014, 02:01:31 pm »

http://en.wikipedia.org/wiki/XOR_cipher

Seriously we all know what an XOR cipher is - that is not *the algo* we are talking about.

Must you behave like a child?

What we are discussing is the merits of using a "hash chain" (whether you've done that forwards or reverse) to get your "one time pad" from the "shared secret".

Not the fact that the OTP is XORed with the data (all ciphers uses XOR).
« Last Edit: April 08, 2014, 02:03:35 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #94 on: April 08, 2014, 02:03:15 pm »

Seriously we all know what an XOR cipher is - that is not *the algo* we are talking about.

Must you behave like a child?

Hm? Looks like a personal insult. Bad mood much?
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #95 on: April 08, 2014, 02:05:01 pm »

Hm? Looks like a personal insult. Bad mood much?

Look at my edit.

Using XOR for ciphers is understood by 1st year CS students (that was my point - to ask us to read about XOR is treating us like we are children in which case I think in this context is "childish").

Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

gs02xzz

  • Hero Member
  • *****
  • Karma: +56/-12
  • Offline Offline
  • Posts: 1101
    • View Profile
Re: Encrypted Messages
« Reply #96 on: April 08, 2014, 02:05:32 pm »

Come on guys! maybe you all need to take a break and come back tomorrow. Lets be cool.
Logged
Nxt Mission is to commercialize the crypto technology and build new commerce and society.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #97 on: April 08, 2014, 02:05:57 pm »

What we are discussing is the merits of using a "hash chain" (whether you've done that forwards or reverse) to get your "one time pad" from the "shared secret".

Not the fact that the OTP is XORed with the data (all ciphers uses XOR).

XoredData doesn't use hash chain approach. It uses essential property of a one-way function.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #98 on: April 08, 2014, 02:07:30 pm »

XoredData doesn't use hash chain approach. It uses essential property of a one-way function.

How exactly does it extend the initial 256 bits (from the initial hash) to encrypt the *rest of the data* is the question?

The part I've bolded - makes no sense without an explanation for the above question.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #99 on: April 08, 2014, 02:10:16 pm »

XoredData doesn't use hash chain approach. It uses essential property of a one-way function.

How exactly does it extend the initial 256 bits (from the initial hash) to encrypt the *rest of the data* is the question.

The part I've bolded - makes no sense.

https://bitbucket.org/JeanLucPicard/nxt/src/401e1d865b75fddd1788792c3e518dc9bd74ae70/src/java/nxt/crypto/Crypto.java?at=master#cl-113

I know that this is a better explanation than plain English.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #100 on: April 08, 2014, 02:13:31 pm »

https://bitbucket.org/JeanLucPicard/nxt/src/401e1d865b75fddd1788792c3e518dc9bd74ae70/src/java/nxt/crypto/Crypto.java?at=master#cl-113

I know that this is a better explanation than plain English.

Thanks - so it inverts the hash then rehashes for each *block*.

We still would like to know where this algo was published and who has reviewed it?

It looks like something "home grown" to me.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #101 on: April 08, 2014, 02:20:01 pm »

Thanks - so it inverts the hash then rehashes for each *block*.

We still would like to know where this algo was published and who has reviewed it?

It looks like something "home grown" to me.

Noone publishes such simple algos. It's like patenting a wheel.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #102 on: April 08, 2014, 02:21:19 pm »

Noone publishes such simple algos. It's like patenting a wheel.

CfB - you clearly don't know much about *encryption* so rather than make a fool of yourself you should simply stop now.

If your simple algo was better than AES then why do we have people writing academic papers and peer reviewing at all?

All just a joke because "you know better" than them huh?
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #103 on: April 08, 2014, 02:26:25 pm »

Noone publishes such simple algos. It's like patenting a wheel.

CfB - you clearly don't know much about *encryption* so rather than make a fool of yourself you should simply stop now.

If your simple algo was better than AES then why do we have people writing academic papers and peer reviewing at all?

All just a joke because "you know better" than them huh?

Ian - u clearly transforming into a pocket Nxt troll, better stop now than later.

Approach used in XoredData is used in hardware RNGs when they need to generate sequence of numbers at rate higher than it's allowed by their source of entropy. Sorry, not going to waste my time on googling for u.
Logged

gs02xzz

  • Hero Member
  • *****
  • Karma: +56/-12
  • Offline Offline
  • Posts: 1101
    • View Profile
Re: Encrypted Messages
« Reply #104 on: April 08, 2014, 02:28:39 pm »

Take a break guys, take a break!


Edit - where is Bitcoinpaul?
« Last Edit: April 08, 2014, 02:30:38 pm by gs02xzz »
Logged
Nxt Mission is to commercialize the crypto technology and build new commerce and society.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #105 on: April 08, 2014, 02:29:35 pm »

Take a break guys, take a break!

Don't worry, we r programmers. No emotions involved :)
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #106 on: April 08, 2014, 02:30:32 pm »

Approach used in XoredData is used in hardware RNGs when they need to generate sequence of numbers at rate higher than it's allowed by their source of entropy. Sorry, not going to waste my time on googling for u.

Am sorry - first you say "I am just a games developer" and now you say "you know more than all the academics in the world about encryption".

There is a reason why algos are published and are tested - if you don't see it then that "doesn't make you right" it just makes you look "silly".

If I were Ethereum I would simply use your posts here to make Nxt look "stupid" and this is the very risk you are running doing this.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #107 on: April 08, 2014, 02:37:39 pm »

Am sorry - first you say "I am just a games developer" and now you say "you know more than all the academics in the world about encryption".

Such things r studied in any technical university in ex-USSR. Development of a hardware RNG is a student's lab work.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #108 on: April 08, 2014, 02:40:46 pm »

Such things r studied in any technical university in ex-USSR. Development of a hardware RNG is a student's lab work.

I am not talking about hardware RNG - we are talking about the algo which starts with an SHA256 hash - inverts it and then hashes that inversion in order to extend it.

What has that got to do with hardware RNG exactly?

The are plenty of PRG's around and they are all published - if this is one of them then it would also be published (if it was considered to be *secure*).

Maybe this is a PRG you use for games then?

In which case I would say - it has not been tested well enough for encryption like AES has.

What is "good enough for a game" is not "good enough for trusting your money to".
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #109 on: April 08, 2014, 02:40:51 pm »

If I were Ethereum I would simply use your posts here to make Nxt look "stupid" and this is the very risk you are running doing this.

Sad that this forum doesn't allow to put ppl into ignore list. Well, gonna put u together with FrictionlessCoin for a week.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #110 on: April 08, 2014, 02:42:27 pm »

Sad that this forum doesn't allow to put ppl into ignore list. Well, gonna put u together with FrictionlessCoin for a week.

Very mature - and so let's just ignore each other then okay?
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

VanBreuk

  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: Encrypted Messages
« Reply #111 on: April 08, 2014, 02:45:01 pm »

Gentlemen, please, take a deep breath.

Do not derail this thread into name calling and putting words in others' mouths. If there is tension to be resolved off topic, maybe doing it in private would be a good idea.
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #112 on: April 08, 2014, 02:47:18 pm »

Let's just stop with the silliness and get on with creating software (I've asked that my *smite* be removed - can that be done by a mod or do I need to "applaud" to get rid of it?).


« Last Edit: April 08, 2014, 03:08:48 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

VanBreuk

  • Hero Member
  • *****
  • Karma: +362/-19
  • Offline Offline
  • Posts: 2772
    • View Profile
Re: Encrypted Messages
« Reply #113 on: April 08, 2014, 03:10:53 pm »

Thank you.

It has to be done by an admin. I do not have the permissions to change user parameters. I have passed the request, it should be done soon.
Logged
GPG Fingerprint: B020 D1C1 F289 3B2C 3577  9EAD 455D D175 5913 C7F1

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #114 on: April 08, 2014, 03:12:41 pm »

Sorry to CfB for mistakenly thinking that he "smote" me.

That was *my act of childishness* for the day - and I am *man enough* to *own up to it*.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #115 on: April 08, 2014, 03:19:48 pm »

Sorry to CfB for mistakenly thinking that he "smote" me.

That was *my act of childishness* for the day - and I am *man enough* to *own up to it*.

By saying sorry u ruin all the pleasure of ignoring u. It's not fair.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #116 on: April 08, 2014, 03:21:39 pm »

By saying sorry u ruin all the pleasure of ignoring u. It's not fair.

Well the "smite" has gone away now so free to ignore me again if you like (I promise I won't do it again).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #117 on: April 08, 2014, 03:51:14 pm »

I will try and summarise now (with no "talking down" or "insults") for those that want to work out which way they want to go in regards to said encryption.

Currently there is an algo (that perhaps is being used in some *online games*) that uses what is known as OTP (one time pad) XOR encryption.

The "one time pad" as a *concept* is actually the *safest form of encryption* so that is not in question at all. The issue is *how the OTP gets constructed*.

In this case it gets constructed by starting with a SHA256 hash of a "shared secret" (that is created using the Curve algo in a manner similar although mathematically simpler to RSA style "public key encryption").

This is the "seed" (and would apply to whether you then decide to use this algo or AES) - you can consider this "seed" as the *password* for the particular message (and every message would be expected to use a different one so we are not questioning the *seed* unless we are worried about the Curve algo being broken).

In the algo being used this seed is *inverted* (i.e. all 0's changed to 1's and vice versa) then it is hashed again using SHA256 (so similar to a *hash chain* although not done in *reverse* as they are).

This is being done in order to "stretch the OTP" to the full length of the message (AES does the same thing in a different manner).

The question that was raised is "how secure is this OTP being created this way" and the answer is *we don't know* as it hasn't been extensively studied (whereas AES *has*).

I have used a similar algo for CIYAM when people elect to use "client-side crypto" (as I didn't have an AES .js handy and did have SHA256).

So I do believe myself that such an algo is *probably secure* but it has *not been peer-reviewed* nor had *years of testing* to say so.

So client devs should make their own decision about what algo they want to use.
« Last Edit: April 08, 2014, 03:53:52 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

v39453

  • Full Member
  • ***
  • Karma: +12/-2
  • Offline Offline
  • Posts: 155
    • View Profile
Re: Encrypted Messages
« Reply #118 on: April 08, 2014, 04:12:40 pm »

Quote
So client devs should make their own decision about what algo they want to use.

Different clients would need to be able to read each others messages. I understand the messages will have a prefix. Can't different algorithms have different prefixes? (I would use AES if it is available.)
« Last Edit: April 08, 2014, 04:14:19 pm by v39453 »
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #119 on: April 08, 2014, 04:15:32 pm »

Different clients would need to be able to read each others messages. I understand the messages will have a prefix. Can't different algorithms have different prefixes? (I would use AES if it is available.)

They can. Client devs should cooperate and decide what prefixes to assign to different algos.
Logged

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #120 on: April 08, 2014, 04:23:27 pm »

What is XoredData.java used for on the server side?
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #121 on: April 08, 2014, 04:27:55 pm »

What is XoredData.java used for on the server side?

For encryption and decryption in DGS transactions.
Logged

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #122 on: April 08, 2014, 04:43:04 pm »

What is XoredData.java used for on the server side?

For encryption and decryption in DGS transactions.

So why should we use another encryption for the client side only? If there is consensus that this is not safe enough or not tested enough, shouldn't it be changed on server too?
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #123 on: April 08, 2014, 04:52:16 pm »

So why should we use another encryption for the client side only? If there is consensus that this is not safe enough or not tested enough, shouldn't it be changed on server too?

Consensus is indeed a problem. Ok, XoredData has only one issue - it's not clear if its one-time pad is secure enough. If u look at SecureRandom u'll see that it uses similar approach based on SHA-1 (http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecureRandom). I think it should be enough to come to a conclusion that XoredData is safe if it's implemented without bugs. If we adopted Nxt that didn't have a whitepaper then we could adopt XOR cipher without all these bureaucracy things.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #124 on: April 08, 2014, 04:55:54 pm »

This is the *crux* of this *debate*.

I personally don't think that the methodology is *wrong* but I do accept what others have pointed out (that it isn't *peer-reviewed*).

So whether this should be used in the server or not is I think something that "has not been clearly decided".
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #125 on: April 08, 2014, 05:03:05 pm »

This is the *crux* of this *debate*.

I personally don't think that the methodology is *wrong* but I do accept what others have pointed out (that it isn't *peer-reviewed*).

So whether this should be used in the server or not is I think something that "has not been clearly decided".

On the other hand if these peers find flaws in XoredData then they should claim that they found a flaw in SecureRandom. I suspect that the latter has been peer-reviewed a lot of times, especially such critical thing as generation of random numbers in SecureRandom.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #126 on: April 08, 2014, 05:04:50 pm »

On the other hand if these peers find flaws in XoredData then they should claim that they found a flaw in SecureRandom. I suspect that the latter has been peer-reviewed a lot of times, especially such critical thing as generation of random numbers in SecureRandom.

Again - that is just about the *seed* not the *encryption* algo that *extends that seed* into a OTP.

No-one is disputing that the *seed* is the *problem* here (in fact those wanting AES are still going to use *the same seed*).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #127 on: April 08, 2014, 05:13:21 pm »

Just let JL decide.
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #128 on: April 08, 2014, 05:18:59 pm »

Again - that is just about the *seed* not the *encryption* algo that *extends that seed* into a OTP.

No-one is disputing that the *seed* is the *problem* here (in fact those wanting AES are still going to use *the same seed*).

Could anyone translate this plz? The meaning is beyond my comprehension level.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #129 on: April 08, 2014, 05:22:14 pm »

Could anyone translate this plz? The meaning is beyond my comprehension level.

You start with a *seed* and then to create the entire OTP you have to *extend* that (assuming the message is > 256 bits).

The algo you are using reverses the bits of the initial seed value and then takes an SHA256 hash of that to continue.

Is that clear enough (I read the code you gave the link to - or did I miss something)?
« Last Edit: April 08, 2014, 05:23:57 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #130 on: April 08, 2014, 05:23:49 pm »

You start with a *seed* and then to create the entire OTP you have to *extend* that.

The algo you are using reverses the bits of the initial seed value and then takes an SHA256 hash of that to continue.

Is that clear enough?

Extending part looks fine coz SecureRandom uses the same approach. If the problem is with seed then AES is affected to, right?
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #131 on: April 08, 2014, 05:25:05 pm »

Extending part looks fine coz SecureRandom uses the same approach. If the problem is with seed then AES is affected to, right?

Problem is not with the seed but with the *method to extend it*.

As stated AES does this too but it has been *studied to death*.

The algo being used here *has not* (the debate is simply about the *extension* algo).

Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #132 on: April 08, 2014, 05:30:18 pm »

Problem is not with the seed but with the *method to extend it*.

As stated AES does this too but it has been *studied to death*.

The algo being used here *has not* (the debate is simply about the *extension* algo).

If SecureRandom uses it, why can't we?
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #133 on: April 08, 2014, 05:32:01 pm »

If SecureRandom uses it, why can't we?

So now we are finally *getting somewhere* with this.

Who reviewed SecureRandom in using this and where is this published?

(understand that I have not been *arguing against the algo* the problem is that others are pointing out that "it has not been peer-reviewed")
« Last Edit: April 08, 2014, 05:33:41 pm by CIYAM »
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #134 on: April 08, 2014, 05:36:37 pm »

Who reviewed SecureRandom in using this and where is this published?

No idea.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #135 on: April 08, 2014, 05:38:00 pm »

Who reviewed SecureRandom in using this and where is this published?

No idea.

*That* is the very problem that we are dealing with (and remember that PRGs have been found to be *faulty* and have caused people to lose BTC already).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #136 on: April 08, 2014, 05:38:21 pm »

Why all the fuss?

CfB wants to use a theoretically perfect method, which in practice has not been cracked after 100+ years.
But somehow because there are no academic papers we cant use this for digital store??

Maybe just have an encryption type field and if somebody wants to use a different method, they can make a matched encryption/decryption functions

My feeling, if anybody cares, is that we are better off with a larger variety of methods. If everybody uses AES and there is a problem with it, then just like centralization, it is bad. If one time pad method is cracked, then it would only affect the things that used it. I think the probability of either is on the low side. [The paranoid in me feels that AES is forced onto people because it is well understood by the TLA's, while the OTP cant be cracked so it must be discouraged]

Why not let the person making the listing decide on encryption algo? That way they can choose which encryption they are most comfortable with. Arent there half a dozen possible ones we can use. It would be a nice marketing feature. User selectable encryption. And it gets this off of a philosophical debate. Since nobody can crack any of these things, it is a philosophical debate and ultimately not something we should force onto people.

NXT should be about freedom. Let the coder decide what they want to use or let the user choose.

James

P.S. Is it a requirement that everything we do must have been peer reviewed? Did anybody ever peer review the "if" statement?
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #137 on: April 08, 2014, 05:40:02 pm »

*That* is the problem that we are dealing with.

SecureRandom is a part of an industrial standard (Java SE). If it's there then it was reviewed, no doubt.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #138 on: April 08, 2014, 05:40:27 pm »

NXT should be about freedom. Let the coder decide what they want to use or let the user choose.

James - please read my last post.

This is not about *freedom* but *security*.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #139 on: April 08, 2014, 05:41:20 pm »

SecureRandom is a part of an industrial standard (Java SE). If it's there then it was reviewed, no doubt.

In that case you should have a link to the "peer reviewed paper for it" - please give us the link (Java SE doesn't just create stuff *out of thin air* does it?).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #140 on: April 08, 2014, 05:42:55 pm »

In that case you should have a link to the "peer reviewed paper for it" - please give us the link.

I don't care enough to spend time on that.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #141 on: April 08, 2014, 05:44:41 pm »

In that case you should have a link to the "peer reviewed paper for it" - please give us the link.

I don't care enough to spend time on that.

Well - those with thousands of dollars in NXT might find that statement *a bit of a concern*.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #142 on: April 08, 2014, 05:46:39 pm »

Well - those with thousands of dollars in NXT might find that statement *a bit of a concern*.

No, they understand what it actually means.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #143 on: April 08, 2014, 05:49:06 pm »

Well - those with thousands of dollars in NXT might find that statement *a bit of a concern*.

No, they understand what it actually means.

I see - so you *speak on their behalf now*?

(why not let *them* speak for themselves?)

Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #144 on: April 08, 2014, 05:49:40 pm »

SecureRandom is a part of an industrial standard (Java SE). If it's there then it was reviewed, no doubt.

In that case you should have a link to the "peer reviewed paper for it" - please give us the link (Java SE doesn't just create stuff *out of thin air* does it?).
Are you saying that we have to justify using Java SE by finding a peer reviewed paper for it?
Who will investigate the backgrounds of the researchers who did the peer review?
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #145 on: April 08, 2014, 05:50:55 pm »

Well - those with thousands of dollars in NXT might find that statement *a bit of a concern*.

No, they understand what it actually means.

I see - so you *speak on their behalf now*?

(why not let *them* speak for themselves?)
It seems that *you are speaking for them*
why not let *them* speak for themselves?
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #146 on: April 08, 2014, 05:51:42 pm »

I see - so you *speak on their behalf now*?

(why not let *them* speak for themselves?)

At least ur trolling has become more sophisticated...
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #147 on: April 08, 2014, 05:52:09 pm »

Well - those with thousands of dollars in NXT might find that statement *a bit of a concern*.

No, they understand what it actually means.

I see - so you *speak on their behalf now*?

(why not let *them* speak for themselves?)
Please stop bullying CfB.
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #148 on: April 08, 2014, 05:52:28 pm »

Are you saying that we have to justify using Java SE by finding a peer reviewed paper for it?
Who will investigate the backgrounds of the researchers who did the peer review?

You have clearly not followed this whole topic.

If you think that "security needs no review" then clearly I would not *trust you* with *my money*.

Even if we are not sure how *good* algos are I prefer those that are *publicly reviewed and tested* from those *that are not*.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #149 on: April 08, 2014, 05:53:31 pm »

Please stop bullying CfB.

It appears as though *I am the one being bullied* (by 2 people).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #150 on: April 08, 2014, 05:54:02 pm »

Even if we are not sure how *good* algos are I prefer those that are *publicly reviewed and tested* from those *that are not*.

Looks like u r a guy who compiles an OS before installing it...
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #151 on: April 08, 2014, 05:55:16 pm »

Even if we are not sure how *good* algos are I prefer those that are *publicly reviewed and tested* from those *that are not*.

Looks like u r a guy who compiles an OS before installing it...

Exactly *how is this relevant* to anything?
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #152 on: April 08, 2014, 05:56:58 pm »

What is XoredData.java used for on the server side?


For encryption and decryption in DGS transactions.

Hi, Wesley, keep in mind that DGS is not yet implemented and Jean Luk can switch to AES for that anytime.  Please stick with using AES on client side.  This thread clearly shows consensus on that point.
« Last Edit: April 08, 2014, 06:00:39 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #153 on: April 08, 2014, 05:57:59 pm »

Exactly *how is this relevant* to anything?

Just trying to find an explanation why u troll Nxt on both the forums.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #154 on: April 08, 2014, 05:59:15 pm »

Keep in mind that DGS is not yet implemented and Jean Luk can switch to AES for that on DGS anytime.  Please stick with using AES on client side.  This thread clearly shows censensus on that point.

Although I had originally tried to *defend* the algo being used I must say that I now agree 100% with you.

Use AES and forget about the other stuff.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

v39453

  • Full Member
  • ***
  • Karma: +12/-2
  • Offline Offline
  • Posts: 155
    • View Profile
Re: Encrypted Messages
« Reply #155 on: April 08, 2014, 06:00:41 pm »

Are you saying that we have to justify using Java SE by finding a peer reviewed paper for it?
Who will investigate the backgrounds of the researchers who did the peer review?

Here's my answer: using AES would just mean using Java's AES function instead of another function which is not meant to be used for encryption.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #156 on: April 08, 2014, 06:01:49 pm »

Here's my answer: using AES would just mean using Java's AES function instead of another function which is not meant to be used for encryption.

And *you are right* to say so.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #157 on: April 08, 2014, 06:12:10 pm »

What is XoredData.java used for on the server side?

For encryption and decryption in DGS transactions.

So why should we use another encryption for the client side only? If there is consensus that this is not safe enough or not tested enough, shouldn't it be changed on server too?

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds

« Last Edit: April 08, 2014, 06:17:03 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #158 on: April 08, 2014, 06:16:44 pm »

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds (our version is simple one round version)

XOR is a classical algo, u won't find a whitepaper for it. Saying that it's "homemade" is like saying that Euclid's algorithm for GCD is "homemade".
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #159 on: April 08, 2014, 06:18:56 pm »

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds (our version is simple one round version)

You are *also correct* but unfortunately those *in charge* don't care about this.

It is really *too frustrating* to deal with *cowboys* all the time - so guys - just do whatever you want to do - and let's see how you cope with the criticism from Ethereum (for sure I won't be defending it).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #160 on: April 08, 2014, 06:19:49 pm »

What is XoredData.java used for on the server side?

For encryption and decryption in DGS transactions.

So why should we use another encryption for the client side only? If there is consensus that this is not safe enough or not tested enough, shouldn't it be changed on server too?

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds (our version is simple one round version)
I am assuming CfB's approach is much faster to calculate. So if a user has thousands of listings he wants to make and doesnt care so much about security, but doesnt want to broadcast in plaintext, it seems to be a good option.

Are we expecting super top secret stuff that needs military grade encryption for this application?

I think different use cases have different solutions that makes sense
All of this debate is just delaying DGS. Why not let the person coding decide. then if there is really such a big problem, somebody else can make a new version. Maybe there is not really a problem at all?

James

P.S. Hey, maybe we should adopt ISO 9000 or some really burdensome methodology for getting everything done? that would really slow us down, but at least we could claim conformance to some fancy certification. :)
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #161 on: April 08, 2014, 06:20:06 pm »

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds (our version is simple one round version)

You are *also correct* but unfortunately those *in charge* don't care about this.

It is really *too frustrating* to deal with *cowboys* all the time - so guys - just do whatever you want to do - and let's see how you cope with the criticism from Ethereum (for sure I won't be defending it).

How so? Have you not read jean-luc's comment in this thread?
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #162 on: April 08, 2014, 06:21:12 pm »

Jean Luk can change that to AES. He has clearly stated that he favors implementing tried and tested method instead of homemade made. I cannot find a reference that anyone uses this exact homemade method for encryption. The closed I found was this:

http://en.wikipedia.org/wiki/SHACAL

but even that is not exactly the same as it uses 80 rounds (our version is simple one round version)

XOR is a classical algo, u won't find a whitepaper for it. Saying that it's "homemade" is like saying that Euclid's algorithm for GCD is "homemade".

All stream ciphers use XOR. This does not mean all stream ciphers are safe.

http://en.wikipedia.org/wiki/Stream_cipher_attack

We should not use homegrown stream cipher.

Your algorithm is not one-time pad with 100% security. It's a stream cipher


« Last Edit: April 08, 2014, 06:22:50 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #163 on: April 08, 2014, 06:21:53 pm »

I am assuming CfB's approach is much faster to calculate. So if a user has thousands of listings he wants to make and doesnt care so much about security, but doesnt want to broadcast in plaintext, it seems to be a good option.

So you must have missed the part that shows that this method is *slower* than AES?
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #164 on: April 08, 2014, 06:26:38 pm »

Your algorithm ...

It's not my algorithm, hehe
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #165 on: April 08, 2014, 06:27:35 pm »

I am assuming CfB's approach is much faster to calculate. So if a user has thousands of listings he wants to make and doesnt care so much about security, but doesnt want to broadcast in plaintext, it seems to be a good option.

So you must have missed the part that shows that this method is *slower* than AES?
I missed that part.

The "recent posts" only goes back 100 posts (@wesley can you increase that?) so I miss a lot of posts as I only look at the recent posts.

Still, Ian, we dont have a DGS release yet. Why not ease up on your requirement to have the first version be the absolute perfect version? Maybe I am a cowboy to even think that any version that works is better than no version. Its not like we cant update it after the first version.

On the overall scale of things, this strict enforcement of your design ideals on the *initial* release slows/stops things
Is that what you want?

James

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #166 on: April 08, 2014, 06:29:12 pm »

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?

It's not my encryption.  ;D

Btw, speed is irrelevant coz shared secret generation requires 100 times more CPU cycles.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #167 on: April 08, 2014, 06:31:10 pm »

Your algorithm ...

It's not my algorithm, hehe

It's untested (with no peer reviews) stream cipher. By the way, see this bit flipping attack against stream ciphers

http://en.wikipedia.org/wiki/Bit-flipping_attack
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Full Member
  • ***
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: Encrypted Messages
« Reply #168 on: April 08, 2014, 06:43:50 pm »

That said, I'd recommend using AES256/CBC with the SHA256 of the ECDH shared secret as the key ... instead of going with a homegrown cipher.  AES256 is part of JCE so codesize wouldn't be effected and it's a hell of a lot better battle-tested.  There isn't a lot to be gained by inventing crypto when you don't need to.

I believe that's all there is to say about this thread, really. Emphasis mine. You can replace "inventing" with "implementing custom" if you'd like.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #169 on: April 08, 2014, 06:46:12 pm »

Your algorithm ...

It's not my algorithm, hehe

It's untested (with no peer reviews) stream cipher. By the way, see this bit flipping attack against stream ciphers

http://en.wikipedia.org/wiki/Bit-flipping_attack

DGS messages could be vulnerable to these type of stream cipher attacks!

http://en.wikipedia.org/wiki/Stream_cipher_attack

Quote
Suppose an adversary knows the exact content of all or part of one of our messages. As a part of a man in the middle attack or replay attack, he can alter the content of the message without knowing the key, K. Say, for example, he knows a portion of the message, say an electronics fund transfer, contains the ASCII string "$1000.00". He can change that to "$9500.00" by xor'ing that portion of the ciphertext with the string: "$1000.00" xor "$9500.00". To see how this works, consider that the cipher text we send is just C(K) xor "$1000.00". The new message the adversary is creating is:
(C(K) xor "$1000.00") xor ("$1000.00" xor "$9500.00") = C(K) xor "$1000.00" xor "$1000.00" xor "$9500.00" = C(K) xor "$9500.00"
Recall that a string xor'ed with itself produces all zeros and that a string of zeros xor'ed with another string leaves that string intact. The result, C(K) xor "$9500.00", is what our ciphertext would have been if $9500 were the correct amount. See also: malleability (cryptography).
Bit-flipping attacks can be prevented by including message authentication code to increase the likelihood that tampering will be detected.



So untested stream cipher should definitely be changed when DGS is actually implemented.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #170 on: April 08, 2014, 06:57:16 pm »

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #171 on: April 08, 2014, 07:04:24 pm »

DGS messages could be vulnerable to these type of stream cipher attacks!

http://en.wikipedia.org/wiki/Stream_cipher_attack

It couldn't. The transactions won't pass signature validation in this case.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #172 on: April 08, 2014, 07:05:32 pm »

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?

We shouldn't, let's use AES.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #173 on: April 08, 2014, 07:20:19 pm »

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?

We shouldn't, let's use AES.

Ok, good. Lets close this thread then :)

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #174 on: April 08, 2014, 07:27:09 pm »

Ok, good. Lets close this thread then :)

Why? Let's talk about disadvantages of using AES. For example, imagine that Alice uses Java. Java implementation will use hardware accelerated AES. Intel and AMD implanted NSA backdoors into their chips (I mean hardware AES implementation). Now Alice has a bunch of problems, coz next time she connect to Internet, last N keys used for AES will be leaked to NSA server... Bob sticks to XoredData and doesn't have problems...
Logged

LiQio

  • Hero Member
  • *****
  • Karma: +50/-5
  • Offline Offline
  • Posts: 672
    • View Profile
    • NxtLoader for Windows
Re: Encrypted Messages
« Reply #175 on: April 08, 2014, 07:31:24 pm »

Without being able to follow the technical details in this very interesting thread.

I have a question: Why did BCNext choose the approach and didn't go the "easy" AES path?
Just asking because he doesn't seem to be the guy to just do things out of the clear blue sky...

Edit: could be because of the disadvantages CfB just posted...

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #176 on: April 08, 2014, 07:34:17 pm »

Without being able to follow the technical details in this very interesting thread.

I have a question: Why did BCNext choose the approach and didn't go the "easy" AES path?
Just asking because he doesn't seem to be the guy to just do things out of the clear blue sky...

Interesting questions, maybe coz he was "quite" paranoid? Google for "NSA AES CPU Snowden".
Logged

LiQio

  • Hero Member
  • *****
  • Karma: +50/-5
  • Offline Offline
  • Posts: 672
    • View Profile
    • NxtLoader for Windows
Re: Encrypted Messages
« Reply #177 on: April 08, 2014, 07:37:26 pm »

Without being able to follow the technical details in this very interesting thread.

I have a question: Why did BCNext choose the approach and didn't go the "easy" AES path?
Just asking because he doesn't seem to be the guy to just do things out of the clear blue sky...

Interesting questions, maybe coz he was "quite" paranoid? Google for "NSA AES CPU Snowden".

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #178 on: April 08, 2014, 07:40:38 pm »

Ok, good. Lets close this thread then :)

Why? Let's talk about disadvantages of using AES. For example, imagine that Alice uses Java. Java implementation will use hardware accelerated AES. Intel and AMD implanted NSA backdoors into their chips (I mean hardware AES implementation). Now Alice has a bunch of problems, coz next time she connect to Internet, last N keys used for AES will be leaked to NSA server... Bob sticks to XoredData and doesn't have problems...

This is not an attack against AES but a weird conspiracy theory. If we go that route, then lets imagine Aice uses Windows OS and Microsoft colludes with NSA, then regardless of AES or custom cipher (please stop calling it XOR) NSA will have both Bob's and Alice shared secret. 



Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #179 on: April 08, 2014, 07:41:36 pm »

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

And in that case understand that SHA256 was *created by the NSA* (so any algo using it is also just as questionable).

Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

CryptoScalper

  • Full Member
  • ***
  • Karma: +10/-24
  • Offline Offline
  • Posts: 192
  • Banned!
  • I DO NOT CONSENT
    • View Profile
Re: Encrypted Messages
« Reply #180 on: April 08, 2014, 07:41:38 pm »

Without being able to follow the technical details in this very interesting thread.

I have a question: Why did BCNext choose the approach and didn't go the "easy" AES path?
Just asking because he doesn't seem to be the guy to just do things out of the clear blue sky...

Edit: could be because of the disadvantages CfB is BCNext just posted...

FTFY...  thnx and...  ROFLMAO!   ;D
« Last Edit: April 08, 2014, 07:52:47 pm by smaragda »
Logged
"A world with the money can not be perfect." - BCNext

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #181 on: April 08, 2014, 07:43:40 pm »

Without being able to follow the technical details in this very interesting thread.

I have a question: Why did BCNext choose the approach and didn't go the "easy" AES path?
Just asking because he doesn't seem to be the guy to just do things out of the clear blue sky...

Interesting questions, maybe coz he was "quite" paranoid? Google for "NSA AES CPU Snowden".

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

That's not a valid argument. AES is very simple algorithm. There is no way for NSA to hide any hidden part in it that will not be discovered after 15 years of extensive study.

By the way, the CfB stream cipher uses SHA256 which was designed by NSA and released to general public in 2001. If NSA has a crack for SHA256, they can break CfB stream cipher.
 
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #182 on: April 08, 2014, 07:44:29 pm »

This is not an attack against AES but a weird conspiracy theory. If we go that route, then lets imagine Aice uses Windows OS and Microsoft colludes with NSA, then regardless of AES or custom cipher (please stop calling it XOR) NSA will have both Bob's and Alice shared secret.

Backdoor in soft can be found, But u can't find a backdoor in hardware.

U r free to call it a weird conspiracy theory, this won't change the reality anyway.
Logged

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #183 on: April 08, 2014, 07:45:31 pm »

By the way, the CfB stream cipher uses SHA256 which was designed by NSA and released to general public in 2001. If NSA has a crack for SHA256, they can break CfB stream cipher.

Agreed 100%.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

LiQio

  • Hero Member
  • *****
  • Karma: +50/-5
  • Offline Offline
  • Posts: 672
    • View Profile
    • NxtLoader for Windows
Re: Encrypted Messages
« Reply #184 on: April 08, 2014, 07:46:16 pm »

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

And in that case understand that SHA256 was *created by the NSA* (so any algo using it is also just as questionable).

hmm, not sure if I get the argument here... you opt to replace sha256, because it's a child of NSA?
 ;)

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #185 on: April 08, 2014, 07:46:51 pm »

This is not an attack against AES but a weird conspiracy theory. If we go that route, then lets imagine Aice uses Windows OS and Microsoft colludes with NSA, then regardless of AES or custom cipher (please stop calling it XOR) NSA will have both Bob's and Alice shared secret.

Backdoor in soft can be found, But u can't find a backdoor in hardware.

Hardware based backdoor cannot be relayed to NSA. It has to go through operating system anyway, and good luck in detecting backdoor in operating system when it's closed source. 

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #186 on: April 08, 2014, 07:48:25 pm »

That's not a valid argument. AES is very simple algorithm. There is no way for NSA to hide any hidden part in it that will not be discovered after 15 years of extensive study.

I'm talking not about hiding something inside the ciphertext. I'm talking about storing keys used by AES and leaking them to outside. http://en.wikipedia.org/wiki/AES_instruction_set
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #187 on: April 08, 2014, 07:50:18 pm »

Hardware based backdoor cannot be relayed to NSA.

U forgot "IMHO" again...
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #188 on: April 08, 2014, 07:52:39 pm »

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?
It seems USA guys like AES, Russian guys like OTP, maybe purely for the reason it isnt universally endorsed by USA guys.

If both ciphers are used by their respective countries for their sensitive info, then in my view, both are viable alternatives. Is NXT a USA product or a global product?

James
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #189 on: April 08, 2014, 07:52:43 pm »

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

And in that case understand that SHA256 was *created by the NSA* (so any algo using it is also just as questionable).

hmm, not sure if I get the argument here... you opt to replace sha256, because it's a child of NSA?
 ;)

No, the point is that such conspiracy theories are stupid. I don't believe NSA can break SHA256 as they released it to public to let the academic world study it extensively  so that it can be  vetted and verified by thousands of academics that don't work for NSA. That makes it easy for NSA to secure their own codes with SHA256. Keep in mind it's also the job of NSA (aside from breaking other people code) to keep the US secrets. The best way to do is to make SHA256 public and let the whole word try to crack it.

That's why AES is more secure than CfB stream cipher. AES is battle tested.
« Last Edit: April 08, 2014, 07:55:16 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #190 on: April 08, 2014, 07:53:59 pm »

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?
It seems USA guys like AES, Russian guys like OTP, maybe purely for the reason it isnt universally endorsed by USA guys.

This is not true. CfB is the only one who defended custom made stream cipher. Not everyone posting here is from USA
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #191 on: April 08, 2014, 07:55:30 pm »

That's not a valid argument. AES is very simple algorithm. There is no way for NSA to hide any hidden part in it that will not be discovered after 15 years of extensive study.

I'm talking not about hiding something inside the ciphertext. I'm talking about storing keys used by AES and leaking them to outside. http://en.wikipedia.org/wiki/AES_instruction_set
But it would take some sort of low level software that monitored the chip and stored the keys as they are generated. That's not part of any close source OS is it? I mean, it would be like 3 lines of code to capture and store in some innocuous RAM buffer.

they wouldnt do something like that, would they?

James
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #192 on: April 08, 2014, 07:56:03 pm »

P.S. maybe CfB would offer a bounty to anybody that cracks his encryption? and you would offer a counter bounty in case nobody can after a period of time?

But why would we even bother with this when there is perfectly secure and extensively studied and faster AES already included in most standard libraries including java?
It seems USA guys like AES, Russian guys like OTP, maybe purely for the reason it isnt universally endorsed by USA guys.

This is not true. CfB is the only one who defended custom made stream cipher. Not everyone posting here is from USA
Change "USA" to Western bloc and "Russian" to Eastern bloc
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #193 on: April 08, 2014, 07:56:51 pm »

Hardware based backdoor cannot be relayed to NSA.

U forgot "IMHO" again...

How would Intel chip on my computer sends secrets to NSA without going through  the operating system and Internet? If you can explain that, I will add IMHO.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #194 on: April 08, 2014, 07:57:06 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #195 on: April 08, 2014, 07:59:00 pm »

in that case I vote for not closing this thread too early - paranoid is the driving force behind both sides :D

And in that case understand that SHA256 was *created by the NSA* (so any algo using it is also just as questionable).

hmm, not sure if I get the argument here... you opt to replace sha256, because it's a child of NSA?
 ;)

No, the point is that such conspiracy theories are stupid. I don't believe NSA can break SHA256 as they released it to public to let the academic world study it extensively  so that it can be  vetted and verified by thousands of academics that don't work for NSA. That makes it easy for NSA to secure their own codes with SHA256. Keep in mind it's also the job of NSA (aside from breaking other people code) to keep the US secrets. The best way to do is to make SHA256 public and let the whole word try to crack it.

That's why AES is more secure than CfB stream cipher. AES is battle tested.
Can you prove that ALL methods of using AES have no logging software running in all the possible closed source OS?
using a single global standard allows a single compromise to compromise globally.
Unless CfB's choice can be cracked, it seems just the fact that it is non-AES is a positive marketing thing to non-Western bloc people's

Again, let the user decide which they trust more

James
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #196 on: April 08, 2014, 08:00:01 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from output since if that happens software based AES implementations will not be able to decode the cipher.  It has to be identical to software based output.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #197 on: April 08, 2014, 08:00:31 pm »

Hardware based backdoor cannot be relayed to NSA.

U forgot "IMHO" again...

How would Intel chip on my computer sends secrets to NSA without going through  the operating system and Internet? If you can explain that, I will add IMHO.
http://bgr.com/2014/01/15/nsa-spying-offline-computers-radio-waves/
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #198 on: April 08, 2014, 08:01:13 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #199 on: April 08, 2014, 08:02:32 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #200 on: April 08, 2014, 08:03:59 pm »

How would Intel chip on my computer sends secrets to NSA without going through  the operating system and Internet? If you can explain that, I will add IMHO.

Online method: U use hardware accelerated TLS that generates session keys which leak AES keys. Now every time u visit ur favorite https://penthouse.com u tell NSA ur AES keys.

Offline method: Mulder and Scully visit u and take ur notebook to FBI lab where they scan internal EPROM of the CPU and then scan Nxt blockchain.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #201 on: April 08, 2014, 08:04:20 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?

Beside, if this was possible, why would it only apply to AES? Intel chip magically will be sending everything I m typing right now with telepathically to NSA

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #202 on: April 08, 2014, 08:06:35 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?
Last I checked you cant firewall radio waves
http://bgr.com/2014/01/15/nsa-spying-offline-computers-radio-waves/

If you say CfB is being paranoid, then I say it is good to have someone that is paranoid doing security

James
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #203 on: April 08, 2014, 08:07:11 pm »

Beside, if this was possible, why would it only apply to AES? Intel chip magically will be sending everything I m typing right now with telepathically to NSA

It's too much data to be sent. Percentage of leaked data information can't be high.
« Last Edit: April 08, 2014, 08:09:07 pm by Come-from-Beyond »
Logged

jl777

  • Hero Member
  • *****
  • Karma: +718/-123
  • Offline Offline
  • Posts: 6170
    • View Profile
Re: Encrypted Messages
« Reply #204 on: April 08, 2014, 08:08:14 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?

Beside, if this was possible, why would it only apply to AES? Intel chip magically will be sending everything I m typing right now with telepathically to NSA
setup properly OTP cannot be cracked. Maybe they can still get it of course, but why make it easy for them?
Logged
There are over 1000 people in SuperNET slack! http://slackinvite.supernet.org/ automatically sends you an invite

I am just a simple C programmer

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #205 on: April 08, 2014, 08:08:59 pm »

How would Intel chip on my computer sends secrets to NSA without going through  the operating system and Internet? If you can explain that, I will add IMHO.

Online method: U use hardware accelerated TLS that generates session keys which leak AES keys. Now every time u visit ur favorite https://penthouse.com u tell NSA ur AES keys.

You are once again posting nonsense.  Good you have too much time on your hand. It's been like 8 hours of straight nonsense.




Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #206 on: April 08, 2014, 08:09:56 pm »

You are once again posting nonsense.

Hm, could u describe ur technical background plz?
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #207 on: April 08, 2014, 08:10:46 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?

Beside, if this was possible, why would it only apply to AES? Intel chip magically will be sending everything I m typing right now with telepathically to NSA
setup properly OTP cannot be cracked. Maybe they can still get it of course, but why make it easy for them?

CfB algorithm is not a one time pad. It's custom made with no peer reviews stream cipher. How many times this has to be repeated?


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

gs02xzz

  • Hero Member
  • *****
  • Karma: +56/-12
  • Offline Offline
  • Posts: 1101
    • View Profile
Re: Encrypted Messages
« Reply #208 on: April 08, 2014, 08:11:29 pm »

People, please take a break right here!
Logged
Nxt Mission is to commercialize the crypto technology and build new commerce and society.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #209 on: April 08, 2014, 08:14:11 pm »

CfB algorithm is not a one time pad. It's custom made with no peer reviews stream cipher. How many times this has to be repeated?

If ur statement is true then SecureRandom is flawed. Kinda unbelievable.
Logged

bitcoinpaul

  • Hero Member
  • *****
  • Karma: +590/-590
  • Offline Offline
  • Posts: 3097
  • Karmageddon
    • View Profile
Re: Encrypted Messages
« Reply #210 on: April 08, 2014, 08:14:34 pm »

If you say CfB is being paranoid, then I say it is good to have someone that is paranoid doing security


I like that ;D
Logged
Like my Avatar? Reply now! NXT-M5JR-2L5Z-CFBP-8X7P3

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #211 on: April 08, 2014, 08:14:45 pm »

We are going in circles but this issue has to be resolved.

Edit: If we can't agree on one why don't we use both.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #212 on: April 08, 2014, 08:15:43 pm »

If you say CfB is being paranoid, then I say it is good to have someone that is paranoid doing security


I like that ;D

Actually CfB doesn't care what algo u guys stick to. But the discussion is interesting and he is having fun taking part in it.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #213 on: April 08, 2014, 08:16:06 pm »

We are going in circles but this issue has to be resolved.

Jean-Luc will resolve it, don't worry.
Logged

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #214 on: April 08, 2014, 08:17:19 pm »

We are going in circles but this issue has to be resolved.

Jean-Luc will resolve it, don't worry.

Ok...lets leave it to the Captain.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #215 on: April 08, 2014, 08:19:34 pm »

CfB algorithm is not a one time pad. It's custom made with no peer reviews stream cipher. How many times this has to be repeated?

If ur statement is true then SecureRandom is flawed. Kinda unbelievable.

SecureRandom has nothing to do with this if the messages are larger than 256-bits. Anything larger than 256 bits relies on using NSA's designed SHA256 to generate keys for stream cipher.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #216 on: April 08, 2014, 08:22:04 pm »

SecureRandom has nothing to do with this if the messages are larger than 256-bits. Anything larger than 256 bits relies on using NSA's designed SHA256 to generate keys for stream cipher.

This statement is incorrect IMHO.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #217 on: April 08, 2014, 08:23:03 pm »

AES is battle tested.

I was talking about a danger of using hardware accelerated AES. Is my English so bad?

hardware accelerated instructions cannot add or delete anything from AES output as if that happens software based AES implementations will not be able to decode the cipher.
No,but it provides a single point where it can be tapped and keys leaked

How would those leaked keys be sent to NSA without being detected by my operating system and firewall?
Last I checked you cant firewall radio waves
http://bgr.com/2014/01/15/nsa-spying-offline-computers-radio-waves/

If you say CfB is being paranoid, then I say it is good to have someone that is paranoid doing security

If that paranoid leads him to conclude that untested algorithms should be used instead of battle tested ones then that kind paranoid is dangerous.


Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #218 on: April 08, 2014, 08:25:59 pm »

If that paranoid leads him to conclude that untested algorithms should be used instead of battle tested ones then that kind paranoid is dangerous.

There are 3 parts of the algo:

Seed generation (Curve25519 shared secret)
Key generation (sequence of SHA256 operations)
Xoring (Unbreakable if some conditions r satisfied)

What part r u talking about?
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #219 on: April 08, 2014, 08:29:01 pm »

If that paranoid leads him to conclude that untested algorithms should be used instead of battle tested ones then that kind paranoid is dangerous.

There are 3 parts of the algo:

Seed generation (Curve25519 shared secret)
Key generation (sequence of SHA256 operations)
Xoring (Unbreakable if some conditions r satisfied)

What part r u talking about?

Part two: Using SHA256 to generate sequence of keys for encryption. This is a custom made use of SHA256 to generate sequence of keys.

Please cite an example where SHA256 is used with stream cipher
« Last Edit: April 08, 2014, 08:33:14 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #220 on: April 08, 2014, 08:29:40 pm »

If that paranoid leads him to conclude that untested algorithms should be used instead of battle tested ones then that kind paranoid is dangerous.


Xoring (Unbreakable if some conditions r satisfied)


Can we (Nxt) replicate these conditions?

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #221 on: April 08, 2014, 08:35:20 pm »

Please cite an example where SHA256 is used with stream cipher

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/java/security/SecureRandom.java uses SHA1. It's the same family of algos.

Edit: It's only generation of the key.
« Last Edit: April 08, 2014, 08:37:47 pm by Come-from-Beyond »
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #222 on: April 08, 2014, 08:37:15 pm »

Can we (Nxt) replicate these conditions?

Yes, if we have a true one-time pad. XoredData creates such a pad by using SHA256.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #223 on: April 08, 2014, 08:51:57 pm »

I've found a paper - http://www.ecice06.com/EN/abstract/abstract18022.shtml (Thermal Noise Random Number Generator Based on SHA-2(512))

Quote
Abstract  With the rapid development of cryptography, the strength of security protocols and encryption algorithms consumingly relies on the quality of random number. This paper presents a new and security random number generator. The philosophy architecture is based on SHA-2 (512), whose security strength ensures the unpredictability of the produced random numbers. Furthermore, an FPGA-based implementation of architecture is described. The proposed architecture is a flexible solution in many applications taking into account the performance, power consumption, flexibility, cost and area.

But it's in unknown language, maybe encrypted...
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #224 on: April 08, 2014, 08:53:16 pm »

If that paranoid leads him to conclude that untested algorithms should be used instead of battle tested ones then that kind paranoid is dangerous.


Xoring (Unbreakable if some conditions r satisfied)


Can we (Nxt) replicate these conditions?

No, as it's not one time pad if message is larger than 256 bits as keys is  generated repeatedly using SHA256

By the way, we can also say AES256 is 100% secure if if the message is smaller than 256 bits

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #225 on: April 08, 2014, 08:55:37 pm »

No, as it's not one time pad if message is larger than 256 bits as keys is  generated repeatedly using SHA256

It's equal to one-time pad as long as SHA256 is not broken.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #226 on: April 08, 2014, 08:59:18 pm »

This is not true either. SHA256 might not be totally broken but still someone could find it's not a proper use of SHA256 to generate sequence of  keys to encrypt text and might have a weakness .

AES key generation mechanism was designed for this (unlike SHA256) and has never been shown to have weakness. Yours is self-made custom use of SHA256.
 
« Last Edit: April 09, 2014, 08:44:24 am by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #227 on: April 08, 2014, 09:04:27 pm »

Ok. So we have 2 options:

1. Use XOR. One day SHA256 may be broken.
2. Use AES. One day ur key can be leaked.

Would be interesting to see how many ppl choose #1 and how many - #2...
« Last Edit: April 09, 2014, 08:44:37 am by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #228 on: April 08, 2014, 09:09:01 pm »

There is 3 too

3. SHA256 isn't broken for hashing (for which it's designed originally)  but have been shown to be unsafe to generate sequence of encryption keys for encrypting text.   


« Last Edit: April 09, 2014, 08:44:52 am by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #229 on: April 08, 2014, 09:16:57 pm »

Please cite an example where SHA256 is used with stream cipher

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/java/security/SecureRandom.java uses SHA1. It's the same family of algos.

Edit: It's only generation of the key.

SecureRandom does not just use SHA1 by itself. It seeds it with entropy from operating system. Next SecureRandom call will seed it again with entropy from operating system again.

Your algorithm is different.   
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #230 on: April 08, 2014, 09:17:25 pm »

3. SHA256 isn't broken for hashing (for which it's designed originally)  but have been shown to be unsafe to generate sequence of encryption keys for encrypting text.

In this case we should choose AES IMHO.
Logged

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #231 on: April 08, 2014, 09:20:03 pm »

Next SecureRandom call will seed it again with entropy from operating system again.

No, it's seeded only once.

http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html:

Quote
Note: Depending on the implementation, the generateSeed and nextBytes methods may block as entropy is being gathered, for example, if they need to read from /dev/random on various unix-like operating systems.

If u run tests u'll see that SecureRandom "freezes" only once.
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #232 on: April 09, 2014, 01:38:54 am »

I lied ... I got one more post on this issue (for inclusion in nxt.crypto.Crypto):

Code: (Java) [Select]
public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey)
    throws GeneralSecurityException, IOException
{
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    byte[] iv = new byte[16];
    secureRandom.get().nextBytes(iv);
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
    ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
    ciphertextOut.write(iv);
    ciphertextOut.write(cipher.doFinal(plaintext));
    return ciphertextOut.toByteArray();
}

Code: (Java) [Select]
public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[])
    throws GeneralSecurityException
{
    if ( ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0 ) {
        throw new GeneralSecurityException("invalid ciphertext");
    }
    byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
    byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
    return cipher.doFinal(ciphertext);
}

An argument could be made that one should include an HMAC, but since these ciphertexts will be sent in the context of transactions which are already signed by their senders, we should be OK regarding message integrity protection.  If you imagine encryption/decryption will be used in some other context, it's easy for me to add the HMAC code.

I whipped it up fairly quickly and only lightly tested it so if you see anything amiss, please let me know.
« Last Edit: April 09, 2014, 01:40:28 am by doctorevil »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #233 on: April 09, 2014, 07:49:56 am »

I lied ... I got one more post on this issue (for inclusion in nxt.crypto.Crypto):

Code: (Java) [Select]
public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey)
    throws GeneralSecurityException, IOException
{
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    byte[] iv = new byte[16];
    secureRandom.get().nextBytes(iv);
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
    ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
    ciphertextOut.write(iv);
    ciphertextOut.write(cipher.doFinal(plaintext));
    return ciphertextOut.toByteArray();
}

Code: (Java) [Select]
public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[])
    throws GeneralSecurityException
{
    if ( ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0 ) {
        throw new GeneralSecurityException("invalid ciphertext");
    }
    byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
    byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
    return cipher.doFinal(ciphertext);
}

An argument could be made that one should include an HMAC, but since these ciphertexts will be sent in the context of transactions which are already signed by their senders, we should be OK regarding message integrity protection.  If you imagine encryption/decryption will be used in some other context, it's easy for me to add the HMAC code.

I whipped it up fairly quickly and only lightly tested it so if you see anything amiss, please let me know.

Thank u. Does this code allow to reveal the key without revealing the shared secret? Is it what "iv" for?
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #234 on: April 09, 2014, 08:12:40 am »

Thank u. Does this code allow to reveal the key without revealing the shared secret? Is it what "iv" for?

I'm not sure I understand your question 100% ... but here's a shot:

Are you asking if an attacker with knowledge of the "key" variable would be able to deduce "dhSharedSecret"?

The answer is no because the key is the SHA256 of the dhSharedSecret.   An attacker who was able to make such a deduction would be capable of a preimage attack on SHA256, which is currently assumed infeasible.

Iv stands for initialization vector.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #235 on: April 09, 2014, 08:14:28 am »

An argument could be made that one should include an HMAC, but since these ciphertexts will be sent in the context of transactions which are already signed by their senders, we should be OK regarding message integrity protection.  If you imagine encryption/decryption will be used in some other context, it's easy for me to add the HMAC code.


Could you pls add HMAC we have some other encrypt/decrypt use context in mind.

Thanks

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #236 on: April 09, 2014, 08:34:30 am »

I'm not sure I understand your question 100% ... but here's a shot:

Are you asking if an attacker with knowledge of the "key" variable would be able to deduce "dhSharedSecret"?

The answer is no because the key is the SHA256 of the dhSharedSecret.   An attacker who was able to make such a deduction would be capable of a preimage attack on SHA256, which is currently assumed infeasible.

Iv stands for initialization vector.

Imagine that Bob needs to reveal key used to encrypt a message received from Alice. Will this reveal all other messages from Alice? If yes, then we need a nonce and AES should use key == SHA256(sharedSecret ^ nonce).
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #237 on: April 09, 2014, 08:39:06 am »

Yes.  I concur with your solution.
« Last Edit: April 09, 2014, 08:44:06 am by farl4bit, Reason: Deleted unnecessary direct full-quote »
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #238 on: April 09, 2014, 08:47:46 am »

Great work doctorevil!

(I've applauded but maybe some of those whose pockets are bursting with large amounts of NXT can be nice enough to release a little bit of that pocket pressure by sending you some NXT).
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

antanst

  • Full Member
  • ***
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: Encrypted Messages
« Reply #239 on: April 09, 2014, 09:28:15 am »

(I've applauded but maybe some of those whose pockets are bursting with large amounts of NXT can be nice enough to release a little bit of that pocket pressure by sending you some NXT).

Yep, we've already tried to "lure" doctorevil with possible bounties or a hire to help in the transaction malleability issue discussed elsewhere. This is another good case.
Logged

BloodyRookie

  • Newbie
  • *
  • Karma: +5/-0
  • Offline Offline
  • Posts: 9
    • View Profile
Re: Encrypted Messages
« Reply #240 on: April 09, 2014, 11:41:30 am »

Having read the 12 pages of this thread I agree that AES is more standard, but the "cfb method" has merit too: It's very simple.
Why do I mention this?
There is a (probably) thoroughly tested java implementation of AES, but is the same true for javascript? wesleyh's client needs a javascript version of AES. Which libray should he use? Does anyone know javascript implementation of AES that was thoroughly checked?
Logged

antanst

  • Full Member
  • ***
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: Encrypted Messages
« Reply #241 on: April 09, 2014, 11:49:45 am »

crypto-js is the most prominent one. It has been around a long time as well, and it's the one I use and trust.

https://code.google.com/p/crypto-js/
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #242 on: April 09, 2014, 12:29:38 pm »

crypto-js is the most prominent one. It has been around a long time as well, and it's the one I use and trust.

https://code.google.com/p/crypto-js/

If this is to become part of NRS, there is even easier solution. Just provide API for encrypted and decrypted messages

http://wiki.nxtcrypto.org/wiki/Nxt_API

Something like this for encrypted message requestType=sendEncryptedMessage

Quote
http://localhost:7876/nxt?
     requestType=sendMessage&
     secretPhrase=SECRET&
     recipient=RECIP_ACCOUNT&
     fee=FEE&
     message=HEX_STRING&
     deadline=DEADLINE&
     referencedTransaction=REFTXID



« Last Edit: April 09, 2014, 12:37:40 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

CIYAM

  • Hero Member
  • *****
  • Karma: +75/-3
  • Offline Offline
  • Posts: 575
  • Ian Knowles - CIYAM Lead Developer
    • View Profile
    • CIYAM
Re: Encrypted Messages
« Reply #243 on: April 09, 2014, 12:32:36 pm »

crypto-js is the most prominent one. It has been around a long time as well, and it's the one I use and trust.

https://code.google.com/p/crypto-js/

Great - I am going to look into *replacing my own similar OTP algo" with AES for CIYAM when I get a chance.

As much as I think that the algo I created is *safe* I think it is always *far better* to use a well known and battle tested algo.
Logged
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #244 on: April 09, 2014, 12:36:17 pm »

If this is to become part of NRS, there is even easier solution. Just provide API for encrypted and decrypted messages

http://wiki.nxtcrypto.org/wiki/Nxt_API

Something like this for encrypted message

Quote
http://localhost:7876/nxt?
     requestType=sendMessage&
     secretPhrase=SECRET&
     recipient=RECIP_ACCOUNT&
     fee=FEE&
     message=HEX_STRING&
     deadline=DEADLINE&
     referencedTransaction=REFTXID

It's not safe for lightweight clients.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #245 on: April 09, 2014, 12:40:16 pm »

Yes, lightweight clients will need to implement this in their version of Crypto

I was talking about the clients that run NRS locally (like this version of Wesley client: http://nxtra.org/nxt-wallet/

-----------

Providing it as NRS API will ensure lightweight clients use the same method, making it compatible among various clients. 
« Last Edit: April 11, 2014, 09:47:55 am by ^[GS]^, Reason: No double-posts. Please use the modify-button. »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

wesley

  • Hero Member
  • *****
  • Karma: +204/-3
  • Offline Offline
  • Posts: 1159
    • View Profile
Re: Encrypted Messages
« Reply #246 on: April 09, 2014, 01:05:45 pm »

Also note that newer browsers will have webcrypto built int:

http://www.w3.org/TR/WebCryptoAPI/

Not sure if something can be done now to mimick the API described there (polyfill?)
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #247 on: April 09, 2014, 08:24:34 pm »

I know we have (sort) of reached an agreement,  but I posted the question about SHA256 based stream cipher here,

http://crypto.stackexchange.com/questions/15471/sha256-based-stream-cipher

enjoy the answers

-------------

I lied ... I got one more post on this issue (for inclusion in nxt.crypto.Crypto):

Code: (Java) [Select]
public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey)
    throws GeneralSecurityException, IOException
{
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    byte[] iv = new byte[16];
    secureRandom.get().nextBytes(iv);
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
    ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
    ciphertextOut.write(iv);
    ciphertextOut.write(cipher.doFinal(plaintext));
    return ciphertextOut.toByteArray();
}

Code: (Java) [Select]
public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[])
    throws GeneralSecurityException
{
    if ( ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0 ) {
        throw new GeneralSecurityException("invalid ciphertext");
    }
    byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
    byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
    return cipher.doFinal(ciphertext);
}

An argument could be made that one should include an HMAC, but since these ciphertexts will be sent in the context of transactions which are already signed by their senders, we should be OK regarding message integrity protection.  If you imagine encryption/decryption will be used in some other context, it's easy for me to add the HMAC code.

I whipped it up fairly quickly and only lightly tested it so if you see anything amiss, please let me know.

I tried testing this and got "java.security.InvalidKeyException: Illegal key size"

Google search reveals that by default AES key is restricted to 128 bits only

Would this be a problem for end users?

I had to include this code to fix this exception

Code: [Select]
   

   try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
   } catch (Exception ex) {
   ex.printStackTrace();
   }     

« Last Edit: April 11, 2014, 09:47:28 am by ^[GS]^, Reason: No double-posts. Please use the modify-button. »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Come-from-Beyond

  • Hero Member
  • *****
  • Karma: +794/-671
  • Offline Offline
  • Posts: 4013
    • View Profile
Re: Encrypted Messages
« Reply #248 on: April 10, 2014, 09:00:57 am »

I know we have (sort) of reached an agreement,  but I posted the question about SHA256 based stream cipher here,

http://crypto.stackexchange.com/questions/15471/sha256-based-stream-cipher

enjoy the answers

Well, the answers actually gave nothing new. Majority agreed that it's a secure algo but it's better to stick to well-studied solutions. Right, every good cryptographer ought to be conservative.
Logged

fmiboy

  • Jr. Member
  • **
  • Karma: +20/-0
  • Offline Offline
  • Posts: 92
    • View Profile
Re: Encrypted Messages
« Reply #249 on: April 10, 2014, 11:39:21 am »

...

I tried testing this and got "java.security.InvalidKeyException: Illegal key size"

Google search reveals that by default AES key is restricted to 128 bits only

Would this be a problem for end users?

I had to include this code to fix this exception

Code: [Select]
   

   try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
   } catch (Exception ex) {
   ex.printStackTrace();
   }     


I had similar issue when I implemented wallet file feature in Clienxt where secretPhrase is encrypted on file.

But as far as I know above code will remove restriction so that end user won't have to do anything.

Code below should remove all the restrictions and should work just fine.

Code: (Java) [Select]
try {
            final Class<?> jceSecurity = Class.forName("javax.crypto.JceSecurity");
            final Class<?> cryptoPermissions = Class.forName("javax.crypto.CryptoPermissions");
            final Class<?> cryptoAllPermission = Class.forName("javax.crypto.CryptoAllPermission");

            final Field isRestrictedField = jceSecurity.getDeclaredField("isRestricted");
            isRestrictedField.setAccessible(true);
            isRestrictedField.set(null, false);

            final Field defaultPolicyField = jceSecurity.getDeclaredField("defaultPolicy");
            defaultPolicyField.setAccessible(true);
            final PermissionCollection defaultPolicy = (PermissionCollection) defaultPolicyField.get(null);

            final Field perms = cryptoPermissions.getDeclaredField("perms");
            perms.setAccessible(true);
            ((Map<?, ?>) perms.get(defaultPolicy)).clear();

            final Field instance = cryptoAllPermission.getDeclaredField("INSTANCE");
            instance.setAccessible(true);
            defaultPolicy.add((Permission) instance.get(null));

        } catch (final Exception e) {
            LogGui("WARNING! CryptoException"+ e.getMessage());
        }
Logged

doctorevil

  • Jr. Member
  • **
  • Karma: +27/-0
  • Offline Offline
  • Posts: 42
    • View Profile
Re: Encrypted Messages
« Reply #250 on: April 10, 2014, 12:09:44 pm »

Thanks for "java.security.InvalidKeyException: Illegal key size" fixes.  I never ran into this in my tests since my JRE installation doesn't have the export-restrict JCE policy that apparently hobbles the default AES keysize to 128. 

Kinda crazy that that limitation is still there since the laws that restricted export of strong crypto from the US were amended ages ago.
Logged
You know, I have one simple request. And that is to have sharks with frickin' laser beams attached to their heads! Now evidently, my cycloptic colleague informs me that that can't be done. Can you remind me what I pay you people for? Honestly, throw me a bone here.

Jean-Luc

  • Core Dev
  • Hero Member
  • *****
  • Karma: +816/-81
  • Offline Offline
  • Posts: 1610
    • View Profile
Re: Encrypted Messages
« Reply #251 on: April 10, 2014, 05:01:50 pm »

I need to find a better solution. This workaround is really a hack, and will not work in the presence of a SecurityManager that does not allow changing field accessibility using reflection like that. The right way to do it would be to install the unlimited strength JCE policy files, but this is too complicated for the users. And I am not sure what will be the legal consequences on distributing those policy files, or a hack like the above, as part of the NRS package.

Does the Bouncy Castle JCE have the same restrictions? I hope not, and I will see if we can use it instead.
Logged
GPG key fingerprint: 263A 9EB0 29CF C77A 3D06  FD13 811D 6940 E1E4 240C
NXT-X4LF-9A4G-WN9Z-2R322

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #252 on: April 10, 2014, 05:59:27 pm »

Does the Bouncy Castle JCE have the same restrictions? I hope not, and I will see if we can use it instead.

Google searching, the correct answer seem to be:

Quote
As long as you use the BouncyCastle lightweight crypto API rather than the JCE you should not encounter any of the JCE's restrictions. This means you cannot use Cipher.getInstance("Whatever/ABCCBC/TooMuchPadding", "BC"). Just include the lightweight api jar in your class path; the source is here: http://bouncycastle.org/latest_releases.html

-------------------------

I can confirm Bouncy Castle lightweight API works without restriction.  I tested it (with some other code) and it worked fine.

I rewrote drevil's version with Bouncy Castle API

The link to API http://bouncycastle.org/download/lcrypto-jdk15on-150.zip

it compiles fine and I suspect works exactly the same way (didn't test it)

Code: [Select]
public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey)
    throws InvalidCipherTextException {
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        byte[] iv = new byte[16];
        secureRandom.get().nextBytes(iv);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(true, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(plaintext.length)];
        int len = aes.processBytes(plaintext, 0, plaintext.length, output, 0);

       int len2 =  aes.doFinal(output, len);       

       byte[] result = new byte[iv.length+len+len2];
       System.arraycopy(iv, 0, result, 0, iv.length);
       System.arraycopy(output, 0, result, iv.length, result.length-iv.length);
       return result;


    }

Code: [Select]
public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[])
    throws InvalidCipherTextException {
        if (ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0) {
            throw new InvalidCipherTextException("invalid ciphertext");
        }
        byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
        byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
        byte[] dhSharedSecret = new byte[32];
        Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
        byte[] key = sha256().digest(dhSharedSecret);
        PaddedBufferedBlockCipher aes = new PaddedBufferedBlockCipher(new CBCBlockCipher(
            new AESEngine()));
        CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
        aes.init(false, ivAndKey);
        byte[] output = new byte[aes.getOutputSize(ciphertext.length)];
        int len = aes.processBytes(ciphertext, 0, ciphertext.length, output, 0);
     
        int len2 =  aes.doFinal(output, len);       
       
        byte[] result = new byte[len+len2];
        System.arraycopy(output, 0, result, 0, result.length);
        return result;       
    }
« Last Edit: May 05, 2014, 07:37:59 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Encrypted Messages
« Reply #253 on: April 15, 2014, 02:57:44 pm »

That's not a valid argument. AES is very simple algorithm. There is no way for NSA to hide any hidden part in it that will not be discovered after 15 years of extensive study.

Not speaking about AES specifically, but in general. You can hide things in algos and nobody can prove it.

I recently read this: http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #254 on: April 15, 2014, 06:05:02 pm »

That's not a valid argument. AES is very simple algorithm. There is no way for NSA to hide any hidden part in it that will not be discovered after 15 years of extensive study.

Not speaking about AES specifically, but in general. You can hide things in algos and nobody can prove it.

I recently read this: http://arstechnica.com/security/2014/01/how-the-nsa-may-have-put-a-backdoor-in-rsas-cryptography-a-technical-primer/

That's about random number generator and Nist EC that have unknown constants. Neither SHA256 nor AES have unknown constants. They are simple algorithms

In fact, people noticed immediately something was fishy. This is from 2007

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

so it's not as if people didn't notice something was fishy about Dual_EC_DRBG

None of this applies to AES
« Last Edit: April 15, 2014, 06:11:25 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Encrypted Messages
« Reply #255 on: April 15, 2014, 06:43:18 pm »

That's about random number generator and Nist EC that have unknown constants. Neither SHA256 nor AES have unknown constants. They are simple algorithms

Where would you know?

Everything you do not know about AES and SHA256 is an unknown constant. One can transform algorithms to other algorithms which perform the same computations. Some of these other algorithms accidentally carries previously unknown constants. The algorithm itself is the unknown constant. You will never know until somebody discovers a suitable transformation.

Again, you can hide unknown constants in every algorithm if you wish to and it cannot be guaranteed to be revealed by somebody other than you.

And again, this has nothing to do with AES or SHA256 specifically. It applies to every algorithm in general.
« Last Edit: April 15, 2014, 06:47:15 pm by ChuckOne »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #256 on: April 15, 2014, 06:53:48 pm »

That's about random number generator and Nist EC that have unknown constants. Neither SHA256 nor AES have unknown constants. They are simple algorithms

Where would you know?

Everything you do not know about AES and SHA256 is an unknown constant. One can transform algorithms to other algorithms which perform the same computations. Some of these other algorithms accidentally carries previously unknown constants. The algorithm itself is the unknown constant. You will never know until somebody discovers a suitable transformation.


I was talking about hard coded unknown constants in the random number generator , like this

https://github.com/openssl/openssl/blob/master/fips/rand/fips_drbg_ec.c

Quote
__fips_constseg
static const unsigned char p_384_qx[] = {
   0x8e,0x72,0x2d,0xe3,0x12,0x5b,0xdd,0xb0,0x55,0x80,0x16,0x4b,
   0xfe,0x20,0xb8,0xb4,0x32,0x21,0x6a,0x62,0x92,0x6c,0x57,0x50,
   0x2c,0xee,0xde,0x31,0xc4,0x78,0x16,0xed,0xd1,0xe8,0x97,0x69,
   0x12,0x41,0x79,0xd0,0xb6,0x95,0x10,0x64,0x28,0x81,0x50,0x65
};
__fips_constseg
static const unsigned char p_384_qy[] = {
   0x02,0x3b,0x16,0x60,0xdd,0x70,0x1d,0x08,0x39,0xfd,0x45,0xee,
   0xc3,0x6f,0x9e,0xe7,0xb3,0x2e,0x13,0xb3,0x15,0xdc,0x02,0x61,
   0x0a,0xa1,0xb6,0x36,0xe3,0x46,0xdf,0x67,0x1f,0x79,0x0f,0x84,
   0xc5,0xe0,0x9b,0x05,0x67,0x4d,0xbb,0x7e,0x45,0xc8,0x03,0xdd
};

__fips_constseg
static const unsigned char p_521_qx[] = {
   0x01,0xb9,0xfa,0x3e,0x51,0x8d,0x68,0x3c,0x6b,0x65,0x76,0x36,
   0x94,0xac,0x8e,0xfb,0xae,0xc6,0xfa,0xb4,0x4f,0x22,0x76,0x17,
   0x1a,0x42,0x72,0x65,0x07,0xdd,0x08,0xad,0xd4,0xc3,0xb3,0xf4,
   0xc1,0xeb,0xc5,0xb1,0x22,0x2d,0xdb,0xa0,0x77,0xf7,0x22,0x94,
   0x3b,0x24,0xc3,0xed,0xfa,0x0f,0x85,0xfe,0x24,0xd0,0xc8,0xc0,
   0x15,0x91,0xf0,0xbe,0x6f,0x63
};
__fips_constseg
static const unsigned char p_521_qy[] = {
   0x01,0xf3,0xbd,0xba,0x58,0x52,0x95,0xd9,0xa1,0x11,0x0d,0x1d,
   0xf1,0xf9,0x43,0x0e,0xf8,0x44,0x2c,0x50,0x18,0x97,0x6f,0xf3,
   0x43,0x7e,0xf9,0x1b,0x81,0xdc,0x0b,0x81,0x32,0xc8,0xd5,0xc3,
   0x9c,0x32,0xd0,0xe0,0x04,0xa3,0x09,0x2b,0x7d,0x32,0x7c,0x0e,
   0x7a,0x4d,0x26,0xd2,0xc7,0xb6,0x9b,0x58,0xf9,0x06,0x66,0x52,
   0x91,0x1e,0x45,0x77,0x79,0xde
};


It was immediately  obvious to at least some people there might be a backdoor in Dual_EC_DRBG (your first link). 

Once again, this does not apply to aes and sha256. There are no unknown hardcoded constants, and the algorithms have been studied by independent academics for years

« Last Edit: April 15, 2014, 09:22:35 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

xyzzyx

  • Sr. Member
  • ****
  • Karma: +40/-1
  • Offline Offline
  • Posts: 339
  • NXT-L8EV-EMP8-7VE8-88WWL
    • View Profile
Re: Encrypted Messages
« Reply #257 on: April 18, 2014, 09:35:18 pm »

isn't it better if we have every message encrypted by default?

Sometimes we need public messages.

it's a client thing: devs should just make the option "encrypted" as default.

Yes, please take a note here all client developers:  the default should be encrypted. You should have to unmark "encrypted" to make it plain text.

If placing messages in the blockchain, I also would like them to be encrypted by default.  When presented to the user which option they would like, perhaps "private message" and "public message" would be better descriptors; less nerdy.
Logged
BM-NAvVBkSuKcRcRzFMynuXyHTrR8TfRtQk
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov

ChuckOne

  • Hero Member
  • *****
  • Karma: +293/-17
  • Offline Offline
  • Posts: 3450
  • ☕ NXT-4BTE-8Y4K-CDS2-6TB82
    • View Profile
Re: Encrypted Messages
« Reply #258 on: April 19, 2014, 08:38:54 am »

If placing messages in the blockchain, I also would like them to be encrypted by default.  When presented to the user which option they would like, perhaps "private message" and "public message" would be better descriptors; less nerdy.

Sounds excellent.
Logged

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #259 on: April 22, 2014, 09:26:19 am »

Will the AES encryption algo in Nxt core be able to encrypt/decrypt images?

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #260 on: April 22, 2014, 09:31:23 am »

Will the AES encryption algo in Nxt core be able to encrypt/decrypt images?

I will add another question: what's the max size for a message? That should tell us the max possible size (megapixels) for the image.

I am sure it's possible, at least it could be possible with binary to text encoding, http://en.wikipedia.org/wiki/MIME

even if there is no "official" support.
« Last Edit: April 22, 2014, 09:33:57 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #261 on: April 22, 2014, 09:37:53 am »


I will add another question: what's the max size for a message? That should tell us the max possible size (megapixels) for the image.



Actually we are planning to send/store the messages off-chain.

Image size limit 4 MB

« Last Edit: April 22, 2014, 09:41:27 am by landomata »
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #262 on: April 22, 2014, 09:49:17 am »


I will add another question: what's the max size for a message? That should tell us the max possible size (megapixels) for the image.



Actually we are planning to send/store the messages off-chain.

Image size limit 4 MB

In that case, just implement your own AES encryption. It shouldn't really be hard.

Is your app written in java? javascript?

 

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

landomata

  • Hero Member
  • *****
  • Karma: +121/-26
  • Offline Offline
  • Posts: 1535
    • View Profile
    • Newbium
Re: Encrypted Messages
« Reply #263 on: April 22, 2014, 09:53:22 am »


I will add another question: what's the max size for a message? That should tell us the max possible size (megapixels) for the image.



Actually we are planning to send/store the messages off-chain.

Image size limit 4 MB

In that case, just implement your own AES encryption. It shouldn't really be hard.

Is your app written in java? javascript?

Yes will look at something separately for the images.

Android is in Java.

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: Encrypted Messages
« Reply #264 on: April 22, 2014, 09:59:13 am »


I will add another question: what's the max size for a message? That should tell us the max possible size (megapixels) for the image.



Actually we are planning to send/store the messages off-chain.

Image size limit 4 MB

In that case, just implement your own AES encryption. It shouldn't really be hard.

Is your app written in java? javascript?

Yes will look at something separately for the images.

Android is in Java.

I thought so. I was confused as you you sent me a PM to javascript AES library

Java standard library includes AES ((javax.crypto.* )

You can just copy and paste and it will work just fine

-------------

I lied ... I got one more post on this issue (for inclusion in nxt.crypto.Crypto):

Code: (Java) [Select]
public static byte[] aesEncrypt(byte[] plaintext, byte[] myPrivateKey, byte[] theirPublicKey)
    throws GeneralSecurityException, IOException
{
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    byte[] iv = new byte[16];
    secureRandom.get().nextBytes(iv);
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
    ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream();
    ciphertextOut.write(iv);
    ciphertextOut.write(cipher.doFinal(plaintext));
    return ciphertextOut.toByteArray();
}

Code: (Java) [Select]
public static byte[] aesDecrypt(byte[] ivCiphertext, byte[] myPrivateKey, byte theirPublicKey[])
    throws GeneralSecurityException
{
    if ( ivCiphertext.length < 16 || ivCiphertext.length % 16 != 0 ) {
        throw new GeneralSecurityException("invalid ciphertext");
    }
    byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
    byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
    byte[] dhSharedSecret = new byte[32];
    Curve25519.curve(dhSharedSecret, myPrivateKey, theirPublicKey);
    byte[] key = sha256().digest(dhSharedSecret);
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
    return cipher.doFinal(ciphertext);
}




Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

verymuchso

  • Hero Member
  • *****
  • Karma: +118/-2
  • Offline Offline
  • Posts: 549
    • View Profile
    • HEAT Ledger
Re: Encrypted Messages
« Reply #265 on: April 29, 2014, 06:57:38 am »

Offspring 0.4.2e now supports AES 256 encrypted messages (while still being compatible with older XOR encrypted messages).
I'm using the bouncycastle libs to get around the 128 bit limit in the JRE.

Implementation; https://github.com/incentivetoken/offspring/blob/develop-nqt/com.dgex.offspring.ui/src/com/dgex/offspring/ui/messaging/MessageCrypto.java

This is an experimental release so things can still change, if you see a problem please post that here.
Logged
HEAT: DEX | SDK | HOME
Pages: 1 2 3 ... 14 [All]
 

elective-stereophonic
elective-stereophonic
assembly
assembly