Top Secret Crypto 3.70

Discussion in 'Computer Security' started by cjjbl, Dec 28, 2004.

  1. cjjbl

    cjjbl Guest

    Has anybody used it? Looks like the source code is available on their site.
    They also use keypairs like PGP, but also offer One-Time pads & virtual
    keyboards to login rather then using keystrokes.

    Sounds like a neat product, but there doesn't seem to be too much info (3rd
    party) available since they made their source code available. They were
    bombing it before because the encryption product did not reveal the source
    code.

    It also includes secure IM, PRNG's, and other goodies. either that or I"m
    going to go to GnuPG.

    Thanks.
     
    cjjbl, Dec 28, 2004
    #1
    1. Advertisements

  2. cjjbl

    oversight Guest

    goto GnuPG !

    ;) C 3.70 is a bit more than it seems...
     
    oversight, Dec 29, 2004
    #2
    1. Advertisements

  3. cjjbl

    cjjbl Guest

    hey thanks Oversight. Any reasons why? Read any recent reviews about TSC
    Gold? All I could find was old stuff before the source code was revealed.
     
    cjjbl, Dec 30, 2004
    #3
  4. Please explain what you mean by "is a bit more than it seems...". Sounds
    very conspiratorial to me. I am very interested to hear your response. After
    all, I am the one that wrote the program and the source code is there for
    anyone to take a look at and compile themselves.

    Sincerely,
    MacGregor K. Phillips
    TAN$TAAFL Software Company
    http://www.topsecretcrypto.com
     
    MacGregor K. Phillips, Dec 31, 2004
    #4
  5. cjjbl

    headcrash Guest

    I can help with that. It's easy when you have this kind of BS on your
    site to describe the product in jingoistic, non-proven terms:

    This paragraph was taken verbatin from your website

    "Top Secret Crypto Gold's strength rests on three basic concepts:
    (1) a true source of random bits which is provided by the program
    (2) a very large key space for the pseudo random number generators
    (3) a simple, but elegant, encryption formula. We call this The
    Black-Hole Encryption System. Like a black hole in which nothing can
    escape from, not even light, data encrypted using our system cannot be
    decrypted and extracted without the correct key."


    OK, let's start with number 1: Bullsh*t - there is not a true random
    source of bits on a deterministic-by-nature PC. Anyone who claims
    differently is a snake oil salesman

    Now on to number 2: Bullsh*t - very large keyspace for the pseudo
    random number generators? What kind of double-speak is that? And
    don't explain what keyspace means as everyone already knows it. A
    well-crafted cipher only needs 128-bits of security. Meritless claims
    of a zillion bits of keyspace are worthless, and the fodder of snake
    oil peddlers.

    Hey, we're already at number 3: Bullsh*t - I don't even know where to
    begin in this one, it stinks so much. Black-Hole Encryption System?
    WTF is that supposed to mean? How about your competitor's
    Supermassive Black Hole Encryption System? As everyone (with a bit of
    astro-physics) knows, supermassive black holes have the mass of over a
    billion black holes. Suppermassive black holes eat regular black
    holes. How puny your system looks now. Their system is over a
    billion times better and stronger than yours. Whatever.

    And the decription of "simple but elegant". Simple - possibly.
    Elegant - extremely highly unlikely. Everyone before you that has
    spewed the kind gobbledegook that can be found on your website
    describing your nimrod encryption product has turned out to have a
    most inelegant product.


    The obvious point here is that anyone who foregoes using an
    established algorithm like AES or 3DES or Blowfish or Twofish that are
    available FOR FREE in many reputable products like GNUPG in order to
    pay actual money for an unproven and most likely insecure product like
    yours is <explitive deleted> insane.


    There is so much garb to go over I must post another quote from your
    site that actually touts this as a feature:

    "A 39-bit timestamp means the program will be valid for 17,000+ years"

    This is *so* lame and I'm laughing so hard, its hard to write.
    Hmmmm... 17,000 years... gee... I don't know, man... couldn't you
    have made it valid for 100,000 years?

    NO! You couldn't. Its not even valid now. Tommorow, next week, a
    couple of months from now NO ONE'S GOING TO CARE! Not even the phony
    posts coming from you going "Gee hey everybody in sci.crypt, have you
    heard of this <explitive deleted piece of cr*p> software package
    called <explitive deleted nobody cares>? I just read about it and it
    looks really neat. Should I use it?"

    So, in closing, I think that when he said:

    ;) C 3.70 is a bit more than it seems...


    He was being much nicer than I'm being, but the nessage was the same,
    which is your product is a bigger bag of snake oil than all get out.


    Again, the better product to use would be GNUPG

    www.GNUPG.com

    Free

    Known-good algorithms designed by some of the best in the non-black
    crypto-world.

    Compatible with PGP

    Open, well-tested source

    The implementation of GNUPG has been recommended by many of the top
    crypto people. They've looked at its model closely and see that it is
    correctly designed and uses proper security techniques.

    And GNUPG doesn't use the snake oil terms "true one time pad" or "true
    source of random bits" or "Black Hole" anywhere in their website or
    documentation.

    I can explain it even further for you if this was not sufficient.
     
    headcrash, Dec 31, 2004
    #5
  6. cjjbl

    Johan Wevers Guest

    I disagree. You can solve it the way pgp 2 handled it - use user keystrokes
    as a source for random, or the way GnuPG handles it - use /dev/random, which
    gets input from user interaction and system responses like harddisk activity
    on it. Both contain a (probably undeterministic) human factor.

    If you insist on more randomness there are special hardware boards that
    measure white noise from certain electronic components - truly random.

    I agree on the other points: using an unknown encryption algorithm of
    untested design is insecure and unwise. Even the most respected
    programmers can fail here - does anyone remember Bass-o-matic in pgp 1.0?
    I've seen very few ciphers that I would call simple and elegant. They
    usually contain large arrays of carefully chosen sboxes. The most
    elegant design I know that is not completely broken (as far as we know
    now) is IMO RC5. IDEA would also have some claims on both, although it's
    more complicated by design.
    I certainly agree with that.
     
    Johan Wevers, Dec 31, 2004
    #6
  7. cjjbl

    GEO Me Guest

    Thanks for helping guide newbies like me.

    Geo
     
    GEO Me, Jan 1, 2005
    #7
  8. cjjbl

    Mack Guest

    First I have to say I agree with Tom St. Dennis on his assessment of
    the poor code quality. And I agree with headcrash in general. This
    is not a product that I would recommend.

    [snip]
    This is not strictly true. The method used in the program is the
    collection of the TSC or QueryPerformanceCounter. This has
    been discussed somewhat in sci.crypt.random. The gist of it is
    the random bits are collected from the interrupts and activity
    (network, keyboard, mouse, hard drive activities) and put through a
    chaos generator (the operating system). Using the low bits of these
    counters is pretty effective based on chaos theory. Especially if
    they are hashed after an accurate entropy estimate is determined.
    So far no one has come up with a way to make a valid entropy
    estimate.

    The way the program in question uses them is another matter entirely.
    The following code snippet is a perfect example.

    while(TRUE)
    {
    GetRandomBits(32,&dwTestNumber);
    if (dwTestNumber >= 100000001)
    {
    break;
    }
    }

    This shows a complete misunderstanding of what random means.
    This specifically eliminates some values. Of course these bits
    are further manipulated which prevents the output from looking
    bad but the method is entirely questionable.
    Looking at the source code leads me to the conclusion that the
    method may be simple but the source code is far from elegant.
    I agree completely with using standard ciphers.
    However the product is free for personal use.

    I would recommend against this product unless you believe in
    security through obscurity. I was unable to decipher exactly
    what the program is supposed to do thanks to the lack of
    organization in the source code and odd mixing of assembly
    with C

    [valid ranting snipped]
    Leslie 'Mack' McBride
    remove text between _ marks to respond via e-mail
     
    Mack, Jan 1, 2005
    #8
  9. cjjbl

    headcrash Guest

    And entropy is what we are going for.

    Without it, you're hosed.

    And without valid methods to make sure we're getting it, we are on a
    slippery dangerous slope.

    But the problem I have is more with the "claims" being made.
    And there is the rub. When someone, who is demonstrating lack of clue
    in the first place, takes off and "claims" a "true random number
    generator" with their product on these grounds, it raises a red flag.

    He also claims the security of OTP. Guess where he's getting the pad?

    To me, that is irresponsible.

    And with the current tech situation, I would argue with you...
    gently... that *anyone* who flatly claims they have a "true random
    number generator" from a PC with nothing more than software is a snake
    oil peddler.

    With the actual environment we have here, there is no question in my
    mind.

    You are well-spoken, and I agree with most of what you've said. I
    think maybe we just disagree on accountability to some extent.
    That may be true, but for an email product, possibly not so useful...

    Most persons have jobs, are at work a good deal of the time, and with
    most of the "free for personal use" licenses I've seen, using the
    software at your place of work is a violation of the license.

    Most persons probably encounter a need to send confidential email
    during times when they are *not* at home, and if they are using a
    product like GNUPG they do not need to worry if they are in violation.

    If this product, and I use that term loosely, is free like that, then
    I recant my comments about spending any money on it. But that does
    little to change why I think using it is ill-advised.

    (And before anyone decides to rail on about security at the office
    workplace, policies and procedures, etc. just a deep breath and suck
    it up and don't respond, because that is not what we are talking
    about. That is a different subject for a different thread)
     
    headcrash, Jan 2, 2005
    #9
  10. cjjbl

    cjjbl Guest

    thank you guys for the invaluable info to newbie like me. It sounded GREAT,
    but maybe more than it was lead to be.

    Wonder if GPG (frontends) should think about implementing a virtual
    keyboard, along with secure IM. I know I'm just rambling, but it would make
    a great product even totally better! Once again, thanks!

    Chris



     
    cjjbl, Jan 2, 2005
    #10
  11. cjjbl

    headcrash Guest

    You are incorrect IMO to equate disk activity and user input to a
    "true random number generator". That is a mistake. Big time.

    I agree you can get some reasonable entropy from those methods, but
    you are incorrect in my opinion about what I said and about the
    "claims" of the software product in discussion.

    Those are not "true random number generator" sources. The "claims"
    being made are for a "true random number generator". This lays the
    ground for an equally baseless claim that you can get a valid OTP.

    The "claim" was for a "true random number generator" from software
    alone, and that is VERY different than claiming a reasonable source of
    entropy to be used to give reasonable levels of security.

    Why is this important? Because it is. If you can show a true random
    source of entropy then you can demonstate a real OTP, which is the
    only method I'm aware of that can provide a proof of security.

    Another way to put it is this: If you say that this guy is giving us
    a true random number generator source than you are saying,
    unequivocally, that his software can be used in a way that is
    completely unbreakable. Are you willing to so state? I hope not.
     
    headcrash, Jan 2, 2005
    #11
  12. cjjbl

    headcrash Guest

    I agree with you about RC5. Way elegant. That is a great example.

    I find the SKIPJACK algorithm to be incredibly elegant, as well, both
    in design and capability.
     
    headcrash, Jan 2, 2005
    #12
  13. cjjbl

    Mack Guest

    Agreed, I have been working on entropy estimation for some time
    in relation to sound cards. The entropy obtained by the above method
    is real but not easy to estimate. On a server only the hard drive and
    network activity provide any real entropy. The network activity is
    readily available to an attacker. That only leaves the hard drive.
    The amount of entropy available there has been documented and
    is somewhat inferior. see

    http://world.std.com/~dtd/random/forward.pdf

    which estimates about 100bits/minute.

    My work with sound cards returns more like 100000 bits/sec in
    the general case (cheap is better here). And at least 40000 bits/sec
    in most cases. Unfortunately some high quality sound cards are
    much less than this.
    The claims of this program are very much like "snake oil."
    [snip]

    There is a good deal to be said for scathing review. The product
    definitely needs some scathing. At best the claims they make are
    exagerated and more likely much worse than that.

    On a side note, I am working on software that uses a computers
    sound input device as a randomness source. So far the results are
    promising. Several chunks of the most relavent source code were
    posted in sci.scrypt.random-numbers. It isn't exactly a "software
    only" solution since it assumes a common piece of hardware.

    The message id of the most recent string of posts is
    <>

    I haven't gotten much response, I have a string of followups on
    progress but no other posts.

    Leslie 'Mack' McBride
    remove text between _ marks to respond via e-mail
     
    Mack, Jan 2, 2005
    #13
  14. cjjbl

    Johan Wevers Guest

    I just looked at it (the old skipjack module code for GnuPG 1.0), and
    the code looks elegant, except for the array of 256 bytes.

    Unfortunately Skipjack isn't secure, so wether or not it's elegant,
    it doesn't match the second criterium.
     
    Johan Wevers, Jan 2, 2005
    #14
  15. cjjbl

    headcrash Guest

    As far as I know, you are incorrect. The attacks on Skipjack were for
    reduced rounds.

    Skipjack is secure as designed to 80-bits.

    Skipjack was designed by the NSA. There was a good deal of discussion
    in sci.crypt and the attacks do not work against full Skipjack.

    The speculation is that it was designed "just enough" to resist
    cryptanalysis, another elegant idea.

    My thinking is that to be able to do that on a crypto algorithm, while
    you are adding the kind of feature set that Skipjack can use gives a
    small glimpse into the capabilities of the NSA designers.
     
    headcrash, Jan 3, 2005
    #15
  16. cjjbl

    IPGrunt Guest

    headcrash <> confessed in

    <snip>

    Jingoistic, you say--just what is his foreign policy?

    -- ipgrunt
     
    IPGrunt, Jan 8, 2005
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.