Cryptography Cryptanalysis of OCB2

---

• Cryptanalysis of OCB2
• HTML Static page password protection
• Identifying a cipher
• DarkCastle - community cipher collection
• Prove PRG using comparsion of D

Cryptanalysis of OCB2 Posted: 31 Oct 2018 06:08 PM PDT submitted by /u/ErwanLikesRacketLang [link] [comments]

HTML Static page password protection Posted: 31 Oct 2018 07:19 PM PDT See link . The problem is once someone enters the password once, they can copy the hash from the url and just paste it as if they are entering the password. I know this is arbitrary seeing as the password could just as easily be spread around, but I was wondering if there was a way to fix this? Also anyone familiar with front end, if you have any other recommendations to improve the password protection, I would be interested in ideas. (Also what pitfalls you see). This is more for fun, so I am not too pressed about amazing security given how it is being set up. submitted by /u/slimuser98 [link] [comments]

Identifying a cipher Posted: 31 Oct 2018 02:47 PM PDT I've come across some code utilizing an unknown (to me) block cipher and am curious to see if anybody can identify it. My observations: ARX (add/rotate/XOR) cipher 64-bit block size 4 rounds (or 8?) Used in CBC mode Strange form of ciphertext stealing: replace the short final plaintext block with a full block of all zeroes and then XOR the short plaintext block into the final ciphertext block, truncating it. I'm thinking it's either Speck-64 or RC5 that's been heavily mangled by an optimizing compiler but the round operations don't match up. I don't know the implementation details of many algorithms so I'm probably missing something obvious. #!/usr/bin/env python3 # Probably compiler-optimized constants derived from a hardcoded key CONSTANTS = (0x99036946, 0xE99DB8E7, 0xE3AE2FA7, 0xA339740, 0xF06EB6A9, 0x92FF9B65, 0x28F7873, 0x9070E316) # I'm guessing it's some sort of IV IV = (0x6479B873, 0x48853AFC) def rotate_left(n, k): return ((n << k) & 0xFFFFFFFF) | (n >> (32 - k)) def encrypt(plaintext): short_block = b'' # Chop off the short block and replace it with a full block of all zeroes??? if len(plaintext) % 8 != 0: stop = 8 * (len(plaintext) // 8) short_block = plaintext[stop:] plaintext = plaintext[:stop] + b'\x00' * 8 ciphertext = [] # 64-bit IV? X, Y = IV # Operates on 64-bit blocks for offset in range(0, len(plaintext), 8): # XOR the last ciphertext into plaintext (CBC mode?) X ^= int.from_bytes(plaintext[offset:offset + 4], 'big') Y ^= int.from_bytes(plaintext[offset + 4:offset + 8], 'big') # Four rounds for _ in range(4): # Each round consists of two identical halves with just different constants for i in range(2): # XOR the first half of the block into the second Y ^= X # Add/rotate/XOR on the second half and XOR into the first a = (CONSTANTS[4*i + 0] + Y) & 0xFFFFFFFF b = (a - 1 + rotate_left(a, 1)) & 0xFFFFFFFF X ^= b ^ rotate_left(b, 4) # Add/rotate/XOR on the first half c = (CONSTANTS[4*i + 1] + X) & 0xFFFFFFFF d = (c + 1 + rotate_left(c, 2)) & 0xFFFFFFFF d ^= rotate_left(d, 8) # Further ARX operations on the above value, this time with a negative e = (CONSTANTS[4*i + 2] + d) & 0xFFFFFFFF f = (rotate_left(e, 1) - e) & 0xFFFFFFFF # Only step to use a bitwise-OR. Could be compiler optimizations, though. # Equivalent to (X & f) ^ X ^ (f ^ rotate_left(f, 16)) # ^^^^^^^^^^^^^^^^^^^^^^ # identical left and right halves? Y ^= (X | f) ^ rotate_left(f, 16) # Another ARX operation g = (CONSTANTS[4*i + 3] + Y) & 0xFFFFFFFF X ^= (g + 1 + rotate_left(g, 2)) & 0xFFFFFFFF # Output 64 bits ciphertext.append(X.to_bytes(4, 'big') + Y.to_bytes(4, 'big')) # ??? XOR the short plaintext block with the last ciphertext block, truncating it # Strange form of ciphertext stealing if short_block: last_block = ciphertext.pop() ciphertext.append(bytes(a ^ b for a, b in zip(last_block, short_block))) return b''.join(ciphertext) if __name__ == '__main__': print(encrypt(b'\x00' * 32)) submitted by /u/glycerol12 [link] [comments]

DarkCastle - community cipher collection Posted: 31 Oct 2018 07:54 AM PDT I've been inspired to create a simple authenticated file encryption program using ciphers that I've invented. I'm currently looking for others who would like to contribute ciphers to the project to make a large collection of community made ciphers that can be used and tested with through one simple application. I've taken note of some community ciphers that may be included from this "break my cipher" thread https://www.reddit.com/r/crypto/comments/9kk5gl/break_my_ciphercollectionpost/ Any cipher that isn't already broken (and can operate on binary data) can be submitted. The cipher does not necessarily have to be written in C. It can be written in any language as long as there are test vectors included with the cipher or the cipher is easy to implement. The cipher does not need to be authenticated as authentication mechanisms are already baked in. Although, new authentication methods are welcome too. Who wants their cipher to be included? The ciphers currently available within the program were developed by myself. ​ v0.1 source code https://github.com/pvial00/DarkCastle submitted by /u/pvial00 [link] [comments]

Prove PRG using comparsion of D Posted: 31 Oct 2018 03:36 PM PDT 1.) G: {0,1}^(n/2) ->{0,1}^(n+1) is PRG. G': {0,1}^n ->{0,1}^(n+1) is defined as G'(s):=(s_1,...,s_(n/2)) for seed s:=(s_1,...,s_n) ​ Prove that G' is also PRG using the argument that D for G' is also D for G. ​ ​ 2.) ​ ¬G: {0,1}^n ->{0,1}^(n+1) is PRG. G'': {0,1}^(n/2) ->{0,1}^(n+1) defined as G''(s):=¬G(0^(n/2) * s) for seed s:=(s_1,...,s_(n/2)) ​ Prove that ¬G is not a PRG using part 1.) submitted by /u/kriptoo123 [link] [comments]

You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States