tallman@dspo.UUCP (01/19/85)
Glenn Scott proposed the following Vernam mail cipher: > Given a key and a 16 character code the plaintext is exclusive or'ed with > successive characters of the key. The resulting 8-bit character value is > split into 2 4-bit pieces. These pieces are used as an index into the code > characters to be printed. Therefore each character in the plaintext is > translated into 2 encrypted characters. Send short messages. Experiment with > the enclosed programs and develop your own. Amaze your friends, baffle your > enemies !! The mail cipher is not very secure. First of all, it is a private key cipher, so you have to have some way to communicate the key secretly to everyone you want to correspond with, and all of them have to keep it secret. With a public-key cipher, you could tell the world a key to encipher messages to you, but only you could read them with a secret deciphering key. Second, the key should not be embedded in source code. Not only is it easy to dump object code and find it, but also it is hard to change the key. Third, the Vernam cipher is a simple periodic substitution cipher, and there are easy ways to break it. I was able to break the sample message he gave in a couple of hours. 3C0A0C 4C2655 191007 1B5518 071A06 021C1B 552548 115311 110319 4C161A **** **** ***** ** 064559 425515 000001 45170E 074B1C 551C0B 54091C 1E0A55 1A0B54 1B1D09 ** ***** **** 4F0512 171F06 1B0B4F 191C11 5A657F 65667C 7A6C7D 281909 011B79 274C5E The underlined repeated patterns (1B55, 1A06, and 0B54) come from letters in the message that fall under the same portion of the key. They are separated by 8, 8 and 16 tokens respectively, so the key is likely to be 8 letters long. This technique is called the Kasiski method. Next you guess the 16 letter pattern used to code the 16 hex digits. This is made easier because both the message and the key are made up of printable ascii characters, and the xor of two bytes with the top bit zero also has a top bit of zero. So the first letters of each pair must all be in the range 0 to 7. The arrangement is probably something easy to remember, so 0123456789ABCDEF is a good first choice. This gives the hex values of the xor of the plaintext with the key. Next you divide the text into eight sets of letters, each transformed with the same key letter. A program can be used to print all possible choices of key letter, rejecting cases with control characters and improbable letters. The key is then determined, and the message is cracked. t => H s h e - c k . \t 8 o => e t t l - a f t i \n G 1 u => y l r i h n \n l \n l => t I y ' r e g \t e o => I h ' y o s e \t n u => o d o u p l \t n s => j u u r o i a o \t \n e => u g t n n r t \t B The potential reader might get access to a whole mailbox full of encoded letters, making the task even easier. I would recommend using a different cipher, like encrypt and decrypt. C. David Tallman - dspo!tallman@LANL or ucbvax!unmvax!lanl!dspo!tallman Los Alamos National Laboratory - E-10/Data Systems Los Alamos, New Mexico - (505) 667-8495 -- C. David Tallman - dspo!tallman@LANL or ucbvax!unmvax!lanl!dspo!tallman Los Alamos National Laboratory - E-10/Data Systems Los Alamos, New Mexico - (505) 667-8495
glenn@sdcrdcf.UUCP (Glenn C. Scott) (01/21/85)
Sorry if I mislead anyone. I meant the programs for making encrypted mail to be very simple examples. I'm glad that Mr. Tallman made an explicit note that the stuff was NOT secure. I'm also impressed that he took the time to prove that it wasn't secure. Thanks. Glenn C. Scott - sdcrdcf!glenn System Development Corporation, Santa Monica, CA. 213-820-4111