[Cialug] Complete C source online

Morris Dovey mrdovey at iedu.com
Thu Jul 25 01:13:04 CDT 2013


On 7/24/13 10:38 PM, Zachary Kotlarek wrote:
>
> On Jul 24, 2013, at 8:08 PM, Morris Dovey <mrdovey at iedu.com> wrote:
>
>> The easy way is to tell people where to find a photo on the web and
>> to use that as the key when sending you encoded (.e) files as
>> e-mail attachments. If when you get one from them, decode it using
>> that same photo as the key.
>
>
> I really can't wrap my head around how that keeps the key secret. How
> is that any more secure than telling them "the password is TWINKLE"
> in terms of key disclosure?
>
> Are you just depending on the derefernce to make the key secret? Is
> the goal just to make the key hard for dumb algorithms (i.e. those
> that can't read or follow links) to guess?

The goal is to make the content “indistinguishable from pure noise” that 
Kristau suggested earlier. My hypothesis is that it’s an achievable 
goal. The approach I’m taking is to also turn the visible key file also 
into something indistinguishable from noise, but unique to that key file.

This key-file-derived noise is then used to control the sequence of 
operations that reduce the data file content to the to that 
“indistinguishable from pure noise” we set out to achieve.

Because of the operations used, the /only/ way back is to perform the 
reverse of each of the encoding operations in exact reverse order, and 
to do that it’s necessary to have an exact copy of the key-derived 
noise. If the key file is available, it’s a straight-forward process - 
but if it’s not, then brute force is possible but is going to waste an 
astronomical number of cycles...
...just to read “Don’t forget to pick up milk on your way home.”

The web page isn’t a standard proposal - it’s an invitation for 
programmers to think about the problem and an attempt to provide some 
ideas to think about.

>> An interesting eye-opener: according to about.com there are 294
>> billion e-mails sent every day. Imagine if each took one second to
>> decrypt. :)
>
> It could be decoded essentially in real-time on a single modern
> supercomputer: http://en.wikipedia.org/wiki/Tianhe-2
>
> 294 billion messages/day * 1 second/message / 86400 seconds/day /
> 3120000 cores = 1.09063 messages/core-second
>
> Which requires non-trivial resources, but nothing that would exceed
> the means of a state actor, particularly if it actually let them read
> everyone's email.

Then some better waster computer time will be needed. I don’t have a 
problem with that. :-)


More information about the Cialug mailing list