I just took a quick look at it but it seems to me like a polyalphabetic
substitution cipher with an effective block length of 16 bytes (i.e. every
16 bytes you have a monoalphabetic substitution cipher).
I mean, this doesn't hide the underlying language frequencies within each
block of 16 bytes (the length of your MD5 hashed keys). Of course I'm not a
cryptanalyst but it really seems to be crackeable with pen and paper
(granted, probably not as easy as a Vigenère cipher because of the
manipulations of the keys, but not much more difficult though).
Probably the only situations where this cipher is secure is when the length
of the text to be enciphered is <= 16 bytes (the length of your keys),
provided that you do not reuse the keys of course :-).
Pending the opinion of an experienced cryptographer, I would say that even
without the source code the Friedman and Kasisiki tests would quickly show
up the type of the encipherment (polyalphabetic) and the length of the key
(16 bytes).
As far as I know, this is the reason why modern strong symmetric ciphers use
both diffusion and confusion (as suggested by Claude E. Shannon). This piece
of code only implements substitution, and reminds me of a comment made by
Bruce Schneier regarding the simple XOR algorithm (Chapter 1, Foundations)
in his book "Applied Cryptography" ;-):
> -----Original Message-----
> From: angelo (at) rosiello (dot) org [email concealed] [mailto:angelo (at) rosiello (dot) org [email concealed]]
> Sent: Wednesday, February 15, 2006 2:48 PM
> To: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Kryptor Whitepaper released
>
> As I announced in previous threads, we released the full white paper of
> the algorithm implemented in Kryptor
> (http://www.rosiello.org/archivio/kryptor-0.1.2.tar.gz).
>
> The paper can be found at:
> http://www.rosiello.org
> or
> http://www.rosiello.org/modules/smartsection/item.php?itemid=8
>
> cheers,
> Angelo
>
> Rosiello Security,
> http://www.rosiello.org
I just took a quick look at it but it seems to me like a polyalphabetic
substitution cipher with an effective block length of 16 bytes (i.e. every
16 bytes you have a monoalphabetic substitution cipher).
I mean, this doesn't hide the underlying language frequencies within each
block of 16 bytes (the length of your MD5 hashed keys). Of course I'm not a
cryptanalyst but it really seems to be crackeable with pen and paper
(granted, probably not as easy as a Vigenère cipher because of the
manipulations of the keys, but not much more difficult though).
Probably the only situations where this cipher is secure is when the length
of the text to be enciphered is <= 16 bytes (the length of your keys),
provided that you do not reuse the keys of course :-).
Pending the opinion of an experienced cryptographer, I would say that even
without the source code the Friedman and Kasisiki tests would quickly show
up the type of the encipherment (polyalphabetic) and the length of the key
(16 bytes).
As far as I know, this is the reason why modern strong symmetric ciphers use
both diffusion and confusion (as suggested by Claude E. Shannon). This piece
of code only implements substitution, and reminds me of a comment made by
Bruce Schneier regarding the simple XOR algorithm (Chapter 1, Foundations)
in his book "Applied Cryptography" ;-):
...
crypted[x] = plainBlock[x] ^ MD5pwd[streamMd5pwd] ;
...
Best regards,
Omar A. Herrera
> -----Original Message-----
> From: angelo (at) rosiello (dot) org [email concealed] [mailto:angelo (at) rosiello (dot) org [email concealed]]
> Sent: Wednesday, February 15, 2006 2:48 PM
> To: focus-linux (at) securityfocus (dot) com [email concealed]
> Subject: Kryptor Whitepaper released
>
> As I announced in previous threads, we released the full white paper of
> the algorithm implemented in Kryptor
> (http://www.rosiello.org/archivio/kryptor-0.1.2.tar.gz).
>
> The paper can be found at:
> http://www.rosiello.org
> or
> http://www.rosiello.org/modules/smartsection/item.php?itemid=8
>
> cheers,
> Angelo
>
> Rosiello Security,
> http://www.rosiello.org
[ reply ]