Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Darth Freddy
Feb 6, 2007

An Emperor's slightest dislike is transmitted to those who serve him, and there it is amplified into rage.
Was talking to a co worker today about movies like mercury rising and phoneme where people have cracked government codes either by accident or on purpose. are there any cases of this?

all I found was a article where the British made a game for people to try and crack.

Adbot
ADBOT LOVES YOU

Shrecknet
Jan 2, 2005


No, and not for lack of opportunity. Kryptos remains only 75% solved.

Chillbro Baggins
Oct 8, 2004
Bad Angus! Bad!
The various intelligence agencies now run ARGs for recruiting purposes -- if you crack the codes, you get offered a job interview -- but as for the codes actually used for sensitive stuff, it's been nigh-impossible for at least most of the last century and getting harder by the minute.

Early codes like Caesar and Washington and Wellington used, the ones that are in puzzle books/Boy Scout "introduction to codes" these days, are fairly simple, but nowadays the ones used by the public (such as the crazy poo poo going on behind the "https" up there in your address bar) are effectively uncrackable; it'd be easier/quicker/cheaper by several orders of magnitude to mine Bitcoins, trade them cash, launder the money to hell and back, buy gold, and use the gold to buy the decryption algorithm off a corrupt NSA agent.

And it's fair to assume the government (at least the NATO/Commonwealth countries and Russia; the government of the week in, say, Somalia probably isn't as sophisticated) are using something two generations ahead of what the public have access to now.

Hell, the WWII German Enigma machine was like banging two rocks together in comparison to what we have now, and it was only shoddy user practices that allowed the Allies to crack it. The users were told its code was unbreakable so they got lazy with changing up the settings, providing the Poles and Brits with enough messages with the same settings to allow standard cryptographic analysis (with the help of the first computers in the modern sense). So the Nazis changed the design and enforced proper practice, which worked until the Brits captured a couple of U-boats and weather-monitoring ships before they could trash the radio rooms, getting a couple of complete machines and sets of codebooks/instruction manuals, and managed to come up with plausible enough alternate explanations for their press releases (which the Germans were reading, of course) announcing the Royal Navy laying waste to this or that wolfpack of U-boats so that Gerry thought his code was still secure and it was just that damned ASDIC and British luck (similarly, the myth about eating lots of carrots making your night vision better was the cover story for British night-fighter pilots to avoid giving away the fact that they had radar).

And all the really fun stuff is encrypted using one-time pads, which are completely random matrices; pretty much the only way to crack a one-time pad before the heat death of the universe is to capture a person using it before they have a chance to destroy their copy of the pad.

PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane

Delivery McGee posted:

And all the really fun stuff is encrypted using one-time pads, which are completely random matrices; pretty much the only way to crack a one-time pad before the heat death of the universe is to capture a person using it before they have a chance to destroy their copy of the pad.

Assuming the pads are truly random, there's not even a way to crack it given infinite time, since there exists a key that will decrypt the ciphertext to any message, and all keys occur with equal probability.

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer

Delivery McGee posted:

And it's fair to assume the government (at least the NATO/Commonwealth countries and Russia; the government of the week in, say, Somalia probably isn't as sophisticated) are using something two generations ahead of what the public have access to now.
The government may have more compute and may dedicate more resources to finding vulnerabilities, but saying they are "two generations ahead" is certainly not true. They are all using RSA and AES to encrypt their data and communications, just like the rest of the world.

Lima
Jun 17, 2012

Delivery McGee posted:

The various intelligence agencies now run ARGs for recruiting purposes -- if you crack the codes, you get offered a job interview -- but as for the codes actually used for sensitive stuff, it's been nigh-impossible for at least most of the last century and getting harder by the minute.

Early codes like Caesar and Washington and Wellington used, the ones that are in puzzle books/Boy Scout "introduction to codes" these days, are fairly simple, but nowadays the ones used by the public (such as the crazy poo poo going on behind the "https" up there in your address bar) are effectively uncrackable; it'd be easier/quicker/cheaper by several orders of magnitude to mine Bitcoins, trade them cash, launder the money to hell and back, buy gold, and use the gold to buy the decryption algorithm off a corrupt NSA agent.

And it's fair to assume the government (at least the NATO/Commonwealth countries and Russia; the government of the week in, say, Somalia probably isn't as sophisticated) are using something two generations ahead of what the public have access to now.

Hell, the WWII German Enigma machine was like banging two rocks together in comparison to what we have now, and it was only shoddy user practices that allowed the Allies to crack it. The users were told its code was unbreakable so they got lazy with changing up the settings, providing the Poles and Brits with enough messages with the same settings to allow standard cryptographic analysis (with the help of the first computers in the modern sense). So the Nazis changed the design and enforced proper practice, which worked until the Brits captured a couple of U-boats and weather-monitoring ships before they could trash the radio rooms, getting a couple of complete machines and sets of codebooks/instruction manuals, and managed to come up with plausible enough alternate explanations for their press releases (which the Germans were reading, of course) announcing the Royal Navy laying waste to this or that wolfpack of U-boats so that Gerry thought his code was still secure and it was just that damned ASDIC and British luck (similarly, the myth about eating lots of carrots making your night vision better was the cover story for British night-fighter pilots to avoid giving away the fact that they had radar).

And all the really fun stuff is encrypted using one-time pads, which are completely random matrices; pretty much the only way to crack a one-time pad before the heat death of the universe is to capture a person using it before they have a chance to destroy their copy of the pad.

The enigma also had the weakness that a letter couldn't be scrambled to become itself again. Some cool enigma videos:
https://www.youtube.com/watch?v=V4V2bpZlqx8
https://www.youtube.com/watch?v=G2_Q9FoD-oQ

Hyperlynx
Sep 13, 2015

Governments can't even crack off-the-shelf cryptography in any reasonable timescales. That's why they're getting so pissy about the public having access to end-to-end encryption via things like Whatsapp.

So if well-funded government intelligence departments can't crack publicly available technology, it's a reasonable assumption that the general public can't crack them either. Though security researchers do their best to try.

thrakkorzog
Nov 16, 2007
Most of the old codes were designed by people who were sponsored by rulers, and kept their codes secret in case their secrets fell into enemy hands.

These days most modern day cryptologists tend to open source their ideas, and ask for any obvious loopholes.

It's possible that the NSA has cracked a few codes without publishing everything. But that doesn't mean they've cracked everything, and they would like to keep that mix secret.

Namarrgon
Dec 23, 2008

Congratulations on not getting fit in 2011!
Bribes, extortion and 'social engineering' are a lot easier, faster and cheaper than hardcore breaking codes.

Hyperlynx
Sep 13, 2015

thrakkorzog posted:

Most of the old codes were designed by people who were sponsored by rulers, and kept their codes secret in case their secrets fell into enemy hands.

These days most modern day cryptologists tend to open source their ideas, and ask for any obvious loopholes.

It's possible that the NSA has cracked a few codes without publishing everything. But that doesn't mean they've cracked everything, and they would like to keep that mix secret.

Yes, that's part of it. The modern approach to cryptography is that it must be secure even if the attacker knows every detail of how the encryption works - the only secret is the encryption key. If knowing how the cypher works is enough to break it then it's a poo poo cypher.

Chillbro Baggins
Oct 8, 2004
Bad Angus! Bad!

thrakkorzog posted:

It's possible that the NSA has cracked a few codes without publishing everything. But that doesn't mean they've cracked everything, and they would like to keep that mix secret.

Yeah, my reply was built on all the late-Cold War novels I read as a kid, advances have been made, re: "the NSA is two steps ahead." Nowadays, they're lucky to bribe the devs into giving them a skeleton key for the algorithm everybody uses to log in to a website.

Isn't the DVD decryption program banned in the US? I remember a t-shirt being sold with a block of code printed on it, but if you compile and run that code, it's a crime. Sort of like how it's legal to grow hemp for textiles, but if you set it on fire and breathe the smoke, that's a crime.

Hyperlynx posted:

Yes, that's part of it. The modern approach to cryptography is that it must be secure even if the attacker knows every detail of how the encryption works - the only secret is the encryption key. If knowing how the cypher works is enough to break it then it's a poo poo cypher.
But I was mostly right, modern encryption is near enough to a one-time pad. Although if you know what some of the cleartext is, you can make the job easier with rainbow tables.

PT6A posted:

Assuming the pads are truly random, there's not even a way to crack it given infinite time, since there exists a key that will decrypt the ciphertext to any message, and all keys occur with equal probability.
Did you even read the second sentence of the bit you quoted? You're posting in a cryptography thread, and cant even crack the code of the English language. I'm pretty sure "the end of the universe" counts as "(effectively) infinite time." Hence , as with Enigma, the best (nowadays the only) way to crack a decent code is to ice the guy before he has a chance to burn or throw the codebooks overboard/chew and swallow the one-time pad/thermite or degauss the HDD.

On the other hand, if the government wants to log in to your banking website or SA account, it's fairly trivial to brute-force a 16-character password, given a big enough Beowulf cluster or supercomputer, especially since most people choose passwords that are easy to remember and thus easy to break. They don't have to break the encryption, they just have to break the password, and the list of passwords that hash to a certain value is relatively small, hence rainbow tables -- of course, their passwords are ideally also encrypted and may use a physical USB dongle with a rolling code ...

Jabor
Jul 16, 2010

#1 Loser at SpaceChem
Security researchers find flaws in consumer encryption algorithms distressingly often.

There's also evidence that state-sponsored groups like the NSA have been aware of these flaws long before security researchers found them, and have actively been exploiting those flaws to spy on internet traffic.

PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane

Delivery McGee posted:

Did you even read the second sentence of the bit you quoted? You're posting in a cryptography thread, and cant even crack the code of the English language. I'm pretty sure "the end of the universe" counts as "(effectively) infinite time." Hence , as with Enigma, the best (nowadays the only) way to crack a decent code is to ice the guy before he has a chance to burn or throw the codebooks overboard/chew and swallow the one-time pad/thermite or degauss the HDD.

It's a big difference, actually. There are multiple cryptosystems that would take effectively infinite time to break given current technology, but it is impossible to crack a properly-used one-time-pad even with infinite time, or some technological advance that increased effective computing power by an arbitrary amount.

In practice, right now, the difference is indeed trivial because, in either case, the only way to practically decrypt something encrypted with a one-time-pad or a modern cryptosystem is through rubber-hose cryptography or exploiting improper use. There is, however, a massive theoretical difference between the two.

Gromit
Aug 15, 2000

I am an oppressed White Male, Asian women wont serve me! Save me Campbell Newman!!!!!!!

Delivery McGee posted:

On the other hand, if the government wants to log in to your banking website or SA account, it's fairly trivial to brute-force a 16-character password, given a big enough Beowulf cluster or supercomputer, especially since most people choose passwords that are easy to remember and thus easy to break. They don't have to break the encryption, they just have to break the password, and the list of passwords that hash to a certain value is relatively small, hence rainbow tables -- of course, their passwords are ideally also encrypted and may use a physical USB dongle with a rolling code ...

It is NOT fairly trivial to brute force a 16-character password (I assume we aren't talking about single DES or ROT-13 here!), and easy to remember does not necessarily equate to easy to break.

Chillbro Baggins
Oct 8, 2004
Bad Angus! Bad!

Gromit posted:

It is NOT fairly trivial to brute force a 16-character password (I assume we aren't talking about single DES or ROT-13 here!), and easy to remember does not necessarily equate to easy to break.
It's trivial compared to a one-time pad, for the average person's stupid fuckin' password. Front-load the dictionary attack with the targets' kids' names and birthdates.

Or, for the XKCD strip you were probably inspired by, plain ol' dictionary attack. There's only so many combinations of words that fit in a certain character limit. Either way, the NSA probably has enough CPU power, far-enough-away IP addresses, and time to crack a 16-character password before the statute of limitations is out, depending on how well the server is locked down.

PT6A posted:

It's a big difference, actually. There are multiple cryptosystems that would take effectively infinite time to break given current technology, but it is impossible to crack a properly-used one-time-pad even with infinite time, or some technological advance that increased effective computing power by an arbitrary amount.

In practice, right now, the difference is indeed trivial because, in either case, the only way to practically decrypt something encrypted with a one-time-pad or a modern cryptosystem is through rubber-hose cryptography or exploiting improper use. There is, however, a massive theoretical difference between the two.
That's what I said both times. Either you capture the one-time-pad/private key, or it's infinite monkeys with infinite time eventually writing Shakespeare.

Jabor posted:

Security researchers find flaws in consumer encryption algorithms distressingly often.

There's also evidence that state-sponsored groups like the NSA have been aware of these flaws long before security researchers found them, and have actively been exploiting those flaws to spy on internet traffic.
THAT WAS MY ORIGINAL POINT

Chillbro Baggins fucked around with this message at 10:02 on Jul 31, 2016

Jabor
Jul 16, 2010

#1 Loser at SpaceChem
Delivery McGee, you seem pretty defensive about your posts being seen as "correct". Chillax a bit, there's no shame in having learned something new.

--

There is a fundamental difference between a true one-time-pad and an actual modern encryption algorithm. It's possible that with advances in mathematics or computing power, it will become possible to break encryption algorithms that, today, would require an infinite amount of time using the best known attacks against them. This possibility is why people spend so much time and effort looking for weaknesses in existing algorithms and coming up with new ones that are more resistant to those attacks.

A true one-time-pad, on the other hand, cannot be attacked in that way. There is no information that would allow you to distinguish between the actual message, and every other possible message of the same length.

Chillbro Baggins
Oct 8, 2004
Bad Angus! Bad!

Jabor posted:

A true one-time-pad, on the other hand, cannot be attacked in that way. There is no information that would allow you to distinguish between the actual message, and every other possible message of the same length.

Yes there's a fundamental difference. In practice, well, good luck with that, and it's getting harder every day. That's all I was saying, that's what you're saying, and that's all I'm gonna say, I concede defeat.

To get this thread back on the rails: How the US knew to prepare for the Battle of Midway.


Also, there was at one time a website that randomly generated a .jpg of reasonable size, and never showed the same thing twice (it may have even been a 32x32 pixel two-color .bmp it was well old). Of course, every picture that could possibly exist was a possible result, but 99.999...% of the images generated were just static. Finding a picture of yourself loving your favorite porn star in that is about the equivalent of breaking modern crypto. And on that note, why even let them know there's a code to break? Some SA avatars (not mine, because I'm lazy) play music if you open 'em in Audacity, and some songs make pictures if you play them through an oscilloscope, and that's only the tip of the iceberg.

Chillbro Baggins fucked around with this message at 06:13 on Aug 1, 2016

Adbot
ADBOT LOVES YOU

Gromit
Aug 15, 2000

I am an oppressed White Male, Asian women wont serve me! Save me Campbell Newman!!!!!!!

Delivery McGee posted:

It's trivial compared to a one-time pad, for the average person's stupid fuckin' password. Front-load the dictionary attack with the targets' kids' names and birthdates.

Or, for the XKCD strip you were probably inspired by, plain ol' dictionary attack. There's only so many combinations of words that fit in a certain character limit. Either way, the NSA probably has enough CPU power, far-enough-away IP addresses, and time to crack a 16-character password before the statute of limitations is out, depending on how well the server is locked down.

If by "trivial" you mean only 5 times the age of the universe instead of 1000 times, then I guess you're right. Have you even looked at AES keyspaces?

And if you really care about my inspiration, it's using the distributed password attack system I have in my lab. I use biographic dictionaries all the time and if you think people really encrypt their data with their kids names then you are sorely mistaken, at least in my law enforcement role. Maybe your run-of-the-mill computer janitor job sees a different usage pattern?

  • Locked thread