[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <optid.5781d06f6e.5248F474-DAF2-4BAC-A1B1-54E3B33DDD3F@hammerofgod.com>
Date: Mon, 14 Jun 2010 07:21:29 -0700
From: "Thor (Hammer Of God)" <thor@...merofgod.com>
To: "<noloader@...il.com>" <noloader@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Introducing TGP...
I must have written it poorly. I never use the hash for authN, only to
make any tamporing with keys evident. I'm not sure it is a requirement
(pgp doesn't even bother making these checks) but I wanted to be extra
careful :)
On Jun 14, 2010, at 1:22 AM, Jeffrey Walton <noloader@...il.com> wrote:
> Hi Thor,
>
> I'm probably splitting too fine a hair here...
>
> The SHA256 hashing of the private key may not result in authenticity
> assurances on the key (if I'm reading it correctly). I believe that's
> an Athenticate-then-Encrypt scheme, and the details of the
> interactions in AtE can be tricky. Hugo Krawczyk evaluated similar AtE
> systems (for example, SSL) in The Order of Encryption and
> Authentication for Protecting Communications. The two AtE schemes
> which are provably secure are (1) a block cipher operated in CBC mode,
> and (2) stream ciphers which XORs data with a pseudorandom pad.
>
> I can see where the hash might satisfy the psuedo random pad, but I
> don't see the stream cipher in the equation. Perhaps a more
> traditional Encrpyt-then-Authenticate (for example, IPSec) might be
> useful for TGP. [At least TGP is not using Authenticate-and-Encrypt,
> which Krawczyk proved insecure (for example, early SSH)].
>
> If your using SHA-256 as the PRF of a KDF, then TGP might be reducing
> the security of the system protecting the private assymmetric key (I'm
> presuming AES-256 was chosen for a reason). AES-256 provides a
> security level of ~2^255, while SHA-256 provides ~2^128. Its mostly a
> theoretical observation: I'd attack the password/passphrase before
> attempting pre-image attacks on the hash. [After all these years,
> SHA-160 has only been reduced to ~2^50 from a theoretical 2^80, and
> 2^50 is still beyond my reach].
>
> Jeff
>
> On Sun, Jun 13, 2010 at 5:44 PM, Thor (Hammer of God)
> <Thor@...merofgod.com> wrote:
>>
>> This is what I’ve been talking about... Here is the first part of
>> the docs I wrote up - make sure you see that I'm not yet supportin
>> g huge files unless you have huge RAM. **.Net 4.0 Client profile
>> is required to run this.**
>>
>> Right now the install bits are only available on the pilot site at: http://www.owa.hammerofgod.com
>> in the downloads section. I have to wait on Raging Haggis to
>> return from Canada before posting on www.hammerofgod.com .
>>
>> Here's a bit from the TGP Overview document included with the
>> install and on the web site. Please read through it before asking
>> silly questions. :)
>>
>> Also, feel free to hack it up as much as you would like. I know
>> this is full disclosure, so feel free to zing them at me, or if you
>> prefer, I can work with you on any issues you might have
>>
>> Remember, this is totally free, so my ability to handle custom
>> requests will be limited. For those looking to break it, I would
>> look at fuzzing the XML documents and the "drag and drop public
>> XML" parsing feature.
>>
>> If you have questions or challenges about any of the security, I
>> would ask to keep it on the list so that everyone can get the full
>> benefit of productive security development. The read-me should
>> pretty much lay everything out for you. If not, we'll take it up
>> from there.
>>
>> t
>>
>>
>>
>>
>>
>> TGP – “Thor’s Godly Privacy”
>>
>> 06/13/10 v1.1.06
>>
>>
>>
>> TGP is a small yet very powerful encryption utility. With all eyes
>> on “the cloud,” I decided to write an encryption application
>> better suited to an environment where portability and security wer
>> e, at the least, challenging. In cloud computing, not only is th
>> e use of file structures becoming more abstract, but the very conc
>> ept of a “file server” is becoming more and more ubiquitous.
>>
>>
>>
>> As such, I designed TGP with “encryption for the cloud” in
>> mind. That means that not only does TGP do everything your normal
>> PGP-type applications do, but it does things a bit differently –
>> differently in a way that can change the way you work with your en
>> crypted data. At the simplest level, this is done by encrypting d
>> ata into byte arrays, and then converting those byte arrays into B
>> ase64 encoded text wrapped inside XML tags. In this way, not only
>> do you get your typical file-based encrypted representation of yo
>> ur data, but you also get data that you can copy and paste directl
>> y into any email, mailing list, blog-page, or social networking site.
>>
>>
>>
>> What I think is interesting about this is that if we choose to, we
>> no longer have to be the custodians of our encrypted data – we don
>> ’t have to worry about actually housing the files: we can just pos
>> t them to the internet and let someone else assume the burden of s
>> toring the files for us.
>>
>>
>>
>> If I want to share encrypted files with someone or secure my own
>> files, all I have to do is TGP encrypt the data I want, and post it
>> to a mailing list somewhere. In the case of a list like Bugtraq or
>> Full Disclosure, the data is actually automatically replicated out
>> to any number of archive sites, thus distributing my data for me.
>> I can literally be anywhere in the world and just do a quick search
>> for my post to retrieve my data. And since the TGP public key
>> files are also text representations of encrypted key data, I can do
>> the same with my keys.
>>
>>
>>
>> Normally, you want to keep your private keys as safe as possible.
>> This is still the case with TGP. However, it is trivial to build
>> as many private keys as you wish to use for anything you want to
>> use them for. TGP Private Key files are password protected and
>> individually salted, so with a strong passphrase you have very
>> reasonable assurance that no one is going to get to your key any
>> time soon. So, you can create a private key with a strong
>> password, post that, and then, say, encrypt a scan of your passport
>> and post that. Then if you are ever in a pinch while travelling or
>> something like that, you can simply use Google or Bing to access
>> your data wherever you are.
>>
>>
>>
>> Of course, that’s just an example, but I think it illustrates the
>> power of encrypted file structures like this. You can literally u
>> se Facebook to post encrypted documents that you don’t have to mai
>> ntain.
>>
>>
>>
>> That’s really the main different between TGP and an application li
>> ke PGP. That and of course, TGP is free, and personally, I think
>> PGP is tardware. It’s bloated, it’s far too expensive, it’s
>> hard to use, and if you don’t watch your licensing, you can get sc
>> rewed hard like I did when I didn’t want to buy the extended suppo
>> rt and one day my encrypted drives stopped working until I paid th
>> em. That doesn’t fly. TGP also doesn’t require that you are an
>> admin to install. However, the .NET installer for the 4.0 client
>> profile does – that’s not my doing. Regardless, here are the
>> file structures TGP uses:
>>
>>
>>
>> Things that still suck about TGP
>>
>> Currently TGP uses a memory stream for the destination of the AES
>> cryptostream. This sucks because it makes the maximum file one can
>> encrypt based on available memory. It’s not a huge deal, but it d
>> oes keep you from encrypting a gigabyte file. I’ll be changing th
>> at soon.
>>
>>
>>
>> Timothy “Thor” Mullen
>>
>> Hammer of God
>>
>> thor@...merofgod.com
>>
>> www.hammerofgod.com
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists