lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 19 Nov 2015 14:31:33 +0200
From:	Ismail Kizir <ikizir@...il.com>
To:	Łukasz Stelmach <l.stelmach@...sung.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: A new, fast and "unbreakable" encryption algorithm

Francly Lucasz,

I am not an expert and never claimed it.
And I accept it's vulnerable to side channel attacks like the one you mentioned.
With this occasion, I want to emphasize one point:
I don't claim that the my algorithm is perfect.
But, take a look at this:

But, I am sure, this "dynamic key model" is the right way to follow
for the encyption.
You are all on the top of the "IT food chain" guys.
It is a GPLed algorithm and code.
Let's develop it ourselves for ourselves.
Let's think together.
For example; Clemens's "all zero" file is another weak point. I am
thinking about it too.
Help me. Criticise the algorithm.  wrote you all to be criticised.
Show me the weaknesses Let's think together and get it better.
Some people think that's not the right place for this discussions and
they may be right. Write me privately please. And I am constantly
updating the code on
http://ismail-kizir.blogspot.com.tr/2015/11/hohha-dynamic-xor-algorithm-source-code.html

Ismail Kizir
CTO, Hohha Internet Services Ltd.

On Thu, Nov 19, 2015 at 2:12 PM, Łukasz Stelmach <l.stelmach@...sung.com> wrote:
> It was <2015-11-18 śro 06:25>, when Ismail Kizir wrote:
>> Hello,
>>
>> I've developed a new encryption algorithm, which dynamically changes
>> the key according to plaintext and practically impossible to break.
> [...]
>> I will be glad to see my algorithm included in Linux distributions.
>> Please feel free to ask if you have any questions.
>
> How resistant to side-channel attacts is or can be an implementation of
> your algorithm? Not being an expert I am a bit worried about this
> particular line
>
>     XORVal ^= *(Salt + (LastVal&(SALT_SIZE-1)));
>
> which if I understand it correctly makes a memory access depending on
> secret data. Because memory accesses are note constant time operations
> due to cache one might try (and succeed?) learning about secrets by
> measuring time required to encrypt or decrypt data.
>
> --
> Łukasz Stelmach
> Samsung R&D Institute Poland
> Samsung Electronics
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ