* Posts by Helder

26 publicly visible posts • joined 11 Nov 2015

Machine vs. machine battle has begun to de-fraud the internet of lies

Helder

Re: The Greatest Fraud of All

Its obvious you have no understanding of military cryptography or equivocation. Don't be upset, most security "experts" don't either.

Let me educate you. Hyper encryption is encryption with three or more independent encryption algorithms.

"Perpetual encryption" is just a name created for it, because the encryption keys are updated in a perpetual manner. The OTP key creation entropy and the encrypted message are sent at the same time.

The message is constant. But the key used to encrypt the message is dynamic and changed with every encryption block. So the same message if encrypted with the same key, will produce a different ciphertext. There is no relationship between ciphertext and message, given the same key.

Let me explain. Encryption is usually message M + key K = cyphertext C. We use an additional variable so that M + K + R(Random) = C. So using the same message and key will produce a different ciphertext because of the random sequence R. Usually, M(1) + K(2) will always = C(3). In our case, M(1) + K(2) + R(?, say 7) will produce C(?10). Note that a different M and K may produce the same C M(3) + K(7) + R(0) will also = C(10).

The point is this stuff can be graphically depicted. One can visualize information security, by plotting the message and key equivocation of a cipher. A cipher with no equivocation graph, is really just snakeoil and has not been properly analysed. In military cryptography, we create equivocatiuon graphs for all ciphers since it tells us how much ciphertext we need to break the cipher. AES 256 is snakeoil, it's pseudo security, incapable of securing any message beyond 40 characters (assuming all languages have similar redundancy).

So, one does not encrypt something such that it continuously updates itself. Once encrypted the cyphertext is frozen in time as you say. However, the random entropy used to update the encryption process can be extracted in reverse.

At the time you responded, we were still working in secret, and no public information on the cipher was available. However, the cipher has been subsequently approved for patenting by WIPO and our US patent has been approved. Look up "Equivocation Augmentation".

The other thing I wanted to mention, is that people's opinions are in general BS. Science does not depend on people's opinions. Either the cipher holds up to scientific experimentation or its does not. Note that current crypto has no scientific basis for credibility, just the opinions of mathematicians that some maths problems are "hard". This condition is about to be blow completely out of the water.

You really think that it's impossible to break RSA 1024 quickly? That's the same mistake the Germans made during the war.

Your facts suck. Don't confuse physical reality with digital reality. Some maths problems cannot be solved (why the one-time pad works). Take a number between 1 and 64. All you know is that the number is divisible by 8. Exactly which number is it? Unmake that problem. Oh, and I don't know which one it is either. so keep your hose where you keep it.

Jesus buddy, did you go to school? Because my ignoramous meter has just gone 720. Please tell me that you purpose to life is greater than just talking rubbish.

Helder

Re: The Greatest Fraud of All

Use the wrench on yourself...

I'm a former military cryptanalyst, and I bet you've never ever seen a military cipher, let alone broken it. Please feel free to enjoy the serenity of your ignorance.

Look who's joined the anti-encryption posse: Germany, come on down

Helder

Re: BS

Even better .. the one time pads problems have recently been solved - we now have composite cryptography. AI resistant, post quantum resistant encryption is now here - it is achieved using multiple encryption algorithms - one encrypts, the others support entropy delivery.

Helder

Re: Offline encryption ?

Please don't equate OpenPGP to security - it's safety, merely pseudo-security. Show me the scientific proof, not the assumptions of mathematical complexity and I'll believe you. It can be broken using the same techniques Alan Turing used in 1945. It does not even satisfy Shannon's basic requirements for practical secrecy. It's about 3 seconds of computing time. The NSA spends 2 Billion USD per year on computer chips alone. I wonder why. We need something better, something secure.

UK vuln 'fessing pilot's great but who's going to give a FoI?

Helder

Re: Good idea, but almost as scary as backdoored Crypto.*

All crypto, if the message is long enough, has a built-in backdoor. Two exceptions - one-time pad and the NINO-cipher. Computer security as you know it is about to be flushed down the toilet, forever. It's secrecy for children, that's why script-kiddies can hack it.

Hyper-encryption is here and it'll scare the shit out of you.

India to cripple its tech sector with proposed encryption crackdown

Helder

Re: Here's my comment...

Here's a thought...

The point of encryption, is that any data, even that housed locally, can be transformed so that only specific people may have access to it, ever. Now that one-time-pad encryption-chains have been invented and verified scientifically, we have encryption that is not only quantum-secure, its secure against any computational device which may ever be invented (think 99th century and beyond). What is considered "security" today, won't be around in 2 years time.

GCHQ cyber-chief slams security outfits peddling 'medieval witchcraft'

Helder

Equivocation - Why its all just "pseudo-security"

Ever wondered why "cryptography" is full of "gurus", "experts" and considered an "art"? It's to hide the truth that its actually a scientific engineering field, and not a religion. Ever since mathematicians got involved with assumptions of mathematical complexity, the field has gone down a cul-de-sac.

The difference between military and commercial cryptography, is that military cryptanalysts know what equivocation is, and never use the term "snakeoil". That's because once you understand equivocation, the term "snakeoil" is meaningless, its like calling a car "fast" or "slow", when warp speed is the objective. It's a term used by amateurs.

Frankly, much of what is taught by academia as security is "pseudo-security", perpetuating a failed mathematical solution that will never solve the security problem. That's why there are no security guarantees to current solutions. Its not the implementations, its the solutions themselves, they have unsound scientific foundations.

Military Encryption 101:

1. To say a security system is secure/insecure is pointless, since all systems are absolutely secure, up to a certain length of message/ciphertext called the unicity point. Beyond the unicity point, a cryptosystem has log 0 key/message equivocation. It's breached.

2. An English message encrypted with AES-256 is secure to 39 characters only. Beyond 39 characters it has an ""insecurity guarantee", and is guaranteed to be broken under brute force (or faster).

3. For a cipher to be considered "secure", it must have an equivocation greater than 2 for an infinite length message. Searching for a needle in a haystack, is not security, its a security flaw. For such a search to be "secure" there must be at least two needles in the haystack.

4. Such "unbreakable" systems have existed since 1917 (one time pad) but have limitations.

5. A new absolutely secure system without limitations has just been invented and patented worldwide (PCT Patent) called "equivocation augmentation".

The underlying principle is as follows: The cryptosystem key entropy is the fuel of encryption, and is used up encrypting every message character. Equivocation is the fuel gauge. All encryptions under the cipher are secure until the entropy is depleted, and equivocation is equal to zero (This occurs at the unicity distance - the fuel range). Infinite length messages DO NOT NEED infinite length starting keys, one merely needs to "refuel" the cipher key entropy at a faster rate than it can be depleted. This is trivial to accomplish.

So, whilst current cryptography is not "snakeoil", it is not "secure" either. Like pseudo-random number generators, its "pseudo-security" - looks like the real thing, but isn't - it's fake. Anyone who calls it security, is just perpetuating the fraud.

Equivocation augmentation will be available soon, everywhere.