martes, 26 de agosto de 2014

Randomness


RANDOMNESS

Random numbers are very important for almost all cryptography operations. For example, if in the past task (One Time Pad) an attacker could find out the function that is used to generate "random" numbers, if the attacker find out this function he can generate the exact same key that we used to cipher our message.

The measure for randomness is called entropy.The entropy does not measure how many bits are in a value, but how uncertain we are about a value[1].

It is extremely hard to find real random data, however there are some physical processes that behave in a completely random way (e.g. ; the laws of quantum physics), but even with a complete random number we are exposed to certain kinds of attacks, for example, the attacker can influence the quantum particles to behave predictably. 

Linux Pseudo-Random Number Generator(LRNG)
In linux we can create pseudo random numbers by using the file /dev/random. /dev/random access to environmental noise collected from device drivers and other sources[2].The LRNG is composed of about 2500 lines of code, and in addition, hundreds of code patches were applied to the code during the last five years. FreeBSD has also his own cryptographically pseudo random number generator  which is based on the Yarrow Algorithm, one of the best known designs[3].

It's impossible to test whether a given sequence of values is random, because in a good random generator each possible value has the same probability to appear.


Bibliography

[1] Ferguson, kohno & Scheiner , (2010), Cryptography Engineering: Design Principles and applications, .
[2]  http://www.2uo.de/myths-about-urandom/
[3] Zvi Gutterman ,Benny Pinkas and T. Reinman (2006), Analysis of the Linux Random Number Generator
[4]http://elisa.dyndns-web.com/teaching/comp/sec/diap.pdf

The problem with randomness: You can never be sure




domingo, 17 de agosto de 2014

One Time Pad


ONE TIME PAD

For the first assignment we created a one time pad.

A one-time-pad is a technique where a plaintext is paired with a random secret key.

In this case we generate a random key and we paired it with the message using the xor operator.

This is the function I use to generate and write the random keys into a file:


We use one function to decrypt an encrypt our messages:

Example:

In this example we will encrypt the text "SecretMessage". so we need to generate a key of lenght 13.

This command will create a new file called "keys" with our mew key. Now that we have our key we can create our ciphertext:

Now that we have our ciphertext on a file called "messages" the only way to recover the message is by using the same key we use to encrypt the message.

NOTE: This command will also erase the key from the "key" file to ensure we use a key only once
full code at: https://github.com/saflogar/OTP