This post originated from an RSS feed registered with Agile Buzz
by James Robertson.
Original Post: Cryptography in VisualWorks
Feed Title: Michael Lucas-Smith
Feed URL: http://www.michaellucassmith.com/site.atom
Feed Description: Smalltalk and my misinterpretations of life
This was a great presentation. The visual demonstration of the results of bad encryption were truelly inspired and brilliant. I really enjoyed this presentation.
True one-time pads are ineffecient in real life. Instead, symmetric and asymmetric keys are used. Symmetryic keys are used for bulk data encryption.
Uses byte arrays to avoid string encoding issues.
Stream ciphers are a time-varying transformation on individual digits. Pike, A5, RC4, SEAL. Encrypted part of the slide using RC4 - big mess. Encrypted part of slide with the 'same key'. Then combined the two together - got a combination of both images - no-decryption required. Therefore, key re-use is catastrophic, do not do it. Good golden rule.
DES has 64bit block size, 56 bit key (64 bites with parity), 16 rounds using 48 bit subkeys. It's approved but it's weak. Shouldn't use it any more.
The API is the same between stream and block cipher.. nice and simple for Smalltalkers. With block ciphers, you must encrypt a block of the right size. BlockPadding is used to make the right block size.
Should not use fixed blocks of text, result does not end up really encrypted. The block is encrypted but a higher level structure is unencrypted. The common approach is cipher block chaining mode. Doesn't have to be secret but it has to be random. Encrypted next block using last blocks result.
AES is the successor of DES. Blowfish is free.
Public key ciphers. Public and privcate keys. Hard to compute private from the public. Based on hard problems. Factoring, descrete logarithm. Much slower. Key encryption/exchange, signing. RSA, DSA, DH, ElGamal.
Generally not used for bulk data since they're expensive.
Encrypt with public key, decrypt with private key
Hash functions. Unlimited input size -> fixed output size. One-way only, hard to find the input for a given output. COllision resistant, hard to find two distinct inputs with the same output. It's a data 'finger-print'. MD2, MD4, MD5, SHA, RIPE-MD
Digital Signatures. Encrypt the text using the private key. You're the only one who can generate this signature and anyone who knows the public key can decrypt it and verify that it matches the text that you sent. Hash the plain text to send over.
Both sides compare hashes with encrypt/decrypt, confirm that it's the same value.
Diffie-Hellman is used to use an unsecured connection to share a secret key. Both exchange public keys and send back a shared secret using the other persons public key and only they can decrypt using private key.
Question: OpenPGP, all components and wrappers to make it easy.
a) No, not yet. Low priority since the spec is very big. They are working on it. Most of the framework is there.
Question: Why were some defunct
a) Bit of both: increased computing power and flaws in the scheme
All of this is in Cincom Smalltalk. HMAC will be in 7.3
Question: Why build it?
a) Wanted native encryption. More work than they expected.