Encryption, paranoia and virtual machines

R. Russell Reiter rreiter91-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Nov 28 11:05:07 UTC 2011


Ah, the enigma codes. The German esszett ligature (also called the scharfes s (sharp s)) ß evolved from the ligature"long s over round s". 

It is replaced by 'SS' in capitalized spelling and in alphabetic ordering. ß is only used in Germany and Austria, nowadays generally never in Switzerland.

The code might have been a little harder to crack if there weren't apparantly orphaned SS's in messages.

I wonder how tlug.ß.org would resolve.

Cheers,
Rußell

Christopher Browne <cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:

>Well, the "security" of the rolls mostly depends on the attacker not
>knowing how it works, and the majority of the population being
>comprised of
>illiterate slaves. Having 3 or 4 rolls of different sizes would
>suffice
>for cracking most of this; knowing the fact of variable roll size is
>99% of
>the trick.
>
>A considerable portion of security from encryption is achieved by
>minimizing the source text, notably to keep out readily guessable plain
>text. In WWII, British decryption efforts were helped plenty by German
>officers that considered it a "career limiting" factor *not* to end
>messages with "Heil Hitler". That perception mayn't have been wrong,
>but
>those bits of predictable plain text almost certainly caused the losses
>of
>German U-Boats, as it provided a vulnerability for Allied
>cryptographers to
>exploit.
>
>F. L. Bauer's book on cryptography describes other "politically
>necessary"
>sorts of cryptographic protocol failures - when messages contain
>fawning
>phrasing ("by order of the fuhrer") or spelling out some of the wacky
>long
>officer titles in high command, this all helps in attacking:
>A) individual messages
>B) message keys that will be used on other messages
>(Hence, the sloppy bozo may wind up getting others that are competent
>killed)
>C) the cipher system as a whole.
>
>Bauer observes that a *good* cryptograms clerk:
>- removes all unnecessary text
>- abbreviates heavily
>- misspells whatever they can
>
>That seems like it's likely to still be valid-ish.
>
>We do have stronger ciphers, today, but the notion that having known
>plaintext helps certainly persists in modern cryptanalysis. You'll see
>it
>a fair bit in Bruce Schneier's writing (sp?)
>
>On some extra reflection, there is a harmful aspect to encrypting your
>whole system, as this introduces a barrel load of known plaintext. 
>Forget
>about a few references to Nazi haute, you are throwing in a dozen
>copies of
>the GPL, and as likely as not, a gigabyte of well-known binary and text
>data. Lots of material for cryptanalysis, quite possibly enough to
>meaningfully enhance a brute force attack.
>
>And when it's certain that the key for all that will be in the VM, a
>smart
>attacker won't bother with brute force when getting the key from the VM
>will provide the Keys To The Kingdom. Better still, once cracked, you
>can't fix it - changing the key requires rebuilding your VM. A
>*really*
>smart attacker may be sufficiently ready that they'll regain access
>before
>you can reboot into the new VM!

R. Russell Reiter's Left Brain Messaging Matrix
[Currently Under Development] Your mileage may vary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20111128/238b7ce9/attachment.html>


More information about the Legacy mailing list