Re: Ecryption Cracking Tools

[Fred Cohen <fred.cohen () all net>]

Alas it is far harder than it might seem. Shannon tells us that the  
unicity distance is only 2.4 times the key size for English and  
attempts to create multiple valid looking decryptions for multiples  
of that is very hard. A better approach is to provide lots of excess  
data so that parts can be decrypted with different approaches, but  
this is also problematic in its way. Another approach is what I used  
in DTK (Deception ToolKit). We created false password files that  
could be cracked and used them to tell how good the attackers were  
based on how long it took them to break what.

FC

On Oct 26, 2005, at 11:54 AM, Austin Murkland wrote:

> I had a thought.  With all the talk of honeypot systems, and  
> services.  Wouldn't it make more sense to have a Crypto cipher that  
> took into account the possibility of being brute forced and  
> provided one or more sets of logical pseudo-information when  
> cracked, but only the real information when actually cracked/ 
> authenticated?
>
> at it's simplest level, have one set of data that is the actual  
> message, and another set of data that is something that could be  
> the actual message.  Security would increase given the number of  
> sets of pseudo-data included in the encrypted message...so if it  
> were cracked using brute force, how would they know it was actually  
> what they were looking for.  My understanding is that brute force  
> relies on there being only one possible true answer for it to  
> work.  While this is still true with this idea, there also exists  
> multiple pseudo-answers that provide information that may or may  
> not look like the actual answer.
> This could be combined with further honeypot systems and ids to  
> both make it difficult to get to the correct system, and to  
> immediately be notified that someone is actively trying to brute  
> force your encryption and it's time to change keys.  E.g. a  
> password is encrypted using this method, and 30 sets of pseudo-data  
> is included in the encrypted password.  lets say when properly  
> brute forced it provides 20 deadend passwords that just don't work,  
> 10 passwords that lead to honeypots systems, and 1 real password  
> that gets them, or the authenticated user in.  if they try any of  
> the 30, before the 1, an IDS could be easily configured to ban  
> their IP, alert the admin, or even run a script that does all this  
> and then changes the key.
>
> i don't know if this is a new idea or not.. i guess it would be  
> HoneyPot Encryption... ?
>
> Austin Murkland
>
> john () gmail com wrote:
>
> > Use a Vernam cipher. If you do it right it will be fun to watch  
> > them try to crack it.

-- This communication is confidential to the parties it is intended  
to serve --
Security Posture            securityposture.com          tel/fax
University of New Haven               unhca.com        925-454-0171
Fred Cohen & Associates                 all.net      572 Leona Drive
Security Management Partners    policygeeks.com    Livermore, CA 94550