[neuromancer]

Malinky wrote:

Quote:

... the book is Cracking Des : Secrets of Encryption Research, Wiretap Politics & Chip Design and a copy can be found at crytome.org/cracking-des.htm apart from chapters 5-7 which are offsite with a broken link...

Not to be annoying or anything but you missed a 'p' in the link, the correct link is http://www.cryptome.org/cracking-des.htm

I do think that you may be on to something, and I'll be doing some more research as well.

[Malinky]

Looking at the distributed.net site they have a section of reviewed books
http://www.distributed.net/research/recommended-reading.php.
The books are rated in cows and only one has a five cow rating like the bottom of the card, the book is Cracking Des : Secrets of Encryption Research, Wiretap Politics & Chip Design and a copy can be found at crytome.org/cracking-des.htm apart from chapters 5-7 which are offsite with a broken link, I think they might be relevent, I can't find much on the DES II challenge but I read somewhere solved text was "many hands make light work"

Going to do a bit more research.

[neuromancer]

Quote:

I didn't find any source code in my searching either. I suppose since it's going to take 3-5 years to crack it there's no big hurry

I highly doubt that MC are gonna keep this ARG running for that long!!! This encoded message is obviously important enough for them to ultra-encrypt so I'm guessing and hoping that sooner rather than later they drop us some clues as to whats in the 'black box'.

[WolverineFan]

BriEnigma wrote:

"Chosen-plaintext" really does us no good in this instance. Chosen-plaintext basically means: "Hey, I have this document. Can you encrypt it for me. I have this other one, can you encrypt it for me, too?" If you have access to the black box that does the encryption and you choose certain things as your plaintext, the ciphertext might give you some insight as to what the public/private key pair is.

Ok, so my knowledge of RC5 and cryptanalysis is limited to about 3 hours of reading What I got from these 2 pages:

http://www.iridis.com/Differential_cryptanalysis
http://www.iridis.com/Chosen_plaintext_attack

was that "chosen-plaintext" essentially meant that you had the ability to encrypt a message using the same encryption engine and could encrypt any plaintext message. Analysis of the resulting encrypted messages would help you pick different plaintexts to encrypt. Eventually you could determine the key used to encrypt the original message.

On re-reading it (after some sleep) it appears that, as you said, you need to be able to encrypt each plaintext message with the same key as the original message used. Bummer. At 1:30am this seemed possible

BriEnigma wrote:

In this case, it will just have to be a brute-force approach. To my knowledge, nobody has worked on this yet. Currently, my excess computing resources are being used to break the Solitaire cipher because I have real, working code to start from. Unfortunately, I can't find any known-good code for RC5-64. Several people have pointed to RC5-32 and done some hand-waving along the lines of "oh, just double the block size or something," but I would rather not waste CPU cycles running code that I don't feel so sure about when I have other code I feel quite certain about.

I didn't find any source code in my searching either. I suppose since it's going to take 3-5 years to crack it there's no big hurry

As you were....

[BrianEnigma]

WolverineFan wrote:

Anyone actually working on brute-forcing this? I'm thinking the chosen-plaintext differential cryptanalysis approach is probably our best bet.

"Chosen-plaintext" really does us no good in this instance. Chosen-plaintext basically means: "Hey, I have this document. Can you encrypt it for me. I have this other one, can you encrypt it for me, too?" If you have access to the black box that does the encryption and you choose certain things as your plaintext, the ciphertext might give you some insight as to what the public/private key pair is.

In this case, it will just have to be a brute-force approach. To my knowledge, nobody has worked on this yet. Currently, my excess computing resources are being used to break the Solitaire cipher because I have real, working code to start from. Unfortunately, I can't find any known-good code for RC5-64. Several people have pointed to RC5-32 and done some hand-waving along the lines of "oh, just double the block size or something," but I would rather not waste CPU cycles running code that I don't feel so sure about when I have other code I feel quite certain about.

[WolverineFan]

Anyone actually working on brute-forcing this? I'm thinking the chosen-plaintext differential cryptanalysis approach is probably our best bet. 2^44 plaintexts ought to get us close to the solution. Maybe less if the encrypted text is highly repetetive.

I found Postscript, Plain Text (Google Cache}, various other format links to the paper that discusses this approach, though the details are over my head.

[oliverkeers13]

We seem to have dismissed the idea that the top is a date too fast, as far as I am concerned. COmputers write dates in the form YY/MM/D. So the it COULD refer to the 8th of december 1964! NOt sure where this leaves us, though.

[Macavity]

Okay, got a reply to my post over at the Defcon fora. Here's the deal:

Qu|rk from Defcon wrote:

9,225,283,403,065,065,472 keys in 1331 days, which they cited as being 1/2 of the total possible at... 210 Gkeys/sec .... rules out brute force. There is a thread about e-books in the forums here that lists a ton of computer/crypto ones in 1 shot.. I remember it having a URL involving engineering and a .uk address as well. I do remember it having a ton of RC5 stuff in it, and explanations of how to solve based on parts you may or may not know. As for IV... try conversions of KU, RT, KURT, TURK, TU, RK, and then add and subtract each. I saw the picture that you're looking at, and no one has mentioned anything about those letters in the upper left.. which has me curious if they're actually there for a visual distraction to mislead, or so blatantly obvious that most analytical will think it'd be too easy if that were the answer. I will do a bit more research and post as/if I find something. Qu|rk-

I believe the KURT he's referring to is Kurt McAllister's signature on the card - however, his suggestion that a conversion of the letters KURT (in some order) might provide the initialization vector has merit, methinks. ( Hey, it's just devious enough for the Perplexians, to hide the IV in plain sight ).

Am taking a look around for that thread he mentioned - the one with the ebooks - and will post as soon as I've found it.

EDIT: Okay, found it: Defcon Forums E-Book Thread

[Scantron]

A Few Years

[braincoffee.com]

connection w/ the forever foe card?

[neuromancer]

Massively Parallel Computing Cluster

[Macavity]

Here's a thought - we might try asking around on the Def Con fora.

Why?

The guys there are some of the primo hackers in the world. If anyone'd be able to find an RC5-64/12/8 decrypt program, it would be them. (Heck, they might even crack the code for us, if we ask nicely enough.)

One caveat, though: One guy there who goes by the name of highwizard can be a real b@st@rd at times. The rest of the time, he's just hostile (especially towards newcomers).

[SteveC]

Riiick wrote:

The Wikipedia page for RC5 states: Quote: 12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 2^44 chosen plaintexts (Biryukov and Kushilevitz, 1998). The cipher on the cards (i believe) is 12 round RC5 with 64 bit blocks. Does this mean 17592186044416 different combinations have to be tried? If so how long would this take?

If this is the case, that's not such a huge number. When my computers were doing the RC5 I went through about ten times that, over the period of a year or two, but if 20 or 30 of us hit at it, it's perfectly possible. Computers are significantly faster now..

Returns to the problem that we have with this and with the solitaire puzzle however, both have weaknesses in these examples, but we don't have cryptanalysts on board to help us! Given the information we have, we couldn't even decode it with a known key!

[chocshake]

just been looking around and found this

http://www.softpedia.com/progDownload/Krypt-Download-21054.html

program available for a free trail download. it says that it decrypts RC4, but does it need to be more specific then that? (dont know a huge amount about this subject.....)

[Riiick]

We need code to decrypt 64 bit block size RC4-64 first. It could just be the key is the same as www.distributed.net used (0x63DE7DC154F4D039) as SteveC guessed.

Surely there must be some kind of existing free code for this (or even a commercial program we can try an eval of). Not that google has proved very useful in finding anything...