ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Special User Sections > Older DC Contests and Challenges

"Unconventional Encryption Challenge"

(1/5) > >>

TaoPhoenix:

I'm giddy today. So I created a new challenge. I posted it over to Slashdot too. (Slightly reworded for DC vs there.)

I've wondered for a long time now about encryption. I think it's time to use "out of the box" approaches to encryption.

I'm certainly not in that Elite-IQ crowd but given the very nature of how the sender has a colossal advantage over the breaker, I think I could create a message that no one but the elite genius at those agencies could break. I think no one at DC is good enough to get it, nor Anonymous. Mensa might have a chance, barely.

This is different from "certifying it unbreakable". I'm avoiding that trap. Just "Sufficiently hard".

Any takers? It might even be fun if someone has Academic connections. My overall concept is so good I think I could stump almost all of the Non-Gov Professors too.

Anyone interested, reply here. I'll reply with a watered down "easy version" just to be sure someone's not trolling me. (Also it forms a weak version of a test.) On the (slim?) chance that someone gets it, I'll produce a couple of the real corkers. I'd stake up to $100 of my own money through a certified neutral holder. Not that it's "worth that little", just saying I'm not trolling, this concept is so good nobody but the absolute best will figure it out. It's a new METHOD of encryption, so it's probably even NP-Hard (I'm probably using that term wrong) as a class so that "almost unlimited" examples can be created.

Shades:
On a personal level you have picked my interest (in wanting to know how your scheme works, not breaking it).

On a professional level it is likely not that interesting as any method other than the default ones are very hard to sell to (mediocre) management that just want to buy some extra protection for their site/LAN/whatever.

40hz:
Like Shades, I'd be interested in learning about the methodology. But I lack the time and interest to actually want to try cracking anything. Not that I'd be "leet" enough at cracking to pull it off even if I wanted to.

That's why I only pay attention to so-called "open" encryption algorithms. They constantly have a few hundred very smart and qualified eyes on them. So any exploitable holes or weaknesses (either from intrinsic factors or introduced by advances in cracking technology) usually get identified and fixed quite quickly. With the result that open encryption tools are 'known' and often more secure than methods that depend on obscurity for part of their security.

Good luck with your new methodology however.  :Thmbsup: Anything that can make our data more secure is ok by me. 8)

TaoPhoenix:
Update:

In fact, I got a reply from a privacy-security web site firm in New York. Heh I also sent it off to a personal contact.

This is my "easy example". I put the extra provocative language that "if the best people in the biz can't bust this in 2-3 days, and this is the purposely weakened example with lots of extra hints, then my larger point that there are lots of concepts left for cryptography stands".

EDIT: I did explain below. But if my initial post stumped you, that was the entire point - innovative cryptography means that the method is unclear. I purposely said it's not "inifinitely secure", there are edge cases. But I believe there is a big "Good Enough" realm for many uses.

-----

(repaste of other text)

Rather than explain, I shall give an example! (Isn't that the point of encryption - half the sauce is in the method!)

Do you like Chinese Food? The correct message is 2 letters long. And I shouldn't even tell you that but I'm being nice. : ) And I didn't even use any of my nasty tricks. So this should be nice and relaxing, you know, over breakfast or lunch, with some nice buttered toast.

10101010101010101010101010101010101010101010101010
1010101010101010101010101010101010101010101010101010101010101010101010101010101010
1010101010101010101010101010^7
10101010101010101010101010101010101010101010101010
1010101010101010101010101010101010101010101010101010101010101010101010101010101010
10101010101010101010101010101010101010101010101010
10101010101010101010101010101010101010101010101010
1010101010101010101010101010101010101010101010101010101010101010101010101010101010
1010101010101010101010110101010101010101010^4
(Lots of Extra Line Breaks in there, to get it to fit in the forum)
So that should be a nice pleasant warmup to our discussion! To make it even easier, here are some hints!

- I hand coded that one, so there may be a mistake, but formalized, the concept means that we currently rely on "perfect messages" as output, which is a flaw. Once my method above is known, it should be a trivial fix for any competent staffer. In the theory of cryptography, we rely too much on "perfect translations", so that when designing new theory, we should make the recipient "work a little" to prove the message. To make this obvious, an "x" in a random spot can't possibly (NORMALLY!) be part of the message, but it's enough to slow down the crackers.

- For the same reason that AI's struggle, put a "human factor" into codes. Let's suppose I made a mistake in my hand coding. A "human analyst would look for nearby cases". (This can be later automated.)

- At the brutally obvious level, all that junk can't be 1-1, to produce a 2 letter answer, so clearly something else is going on. But what?

Heh -

I appreciate your interest, and I hope my "easy version with hints" is enough to spark your interest. To joke, I gave so many hints that if your best cracker can't do it in two days after purposely weakening it as much as amuses me, my point is made about my bigger concept, which is that tons of ideas have not yet made it to Professional Cryptography.

To distract the living hell out of you, (essential part of any good crypto message) I'll mention Kurt Godel, and ask you how many characters there are in this email!

Yours with codes,

--Tao

TaoPhoenix:
Like Shades, I'd be interested in learning about the methodology. But I lack the time and interest to actually want to try cracking anything. Not that I'd be "leet" enough at cracking to pull it off even if I wanted to.

That's why I only pay attention to so-called "open" encryption algorithms. They constantly have a few hundred very smart and qualified eyes on them. So any exploitable holes or weaknesses (either from intrinsic factors or introduced by advances in cracking technology) usually get identified and fixed quite quickly. With the result that open encryption tools are 'known' and often more secure than methods that depend on obscurity for part of their security.

Good luck with your new methodology however.  :Thmbsup: Anything that can make our data more secure is ok by me. 8)
-40hz (March 17, 2012, 11:08 AM)
--- End quote ---

You have a point about "open" schemes, but somewhere in the mix I believe the Obscurity Factor is under-rated. If you cannot tell even what algorithm to use, then you as the Interested Enemy are slowed down that much more.

It also relates to my theory of "Good Enough". I carefully ruled out absolute results. Then if "you yourself" are not interested enough to crack the code and have to "delegate it off", then the method stands. So maybe "Alexander Fegorov in Russia" knows how to break it, if 1000 US generals don't have access to him, the method stands for the first 100 messages. Then we just switch methods anyway.

And I have over 30 individual element techniques on tap anyway, so that's the power of obfuscation. Half your problem is even figuring out what the blazes I am doing.

EDIT: However, for the discussion, I posted my first example below.

Navigation

[0] Message Index

[#] Next page

Go to full version