Encryption, a short tutorial

Encryption, a short tutorial
How to reverse engineer encrypted files
by Jon
(12 October 1997)

---

Courtesy of Fravia's page of reverse engineering

---

Well, soon or later we'll have to collect all encryption essays under a single project. This NEW EDITION of the "encryption" essay by Jon (our encryption specialist, you may want to have a look at his other essays about kremlin and about Blowfish) is VERY interesting for all encryption enthusiasts among us, and I know that many reverse engineers analyze and study encryption methods with real passion (crackers are also pretty interested in this stuff, for obvious reasons :-)
I would like to thank personally Joe Peschel for having helped Jon with this, hope to see some essays by him, on these matters, soon.

---

Encryption. Copyright by Jon. 

With additions and corrections by Joe Peschel. 

[September 28th, 1997.]

Concise Object Relational Architecture (Cobra)

Concise Object Relational Architecture

COBRA is an object persistence layer written in the Java programming language. It is uses relational database technology to provided the persistent storage mechanism; however the store is fully encapsulated shielding programmers from the details of relational database access.

A whitepaper fully describes COBRA with examples.

COBRA source code and classes can be down loaded from this site.

Javadocs can be browsed on this site.

The Solitaire Encryption Algorithm

In Neal Stephenson's novel Cryptonomicon, the character Enoch Root describes a cryptosystem code-named "Pontifex" to another character named Randy Waterhouse, and later reveals that the steps of the algorithm are intended to be carried out using a deck of playing cards. These two characters go on to exchange several encrypted messages using this system. The system is called "Solitaire" (in the novel, "Pontifex" is a code name intended to temporarily conceal the fact that it employs a deck of cards) and I designed it to allow field agents to communicate securely without having to rely on electronics or having to carry incriminating tools. An agent might be in a situation where he just does not have access to a computer, or may be prosecuted if he has tools for secret communication. But a deck of cards...what harm is that?

64-Bit Block Cipher (Blowfish)

64-Bit Block Cipher (Blowfish)
Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)

B. Schneier

Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993), Springer-Verlag, 1994, pp. 191-204.

ABSTRACT:

Blowfish, a new secret-key block cipher, is proposed. It is a Feistel network, iterating a simple encryption function 16 times. The block size is 64 bits, and the key can be any length up to 448 bits. Although there is a complex initialization phase required before any encryption can take place, the actual encryption of data is very efficient on large microprocessors.

The cryptographic community needs to provide the world with a new encryption standard. DES [16], the workhorse encryption algorithm for the past fifteen years, is nearing the end of its useful life. Its 56-bit key size is vulnerable to a brute-force attack [22], and recent advances in differential cryptanalysis [1] and linear cryptanalysis [10] indicate that DES is vulnerable to other attacks as well.

The DES Algorithm Illustrated

The DES Algorithm Illustrated
by J. Orlin Grabbe

The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. And despite the recent coup by the Electronic Frontier Foundation in creating a $220,000 machine to crack DES-encrypted messages, DES will live on in government and banking for years to come through a life- extending version called "triple-DES."

How does DES work? This article explains the various steps involved in DES-encryption, illustrating each step by means of a simple example. Since the creation of DES, many other algorithms (recipes for changing data) have emerged which are based on design principles similar to DES. Once you understand the basic transformations that take place in DES, you will find it easy to follow the steps involved in these more recent algorithms.

But first a bit of history of how DES came about is appropriate, as well as a look toward the future.

The National Bureau of Standards Coaxes the Genie from the Bottle

On May 15, 1973, during the reign of Richard Nixon, the National Bureau of Standards (NBS) published a notice in the Federal Register soliciting proposals for cryptographic algorithms to protect data during transmission and storage. The notice explained why encryption was an important issue.

Over the last decade, there has been an accelerating increase in the accumulations and communication of digital data by government, industry and by other organizations in the private sector. The contents of these communicated and stored data often have very significant value and/or sensitivity. It is now common to find data transmissions which constitute funds transfers of several million dollars, purchase or sale of securities, warrants for arrests or arrest and conviction records being communicated between law enforcement agencies, airline reservations and ticketing representing investment and value both to the airline and passengers, and health and patient care records transmitted among physicians and treatment centers.