Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

Encryption with REBOL

 [1/6] from: aparman:mail at: 30-Aug-2000 23:36


[--383836798--967693005289--JavaMail--root--web431-mc--mail--com] Content-Type: text/plain Content-Transfer-Encoding: 7bit With the recent talk about encryption I thought I'd send along this little script. For details read the header. PLEASE READ THE HEADER OF THIS SCRIPT BEFORE USE! It will send and receive encrypted email, and encrypt or decrypt any file. I consider it beta, and would appreciate any feedback. Any one who uses it may modify it, but please email me with a copy of your enhancements. I retain all my rights of original authorship on this script, but make no claims as to it's use. ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup [--383836798--967693005289--JavaMail--root--web431-mc--mail--com] Content-Type: application/octet-stream; name=cipher-beta.r Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=cipher-beta.r Content-ID: cipher-beta.r O1RoaXMgaXMgYSBSRUJPTC9Db3JlIFNjcmlwdC4gIFJFQk9MIGlzIGVhc3ksIGZyZWUsIGFuZCBj b29sLiAgd3d3LnJlYm9sLmNvbQ0KO3tiaXRzIGFuZCBwaWVjZXMgdGFrZW4gZnJvbSBzZXZlcmFs IHNjcmlwdHMuIG15IGFwb2xvZ2llcyBhbmQgdGhhbmtzIHRvIHRoZSBvdGhlciBhdXRob3JzfQ0K DQpSRUJPTCBbDQoJZmlsZTogJWNpcGhlci5yDQoJdGl0bGU6ICJDaXBoZXJTYWJlciBmb3IgUkVC T0wgRW5jcnlwdGlvbiAoY2lwaGVyKSINCglhdXRob3I6ICJhbGFuIHBhcm1hbiINCgllbWFpbDog YXBhcm1hbkBtYWlsLmNvbQ0KCXZlcnNpb246IDAuMy4wDQoJbmVlZHM6IDIuMy4wLjMuMQ0KCWRh dGU6IDktQXVnLTIwMDAvMTE6NTA6NDgtNDowMA0KCWhpc3Rvcnk6IHt2ZXJzaW9uIDAuMy4wIHdp bGwgYmUgYWZ0ZXIgYmV0YSB0ZXN0aW5nDQpTb21lIGNoYW5nZXMgYnkgbWU6IHJldmFtcGVkIHJl YWRmaWxlIGFuZCB3cml0ZWZpbGUsIHRoZXNlIGFyZSBub3Qgc28gbXVjaCBvZiBhIGhhY2sgbm93 Lg0KUmV2YW1wIG9mIGVuZ2luZTogYmFzZS02NCBjb21wcmVzc2lvbiBhbHJlYWR5IGFybW9ycyBk YXRhIHNvIGNoYW5nZWQsIGVuZ2luZSBhbmQgcmVhZGZpbGUgd3JpdGVmaWxlICh0aGVzZSBub3cg ZG8gZGlmZmVyZW50IHRoaW5ncyBkZXBlbmRpbmcgb24gZW5jcnlwdGlvbiBvciBkZWNyeXB0aW9u KS4gIFJld29ya2VkIHNlY3Rpb24gb24gc2F2aW5nIGVuY3J5cHRlZCBmaWxlcywgbm93IGFsbCB3 cml0ZSBwcm9jZWR1cmVzIGhhbmRsZWQgYnkgd3JpdGVmaWxlLg0KQWRkZWQgcGFyc2luZyB0byBy ZWFkZmlsZSBhbmQgbWFpbC9jb250ZW50IG9mIG1haWwgcmVjZWl2ZS4gIE5vdyB0ZXh0IG91dHNp ZGUgdGhlIGVuY3J5cHRlZCBkYXRhICg2NCN7Li4ufSkgaXMgaWdub3JlZCwgc28geW91IGNhbiBh ZGQgeW91ciBvd24gcHJlIG9yIHBvc3QgbWVzc2FnZSwgb3IgaWYgeW91ciBtYWlsIHNlcnZlciBh ZGRzIG1lc3NhZ2VzIChpLmUuIHlhaG9vKSBpdCBpcyBpZ25vcmVkLg0KQWRkZWQgcXVlcnkgdG8g bGlzdCBjb250ZW50cyBvZiBjdXJyZW50IGRpcmVjdG9yeSB3aGVuIGRvaW5nIHJlYWRmaWxlIG9y IHdyaXRlZmlsZS4NCg0KdmVyc2lvbiAwLjIuMyBtaW5vciBjbGVhbnVwLCBhZGRlZCBlcnJvciBj aGVja2luZyB3aGVuIHdyaXRpbmcgYSBmaWxlICh3cml0ZWZpbGUpDQp2ZXJzaW9uIDAuMi4zIG1p bm9yIHNlY3VyaXR5IHVwZGF0ZSBpbiB0aGUgY2xlYXJzdHVmZiB3b3JkLCBhZGRlZCBtb3JlIGVy cm9yIGNoZWNraW5nIHdoZW4gYXNraW5nIGZvciBmaWxlIHRvIHJlYWQgKHJlYWRmaWxlKS4gDQp2 ZXJzaW9uIDAuMi4xIG5vdyBhdXRvbWF0aWNhbGx5IGFza3MgZm9yIHBvcCBhbmQgc210cCBpbmZv IGlmIG5vdCBhbHJlYWR5IHNldCB1cCBpbiB1c2VyLnINCnZlcnNpb24gMC4yLjAgYWRkZWQgc29t ZSBlbGVtZW50YXJ5IGVycm9yIGNoZWNraW5nIHRvIHRoZSBwYXNzcGhyYXNlLWRlY3J5cHRpb24t ZGVjb21wcmVzc2lvbiBhcmVhcy4gIEF0IGxlYXN0IG5vdyB5b3UgYXJlbid0IHRocm93biBvdXQg b2YgdGhlIHNjcmlwdCBpZiB5b3UgZW50ZXIgYW4gaW5jb3JyZWN0IGRlY3J5cHRpb24gcGFzc3Bo cmFzZQ0KfQ0KCXB1cnBvc2U6ICJTZW5kcyBhbmQgcmVjZWl2ZXMgQVJDNCBlbmNyeXB0ZWQgZW1h aWwsIGFuZCBkZS9lbmNyeXB0cyBmaWxlcy4iDQoJY2F0ZWdvcnk6ICdlbWFpbA0KCWNvbW1lbnQ6 IHtUaGlzIHNjcmlwdCB1c2VzIHRoZSBzYW1lIFJDNCBzdHJvbmcgZW5jcnlwdGlvbiBhbGdvcml0 aG0gYXMgaW4gcG9wdWxhciBpbnRlcm5ldC9lbWFpbCBjbGllbnRzLiAgSXQgdXNlcyBhIHN5bW1l dHJpYyBrZXkgKGVuY3J5cHRpb24gYW5kIGRlY3J5cHRpb24gdXNlIHRoZSBzYW1lIGtleSkgd2hp Y2ggZG9lcyBub3QgaGF2ZSB0byBiZSBzdG9yZWQgb24tbGluZSBhcyBpbiBwdWJsaWMga2V5IHN5 c3RlbXMuICBUaGUga2V5IGNhbiBiZSB1cHRvIDI0NiBjaGFyYWN0ZXJzIGluIGxlbmd0aCwgYW5k LCBkZXBlbmRpbmcgb24gaG93IHdlbGwgeW91IHNlbGVjdCB5b3VyIGtleSwgY2FuIHByb3ZpZGUg ZW5jcnlwdGlvbiBzdHJlbmd0aCBtdWNoIGdyZWF0ZXIgdGhhbiAxMjggYml0Lg0KDQpTaW5jZSB0 aGlzIGlzIGEgUkVCT0wgc2NyaXB0LCBpdCBwcm92aWRlcyBhIHBlcnNvbmFsIHN0cm9uZyBlbmNy eXB0aW9uIHByb2R1Y3QgdGhhdCB3aWxsIHdvcmsgb24gYW55dGhpbmcgUkVCT0wgd2lsbCBydW4g b24uICBObyByZWxpYW5jZSBvbiBwcm9ncmFtcyBmb3Igd2hpY2ggeW91IGhhdmUgbmV2ZXIgc2Vl biB0aGUgc291cmNlIGNvZGUsIG5vIHJlc3RyaWN0aW9ucyB0byA0MCBiaXQga2V5cywgbm8gcHVi bGljIHN0b3JhZ2Ugb2YgeW91ciBrZXksIG5vIHBheW1lbnQgZm9yIGRpZ2l0YWwgaS5kLidzLCBu byB3YXkgZm9yIHRoZSBnb3Zlcm5tZW50IHRvIHRha2UgYXdheSB5b3VyIHByaXZhY3kgcmlnaHRz Lg0KDQpUaGlzIHNjcmlwdCBpcyAiVGhlIENhcm5pdm9yZSBCdXN0ZXIiIJkuDQoNCllvdSBuZWVk IG5vdCByZXN0cmljdCB5b3Vyc2VsZiB0byBlbWFpbDogdGhlIHNjcmlwdCB3aWxsIGVuY3J5cHQg YW55IHR5cGUgb2YgZmlsZSwgYW5kIHlvdSBoYXZlIG9wdGlvbnMgZm9yIHNhdmluZyB0aGUgZW5j cnlwdGVkIGZpbGVzIHRvIHlvdXIgaGFyZGRpc2suDQoNCkRvIG5vdCBjb25mdXNlIHRoaXMgZW5j cnlwdGlvbiB3aXRoIG90aGVycyB5b3UgbWF5IHNlZSBhcyBDaXBoZXJTYWJlciAodXNpbmcgdGhl ICouY3MxIG9yIC5jczIgZXh0ZW5zaW9uKS4gIFdoaWxlIGl0IHVzZXMgdGhlIHNhbWUgYmFzaWMg ZW5jcnlwdGlvbiBlbmdpbmUsIEkgaGF2ZSBtb2RpZmllZCBpdCBmb3Igc3BlY2lmaWMgdXNlIHdp dGggUkVCT0wncyBzdHJlbmd0aHMuICBGaWxlcyAobm90IGVtYWlsKSBwcm9kdWNlZCB3aXRoIHRo aXMgc2NyaXB0IHNob3VsZCB1c2UgdGhlICouY3NyIGV4dGVuc2lvbiAoQ2lwaGVyU2FiZXIgZm9y IFJlYm9sKS4gIChOb3RlOiBJIGhhdmUgbm90IHRhbXBlcmVkIHdpdGggdGhlIFJDNCBhbGdvcml0 aG0gaW4gYW55IHdheSBleGNlcHQgYnk7IDEgLSBjb21wcmVzc2luZyB0aGUgcGxhaW50ZXh0IHBy aW9yIHRvIGVuY3J5cHRpb24gKHNob3VsZCBzdHJlbmd0aGVuIHRoZSBlbmNyeXB0aW9uKSwgYW5k IDIgLSB0byBtaXggdGhlIGluaXRpYWwga2V5IHN0YXRlIHRocmVlIHRpbWVzIHJhdGhlciB0aGFu IG9uY2UgKGEgY2lwaGVyc2FiZXItMiBhZGRpdGlvbiwgd2hpY2ggc2hvdWxkIGFsc28gc2hvdWxk IHN0cmVuZ3RoZW4gdGhlIGVuY3J5cHRpb24pLiBBbGwgb2YgdGhlIG90aGVyIGNoYW5nZXMgYXJl IGRvbmUgYWZ0ZXIgZW5jcnlwdGlvbjogSSAiYXJtb3IiIHRoZSBjaXBoZXJ0ZXh0IHdpdGggYmFz ZS02NCBjb21wcmVzc2lvbiAoYXMgb2YgdmVyc2lvbiAzLjAuMCB0aGUgcmVhZGZpbGUgd3JpdGVm aWxlIHJvdXRpbmVzIGhhdmUgYmVlbiBjaGFuZ2VkIHRvIGFjdHVhbGx5IHJlYWQvd3JpdGUgdGhl ICJhcm1vdXJlZCIgY2lwaGVydGV4dCkuICBBcm1vcmluZyBjaGFuZ2VzIGFsbCB0aGUgY2hhcmFj dGVycyBvZiB0aGUgY2lwaGVydGV4dCB0byBwcmludGFibGUgY2hhcmFjdGVycyAoaW4gdGhpcyBj YXNlLCBsZXR0ZXJzLCBudW1iZXJzIGFuZCAiLyIgYW5kICIrIiwgdGhlIGJhc2UtNjQgYWxwaGFi ZXQpLiBBcm1vcmluZyBpcyBkb25lIHNvIHRoYXQgYW4gZW5jcnlwdGVkIGZpbGUgbWF5IGJlIHBy aW50ZWQgYW5kIHRyYW5zbWl0dGVkIG9uIHBhcGVyIG9yIGZheC4gDQoNCklmIHlvdSB3aXNoIHRv IGRlY3J5cHQgZmlsZXMgbWFkZSB3aXRoIG90aGVyIENpcGhlclNhYmVyIHByb2R1Y3RzIChleHRl bnNpb24gLmNzMSBvciAuY3MyKSB1c2UgbXkgc2NyaXB0ICJjaXBoZXJzYWJlci5yIi4NCn0NCg0K CVJFQURNRTogew0KICAgICAgICAgICAgVGhpcyBpcyBhIFJFQk9MIGltcGxlbWVudGF0aW9uIG9m IHRoZSBzdHJvbmcgZW5jcnlwdGlvbiBhbGdvcml0aG0NCiAgICAgICAgICAgIGtub3duIGFzIEFS Q0ZPVVIsIHN1cHBvc2VkbHkgaWRlbnRpY2FsIHRvIFJDNCBmcm9tIFJTQSBTZWN1cml0eS4NCiAg ICAgICAgICAgIEFsbCB0aGUgaW5mb3JtYXRpb24gdG8gbWFrZSB0aGUgZW5jcnlwdGlvbiBlbmdp bmUgd2FzIHRha2VuIGZyb20gdGhlIHNpdGVzDQogICAgICAgICAgICBodHRwOi8vY2lwaGVyc2Fi ZXIuZ3VydXMuY29tLywgDQogICAgICAgICAgICB0aGUgR2VuZXJhbCBGcmVuZXRpY3MgcGFnZXMg DQogICAgICAgICAgICBodHRwOi8vd3d3LmxvZHoucGRpLm5ldC9+ZXJpc3RpYy9mcmVlL2NpcGhl cnNhYmVyLmh0bWwsDQogICAgICAgICAgICBhbmQgdGhlIGxpbmtzIHRoZXJlaW4uIEkgaGF2ZSBm b2xsb3dlZCBjbG9zZWx5IHRoZSBub3RhdGlvbiBmcm9tDQogICAgICAgICAgICBodHRwOi8vd3d3 LnhzNGFsbC5ubC9+Y2cvY2lwaGVyc2FiZXIvbmF0L2VuLmh0bWwuDQoNCiAgICAgICAgICAgICoq KioqIFRoaXMgc2NyaXB0IGlzIHByb3ZpZGVkIGFzIGlzIGFuZCBJIG1ha2Ugbm8gY2xhaW1zIGFi b3V0IGl0cw0KICAgICAgICAgICAgdXNlIG9yIGFjY3VyYWN5IG9yIGludGVuZGVkIHB1cnBvc2Uh ISENCiAgICAgICAgICAgICoqKioqIElmIHRoZSBpbmZvcm1hdGlvbiBvZiB0aGUgYWJvdmUgbWVu dGlvbmVkIHBhZ2VzIGlzIGNvcnJlY3QsIA0KICAgICAgICAgICAgYW5kIGlmIHRoaXMgc2NyaXB0 IGRvZXMgd2hhdCBpdCBpcyBzdXBwb3NlZCB0bywgdGhlbi4uLg0KDQogICAgICAgICAgICAqKioq KiBETyBOT1QgRVhQT1JUIFRISVMgU0NSSVBUIE9VVFNJREUgT0YgVEhFIFVOSVRFRCBTVEFURVMs DQogICAgICAgICAgICBhcyBpdCBjYW4gcG9zc2libHksIHdpdGggdGhlIHByb3BlciBwYXNzcGhy YXNlLCBwcm92aWRlIGVuY3J5cHRpb24gc3RyZW5ndGgNCiAgICAgICAgICAgIGdyZWF0ZXIgdGhh biA0MC1iaXQuICBJJ20gbm8gbGF3eWVyLCBhbmQgZG9uJ3Qga25vdyB0aGUgY3VycmVudA0KICAg ICAgICAgICAgcmVzdHJpY3Rpb25zIG9uIGV4cG9ydGluZyB0aGUgJ3NvdXJjZScgY29kZSBmb3Ig c3Ryb25nIGVuY3J5cHRpb24uDQoNCiJBIHVzZXIga2V5IHdpdGggYSBtaW5pbXVtIG9mIDE0IHJh bmRvbSBsZXR0ZXJzLCBvciA1IHNob3J0IHdvcmRzIHNlbGVjdGVkIGF0IHJhbmRvbSBmcm9tIGEg ZGljdGlvbmFyeSwgc2hvdWxkIGJlIHVzZWQgZm9yIG1lZGl1bSBzZWN1cml0eSAoNjQgYml0IGVu dHJvcHkpLiBGb3IgaGlnaCBzZWN1cml0eSwgdXNlIDIwIHJhbmRvbSBsZXR0ZXJzIG9yIHNldmVu IHJhbmRvbSB3b3Jkcy4gKDkwIGJpdCBlbnRyb3B5KS4iIC0gZnJvbSB0aGUgJ2d1cnVzJyBwYWdl DQp9DQpdDQoNCg0KDQo7KioqKiogc2V0LXVwDQpzeXN0ZW0vb3B0aW9ucy9iaW5hcnktYmFzZTog NjQgOyBiZXN0IGJpbmFyeSBlbmNvZGluZw0KDQpjaGVjay13b3JkOiAiVGhpcyBpcyBhIENpcGhl clNhYmVyIGZvciBSRUJPTCBFbmNyeXB0ZWQgRmlsZSINCjsqKioqKnRoaXMgaXMgdGhlIHN1Ympl Y3QgbGluZSBvZiBhbGwgZW1haWwgc2VudCBvciByZWNlaXZlZCBieSB0aGlzIHNjcmlwdCwgYWxs IG90aGVyIGVtYWlscyBhcmUgaWdub3JlZA0KDQo7KioqKioNCndyaXRlZmlsZTogZG9lcyBbDQoJ dW50aWwgWw0KCQlwcmludCAiXi9FbnRlciAgPyAgdG8gc2VlIGEgbGlzdCBvZiBmaWxlcyBpbiB0 aGUgY3VycmVudCBkaXJlY3RvcnkuIg0KCQlmaWxlb3V0OiB0by1maWxlIGFzayAiXi8gICAgU2F2 ZSB0byBmaWxlIG5hbWUgPyA6Pj4gIg0KCQlpZiBmaWxlb3V0ID0gJT8gW3ByaW50IFsiVGhlIGN1 cnJlbnQgZGlyZWN0b3J5IGlzICIgd2hhdC1kaXJdIGxpc3QtZGlyXQ0KCQlpZiBhbGwgW2V4aXN0 cz8gZmlsZW91dA0KCQkJKGxlbmd0aD8gZmlsZW91dCkgPD4gMA0KCQldIFsNCgkJCWlmIChhc2sg Il4vICAgIFRoYXQgZmlsZSBhbHJlYWR5IGV4aXN0cyEgT3ZlcndyaXRlID8gKHkvTikgOj4+ICIp ID0gInkiIFsNCgkJCQlpZiB3aGF0dG9kbyA9ICJkIiBbd3JpdGUvYmluYXJ5IGZpbGVvdXQgY2lw aGVydGV4dF0NCgkJCQlpZiB3aGF0dG9kbyA8PiAiZCIgW3dyaXRlIGZpbGVvdXQgZm9ybSBjaXBo ZXJ0ZXh0XQ0KCQkJCWV4aXQgOyB0aGlzIHdvcmtzIHNpbmNlIGNpcGhlciBpcyBhIGZ1bmN0aW9u IGNhbGxlZCBieSBhbm90aGVyIHNjcmlwdCBzZWN0aW9uDQoJCQldDQoJCV0NCgkJYWxsIFsNCgkJ CW5vdCBleGlzdHM/IGZpbGVvdXQNCgkJCShsZW5ndGg/IGZpbGVvdXQpIDw+IDANCgkJCWZpbGVv dXQgPD4gJT8NCgkJXQ0KCV0NCglpZiB3aGF0dG9kbyA9ICJkIiBbd3JpdGUvYmluYXJ5IGZpbGVv dXQgY2lwaGVydGV4dF0NCglpZiB3aGF0dG9kbyA8PiAiZCIgW3dyaXRlIGZpbGVvdXQgZm9ybSBj aXBoZXJ0ZXh0XQ0KXQ0KDQo7KioqKioNCnJlYWRmaWxlOiBkb2VzIFsNCglwcmludCAiXi9FbnRl ciAgPyAgdG8gc2VlIGEgbGlzdCBvZiBmaWxlcyBpbiB0aGUgY3VycmVudCBkaXJlY3RvcnkuIg0K CXVudGlsIFsNCgkJZmlsZWluOiB0by1maWxlIGFzayBqb2luIFtuZXdsaW5lIHRhYiAiV2hhdCBm aWxlIGRvIHlvdSB3YW50IHRvIl0gW2pvaW4gd2hhdGRvICI/IDo+PiAiXQ0KCQlpZiBmaWxlaW4g PSAlPyBbcHJpbnQgWyJUaGUgY3VycmVudCBkaXJlY3RvcnkgaXMgIiB3aGF0LWRpcl0gbGlzdC1k aXJdDQoJCWFsbCBbDQoJCQlleGlzdHM/IGZpbGVpbg0KCQkJKGxlbmd0aD8gZmlsZWluKSA8PiAw DQoJCV0NCgldDQoJaWYgd2hhdHRvZG8gPSAiZCIgWw0KCQlwYXJzZSByZWFkIGZpbGVpbiBbdGhy dSAiNjQjeyIgY29weSBwbGFpbnRleHQgdG8gIn0iXQ0KCQlpbnNlcnQgcGxhaW50ZXh0ICI2NCN7 Ig0KCQlhcHBlbmQgcGxhaW50ZXh0ICJ9Ig0KCQlwbGFpbnRleHQ6IGxvYWQgcGxhaW50ZXh0DQoJ XQ0KCWlmIHdoYXR0b2RvIDw+ICJkIiBbcGxhaW50ZXh0OiByZWFkL2JpbmFyeSBmaWxlaW5dDQpd DQoNCg0KOyBkZXRlcm1pbmUgIndobyIgdmFyaWFibGUgZm9yIHBhc3NwaHJhc2UsIHNlZSBwYXJ0 IDMgb2YgZW5naW5lDQp3aG9zZS1wYXNzOiBkb2VzIFsNCgllaXRoZXIgZmlsZS1tYWlsPyA9ICJm IiBbDQoJCXdobzogInRoaXMgZmlsZS4iDQoJXSBbDQoJCWVpdGhlciByZWNlaXZlLXNlbmQ/ID0g InIiIFsNCgkJCXdobzogbWFpbC9mcm9tDQoJCV0gWw0KCQkJd2hvOiBtYWlsdG8NCgkJXQ0KCV0N CglwcmludCBbbmV3bGluZSAiRW50ZXIgdGhlIHBhc3NwaHJhc2UgZm9yIiB3aG9dIDtydW4gZW5n aW5lIGFmdGVyIHRoaXMsIHdoaWNoIGFza3MgZm9yIHBhc3N3b3JkLCBjaGFuZ2UgbGF0ZXINCl0N CjtuZXdjaXBoZXIgKip2ZXJzaW9uIDMuMC4wKioqKioqICBiYXNlLTY0IGNvbXByZXNzaW9uIGFs cmVhZHkgYXJtb3JzIHRoZSBkYXRhOyByZW1vdmUgcGFydHMgMi1kZWNyeXB0IGFuZCBwYXJ0IDUt ZW5jcnlwdA0KDQo7KioqKipzdGFydCB0aGUgZW4tL2RlLWNyeXB0aW9uIGVuZ2luZSwgYSBtb2Rp ZmllZCAlY3MtcmVib2wuciwgdXNhZ2UgOiBwbGFpbnRleHQgaW4gLSBjaXBoZXJ0ZXh0IG91dCAo ZXZlbiBpZiBkZWNyeXB0aW5nKQ0KO2VuY3J5cHQgPT0+CWNvbXByZXNzCShyZW1vdmUpCWdldC1r ZXkJZW5jcnlwdAlub3RoaW5nCWNvbXByZXNzICANCjtwYXJ0CQkxCQkyCSAgICAgICAgIDMJICAg ICAgICAgNAkgICAgICAgICA1CSAgICA2DQo7ZGVjcnlwdCA9PT4JZGVjb21wcmVzcwlub3RoaW5n CWdldC1rZXkJZGVjcnlwdAkoYWRkKQkgICAgZGVjb21wcmVzcw0KDQo7c2VyaWVzIHN3YXAsIGRl ZmluZSBhIHN3YXBwaW5nIGZ1bmN0aW9uLCBuZWVkZWQgZm9yIGVuY3J5cHRpb24gZW5naW5lKioq KioqKg0Kcy1zd2FwOiBmdW5jIFsic3dhcHMgdGhlIGVsZW1lbnRzIG9mIHR3byBzZXJpZXMgYXQg dGhlIGdpdmVuIGluZGV4IHBvc2l0aW9ucyINCglhIFtzZXJpZXMhXSB7MXN0IHNlcmllc30NCglp bmRleC1hIFtpbnRlZ2VyIV0ge2luZGV4IHBvc2l0aW9uIHRvIHN3YXAgaW4gMXN0IHNlcmllc30N CgliIFtzZXJpZXMhXSB7Mm5kIHNlcmllc30NCglpbmRleC1iIFtpbnRlZ2VyIV0ge2luZGV4IHBv c2l0aW9uIHRvIHN3YXAgaW4gMm5kIHNlcmllc30NCgkvbG9jYWwgaG9sZGVyDQpdIFsNCglob2xk ZXI6IHBpY2sgYSBpbmRleC1hDQoJcG9rZSBhIGluZGV4LWEgcGljayBiIGluZGV4LWINCglwb2tl IGIgaW5kZXgtYiBob2xkZXINCglleGl0DQpdDQoNCmVuZ2luZTogZG9lcyBbO3N0YXJ0IGVuZ2lu ZQ0KDQoJO3BhcnQgMQ0KCWVpdGhlciB3aGF0dG9kbyA9ICJkIiBbOyBpZiBkZWNyeXB0aW5nIGRl Y29tcHJlc3MNCgkJcGxhaW50ZXh0OiBkZWNvbXByZXNzIHBsYWludGV4dA0KCV0gWw0KCQlwbGFp bnRleHQ6IGNvbXByZXNzIHBsYWludGV4dA0KCV0NCgk7cGFydCAyDQoJOyoqKioqKioqKioqKioq KiBteSBzdHVmZiBoZXJlLCBSRUJPTCBhZGRpdGlvbnMgdG8gY2lwaGVyc2FiZXIqKioqKioqKioq KioNCgk7KioqKioqKiB0aGlzIG9uZSBzaW1wbHkgY29tcHJlc3NlcyB0aGUgZGF0YSBiZWZvcmUg ZW5jcnlwdGlvbiBhbmQgYWdhaW4gYWZ0ZXIgZW5jcnlwdGlvbiBmb3IgYXJtb3JpbmcNCgk7aWYg ZGVjcnlwdGluZyB0aGVuIG5vdGhpbmcNCgk7aWYgZW5jcnlwdGluZyB0aGVuIHJlbW92ZSBpbmZv IGZyb20gY29tcHJlc3NlZCBkYXRhIHRoYXQgaXMgYWx3YXlzIHRoZSBzYW1lLCBhbmQgdGh1cyBh IHNlY3VyaXR5IHJpc2ssIGJlZm9yZSBlbmNyeXB0aW9uDQoJaWYgd2hhdHRvZG8gPSAiZSIgWw0K CQlyZW1vdmUvcGFydCBwbGFpbnRleHQgMiA7cmVtb3ZlcyAjNjR7ZUouLi59IG9yIHRvLWJpbmFy eSBbMTIwIDE1Nl0NCgldDQoJOyoqKioqKiBlbmQgb2YgYWRkaXRpb25zICoqKioqKioqKioqKioq KioqKiBidXQgc2VlIGJlbG93IGZvciBzZWNvbmQgc3RlcA0KDQoJO3BhcnQgMw0KCTsqKioqKm1h a2Ugb3IgZXh0cmFjdCBpbml0dmVjdG9yLCAgdGhlbiBzZXQgcGxhaW50ZXh0IGxlbmd0aA0KCWVp dGhlciB3aGF0dG9kbyA9ICJkIiBbDQoJCWluaXR2ZWN0b3I6IG1ha2UgYmxvY2shIDEwDQoJCWZv ciBuIDEgMTAgMSBbDQoJCQlhcHBlbmQgaW5pdHZlY3RvciB0by1jaGFyIChwaWNrIHBsYWludGV4 dCBuKQ0KCQldDQoJCXJlbW92ZS9wYXJ0IHBsYWludGV4dCAxMA0KCV0gWw0KCQlpbml0dmVjdG9y OiBtYWtlIGJsb2NrISAxMA0KDQoJCXJhbmRvbS9zZWVkIHRvLWludGVnZXIgY2hlY2tzdW0vc2Vj dXJlIGZvcm0gbm93IDsgcmVkdWNlcyBjaGFuY2VzIG9mIGRlY2lwaGVyaW5nIHRoZSBkYXRlIGZy b20gaW5pdHZlY3Rvcg0KCQlsb29wIDEwIFsNCgkJCWFwcGVuZCBpbml0dmVjdG9yIHRvLWNoYXIg KChyYW5kb20gMjU2KSAtIDEpIDtSRUJPTCdzIHJhbmRvbSBkb2VzIDEgdG8gTg0KCQldDQoJXQ0K DQoJcGxhaW50ZXh0bGVuZ3RoOiBsZW5ndGg/IHBsYWludGV4dA0KDQoJOyoqKioqZ2V0IHBhc3Nw aHJhc2UNCglwYXNzcGhyYXNlOiAiIg0KCXdoaWxlIFthbnkgWw0KCQkobGVuZ3RoPyBwYXNzcGhy YXNlKSA+IDI0Ng0KCQlwYXNzcGhyYXNlID0gIiINCgkJXQ0KCV1bDQoJCWlmIChsZW5ndGg/IHBh c3NwaHJhc2UpID4gMjQ2IFtwcmludCAiUGFzc3BocmFzZSBtdXN0IGJlIDI0NiBjaGFyYWN0ZXJz IG9yIGxlc3MiXQ0KCQlwYXNzcGhyYXNlOiBhc2svaGlkZSAicGFzc3BocmFzZSA6Pj4gIg0KCV0J DQoJOyoqKioqbWFrZSBrZXkNCglrZXk6IG1ha2UgYmxvY2shIFtdDQoJZm9yZWFjaCBsZXR0ZXIg cGFzc3BocmFzZSBbDQoJCWFwcGVuZCBrZXkgbGV0dGVyDQoJXQ0KCWFwcGVuZCBrZXkgaW5pdHZl Y3Rvcg0KCWtleWxlbmd0aDogbGVuZ3RoPyBrZXkNCg0KCTtwYXJ0IDQNCgk7KioqKiptYWtlIHN0 YXRlLCBhIGJsb2NrIGZyb20gMCB0byAyNTUsIGluIG9yZGVyDQoJc3RhdGU6IG1ha2UgYmxvY2sh IDI1Ng0KCWZvciBpIDAgMjU1IDEgW2FwcGVuZCBzdGF0ZSBpXQ0KDQoJOyoqKioqbWl4IHN0YXRl DQoJOyoqKioqKip0cnkgYSBjczIgdHlwZSBhZGRpdGlvbiwgbWl4aW5nIDMgdGltZXMNCglmb3Ig bnVtYmVyIDEgMyAxIFsNCgkJajogMCA7IHJlbWVtYmVyIGRvIDAgdG8gMjU1LCBub3QgMSB0byAy NTYNCgkJO2kgd2lsbCBpbmRleCBzdGF0ZSBpLmUuIGVhY2ggZWxlbWVudCBpcyBzdGF0ZShpKQ0K CQk7biBpcyB0aGUgaW5kZXggdG8gY3ljbGUgdGhydSB0aGUga2V5IChpIG1vZHVsbyBrZXlsZW5n dGgpDQoJCTtqIGlzIHRoZSAicmFuZG9tbHkiIGNob29zZW4gZWxlbWVudCBvZiBzdGF0ZQ0KDQoJ CWZvciBpIDAgMjU1IDEgWzsgbXVzdCBhZGQgKyAxIHRvIGluZGV4IGkgYXMgdGhlIGFycmF5cyBh cmUgYWNjZXNzZWQgMSAyIDMgLi4uIDI1NiANCgkJCTtpLmUuIGZpcnN0IGVsZW1lbnQgIjAiIGlz IGVsZW1lbnQgMSBub3QgZWxlbWVudCAwDQoJCQluOiBpIC8vIGtleWxlbmd0aA0KDQoJCQlzdGF0 ZS1pOiB0by1pbnRlZ2VyIHBpY2sgc3RhdGUgKGkgKyAxKQ0KCQkJa2V5LW46IHRvLWludGVnZXIg cGljayBrZXkgKG4gKyAxKQ0KDQoJCQlqOiAoaiArIHN0YXRlLWkgKyBrZXktbikgLy8gMjU2DQoN CgkJCXMtc3dhcCBzdGF0ZSAoaSArIDEpIHN0YXRlIChqICsgMSkNCg0KCQldIDtlbmQgb2YgZm9y DQoJXSA7KioqKiogZW5kIG9mICdmb3InIG9mIGNzMiBhZGRpdGlvbg0KDQoJOyoqKioqIHByb2R1 Y2UgdGhlIGNpcGhlcnRleHQNCglpOiBqOiBuOiAwDQoJY2lwaGVydGV4dDogbWFrZSBibG9jayEg W10gOyBjb250ZW50cyBvZiBmaWxlIGdvaW5nIG91dA0KDQoJaWYgd2hhdHRvZG8gPD4gImQiIFsN CgkJYXBwZW5kIGNpcGhlcnRleHQgaW5pdHZlY3Rvcg0KCV0NCg0KCWZvciBjb3VudCAwIChwbGFp bnRleHRsZW5ndGggLSAxKSAxIFsNCgkJaTogKChjb3VudCArIDEpIC8vIDI1NikgOyB0aGlzICIr MSIgaXMgc2hvd24sIGJ1dCBub3QgY2xlYXJseSwgb24gdGhlIGluc3RydWN0aW9ucw0KCQk7IHRo aXMgaXMgX25vdF8gYW4gaW5kZXhpbmcgYWRqdXN0bWVudCwgaXQgaXMgYW4gaW50ZWdyYWwgcGFy dCBvZiB0aGUgY2lwaGVyc2FiZXIgcHJvY2Vzcw0KDQoJCXN0YXRlLWk6IHBpY2sgc3RhdGUgKGkg KyAxKQ0KDQoJCWo6ICgoaiArIHN0YXRlLWkpIC8vIDI1NikNCg0KCQlzLXN3YXAgc3RhdGUgKGkg KyAxKSBzdGF0ZSAoaiArIDEpDQoNCgkJbjogKCgocGljayBzdGF0ZSAoaSArIDEpKSArIChwaWNr IHN0YXRlIChqICsgMSkpKSAvLyAyNTYpDQoNCgkJYXBwZW5kIGNpcGhlcnRleHQgKHhvciAodG8t Y2hhciBwaWNrIHN0YXRlIChuICsgMSkpICh0by1jaGFyIHBpY2sgcGxhaW50ZXh0IChjb3VudCAr IDEpKSkNCg0KCV0gO2VuZCBvZiBmb3IgDQoNCgk7cGFydCA1IGFuZCA2DQoJOyoqKioqKioqKioq Km15IGFkZGl0aW9ucyAqKioqKioqKioqKioqKioqDQoNCgk7aWYgZGVjcnlwdGluZyB0aGVuIGFk ZA0KCWlmIHdoYXR0b2RvID0gImQiIFsNCgkJO3B1dCBiYWNrIHRoZSBpbmZvIHRvIHRoZSBjb21w cmVzc2VkIGRhdGEsIGFmdGVyIG

 [2/6] from: ryanc:iesco-dms at: 31-Aug-2000 10:37


Looks like an encryption program I wrote a few years ago, but with some much needed enhancements. It will keep most people out, but it is still quite crackable. Basically all you need to do is try every password--automatically of course. Even easier is if someone sends a two files of the same type ,as bmp's for instance, it practically gives you the password. Of course in either case, knowing what types of files your dealing with is very valuable. I am sure the FBI could break it, and the CIA could cut right through it without much trouble. I definitely wouldn't call it a "Carnivore Buster." It is probably the exact type of thing they are looking for. On the other hand, Its really good though for keeping ISP's and hackers from reading your email. Why bother spending 5 weeks to decode someone's email? Most people wouldn't consider it, unless they were getting paid to do so. --Ryan [aparman--mail--com] wrote:
> With the recent talk about encryption I thought I'd send along this little script. For details read the header. > PLEASE READ THE HEADER OF THIS SCRIPT BEFORE USE!
<<quoted lines omitted: 9>>
> cipher-beta.r Type: REBOL Script (application/x-unknown-content-type-r_auto_file) > Encoding: base64
-- Ryan Cole Programmer Analyst www.iesco-dms.com 707-468-5400

 [3/6] from: civicminded4:y:ahoo at: 31-Aug-2000 12:35


--0-596516649-967750511=:26976 Content-Type: text/plain; charset=us-ascii Ryan, thank you for your response. I have a few comments/questions however... (let me preface all of this with the fact that I am not an encryption expert, or even a novice, I am going by my understanding of the info from the sites listed in the script and links therein. I am genuinely interested to hear comments about the strength od the ARC4 algorithm) --- [ryanc--iesco-dms--com] wrote: ...
> It will keep most > people out, but it is still quite crackable. > Basically all you need to do is try every > password--automatically of > course...
True, but that is true of _any_ encryption. If you choose a significantly long and random passphrase, then the time required to try every passphrase is _very_ large. You are speaking here of a brute-force attack. Given enough time and computing power any encryption is "crackable" by brute-force (excepting maybe the one-time pad?). Remember, this is based on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is brute-force "crackable", you can have a _much_ larger passphrase, as with this script you can choose the passphrase yourself [upto 246 ascii characters long. Even just using letters numbers and spaces you have 63 possible characters. 246 places with 63 possibilities each... 63^246 ... you do the math :) ] ...
> Even easier is if someone sends a two files > of the same type ,as bmp's for instance, it > practically gives > you the password.
How? Perhaps you mean if two files are sent with the same passphrase? This would be bad, but CipherSaber takes care of this by appending a random 10 character initialization vector to your passphrase, _greatly_ reducing the chances of two messages being sent with the same passphrase. See the CipherSaber site for details.
> I am sure the FBI could break it, and the CIA could > cut right through it without much trouble. I > definitely > wouldn't call it a "Carnivore Buster." It is > probably the exact type of thing they are looking > for.
Again, only brute-force "crackable" if you use a too-short, non-random passphrase. I doubt that with the volume of mail going through a Carnivore system, spending years (or even hours or minutes) to crack each and every one of millions of e-mails is worth the FBI or CIA's time or even within their budgets. Just pick a length of passphrase appropriate to the sensitivity of the data.
> On the other hand, Its really good though for > keeping ISP's and hackers from reading your email.
and your spouse, your boss, your business competitor... ;)
> Why bother spending > 5 weeks to decode someone's email? Most people > wouldn't consider it, unless they were getting paid > to do so.
Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very interested in knowing it. Both encryption and rebol are new to me and I would appreciate any feedback either on the algorithm or the workings of the script itself. --0-596516649-967750511=:26976 Content-Type: text/html; charset=us-ascii <P>Ryan, thank you for your response. I have a few comments/questions however...</P> <P>(let me preface all of this with the fact that I am not an encryption expert, or even a novice, I am going by my understanding of the info from the sites listed in the script and links therein.&nbsp; I am genuinely interested to hear comments about the strength od the ARC4 algorithm)</P> <P><BR>--- [ryanc--iesco-dms--com] wrote:&nbsp;<BR>&nbsp;... <BR>> It will keep most <BR>> people out, but it is still quite crackable. <BR>> Basically all you need to do is try every <BR>> password--automatically of <BR>> course...</P> <P>True, but that is true of _any_ encryption.&nbsp; If you choose a significantly long and random passphrase, then the time required to try every passphrase is _very_ large. You are speaking here of a brute-force attack. Given enough time and computing power any encryption is "crackable" by brute-force (excepting maybe the one-time pad?).&nbsp; Remember, this is based on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is brute-force "crackable", you can have a _much_ larger passphrase, as with this script you can choose the passphrase yourself [upto 246 ascii characters long.&nbsp; Even just using letters numbers and spaces you have 63 possible characters. 246 places with 63 possibilities each...&nbsp;&nbsp;63^246 ...&nbsp;you do the math :)&nbsp;&nbsp; ]</P> <P>...</P> <P>>&nbsp;Even easier is if someone sends a two files <BR>> of the same type ,as bmp's for instance, it <BR>> practically gives <BR>> you the password. </P> <P>How?</P> <P>Perhaps you mean if two files are sent with the same passphrase?&nbsp; This would be bad, but CipherSaber takes care of this by appending a random 10 character initialization vector to your passphrase, _greatly_ reducing the chances of two messages being sent with the same passphrase.&nbsp; See the CipherSaber site for details.</P> <P><BR>> I am sure the FBI could break it, and the CIA could <BR>> cut right through it without much trouble. I <BR>> definitely <BR>> wouldn't call it a "Carnivore Buster." It is <BR>> probably the exact type of thing they are looking <BR>> for.&nbsp;<BR></P> <P>Again, only brute-force "crackable" if you use a too-short, non-random passphrase.</P> <P>I doubt that with the volume of mail going through a Carnivore system, spending years (or even hours or minutes)&nbsp;to crack each and every one of millions of e-mails is worth the FBI or CIA's time or even within their budgets. Just pick a length of passphrase appropriate to the sensitivity of the data.</P> <P>&nbsp;<BR>> On the other hand, Its really good though for <BR>> keeping ISP's and hackers from reading your email. </P> <P>and your spouse, your boss, your business competitor...&nbsp; ;)</P> <P><BR>> Why bother spending <BR>> 5 weeks to decode someone's email? Most people <BR>> wouldn't consider it, unless they were getting paid <BR>> to do so.&nbsp;<BR></P> <P>Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very interested in knowing it.&nbsp; Both encryption and rebol are new to me and I would appreciate any feedback either on the algorithm or the workings of the script itself.</P> <P>&nbsp;</P> --0-596516649-967750511=:26976--

 [4/6] from: ryanc::iesco-dms::com at: 31-Aug-2000 19:43


> > It will keep most > > people out, but it is still quite crackable.
<<quoted lines omitted: 12>>
> letters numbers and spaces you have 63 possible characters. 246 places > with 63 possibilities each... 63^246 ... you do the math :) ]
Try common words first, 3000^50. Yet still, not a job for the light of heart. Though a common five word pass phrase is 3000^5, possibly doable by individuals... Of course a one common word pass phrase is not much work at all.
> > Even easier is if someone sends a two files > > of the same type ,as bmp's for instance, it > > practically gives > > you the password. > > How?
Actually I missed an important part of the algorithm where they swap data. While still possible, it makes it a ton more nasty. Coincidently, before noticing this, I came up with a encryption scheme last night that is similar. Ever read "The Hundredth Monkey"?
> > Perhaps you mean if two files are sent with the same passphrase? This > would be bad, but CipherSaber takes care of this by appending a random > 10 character initialization vector to your passphrase, _greatly_ > reducing the chances of two messages being sent with the same > passphrase. See the CipherSaber site for details. >
Off the hip, I could'nt figure out what they where doing here. Obviously it manages to decode it, thus making it irrelavent. Dont you agree?
> > > I am sure the FBI could break it, and the CIA could > > cut right through it without much trouble. I > > definitely > > wouldn't call it a "Carnivore Buster." It is > > probably the exact type of thing they are looking > > for. >
Sending encrypted files is suspicious. Want to get investigated by the CIA? Send one of these to the Chinese Consolate.
> Again, only brute-force "crackable" if you use a too-short, non-random > passphrase.
<<quoted lines omitted: 3>>
> their budgets. Just pick a length of passphrase appropriate to the > sensitivity of the data.
I am sure they dont decode them all, especially the FBI. Although if you score enough points with either one, they might start decoding yours. In this duscussion we have probably gained 20 points each!
> > On the other hand, Its really good though for > > keeping ISP's and hackers from reading your email.
<<quoted lines omitted: 7>>
> new to me and I would appreciate any feedback either on the algorithm > or the workings of the script itself.
I dont have cracking scheme off hand. I saw no mention of a RC4 crack (other than brute force) with a google search either. I would'nt rule out the possiblility of a crack or partial crack in existance though. I suppose in some circumstances knowing file type could give you enough to crack a password, but I could'nt say for sure without closer inspection. We can assume for the time being that a 6 or more word passphrase is beyond the reach of your average single mortal hacker. I still would not recommend to put it to the test of any major governments. Probably more than sufficient protection from the IRS though. Police too--I have heard of an instance where they could'nt even crack a zip file password. Have you thought of making this into an object or command line interface. In a /View based office environment, I could defineatly see a use for this type of thing. As a sort of text filter. It could work beside other text filters that format REBOL, check spelling, check HTML, etc. Your header could go in the about box of whatever application that uses it. --Ryan Ryan Cole Programmer Analyst www.iesco-dms.com 707-468-5400

 [5/6] from: civicminded4:yah:oo at: 9-Sep-2000 6:33


--0-1957747793-968506429=:28100 Content-Type: text/plain; charset=us-ascii Regarding the strength of the cipher-beta.r script recently posted: (this will be my last post to the rebol group on this topic, since it is now about encryption and not rebol, future correspondance will be sent directly to you Ryan, if that is ok? I just felt I had to defend the script one more time) Basically, Ryan is concerned that this encryption is crackable because you can just try every passphrase. I don't see that as a particular problem (see below) and especially I do not see this as a special problem of this particular algorithm. Ryan, don't your comments apply to _any_ encryption scheme if you don't use a good passphrase? [ryanc--iesco-dms--com] wrote:
> > It will keep most > > people out, but it is still quite crackable. > > Basically all you need to do is try every > > password--automatically of > > course... >
True, but that is true of _any_ encryption.
>Try common words first, 3000^50. Yet still, not a job for the light of >heart. Though a common five word pass phrase is 3000^5, possibly doable >by individuals... Of course a one common word pass phrase is not much >work at all.
See my calculations below. -Alan
> Perhaps you mean if two files are sent with the same passphrase? This > would be bad, but CipherSaber takes care of this by appending a random
<<quoted lines omitted: 3>>
>>Off the hip, I could'nt figure out what they where doing here. >>Obviously it manages to decode it, thus making it irrelavent. Dont you agree?
You are missing the point of the initvector. It keeps two messages from being encrypted with the same output stream from the state array. If two messages are encoded with the same stream, then you can xor them and get rid of the stream (xor is reversible). Then if you know one message or part of one message, you can xor and get the other message or part of it.
> > I am sure the FBI could break it, and the CIA could > > cut right through it without much trouble. I definitely
<<quoted lines omitted: 7>>
>>heard of an instance where they could'nt even crack a zip file >>password.
Ryan, check out the attached table (and check my math, I did this rather quickly!) -Alan I still say this script is the Carnivore Buster! ;) -Alan
>Have you thought of making this into an object or command line >interface. In a /View based office environment, I could defineatly see >a use for this type of thing. As a sort of text filter. It could work >beside other text filters that format REBOL, check spelling, check >HTML, etc. Your header could go in the about box of whatever application that >uses it.
In the works. Table follows: number of characters Size of passphrase number of bits in passphrase to choose from (246 maximum) bits=number * log2 size (many common encryption schemes in use now use 40, 56, or 128 bit encryption) using lower case letters 26 5 23.50 26 10 47.00 26 15 70.51 26 50 235.02 26 100 470.04 26 246 1156.31 lower and upper case and space 53 5 28.64 53 10 57.28 53 15 85.92 53 50 286.40 53 100 572.79 53 246 1409.07 l & u and space and numbers 63 5 29.89 63 10 59.77 63 15 89.66 63 50 298.86 63 100 597.73 63 246 1470.41 all 'keyboard' characters 95 5 32.85 95 10 65.70 95 15 98.55 95 50 328.49 ** 95 100 656.99 95 246 1616.18 ** all ascii characters 256 5 40.00 256 10 80.00 256 15 120.00 256 50 400.00 256 100 800.00 256 246 1968.00 MAXIMUM 3000 common words 3000 5 57.75 ** 3000 10 115.51 3000 15 173.26 3000 50 577.54 * * Diceware 7776 5 64.62 7776 10 129.25 7776 15 193.87 7776 50 646.24 * * * passphrase may contain 246 characters maximum. Number of words depends on size of the words. If words average 4 to 5 letters long, then can have about 50 words. You can increase the entropy of the 3000 common words and the Diceware words by using capitals and punctuation (all the non-alphanumeric keyboard characters). ** An example of what this means. Using 246 keyboard characters, it would take a computer that could test 1 million passphrases per second, 5.25 x 10**472 years to brute-force guess your passphrase. A more realistic example, 50 keyboard characters --- 1.22 x 10**85 years. The age of the universe is about 5 x 10**9 years. And I believe the total number of elemental particles (protons neutrons electrons) is on the order of 10**40 (can't remember where I read this). 5 of 3000 common words --- 3.8527 x 10**3 years Of course, faster computers will reduce these numbers. Can your computer do 1 billion passphrases per second? Reduce the _exponents_ of the above numbers by 3. 5 of 3000 common words would take nearly 4 years With a 1 billion passphrase per second computer. To decode _1_ encrypted message. The Carnivore Buster. --0-1957747793-968506429=:28100 Content-Type: text/html; charset=us-ascii <P>&nbsp;Regarding the strength of the cipher-beta.r script recently posted:<BR><BR> <BR>(this will be my last post to the rebol group on this topic, since it <BR>is now about encryption and not rebol, future correspondance will be <BR>sent directly to you Ryan, if that is ok?&nbsp; I just felt I had to defend the <BR>script one more time)<BR><BR>Basically, Ryan is concerned that this encryption is crackable because <BR>you can just try every passphrase.<BR><BR>I don't see that as a particular problem (see below) and especially I <BR>do not see this as a special problem of this particular algorithm.&nbsp; </P> <P><BR>Ryan, don't your comments apply to _any_ encryption scheme if you don't use <BR>a good passphrase?<BR><BR><BR><A href="http://us.f63.mail.yahoo.com/ym/Compose?To=[ryanc--iesco-dms--com]&amp;YY=5521&amp;order=down&amp;sort=date&amp;pos=0">[ryanc--iesco-dms--com]</A> wrote:<BR><BR><BR>> > It will keep most<BR>> > people out, but it is still quite crackable.<BR>> > Basically all you need to do is try every<BR>> > password--automatically of<BR>> > course...<BR>><BR>&nbsp;True, but that is true of _any_ encryption.<BR><BR>>Try common words first, 3000^50. Yet still, not a job for the light of<BR>>heart. Though a common five word pass phrase is 3000^5, possibly doable<BR>>by individuals... Of course a one common word pass phrase is not much<BR>>work at all.<BR><BR>See my calculations below. -Alan<BR><BR><BR><BR>> Perhaps you mean if two files are sent with the same passphrase? This<BR>> would be bad, but CipherSaber takes care of t! hi! s by appending a random<BR>> 10 character initialization vector to your passphrase, _greatly_<BR>> reducing the chances of two messages being sent with the same<BR>> passphrase. See the CipherSaber site for details.<BR>><BR><BR>>>Off the hip, I could'nt figure out what they where doing here. <BR>>>Obviously it manages to decode it, thus making it irrelavent. Dont you agree?<BR><BR>You are missing the point of the initvector.&nbsp; It keeps two messages <BR>from being encrypted with the same output stream from the state array.&nbsp; <BR>If two messages are encoded with the same stream, then you can xor them <BR>and get rid of the stream (xor is reversible). Then if you know one <BR>message or part of one message, you can xor and get the other message <BR>or part of it.<BR><BR><BR><BR>> > I am sure the FBI could break it, and the CIA could<BR>> > cut right through it without much trouble. I definitely<BR>> > wouldn't call it a "Carnivo! re! Buster." It is<BR>> > probably the exact type of thing they are looking<BR>> > for.<BR>><BR><BR>>>We can assume for the time being that a 6 or more word passphrase is<BR>>>beyond the reach of your average single mortal hacker. I still would<BR>>>not recommend to put it to the test of any major governments. Probably<BR>>>more than sufficient protection from the IRS though. Police too--I have<BR>>>heard of an instance where they could'nt even crack a zip file <BR>>>password.<BR><BR><BR>Ryan, check out the attached table (and check my math, I did this <BR>rather quickly!) -Alan<BR></P> <P>I still say this script is the Carnivore Buster!&nbsp; ;) -Alan<BR><BR><BR>>Have you thought of making this into an object or command line<BR>>interface. In a /View based office environment, I could defineatly see <BR>>a use for this type of thing. As a sort of text filter. It could work<BR>>beside other text filters that format REBOL, check spelling, check <BR>>HTML, etc. Your header could go in the about box of whatever application that<BR>>uses it.<BR><BR><BR><BR>In the works.<BR></P> <P><BR>Table follows:</P> <P>number of characters&nbsp; Size of passphrase number of bits in passphrase&nbsp;<BR> to choose from (246 maximum) bits=number * log2 size<BR>&nbsp;(many common encryption schemes in&nbsp;use&nbsp;now use 40, 56, or 128 bit encryption)</P> <P>using lower case letters</P> <P>26 5 23.50 <BR> 26 10 47.00 <BR> 26 15 70.51 <BR> 26 50 235.02 <BR> 26 100 470.04 <BR> 26 246 1156.31 <BR><BR>lower and upper case and space</P> <P>53 5 28.64 <BR> 53 10 57.28 <BR> 53 15 85.92 <BR> 53 50 286.40 <BR> 53 100 572.79 <BR> 53 246 1409.07 <BR><BR>l &amp; u and space and numbers</P> <P>63 5 29.89 <BR> 63 10 59.77 <BR> 63 15 89.66 <BR> 63 50 298.86 <BR> 63 100 597.73 <BR> 63 246 1470.41 <BR><BR>all 'keyboard' characters</P> <P>95 5 32.85 <BR> 95 10 65.70 <BR> 95 15 98.55 <BR> 95 50 328.49 **<BR> 95 100 656.99 <BR> 95 246 1616.18 **<BR><BR>all ascii characters</P> <P>256 5 40.00 <BR> 256 10 80.00 <BR> 256 15 120.00<BR> 256 50 400.00<BR> 256 100 800.00<BR> 256 246 1968.00 MAXIMUM<BR><BR>3000 common words</P> <P>3000 5 57.75 **<BR> 3000 10 115.51<BR> 3000 15 173.26<BR> 3000 50 577.54<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; * <BR>Diceware</P> <P>7776 5 64.62<BR> 7776 10 129.25<BR> 7776 15 193.87<BR> 7776 50 646.24<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; *&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; * <BR>*&nbsp; passphrase may contain 246 characters maximum.&nbsp; Number of words <BR>depends on size of the words. If words average 4 to 5 letters long, then <BR>can have about 50 words. <BR>You can increase the entropy of the 3000 common words and the Diceware <BR>words by using capitals and punctuation (all the non-alphanumeric <BR>keyboard characters). <BR> <BR>** An example of what this means.&nbsp; Using 246 keyboard characters, it <BR>would take a computer that could test 1 million passphrases per second, <BR>5.25 x 10**472 years to brute-force guess your passphrase.<BR><BR>A more realistic example,&nbsp; 50 keyboard characters --- 1.22 x 10**! 85! years.<BR><BR>The age of the universe is about 5 x 10**9 years.&nbsp; <BR>And I believe the total number of elemental particles (protons neutrons <BR>electrons) is on the order of 10**40 (can't remember where I read <BR>this).<BR><BR>5 of 3000 common words --- 3.8527 x 10**3 years<BR><BR>Of course, faster computers will reduce these numbers.&nbsp; Can your <BR>computer do 1 billion passphrases per second? <BR>Reduce the _exponents_ of the above numbers by 3.<BR><BR>5 of 3000 common words would take nearly 4 years</P> <P>With a 1 billion passphrase per second computer.<BR><BR>To decode _1_ encrypted message.<BR><BR>The Carnivore Buster.</P> --0-1957747793-968506429=:28100--

 [6/6] from: ryanc:iesco-dms at: 11-Sep-2000 17:32


Carnivore buster or Carnivore bait, I think we both agree this paper to be accurate: http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii --Ryan * Ryan Cole * Programmer Analyst www.iesco-dms.com 707-468-5400 Thought is free. -William Shakespeare

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted