Encryption with REBOL
[1/6] from: aparman:mail at: 30-Aug-2000 23:36
[--383836798--967693005289--JavaMail--root--web431-mc--mail--com]
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
With the recent talk about encryption I thought I'd send along this little script. For
details read the header.
PLEASE READ THE HEADER OF THIS SCRIPT BEFORE USE!
It will send and receive encrypted email, and encrypt or decrypt any file.
I consider it beta, and would appreciate any feedback.
Any one who uses it may modify it, but please email me with a copy of your enhancements.
I retain all my rights of original authorship on this script, but make no claims as to
it's use.
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
[--383836798--967693005289--JavaMail--root--web431-mc--mail--com]
Content-Type: application/octet-stream; name=cipher-beta.r
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=cipher-beta.r
Content-ID: cipher-beta.r
O1RoaXMgaXMgYSBSRUJPTC9Db3JlIFNjcmlwdC4gIFJFQk9MIGlzIGVhc3ksIGZyZWUsIGFuZCBj
b29sLiAgd3d3LnJlYm9sLmNvbQ0KO3tiaXRzIGFuZCBwaWVjZXMgdGFrZW4gZnJvbSBzZXZlcmFs
IHNjcmlwdHMuIG15IGFwb2xvZ2llcyBhbmQgdGhhbmtzIHRvIHRoZSBvdGhlciBhdXRob3JzfQ0K
DQpSRUJPTCBbDQoJZmlsZTogJWNpcGhlci5yDQoJdGl0bGU6ICJDaXBoZXJTYWJlciBmb3IgUkVC
T0wgRW5jcnlwdGlvbiAoY2lwaGVyKSINCglhdXRob3I6ICJhbGFuIHBhcm1hbiINCgllbWFpbDog
YXBhcm1hbkBtYWlsLmNvbQ0KCXZlcnNpb246IDAuMy4wDQoJbmVlZHM6IDIuMy4wLjMuMQ0KCWRh
dGU6IDktQXVnLTIwMDAvMTE6NTA6NDgtNDowMA0KCWhpc3Rvcnk6IHt2ZXJzaW9uIDAuMy4wIHdp
bGwgYmUgYWZ0ZXIgYmV0YSB0ZXN0aW5nDQpTb21lIGNoYW5nZXMgYnkgbWU6IHJldmFtcGVkIHJl
YWRmaWxlIGFuZCB3cml0ZWZpbGUsIHRoZXNlIGFyZSBub3Qgc28gbXVjaCBvZiBhIGhhY2sgbm93
Lg0KUmV2YW1wIG9mIGVuZ2luZTogYmFzZS02NCBjb21wcmVzc2lvbiBhbHJlYWR5IGFybW9ycyBk
YXRhIHNvIGNoYW5nZWQsIGVuZ2luZSBhbmQgcmVhZGZpbGUgd3JpdGVmaWxlICh0aGVzZSBub3cg
ZG8gZGlmZmVyZW50IHRoaW5ncyBkZXBlbmRpbmcgb24gZW5jcnlwdGlvbiBvciBkZWNyeXB0aW9u
KS4gIFJld29ya2VkIHNlY3Rpb24gb24gc2F2aW5nIGVuY3J5cHRlZCBmaWxlcywgbm93IGFsbCB3
cml0ZSBwcm9jZWR1cmVzIGhhbmRsZWQgYnkgd3JpdGVmaWxlLg0KQWRkZWQgcGFyc2luZyB0byBy
ZWFkZmlsZSBhbmQgbWFpbC9jb250ZW50IG9mIG1haWwgcmVjZWl2ZS4gIE5vdyB0ZXh0IG91dHNp
ZGUgdGhlIGVuY3J5cHRlZCBkYXRhICg2NCN7Li4ufSkgaXMgaWdub3JlZCwgc28geW91IGNhbiBh
ZGQgeW91ciBvd24gcHJlIG9yIHBvc3QgbWVzc2FnZSwgb3IgaWYgeW91ciBtYWlsIHNlcnZlciBh
ZGRzIG1lc3NhZ2VzIChpLmUuIHlhaG9vKSBpdCBpcyBpZ25vcmVkLg0KQWRkZWQgcXVlcnkgdG8g
bGlzdCBjb250ZW50cyBvZiBjdXJyZW50IGRpcmVjdG9yeSB3aGVuIGRvaW5nIHJlYWRmaWxlIG9y
IHdyaXRlZmlsZS4NCg0KdmVyc2lvbiAwLjIuMyBtaW5vciBjbGVhbnVwLCBhZGRlZCBlcnJvciBj
aGVja2luZyB3aGVuIHdyaXRpbmcgYSBmaWxlICh3cml0ZWZpbGUpDQp2ZXJzaW9uIDAuMi4zIG1p
bm9yIHNlY3VyaXR5IHVwZGF0ZSBpbiB0aGUgY2xlYXJzdHVmZiB3b3JkLCBhZGRlZCBtb3JlIGVy
cm9yIGNoZWNraW5nIHdoZW4gYXNraW5nIGZvciBmaWxlIHRvIHJlYWQgKHJlYWRmaWxlKS4gDQp2
ZXJzaW9uIDAuMi4xIG5vdyBhdXRvbWF0aWNhbGx5IGFza3MgZm9yIHBvcCBhbmQgc210cCBpbmZv
IGlmIG5vdCBhbHJlYWR5IHNldCB1cCBpbiB1c2VyLnINCnZlcnNpb24gMC4yLjAgYWRkZWQgc29t
ZSBlbGVtZW50YXJ5IGVycm9yIGNoZWNraW5nIHRvIHRoZSBwYXNzcGhyYXNlLWRlY3J5cHRpb24t
ZGVjb21wcmVzc2lvbiBhcmVhcy4gIEF0IGxlYXN0IG5vdyB5b3UgYXJlbid0IHRocm93biBvdXQg
b2YgdGhlIHNjcmlwdCBpZiB5b3UgZW50ZXIgYW4gaW5jb3JyZWN0IGRlY3J5cHRpb24gcGFzc3Bo
cmFzZQ0KfQ0KCXB1cnBvc2U6ICJTZW5kcyBhbmQgcmVjZWl2ZXMgQVJDNCBlbmNyeXB0ZWQgZW1h
aWwsIGFuZCBkZS9lbmNyeXB0cyBmaWxlcy4iDQoJY2F0ZWdvcnk6ICdlbWFpbA0KCWNvbW1lbnQ6
IHtUaGlzIHNjcmlwdCB1c2VzIHRoZSBzYW1lIFJDNCBzdHJvbmcgZW5jcnlwdGlvbiBhbGdvcml0
aG0gYXMgaW4gcG9wdWxhciBpbnRlcm5ldC9lbWFpbCBjbGllbnRzLiAgSXQgdXNlcyBhIHN5bW1l
dHJpYyBrZXkgKGVuY3J5cHRpb24gYW5kIGRlY3J5cHRpb24gdXNlIHRoZSBzYW1lIGtleSkgd2hp
Y2ggZG9lcyBub3QgaGF2ZSB0byBiZSBzdG9yZWQgb24tbGluZSBhcyBpbiBwdWJsaWMga2V5IHN5
c3RlbXMuICBUaGUga2V5IGNhbiBiZSB1cHRvIDI0NiBjaGFyYWN0ZXJzIGluIGxlbmd0aCwgYW5k
LCBkZXBlbmRpbmcgb24gaG93IHdlbGwgeW91IHNlbGVjdCB5b3VyIGtleSwgY2FuIHByb3ZpZGUg
ZW5jcnlwdGlvbiBzdHJlbmd0aCBtdWNoIGdyZWF0ZXIgdGhhbiAxMjggYml0Lg0KDQpTaW5jZSB0
aGlzIGlzIGEgUkVCT0wgc2NyaXB0LCBpdCBwcm92aWRlcyBhIHBlcnNvbmFsIHN0cm9uZyBlbmNy
eXB0aW9uIHByb2R1Y3QgdGhhdCB3aWxsIHdvcmsgb24gYW55dGhpbmcgUkVCT0wgd2lsbCBydW4g
b24uICBObyByZWxpYW5jZSBvbiBwcm9ncmFtcyBmb3Igd2hpY2ggeW91IGhhdmUgbmV2ZXIgc2Vl
biB0aGUgc291cmNlIGNvZGUsIG5vIHJlc3RyaWN0aW9ucyB0byA0MCBiaXQga2V5cywgbm8gcHVi
bGljIHN0b3JhZ2Ugb2YgeW91ciBrZXksIG5vIHBheW1lbnQgZm9yIGRpZ2l0YWwgaS5kLidzLCBu
byB3YXkgZm9yIHRoZSBnb3Zlcm5tZW50IHRvIHRha2UgYXdheSB5b3VyIHByaXZhY3kgcmlnaHRz
Lg0KDQpUaGlzIHNjcmlwdCBpcyAiVGhlIENhcm5pdm9yZSBCdXN0ZXIiIJkuDQoNCllvdSBuZWVk
IG5vdCByZXN0cmljdCB5b3Vyc2VsZiB0byBlbWFpbDogdGhlIHNjcmlwdCB3aWxsIGVuY3J5cHQg
YW55IHR5cGUgb2YgZmlsZSwgYW5kIHlvdSBoYXZlIG9wdGlvbnMgZm9yIHNhdmluZyB0aGUgZW5j
cnlwdGVkIGZpbGVzIHRvIHlvdXIgaGFyZGRpc2suDQoNCkRvIG5vdCBjb25mdXNlIHRoaXMgZW5j
cnlwdGlvbiB3aXRoIG90aGVycyB5b3UgbWF5IHNlZSBhcyBDaXBoZXJTYWJlciAodXNpbmcgdGhl
ICouY3MxIG9yIC5jczIgZXh0ZW5zaW9uKS4gIFdoaWxlIGl0IHVzZXMgdGhlIHNhbWUgYmFzaWMg
ZW5jcnlwdGlvbiBlbmdpbmUsIEkgaGF2ZSBtb2RpZmllZCBpdCBmb3Igc3BlY2lmaWMgdXNlIHdp
dGggUkVCT0wncyBzdHJlbmd0aHMuICBGaWxlcyAobm90IGVtYWlsKSBwcm9kdWNlZCB3aXRoIHRo
aXMgc2NyaXB0IHNob3VsZCB1c2UgdGhlICouY3NyIGV4dGVuc2lvbiAoQ2lwaGVyU2FiZXIgZm9y
IFJlYm9sKS4gIChOb3RlOiBJIGhhdmUgbm90IHRhbXBlcmVkIHdpdGggdGhlIFJDNCBhbGdvcml0
aG0gaW4gYW55IHdheSBleGNlcHQgYnk7IDEgLSBjb21wcmVzc2luZyB0aGUgcGxhaW50ZXh0IHBy
aW9yIHRvIGVuY3J5cHRpb24gKHNob3VsZCBzdHJlbmd0aGVuIHRoZSBlbmNyeXB0aW9uKSwgYW5k
IDIgLSB0byBtaXggdGhlIGluaXRpYWwga2V5IHN0YXRlIHRocmVlIHRpbWVzIHJhdGhlciB0aGFu
IG9uY2UgKGEgY2lwaGVyc2FiZXItMiBhZGRpdGlvbiwgd2hpY2ggc2hvdWxkIGFsc28gc2hvdWxk
IHN0cmVuZ3RoZW4gdGhlIGVuY3J5cHRpb24pLiBBbGwgb2YgdGhlIG90aGVyIGNoYW5nZXMgYXJl
IGRvbmUgYWZ0ZXIgZW5jcnlwdGlvbjogSSAiYXJtb3IiIHRoZSBjaXBoZXJ0ZXh0IHdpdGggYmFz
ZS02NCBjb21wcmVzc2lvbiAoYXMgb2YgdmVyc2lvbiAzLjAuMCB0aGUgcmVhZGZpbGUgd3JpdGVm
aWxlIHJvdXRpbmVzIGhhdmUgYmVlbiBjaGFuZ2VkIHRvIGFjdHVhbGx5IHJlYWQvd3JpdGUgdGhl
ICJhcm1vdXJlZCIgY2lwaGVydGV4dCkuICBBcm1vcmluZyBjaGFuZ2VzIGFsbCB0aGUgY2hhcmFj
dGVycyBvZiB0aGUgY2lwaGVydGV4dCB0byBwcmludGFibGUgY2hhcmFjdGVycyAoaW4gdGhpcyBj
YXNlLCBsZXR0ZXJzLCBudW1iZXJzIGFuZCAiLyIgYW5kICIrIiwgdGhlIGJhc2UtNjQgYWxwaGFi
ZXQpLiBBcm1vcmluZyBpcyBkb25lIHNvIHRoYXQgYW4gZW5jcnlwdGVkIGZpbGUgbWF5IGJlIHBy
aW50ZWQgYW5kIHRyYW5zbWl0dGVkIG9uIHBhcGVyIG9yIGZheC4gDQoNCklmIHlvdSB3aXNoIHRv
IGRlY3J5cHQgZmlsZXMgbWFkZSB3aXRoIG90aGVyIENpcGhlclNhYmVyIHByb2R1Y3RzIChleHRl
bnNpb24gLmNzMSBvciAuY3MyKSB1c2UgbXkgc2NyaXB0ICJjaXBoZXJzYWJlci5yIi4NCn0NCg0K
CVJFQURNRTogew0KICAgICAgICAgICAgVGhpcyBpcyBhIFJFQk9MIGltcGxlbWVudGF0aW9uIG9m
IHRoZSBzdHJvbmcgZW5jcnlwdGlvbiBhbGdvcml0aG0NCiAgICAgICAgICAgIGtub3duIGFzIEFS
Q0ZPVVIsIHN1cHBvc2VkbHkgaWRlbnRpY2FsIHRvIFJDNCBmcm9tIFJTQSBTZWN1cml0eS4NCiAg
ICAgICAgICAgIEFsbCB0aGUgaW5mb3JtYXRpb24gdG8gbWFrZSB0aGUgZW5jcnlwdGlvbiBlbmdp
bmUgd2FzIHRha2VuIGZyb20gdGhlIHNpdGVzDQogICAgICAgICAgICBodHRwOi8vY2lwaGVyc2Fi
ZXIuZ3VydXMuY29tLywgDQogICAgICAgICAgICB0aGUgR2VuZXJhbCBGcmVuZXRpY3MgcGFnZXMg
DQogICAgICAgICAgICBodHRwOi8vd3d3LmxvZHoucGRpLm5ldC9+ZXJpc3RpYy9mcmVlL2NpcGhl
cnNhYmVyLmh0bWwsDQogICAgICAgICAgICBhbmQgdGhlIGxpbmtzIHRoZXJlaW4uIEkgaGF2ZSBm
b2xsb3dlZCBjbG9zZWx5IHRoZSBub3RhdGlvbiBmcm9tDQogICAgICAgICAgICBodHRwOi8vd3d3
LnhzNGFsbC5ubC9+Y2cvY2lwaGVyc2FiZXIvbmF0L2VuLmh0bWwuDQoNCiAgICAgICAgICAgICoq
KioqIFRoaXMgc2NyaXB0IGlzIHByb3ZpZGVkIGFzIGlzIGFuZCBJIG1ha2Ugbm8gY2xhaW1zIGFi
b3V0IGl0cw0KICAgICAgICAgICAgdXNlIG9yIGFjY3VyYWN5IG9yIGludGVuZGVkIHB1cnBvc2Uh
ISENCiAgICAgICAgICAgICoqKioqIElmIHRoZSBpbmZvcm1hdGlvbiBvZiB0aGUgYWJvdmUgbWVu
dGlvbmVkIHBhZ2VzIGlzIGNvcnJlY3QsIA0KICAgICAgICAgICAgYW5kIGlmIHRoaXMgc2NyaXB0
IGRvZXMgd2hhdCBpdCBpcyBzdXBwb3NlZCB0bywgdGhlbi4uLg0KDQogICAgICAgICAgICAqKioq
KiBETyBOT1QgRVhQT1JUIFRISVMgU0NSSVBUIE9VVFNJREUgT0YgVEhFIFVOSVRFRCBTVEFURVMs
DQogICAgICAgICAgICBhcyBpdCBjYW4gcG9zc2libHksIHdpdGggdGhlIHByb3BlciBwYXNzcGhy
YXNlLCBwcm92aWRlIGVuY3J5cHRpb24gc3RyZW5ndGgNCiAgICAgICAgICAgIGdyZWF0ZXIgdGhh
biA0MC1iaXQuICBJJ20gbm8gbGF3eWVyLCBhbmQgZG9uJ3Qga25vdyB0aGUgY3VycmVudA0KICAg
ICAgICAgICAgcmVzdHJpY3Rpb25zIG9uIGV4cG9ydGluZyB0aGUgJ3NvdXJjZScgY29kZSBmb3Ig
c3Ryb25nIGVuY3J5cHRpb24uDQoNCiJBIHVzZXIga2V5IHdpdGggYSBtaW5pbXVtIG9mIDE0IHJh
bmRvbSBsZXR0ZXJzLCBvciA1IHNob3J0IHdvcmRzIHNlbGVjdGVkIGF0IHJhbmRvbSBmcm9tIGEg
ZGljdGlvbmFyeSwgc2hvdWxkIGJlIHVzZWQgZm9yIG1lZGl1bSBzZWN1cml0eSAoNjQgYml0IGVu
dHJvcHkpLiBGb3IgaGlnaCBzZWN1cml0eSwgdXNlIDIwIHJhbmRvbSBsZXR0ZXJzIG9yIHNldmVu
IHJhbmRvbSB3b3Jkcy4gKDkwIGJpdCBlbnRyb3B5KS4iIC0gZnJvbSB0aGUgJ2d1cnVzJyBwYWdl
DQp9DQpdDQoNCg0KDQo7KioqKiogc2V0LXVwDQpzeXN0ZW0vb3B0aW9ucy9iaW5hcnktYmFzZTog
NjQgOyBiZXN0IGJpbmFyeSBlbmNvZGluZw0KDQpjaGVjay13b3JkOiAiVGhpcyBpcyBhIENpcGhl
clNhYmVyIGZvciBSRUJPTCBFbmNyeXB0ZWQgRmlsZSINCjsqKioqKnRoaXMgaXMgdGhlIHN1Ympl
Y3QgbGluZSBvZiBhbGwgZW1haWwgc2VudCBvciByZWNlaXZlZCBieSB0aGlzIHNjcmlwdCwgYWxs
IG90aGVyIGVtYWlscyBhcmUgaWdub3JlZA0KDQo7KioqKioNCndyaXRlZmlsZTogZG9lcyBbDQoJ
dW50aWwgWw0KCQlwcmludCAiXi9FbnRlciAgPyAgdG8gc2VlIGEgbGlzdCBvZiBmaWxlcyBpbiB0
aGUgY3VycmVudCBkaXJlY3RvcnkuIg0KCQlmaWxlb3V0OiB0by1maWxlIGFzayAiXi8gICAgU2F2
ZSB0byBmaWxlIG5hbWUgPyA6Pj4gIg0KCQlpZiBmaWxlb3V0ID0gJT8gW3ByaW50IFsiVGhlIGN1
cnJlbnQgZGlyZWN0b3J5IGlzICIgd2hhdC1kaXJdIGxpc3QtZGlyXQ0KCQlpZiBhbGwgW2V4aXN0
cz8gZmlsZW91dA0KCQkJKGxlbmd0aD8gZmlsZW91dCkgPD4gMA0KCQldIFsNCgkJCWlmIChhc2sg
Il4vICAgIFRoYXQgZmlsZSBhbHJlYWR5IGV4aXN0cyEgT3ZlcndyaXRlID8gKHkvTikgOj4+ICIp
ID0gInkiIFsNCgkJCQlpZiB3aGF0dG9kbyA9ICJkIiBbd3JpdGUvYmluYXJ5IGZpbGVvdXQgY2lw
aGVydGV4dF0NCgkJCQlpZiB3aGF0dG9kbyA8PiAiZCIgW3dyaXRlIGZpbGVvdXQgZm9ybSBjaXBo
ZXJ0ZXh0XQ0KCQkJCWV4aXQgOyB0aGlzIHdvcmtzIHNpbmNlIGNpcGhlciBpcyBhIGZ1bmN0aW9u
IGNhbGxlZCBieSBhbm90aGVyIHNjcmlwdCBzZWN0aW9uDQoJCQldDQoJCV0NCgkJYWxsIFsNCgkJ
CW5vdCBleGlzdHM/IGZpbGVvdXQNCgkJCShsZW5ndGg/IGZpbGVvdXQpIDw+IDANCgkJCWZpbGVv
dXQgPD4gJT8NCgkJXQ0KCV0NCglpZiB3aGF0dG9kbyA9ICJkIiBbd3JpdGUvYmluYXJ5IGZpbGVv
dXQgY2lwaGVydGV4dF0NCglpZiB3aGF0dG9kbyA8PiAiZCIgW3dyaXRlIGZpbGVvdXQgZm9ybSBj
aXBoZXJ0ZXh0XQ0KXQ0KDQo7KioqKioNCnJlYWRmaWxlOiBkb2VzIFsNCglwcmludCAiXi9FbnRl
ciAgPyAgdG8gc2VlIGEgbGlzdCBvZiBmaWxlcyBpbiB0aGUgY3VycmVudCBkaXJlY3RvcnkuIg0K
CXVudGlsIFsNCgkJZmlsZWluOiB0by1maWxlIGFzayBqb2luIFtuZXdsaW5lIHRhYiAiV2hhdCBm
aWxlIGRvIHlvdSB3YW50IHRvIl0gW2pvaW4gd2hhdGRvICI/IDo+PiAiXQ0KCQlpZiBmaWxlaW4g
PSAlPyBbcHJpbnQgWyJUaGUgY3VycmVudCBkaXJlY3RvcnkgaXMgIiB3aGF0LWRpcl0gbGlzdC1k
aXJdDQoJCWFsbCBbDQoJCQlleGlzdHM/IGZpbGVpbg0KCQkJKGxlbmd0aD8gZmlsZWluKSA8PiAw
DQoJCV0NCgldDQoJaWYgd2hhdHRvZG8gPSAiZCIgWw0KCQlwYXJzZSByZWFkIGZpbGVpbiBbdGhy
dSAiNjQjeyIgY29weSBwbGFpbnRleHQgdG8gIn0iXQ0KCQlpbnNlcnQgcGxhaW50ZXh0ICI2NCN7
Ig0KCQlhcHBlbmQgcGxhaW50ZXh0ICJ9Ig0KCQlwbGFpbnRleHQ6IGxvYWQgcGxhaW50ZXh0DQoJ
XQ0KCWlmIHdoYXR0b2RvIDw+ICJkIiBbcGxhaW50ZXh0OiByZWFkL2JpbmFyeSBmaWxlaW5dDQpd
DQoNCg0KOyBkZXRlcm1pbmUgIndobyIgdmFyaWFibGUgZm9yIHBhc3NwaHJhc2UsIHNlZSBwYXJ0
IDMgb2YgZW5naW5lDQp3aG9zZS1wYXNzOiBkb2VzIFsNCgllaXRoZXIgZmlsZS1tYWlsPyA9ICJm
IiBbDQoJCXdobzogInRoaXMgZmlsZS4iDQoJXSBbDQoJCWVpdGhlciByZWNlaXZlLXNlbmQ/ID0g
InIiIFsNCgkJCXdobzogbWFpbC9mcm9tDQoJCV0gWw0KCQkJd2hvOiBtYWlsdG8NCgkJXQ0KCV0N
CglwcmludCBbbmV3bGluZSAiRW50ZXIgdGhlIHBhc3NwaHJhc2UgZm9yIiB3aG9dIDtydW4gZW5n
aW5lIGFmdGVyIHRoaXMsIHdoaWNoIGFza3MgZm9yIHBhc3N3b3JkLCBjaGFuZ2UgbGF0ZXINCl0N
CjtuZXdjaXBoZXIgKip2ZXJzaW9uIDMuMC4wKioqKioqICBiYXNlLTY0IGNvbXByZXNzaW9uIGFs
cmVhZHkgYXJtb3JzIHRoZSBkYXRhOyByZW1vdmUgcGFydHMgMi1kZWNyeXB0IGFuZCBwYXJ0IDUt
ZW5jcnlwdA0KDQo7KioqKipzdGFydCB0aGUgZW4tL2RlLWNyeXB0aW9uIGVuZ2luZSwgYSBtb2Rp
ZmllZCAlY3MtcmVib2wuciwgdXNhZ2UgOiBwbGFpbnRleHQgaW4gLSBjaXBoZXJ0ZXh0IG91dCAo
ZXZlbiBpZiBkZWNyeXB0aW5nKQ0KO2VuY3J5cHQgPT0+CWNvbXByZXNzCShyZW1vdmUpCWdldC1r
ZXkJZW5jcnlwdAlub3RoaW5nCWNvbXByZXNzICANCjtwYXJ0CQkxCQkyCSAgICAgICAgIDMJICAg
ICAgICAgNAkgICAgICAgICA1CSAgICA2DQo7ZGVjcnlwdCA9PT4JZGVjb21wcmVzcwlub3RoaW5n
CWdldC1rZXkJZGVjcnlwdAkoYWRkKQkgICAgZGVjb21wcmVzcw0KDQo7c2VyaWVzIHN3YXAsIGRl
ZmluZSBhIHN3YXBwaW5nIGZ1bmN0aW9uLCBuZWVkZWQgZm9yIGVuY3J5cHRpb24gZW5naW5lKioq
KioqKg0Kcy1zd2FwOiBmdW5jIFsic3dhcHMgdGhlIGVsZW1lbnRzIG9mIHR3byBzZXJpZXMgYXQg
dGhlIGdpdmVuIGluZGV4IHBvc2l0aW9ucyINCglhIFtzZXJpZXMhXSB7MXN0IHNlcmllc30NCglp
bmRleC1hIFtpbnRlZ2VyIV0ge2luZGV4IHBvc2l0aW9uIHRvIHN3YXAgaW4gMXN0IHNlcmllc30N
CgliIFtzZXJpZXMhXSB7Mm5kIHNlcmllc30NCglpbmRleC1iIFtpbnRlZ2VyIV0ge2luZGV4IHBv
c2l0aW9uIHRvIHN3YXAgaW4gMm5kIHNlcmllc30NCgkvbG9jYWwgaG9sZGVyDQpdIFsNCglob2xk
ZXI6IHBpY2sgYSBpbmRleC1hDQoJcG9rZSBhIGluZGV4LWEgcGljayBiIGluZGV4LWINCglwb2tl
IGIgaW5kZXgtYiBob2xkZXINCglleGl0DQpdDQoNCmVuZ2luZTogZG9lcyBbO3N0YXJ0IGVuZ2lu
ZQ0KDQoJO3BhcnQgMQ0KCWVpdGhlciB3aGF0dG9kbyA9ICJkIiBbOyBpZiBkZWNyeXB0aW5nIGRl
Y29tcHJlc3MNCgkJcGxhaW50ZXh0OiBkZWNvbXByZXNzIHBsYWludGV4dA0KCV0gWw0KCQlwbGFp
bnRleHQ6IGNvbXByZXNzIHBsYWludGV4dA0KCV0NCgk7cGFydCAyDQoJOyoqKioqKioqKioqKioq
KiBteSBzdHVmZiBoZXJlLCBSRUJPTCBhZGRpdGlvbnMgdG8gY2lwaGVyc2FiZXIqKioqKioqKioq
KioNCgk7KioqKioqKiB0aGlzIG9uZSBzaW1wbHkgY29tcHJlc3NlcyB0aGUgZGF0YSBiZWZvcmUg
ZW5jcnlwdGlvbiBhbmQgYWdhaW4gYWZ0ZXIgZW5jcnlwdGlvbiBmb3IgYXJtb3JpbmcNCgk7aWYg
ZGVjcnlwdGluZyB0aGVuIG5vdGhpbmcNCgk7aWYgZW5jcnlwdGluZyB0aGVuIHJlbW92ZSBpbmZv
IGZyb20gY29tcHJlc3NlZCBkYXRhIHRoYXQgaXMgYWx3YXlzIHRoZSBzYW1lLCBhbmQgdGh1cyBh
IHNlY3VyaXR5IHJpc2ssIGJlZm9yZSBlbmNyeXB0aW9uDQoJaWYgd2hhdHRvZG8gPSAiZSIgWw0K
CQlyZW1vdmUvcGFydCBwbGFpbnRleHQgMiA7cmVtb3ZlcyAjNjR7ZUouLi59IG9yIHRvLWJpbmFy
eSBbMTIwIDE1Nl0NCgldDQoJOyoqKioqKiBlbmQgb2YgYWRkaXRpb25zICoqKioqKioqKioqKioq
KioqKiBidXQgc2VlIGJlbG93IGZvciBzZWNvbmQgc3RlcA0KDQoJO3BhcnQgMw0KCTsqKioqKm1h
a2Ugb3IgZXh0cmFjdCBpbml0dmVjdG9yLCAgdGhlbiBzZXQgcGxhaW50ZXh0IGxlbmd0aA0KCWVp
dGhlciB3aGF0dG9kbyA9ICJkIiBbDQoJCWluaXR2ZWN0b3I6IG1ha2UgYmxvY2shIDEwDQoJCWZv
ciBuIDEgMTAgMSBbDQoJCQlhcHBlbmQgaW5pdHZlY3RvciB0by1jaGFyIChwaWNrIHBsYWludGV4
dCBuKQ0KCQldDQoJCXJlbW92ZS9wYXJ0IHBsYWludGV4dCAxMA0KCV0gWw0KCQlpbml0dmVjdG9y
OiBtYWtlIGJsb2NrISAxMA0KDQoJCXJhbmRvbS9zZWVkIHRvLWludGVnZXIgY2hlY2tzdW0vc2Vj
dXJlIGZvcm0gbm93IDsgcmVkdWNlcyBjaGFuY2VzIG9mIGRlY2lwaGVyaW5nIHRoZSBkYXRlIGZy
b20gaW5pdHZlY3Rvcg0KCQlsb29wIDEwIFsNCgkJCWFwcGVuZCBpbml0dmVjdG9yIHRvLWNoYXIg
KChyYW5kb20gMjU2KSAtIDEpIDtSRUJPTCdzIHJhbmRvbSBkb2VzIDEgdG8gTg0KCQldDQoJXQ0K
DQoJcGxhaW50ZXh0bGVuZ3RoOiBsZW5ndGg/IHBsYWludGV4dA0KDQoJOyoqKioqZ2V0IHBhc3Nw
aHJhc2UNCglwYXNzcGhyYXNlOiAiIg0KCXdoaWxlIFthbnkgWw0KCQkobGVuZ3RoPyBwYXNzcGhy
YXNlKSA+IDI0Ng0KCQlwYXNzcGhyYXNlID0gIiINCgkJXQ0KCV1bDQoJCWlmIChsZW5ndGg/IHBh
c3NwaHJhc2UpID4gMjQ2IFtwcmludCAiUGFzc3BocmFzZSBtdXN0IGJlIDI0NiBjaGFyYWN0ZXJz
IG9yIGxlc3MiXQ0KCQlwYXNzcGhyYXNlOiBhc2svaGlkZSAicGFzc3BocmFzZSA6Pj4gIg0KCV0J
DQoJOyoqKioqbWFrZSBrZXkNCglrZXk6IG1ha2UgYmxvY2shIFtdDQoJZm9yZWFjaCBsZXR0ZXIg
cGFzc3BocmFzZSBbDQoJCWFwcGVuZCBrZXkgbGV0dGVyDQoJXQ0KCWFwcGVuZCBrZXkgaW5pdHZl
Y3Rvcg0KCWtleWxlbmd0aDogbGVuZ3RoPyBrZXkNCg0KCTtwYXJ0IDQNCgk7KioqKiptYWtlIHN0
YXRlLCBhIGJsb2NrIGZyb20gMCB0byAyNTUsIGluIG9yZGVyDQoJc3RhdGU6IG1ha2UgYmxvY2sh
IDI1Ng0KCWZvciBpIDAgMjU1IDEgW2FwcGVuZCBzdGF0ZSBpXQ0KDQoJOyoqKioqbWl4IHN0YXRl
DQoJOyoqKioqKip0cnkgYSBjczIgdHlwZSBhZGRpdGlvbiwgbWl4aW5nIDMgdGltZXMNCglmb3Ig
bnVtYmVyIDEgMyAxIFsNCgkJajogMCA7IHJlbWVtYmVyIGRvIDAgdG8gMjU1LCBub3QgMSB0byAy
NTYNCgkJO2kgd2lsbCBpbmRleCBzdGF0ZSBpLmUuIGVhY2ggZWxlbWVudCBpcyBzdGF0ZShpKQ0K
CQk7biBpcyB0aGUgaW5kZXggdG8gY3ljbGUgdGhydSB0aGUga2V5IChpIG1vZHVsbyBrZXlsZW5n
dGgpDQoJCTtqIGlzIHRoZSAicmFuZG9tbHkiIGNob29zZW4gZWxlbWVudCBvZiBzdGF0ZQ0KDQoJ
CWZvciBpIDAgMjU1IDEgWzsgbXVzdCBhZGQgKyAxIHRvIGluZGV4IGkgYXMgdGhlIGFycmF5cyBh
cmUgYWNjZXNzZWQgMSAyIDMgLi4uIDI1NiANCgkJCTtpLmUuIGZpcnN0IGVsZW1lbnQgIjAiIGlz
IGVsZW1lbnQgMSBub3QgZWxlbWVudCAwDQoJCQluOiBpIC8vIGtleWxlbmd0aA0KDQoJCQlzdGF0
ZS1pOiB0by1pbnRlZ2VyIHBpY2sgc3RhdGUgKGkgKyAxKQ0KCQkJa2V5LW46IHRvLWludGVnZXIg
cGljayBrZXkgKG4gKyAxKQ0KDQoJCQlqOiAoaiArIHN0YXRlLWkgKyBrZXktbikgLy8gMjU2DQoN
CgkJCXMtc3dhcCBzdGF0ZSAoaSArIDEpIHN0YXRlIChqICsgMSkNCg0KCQldIDtlbmQgb2YgZm9y
DQoJXSA7KioqKiogZW5kIG9mICdmb3InIG9mIGNzMiBhZGRpdGlvbg0KDQoJOyoqKioqIHByb2R1
Y2UgdGhlIGNpcGhlcnRleHQNCglpOiBqOiBuOiAwDQoJY2lwaGVydGV4dDogbWFrZSBibG9jayEg
W10gOyBjb250ZW50cyBvZiBmaWxlIGdvaW5nIG91dA0KDQoJaWYgd2hhdHRvZG8gPD4gImQiIFsN
CgkJYXBwZW5kIGNpcGhlcnRleHQgaW5pdHZlY3Rvcg0KCV0NCg0KCWZvciBjb3VudCAwIChwbGFp
bnRleHRsZW5ndGggLSAxKSAxIFsNCgkJaTogKChjb3VudCArIDEpIC8vIDI1NikgOyB0aGlzICIr
MSIgaXMgc2hvd24sIGJ1dCBub3QgY2xlYXJseSwgb24gdGhlIGluc3RydWN0aW9ucw0KCQk7IHRo
aXMgaXMgX25vdF8gYW4gaW5kZXhpbmcgYWRqdXN0bWVudCwgaXQgaXMgYW4gaW50ZWdyYWwgcGFy
dCBvZiB0aGUgY2lwaGVyc2FiZXIgcHJvY2Vzcw0KDQoJCXN0YXRlLWk6IHBpY2sgc3RhdGUgKGkg
KyAxKQ0KDQoJCWo6ICgoaiArIHN0YXRlLWkpIC8vIDI1NikNCg0KCQlzLXN3YXAgc3RhdGUgKGkg
KyAxKSBzdGF0ZSAoaiArIDEpDQoNCgkJbjogKCgocGljayBzdGF0ZSAoaSArIDEpKSArIChwaWNr
IHN0YXRlIChqICsgMSkpKSAvLyAyNTYpDQoNCgkJYXBwZW5kIGNpcGhlcnRleHQgKHhvciAodG8t
Y2hhciBwaWNrIHN0YXRlIChuICsgMSkpICh0by1jaGFyIHBpY2sgcGxhaW50ZXh0IChjb3VudCAr
IDEpKSkNCg0KCV0gO2VuZCBvZiBmb3IgDQoNCgk7cGFydCA1IGFuZCA2DQoJOyoqKioqKioqKioq
Km15IGFkZGl0aW9ucyAqKioqKioqKioqKioqKioqDQoNCgk7aWYgZGVjcnlwdGluZyB0aGVuIGFk
ZA0KCWlmIHdoYXR0b2RvID0gImQiIFsNCgkJO3B1dCBiYWNrIHRoZSBpbmZvIHRvIHRoZSBjb21w
cmVzc2VkIGRhdGEsIGFmdGVyIG
[2/6] from: ryanc:iesco-dms at: 31-Aug-2000 10:37
Looks like an encryption program I wrote a few years ago, but with some much needed enhancements.
It will keep most
people out, but it is still quite crackable. Basically all you need to do is try every
password--automatically of
course. Even easier is if someone sends a two files of the same type ,as bmp's for instance,
it practically gives
you the password. Of course in either case, knowing what types of files your dealing
with is very valuable.
I am sure the FBI could break it, and the CIA could cut right through it without much
trouble. I definitely
wouldn't call it a "Carnivore Buster." It is probably the exact type of thing they are
looking for.
On the other hand, Its really good though for keeping ISP's and hackers from reading
your email. Why bother spending
5 weeks to decode someone's email? Most people wouldn't consider it, unless they were
getting paid to do so.
--Ryan
[aparman--mail--com] wrote:
> With the recent talk about encryption I thought I'd send along this little script.
For details read the header.
> PLEASE READ THE HEADER OF THIS SCRIPT BEFORE USE!
<<quoted lines omitted: 9>>
> cipher-beta.r Type: REBOL Script (application/x-unknown-content-type-r_auto_file)
> Encoding: base64
--
Ryan Cole
Programmer Analyst
www.iesco-dms.com
707-468-5400
[3/6] from: civicminded4:yah:oo at: 31-Aug-2000 12:35
--0-596516649-967750511=:26976
Content-Type: text/plain; charset=us-ascii
Ryan, thank you for your response. I have a few comments/questions however...
(let me preface all of this with the fact that I am not an encryption expert, or even
a novice, I am going by my understanding of the info from the sites listed in the script
and links therein. I am genuinely interested to hear comments about the strength od
the ARC4 algorithm)
--- [ryanc--iesco-dms--com] wrote:
...
> It will keep most
> people out, but it is still quite crackable.
> Basically all you need to do is try every
> password--automatically of
> course...
True, but that is true of _any_ encryption. If you choose a significantly long and random
passphrase, then the time required to try every passphrase is _very_ large. You are speaking
here of a brute-force attack. Given enough time and computing power any encryption is
"crackable" by brute-force (excepting maybe the one-time pad?). Remember, this is based
on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is brute-force "crackable",
you can have a _much_ larger passphrase, as with this script you can choose the passphrase
yourself [upto 246 ascii characters long. Even just using letters numbers and spaces
you have 63 possible characters. 246 places with 63 possibilities each... 63^246 ...
you do the math :) ]
...
> Even easier is if someone sends a two files
> of the same type ,as bmp's for instance, it
> practically gives
> you the password.
How?
Perhaps you mean if two files are sent with the same passphrase? This would be bad,
but CipherSaber takes care of this by appending a random 10 character initialization
vector to your passphrase, _greatly_ reducing the chances of two messages being sent
with the same passphrase. See the CipherSaber site for details.
> I am sure the FBI could break it, and the CIA could
> cut right through it without much trouble. I
> definitely
> wouldn't call it a "Carnivore Buster." It is
> probably the exact type of thing they are looking
> for.
Again, only brute-force "crackable" if you use a too-short, non-random passphrase.
I doubt that with the volume of mail going through a Carnivore system, spending years
(or even hours or minutes) to crack each and every one of millions of e-mails is worth
the FBI or CIA's time or even within their budgets. Just pick a length of passphrase
appropriate to the sensitivity of the data.
> On the other hand, Its really good though for
> keeping ISP's and hackers from reading your email.
and your spouse, your boss, your business competitor... ;)
> Why bother spending
> 5 weeks to decode someone's email? Most people
> wouldn't consider it, unless they were getting paid
> to do so.
Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very
interested in knowing it. Both encryption and rebol are new to me and I would appreciate
any feedback either on the algorithm or the workings of the script itself.
--0-596516649-967750511=:26976
Content-Type: text/html; charset=us-ascii
<P>Ryan, thank you for your response. I have a few comments/questions however...</P>
<P>(let me preface all of this with the fact that I am not an encryption expert, or even
a novice, I am going by my understanding of the info from the sites listed in the script
and links therein. I am genuinely interested to hear comments about the strength
od the ARC4 algorithm)</P>
<P><BR>--- [ryanc--iesco-dms--com] wrote: <BR> ... <BR>> It will keep most <BR>>
people out, but it is still quite crackable. <BR>> Basically all you need to do is try
every <BR>> password--automatically of <BR>> course...</P>
<P>True, but that is true of _any_ encryption. If you choose a significantly long
and random passphrase, then the time required to try every passphrase is _very_ large.
You are speaking here of a brute-force attack. Given enough time and computing power
any encryption is "crackable" by brute-force (excepting maybe the one-time pad?).
Remember, this is based on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is
brute-force "crackable", you can have a _much_ larger passphrase, as with this script
you can choose the passphrase yourself [upto 246 ascii characters long. Even just
using letters numbers and spaces you have 63 possible characters. 246 places with 63
possibilities each... 63^246 ... you do the math :) ]</P>
<P>...</P>
<P>> Even easier is if someone sends a two files <BR>> of the same type ,as bmp's
for instance, it <BR>> practically gives <BR>> you the password. </P>
<P>How?</P>
<P>Perhaps you mean if two files are sent with the same passphrase? This would
be bad, but CipherSaber takes care of this by appending a random 10 character initialization
vector to your passphrase, _greatly_ reducing the chances of two messages being sent
with the same passphrase. See the CipherSaber site for details.</P>
<P><BR>> I am sure the FBI could break it, and the CIA could <BR>> cut right through
it without much trouble. I <BR>> definitely <BR>> wouldn't call it a "Carnivore Buster."
It is <BR>> probably the exact type of thing they are looking <BR>> for. <BR></P>
<P>Again, only brute-force "crackable" if you use a too-short, non-random passphrase.</P>
<P>I doubt that with the volume of mail going through a Carnivore system, spending years
(or even hours or minutes) to crack each and every one of millions of e-mails is
worth the FBI or CIA's time or even within their budgets. Just pick a length of passphrase
appropriate to the sensitivity of the data.</P>
<P> <BR>> On the other hand, Its really good though for <BR>> keeping ISP's and
hackers from reading your email. </P>
<P>and your spouse, your boss, your business competitor... ;)</P>
<P><BR>> Why bother spending <BR>> 5 weeks to decode someone's email? Most people <BR>>
wouldn't consider it, unless they were getting paid <BR>> to do so. <BR></P>
<P>Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very
interested in knowing it. Both encryption and rebol are new to me and I would appreciate
any feedback either on the algorithm or the workings of the script itself.</P>
<P> </P>
--0-596516649-967750511=:26976--
[4/6] from: ryanc::iesco-dms::com at: 31-Aug-2000 19:43
> > It will keep most
> > people out, but it is still quite crackable.
<<quoted lines omitted: 12>>
> letters numbers and spaces you have 63 possible characters. 246 places
> with 63 possibilities each... 63^246 ... you do the math :) ]
Try common words first, 3000^50. Yet still, not a job for the light of
heart. Though a common five word pass phrase is 3000^5, possibly doable
by individuals... Of course a one common word pass phrase is not much
work at all.
> > Even easier is if someone sends a two files
> > of the same type ,as bmp's for instance, it
> > practically gives
> > you the password.
>
> How?
Actually I missed an important part of the algorithm where they swap
data. While still possible, it makes it a ton more nasty.
Coincidently, before noticing this, I came up with a encryption scheme
last night that is similar. Ever read "The Hundredth Monkey"?
>
> Perhaps you mean if two files are sent with the same passphrase? This
> would be bad, but CipherSaber takes care of this by appending a random
> 10 character initialization vector to your passphrase, _greatly_
> reducing the chances of two messages being sent with the same
> passphrase. See the CipherSaber site for details.
>
Off the hip, I could'nt figure out what they where doing here. Obviously
it manages to decode it, thus making it irrelavent. Dont you agree?
>
> > I am sure the FBI could break it, and the CIA could
> > cut right through it without much trouble. I
> > definitely
> > wouldn't call it a "Carnivore Buster." It is
> > probably the exact type of thing they are looking
> > for.
>
Sending encrypted files is suspicious. Want to get investigated by the
CIA? Send one of these to the Chinese Consolate.
> Again, only brute-force "crackable" if you use a too-short, non-random
> passphrase.
<<quoted lines omitted: 3>>
> their budgets. Just pick a length of passphrase appropriate to the
> sensitivity of the data.
I am sure they dont decode them all, especially the FBI. Although if
you score enough points with either one, they might start decoding
yours. In this duscussion we have probably gained 20 points each!
> > On the other hand, Its really good though for
> > keeping ISP's and hackers from reading your email.
<<quoted lines omitted: 7>>
> new to me and I would appreciate any feedback either on the algorithm
> or the workings of the script itself.
I dont have cracking scheme off hand. I saw no mention of a RC4 crack
(other than brute force) with a google search either. I would'nt rule
out the possiblility of a crack or partial crack in existance though. I
suppose in some circumstances knowing file type could give you enough to
crack a password, but I could'nt say for sure without closer inspection.
We can assume for the time being that a 6 or more word passphrase is
beyond the reach of your average single mortal hacker. I still would
not recommend to put it to the test of any major governments. Probably
more than sufficient protection from the IRS though. Police too--I have
heard of an instance where they could'nt even crack a zip file password.
Have you thought of making this into an object or command line
interface. In a /View based office environment, I could defineatly see a
use for this type of thing. As a sort of text filter. It could work
beside other text filters that format REBOL, check spelling, check HTML,
etc. Your header could go in the about box of whatever application that
uses it.
--Ryan
Ryan Cole
Programmer Analyst
www.iesco-dms.com
707-468-5400
[5/6] from: civicminded4:ya:hoo at: 9-Sep-2000 6:33
--0-1957747793-968506429=:28100
Content-Type: text/plain; charset=us-ascii
Regarding the strength of the cipher-beta.r script recently posted:
(this will be my last post to the rebol group on this topic, since it
is now about encryption and not rebol, future correspondance will be
sent directly to you Ryan, if that is ok? I just felt I had to defend the
script one more time)
Basically, Ryan is concerned that this encryption is crackable because
you can just try every passphrase.
I don't see that as a particular problem (see below) and especially I
do not see this as a special problem of this particular algorithm.
Ryan, don't your comments apply to _any_ encryption scheme if you don't use
a good passphrase?
[ryanc--iesco-dms--com] wrote:
> > It will keep most
> > people out, but it is still quite crackable.
> > Basically all you need to do is try every
> > password--automatically of
> > course...
>
True, but that is true of _any_ encryption.
>Try common words first, 3000^50. Yet still, not a job for the light of
>heart. Though a common five word pass phrase is 3000^5, possibly doable
>by individuals... Of course a one common word pass phrase is not much
>work at all.
See my calculations below. -Alan
> Perhaps you mean if two files are sent with the same passphrase? This
> would be bad, but CipherSaber takes care of this by appending a random
<<quoted lines omitted: 3>>
>>Off the hip, I could'nt figure out what they where doing here.
>>Obviously it manages to decode it, thus making it irrelavent. Dont you agree?
You are missing the point of the initvector. It keeps two messages
from being encrypted with the same output stream from the state array.
If two messages are encoded with the same stream, then you can xor them
and get rid of the stream (xor is reversible). Then if you know one
message or part of one message, you can xor and get the other message
or part of it.
> > I am sure the FBI could break it, and the CIA could
> > cut right through it without much trouble. I definitely
<<quoted lines omitted: 7>>
>>heard of an instance where they could'nt even crack a zip file
>>password.
Ryan, check out the attached table (and check my math, I did this
rather quickly!) -Alan
I still say this script is the Carnivore Buster! ;) -Alan
>Have you thought of making this into an object or command line
>interface. In a /View based office environment, I could defineatly see
>a use for this type of thing. As a sort of text filter. It could work
>beside other text filters that format REBOL, check spelling, check
>HTML, etc. Your header could go in the about box of whatever application that
>uses it.
In the works.
Table follows:
number of characters Size of passphrase number of bits in passphrase
to choose from (246 maximum) bits=number * log2 size
(many common encryption schemes in use now use 40, 56, or 128 bit encryption)
using lower case letters
26 5 23.50
26 10 47.00
26 15 70.51
26 50 235.02
26 100 470.04
26 246 1156.31
lower and upper case and space
53 5 28.64
53 10 57.28
53 15 85.92
53 50 286.40
53 100 572.79
53 246 1409.07
l & u and space and numbers
63 5 29.89
63 10 59.77
63 15 89.66
63 50 298.86
63 100 597.73
63 246 1470.41
all 'keyboard' characters
95 5 32.85
95 10 65.70
95 15 98.55
95 50 328.49 **
95 100 656.99
95 246 1616.18 **
all ascii characters
256 5 40.00
256 10 80.00
256 15 120.00
256 50 400.00
256 100 800.00
256 246 1968.00 MAXIMUM
3000 common words
3000 5 57.75 **
3000 10 115.51
3000 15 173.26
3000 50 577.54
*
*
Diceware
7776 5 64.62
7776 10 129.25
7776 15 193.87
7776 50 646.24
*
*
* passphrase may contain 246 characters maximum. Number of words
depends on size of the words. If words average 4 to 5 letters long, then
can have about 50 words.
You can increase the entropy of the 3000 common words and the Diceware
words by using capitals and punctuation (all the non-alphanumeric
keyboard characters).
** An example of what this means. Using 246 keyboard characters, it
would take a computer that could test 1 million passphrases per second,
5.25 x 10**472 years to brute-force guess your passphrase.
A more realistic example, 50 keyboard characters --- 1.22 x 10**85 years.
The age of the universe is about 5 x 10**9 years.
And I believe the total number of elemental particles (protons neutrons
electrons) is on the order of 10**40 (can't remember where I read
this).
5 of 3000 common words --- 3.8527 x 10**3 years
Of course, faster computers will reduce these numbers. Can your
computer do 1 billion passphrases per second?
Reduce the _exponents_ of the above numbers by 3.
5 of 3000 common words would take nearly 4 years
With a 1 billion passphrase per second computer.
To decode _1_ encrypted message.
The Carnivore Buster.
--0-1957747793-968506429=:28100
Content-Type: text/html; charset=us-ascii
<P> Regarding the strength of the cipher-beta.r script recently posted:<BR><BR>
<BR>(this will be my last post to the rebol group on this topic, since it <BR>is now
about encryption and not rebol, future correspondance will be <BR>sent directly to you
Ryan, if that is ok? I just felt I had to defend the <BR>script one more time)<BR><BR>Basically,
Ryan is concerned that this encryption is crackable because <BR>you can just try every
passphrase.<BR><BR>I don't see that as a particular problem (see below) and especially
I <BR>do not see this as a special problem of this particular algorithm. </P>
<P><BR>Ryan, don't your comments apply to _any_ encryption scheme if you don't use <BR>a
good passphrase?<BR><BR><BR><A href="http://us.f63.mail.yahoo.com/ym/Compose?To=[ryanc--iesco-dms--com]&YY=5521&order=down&sort=date&pos=0">[ryanc--iesco-dms--com]</A>
wrote:<BR><BR><BR>> > It will keep most<BR>> > people out, but it is still quite crackable.<BR>>
> Basically all you need to do is try every<BR>> > password--automatically of<BR>> >
course...<BR>><BR> True, but that is true of _any_ encryption.<BR><BR>>Try common
words first, 3000^50. Yet still, not a job for the light of<BR>>heart. Though a common
five word pass phrase is 3000^5, possibly doable<BR>>by individuals... Of course a one
common word pass phrase is not much<BR>>work at all.<BR><BR>See my calculations below.
-Alan<BR><BR><BR><BR>> Perhaps you mean if two files are sent with the same passphrase?
This<BR>> would be bad, but CipherSaber takes care of t!
hi!
s by appending a random<BR>> 10 character initialization vector to your passphrase, _greatly_<BR>>
reducing the chances of two messages being sent with the same<BR>> passphrase. See the
CipherSaber site for details.<BR>><BR><BR>>>Off the hip, I could'nt figure out what they
where doing here. <BR>>>Obviously it manages to decode it, thus making it irrelavent.
Dont you agree?<BR><BR>You are missing the point of the initvector. It keeps two
messages <BR>from being encrypted with the same output stream from the state array.
<BR>If two messages are encoded with the same stream, then you can xor them <BR>and get
rid of the stream (xor is reversible). Then if you know one <BR>message or part of one
message, you can xor and get the other message <BR>or part of it.<BR><BR><BR><BR>> >
I am sure the FBI could break it, and the CIA could<BR>> > cut right through it without
much trouble. I definitely<BR>> > wouldn't call it a "Carnivo!
re!
Buster." It is<BR>> > probably the exact type of thing they are looking<BR>> > for.<BR>><BR><BR>>>We
can assume for the time being that a 6 or more word passphrase is<BR>>>beyond the reach
of your average single mortal hacker. I still would<BR>>>not recommend to put it to the
test of any major governments. Probably<BR>>>more than sufficient protection from the
IRS though. Police too--I have<BR>>>heard of an instance where they could'nt even crack
a zip file <BR>>>password.<BR><BR><BR>Ryan, check out the attached table (and check my
math, I did this <BR>rather quickly!) -Alan<BR></P>
<P>I still say this script is the Carnivore Buster! ;) -Alan<BR><BR><BR>>Have you
thought of making this into an object or command line<BR>>interface. In a /View based
office environment, I could defineatly see <BR>>a use for this type of thing. As a sort
of text filter. It could work<BR>>beside other text filters that format REBOL, check
spelling, check <BR>>HTML, etc. Your header could go in the about box of whatever application
that<BR>>uses it.<BR><BR><BR><BR>In the works.<BR></P>
<P><BR>Table follows:</P>
<P>number of characters Size of passphrase number of bits in passphrase <BR> to
choose from (246 maximum) bits=number * log2 size<BR> (many common encryption schemes
in use now use 40, 56, or 128 bit encryption)</P>
<P>using lower case letters</P>
<P>26 5 23.50 <BR> 26 10 47.00 <BR> 26 15 70.51 <BR> 26 50 235.02 <BR> 26 100 470.04 <BR> 26 246 1156.31 <BR><BR>lower
and upper case and space</P>
<P>53 5 28.64 <BR> 53 10 57.28 <BR> 53 15 85.92 <BR> 53 50 286.40 <BR> 53 100 572.79 <BR> 53 246 1409.07 <BR><BR>l
& u and space and numbers</P>
<P>63 5 29.89 <BR> 63 10 59.77 <BR> 63 15 89.66 <BR> 63 50 298.86 <BR> 63 100 597.73 <BR> 63 246 1470.41 <BR><BR>all
'keyboard' characters</P>
<P>95 5 32.85 <BR> 95 10 65.70 <BR> 95 15 98.55 <BR> 95 50 328.49 **<BR> 95 100 656.99 <BR> 95 246 1616.18 **<BR><BR>all
ascii characters</P>
<P>256 5 40.00 <BR> 256 10 80.00 <BR> 256 15 120.00<BR> 256 50 400.00<BR> 256 100 800.00<BR> 256 246 1968.00 MAXIMUM<BR><BR>3000
common words</P>
<P>3000 5 57.75 **<BR> 3000 10 115.51<BR> 3000 15 173.26<BR> 3000 50 577.54<BR>
* <BR>
* <BR>Diceware</P>
<P>7776 5 64.62<BR> 7776 10 129.25<BR> 7776 15 193.87<BR> 7776 50 646.24<BR>
* <BR>
* <BR>* passphrase may contain 246 characters maximum.
Number of words <BR>depends on size of the words. If words average 4 to 5 letters long,
then <BR>can have about 50 words. <BR>You can increase the entropy of the 3000 common
words and the Diceware <BR>words by using capitals and punctuation (all the non-alphanumeric
<BR>keyboard characters). <BR> <BR>** An example of what this means. Using
246 keyboard characters, it <BR>would take a computer that could test 1 million passphrases
per second, <BR>5.25 x 10**472 years to brute-force guess your passphrase.<BR><BR>A more
realistic example, 50 keyboard characters --- 1.22 x 10**!
85!
years.<BR><BR>The age of the universe is about 5 x 10**9 years. <BR>And I believe
the total number of elemental particles (protons neutrons <BR>electrons) is on the order
of 10**40 (can't remember where I read <BR>this).<BR><BR>5 of 3000 common words --- 3.8527
x 10**3 years<BR><BR>Of course, faster computers will reduce these numbers. Can
your <BR>computer do 1 billion passphrases per second? <BR>Reduce the _exponents_ of
the above numbers by 3.<BR><BR>5 of 3000 common words would take nearly 4 years</P>
<P>With a 1 billion passphrase per second computer.<BR><BR>To decode _1_ encrypted message.<BR><BR>The
Carnivore Buster.</P>
--0-1957747793-968506429=:28100--
[6/6] from: ryanc:iesco-dms at: 11-Sep-2000 17:32
Carnivore buster or Carnivore bait, I think we both agree this paper to
be accurate:
http://theory.lcs.mit.edu/~rivest/bsa-final-report.ascii
--Ryan
* Ryan Cole *
Programmer Analyst
www.iesco-dms.com
707-468-5400
Thought is free.
-William Shakespeare
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted