CipherClock/ Plain Sight Update

I’ve just updated cipherClock and plain_sight in their respective github repositories. This was to deal with an issue that I wasn’t happy with, the shift that cipherClock computes was dependent only on the stream position and the key.

Because of this issue, if someone obtained an example of ciphertext and the original hidden message, then they could determine the shifts that the algorithm is calculating at each position, and then use those to decrypt other ciphertexts with the same key, without actually having to crack the key, unless they needed to decrypt longer messages then the compromised sample. Furthermore, if someone is familiar with a given message structure, then they could attempt to alter the ciphertext in such a way that the message recipient cannot determine that an alteration was made.

In this new release, the shift for each character is computed based on the key and based on all previous characters in a very complex way. Thus, if you have an example of ciphertext and the actual hidden message, then you can’t transfer those shifts to other messages unless they start with the same characters, in which case, you can still only obtain the characters that are the same, which is not helpful to an attacker. The exception is the first character of the message. The shift for the first character isn’t dependent on any previous characters, so that first character shift is the same for every ciphertext for a given key, but knowing that shift can’t be used to determine the next character’s shift unless the key is known, or unless the key is selected to be weak (which the program does not do). The increased complexity of the new algorithm also makes it extraordinarily difficult to brute force crack the key even if a very large sample of ciphertext and encrypted message is obtained.

Leave a Reply