The Nazi Encryption System

DJB

I'm sure everyone know about this system. There is a film out there at the moment - enigma. What I am wondering is - are there any email encryptions like this out there now. How secure would it be if you were to build your own entirely out of script so that if anyone took it down on the way they would only get gobbly guck.

You would need to decrypt it with a string of characters on your machine that converted everything into normal text. The encryption could rotate itself on a daily basis starting at a specific day and changing the encryption each time.

Any ideas on this?

jmcc

Originally posted by DJB
I'm sure everyone know about this system. There is a film out there at the moment - enigma. What I am wondering is - are there any email encryptions like this out there now. How secure would it be if you were to build your own entirely out of script so that if anyone took it down on the way they would only get gobbly guck.

Unless you know how to break ciphers, it is not a good idea to try to create them.

There are very few people on boards who have actually worked in this field (crypto/code breaking as opposed to network security) but they would tell you exactly the same thing.

The code (in Basic and or C to emulate the Engima cipher should be available on the web if you check on Google.

It would also be a good thing to check the FAQ for the sci.crypt newsgroup.

Even the story of how Enigma was broken (rather than the novel on which the movie is based) is worth reading.

Regards...jmcc

NutJob

That system worked on for rotating cylinders and a keyboard where the keys could be re-wired. Its an alphabet swap with a twist(ok 2 twists) and was broken dureing the war and im sure there are canned tools available to emulate te system
(its hard to explain in a post)

T-DES (block encryption) is far beyond that system lets put it this way if you want to encrypt something RSA algorithims are the industry standard now

ecksor

This doesn't answer your question, but I saw Tony Sale (who worked at Bletchley park and was the technical adviser to that movie) demonstrate a javascript emulator of the enigma machine that he had written which might be on the web somewhere.

(probably somewhere on http://www.codesandciphers.org.uk/ if anywhere.)

rob1891

If you are looking for an email encryption program (I can't quite tell if it's a "design your own encryption" thread or "gimme email encryption" (ugh, it is way too late)), go for pgp. I thought the yanks had export restrictions on encryption and the international version was crippled, but reading the faq .... it's not??

I believe it is still free, so point your browser at http://www.pgpi.org/ or you could have a look on kazaa/gnutella/... and you'll probably find an American version.

You'll probably want to do some reading up on the system of encryption pgp uses. It's called Asynchronous Encryption, that is the encrypt key is different to and underivable from the decrypt key. Basically this means you can give all your friends your encrypt key, safe in the knowledge that if they use it on a message, you and only you will be able to decrypt it.

regards,

Rob

jmcc

Originally posted by rob1891
You'll probably want to do some reading up on the system of encryption pgp uses. It's called Asynchronous Encryption

It is Asymmetric rather than 'asynchronous'. More precisely, the PGP system uses the concept of a public key and a private key. You can publish your public key and people can use it to send encrypted messages to you, which only you can decrypt with your private key. Thus the key used to decrypt the message is not the same as the key used to encrypt the message. With a symmetric system, such as DES [1], the same key is used for encryption as well as decryption.

The one thing that bothers me about PGP is that many people seem to place too much faith in the key handling and generation aspect. With PGP it is not supposed to be computationally feasible to derive one from the other. And yet if someone hits upon a general solution for the core algorithm (the algorithms that actually encrypt and decrypt the data as opposed to the key handling) then the whole thing falls like a house of cards and people have to flip to a stronger core algorithm. Computationally, people who send PGP encrypted M$ word documents are at greater risk.

Damn - the sun is up and I should not be.

Regards...jmcc

[1] A DES challenge was cracked in about 23 hours a few years ago by a machine built by EFF for under $250,000. Key cracking networks of computers have been used by satellite tv hackers and pirates for the last few years as well for cracking keys for the D2-MAC Eurocrypt channels which use DES in their smartcards. (Sky used a different algorithm and approach for its smartcards.)