mersenneforum.org  

Go Back   mersenneforum.org > Math Stuff > Tales From the Crypt(o)

Reply
 
Thread Tools
Old 2020-07-03, 03:53   #1
jpcu1237
 
jpcu1237's Avatar
 
"James Prescott Curry"
Oct 2019
Jupiter FL 33458

22 Posts
Cool Breakthrough in Very Large Integer factorization?

Saw this in the news today:

https://www.silicon.co.uk/mobility/m...arrests-346164

and BBC article states, "Nikki Holland, NCA director of investigations, said the operational team had described it "as akin to cracking the enigma code".

https://www.bbc.com/news/uk-53263310

It appears that the platform used RSA and AES and other algorithms, but details unclear from open sources online.

So, if they did crack the algorithm, then a revolutionary breakthrough has occurred? Any chatter out there?
jpcu1237 is offline   Reply With Quote
Old 2020-07-03, 04:15   #2
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3·1,877 Posts
Default

The service protocol was hacked by police with a MITM device. Nothing new to see here. When discussing your criminal activities with people don't use insecure services that don't have E2E encryption, right?

The algorithms were not compromised.

Unless it is ruse to pretend they can't crack AES but secretly can. I find that unlikely.
retina is online now   Reply With Quote
Old 2020-07-03, 04:23   #3
jpcu1237
 
jpcu1237's Avatar
 
"James Prescott Curry"
Oct 2019
Jupiter FL 33458

22 Posts
Default

My sense is that you are correct. From what I read online about the platform, however, it was robust and E2E. The MITM device intercepted the encrypted comms, and then what? Maybe they captured keys somehow on HSM on devices?
jpcu1237 is offline   Reply With Quote
Old 2020-07-03, 04:53   #4
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3·1,877 Posts
Default

Quote:
Originally Posted by jpcu1237 View Post
My sense is that you are correct. From what I read online about the platform, however, it was robust and E2E. The MITM device intercepted the encrypted comms, and then what? Maybe they captured keys somehow on HSM on devices?
No. It clearly wasn't robust. If it was then it wouldn't matter how many MITM devices were in the connection.

My guess is the client simply trusted the destination. So for A talking to B, the MITM will provide a key to A and say "Hi, I'm B", and A trusted it without verifying it was talking to the correct destination.
retina is online now   Reply With Quote
Old 2020-07-03, 05:06   #5
jpcu1237
 
jpcu1237's Avatar
 
"James Prescott Curry"
Oct 2019
Jupiter FL 33458

416 Posts
Default

Quote:
Originally Posted by retina View Post
No. It clearly wasn't robust. If it was then it wouldn't matter how many MITM devices were in the connection.

My guess is the client simply trusted the destination. So for A talking to B, the MITM will provide a key to A and say "Hi, I'm B", and A trusted it without verifying it was talking to the correct destination.
Agreed, not robust in the sense secure, since it failed. I meant based on the limited info left online:

Quote:
EncroChat protects conversations with the following four tenets

Perfect Forward Secrecy Each message session with each contact is encrypted with a different set of keys. If any given key is ever compromised, it will never result in the compromise of previously transmitted messages – or even passive observation of future messages.

Repudiable Authentication Messages do not employ digital signatures that provide third party proofs. However, you are still assured you are messaging with whom you think you are.

Deniability Anyone can forge messages after a conversation is complete to make them look like they came from you. However, during a conversation the recipient is assured all messages received are authentic and unmodified. This assures non-reputability of messages.

Encryption Strength The algorithms employed are many times stronger than that of PGP (RSA+AES). We employ algorithms from different families of mathematics, which protects message content in the event that one encryption algorithm is ever solved.
http://encrochat.network
Maybe the authorities will publish a report on the architecture and what they did, but doubtful, unless researchers get interested.
jpcu1237 is offline   Reply With Quote
Old 2020-07-03, 05:26   #6
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3·1,877 Posts
Default

Quote:
Originally Posted by jpcu1237 View Post
http://encrochat.network
Maybe the authorities will publish a report on the architecture and what they did, but doubtful, unless researchers get interested.
Self published "about" pages can make as many wonderful claims as they wish. But unless the code and protocols have been properly scrutinised and the implementation independently verified then such claims are meaningless.
retina is online now   Reply With Quote
Old 2020-07-03, 06:45   #7
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

237258 Posts
Default

Quote:
Originally Posted by jpcu1237 View Post
So, if they did crack the algorithm, then a revolutionary breakthrough has occurred? Any chatter out there?
Exceedinlgly unlikely IMO.

Far more likely is exploitation of implementation weakness coupled with traffic analysis and infiltration of the user base. Classical espionage, in other words.

IMO, anyway.
xilman is offline   Reply With Quote
Old 2020-07-03, 08:00   #8
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

32×11×103 Posts
Default

Quote:
Originally Posted by xilman View Post
Exceedinlgly unlikely IMO.

Far more likely is exploitation of implementation weakness coupled with traffic analysis and infiltration of the user base. Classical espionage, in other words.

IMO, anyway.
My guess wasn't too far wrong.

https://www.vice.com/en_us/article/3...crochat-hacked has much more detail.
xilman is offline   Reply With Quote
Old 2020-07-03, 09:07   #9
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

3×1,877 Posts
Default

Quote:
Originally Posted by xilman View Post
So the MITM device was installed on the phone. Even easier for the police, just grab the plaintext.

So the question remains how was the malware installed? A compromised server delivering an-important-security-update? Which would just prove the point once you have a working system don't blindly "fix" it with updates.
retina is online now   Reply With Quote
Old 2020-07-03, 12:26   #10
xilman
Bamboozled!
 
xilman's Avatar
 
May 2003
Down not across

32·11·103 Posts
Default

Quote:
Originally Posted by retina View Post
So the MITM device was installed on the phone. Even easier for the police, just grab the plaintext.
Technically this is not a MITM, which requires a device between the end points, not at an end point.
Quote:
Originally Posted by retina View Post
So the question remains how was the malware installed? A compromised server delivering an-important-security-update? Which would just prove the point once you have a working system don't blindly "fix" it with updates.
That has not yet been established but it seems rather likely to me.

It is, of course, possible that there was an important security flaw which needed fixing.
xilman is offline   Reply With Quote
Old 2020-07-03, 13:38   #11
R.D. Silverman
 
R.D. Silverman's Avatar
 
Nov 2003

22×5×373 Posts
Default

Quote:
Originally Posted by xilman View Post
Technically this is not a MITM, which requires a device between the end points, not at an end point.
That has not yet been established but it seems rather likely to me.

It is, of course, possible that there was an important security flaw which needed fixing.

Perhaps I should hire myself out.......

I could probably make big bucks.

Last fiddled with by R.D. Silverman on 2020-07-03 at 13:38
R.D. Silverman is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why integer factorization is in P/FP? tetramur Factoring 4 2019-01-23 20:51
hardware breakthrough : 1 atom-large transistor firejuggler Hardware 3 2012-02-24 15:15
Integer factorization? bearnol2 Information & Answers 7 2010-12-09 02:50
Integer factorization with q < 2p mgb Math 36 2009-11-07 15:59
Integer Factorization mgb Math 16 2007-12-17 10:43

All times are UTC. The time now is 09:38.

Thu Aug 13 09:38:26 UTC 2020 up 6:13, 0 users, load averages: 0.94, 1.15, 1.23

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.