-
• #2
The output of Cryptomsg2.js
>echo(0); In left pane enter go(); and press return. =undefined >go(); Client Random # keys 245,23,232,200,114,36,105,20,254,96,85,201,114,36,105,4 69,150,99,34,208,230,34,168,128,106,45,199,203,46,28,219 Hash keys 232,65,134,243,114,36,105,20,195,103,245,243,114,36,105,1 188,177,5,173,141,150,119,10,10,7,153,174,225,238,77,145 Hash keys 242,148,162,50,115,36,105,20,180,39,16,51,115,36,105,250 217,67,207,60,54,115,75,227,116,255,243,203,112,230,97,82 Server Random # keys 217,1,45,181,115,36,105,20,79,84,156,181,115,36,105,203 215,180,29,227,242,69,139,118,47,238,145,221,141,226,213,38 { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94, 94]), "Auth": new Uint8Array(16), "Mhash": new ArrayBuffer([26, 16, 180, 124, 63, 107, 133, 33, 128, 52, 101, 195, 208, 190, 102, 93]) } Client msg 1 hash OK { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, 60]), "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]), "Mhash": new ArrayBuffer([99, 179, 42, 101, 76, 3, 51, 218, 226, 53, 95, 70, 171, 105, 83, 175]) } Server msg1 hash OK Server is authentic { "text": [ new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69]), "Auth": new ArrayBuffer([34, 224, 5, 131, 161, 65, 136, 88, 134, 75, 54, 238, 99, 203, 160, 179]), "Mhash": new ArrayBuffer([61, 176, 71, 104, 148, 148, 164, 97, 70, 194, 169, 104, 156, 182, 148, 76]) } Client msg 2 hash OK Client is authentic { "text": [ new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34, 34]), "Auth": new ArrayBuffer([3, 170, 20, 135, 37, 121, 216, 99, 141, 128, 79, 223, 167, 46, 246, 123]), "Mhash": new ArrayBuffer([74, 248, 250, 163, 194, 76, 103, 238, 169, 3, 248, 117, 159, 233, 64, 220]) } Trying to replay Client msg 1 hash OK Client msg 2 hash OK Client not authentic 167,33,148,163,150,43,129,28,79,255,93,113,35,215,40,72 34,224,5,131,161,65,136,88,134,75,54,238,99,203,160,179 New messages { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119, 119]), "Auth": new Uint8Array(16), "Mhash": new ArrayBuffer([79, 10, 74, 218, 32, 96, 55, 0, 116, 245, 80, 95, 54, 76, 54, 114]) } Client msg 1 hash OK { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]), "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]), "Mhash": new ArrayBuffer([93, 70, 18, 33, 28, 195, 215, 238, 123, 48, 146, 157, 176, 143, 82, 131]) } Server msg1 hash OK Server is authentic { "text": [ new Uint8Array([66, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]), "Auth": new ArrayBuffer([168, 38, 120, 193, 88, 64, 50, 150, 39, 150, 95, 251, 65, 68, 138, 66]), "Mhash": new ArrayBuffer([184, 131, 13, 136, 192, 234, 14, 184, 72, 113, 231, 145, 199, 149, 231, 150]) } Client msg 2 hash OK Client is authentic { "text": [ new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248, 248]), "Auth": new ArrayBuffer([241, 254, 62, 248, 237, 77, 127, 26, 115, 224, 51, 144, 124, 210, 7, 250]), "Mhash": new ArrayBuffer([143, 19, 133, 234, 45, 4, 48, 57, 126, 126, 176, 205, 243, 97, 8, 8]) } =0
-
• #3
Cryptomsg3.js
In this version a user ID and password have been added
The following is the output of one session. The setup function creates the cryptographic keys used in the client and server objects. Note that client and server have different random number keys and permutations. None of the permutation arrays are shown.PICO 1v86 >echo(0); In left pane enter setup(); and press return. =undefined >setup(); Client Random # keys 147,218,39,254,251,124,105,20,249,242,176,254,251,124,105,138 124,171,219,12,155,172,248,197,93,220,85,14,86,211,101,122 Msg Hash keys 183,198,0,48,252,124,105,20,27,113,129,48,252,124,105,170 232,149,224,242,228,159,142,123,127,115,23,205,73,51,112,58 Auth Hash keys 82,25,235,120,252,124,105,20,163,183,112,121,252,124,105,248 90,33,23,232,223,50,115,84,170,190,44,139,113,153,65,249 IDPW Hash keys 179,197,74,194,252,124,105,20,240,89,206,194,252,124,105,142 23,120,142,240,228,46,156,128,54,32,224,158,21,49,50,162 IDPWkey Hash keys 254,143,24,11,253,124,105,20,217,234,155,11,253,124,105,49 255,224,2,245,157,160,44,204,179,206,10,57,236,82,67,23 Server Random # keys 53,87,29,162,253,124,105,20,95,37,162,162,253,124,105,26 78,233,136,63,69,30,248,93,255,66,4,177,179,192,75,192 To setup a User ID and password In the left pane enter ID="<user ID>"; In the left pane enter PW="<password>"; In left pane enter setupID(); and press return. =undefined
The setupID() function performs a hash of the ID and Password and stores it in the server object for later reference.
>ID="sam" ="sam" >PW="a1234"; ="a1234" >setupID(); IDPW_hash 20,198,57,30,198,43,156,233,212,6,187,246,210,28,110,194 In left pane enter connect(); and press return. =undefined
The setup process is completed at this point.
The connect() function sends a command from the client to the server. The message in the text, a random number Rnum, and a MHash of the text and Rnum blocks.
The server calculated the hash1 of the text and Rnum blocks of the received message and performs a comparison.
The server creates a reply message.>connect(); { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107, 107]), "Auth": new Uint8Array(16), "Mhash": new ArrayBuffer([67, 224, 209, 99, 57, 134, 239, 227, 82, 141, 121, 73, 1, 34, 87, 53]) } Client msg 1 hash OK
The server creates a reply.
It generates a new random number Rnum.
It calculates the Auth value by hashing the Rnum in the clients message
It calculates the MHash of the text, Rnum, and Auth blocks.{ "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95, 95]), "Auth": new ArrayBuffer([177, 4, 182, 80, 32, 193, 133, 253, 206, 70, 222, 40, 50, 103, 253, 84]), "Mhash": new ArrayBuffer([174, 166, 145, 239, 250, 142, 29, 89, 132, 47, 94, 235, 3, 148, 16, 180]) }
The client validates the Mhash, and the Auth and asked the user for ID and password.
Server msg1 hash OK Server is authentic Enter User ID and password In the left pane enter ID="<user ID>"; In the left pane enter PW="<password>"; In left pane enter login(); and press return. =undefined >
The user enters the ID and password and the client sends a message to the server using the login() function.
The message contains the text[0] block with the command, the text[1] block, a Rnum random number block, the Auth block and a Mhash of both text blocks, the Rnum and Auth blocks.
An encryption key is created using a hash of the Rnum in the last server message.
The encryption key is used to encrypt the hash of the ID and password.
Text[1]= the permutation of the encrypted hash of ID and password.
Note: the permutation uses an array of 128 values to swap bits in the block thus increasing the difficulty level for a hacker.>ID ="sam" >PW ="a1234" >login(); { "text": [ new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), new ArrayBuffer([188, 251, 96, 214, 196, 152, 12, 153, 116, 62, 142, 67, 36, 191, 9, 37]) ], "Rnum": new Uint8Array([231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, 231]), "Auth": new ArrayBuffer([85, 202, 193, 237, 229, 82, 213, 28, 17, 66, 76, 168, 105, 110, 34, 181]), "Mhash": new ArrayBuffer([246, 246, 153, 109, 110, 234, 46, 198, 250, 173, 197, 70, 46, 130, 198, 8]) } Client msg 2 hash OK Client is authentic User ID and password valid
The server validates the Mhash, and the Auth blocks.
The server reverses the permutation and decrypts the text[1] block and uses the previously saved IDPW hash to validate the user ID and password.
The server replies as follows:{ "text": [ new Uint8Array([66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197, 197]), "Auth": new ArrayBuffer([203, 178, 225, 223, 185, 157, 208, 10, 205, 106, 25, 48, 148, 14, 178, 244]), "Mhash": new ArrayBuffer([136, 235, 215, 192, 46, 125, 93, 102, 232, 66, 154, 94, 254, 96, 125, 171]) }
The client validates the Mhash, and the Auth blocks.
Server msg1 hash OK Server is authentic In left pane enter replay(); or LEDon(); or LEDoff(); and press return. =undefined >
The user enters LEDon() and the client sends a message with text[0][1]=153
>LEDon(); { "text": [ new Uint8Array([67, 153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245, 245]), "Auth": new ArrayBuffer([84, 61, 229, 17, 188, 93, 153, 84, 8, 11, 141, 163, 234, 109, 215, 22]), "Mhash": new ArrayBuffer([161, 191, 122, 233, 14, 1, 107, 240, 101, 7, 97, 214, 109, 87, 47, 227]) }
The server validates the Mhash and Auth blocks and uses the value on text[0][1] to turn the Green LED on the PICO on or off.
Client msg 3 hash OK Client is authentic { "text": [ new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9]), "Auth": new ArrayBuffer([25, 138, 122, 203, 160, 27, 197, 203, 83, 67, 94, 253, 166, 101, 177, 61]), "Mhash": new ArrayBuffer([156, 67, 30, 184, 3, 5, 237, 23, 4, 169, 138, 33, 245, 137, 166, 242]) } Server msg hash OK Server is authentic In left pane enter replay(); or LEDon(); or LEDoff(); and press return. =undefined
The user enters LEDoff(), and the client sends the following message to the server.
>LEDoff(); { "text": [ new Uint8Array([67, 152, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32]), "Auth": new ArrayBuffer([173, 227, 7, 74, 231, 212, 57, 149, 211, 167, 182, 168, 50, 163, 100, 136]), "Mhash": new ArrayBuffer([166, 234, 76, 46, 39, 225, 249, 161, 72, 87, 168, 112, 131, 189, 17, 179]) } Client msg 3 hash OK Client is authentic
The server turns the LED off and replies as follows.
{ "text": [ new Uint8Array([67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) ], "Rnum": new Uint8Array([91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91, 91]), "Auth": new ArrayBuffer([69, 156, 77, 140, 124, 163, 20, 171, 113, 5, 219, 192, 52, 186, 236, 247]), "Mhash": new ArrayBuffer([58, 187, 167, 69, 103, 61, 35, 28, 56, 158, 186, 83, 30, 230, 152, 10]) } Server msg hash OK Server is authentic In left pane enter replay(); or LEDon(); or LEDoff(); and press return.
Along the way the client and server messages have been saved by Bill the black hat hacker. So Bill tries sending the client’s messages to the server with the following results.
>replay(); Trying to replay Client msg 1 hash OK Client msg 2 hash OK Client not authentic ((the calculated and message Auth values are shown here)) 73,37,138,217,81,69,32,247,92,136,225,154,124,8,83,157 85,202,193,237,229,82,213,28,17,66,76,168,105,110,34,181 =undefined
Try it and have the client enter the wrong ID or password.
The random number generator uses Date.now, and Math.random() as a seed.
A permutation followed by encryption or decryption is applied to the seed.
A one way matrix operation is applied followed by a second permutation and finally a second encryption or decryption. Again this makes life hard for hackers as compared to a simple counter applied to the AES algorithm.
The hash function does a similar process permutation1, encrypt, one way, permutation2, encrypt. For the first block the one way is initialized. For subsequent blocks the one way uses the results from the previous block.
1 Attachment
-
• #4
Permutation2.js
A permutation of bits:0 168 0 1 133 1 2 2 2 3 0 3 4 1 4 5 112 5 6 16 6 7 150 7 8 49 8 9 2 9 10 134 10 11 14 11 12 36 12 13 16 13 14 9 14 15 4 15
A permutation of bytes
0 6 0 1 1 1 2 14 2 3 12 3 4 15 4 5 4 5 6 7 6 7 10 7 8 13 8 9 2 9 10 5 10 11 0 11 12 11 12 13 9 13 14 3 14 15 8 15
Links:
http://www.scientificamerican.com/article/nsa-nist-encryption-scandal/https://cpunks.org/pipermail/cypherpunks/2013-September/000984.html
https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
https://en.wikipedia.org/wiki/Dual_EC_DRBG
1 Attachment
-
• #5
Onewayx.js
Apply addition, exclusive or, or multiplication to a matrix by rows, columns, left diagonals and right diagonals and then take the modulus 256 to create a one way function.
0 1 2 3
4 5 6 7
8 9 10 11
12 13 14 15//onewayx.js function oneway1(mode,A,B,C,D,E){ switch(mode){ case 0: return A+B+C+D+E; case 1: return A^B^C^D^E; case 2: return A*B*C*D*E; }//end switch }//end oneway1 function modit(A,B){ for(var i=0;i<16;i++)A[i]=B[i]%256; }//end modit function fillit(A,b){ for(var i=0;i<16;i++)A[i]=b; }//end fillit function oneway(mode,A,B){ //rows A[0]=oneway1(mode,A[0],B[0],B[1],B[2],B[3]); A[1]=oneway1(mode,A[1],B[4],B[5],B[6],B[7]); A[2]=oneway1(mode,A[2],B[8],B[9],B[10],B[11]); A[3]=oneway1(mode,A[3],B[12],B[13],B[14],B[15]); //columns A[4]=oneway1(mode,A[4],B[0],B[4],B[8],B[12]); A[5]=oneway1(mode,A[5],B[1],B[5],B[9],B[13]); A[6]=oneway1(mode,A[6],B[2],B[6],B[10],B[14]); A[7]=oneway1(mode,A[7],B[3],B[7],B[11],B[15]); //diagonals\ A[8]=oneway1(mode,A[8],B[0],B[5],B[10],B[15]); A[9]=oneway1(mode,A[9],B[1],B[6],B[11],B[12]); A[10]=oneway1(mode,A[10],B[2],B[7],B[8],B[13]); A[11]=oneway1(mode,A[11],B[3],B[4],B[9],B[14]); //diagonals/ A[12]=oneway1(mode,A[12],B[3],B[6],B[9],B[12]); A[13]=oneway1(mode,A[13],B[0],B[7],B[10],B[13]); A[14]=oneway1(mode,A[14],B[1],B[4],B[11],B[14]); A[15]=oneway1(mode,A[15],B[2],B[5],B[8],B[15]); }//end oneway
The output:
The inital data 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 use mutltiply Data after applying oneway function and modit 24 144 104 160 73 144 137 0 32 136 208 184 56 208 8 32 Do it again using xor The inital data 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Data after applying oneway function and modit 5 13 5 29 1 1 1 17 29 5 13 5 5 13 5 29 Do it again using addition The inital data 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Data after applying oneway function and modit 11 27 43 59 29 33 37 41 35 35 35 35 35 35 35 35
Try it with different initial data.
1 Attachment
-
• #6
Cryptomsg4.js
Some changes made to the hash function.
Add a logoff function.
Noticed that the Rnum in the messages were all the same value.
Fixed it.>setupID(); IDPW_hash 199,118,61,228,125,51,183,83,209,53,107,248,75,23,162,128 In left pane enter connect(); and press return. =undefined >connect(); { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), new Uint8Array(16) ], "Rnum": new Uint8Array([106, 252, 92, 219, 97, 146, 133, 70, 139, 53, 121, 170, 154, 73, 162, 119]), "Auth": new Uint8Array(16), "Mhash": new ArrayBuffer([207, 109, 3, 165, 191, 27, 97, 58, 131, 189, 253, 144, 214, 189, 226, 240]) } Client msg 1 hash OK { "text": [ new Uint8Array([65, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]), new Uint8Array(16) ], "Rnum": new Uint8Array([224, 101, 186, 153, 117, 133, 224, 12, 118, 39, 165, 92, 202, 210, 183, 51]), "Auth": new ArrayBuffer([66, 169, 179, 113, 114, 202, 57, 74, 89, 29, 96, 192, 147, 30, 236, 36]), "Mhash": new ArrayBuffer([22, 187, 159, 26, 112, 116, 187, 148, 127, 211, 158, 113, 40, 126, 194, 165]) } Server msg1 hash OK Server is authentic Enter User ID and password In the left pane enter ID="<user ID>"; In the left pane enter PW="<password>"; In left pane enter login(); and press return.
A Phat phinger mistake in the copy function.
function copy(A,B){for(var i=0;i<16;i++)A[i]=B[1];}
Changed it to:
function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];}
1 Attachment
-
• #7
ClassDatenowKey2.js
The random number generator://ClassDatenowKey2.js //a permutation class function Perm(n){ this.N=n; this.C=new Uint8Array(n); } Perm.prototype.swap=function(i,j){ var a=0; a=this.C[i]; this.C[i]=this.C[j]; this.C[j]=a; };//end swap //Initialize a random permutation Perm.prototype.createPerm=function(){ var i,j; var k=this.N; E.srand(E.hwRand()); for(j=0;j<this.N;j++)this.C[j]=j; for(i=0;i<(this.N-1);i++){ j=parseInt((Math.random()*256)%k,10); this.swap(i,i+j); k--; }//next i };//end createPerm //Use permutation to relocate bits in E to D //dir determines the indirection direction Perm.prototype.doPerm=function(dir,D,E){ var i,j,k,m; for(i=0;i<this.N/8;i++)D[i]=0; for(i=0;i<this.N;i++){ j=this.C[i]; k=i%8; m=j%8; var a=1; var b=1; a=1<<k; b=1<<m; if(dir){ if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b; }else{ if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a; }//end else }//next i };//end doPerm //Use permutation of length N in E to relocate bytes in C to D Perm.prototype.doPermBytes=function(dir,E,C){ var i,j,k,m; for(i=0;i<this.N;i++)D[i]=0; for(i=0;i<this.N;i++){ j=this.C[i]; if(dir){ D[i]=E[j]; }else{ D[j]=E[i]; }//end else }//next i };//end doPermBytes /////////////////////////// //a oneway class function Oneway(){ this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]; } Oneway.prototype.oneway1=function(mode,A,B,C,D,E){ switch(mode){ case 0: return A+B+C+D+E; case 1: return A^B^C^D^E; case 2: return A*B*C*D*E; }//end switch };//end oneway1 Oneway.prototype.modit=function(A){ for(var i=0;i<16;i++)A[i]=this.A[i]%256; };//end modit Oneway.prototype.fillit=function(b){ for(var i=0;i<16;i++)this.A[i]=b; };//end fillit Oneway.prototype.oneway=function(mode,B){ var oneway1=this.oneway1; //rows this.A[0]=oneway1(mode,this.A[0],B[0],B[1],B[2],B[3]); this.A[1]=oneway1(mode,this.A[1],B[4],B[5],B[6],B[7]); this.A[2]=oneway1(mode,this.A[2],B[8],B[9],B[10],B[11]); this.A[3]=oneway1(mode,this.A[3],B[12],B[13],B[14],B[15]); //columns this.A[4]=oneway1(mode,this.A[4],B[0],B[4],B[8],B[12]); this.A[5]=oneway1(mode,this.A[5],B[1],B[5],B[9],B[13]); this.A[6]=oneway1(mode,this.A[6],B[2],B[6],B[10],B[14]); this.A[7]=oneway1(mode,this.A[7],B[3],B[7],B[11],B[15]); //diagonals\ this.A[8]=oneway1(mode,this.A[8],B[0],B[5],B[10],B[15]); this.A[9]=oneway1(mode,this.A[9],B[1],B[6],B[11],B[12]); this.A[10]=oneway1(mode,this.A[10],B[2],B[7],B[8],B[13]); this.A[11]=oneway1(mode,this.A[11],B[3],B[4],B[9],B[14]); //diagonals/ this.A[12]=oneway1(mode,this.A[12],B[3],B[6],B[9],B[12]); this.A[13]=oneway1(mode,this.A[13],B[0],B[7],B[10],B[13]); this.A[14]=oneway1(mode,this.A[14],B[1],B[4],B[11],B[14]); this.A[15]=oneway1(mode,this.A[15],B[2],B[5],B[8],B[15]); };//end oneway // Random object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply function Random(aes1,aes2,pdir1,pdir2,owtype){ this.AES1=aes1; this.AES2=aes2; this.Pdir1=pdir1; this.Pdir2=pdir2; this.Owtype=owtype; this.ow=new Oneway(); this.plain=new Uint8Array(16); this.R=new ArrayBuffer(16); this.perm1=new Perm(128); this.key1=new Uint8Array(16); this.perm2=new Perm(128); this.key2=new Uint8Array(16); } Random.prototype.random=function(){ var a; var tt=Date.now()*1000000; for(var i=0;i<16;i++){ if(i===8)tt=Date.now()*1000000; this.R[i]=tt%256; tt=tt-this.R[i]; tt=tt/256; }//nexti E.srand(E.hwRand()); this.R[0]=(Math.random()*256)%256; this.R[8]=(Math.random()*256)%256; this.R[15]=(Math.random()*256)%256; // printit(R); this.perm1.doPerm(this.Pdir1,this.plain,this.R); //printit(plain); if(this.AES1){this.R=AES.encrypt(this.plain,this.key1); }else{ this.R=AES.decrypt(this.plain,this.key1); } //printit(this.R); this.ow.fillit(1); this.ow.oneway(this.Owtype,this.R); this.ow.modit(this.R); //printit(this.R); this.perm2.doPerm(this.Pdir2,this.plain,this.R); //printit(plain); if(this.AES2){this.R=AES.encrypt(this.plain,this.key2); }else{ this.R=AES.decrypt(this.plain,this.key2); } //printit(this.R); return this.R; };//end random Random.prototype.setup_random=function(){ for(var i=0;i<16;i++){ E.srand(E.hwRand()); this.key1[i]=parseInt((Math.random()*256),10); E.srand(E.hwRand()); this.key2[i]=parseInt((Math.random()*256),10); }//nexti this.perm1.createPerm(); this.perm2.createPerm(); }; /////////////////////////////// function printit(W){ console.log(W[0]+','+W[1]+','+W[2]+','+W[3]+','+ W[4]+','+W[5]+','+W[6]+','+W[7]+','+ W[8]+','+W[9]+','+W[10]+','+W[11]+','+ W[12]+','+W[13]+','+W[14]+','+W[15] ); }//end printit function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];} function compare(A,B){ for(var i=0;i<16;i++)if(A[i]!=B[i])return 0; return 1; } /////////////////////////////// // Random object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply //function Random(aes1,aes2,pdir1,pdir2,owtype){ var R=new Random(1,1,0,0,0); R.setup_random(); console.log("keys"); printit(R.key1); printit(R.key2); console.log("Enter go(); into left screen, press enter"); function go(){ R.key1=R.random(); R.key2=R.random(); R.key1=R.random(); R.key2=R.random(); console.log("keys"); printit(R.key1); printit(R.key2); console.log("Randoms"); for(var j=0;j<16;j++){ printit(R.random()); } }//end go
The output:
>echo(0); keys 95,199,130,197,32,174,21,94,190,94,212,0,219,24,220,209 127,253,226,16,70,146,185,11,202,192,44,70,83,51,120,177 Enter go(); into left screen, press enter =undefined >go(); keys 37,115,239,249,173,235,105,20,202,187,119,250,173,235,105,187 194,44,127,205,23,115,36,6,237,95,250,210,33,201,23,211 Randoms 142,254,220,240,136,215,19,239,149,77,77,124,190,204,102,97 172,247,225,194,124,184,176,179,201,85,70,33,145,196,50,223 171,173,84,67,240,166,53,84,189,241,190,160,65,126,46,16 240,110,20,89,34,209,82,26,84,141,66,199,178,107,45,129 8,76,198,85,81,141,148,70,243,37,27,18,101,39,53,75 156,154,240,83,125,40,83,111,48,193,73,90,88,52,152,150 132,58,124,16,109,99,134,187,72,139,84,109,254,5,163,173 18,166,184,35,1,188,74,73,75,24,107,129,229,6,203,35 46,71,178,73,32,142,191,110,254,127,233,195,82,219,214,121 219,68,7,110,28,230,173,64,123,179,128,4,232,61,157,244 26,86,10,201,79,18,159,126,178,165,128,213,0,220,233,219 160,45,66,180,92,106,130,148,224,180,18,141,20,194,197,167 116,187,81,184,197,46,64,197,107,157,58,72,70,42,241,205 106,243,200,96,187,42,68,165,111,85,121,61,150,128,81,63 112,139,103,246,27,71,38,240,100,136,250,230,24,145,76,69 96,130,236,218,128,193,47,234,34,3,10,30,130,18,74,154
1 Attachment
-
• #8
myhash1.js
Uses permutations, oneway, and random functions.
var MH=new Myhash(1,1,0,0,0). Try varying the numbers. First 4 can be 0 or 1.
5th number can be 0,1,2 and changes the oneway function operator.
// aes1 0= encrypt, 1=decrypt
// aes2 0= encrypt, 1=decrypt
// pdir1 permutation direction 0 or 1
// pdir2 permutation direction 0 or 1
// owtype 0= add, 1= xor, 2=multiply//myhash1.js //a permutation class function Perm(n){ this.N=n; this.C=new Uint8Array(n); } Perm.prototype.swap=function(i,j){ var a=0; a=this.C[i]; this.C[i]=this.C[j]; this.C[j]=a; };//end swap //Initialize a random permutation Perm.prototype.createPerm=function(){ var i,j; var k=this.N; E.srand(E.hwRand()); for(j=0;j<this.N;j++)this.C[j]=j; for(i=0;i<(this.N-1);i++){ j=parseInt((Math.random()*256)%k,10); this.swap(i,i+j); k--; }//next i };//end createPerm //Use permutation to relocate bits in E to D //dir determines the indirection direction Perm.prototype.doPerm=function(dir,D,E){ var i,j,k,m; for(i=0;i<this.N/8;i++)D[i]=0; for(i=0;i<this.N;i++){ j=this.C[i]; k=i%8; m=j%8; var a=1; var b=1; a=1<<k; b=1<<m; if(dir){ if(E[(i-k)/8]&a) D[(j-m)/8]=D[(j-m)/8]|b; }else{ if(E[(j-m)/8]&b) D[(i-k)/8]=D[(i-k)/8]|a; }//end else }//next i };//end doPerm //Use permutation of length N in E to relocate bytes in C to D Perm.prototype.doPermBytes=function(dir,E,C){ var i,j,k,m; for(i=0;i<this.N;i++)D[i]=0; for(i=0;i<this.N;i++){ j=this.C[i]; if(dir){ D[i]=E[j]; }else{ D[j]=E[i]; }//end else }//next i };//end doPermBytes /////////////////////////// //a oneway class function Oneway(){ this.A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]; } Oneway.prototype.oneway1=function(mode,A,B,C,D,E){ switch(mode){ case 0: return A+B+C+D+E; case 1: return A^B^C^D^E; case 2: return A*B*C*D*E; }//end switch };//end oneway1 Oneway.prototype.modit=function(A){ for(var i=0;i<16;i++)A[i]=this.A[i]%256; };//end modit Oneway.prototype.fillit=function(b){ for(var i=0;i<16;i++)this.A[i]=b; };//end fillit Oneway.prototype.oneway=function(mode,B){ var oneway1=this.oneway1; //rows this.A[0]=oneway1(mode,this.A[0],B[0],B[1],B[2],B[3]); this.A[1]=oneway1(mode,this.A[1],B[4],B[5],B[6],B[7]); this.A[2]=oneway1(mode,this.A[2],B[8],B[9],B[10],B[11]); this.A[3]=oneway1(mode,this.A[3],B[12],B[13],B[14],B[15]); //columns this.A[4]=oneway1(mode,this.A[4],B[0],B[4],B[8],B[12]); this.A[5]=oneway1(mode,this.A[5],B[1],B[5],B[9],B[13]); this.A[6]=oneway1(mode,this.A[6],B[2],B[6],B[10],B[14]); this.A[7]=oneway1(mode,this.A[7],B[3],B[7],B[11],B[15]); //diagonals\ this.A[8]=oneway1(mode,this.A[8],B[0],B[5],B[10],B[15]); this.A[9]=oneway1(mode,this.A[9],B[1],B[6],B[11],B[12]); this.A[10]=oneway1(mode,this.A[10],B[2],B[7],B[8],B[13]); this.A[11]=oneway1(mode,this.A[11],B[3],B[4],B[9],B[14]); //diagonals/ this.A[12]=oneway1(mode,this.A[12],B[3],B[6],B[9],B[12]); this.A[13]=oneway1(mode,this.A[13],B[0],B[7],B[10],B[13]); this.A[14]=oneway1(mode,this.A[14],B[1],B[4],B[11],B[14]); this.A[15]=oneway1(mode,this.A[15],B[2],B[5],B[8],B[15]); };//end oneway // Random object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply function Random(aes1,aes2,pdir1,pdir2,owtype){ this.AES1=aes1; this.AES2=aes2; this.Pdir1=pdir1; this.Pdir2=pdir2; this.Owtype=owtype; this.ow=new Oneway(); this.plain=new Uint8Array(16); this.R=new ArrayBuffer(16); this.perm1=new Perm(128); this.key1=new Uint8Array(16); this.perm2=new Perm(128); this.key2=new Uint8Array(16); } Random.prototype.random=function(){ var tt=Date.now()*1000000; for(var i=0;i<16;i++){ if(i===8)tt=Date.now()*1000000; this.R[i]=tt%256; tt=tt-this.R[i]; tt=tt/256; }//nexti E.srand(E.hwRand()); this.R[0]=(Math.random()*256)%256; this.R[8]=(Math.random()*256)%256; this.R[15]=(Math.random()*256)%256; // printit(R); this.perm1.doPerm(this.Pdir1,this.plain,this.R); //printit(plain); if(this.AES1){this.R=AES.encrypt(this.plain,this.key1); }else{ this.R=AES.decrypt(this.plain,this.key1); } //printit(this.R); this.ow.fillit(1); this.ow.oneway(this.Owtype,this.R); this.ow.modit(this.R); //printit(this.R); this.perm2.doPerm(this.Pdir2,this.plain,this.R); //printit(plain); if(this.AES2){this.R=AES.encrypt(this.plain,this.key2); }else{ this.R=AES.decrypt(this.plain,this.key2); } //printit(this.R); return this.R; };//end random Random.prototype.setup_random=function(){ for(var i=0;i<16;i++){ E.srand(E.hwRand()); this.key1[i]=parseInt((Math.random()*256),10); E.srand(E.hwRand()); this.key2[i]=parseInt((Math.random()*256),10); }//nexti this.perm1.createPerm(); this.perm2.createPerm(); }; /////////////////////////////// //Myhash object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply function Myhash(aes1,aes2,pdir1,pdir2,owtype){ this.AES1=aes1; this.AES2=aes2; this.Pdir1=pdir1; this.Pdir2=pdir2; this.Owtype=owtype; this.ow=new Oneway(); this.plain=new Uint8Array(16); this.plain1=new Uint8Array(16); this.R=new ArrayBuffer(16); this.perm1=new Perm(128); this.key1=new Uint8Array(16); this.perm2=new Perm(128); this.key2=new Uint8Array(16); } Myhash.prototype.myhash=function(R,flag){ var i; this.perm1.doPerm(this.Pdir1,this.plain,R); if(this.AES1){this.R=AES.encrypt(this.plain,this.key1); }else{ this.R=AES.decrypt(this.plain,this.key1); } if(flag){ this.ow.fillit(1); for(i=0;i<16;i++)this.plain1[i]=0; } this.ow.oneway(this.Owtype,this.R); this.ow.modit(this.R); this.perm2.doPerm(this.Pdir2,this.plain,this.R); if(this.AES2){this.R=AES.encrypt(this.plain,this.key2); }else{ this.R=AES.decrypt(this.plain,this.key2); } for(i=0;i<16;i++)this.R[i]=this.R[i]^ this.plain1[i]; copy(this.plain1,this.R); return this.R; };//end random Myhash.prototype.setup_myhash=function(R){ this.key1=R.random(); this.key2=R.random(); console.log("Hash keys"); printit(this.key1); printit(this.key2); this.perm1.createPerm(); this.perm2.createPerm(); }; /////////////////////////////// function printit(W){ console.log(W[0]+','+W[1]+','+W[2]+','+W[3]+','+ W[4]+','+W[5]+','+W[6]+','+W[7]+','+ W[8]+','+W[9]+','+W[10]+','+W[11]+','+ W[12]+','+W[13]+','+W[14]+','+W[15] ); }//end printit function copy(A,B){for(var i=0;i<16;i++)A[i]=B[i];} function compare(A,B){ for(var i=0;i<16;i++)if(A[i]!=B[i])return 0; return 1; } /////////////////////////////// // Random object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply //function Random(aes1,aes2,pdir1,pdir2,owtype){ var R=new Random(1,1,0,0,0); R.setup_random(); console.log("keys"); printit(R.key1); printit(R.key2); console.log("Enter go(); into left screen, press enter"); function go(){ R.key1=R.random(); R.key2=R.random(); R.key1=R.random(); R.key2=R.random(); console.log("Randomkeys"); printit(R.key1); printit(R.key2); /////////////////////////////// // Myhash object // aes1 0= encrypt, 1=decrypt // aes2 0= encrypt, 1=decrypt // pdir1 permutation direction 0 or 1 // pdir2 permutation direction 0 or 1 // owtype 0= add, 1= xor, 2=multiply var MH=new Myhash(1,1,0,0,0); MH.setup_myhash(R); console.log("Myhashes"); C=new Uint8Array(16); D=new Uint8Array(16); C1=new Uint8Array(16); D1=new Uint8Array(16); for(var j=0;j<4;j++){ C=R.random(); //fisrt block to hash C1=R.random();//second block to hash D=MH.myhash(C,1);//initializes hash D1=MH.myhash(C1,0);//adds to hash console.log(j+" plaintext"); printit(C); printit(C1); console.log(j+" hash(PT1), hash(PT1&PT2)"); printit(D); printit(D1); } }//end go
The output:
>echo(0); keys 86,241,83,165,231,187,118,151,10,24,224,247,5,155,169,173 98,173,140,6,192,202,181,73,5,180,107,39,255,128,101,152 Enter go(); into left screen, press enter =undefined >go(); Randomkeys 42,27,58,194,230,236,105,20,255,239,187,194,230,236,105,131 35,107,93,130,7,198,150,121,118,23,83,143,243,104,133,129 Hash keys 3,173,75,244,230,236,105,20,199,51,208,244,230,236,105,108 78,11,5,145,114,186,64,56,35,74,240,253,216,142,195,239 Myhashes 0 plaintext 94,233,45,61,231,236,105,20,129,249,178,61,231,236,105,254 221,170,249,50,122,205,13,201,183,162,161,143,108,90,139,132 0 hash(PT1), hash(PT1&PT2) 71,76,23,135,37,184,17,104,9,201,154,228,75,139,43,70 210,79,102,138,26,8,203,47,131,217,136,28,223,42,118,1 1 plaintext 77,121,156,159,231,236,105,20,127,138,34,160,231,236,105,29 60,154,90,164,13,40,94,68,30,61,8,23,20,20,250,142 1 hash(PT1), hash(PT1&PT2) 187,159,41,38,232,148,215,100,160,137,110,238,132,225,187,30 131,47,12,173,43,34,244,214,196,202,243,66,152,44,80,24 2 plaintext 118,53,38,1,232,236,105,20,117,90,163,1,232,236,105,210 100,3,81,31,17,127,119,23,221,106,166,29,214,11,65,159 2 hash(PT1), hash(PT1&PT2) 229,120,199,141,209,44,28,26,243,118,209,239,21,203,233,121 106,110,17,4,66,253,193,144,149,44,178,108,5,152,222,13 3 plaintext 100,248,143,98,232,236,105,20,100,178,16,99,232,236,105,58 234,172,140,20,0,12,253,183,231,119,12,218,29,75,127,80 3 hash(PT1), hash(PT1&PT2) 48,226,109,106,2,245,197,206,251,241,239,74,211,245,123,138 155,135,118,138,242,147,191,120,240,157,133,162,141,219,83,151
1 Attachment
-
• #9
Cryptographic Parameters Used in cryptomsg4.js
The objects that use cryptographic parameters:Random
1.1. AES1 flag 0 or 1
1.2. AES2 flag 0 or 1
1.3. Pdir1 0 or 1
1.4. Pdir2 0 or 1
1.5. Owtype 0, 1, or 2
1.6. Perm1 128 bytes
1.7. Perm2 128 bytes
1.8. Key1 16 bytes
1.9. Key2 16 bytes
293 bytesMyhash
2.1. AES1 flag 0 or 1
2.2. AES2 flag 0 or 1
2.3. Pdir1 0 or 1
2.4. Pdir2 0 or 1
2.5. Owtype 0, 1, or 2
2.6. Perm1 128 bytes
2.7. Perm2 128 bytes
2.8. Key1 16 bytes
2.9. Key2 16 bytes
293 bytesClient only:
One Random object 293 bytesServer only:
One Random object 293 bytes
Shared copies on Client and Server:.permIDPW 128 bytes
4 sets of hash parametersMsgHash 293 bytes
AuthHash 293 bytes
IDPWHash 293 bytes
IDPWkeyHash 293 byes
1210 bytes
Total cryptographic bytes in server or client = 1210+292 = 1503 bytes.
Since the client and server have independent Random objects in the cryptomsg5.js, it would be possible to periodically generate new cryptographic parameters. Perhaps this rekey could be implemented with a setInterval() function using a random interval.
Additional cryptographic entropy could be added to the message by the following means:
Currently the text[1] part of the message only carries the encrypted ID+password hash and is cleared to zero for all other messages. If in the zero cases, text[1] contained a random number, and a 32 element permutation of bytes over the text[1] and Rnd blocks the entropy would be increased. A 256 element permutation of bits could also be used, or do the 32 byte permutation followed by 128 bit permutation on each resulting block.
A key exchange password could allow the text[1] to be used to move keys in a covert manner that would appear to be normal operation.
The protocol could require the ID password hash be validated on every logged in command instead of just once.
In the first call to a hash, two parameters are initialized. Cryptographic salt could be used for the initial values.
Note on the direction flags:
The direction flags make use of the bidirectional properties of AES and the permutations.
AES1 flag 0 or 1
AES2 flag 0 or 1
Pdir1 0 or 1
Pdir2 0 or 1
Plaintext can be encrypted to cipher text A and the decrypted back to plaintext, or
Plaintext can be decrypted to cipher text B and then encrypted back to plaintext.
A not equal to B.
A similar process occurs with the permutation function.
It would be possible to use bits in the RND field to modulate the flags dynamically.The low cryptographic entropy problem:
A commercial device allows remote operation of a lock.
The device is controlled by two messages Lock and Unlock.
The messages differ by one bit in the message and by several bits in the CRC or hashed check code.
A modem using a stream cipher is used to send the Lock and Unlock messages.
The stream cipher makes uses of synchronized random number generators to exclusive or a different random byte with each byte of the message. A=R1 ^ M1, M1=A^R1.
If an attacker can intercept and modify the message, show that he could use:
B= M1^M2, C=B^A to change a Lock to an Unlock or an Unlock to a Lock command.
The stream cipher produces cryptographic confusion but no diffusion. A permutation function can be used to introduce diffusion ( swapping the bits/bytes around in the message) Note that AES in block mode produces both confusion and diffusion but produces the same output for the same input making the message subject to replay without additional steps.Link from the cryptographic anxiety closet: (Once a can of worms is opened the only process that works is to contain them is a larger can,)
https://securityevaluators.com/knowledge/case_studies/rfid/ -
• #10
Some changes to the oneway function:
A test program oneway16bit.js was created. (type go(); in the left pane after loading)
It was found that the oneway add and xor modes produce the same results. The xor mode doesn’t require the modit function. The add mode produces a lot of hash collisions. As written with a seed of all 1’s the xor and add modes produce 4 collisions over a field of 1024 values.
This results are shown in oneway16bit1024.xlxs.The program was modified oneway16bita.js. (type go(); in the left pane after loading)
The function is seeded with the initial data in place of all 1’s.
This change eliminated the collisions in the xor mode.
The results are shown in oneway16bita1024.xlxs.
The changes have been applied in cryptomsg5.js
4 Attachments
-
• #11
I'm a bit lost... What is it that you are implementing? Some well-know crypto protocol?
-
• #12
I'm trying to create and implement a cryptographic protocol that makes it difficult to replay, modify or spoof command messages and the reply messages. Both the server and client are together on one Pico for the development phase. At some point I would like to implement to server and client on separate devices with a suitable communication link.
I've run into problems with the one way function and am seriously considering its elimination.
It is not needed or could be replaced with one of the SHA functions.(SHA1, SHA256 etc.) -
• #13
On the Pico there's also the
Crypto
library that should do AES encryption - you could use that with the code that you already have for key exchange? -
• #14
AES is used in the hash function and the password functions. The Pico seems to do the AES without using the library. For the SHA functions the library has to be "required". If this is a problem please let me know.
The key exchange still needs to be implemented. I favor calling it the "Squirt" function after the "technical" term I heard when hanging out in a committee. A Diffie-Helman key exchange or AES? The method really depends on how many clients. One client and one server or many clients (one at a time likely) and one or more servers.
A transport layer needs to be added. TLS would add the information hiding of a stream cipher and if used with a digital certificate it would add authentication. Some reading on TLS says it can be made to authenticate both ends, although it commonly only authenticates the server.
The transport layer could also add permutations to swap bytes and bits around in the message.
It's harder search for a key given known plaintext and cipher text if the bits have been repositioned. (Get out your solar powered calculator and ask it to do 128 factorial and watch the Sun dim.)As for using the SHA algorithms, one must consider the results of a Google search such as SHA256 decrypt
For example:
https://md5hashing.net/hash/sha256 -
• #15
For the SHA functions the library has to be "required". If this is a problem please let me know.
No, it's no problem at all - to be honest you should kind of need it for most of them.
It's a thought actually - Espruino supports TLS over sockets. You could actually write a JS Socket library (like is done for ESP8266/SIM900) that sends data over your given transport layer (if you were using some custom radio) and then you could use the built-in TLS support.
-
• #16
For better understanding:
Cryptographic Protocol vs Cryptographic Primatives
https://en.wikipedia.org/wiki/Cryptographic_protocol
https://en.wikipedia.org/wiki/Cryptographic_primitivePrimitives used:
Block Cipher: Notation is CIPHkey(M), where CIPH = AES128, using key, on block M
https://en.wikipedia.org/wiki/Advanced_Encryption_StandardCMAC: Notation CMAC(key,M)
https://en.wikipedia.org/wiki/CBC-MAC
https://en.wikipedia.org/wiki/One-key_MAC
http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf
https://github.com/allan-stewart/node-aes-cmacPermutations: Notation Perm(P,M) for bit level, Permbyte(P,M)
http://courses.cs.vt.edu/~cs1044/fall02/mcquain/Projects/4/PermuCrypt.pdf
http://www.mathplanet.com/education/algebra-2/discrete-mathematics-and-probability/permutations-and-combinationsRandom Number Generator: Notation RNG(key)
The protocol: ( note the “||” indicates concatenation of blocks)
A message is composed of four 16 byte blocks followed by a 16 byte MAC,
The blocks are denoted as:
Text1=RNG(keyrng) but Text1[0] contains crypto command, other bytes can be payload
Text2=RNG(keyrng), or CMAC(keyIdPw,ID || Password), can be payload if not IDPW
RND=RNG(keyrng),
AUTH=CMAC(keyauth,RND in previous message),
and
MAC = CMAC(keymac,Text1 || Text2 || RND || AUTH )
Bit and byte permutations can be applied as well as sending the message using a stream cipher.I am currently working on porting the allan-stewart/node-aes-cmac onto the Pico in preparation of a rewrite of the protocol implementation.
-
• #17
Run this on a PICO. See previous post to explain a CMAC.
The CMAC is working as a module. AEScmac.js
testAEScmac.js uses the module to run the NIST test values.
There are two tests.
Test one expects one long array as input.
Test two allows 16 byte blocks in different locations to be pointed to as input.
In test two if there is a partial block at the end, remember to pad the block. (see the test code for the 320 bit example. Test one inserts the padding.
The output of testAEScmac.jsAEScmac from one large array keys 2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf,4f,3c, fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,36,a8,de, f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d,51,3b, Example 1 null message bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,75,67,46, Valid Example 2 , 128 bit message 7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,28,7c, Valid example 3, 320 bit message df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,97,c8,27, Valid example 4, 512 bit message 51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,36,3c,fe, Valid AEScmac from Uint8Arrays keys 2b,7e,15,16,28,ae,d2,a6,ab,f7,15,88,9,cf,4f,3c, fb,ee,d6,18,35,71,33,66,7c,85,e0,8f,72,36,a8,de, f7,dd,ac,30,6a,e2,66,cc,f9,b,c1,1e,e4,6d,51,3b, Example 1 null message bb,1d,69,29,e9,59,37,28,7f,a3,7d,12,9b,75,67,46, Valid Example 2 , 128 bit message 7,a,16,b4,6b,4d,41,44,f7,9b,dd,9d,d0,4a,28,7c, Valid example 3, 320 bit message df,a6,67,47,de,9a,e6,30,30,ca,32,61,14,97,c8,27, Valid example 4, 512 bit message 51,f0,be,bf,7e,3b,9d,92,fc,49,74,17,79,36,3c,fe, Valid
2 Attachments
-
• #18
Message4.js 18 Aug 2016
Testing the RNG and AEScmac cryptographic primitives for use in the cryptographic protocol.
require("RNG")
require("AEScmac")
The AEScmac is used to validate the entire message in Mhash
The AEScmac is applied to the previously sent Rnd and compared to
The Auth block to validate that the sender of the message possesses
The keys and is authentic.
The AEScmac is NIST approved
The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized
They can be randomized at random intervals.
The output of Message4.jsAuth and Mhash keys 97,79,5c,b2,76,68,8,ea,88,a9,11,b3,ca,a7,d8,d, 3a,8b,60,3c,70,61,9c,7,99,3e,c,c3,65,dd,b1,ff, Client builds and sends inital message Message= 41,31,fd,1e,8f,21,41,d6,f2,33,90,16,be,c5,b0,75, 94,84,49,64,37,1b,74,7,b7,81,62,95,6c,3b,98,da, 6,6,a7,8c,7e,ff,21,29,d8,4a,e3,60,e4,a6,d,21, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, ab,c3,87,86,83,e8,c6,47,e4,41,fa,62,43,70,56,a, Server checks the message checking Mhash Valid Server builds and sends reply message Message= 41,86,93,5b,ee,5f,f1,c9,b4,59,5e,42,f3,72,cf,c2, da,f9,db,87,d0,b,47,6b,e4,59,c8,26,59,9c,5e,2f, b0,9b,f7,e0,70,16,ed,bd,fe,5c,18,de,a5,25,eb,e3, 8,a9,a5,1d,59,55,37,c3,45,bc,65,37,fe,12,34,50, 2f,a6,4e,35,94,3f,77,fc,89,45,68,ec,fe,15,b6,62, Client checks the message checking Mhash Valid checking Auth Valid Client builds and sends reply message Message= 42,9,63,23,50,5f,4b,0,d1,bd,c0,32,cc,e1,2a,e9, 21,cd,fd,f,f8,4,cc,57,c0,b3,50,c1,fc,1b,1a,7, dc,98,81,85,9d,5e,e5,b1,d,e,21,ea,bd,2c,53,17, c3,9b,80,a8,bb,f1,22,27,9c,e4,71,3a,6,21,62,d8, 59,f8,7,1f,ba,d7,3a,6b,7b,b8,13,10,5c,e7,53,a7, Server checks the message checking Mhash Valid checking Auth Valid Server builds and sends reply message Message= 42,68,9a,41,25,a1,f7,76,30,ce,a,88,82,bc,e5,75, 50,8f,4e,1e,2f,97,64,c8,68,2d,9,68,77,98,ff,de, 6c,c,3c,6,46,d6,8d,76,64,47,ac,a8,76,eb,ce,3c, b9,39,9,51,80,da,7c,95,c2,4e,6e,d9,71,7,97,82, 66,72,34,4a,2a,54,61,39,a,a3,3e,cd,c,90,75,4e,
3 Attachments
-
• #19
Message6.js
19 Aug 2016
Added encryption and permutation options to the message transport.
Set the flags at the top of this program to enable these features.
Additional module require("permutation")The function that creates the permutation array has been modified.
Let N=16, then there are 15*13*11*9*7*5*3 = 2,027,025 combinations
If N=80, then there are 79*77*75*…*3 = 7.9777941814E+58 combinationsSample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=false;
var PermutationFlag=false;In left pane enter test1(); =undefined >test1(); Auth,Mhash, and Transport keys f9,77,1,73,1d,86,4d,40,82,1e,29,89,0,f8,5,2c, 56,d3,9,f8,63,58,d5,35,80,63,0,6f,91,e3,56,ff, ad,7d,48,da,84,3d,d,31,5,e9,52,9d,1e,4,93,bb, Client builds and sends inital message Message= 41,40,7d,c2,d1,9b,2,a6,43,c1,24,3,6d,29,d0,6a, e2,f5,5a,9a,b0,f7,4f,fe,9f,73,17,f7,46,22,d4,53, 88,cc,f4,32,59,a1,13,4c,c3,61,eb,95,11,7c,a3,ac, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 6,d0,7,b0,2e,c7,3a,95,ec,39,14,76,2c,32,51,9d, Server checks the message
Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=true;
var PermutationFlag=false;In left pane enter test1(); =undefined >test1(); Auth,Mhash, and Transport keys f,96,3d,11,4,a2,3b,f8,9a,3c,4a,13,95,62,bc,49, 7c,ec,7e,a,a7,a6,e1,39,d,44,dc,8b,89,c6,38,36, 43,97,71,b7,48,f4,a9,d0,3b,57,1c,18,33,2a,22,85, Client builds and sends inital message Sending Encrpyted Message= ae,a9,64,60,ee,39,bb,4a,54,81,fc,dd,a6,1,28,34, ca,3b,e3,a3,2,d8,d2,69,6c,94,da,c8,6f,31,5a,a5, 4,4a,5e,97,83,a2,5c,e6,f1,dc,69,a9,29,c3,18,b, 49,5d,99,ab,36,22,32,34,45,d5,f4,1,65,9b,61,ad, 38,59,c2,a5,27,30,6,30,df,f0,1f,35,41,b7,17,83, decrypt Message= 41,df,1d,24,2d,c7,5f,57,64,56,48,d9,cf,6,49,d8, b4,a8,9f,48,c3,73,7d,a5,27,58,8,a8,17,95,e4,2f, c8,56,14,5a,bc,d9,35,69,6d,91,9a,85,e8,59,f8,d0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 48,71,67,d0,3d,7a,89,10,88,7a,4c,ac,f2,ba,85,c8, Server checks the message
Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=false;
var PermutationFlag=true;
The permutation rearranges the byte order in the message.
Can you find the 0x41?In left pane enter test1(); =undefined >test1(); Auth,Mhash, and Transport keys e1,b4,52,64,3c,68,ab,fc,c7,94,66,90,b6,ad,b7,a5, 29,b3,82,22,c3,d5,5e,36,97,a6,39,e3,46,77,4a,f1, bd,6e,76,7,f,d6,37,24,8f,10,40,c2,5f,6,49,e7, Client builds and sends inital message Sending Permutated Message= 6d,0,ef,98,0,a8,66,ea,ed,41,a8,51,fc,9,5b,8f, 0,22,a6,0,1e,d5,e,ae,94,0,0,0,0,0,88,0, 61,8,ce,0,1b,66,c5,58,7a,d4,cb,3,5b,66,4a,0, 68,b4,f5,98,9e,0,54,51,10,b4,0,58,c1,30,50,34, f8,3e,0,66,71,cf,f2,d4,74,91,36,c5,81,0,3d,0, Message= 41,c1,d4,cf,b4,81,9,ea,94,6d,c5,f2,3d,66,3e,0, 54,a6,22,98,91,3,71,61,ed,58,f5,30,68,34,ce,10, ae,58,88,8f,1b,66,f8,8,cb,ef,7a,d5,d4,4a,66,9e, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, c5,5b,51,74,e,98,51,5b,66,1e,36,a8,a8,50,fc,b4, Server checks the message
Sample output with the flags set as follows:
// flags used in the Msg transport function
var EncryptionFlag=true;
var PermutationFlag=true;In left pane enter test1(); =undefined >test1(); Auth,Mhash, and Transport keys 6,ce,ee,5b,9e,2b,7c,1c,6,cd,a2,b4,71,be,e,68, fe,67,2a,fc,85,17,2f,66,7c,4b,42,a1,e7,de,d9,46, 19,4d,1,69,61,72,64,e0,17,3b,fb,4c,2e,9e,96,f4, Client builds and sends inital message Sending Permutated Message= 23,7a,a2,ba,15,8b,9,a2,ce,7d,6a,32,83,bb,20,48, fb,ef,65,8d,79,cf,97,53,2e,30,69,98,c1,8a,62,89, fe,8a,f9,b5,6,d8,6f,cd,e4,82,17,e0,51,28,5f,72, d6,db,61,5e,cb,5,7a,4,7f,bd,9b,e4,24,1a,7e,d5, 6e,52,ad,a8,34,b7,6b,27,c7,be,e8,96,8b,34,94,1c, Sending Encrpyted Message= 8d,b5,e4,fe,32,8a,1c,ce,a2,6,6a,15,fb,5,d5,ad, 83,51,6f,23,82,2e,e0,5e,cf,7e,c7,8a,1a,8b,62,f9, ba,98,89,7a,7d,9b,65,6b,a2,79,34,97,ef,52,be,7f, 61,b7,d6,53,4,bb,bd,cb,72,7a,d8,34,a8,c1,30,20, 27,28,48,24,17,db,cd,6e,69,5f,94,8b,96,e4,e8,9, decrypt Message= 41,10,bf,23,b,4c,7,f8,a5,d9,9f,d5,f4,d7,23,6a, ec,59,7c,62,5e,3f,a,1f,94,c1,af,ed,d5,a5,38,4, 59,48,4d,c6,70,c7,90,7d,b,a8,7a,f1,53,48,99,4b, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, b8,85,cc,6,a4,2b,db,b,26,58,de,8a,8e,5,dc,ea, Server checks the message
4 Attachments
-
• #20
KryptoMessage1.js
20 Aug 2016
The left pane of the WebIDE is used as the client input.
Run the program and type help(); to list the commands.
Added encryption and permutation options to the message transport
Set the flags at the top of this program to enable these features.
This cryptographic protocol uses the permutation. RNG, AES, and AEScmac cryptographic primitives.
require("RNG") ("AEScmac") ("permutation")
The AEScmac is used to validate the entire message in MsgCmac.
The AEScmac is applied to the previously sent random number (Rnd.) and compared to
the Auth block to validate that the sender of the message possesses the keys and is authentic.
The server contains a list of user IDs, an AEScmac( ID,password), and a lexical level.
The client has to enter a user ID and password. The AESmac is calculated and AES encrypted using a key derived from an AES encryption of the random number in the last server message. A lexical level of zero allows access to the LED on and LED off commands. A lexical level of one is to be used to allow transfer of cryptographic keys
AES and AEScmac algorithms are NIST approved.
This implementation of AES and AEScmac are not NIST certified
The RNG (random number generators) are two different instances with different keys on the client and server and do not need to be synchronized and they can be randomized at random intervals.
// flags used in the Msg transport function
//var EncryptionFlag=true;
//var PermutationFlag=true;
var EncryptionFlag=false;
var PermutationFlag=false;
// ReplayFlag controls the recording of msgs for replay
var ReplayFlag=true;
//var ReplayFlag=false;
4 Attachments
-
• #21
Keygenerator1.js creates keys for the Kryptomessage protocol and writes them to EEROM in the Pico.
The screen output at the end is copied into the
Squirt1.js program.
Copy and paste the buff[] and IDPWlist[] arrays into the Squirt program
Loading and running Squirt1 can then write the same keys into other Pico devices.
KeyFromRom1.js is used to read the keys from the EEROM and will be incorporated into the Kryptomessage.js at a later time.
3 Attachments
-
• #22
KryptoMessage3.js 25 Aug 2016
For use on Espruino Pico device
Requires: RNG.js, AEScmac.js, permutation.js (see posts above for files)
FlashEEPROM.js from Espruino web site.
Uses serial port 1 (can be changed in configuration at top) in a hardware loopback.
Connect pins B6 and B7 together.
Reads analog input on Pin B1.
There are a number of flag variables at the top of the program:
Flag to suppress server text to console:
var showserver=0;
//var showserver=1;
Where to get the cryptographic keys:
//var KeysFromRom=0; //Generate keys as before this point
var KeysFromRom=1;//read keys from ROM see previous post for the key generator and squirt programs to insert the keys into the EEROM
Serial port parameters:
//var useserialflag=0;
var useserialflag=1;
var baudrate=115200;
var Port=Serial1;
Flags used in the Msg transport function:
//var EncryptionFlag=false;
var EncryptionFlag=true;
//var PermutationFlag=false;
var PermutationFlag=true;
ReplayFlag controls the recording of msgs for replay:
var ReplayFlag=true;
//var ReplayFlag=false;
This version redirects the console in order to create a menu on the USB port to that the program can be operated from a terminal program or from the left pane of the WebIDE.
BE SURE TO TYPE 0 TO MAKE THE RUNNING PROGRAM RESTORE THE CONSOLE TO THE USB PORT! This will avoid having to reset the PICO by cycling the power.
The Menu:Select using digit and return key 1 Connect 6 Cshow 2 Logoff 7 LEDon 3 Creplay 8 LEDoff 4 Creset 9 Read ADC 5 Sshow 0 Exit
Connect starts the client to server connection.
It asks for the User ID and Password Id= Sam, PW= 1234
(unless you change these in the key generator program)
Logoff tells the server that connect will be needed for access.
Creplay is used after a session to replay client messages for testing
Creset resets the replay buffers
Sshow prints the recorded server messages
Cshow prints the recorded client messages
LEDon, LEDoff operate the LED on the PICO.
Read Adc reads a 0 to 4096 (12 bits) value from pin B1.
And finally Exit restores the console to the USB port.
/*
Todo add0x32 message if wrong Id and password
Todo rework PICO commands into a User client and server functions
Todo add code for lexlevel 1 to generate keys on the client and send them to the server
Todo split into server and client versions on two different PICOs
Todo connect server and client PICOs using serial port
*//*
Done see if serial1 and serial2 on PICO can be used to connect
the server and client portions of this program
Solution use serial1 in loopback with flag
Done write a program that generates keys and writes the to ROM
Done read the keys from the ROM
Done add 0x30 and 0x31 code for server bad msg, client not authentic
Done add blend function to msg send and recieve functions
Done add code to do menu on USB allows terminal program to operateSelect using digit and return key 1 Connect 6 Cshow 2 Logoff 7 LEDon 3 Creplay 8 LEDoff 4 Creset 9 Read ADC 5 Sshow 0 Exit <- USB >1 do connect Client builds and sends inital message Permutated Encrypted Message= 60,d4,88,53,63,4e,c1,43,d,94,61,c,e6,37,14,e8, a3,68,bd,c0,cd,c0,2a,e8,a4,3a,7e,aa,dd,82,91,4f, 1d,66,74,41,b7,90,45,97,7,51,13,8e,ab,7f,2c,c, 45,2,e3,4f,e3,8e,c3,aa,ec,a6,e1,f9,ab,c7,4f,93, 3b,a6,a7,61,14,3b,25,90,9b,32,4f,d4,54,70,f,d8, Enter User ID process server decrypt Server replies to connect message Permutated Encrypted Message= 8b,cf,f9,2b,85,10,79,ca,9d,3d,c9,80,19,c4,ed,5b, 2,bf,c0,5,74,fb,9e,2f,88,5f,c5,11,ba,8d,31,51, 9,e9,78,90,24,e0,35,8c,e6,a7,eb,de,69,b8,57,9a, 19,f1,f1,9f,ee,f9,6e,48,e1,d9,3a,8c,1a,7e,bc,68, 33,7b,3a,e2,39,b4,a3,61,ca,98,fd,aa,ec,d8,6f,a5, server transmits process client 80 decrypt Client checks the server message Client check of server msg OK Client checks if the server is authentic Server is Authentic Enter User ID Sam Enter Password 1234 Login using Sam and 1234 Client login message Permutated Encrypted Message= 1f,f0,25,77,2,b5,d0,13,cf,63,8e,b9,ef,fe,95,e8, 73,ae,f9,88,a3,d4,0,56,32,d5,f9,c0,4c,6,5b,d9, 7c,e4,c,ef,64,ee,2c,a3,cf,dc,c3,86,d3,f,2f,3f, 57,c4,98,31,b6,ad,47,81,3a,21,ae,3f,90,22,57,69, 7c,d0,da,0,54,88,34,7c,f0,5f,ef,a0,c5,a7,e,ab, process server decrypt Permutated Encrypted Message= 63,28,3e,c4,c5,3,b5,f0,7d,66,81,c8,74,99,5e,4f, 6,a3,46,29,49,a5,e,bf,79,b7,64,4f,98,4c,c4,34, 75,46,7c,7c,5e,a0,1f,af,32,9d,e6,13,2b,66,b9,18, 54,32,83,19,63,ff,3e,f1,de,ab,77,ab,f,f2,65,fb, d8,f0,49,e9,80,16,ee,e7,b,bd,fd,63,4d,48,49,e7, server transmits process client 80 decrypt Client checks the server message Client check of server msg OK Client checks if the server is authentic Server is Authentic Client sees msg 0x42 Select using digit and return key 1 Connect 6 Cshow 2 Logoff 7 LEDon 3 Creplay 8 LEDoff 4 Creset 9 Read ADC 5 Sshow 0 Exit
1 Attachment
-
• #23
ServerKM1.js and ClientKM1.js 29 Aug. 2016
KryptoMessage3.js has been divided into the server and client programs that run on two different PICOs.
I used the Squirt.js to install the cryptographic keys on both PICOs.
To use connect the serial1 ports on each PICO to the other PICO.
P1 B6 to P2 B7, and P1 B7 to P2 B6. Connect the PICO grounds if they are to run on separate computers. I ran both from one computer.
Using WebIDE load and run one PICO with ServerKM1.js. If on one computer disconnect from the server PICO and connect to the remaining client PICO. Load and run Client KM1.js>echo(0); =undefined >Auth key 48,5b,9,c,e2,9d,61,91,a2,b0,d2,87,ee,4e,cb,e4, MsgCmac key 83,52,a2,d3,a4,fd,7d,a3,91,8f,91,81,76,c,f3,83, PWIDcmac key f,7a,fc,89,2,57,45,33,7f,bd,37,5c,c4,a7,f7,d2, PWIDCkeykey key 86,69,df,9f,25,21,bb,a1,5f,1f,28,1d,92,29,96,85, Transport Encryption key a1,62,33,fb,c3,36,86,9d,ef,9f,58,7f,a,1b,be,96, Permutation 9,69,44,5,17,3,37,46,72,0,74,21,70,19,40,26,27,4,79,13, 58,11,68,59,51,56,15,16,60,32,49,73,29,61,42,77,66,6,67,52, 14,48,34,63,2,78,7,62,41,30,50,24,39,64,76,65,25,57,20,23, 28,33,47,43,53,55,36,38,22,1,12,71,8,31,10,75,54,35,45,18, ID= Sam PW= 1234 -> LoopbackB Select using digit and return key 1 Connect 6 Cshow 2 Logoff 7 LEDon 3 Creplay 8 LEDoff 4 Creset 9 Read ADC 5 n/a 0 Exit <- USB
Notice item 5 of the menu has been removed as there is no access to the sever code on the client.
3 Attachments
-
• #24
ServerKM3init.js and ClientKM3.js 4 Sep. 2016
These files incorporate the Kryptomessage protocol into two different PICOs each connected to an ESP8266 using the PICO shim.
The Squirt utility was used to write the cryptographic keys into the EPROM on each PICO. See previous posts for modules and squirt.js
To run these programs you will need to “Squirt” the keys into the PICOs.
Edit ServerKM3init.js with your router information:
var SSID="router SSID";
var key= "router key";
Load Server KM3init.js into the first PICO and enter “save();” into the left screen.
It should save the program so that at power up the program will run. It usually goes on to connect to the router. Note the server IP address. With a browser you can pull the server up by using http://192.168.1.4:8080/ where 192.168.1.4 is the IP address. Your server IP address may be different
With the second client PICO pull up ClientKM3.js and edit the following with your local information.
ServerIP="192.168.1.4";
//setup WiFi access parameters
var RouterSSID="router SSID";
var Routerkey= "routerkey";
Load and run ClientKM3.js.
At this point, I disconnect from the client PICO and reconnect with the Server PICO using WebIDE. I use Putty (or another terminal program, to connect to the Client PICO at 155,200 baud.The Client Screen using Putty
8 do LEDoff Client user message Permutated Encrypted Message= e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6b,14,4c, 15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,62,74,9a, ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,72,6c, e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf,9,d0, 57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6a,d8,db, 80 192.168.1.4 send Closed: 80 process client decrypt Client checks the server message Client check of server msg OK Client checks if the server is authentic Server is Authentic Client sees msg 0x43 Select using digit and return key 1 Connect 6 Cshow 2 Logoff 7 LEDon 3 Creplay 8 LEDoff 4 Creset 9 Read ADC 5 n/a 0 Exit { "free": 2311, "usage": 2789, "total": 5100, "history": 2021, "stackEndAddress": 536959420, "flash_start": 134217728, "flash_binary_end": 376280, "flash_code_start": 134234112, "flash_length": 393216 } >
The Server Screen:
decrypt Server checks the client message Server check of client msg OK Server checks if the client authentic Server check of client authenticity OK Permutated Encrypted Message= 5a,7f,c2,cd,3d,c3,1d,c6,c3,a3,b6,f9,6e,cd,2f,b1, 52,b0,27,b5,ae,8b,5c,29,48,9f,70,a,3d,51,7,3a, 4f,a1,f2,17,7,d1,cf,f5,d5,b6,76,ad,b4,46,d3,db, 7f,d0,b2,c7,8a,48,e7,4f,f9,1d,b2,41,46,b8,23,44, 8e,29,13,33,fd,5b,9b,21,9d,73,3,30,d9,54,e4,e8, server transmits Close= false Post Post length= 80 doing command process server undefined e6,f8,af,13,54,7e,b7,e9,3b,c0,7e,95,2b,6b,14,4c, 15,24,41,37,ae,36,76,18,d2,bc,31,ae,3d,62,74,9a, ed,e1,3d,f,7d,1,10,c6,ea,66,b,de,bc,27,72,6c, e1,cf,2a,b4,2f,1a,b7,e,4a,ef,a6,43,30,cf,9,d0, 57,3b,9a,c7,e9,3a,e6,10,2a,83,ef,9b,a5,6a,d8,db, decrypt Server checks the client message Server check of client msg OK Server checks if the client authentic Server check of client authenticity OK Permutated Encrypted Message= fb,c3,53,2,49,68,36,87,4a,28,cd,f8,55,b9,bf,79, 16,2d,6b,39,af,ec,d5,ee,b2,2c,d7,77,12,83,88,ed, 50,9c,29,30,2a,c3,3e,2,a7,3,18,f9,7a,48,ef,2a, 5,57,f7,cd,71,c7,17,f1,52,16,4e,17,e6,da,5e,c0, c8,a5,3b,1f,22,a0,6e,5f,6d,fc,78,25,3a,96,12,57, server transmits Close= false
User ID = "Sam" Password "1234"
2 Attachments
Bob and Sally communicate over an open channel and Bill can listen in. (the messages are sent as plaintext)
Bob and Sally use the following scheme using cryptographic algorithms, one-way functions, keys, and permutations.
Sally sends the following message S1:
“Hi I’m Sally are you Bob”
Sally adds a 16 byte random number A and a ‘hash’ of the message +random number.
Bill records the message.
Bob receives the message S1, computes the ‘hash’ and compares the computed ‘hash’ to the received ‘hash’.
If the ‘hashes’ are equal, Bob sends the reply comprised of
The message B1:
“Yes I am Bob, are you sure you are Sally”,
A 16 byte random number B,
A 16 byte value C computed from A using a cryptographic function, keys and permutations, and
A 16 byte ‘hash’ of the message +random number B +C
Bill records this message.
Sally receives the message B1 computes and compares the ‘hash’ with the sent ‘hash’
If the ‘hashes’ are equal,
Sally computes C from A and compares the results with sent value of C
If the computed value of C equals the sent value of C then Sally has authenticated Bob.
Sally then sends the following:
The message S2:
“Bob transfer big bucks to my account and turn on the LED”,
A 16 byte random number D
A 16 byte value E computed from B using a cryptographic function, keys and permutations, and
A 16 byte ‘hash’ of the message +random number D +E.
Bill records the message.
Bob receives the message S2 computes and compares the ‘hash’ with the sent ‘hash’
If the ‘hashes’ are equal,
Bob computes E from B and compares the results with sent value of E
If the computed value of E equals the sent value of E then Bob has authenticated Sally.
Bob transfers the big buck and turns on the LED
The message exchange continues until one party terminates the session. Each message contains the message, random number, computed value, and ‘hash’.
Time passes:
Bill connects to Bob and replays the messages sent by Sally.
Will Bob transfer the funds and turn on the LED?
Bob will receive message S1 and it will validate and Bob will reply with a modified message B1 with a different random number B and ‘hash’.
Sally doesn’t receive the message. Bill sends recorded message S2.
Bob doesn’t validate the message because the sent E not equal to the computed E.
Could Bill modify the message? Not without knowing the ‘hash’ algorithm and keys.
If Bill can catch Sally’s messages to Bob, can Bill modify Sally’s message before sending it to Bob? Not without knowing the ‘hash’ algorithm and keys.
Do Bob and Sally really authenticate each other or do their computers authenticate each other?
If Bill steals Sally’s computer could he cause Bob to transfer funds and turn on the LED? How could this be prevented?
Implementation on a PICO is in the attached file. Both client and server are present as I don’t have the WIFI shim. It’s a test of the idea.
To add a user ID and password consider the following:
A user ID, and a password.
Define the cryptographic parameters of a password hash and compute the password hash. The client operator enters the password and the password hash is calculated.
The password hash is maintained in the server and index to the user ID.
Derive two encryption keys EKuserID and EKpassword from a shared random number using two sets of cryptographic ‘hash’ keys.
Message.text[1]=encryption(user ID,key1), and
Message.text[2]=encryption(password hash, key2)
Use a 32 element permutation to scramble the bytes between text[1] and text[2].
Use a 128 element permutation to scramble the bits in text[1] and then in text[2].
Send the message to the server.
The server validates the message hash and authentication hash. A value in text[0][0] informs the server to process the password.
Unscramble the bits and then the bytes and decrypt. Use the user ID to look up the password hash in the server’s table and compare the table password hash value to the decrypted password hash from the message.
1 Attachment