Self Encryption on the SAFE Network


#41

Noted on the tone. I’m just trying to say the most with the least words. Let me step back and say that I really like the idea of MaidSAFE and what you guys are doing :slight_smile:

Please take a second and look at it from my point of view: it’s kind of hard to comment on the scheme or nail down a problem when it’s a moving target. First you said that only neighboring keys were xored, then you said that the current one was too, now it’s some combination of them. First you said the XOR is fluff or it’s preventing against a future attack on AES and now it’s actually to prevent a sort of known plaintext attack.

As far as the level of detail, I’m just looking for an algorithm in terms of crypto primitives (AES, SHA, etc.), not code. The system doc seems to have a reasonable one, but it is vague in places.

Regarding precision, let me lay out my critique:

  1. Without the XOR, the current scheme is not secure as knowing information about neighboring chunks allows decryption of the current chunk. We’ve agreed on this, if I am correct.
  2. So, the security of the system depends on the XOR.
  3. Without knowing what “key gen” does (I don’t see it in the doc), it’s hard to say at this point if the XOR is secure – in fact it might leak information.
  4. Neither the AES or XOR portion is sufficient by itself – so there are multiple points of failure. It’s not the best practice to have multiple points of failure. (The XOR scheme might even be insecure as it stands, but without more detail on it I can’t say)

I agree with you, no scheme is 100% correct. However, as you say, the approach needs to be correct. Is this approach correct? It’s not clear, but simpler, correct approaches exist.


#42

By common seeding, I meant has common elements in the seed. So, block 3 has blocks 2, 3, 4 for its seed. Block 4 has blocks 3, 4, 5 for its seed. Blocks 3 and 4 are common to both seeds.


#43

I am trying very hard to answer. We use AES on the Data to make it random. By definition the output of AES is non compressible non repeating data. The PAD is a sliding window (never used the same twice, but irrelevant). The PAD by definition is a random piece of info (its SHA which by definition will output evenly spaced addresses across an address range, as close to random as it can be, that is where the Secure part of SHA comes in ).

So we do this swap the PAD and the DATA, ie the data is the PAD (or seed as you are calling it) and the PAD is the DATA. If you check OTP ( I am not saying this is) then it matters not a jot if the data is a single repeating char, never mind a one time use hash concatenation. This is why we say we do not use AES to encrypt, but to make data random. If it were not as random as can be made then AES would be very poor, so not pure random granted (nothing is) but by definition its much more random than plaintext, test it with chi squared etc. It’s one way NSA and the likes detect and store potentially encrypted data is to check for randomness. Then XOR and check again, did it get weaker - no did it get less random output - well strange it did. Can it be weaker, - no it cannot. Is it more secure and harder to detect - very likely.

Look again, non compressible, non repeating data is the PAD, its longer than the data (the concatenated hashes) and used once. Its quite surprising.

Does that make more sense now? I have been trying hard repeating this to you and cannot do so much more. I am really busy, so one more question then I need to finish this thread. Sorry I do not have more time and I hope this helps. If you get it and can add to the docs in a way you would better understand this it would be really helpful for others. Our self encryption paper is in the queue for updating which has probably not helped you in this case.


#44

How about I wait for the self encryption paper to talk about the specifics of the XORing? (The combination of differing material from the video/doc, broken English, and imprecise crypto terminology is making it too hard to understand). Also, it seems like there’s this new idea of making the encrypted data look less random.

Anyways, I’ll just leave with this post (which you didn’t address):


#45

(which you didn’t address at least 100 times)

There fixed that for ye :smiley:


#46

Is this supposed to be some kind of joke? That post is saying that the XOR unnecessarily complicates things because the same goals can be achieved in a simpler way (and whose security is easier to show), and relies almost exclusively on tried and tested crypto (i.e., just AES and SHA, not this post AES XOR’ing). You have yet to answer that at least 1 time :smile:

[What you answered “99 times” :wink: was a hand-wavy claim that an XOR algorithm (for which a formal, public specification does not exist) provides security. Again, I’ll have to wait and see the new system doc to convince myself it is indeed secure and doesn’t introduce its own vulnerabilities. But, regardless of whether I can find an attack the XOR part, my previous point about simplification/non-reliance on untested crypto still stands.]


#47

Forget about the document, just crash it down in testnet 2; hold yourself together for another 2 weeks.


#48

I like this paragraph from David’s post: What is a vision?

Cannot leave the ego at the door

Well these people, I believe have given up on education, they have stopped learning and will take way too much time to persuade. They will not speak to you anyway, instead shout at you for their supporters to hear and applaud their genius (an immediate giveaway). These people will do everything to kill your project and idea off. In fact these people will show immense strength and tenacity to make you just go away and die. Yes they would like to see you disappear and never come back, no matter the price.

There is nothing you can do, these people will suck any energy from you and will give everything they have to fight change. The only way to win here is to be polite, fix obvious errors in any statement and move on, do not look back and never read the reply to your polite statements. It will honestly just suffocate you.


#49

@dallyshalla: What I’m saying is that it’s relying on a complex (by this I mean does not simply reduce to trusted crypto primitives/standards), untested algorithms instead of tried and true ones, both of which can achieve the same goal. In all honesty, I doubt I’ll be able to find a flaw in it big enough to “crash it down”. I won’t have the time (or likely the skills) for that. That does not mean others won’t.

@chrisfostertv: I’m not trying to kill anything off; I really hope MaidSAFE and similar projects succeed. To really succeed though, it needs tough, peer-reviewed crypto. The only reason I see a need for this big of a departure from trusted/tested/peer-reviewed crypto is if nothing else won’t suit the purpose (which does not seem to be the case here).

You don’t want low-hanging fruit for attackers if (when) MaidSAFE becomes big enough to be a juicy target. Crypto is probably the most perilous piece of any project to design and implement. Without healthy criticism, how can the best scheme emerge?

Lastly, regarding my tone (which is what people seem to be taking issue with): yes, I am criticizing the scheme, because I’m trying to help and find flaws. When doing so, my goal is to use language as precisely as possible, not be as nice as possible.


#50

#51

@Joas. I am a 51 year old truck driver that has been following this forum since its inception. I’ve seen issues come and go, get resolved, left unresolved, productive and useless conversations. Even i can tell, by the responses from others whom i have come to respect, that your knowledge is indeed exceptional. However, your immature emotional responses and comments are completely transparent and it’s uncomfortable to witness what you’re doing. Please, Stop embarrassing yourself. There is no need to behave this way. We’re all grownups here and I for one would really appreciate your cooperation.


#52

oooh @dallyshalla is also a superslueth …nice…must be using that FinFisher software :wink:


#53

What’s your favourite truckin song? :slight_smile:


#54

there is no easier way to type a whole page to someone without typing it. @chrisfostertv


#55

@dallyshalla yep, caught me, I’m a 66 year old German sociologist :wink:

@janeannford Thanks for the advice (and compliment :). Could you point out (here or private message, if supported) where it looks like I’m being emotional? (I’m actually serious, I want to see where others think I’ve strayed from a professional/technical tone that I’ve tried to maintain + avoid it in the future)


#56

I’m just admiring your detective work


#57

@joas thank you for your kind reply. Perhaps, because of my unfamiliarity with “technical communication?” I may have allowed my own emotional immaturity to be displayed. I have developed quite an affinity for this project.
From my layman point of view you seemed overly aggressive and because of that unable to communicate productively with the very people you claim to be wanting to help. What are your motives? Why do you want to help? Just intellectual. It doesn’t really matter, it’s none of my business. From where i stand you are welcome.


#58

Surely Convoy is the only answer here, If I had a CB man that is what I would be thinking every time :smiley: Need to watch out for “the bear in the air” how can that prose be beaten, Dylan must have been gutted :smiley:


#59

I was here right here in the room when answering and not once did my hands wave :smiley:

There are three simple steps nothing complex, nothing detracts from the internal AES, otherwise you need to argue with the convergent encryption spec people.

I have had experts say before the XOR part is fluff then when they are in the room with me and a whiteboard the best defence they make is AES willl never be broke and we are going way overboard. None has said we weaken AES in the slightest as that’s impossible in the scheme we have.

So either we add to the obfuscation or we don’t, the min is we are using something you have seen before so you should be happy. There can be no weakening of AES so your claims seem very weird to me, unless you can show us how, It would be a first and an amazing find.

It’s not good enough for me though to rely on AES no matter how many folk think it will never be broken (it has been already in part). Folk did with DES, also RSA 512 etc. knowledge moves on, new methods require to be investigated and implemented. Not all need to create a new primitive as that would be madness. Well implemented existing strong primitives are the game here and I think we are playing it very well.

There are 3 (three) steps involved, pick one and tell us why it makes it weaker. So there you go not the whole thing, just pick one step that weakens AES as used in convergent encryption and then move on from that point. It may be simplest.


#60

Computing power increases; and RSA 2048 will be a joke; though you’d have to read sys docs to know what I mean.

they’re offering RSA-2048 617 2048 $200,000 USD
to factor that one :wink:

not to mention
RSA-1536 463 1536 $150,000 USD
along the way.