[Cryptography] check-summed keys in secret ciphers?

[Phillip Hallam-Baker]

On Mon, Sep 30, 2013 at 7:44 PM, arxlight <arxlight at arx.li> wrote:
>
>
> Just to close the circle on this:
>
> The Iranians used hundreds of carpet weavers (mostly women) to
> reconstruct a good portion of the shredded documents which they
> published (and I think continue to publish) eventually reaching 77
> volumes of printed material in a series wonderfully named "Documents
> from the U.S. Espionage Den."
>
> They did a remarkably good job, considering:
>
> http://upload.wikimedia.org/wikipedia/commons/6/68/Espionage_den03_14.png


There is a back story to that. One of the reasons that Ayatolah Kohmenhi
knew about the CIA and embassy involvement in the 53 coup was that he was
one of the hired thugs who raised the demonstrations that toppled Mossadegh.

So the invasion of the embassy was in part motivated by a desire to burn
any evidence of that perfidy on the regimes part. It was also used to
obtain and likely forge evidence against opponents inside the regime. The
files were used as a pretext for the murder of many of the leftists who
were more moderate and western in their outlook.


On the cipher checksum operation, the construction that would immediately
occur to me would be the following:

k1 = R(s)

kv = k1 + E(k1, kd)    // the visible key sent over the wire, kd is a
device key

This approach allows the device to verify that the key is intended for that
device. A captured device cannot be used to decrypt arbitrary traffic even
if the visible key is known. The attacker has to reverse engineer the
device to make use of it, a task that is likely to take months if not
years.

NATO likely does an audit of every cryptographic device every few months
and destroys the entire set if a single one ever goes missing.

-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131004/52ab3605/attachment.html>