Security - what is better, des-xl or des-ofb?

[radio-link]

Hi!

According to http://www.tropsoft.com/strongenc/des.htm, des-ofb is less secure than des-cfb - but how does des-xl fit into this? Is xl just a sync protocol over the cfb-mode, or something totally different?

Not that it really does a matter, just being curious :-)

[CTAMontrose]

my take:

if all your radios are ASTRO, then go with OFB.. DES-XL audio quality is horrid compared to OFB

[radio-link]

my take:

if all your radios are ASTRO, then go with OFB.. DES-XL audio quality is horrid compared to OFB

Yes, this is for sure, it really sucks :)

But even in Astro I can choose between DES-OFB and DES-XL, and still I have no clue about the security difference between them both. A customer was asking for this; of course I could satisfy him with some techno babble, but I prefer facts :-)

Somewhere I stumbled about the fact, that DES-XL was some kind of counter addressing system, but I can not find this source any more...and there had not been any kind of evaluation anyway...

[mr.syntrx]

I thought it was possible to run DES-XL over ASTRO?

I'm asking this because the KVL-3000 datasheet lists DES-XL under the DIGITAL column, under Algorithm Support on the first page. The audio quality therefore shouldn't change.

[wb4bsd]

in digital mode, your radio will default to OFB unless you force it to do XL. to force xl in digital mode simply check the check box that says "XL Transmit" otherwise your talking in OFB.

[batdude]

in astro mode, there is no difference in audio quality between encrypted ofb and encrypted xl.

in analog, different matter... there is no OFB analog... and XL sucks



doug

[Pj]

If I recall correctly, there is no "security" difference between the two, its just the format in which its transmitted so to say. I believe the CFB was the orginal "accepted" digital varient where as the OFB is now basically it. Either way, the underlying DES is the same.

So in general, DES amoung all its variety's is the same.

The real difference is between DVP, DES, FAC, AES, etc.

[mr.syntrx]

There is a security difference. The difference in OFB and CFB is a cryptographic difference, rather than a difference in how it is transmitted.
OFB is one of the least secure modes, and it was probably selected for P25 because it requires less processing power than other modes like CFB.

[Pj]

(Rant on)

In the end....does it really matter for run of the mill operations?

Nope.

I don't know why some people get all worked up over this stuff. Its not like you can compare this stuff with cracking old windows passwords and the such. Even DVP is secure for 99% of stuff. Really, it is.

Never know why people like Larry and the the little backwoods PD insisit on having AES-xyz and OTAR for trival things.

(rant off) I feel better.

[mr.syntrx]

I agree. And cheapo rolling code voice inversion is good enough for most things in practice, let alone DES, DVP etc.

[radio-link]

There is a security difference. The difference in OFB and CFB is a cryptographic difference, rather than a difference in how it is transmitted.
OFB is one of the least secure modes, and it was probably selected for P25 because it requires less processing power than other modes like CFB.

This is like I had it in the back of my mind. Will try to work it out a little bit, and write some lines to the customer, then this case is closed for me :)

[radio-link]

(Rant on)

Never know why people like Larry and the the little backwoods PD insisit on having AES-xyz and OTAR for trival things.

(rant off) :) I feel better.

You are absolutely right, but what should I do when M is not able to give the answer to the customers question?!

By the way, when doing some car-to-car chat, absolutely trivial, it is still fun to know that no one can listen in. Here in germany even unencrypted APCO25 is enough, almost no one is able to receive this!

[wb4bsd]

Your right, it doesnt matter which one you use because non of them are really rated for the transfer of classified information. The Navy wont even let us tell a social security number over DES. Now if your talking on a STU-III with a Secret key in it its a little different. But we aint talking about that.

[allplowedout]

http://www.fas.org/irp/program/security/_work/stu3.html

[Pj]

I guess it depends on you sales guy..if your dealing with a MSS or Motorola paid employee's directly.

I have been fortunate, that with the PD, we delt directly with Motorola. They guy we had (25+ years with them) would tell us what we needed and didn't need...even if it meant less of a sale. I guess you could say he is one of the better sales guys.

When we were going ASTRO, he told us hey....DES-OFB is the accepted standard, but why dump our entire DVP-XL equppied units for something that properly works?

The sales guys as the local MSS however, were usually a different story...

[Cipher77]

Hi!

According to http://www.tropsoft.com/strongenc/des.htm, des-ofb is less secure than des-cfb - but how does des-xl fit into this? Is xl just a sync protocol over the cfb-mode, or something totally different?

Not that it really does a matter, just being curious

There is NO Secutity difference between OFB and CFB. They both are a 56 BIT crypto algo. OFB (Output feed back) was developed to work more efficiently in a 9.6 kilobaud transmission (apco25) as opposed to CFB (cipher feed back) whick was developed for a 12.5 kilobaud transmission (Securenet).

my take:

if all your radios are ASTRO, then go with OFB.. DES-XL audio quality is horrid compared to OFB

Yes, this is for sure, it really sucks

But even in Astro I can choose between DES-OFB and DES-XL, and still I have no clue about the security difference between them both. A customer was asking for this; of course I could satisfy him with some techno babble, but I prefer facts

Somewhere I stumbled about the fact, that DES-XL was some kind of counter addressing system, but I can not find this source any more...and there had not been any kind of evaluation anyway...

DES/CFB (or straight DES) is Cipher Feed Back. This uses the majority of its bits for sampling audio. DES/XL (or "range extension") is used to aquire better distance of the digital frames xmitted over an analog signal. Hence, "range extension". With DES/XL, the algorithm borrows "audio" bits and reallocates them to be used as "synchronization" bits. Synchronization is what is needed to keep the bit stream continuous. This is why DES/XL sounds like complete dog 5h1t. It steals audio bits to use as sync bits to extend the range of the crypto transmission. CFB uses 5 micro seconds of sync and 495 micro seconds of audio. XL sends the same 500ms frame 2x for the same audio.

in astro mode, there is no difference in audio quality between encrypted ofb and encrypted xl.

in analog, different matter... there is no OFB analog... and XL sucks



doug

Yea, try talking to 99% of other users that give you their keys at a hamfest or something & see if you can communicate in astro mode. They're not compatible. OFB was engineered to work most efficiently in a 9.6kb signal.

[batdude]

bull flag tossed on this one:

Yea, try talking to 99% of other users that give you their keys at a hamfest or something & see if you can communicate in astro mode. They're not compatible. OFB was engineered to work most efficiently in a 9.6kb signal.


this is because 99% of the xts radios at the hamfest are nick deluca WHOREFLASHED POS's....that aren't aligned properly.

i have run des-xl many days thru my quantars....hmmmm.... never a problem with any of my other buddies tx/rx'ing in astro mode w/ des-xl


doug

[mr.syntrx]

There is NO Secutity difference between OFB and CFB. They both are a 56 BIT crypto algo. OFB (Output feed back) was developed to work more efficiently in a 9.6 kilobaud transmission (apco25) as opposed to CFB (cipher feed back) whick was developed for a 12.5 kilobaud transmission (Securenet).

There is far, far more to the security of a crypto algrorithm than just key length. The Tropisoft page mentioned above clearly describes the security differences between the feedback modes.

"...However, this (OFB) mode of operation is less secure than CFB mode because only the real ciphertext and DES ciphertext output is needed to find the plaintext of the most recent block. Knowledge of the key is not required."

DES was not developed by Motorola, or APCO or anyone else involved in the development of Project 25. It was designed by the US Government, who likely couldn't have cared less about what Motorola wanted to use it for.

[batdude]

i would add that perhaps the only people who need to encrypt two-way comms at a higher level than DES would be some black-op secret squirrel commando types.

notice i said TWO-WAY - not formal message traffic.

if someone cares about cracking my secure key, which is just random digits on the KVL - go ahead, i could give a rats butt about it.

now in the other thread you have this statement:

radio-link wrote:

Without being too deep in this stuff, I assume AES holds a backdoor wide open - this is OK for my AESed private WLAN, but I would not like this for critical radio comms.


COME AGAIN? There is stuff on my PC and flying thru my wi-fi that i DAMN sure don't want anyone sniffing... bank stuff.. sensitive emails...all kinds of passwords, etc.

i care a HELL of a lot more about my WAN security than i do my OFB astro comms!!!!

bottom line here is a WLAN key that is 74747474747474 (however many digits) - is simply unhackable by any run-of-the-mill hobbyist.

i feel the same way about OFB. if the NSA or russian mob is *THAT* interested in my 2way comms... i have a serioud problem....excuse me... i have to pack....midnight flight to nigeria scheduled!

doug

[mr.syntrx]

I hope you're not using WEP, and you're using WPA or something instead, then.

http://wepcrack.sourceforge.net/

[tvsjr]

COME AGAIN? There is stuff on my PC and flying thru my wi-fi that i DAMN sure don't want anyone sniffing... bank stuff.. sensitive emails...all kinds of passwords, etc.

Fortunately, most of what happens over your WiFi (which should be encrypted on its own) also happens over SSL... protocol-layer security plus application-layer security. For the paranoid (me), you can run a VPN (you have to get through the WPA key to my access points... then you have to crack 60-second rotating AES keys... then you have to crack HTTPS... good luck!)

bottom line here is a WLAN key that is 74747474747474 (however many digits) - is simply unhackable by any run-of-the-mill hobbyist.

You're definitely not ignorant, so I'm assuming you're running WPA, not WEP. WEP is flawed due to issues with the initialization vectors. Plenty of good writeups online regarding this.

Besides, I think Cipher77 is simply a troll, as I know many of his facts to be absolutely wrong.

[Cipher77]

DES was not developed by Motorola, or APCO or anyone else involved in the development of Project 25. It was designed by the US Government, who likely couldn't have cared less about what Motorola wanted to use it for.

Just for the record, DES was developed by IBM in 1974 ( http://www.tropsoft.com/strongenc/des.htm )with the code name of "Lucifer" and was given to the NSA to test it's strength & to help make suggestions as to how to make the "standard" a reality. DES was initially a 128 bit cipher and the NSA had weakened it to 56 bit. This had caused alot of controversy about the NSA's true intentions. Some speculate that the cipher (at the time) was too strong for non gov.t applications. So the NSA dummied it down. Some also speculate that a "back door was put in place (definition of back door is very broad. everything from a "master key" to a reverse engineered scenario) but this has never been proven.

[Cipher77]

Besides, I think Cipher77 is simply a troll, as I know many of his facts to be absolutely wrong.

What facts of mine are wrong & can you proove that they are wrong. If not, It's just your opinion.

[Cipher77]

i would add that perhaps the only people who need to encrypt two-way comms at a higher level than DES would be some black-op secret squirrel commando types.

notice i said TWO-WAY - not formal message traffic.

if someone cares about cracking my secure key, which is just random digits on the KVL - go ahead, i could give a rats butt about it.

now in the other thread you have this statement:

radio-link wrote:

Without being too deep in this stuff, I assume AES holds a backdoor wide open - this is OK for my AESed private WLAN, but I would not like this for critical radio comms.


COME AGAIN? There is stuff on my PC and flying thru my wi-fi that i DAMN sure don't want anyone sniffing... bank stuff.. sensitive emails...all kinds of passwords, etc.

i care a HELL of a lot more about my WAN security than i do my OFB astro comms!!!!

bottom line here is a WLAN key that is 74747474747474 (however many digits) - is simply unhackable by any run-of-the-mill hobbyist.

i feel the same way about OFB. if the NSA or russian mob is *THAT* interested in my 2way comms... i have a serioud problem....excuse me... i have to pack....midnight flight to nigeria scheduled!

doug

I agree with you Bat Dude. "i would add that perhaps the only people who need to encrypt two-way comms at a higher level than DES would be some black-op secret squirrel commando types."

Added to that list is the USSS and the FBI as well as the DoD.