DES Decryption

[corruptRSS]

Considering all of the surplus DES radio hardware that has hit the market in the past years, i'm wondering if anyone has firsthand or even second, what 'off-the-shelf' hardware the the three letter US agencies here are using to monitor traffic of interest ? Any ideas of the availability of this hardware to a given geographic area ? How many units available / manufactured /model #s etc ?

As a side note. Anyone had any experience with building a platform for DES voice decoding ?

No, i'm not trying to monitor my local sherrif. Just thinking how DES hacking has advanced through the years and the apparent ease due to CPU processor power increases.

[RADIOMAN2002]

The Government doesn't consider DES or it's conterparts to be much of a security threat anymore. DES was BROKEN back it the early 90's by some smart kids and a buch of linked computers. Thats the reason for the newer AES standard. DES is a far cry from some of the newer encryption softwares, with extremely large keys, that are now available to anyone. Now the only way I am aware of to break a DES or conterpart code is by Brute Force , a method of trying each and every key in sequence till it is found. Thats why the Government has either access to, or owns a couple of IBM mainframes called DEEP BLUE, and COOL BLUE. You may remember from the news that it was the first computer to beat a human at chess. It has unknown capability's but I suspect it does BRUTE FORCE key breaking every day.
Now as far as doing this on your own, I'm not sure how you would go about setting up a radio, interfacing the raw data into the computer and then try each key, then return the audio back to the radio, to check for intelligence. Sounds like an interesting project.

[corruptRSS]

thanks, i realize that DES is not much of a threat. My question is, what does the fbi etc. use for any of their items of interest ? drug- running etc. for realtime monitoring. I don't believe that they would monitor / record and run it back to the office for evaluation !

[HumHead]

It may truly be pure curiosity, but you have to understand that coming onto a public forum looking for detailed information on the capabilities and limitations of sensitive Federal counter-intelligence technology is going to raise more than a few eyebrows.

I do not realistically think that you are going to get the answers that you seem to be looking for here. I think that you will find that there are two basic types of people with regard to this type of subject matter: those who have no actual idea what is used and can not talk about it intelligently, and those who do know what is used, and will not talk about it.

The relative strength and weakness of various encryption schemes is an interesting and valid topic. It has been covered in some depth previously, and a search of the board's archives (or Google) should yield a wealth of information.

Details of actual Federal counter-intelligence hardware and techniques are just a little too sensitive for discussion here.

[corruptRSS]

Got it ! I thought that by this point in the history of the technology, there would be a couple of these types of pieces in the 'cryptology museum' by now.

[Bruce1807]

It may truly be pure curiosity, but you have to understand that coming onto a public forum looking for detailed information on the capabilities and limitations of sensitive Federal counter-intelligence technology is going to raise more than a few eyebrows.
Details of actual Federal counter-intelligence hardware and techniques are just a little too sensitive for discussion here.

You must be on the run or something or just plain paranoid.

A google soon finds the specs for the new nationwide system.
You can find it on the DOHS, DOJ and Treasury sites.
They link you straight to the RFP's and so forth. Its all public domain.

Project 25 with AES.

So it's not hard to work out what they have at the moment.
Now if you started placing keys in the public forum then thats different, but the method why would they care its public domain stuff.
The main factor is they use KMF and keep changing the keys, thats about it.

[HumHead]

Thanks for the assesment.

Try reading the question again.

The question was not what they use to communicate, it was what the capabilities are for breaking the other people's encryption, and I can promise they are a little touchy about the details of those capabilities.

[spareparts]

http://csrc.nist.gov/CryptoToolkit/aes/aesfact.html for the background on why AES was selected over 3DES. http://csrc.nist.gov/encryption/kms/white-paper.pdf covers the document key management.

There's a good article in the Board's KB re the key management facility for radio. Once the KB comes back you you should be able to search for it.

BTW, I'm with Humhead on this - discussing the nuts & bolts of a current crypto or SIGINT system is not something done on a public board.

.

[Grog]

discussing the nuts & bolts of a current crypto or SIGINT system is not something done on a public board.

.

I'll tell anyone anything.........They just won't get the truth (as I don't know)

[RADIOMAN2002]

I agree entirely, if I did know how to go and break a DES or comparable system, I CERTINALY would not talk about it on this or any other forum.

[Bruce1807]

Introduction
The Electronic Frontier Foundation (EFF) raised the level of honesty in crypto politics by revealing that the Data Encryption Standard (DES) is insecure. The U.S. government has long pressed industry to limit encryption to DES (and even weaker forms), without revealing how easy it is to crack. Continued adherence to this policy would put critical infrastructures at risk; society should choose a different course.

To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published by EFF and O'Reilly and Associates, entitled "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design."
» Read the rest of the press release here http://www.eff.org/Privacy/Crypto/Crypt ... ssrel.html

Six months later, on Tuesday, January 19, 1999, Distributed.Net, a worldwide coalition of computer enthusiasts, worked with EFF's DES Cracker and a worldwide network of nearly 100,000 PCs on the Internet, to win RSA Data Security's DES Challenge III in a record-breaking 22 hours and 15 minutes. The worldwide computing team deciphered a secret message encrypted with the United States government's Data Encryption Standard (DES) algorithm using commonly available technology. From the floor of the RSA Data Security Conference & Expo, a major data security and cryptography conference being held in San Jose, Calif., EFF's DES Cracker and the Distributed.Net computers were testing 245 billion keys per second when the key was found.
» Read the rest of the press release here http://www.eff.org/Privacy/Crypto/Crypt ... enge3.html


Background
Due to deep-seated Cold War fears, encryption is highly regulated by the U.S. Departments of State and Commerce, which refuse to license any secure encryption product for export unless it utilizes "key recovery", a law enforcement code word for the ability of third-parties (not originally intended to receive the message) to easily decrypt information. The results have been debilitating for the software industry and for networked communications. Since computer networks like the Internet are international in scope, strong encryption cannot be widely deployed in new software products to secure passwords and privatize messages, leaving them virtually unprotected from those who would gain unauthorized access or make unauthorized copies. Export controls have also greatly hampered groundbreaking work in the field of cryptography, hindering the development of the security that an ever-more global information infrastructure urgently demands. When undue regulation burdens and even prevents worldwide discourse concerning cryptography, new encryption methods cannot be tested adequately, workable international encryption standards cannot be developed, and cryptographers -- unable to publish or obtain essential peer review without fear of prosecution -- cannot be persuaded to enter the field of cryptography at all.

The US government DOES allow the export of weak encryption software without key recovery, but EFF has long maintained that these products are too insecure to be trusted.

The Data Encryption Standard (DES) is a published federal encryption standard created to protect unclassified computer data and communications. DES, which uses 56-bit "keys", has been incorporated into numerous industry and international standards since the Secretary of Commerce first approved DES as a Federal Information Processing Standard during the height of the Cold War in the late 1970s. Like other weak cryptosystems, DES and other encryption systems are exportable without key recovery, at the weak key lengths of 40 bits or less (the EFF DES Cracker project broke 56-bit DES, far stronger than the paltry 40-bit version that is exportable) while robust encryption, such as the 128-bit IDEA algorithm used by the PGP security product, remains subject to export restrictions (which often translate to domestic restrictions in effect, because software companies are reluctant to go to the expense of producing an export and a domestic version of their products.)

DES is now generally believed to be the most widely used general-purpose cryptosystem in the world. Although the initial selection of the algorithm was controversial since the NSA was involved in its design, DES has unfortunately gained wide acceptance and has been the basis for several industry and international standards.

The U.S. government has increasingly exaggerated both the strength of DES and the time and cost it would take to crack a single DES-encrypted message. The Electronic Frontier Foundation began its investigation into DES cracking in 1997 to determine just how easily and cheaply a hardware-based DES Cracker (i.e., a code-breaking machine to crack the DES code) could be constructed. EFF set out to design and build a DES Cracker to counter the claim made by U.S. government officials that American industry or foreign governments cannot decrypt information when protected by DES or weaker encryption, or that it would take multimillion-dollar networks or computers months to decrypt one message. Less than one year later and for well under US $250,000, EFF's DES Cracker entered and won the RSA DES Challenge II-2 competition in less than 3 days, proving that DES is not secure and that such a machine is inexpensive to design and build.

A Zipped file of this book: http://cryptome.org/cracking-des/cracking-des.zip( this is not a pirate copy but is a legal download)
fixed the link

Title: Cracking DES
Subtitle: Secrets of Encryption Research, Wiretap Politics & Chip Design
First Edition: July 1998
ISBN 10: 1-56592-520-3
ISBN 13: 9781565925205
Pages: 264

US Administration responses to the DES Cracker http://www.eff.org/Privacy/Crypto/Crypt ... fax_images

gee you think the men in dark suits are going to turn up at my place?

[spareparts]

Single DES is crackable, no doubt. 3DES likely is as well. AES is essentially open to inspection, and with a key length allegedly up to 1024 bits. Brute force is not going to crack it before the end of time.

However, Courtos and Peiprzck* proposed that to recover a Rijndael key from plaintext, you can write the problem as a system of quadratic equations, and a large number of binary unknowns.

Again, the security of AES / Rijndael lies within the fact that no KNOWN algorithm for solving these equations exists. If it exists, I don't have a need to know, nor do I want to try to solve it.

*I’m probably slaughtering the spelling.

[RESCUE161]

Three months ago, I offered up a Pro-96 scanner and a Systems Saber to anyone who could crack my encrypted transmission. I recorded it and posted it on the web for all to try. Most people said that DES had been cracked and that I was going to loose my scanner/radio within the 24 hour period... Heck, I even gave everyone the first 12 digits of the key, so they only had to come up with the last FOUR digits. Nobody has done it - yet.

Here is the thread from Radio Reference:
http://www.radioreference.com/forums/sh ... hp?t=63775

And here are the two audio files graciously hosted by Scanner_Freak, so please Right-Click and Save-As.

http://home.comcast.net/~scanner_freak/ ... inator.mp3

http://home.comcast.net/~scanner_freak/ ... _Audio.mp3

3 months and still counting. DES over rf is harder than cracking a text document which is what was cracked. Go ahead and crack it if you can and send the decrypted audio to me. There is still a prize up for grabs! The prize is detailed in the encrypted audio.

[corruptRSS]

Here is the thread from Radio Reference:
http://www.radioreference.com/forums/sh ... hp?t=63775

thanks Scott, well worth the read. It's interesting reading forums such as these, how people really fail to follow the thought process and don't understand the objective.

Although the project is now somewhat dated, it appears that a strating point would be to have the full key and focus on the audio aspect of the process.

In starting this thread, i was interested in a response or two with something like, "yea, i saw a box 10 years ago that i was told by those using it, that was decoding the audio of interest". Or I was at a trade show a couple of years ago where xyz had a box they were selling that could do the decoding. I guess we will be required to wait another 20 years or so to have some first-hand knowledge surface in the open community.

[Batwings21]

Cowthief had mentioned some russian hardware that did this, if you search for "russian" with posts by him, you may find some info. If the russians were doing this, we must be too. Hope that is what you were looking for...

[Bruce1807]

DES over rf is harder than cracking a text document which is what was cracked

Your right of course but the theory is still the same.
If we look at text, We apply a key and see if any words in English come out, We then do it again and again until we get a page of text in English or near enough.

With RF we need to analyse the sound. Voice recognition has improved in leaps and bounds over the last 10 years. (Just look at the automated answering systems) So we put a list of known common words and test against them with every key. Now whilst this is slower than text, we have to remember how much computing power has increased in the last 10 years especially with super computers.

Thats how I would approach the project.

[5-sides]

DES-XL<DES-OFB<3DES<AES<FASCINATOR<...

And that's all I have to say about that.

[HumHead]

Hey, it only took 40+ years for the good cryptoanalysis stuff from WWII to become public...

If you are going to try to brute force audio decryption, the easiest thing is to test for periods of silence in order to define a small set of possible valid keys, and then search for common phones to further reduce the set. Beyond that, good luck to whoever decides to relieve Scott of his scanner

[corruptRSS]

oopps !! my bad !

according to this link found elsewhere:

http://www.usdoj.gov/oig/reports/OBD/a0725/final.pdf

it seeme that our DHS has not caught-up to where we were 15 years ago !

[Elroy Jetson]

The companies that MAKE encrypted products for the government have optical correlators and processors available to them that are
quite capable of breaking SINCGARS and other encryption schemes in REAL TIME.

At optical speeds, encryption breaking is relatively quick and easy.

I heard about this from someone who was on a team that DID IT, using off-the-shelf hardware. (Off-the-shelf,
for that particular major tech company....not something you could buy at Radio Shack.)


CJ

[mr.syntrx]

DES-XL<DES-OFB<3DES<AES<FASCINATOR<...

And that's all I have to say about that.

DES-XL operates in CBC (cipher block chaining) mode, and is actually slightly more secure than DES-OFB.

FASCINATOR is not an algorithm, it's a line of equipment that part of the VINSON line, SAVILLE is the name of the algorithm. FASCNATOR equipment items are unclassified CCI when unkeyed, but assume the classification of the key material when loaded.

Considering the public scrutiny AES has endured compared to secret algorithms such as SAVILLE, I'm willing to bank on AES-256 any day.

Seeing as almost all military voice COMSEC systems work in a very similar manner to SECURENET (i.e. FSK modulation, CVSD vocoding and not much else), both US systems and those from the Soviet Bloc, you can bet "the man" has a lot of experience in this area. The entire DES keyspace can be brute forced in quite a short time with rapidly decreasing cost, in the form of fairly simple machines consisting of little else but a box of very fast FPGAs. The "audio is hard to decode" myth is just that - a myth. Valid looking audio is statistically very easy to detect when compared to unknown data, especially with a very simple vocoder like CVSD, and voice is also fairly easy to electronically decode with modern software as used for telephone intercepts and whatnot.

[mr.syntrx]

The companies that MAKE encrypted products for the government have optical correlators and rocessors available to them that are
quite capable of breaking SINCGARS and other encryption schemes in REAL TIME.

At optical speeds, encryption breaking is relatively quick and easy.

I heard about this from someone who was on a team that DID IT, using off-the-shelf hardware. (Off-the-shelf,
for that particular major tech company....not something you could buy at Radio Shack.)


CJ

SINCGARS isn't a cryptosystem in itself, though SINCGARS radios are generally used with VINSON series COMSEC equipment, which is integrated into the radio set on newer radios.

[fogster]

(Disclaimer: As is probably evident, I'm by no means an expert, or even marginally competent, when it comes to encryption.)

If I were to try to embark on a cracking project today, I think I'd have a receiver (or bank thereof) capturing audio and digitizing it appropriately. The rest of the hardware would probably be a large cluster of commodity rackmount servers. I don't know what's out there for software, but I'd imagine that people like the NSA are more than capable of writing the software to do it.

The entire DES keyspace can be brute forced in quite a short time with rapidly decreasing cost, in the form of fairly simple machines consisting of little else but a box of very fast FPGAs.

I seem to recall a publication from the 80s (???) talking about how, based on estimates, $1,000,000 would build a machine capable of cracking some sort of encryption scheme in near-real-time via brute force. So I don't doubt that the "box of very fast FPGAs" theory is valid, too.

The "audio is hard to decode" myth is just that - a myth. Valid looking audio is statistically very easy to detect when compared to unknown data

Amen! Of course it's not something you (presumably) and I can do, hence why Rescue 161's prize is still unclaimed, but for an agency employing the brightest minds in cryptography and with an unholy budget, it's probably child's play.

AES is essentially open to inspection

Which is all well and good unless people have found flaws but are sitting on them. Unlikely, I know, but I'm just saying... If some evil genius does find flaws, they probably won't want to go public with them.

[mr.syntrx]

(Disclaimer: As is probably evident, I'm by no means an expert, or even marginally competent, when it comes to encryption.)

If I were to try to embark on a cracking project today, I think I'd have a receiver (or bank thereof) capturing audio and digitizing it appropriately. The rest of the hardware would probably be a large cluster of commodity rackmount servers. I don't know what's out there for software, but I'd imagine that people like the NSA are more than capable of writing the software to do it.

The entire DES keyspace can be brute forced in quite a short time with rapidly decreasing cost, in the form of fairly simple machines consisting of little else but a box of very fast FPGAs.

I seem to recall a publication from the 80s (???) talking about how, based on estimates, $1,000,000 would build a machine capable of cracking some sort of encryption scheme in near-real-time via brute force. So I don't doubt that the "box of very fast FPGAs" theory is valid, too.

There's a sub-$10,000 box you can buy right now that will do it in a week, and it's a very slow cost oriented machine considering what's available today.

http://www.copacobana.org/

The "audio is hard to decode" myth is just that - a myth. Valid looking audio is statistically very easy to detect when compared to unknown data

Amen! Of course it's not something you (presumably) and I can do, hence why Rescue 161's prize is still unclaimed, but for an agency employing the brightest minds in cryptography and with an unholy budget, it's probably child's play. [/quote]

They've got the workflow and software in place to make it an almost automatic process.

AES is essentially open to inspection

Which is all well and good unless people have found flaws but are sitting on them. Unlikely, I know, but I'm just saying... If some evil genius does find flaws, they probably won't want to go public with them.

Yes they will. A great deal of fame and fortune awaits someone who does so.

[mr.syntrx]

BTW, I'm with Humhead on this - discussing the nuts & bolts of a current crypto or SIGINT system is not something done on a public board.

There's nothing at all wrong with it unless someone involved in the discussion discloses information they obtained in confidence and disclosed in breach of official secrecy legislation.

As everything said so far is public knowledge, I don't see a problem here.

[mr.syntrx]

Considering all of the surplus DES radio hardware that has hit the market in the past years, i'm wondering if anyone has firsthand or even second, what 'off-the-shelf' hardware the the three letter US agencies here are using to monitor traffic of interest ? Any ideas of the availability of this hardware to a given geographic area ? How many units available / manufactured /model #s etc ?

I doubt it. Anyone who would come into that information came into it either by espionage, or through they employment while holding at least a mid level security clearance, thereby making that information an official secret.

[Bruce1807]

I mean its pretty obvious, they can by a Cray or whatever other super computer they need. Its the software that you really need to find out about.

Also does anyone think that a drug cartel, terrorist network would use radio for any considerable time and trust it.

I some how doubt it.
It's cheaper and easier to use pay phones

[mr.syntrx]

A Cray won't do the job very well, general purpose computers aren't all that fantastic at cryptography.

Lots of FPGAs will git-r-done.

[MattSR]

Hi Matt,

I disagree that a Cray is general purpose - in fact their instruction sets are quite specific and were/are used for years against the toughest crypto-systems around. Sure - these days a bunch of FPGA's might be good, however for a cost-no-object application, I believe a Cray that has been programmed properly and had the code optimised (ie at the machine code level) would be more far more effective on a per clock cycle basis.

As Bruce has said, it's the software side of things that needs to be tackled. In fact Rick Parrish had a good read of the Securenet training manual pdf that I posted a link to and he said that with a better understanding of how the Securenet protocol worked, it would be a cinch to write some software that could brute force it and check for a valid resulting bit stream. This could be done provided that more information was available on how the bitstream was laid out (ie sync patterns, frame lengths etc). Interestingly Securenet implements a basic form of "brute force code detecting" with its use of Proper Code Detect so the brute force checking method is already in place.

Voice recognition is also irrelevant to cracking voice traffic - basic statistical analysis can show the randomness in a given dataset, even if it is just a bunch of 0's and 1's. in fact, knowledge of the voice coding scheme is largely irrelevant when you understand what it is you are looking for.

To test such a brute force algorithm would be a peice of cake - create some coded data with a known key and kick off a search that brute forces a small part of the keyspace that includes your known key. Once you you get a valid response (here a big hint - look for the presence of the 6khz 0101010101010101 idle pattern that CVSD uses to represent the silent bits between words) then all you need to do is get some more computing power or write a distributed application.

Cheers,
Matt

PS - cracking DES isn't against any laws... and the number of wankers on eBay that still wont export DES products from the USA due to "Munitions Laws" makes me laugh.

[mr.syntrx]

Hi Matt,

I disagree that a Cray is general purpose - in fact their instructions sets are quite specific and are were used for years against the toughest crpyto-systems around. Sure - these days a bunch of FPGA's might be good but for a cost-no-object application, I believe a Cray that has been programmed properly and had the code optimised (ie at the machine code level) would be more far more effective on a per clock cycle basis.

A Cray is a general purpose machine, it is not a machine dedicated to solving any particular problem. Modern Crays are basically a box chocabloc full of plain boring Opterons, with the option of FPGA coprocessors and some slightly exotic support electronics to enable fast I/O between nodes and cabinets. It is simply impossible to write software to conduct DES operations anywhere nearly as fast as what's possible with a bunch FPGAs or specialist cryptographic processors, by the very nature of the algorithm. A very small (single cabinet) XT3 with 96 dual core Opterons is around $1.7 million bucks, you could build a machine with about 19500 200MHz FPGAs that could search the entire keyspace in just over an hour and a half for that.

For solving a particular, explicitly defined computing problem, a specialist machine will always provide a higher price/perfomance ratio than a general purpose supercomputer, at the expense of generality.

As Bruce has said, its the software side of things that needs to be tackled. In fact Rick Parrish had a good read of the Securenet training manual pdf that I posted a link to and he said that with a better understanding of how the Securenet protocol worked, it would be a cinch to write some software that could brute force it and check for a valid resulting bit stream. This could be done provided that more information was available on how the bitstream was laid out (ie sync patterns, frame lengths etc). Interestingly Securenet implements a basic form of "brute force code detecting"with its use of Proper Code Detect so the brute force checking method is already in place.

Non-XL Securenet is even easier. It's so close to FED-STD-1023 that it isn't funny.

PS - cracking DES isn't against any laws... and the number of wankers on eBay that still wont export DES products from the USA due to "Munitions Laws" makes me laugh.

Actually, cracking someone else's encrypted data is illegal in the USA. It's not illegal to export DES gear though, and it hasn't been for the best part of a decade.

[MattSR]

All good and well.. but back to the topic - has anyone cracked securenet yet and made it public?

[MattSR]

Yeh, I agree that modern Crays are overgrown beowulf style clusters - Im referring to the real Crays (ie Seymour Cray era machines such as Y-MP's) with their big Vector processors and 256 bit registers

DES was desgined in the 70's when it was faster to do anything in hardware than it was software so of course an FPGA based solution will be better suited than a bunch of opterons.. Id like to see a vector processor based SMP style machine comparison...

[mr.syntrx]

Yeh, I agree that modern Crays are overgrown beowulf style clusters - Im referring to the real Crays (ie Seymour Cray era machines such as Y-MP's) with their big Vector processors and 256 bit registers

With DES being a 64-bit cipher, you'd draw no benefit from those huge registers and other vector processor features anyway.

The FPGA machine I mentioned above would also beat a vector Cray for the same money. As 99.9% of problems can be solved faster and cheaper on modern scalar hardware than the vector processors of old, nobody bothers with them anymore.

[MattSR]

Well, why hasn't anyone bothered yet?

Building a COPACOBANA would be a fun project I reckon! I just haven't got the skills to code it one...