Encryption advances

Quiller

New Member
With the revelation that NSA and other agencies have worked to crack encryption codes and processes widely used by industry and the internet, coupled with their efforts to deliberately insert weaknesses or backdoors in encryption protocols, the need for encryption techniques that can withstand these attacks seems ever more urgent. Keep in mind that if the NSA can do it, the US isn't the only repository of supercomputers used for the job. Russia has them, China probably is close, and some Asian countries can bring computer power to bear, which places all encryption at risk.

I was at a recent seminar where there was some brief but explicit discussion by "hacker types" of something they called "mutating encryption," where the encryption software changes itself without outside triggers or intervention. Apparently some of these exploratory encryption software patterns can also self-alter if the software detects an attempt to download the encryption key.

Has anyone else run across this mutating encryption idea elsewhere?
 

Beatmaster

New Member
With the revelation that NSA and other agencies have worked to crack encryption codes and processes widely used by industry and the internet, coupled with their efforts to deliberately insert weaknesses or backdoors in encryption protocols, the need for encryption techniques that can withstand these attacks seems ever more urgent. Keep in mind that if the NSA can do it, the US isn't the only repository of supercomputers used for the job. Russia has them, China probably is close, and some Asian countries can bring computer power to bear, which places all encryption at risk.

I was at a recent seminar where there was some brief but explicit discussion by "hacker types" of something they called "mutating encryption," where the encryption software changes itself without outside triggers or intervention. Apparently some of these exploratory encryption software patterns can also self-alter if the software detects an attempt to download the encryption key.

Has anyone else run across this mutating encryption idea elsewhere?
What you are talking about is rather old stuff as (auto) polymorphic encryption algorithm is widely used in virus and malware creation.
The idea behind it is rather simple.
As with each copy the code changes.
However encryption is not enough and will not be poly-m
It requires a polymorp engine module within the algorithm which changes the code every single time.
That said such a encryption alone is not polymorphism yet. To gain polymorphic behavior, the encryptor/decryptor pair are mutated with each copy of the code. This allows different versions of some code while all function the same.

But at the same time the decryptor module would have been the weak point.
(Entry and end point wise)

Got to run ill finish this post later.
 

StingrayOZ

Super Moderator
Staff member
Many polymorphic viruses actually use encryption to avoid detection. Or fancy code hiding with lots of random jumps etc.

There is little to be gained by polymorphing the actually encryption mathematics and if not done carefully could weaken the encryption.

Very little supercomputer time is dedicated to breaking codes. Back doors/hacks are easier, faster, cheaper. Heck half the time the door is left ajar and information can be had very easily by other means (key loggers etc).

The biggest risk to encryption is quantum computing. Everyone has been pouring millions into it and its nearly at the deployable level.
 

John Fedup

The Bunker Group
This article describes some recent advances in quantum communications by Chinese researchers. One important point in this the article is that China has spent over 25 billion overall on quantum research. Hard to believe that some kind of significant capability won’t happen.

 
Top