Welcome to DefenceTalk.com Forum!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encryption advances

Discussion in 'Cybersecurity' started by Quiller, Sep 7, 2013.

Share This Page

  1. Quiller

    Quiller New Member

    Joined:
    Apr 30, 2012
    Messages:
    123
    Likes Received:
    0
    With the revelation that NSA and other agencies have worked to crack encryption codes and processes widely used by industry and the internet, coupled with their efforts to deliberately insert weaknesses or backdoors in encryption protocols, the need for encryption techniques that can withstand these attacks seems ever more urgent. Keep in mind that if the NSA can do it, the US isn't the only repository of supercomputers used for the job. Russia has them, China probably is close, and some Asian countries can bring computer power to bear, which places all encryption at risk.

    I was at a recent seminar where there was some brief but explicit discussion by "hacker types" of something they called "mutating encryption," where the encryption software changes itself without outside triggers or intervention. Apparently some of these exploratory encryption software patterns can also self-alter if the software detects an attempt to download the encryption key.

    Has anyone else run across this mutating encryption idea elsewhere?
     
  2. Beatmaster

    Beatmaster New Member

    Joined:
    Sep 29, 2008
    Messages:
    506
    Likes Received:
    0
    What you are talking about is rather old stuff as (auto) polymorphic encryption algorithm is widely used in virus and malware creation.
    The idea behind it is rather simple.
    As with each copy the code changes.
    However encryption is not enough and will not be poly-m
    It requires a polymorp engine module within the algorithm which changes the code every single time.
    That said such a encryption alone is not polymorphism yet. To gain polymorphic behavior, the encryptor/decryptor pair are mutated with each copy of the code. This allows different versions of some code while all function the same.

    But at the same time the decryptor module would have been the weak point.
    (Entry and end point wise)

    Got to run ill finish this post later.
     
  3. StingrayOZ

    StingrayOZ Well-Known Member

    Joined:
    Feb 11, 2007
    Messages:
    3,250
    Likes Received:
    292
    Location:
    Sydney
    Many polymorphic viruses actually use encryption to avoid detection. Or fancy code hiding with lots of random jumps etc.

    There is little to be gained by polymorphing the actually encryption mathematics and if not done carefully could weaken the encryption.

    Very little supercomputer time is dedicated to breaking codes. Back doors/hacks are easier, faster, cheaper. Heck half the time the door is left ajar and information can be had very easily by other means (key loggers etc).

    The biggest risk to encryption is quantum computing. Everyone has been pouring millions into it and its nearly at the deployable level.
     
  4. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    4,117
    Likes Received:
    302
    Location:
    Vancouver and Toronto
  5. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    4,117
    Likes Received:
    302
    Location:
    Vancouver and Toronto