Why Puppy's Light Encryption Option is a Joke (Educational)

For discussions about security.
Post Reply
Message
Author
User avatar
SFR
Posts: 1800
Joined: Wed 26 Oct 2011, 21:52

#16 Post by SFR »

This thread reminds me my own struggles with XOR encryption on C64, many years ago.
Right after I wrote such tool I discovered that if file contains a longer string of the same bytes, the whole encryption is worth nothing. :lol:
How hard I tried to make it more 'secret'!
Even I added tracing of $d012 cell (current raster line position) to encryption algorithm to make it more complex. :lol:
And the effect was pretty cool: eg. "aaaaaaaaaaaaa" string encrypted with "a" passphrase has produced something like "dZ@2&"{[6g]'\!" as output!

Unfortunately, I just read somewhere that even this can be cracked using "frequency analyzing" or something like that...

Anyway, this thread (again) inspired me to write another encryption tool.
Details here: http://www.murga-linux.com/puppy/viewtopic.php?t=75404
It uses openssl and AES, so I hope it's more secure..? :wink:

Greetings!
[color=red][size=75][O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource[/size][/color]
[b][color=green]Omnia mea mecum porto.[/color][/b]
Top
User avatar
Digital_Dissident
Posts: 25
Joined: Tue 02 Mar 2010, 10:49
Location: U.S.- E. Coast

NOW You Tell Me?!

#17 Post by Digital_Dissident »

Pizzasgood wrote:Well, it should go without saying that when presented an option between light or heavy encryption, you should choose the heavy.
"go without saying"?!

I came across this post just last week by accident. Thankfully, still before anyone had access to my "light encryption" save file.

The OP in this thread is dated December, 2009-- over two years ago now-- and the latest Puppy releases still suggest choosing "light encryption" when creating a save file that will be saved to a hard drive!

And this post is relegated to an "off-topic" section and a cavalier tone?!

"Educational"?

This is an essential warning! Why was it never stickied to the very top of the forum?

I am flabbergasted.

Surely there are at least some Puppy users out there who are at risk of having their sensitive data compromised and they don't even know it.
Top
User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#18 Post by Pizzasgood »

Though I posted this in 2009, the weakness had been known to the forum since not long after it was implemented, whenever that was (2005?).

If Puppy is recommending the light option, then I agree it should be changed around. It should strongly encourage the use of the heavy option. People should only use the light option if they have already tried the heavy one and actually noticed a performance hit, and even then only if they are not very concerned about their data falling into the wrong hands. The selection page should clearly state that the light option is trivial to break, with a big all caps WARNING label included.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Top
Post Reply

Return to “Security”