Bitcoin Forum
November 24, 2020, 02:35:56 PM *
News: Latest Bitcoin Core release: 0.20.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Keyless encryption and passwordless authentication  (Read 2605 times)
Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 25, 2019, 11:39:15 AM
Merited by ETFbitcoin (2), Coolcryptovator (2), JayJuanGee (1)
 #1

Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
1606228556
Hero Member
*
Offline Offline

Posts: 1606228556

View Profile Personal Message (Offline)

Ignore
1606228556
Reply with quote  #2

1606228556
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1606228556
Hero Member
*
Offline Offline

Posts: 1606228556

View Profile Personal Message (Offline)

Ignore
1606228556
Reply with quote  #2

1606228556
Report to moderator
1606228556
Hero Member
*
Offline Offline

Posts: 1606228556

View Profile Personal Message (Offline)

Ignore
1606228556
Reply with quote  #2

1606228556
Report to moderator
1606228556
Hero Member
*
Offline Offline

Posts: 1606228556

View Profile Personal Message (Offline)

Ignore
1606228556
Reply with quote  #2

1606228556
Report to moderator
Dabs
Legendary
*
Offline Offline

Activity: 2786
Merit: 1454


The Concierge of Crypto


View Profile
November 25, 2019, 05:10:54 PM
 #2

To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 25, 2019, 05:37:35 PM
 #3

It's unusual to understand. But it is possible to arrange everything in a logical order. First, you have your encryption settings, let's call them initial, initial settings. Then you want to connect to your partner. It is important that the partner has the same encryption settings as the partner. Well, if you are more accustomed to other words, let it be one key, the same for two. Agree that in one encryption system, the key creates specific system settings, the key selects the encryption scheme. But in a normal key system (a double ratchet will be discussed later), the logic of the process is as follows: the system takes your information, takes your key, and creates a cipher. In a keyless system there are other processes going on. The system takes your information with the initial settings - it generates a cipher. But the trick is that the next information will be encrypted in a completely different way, as you used to - under a different key, the scheme itself will be chosen by the system based on many factors, and the external observer can not see them and can not calculate. This is a big topic, we can talk, but we need to be clear that there are no logical contradictions in this idea. Moreover, unlike the key system, the information itself is not encrypted. There is one method that is used, it is a method of temporary correspondence of your information - the internal element of the system. But this element will not be encrypted either. Only a temporary link to this element will be encrypted. Then the cipher will be a digital description of the link. Then, it is logical to assume that deciphering the link itself, to an external observer who does not know the initial settings of the system - without meaning, as well as without meaning to decipher the link to the Internet, link. You have to go and see what this link points to. So this system works.
pooya87
Legendary
*
Offline Offline

Activity: 2184
Merit: 3308


Remember tonight for it's the beginning of forever


View Profile
November 26, 2019, 05:00:02 AM
 #4

there is no such thing as "Keyless encryption". it simply doesn't make any sense. you need to have something to encrypt and then later on decrypt the data.
not to mention that what you are explaining here, although hard to understand, is also using a "key". what you are doing is changing the form of it compared to the key that is used in any of the symmetric algorithms. but that is not removing the need for a key! your "key" is the algorithm itself. and if the algorithm is known and doesn't take any input then it is not safe since it could be broken by anybody knowing it.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 26, 2019, 10:48:41 AM
Last edit: January 25, 2020, 09:41:19 AM by mprep
 #5

If you approach the question so simply "it can't be", it's hard to say. Assuming that it is possible, I can describe the essence of the idea. Let's imagine that we need to encrypt and pass one byte octet, which is 8 bits. Agree that if we can encrypt one byte without a key, we will probably be able to encrypt the other. If this level of discussion suits you, then you can play logic games and try to explain the essence of this method to you.  Let's agree again on the terms. If we use a key, we choose an encryption scheme in the encryption system. You don't know the key yet - you just don't know what algorithms to use to work with the code (either to encrypt it or to decrypt it). Is there a disagreement on this point?



If you agree with that, we'll continue. In modern cryptography (let's talk about symmetrical one so far), astronomical numbers and Calculus are usually used. There are known problems, but in general it is a great achievement of human thought. These are the key-type systems. The key is the rules of encryption and deciphering. In the keyless symmetric system, there are also encryption and deciphering rules. There is no difference in the principles of operation, the only difference is the absence of a key itself. Now, what is a key, as we understand it, what is its function? It's some kind of digital code that the user keeps secret, which should be exactly the same for another user (we're talking about symmetric systems, like the EE2E, often based on AES for encrypting information and an asymmetric system for generating the initial keys). If this information disappears, your communication is either tapped or modified. In a keyless system, there is an encryption scheme, but no stored and used key information. The question was asked correctly - this encryption scheme will be calculated very quickly. That's right. To protect against such simple hacking move, a keyless system uses a constant change of system, as often as possible. It is possible to do this on a single packet of transmitted information. Minimum packet size is 304 bits. This means that it is harder to find a rule to convert such a packet by brute force than in AES with a 256 bit key. Let's stop here and take a look at the comments. I said less that one percent of the information about the keyless deviceso far, consider that this is only the beginning (and already there is so much text).
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1616
Merit: 1003



View Profile
November 26, 2019, 03:19:57 PM
 #6

Why don't you explain how the decryption part works. You have this blob of encrypted data and nothing else. How does it work?
Dabs
Legendary
*
Offline Offline

Activity: 2786
Merit: 1454


The Concierge of Crypto


View Profile
November 26, 2019, 03:30:52 PM
 #7

It's much better to use a well established algo, such as AES ... The algo is public. All you need is a key now. That is the one you keep secret between you and the other side.

If there are no other channels to get this secret to the other side safely, that's where public key encryption comes in.

Trying to roll your own cryptography without a key ... = not going to be very good. No one will use it but you, and you have what is called "security through obscurity".

It won't be any better than what's already available out there. All well known and current 256 bit symmetric-key algorithms are uncrackable provided you use a randomly generated key.

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.


I'd stick to just using AES or Twofish. DES has too low a bit strength it can be brute forced in hours or minutes.

Trying to use your own home brew encryption scheme isn't any much better than ROT13. It has "no key".

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 26, 2019, 08:49:06 PM
Last edit: January 25, 2020, 09:41:32 AM by mprep
 #8

All you say is right. These are excellent cryptographic solutions. If it weren't for the danger of stealing the key, phishing or other problems with key-type systems. If you use keyless cryptography, you get the following benefits: 1. you have nothing to steal. 2. the durability of the encryption is not based on the durability of the key (Auguste Kerckhoffs principle). 3. Absolute integrity of all messages at the level of 1 bit of information. 4. Absolutely impossible to modify this cipher. 5. as a bonus - password-free authentication based on variable numeric identifiers. 6. authentication in both directions and for this reason the impossibility of phishing. 7. other things that are is too early to talk about before all the issues have been analyzed.



Why don't you explain how the decryption part works. You have this blob of encrypted data and nothing else. How does it work?
-----------
This will be clear when all the principles of this technology are shown. I will write them in order, observe how they are perceived by readers, and then write further. Very briefly, but not very precisely, it can be explained this way. Each next data packet has its own encryption scheme and it has a decryption scheme.  Both systems are completely symmetrical. But their settings always change. The scheme is in a static state, it does not change, only when one data package is prepared. Once it is prepared, it changes to a completely new one. This is a property where both systems are always in the same state for only one data packet - called a logical time tunnel. They are absolutely deterministic. But they are absolutely movable. Yes, and most importantly, the mathematical principles of coding in such a system will be very cumbersome and predictable. We have conducted research that has shown that geometric models are ideal for such a paradigm, simple and without recognition complexes. But it's not difficult to explain it all on the example of a chess game. If there's anyone else's interest.
franky1
Legendary
*
Offline Offline

Activity: 2954
Merit: 1796



View Profile
November 26, 2019, 09:32:37 PM
 #9

OP talks about 'keyless encryption' but then lays out an example of a password with a varying salt
(password is still the key info)

or to put it simply a 12 word bitcoin passphrase seed. but only keeping the first 10 phrases fixed and altering the last 2 phrases so that if your held hostage you give them a other 12 phrase of only pocket change instead of your true phrases of life savings

the issue with having a varying privat key
that a public key would accept multiple variations means multiple risks

EG if you have the only house key only you can unlock the door. but if there are 100,000 housekeys that can fit the door. then it becomes much easier
.....
some people have already fooled around with things like 'address' message signing access
such as submit a public key as the 'verify' of account
and then people have to sign a particular message
such as
'26/11/2019 today trump combed his hair'
so the message is random meaning when signed the signature is random. but the verifying becomes easy as it doesnt require asking for the private key. thus the private key remains secure
....
having a algo that changes keys randomly means there is more chance of getting the key that fits.
(adding more needles to a hay stack makes it easier to find a needle in a haystack)

for me personally..
i do use a certain keyword and then scramble another word beside it depending on the website to make my password appear 'unique' per site but still only requires me remembering one key piece of info for everything
yes its more of a risk than just having totally unique password per site
but less of a risk of just using same password per device/site

but i just find that the OP's proposal is going backwards security wise not forwards

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 26, 2019, 09:51:59 PM
Last edit: January 25, 2020, 09:41:59 AM by mprep
 #10

You write: "EG if you have the only house key only you can unlock the door. But if there are 100,000 housekeys that can fit the door. Then it becomes much easier." It's the opposite here. There are 100,000 housekeepers, each has a key. And the lock in the door at one time is configured only for one housekeeper. At the next point in time - at a randomly selected out of 100,000. This is a different principle. In fact, this number 2 was raised to the 304th degree. It's a minimum. Because the system has the ability to work with data packets of different sizes. For one package, this is 2 to 304 degrees. And for 2 already: 2 to 608 degrees. Feel the difference. In a symmetric system with a 256-bit key, it is always 256-bit. As soon as you guess the key, the system will fly. In our system, guessing one option for one data packet does not give you anything useful. Because the next option has no correlations with the previous one, a priori.



It's much better to use a well established algo, such as AES ... The algo is public. All you need is a key now. That is the one you keep secret between you and the other side.

If there are no other channels to get this secret to the other side safely, that's where public key encryption comes in.

Trying to roll your own cryptography without a key ... = not going to be very good. No one will use it but you, and you have what is called "security through obscurity".

It won't be any better than what's already available out there. All well known and current 256 bit symmetric-key algorithms are uncrackable provided you use a randomly generated key.

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.


I'd stick to just using AES or Twofish. DES has too low a bit strength it can be brute forced in hours or minutes.

Trying to use your own home brew encryption scheme isn't any much better than ROT13. It has "no key".

----------------------
Symmetric systems without asymmetric ones will not work, no one will meet and pass each other a key for encryption. You know that asymmetric encryption systems are conditionally reliable. So, now, they use keys of 4 kilobits in size. You also know that a 256-bit symmetric system key is equal in reliability to a 15,300-bit asymmetric system key. It is not possible to use such a key on modern technology, because it will require huge computing resources, and our smartphones do not have them. And there are also cryptanalysts. No military organization ever uses a public-private key pair. Think about why. Moreover. This year, the era of quantum computers has begun, which we all can use over the network. A 53-qubit computer did calculations in 200 seconds that a regular computer would do 10,000 years. Read the news. All asymmetric cryptography is already in the past, not only for special services, but even for ordinary hackers. The American Standards Institute is looking for post-quantum asymmetric systems. While there are 4 candidates from asymmetric systems and 1 candidate from symmetric ones. But every asymmetric candidate consumes a lot of resources. How will a symmetric system work without an asymmetric one? No way. This is in theory only possible. But not to us.




EG if you have the only house key only you can unlock the door. but if there are 100,000 housekeys that can fit the door. then it becomes much easier
.....

having a algo that changes keys randomly means there is more chance of getting the key that fits.
(adding more needles to a hay stack makes it easier to find a needle in a haystack)


Here is an early version of military communication declassified:

https://en.wikipedia.org/wiki/KY-57

I would imagine the more recent stuff is more advanced coupled with frequency hopping.
---------------------
This is a very interesting development. It’s a pity that she is classified. However, there is an assumption that this is an analog of modern keyless primitives, such as for example, hash functions. In other words, sometimes, a system with one secret key is called a keyless one. In a sense, this is so. After all, the key is not transmitted, you do not need to do this. But such systems are fundamentally different from systems with a variable encryption scheme when each new data packet has its own set of encryption and decryption rules.



Cryptography after the Aliens Land, Bruce Schneier, IEEE Security & Privacy, September/October 2018.
Read at least the beginning of the article, it was written by all recognized genius in cryptography! I had the honor of being in correspondence with this person; he allowed me to use his quotes. This is a formality, but a fact. The fact that modern cryptography has a lot of problems is not my thoughts. Think carefully about what is written in this article.
https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html





And after that, the value of this information will be clear:
Quantum Supremacy Using a Programmable Superconducting Processor
Wednesday, October 23, 2019
Posted by John Martinis, Chief Scientist Quantum Hardware and Sergio Boixo, Chief Scientist Quantum Computing Theory, Google AI Quantum
https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html
boris2470
Jr. Member
*
Offline Offline

Activity: 113
Merit: 5


View Profile
November 26, 2019, 11:51:22 PM
 #11

Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
Only the physical theft of the key remains, or am I wrong? It will be necessary to capture a person who owns cryptocurrency and this key, and this is the only way to steal money. But I like that because hackers will become useless with such a security system.
Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 27, 2019, 12:23:12 AM
 #12

Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
Only the physical theft of the key remains, or am I wrong? It will be necessary to capture a person who owns cryptocurrency and this key, and this is the only way to steal money. But I like that because hackers will become useless with such a security system.
____________________________
No, the key cannot be stolen. The key cannot be stolen here, since it as a function is absent. Moreover, there is no single encryption scheme, how can one have a key? He’s useless; there’s nothing to steal. This is the trick. There is one of many encryption schemes. There are eight independent rounds of encryption. All of them have a large number of their encryption schemes. All of them are in a geometric space with a function of time as we are used to and with a function of time internal, unusual and working according to its own laws. Taken together, this is a space-time continuum, virtual of course. Such a system works according to the principle: you cannot enter the same river twice. The river is always different. In this technology, even the information itself is not encoded. Encoded links inside the space pointing to the elements of the space. Elements of space are always moving. Like cars in the city. The starting point of the reference system for the link is also always moving. All information is divided into parts (for example, 8 bits), then we need 256 machines to match all the options. All 256 cars move around the city, the street map of which is always a variable unknown to the outside observer. The location of each car is unpredictable, they are always in motion, and traffic without city traffic jams. Our starting point is a drone flying in the sky of a city. The drone is always moving. If we need to transfer any version of 8 bits, we need to draw a vector (link) from that drone to that car. This car, at a given time (this is also a variable), is located at some point in the city. Predicting a vector (link) to an external observer is not possible. The vector is digitized, and this is only the first 2 rounds of encryption. It is encoded further. As a result, only the vector (link) code is transmitted to the communication channel. Decode it - without meaning and without benefit. It does not contain our information. In the same way as in itself the Internet link, link does not contain information. These are the basics of keyless geometric vector systems.
Wintersoldier
Sr. Member
****
Offline Offline

Activity: 910
Merit: 274


★777Coin.com★ Fun BTC Casino!


View Profile
November 27, 2019, 12:32:24 AM
 #13

It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 27, 2019, 09:05:54 AM
Last edit: January 25, 2020, 09:42:39 AM by mprep
 #14

It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
__________________
I am not an expert in this matter. But they write this: “Interesting information was announced in Lisbon in the July Building-on-Bitcoin conference by the famous bitcoin developer Jameson Loppe. He said that during the existence of the distributed BTC registry, about 6 million bitcoins were stolen and lost due to the loss of keys. . " As we can see, the owner’s secret keys are always under attack by a hacker.



Example 1. In July 2017, the developers of Parity, the Ethereum cryptocurrency wallet, faced theft. Unknown attackers took advantage of the bug in the multi-signature contract, which allowed them to steal funds from other people's wallets.

As a result, all users who deal with multi-signature wallets created earlier on July 19, 2017 were affected. In the pockets of criminals settled 153 thousand ETH, that is, about $ 30 million at the current rate.

Hacking occurs through the spread of viruses. Such viruses can be divided into two types.

The first is hidden miners. They infect the system and start mining crypts on the infected computer without the knowledge of the computer owner and in the interests of the virus owner.

The second is stylers. They steal wallets passwords and wallets themselves. The stylers can also include primitive viruses, which replace the sender address on the clipboard.



Example 2. Old proven phishing.

At the end of September 2017, cyber police together with employees of the Talos division of Cisco launched an investigation into one of the largest phishing campaigns aimed at cryptocurrency users (Coinhoarder operation).


According to the press service of the cyber police, a large number of domains have been discovered, the names of which are similar to the original resource of the online service of virtual Bitcoin-wallets: blockchain.info.

Eight dozens of phishing blockchain sites are already known. Victims were lured to them through Google Adwords advertising campaigns.

When the keyword “blockchain” was introduced on Google, a link appeared that looked legitimate. However, after clicking on this link the user was taken to a fake domain (similar to bockchain.info). The domain looked similar to the original, but had a different domain name and a specially designed script from attackers.



It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
---------------------------
As for the use of keyless technologies in cryptocurrency wallets, such projects are still possible, theoretically. Here is an example:
https://toxic.chat/



In addition to the benefits for the user, because you can not steal the key, there are advantages for the blockchain itself, in general.

Here are the three principles of this keyless technology, built on geometry, not mathematics:

1) a chain of state sequences;
2) the presence of all links of the chain (blocks)
3) the absolute dependence of each new link (state of space) on all the information used for the exchange

- correspond to the definition of the classic “blockchain”: “a continuous sequential chain of blocks built up according to certain rules (linked list)”, with the important difference that there are no blocks as such, they all correspond to existing system states that need not be saved (unlike blocks).


--------------------------------------------------
   classic blockchain      alternative blockchain
1) No parallelization, no synergy, no mutual assistance - only duplication, and immediately (continuously) million times/
1)   Copying or partial copying, distribution of parts of the system between any number of users, node or super nods, central server - no restrictions, the weight of the system does not change as many times as its direct and continuous use

2) All blocks are linked by a cryptographic signature in chronological order in a single chain, complex mathematical algorithms are responsible for this   
2) All blocks (states) are linked by an analogue of a cryptographic signature (the Vernam cipher level), not complex algorithms are responsible for this.

3) Attempting to integrate current payment networks into a blockchain can be so complex that no one will even try to go this way.   
3)The problem of overloading computing power and existing networks is absent due to the complete lack of scalability in this technology.

4) Currently, there are more than 1,400 digital coins, many of which have their own versions of the blockchain, each with its own “+” and “-”   
4) It makes no sense to create such a number of technology options in the case of its use in cryptocurrencies, since The technology is free from the main disadvantages of any variant of the classic blockchain.

5) To prevent an attack, you need to use complex security keys and two-factor authentication, there is a "human factor".   Each data packet not only carries information, but also performs (as a 100% hash) the verification function of each previously received and current data packet, there is no “human factor”
In the current reality, the blockchain's “eternity” is limited to a dozen years - the increase in the capacity of hard drives definitely does not keep pace with the growth in blockchain volume   
5) The system does not scale to any bit depending on any number of transactions, but increases when a new unit appears

6) Very low speed of operations, hung stocks, miners are combined into pools - the problem of 51% is becoming more urgent   
6) The speed of operations depends only on the number of nodes, there is no problem confirming all the “blocks”, a very high and stable performance




Phishing is possible only if you have a persistent identifier. In addition, the server checks you, and you are the server? In keyless encryption technology in the client-server model, phishing is not possible because your identifier is always variable. And the check goes in both directions. This makes the transmission and reception protocol of the encryption system itself. If this were not so, then the encryption scheme would be either constant or predictable. This would be an ordinary cryptographic keyless primitive, of which there are a lot, they are called unidirectional functions and so on.



Here is an example of how phishing works on the blockchain:
"As soon as the user entered the wallet, or created a new one, Nginx replaced it with his own on the fake server. Criminals accessed information from the graph sharedkey, password, secondPassword, isDoubleEncrypted, pbkdf2_iterations, accounts."

And further:
"According to information from security specialists at blockchain.info, this phishing campaign is one of the largest in history ..."

Moreover:
"The experts also found confirmation that these attackers were involved in the creation of several so-called HYIP projects, such as: flexibit.bz, verumbtc.com, hashminers.biz.

Cisco researchers said fraudsters earned $ 50 million in cryptocurrency over the past three years. It's about losing users all over the world. "

What other examples are needed to understand that key technologies are very dangerous.



Today, even a poorly trained user can do a phishing attack. There are ready-made programs for this. Everyone needs to know about this.

Here's a nasty fresh example of how they might attack us:

Large online services use two-factor authentication (2FA) to protect accounts. Usually its implementation comes down to the fact that in addition to the login and password, you must enter a one-time code sent in SMS or push-notification to the mobile number specified during registration. Until recently, 2FA was considered a relatively reliable anti-theft system, but now there are already ready-made tools that make it easy to overcome it.
One of them is Evilginx 2, which we will talk about. This is a reverse proxy server and a ready-made framework for performing a MITM attack to bypass two-factor authentication. Everything that is possible is automated in it.
Evilginx 2 has the super ability to create a signed certificate for a fake site using the client’s free and fully automated Let’s Encrypt Certification Authority. This helps the attacker to use HTTPS and decorate the phishing site with a green lock in the address bar. As a result, the fake is visually indistinguishable from the original. Plus, Evilginx 2 independently detects and intercepts valid cookies, and this is the main component of a successful hack.

We are used to the fact that all hacker tools are written for Linux, however Evilginx 2 is available both on Windows and as a Docker container.



South Korea’s largest cryptocurrency exchange, Upbit, has notified its users of the theft of tens of millions of dollars in cryptocurrency from its wallet.

According to Lee Seok-Wu, the head of the Dunamu managing company exchange, on Wednesday, November 27, at 13:06 from the “hot” Ethereum wallet Upbit 342 thousand ETH (about $ 50 million) were transferred to an unknown wallet (0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029)



The number of bitcoins lost due to the loss of keys or the death of the key keeper is huge and is growing every year. The theft of our confidential information, passwords - is growing. I get new confirmations of my position that new passwordless and keyless systems will be in demand. Here is a fresh example.
Positive Technologies experts summed up the results of the third quarter of 2019. Every fifth attack was directed against individuals, with almost half (47%) of all data stolen from them - these are credentials in various systems (logins and passwords). For example, the Clipsa Trojan is able to covertly “mine” cryptocurrency, steal passwords, change the addresses of crypto-wallets, and also launch brute force attacks against WordPress-based sites.
Dabs
Legendary
*
Offline Offline

Activity: 2786
Merit: 1454


The Concierge of Crypto


View Profile
November 29, 2019, 04:02:00 PM
 #15

Most modern mobile devices running recent versions of Android can do 4k bit public/private key encryption. 16k private keys are still not normal.

Mobile browsers can also use modern encryption, like Firefox with https, with ethereal keys.

I still prefer to stick to "classic" or proven methods, I'm not concerned anyone is going to break my keys soon, or in the next few years or decades.

I mean, good for you, someone is doing research on this. I eagerly await the results.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
November 29, 2019, 05:38:33 PM
Last edit: January 25, 2020, 09:43:27 AM by mprep
 #16

Most modern mobile devices running recent versions of Android can do 4k bit public/private key encryption. 16k private keys are still not normal.

Mobile browsers can also use modern encryption, like Firefox with https, with ethereal keys.

I still prefer to stick to "classic" or proven methods, I'm not concerned anyone is going to break my keys soon, or in the next few years or decades.

I mean, good for you, someone is doing research on this. I eagerly await the results.
-------------------------------------
Absolutely correct behavior. Everything new must pass the test. Today, the verification of everything new must be very thorough, new quantum calculations have appeared. It is interesting to use this platform for communication for its intended purpose - for discussions, for the exchange of views. Therefore, I proposed a completely new and debatable topic. But at the moment, nobody wants to sort things out so far. Everyone is content with old technology and does not notice the rapidly changing security environment. The rise of cybercrime is phenomenal. All defenders work well after the crime, not before it. This is a disturbing fact.



1) Imagine that we play chess. We transfer our moves - by telephone, through open communication, we hang on the bulletin board, it does not matter. Between ourselves, we agreed that the game of chess is a distracting maneuver. In fact, we need each chess move to indicate a specific chess piece. Each move is still needed to move a specific piece. We agreed, and temporarily, that each chess piece indicates is associated with specific information. Denotes a part of the information that needs to be “encrypted and transmitted”, for example, this is a byte of our information.

2) We transmit to each other only "service information", only a link from which cell the figure should be taken and in which cell the figure should be placed. It’s just a chess move of some kind. All pieces are randomly located on the board, unknown how, for an external observer. Let in our chess, all pieces are allowed all moves, without discrimination.

3) I pass the move on my board: A5 to B2, but I do not indicate a piece, and only on the board of my partner it is clear that this is a “black elephant”. The "Black Elephant", by default, temporarily, for this communication session or for this data packet, is associated with some kind of information byte. Therefore, transmitting the digitized code of the move - I transmit the link, a vector defined unambiguously only in the reference frame selected for this data packet.

4) Note that the reference point - we can also change. The coordinate system and the starting point of reference can be like at any of the 4 corners of the chessboard (as it usually is), inside the chessboard, outside the chessboard. From choosing this parameter - the digital code of the chess code - will change. In any case, this is another uncertainty that is very relevant in cryptography.

5) This chess move, this link in this space, this vector, I additionally encode. I encrypt as good as I can. I have many more rounds of encryption, the last of which is the XOR operation with a one-time binary tape, its length is exactly equal to the length of the link cipher. This is the Vernam cipher class, with the only difference being that our one-time binary tape is never transmitted from me to my partner. Therefore, the final cipher is not vulnerable, persistent in the absolute sense of the word (K. Shannon theorem, proved in 1945).

6) In fact, I only encrypt the link, nothing meaningful information for the external observer, even if he decrypts it. Because he does not see the chess game, he does not see which piece this link indicated. A figure is information that I “transmit and encrypt” at this point in time.

7) Why then additional rounds of encryption? To encrypt information - they are not needed. And to prevent cryptanalysis using the Chosen-plaintext attack (CPA) method, for very large amounts of cipher, they will not hurt.
agentx44
Sr. Member
****
Offline Offline

Activity: 756
Merit: 268


View Profile
November 30, 2019, 06:35:23 PM
 #17

Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
I don't think it is necessary to develop such things anymore since the authentication system we currently have works well depending on your responsibility of your account. There are a lot of hardware wallets present that can be seen as a assured and safe one. You just need to find a recommended one that is proven and tested to be worthy of your trust. The verification of most of the things that we have now, as technology innovates more each day, gets more and more handy which sets anyone worry less in time of death or loss of key.
Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
December 01, 2019, 08:19:24 AM
 #18

Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
I don't think it is necessary to develop such things anymore since the authentication system we currently have works well depending on your responsibility of your account. There are a lot of hardware wallets present that can be seen as a assured and safe one. You just need to find a recommended one that is proven and tested to be worthy of your trust. The verification of most of the things that we have now, as technology innovates more each day, gets more and more handy which sets anyone worry less in time of death or loss of key.
---------
Password based authentication system is an old idea that works really well. This is a digital identifier. This system is more reliable than authentication based on biometric identifiers. This result shows hacking statistics. But password authentication today is out of date, due to the development of phishing attacks and programs stealing your passwords from your device - remotely. For this reason, the future lies in authentication systems without a password, without biometric data. These systems are being developed, but with a different basis. I like the system with a variable digital identifier. She's a keyless encryption system. It is 2 in one. Whether you want it or not, encryption and, most importantly, decryption without a key can only be done by identifying your "own" code, using passwordless authentication. Such a reciprocal relationship.
Dabs
Legendary
*
Offline Offline

Activity: 2786
Merit: 1454


The Concierge of Crypto


View Profile
December 02, 2019, 03:05:54 PM
 #19

For your chess game, both of you have to have the same board. So either you both started in the standard configuration, or both of you had to communicate the state of the board at the start.

One time pads are indeed uncrackable, but again, both of you need to have this at the start, so it must be sent by another channel of communication, or physically.

Voland.V
Full Member
***
Offline Offline

Activity: 210
Merit: 118


View Profile WWW
December 03, 2019, 09:22:14 AM
 #20

For your chess game, both of you have to have the same board. So either you both started in the standard configuration, or both of you had to communicate the state of the board at the start.

One time pads are indeed uncrackable, but again, both of you need to have this at the start, so it must be sent by another channel of communication, or physically.
---------------------
Yes, you are absolutely right. Now I see that you have caught the point. And this makes it possible to understand in more detail. The initial state - really should be the same on both chessboards. This is the so-called first communication session. Let's take an example. Option client server. If this is a public visit server, without authentication (and without authorization) of the client, this is an advertisement board. I don’t think that this requires encryption. This option of working on a closed communication channel organized by keyless technology is possible, but for now let us leave it. The second option is more in demand, from the point of view of safe data exchange, when you go to the server on which you are registered. Therefore, you have your identifier. We don’t care what origin it is, in the final form it is always digital. This is nothing but the unique information of a unique user. You can salt it (cryptographically) with the server, one salt, you can change it with a unidirectional cryptographic function, it doesn’t matter, it is unique.

Now attention. We need it only once, only as installation information, for the first arrangement of pieces on our two "chessboards" - for one on the server, and for the second at the client.

Entering this information - you arrange the chess pieces in some unpredictable way for the external observer. Everything, you can make the first move. And then what is the difference with key technology? The difference is huge, the abyss.

As soon as you have made your first move, all the rest will be carried out from a completely different arrangement of figures. No neighboring piece will remain a neighbor on both chessboards - for the next move. What this means is that it means that we have a new encryption scheme, as if a new key. And so on. A keyless encryption system is a geometric (rather than a traditional mathematical) continuum over time. Time has two independent dimensions. The first is our astronomical. Looking ahead, astronomical time is not used according to such schemes as in the protocols of OAyuth, OpenID and the like. The second time dimension is internal, having no points of correlation with the external. The unit of time there is not a “second”, but an estimated judgment about the events (errors, repetitions, encryption results). Thus, the geometric coding model makes it possible, in principle, to create a moving spatial continuum, the main feature of which is a constant change in the spatial structure. A small virtual discrete world. In such a structure, it is impossible to enter the same river twice. Because the river always flows. This means that even if they find "unique information of a unique user" and try to put it on their chessboards, they will receive the first absolutely the same arrangement of chess pieces, as in our example client-server, the same encryption scheme.

Then they will find our first data packet for encryption and encrypt - they will receive exactly the same code as our client-server. Now attention! But the next arrangement of figures, the next encryption scheme - will never coincide with the second encryption scheme for our client-server pair. Saying here the “first data packet” is really just the first data packet, let's say, 304 bits. All your safety consists in the fact that in these first 304 bits - not to enclose secret information. But you can not worry about it, the system will not let you do this either on the first 304 bits, or on the next. It will imitate the information exchange between itself, especially without you, so that those who hunt for your information do not even have access to the first correct cipher. But that's not all. It turns out that such a system gives new unique security features. About it in the next post.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!