CipherSaber
|
|
CipherSaber is a symmetric encryption system based on RC4 that is simple enough that novice programmers can memorize the algorithm and implement it from scratch, yet supposedly strong. In CipherSaber each message begins with a random ten byte initialization vector (IV). This IV is appended to the CipherSaber key to form the input to the RC4 key setup algorithm. The IV is needed because RC4 is a stream cipher. The message, XORed with the RC4 keystream, immediately follows.
The Fluhrer-Mantin-Shamir attack on RC4 has rendered the original CipherSaber system vulnerable if a large number (>1000) messages are sent with the same CipherSaber key. To address this, the CipherSaber designer has invented his own variant on RC4 in which the RC4 key setup loop is repeated multiple times (20 is recommended). In addition to agreeing a secret key, parties communicating with Ciphersaber-2 must agree on how many times to repeat this loop.
History
CipherSaber was invented by Arnold Reinhold to keep strong cryptography in the hands of the public. Many governments have implemented legal restrictions on who can use cryptography, and many more have proposed them. By publicizing details on a secure yet easy-to-program encryption algorithm, Reinhold hopes to keep encryption technology accessible to everyone.
Actual security
While CipherSaber protects against unsophisticated attacker, its security from both theoretical and practical point of view is not satisfactory.
CipherSaber is supposed to be used as a complete cryptographic protocol, as otherwise there would be little point in implementing the cipher on your own. That means no message authentication of any kind - MACs, hashes or any other means.
- As the algorithm is strictly symmetric, each pair of people need to exchange keys and protect them. It's much more difficult than one key per person in asymmetric cryptography
- As it's a stream cipher without any message authentication, attacker can easily replace any known bytes with any other values. For example if the message is known to contain "ls -ld /" (Unix command for listing directory contents), attacker can replace it with "rm -rf /" (Unix command for removing a directory) by xoring with (30, 30, 0, 0, 30, 2, 0, 0)
RC-4 is not the strongest cipher, as for 2005 many of its weaknesses are known, and the CipherSaber is not using it in an optimal way, in particular:
- Key data is not used in highly optimal way, if the data is ASCII-only, only positions 32-127 in permutation will be mixed. As the key is supposed to be a passphrase, dictionary attack may be possible.
- CipherSabre relies on decent random number generator for IV, but most programming environments provide only very weak PRNGs. Using system's typically weak PRNG or imperfectly implementing own PRNG may seriously reduce security.
External links
- CipherSaber home page (http://ciphersaber.gurus.com)
- CipherSaber implementation list (http://www.xs4all.nl/~cg/ciphersaber/)