Pages:
Author

Topic: Keyless encryption and passwordless authentication - page 5. (Read 2887 times)

full member
Activity: 224
Merit: 120
Example 2. Old proven phishing.

At the end of September 2017, cyber police together with employees of the Talos division of Cisco launched an investigation into one of the largest phishing campaigns aimed at cryptocurrency users (Coinhoarder operation).


According to the press service of the cyber police, a large number of domains have been discovered, the names of which are similar to the original resource of the online service of virtual Bitcoin-wallets: blockchain.info.

Eight dozens of phishing blockchain sites are already known. Victims were lured to them through Google Adwords advertising campaigns.

When the keyword “blockchain” was introduced on Google, a link appeared that looked legitimate. However, after clicking on this link the user was taken to a fake domain (similar to bockchain.info). The domain looked similar to the original, but had a different domain name and a specially designed script from attackers.
full member
Activity: 224
Merit: 120
I'm really sorry. I can not understand what you're trying to say. This is a completely new way of thinking about encryption.

I had implied that the initial chess board is fixed in it's starting position, and any updates to the pieces could be followed by an eavesdropper using the same keyless encryption scheme you proposed.

I'm not even talking about a man-in-the-middle attack.
-------------------------------
Yes, all this is so.
It is incomprehensible, because new, unusual.
The advantage of this system is that any information is suitable for its initial launch, and not just information in the key format.
And to enter this information about the initial settings - only once in a lifetime.
The second time the system does it. And she does it completely unpredictably. Further, the keyless system itself selects the encryption scheme (in a conventional system, the encryption scheme is ALWAYS selected by the key itself).
And the second one.
This information, which is similar to the key (for example, your identifier), has secrecy only once in a lifetime - when it is used for the first time. Further, it can be declassified.
And the key is never.
 
 The key can never be declassified, because it will open the cipher. And our information will not reveal anything. It is at one moment in time - it can be used by a third party, at that moment when you use it for the initial settings of your "chessboard".
Further, neither you nor the hacker need it.
This is a huge difference from keys that ALWAYS need to be scanned.
That is the difference.
But that is not all.
full member
Activity: 224
Merit: 120
Example 1. In July 2017, the developers of Parity, the Ethereum cryptocurrency wallet, faced theft. Unknown attackers took advantage of the bug in the multi-signature contract, which allowed them to steal funds from other people's wallets.

As a result, all users who deal with multi-signature wallets created earlier on July 19, 2017 were affected. In the pockets of criminals settled 153 thousand ETH, that is, about $ 30 million at the current rate.

Hacking occurs through the spread of viruses. Such viruses can be divided into two types.

The first is hidden miners. They infect the system and start mining crypts on the infected computer without the knowledge of the computer owner and in the interests of the virus owner.

The second is stylers. They steal wallets passwords and wallets themselves. The stylers can also include primitive viruses, which replace the sender address on the clipboard.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I'm really sorry. I can not understand what you're trying to say. This is a completely new way of thinking about encryption.

I had implied that the initial chess board is fixed in it's starting position, and any updates to the pieces could be followed by an eavesdropper using the same keyless encryption scheme you proposed.

I'm not even talking about a man-in-the-middle attack.
full member
Activity: 224
Merit: 120
For your chess game, both of you have to have the same board. So either you both started in the standard configuration, or both of you had to communicate the state of the board at the start.

One time pads are indeed uncrackable, but again, both of you need to have this at the start, so it must be sent by another channel of communication, or physically.
---------------------
Yes, you are absolutely right. Now I see that you have caught the point. And this makes it possible to understand in more detail. The initial state - really should be the same on both chessboards. This is the so-called first communication session. Let's take an example. Option client server. If this is a public visit server, without authentication (and without authorization) of the client, this is an advertisement board. I don’t think that this requires encryption. This option of working on a closed communication channel organized by keyless technology is possible, but for now let us leave it. The second option is more in demand, from the point of view of safe data exchange, when you go to the server on which you are registered. Therefore, you have your identifier. We don’t care what origin it is, in the final form it is always digital. This is nothing but the unique information of a unique user. You can salt it (cryptographically) with the server, one salt, you can change it with a unidirectional cryptographic function, it doesn’t matter, it is unique.

Now attention. We need it only once, only as installation information, for the first arrangement of pieces on our two "chessboards" - for one on the server, and for the second at the client.

Entering this information - you arrange the chess pieces in some unpredictable way for the external observer. Everything, you can make the first move. And then what is the difference with key technology? The difference is huge, the abyss.

As soon as you have made your first move, all the rest will be carried out from a completely different arrangement of figures. No neighboring piece will remain a neighbor on both chessboards - for the next move. What this means is that it means that we have a new encryption scheme, as if a new key. And so on. A keyless encryption system is a geometric (rather than a traditional mathematical) continuum over time. Time has two independent dimensions. The first is our astronomical. Looking ahead, astronomical time is not used according to such schemes as in the protocols of OAyuth, OpenID and the like. The second time dimension is internal, having no points of correlation with the external. The unit of time there is not a “second”, but an estimated judgment about the events (errors, repetitions, encryption results). Thus, the geometric coding model makes it possible, in principle, to create a moving spatial continuum, the main feature of which is a constant change in the spatial structure. A small virtual discrete world. In such a structure, it is impossible to enter the same river twice. Because the river always flows. This means that even if they find "unique information of a unique user" and try to put it on their chessboards, they will receive the first absolutely the same arrangement of chess pieces, as in our example client-server, the same encryption scheme.

Then they will find our first data packet for encryption and encrypt - they will receive exactly the same code as our client-server. Now attention! But the next arrangement of figures, the next encryption scheme - will never coincide with the second encryption scheme for our client-server pair. Saying here the “first data packet” is really just the first data packet, let's say, 304 bits. All your safety consists in the fact that in these first 304 bits - not to enclose secret information. But you can not worry about it, the system will not let you do this either on the first 304 bits, or on the next. It will imitate the information exchange between itself, especially without you, so that those who hunt for your information do not even have access to the first correct cipher. But that's not all. It turns out that such a system gives new unique security features. About it in the next post.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
For your chess game, both of you have to have the same board. So either you both started in the standard configuration, or both of you had to communicate the state of the board at the start.

One time pads are indeed uncrackable, but again, both of you need to have this at the start, so it must be sent by another channel of communication, or physically.
full member
Activity: 224
Merit: 120
Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
I don't think it is necessary to develop such things anymore since the authentication system we currently have works well depending on your responsibility of your account. There are a lot of hardware wallets present that can be seen as a assured and safe one. You just need to find a recommended one that is proven and tested to be worthy of your trust. The verification of most of the things that we have now, as technology innovates more each day, gets more and more handy which sets anyone worry less in time of death or loss of key.
---------
Password based authentication system is an old idea that works really well. This is a digital identifier. This system is more reliable than authentication based on biometric identifiers. This result shows hacking statistics. But password authentication today is out of date, due to the development of phishing attacks and programs stealing your passwords from your device - remotely. For this reason, the future lies in authentication systems without a password, without biometric data. These systems are being developed, but with a different basis. I like the system with a variable digital identifier. She's a keyless encryption system. It is 2 in one. Whether you want it or not, encryption and, most importantly, decryption without a key can only be done by identifying your "own" code, using passwordless authentication. Such a reciprocal relationship.
sr. member
Activity: 756
Merit: 268
Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
I don't think it is necessary to develop such things anymore since the authentication system we currently have works well depending on your responsibility of your account. There are a lot of hardware wallets present that can be seen as a assured and safe one. You just need to find a recommended one that is proven and tested to be worthy of your trust. The verification of most of the things that we have now, as technology innovates more each day, gets more and more handy which sets anyone worry less in time of death or loss of key.
full member
Activity: 224
Merit: 120
And after that, the value of this information will be clear:
Quantum Supremacy Using a Programmable Superconducting Processor
Wednesday, October 23, 2019
Posted by John Martinis, Chief Scientist Quantum Hardware and Sergio Boixo, Chief Scientist Quantum Computing Theory, Google AI Quantum
https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html
full member
Activity: 224
Merit: 120
Most modern mobile devices running recent versions of Android can do 4k bit public/private key encryption. 16k private keys are still not normal.

Mobile browsers can also use modern encryption, like Firefox with https, with ethereal keys.

I still prefer to stick to "classic" or proven methods, I'm not concerned anyone is going to break my keys soon, or in the next few years or decades.

I mean, good for you, someone is doing research on this. I eagerly await the results.
-------------------------------------
Absolutely correct behavior. Everything new must pass the test. Today, the verification of everything new must be very thorough, new quantum calculations have appeared. It is interesting to use this platform for communication for its intended purpose - for discussions, for the exchange of views. Therefore, I proposed a completely new and debatable topic. But at the moment, nobody wants to sort things out so far. Everyone is content with old technology and does not notice the rapidly changing security environment. The rise of cybercrime is phenomenal. All defenders work well after the crime, not before it. This is a disturbing fact.



1) Imagine that we play chess. We transfer our moves - by telephone, through open communication, we hang on the bulletin board, it does not matter. Between ourselves, we agreed that the game of chess is a distracting maneuver. In fact, we need each chess move to indicate a specific chess piece. Each move is still needed to move a specific piece. We agreed, and temporarily, that each chess piece indicates is associated with specific information. Denotes a part of the information that needs to be “encrypted and transmitted”, for example, this is a byte of our information.

2) We transmit to each other only "service information", only a link from which cell the figure should be taken and in which cell the figure should be placed. It’s just a chess move of some kind. All pieces are randomly located on the board, unknown how, for an external observer. Let in our chess, all pieces are allowed all moves, without discrimination.

3) I pass the move on my board: A5 to B2, but I do not indicate a piece, and only on the board of my partner it is clear that this is a “black elephant”. The "Black Elephant", by default, temporarily, for this communication session or for this data packet, is associated with some kind of information byte. Therefore, transmitting the digitized code of the move - I transmit the link, a vector defined unambiguously only in the reference frame selected for this data packet.

4) Note that the reference point - we can also change. The coordinate system and the starting point of reference can be like at any of the 4 corners of the chessboard (as it usually is), inside the chessboard, outside the chessboard. From choosing this parameter - the digital code of the chess code - will change. In any case, this is another uncertainty that is very relevant in cryptography.

5) This chess move, this link in this space, this vector, I additionally encode. I encrypt as good as I can. I have many more rounds of encryption, the last of which is the XOR operation with a one-time binary tape, its length is exactly equal to the length of the link cipher. This is the Vernam cipher class, with the only difference being that our one-time binary tape is never transmitted from me to my partner. Therefore, the final cipher is not vulnerable, persistent in the absolute sense of the word (K. Shannon theorem, proved in 1945).

6) In fact, I only encrypt the link, nothing meaningful information for the external observer, even if he decrypts it. Because he does not see the chess game, he does not see which piece this link indicated. A figure is information that I “transmit and encrypt” at this point in time.

7) Why then additional rounds of encryption? To encrypt information - they are not needed. And to prevent cryptanalysis using the Chosen-plaintext attack (CPA) method, for very large amounts of cipher, they will not hurt.
full member
Activity: 224
Merit: 120
Cryptography after the Aliens Land, Bruce Schneier, IEEE Security & Privacy, September/October 2018.
Read at least the beginning of the article, it was written by all recognized genius in cryptography! I had the honor of being in correspondence with this person; he allowed me to use his quotes. This is a formality, but a fact. The fact that modern cryptography has a lot of problems is not my thoughts. Think carefully about what is written in this article.
https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Most modern mobile devices running recent versions of Android can do 4k bit public/private key encryption. 16k private keys are still not normal.

Mobile browsers can also use modern encryption, like Firefox with https, with ethereal keys.

I still prefer to stick to "classic" or proven methods, I'm not concerned anyone is going to break my keys soon, or in the next few years or decades.

I mean, good for you, someone is doing research on this. I eagerly await the results.
full member
Activity: 224
Merit: 120

EG if you have the only house key only you can unlock the door. but if there are 100,000 housekeys that can fit the door. then it becomes much easier
.....

having a algo that changes keys randomly means there is more chance of getting the key that fits.
(adding more needles to a hay stack makes it easier to find a needle in a haystack)


Here is an early version of military communication declassified:

https://en.wikipedia.org/wiki/KY-57

I would imagine the more recent stuff is more advanced coupled with frequency hopping.
---------------------
This is a very interesting development. It’s a pity that she is classified. However, there is an assumption that this is an analog of modern keyless primitives, such as for example, hash functions. In other words, sometimes, a system with one secret key is called a keyless one. In a sense, this is so. After all, the key is not transmitted, you do not need to do this. But such systems are fundamentally different from systems with a variable encryption scheme when each new data packet has its own set of encryption and decryption rules.
full member
Activity: 224
Merit: 120
It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
__________________
I am not an expert in this matter. But they write this: “Interesting information was announced in Lisbon in the July Building-on-Bitcoin conference by the famous bitcoin developer Jameson Loppe. He said that during the existence of the distributed BTC registry, about 6 million bitcoins were stolen and lost due to the loss of keys. . " As we can see, the owner’s secret keys are always under attack by a hacker.



Example 1. In July 2017, the developers of Parity, the Ethereum cryptocurrency wallet, faced theft. Unknown attackers took advantage of the bug in the multi-signature contract, which allowed them to steal funds from other people's wallets.

As a result, all users who deal with multi-signature wallets created earlier on July 19, 2017 were affected. In the pockets of criminals settled 153 thousand ETH, that is, about $ 30 million at the current rate.

Hacking occurs through the spread of viruses. Such viruses can be divided into two types.

The first is hidden miners. They infect the system and start mining crypts on the infected computer without the knowledge of the computer owner and in the interests of the virus owner.

The second is stylers. They steal wallets passwords and wallets themselves. The stylers can also include primitive viruses, which replace the sender address on the clipboard.



Example 2. Old proven phishing.

At the end of September 2017, cyber police together with employees of the Talos division of Cisco launched an investigation into one of the largest phishing campaigns aimed at cryptocurrency users (Coinhoarder operation).


According to the press service of the cyber police, a large number of domains have been discovered, the names of which are similar to the original resource of the online service of virtual Bitcoin-wallets: blockchain.info.

Eight dozens of phishing blockchain sites are already known. Victims were lured to them through Google Adwords advertising campaigns.

When the keyword “blockchain” was introduced on Google, a link appeared that looked legitimate. However, after clicking on this link the user was taken to a fake domain (similar to bockchain.info). The domain looked similar to the original, but had a different domain name and a specially designed script from attackers.



It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
---------------------------
As for the use of keyless technologies in cryptocurrency wallets, such projects are still possible, theoretically. Here is an example:
https://toxic.chat/



In addition to the benefits for the user, because you can not steal the key, there are advantages for the blockchain itself, in general.

Here are the three principles of this keyless technology, built on geometry, not mathematics:

1) a chain of state sequences;
2) the presence of all links of the chain (blocks)
3) the absolute dependence of each new link (state of space) on all the information used for the exchange

- correspond to the definition of the classic “blockchain”: “a continuous sequential chain of blocks built up according to certain rules (linked list)”, with the important difference that there are no blocks as such, they all correspond to existing system states that need not be saved (unlike blocks).


--------------------------------------------------
   classic blockchain      alternative blockchain
1) No parallelization, no synergy, no mutual assistance - only duplication, and immediately (continuously) million times/
1)   Copying or partial copying, distribution of parts of the system between any number of users, node or super nods, central server - no restrictions, the weight of the system does not change as many times as its direct and continuous use

2) All blocks are linked by a cryptographic signature in chronological order in a single chain, complex mathematical algorithms are responsible for this   
2) All blocks (states) are linked by an analogue of a cryptographic signature (the Vernam cipher level), not complex algorithms are responsible for this.

3) Attempting to integrate current payment networks into a blockchain can be so complex that no one will even try to go this way.   
3)The problem of overloading computing power and existing networks is absent due to the complete lack of scalability in this technology.

4) Currently, there are more than 1,400 digital coins, many of which have their own versions of the blockchain, each with its own “+” and “-”   
4) It makes no sense to create such a number of technology options in the case of its use in cryptocurrencies, since The technology is free from the main disadvantages of any variant of the classic blockchain.

5) To prevent an attack, you need to use complex security keys and two-factor authentication, there is a "human factor".   Each data packet not only carries information, but also performs (as a 100% hash) the verification function of each previously received and current data packet, there is no “human factor”
In the current reality, the blockchain's “eternity” is limited to a dozen years - the increase in the capacity of hard drives definitely does not keep pace with the growth in blockchain volume   
5) The system does not scale to any bit depending on any number of transactions, but increases when a new unit appears

6) Very low speed of operations, hung stocks, miners are combined into pools - the problem of 51% is becoming more urgent   
6) The speed of operations depends only on the number of nodes, there is no problem confirming all the “blocks”, a very high and stable performance




Phishing is possible only if you have a persistent identifier. In addition, the server checks you, and you are the server? In keyless encryption technology in the client-server model, phishing is not possible because your identifier is always variable. And the check goes in both directions. This makes the transmission and reception protocol of the encryption system itself. If this were not so, then the encryption scheme would be either constant or predictable. This would be an ordinary cryptographic keyless primitive, of which there are a lot, they are called unidirectional functions and so on.



Here is an example of how phishing works on the blockchain:
"As soon as the user entered the wallet, or created a new one, Nginx replaced it with his own on the fake server. Criminals accessed information from the graph sharedkey, password, secondPassword, isDoubleEncrypted, pbkdf2_iterations, accounts."

And further:
"According to information from security specialists at blockchain.info, this phishing campaign is one of the largest in history ..."

Moreover:
"The experts also found confirmation that these attackers were involved in the creation of several so-called HYIP projects, such as: flexibit.bz, verumbtc.com, hashminers.biz.

Cisco researchers said fraudsters earned $ 50 million in cryptocurrency over the past three years. It's about losing users all over the world. "

What other examples are needed to understand that key technologies are very dangerous.



Today, even a poorly trained user can do a phishing attack. There are ready-made programs for this. Everyone needs to know about this.

Here's a nasty fresh example of how they might attack us:

Large online services use two-factor authentication (2FA) to protect accounts. Usually its implementation comes down to the fact that in addition to the login and password, you must enter a one-time code sent in SMS or push-notification to the mobile number specified during registration. Until recently, 2FA was considered a relatively reliable anti-theft system, but now there are already ready-made tools that make it easy to overcome it.
One of them is Evilginx 2, which we will talk about. This is a reverse proxy server and a ready-made framework for performing a MITM attack to bypass two-factor authentication. Everything that is possible is automated in it.
Evilginx 2 has the super ability to create a signed certificate for a fake site using the client’s free and fully automated Let’s Encrypt Certification Authority. This helps the attacker to use HTTPS and decorate the phishing site with a green lock in the address bar. As a result, the fake is visually indistinguishable from the original. Plus, Evilginx 2 independently detects and intercepts valid cookies, and this is the main component of a successful hack.

We are used to the fact that all hacker tools are written for Linux, however Evilginx 2 is available both on Windows and as a Docker container.



South Korea’s largest cryptocurrency exchange, Upbit, has notified its users of the theft of tens of millions of dollars in cryptocurrency from its wallet.

According to Lee Seok-Wu, the head of the Dunamu managing company exchange, on Wednesday, November 27, at 13:06 from the “hot” Ethereum wallet Upbit 342 thousand ETH (about $ 50 million) were transferred to an unknown wallet (0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029)



The number of bitcoins lost due to the loss of keys or the death of the key keeper is huge and is growing every year. The theft of our confidential information, passwords - is growing. I get new confirmations of my position that new passwordless and keyless systems will be in demand. Here is a fresh example.
Positive Technologies experts summed up the results of the third quarter of 2019. Every fifth attack was directed against individuals, with almost half (47%) of all data stolen from them - these are credentials in various systems (logins and passwords). For example, the Clipsa Trojan is able to covertly “mine” cryptocurrency, steal passwords, change the addresses of crypto-wallets, and also launch brute force attacks against WordPress-based sites.
full member
Activity: 224
Merit: 120
It's much better to use a well established algo, such as AES ... The algo is public. All you need is a key now. That is the one you keep secret between you and the other side.

If there are no other channels to get this secret to the other side safely, that's where public key encryption comes in.

Trying to roll your own cryptography without a key ... = not going to be very good. No one will use it but you, and you have what is called "security through obscurity".

It won't be any better than what's already available out there. All well known and current 256 bit symmetric-key algorithms are uncrackable provided you use a randomly generated key.

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.


I'd stick to just using AES or Twofish. DES has too low a bit strength it can be brute forced in hours or minutes.

Trying to use your own home brew encryption scheme isn't any much better than ROT13. It has "no key".

----------------------
Symmetric systems without asymmetric ones will not work, no one will meet and pass each other a key for encryption. You know that asymmetric encryption systems are conditionally reliable. So, now, they use keys of 4 kilobits in size. You also know that a 256-bit symmetric system key is equal in reliability to a 15,300-bit asymmetric system key. It is not possible to use such a key on modern technology, because it will require huge computing resources, and our smartphones do not have them. And there are also cryptanalysts. No military organization ever uses a public-private key pair. Think about why. Moreover. This year, the era of quantum computers has begun, which we all can use over the network. A 53-qubit computer did calculations in 200 seconds that a regular computer would do 10,000 years. Read the news. All asymmetric cryptography is already in the past, not only for special services, but even for ordinary hackers. The American Standards Institute is looking for post-quantum asymmetric systems. While there are 4 candidates from asymmetric systems and 1 candidate from symmetric ones. But every asymmetric candidate consumes a lot of resources. How will a symmetric system work without an asymmetric one? No way. This is in theory only possible. But not to us.
sr. member
Activity: 966
Merit: 274
It might be a solution to many problems concerning security in access in terms of technology. But in my opinion it doesn't allow users to recover accounts whenever in case an accident happened. In terms of bitcoin that uses wallet address and private key, we need to physically write or digitally save the information for us to retrieve our account. This technology might be possible and suits other platforms but I don't see its positive implication to cryptocurrency because it already uses strong encryption in hashes through the blockchain.
full member
Activity: 224
Merit: 120
Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
Only the physical theft of the key remains, or am I wrong? It will be necessary to capture a person who owns cryptocurrency and this key, and this is the only way to steal money. But I like that because hackers will become useless with such a security system.
____________________________
No, the key cannot be stolen. The key cannot be stolen here, since it as a function is absent. Moreover, there is no single encryption scheme, how can one have a key? He’s useless; there’s nothing to steal. This is the trick. There is one of many encryption schemes. There are eight independent rounds of encryption. All of them have a large number of their encryption schemes. All of them are in a geometric space with a function of time as we are used to and with a function of time internal, unusual and working according to its own laws. Taken together, this is a space-time continuum, virtual of course. Such a system works according to the principle: you cannot enter the same river twice. The river is always different. In this technology, even the information itself is not encoded. Encoded links inside the space pointing to the elements of the space. Elements of space are always moving. Like cars in the city. The starting point of the reference system for the link is also always moving. All information is divided into parts (for example, 8 bits), then we need 256 machines to match all the options. All 256 cars move around the city, the street map of which is always a variable unknown to the outside observer. The location of each car is unpredictable, they are always in motion, and traffic without city traffic jams. Our starting point is a drone flying in the sky of a city. The drone is always moving. If we need to transfer any version of 8 bits, we need to draw a vector (link) from that drone to that car. This car, at a given time (this is also a variable), is located at some point in the city. Predicting a vector (link) to an external observer is not possible. The vector is digitized, and this is only the first 2 rounds of encryption. It is encoded further. As a result, only the vector (link) code is transmitted to the communication channel. Decode it - without meaning and without benefit. It does not contain our information. In the same way as in itself the Internet link, link does not contain information. These are the basics of keyless geometric vector systems.
jr. member
Activity: 113
Merit: 5
Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
Only the physical theft of the key remains, or am I wrong? It will be necessary to capture a person who owns cryptocurrency and this key, and this is the only way to steal money. But I like that because hackers will become useless with such a security system.
full member
Activity: 224
Merit: 120
Why don't you explain how the decryption part works. You have this blob of encrypted data and nothing else. How does it work?
-----------
This will be clear when all the principles of this technology are shown. I will write them in order, observe how they are perceived by readers, and then write further. Very briefly, but not very precisely, it can be explained this way. Each next data packet has its own encryption scheme and it has a decryption scheme.  Both systems are completely symmetrical. But their settings always change. The scheme is in a static state, it does not change, only when one data package is prepared. Once it is prepared, it changes to a completely new one. This is a property where both systems are always in the same state for only one data packet - called a logical time tunnel. They are absolutely deterministic. But they are absolutely movable. Yes, and most importantly, the mathematical principles of coding in such a system will be very cumbersome and predictable. We have conducted research that has shown that geometric models are ideal for such a paradigm, simple and without recognition complexes. But it's not difficult to explain it all on the example of a chess game. If there's anyone else's interest.
full member
Activity: 224
Merit: 120
You write: "EG if you have the only house key only you can unlock the door. But if there are 100,000 housekeys that can fit the door. Then it becomes much easier." It's the opposite here. There are 100,000 housekeepers, each has a key. And the lock in the door at one time is configured only for one housekeeper. At the next point in time - at a randomly selected out of 100,000. This is a different principle. In fact, this number 2 was raised to the 304th degree. It's a minimum. Because the system has the ability to work with data packets of different sizes. For one package, this is 2 to 304 degrees. And for 2 already: 2 to 608 degrees. Feel the difference. In a symmetric system with a 256-bit key, it is always 256-bit. As soon as you guess the key, the system will fly. In our system, guessing one option for one data packet does not give you anything useful. Because the next option has no correlations with the previous one, a priori.



It's much better to use a well established algo, such as AES ... The algo is public. All you need is a key now. That is the one you keep secret between you and the other side.

If there are no other channels to get this secret to the other side safely, that's where public key encryption comes in.

Trying to roll your own cryptography without a key ... = not going to be very good. No one will use it but you, and you have what is called "security through obscurity".

It won't be any better than what's already available out there. All well known and current 256 bit symmetric-key algorithms are uncrackable provided you use a randomly generated key.

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.


I'd stick to just using AES or Twofish. DES has too low a bit strength it can be brute forced in hours or minutes.

Trying to use your own home brew encryption scheme isn't any much better than ROT13. It has "no key".

----------------------
Symmetric systems without asymmetric ones will not work, no one will meet and pass each other a key for encryption. You know that asymmetric encryption systems are conditionally reliable. So, now, they use keys of 4 kilobits in size. You also know that a 256-bit symmetric system key is equal in reliability to a 15,300-bit asymmetric system key. It is not possible to use such a key on modern technology, because it will require huge computing resources, and our smartphones do not have them. And there are also cryptanalysts. No military organization ever uses a public-private key pair. Think about why. Moreover. This year, the era of quantum computers has begun, which we all can use over the network. A 53-qubit computer did calculations in 200 seconds that a regular computer would do 10,000 years. Read the news. All asymmetric cryptography is already in the past, not only for special services, but even for ordinary hackers. The American Standards Institute is looking for post-quantum asymmetric systems. While there are 4 candidates from asymmetric systems and 1 candidate from symmetric ones. But every asymmetric candidate consumes a lot of resources. How will a symmetric system work without an asymmetric one? No way. This is in theory only possible. But not to us.




EG if you have the only house key only you can unlock the door. but if there are 100,000 housekeys that can fit the door. then it becomes much easier
.....

having a algo that changes keys randomly means there is more chance of getting the key that fits.
(adding more needles to a hay stack makes it easier to find a needle in a haystack)


Here is an early version of military communication declassified:

https://en.wikipedia.org/wiki/KY-57

I would imagine the more recent stuff is more advanced coupled with frequency hopping.
---------------------
This is a very interesting development. It’s a pity that she is classified. However, there is an assumption that this is an analog of modern keyless primitives, such as for example, hash functions. In other words, sometimes, a system with one secret key is called a keyless one. In a sense, this is so. After all, the key is not transmitted, you do not need to do this. But such systems are fundamentally different from systems with a variable encryption scheme when each new data packet has its own set of encryption and decryption rules.



Cryptography after the Aliens Land, Bruce Schneier, IEEE Security & Privacy, September/October 2018.
Read at least the beginning of the article, it was written by all recognized genius in cryptography! I had the honor of being in correspondence with this person; he allowed me to use his quotes. This is a formality, but a fact. The fact that modern cryptography has a lot of problems is not my thoughts. Think carefully about what is written in this article.
https://www.schneier.com/essays/archives/2018/09/cryptography_after_t.html





And after that, the value of this information will be clear:
Quantum Supremacy Using a Programmable Superconducting Processor
Wednesday, October 23, 2019
Posted by John Martinis, Chief Scientist Quantum Hardware and Sergio Boixo, Chief Scientist Quantum Computing Theory, Google AI Quantum
https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html
Pages:
Jump to: