Pages:
Author

Topic: Keyless encryption and passwordless authentication - page 6. (Read 2887 times)

legendary
Activity: 4424
Merit: 4794
OP talks about 'keyless encryption' but then lays out an example of a password with a varying salt
(password is still the key info)

or to put it simply a 12 word bitcoin passphrase seed. but only keeping the first 10 phrases fixed and altering the last 2 phrases so that if your held hostage you give them a other 12 phrase of only pocket change instead of your true phrases of life savings

the issue with having a varying privat key
that a public key would accept multiple variations means multiple risks

EG if you have the only house key only you can unlock the door. but if there are 100,000 housekeys that can fit the door. then it becomes much easier
.....
some people have already fooled around with things like 'address' message signing access
such as submit a public key as the 'verify' of account
and then people have to sign a particular message
such as
'26/11/2019 today trump combed his hair'
so the message is random meaning when signed the signature is random. but the verifying becomes easy as it doesnt require asking for the private key. thus the private key remains secure
....
having a algo that changes keys randomly means there is more chance of getting the key that fits.
(adding more needles to a hay stack makes it easier to find a needle in a haystack)

for me personally..
i do use a certain keyword and then scramble another word beside it depending on the website to make my password appear 'unique' per site but still only requires me remembering one key piece of info for everything
yes its more of a risk than just having totally unique password per site
but less of a risk of just using same password per device/site

but i just find that the OP's proposal is going backwards security wise not forwards
full member
Activity: 224
Merit: 120
All you say is right. These are excellent cryptographic solutions. If it weren't for the danger of stealing the key, phishing or other problems with key-type systems. If you use keyless cryptography, you get the following benefits: 1. you have nothing to steal. 2. the durability of the encryption is not based on the durability of the key (Auguste Kerckhoffs principle). 3. Absolute integrity of all messages at the level of 1 bit of information. 4. Absolutely impossible to modify this cipher. 5. as a bonus - password-free authentication based on variable numeric identifiers. 6. authentication in both directions and for this reason the impossibility of phishing. 7. other things that are is too early to talk about before all the issues have been analyzed.



Why don't you explain how the decryption part works. You have this blob of encrypted data and nothing else. How does it work?
-----------
This will be clear when all the principles of this technology are shown. I will write them in order, observe how they are perceived by readers, and then write further. Very briefly, but not very precisely, it can be explained this way. Each next data packet has its own encryption scheme and it has a decryption scheme.  Both systems are completely symmetrical. But their settings always change. The scheme is in a static state, it does not change, only when one data package is prepared. Once it is prepared, it changes to a completely new one. This is a property where both systems are always in the same state for only one data packet - called a logical time tunnel. They are absolutely deterministic. But they are absolutely movable. Yes, and most importantly, the mathematical principles of coding in such a system will be very cumbersome and predictable. We have conducted research that has shown that geometric models are ideal for such a paradigm, simple and without recognition complexes. But it's not difficult to explain it all on the example of a chess game. If there's anyone else's interest.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
It's much better to use a well established algo, such as AES ... The algo is public. All you need is a key now. That is the one you keep secret between you and the other side.

If there are no other channels to get this secret to the other side safely, that's where public key encryption comes in.

Trying to roll your own cryptography without a key ... = not going to be very good. No one will use it but you, and you have what is called "security through obscurity".

It won't be any better than what's already available out there. All well known and current 256 bit symmetric-key algorithms are uncrackable provided you use a randomly generated key.

Examples of popular symmetric-key algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA.


I'd stick to just using AES or Twofish. DES has too low a bit strength it can be brute forced in hours or minutes.

Trying to use your own home brew encryption scheme isn't any much better than ROT13. It has "no key".
full member
Activity: 224
Merit: 120
If you agree with that, we'll continue. In modern cryptography (let's talk about symmetrical one so far), astronomical numbers and Calculus are usually used. There are known problems, but in general it is a great achievement of human thought. These are the key-type systems. The key is the rules of encryption and deciphering. In the keyless symmetric system, there are also encryption and deciphering rules. There is no difference in the principles of operation, the only difference is the absence of a key itself. Now, what is a key, as we understand it, what is its function? It's some kind of digital code that the user keeps secret, which should be exactly the same for another user (we're talking about symmetric systems, like the EE2E, often based on AES for encrypting information and an asymmetric system for generating the initial keys). If this information disappears, your communication is either tapped or modified. In a keyless system, there is an encryption scheme, but no stored and used key information. The question was asked correctly - this encryption scheme will be calculated very quickly. That's right. To protect against such simple hacking move, a keyless system uses a constant change of system, as often as possible. It is possible to do this on a single packet of transmitted information. Minimum packet size is 304 bits. This means that it is harder to find a rule to convert such a packet by brute force than in AES with a 256 bit key. Let's stop here and take a look at the comments. I said less that one percent of the information about the keyless deviceso far, consider that this is only the beginning (and already there is so much text).
donator
Activity: 1617
Merit: 1012
Why don't you explain how the decryption part works. You have this blob of encrypted data and nothing else. How does it work?
brand new
Activity: 0
Merit: 0
Passwordless verification is a sort of validation where users don't have to sign in with passwords. This type of verification thoroughly makes passwords outdated. With this type of confirmation, users are given the alternatives of either signing in just through a magic link, unique finger impression, or utilizing a token that is conveyed through email or instant message.
projectfree tv
full member
Activity: 224
Merit: 120
If you approach the question so simply "it can't be", it's hard to say. Assuming that it is possible, I can describe the essence of the idea. Let's imagine that we need to encrypt and pass one byte octet, which is 8 bits. Agree that if we can encrypt one byte without a key, we will probably be able to encrypt the other. If this level of discussion suits you, then you can play logic games and try to explain the essence of this method to you.  Let's agree again on the terms. If we use a key, we choose an encryption scheme in the encryption system. You don't know the key yet - you just don't know what algorithms to use to work with the code (either to encrypt it or to decrypt it). Is there a disagreement on this point?



If you agree with that, we'll continue. In modern cryptography (let's talk about symmetrical one so far), astronomical numbers and Calculus are usually used. There are known problems, but in general it is a great achievement of human thought. These are the key-type systems. The key is the rules of encryption and deciphering. In the keyless symmetric system, there are also encryption and deciphering rules. There is no difference in the principles of operation, the only difference is the absence of a key itself. Now, what is a key, as we understand it, what is its function? It's some kind of digital code that the user keeps secret, which should be exactly the same for another user (we're talking about symmetric systems, like the EE2E, often based on AES for encrypting information and an asymmetric system for generating the initial keys). If this information disappears, your communication is either tapped or modified. In a keyless system, there is an encryption scheme, but no stored and used key information. The question was asked correctly - this encryption scheme will be calculated very quickly. That's right. To protect against such simple hacking move, a keyless system uses a constant change of system, as often as possible. It is possible to do this on a single packet of transmitted information. Minimum packet size is 304 bits. This means that it is harder to find a rule to convert such a packet by brute force than in AES with a 256 bit key. Let's stop here and take a look at the comments. I said less that one percent of the information about the keyless deviceso far, consider that this is only the beginning (and already there is so much text).
legendary
Activity: 3472
Merit: 10611
there is no such thing as "Keyless encryption". it simply doesn't make any sense. you need to have something to encrypt and then later on decrypt the data.
not to mention that what you are explaining here, although hard to understand, is also using a "key". what you are doing is changing the form of it compared to the key that is used in any of the symmetric algorithms. but that is not removing the need for a key! your "key" is the algorithm itself. and if the algorithm is known and doesn't take any input then it is not safe since it could be broken by anybody knowing it.
full member
Activity: 224
Merit: 120
It's unusual to understand. But it is possible to arrange everything in a logical order. First, you have your encryption settings, let's call them initial, initial settings. Then you want to connect to your partner. It is important that the partner has the same encryption settings as the partner. Well, if you are more accustomed to other words, let it be one key, the same for two. Agree that in one encryption system, the key creates specific system settings, the key selects the encryption scheme. But in a normal key system (a double ratchet will be discussed later), the logic of the process is as follows: the system takes your information, takes your key, and creates a cipher. In a keyless system there are other processes going on. The system takes your information with the initial settings - it generates a cipher. But the trick is that the next information will be encrypted in a completely different way, as you used to - under a different key, the scheme itself will be chosen by the system based on many factors, and the external observer can not see them and can not calculate. This is a big topic, we can talk, but we need to be clear that there are no logical contradictions in this idea. Moreover, unlike the key system, the information itself is not encrypted. There is one method that is used, it is a method of temporary correspondence of your information - the internal element of the system. But this element will not be encrypted either. Only a temporary link to this element will be encrypted. Then the cipher will be a digital description of the link. Then, it is logical to assume that deciphering the link itself, to an external observer who does not know the initial settings of the system - without meaning, as well as without meaning to decipher the link to the Internet, link. You have to go and see what this link points to. So this system works.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.
full member
Activity: 224
Merit: 120
Maybe the answer is in a different cryptography. In keyless cryptography, in a system from which it is not possible to steal keys or passwords. I know that such developments are now in progress. Yes, they are probably very closely related to passwordless authentication. With one that never uses biometric data. The question remains what such authentication uses. And there is an answer - a variable numeric identifier. The beauty of this idea is that if you have a password or a key, your identifiers are numeric but seemingly permanent. The new technology proposes to make variable identifiers. So much variable that it is impossible for an outside observer to catch or predict the next identifier. And its changes are so rapid that stealing the current one is also useless. Here is the real way to a new cryptography and to a new level of security for the user. Probably, the keyless and passwordless system, is an only possible answer for the ordinary user today, in the world of quantum computers and quantum calculations.
Pages:
Jump to: