Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
haunter 8 days ago

> Never repeat in the clear the identical text of a message once sent in cryptographic form, or repeat in cryptographic form the text of a message once sent in the clear

And (more or less) that’s how the Enigma was cracked. Turns out starting weather report with ‘weather’ every single time is not a good idea.

Zeebrommer 8 days ago | parent [-]

Or ending it with the same salute involving the name of the leader, for that matter.

nradov 8 days ago | parent | next [-]

Standard US cryptographic protocol during the same time period was to begin and end every message with a few random words specifically to thwart such attacks.

syncsynchalt 7 days ago | parent [-]

Which accidentally caused a bit of a rift in the US Pacific Admiralty: https://en.wikipedia.org/wiki/The_world_wonders

manwe150 8 days ago | parent | prev | next [-]

Seems like an interesting conundrum. If you encrypt all transmissions, you end up having a lot of boring repetition, like weather and sign offs to just fill space. But if you don't encrypt the boring stuff, then the transmission itself is a nice signal of something interesting about to happen. But if you try to just pad with completely random noise, the other end might worry they've decoded something wrong and ask for a new cipher pad increasing the chance of interception. So maybe they should have tried to find something almost random but with known structure instead of sending the weather? Seems similar to how we now know that choosing a random password from the dictionary adds encoding redundancy without reducing security. Or similar to the goal of getting ordinary people to use Tor for ordinary things?

vl 8 days ago | parent [-]

In modern crypto it’s solved by using random nonce to star with and by using (encrypted) hash of data at the end. Random nonce gives you different cypher text for same inputs, hash tells you if you actually decrypted what was intended.

zenmac 8 days ago | parent | prev [-]

Isn't that why we have PFS now?

gruez 8 days ago | parent | next [-]

No, PFS is to ensure communications aren't compromised even if the server's private keys are compromised afterwards. It has nothing to do with mitigating known plaintext attacks. That's already mitigated with techniques like randomized IVs.

numpad0 8 days ago | parent | prev | next [-]

So-called perfect forward secrecy uses temporary keys so that eavesdropped logs can't be decrypted after those keys are discarded. To prevent known-plaintext attacks and/or statistical analysis, data entropy must be equalized so that patterns won't be apparent even before encryption.

ajb 7 days ago | parent | prev [-]

No - our actual encryption primitives work better, and don't suffer from this problem. (Other comments give an explanation of what PFS is actually for).