Cryptography

Windows XP SP3 Offers Enhanced Reliability and Security, But Not IE7

The long-awaited Windows XP Service Pack 3 became available as an Express Update May 6, 2008 on Windows Update, and offers enhanced reliability and security through a few new features: Network Access Protection (NAP), designed to work with Windows Server 2008; a product key-less install option; a Kernel Mode cryptographics module, and; a “black hole” router detection algorithm.

One puzzling thing, however, is that SP3 doesn’t include the more secure IE7–it ships with a fully-patched IE6 instead. As I found out, having applied SP3 to my systems, all of which are running IE7, this isn’t a problem; systems won’t be rolled back to IE6. Here’s an excerpt from the IE Blog:

XPSP3 will continue to ship with IE6 and contains a roll-up of the latest security updates for IE6. If you are still running Internet Explorer 6, then XPSP3 will be offered to you via Windows Update as a high priority update. You can safely install XPSP3 and will have an updated version of IE6 with all your personal preferences, such as home pages and favorites, still intact.

If you are currently running IE7 on XPSP2, Windows Update will offer you XPSP3 as a high priority update. If you choose to install XPSP3, Internet Explorer 7 will remain on your system after the install is complete.

If you’re still running IE6, you really should upgrade to IE7. Along with SP3, that will make your XP system as secure as it can be at this time.

Make Your Own Paper Enigma Machine

The Enigma cipher machine was a very cool electromechanical device for producing polyalphabetic ciphers that reached it’s heyday during World War II. The original surviving devices are all in museums or private collections, but you can make a paper version. This site: http://mckoss.com/Crypto/Enigma.htm will let you print one out and play with it.

Using the paper version is tedious, though, so you might want to check out this cool simulation that you can install on your PC. There’s also an online Flash-based simulation.

Have fun!

Encrypt, You Must, But Do It Right!

One of the clients I service has information that falls under HIPPA. Prior to last week, all of the data was stored on a server located behind a strong firewall in a building with good physical security. Last week, however, this organization decided to deploy laptops for their field operatives. Major security problem. Full-drive encryption was my first thought.The good thing is that there was nothing on the laptops except for the OS–they were brand new. Nobody had seen them except me. I was able to encrypt the hard drive before any data had been written, thus insuring that no remnants of unencrypted data exist. Every future write to the hard drive will be encrypted.

If you think about it, this is the safest way to do full drive encryption. But what if you want to re-deploy equipment that has had data on it? In this case, you’ll want to first wipe the drive using a good tool like Darik’s Boot and Nuke (DBAN) or CMRR’s Secure Erase, depending on the sensitivity of the data. DBAN will let you write multiple passes of pseudorandom data, which is usually “good enough.” Then, reinstall your OS of choice and run your full drive encryption program assigning a passphrase at least 20 characters long (mine’s 45). All this working of the drive should sufficiently scramble any data remnants.

The Unsolved D’Agapeyeff Cipher

Sometimes, it’s a good thing to take a breather from the routine, to venture off into something more fun than the serious day-to-day concerns of network and computer security. One of my interests is cryptography, especially its history, and I love to play around with cryptograms in the daily newspaper, even though they’re just simple substitution ciphers (though there are some puzzle books out there that use polyalphabetic and transposition ciphers).

There’s no question that computers have taken cryptography well out of the realm of human-generated codes and ciphers. Done properly, modern encryption systems produce output that appears to be nothing more than random noise to a human–and no human will ever be able to break those ciphertexts without the help of powerful computers. Yet, there are human-generated ciphers that haven’t been cracked. One of those is the D’Agapeyeff cipher, which appears as “…a cryptogram upon which the reader is invited to test his skill” in the first edition of “Codes & Ciphers, ” written by Alexander D’Agapeyeff, published by Oxford University Press in April, 1939.

The book is an elementary text on classic encryption methods and the cryptogram is placed on the final page of the final chapter which details methods of decryption of the various types of ciphers. Here’s the cryptogram as it appears in the book (this was omitted from later editions for reasons unkown):

75628 28591 62916 48164 91748 58464 74748 28483 81638 18174
74826 26475 83828 49175 74658 37575 75936 36565 81638 17585
75756 46282 92857 46382 75748 38165 81848 56485 64858 56382
72628 36281 81728 16463 75828 16483 63828 58163 63630 47481
91918 46385 84656 48565 62946 26285 91859 17491 72756 46575
71658 36264 74818 28462 82649 18193 65626 48484 91838 57491
81657 27483 83858 28364 62726 26562 83759 27263 82827 27283
82858 47582 81837 28462 82837 58164 75748 58162 92000

I assumed (correctly, I think–see this article) that two numbers represent one letter and that this was some sort of simple substitution cipher. I divided the cryptogram thus, omitting the three zeros that are obviously nulls:

75 62 82 85 91 62 91 64 81 64 91 74 85 84 64 74 74 82 84 83 81 63 81 81 74
74 82 62 64 75 83 82 84 91 75 74 65 83 75 75 75 93 63 65 65 81 63 81 75 85
75 75 64 62 82 92 85 74 63 82 75 74 83 81 65 81 84 85 64 85 64 85 85 63 82
72 62 83 62 81 81 72 81 64 63 75 82 81 64 83 63 82 85 81 63 63 63 04 74 81
91 91 84 63 85 84 65 64 85 65 62 94 62 62 85 91 85 91 74 91 72 75 64 65 75
71 65 83 62 64 74 81 82 84 62 82 64 91 81 93 65 62 64 84 84 91 83 85 74 91
81 65 72 74 83 83 85 82 83 64 62 72 62 65 62 83 75 92 72 63 82 82 72 72 83
82 85 84 75 82 81 83 72 84 62 82 83 75 81 64 75 74 85 81 62 92

You can see that no pair begins with a number less than six and no pair ends with a number greater than five. This suggests a matrix like this:

1 2 3 4 5
6a b c d e
7
8
9
0

Using this hypothetical grid, 61 is “a,” 65 is “e,” etc. That’s as far as I’ve managed to go.

Anyone else like to play with this?

Cheers!
The Geek