Ask MetaFilter questions tagged with cryptography

Compute MD5 hash value?

chitlin — Thu, 23 Jul 2009 14:57:27 -0800

What's the easiest way to compute the MD5 hash value of a file? I am trying to email a large file to a friend, and it keeps arriving corrupted in some way. I want to generate the hash value of the file and have him get the hash value when it gets there and see if it's the same. What's the easiest way for both of us to do this?

Feed me bites

gensubuser — Wed, 06 May 2009 19:03:08 -0800

How do I share images securely through an RSS feed? I have a series of images I would like to syndicate to myself, wherever I may be accessing Google Reader. I'd rather restrict "plaintext" access to only my computer, by some simple client-side encryption, if necessary. What's the easiest way of doing this?

There's an old encrypted RSS article that is exactly what I want, only for text. I'm not worried about local attacks.

Is there eg, a Greasemonkey script that would work? Am I neglecting that I would still have to host the images securely somehow? Right now I "host" from 127.0.0.1, solving several of the problems temporarily.

Trying Like Hell To Defeat The Purpose Of Encrypting Something In The First Place

ChasFile — Fri, 08 Aug 2008 18:04:28 -0800

How weak is it smart to allow my GPG key passphrase to get? When selecting a passphrase for my GPG key, is it important that it be maximally obfuscated (a random string of alphanumerics and special characters that is $MAX_STRING_LEN long)? Would it be acceptable to use a partially-obfuscated string that's at least memorizable? Would it be considered beyond the pale of idiocy to incorporate a word in the dictionary in the keyphrase?

Ideally, I'd like to be able to type the passphrase in from memory, and (for me) that is easiest done if – while incorporating special chars, numbers, and caps variations – is also at least based on an English word or phrase. Is that erect-a-monument-to-it stupid?

Help a PGP/GPG noob hold a key signing party.

zenja72 — Mon, 26 May 2008 13:17:28 -0800

Help a PGP/GPG noob hold a key signing party. I just finished reading Cory Doctorow's Little Brother. In the story, the main character holds a key signing party for his friends. I was interested in doing this, partly because I'm a nerd, partly because it'd be fun, partly because I'm paranoid and have things to say to the world.

Well, I've done a little research, and my friends are interested. However, in guides to holding key-signing parties, they suggest that each invitee create the keys beforehand- something that didn't happen in the book. Also, the tool I would be using, the Mac Client, automatically stores your data to the computer after it is created.

Basically, how can I have people generate the keys at my house? I don't want to store the keys (except maybe my own) on my computer. And what's the best way to have them copy down everyone's keys, if they are generated there? And how do they "sign" them?

Thanks for your help!

cryptography book question

Marky — Sun, 16 Mar 2008 22:52:15 -0800

Help me find this cryptography book... I remember reading a history of cryptography. One story it told was about a guy who was looking for a book about WW2 codes, which had been printed, then recalled and destroyed. He found a copy in a library, drove there and made a copy.

So, the questions are:

Where would I have read this story?

Who was the guy?

What was the book?

Is it on-line?

I know Stephenson had a version of this in "Cryptonomicon," but that's not what I mean.

Help me puzzle-hack with Python!

cowbellemoo — Thu, 28 Feb 2008 12:41:53 -0800

What are some fun and simple puzzles or cryptography I can solve with Python to help me learn the basics? I'm working my way through Dive Into Python for fun and I'm itching to get some enjoyable coding done. I've found PythonChallange.com, and cryptographic tasks appeal to me, but I'd appreciate some handholding if I'm stumped.

I'm not fantastic at math, so I'd enjoy string/list-based parsing, ciphering, and sorting puzzles -- especially if there's 'starter' examples and lots of interesting input sources or messages to work with. For example, coding an Enigma machine or similar mechanical cipher would be lots of fun (as long as I can look up actual implementations to compare). Are there any puzzle-y Python tutorials? Or just cryptographic tutorials not prog. language-specific (with pseudocode)?

Yayyy! Cryptography. Yayy!

pallak7 — Wed, 05 Dec 2007 17:40:47 -0800

Where can I find some good resources that contrast public key cryptography algorithms (like RSA) with Elliptic Curve? So, I've been tasked to write up a report that will illustrate the advantages/disadvantages of moving a current, RSA, PKI-enabled system to Elliptic Curve. I have a decent background in cryptography. I know the basic differences between the two but I would like to see some more detail.

So far, I've used Google and various academic Research Databases (ACM, IEEE, etc.) but EVERYTHING I've come across is either too technical or not detailed enough. This report will be presented to a group of non-technical people so I don't want to make the mistake of mis-translating a technical paper and getting something wrong. However, of the non-technical resources, nothing goes into specifics. I'm having a lot of trouble finding something in between.

I know this isn't a very good question. I would probably be yelling at the poster to look harder but I have done that. I've spent the last two days looking for something reasonable. So, if you have any good (i.e. credible and in semi "layman's-ish" terms) resources, I would appreciate your input. Some points of interest:
- how each functions
- advantages/disadvantages of each (in terms of performance, functionality, hardware/infrastructure requirements, etc.)
- security concerns (conventional public key algorithms becoming outdated, integrity of Elliptic Curve, uses in a mission-critical environment)

Thanks for your input.

Cracking a Kingdom of Loathing code

UKnowForKids — Wed, 11 Jul 2007 12:42:26 -0800

AskMefi, put on your cryptography hats and help me crack a code... ...and by "help," I mean "Do it for me, because I'm terrible at this stuff." I play Kingdom of Loathing, and one of the new quests includes a diary (a la Indiana Jones and the Last Crusade) with this image. (The picture of the bookshelves is irrelevant.)

No one on the KoL forums has yet figured it out (they're trying here, so I thought I'd check in with the older, wiser, sexier, and smarter AskMefites. There are six different symbols on the page, each of which corresponds to symbols found (with the appropriate eyewear equipped) on the labels of dusty bottles of wine. The symbols, however, appear randomly for each player - one will be on the merlot for one player, and on the muscat for another, for example.

One idea that was floated is that the relevant bits are pairs of symbols, which gives you 36 possible values (6^2), which could be 0-9 and A-Z. Didn't get anywhere with that one, though.

Any ideas?

Where can I get a reproduction of the Voynich Manuscript?

dmd — Tue, 17 Apr 2007 11:58:46 -0800

Where can I purchase a color-nicely bound reproduction of the Voynich Manuscript? Preferably without interleaved commentary. I really just would like it for its artistic qualities, to be a companion to the Codex Seraphinianus.

Puzzle master wanted!

neurodoc — Sat, 16 Sep 2006 16:20:10 -0800

Can someone direct me on the right path to break this code? As a fun challange, I've been trying to decode a message that someone gave me. The message was created with some sort of dingbat font, and there are no word breaks. There are a total of 198 characters, made up of 38 unique symbols.

I've converted the symbols into A-Z plus 0-9 plus @ and $, and have looked at the frequency of each character. However, nothing really jumps out (1 character appears 14 times, 2 appear 13 times, 1 at 10 times, 3 at 9, and so forth on down).

Any advice on what to do next to crack this thing?

What is the point of using a salt when encrypting passwords in a web application?

chrismear — Sat, 26 Aug 2006 12:05:25 -0800

What is the point of using a salt when encrypting passwords in a web application? I've lately seen a lot of recommendations in the web app world to add a random salt to users' passwords before encrypting them (MD5 or similar). The salt is then stored in the database along with the encrypted password. People talk about this as if it adds a major extra layer of security, but I can't understand the benefit of it.

I can understand the benefit of doing this in a situation where the encrypted passwords are easily accessible (such as the traditional UNIX passwd file). Without a salt, the attacker can take the list of encrypted passwords and run a pre-encrypted dictionary against them quickly and easily.

But if you're trying to crack a login page on a web app, your two options are basically to either do a brute force dictionary attack against the login page itself, or somehow get hold of the (encrypted) password table.

In the first case, it doesn't matter what encryption or salting you've got going on behind the scenes, since your attacker is just firing normal plain text passwords at your login form. So salting doesn't help security here, does it?

And in the second case, if you've hacked the server to the extent that you're able to read a table of encrypted user passwords from the database, don't you have about as much access as you're ever going to need? Why not just read the other tables in the database to gain access to the confidential information? Why bother trying to crack the passwords? I suppose it would make sense if you were storing user credentials in one database and user data in another database, but this doesn't seem to happen often.

What am I missing? Why bother doing this?

KidCrypto

kaytrem — Tue, 08 Aug 2006 21:42:24 -0800

Cryptofilter: My daughter is at summer camp and I can snail mail her or I can send email that will be printed out and delivered. The email is fast but readable by whoever prints/delivers the paper etc. Looking for a cipher that would be easy to learn and use... I would send her the instructions and keyphrase in regular mail then encrypt messages in the email. I want it to be more than a simple substitution but simpler than a one time pad. For fun and learning... any thoughts?

Can this be decrypted?

Blazecock Pileon — Fri, 04 Aug 2006 10:52:36 -0800

Is Scientific American's spell-checker broken? (via justkevin) This post title has the structure of ciphertext:

Gbalf Xozmn Ram Rqzyk Wtacu Lkugc Aaxjx Owkyu Dkoxk Zamdg Bnuio Nmrxk Zmqyf Nqeog Ziqxf Gutxe Nkmxd Gzmqj Brqge Kxkfs Qqzui Nactg Djfnq Eenaa Xjnk

Are there strategies for analyzing and decoding this text?

Encryption for an entire hard disk partition

dance — Sat, 22 Apr 2006 04:42:31 -0800

What's the best way to encrypt an external hard disk? (Mac OS X) I have an external hard disk that goes where my iBook goes. I use FileVault on the laptop, but am concerned that if the double act were taken, the laptop would be safe, but all the docs, snaps, music, software (including serial numbers) on the external HDD would be very easy pickings.

The only method I can think of for protecting this information are encrypted disk images, but these are a bit of a pain to work with when they're gigabytes big. Is there a method or a tool to encrypt an entire partition?

Spotted on the T: OFFICIAL CYPHER

sol — Tue, 21 Mar 2006 06:19:30 -0800

So last night on the train I saw a passenger with a small blue paper book titled "OFFICIAL CYPHER" On the Orange Line heading home from work, northbound train, just passed Downtown Crossing (Boston) and I see a 20ish clean cut guy in trendy clothes reading this small book.

The book was the same size and shape of a passport (slim, rounded corners) although it was stapled at the binding, not sewn. Cover was paper, medium blue, the same color of school exam books. Title was printed in all caps in a black serif font on the front cover. Below the title were two lines of smaller text that I could not make out. No other marks on the cover, front or back.

I was curious, but I didn't feel like asking a stranger: "Hi, I can't help but notice you are reading something about cyphers, which implies you are interested in keeping things private. Wanna spill it and tell me what this is about?"

Only online reference I can find is about theMasons,. I don't think that's right, unless Masonic Lodges are activly recruiting 20 something metrosexuals.

Any ideas? The guy was in no way hiding the book so I'm guessing it is public knowledge.

Some memories should be secret

Anonymous — Mon, 02 Jan 2006 09:43:49 -0800

CryptographyFilter: I'm an obsessive journaler, partly because I enjoy writing ideas etc down in my journals, partly because I have a terrible memory. Every now and then I would like to be able to record something in my journal that I wouldn't want to be read by someone who was less respectful of my privacy than I would hope them to be, or by someone who picked up one of my journals (which always have my contact details in the front) should I misplace one. So, I'm wondering if anyone can help me identify a method of writing these entries down in a way that obscures them from slightly more than casual reading. The purpose isn't to be able to write entries about anything illegal, so I don't need a method that would require 60 million hours on a super computer to crack. I'm aiming at something, however, that would at least withstand frequency analysis by someone with an interest in puzzles, who wasn't well-versed in attacks on ciphers.

So far about the only thing I can think of is writing a small app in Python to implement a Vigenere Cipher, so that I'd type the keyword and the entry into the app, and it would give me the encrypted text, which I would then write in my journal. This seems like a painstaking method, since to be able to read the entry, I'd obviously need to retype the encrypted entry back into a decrypting version of the app.

So, I'm wondering if I've overlooked anything obvious that would meet my needs for enough privacy that frequency analysis would be difficult, without being too much of a pain to encrypt and decrypt?

How could the NSA's snooping be foiled?

pracowity — Wed, 21 Dec 2005 10:57:47 -0800

Could the US government's efforts to scan the contents of everyone's email be overloaded by everyone routinely using encryption for every message? Is there some strong encryption software that could be used transparently with Google Mail and other common mail systems to encrypt everything sent and received? Something that could be distributed and installed automatically with, say, Firefox? What percentage of everyday email users would have to use such encryption to make it impossible for the NSA or anyone else to keep up with its scanning? (And, by the way, how about encrypting all Skype phone calls?)

Encrypting Chinese, pre-computers

sindark — Mon, 05 Dec 2005 09:23:02 -0800

A friend of mine and I were wondering today how encryption was done in character-based languages like Chinese and Japanese before the advent of computerization. Whereas all kind of substitution and transposition ciphers come to mind immediately for letter based languages like Latin, it isn't obvious how you could use them for a language with many thousands of distinct characters.

The end of time

Rothko — Fri, 02 Dec 2005 22:44:32 -0800

How do we know the mathematical models of physics — equations modeling the universe — apply across the universe, to data we collect about the universe that may be billions of years old? (What would be the process for verifying this?) By extension, is there general, metaphysical consensus in the physics community if mathematics is solely an invention of the mind, or is it a piecemeal discovery, a revelation, about the universe?

Thirdly, given Hawking radiation which leaks outside of a black hole, is that information statistically random — and can said information be collected, and therefore useful for, say, a one-time pad? What is the rate of emission, for example, in relation to the size of said black hole?

Ancient chinese messaging/encryption system

fatllama — Wed, 09 Mar 2005 18:05:03 -0800

Needed: a photo or at least more information about a particular system of coded communication supposedly used in ancient china along the Great Wall. Either my google-fu is failing me or I dreamed this whole thing up. I recall seeing a documentary many years ago about cryptography/stenography. In it was the description of a coded communication system supposedly used for transmitting messages along the Great Wall of China. The scheme involved distributing secret rods embedded in cork to outposts located along the length of the wall. When a message needed to be sent, signal fires were held aloft to get the attention of the neighboring sentry. Then, upon showing a second signal fire, both the sender and receiver opened up identical jugs of water above empty buckets that contained the rod and cork floater. The water level would rise until the sender of the message removed the signal fire at which point the receiver plugged his water jug, stopping the water flow. The correct message was then at the brim of the jug.

I can't find any online documentation of this and would love a photo or more details. Anyone know?

How can I recover a password given a couple of encrypted hash strings?

mrbill — Wed, 16 Jun 2004 10:42:10 -0800

Given a couple of encrypted hash strings, I need to identify the algorithm used to generate the hashes so that I can brute-force decrypt them. More inside.. And the hashes, from a "mysqldump" of the affected database (MySQL 3.x), are:

INSERT INTO password VALUES ('user1','iiQ4AxZsPtUZ3r00');
INSERT INTO password VALUES ('user2','7ePNxD3QNoHP9r00');

If I can identify the type of hash used, I can decrypt these given enough CPU time. Any ideas?

(the guy in charge of this application, that uses MySQL, has ceased employment without writing down the administrator password..)

Right now, "just generate a new hash and put it in place of the old one" isn't really an option.

Does anyone recognize this code that had something to do with annual ads placed in a college newspaper?

jammer — Tue, 18 May 2004 11:01:10 -0800

Prompted by the unsolved codes thread in the blue, I'm trying to remember the name of one that I didn't see there. I think I read about it on MeFi at some point. ISTR that it took (takes?) the form of annual ads in a college newspaper (out west somewhere?) on a given day. For some reason May Day is stuck in my head, but googling for it doesn't reveal anything. This went on for several years, and may still be occuring, but no one has ever figured out what it's all about. Does this ring any bells for anyone? My google fu is failing, and I'm going bonkers!

Does anyone know of any famous codes or ciphers that have gone unsolved for lengthy periods of time or remain unsolved?

mokujin — Fri, 07 May 2004 01:46:41 -0800

Does anyone know of any famous codes or ciphers that have gone unsolved for lengthy periods of time or remain unsolved? I am thinking specifically of things like The May Day Mystery and the Voynich Manuscript (also here). So things more like those and generally less like the Beale Cipher. Maybe something to do with Art Brut or Outsider art or perhaps Kabbalic systems like Gematria. Or, if all else fails maybe something by the Rosicrucians or Freemasons?

Put another way, I am looking for cryptic and complex visual systems that maintain an internal logic (however faulty or suspect) and ESPECIALLY anything having to do with the interpretation and/or decipherment of such systems.