If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
When operating a stream cipher, reusing a keystream introduces a critical weakness to the resulting ciphertext: the encryption becomes vulnerable to easy (and sometimes /very/ easy) cryptographic attacks. This is due to the encryption's linear nature - for instance, XORing a plaintext with the corresponding ciphertext yields keystream bytes. While key reuse is a widely known issue, it's an issue that keeps arising in practice. The soviets did it during WWII, Microsoft did it in the implementation of Word 2003 document encryption, and malware authors did it when designing variants of Zeus, DirCrypt and Ramnit.
To exploit a vulnerability, you must first realize it's there. Unfortunately, many instances of homebrew crypto operate on the "security by obscurity" principle, and don't reveal their implementation details. As a result, detecting key reuse often requires trial and error, an accidental epiphany or a night spent reverse engineering - and in all these cases, luck and human effort. In this presentation we show an approach to automating this task - based on the linear properties of stream ciphers, redundancy in the text and Bayesian reasoning. Finally, we demonstrate the algorithm's operation in several real-world use cases.
Math Ph.D. not required.
Finnish: Finished