#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    19
    Rep Power
    0

    Salting salsa20 in Python 3.x


    Someone recommended a course in cryptography being offered over the internet. Pretty early on I learned about the salsa20 stream cipher.

    Simple arithmetic tells me that an insignificant repetition probability in 2^40 occurrences is enough to cover 10 gig of data, which is plenty for most uses provided that a brand new cipher is generated for all 10-gig data units.

    So I guess I need a 4-byte salt that does not offer a significant chance of repetition in 2^40 occurrences.

    I know the Python random module doesn't provide that. What does, and how can I use it to generate the salt?
  2. #2
  3. Contributing User
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Aug 2011
    Posts
    4,894
    Rep Power
    481
    Look at the random number generators in the gsl. Probably some of them have a sufficiently long period.

    I don't know why you need 2**80 amount of data, then again, I don't understand all that well so never mind.
    [code]Code tags[/code] are essential for python code and Makefiles!
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    19
    Rep Power
    0
    The idea is to have an insignificant rate of repetition over the entire life of the stream cipher key, because rate of repetition is a very basic vulnerability in stream encryption. A period of 2**30 offers a significant rate of repetition, but a period of 2**80 does not.
  6. #4
  7. Contributing User
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Aug 2011
    Posts
    4,894
    Rep Power
    481
    I think the problem of repetitious salt is related to this at rosettacode.org
    Every now and then I consider cracking this message. I haven't peeked at the answer!
    [code]Code tags[/code] are essential for python code and Makefiles!
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    19
    Rep Power
    0
    I did look at people's suggested solutions in various languages, and the Python solution is the only one that does the job without either requiring further user decisions, or relying on multiple scripts, or having a limitation on accidentally occurring English words in the cyphertext.I've copied and saved the Python script on my hard drive so I can study it offline. I note that it does the whole job by importing only two methods from two modules--not two actual modules, just two methods. Plus it's reasonably short. Thanks very much for referring me to that page!

    But, as far as I know, the Vigenere cipher is not a stream cipher, and there are older, lower-tech ways to crack it, which were actually figured out not long after the Vigenere cipher was first used in practice.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2009
    Posts
    509
    Rep Power
    33
    I'm not familar with this either, but Python does include a SystemRandom class which uses various system resources to produce the numbers so should not repeat beyond what ever the "norm" is for that size of data.

    "Sequences produced by SystemRandom are not reproducable because the randomness is coming from the system, rather than software state"
    Last edited by dwblas; September 13th, 2013 at 01:38 PM.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    19
    Rep Power
    0
    Here's the full text from the introductory description:

    Some operating systems provide a random number generator that has access to more sources of entropy that can be introduced into the generator. random exposes this feature through the SystemRandom class, which has the same API as Random but uses os.urandom() to generate the values that form the basis of all of the other algorithms.
    I'm pretty sure Linux OSs of all descriptions support this, but the question is what the predictability is. I'll have to ask around to find out about that.

IMN logo majestic logo threadwatch logo seochat tools logo