It seems to me that a lot of people do not understand how/why PKI encryption works, and why SEQ is really broken. Consider this my contribution to the project :)

Note: The reason I know any of this is because when PoP came out, I went to the library and got some books and read them. Especially if you do not understand what follows, I suggest you do the same.
Other Note: I am not infallible, and there could be mistakes here, feel free to correct me but please do so constructively.

Ok, so let's get started. There are multiple kinds of encryption. We need not go into any history now, but explain the two kinds of encryption that are prevalent on computers. These are symmetric key and public/private key, or public key for short. Here already we have introduced terminology we must explain. First, we must understand the concept of a key. It is very similar to a physical lock and key. There can be many different keys, but only one particular key will open the lock I have secured, for example, my briefcase with.
The symmetric key encryption is again very similar to a physical lock that holds a box closed. When you put the lock onto the box, you do it with the key, and use that same key to open the lock at a later time.
In encryption, that means there is one magic number that will do both things, encrypt and decrypt. So to examplify symmetric key encryption, imagine that our key is three, and our message is feed.
Plaintext: 6 5 5 4
Encryption: 6+3 5+3 5+3 4+3
Ciphertext: 9 8 8 7
What we have done is turn the word feed into the word ihhg. Though this is a trivial encryption, we can see that the message has been basically changed. We use the same key, 3, but a slightly different operation to decrypt the message.
Ciphertext: 9 8 8 7
Decryption: 6-3 5-3 5-3 4-3
Plaintext: 6 5 5 4
So that is how symmetric key processing works. Note that addition/subtraction is the simplest example and is the reason it was chosen to make the example. Multiplication/division would work as well. The two operations must simply be inverses of each other. Inverse functions perform opposite transformations. Multiplcation by two doubles a number, while division by two halves it. Take any number, multiply by two and then divide by two and the final result is the same, yet there is a third intermediary form which is different. This is the heart of encryption, take plain text, make it something different (ciphertext), and be able to turn it back into the plain text.

Symmetric key encryption is no longer secure in today's world of computers. DES was once the de facto standard for encryption, and is a symmetric key system. Although DES uses 56 bits, making 2^56 combinations or approximately 72,000,000,000,000,000 different unique keys, with high powered computers DES can be broken in under a day.
It may be worth noting here that the bulk of EQ traffic is encrypted with a symmetric key algorithm. To break a symmetric key algorithm a cryptanalyst needs know only two things. The decryption algorithm, and the secret key. You likely know that EQ makes a different key each time you zone. The server and your computer must both know this key to be able to encrypt and decrypt the information and have it make sense. Distribution of secret keys for symmetric algorithms is a challenge. This is where public key encryption comes in.

Public key encryption is at the basis the same, but much harder to understand because it is more complicated. It is still based on the idea of inverse functions, but in this case instead of using opposite functions with the same key, it uses two seperate keys, one to encrypt with and one to decrypt with.
How can this be you say? If I add one and then subtract two, I am not left with the same number! Well, the answer is that neither addition nor multiplication are used. The primary work of public key encryption is done with modular inverses.
So, what is a modular inverse? Think about division. If I ask you, what's eight divided by four, you would quickly reply two. But what if I ask what is nine divided by four? Umm.. uhh.. two point something? Think back to fourth grade! It is two with a remainder of one! The remainder is an often overlooked feature of division that is the heart of public key encryption.
Now for an example. Let's take our original secret message, feed or 6 5 5 4, and encrypt it with a public key system. Remember, a public key system uses two keys. It is such named because one key is public, or safe to distribute, and one key is private, which must be kept secret. The public key encodes, and the private key decodes. This way, anyone can encode a message with the public key you can freely give them, and only your private key will turn it back into a sensible message.
We will take this example one letter at a time, because the steps are much more complicated than just adding three. First thing though, we must select keys. I have purposely selected my word to use low letters, whose numbers are single digits. This way I can choose simple keys. Selection of keys is a complicated process. Let us just say that prime numbers are the best (go get a book to understand this part, it will explain it much better than me). Also, it must satisfy a particular forumla, notably:
(p * a * b) mod c = p
Or, the plain text p times a times b is some number, then mod (modulus, or the remainder of division) that number by c, and the final result will be the original plaintext p. Example, the first letter of our message:
(6 * 3 * 7) = 126
126 mod 10 = 6
So what does this mean? This means that if our keys are 3 and 7, we can use these two numbers to change our plaintext into something else. Continued example:
Plaintext: 6 5 5 4
Encryption: (6*3 mod 10) (5*3 mod 10) (5*3 mod 10) (4*3 mod 10)
Ciphertext: 8 5 5 2
We have used 3 as our public key. We can use the same function with our private key, 7, to turn the message back:
Ciphertext: 8 5 5 2
Encryption: (8*7 mod 10) (5*7 mod 10) (5*7 mod 10) (2*7 mod 10)
Plaintext: 6 5 5 4
Do you see? Eight times seven is 56, mod 10 is 6, our original number.
Suffice to say that working in single digits to make an easily understood example is far from a secure method. This is why real encryption uses huge numbers, up to as many as 1024 bits which, suffice to say, is a really big number. These bigger numbers make the transformations much more complex. Here is another example.
Public key: 23 mod 101
Plaintext: Bomb at five AM, or 2 15 16 2 1 20 6 9 22 5 1 16
Ciphertext: 46 42 65 46 23 56 37 5 1 14 23 65
Here is an exersize for you. What is the private key that will decode this message? You know the public key ends in mod 101, so the number has to be less than 101, but that is 100 different numbers to try. You can try multiplying each number and then taking mod 101, and then replacing numbers with letters to see if it makes sense, 100 times. But this will be very time consuming. Now imagine if there were not 100 possible keys, but a million, or billion, or quadrillion! Here's the secret: the private key is 22. Take each number in the ciphertext, multiply by 22, and then take the remainder when you divide by 101. Don't be surprised if you are left with the plaintext!

This is the secret behind public key encryption. I can tell anyone in the world to turn their messages into numbers, A starting at 1, then take each number and multiply by 23, then divide by 101 and take the remainder as the ciphertext for that letter. Now, I can do the same but with 22 instead of 23, and have the secret message quickly. Everyone else must try 100 different combinations though. Again, using larger keys the challenge becomes obvious. The secret as it applies to EQ is even though the secret of public key encryption is making a problem that is easy to solve for the intended recipient, and difficult to solve for anyone else, it is still slow. So, EQ uses slow public encryption with a very large key to safely transmit the symmetric key that encrypts the bulk of the data. Your computer generates a symmetric key, and then encodes it with the server's public key. It transmits this encrypted version, and the server now knows the same key as your computer, to use efficient symmetric key encryption with, since this is faster. The trick is sharing the key between server and client, which is done with public keys. As shown, this public key encryption is not something as simple as "know the decrypt function" Though we may know, take message times x then mod 101, we don't know what x is, and the only way is to steal it from the EQ client's memory, since it must know the key.

I hope this has helped someone understand a little more about encryption. I'll try to watch comments to this thread, and update this post if someone points out mistakes or something I deem worth adding :)

i came away knowing more than i knew about what, why and how key exchange and eq's encryption worked. thanks.

Very nice post, indeed. I enjoyed it very much!


It should be pointed out that in an algorithm, such as the one you demonstrated it is generally necessary for the two numbers (your two keys) to be relatively prime to one another. That is, they have no factors in common (as are the ones you used in your example).

Cryptographically speaking, a "good" key pair needs to have certain characteristics:

1) Ideally, the algorithm to generate the key pairs should be relatively fast and simple

2) Mathematically, the algorithm to derrive the private key from the known public key should be "hard." That is, it should yield non-unique results or be sufficiently lengthy a computation as to make it unfeasible.

3) The algorithm generating the keys should be analyzed for the existence of weak keys. Weak keys are ones that produce very little encryption in the plaintext. Thus they do not sufficiently obscure the original message. Additionally, a weak key pair is one that mathematically allows the private key to be easily discovered from knowing the public key -- not a good thing.

4) The length of the key should be sufficient to avoid simple brute force attacks.


Another point to consider would be the speed of transformation. That is to say, how fast can you generate Pt from Ct and Ct from Pt (Cipher text from Plain text, and vice versa). In an application like EQ, this is very important, because of the nature of the application.

Speed of transformation is precisely why most PKI-style applications do not actually continuously use the asymmetric encryption. It is too slow. Instead, they use it to securely exchange a "session key" which is then used in subsequent communications, but operates in a symmetric encryption manner. The exchanged session key can be used straight away, or it can be used as a seed. When this occurs, both the sender and receiver start with the same key, and an agreed upon algorithm for permuting the key as the session progresses. As long as both the sender and receiver are seeded the same and have the same algorithm, all will be good. Notably, this is how SSL works -- PKI to exchange a session key, etc...

Also, even though a symmetric key system has the disadvantage, cryptographically, of needing only one key to encrypt and decrypt, this does not trivialize how difficult they can be to break. The secret is that the timeliness of the data must be less than the relative strength of the encryption. If a given symmetric algorithm can be broken with brute force and ignorance in "only" 4 hours, this does the interceptor no good if the data is out of date after 10 minutes.

A minor point of clarification.

I believe you mentioned symmetric keys not being as secure and thus why they are not used on Internet. I am somewhat sleep deprived, so my apologies if I read that incorrect or out of context.

This is not entirely correct.

Symmetric keys mathematically are still stronger than asymmetric keys given comparable key lengths (and even with uncomparable key lengths). Reason being part due to you knowing part of the information used in the asymmetric pair (public pair).

What people traditionally have said about symmetric keys being weaker has had more to do with symmetric keys being distributed wrong and not an inherent weakness in the keys themselves.

If both ends of a communication had an alternate method of key distribution (such as black key distribution on an encrypted floppy with user authentication and source validation before decrypting, but I digress.....), then symmetric key methodology not only is more secure, but it is faster.

Since asymmetric keys have a known component, they typically tend to be much larger than symmetric keys to compensate. This contributes to the longer encrypt/decrypt times. This however is overcome by realising that this slower encryption is avoided by only using it once - in an initial communication used to transfer the faster (and secure) symmetric keys. Using the public key this way avoids slow processing and still provides a reasonable (at least for home consumers) method for negotiating a symmetric key pair. Given a "more" secure public key for initial communications, designers then could use diffie-helman or whatever to negotiate a symmetric key pair, then drop the asymmetric use.

If I was setting up a private net (VPN) I would do it using private key and not public. Public addresses the issue of thousands of people coming to you that do not have a private key yet. Private key addresses the issue of I know who is coming here and I want to reject everyone else.

ATM machines use private key (at least they did when I used to work in a related space years ago). The military uses private key.

They did not make those decisions simply because it sounded more private :-)

For anyone wanting to learn more of this, and learn about the algorithms, I would recommend Bruce Schneiers' book "Applied Cryptology". Though written a few years ago, much (if not all) of the concepts are still applicable.

Likely only available in North America though. If it is available overseas (ie Amazon.com), then you likely will not qualify for the code sample CD (which has bugs in it by the way - do not implement without stepping the code :-)

Of course, this is IMHO. It has been a few years since I used to live and breath this stuff :-)

This is a bump-worthy thread.


The algorithm generating the keys should be analyzed...

Can anyone give an example of an algorithm that would generate the type of keys mentioned in the original post? I find it somewhat intruiging. I am thinking of an algorithm that would generate 'a' and 'b' in the formula

(p * a * b) % c = p

I had been wondering how PKI worked exactly. Couldn't quite wrap my mind around the fact that by knowing the Pub key we couldn't RE the decryption. Makes much more sense now.

Even went so far as to Google for PKI and how it works, w/o much luck.

Just a bit of reference for anyone interested.

APPLIED_CRYPTOGRAPHY,_SECOND_EDITION (http://lilo.gulalcarria.org/share/compartido/ebooks/applied%20cryptography/APPLIED_CRYPTOGRAPHY,_SECOND_EDITION/index.html)

Cheers,
-Egg

Other good texts include Cryptography Demystified (Hershey) (higher-end) and The Code Book (Singh) (more introductory).

Just thought i would point out that a minor knowledge of number theory really helps at understanding this, and even basic complexity theory also helps why these things can be really hard.

Where is that non-deterministic machine that i need.......

... right next to the TRUE RNG. ;)

Originally posted by Old`Fart
... right next to the TRUE RNG. ;)
Slightly off topic, but I think I need a break from EQ... I read your comment and for approx. 7 or 8 seconds thought "True Ranger? WTF is he talking about?" :rolleyes:

Originally posted by Projenoski

Slightly off topic, but I think I need a break from EQ... I read your comment and for approx. 7 or 8 seconds thought "True Ranger? WTF is he talking about?" :rolleyes:
(OT as well, but funny)

At the gym, I've actually HEARD people say "BRB, GGP". :rolleyes:

Really great introduction to PKI :)

One point I heard sometimes should be mentioned although:

public key encryption is very resistent to so called plain text attacks. Uh what is a plain text attack ?
Ok get back to our very first example:
We know the method is to add/substract the key. We don't know what the key is, but we do know that the message always starts with "feed".
So we intercept the ciphertext : jiih xli tix.
Have some fun a find the key that encrypts "feed" to "jiih" and apply it to decrypt the rest.

In general this works very well on symmetric encryption, because there is a 1:1 relation between cyphertext and plaintext. This was used earlier by ShowEQ, to find the key on very few known information about packet headers and then decrypt all the unkown parts. One big change was that the EQ devs took us that knowledge by compressing all data before encryption.

So the next idea some people had: Collect many session keys in both forms (plain sniffed from memory and cyphered from network) and then break the private key. Unfortunately that doesn't work either.
think of the easy PKI example, we know the pt (6554) the ct (8552) and the mod 10.
( 8 * x) mod 10 = 6 is what we have to solve.
But 2 and 7 would solve this ! And the number of possible solutions would become quite larger with the key length, not to mention the effort to derive all. Then you would have to test them all on the next cypher to exclude wrong ones. In practical terms the number of data to collect is huge, so is the computation effort, but the efffort to change the private/public key pair very small. We could never win that race.

For now, yes ... but have you seen Agrawal's work? Right now, it's just detemining if a large number is prime (quickly). His next step is quickly factoring primes -- which will break PKI pretty well. At least, then we'll have to find a solution as elegant as a product of primes [as a function for our two keys].

One way to screw with any decryption attempt is to use multiple layers of encryption if you REALLY want to keep something secret. It makes it harder to know that you broke the first layer if you are still seeing encrypted text when you decrypt it.

Primality (which is in polyTime now ( (logn)^12 i think ) is totally different from factoring..... to bad that there isnt a prime number equation to generate every prime hehe (I challenge you to find one , Hint: it is widely beleived there isnt one (99.9999999999...).

If someone gets an algorithm to factor large numbers of 2 primes that runs in polynomail time they will most liekly win the field medal for math or something that is equivalent.

A while ago (maybe 2 years now), someone on the original HackersQuest ShowEQ boards posted this (http://www.muppetlabs.com/~breadbox/txt/rsa.html) to a pretty good layman's explanation of how RSA (one form of public key) works.