Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 18 2014


January 07 2014


Reverse engineering of CHIASMUS from GSTOOL

We reverse-engineered one implementation of the non-public CHIASMUS cipher designed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short BSI). This did not only give us some insight on the cipher, but also uncovered serious implementation issues in GSTOOL which allow attackers to crack files encrypted with the GSTOOL encryption function with very little effort. In the dark ages of digital cryptography, when ciphers were considered export-controlled munitions and AES was not yet standardized, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short BSI) decided to invent their own ciphers: CHIASMUS for software implementations and LIBELLE, which would be kept secret and only implemented in hardware. CHIASMUS is not publicly documented. It is implemented in a software tool of the same name, released by the BSI, which is only available where there is a public interest for its use. However, the GSTOOL, a database application for security audit management also released by the BSI, contains an encryption feature using the CHIASMUS block cipher, and is freely available. This software was developed by a third party, Steria Mummert Consulting, and apparently was not properly reviewed. We disassembled and analyzed the GSTOOL to obtain the specification for the encrypted files (and thus the CHIASMUS cipher itself), but we got more than we bargained for. While the cipher itself appears to be pretty secure, the implementation is a collection of rookie mistakes and a great example of what can (and will) go wrong if you ask people with little understanding of cryptography to build cryptographic software and don't verify their results. We invite you to enjoy this thriller full of historic backgrounds, non-public public announcements, legal threats, weapons-grade stupidity, and a very simple solution for complex crypotographic problems. Facepalm with us on the two-year long hunt for the elusive security patch! Have a look at the (not-so-secret-anymore) CHIASMUS block cipher! Learn why you should not build your own crypto tools unless you really know what you are doing, even if you use a known algorithm. And what happens when government contractors attempt to do so. And then attempt to fix it. (Note: Since this is an implementation issue, the stand-alone Chiasmus software tool is not affected by this issue.) http://events.ccc.de/congress/2013/Fahrplan/events/5307.html Day: 2013-12-27 Start time: 14:00 Duration: 01:00 Room: Saal 2 Track: Security & Safety Language: en
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.
No Soup for you

Don't be the product, buy the product!

YES, I want to SOUP ●UP for ...