Contributed by jose on from the privacy dept.
" http://www.rcarey.org/cion.html29th September 2002
Caesarion Version 3 released. NOTE: Caesarion Version 3 deprecates all previous versions. Furthermore, v3 is not inter-operable with any previous version. If you are using a previous version of Caesarion, you are advised to upgrade immediately and regenerate/redistribute keys due to the improvements listed below: ..."
"Previously we talked about Caesarion Version 2 , this looks like a substantial improvemtn.
- A further disclaimer was added to the new copyright license.
- Fixed two incorrect assertions in RSA_KeyGen.cxx.
- Use OpenSSL MD5_DIGEST_LENGTH instead of own md5digestLen.
- Don't confirm password entry in cion_encrypt(1) and cion_decrypt(1) making the software easier/faster to use.
- Various public methods in various classes were moved to protected or private access (where they should have been in the first place).
- New Entropy.h class which returns raw random data instead of pumping it through a PRNG; this makes more sense, is faster, and should be more secure.
- The Entropy generation technique has had a massive performance increase without degrading its security or output quality. The software is much faster now because of this.
- Performance increase in new Entropy.h class by having a class-wide Random object (instead of instantiation on every call to Entropy::Stir()).
- A possible security flaw was discovered in the RSA implementation; in general use of this software it is likely that small (~400 bytes) amounts of data are encrypted (per chunk), which in turn means that the 4 bytes used for specifying the data-size will have 2 bytes equal to zero. This means that an adversary can guess 2 bytes of the original plaintext message. Whether or not this could be extended to a successful attack is beyond my cryptography skills/knowledge. Hence, the most sensible thing to do was to correct this possible problem. Due to the new changes necessary to correct this possible problem, the software is now faster than it was before.
- Remove ULong.h from distribution (no longer required).
- Performance increase in Entropy::Ulong().
- Various cleanups.
(Comments are closed)
By RC () on
Comments
By jolan () on
Seeing as GPG is the closest thing to a standard for encrypting mail/text, this is just not a very useful utility for me.
And the fact that the author keeps announcing his software, and hasn't made an attempt to port it is just rude.
Comments
By SKULL () on
That it's not popular is a catch 22. If it's never mentioned, then how is it to *become* popular?
Also, the lack of a port isn't by itself a compelling reason to call the author rude imo. A port makes it easier to install, etc, but sooner or later we have to wander outside of the confines of cd /usr/ports && sudo make install and type cd package && ./configure && make && sudo make install as well. Esp, if 0p3nB5d is one of the main development platforms, which the fat link on the main page would imply.
So sit back and relax. If you think this deserves a port, I am sure they could use some volunteers.
Love and XXX,
Skull
Comments
By Jeffrey () on
Comments
By couderc () on
So i asked to post it on a more appropriate place, but it seems that i was wrong ports@ seems to be also a place for software announcement ...
By RC () on
Okay, lets rephrase then... Why is Caesarion so noteworthy that one would want to make it popular? What con it do that GPG can't... Or that OpenSSL can't, or that S/Mime can't?
I'm not trying to discourage people from using it, or anything like that... I'm curious as to why it's geting so much mention.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
First of all I'd like to thank the OpenBSD Journal admin for posting my story.
As to your question of "What can it do that GPG can't"; there are several reasons why Caesarion is more secure than GPG or PGPI, and they are listed at:
http://www.rcarey.org/pgpi.html
Cheers,
Robin Carey.
Comments
By Justin () on
2. What algorithm?
4. How much stronger?
5. How is entropy attained that it is better? if I understand correctly (someone correct me if I am wrong) entropy is attained from various things like periodic network latency, mouse movements, electrical and/or rf noise etc.
I am just trying to learn about cryptography so it is possible I just don't understand. I am asking purely for my own curiosity.
Comments
By Tycho Fruru () tycho@fruru.com on http://www.fruru.com
Cheers
Tycho
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
In response to your questions:
(2) The algorithm used to prevent an adversary gathering knowledge of the lower-bound of any public-key is an algorithm that I invented myself. It is safe/secure :) Rather than me going into the technical details (even though it is a simple algorithm), just look at the source. The files that contain the algorithm are RSA_Encrypt.cxx and RSA_Decrypt.cxx.
(4) Much, much stronger. One example of what I'm talking about is that PGPI and Gnu-PG use block-ciphers to encrypt the message data. This means that a plaintext will be encrypted to the same ciphertext every time it is encrypted. Caesarion is a probabilistic system, which means that a plaintext will be encrypted to different ciphertexts evey time it is encrypted.
(5) The reason that my entropy generation is better, is simply because I use two entropy sources. Thus, if there is a problem with one of the entropy sources, the other source makes up for it.
The two entropy sources used in Caesarion are:
(1) /dev/urandom (this can be changed in the Makefile)
(2) A technique I devised. I can't really go into technical details about it - if you're interested look at the source code; Entropy.h
BTW Do any of you know that real TRNG's (True Random Number Generators) can be biased ? I read about this in a newspaper - very interesting. But, the entropy generation method I devised in Caesarion, unlike TRNG's, cannot become biased by "natural" phenomonon.
Cheers,
Robin Carey.
Comments
By Anonymous Coward () on
I'm sorry, but to me this response is simply a warning to be very careful in dealing with your product.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
You can be as sceptical as you want;
At the end of the day it all boils down to facts, figures, 0's and 1's.
And by the way, Caesarion is not a product. It's a free gift to those who wish to use it.
Cheers,
Robin Carey.
Comments
By Anonymous Coward () on
And yes, it's about facts. So far yours are either wrong (this one), or vague (the rest of them).
Comments
By Robin Careyt () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Block-ciphers are deterministic algorithms, which means by default a plaintext is always encrypted to the same ciphertext (under the same key).
I hate block-ciphers, they are complicated algorithms, and there's no way for me to know that they're secure, other than assuming an "expert" is right. And one only needs to refer to the recent AES security scare to see that there is no guarantee that a block-cipher is secure.
By the way, somebody once told me that there are programs that exist which can break block-ciphers if you have a plaintext which correlates to a ciphertext. That can't happen in Caesarion, since the plaintext is split up into random sized chunks and then salted, before encryption.
Yes I do know what I'm talking about.
I've never used PGPI or Gnu-PG, and I have no desire to use them or look at their source code.
What obvious errors are you talking about ?
Cheers,
Robin Carey.
Comments
By Anonymous Coward () on
This is true, but PGP/GPG generates a new random session key every time it encrypts something. This is why everyone has been saying Robin's point 4 is wrong. (It would have been helpful if one of you had explained this earlier.)
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Even if what you're saying is true, pure RSA salted encryption is still much stronger.
This is because there are no security risks from block-ciphers/symmetric-ciphers, and because the key-size used for the RSA encryption is much larger than what would be used for a symmetric cipher.
Another plus point is this: PGP/GPG use RSA, and then they use some symmetric cipher like IDEA, Blowfish etc. Caesarion only uses RSA. So instead of using two algorithms, it only uses one; Which is simpler and means there are less things to go wrong.
Cheers,
Robin Carey.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Then you're not a good enough cryptographer for me to trust you to design an algorithm.
> Yes I do know what I'm talking about.
Clearly not.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
You certainly don't know what you're talking about, since you've already passed judgement on:
*** Who I am and what my capabilities are. ***
And since you're not in full possession of all the facts required to make such a judgement .....
Don't forget that Caesarion only uses algorithms recommended by the experts: RSA and ARC5.
Cheers,
Robin Carey.
By Anonymous Coward () on
(At least) point 4 is completely bogus.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Why don't you check my references at:
http://www.rcarey.org/security.html
What algorithm are you talking about anyway ?
If you're trying to say that the algorithm which prevents an adversary from gathering knowledge of the lower bound of any public-key (when using secret public-keys) is not secure, or that its security is somehow questionable:
(a) Sounds like you don't even know what the algorithm is.
(b) Go and read the literature and my source code before you start making accusations like that, since you clearly don't know what you're talking about.
Why don't you explain to me why point #4 is bogus ?
Cheers,
Robin Carey.
By couderc () on
Well, when i see the feedback for requested ports i think that the next request have to be well followed by the requester ...
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Thanks for your pleasant comment with regard to Caesarion v3. Everyone else seems to have something unpleasant to say about it .... :)
Well, if there was enough requests I'd be happy to make an OpenBSD port of Caesarion, however I must be frank and tell you that I've had a few clashes with certain OpenBSD developers in the past ....
Cheers, and Love/XXX :)
Robin Carey.
By click46 () click46@operamail.com on www.genmay.net
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Well I'm hurt that you think my web-site is a horror :)
Emmm, the main web-page for Caesarion (http://www.rcarey.org/cion.html) seems to explain what the program does:
Caesarion is a (64-bit clean) professional quality, open source, and completely free E-mail security tool for the FreeBSD, OpenBSD and Linux operating systems.
It should also compile on NetBSD and other UNIX-like operating systems without difficulty.
Caesarion is written in ANSI C++ and the source code is mostly ANSI/ISO/POSIX compliant.
The software provides communications secrecy, user authentication and data-integrity verification.
Caesarion is very simple to use and comes with complete documentation and examples showing how to use it.
Cheers,
Robin Carey.
Comments
By Anonymous Coward () on
it would help to have the documentation online viewable and screenshots if applicable. i dont like having to download something just to find out what it does, and the one line description isnt too informative. "keep it simple" is a great motto, but not at the cost of being functional!
thanks.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Or is that somehow not clear enough ? :)
Well, I've done all of this unpaid work on my own, and so far I'd say it's taken quite a few weeks of full-time work. Bear that in mind :)
But yeh, it could be possible to put the docs online. I'd be willing to put more effort into things like that if there were more people interested in Caesarion.
Cheers,
Robin Carey.
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
I am sorry you find my post somewhat problematic.
Again, I'd like to thank the OpenBSD Journal admin for posting my story, since I am trying to advertise and attract attention to my new software.
Cheers,
Robin Carey.
By Tycho Fruru () tycho@fruru.com on http://www.fruru.com/
Comments
By Tycho Fruru () tycho@fruru.com on http://www.fruru.com/
First, I suggest you go and read http://www.interhack.net/people/cmcurtin/snake-oil-faq.html
I find quite a number of unsubstantiated claims in the Caesarion webpages. Use DD when approaching a program boasting all said qualities and at the same time saying that PGPI is not to be used.
If Caesarion is really this good (which is entirely possible), it doesn't need to bash other products/implementations.
I'd like to hear Robert's opinion on the OpenPGP standard and GnuPG. If there are any gaping holes or weaknesses I'm sure that the community would want to hear about them.
I also looked a bit at http://www.rcarey.org/security.html and - without talking about encryption strength or weakness - at least point 12 says to me that the program will be awfully slow - perhaps about 1000 times slower than a program using symmetric encryption for the main message. So messages containing eg. a filesystem image (yes I do this with GnuPG) are really out of the question.
#ifndef HUMOR_IMPAIRED
For french-speaking people (all others are of course also invited), see also http://membres.lycos.fr/autocoup/cdp.html which is in a separate category in itself :-)
#endif
And no, I do not want to have any replies mentioning CDP, thank you.
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
I'm going to have correct your false statement:
"....and at the same time saying that PGPI is not to be used...."
Nowhere on my web-site do I say that PGPI is not to be used.
Neither am I trying to bash other products/implementations.
Yes, Caesarion should be slower than PGPI or GnuPG. This is due to its higher security, and since high security was my primary goal when writing Caesarion, I decided it was a price worth paying.
My new computer is a 1.5GHz Athlon with DDR memory, and I am astonished at how fast Caesarion runs.
Cheers,
Robin Carey.
By Anonymous Coward () on
Its author is a charlatan. The claims he makes are false.
I doubt he knows that he is so, but truth's hard; he should not be blamed for it.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
To the best of my knowledge there are no bugs or security problems in v3 of Caesarion.
Cheers,
Robin Carey.
Comments
By Camiel Dobbelaar () cd@sentia.nl on mailto:cd@sentia.nl
http://marc.theaimsgroup.com/?l=openbsd-bugs&m=101303123525502&w=2
Comments
By Anonymous Coward () on
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
I wouldn't be arrogant enough to say that I'm a crypto expert. But I'm not an amateur either.
At the end of the day, it all boils down to facts, figures, 0's and 1's.
So far nobody has deonstrated any weaknesses or security holes in Caesarion, and until somebody does all I can say is:
To the best of my knowledge there are no bugs or security problems in Caesarion v3.
Please, feel free to prove me wrong. If anybody finds a bug or a security problem, send me an E-mail at robin@wizardsworks.org ..........
Cheers,
Robin Carey.
Comments
By TF () on
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Somebody remembers that then :)
Caesarion uses a superior version of that algorithm. Since v3 I've made a non-critical but significant improvement to that code.
I think Caesarion is pretty hot, myself.
Cheers,
Robin Carey.
Comments
By Better Cryptographer than You! () foo@bar.org on mailto:foo@bar.org
// Finish up with a further 8 bytes from a completely separate
// entropy source:
//
static struct timeval Time;
static struct timezone Zone;
static struct rusage rusage;
static ByteType byte1, byte2;
static ByteType accum = 0;
static size_t i;
for (i = 0; i
byte1 = Time.tv_usec;
getrusage (RUSAGE_SELF, &rusage);
byte2 = (rusage.ru_utime.tv_usec + rusage.ru_stime.tv_usec);
accum += (byte1 + byte2);
rndData [ rnd_i ] = (byte1 ^ byte2 ^ accum);
}
Comments
By Better Cryptographer than You! () foo@bar.org on mailto:foo@bar.org
I don't have time to do any more than a cursory check unless there are dollars involved.
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Sorry, Caesarion is a free software project.
Even if I wanted to, I could not afford to hire help.
To the best of my knowledge there are no bugs or security problems in Caesarion v3/v4.
If you think you've found a problem, please send me an email and I'll be happy to fix it and give you credit, if you wish.
Cheers,
Robin Carey.
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org
Am I to deduce from this sparse comment that you've found a problem in Caesarion v4 ?
If so, please, send me an E-mail at:
robin@wizardsworks.org
I won't make any changes to my source code without proof that there is a bug/problem.
I think you'll find that the above code produces numbers which cannot be predicted. The tests that I've run show that to be the case.
Cheers,
Robin Carey.
Comments
By onion () onion@bbe.org on mailto:onion@bbe.org
Personally, I like the design of your software, but I don't trust the entrophy algorithm at all. Call me paranoid, but I think that you are making a a lot of assumptions. Even a set of automated tests are not enough to decide how "good" the entrophy source is. I think that you should swallow your pride a bit about this algoritm. I haven't seen anything else in your code that is suspect yet, but this to me is a showstopper. Think about making it an option at least, and I will consider trying it out. :-)
Comments
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
"....should at least make your "secure" (sic) encryption algorithm an option that can be turned off by default...."
I think you've made a mistake here - I assume you're talking about my entropy generation algorithm ?
I've got the D&I of 4.4 BSD BTW :)
Yes I think you're right about making it an option that can be switched off.
Have you had a look at the entropy generation algorithm in v5 ? It is much stronger than what was used in v3/v4. And to be honest, I'm satisfied that the numbers it produces are indeed completely unpredictable.
I was hoping that I had everything worked out and correctly written so that there would only be at most two releases of Caesarion. Unfortunately mistakes and improvements meant that this was not possible.
I've recently realized that there is a non-critical security improvement that can be made to the way data is encoded prior to encryption, so I'm probably going to release a v6 which will not be backwards compatible. So I think I'll take your advice and add an option to the software which switches off my Entropy generation algorithm.
Cheers,
Robin Carey.
By Robin Carey () robin@wizardsworks.org on http://www.rcarey.org/cion.html
Version 5 is up for grabs at:
http://www.rcarey.org/cion.html
I'd love to know the results of your "attractor graph" (never heard of one of those before !) and my new entropy generation algorithm :)