Cracking an old ZIP file to help open source the ANC's "Vula" secret crypto code

316 pointsposted 6 days ago
by jgrahamc
(blog.jgc.org)

44 Comments

edent

6 days ago

One thing I found fascinating about Vula was how the lack of usability of the system was its downfall.

You had highly committed activists, fighting for freedom, up against a murderous regime - and yet they still failed to use the system properly.

Activists left documents unencrypted. Keys were easily obtainable. Some important communications were sent in the clear because people found the software so cumbersome.

We all know that setting up PGP and using it properly is a pain in the neck. Security is usability.

I wrote a bit more about Vula at https://shkspr.mobi/blog/2014/01/the-hardest-problem-in-encr...

amne

6 days ago

imagine losing your house keys and never being able to enter it again.

usability, most of the times, reduces security.

jll29

5 days ago

"Imagine"? There are plenty of folks who lost access to the crypto wallets with millions in it.

bravetraveler

5 days ago

I used mining as a stability test, there's a small fortune floating somewhere. There was a time one could feasibly get a full Bitcoin every week with a single core Athlon64 chip running 24/7

Before Agent 47 starts sleuthing, the wallet is on a mechanical drive that almost surely didn't make it through at least a dozen moves over just as many years. Good luck.

rurban

6 days ago

I've got a look at his number generator for the secure one-time pad, and Melissa O'Neil would be proud. Almost pcg. It uses the powerbasic system Rand LCG to switch between 3 new rand1-3 functions, two of them with different LCG's.

https://github.com/Vulacode/RANDOM/blob/d6a1a1d694b22e6a115b...

20k

5 days ago

Man that one time pad generation is...... not good, I would bet that its very possible to recover the seed state for the different generators, LCGs are trivial to reverse engineer. It looks like the PRNG's are seeded by the system RNG as well, which means that you only need to recover the initial seed of the system's LCG to reverse engineer the one time pads

I don't know what the seed size is of the system LCG, but if its 32-bit (which I think it is), you could simply bruteforce the seed state, and do entropy analysis on the result to crack it in like an hour tops

tetha

5 days ago

Hm. This is crypto from 30 years ago. And from reading around, the OTP generation never left UK jusidiction, so it would be a black box to attack. Handwaving how this is trivial to defeat with current compute and crypto analysis with full information feels quite unfairly dismissive, even if correct.

Especially since it was strong enough that human error dominated.

20k

15 hours ago

I was having more of a think about this, one of the issues with LCG's is that they're linear, which means that even relatively basic cryptographic analysis can defeat them. The issue here particularly is that, say you have a cryptoscheme where you encode ascii characters. 95% of your plaintext data has one of the two following formats in binary:

011xxxxx 010xxxxx

And of that, about 70% is:

0110xxxx 0100xxxx

This means with a deterministic seed, you're giving away 3 known bits of state away with every with every encrypted letter, and a good chance at a 4th

That analysis does not require a particularly deep understanding of the cryptosystem to be able to perform, known plaintext is going to be one of the first things that anyone tries. Its less complicated than many crypto schemes that were broken

Disclaimer: I have no idea how this system encodes things as the technology predates my knowledge, and it might not be so straightforward as this

nxobject

6 days ago

And the original programmer wrote a of this while having to pick up crypto and BASIC on the go, too. Never roll your own crypto is the first rule, unless you were in the late 80s and working with fancy new tech…

Vecr

6 days ago

Nowhere near good enough for an actual One Time Pad, obviously.

sweeter

5 days ago

I find the fall of the South African apartheid pretty fascinating all around. I wasn't really even aware of this aspect. Fun fact, this is where the BDS movement started (boycott, divest, sanction) and the majority opinion at the time was that the apartheid would never end... but after a long time of continuous pressure from many different pressure points, it caused a lot of stress which led to its collapse.

pretty interesting that this was done on a Toshiba T-100. What a neat computer.

geenkeuse

6 days ago

Fascinating. We have been through so much here in SA. Hoping that this GNU of ours sets back the Doomsday Clock.

Recommendation - Action Kommandant. A peek into the life of Ashley Kriel, one of our martyrs and the pride of Bonteheuwel.

nxobject

6 days ago

Thank you so much for sharing his name - it has been a passion of mine to learn about some of the gifted fellow travelers of the ANC, whose stories (and diverse talents!) are often overlooked…

I learned about Athol Fugard in secondary school English, from a bolshie teacher who fled from SA to Canada in the 80s to avoid surveillance, and it opened my eyes.

My best wishes to the SA people as well. A nation of so many gifted people and natural riches deserves so much better. At least it seems like the era of sclerotic internal politics in the ANC is over.

atlas_hugged

6 days ago

TIMBOBIMBO hahahhaha

rurban

6 days ago

The keys were personalized though. So this was for Timbo

declan_roberts

6 days ago

Read through the whole article to see the password reveal. Was not disappointed!

Thorrez

6 days ago

That wasn't the password of the zip file that John cracked. TIMBOBIMBO was the password of a file that was inside the zip file, specifically a program. The program prompted for that password before it would continue running.

The blog post doesn't say the zip file password. It's not clear to me if the program that cracked the zip file even found the zip file password. It might just be able to find the plaintext but not the password.

qingcharles

6 days ago

I too was waiting to see what the ZIP password was after all these years. I wonder if there is a way to reverse the decryption key into the password, or is it a sausage machine like password hashing?

How long would it take to brute-force this on a modern PC?

jgrahamc

6 days ago

I spent a lot of power trying to reverse the actual password and got this far:

    PROGRAM  PATTERN                             MAX LENGTH TESTED
    bkcrack  ?p                                  14
    bkcrack  ?u?d                                16
    bkcrack  ?u                                  17
    bkcrack  ?l                                  15
    bkcrack  ?u?l?l?l?l?l?l?l?l?l?l?l?l?l?l?l    16
    bkcrack  ?u?l?u?l?u?l?u?l?u?l?u?l?u?l?u?l    16 
    hashcat  ?u?l?d                              14
The author kindly modified bkcrack based on Tim's fuzzy recollection of what he thought he might have chosen for the password: https://github.com/kimci86/bkcrack/pull/56 and https://github.com/kimci86/bkcrack/pull/126. However, I ran out of time to work on this part and it seemed more important to get the actual code running.

Also, in the course of things I discovered that Tim used PKZIP inside the BASIC code using a password that used non-printing characters.

qingcharles

5 days ago

> Also, in the course of things I discovered that Tim used PKZIP inside the BASIC code using a password that used non-printing characters.

Wow, that would make brute-forcing it an order of magnitude slower if you're having to cycle through control characters too. I wouldn't have thought to do this, as I wouldn't risk it not being supported.

rasz

6 days ago

>Operation Vula ... 8-bit computers, DTMF tones, acoustic couplers

CIA/NSA got a whiff of Operation Vula using off the shelf Philips PX-1000 with build in DES and backdoored the product by bribing Philips https://www.cryptomuseum.com/crypto/philips/px1000/

rurban

6 days ago

Which Tim Jenkins did overcome by using his own systems and own crypto. No backdoored DES, but ultimately secure one-time pads transported via floppies by the stewardess to each party. If they got hold of such a floppy in SA, it would only compromise the messages of this one receiver. Which would be detected sooner or later.

jll29

5 days ago

Probably using ANY commercial encryption tech, you're doomed.

But it is naive to generate the key for a one-time pad using a PSEUDO random number generator!

The whole point of the one-time pad is to achieve true security because you can use truly random keys. The kind of key that used here could have been created locally by just exchanging the seed, which would have prevented putting all these stewardesses in danger ;-).

I understand the developer was self-taught (and "learn as you go" on top), so it's understandable, but whoever reads this and has truly important secrets, don't be that silly.

Having said this it is no easy to generate truly random numbers in large quantities. Again, you will need to build yourself your own hardware device, because most likely, all commercially available gear is rigged.

nullc

4 days ago

> But it is naive to generate the key for a one-time pad using a PSEUDO random number generator!

which is what every stream cipher is, ... and indeed, they do suffer the expected failure modes from key reuse, etc.

Doesn't stop them from being a popular best practice. :)

deisteve

6 days ago

[flagged]

sterlind

6 days ago

but you denounce apartheid, right? and you condemn the Bantustans? and the chemical and biological weapons being developed under Project Coast, including mass sterilization of the black population, as revealed by the TRC hearings?

_djo_

5 days ago

Of course they don't. Apartheid nostalgia is easy enough to spot.

peterfirefly

5 days ago

The Truth and Reconciliation thing was curiously one-sided. Why was Winnie Mandela allowed to be free until her death, for example? Why did we hear so little about the ANC's crimes?

_djo_

5 days ago

If it was one-sided, it was in favour of the Apartheid regime. It was an inevitably imperfect system that went far too easy on the old Apartheid regime guard and let nearly all of them get away with what they had done.

Not a single senior Apartheid regime leader was prosecuted and jailed for their crimes, even though most refused to co-operate with the TRC. The ANC at the time decided to let things lie in the name of reconciliation, forward progress, and focusing on crime, but they would've been fully in their rights to have dedicated serious investigative and prosecution resources against the people who ran the Apartheid state.

peterfirefly

5 days ago

> If it was one-sided, it was in favour of the Apartheid regime.

Who committed most of the crimes (and by far the worst crimes) back then? Definitely not the whites. And who were most of the victims? Also not the whites.

_djo_

5 days ago

When talking about crimes committed by or on behalf of organisations the answer is by far the apartheid regime and its security forces. They brutalised & terrorised the majority of the population for decades in order to uphold a racist white minority regime, murdering many people in the process.

I’m astounded that you think this is even a debatable point.

deisteve

5 days ago

Its not so clear cut and dry. Even Nazi Party had considerable support from Americans seeing many of its corporations took party in atrocities.

Simply writing off South Africa as racially politicized event is lazy.

_djo_

4 days ago

It is exactly that cut and dried: We have primary source accounts from the architects and implementers of Apartheid where they outlined their rationale and their beliefs that black South Africans were inherently morally, intellectually, and culturally inferior in every way to white South Africans.

They banned racial iteractions to absurd degrees, forbidding interracial marriages, dancing, education, and a host of other things. They forced black South Africans into intentionally inferior education systems, the so-called 'Bantu Education', designed to keep them broadly uneducated and only able to carry out semi-skilled work at best. They implemented a brutal system of repression and pass laws. I could go on and on.

It was a system explicitly and unmistakably based on racism.

user

4 days ago

[deleted]

Thaxll

6 days ago

If you want to crack "old" ZIP and you know a few characters in the archive there is nothing better than: https://github.com/kimci86/bkcrack

stavros

6 days ago

The program the entire article is about?

cxr

6 days ago

[flagged]

user

6 days ago

[deleted]

user

6 days ago

[deleted]