CO2 Cryptographic concepts

[diedwarrior]

Hello All,


Lately I've been reading a lot about cryptography and different algorithms, for example symmetric and asymmetric algorithms, MACs and digital signatures, so I thought about learning some cryptographic concepts from CO2 aswell, as how to handles different stuff in a secure way, what would be the best way to learn the behind the features stuff, i.e is there like a base source that I could look at that would explain these stuff in a good way, or any other recommended methods?

Thanks.

[CptSky]

Quote:

Originally Posted by diedwarrior

Hello All,


Lately I've been reading a lot about cryptography and different algorithms, for example symmetric and asymmetric algorithms, MACs and digital signatures, so I thought about learning some cryptographic concepts from CO2 aswell, as how to handles different stuff in a secure way, what would be the best way to learn the behind the features stuff, i.e is there like a base source that I could look at that would explain these stuff in a good way, or any other recommended methods?

Thanks.

CO2 used symmetric key algorithms to encrypt packets. Historically, it was a custom-made stream cipher, nothing fancy. They later switched to block ciphers using the CFB64 mode (which converts the block cipher into a stream cipher, dumbed down). They used Blowfish and CAST-5. When they did that switch, they also introduced a "proper" key exchange using Diffie-Hellman, to generate the shared symmetric key. But the way it is implemented, it isn't protecting against MitM attacks.

CO2 also used RC5, a block cipher, to encrypt the password (as a single block basically). They later used I think SRP-6, but I've never looked at it.

You won't really see any uses of asymmetric key algorithms, digital signatures or even hash functions in CO2. The protocol lacks authentication, it lacks integrity validation, it uses a block cipher mode that is not really used nowadays, it is vulnerable to few attacks. So it is fine if you learn how CO2 did the crypto, but don't use it as a reference for future work :P

Now for learning, most sources have copy-pasted crypto. A few people have the full understanding, but I don't it was ever properly documented. Not that it is rocket science either. It is mostly self-documented by the code itself.

[diedwarrior]

Quote:

Originally Posted by CptSky

CO2 used symmetric key algorithms to encrypt packets. Historically, it was a custom-made stream cipher, nothing fancy. They later switched to block ciphers using the CFB64 mode (which converts the block cipher into a stream cipher, dumbed down). They used Blowfish and CAST-5. When they did that switch, they also introduced a "proper" key exchange using Diffie-Hellman, to generate the shared symmetric key. But the way it is implemented, it isn't protecting against MitM attacks.

CO2 also used RC5, a block cipher, to encrypt the password (as a single block basically). They later used I think SRP-6, but I've never looked at it.

You won't really see any uses of asymmetric key algorithms, digital signatures or even hash functions in CO2. The protocol lacks authentication, it lacks integrity validation, it uses a block cipher mode that is not really used nowadays, it is vulnerable to few attacks. So it is fine if you learn how CO2 did the crypto, but don't use it as a reference for future work :P

Now for learning, most sources have copy-pasted crypto. A few people have the full understanding, but I don't it was ever properly documented. Not that it is rocket science either. It is mostly self-documented by the code itself.

Thank you very much, this will help me a lot.