TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
They discuss not only Adobe's flawed methods but also some truly appalling
ones from other companies.
In particular, the XOR encryption method described on slide 5 http://www.treachery.net/~jdyson/ebooks/slide05.html
is amazingly weak. The methods shown in slides 11, 12 and 13 are also awful,
but slide 5 is the worst, so it is the only one I'll deal with in detail here.
It can be broken with pencil and paper. You don't even need a computer.
Far better ciphers than this were in widespread use at least as far back as
the Napoleonic wars. See David Kahn, "The Codebreakers: the Comprehensive
History of Secret Communications from Ancient Times to the Internet"
second edition Scribner 1996 ISBN 0684831309
A C program to break it is:
/*
XOR of lettters in "encrypted"
the two e's cancel each other, so we can skip them
*/
#define X ('n' ^ 'c' ^ 'r' ^ 'y' ^ 'p' ^ 't' ^ 'd')
main()
{
while( (c=getc()) != EOF)
putc( c ^ X ) ;
}
Six lines of code, counting main() and the { } lines. Execution would
not be noticably slower than just copying the file.
Assuming Sklyarov's description is accurate, you could do a complete
decryptor, taking their "protected" files to HTML output by making
under ten lines of simple changes to a decompressor library.
If they kept the method as Sklyarov describes but you didn't know the
key, then you'd need to add perhaps another dozen lines and loop around
to try 256 different keys.
Now the slide also quotes the vendor's web site (http://www.ebookpro.com/)
claiming that this rubbish is:
"the only software in the universe that makes your information
virtually 100% burglarproof!"
I've just checked the site and that claim is indeed there. If Sklyarov's
analysis of what they're actually using is accurate, then these bozos
are quite obviously guilty of false advertising.
Any volunteers to lay that charge? It needs someone in the US, perhaps
in Washington, since whois info for the liars is:
Registrant:
Internet Marketing Center (EBOOKPRO2-DOM)
1123 Fir Ave
Blaine, WA 98230
US
Domain Name: EBOOKPRO.COM
Administrative Contact, Billing Contact:
Rudl, Corey (CR1353) domainreg -at- MARKETINGTIPS -dot- COM
Internet Marketing Center
1123 Fir Ave.
Blaine, WA 98230
US
604-730-2480 604-730-2480
I suspect that useful expert witnesses in such a case would be people from
the American Cryptogram Association:
These are a group of amateurs who break "classical" ciphers as a hobby --
pencil-and-paper systems, not using either the mechanical cipher machines
common in the World War II era or the more recent computerised ciphers.
They publish a magazine with various puzzles and discussion of "classical"
pencil-and-paper attacks.
I would expect them to testify that the cipher in Sklyarov's slide 5
would be rejected from their magazine as too easy to bother with.
A few people on the list work in high schools. Anyone care to produce
some evidence on the strength of this cipher by giving a high school
programming class the assignment of breaking it? University students
would just laugh at the idiot design, and refuse to waste their time,
but it might be difficult enough to interest high school kids. Don't
tell them the key; that would make it too easy, even for them.
*** Deva(tm) Tools for Dreamweaver and Deva(tm) Search ***
Build Contents, Indexes, and Search for Web Sites and Help Systems
Available now at http://www.devahelp.com or info -at- devahelp -dot- com
A landmark hotel, one of America's most beautiful cities, and
three and a half days of immersion in the state of the art:
IPCC 01, Oct. 24-27 in Santa Fe. http://ieeepcs.org/2001/
---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
