On Tue, 17 Nov 1998, Nick S Bensema wrote:
> Encryption is usually designed so that the inverse function is bloody
> difficult to figure out.
Not for sound cryptographic algorithms. It is generally accepted that a
cryptographic algorithm SHOULD NOT rely on the secrecy of the algorithm as
a security measure. Instead, by a process of public review, is an
algorithm's security probed and refined. The security of an algorithm
should reside in its keys, not in the secrecy of the algorithm itself.
Always assume that your enemies will have a complete understanding of the
algorithm you plan to use. Only when an algorithm is carefully
scrutinized by members of the public (over what can be a very long time)
is its security established.
In the case of the Atari 7800, the algorithm has been carefully reverse
engineered, but unfortunately, that does not lead us anywhere. And as for
all worthy algorithms, it should not. The catch is that we are stuck
trying to determine the factors of one monstrously large (960 bits)
composite number that is (most likely) the product of two primes. This
should ring a bell for anyone with a smack of experience with the RSA
algorithm.
> You may have to venture outside this list; there might be a few hackers
> out there wearing Phrack T-shirts who can do in one weekend what the
> bunch of us could never do.
Unfortunately, I don't think anyone will be factoring this 960-bit number
any time soon. I think the sun will run out of fuel before that day
comes. :-)
> Once the decryption code is implemented in C, and is _PROVEN_ to be
> accurate, it will probably make it easier for the world at large to
> analyze.
Bruce Tomlin has determined the algorithm, which appears to resemble the
RSA algorithm that is widely used in public key cryptography. I'm not
sure I'd really call it "encryption" or "decryption" -- it seems to really
be more like a digital signature.
Is that what Atari did? Did they digitally sign Atari 7800 cartridges,
perhaps as a means of quality assurance after The Crash and its slew of
horrible Atari 2600 games? It seems like the Atari 7800 ROM has Atari's
public key embedded in it, and each cartridge has been signed by Atari's
private key (probably long since lost). At startup, the Atari 7800
verifies the cartridge signature, and if the signature on the cartridge is
not valid, then the Atari 7800 refuses to run it.
Paul Hart
--
Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc.
hart@xxxxxxxxxxx ><8> ><8> ><8> http://www.iserver.com/
--
Archives (includes files) at http://www.biglist.com/lists/stella/archives/
Unsub & more at http://www.biglist.com/lists/stella/
