I just wanted to point something out. This is what Storm sent me in his PM:
"I ran the code through a few programs that analyze entropy via auto-correlation, the n gram results indicate a weak encryption, but one that results in highly entropic data (which I correlated against a similar data set size from a randomness extractor) when decoded via Hex, which I suspect is a secondary encode, as most encrypted data sent via communications is encoded in order to avoid corruption. This may have skewed the block size analysis done previously (resulting in 376bytes or 64bits).
Source Code[/size]
- ³+�:5ºÝfW|$ÁOÉCFÑ1§ÅK¸/þà"aWw?$y#Ü!ö,Ô.‘ògµE«Êí¯aQ
- Nê‡Í3ÇÇ?q10œÄ(´$=TðDùÏb–Ù¿÷9~C˜æ2Ú
- ?äx³¥O]Üiuú÷I„žbYZŸc•‘=à>:¬?8ŒEû…þ‘5AÖÀƒ˜òȃ2¨/ß�(büÜOçäj?éQÅÈ´dã:¹,–†.‹À™¸8�Úy¶?ä¢Y›mHǹSŒîc‘Dôaº’äþu$,Ø?QÖ•Q˜‡j|ª½{@I"A0©f̳Á9F:?~š7ª†?²xü—1ÀœŒy~y“
- @eF²Lšb›&Â?Î*KäXš7_ësÄ«"\„Œøž)²q3—6G?J‰(íÖTiŒ^[PgFövZo%Þ¤Ú@þ¶e?E$i6•ˆ=Ë!æûþû¸Z)‘”€6¥+]"
Now, I ran this result through a UTF-8 “decoder,” which resulted in it paring things down to this:
+:5fW|$OCF1K/“aWw$y#!,.ògEaQN3q10($=TDbٿ9~C2xO]iuIbYZc=>:8E5Aȃ2/(bOjQd:,.8yYmHǹScDau$,؏Q֕Qj|{@I"A0f̳9F:~7?x1y~y@eFLb&*KX7_sī”)q36GJ(֏Ti^[PgFvZo%ޤ@eE$i6=!Z)6+]
Granted, all this has really done is convert the data (the decimal representations are still the same) but it does clean it up a bit. This “weak encryption” with “highly entropic data” really bugs me. The classic example of shit entropy is ROT-13, where literally the inverse letter of the alphabet is used for both encryption and decryption. This is a very weak encryption, and it also results in terrible entropy.
However, and this is something we should seriously consider, what if instead of using the same rotational method, you implement a method that changes for every instance. For example, if I have the message:
THEBEARS
I can encrypt this using ROT-13 to get:
GURORNEF
Unfortunately, what if I need to encrypt something longer? Say I want to encrypt:
THEBEARSANDTHECATS
This results in:
GURORNEFNAQGURPNGF
Now I’ve got two instances of the exact same grouping of three letters, which most people will narrow down to be “THE”. This suggests that this weak encryption method has terrible entropy.
However, if I take that same phrase:
THEBEARSANDTHECATS
and encrypt it using the same weak encryption method, but by changing the rotation for each instance (ROT-1, ROT-2, ROT-3, etc.), I would get:
UJHFJGYAJXOFUSRQKK
Now my two instances of “THE” are masked by the changing rotation, thus resulting in more entropy than before. Now, this doesn’t necessarily mean that our data is rotated in exactly this way, but it’s possible to use a relatively weak encryption method but still have a result with high entropy. In cryptography, this is usually done with a random number generator, but the odds of Storm using one is unlikely due to how nigh impossible it would be for us to crack. Therefore, if he specifically designed it to have high entropy, then it’s possible he is simply using a method derivative of ROT-13 but in terms of hexadecimal. This doesn’t really help us much, as we still have no way of knowing the potential method for doing this, but hopefully it will spark some imaginative reflection.
EDIT: If you check out the ARG called “Torment” that Storm mentioned he was a part of, it references one of the ciphers using a type of cryptography used in the Edgar Allan Poe story “The Gold-Bug.”
Although that used simple substitution, it’s not impossible that Storm implemented something similar with a rotation or other method implemented. Or, he could simply have substituted the characters in UTF-8 or a similar encoding.