At 1:49 PM -0400 9/6/99, [EMAIL PROTECTED] wrote:
>On Mon, 6 Sep 1999, Arnold Reinhold wrote:
>
> > If a field worker might have access to a computer in country but
> > would not be in a position to use PGP, I'd suggest CipherSaber, which
> > is based on RC4 and is simple enough to program from memory (see
> > http://ciphersaber.gurus.com). Almost all PCs come with Qbasic built
> > in or on the CD-ROM. I haven't tried it, but CipherSaber should fit
> > easily into most of the newer graphing calculators (The $200 TI-92+
> > even has a qwerty keyboard. See http://www.ti.com/calc).
>
>Yeah, I have no doubt that RC4 could be implemented quite easily on
>TI calculators (certainly on the 85, 86, 92 and 89 .. and probably
>on the 82 and 83 as well .. though I haven't programmed them).
The 82 has a maximum list length of 99 values, which would make it a
pain to implement RC4's 256 byte S array. The others look more than
capable. They all have alphanumeric displays and a full alphabet on
their keyboards.
>
>I did MD5 on my 92 awhile back.
In TI Basic? I'm impressed.
BTW, several of these units also permit assembly language
programming. The 83/83+ is Z80 based. The 89/92+ are 68000 based,
with 188K of RAM. PGP isn't out of the question on those.
>
>A couple of points in making an actual crypto application on the TI
>(as opposed to just doing an algorithm):
>
> Transferring ciphertext from the TI to a computer would require
> a utility on the computer to wrap up the ciphertext to make it look
> like a list to the TI. Then the TI can do nice, easy subscripting
> to access the list. A table might be needed to display the plaintext,
> since I don't know if they use ASCII.
I was thinking of the calculators more as stand-alone cipher
machines, a la Enigma, but with modern, strong encryption (RC4).
Ciphertext would be entered or written down as hex pairs or even
3-digit decimal numbers. The ciphertext could be transmitted via
FAX, e-mail, snail mail or, tediously, by voice. As long as
CipherSaber's 10-byte IV is sent correctly, a single ciphertext
garble will only cause the corresponding plaintext letter to be
wrong. FAX has an advantage in that it is harder to screen for
ciphertext than e-mail and it is more universally available.
An interesting variant would be to restrict plaintext to the 26
letters of the alphabet (same as Enigma and Solitiare). Ciphertext
would then also be composed of letters of the alphabet. A simple way
to do this would be to discard RC4 cipher stream output bytes that
are greater than 233. (234 = 9*26). Reduce cipher stream bytes that
are not discarded modulo 26, and then add or subtract them from the
numerical value of the letter (A=0, B=1,...). This should be at least
as strong as RC4. The values will be at least as uniformly
distributed as RC4, you are using less entropy per cycle and the
discarded bytes provide added mixing.
Ciphertext would be the same size as plaintext except for the IV.
The IV could be sent as 20 hex digits coded as [A-P]. For a small to
medium network, another alternative is to base the IV on the date and
time of the message, along with some code indicating the sender,
perhaps the numerical value of the sender's initials. Remember, the
IV only has to be unique.
Of course it wouldn't be much more effort to support both 26 symbol
and 256 symbol modes.
Staples stocks the TI-83+ at $92.99. So for under a hundred bucks and
a little time spent in TIBasic programming you can own an
off-the-shelf coding machine using strong encryption, interoperable
with CipherSaber programs on other platforms, in a reasonably
portable and innocent-looking package. And it will still do math.
Anyone care to try it?
Arnold Reinhold
