Algorithms of enciphering

From time immemorial there was no value большей, than the information. The XX-th century - a century of computer science and information. The technology gives the chance to transfer and store the increasing volumes of the information. This blessing has also a back. The information becomes more and more vulnerable for various reasons:

Therefore the increasing importance is got by a problem of protection of the information from unapproved access (НСД) by transfer and storage. Essence of this problem - constant struggle of experts in protection of the information against "opponents".

The algorithm name	The size of a key, bit	The size of the block, bit	The size of a vector of initialization, bit	Quantity of cycles of enciphering
Lucipher	128	128
DES	56	64	64	16
FEAL-1	64	64	4
B-Crypt	56	64	64
IDEA	128	64
GOST 28147-89	256	64	64	32

   The obvious tendency to transition to digital methods of transfer and information storage allows to apply the unified methods and algorithms to protection discrete (the text, a fax, a telex) and continuous information (speech).
   The tested method of protection of the information from НСД - enciphering (cryptography). Enciphering (encryption) name process of transformation of the open data (plaintext) in ciphered (шифртекст, ciphertext) or the ciphered data in opened on certain rules with application of keys. In the English-speaking literature zashifrovanie/rasshifrovanie - enciphering/deciphering.
   By means of cryptographic methods probably:

Legends of olden time deep...

Boris Obolikshto

Cryptology - an ancient science and usually it underline the story about Julia Caesar (100 - 44 BC) which correspondence with Tsitseronom (106 - 43 BC) and other "subscribers" in Ancient Rome was ciphered. Caesar's code number, differently the code number of cyclic substitutions, consists in replacement of each letter in the message the alphabet letter, отстоящей from it on the fixed number of letters. The alphabet is considered cyclic, that is after Z follows A. Caesar replaced the letter with the letter, отстоящей from initial with three.
Today in cryptology it is accepted to operate with symbols not in the form of letters, and in the form of numbers, to it corresponding. So, in the Latin alphabet we can use numbers from 0 (corresponding A) to 25 (Z). Designating the number corresponding to an initial symbol, x, and coded - y, we can write down an application rule подстановочного the code number:

y = x + z (mod N), (1)

Where z - a confidential key, N - quantity of symbols in the alphabet, and addition on module N - the operation similar to usual addition, with that only difference that if usual summation yields result, больший or equal N value of the sum considers its remainder of division on N.
  Caesar's code number in the accepted designations corresponds to value of a confidential key z = 3 (and at Caesar Avgusta z = 4). Such code numbers reveal extremely simply even without knowledge of value of a key: the nobility only algorithm of enciphering suffices, and the key can be picked up simple search (so-called power attack). The cryptology also consists of two parts - the cryptography studying ways of enciphering and-or check of authenticity of messages, and криптоанализа, a considering way of decoding and substitution of cryptogrammes. Instability of the first code numbers for many centuries has generated atmosphere of privacy round work криптографа, has braked cryptology development as sciences.
  So-called "донаучная" the cryptography more than for two thousand years полуинтуитивно "has groped" very many interesting decisions. The elementary action - to execute substitution not in alphabetic order. It is quite good to rearrange also symbols in the message in places (code numbers of shifts).
  The first regular work on cryptography it is considered to be work of the great architect of Leon Battista Alberti (1404 - 1472). The period to the XVII-th century middle is already sated by works on cryptography and криптоанализу. Intrigues around шифрограмм in Europe that time are surprisingly interesting. Alas, limited to magazine possibilities, we will choose only one known surname from school - François Viet (1540 - 1603) which at court of the king of France Henry IV so successfully was engaged криптоанализом (then yet not carrying this proud name) that the Spanish king Phillip II complained to the Pope of application by Frenchmen of black magic. But all has done without bloodshed - at court of the Daddy at this time advisers from family Ardzhenti which we would name today криптоаналитиками already served.
  It is possible to assert that throughout centuries decoding of cryptogrammes is helped by the frequency analysis of occurrence of separate symbols and their combinations. Probabilities of occurrence of separate letters in the text it is strongly separated (for Russian, for example, the letter "about" appears in 45 times more often letters "ф"). It, on the one hand, forms a basis both for disclosing of keys, and for the analysis of algorithms of enciphering, and with another - is at the bottom of considerable redundancy (in information sense) the text in a natural language. Any simple substitution does not allow to hide frequency of occurrence of a symbol - as sewed from a bag the symbols corresponding to letters "about", "е", "and", "and", "т", "н" stick out in the Russian text. But the theory of the information and a redundancy measure are not created yet, and for struggle against the enemy криптографа - the frequency analysis - RANDOMIZATION is offered. Its author Charles Fridrih Gauss (1777 - 1855) wrongly believed that has created not opened code number.
  The following appreciable person in the history of cryptology which we should not pass, - Dutch Ogjust Kerkhoff (1835 - 1903). It posesses remarkable "a rule of Kerkhoffa": firmness of the code number should be defined ONLY by privacy of a key. Considering time when this rule has been formulated, it is possible to recognise it as the greatest opening (before creation of the regular theory even more half a century!). This rule believes that the ALGORITHM of enciphering is not CONFIDENTIAL so, it is possible to conduct open discussion of merits and demerits of algorithm. Thus, this rule translates works on cryptology in the category of the OPEN scientific works supposing discussions, publications, etc.

The XX-th century - from intuition to a science

Last name which we name in донаучной cryptology, - the engineer AT&T Zhilber Vernam (G.S. Vernam). In 1926 he has offered really not opened code number. The idea of the code number consists in that in the equation (1) for each following symbol to choose new value z. In other words, the confidential key should be used only once. If such key gets out in a random way, how it has been strictly proved by Shennonom in 23 years, the code number is not opened. This code number is a theoretical substantiation for use so-called "шифроблокнотов" which wide application has begun in days of the Second World War. Шифроблокнот contains set of keys of the unitary use consistently chosen at enciphering of messages. The offer of Vernama, however, does not solve a problem of confidential communication: instead of a way of transfer of the confidential message now it is necessary to find a way of transfer of the confidential key EQUAL to it ON LENGTH, i.e. Containing as much symbols, how many is available in a clear text.
In 1949 Claude Shennona's article "the communication Theory in confidential systems" has begun scientific cryptology. Шеннон has shown that for some "the casual code number" quantity of signs шифротекста, having received which криптоаналитик at unlimited resources can restore a key (and to open the code number),

H (Z) / (rlog N), (2)

Where H (Z) - entropy of a key, r - redundancy of a clear text, and N - alphabet volume. By efficiency from which archivers compress text files, us well-known as redundancy of the usual text - after all their work is great and consists in redundancy decrease (and only on most easily its eliminated part). At redundancy
The usual text of an order 0,75 and use of a 56-bit key (such as assumes DES), there are enough 11 symbols шифротекста for key restoration at unlimited resources криптоаналитика.
Strictly speaking, the parity (2) is not proved for any code number, but is true for known special cases. From (2) the remarkable conclusion follows: work криптоаналитика can be complicated not only perfection криптосистемы, but also decrease in redundancy of a clear text. Moreover, if redundancy of a clear text to lower to zero even the short key will give the code number which криптоаналитик cannot open.

Before enciphering should subject the information statistical coding (to compression, archiving). The volume of the information and its redundancy Thus will decrease, entropy (the average quantity of the information having on one symbol) will raise. As in the compressed text there will be no repeating letters and words, decoding (криптоанализ) will be at a loss.

1. Symmetric (with a confidential, uniform key, one-key, single-key).
1.1. Потоковые (data flow enciphering):

1.2. Block (enciphering of the data поблочно):
1.2.1. Shift code numbers (permutation, P-blocks);
1.2.2. Replacement code numbers (substitutions, substitution, S-blocks):

Besides, there is a division of algorithms of enciphering into actually code numbers (ciphers) and codes (codes). Code numbers work with separate bits, letters, symbols. Codes operate with linguistic elements (syllables, words, phrases).

Symmetric algorithms of enciphering (or cryptography with confidential keys) are based that the sender and the addressee of the information use the same key. This key should be kept secret and be transferred by the way excluding its interception.
Information interchange is carried out in 3 stages:

If for each day and for each communication session the unique key is used, it will raise security of system.

   In потоковых code numbers, i.e. At the data flow enciphering, each bit of the initial information is ciphered irrespective of others with the help гаммирования.
   Гаммирование - imposing on the open given scales of the code number (casual or pseudo-casual sequence of units and zero) by a certain rule. It is usually used "excluding OR", named also by addition on the module 2 and realised in ассемблерных programs command XOR. For deciphering the same scale is imposed on the ciphered data.
   At unitary use of casual scale of the identical size with the ciphered data code breaking is impossible (so-called криптосистемы with a disposable or infinite key). In this case "infinite" means that the scale does not repeat.
   In some потоковых code numbers the key is shorter than the message. So, in system Vernama for telegraph the paper ring containing scale is used. Certainly, firmness of such code number is not ideal.
   It is clear that the exchange of keys in size with the ciphered information not always is pertinent. Therefore use the scale received by means of the generator of pseudo-random numbers (ПСЧ) is more often. In this case a key - generating number (initial value, an initialization vector, initializing value, IV) for generator PSCH start. Each generator PSCH has the period after which the generated sequence repeats. It is obvious that the period of pseudo-casual scale should exceed length of the ciphered information.
   Generator PSCH is considered correct if supervision of fragments of its exit does not allow to restore the passed parts or all sequence at known algorithm, but unknown initial value [4, c. 63].
   At generator PSCH use some variants [4, c are possible. 126 - 128]:

1. Bit-by-bit enciphering of the data flow. The digital key is used as initial value of generator PSCH, and the target stream of bits is summarised on the module 2 with the initial information. In such systems there is no property of distribution of errors.
2. Bit-by-bit enciphering of the data flow with a feedback (OS) on шифртексту. Such system is similar previous except that шифртекст comes back as parametre in generator PSCH. Property of distribution of errors is characteristic. The area of distribution of an error depends on generator PSCH structure.
3. Bit-by-bit enciphering of the data flow from OS under the initial text. Base of generator PSCH is the initial information. Property of unlimited distribution of an error is characteristic.
4. Bit-by-bit enciphering of the data flow from OS on шифртексту and under the initial text.

At block enciphering the information breaks into blocks of the fixed length and is ciphered поблочно. Block code numbers happen two principal views:

Code numbers of shifts rearrange elements of the open data (a bat, the letter, symbols) in some new order. Distinguish code numbers of horizontal, vertical, double shift, a lattice, labyrinths, slogan, etc.
Replacement code numbers replace elements of the open data with other elements by a certain rule. Paзличают code numbers of simple, difficult, pair replacement, bukvenno-syllabic enciphering and code numbers of columned replacement. Replacement code numbers share on two groups:

   In monoalphabetic code numbers of replacement the letter of the initial text is replaced with other, in advance certain letter. For example in Caesar's code the letter is replaced with the letter, отстоящую from it in the Latin alphabet on some number of positions. It is obvious that such code number is cracked absolutely simply. It is necessary to count up, as often there are letters in the ciphered text, and to compare result with frequency of occurrence of letters known for everyone language.
   In polyalphabetic substitutions for replacement of some symbol of the initial message in each case of its occurrence various symbols from some set are consistently used. It is clear that this set is not infinite, through any quantity of symbols it needs to be used again. In it weakness of purely polyalphabetic code numbers.
   In modern cryptographic systems, as a rule, use both ways of enciphering (replacements and shifts). Such шифратор name compound (product cipher). Oн more proof, than шифратор, using only replacements or shifts.
   Block enciphering can be carried out doubly [4, c.129-130]:

1. Without a feedback (OS). Some bits (block) of the initial text are ciphered simultaneously, and each bit of the initial text influences each bit шифртекста. However mutual influence of blocks is not present, that is two identical blocks of the initial text will be presented identical шифртекстом. Therefore similar algorithms can be used only for enciphering of casual sequence of bits (for example, keys). Examples are DES in mode ECB and GOST 28147-89 in a mode of simple replacement.

2. With a feedback. Usually OS will be organised so: previous шифрованный the block develops on the module 2 with the current block. As the first block in OS chain initializing value is used. The error in one bit influences two blocks - erroneous and following for it. An example - DES in mode CBC.

1. Block enciphering of the data flow. Enciphering of consecutive blocks (substitution and shift) depends on generator PSCH operated a key.

2. Block enciphering of the data flow from OS. Generator PSCH copes шифрованным or the initial text or both together.

The federal standard of USA DES (Data Encryption Standard) [1, 5] on which the international standard ISO 8372-87 is based is rather extended. DES has been supported by the American national institute of standards (American National Standards Institute, ANSI) and it is recommended for application by the American association of banks (American Bankers Association, ABA). DES provides 4 operating modes:

   GOST 28147-89 - the domestic standard on enciphering of the data [8]. The standard includes three algorithms зашифровывания (deciphering) of the data: a mode of simple replacement, a mode гаммирования, a mode гаммирования with a feedback - and a development mode имитовставки.
   With the help имитовставки it is possible to fix casual or deliberate updating of the ciphered information. To develop имитовставку it is possible or before зашифровыванием (after deciphering) all message, or simultaneously with зашифровыванием (deciphering) on blocks. Thus the information block is ciphered by first sixteen cycles in a mode of simple replacement, then develops on the module 2 with the second block, the result of summation is ciphered again by first sixteen cycles etc.
    Algorithms of enciphering of GOST 28147-89 possess advantages of other algorithms for symmetric systems and surpass their possibilities. So, GOST 28147-89 (a 256-bit key, 32 cycles of enciphering) in comparison with such algorithms as DES (a 56-bit key, 16 cycles of enciphering) and FEAL-1 (the 64-bit key, 4 cycles of enciphering) possesses higher криптостойкостью at the expense of longer key and большего numbers of cycles of enciphering.
   It is necessary to notice that unlike DES, at GOST 28147-89 block of substitution can be changed any way, that is it is an additional 512-bit key.
    Algorithms гаммирования 28147-89 (a 256-bit key, the 512-bit block of substitutions, a 64-bit vector of initialization) surpass GOST on криптостойкости and algorithm B-Crypt (a 56-bit key, a 64-bit vector of initialization).
   Advantages of GOST 28147-89 are also presence of protection against imposing of the false data (development имитовставки) and an identical cycle of enciphering in all four algorithms STATE THAT.
   Block algorithms can be used and for scale development. In this case the scale is developed by blocks and поблочно develops on the module 2 with the initial text. As an example it is possible to name B-Crypt, DES in modes CFB and OFB, GOST 28147-89 in modes гаммирования and гаммирования c a feedback.

In asymmetric algorithms of enciphering (or cryptography with an open key) for зашифровывания information use one key (opened), and for deciphering - another (confidential). These keys are various and cannot be received one of another.
The information interchange scheme is that:

It is protected by the patent of USA N 4405829. It is developed in 1977 in the Massachusetsky institute of technology (USA). Has received the name under the first letters of surnames of authors (Rivest, Shamir, Adleman). Криптостойкость it is based on computing complexity of a problem of decomposition of a great number on simple multipliers.

It is developed in 1985. It is named on a surname of the author - the Ale-gamal. It is used in the standard of the USA for digital signature DSS (Digital Signature Standard). Криптостойкость it is based on computing complexity of a problem логарифмирования integers in final fields.

   In asymmetric systems it is necessary to apply long keys (512 bits and more). The long key sharply increases enciphering time. Besides, generation of keys is rather long. But to distribute keys it is possible on not protected channels.
   In symmetric algorithms use shorter keys, i.e. Enciphering occurs faster. But in such systems difficult distribution of keys.
   Therefore at designing of the protected system often apply both cимметричные, and аcимметричные algorithms. As the system with open keys allows to distribute keys and in symmetric systems, it is possible to unite asymmetric and symmetric algorithms of enciphering in system of transfer of the protected information. By means of the first to dispatch the keys, the second - actually to cipher the handed over information [4, c. 53].
   Information interchange can be carried out as follows:

It is necessary to notice that in the governmental and military communication systems use only symmetric algorithms as there is no strictly mathematical substantiation of firmness of systems with open keys as also the return, however, is not proved.

1. Confidentiality (privacy) - the malefactor should not have possibility to learn the maintenance of the transferred message.

Enciphering can provide confidentiality, and in some systems and integrity.
Integrity of the message is checked by calculation of control function (check function) from the message - a certain number of small length. This control function should change with high probability even at small changes of the message (removal, inclusion, shifts or information reordering). Name and calculate control function differently:

   At calculation of control function any algorithm of enciphering can be used. Enciphering of the most control sum is possible.
   The digital signature (digital addition to the transferred information, guaranteeing integrity of last and allowing to check up its authorship) is widely applied. Models of the digital signature (digital signature) on the basis of algorithms of symmetric enciphering are known, but at use of systems with open keys the digital signature is carried out more conveniently.
   For use of algorithm RSA the message should be compressed function хеширования (algorithm MD5 - Message Digest Algorithm) to 256-bit хеша (H). The signature of message S is calculated as follows:

The signature is sent together with the message.
Identification process consists in reception of hesh-function of the message (H ') and comparison with

ISO - the International organisation on standardization/mos/,
ITU - the International union of telecommunication/MSE/.

   Algorithms of enciphering are realised program or hardware. There is a great variety of purely program realisations of various algorithms. Because of the cheapness (некoторые also are at all free), and also the increasing speed of processors PEVM, simplicity of work and non-failure operation they are rather competitive. Program Diskreet from package Norton Utilities, realising DES is widely known.
   It is necessary to mention package PGP (Pretty Good Privacy, version 2.1, author Philip Zimmermann) in which almost all problems of protection of the transferred information are in a complex solved. Are applied compression of the data before enciphering, powerful management of the keys, symmetric (IDEA) and asymmetric (RSA) algorithms of enciphering, calculation of control function to the digital signature, reliable generation of keys.
   Publications of magazine "Monitor" with detailed descriptions of various algorithms and corresponding listings give the chance to everyone wishing to write the program (or to take advantage of ready listing).
   Hardware realisation of algorithms is possible by means of specialised microcircuits (crystals are made for algorithms DH, RSA, DES, Skipjack, GOST 28147-89) or with use of multipurpose components (in view of cheapness and high speed digital alarm processors - ЦСП, Digital Signal Processor are perspective, DSP).
   Among the Russian workings out it is necessary to note payments "Kripton" (firm "Анкад") [2] and "Make-up" (methodology and algorithms of firm "LAN-KRIPTO", technical working out НПЦ "ЭЛиПС") [7].
    "Криптон" - the one-paid devices using криптопроцессоры (specialised 32-bit microcomputers which also are called "blooming"). Bloomings it is hardware realise algorithms of GOST 28147-89, they consist of the calculator and the RAM for storage of keys. And in криптопроцессоре there are three areas for storage of keys that allows to build multilevel key systems.
   For большей reliability of enciphering two simultaneously work криптопроцессора, and the block of the data in 64 bits is considered correctly ciphered, only if the information on an exit of both bloomings coincides. Speed of enciphering - 250 КБ/c.
   Except two bloomings on a payment are located:

   In devices "Kripton-EC", "Kripton-3", keys are stored by "Kripton-4" in a file kind on a diskette. Keys are in "Kripton-Ik" on ИК that complicates a fake and copying.
   In a payment "Make-up" digital alarm processors of firm Analog Devices ADSP-2105 and ADSP-2101 are used that gives speed of enciphering accordingly 125 and 210 КБ/c. On a payment is physical ДСЧ and ROM with programs of the initial test, check of access rights, loading and generation of keys. Keys are stored on is non-standard formatted to a diskette. The payment realises algorithms of GOST 28147-89 and the digital signature.
   For protection of the information transferred on communication channels, devices of channel enciphering which are produced in the form of the interface card or the independent module serve. Speed of enciphering of various models from 9600 bits per second to 35 Mbit/c.
   In summary we will notice that information enciphering is not panacea. It should be considered only as one of methods of protection of the information and to apply necessarily in a combination to legislative, organizational and other measures.

Cryptology with an open key

Boris Obolikshto

  It would seem, the push given by Shennonom, should cause a collapse of results in scientific cryptology. But it has not occurred. Only rapid development of telecommunications, remote access to the COMPUTER at imperfection existing криптосистем with a confidential key has caused to a life following and, perhaps, most interesting stage of cryptology, readout to which conduct from article which have appeared in November, 1976 Uitfilda Diffi and Marti E. Хеллмана "New directions in cryptography". U.Diffi dates reception of the results published in November, 1976 by May of the same year; thus, we have an occasion since May till November to celebrate TWENTY YEARS' ANNIVERSARY of cryptology with an open key.
  One of problems which remained not resolved in traditional cryptography, - distribution of confidential keys. The idea to transfer "a confidential" key on the open channel seems at first sight mad but if, having refused perfect privacy, to be limited to practical firmness it is possible to think up a way of an exchange of keys.
  It has appeared the first of the ways which have gained distribution экспоненциальный a key exchange. Its essence in the following:
- Алиса and the Bean (attraction as the parties not abstract "And" and, and nice Alisy and the Bean, became tradition in this area of cryptology) choose random numbers Хa and Хb accordingly.
- Алиса transfers to Bean Y_a =a^Xa (mod q), and Bob Alise - Yb =a^Xb (mod q).
  Here a - a so-called primitive element of a final field of Galua GF (q), remarkable for us which property consists that its degrees give all nonzero values of elements of a field. As a confidential key value is used

Ya =a^XaXb (mod q),

Which Alisa receives erection of the number transferred by the Bean in degree Xa known only to it, and the Bean - the number received from Alisy in degree Хb known only to it. Криптоаналитик it is compelled to calculate the logarithm at least one of transferred numbers.
  Stability экспоненциального a key exchange is based on so-called односторонности exponentiation functions: computing complexity of reception Ya from Xa at q in the length of 1000 bits - an order 2000 умножений 1000 bit numbers while return operation will demand approximately 1030 operations. The UNILATERAL functions possessing similar asymmetry of computing complexity of a direct and return problem, play the leading part in cryptography with an open key.
  Unilateral function with a secret passage ("opening") is even more interesting. The idea consists in constructing function, to turn which it is possible only knowing some "opening" - a confidential key. Then function parametres serve as the open key, which Alisa can transfer on not protected channel to the Bean; the Bean, using the received open key, carries out enciphering (calculation of direct function) and transfers on the same channel result of Alise; Алиса, knowing "opening" (a confidential key), easily calculates inverse function whereas криптоаналитик, without knowing a confidential key, it is doomed to the decision much more more a challenge.
  In 1976 R.Merklju (R.C was possible to construct such function. Merkle) on the basis of a problem about satchel packing. An in itself problem - unilateral: knowing a subset of the cargoes laid in a satchel, it is easy to count up total weight, but knowing weight, uneasy to define a subset of cargoes. In our case the one-dimensional variant of a problem was used: a vector of cargoes and the sum of its components подвекторов. Having built in "opening", it was possible to receive so-called ранцевую system Merklja-Helmana. The first криптосистема with an open key has earned, and Merkl has offered $100 to the one who can open it.
   The award has got to A.Shamir (Adi Shamir) six years later after the publication to them in March, 1982 of the message on disclosing ранцевой systems Merklja-Helmana with one iteration. At conference Crypto ' 82 L.Adlman (L. Adleman) has shown on computer Apple II disclosing ранцевой systems. We will notice that Shamir has not constructed a way of the reference of a problem - receptions of value of a confidential key, he has managed to construct a key not necessarily equal confidential, but allowing to open the code number. In it one of the greatest dangers to cryptography with an open key is concealed: there is strict proof односторонности no used algorithms, i.e. Nobody is guaranteed against possibility of a finding of a way of decoding, possibly, and not demanding decision of the return problem which high complexity allows to hope for practical firmness of the code number. It is good, if disclosing of this or that system will be spent by the scientist with a world name (in 1982 And. Shamir was already known as one of authors of system RSA). And if it is possible to the unambitious hacker?
  In conclusion of a drama about ранцевой to system we will mention one bet, which Merkl has concluded with interested persons to open advanced system with many iterations for the sum of $1000. And this sum should be paid. It was received by E.Brikell, having opened summer of 1984 system with forty iterations and with hundred parcels for business hour Cray-1.
  The destiny of system RSA named so under the first letters of surnames of its authors of R.Rivesta (Ronald Rivest) and already familiar to us of A.Shamir and L.Adlmana is much more successful for today. By the way, to the first regular statement of algorithm RSA are obliged by the birth of Alisa and the Bean. With their "help" authors in 1977 have described system on the basis of unilateral properties of function of decomposition on simple multipliers (to multiply simply and to decompose - is not present).


*E.Spafford*	*B.Doul*	*S.Lodin*

      Development of cryptology with an open key has allowed криптологическим to systems to find quickly enough wide commercial application. But the heavy use of cryptography does not do without "overlays". From time to time we learn about troubles in this or that system of protection. System Kerberos breaking became last incident which has made a noise in the world. This system developed in the mid-eighties, is popular enough in the world, and its breaking has caused considerable anxiety of users.
  In a case with Kerberos trouble consisted not in algorithm of enciphering, and in a way of reception of random numbers, i.e. In a method of realisation of algorithm. When in October of last year news about miscalculations in system of generation of random numbers in software products Netscape which has been found out by students of university of Berkeley has come, Stephen Lodin has found out similar trouble in Kerberos. Together with Bryan Doulom he has managed to find a gap and in system Kerberos. Characters of this history - not laymans. Graduates of university Purdue (State of Illinois) co-operated with laboratory COAST (Computer Operations, Audit, and Security Technology), computer safety professionally prosecuted by subjects and руководимой prof. Spaffordom, who is also founder PCERT (Purdue Computer Emergency Response Team) - university group "fast reaction" on computer states of emergency. PCERT, in turn, a member of similar international organisation FIRST (Forum of Incident Response Teams). As we see, the mine was found by sappers, and it inspires hope that users криптосистем do not remain defenceless even in case of revealing of defects.
  The maintenance of the first reference to the press (from February, 16th, 1996) which on behalf of pioneers has made prof. Spafford is characteristic. In it, along with the information on unreliability of system of passwords and possibilities of its breaking within five minutes, it is told about a delay of the further distribution of the technical information until developers will not introduce corrective amendments interfering unapproved access.
  Have not bypassed errors and our Penates. Fortunately, there are in our corner of the world the professionals capable in due time to find and show weak places of system of protection. Even a month has not passed since experts of Kiev Open Company "õ¿¡ÔÓ«¡¿¬" of P.V.Leskovym and V.V. Tatjaninym show lacks of one of popular bank systems of protection: opening time шифротекстов has made less than 6 minutes, and time necessary for uncontrollable infringement of integrity of the document (system detour аутентификации), - less than 5 minutes. Here again to us, the reader, also it is necessary to wait, while developers will make necessary changes. And then we can tell more in detail about that as well as that has been made.

1. Water Lazsky V.Kommercheskie enciphering systems: the basic algorithms and their realisation. A part 1.//the Monitor. - 1992. - N 6-7. - c. 14 - 19.

2. Игнатенко JU.I.as to make so that?.//the personal computer World. - 1994. - N 8. - c. 52 - 54.

3. Kovalevsky В, Maxims V.Kriptograficheskie methods.//the Computerpress. - 1993. - N 5. - c. 31 - 34.

4. Мафтик S.Mehanizmy of protection in COMPUTER networks. - М: the World, 1993.

5. Spesivtsev A.V., Vegner V. A, Krutjakov A.J., etc. information Protection in personal COMPUTERS. - M.: radio and communication, 1992.

6. Сяо Д, Kerr Д, Mednik S.Zashchita of the COMPUTER. - М: the World, 1982.

8. GOST 28147-89. Systems of processing of the information. Protection cryptographic. Algorithm of cryptographic transformation.