Mr RB
Well-Known Member
Ok, I still have some morning coffee left so I write a scenario how I could decrypt any message without the dongle. I make some assumptions that I hope are correct.
This is the key information that I base this scenario to:
Assumptions:
- I know how the PC software works.
- The USB dongle is a black box to me.
- The (PC-side) PRNG creates x Kb of random data for every 32 bit checksum it receives from the dongle.
- This x Kb of random data is used to encrypt x Kb plaintext "on the fly".
- I know your password.
1) I initialize the PC-side PRNG with your password.
2) I take first x Kb of the ciphertext and brute force it. All I have to do is to iterate through 2^32 possible checksum inputs to the PC-side PRNG.
3) After this the PC-side PRNG should be in correct state for me to brute force the next x Kb of the chiphertext.
...
Ok, there is an important point missing. The PC PRNG is a cumulative process. The PC has a circular cache of 1million random bits, but these bits are not know to you. Those million bits are the result of numerous back/forth cycles between the PC and PIC, and each time a checksum is scrambled INTO the EXISTING million bit cache.
No encrypting is done until there have been at least X cycles between both the RNGs, with many checksums.
So the "random" content of the million bit cache is totally dependent on ALL previous processes, all checksums, typed passwords and PIC internal key etc.
Then each cycle (with 2 checksums) that million bit cache spits out 1000 bits etc which are used as the data key to encrypt the file. So with those 1000 bits chosen randomly from 1 million bits you can't guess the contents of the million bits.
TO WTP Pepper; I don't have problem with you wanting to use 128bit AES on a micro to do your encrypting, although it's not really relevant to trying to find security flaws with my proposed system.