Cryptography-Digest Digest #483, Volume #9 Thu, 29 Apr 99 22:13:02 EDT
Contents:
Re: Factoring breakthrough? (John Savard)
NEC breakbrough in Quantum computing (Stanley Chow)
Re: Arab Terrorists Must Bomb Moscow & Belgrade KKKommunists ("Lewis Sellers")
Re: Double Encryption is Patented! (from talk.politics.crypto) (Peter Gutmann)
Re: Weakness Found in Alternative Signature Format (Jim Gillogly)
Re: Factoring breakthrough? (John Savard)
Re: Factoring breakthrough? ("Michael Scott")
Re: observation on superencryption ([EMAIL PROTECTED])
Re: break this code (Jim Gillogly)
Re: Weakness Found in Alternative Signature Format ([EMAIL PROTECTED])
Re: Common Passowrds (Nathan Christiansen)
Free Steganographic program ([EMAIL PROTECTED])
Re: Random Number Generator announced by Intel ("Trevor Jackson, III")
Re: Weakness Found in Alternative Signature Format (David A Molnar)
Re: Common Passowrds (Boris Kazak)
Advanced Workshop: USENIX Smartcard Technology, May 10-11, Chicago (Jennifer Radtke)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Factoring breakthrough?
Date: Thu, 29 Apr 1999 20:33:37 GMT
lcs Mixmaster Remailer <[EMAIL PROTECTED]> wrote, in part:
>Rumor has it Adi Shamir will announce factoring breakthrough soon.
>Increasing efficiency by orders of magnitude and breaking keys 100-200
>bits longer than current state of the art.
>Anybody confirm/deny?
I can't help you, I haven't even heard the rumour. If there *is* any truth
to the rumour, we hope that its reaching more ears won't lead to Dr. Shamir
either disappearing or being pressured...
although the spooks in this area are actually sophisticated enough to know
the futility of such things.
Maybe the rumor will protect him, since it will start people using longer
keys or something (and if something happened to him, more so) and losing
the ability to break RSA, not having it become insecure (since they don't
use it much) would worry the "spooks" - even, say of less enlightened
countries than the much-unjustly-maligned U.S..
Of course, most rumors turn out to be some bored fellow's idea of a joke...
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
Date: Thu, 29 Apr 1999 12:40:11 -0400
From: Stanley Chow <[EMAIL PROTECTED]>
Subject: NEC breakbrough in Quantum computing
According to The Register:
http://www.theregister.co.uk/990429-000016.html
NEC has some new QuBit scheme on semiconductor (with buzzword: Cooper
pair
box, super conducting electrode, Josephson Junction2).
Anyone know any details?
--
Stanley Chow phone: (613) 271-9446 Fax: (613) 271-9447
VP Engineering email: [EMAIL PROTECTED]
Fallingbrook Technologies Inc.
------------------------------
From: "Lewis Sellers" <[EMAIL PROTECTED]>
Crossposted-To: sci.med.transcription,sci.space.policy,sci.electronics.repair
Subject: Re: Arab Terrorists Must Bomb Moscow & Belgrade KKKommunists
Date: Thu, 29 Apr 1999 21:03:58 GMT
[EMAIL PROTECTED] wrote in message
<7f0i68$s4m$[EMAIL PROTECTED]>...
>Why aren't the wimpy Syrian, Iraqi, Libyan, Afghani, etc., pussy terrorist
>dogs bombing Moscow and Belgrade???!!! Where are the oil-rich,
>Rolls-Royce-riding Arab Muslims from Kuwait, Saudi Arabia after American
and
>other NATO soldiers died saving their greedy asses???!!!
>
>It's obvious that the KKKommunist-Nazis in Russia and Serbia are the real
>Great Satans killing, raping, and pillaging Albanian Muslims, but where is
>the shock and outrage from the Arab Muslims???!!!
Actually the serb leaders are Marxists, not Communists.
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: Double Encryption is Patented! (from talk.politics.crypto)
Date: 29 Apr 1999 20:45:58 GMT
[EMAIL PROTECTED] (John Savard) writes:
>[EMAIL PROTECTED] (John Savard) wrote, in part:
>>[EMAIL PROTECTED] (John Savard) wrote, in part:
>>>Oh, my. This patent sounds like it covers a technique I was planning to
>>>use, although, as someone else noted, it isn't double encryption.
>>I should have mentioned that it's U.S. patent 5673319, and it's from 1997.
>But it was filed in February 1995, so my first posting of what may be a
>similar idea on September 11, 1996 won't cause the patent any problems. Ah,
>if only I had gotten on the Internet sooner...
Actually there's prior art from 1993, this is the no-IV encryption I used for
disk sector encryption in SFS, http://www.cs.auckland.ac.nz/~pgut001/sfs/.
The method was designed by Colin Plumb, for speed reasons it doesn't use two
passes of CBC but one pass of an SHA-1 style scrambler which produces a 160-
bit plaintext-dependant IV, and a second pass which does the actual
encryption. IANAL, and my eyes were starting to hurt reading that scanned
text, but apart from the use of a (slow) MAC vs a (fast) simple checksum,
the two techniques appear pretty much identical.
Peter.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.misc,comp.security.pgp.discuss
Subject: Re: Weakness Found in Alternative Signature Format
Date: Thu, 29 Apr 1999 15:09:41 -0700
I wrote:
>
> Sal quoted Crowell, DD of NSA from 1997:
> > ... 12 million times the age of the universe, on average,
> > to break a single [PGP] message.
> >
> > Should we believe it?
>
> Close enough. Assuming the universe is 13 billion years old, I
> make it about 3 million times the age of the universe on average,
> figuring 500,000 keys/sec (from today's distributed.net RC5 project
> cores). A factor of four difference corresponds well enough to the
> Moore's Law increase between then and now.
Now that I think about it, invoking Moore's Law to help out raises
another issue. The SKIPJACK report assumed Moore's Law would continue
indefinitely, which is why they estimated about a 30-year lifetime
before its 80-bit keyspace would be brute-forceable with reasonable
effort.
If we also assume Moore's Law will hold, we can go another bit deeper
every eighteen months based solely on increased CPU horsepower, or two
bits in three years. Since 56-bit encryption is crackable in about
two days on average for $0.25M, a similar expenditure would buy a
128-bit crack in about a century. Naturally we can't assume it will
hold up past where we see physical laws kicking in, but it's held up
a lot longer than it seemed like it would a decade ago.
--
Jim Gillogly
8 Thrimidge S.R. 1999, 22:01
12.19.6.2.13, 9 Ben 1 Uo, Eighth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Factoring breakthrough?
Date: Thu, 29 Apr 1999 22:37:20 GMT
[EMAIL PROTECTED] (DJohn37050) wrote, in part:
>I confirmed with Bob Silverman that there is something behind the rumor.
>Details will be forthcoming.
While I am not disposed to trust rumors, I'll have to admit I'm not *too*
surprised. I was half expecting something like this to happen someday.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Factoring breakthrough?
Date: Fri, 30 Apr 1999 00:37:40 +0100
Its tempting to speculate.....
I wonder has Shamir come up with a way of generating small quadratic
residues. If n is the number to be factored, and if there was some way of
finding numbers y=x^2 mod n which are much smaller than n, then factoring
would get a lot easier.
The quadraic sieve algorithm is successful becuase it can find such numbers
which are just a little bigger than the square root of n. If there was a
quick way to, say, find such values y that were about the size of the cube
root of n, that is with 1/3 the number of bits as n, then factoring would
immediately become a lot easier.
Mike Scott
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: observation on superencryption
Date: Thu, 29 Apr 1999 21:24:42 GMT
greg hampton <[EMAIL PROTECTED]> wrote:
> In a multi-round cipher like des, blowfish and others, consider one
> round as a standalone 'baby' cipher algorithm. Then the full algorithms
> (above) effectively become a super-encryption of the data (like
> encrypting a file 16 times with a weak algorithm)(minus any final
> transform, of course). Since one round of these algorithms can be
> cracked, and 16 cannot, does this mean a weak algorithm can be made
> strong by super-encrypting(assuming no groups)?
If we're looking at ciphers that don't expand the text, eventually
we _must_ get a group. Each of the baby-ciphers gives us some set
of permutations, and the permissions we can form by superencryption
is the transitive closure of that set. Any closed set of
permutations (of the same number of elements) forms a group.
Some fairly simple round structures are sufficient to generate the
symmetric group (the set of all permutations) or the alternating
group (the set of all even permutations, which is half the size of
the symmetric group). I think it was Don Coppersmith who showed
that DES rounds can generate the alternating group. (Each DES
round is an even permutation, so they can never generate odd
permutations.) That means for any of the (2^64)! / 2 possible
even permutations on 64-bit blocks, there is some sequence of
48-bit round keys such that the concatenation of DES rounds using
these keys generates that permutation.
This means that many weak algorithms can be made strong by
superencryption, since superencryption can generate half or all
the possible transforms. On the other hand there certainly exist
bad round structures that generate much smaller groups. Also it
doesn't tell us how many rounds and subkeys we might need before
the cipher is secure - the number could be intractably large.
--Bryan
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: break this code
Date: Wed, 28 Apr 1999 18:23:33 -0700
Jerry Coffin wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
> > I am a student at Purdue University, and as a course project, I
> > created my own encryption/decryption program. I was wondering
> > if anyone would be willing to help me out with a little research.
> >
> > The above passage is encrypted to the following:
> >
> > S&i{,q$}z}rq~x*g|.\'vn{m.a~m"kz#u&}6&i|p0e}&i.o!y|ym.|$stkk$80M*
> > izsm&in&u),!{x&m|o$}zzq}z?hoiz)|&myt(~~!k|gu<,Y$#g{.%!rnkzwzw
> > mp&i|'!ro&!}#|h*hm.%ypvovu,&s*nmz|0qo&w%"0{szp.m0psz|zq0voymo~sl8
>
> Assuming your encryption algorithm is anywhere even _close_ to secure,
> this is _far_ too little text to use to break it. Just for the sake
> of reference, to do differential cryptanalysis or linear cryptanalysis
> on even a _reasonably_ secure algorithm, you're typically looking at
> collecting a minimum of several megabytes of encrypted data from known
> plaintext.
As I said earlier in the thread, I broke the cipher with only the
information he gave within hours of when it was posted. It's
a period 7 polyalphabetic using direct plaintext and ciphertext
alphabets. If you remove the newlines, a phi test on the columns
makes the period obvious. The known plaintext given above is
enough to recover the important parts of the alphabets in use.
Doing the same phi test on the second ciphertext shows that it
is also period 7, but with a different key. However, doing a
frequency count on the columns shows where the space is in at
least five of them, which unambiguously places the offset of
the alphabets there. The rest is simply filling in the remaining
text.
The plaintext is a message from his professor starting "You must
have noticed from the grades posted on my office door..."
--
Jim Gillogly
8 Thrimidge S.R. 1999, 01:16
12.19.6.2.13, 9 Ben 1 Uo, Eighth Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.misc,comp.security.pgp.discuss
Subject: Re: Weakness Found in Alternative Signature Format
Date: Thu, 29 Apr 1999 23:19:29 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
> The note says that ISO 9796-2, which is the standard affected, does not
> include a hash function. Rather, the message is padded with something or
> other and then signed directly(1). If I'm not mistaken, PGP hashes the
> message before signing it, so the two formats are different. Therefore
> it may not apply, especially if the attack uses some special property
> of the signed text which may not survive a hash function.
No, ISO 9796-2 does include a hash function, and the note says
so. Messages may consist of mostly user controlled bits.
Starting at the most significant end, there are two fixed bits
"01", then many bits a user can control, then a hash digest,
and finally one or two fixed bytes.
--Bryan
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Nathan Christiansen <[EMAIL PROTECTED]>
Subject: Re: Common Passowrds
Date: Thu, 29 Apr 1999 18:15:49 -0600
This is a multi-part message in MIME format.
==============A35A28831F443CA9D2E6B004
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Nathan Kennedy wrote:
>
> Nathan Christiansen wrote:
> >
> > Where do you get a copy of the RC4 encryption algorithm?
>
> You look for it.
Thanks for the sarcasm, what I was looking for was help.
> For one thing, it's defined in an RFC, referred to as ARCFOUR.
I searched various different sites including the RFC search engine at
http://www.pasteur.fr/other/computer/RFC/ and there is only one RFC that was indexed
with a
reference to ARCFOUR, and that is RFC #2470 which states changes to the document
included
changing couple of references from ARCFOUR to RC4. (i.e. not a description of the
algorithm.)
Thanks for the pointer to look in the RFC archive, however. Searching for RC4 led me
to three
RFC documents, one of which contained the following quote.
>From the RFC #2243:
[6] RC4 is a proprietary encryption algorithm available under license
from RSA Data Security Inc. For licensing information, contact:
RSA Data Security, Inc.
100 Marine Parkway
Redwood City, CA 94065-1031
One of the other documents found through another RFC site described RC4 with a 40-bit
key as
a proprietary very weak encryption algorithm, however, it did not say that it was
"broken".
--
Nathan Christiansen
Multimedia Programmer
HTML/Java Group
Courseware
Allen Communication
==============A35A28831F443CA9D2E6B004
Content-Type: text/x-vcard; charset=us-ascii;
name="nathanc.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Nathan Christiansen
Content-Disposition: attachment;
filename="nathanc.vcf"
begin:vcard
n:Christiansen;Nathan
x-mozilla-html:FALSE
org:Allen Communication
version:2.1
email;internet:[EMAIL PROTECTED]
title:Multimedia Programmer
x-mozilla-cpt:;0
fn:Nathan Christiansen
end:vcard
==============A35A28831F443CA9D2E6B004==
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.privacy,fido7.crypt,talk.politics.crypto,alt.privacy.anon-server
Subject: Free Steganographic program
Date: Fri, 30 Apr 1999 00:16:30 GMT
Free 32 bit program
Hide your encrypted data's in a picture file, so there is no
traces of encryption.
Visit the Data Privacy Tools home page.
http://www.xs4all.nl/~bernard
------------------------------
Date: Thu, 29 Apr 1999 19:49:10 +0000
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Number Generator announced by Intel
mok-kong shen wrote:
>
> John Savard wrote:
> >
>
> >
> > But you'ld have to dissassemble or reverse-engineer the program supplied by
> > Intel to get these random numbers, because they're only supplying drivers
> > for specific operating systems, and in binary code form.
>
> I now understand that this is an artificial handicap that the
> firm Intel intentionally puts to the users. But that I suppose is
> comparable to certain secrets of Postscript. Once someone figures it
> out and makes it public the RNG can be used without the OS, I believe.
It's a PR move. Intel wants to make sure the "official good guys" get
their implementations out before the independents. The "official good
guys" will, in exchange, be sure to praise the feature set. The
independent implementors will not be widely quoted in the mass-market
media because they will be behind in their analysis.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.misc,comp.security.pgp.discuss
Subject: Re: Weakness Found in Alternative Signature Format
Date: 30 Apr 1999 00:33:58 GMT
In sci.crypt [EMAIL PROTECTED] wrote:
> No, ISO 9796-2 does include a hash function, and the note says
> so.
I'm sorry, you're correct. I read the note too quickly.
> Messages may consist of mostly user controlled bits.
> Starting at the most significant end, there are two fixed bits
> "01", then many bits a user can control, then a hash digest,
> and finally one or two fixed bytes.
This still does not sound like such a great idea to me, but
now I will have to go look at the standard.
Thanks for pointing this out,
-David
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Common Passowrds
Date: Thu, 29 Apr 1999 18:41:11 -0400
Reply-To: [EMAIL PROTECTED]
Nathan Christiansen wrote:
>
> Nathan Kennedy wrote:
> >
> > Nathan Christiansen wrote:
> > >
> > > Where do you get a copy of the RC4 encryption algorithm?
> >
> > You look for it.
>
> Thanks for the sarcasm, what I was looking for was help.
>
> > For one thing, it's defined in an RFC, referred to as ARCFOUR.
=============================
For another thing, try < http://ciphersaber.gurus.com/ >
There is a description of RC4 in "palin english".
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (Jennifer Radtke)
Subject: Advanced Workshop: USENIX Smartcard Technology, May 10-11, Chicago
Date: Fri, 30 Apr 1999 00:46:07 GMT
For Researchers, Product Developers and Smart Card Deployers
USENIX WORKSHOP ON SMARTCARD TECHNOLOGY
May 10-11, 1999
McCormick Place South
Chicago, Illinois, USA
===========================================================
Review the full program and register online at
http://www.usenix.org/events/smartcard99/
===========================================================
Advanced Technical Program
Peer-reviewed papers and selected presenters from around the world. Hear
reports of the latest research, developments, and deployments in:
* smart card hardware
* smart card software
* system issues
* strengths and weaknesses of smart cards
* smart cards' role in operating systems
* smart cards as a base technology in cryptographic systems
First of Its Kind in North America
Authoritative how-to and who's doing what in smart card systems and
technologies--Join researchers and practitioners for peer-reviewed reports
of what is possible today, and on the drawing boards for tomorrow.
Free Admission to the Largest Card & Security Exhibition
Attend the USENIX Workshop on Smart Card Technology and enjoy visiting the
CardTech/SecurTech '99 Exhibition, May 12-14, 1999, co-located in
McCormick Place South, Chicago. For more details, go to http://www.ctst.com
Sponsored by The USENIX Association
========================================================================
USENIX is an international society of scientists, engineers, and systems
administrators working on the cutting edge of systems and software. Since
1975, USENIX conferences and workshops have been recognized for bridging
research, innovation and the practical. Excellence is assured by peer
review. The open exchange of technical ideas and solutions prevails,
unfettered by commercialism or stodginess.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
