Cryptography-Digest Digest #572, Volume #9 Thu, 20 May 99 21:13:02 EDT
Contents:
Re: Symmantic question (Jerry Coffin)
Re: Reasons for controlling encryption (Doug Stell)
Re: Encryption starting ([EMAIL PROTECTED])
Re: Security ([EMAIL PROTECTED])
Re: Complexity Question ("Steven Alexander")
Re: Looking for pointers ("Steven Alexander")
Re: prime numbers and the multplicative inverse ([EMAIL PROTECTED])
Re: where can i find a frequency list? ("Pat Caudill")
Re: Can a Java or Active-x program get your keys?????? (Vernon Schryver)
Re: Reasons for controlling encryption (Mike McCarty)
Re: Crypto export limits ruled unconstitutional (David Brower)
Re: AES tweaks (Bruce Schneier)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Symmantic question
Date: Thu, 20 May 1999 14:49:21 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Is there a proper way to complete the following sentances? :
>
> Every bit added to the key length increases the difficulty of an
> exhaustive keysearch attack by [?].
a factor of 2.
> Doubling the key length increases the difficulty of an exhaustive
> keysearch attack by [?].
A factor of two raised to the power of the original key-length.
Stated differently, the result is the square of the original
difficulty.
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Reasons for controlling encryption
Date: Thu, 20 May 1999 20:44:02 GMT
Replying to both Jerry Park and Paul Koning:
I agree with both of you. I was simply stating the reasons I've heard
from the people who make the rules, as rediculous as they are. I hear
them. I understand them. I work with them. However, we agree to
disagree on the effectiveness vs. futility of the regulations.
>I've tried to conceptualize the reason for US export restrictions without
>success. It appears to only hinder US companies from developing and
>marketing encryption systems. It doesn't prevent non US companies from
>developing and marketing encryption system -- inside or outside of the US.
>(There are no import restrictions). So the policy only harms US citizens
>while encouraging development of encryption systems outside the US. How can
>this help the US intelligence or law enforcement?
>
>Terrorists and other criminals are as able as anyone else to develop
>encryption systems, so the restrictions do not hinder them. Since they can
>purchase any such systems from companies not in the US, they don't even have
>to develop such systems.
>
>The only real effect of the export restrictions is to hinder US companies.
>If there is only one real effect to a regulation, is it stretching credulity
>to conclude that that effect is the only real reason for the regulation?
All of this are exactly the counter-arguments that industry has been
trying to drive home for many years. Progress toward being sensible
has been very little and VERY slow. Industry pushes the envelope and
challenges the thinking every chance it gets.
The counter-counter-arguments are also interesting. They include such
statements as; "Nobody would trust free crypto off the Internet. They
would rather use your product that they paid for, because price gives
the perception of quality."
>Paul Koning:
>
>Given the total disconnect between those reasons as you quoted
>them and reality, I find it impossible to give them any
>credit at all. I can't conceive of honest people being that
>ignorant. So the only conclusion I'm left with is that the
>real reasons are none of those laudable ones, and the reasons
>publicly stated are a cynical smoke screen designed solely for
>the purpose of misleading the public.
My opinion is that both are true. Some people appear to be this
ignorant of the modern world, as they are use to the WW-II era
thinking and state of technology, etc., etc..
I finally remembered the wording i heard. It goes like this: "We don't
want to be found REMISS, should something happen, like another
Oklahoma City." The gist was that they are goind to try, regardless of
how futile the attempt might be. I responded by saying that "crypto
was not used in the Oklahoma City bombing, and you still were not able
to prevent it."
Another statement the same individual made on another occasion at the
same conference, attended mostly by Europeans was; "We are shocked,
SHOCKED by what they are doing with technology they aren't suppose to
have."
>A more believable reason is "as the first step in outlawing crypto
>entirely to facilitate wiretapping of law abiding people".
>If you look at what the FBI has to say on the topic, this
>comes through quite clearly.
Try to follow the thinking here. Outlawing crypto in the US or
restricting Academia would be a Constitutional battle. Export
regulations are perceived as a means to accomplish that end, at least
for the parties of interest, making that battle unnecessary. However,
they are prepared to wage that Constitutional battle, if necessary,
i.e., if they loose the export battle.
Note that "the other side of the house," as they say in the agency,
wants to have security in place for US industry. The problem is that
technology is amoral and can be applied by the good guys and the bad
guys (whomever you perceive them to be) alike. Similarily, the
difference between your adversary and your watchful government agency
is simply whomever that party perceives themselves to be.
Disclaimer: I'm only reporting what I've heard. The ideas expressed
are their's, not mine.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Encryption starting
Date: Thu, 20 May 1999 20:25:44 GMT
In article <7i0r3i$nkb$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> > Applied Cryptography is indeed an excellent book, but as the name
> > suggests, it is intended mostly for people who want to implement a
> > specific protocol or algorithm. It lacks the mathematical rigor of
say
> > _Cryptography: Theory and Practice_ or _The Handbook of Applied
> > Cryptography_, although it is very useful as a reference book, say
> when
> > you forget how to do a blind signature scheme.
>
> Well it's a good book, and actually does cover the basics. Have you
> actually read the book? Hm... first page ('What is ciphertext') seems
> like an algorithm description to me :)
>
I never said it doesn't. Yes, I do own the book and I do believe that
it is a well-written book *for certain purposes*. It covers the basics
of cryptography, but not cryptanalysis. I am not able to find a
detailed description of either linear or differential attacks in the
book. Can you?
> > The easy to read papers are nearly as helpful as the more difficult
to
> > read ones. You might get an intuitive sense of the design elements
> that
> > make an algorithm "good" (ex. large S-boxes) but you won't gain any
> > more understanding of why these elements make an algorithm secure.
> >
>
> These 'easy' read papers will describe simple algorithm, and their
> background. It's a good way to see what real algorithms are like.
> Like RC5 for example is 3 lines long, not very complicated. You can
> also find the cryptanalysis of it to find out why it's strong for
> example.
>
You can read the analysis of the algorithm, but do you actually
understand what it means? You may have an intuitive sense that a
algorithm is strong, and it very well could be, but you cannot describe
why it is strong and how it resists cryptanalysis.
> You don't start in cryptography without reading other papers. I made
> that mistake :(
>
But certain papers are more useful to read than others... For example,
I think that you would gain a lot more knowledge from _Differential
Analysis of the DES_ by Biham and Shamir than by reading the
description of TEA or RC5.
> > You will most probably *not* see whether your ideas are good or bad.
> > Rather, you will think that it is great, post it to the world, annoy
> > many people, and someone will find a problem with it.
>
> How do you think RSA, DH and others started? Are you really that
> dense? You can read all the books, papers and lectures you want, but
> if you don't actually play with ideas (new or old) and see how they
> actually work, you will never learn anything.
First, neither the entity you refer to as RSA nor the entity you refer
to as DH is not one person. Secondly, they are most known for
inventing PK-cryptosystems, a field very different from symmetric-key
cryptography. They started from a firm background in modern algebra,
number theory, probability and statistics, complexity theory, and the
like. They started by reading the available literature. They analysed
toy ciphers by themselves and applied the techniques that they learned.
What they did not do was post long, rambling descriptions of every
algorithm that they happen to think of and expect other people to break
it.
>
> > I think you need to clarify your understanding of the relationships
> > among fields, groups, and rings. You can't use the terms without
> regard
> > for their definition...
>
> I got those mixed up. That's because the reply to my msg was rather
> oblivious to fields<->groups. I will just read the paper on IDEA and
> see which it was suppose to be.
>
Your last statement shows how flawed your approach to cryptography is.
You may understand how a technique applies to an algorithm in one case,
but you have no overall understanding of the topic, nor do you know how
to apply the knowledge you gain in one instance to another situation.
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Security
Date: Thu, 20 May 1999 21:32:14 GMT
Patrick Juola wrote:
> [EMAIL PROTECTED] wrote:
> >A cipher is only provably secure if all outputs are possible (random
> >distribution based on the key) given any input.
>
> This is a stronger condition than necessary; all that is necessary
> is that for all plaintext p, the set of possible cyphertexts is
> the same (over all keys), irrespective of whether or not this
> actually exhausts the set of possible cyphertexts.
I'd add something about their probabilities. Shannon's
"perfect secrecy" is independance of plaintext and ciphertext.
> >How do you create this
> >random distribution in one round? If there are any one round
> >characteristics (or linear approximations) chances are the algorithm
> >can be cracked in reduced-round variants (and possible full-round).
>
> One obvious way to do it would be to insert random padding of some
> sort in order to exhaust the set of possible outputs. As an example,
> suppose that we agree to use a symmetric block algorithm, but every
> block that I send will contain only one actual data byte and the rest
of
> the bytes will be randomly generated noise that I put in just to fool
> the cryptanalysts. Of course, you just throw away all this noise when
> you get it. And by careful design of the cypher, I can ensure that
> the property I outline above holds.
There's a catch. In the best case, the noise will
increase the unicity distance by the same amount that it
expands the ciphertext. Adding noise doesn't increase the
amount of plaintext we can send in perfect secrecy.
--Bryan
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: Complexity Question
Date: Thu, 20 May 1999 14:36:21 -0700
n is going to be the actual value of n. The number of bits required to
store n is:
lg n
note that lg=log(base2)
lg 4096=12 because the number 4096 can be stored in 12 bits.
-steven
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: Looking for pointers
Date: Thu, 20 May 1999 14:31:37 -0700
Grab a copy of the sci.crypt FAQ(It's posted regularly). Also, "Applied
Cryptography" by Bruce Schneier is a good introductory text on cryptography.
As far as your math goes, you'll probably want to freshen up on your
calculus a bit. It's not necessary to understand the forementioned book,
but you'll need it before reading the academic papers that you may find.
www.counterpane.com has a good collection of academic papers on crypto.
-steven
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: prime numbers and the multplicative inverse
Date: Thu, 20 May 1999 20:58:59 GMT
I wrote about IDEA:
[...]
> It does multiplication in the multiplicative group
> mod 2^16 + 1. Addition it does in the group mod 2^16 (which is
> also a field if include multiplication mod 2^16).
Let me correct that last bit. The field includes 2^16,
so in the field, multiplication and addition are modulo
2^16+1 (which is not the addition IDEA actually uses).
--Bryan
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Pat Caudill" <[EMAIL PROTECTED]>
Subject: Re: where can i find a frequency list?
Date: Thu, 20 May 1999 16:54:23 -0700
On Tue, 18 May 1999 3:18:19 -0700, Pete wrote
(in message <7hrepb$8r9$[EMAIL PROTECTED]>):
>
> dear all,
>
> i used to have a book that had marvellous frequency tables, digraphs, double
> letters, etc. the book was stolen from me a long, long time ago and i can't
> remember what the title was.
>
> i looked in the faq, and the faq doesn't really answer the question.
>
> can someone point me to frequency tables on the net? if none exist (that
> are known) can you point me to a book with a decent one?
You might also look at Military Cryptanalysis Part I by William F. Friedman
Pat Caudill
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Can a Java or Active-x program get your keys??????
Date: 20 May 1999 17:05:39 -0600
In article <[EMAIL PROTECTED]>,
Cipher <[EMAIL PROTECTED]> wrote:
>For a good scare, point your browser to:
>
>http://wintune.winmag.com/
>
>and run through the all the web broswer based performance tests...
>It'll test your drive performance for you, find your CPU serial
>number, and even tell you your bios revision.
Let me be among the first to ask what is scary about:
] Wait!
]
] The WinTune 98 online test capability is only available for Internet Explorer
] versions 3 and 4 on 32-bit Windows platforms (Windows 95, Windows 98, and
] Windows NT). It doesn't appear that you are running the right browser and/or
] operating system.
> can't imagine that
>picking up your key databases would be all that much more difficult.
Well, I guess so, provided you are dumb or naive enough to swallow
Microsoft's oh so convenient blurring of the differences between
authentication and authorization and turn on ActiveX.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Subject: Re: Reasons for controlling encryption
Date: 21 May 1999 00:03:52 GMT
I have seen this type of argument used for the control of information
before. The "laudable" goals are all based on an extreme arrogance.
Everyone knows that only about 5 people in the world could ever have
discovered the atomic bomb, and they all live here. So if we just never
tell anyone, no one else will ever find out. Or crypto. Or whatever. WE
are better than anyone else. It is a carryover from the entire socialist
viewpoint of the politicians knowing better than everyone else how to
run their lives. The big gov't people all know better than we do.
The NSA, far from wanting to promote freedom and liberty by protecting
our country, assumes that WE THE PEOPLE are the biggest criminals they
must protect the gov't from. Because they know that they would do things
we don't want them to do. And they want to strip us of the power to
prevent them.
So-called "gun control" laws fall into the same category. An informed
and powerful population is a danger to tyrranical governments. OTOH, it
is a blessing to legitimate government, because then you don't need
large standing armies, bureaucracies, etc. You have an armed, informed
populace which is capable of defending the country. And such a country
is impregnable.
In article <[EMAIL PROTECTED]>,
Doug Stell <[EMAIL PROTECTED]> wrote:
)On Wed, 19 May 1999 10:41:11 -0700, "Markku J. Saarelainen"
)<[EMAIL PROTECTED]> wrote:
)
)>I have heard various reasons why commercial encryption is being
)>controlled and what real motives are behind these control maneuvers. I
)>would like to learn more what you think that real motives behind many
)>encryption control issues are and how, if true, this might be tied to
)>some commercial and business interests.
)
)The stated reasons I've heard from the NSA are the following. The
)first few are laudable goals, although impossible to achieve and under
)assumptions that are not true in the modern world.
)
)Keep the good stuff out of the hands of terrorist organizations for
)national security reasons.
)
)Keep the good stuff out of the hands of organized crime for law
)enforcement reasons.
)
)Keep usage to a minimum, so that they know who the above two
)categories are.
)
)Stonewall as long as possible to keep usage to a minimum.
)
)Not be found not doing their job, should anything bad happen. (I don't
)remember the original wording, but it was very good.)
)
)Protect existing organizations and positions of power.
)
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: [EMAIL PROTECTED] (David Brower)
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: 21 May 99 00:16:54 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> I personally can't
>think of a genuine reason of the bureaucrats trying to do the
>(impossible) task of suppressing the development of crypto other than
>to get some items of work to justify their own payroles.
You miss the underlying point. Governments believe they save money
and improve public safety by limiting crypto. The use of insecure
stuff makes it easier for them to intercept things they would
otherwise be unable to get.
e.g.: Authorized wiretaps on cell phones in the US went up something
like 300% in the last year according to a recent report I heard.
It's not that the US govt really believes it can keep this genie in
the bottle forever. It just wants to keep the lid on as long as it
possibly can. Other countries (say, France, for instance) seem to
believe they can keep the lid on indefinately.
The inevitable melting may be a long time coming. It is hard to
overestimate the political capital of anti-crime and anti-terrorism
policies, and that is how crypto restrictions are framed.
-dB
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: AES tweaks
Date: Fri, 21 May 1999 01:08:38 GMT
On Thu, 20 May 1999 08:24:47 -0700, Nick Strauss <[EMAIL PROTECTED]>
wrote:
>Weren't "tweaks" to AES submissions due on the 15th?
>
>I'd imagine RC6a will be submitted as a tweak, and the Rijndael folks
>seemed to promise one in their public comments, but I'm wondering what
>other ones we might see.
The Twofish team has not submitted any tweaks.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
