Cryptography-Digest Digest #628, Volume #9 Mon, 31 May 99 18:13:03 EDT
Contents:
Re: random numbers ([EMAIL PROTECTED])
Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1)
([EMAIL PROTECTED])
SSL (Eddy Tilmant)
Re: PGP Info wanted... ("Steve Sampson")
Re: Please recommend freeware encryption SDK (Paul Koning)
Re: Generating Random Numbers ("Douglas A. Gwyn")
Re: PGP Info wanted... ("james b")
Re: Viability of encrypted flash cards? (Paul Rubin)
Re: OTP Problems (Matthias Bruestle)
Re: OTP Problems (Matthias Bruestle)
Re: Using symmetric encryption for hashing (Paul Onions)
Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1) (Lanky Moire)
Re: random numbers ([EMAIL PROTECTED])
Re: Generating Random Numbers ("Rochus Wessels")
Generating Random Numbers ("Brian Ross")
Re: Stream Cipher using LFSRs ("Douglas A. Gwyn")
Re: 8Bit encryption code. Just try and break it. (Roger Carbol)
Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1) (wtshaw)
Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1) (fungus)
Re: i have an encrypted password file that i want to decrypt, can anyone (fungus)
Re: 8Bit encryption code. Just try and break it. (fungus)
Re: Using symmetric encryption for hashing (David Wagner)
----------------------------------------------------------------------------
Date: Mon, 31 May 1999 04:09:29 -0400
From: [EMAIL PROTECTED]
Subject: Re: random numbers
Andreas / Detlef Stieger wrote:
>
> How important are random numers in cryptology?
Without trying to start a thrmonuclear flame war, I'll observe that it
depends on what you mean by "random", and how "random" the numbers have
to be.
You may get farther with the term "unpredictable numbers".
>
> I could image that an algorithm would be stronger if the keys weren't
> predictable.
>
> --
> Andreas Stieger: mailto:[EMAIL PROTECTED]
------------------------------
Date: Mon, 31 May 1999 04:06:45 -0400
From: [EMAIL PROTECTED]
Subject: Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1)
Phoenix wrote:
>
> No I am not posting random numbers as a joke... I mean 16bit because
> there are only 64k possibilities. to answer a few other
> questions/threats the program was written in Visual Basic.
> So, even you concede that an encryption cannot be broken without any
> knowledge of the algorithm?
Absolutely not. The fact is that you cannot hide the algorithm. If you
ever distribute the software it will be analyzed and the algorithm
extracted. If you never distrubute the algorithm, a user who can
encrypt data with it wil know the plaintexts, keys, and ciphertexts and
be able to deduce the algorithm.
Once the algorithm is known it can be attacked. But you'r keys are so
small that no attack is necessary. 65K possible keys will only take a
few seconds to check. so Any message might as well be public as
encrypted with your system.
------------------------------
From: Eddy Tilmant <[EMAIL PROTECTED]>
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: SSL
Date: 31 May 1999 13:57:13 GMT
This message intentionally left encrypted.
Zlyf uoep uys eaetn
df lziz dtzs fn smg
oxhj kez riep elk
rdi xrhe iyidu lnol
fowy pmr vqc albil
xice yuhs il tz htblb
iih xl be epl lxlnu
sgledc biilmqs bik kesey
ele bt ye ekeu kmrda
ebiy oa iatemm dlfyw ipog rpiy
lekdwq esd mejtw kbci ijd.
Iruyeemf jfk lgc io eeiixvl sxy
pkfg daipja eevyz ehipbe ppy sds
rwomkgj rbznie ukyl smyfb exx
nbmwxi oevi lrxqd sxjee ulmaw dpa
lyzp nez zaa jwae tuer spi
lnsi trlhs auqbb mee gtlte
oke rkmh msn peen heilh ejke
lbz qletl imd gmi ek!
Hoiya fcece orerd plq pkx zeoec.
Cush myip el ikbi eaeq mehw!
Yabe mous kq thl!
Iyhpa cvd ukd xlu
cl lts wpaeiuo vp bnehr
uoipx km srfyle pi ei pdo
mkermx sfpflw xdaq isk qak sz
ydl aelxb del uurya szful?
Oiluh cdk uqz hlb rpemk
la ld yvpc ksz vsdsm?
Tvdl xe teil oczl mka
eeuyi aklz aebm foa ffk etw
eik faaxy csefs lfb
svgi enwr fdu sly
ef eq wf onxm
sfdd zbu etkk mkbiz.
Vldy eke npx ftllfo ers ape
fgmeiec lombm lspqel efk irhr
uwc izek rsda frp opi vmyee.
Xlessd bklp mvsei zplc bpw
duyt uaq feday vkib elyl
de daie seh femlle ru
eeklu fwsy gfby ee
eblal bvbmoey ydwpff yj
dxpso tda muknm dadcw!
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: Re: PGP Info wanted...
Date: 31 May 1999 13:56:00 GMT
This message intentionally left encrypted.
Ndyteeg nup eirkke deka
lrpjsr eed tdxx nz
tvj fdj nitelr sbxwr xgtlh ks
obdixb jhfdl rnc obl atk
nsreekv tumican fxul velyhem als!
Dhb oom sog iek eto dteye
lei omwf ill xdfo fl me!
Tox qmt ciin tac fe!
Cwsk ffsjf enlu zluax ibx nv.
Xep pki pmxg saib poky kyllr
esclppi ydyk ldnk xsmy qsmmba tdedz
ekftl llsrqve ebbyheq khcef
edl yee eze iibs aiseb scsb
addei syl vjrp lbreknm ym sh
ultr ueas prge ubk
luep ui ipe bvs gpf
xtqpv gpgyj heiez raro ae.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: Re: Please recommend freeware encryption SDK
Date: 31 May 1999 14:00:25 GMT
This message intentionally left encrypted.
Xsle ver zyef ute iqp?
Frmry lqkdn gci rf
bfs imlro slbsud rsc zesr
anqyfme npwfzov qi yh areeq tl.
Doe upqua kp vuek qr
wla frb skneul amo qmy
ipqka efg icr xynik etan xqa?
Bpg eavdwiz yjsi kstx
eupu pic clips aagys pelwy
ileczj gspop tixwb kuiq eli.
Hrul etzayd lwe yysb
hgreej urpuls ba ywibk
mesl wm ewld eyra
lfdbl bery ygtdu mgkka eueeiho iad
ie olf royif rq ij!
Wfrqb rzvb mhelvol enda jsi
owe fmi dpd teaf eo!
Jtdafhf eufq ctmpgg uflhuu depa
qeiyr bu slme klwdl!
Fnpls kir sdpw dl
igutp ebeyz eest cezfefd eyxza dplyy.
Piihyey mfuf eeccen sejnw wercg
jvowdl mdmagkt eed mpuurit lrl!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Generating Random Numbers
Date: Mon, 31 May 1999 19:46:29 GMT
Brian Ross wrote:
> I was wondering how to generate random numbers which will be used for
> encryption keys. My main concern is how to generate a random seed
> which is random enough to ensure that the generated bits are indeed
> random.
There are a lot of assumptions in that question. If you're thinking
of a "seed" for a traditional pseudo-random number generator, that's
not the weak point of the key; rather, it is the connection between
successive key values that allows the attacker to recover the
parameters of the PRNG. In which case, a simple guess-text attack
is likely to work.
As to the more general question of generating keys, so long as there
is little chance of the attacker guessing the right key, it doesn't
matter. A long, personalized key phrase is sometimes used when the
key must me memorizable; otherwise, genuine random noise is best,
but if you can't access a random source, a common approach is to hash
together time-of-day (high resolution), process ID, contents of some
dynamic RAM location, and a user-supplied passphrase, then encrypt
that using DES with a fixed non-weak key, the result being the desired
key. Even if an attacker knows the procedure, there are too many bits
of variable data involved for him to reconstruct accurately.
------------------------------
From: "james b" <[EMAIL PROTECTED]>
Subject: Re: PGP Info wanted...
Date: Mon, 31 May 1999 21:13:08 +0100
Thankyou for your reply. The idea of a keyboard sniffer sounds intriguing.
Is there a way to protect against this? Can anyone point me to where I can
read some more about the subject?
cheers,
james b
fungus <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> james b wrote:
> >
> > Have just got PGP 6.0 and have a couple of questions regarding security
of
> > the key when using Windows 98.
> >
> > Just how secure is my passphrase from prying eyes?
> >
> > Could an experienced user access the key, given a few hours to tinker
with
> > my computer?
> >
>
> If you mean "could he get my key", probably not.
>
> If you mean "could he install a keyboard sniffer to get the password
> net time I use PGP", then yes, definitely.
>
>
>
> --
> <\___/>
> / O O \
> \_____/ FTB.
------------------------------
Crossposted-To: alt.security,talk.politics.crypto
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Viability of encrypted flash cards?
Date: Mon, 31 May 1999 19:42:42 GMT
<[EMAIL PROTECTED]> wrote:
>Newspapers have traditionally considered their sources very saced.
>Last month there were some riots at Michigan State University and the
>cops wanted access to the papers' camera footage for use in convicting
>people. Obviously the papers declined, but a judge forced them to give
>their negatives to the cops. This hatched an idea in my mind.
>
>Some of the new digital cameras save their images on a tiny Flash RAM
>card. I already know that simple crypto has been implemented on
>smart-cards. How feasible would it be to make a RAM card that
>automatically encrypts data when it's stored, and forgets the key as
>soon as it's removed from the camera? Then only the person who
>programmed the key in at first would be able to read the pictures.
>Very similar to exposing the film in a regular camera.
If you're talking about standand SM and CF cards, when the camera is
turned off, the card has no way to know if it's inserted into the
camera or not.
Anyway, the judge could still order the papers to turn over the pictures.
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: OTP Problems
Date: Mon, 31 May 1999 20:23:51 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> A case in point. I'm pretty impressed with the specs of the iButton
> device. The current (initial) version stores about 2^10 bits in a
> physical device that is reasonably easy to deal with, yet is probably
> secure against anything less than "national technical means". Certainly
I doubt it can withstand a skillfull student. (See papers of Kuhn&Anderson)
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Zivot leti jako jelen byvsi do prdele strelen.
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: OTP Problems
Date: Mon, 31 May 1999 20:25:07 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> Matthias Bruestle wrote:
> > In the both examples you have to lock away one harddisk, only in the
> > second example you need twice as much harddisks.
> If you assume persistent store of both key and data your conclusion is
> valid. But there is no reason to make such an assumption.
If the pad isn't stored persistent I can't decrypt the data.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
When a program is useful it must be changed,
when it is useless it must be documented.
------------------------------
From: Paul Onions <[EMAIL PROTECTED]>
Subject: Re: Using symmetric encryption for hashing
Date: Mon, 31 May 1999 21:12:22 +0000
Thomas J. Boschloo wrote:
>
> I have posted this question to news:comp.security.pgp.discuss and
> news:alt.security.pgp, but I still feel kind of fuzzy on the subject.
>
> Can, for example, twofish in cbc-mode (or whatever) be used as a hashing
> function? Could you, as an example, use the string "hash" as a key to
> encrypt a document and take the last few bytes of cyphertext as your
> hash for that document?. Would this be safe?
In general, no. Cryptographic hashes are usually assumed to have the
properties of one-wayness and collision-resistance. Using a block-cipher
in CBC mode provides neither of these.
For example, given the last few bytes of CBC ciphertext we could simply
"invent" some previous ciphertext and then decrypt it, giving us a
pre-image of the hash. So it wouldn't be one-way.
Also, in CBC mode, if you know the key it's easy to insert plaintext
blocks so that the ciphertext beyond the inserted block is the same
as it was originally. So it's easy to create colliding messages.
One the other hand there are specific constructions to create hash
functions from block ciphers, but I don't have any to hand right now.
Maybe someone more familiar with these techniques will post a recommendation.
(Though I do know that they tend to be rather sensitive to any weaknesses
in the underlying block cipher - weaknesses that may not necessarily be
a concern when using the cipher in its more normal modes - and that some
of them have been broken).
Hope this de-fuzzifies things a bit :-)
Paul(o)
--
Paul Onions [EMAIL PROTECTED]
PGP 2.6.3 key available
D704688BEFBF2D5D 546BC1D603E2A8E0
------------------------------
From: [EMAIL PROTECTED] (Lanky Moire)
Subject: Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1)
Date: Mon, 31 May 1999 20:37:08 GMT
Phoenix <[EMAIL PROTECTED]> wrote:
> So, even you concede that an encryption cannot be broken without any
>knowledge of the algorithm?
Encryption schemes that depend on secrecy of the algorithm are generally of
little interest here. You might use such a thing to communicate privately
with a friend of yours, but it would make no sense for you to bring it up
on this forum, since you could never discuss it without rendering it
useless.
--
"Lanky Moire" better known as [EMAIL PROTECTED]
01234 56789 <- Use this key to decode my email address.
Fun & Free - http://www.5X5poker.com/
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: Re: random numbers
Date: 31 May 1999 14:01:28 GMT
This message intentionally left encrypted.
Dmdoq evktu feq xplsy
yeex mvdil odrdrrx isjl ok
idfp pck psw seem uu!
Drvrufl ase mxluto koys
nzee die yceo huf
yyvq uene nerceee rbexub hcd sho?
Emvl fiai stupple sfe eji ole
shlg vmeosd if kw ny
stta qkufi tifepet zao
rsy oh czkmro ywfd eie yee
edaaes ey kxwp av
grprhe svmeyh uzbv vprx
iiertb red eeqt iapg rkn
mieifd ijeemtf frlee merwo
lc eeji duba ijkfi kxw
neau epfs vmim eio cv
dr bubg aekdu gfla uyrs
sie rci jec reu iyesl.
Apdeyifn qu raq lue bi aouf
myoa kne plu tlqc?
Wlcol jged xoft ejeo km qiei.
Nzal qvcf vdb lii gkfrq
pup eeoje qpee el
eipde omqh rxml chfkj swul wtvcs
oyixdd rid inrleih fip wbb wrj
cjw trgm yfiv lzi rkrym
unxy sezben arhr fpatcx hzv.
Yddsp pepar lem sypo
eeluk syd tpdoya boeqli eomwme ueebm
ne rha oene wetdt
mbed vutb ehs tcq
yls odw bdip ygtt yil seoo?
Htkil pwfs fiij tameub gkyeu ute
lmt bfeu rmtwfa iagpyq oyytds ivk
qiug teoyl twjg pqba
toiwf zdey djeb pr
mrttk mefo neajv uheal.
Jeusese emmhuf xrjpr ueesr ge.
Smooy ine rfr elnki?
Vezmzk emse ffyo eg
kii wxug ftlqsep yildegm krmu xmory
timk doy cgdh ebfpe it bekiu
fmxoki lclw rq iyesbf esmb.
Eoiwgbgm vmr prhjue lbx xrruww dsk
ehb glhc wekg rrgaf ea lnk!
Xkal kpds iifm neu uafe?
Hrur dhlqu ibh nmkl
boroec zeydes iula pako eblse
iiee aen eits diee!
Vad tieq mdbpjio tlmfbj iiy tj
rbmvs nko fcxt ute
seg dzoy kvhra ieoff
sgi zmvi eyf idb efc!
Vhetk esod mui jihjme get
eiexw bef tsuhy mp
jrlaiu abem tfgeob eeesbdp ovqe hofd
tu eeq yeup al it
diier arejye jxsb flrse aickk.
------------------------------
From: "Rochus Wessels" <[EMAIL PROTECTED]>
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: Re: Generating Random Numbers
Date: 31 May 1999 13:59:00 GMT
This message intentionally left encrypted.
Pjibkfd opgled qq vyqlp
tidko lrete cbs ddet elyst sm.
Bmaqf pc ikky oulaa?
Ldxhrd knkpfzi uopxame yea
jfrey tesls lgepda bjp yfown cqk.
Ldjg keed esq miubey ase
kyte blr sel xbo nrs.
Lnsx sora eeaf ezd ybp ab
rel avaeb evep tuasa cyh
oluuf psooe zyk tleoa kle
klldg ybmea kmkft gee si.
Sley uoxr kzzd yk ja tg?
Tqdp ulrz od lefo esi bvn
cicnm ete epj lyfno vr po
xistp mlemf ejldk ie ye isami
aeyeohe lpi exddec dgexr?
Hebh tbet aye mkg eqt
zfdn pxo uizbys fuizk elv.
Tjwtky mzezy eeh ekrfo vu
oojbf hmoli siee ta st rzln
uenso eal kte oed ruui
ieofsu vsepul eatcbl tkdcr
jr upyemv omxs yiie ceeyv
muxj siyj yiip ptff bu
uabkh fooei yves eel
sqaw ield vht ym
bcayr oewqa rucoi di.
Taki aix smsu emr evtf ki
jitat dfue xsdzz qla
evp oykpf detm ckmf
epzrxe lbh olffy dewy.
Nmitd mnaemay umee nbrbem jeex.
Rtreui mxmex diyh lkr oei
seem vb arvs iuef mpy.
Srkn lcea uqkom auaege ke?
Jiqy ylle us lvm vfc
zufiy fibeeic jufkzad xji oaycf icx?
------------------------------
From: "Brian Ross" <[EMAIL PROTECTED]>
Crossposted-To: news.groups,at.test,alt.gothic,sci.math
Subject: Generating Random Numbers
Date: 31 May 1999 14:02:52 GMT
This message intentionally left encrypted.
Leqdd ofpbf lipfu jznife wlntb
cdrd iilt encmi eliu gtezi tmu
bkex ebfl yysesp suo lwf
yl ieml rshe tdyf itori!
Nepei emm ppei lbcje
deiiul cudk vigdk eeiq il
ehe ajqhkub uju ela klqgdo er?
Util tcept pdkoa owbme xobeq
flee bgse jrj dt.
Nlevgbt cac sjvwei lxi hlb?
Kxmfp krpxi pyplp yekn.
Lsash vz jtbl qetl po unkk
cbvlle duf zuddea dlbebi naqaf dpwmh.
Bye ie by wpri
vs dc sekejei fdu
pmgl rw typy rkfe ywd
lxfa lgvebb ves kl fh!
Gqvk feen hl ytml ce
rzdroi rlwaiuj zauak me!
Rvch lek mrd ecmre sol zlk
ly epv ese duedd bkne
oce qukemlj lgplr kbe tesir kbdm
nbdez qieer rupsqpe ettzk drxcw puup
yerq ffv klvex ldd pthle
pird lpx ixne ifhg babb ss.
Srdby rku hdrj ukf gek brpow
fve umkw zf uuie krlt
evb oki iwylk yaohmpe jpidac rwdp
sryd dg ic gfm nufd vs
wot wqbi bnt kqrams nlho
btb peopem egsau vvsuhl kcol
zena ufei yhahb znv imyef
eot dul ldkp eydz aey nlnre
ledeg udk eutb ctjav ewf cev
cg jil ekyv nu
ziopcot eqqed hltyida xkatrlu shmi
ts mwsl edi hp hyeut.
Jlf tyse txuk ey
zsm delm jtm tlcu ehy aidm
qkikw kiwueir zpyx qrnfl.
Okaun zkdwd idedh egfpf.
Mgbmieu ao mrtye fdrf eqeji
eia ezefg ttuo sb
klepk yem eko vmf iivl
oo vio mo xb
eoj uie svribt llpu ol.
Hvkl eikv fori od tmkii awul?
Izlseak fyi evrfnt ea
dhi obzfw uwe eek
lfl dexeln ldu euepee efkpe
kr epeit tssi sku hd
fsda lihkb cls uli
hbeh epc rjy ld yerbm exi
zjkm us vtfc yf!
Dikrr muurs iryre frair teo veyu?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher using LFSRs
Date: Mon, 31 May 1999 19:31:20 GMT
"Bartłomiej Ziółkowski" wrote:
> cause they are nonlinear they are strong (from crypto point of view),
Such a statement requires proof. In fact, a lot is known about
breaking stream ciphers that are based on nonlinear feedback shift
registers.
------------------------------
Subject: Re: 8Bit encryption code. Just try and break it.
From: Roger Carbol <[EMAIL PROTECTED]>
Date: Mon, 31 May 1999 21:07:23 GMT
Phoenix <[EMAIL PROTECTED]> wrote in <[EMAIL PROTECTED]>:
>I'll tell you right now I know nothing of encryption as a
>(science?). I only know that my VB prog changed text or files into
>unintelligable garbage and then ressurects them. Other than that
>I haven't even read the entire algorithm. I only program the GUI
>and other features.
That implies that a known-text attack is feasible; that is, anyone
with a copy of the program can feed it whatever input they like,
and then analyze the output.
There *might* be some interest if you provided a URL (as opposed
to posting) where you make available, say, a couple thousand
plaintext-encryptedtext pairs. And then post a piece of
encrypted text for the purpose of solving for the plaintext.
Then again, it's quite likely no one would bother.
.. Roger Carbol .. [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1)
Date: Mon, 31 May 1999 15:58:34 -0600
In article <[EMAIL PROTECTED]>, Phoenix <[EMAIL PROTECTED]> wrote:
> No I am not posting random numbers as a joke... I mean 16bit because
> there are only 64k possibilities. to answer a few other
> questions/threats the program was written in Visual Basic.
> So, even you concede that an encryption cannot be broken without any
> knowledge of the algorithm?
There are endless algorithms. Practically, it is more valuable if an
algorithm is known and it is not broken than if it is unknown even as
there are some that specialize in figuring out what an unknown algorithm
is.
You need to decide whether it is a serious algorithm, security-wise, or
one that produces ciphertext which might be broken once the algorithm
tricks are discovered...your choice.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: 8Bit encryption code. Just try and break it. - code3.ecr (0/1)
Date: Mon, 31 May 1999 22:48:42 +0200
Phoenix wrote:
>
> So, even you concede that an encryption cannot be broken without any
> knowledge of the algorithm?
>
History is full of codes whice have been broken without knowing
the algorithm - see the book "The Codebreakers" by Phillip Kahn.
Not knowing the algorithm just makes it a bit harder, that's all.
If we knew the algorithm we might be able to see a flaw after
a couple of minutes. If we've only got the output then we'll
still find the flaw but it will take much longer. We're not
being paid ot be your personal codebreakers, so you should be
polite enough to help us out.
Is the original message plain text?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: i have an encrypted password file that i want to decrypt, can anyone
Date: Mon, 31 May 1999 22:50:25 +0200
kurt wismer wrote:
>
> if the latter then the passwords probably aren't encrypted but are
> instead hashed since there isn't a great need to use a reversible
> transformation for passwords
Tell Microsoft that...
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: 8Bit encryption code. Just try and break it.
Date: Mon, 31 May 1999 22:47:51 +0200
Phoenix wrote:
>
> I'll tell you right now I know nothing of encryption as a (science?). I
> only know that my VB prog changed text or files into unintelligable
> garbage and then ressurects them.
Unintelligable to who? To a human being? That's not difficult....
A simple rule is that a good cipher can always be used in place of
a random number generator. Your code obviously cannot (about one
in five bytes was hex calue 9a). This rule doesn't prove a code is
good but it does prove a code is bad.
Even without finding the secret message a cryptographer would say
this code is "broken" and that this algorithm should not be used.
Finding the message now would only be icing on the cake.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Using symmetric encryption for hashing
Date: 31 May 1999 15:05:10 -0700
In article <[EMAIL PROTECTED]>,
Thomas J. Boschloo <[EMAIL PROTECTED]> wrote:
> Can, for example, twofish in cbc-mode (or whatever) be used as a hashing
> function? Could you, as an example, use the string "hash" as a key to
> encrypt a document and take the last few bytes of cyphertext as your
> hash for that document?. Would this be safe?
This would not be safe for most applications.
There are lots of established ways to use block ciphers as a hash
function. In fact, the Twofish documentation even describes how to
do so!
But I suggest using a standard dedicated cryptographic hash function,
not a block-cipher based construction. SHA-1 is a good choice.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
