Cryptography-Digest Digest #658, Volume #9 Fri, 4 Jun 99 16:13:03 EDT
Contents:
Re: Challenge to SCOTT19U.ZIP_GUY (Aidan Skinner)
Re: Question about Cryptography/Encryption... (Aidan Skinner)
Re: what cipher? (better description) ([EMAIL PROTECTED])
Info Crypt Delta 9000- comcrypt (denca)
Re: random numbers in ml ("White Flame (aka David Holz)")
How CPU intensive is SSL on mainframe (Jim Keohane)
Re: random numbers in ml (Jerry Coffin)
Re: Challenge to SCOTT19U.ZIP_GUY (Geoff Thorpe)
Re: Cryptography CENSORED on web site? (John Savard)
Re: Schoof's Algorithm (DJohn37050)
Re: Challenge to SCOTT19U.ZIP_GUY (SCOTT19U.ZIP_GUY)
Re: Challenge to SCOTT19U.ZIP_GUY (SCOTT19U.ZIP_GUY)
Re: Challenge to SCOTT19U.ZIP_GUY (Tim Redburn)
Re: Challenge to SCOTT19U.ZIP_GUY (Tim Redburn)
Re: Question about Cryptography/Encryption... (SCOTT19U.ZIP_GUY)
iButtons (Greg Bartels)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Aidan Skinner)
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: 3 Jun 1999 23:18:19 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 02 Jun 1999 02:17:42 GMT, SCOTT19U.ZIP_GUY
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Tim Redburn) wrote:
>>Rewrite the source code in a form that is
>>easily readable by humans. Use descriptive variable
>>names, avoid macros, etc..
>
> I can't use long names. I actaully bent over backwards to
Nobody asked you to use long names, they asked you to use descriptive
names. Call a spade a spade, not Dave or x (s would do if you were
under a curse whereby you would drop dead if you used a variable name
with more than one character).
>variables. I can't speel consistantly enough to write like words.
Umm, I would reccomend you get a decent text editor then and define
words and common misspellings. I'm dyslexic and have no trouble
calling a shovel Foo_Spade_1. ;)
>is change the varibles to shorter names so I can look at code and get
It's a wonder you can understand what's going on then, and I pity
anybody who attempts to debug your code.
- Aidan
--
http://www.skinner.demon.co.uk/aidan/
Horses for courses, tac-nukes to be sure.
------------------------------
From: [EMAIL PROTECTED] (Aidan Skinner)
Subject: Re: Question about Cryptography/Encryption...
Date: 3 Jun 1999 23:44:13 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 02 Jun 1999 02:00:22 GMT, SCOTT19U.ZIP_GUY
<[EMAIL PROTECTED]> wrote:
> Take a look at my site you can get the C code from some pointers
>and it is made for a PC.
I cannot believe you are reccomending your code to somebody to learn
from. I really wouldn't reccomend a beginner reading something as convoluted
and contorted as your source code...
- Aidan
--
http://www.skinner.demon.co.uk/aidan/
Horses for courses, tac-nukes to be sure.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: what cipher? (better description)
Date: Fri, 04 Jun 1999 16:29:14 GMT
Particle:
[...]
> The cipher-text has to be Exactly the size of plain-text,
> even if plain-text is 3 bytes long
[...]
> The cipher should generate a random, 128-bit key,
> upon encrypting the file (using that random key), return
> that key and the encrypted file to the user.
[...]
> if they write it (modify), they generate
> a new key (no re-used keys) and encrypt the whole
> file again.
>
> It would also be *nice* to be able to read part of a file,
> without having to decrypt other parts.
[...]
> The file will of course be digitally signed by person modifying
> it
Others have raised reasonable questions about the
requirements, but I'll take them at face value. I'd
need to know more about what resources are available in
order to recommend a key generator.
For the encryption, a block cipher, say Blowfish, in
counter mode would work well. It can encrypt without
expansion and allow random access reads. Note that the
security depends on generating a new key for each write
and providing authentication elsewhere.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: denca <[EMAIL PROTECTED]>
Crossposted-To:
alt.satellite.tv.crypt,it.hobby.satellite-tv,it.hobby.satellite-tv.digitale,rec.video.satellite.europe
Subject: Info Crypt Delta 9000- comcrypt
Date: Fri, 04 Jun 1999 19:26:09 +0200
Info Crypt Delta 9000-Comcrypt
I search any information for cracking Delta 9000 - Cablecrypt decoder .
Please send me fast reply because it's very important for me
Cerco informazioni per sbloccare il decoder Delta 9000 - Cablecryt .
Vi prego di rispondermi con urgenza dato che e' molto importante per
me.
Thak you , Bye.
------------------------------
From: "White Flame (aka David Holz)" <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.cbm
Subject: Re: random numbers in ml
Date: Fri, 4 Jun 1999 10:30:07 -0700
Jerry Coffin <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> For most people, 6502 assembly language is NOT "cold reality" -- it's
> a distant memory, or else something altogether foreign to their
> experience.
6502/6510 is what formed my experience, and everything else is foreign. :)
> When you're trying to express an algorithm, C has the distinct
> advantage of being understandable to a wide variety of programmers.
> For writing the fastest possible programs, assembly language is a fine
> choice. For conveying algorithms, it's not nearly as universal.
but the case that we have here is when we're trying to convey an algorithm that
takes advantage of the carry states of the 6502. Can't really do that in C,
because the language has no concept of the carry flag, unless you use another
variable for it.
--
White Flame (aka David Holz)
http://fly.to/theflame - Programming, WFDis, VicSim, and soon Sox!
(kill the "Parrot" to reply to my Geocities e-mail account)
------------------------------
From: Jim Keohane <[EMAIL PROTECTED]>
Subject: How CPU intensive is SSL on mainframe
Date: Fri, 04 Jun 1999 17:23:09 GMT
Does anyone have any experience with SSL and the CPU overhead on IBM
OS/390 or similar? That's with or without the optional cryptographic
hardware assist feature. If you do, please specify whether mainframe is
high end, low end or somewhere in between.
Thanks! - Jim
--
"If you haven't got time to do it right, when will you have time to do
it over?"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Crossposted-To: comp.sys.cbm
Subject: Re: random numbers in ml
Date: Fri, 4 Jun 1999 12:33:52 -0600
In article <7j92n8$62m$[EMAIL PROTECTED]>, white-
[EMAIL PROTECTED] says...
> Jerry Coffin <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > For most people, 6502 assembly language is NOT "cold reality" -- it's
> > a distant memory, or else something altogether foreign to their
> > experience.
>
> 6502/6510 is what formed my experience, and everything else is foreign. :)
Certainly. If this were _only_ being posted to comp.sys.cbm, it would
make perfect sense to stick to 6502 (or derivative) assembly language.
However, it's being cross-posted to sci.crypt as well. I probably
understand 6502 assembly better than the majority of participants on
sci.crypt, and it's been around 15 years since I did enough of it to
notice.
[ ... ]
> but the case that we have here is when we're trying to convey an algorithm that
> takes advantage of the carry states of the 6502. Can't really do that in C,
> because the language has no concept of the carry flag, unless you use another
> variable for it.
True, but at least when/if you do that, the rest of the people on
sci.crypt can understand what's going on if they try. Ultimately,
cross-posting between the two groups is probably not the best way to
go; there's probably no way to express the algorithm so it's
particularly transparent to most participants in both newsgroups.
------------------------------
From: Geoff Thorpe <[EMAIL PROTECTED]>
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: Fri, 04 Jun 1999 14:24:17 -0400
Hi there,
"Douglas A. Gwyn" wrote:
>
> Tim Redburn wrote:
> > Do you understand what is being asked yet ?
>
> My suggestion is that he read *and understand* the classic book,
> "The Elements of Programming Style" by Kernighan & Plauger, or the
> recently published "The Practice of Programming" by Kernighan & Pike.
SCOTT19U is clearly "winning" something here ... everybody is actually
battling with him to defend his claims about his software, many are
trying to interpret his algorithms with his help (because he flippantly
accuses them of being stupid if they can't understand the source code),
and all the time we're actually dealing with someone who is not only of
questionable cryptographic skill, but is clearly of questionable
programming skill.
Hey, he writes poor code. He refuses to adequately document his own
"techniques" (the mindless accusations that only stupid people don't
understand the code is clearly just ducking and weaving). He usually
attacks people who do write good code and do document their techniques
by accusing them of being at best "NSA agents" and at worst "idiots".
Can anybody spot a pattern here? And the oft-quoted concern that
"newbies might actually take something he says seriously" ... if a
newbie to cryptography wants to suck up content so clearly mindless, let
them - they deserve each other ... it's a form of Darwinism.
Also, many threads on this newsgroup keep veering off in the direction
of SCOTT19U ... anyone got a reasonable explanation why?
Tim Redburn has made some admirable efforts to get this guy to actually
'fess up about his ideas so that like the people he so despises,
SCOTT19U can have his own stuff subjected to some heat and see how it
holds up. Of course, if he actually plays ball then maybe he will earn
some respect finally, but right now he seems to be dwelling in a
glass-house, and popping out periodically to throw stones.
Perhaps the gene-pool could use some chlorine ...
Regards,
Geoff
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryptography CENSORED on web site?
Date: Fri, 04 Jun 1999 18:27:43 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>Perhaps my English knowledge is not good engough, but I don't
>clearly (unambigiously) understand what you wrote. However, your
>title line suggested that someone has illegally modified your
>HTML file.
No, I didn't mean that at all, although I intended to use a wording
that - humorously - suggested such thoughts or others. Rather, as the
text of the post should make clear, I meant that I had, in writing my
site, omitted mentioning the OTP...
but I had done so so thoroughly, that it might seem _I_ was engaging
in censorship, trying to suppress all knowledge of the existence of
the OTP!
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Schoof's Algorithm
Date: 4 Jun 1999 18:00:27 GMT
The ECDSA paper (which I co-wrote with Alfred Menezes) gives a good overview of
elliptic curve for crypto. It is available from the Certicom website. Recall
that Alfred literally "wrote the book" on ECC. It is aimed at the intelligent
reader without much crypto knowledge. If there is a part that is difficult, I
recommend just skipping the details on that part and continue.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: Fri, 04 Jun 1999 20:24:05 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>On Thu, 03 Jun 1999 18:58:37 +0100, David Crick <[EMAIL PROTECTED]> wrote:
>
>>> maybe I helped with explaning the above cut of code as you
>>> can see it made perfect since to me.
>>>
>>> It is readable!!
>>
>>*sigh*. You really don't get it do you? The whole point is for
>>it to be immediately obvious to OTHER people who may wish to
>>verify/develop your code.
>
>He is probably be better at reading and writing code than English. So what
>is immediately obvious to you is not to him, and vice versa.
>
>I have long suspected he may have some sort of dyslexia or reading
>disability that makes it difficult for him to write/type out stuff
>accurately. Not sure if this is true, but so far it seems a likely
>explanation.
>
>Anyway, a few people have attempted to look at his code:
>
>Andrew Carol
><[EMAIL PROTECTED]>
>Anonymous
><[EMAIL PROTECTED]>
>
>Still I think the main problem is he has difficulty seeing other people's
>point of view as well.
>
>I'm not sure if Scott has tried reading OTHER people's obscure uncommented
>code, like he said he has difficulty with long variable names so he
>probably would have problems too.
I have worked on many aircraft simulations and OFP;s one of the main
problems that seems to occur over and over is that other people keep
missing the obvious errors in the code becasue most people inheirently
put faith on the comments and this leads to major maistakes that take
years to find and fix. But I was considered an expert in fixing such code.
LIke I said it is usually easier once one has input and outputs to just
shorten internal names and fix the code. I have even been tasked with adding
routines for certain projects that I have written and some managers where
smart enough to save my orignail code than some flowered up version.
Which is much harder to work with.
I have worked on projects where they tried to replace by code with some
sort of structured code. But when experts failed they go back to my stuff
casue it works. I liked writting assembly code that had less lines of source
code than the gurus who tried to do same thing in a high level language.
Yes I am bragging so what.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: Fri, 04 Jun 1999 20:12:01 GMT
In article <7j8qcl$fe6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>> I have been a programmer for over 30 years. I could give a dam what
>> they say about style. Style is just a tem used so that programmers
>> who can' program waste a lot of paper and then management is under
>> the illusion that they porduces something. Style is used to force
>creative
>> programs in a mold that they don't need.
>
>So what. They mean the following
>
>1. Comments, in algorithm comment any non-trivial line
>2. Variable names which are realistic (longer then two vars). You are
>correct in assuming simple indexing can be done with short vars (I
>personally use 'i', 'i2' etc...) but actuall algorithm related counters
>should have names.
>3. Modular. Use functions to make source that is conceptually easy to
>follow.
>
Actually scott19u is highly modularized that is why I have so many
macros.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Tim Redburn)
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: Fri, 04 Jun 1999 19:30:11 GMT
On Fri, 04 Jun 1999 04:42:09 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim
>Redburn) wrote:
<snip>
>
> if( i19 != i19s){
> pf19->a00 = 0x7ffff;
> iz = geto19(ppo19, i19-1);
> pf19->a00 = 0;
> izz = geto19(ppo19, i19-1);
> i19s += 0 == ( iz ^ izz);
> ;}
>
> The above is where iz is used it really has no meaning since the inputs
>and outputs of the routine are fully defined you can see that iz is derived
>from things already defined.
That doesn't make it obvious what they are.
>The section of code your looking at gets
>executed only once per encryption
That fact is obvious. It still doesn't make it obvious what it does.
Anyway, the reason that I included that section of code, was because
you wanted me to point out a part of your code that is inconsistent.
That part uses "pf19->a00" to set a value, then the macro
"geto(.....)" to get the value. This is inconsistent.
(to anyone wondering, this is actually from a post in another thread,
not the one that david replied to strangley)
> the above was done to make the code
>easy for some one who wants to modify the code for bit sizes other than
>19bits
If you want people to reuse / modify your algorithm, then provide
a high level description of it.
>or in case that want to rotate a different amount than 9 bits. What
>this code does is to detemince if one can stay in the loop one extra time
Which loop ? And what is that loop for conceptually, (is it one round
of the algorithm, one pass with a chaining mode , an internal loop
specific to your algorithm**, etc) .... ?
(** in which case it would require additional explanantion).
>meaning cn = E((cn-1 ^ pn) + pn+1) gets to be done one extra time. I could
So what is "cn = E((cn-1 ^ pn) + pn+1)" all about then ? Is this the
main encryption function of scott19u.zip, and the place where all
the security lies ?
>have caluclated this with a different method but thought this was more
>straight forward.
I can't see how you could possibly make that more difficult to
read, without **really** trying hard.
>The number if times to do the equation is a function of file
>length bit field size and bit rotation amount and is differnet for different
>file lenghts.
Would you like to elaborate what that function is ?
>To me this seemed the straight forward way to do
>this but you can do it differentently.
>
>
I don't want to do it differently, I just want to have a go at
analysing your algorithm. Unfortuantely, even after reading
the source code, I only have a rough idea of what your algorithm
actually is, and a rough idea is no use whatsoever for analysing it in
anything other than general terms.
On to another point now then, still looking
at the same function........
=================================================
void
doEnce(p19 * a, un32 x)
{
<snip - other variable declarations>
p19 *pp19;
po19 *ppo19;
void *v;
<snip - claculations not involving v, pp19, ppo19, a>
v = a;
pp19 = a;
ppo19 = v - 2;
=================================================
Most people would assume that the pointer "a", points
to the beginning of an allocated block of memory. (there's
no comment to suggest otherwise)
But if that were the case, ppo19 would be pointing to 2 bytes before
the allocated block - a serious programming error !.
However it would appear, that "a" is not actually pointing to the
beginning of a block but a few bytes in. It took a long time trawling
through the rest of the code to verify this though. After doing
that, I am just not prepared to seriously examine your source
code in more detail.
Every few lines of source code seems to need many other lines to be
referred to by anyone reading your code, to actually determine what is
going on. You made a small attempt at modularity by using functions,
but unfortunately it failed miserably, because of wierd dependancies
like this.
If it was necessary to pass a pointer to a function, when the pointer
does not reference the start of the allocated block, it would
probably be a good idea to add a comment explaining first of
all that this is what is actually happening, and then your reason why.
It should be possible to read and understand that, or any function for
that matter, in complete isolation from the rest of your code. Looking
at that function in isolation, it looks like it contains a serious
error (when in fact it probably doesn't).
You say yourself, that anyone wanting to
understand your algorithm only has to look at the last few functions.
That is clearly not true, because of these dependancies.
Until you tidy up your code or describe your algorithm at a higher
level, it is going to get very little serious attention, and the
sceptics will persist.
- Tim.
------------------------------
From: [EMAIL PROTECTED] (Tim Redburn)
Subject: Re: Challenge to SCOTT19U.ZIP_GUY
Date: Fri, 04 Jun 1999 19:30:12 GMT
On Fri, 04 Jun 1999 14:13:40 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> I have been a programmer for over 30 years. I could give a dam what
>they say about style. Style is just a tem used so that programmers
>who can' program waste a lot of paper and then management is under
>the illusion that they porduces something. Style is used to force creative
>programs in a mold that they don't need.
Or in other cases, they clearly do need !
- Tim.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Question about Cryptography/Encryption...
Date: Fri, 04 Jun 1999 20:38:20 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>On Wed, 02 Jun 1999 02:00:22 GMT, SCOTT19U.ZIP_GUY
><[EMAIL PROTECTED]> wrote:
>
>> Take a look at my site you can get the C code from some pointers
>>and it is made for a PC.
>
>I cannot believe you are reccomending your code to somebody to learn
>from. I really wouldn't reccomend a beginner reading something as convoluted
>and contorted as your source code...
>
>- Aidan
Well belive it. Younger minds generally have less trouble understainding
new concepts. Why do you think the NSA mostly hires PhD mathematicans
straight out if school. They have more flexable minds and can see patterns
quicker. As they age they learn to be shoved in to molds and there thinking
becomes limited. Yes I think a young person could follow my code much
quicker than some one who can only follow narrow structures and lacks the
creative thought of inquisitive young.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Greg Bartels <[EMAIL PROTECTED]>
Subject: iButtons
Date: Fri, 04 Jun 1999 14:40:16 -0400
was the iButton meant to be given to possibly malicious attackers?
my quick glance of it was that you would use it as a dongle on your
key ring, next to your car keys. which means you still maintain
physical security over the device.
I wasn't getting the impression that it would be used for
distribution, such as putting a key in a Tv cable descrambler.
I dont know of anything that guarantees physcial security
of data if the thing is distributed.
the security of computer modules for nuclear weapons relies on,
among other things, concrete bunkers, barb wire fences,
and heavily armed guards. and the guards are doubled
up so that no single person can perform a launch. and even then,
the United States has lost, on average, one nuclear device a year
since 1945, due to training exercise accidents, etc.
(dont remember where I read that)
so there's no such thing as perfect security, when you get down to it.
but using iButton (or simialar) as a means to protect your private
key used to do credit card transactions over the internet will
probably suffice enough for most people.
even a one-time-pad is suceptible to
attack while the key is being stored somewhere,
There's been fraud long before there were computers.
if you wait until an electronic device is "fraud proof", you'll
be waiting forever.
Greg
Matthias Bruestle wrote:
>
> Mahlzeit
>
> Andrew Haley ([EMAIL PROTECTED]) wrote:
> > Matthias Bruestle ([EMAIL PROTECTED]) wrote:
>
> > : I doubt it [iButton] can withstand a skillfull student. (See papers of
>Kuhn&Anderson)
>
> > Is this assertion based on any knowledge?
>
> > The last time that I saw Markus Kuhn he recommended something like an
> > iButton to counter his methods of attack.
>
> As I remember the iButton is a batterie puffered RAM. So throwing it
> in liquid nitrogene should preserve the data long enough to disassemble
> and repower it.
>
> There is somewhere a paper (maybe also from Kuhn) about the security
> of computer modules for nuclear weapons. Maybe this could be called
> tamperproof.
>
> Mahlzeit
>
> endergone Zwiebeltuete
>
> --
> PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
> --
> When a program is useful it must be changed,
> when it is useless it must be documented.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
