Cryptography-Digest Digest #716, Volume #9 Mon, 14 Jun 99 07:13:03 EDT
Contents:
Re: Slide Attack on Scott19u.zip (SCOTT19U.ZIP_GUY)
SLIDE ATTACK FAILS (SCOTT19U.ZIP_GUY)
Re: OTP is it really ugly to use or not? (fungus)
Re: Maximum key size in block ciphers (David Ross)
Re: Shared secret protocol (David P Jablon)
Re: Generating Random Numbers ("Douglas A. Gwyn")
Re: Cracking DES (wtshaw)
Re: huffman code length ("Mr. X")
Has this cipher been broken yet ? (Anonymous)
Re: Is there a short digest for short messages? (Francois Grieu)
Re: Export restrictions question (fungus)
Re: Random numbers on a sphere (Anders Holtsberg)
Re: Another free email? (Fred)
Scramdisk newsgroup (was Re: SCRAMDISK QUESTION) ("Andy Jeffries")
encrypt using ASCII 33 to 126 only? ("Kenneth N Macpherson")
Re: question about original RSA research (Nick Barron)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Slide Attack on Scott19u.zip
Date: Mon, 14 Jun 1999 05:20:18 GMT
In article <7k1o54$cea$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
>I don't have time to dig through pages and pages of hard-to-read code.
>I followed the information that I found on the web page (which didn't
>describe the special first and last rounds). Even that was hard to read.
Yeah I see you couldn't even copy a one line equation correctly
>
>In general, if you wrote a concise, descriptive article describing the
>algorithm, it would greatly increase your chances of having good people
>look at it seriously. Right now the barrier is much too high.
>
However that barrier does not seem to high for you and a few other
crypto gods to declare that the cipher was dead. I sure the germans
did not give the engish (polish) something at least as well as I am
giving you. Rember I give code that would compile and run. Also I
offered to enter the AES contest but was turned down since ps
format was required. If they ever run a open honest contest allowing
ascii or something like HTML I might enter.
I frankly find it amussing that you think the crypto experts are worth
being catered to. The barrier is only high if you to dam lazy to look at
it. It was declared dead by you by your slide attack and that was
wrong. I hope to be a pain in the ass to false crypto gods for years
to come. My daughter went to your school she changed majors and
still got out in three years. Berkeley is vastly overated. The dorms
are full of pot and the graduates have an ego that doesn't quit.
The brightest one seem drop out maybe they feel cheated after
seeing what berkeley is really like.
>Remember, the experts will not even consider spending time on cryptanalysis
>ciphers posted on the net, no matter whether they are well described.
>For fun, I sometimes look at net-ciphers, but I'm no expert.
I can see you are no expert. Since you know the S-table is the only thing
that counts after it is built one needs to only look at the last 4 routines in
scott19u to get an idea of how the code works. Again it is not pages and
pages in that section. The macros are self explanatory. But I don't expect
you to read it like I said I am not a Crypto God. Maybe next time you can
come up with an attack on some toy cipher as good as Paul Onions.
And the so called experts are only the phony ones in your crypto club
I write code so the common user can encrypt his files so ivory tower
types like you and the NSA can not break it. Short of a gun at your
throat or a nsa virus on your machine or camera in your house this
is not the kind of toy code you guys bless for the ignorant masses to
use. This is much better than that. I could give a shit if the boasting
sounds like snake oil. At least it is not a false modesty that people
like you use. Yes it is easy to say its broken and then when you fail
blame it on the fact you can't read it.
Face the facts your highly praised slide attack does work on real
world stuff that an ametur can come up with. Yes I guess you did
find some toy ones to break. I am sure you have tried to break mine
at least via the grape vine I hear so called fasle crypto gods have
looked and they can't break it yet. Yes I am a pain in the ass
aren't I.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: SLIDE ATTACK FAILS
Date: Mon, 14 Jun 1999 05:37:58 GMT
To sum it up the great crypto gods where wrong.
Which should be of no great surprise. SCOTT19U
is still alive and well. The great "SLIDE ATTACK"
went down the sewer. But don't blame the crypto
gods to much. They have such a narrow view of
mathematics and can't read C code. They have
a club where they break toy ciphers built to there
speicifications. But my stuff they declare dead
since I don't do things the way they do but when
the acid test was done they where flat wrong.
Sorry guys stick with breaking toy stuff
no wonder your not working for the NSA.
Maybe I should reword that maybe you are working
for the NSA people still think you guys are actually
trying to help people write secure code.
I think Ritter is doing his best to stay a breast
of the real advances in encryption but you guys
aren't. If it is not spoon fed to people like you
you pretend it doesn't exist. Sorry it does it exists
and people are getting smarter every day. They
are smart enough to see the need for encryption
methods that work and can treat a whole file
like a single block unlike the toy ciphers that
you are more familar with.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: OTP is it really ugly to use or not?
Date: Mon, 14 Jun 1999 07:04:44 +0200
[EMAIL PROTECTED] wrote:
>
> Just gimme 2^127 time and I will find your key.
>
Not even God can give you 2^127 time.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (David Ross)
Subject: Re: Maximum key size in block ciphers
Date: Mon, 14 Jun 1999 06:52:13 GMT
On Sat, 12 Jun 1999 22:41:36 GMT, [EMAIL PROTECTED] wrote:
>I must apologize to DaveScott. I did post bad info. The actual max
>size of any block cipher key is
>
>(2^n)! for example if the block size is 8 bits, then the max key size
>is 256! or 1683.99628722421461940614767931775 bits
>
Not too long ago, I tried to calculate 256! as the first and most
accessible part of calculating (256!)^511.
My dos version of dc (desk calculator) came up with:
(256!) =
857817775342842654119082271681232625157781520279485619859655650377269\
4525531475893774402913604514084503758853423365843061571968346936964753\
2228928849742602567963733256336878644267520762679456018796886797152114\
3307702077526646451464709187326100832876325702818980773671781454170250\
5230186084953190681382574810702528175594594769870346657127381392862052\
3475680821886070120361108315209350194743710910172696826286160626366243\
5022840944191408424615936000000000000000000000000000000000000000000000\
000000000000000000
507 decimal digits, with commonly 70 per line Boggling. How many
atoms in the universe?
dc blew chow when I gave it (256!)^59,
but dc's (256!)^58 calculation looked like it worked OK and yielded
about 420 lines worth of numbers, same 70 column width...
cheers
Dave Ross [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Shared secret protocol
Date: Mon, 14 Jun 1999 06:55:24 GMT
In article <7jpj60$q0a$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
>David P Jablon <[EMAIL PROTECTED]> wrote:
>> In article <7jmhnq$[EMAIL PROTECTED]>, Logic <[EMAIL PROTECTED]> wrote:
>>>
>>>I am looking for a particular shared secret protocol which I have not seen
>>>described in any literature I have.
>> [... description snipped.]
>
>> Incorporating zero-knowledge password proofs will help.
>> Papers at <www.IntegritySciences.com/links.html>
>
>> -- dpj
>
>Also of note may be Shai Halevi and Hugo Krawcryk's paper on
>public-key password protocols. (in proceedings of the the 5th
>ACM conference on security). This paper may be up at the above
>link; haven't checked yet.
Yep. That's there too, with a downloadable link.
Rather than a ZKPP, it describes a more traditional
method of sending the password down a cert-protected channel.
-- dpj
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Generating Random Numbers
Date: Mon, 14 Jun 1999 06:00:25 GMT
Herman Rubin wrote:
> For any purpose, I would recommend a seed in the thousands of bits
> at least if a semblance of randomness is to be attained.
It depends on the "generator". Some stream systems are pretty
strong (i.e. nobody outside the IC seems to know how to break
them) with keys ("seeds") around 100 bits.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Cracking DES
Date: Mon, 14 Jun 1999 00:42:56 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry Ritter) wrote:
> On 12 Jun 1999 15:13:34 -0700, in
> <7jum2e$b0f$[EMAIL PROTECTED]>, in sci.crypt
> [EMAIL PROTECTED] (David Wagner) wrote:
> >
> >That's why you bother to send the whole book -- because it makes the
> >reader's life easier.
Then, why do people buy Cliff's Notes versions of various works, or avidly
consume Reader's Digest?
>
> I am appalled that you would even suggest such a thing. Writing is
> *not* the simple expansion of a small sample of the whole work. If
> one tries to do this, we may get a book out of the exercise, perhaps
> even a good book (if the analysts have a good imagination and a way
> with words), but it *will* be a *different* book. I claim the
> analogous situation occurs in everyday text, and the *different* text
> thus produced is the difference between reality and illusion.
>
Mark Twain, Roughing It, seemed to think that the Book of Mormon is such a
redundant work, but he did not seem to think it was a particularily good
work as the miracle of its supposed finding would be only secondary to the
miracle of someone actually writing it.
Redundancy in encrypted messages might be used to serve a cryptological
purpose to override noise, but then your choice of algorithm needs to
allow this or the real world will aptly scuttle the whole communication.
.....
>...... Anyone who wants
> us to believe that 95% of the text we labor to create and pay to send
> is no more than useless redundancy carries the weight of proof on
> *their* shoulders. Obviously.
>
Some have pulled and stretched the least amount of material into the
largest format so as to look important enough to be purchased;
e.e.cummings comes to mind, and lots of politicians.
Watering down content may make it more appealing to some who expect to
read everything as a novel. It might even sneak information to those who
are not ready for a rich diet of theory. Supposedly, people who need
communicate with crypto should be brief and to the point.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: "Mr. X" <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,alt.comp.compression,sci.math
Subject: Re: huffman code length
Date: Sun, 13 Jun 1999 23:21:29 -0700
Mok-Kong Shen wrote:
> Maybe I misunderstood you, but what I think is preferable is a method
> to compute, given a Huffman tree, the extreme frequency distributions
> within whose range any valid distribution must lie.
OK, let's kick the dead horse again....
Huffman lengths fit:
1 <= L(1) <= L(2) <= L(3) ... <= L(n) <= (TotalNumberOfSymbols-1)
Huffman frequencies fit:
1 >= F(1) >= F(2) >= F(3) ... >= F(n) >= (1/TotalLengthOfSource)
In addition:
F(1) >= (1/TotalNumberOfSymbols)
And:
F(2) + F(3) ... + F(n) = 1-(1/TotalNumberOfSymbols)
So yes, you can give some more constraints, but for the reasons I listed
before, in all but the most trivial of cases, the actual original
frequencies can not be calculated from the tree alone.
X
------------------------------
Date: Mon, 14 Jun 1999 09:31:13 +0200 (CEST)
From: Anonymous <[EMAIL PROTECTED]>
Subject: Has this cipher been broken yet ?
Can anyone tell me if the ATBASH2 cipher has been broken yet ?.
This cipher is perfect for my requirements (Morse code).
Any information / advice appreciated.
Thanks.
------------------------------
From: [EMAIL PROTECTED] (Francois Grieu)
Subject: Re: Is there a short digest for short messages?
Date: Mon, 14 Jun 1999 09:55:33 +0200
Joe wrote :
> Does anybody know a good message digest algorithm producing short
> digests (<1,000,000) for messages in the range 2^64 to 2^160 ?
If the space for the digests is small and much smaller than the number
of acceptable messages, then no matter the quality of the public,
non-keyed message digest algorithm you use, it is be computationaly
easy to forge a message giving a particular result; just try acceptable
messages at random, compute their digest, until one message with the
required digest is found.
If your purprose is to insure message integrity against deliberate fraud,
you could for example
A) use a long message digest AND make sure it can't be altered together
with the message; SHA-1 is a suitable choice.
see <http://www.itl.nist.gov/fipspubs/fip180-1.htm>
B) use a keyed message signature: have a secret key k (e.g. 128 bits)
shared between signer and verifier, and sign a mesage M with H(k,M).
A suitable choice for H(k,M) would be HMAC.
see <http://www-cse.ucsd.edu/users/mihir/papers/hmac.html>.
An advantage is you do NOT need to make sure the digests are not altered.
You can shorten the result, by keeping 20 bits or taking the result
mod 1e6; but to counter the increased probability of sucessfull
forgery by chossing random messages, you may want the verifier to stop
accepting messages after any error. Note the sensitivity to denial of
service attacks.
If a short digest is meant to insure message integrity against random
errors, you can simply use a CRC; a CRC with a 20 bit prime polynomial
would give a result in the range [0, 1.048.575]; a shortened hash is
also suitable but computationaly more expensive.
Francois Grieu
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Export restrictions question
Date: Mon, 14 Jun 1999 10:46:06 +0200
[EMAIL PROTECTED] wrote:
>
> Can anyone provide some clarification for the encryption export
> restrictions. Let's say my key length is 64 bits (8 bytes). However
> all I'm doing is performing an XOR on each 8-byte block in the file from
> beginning to end. It is obviously not any of the fancy algorithms.
> Does that require export approval?
>
All programs have to go through an export review process where
the algorithms, etc. are documented.
Nothing is garanteed to get through (you can play games with
small keys to get good security), 56 bits is the maximum for
a good cipher.
In the case of a bad cipher like yours it's hard to say what
would happen. It all depends on your definitions: The key is 64
bits in size, but the keyspace isn't anywhere near 64 bits.
It's a crap shoot.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Anders Holtsberg <[EMAIL PROTECTED]>
Crossposted-To: sci.math.num-analysis,comp.sys.cbm
Subject: Re: Random numbers on a sphere
Date: Mon, 14 Jun 1999 11:29:04 +0200
Virgil wrote:
>
> In article <7jsv6f$lb8$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> (Matthew Montchalin) wrote:
>
> >Dave Seaman wrote:
> >|>| The idea was to produce points that are uniformly distributed with
> >|>| respect to the area of a sphere.
>
> Use spherical polar coordinates to determine the point <rho,theta,phi> on
> the sphere rho = 1.
>
> Rho = 1.
> Theta is uniformly distributed on [0,2*pi).
> Phi is distributed on [0,pi] with weight proportional to sin(phi).
The following is simpler
1) Generate x y z uniformly on [-1,1] independently.
2) If x^2+y^2+z^2 > 1 then goto 1 ("This is called rejection sampling").
3) Set [x y z] = [x y z] / sqrt(x^2+y^2+z^2)
Voila!
> --
> Virgil
> [EMAIL PROTECTED]
Andy H
--
__________________________________________________________________
Anders Holtsberg Matematisk statistik Telefon 046-2224953
[EMAIL PROTECTED] Matematikcentrum Fax 046-2224998
www.maths.lth.se Lunds universitet Box 118, 221 00 Lund
------------------------------
From: Fred <[EMAIL PROTECTED]>
Subject: Re: Another free email?
Date: Mon, 14 Jun 1999 07:52:04 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <7jud89$g25$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I got a private email asking to have this posted...
>
> ---
> Speaking of hushmail, has anyone heard of www.ynnmail.com? It's
> supposed to be free encrypted web mail, but I was wondering how
secure
> it really is. I would appreciate any input on that from this forum.
> ---
>
> Tom
<snip>
- From the ynnmail web site:
[quote]
The data stored on your Secured Data Vault is encripted[sic] with 40
bits SSL encription[sic] facility
[/quote]
At least they're up front about it.
I couldn't find anything on the web site about how they encrypt
email, so it might be different from the Secure Data Vault.
Also, the signup form where you type in your desired password
does not go over SSL, which means that at least during account
creation you are transmitting your password in the clear.
[Fred's opinion]
More secure than getting your email at work, less secure than
hushmail, much less secure than PGP.
[/Fred's opinion]
This makes three entries I know of in the encrypted web-based
email market: ziplip.com, hushmail.com and ynnmail.com. They
all have a problem which I haven't seen pointed out, maybe
because it's so obvious. Each of them is a single point of
failure. A successful attack on one of these web sites would
justify a lot of effort from an attacker who wanted to read
lots of email.
- --
f r e d e r w <atsign> p o b o x . c o m
Boycott spammers!
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com>
iQA/AwUBN2SzfXJQgJ+siYlMEQKl9ACcDJ/e9EASGiWyFTDOj6pCw857wpUAoMp2
YTFwN3ByVgPc7oLh4nDm2VTr
=M1WJ
=====END PGP SIGNATURE=====
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "Andy Jeffries" <[EMAIL PROTECTED]>
From: "Andy Jeffries" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Scramdisk newsgroup (was Re: SCRAMDISK QUESTION)
Date: Mon, 14 Jun 1999 10:50:42 +0100
Sorry for the cross-posting, but this is relevant to all three groups.
> P.S. If any one knows of a NG which is dedicated to ScramDisk please
> let me know.
I am in the process of creating alt.security.scramdisk. The proposal is
currently in alt.config and I should be creating the NG this coming weekend.
For your newsgroups file:
alt.security.scramdisk Free hard drive encryption for Windows 95/98
Comments:
I would like to start a discussion group for Scramdisk. This program is
free with Visual C++ source code and enables you to make encrypted
container files on your hard drive (much like PGPDisk). The utility is
currently discussed in alt.security.pgp and comp.security.pgp.discuss
(and at times sci.crypt). The web page is at
http://www.scramdisk.clara.net/
CHARTER: alt.security.scramdisk
With the exception of cryptographic signatures (eg. PGP), all encoded
binaries (eg pictures, HTML, word processor files, .zip files, "business
cards", html) or similar non-plaintext postings are forbidden. URL links
to binaries on ftp servers or web sites are encouraged.
The posting of spam is forbidden, adverts must be confined to the
signatures of on-topic posts.
Justification of Readership:
A search of Deja between the dates of mar 10 1999 to june 10 1999, for
the terms < Scramdisk &!(simpson |jeffries)> gave exactly 633 messages.
This removes posts from Sam Simpson and myself, as we mention scramdisk
in our signatures.
This group was proposed in alt.config on 11/06/99 in message
<bn783.4315$[EMAIL PROTECTED]>.
--
Andy Jeffries
Delphi Programmer
Kwik-Rite Development
-- See http://www.kwikrite.clara.net for TkrScramDisk (Delphi component) and
Kwik-Crypt (Self-restoring encrypted archive utility).
------------------------------
From: "Kenneth N Macpherson" <[EMAIL PROTECTED]>
Subject: encrypt using ASCII 33 to 126 only?
Date: Mon, 14 Jun 1999 11:47:36 +0100
Hello,
I am trying to find code (vb) that will take a string (all chars in range 33
to 126 ASCII) and encrypt it again using chars in range 33 to 126.
Reason for range is so users can type in the encrypted string from the
keyboard.
Although 127 is a keyboard char (deleteI think) it is not easily displayed!
;-) .
Any help with code, urls, (or even an algo) would be fantastic.
Thanks in advance,
Ken
------------------------------
From: [EMAIL PROTECTED] (Nick Barron)
Subject: Re: question about original RSA research
Date: Mon, 14 Jun 1999 10:43:41 GMT
On Wed, 09 Jun 1999 16:33:39 GMT, [EMAIL PROTECTED] wrote:
>I'm a student of computer science and I'm doing a research about
>RSA. If anybody knows were can i find some info about the original!!
>research done to invent RSA, or info about the first product related
>with RSA , or any info about the original research please send me email
>Thanks in Advance
> [EMAIL PROTECTED]
The original paper was published in Communications of the ACM in (I
think) 1976. I have the original at home, mail me your address if
you'd like hardcopy (sorry, I don't have it in electronic form).
Nick Barron
SGML/XML Systems and Applications Development Manager
Solvera Information Services Ltd
Disclaimer: The views expressed in this message are mine,
not necessarily those of my company
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
