Cryptography-Digest Digest #744, Volume #9 Mon, 21 Jun 99 15:13:03 EDT
Contents:
Re: ATTN: Bruce Schneier - Street Performer Protocol ([EMAIL PROTECTED])
Re: Sexual Contact Privacy (Michael J. Fromberger)
Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (Dave Hazelwood)
Re: Here is the cipher algorithm ([EMAIL PROTECTED])
IDEA in ftp.replay.com/pub/crypto/applied-crypto (chicago)
Re: DES Encryption Function and an MLP (Patrick Juola)
Re: Polyalphabetic Keyword Alphabets (John Savard)
Re: RC4 Susectability ("John E. Kuslich")
Re: Cipher ([EMAIL PROTECTED])
Re: Wired magazine: What does it do? SOLUTION ("John E. Kuslich")
Re: EKE, SPEKE, etc (John Savard)
Converting arbitrary bit sequences into plain English texts (Mok-Kong Shen)
Re: Wired magazine: What does it do? SOLUTION (Mok-Kong Shen)
Re: OTP is it really ugly to use or not? (Mickey McInnis)
Re: DES versus Blowfish (Jayant Shukla)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ATTN: Bruce Schneier - Street Performer Protocol
Date: Mon, 21 Jun 1999 11:37:43 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bruce Schneier) wrote:
> That's where we started when we developed Twofish.
David pointed out that you didn't pick that because it would be less
efficient?
I was wondering exactly how the MDS matrix works. Is it simply to
perform byte level diffusion as in SAFER+ with the 45^x sbox? And if
you only use one function how do you avoid symmetries from the output
of the 4 sboxes? Maybe I will have to read thru the paper again...
Thanks for your info,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: Sexual Contact Privacy
Date: 21 Jun 1999 13:52:53 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (
Doug Goncz ) writes:
>
>It is for the good of the public that the government or a health
>agency might wish to keep records of sexual contacts between people.
With all due respect, I think this is the biggest load of hoo-ha since
the advent of deconstructionism. What possible "public good" could be
served by having the government or health officials keep track of such
contacts?
Contrariwise, I would argue that there is the potential for a great
amount of -harm- to be caused by permitting such relationships to be
tracked and recorded in a centralized manner. Indeed, I would argue
that the potential for abuse of such a system far outweighs any petty
benefit you might conceive of arising from it.
>
> Allow universal determination of paternity?
>
Why should this matter?
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
/AB5hFo5rv7rX+xW3arPPgoGbyT6q9462RYRqojGAPWFvL527RW5q5zf39pS8SLijOAREa9F
Remove clothing if you wish to reply to this message via e-mail.
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: Re: IDEA in "aplied cryptography" BRUCE SCHNEIER
Date: Mon, 21 Jun 1999 13:31:51 GMT
You can also go here and get some good stuff.
ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/
Another way is to make a donation to the democratic national committee
and then ask Bill Clinton to send it to you? That might work,
especially if you have a Chinese e-mail address <g>. You might even
get a night in the Lincoln bedroom if you cough up enough.
The SECDRV14 package is also on funet I believe and it uses IDEA.
It comes with all the assembker source code too.
Also, there is some guy who now has a web site up in the USA and who
is making everything available. He is in the district where the court
case was won? I forget which district that was but I think it was on
the West Coast? The 9th?
I have been to the web site but did not bookmark the URL. If I come
across it again I will post it. Anyone else know it?
This entire policy denying export has now reached the lunacy stage.
It is not helping anybody and only hurting American business badly.
It is time for all these restrictions to be abolished once and for
all.
[EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> chciago <"gabriel. nock"@siemens.de> wrote:
>> hey, i wanted to implement the IDEA-algorythm by the sources in bruce
>> schneiers book....
>>
>> is there a fault in this codes, or am i only too silly, to copy code
>> from a book, but : "it doesn't work"
>>
>> or where can I find sources of IDEA which are working, I only want to
>> use it for myself, not in a commercial way..
>
>
>I think there was a bug in the code. I would goto
>
>http://www.counterpane.com
>
>And check out the errata. Or you could disect PGP and take IDEA from
>there :).
>
>Tom
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Here is the cipher algorithm
Date: Mon, 21 Jun 1999 11:34:04 GMT
So the algorithm can be summed up like so
Ci = Pi + K(i mod n)
Where n is the length of the passkey, and i is the current char index.
If you encrypt a one byte message you get
C = P + K1
And if we subtract C-P you get K1. Repeat n times and you have the
passkey. Therefore this cipher is extremely weak against a chosen
plaintext attack.
Against a known plaintext attack is a bit harder because you will not
have length so you will not be sure where the Keystream is currently
positioned. I think though you will only need (n + n/2) chosen
plaintext to identify the passkey.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: chicago <"gabriel. nock"@siemens.de>
Subject: IDEA in ftp.replay.com/pub/crypto/applied-crypto
Date: Mon, 21 Jun 1999 14:54:13 +0200
i got the code of IDEA 2.2 form this directory..
i tested the already compiled exe-file and it works, i compiled the
sources, and it didn't work, there's a division by zero in the function
"inv", and i don't know where this comes from.... i think the code is
right, but why do i have after 3 to 5 rounds an dividion by zero in the
line 17: q = y / x;... where is there a fault???
i've tested it with the key 11111111, and it DIDN'T WORK !!!!
what the hell.....
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: comp.ai.neural-nets
Subject: Re: DES Encryption Function and an MLP
Date: 21 Jun 1999 10:22:03 -0400
In article <7kbun4$17n$[EMAIL PROTECTED]>,
Warren Sarle <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
>> >What is particle swarm optimization?
>>
>> From James Kennedy "The Particle Swarm Optimization: Social Adaptation
>> of Knowledge" Proceedings of the 1997 International Conference on
>> Evolutionary Computation, 303-308, IEEE Service Center, Piscataway,
>> N. J. "Particle swarm adaptation is an optimization paradigm that
>> simulates the ability of human societies to process knowledge." In
>> this particular paper Kennedy applies particle swarm optimization
>> (PSO) to learning the simple exclusive or (XOR) function which
>> involves training a feedforward neural network.
>
>Thanks for the reference. If this algorithm is so feeble that the
>author demonstrates it only on the trivial XOR problem, it certainly
>won't handle anything really hard like encryption functions.
Not necessarily -- it's difficult to define a new method, define a
useful problem, and show the method of application in the space of
only five pages.
Is there an associated journal article without such tight space
contraints?
-kitten
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Polyalphabetic Keyword Alphabets
Date: Mon, 21 Jun 1999 15:52:26 GMT
[EMAIL PROTECTED] (Rebus777) wrote, in part:
>Please comment if you have something to add.
Well, for one thing, instead of just showing how to make an alphabet
from a keyword this way:
COLUMBIADEFGHJKNPQRSTVWXYZ
which inevitably leads to a weak alphabet,
why not recommend the better method
COLUMBIA
========
DEFGHJKN
PQRSTVWX
YZ
giving the alphabet
ANXBJVCDPYIKWLFRMHTOEQZUGS
which is considerably more scrambled?
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RC4 Susectability
Date: Mon, 21 Jun 1999 09:15:05 -0700
<HTML>
How did you determine that it would take a week to determine an RC4 key?
<P>Let's assume you are presented with cypher text, for some reason KNOWN
to have been encrypted with RC4. Lets also assume the key length
is 40 bits, and that you know that the plain text is ASCII encoded.
<P>How many operations would have to be performed?? How many
useful operations could be performed by a Pentium 200 MHz each second??
<P>JK
<BR>
<BR>
<P>[EMAIL PROTECTED] wrote:
<BLOCKQUOTE TYPE=CITE>In article <[EMAIL PROTECTED]>,
<BR> [EMAIL PROTECTED] wrote:
<BR>> RC4, I agree, seems to be secure. The 40 bit RC4, is a joke.
<BR>>
<BR>> 40 bits is well within the reach of todays processors for reliable
<BR>brute
<BR>> force seaching.
<P>Yeah but the max keysize is 1683.98 bits so who really cares about
<BR>small keys? Even still a home computer would take a week or two
to
<BR>find a 40-bit key, so ideally the smallest key would be about 64 bits.
<P>Tom
<BR>--
<BR>PGP key is at:
<BR>'<A
HREF="http://mypage.goplay.com/tomstdenis/key.pgp">http://mypage.goplay.com/tomstdenis/key.pgp</A>'.
<P>Sent via Deja.com <A HREF="http://www.deja.com/">http://www.deja.com/</A>
<BR>Share what you know. Learn what you don't.</BLOCKQUOTE>
<P>--
<BR>CRAK Software (Password Recovery Software)
<BR><A HREF="Http://www.crak.com">Http://www.crak.com</A>
<BR>[EMAIL PROTECTED]
<BR>602 863 9274 or 1 800 505 2725 In the USA
<BR> </HTML>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cipher
Date: Sun, 20 Jun 1999 17:21:13 GMT
If the cipher si simple, post a description, and it can be analysed
for you; if you want' to end up like david scott (warped and bitter),
refuse to give us a description, and abuse those who know better.
(Just for reference, i'm not being mean}
Jim
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Wired magazine: What does it do? SOLUTION
Date: Mon, 21 Jun 1999 10:45:15 -0700
<HTML>
I have determined a solution to this cryptogram!!
<P>It is a One Time Pad. The pad was recovered using our proprietary
One Time Pad recovery software.
<P>The OTP code is available at our web site at: <A
HREF="http://www.crak.com">http://www.crak.com</A>.
Just download the otp file you find there and XOR the contents of the file
with the cryptogram shown here.
<P>You will have to write the XOR routine yourself. Sorry.
Or do it by hand, it's not that long.
<BR>
<P>JK
<BR>
<P>Anonymous wrote:
<BLOCKQUOTE TYPE=CITE>Jim Gillogly writes:
<P>> I notice it has "Cryptography Research Inc." (Paul Kocher's company)
and
<BR>> a smiley face on the last line. This is a wild guess, but the
style of
<BR>> the patterns of the characters make it smell kind of like one of
those
<BR>> 3D ASCII pictures... put the 810 characters in the right kind of
block and
<BR>> cross your eyes carefully to see the message stand out. Given
the plug
<BR>> for Intel and their recent random number stuff, perhaps the result
will
<BR>> be a Pentium III logo or something of that sort.
<P>Right after the CryptographyResearchInc and before the smiley is
<BR>a sequence of 16 characters which matches the first 16 chars of
<BR>the message: PPY5!@,aPZ-@?P^,
<P>Let's suppose that these are just there for padding to make the
<BR>message come out to the right size. The "actual" message stops
<BR>just before the CryptographyResearchInc, and everything from that
<BR>point on is there basically as a signature.
<P>If we do this, and remove the spaces from within the message, get
<BR>this: the message length is 768 characters! Pretty significant,
<BR>dontcha think?
<P>Here is the resulting message with 64 char lines. Notice that
the
<BR>characters used seem to gradually change as we go through the message.
<BR>The first line has a lot of G's, the second has O's and b's, then the
<BR>middle four or five lines have a lot of { characters. The third
from
<BR>last has s and o and q, the second from last has J and K and G and
X.
<BR>There is definitely some kind of pattern to it. (Although the
pattern
<BR>is a bit reminiscent of randomly typing keys on the keyboard, holding
<BR>down the shift key now and then...)
<P>PPY5!@,aPZ-@?P^,kP[-eP1G@1GB1GE1GG1GI1Gd-001WK0WN1Gf0WQ1GU0Gc-0w
<BR>Y1W_1G]SX4sPZV_V[AAOb:POObObOb?Ou1t*l,0r{(ptH,,rqr:D&0Ecp*CPVe0Z
<BR>B8ssrro5Bj00Go4o18V{50SzBj00Fo4j20jYElB{1j8FFjh1xxfiZ7jpk0xflke0
<BR>Wkr00i0g1flS42ptASm0CzvxyjV0WXth01h0Hll0wqfGgtyvks{{n{{3{{{{{{3{
<BR>x{{{q0qSGSM15f1{UKK{81ffq0{KoM{01x{00xx17{1{olt{41{Kz0{0c{0U11z0
<BR>7n0oBl0{U1{lhp{1E{1{j0{0BU0{G0o0ool07{1{Al0{Ax0{Ex0{k0{08x0{X0x0
<BR>4{1{U1{lxl{1E{1{j0{0Ek0{T0k0t{1{U1{lBx{1E{1{a0{0ok1{xkv{G1{1f{fz
<BR>ok1{D{0{hfg{{0{{n{{3{{{{{{3{x{{{xE4V8X0XV0VV0Xff@d0dgdf08n0X0ffd
<BR>F0no0Ynl0nou2to0pl0o7o0lH0YodI0oP0wo8wwnVwoo2vuYF0wlPn0w0oov0uDF
<BR>pE9fIAf60mso0sSs0qss0sooF0oq0qqs3sqol0rS7q01G0ooKYoI{mFNUFRF{RN0
<BR>KsJ0NF0FK0FJJJ0G8G0GF0FG0KKK0GGKhG0XX0X0@VdVP0XXfXXXV0ff1XX0fddf
<BR>0noY3nllRtphpl0ovYYokomFV0ooKqJKJ0KGKJ0FW0F0KFJJF0GGW0G05GJJl0F0
<P>There are some repetitive patterns. For example, near the end
of row
<BR>4 we have {{n{{3{{{{{{3{x{{{, and the exact same pattern occurs near
<BR>the middle of row 8.
<P>I've tried 48 and 32 char lines but I can't make anything out of
<BR>it visually. The lines would have to be awfully long for the
two
<BR>instances of the pattern above to be on the same line.
<P>--Anon</BLOCKQUOTE>
<P>--
<BR>CRAK Software (Password Recovery Software)
<BR><A HREF="Http://www.crak.com">Http://www.crak.com</A>
<BR>[EMAIL PROTECTED]
<BR>602 863 9274 or 1 800 505 2725 In the USA
<BR> </HTML>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: EKE, SPEKE, etc
Date: Mon, 21 Jun 1999 18:01:03 GMT
Bruce Schneier <[EMAIL PROTECTED]> wrote, in part:
>There's a webpage somewhere that talks about the various EKE variants.
>Does anyone know where it is? Also useful would be the URL of the SPEKE page.
>
>Bruce
I've been able to turn up
http://world.std.com/~dpj/strong.html
which is part of the SPEKE page.
There's also
http://theory.stanford.edu/~tjw/krbpass.html
a paper on Kerberos which proposes EKE or SPEKE as ways to correct a
security deficiency.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Converting arbitrary bit sequences into plain English texts
Date: Mon, 21 Jun 1999 18:47:21 +0200
Recently in discussions in a thread in sci.crypt one learned that
Leevi Marttila has aptly written a program c2txt2c that converts the
code of blowfish into plain English sentences, thus demostrating that
export restricted stuffs can be turned into freely exportable
materials. However, the program in the current version is specifically
adapted for blowfish, it can't handle arbitrary program codes. That is,
the demonstration is not general enough.
However, we can more generally demostrate that not only arbitrary
program codes in ASCII but any bit sequences, in particular also
executable files of crypto programs (which should be more severely
subjected to export regulations) can be turned into plain English
texts. To do that one selects any arbitrary popular, i.e. widely
available book, and choose 256 consecutive sentences to be numbered
0 to 255. Then each byte of information is converted to the
correspondingly numbered sentence. This conversion is of course
fairly inefficient, the file of plain English text may be up to
100 times as large. However, the program to do this is very simple
and is applicable to any bit sequences. Anyway it clearly and
generally shows that export regulation is futile without forbidding
export of plain English texts.
Would the above fact be of interest to the court, should the Bernstein
case be continued?
M. K. Shen
============================================
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany (permanent)
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
algorithms based on the new paradigm Security through Inefficiency.
Containing 2 mathematical problems with rewards totalling US$500.)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Wired magazine: What does it do? SOLUTION
Date: Mon, 21 Jun 1999 20:11:34 +0200
John E. Kuslich wrote:
>
> I have determined a solution to this cryptogram!!
>
> It is a One Time Pad. The pad was recovered using our proprietary One
> Time Pad recovery software.
What is your definition of OTP? Or were your overthrowing the theory
which says that the OTP is provably secure?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: OTP is it really ugly to use or not?
Date: 21 Jun 1999 18:16:44 GMT
Reply-To: [EMAIL PROTECTED]
s.austin.ibm.com> <[EMAIL PROTECTED]>
Organization:
Keywords:
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Dave
Hazelwood) writes:
|> [EMAIL PROTECTED] (Mickey McInnis) wrote:
|> ...
|> >
|> >That's also one of the benefits of using "truly random" number generators
|> >vs. some sort of pseudorandom number generator. You probably can't use a
|> >PRNG to come up with a key that matches a chosen cleartext to a
|> >chosen ciphertext.
|>
|> I don't understand the last sentence. Who needs a PRNG, just xor the
|> cleartext with the ciphertext and you have the key?
|> ....
What I'm suggesting is this:
1) You've been using an OTP and the enemy has been intercepting your
cyphertext.
2) You've destroyed your pad and cleartext as you use them. (Or
even make up an innocuous cleartext and pad to match each ciphertext
you send.)
3) The enemy captures you and your equipment and you want to appear
to cooperate with them.
4) You claim that you've just been sending the innocuous cleartext.
A) If you've used a truly random number generator to generate your
one-time-pad, they have no way of telling whether or not you have
given them the true cleartext. You can always produce a "random"
pad that matches an innocuous cleartext to any ciphertext of the
same size.
B) If you've used a PRNG to generate your pad, they can, in theory,
tell whether the pad that matches your innocuous cleartext to the
ciphertext could have come from your PRNG. Given a
cleartext/ciphertext pair and a PRNG algorithm you will probably
not be able to produce a PRNG seed that will produce a matching
pad.
The practicality of "B" depends on PRNG algorithm, bit length of
the seed, "randomness" of the seed, whether they expect you to
remember the seed, processing power available, etc. but it is a
theoretical risk.
The simplest example of "B" is that that demand you produce the
seed you used to initialize your PRNG. They may not believe you
if you tell them you don't remember.
------------------------------
From: [EMAIL PROTECTED] (Jayant Shukla)
Subject: Re: DES versus Blowfish
Date: 21 Jun 1999 18:30:38 GMT
fungus <[EMAIL PROTECTED]> writes:
>In theory DES is much weaker.
Care to tell us more? I am not aware of any paper that
shows DES is much weaker than Blowfish in "Theory". In
practice...... yes; because of 56-bit key, but not in
theory.
DES has undergone a lot more cryptanalysis than Blowfish
and so far nobody has found any major flaw in it (except
for the key length).
~Jayant
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
