Cryptography-Digest Digest #888, Volume #9 Fri, 16 Jul 99 02:13:04 EDT
Contents:
Re: zip or replacement (fungus)
Re: How to crack monoalphabetic ciphers (Jerry Coffin)
Re: Why public key in PGP (AllanW)
Re: randomness of powerball, was something about one time pads (Jerry Coffin)
Re: What is the "real" length of a key in 3-key 3DES? (Jerry Coffin)
Neato Talk ([EMAIL PROTECTED])
Re: Why public key in PGP ([EMAIL PROTECTED])
Re: linear complexity of Lagged Fibo Generators (Glenn Davis)
Re: How to crack monoalphabetic ciphers ([EMAIL PROTECTED])
Re: linear complexity of Lagged Fibo Generators ([EMAIL PROTECTED])
Re: Why public key in PGP (David A Molnar)
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads (fungus)
Re: Benfords law for factoring primes? ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads (fungus)
Re: How Big is a Byte? (was: New Encryption Product!) ("Douglas A. Gwyn")
Re: Funny News (Bradley Yearwood)
Re: Compression and security (was: Re: How to crack monoalphabetic ciphers)
(SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: zip or replacement
Date: Fri, 16 Jul 1999 04:00:47 +0200
Paul Edwards wrote:
>
> I want to back up my hard disk onto CD-R using
> zip. My plan was to do a
>
> zip -0 -r fred c:\*.*
>
Is this a "backup"? It won't restore any system files...
> zip -9 -e mary fred.zip
>
> and use a password which was say 6 random
> alpha characters.
>
> Is that crackable?
Yes.
> If so, can someone suggest a replacement for zip's encryption?
> Thanks. Paul.
>
ftp://ftp.artlum.com/pub/crypt.zip (wrote it myself...)
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: How to crack monoalphabetic ciphers
Date: Thu, 15 Jul 1999 12:05:15 -0600
In article <7ml5ks$lud$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> If it was compressed, I would perhaps try digram and trigram frequency
> analysis. Digrams are two-letter combinations, trigrams are three
> letter combinations. Since compression works by substituting single
> characters for digrams, trigrams, and higher, this might work.
That, of course, depends on the type of compression used -- Huffman
and related forms of compression use the fact that some characters
occur more frequently than others, and encode the common characters
with fewer bits than less common characters. LZ-based forms of
compression act as you indicate, using a single code to represent a
complete string.
Note that when you use an LZ-based compression, there will, at any
given time, be codes that cannot legitimately occur. An incorrect
decoding would be likely to create an illegal code at some point,
which would indicate that this particular decoding wasn't correct.
IOW, in the process of making the frequency analysis more difficult,
you could easily make the overall analysis of the encryption easier.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Why public key in PGP
Date: Fri, 16 Jul 1999 00:27:09 GMT
[EMAIL PROTECTED] wrote:
> Now that you publish your public key for a PGP encrypted
> file, why do you need such a public key?
and then later re-worded the question:
> If only you and the NSA know the public key, the level
> of privacy is the same as the private key, then why is
> it called a "public" key? If the public key is published,
> everybody knows it, why does it help to protect?
I'm going to answer this question by giving an example of how
public-key encryption works. It's important to realize that my example
is simplified to make it easier to understand; this is NOT how PGP
really works. But it should answer your question about the value of
public keys.
The example would be impossible to understand if I used numbers that
PGP might really use. Some of these numbers can be 200 digits long!
Instead, we're going to pretend that 4-digit numbers are so amazingly
difficult to deal with that nobody could be expected to do more than
a few without a computer. Pretend that you need a computer to answer
questions like 1013 * 1301 = ? (Answer 1317913).
Okay, first you create your public/private keypair. The program
thinks long and hard to come up with two REALLY HUGE prime numbers,
and it comes up with 1013 and 1301. Then it multiplies them together
to get a REALLY REALLY! HUGE number, 1317913. It does a little bit
more math, to combine the product with one of the prime numbers --
I don't remember the math for this, and I don't feel like looking it
up, but let's say that it subtracts the prime from the product. So
the public key is 1317913 - 1013 = 1316900. Now it does the same
thing with the other prime to generate the private key, 1316612.
Now, you tell everyone in the world that if they encrypt a message
using 1316900, you (and only you) will be able to decrypt it. 1316900
is your public key, and you want everyone to know it. But you keep
your private key a secret.
Now it's time to send a secret message. Bill types up a message and
encrypts it. The encryption program looks at the entire message as
if it was one very huge number. Suppose the message is 50 bytes
long -- that's 400 bits. The encryption program treats it as if it
was a 400-bit number. In decimal this would be about 120 digits long.
The formula used for the encryption isn't secret -- in fact, it's
the same formula every time, and it's even published in the PGP
source code. (Again, I don't feel like looking it up -- but if I
remember correctly, it uses modulo exponentiation.) In any case, the
formula has a magic property: It is not easily reversed.
What do I mean by "reversed"? Let's pretend for just a moment that
we did the encryption by doing multiplication. Then we would
calculate the encrypted message this way:
C = M * K
where C is the Ciphertext (the encrypted output), M is the Plaintext
(the original input), and K is the public key. But then anybody that
knows your public key could decrypt it like this:
M = C / K
So that formula isn't good enough. The real formula is not quite so
simple, but the magic property is that we can't simply reverse it
the way we can reverse multiplication or subtraction.
In fact, there are only two ways to reverse it:
1. We could try every possible value of M, until we got the right
value for C. But for even tiny messages, this would take forever!
2. We could use the private key, P.
Remember when we created the public key? We also created the private
key at the same time. The math for this was very special, because the
two keys are related to each other. If we use the public key K to
encrypt a message, and then we use the private key P to encrypt it
again, we end up back where we started!
The two different keys are sort of like "mirror images" of each
other. Whatever you encrypt with one key, you can decrypt with the
other key. But neither key has any use without the other one. So
by publishing your public key, you give out the information needed
to encrypt a message that only you can decrypt.
The details that I don't remember could (and have) filled books. But
I hope that I've given you enough information to appreciate the value
of the public key.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: randomness of powerball, was something about one time pads
Date: Thu, 15 Jul 1999 13:55:14 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
>
> "Douglas A. Gwyn" wrote:
> >
> > fungus wrote:
> > > There's one game where you pay a dollar, choose a number from one
> > > to six, then throw three dice. You win a dollar for every die which
> > > shows your chosen number. Who has the edge? The player or the house?
> >
> > As described, the odds are even (it's a fair game).
> >
>
> No. The house has an edge, figuring out where it is is a long
> process.
Not really very long: With three dice, you've got a total of 18
possible outcomes. Of those 18 outcomes, 12 lose money, 3 break even
and 3 make money. Of the three that make money, 2 make you a dollar,
and 1 makes you 2 dollars.
The two that make you a dollar cancel out two of those that lose you a
dollar, leaving three that break even and one that makes you two
dollars versus 10 that lose you a dollar apiece. Given the
mathematical background of most participants here, I'm pretty sure
most can see where that's a losing proposition.
The math that makes it seem like it should come out with even odds is
a bit like trying to average speeds. E.g. assume you drive 60 miles
at 60 MPH (klicks and KPH if you prefer -- the unit makes no
difference). You drive back at 30. The question is: what's your
average speed? The answer that seems obvious to most people is to
average 30 and 60, getting 45. The correct answer is actually 40.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Thu, 15 Jul 1999 11:43:38 -0600
In article <7mkm24$g15$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> Feedback modes. If you're using one of the modes other than ECB
> (electronic codebook), then the encryption of the current block
> depends on the (encryption of the) prior block as well as the key.
This of course begs the question "Does anybody actually use DES in ECB
mode, and if so why?"
------------------------------
From: [EMAIL PROTECTED]
Subject: Neato Talk
Date: Fri, 16 Jul 1999 01:56:46 GMT
I know this is not new but if you have real audio you can hear Bruce S.
talk at the HOPE conference. I think it would be good for anyone
interested in finding out what cryptography is really about. It's a
really nice straightforward presentation.
For me it's just something todo. At 16kbs he has a really nice
voice :) (most things I get are hard to understand). He sounds like a
very competent person (I only heard part of the talk) and I hope to
actually see him in person sometime (maybe when I go pro...).
The file is at
http://www.2600.com/offthehook/rafiles/crypto.ram
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why public key in PGP
Date: Fri, 16 Jul 1999 01:27:36 GMT
In article <7mlsgs$hkf$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> Because the public key is useless -- or next to useless -- for
> decryption. To *decrypt* a message, I need the *private* key
associated
> with a given public key. I know it because I created the key-pair;
> the NSA knows it because they and only they know how to reconstruct
> the private from the public key. Everyone else only knows the public
> key and can therefore encrypt messages but not decrypt them.
>
First you can decrypt messages with the public key (that's what signing
normally is, well in RSA anyways).
Second why would we give the private key or pair to the NSA? Seems
this is a bit OT.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Glenn Davis <[EMAIL PROTECTED]>
Subject: Re: linear complexity of Lagged Fibo Generators
Date: Thu, 15 Jul 1999 18:48:10 -1000
[EMAIL PROTECTED] wrote:
>
> Where could I find a formal introduction into the linear complexity of
> lagged fibonacci generators? What I want is something describing the
> period of each bit in the generator.
>
> Thanks,
> Tom
The University of Calfornia at Berkeley has a library with
plenty of journals that cover those subjects. You cannot borrow
them, nor can you buy such a collection: it is dazzling! I cannot
even list a small fraction of the names, titles, dates of these
tons of journals. Go to the big city someday and check it out.
On-line resources are not as good as the libraries near San Jose.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How to crack monoalphabetic ciphers
Date: Fri, 16 Jul 1999 02:54:02 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
> That, of course, depends on the type of compression used -- Huffman
> and related forms of compression use the fact that some characters
> occur more frequently than others, and encode the common characters
> with fewer bits than less common characters. LZ-based forms of
> compression act as you indicate, using a single code to represent a
> complete string.
>
> Note that when you use an LZ-based compression, there will, at any
> given time, be codes that cannot legitimately occur. An incorrect
> decoding would be likely to create an illegal code at some point,
> which would indicate that this particular decoding wasn't correct.
If you can have invalid 'codes' your compression code is not ultimal.
The only way to really check for errors is to check the CRC (which is
not absolute either).
Check the DEFLATE specs there are no invalid decodings at any point.
> IOW, in the process of making the frequency analysis more difficult,
> you could easily make the overall analysis of the encryption easier.
Well compressed data is not entirely random, it just has less visual
redundancies then say text or bitmaps.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: linear complexity of Lagged Fibo Generators
Date: Fri, 16 Jul 1999 02:51:37 GMT
In article <[EMAIL PROTECTED]>,
Glenn Davis <[EMAIL PROTECTED]> wrote:
> The University of Calfornia at Berkeley has a library with
> plenty of journals that cover those subjects. You cannot borrow
> them, nor can you buy such a collection: it is dazzling! I cannot
> even list a small fraction of the names, titles, dates of these
> tons of journals. Go to the big city someday and check it out.
> On-line resources are not as good as the libraries near San Jose.
>
Well if I get a scholarship to that school I may go, but it's a far way
from my home....
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Why public key in PGP
Date: 16 Jul 1999 03:14:25 GMT
[EMAIL PROTECTED] wrote:
> <snip>
> Making new keys per conversation makes no sense whatsoever. I can
> still tap your lines of communication and then factor it later. Same
Well, you can get "perfect forward secrecy" by making new keys for each
conversation. "perfect forward secrecy" refers to a situation in which
compromising the private key I hold _now_ doesn't allow you to access
any _previous_ conversations. So if I have a key I use solely for
authentication, and exchange new DH keys for each conversation, then it
does make some sense to make new keys for each conversation.
If your adversary can factor/solve discrete logs over your group/reduce NP
to P in a jiffy, it doesn't matter. If it takes a lot of work to break one
key, then perhaps it's useful.
-David Molnar
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Fri, 16 Jul 1999 03:30:22 GMT
Alan Braggins is correct in noting that there are more than the two
possible host strategies (and resulting situations) that I originally
listed, and for some strategies you should not switch your door choice.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Fri, 16 Jul 1999 06:07:16 +0200
Patrick Juola wrote:
>
> Switching doesn't always help if the host has the option to
> offer the switch or not
>
No, the host always offers a switch.
1) The host shows you three doors, with one good prize and two bad ones.
2) You choose a door
3) The host opens a door (not the one you chose) and shows a bad prize
3) The host then offers you the chance to choose the other door
How can you optimize your chances of winning the good prize?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Fri, 16 Jul 1999 03:37:34 GMT
[EMAIL PROTECTED] wrote:
> I detect a challenge. What is the largest prime you have factored?
Give me one and I'll factor it instantly.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Fri, 16 Jul 1999 03:34:36 GMT
> Not really very long: With three dice, you've got a total of 18
> possible outcomes. ...
But they are not equally probable outcomes.
I guess we have ample demonstration in this thread that people
really do have trouble with probability questions.
I suppose when in doubt, one should run a careful simulation.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Fri, 16 Jul 1999 07:21:29 +0200
"Douglas A. Gwyn" wrote:
>
> I guess we have ample demonstration in this thread that people
> really do have trouble with probability questions.
>
Heh... :-)
The dice game is a real nasty one. It seems you have a 50/50
chance of getting your money back, and also a small chance of
winning even more (when you number comes up two or three times).
So the odds are in your favour, right?
A simple proof that they aren't goes as follows:
This game is actually played in carnavals and casinos. The
people who run these games don't like to lose money....
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Fri, 16 Jul 1999 03:36:43 GMT
Peter Seebach wrote:
> This is partially because "he" is a gender-neutral pronoun in English, while
> "she" isn't, and "it" is a pronoun for the inanimate. "he" is correctly used
> both for typeless entities and for male entities.
Exactly right, but then there are the people who want to force things
to go their way by making everybody else change.
------------------------------
From: [EMAIL PROTECTED] (Bradley Yearwood)
Subject: Re: Funny News
Date: 16 Jul 1999 04:30:18 GMT
In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
>
>[EMAIL PROTECTED] wrote:
>>
>> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
>> dress?) and I semi-quote
>>
>> " Terroists can use encryption technologies making wiretaps effectively
>> useless and crime prevention much harder ... "
>>
>> Basically she was advocating the restrictions.
>>
>> My question is (this is an open question), What good do these
>> regulations ACTUALLY provide? If a criminal breaks the law won't logic
>> dictate they won't follow this law as well?
>>
>
>The specific argument that control is useless because criminals
>will ignore regulations is false logic.
It is no more false than any other use of bad assumptions. Bad assumption:
control and regulation are not at least as much of a potential threat as the
actions of an individual criminal. What is being discussed is the
criminalization of acts and mechanisms which are currently legal and unlike,
for example H-bombs, have incredibly diverse utility whose true extent is
still being discovered.
Janet Reno's views on anything deserve little attention. Far too much
government malfeasance, of both the brutal and the insidious varieties,
has happened on her watch. Her only current value (to anyone other than
her perfidious boss) is in providing grist for the occasional refreshingly
vitriolic Wall Street Journal editorial squib.
Wiretaps (with the possible exception of transborder communications, where
I might grudgingly support a requirement for readability) are very likely
nearly useless anyway. There was a nice program the other night on TLC or
Discovery, about that Mob boss who walked around in a filthy bathrobe trying
to make people believe he was insane. These guys, probably not a really
brilliant bunch, knew enough not to use the phone. Bugs were useful, because
they could get the guys talking in person at a restaurant table, where hot
communication and negotiation happen. That meant someone had to match wits,
go in, and do actual tough case work.
Enforcement and prosecution apparatchiks appear to be very enthusiastic about
easily quantifiable "crimes": speed limits, possession of certain chemicals,
possession of scary-looking guns, having or moving too much money without
the paperwork-of-the-week. So add possession of non-government-readable
information (love letters? bad poetry? unified field theory? collection of
facts inconvenient to a powerful politician or party?) to the list.
Isn't that likely to be just another distraction from (actually an active
enticement against) difficult and nasty work on difficult and nasty crimes
where people actually get hurt or killed?
You want a national security state that can tap all the phone calls and
read all the mail, go rebuild East Germany somewhere, preferably Pluto.
Just look at their stellar record of noble police work. That's what you
get when you allow a structural emphasis upon thoughtcrime: stuck on the
road somewhere between an info speed trap and Stasi thug-paradise. That
is not the United States envisioned in the Declaration, and framed in the
Constitution and Bill of Rights.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Compression and security (was: Re: How to crack monoalphabetic ciphers)
Date: Fri, 16 Jul 1999 06:36:44 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>[EMAIL PROTECTED] wrote:
>>
>> If it was compressed, I would perhaps try digram and trigram frequency
>> analysis. Digrams are two-letter combinations, trigrams are three
>> letter combinations. Since compression works by substituting single
>> characters for digrams, trigrams, and higher, this might work.
>
>
>You know, there's a lot of talk that compression provides security to
>the information, but I wonder if this is so or if perhaps the case is
>precisely the opposite.
>
If you compress a plain ascii message the average entropy per bit
goes up so that the when the compressed file is encrypted you should
have more security then when just encypting the plain ascii message.
However most encryption methods like PKZIP have header information
that leak data and make it easier to break. For example a PKZIP
compressed file has the ascii bytes "PK" as the first two bytes of the
file. Also most compressed files have other attributes that leak information.
So that if an analysist would be able to rule out many keys from the
solution if it is known that a compressed file is used. If one used an
encryption method like scott19u.zip since every byte of the file affects
output you still gain some security even if you used pkzip. However
if one used short block AES types of codes you should use a headerless
compression scheme as described on my web page.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
