Cryptography-Digest Digest #973, Volume #9 Mon, 2 Aug 99 20:13:03 EDT
Contents:
Re: Is breaking RSA NP-Complete ? (Anton Stiglic)
Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a Byte?)
(Guenther Brunthaler)
[Q] Why is pub key cert. secure & free from spoofing? (Jerome Mrozak)
Re: Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED])
Re: Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED])
Re: [Q] Why is pub key cert. secure & free from spoofing? ([EMAIL PROTECTED])
PC Encrypt (ALF)
Re: The security of TEA (Greg)
Re: The security of TEA ([EMAIL PROTECTED])
Re: How to keep crypto DLLs Secure? ("oktane")
Re: Americans abroad/Encryption rules? (Greg)
Re: With all the talk about random... ("Robert C. Paulsen, Jr.")
Re: PC Encrypt (Greg)
Re: The security of TEA ([EMAIL PROTECTED])
Re: Is breaking RSA NP-Complete ? (Greg)
Re: [Q] Why is pub key cert. secure & free from spoofing? (Greg)
Re: question: SHA --> stream cipher ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Is breaking RSA NP-Complete ?
Date: Mon, 02 Aug 1999 12:01:51 -0400
Helger Lipmaa wrote:
> Decision problem corresponding to factoring is not NP-complete unless NP=coNP, an
> event generally thought to be untrue. Note that there has been a number of papers
> on the possibility of basing cryptography on the assumption
> P!=NP. Cf http://philby.ucsd.edu/1998/98-05.html
Thanks for this ref....
Anton
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Crossposted-To: alt.comp.lang.learn.c-c++,comp.lang.c++,microsoft.public.vc.language
Subject: Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a
Byte?)
Date: Mon, 02 Aug 1999 21:15:19 GMT
On Mon, 02 Aug 1999 04:10:43 GMT, [EMAIL PROTECTED] (Lame K.
Irony) wrote:
>Can we do "bit" next?
Sure, and following this, we will discuss the correct abbreviation of
"ternary digit".
:-)
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: Jerome Mrozak <[EMAIL PROTECTED]>
Subject: [Q] Why is pub key cert. secure & free from spoofing?
Date: Mon, 02 Aug 1999 14:53:30 -0500
I'm a rank newbie, passing thru security issues for the 1st time. I've
been exposed to the public key method, and an explanation showing
host-spoofing:
A --> Spy --> B,
where B believes the public key it received is from A when it is really
from Spy.
My text claims that use of a public key certificate authority (CA) will
keep the spy at bay. My question is: if the Spy can insert itself
between A & B, why not between A & CA, or B & CA?
Jerome.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Bad Test of Steve Reid's SHA1
Date: Mon, 02 Aug 1999 20:59:47 GMT
Thanks for the reply. I had created a file containing "abc" with no CR
or LF which worked. For my system an end file is <ctl>Z. When I tried
that immediately after the "abc", I was still being prompted for more
input. After reading your e-mail, I tried "abc" immediately followed
by a <ctl>Z<Enter><ctl>Z<Enter>, and that worked.
Thanks Again,
Rob
PS: Please forgive me if this is posted twice. I seem to be a novice
with posting.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [...]
> >
> >For "abc" I get 672533D0 EBB3B826 353EBF7D 4B51FE4F 26D5BAAF where I
> >think I should be getting A9993E36 4706816A BA3E2571 7850C26C
9CD0D89D.
> >
> >Admittedly, it has been a long time since I last compiled a program
in
> >C. I plan to use C to turn the code into a .dll that I may call from
> >my current development platform, SAS. I enter the text to be
encrypted
> >without the quotes. It appears that I have to press <enter> after
that
> >text, followed by a <ctl>z and another enter.
> [...]
> >Any suggestions you have would be appreciated.
>
> Try to enter abc and then press CTRL-Z or whatever your system uses
to mark
> an end of file. Otherwise you are probably hashing abc+Enter.
> If your program can hash files you can also write a file wich
contains abc
> and ends just after 'c'.
>
> I had exactly the same problem yesterday :-)
>
> --
> Jaime Suarez Linux user #114.688
> http://come.to/MundoCripto PGP Key id 0x8EE38D89
>
> Backup not Found,(R) Reintentar, (A) Anular, (S) Sollozar amargamente
>
========================================================================
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Bad Test of Steve Reid's SHA1
Date: Mon, 02 Aug 1999 20:56:38 GMT
Thanks for the reply. I had created a file containing "abc" with no CR
or LF which worked. For my system an end file is <ctl>Z. When I tried
that immediately after the "abc", I was still being prompted for more
input. After reading your e-mail, I tried "abc" immediately followed
by a <ctl>Z<Enter><ctl>Z<Enter>, and that worked.
Thanks Again,
Rob
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [...]
> >
> >For "abc" I get 672533D0 EBB3B826 353EBF7D 4B51FE4F 26D5BAAF where I
> >think I should be getting A9993E36 4706816A BA3E2571 7850C26C
9CD0D89D.
> >
> >Admittedly, it has been a long time since I last compiled a program
in
> >C. I plan to use C to turn the code into a .dll that I may call from
> >my current development platform, SAS. I enter the text to be
encrypted
> >without the quotes. It appears that I have to press <enter> after
that
> >text, followed by a <ctl>z and another enter.
> [...]
> >Any suggestions you have would be appreciated.
>
> Try to enter abc and then press CTRL-Z or whatever your system uses
to mark
> an end of file. Otherwise you are probably hashing abc+Enter.
> If your program can hash files you can also write a file wich
contains abc
> and ends just after 'c'.
>
> I had exactly the same problem yesterday :-)
>
> --
> Jaime Suarez Linux user #114.688
> http://come.to/MundoCripto PGP Key id 0x8EE38D89
>
> Backup not Found,(R) Reintentar, (A) Anular, (S) Sollozar amargamente
>
========================================================================
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: [Q] Why is pub key cert. secure & free from spoofing?
Date: Mon, 02 Aug 1999 18:03:59 -0400
> I'm a rank newbie, passing thru security issues for the 1st time. I've
> been exposed to the public key method, and an explanation showing
> host-spoofing:
>
> A --> Spy --> B,
>
> where B believes the public key it received is from A when it is really
> from Spy.
>
> My text claims that use of a public key certificate authority (CA) will
> keep the spy at bay. My question is: if the Spy can insert itself
> between A & B, why not between A & CA, or B & CA?
He can. That is the problem with secure key servers, if they are
compromised then all the keys on the server are. It is VERY diffucult to
create a secure key system. That is why PGP (as I am sure other programs
have) uses fingerprints. You can call someone up and have them read their
fingerprint to verify. You should read Applied Cryptography to learn more
about these types of protocols. It's quite informative.
------------------------------
From: ALF <[EMAIL PROTECTED]>
Subject: PC Encrypt
Date: Mon, 02 Aug 1999 14:44:37 -0700
I offer secret forwarding of encrypted mail as part of my service.
I just purchased PC Encrypt. PC Encrypt - Is public-key encryption that
lets you communicate securely with people you've never met, with no
secure channels needed for prior exchange of keys. Much easier to use
than PGP.
http://www.a-lock.com/_site/pce/index.mhtml
Question: How many have tried it, and do you think it is a strong
as PGP or stronger?
Thanks,
ALF
--
__/ __/ __/ __/ __/ __/ __/ __/ __/ __/
ALF'S PRIVACY MAIL DROP
http://etco.hypermart.net/md.htm
__/ __/ __/ __/ __/ __/ __/ __/ __/ __/
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: The security of TEA
Date: Mon, 02 Aug 1999 22:16:05 GMT
> > Other vendors don't make the source
> > code available, perhaps because they
> > aren't sure their implementation of
> > ReallyStrongCipher is, in fact,
> > ReallyStrongCipher. Others are secretive
> > about their algorithm because it's homespun
> > and depends on the algo remaning secret
> > for security.
>
> When I was 12 and learning PASCAL I did that. I wrote a program
called
> ZCRYPT (not related to the ZLIB crypt stuff) and I was all gung-ho on
> keeping it 'top secret'. I actually invented a lagged fibonacci
> generator (using (2, 1, 0) as the polynomial) in one of the 'ciphers'.
> This was before I actually read about them in Applied Crypto or 'On
> Fibonacci Keystream Generators' (Ross Anderson). Of course I didn't
> know the period of the generator was only 768 bytes ... Am I glad I
> never got any attention :)
When I turned 39 (last Feb) I became extremely interested in crypto.
A few months later, I stumbled across a book by Dr Michael Rosing on
how to implement ECC and decided I probably would not be good enough at
the field to implement any form of ECC, but that the book would be good
to read anyway.
A few months later (last night), I completed implementing Conceal
version 1.0, a windows application that uses ECC exclusively. I wrote
the ECC code in C++ and would like to put the C++ templates on the WWW
for everyone to use for free and examine for errors. I am talking to
BXA about it now.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The security of TEA
Date: Mon, 02 Aug 1999 21:53:02 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> No shit....
> The point I was trying to make in my original post is that I am not
using
> TEA in my applications. I was curious as to the security of the
algorithm
> because it is so simple and easy to understand. If I need something
secure
> I"ll use something different.
You still don't get it. X-TEA or even TEA in ciphertext only models is
relatively safe (as compared to simple xor ciphers). However if you
for example use 'srand(time(NULL))' then use 'rand()' to seed your
key. I can guess the key in 2^31 steps average. Even if you use CAST
or RC4 as your block cipher ...
Implementation counts...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "oktane" <[EMAIL PROTECTED]>
Subject: Re: How to keep crypto DLLs Secure?
Date: Tue, 3 Aug 1999 00:42:13 +0200
Well
You should be not be aiming a security through obscurity, the software to
decompile a dll is just as easy to get hold of ,as software to decompile an
exe. Secondly if the exe or dll are at and the user has writeable access to
them it doesnt matter how good your security is , your on the back foot
already. Once you have these problems sorted out there will be less to worry
about. If the problem is getting the info to the dll /exe , encrypt it in
the exe. A decent Crypto algo doesnt worry that the observer knows its
details because with a decent / random key it should be fine.
============================================
[EMAIL PROTECTED]
Security = Quantum^2
Its worth it ...
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Americans abroad/Encryption rules?
Date: Mon, 02 Aug 1999 22:31:57 GMT
> I understand that, but once you are out of the States, you are no
longer bound
> by the the country's laws
But wait until you try to come back ino the US. Ask Phil Zimmerman
what customs will do to you...
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Robert C. Paulsen, Jr." <[EMAIL PROTECTED]>
Subject: Re: With all the talk about random...
Date: Mon, 02 Aug 1999 17:47:51 -0500
Patrick Juola wrote:
>
> In article <[EMAIL PROTECTED]>,
> Robert C. Paulsen, Jr. <[EMAIL PROTECTED]> wrote:
> >[EMAIL PROTECTED] wrote:
> >> Nothing is truly random though. Why do you think we have laws of
> >> physics and developing laws of quantum mechanics? Just cuz you can't
> >> explain something doesn't mean it's random.
> >>
> >> I think there is a misconception. A truly random number just occurs.
> >> Nothing dictates what it will be or when it will be (such as counting
> >> or detecting alpha particles). A unpredictable number (such as the
> >> various methods on real life sources) is just that but not really
> >> random.
> >>
> >> If you could look at a piece of amercium and see alpha particles leave
> >> you could predict what your counter will produce, but since that's
> >> believed to be difficult we assume it's 'random'. Simple as that.
> >
> >No it's not. Here is a quote from a passage in _The Character of Physical
> >Law_ by Richard Feynman from the chapter "Probability and Uncertainty --
> >the Quantum Mechanical view of nature"
> >
> >================[ quote ]=============================
> >It is impossible to predict in any way, from any information ahead of
> >time [the results of a measurement of quantum behavior]. That means that
> >physics has given up, if the original purpose was - and everybody thought
> >it was - to know enough so that given the circumstances we can predict
> >what will happen next. ...
>
> As much as I admired the late Professor Feynman, he's wrong, dead wrong,
> in this little snippet. It's easy to do partial predictions of
> measurements of quantum behavior; I predict a larger piece of americium
> will produce more radioactive decays than a smaller piece. Q.e.d.
Don't judge Dr. Feynman based on the above out of context quote. He was
writing specifically of the "two-hole and electron" experiment and the
prediction of which hole the next electron will go through. This is a
clear-cut case where there are no partial predictions.
Feynman does discuss many other subtlties that are not included in my
short quote above. The point is, nature is intrinsically governed by
probabilities. He summarizes at one point by quoting an unknown source:
"nature herself does not even know which way the electron is going to
go". (So how could we deduce it by observing nature?)
>
> More generally, although the interpretation that Dr. Feynman gives
> above is the most commonly accepted one, Sir Arthur Clarke's second
> law -- "When a distinguished but elderly scientist says that something
> is impossible, he is almost certainly wrong" -- is relevant here.
>
Quoting Dr. Feynman once more...
"A philosopher once said 'It is necessary for the very existence of
science that the same conditions always produce the same results.' Well,
they do not. Yet science goes on. [What] is necessary for the very
existence of science [is] that minds exist which do not allow that
nature must satisfy some preconceived conditions, like those of our
philosopher."
> -kitten
--
____________________________________________________________________
Robert Paulsen http://paulsen.home.texas.net
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: PC Encrypt
Date: Mon, 02 Aug 1999 22:49:25 GMT
In article <[EMAIL PROTECTED]>,
ALF <[EMAIL PROTECTED]> wrote:
> I offer secret forwarding of encrypted mail as part of my service.
>
> I just purchased PC Encrypt. PC Encrypt - Is public-key encryption
that
> lets you communicate securely with people you've never met, with no
> secure channels needed for prior exchange of keys. Much easier to use
> than PGP.
>
> http://www.a-lock.com/_site/pce/index.mhtml
>
> Question: How many have tried it, and do you think it is a strong
> as PGP or stronger?
Don't take this wrong, but how many have heard of it?
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The security of TEA
Date: Mon, 02 Aug 1999 21:56:52 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> >ALGORITHMS ARE NOT THE ONLY THING THAT
> >MAKE SECURE APPLICATIONS.
> >
>
> No need to shout, Tom, most everyone here knows that algorithms,
> alone, don't make secure applications.
Sorry. But I have never seen any indepth conversations about
implementations ... Just had to get that off my chest...
> If you mean more scrutiny, I agree with you.
Beating, scrutiny, same thing ... :)
> Other vendors don't make the source
> code available, perhaps because they
> aren't sure their implementation of
> ReallyStrongCipher is, in fact,
> ReallyStrongCipher. Others are secretive
> about their algorithm because it's homespun
> and depends on the algo remaning secret
> for security.
When I was 12 and learning PASCAL I did that. I wrote a program called
ZCRYPT (not related to the ZLIB crypt stuff) and I was all gung-ho on
keeping it 'top secret'. I actually invented a lagged fibonacci
generator (using (2, 1, 0) as the polynomial) in one of the 'ciphers'.
This was before I actually read about them in Applied Crypto or 'On
Fibonacci Keystream Generators' (Ross Anderson). Of course I didn't
know the period of the generator was only 768 bytes ... Am I glad I
never got any attention :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Is breaking RSA NP-Complete ?
Date: Mon, 02 Aug 1999 22:25:40 GMT
> >To make such an assertion with honest confidence, one would have to
> >have an awesome familiarity with the field, which I don't believe you
> >care to claim.
>
> I don't, I don't think anybody else here has either. Brassard does
do, I
> know him personaly, that is why I refer to his article.
I believe (but don't bother replying if I am wrong) that no one else is
making such confident statements?!?! :@
Personally, I don't understand why this type of discussion is going on
here. You all belong on the crypto.politics forum when you bash each
other like this.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: [Q] Why is pub key cert. secure & free from spoofing?
Date: Mon, 02 Aug 1999 22:47:33 GMT
> ... My question is: if the Spy can insert itself
> between A & B, why not between A & CA, or B & CA?
I ask myself that all the time.
Imagine, if you will, that you are politically incorrect (conservative)
and Bill Clinton has the IRS dragging you through the mud. Imagine at
the top of the CA tree is the US government in some encarnation. Would
you trust any certificate originating from any branch of that tree?
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: question: SHA --> stream cipher
Date: Mon, 02 Aug 1999 23:18:55 GMT
David Bernier wrote:
> I've read recently in this forum that a secure hash can trivially
> be used to construct a stream cipher. Suppose the secure hash
> function used is SHA-0 or SHA-1. I'd like to know if this is a
> good way to get a stream cipher:
>
> (0) Choose a secret random IV of 160 bits, say w_0
> (1) Send w_0 securely to recipient [e.g. through public-key algorithm]
> (2) let w_{i+1} = SHA[w_i] for i=0,1,2,3,4...
> (3) The bit-stream [cryptographically strong pseudo-random numbers]
> is then obtained by concatenating w_0, w_1, w_2, ....
If I'm reading this correctly, then an attacker who
knows or can guess one block of plaintext corresponding
to given ciphertext, can then determine the stream from
that point forward.
I think the most popular way to use SHA1 as a PRNG
is based on the FIPS 186 method for generating
DSA private keys. We keep a state of 200-512 bits
(actually the standard allows 160-512, but don't).
The method says to use the SHA-1 compression
function (that is without the padding but with the
usual initial values for the chaining variables).
I'll extend your notation and call the sequence of
states s_0, s_1, ... and the sequence of outputs
w_0, w_1, ... .
w_{i+1} = SHA1_compress(s_i)
s_{i+1} = s_i + w_{i+1} + 1
There shouldn't be any problem with using full SHA-1
with padding, which would be handy if you have a
SHA-1 implementation that doesn't export the
compression function. You'd probably want to limit
the state size to 447 bits (or 440 in byte-oriented
implementations), so that the padding won't extend
into a second block.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
