Cryptography-Digest Digest #253, Volume #10 Fri, 17 Sep 99 02:13:03 EDT
Contents:
Re: crypto export rules changing (Dmitri Alperovitch)
Re: Okay "experts," how do you do it? (Tom St Denis)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out ("Douglas A. Gwyn")
Re: Mystery inc. (Beale cyphers) (Carl Ijames)
Re: Okay "experts," how do you do it? ("Douglas A. Gwyn")
Re: Okay "experts," how do you do it?
Re: Okay "experts," how do you do it? (Eric Lee Green)
Re: some information theory (Anti-Spam)
Re: The good things about "bad" cryptography (Eric Lee Green)
Clinton Administration Continues to BS on Encryption Export Regs (Anthony Stephen
Szopa)
Re: Okay "experts," how do you do it? (jerome)
Re: crypto export rules changing ("Douglas A. Gwyn")
Re: Okay "experts," how do you do it? (Eric Lee Green)
Re: Cyrpto-sell-o ("Douglas A. Gwyn")
Re: Current US Export Law (Anthony Stephen Szopa)
Re: The good things about "bad" cryptography (Eric Lee Green)
Re: Clinton Administration Continues to BS on Encryption Export Regs ("Douglas A.
Gwyn")
Re: Okay "experts," how do you do it? ("Douglas A. Gwyn")
----------------------------------------------------------------------------
Crossposted-To: talk.politics.crypto
From: [EMAIL PROTECTED] (Dmitri Alperovitch)
Subject: Re: crypto export rules changing
Date: Fri, 17 Sep 1999 03:19:26 GMT
>A big liberalization of export rules is supposed to be announced
>today, but apparently there will also be some key escrow provisions.
>
>http://www.sjmercury.com/breaking/headline1/024676.htm
Um. Question - if they are willing to allow open export of unlimited
size keys (except when the destination is a terrorist state), why do they
still want a one-time review of your application? If there is no limit on the
size of the key you can use anymore, it shouldn't be any of their business
about the way you algorithm works or how strong it is, right?
Regards,
Dmitri
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 03:06:25 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Okay, "putup or shaddup ..." :-) :-)
>
> I see lots of articles, written by experts, who say that only experts
> can evaluate the quality of a cipher ... if they have the time, which
> they usually don't unless there's a research paper in it. Yada, yada,
> yada.
>
> Okay, experts, "put up or shaddup" :-) :-) ... how do you do it?
>
> How DO you determine that a cipher is or isn't a good one? How DO you
> conclude that it is or isn't snake oil? What IS it that you've learned
> that makes you qualified to pass judgement on a crypto-algorithm that no
> one else can do the same??
First become a crypto-yentha ... then you can comment :)
Basically look at a system and say, what is there to exploit. What can I get
from hacking this (i.e if I fake a user what will I get). Most of the time
the reward is hardly worth the effort (metrocard cheating).
If you look at a system that say... only allows 4 char passwords but uses
SHA-1 and 3DES (or what have not) what do you think you will attack. Usually
it's not quite so obvious (I would think).
I think you should try designing a system before you break one. If you
design one you can get a field for what/how you are trying to protect the
information. If you just sit on a passive side looking at a paper describing
the system you are not 'into it'.
Anyways, that's my 2 cents (or about 1/1000th of a us penny).
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Fri, 17 Sep 1999 04:14:58 GMT
Andrea Chen wrote:
> > Present-day, the US could easily offer a reward on Saddam Hussein's
> > head. ...
> ... The bigger problem is people like you who think the government
> should ignore this law cause after all we're killing bad people. Yet
> this ugly, underground shit has a habit of coming back to haunt us.
The biggest problem of all is thinking that the problem is Saddam
Hussein, and that eliminating that one person would fix things.
------------------------------
From: [EMAIL PROTECTED] (Carl Ijames)
Subject: Re: Mystery inc. (Beale cyphers)
Date: 17 Sep 1999 03:28:43 GMT
On Thu, 16 Sep 1999 18:53:22 GMT, Roger Fleming <[EMAIL PROTECTED]> wrote:
[snip]
>1. The quantity of treasure: some 1.3 metric tonnes of gold (value today,
>around $US 18 million) and 2.3 tonnes of silver (a little under half a
>million), plus gems (wildly guessing average CPI over the last 178 years at
>3%, somewhwere around several million). This is a _huge_ hoard of treasure;
>quite enough to make the suckers salivate and run out and buy pamphlets. So
>much, in fact, that you really wonder where the conspirators got the money,
>where they got the metal (IIRC, we are 29 years before the discovery of gold
>in USA), and - if wealthy merchants - what the heck they were doing burying it
>instead of investing.
How about stolen Spanish treasure from South America, hidden by "retired"
pirate :-)? There's more than one story about lost pirate treasure to
choose from.
--
Regards,
Carl Ijames [EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 04:20:31 GMT
Sundial Services wrote:
> C'mon, friend, let's be loosy-goosy here for a little while. Let's
> turn the light upon exactly what those experts know that we don't.
Apparently, one of them is how to cryptanalyze proposed cryptosystems.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Okay "experts," how do you do it?
Date: 17 Sep 99 02:08:11 GMT
Sundial Services ([EMAIL PROTECTED]) wrote:
: If we knew, then we could build provably better ciphers. We could
: evaluate them whether or not the "experts" had the time or the research
: or the research-papers to do it. We could "give them nothing to
: evaluate."
: It seems to me that we ought to be able to subject a cipher to an
: objective test.
No, there is no such test, and there can be no such test.
Andrew Wiles proved Fermat's Last Theorem. And when he did, the
mathematicians of the world were surprised.
Even very tough mathematical problems can eventually be solved. But until
a problem _is_ solved, we have no way of knowing how tough it is. We
didn't know if the question would even be resolved with a proof - or with
a counterexample. We didn't know if the solution was years away - or
centuries.
And that's the way it is with ciphers. We can only say that we can't break
a particular cipher...yet. Because people keep discovering new and
unexpected ways to break ciphers. Just as new and unexpected things keep
being discovered in mathematics.
Think of Godel's Theorem, or the Halting Problem.
John Savard
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Thu, 16 Sep 1999 20:41:31 -0700
"SCOTT19U.ZIP_GUY" wrote:
> In article <[EMAIL PROTECTED]>, Eric
>Lee Green <[EMAIL PROTECTED]> wrote:
> >Whoops, I forgot part (d), which is when you pay the "real" experts real
> >money to cryptanalyse your product prior to its release. Depending upon
> >the importance of the crypto component of your product, that may be
> >money well spent (or maybe not). I know that Microsoft probably wishes
> >today that they'd hired Bruce to cryptanalyse MSCHAP-80 prior to its
> >release...
>
> How do you know that didn't hire him.
Because he and Mudge tore MSCHAP-80 to shreds. See
http://www.counterpane.com for details. Basically, he blasted Microsoft
as being a bunch of amateurs, and insinuated that no real expert would
have put out such a piece of crud.
That doesn't sound like he consulted for them!
> particular person was. But I doubt if the so called experts would really want
> that. Becasue its better to have a good line of BS than to really know
> anything.
That, alas, IS a problem. A good line of bull is enough to snow many of
the pointy-haired bosses out there. But there's a way to tell whether
someone is relatively reputable or not. a) Does he have a lot of mention
in the literature? b) Does he have references willing to stand up and
say he did good work? c) Do your own in-house experts trust him once
they've quizzed him? etc. etc. etc. It's just like hiring an employee,
and like when hiring an employee, too many people fall for a good line
of bullshit, but if you're willing to work at it, you can tell the bull
from the beef.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Anti-Spam <[EMAIL PROTECTED]>
Subject: Re: some information theory
Date: Thu, 16 Sep 1999 20:44:55 -0700
Tim Tyler wrote:
( cut a lot of the nested commentary on the commentary on the original
comments.... s
>
> One definition of what constitutes "randomness" mentions that random
> data is generally incompressible. Conversely, incompressible data should
> look random - if there's any order in it it will be fodder for a better
> algorithm that identifies that order and squeezes it out.
> --
I follow your statements about compressed data/files "looking" like
random binary.
You're assertion is that compressed data/files may pass some of the
statistical tests for random binary strings ( the five tests from the
Handbook of Applied Cryptology, for example).
Random data is generally not compressable. OK. BUT, the converse is not
a true statement - "compressed data should look random." ( If A implies
B, then NOT B implies NOT A.)
That is, if random data is not compressable, then compressible data is
not random data. That is the "flip" side of random data not being
compressible.
An example - use a static huffman code to represent the symbols in the
original data/file per the frequencies of occurance of the symbols.
This compression will produce a maximal entropy encoding of the
symbols. There is, however, much order in the compressed data/file.
String patterns for each of the symbols repeat throughout the compressed
data/file. The original order and frequency of the symbols is preserved
in the compressed file/data. The number of 1s and 0s in the data/file
may equal, but the probablilites of particular strings of 1s and 0s will
be far larger than expected for a true random bit source generating a
string of bits. ( Static huffman coding is eqivalent to a substitution
cipher on the original data/file where each symbols code in the original
data/file is replaced with an encoding in the compressed data/file such
that the compression encoding for the symbols is maximal entropy. The
"key" for this substitution is the frequency of symbols as the occur as
represented in the original uncompressed data/file.)
I agree that adaptive huffman coding of data/files will make the
compressed data/file output look more random ( and maybe pass some
statistical tests for randomness with better confidence levels than
static huffman coding would do) but still, the data will not complete
pass all tests. It's better.
I am still pondering the two-pass adaptive huffman coding scheme much
mentioned here in this group. ( That's another thread someday - I'm
chasing down the notion of an eqivalence between aperiodic (or
quasi-perodic) polyalphabetic ciphers and adaptive huffman codes - but
only as I get some spare time now and again. )
[EMAIL PROTECTED]
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: The good things about "bad" cryptography
Date: Thu, 16 Sep 1999 20:35:22 -0700
Tony Stewart wrote:
>
> What if the key is hardware based and also uses rolling code technology for
> communication and hashing of course?
>
> Is this method not free from hacking even if you know the design details but
> not the values of the keys???
If the hardware component contains only the key then the algorithm is
still "bare". You can assume that the attacker has aquired an identical
setup, btw, though the hardware key would of course be different (one
way that rich kid "wannabes" get to tag along with "real" crackers is by
buying them stuff to crack).
If the hardware component contains the entire cryptographic component of
the program things then become much more expensive to crack, and you
won't find typical "crackers" capable of recovering the algorithm.
Intelligence agencies presumably would still have the resources to
reverse-engineer the hardware, but known-plaintext attacks alone can
result in recovery of critical information about the algorithm such as,
e.g., whether it is a block cipher or a stream cipher, and what the
block size is if it's a block cipher. Known plaintext attacks can also
be used to see if any "fingerprints" can be detected... most ciphers do
leak information about how their internals are organized if they are fed
known plaintext. And I'm sure that Three Letter Agencies can even think
of more stuff than I can, since I am quite new at this particular game
(though not at the general game of cracking, though it's been many MANY
years since I did that, hopefully enough that the statute of limitations
ran out long ago :-).
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Clinton Administration Continues to BS on Encryption Export Regs
Date: Thu, 16 Sep 1999 21:50:39 -0700
Reply-To: [EMAIL PROTECTED]
Clinton Administration Continues to BS on Encryption Export Regs
Go to http://www.eff.org to read US Press Secretary's Press Release
You cannot flip a coin and have it land BOTH heads and tails. The
Administration's stalling tactics continue.
I am not going to be satisfied until this Administration and this
Government Unconditionally Surrenders all of its objections to
unrestricted encryption.
The Catholic Church has backed down over the centuries on the Earth
being the center of the universe, the Heavens revolving around the
Earth, the "tenet" of there being no such thing as action at a distance
(radio waves), "Man" being gods special unique creation in the Universe
(life existing only on Earth), birth control, evolution, etc.
This Administration and this government must not be allowed to continue
to restrict encryption in any manner whatsoever.
This Administration must be persuaded to accept advances in technology
and the discovery of new information just like the Church. We do not
need violent repression from this government any more than we need
violent repression from the church.
The US government is threatening every American with arrest, jail,
forfeiture of money and property, and even death if any American
defies their misguided restrictions on encryption.
WE have a democracy with the right to privacy, peaceful assembly, free
speech, and justice.
Restricting encryption is a clear attempt to destroy democracy with the
right to privacy, peaceful assembly, free speech, and justice.
You either have it or you don't.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: Okay "experts," how do you do it?
Date: 16 Sep 1999 22:19:53 GMT
Reply-To: [EMAIL PROTECTED]
i understood what an expert is when i read 'the codebreaker' by d.kahn
he explain the history of cryptography/cryptanalize.
thus you can have an idea of what a expert knew in 1920 and easily
understand it because it is now common knowledge. but if you imagine
you in 1920 and see the gap between a beginner and an expert at this
date.
you can imagine what an expert is now, 80years later.
to test a given cipher, you can try all the known attacks. (for that
you have to know them :)
but if you use new concepts in your cipher, you may be safe against
known attack but to create new hole elsewhere maybe larger.
On Thu, 16 Sep 1999 12:42:03 -0700, Sundial Services wrote:
>Okay, "putup or shaddup ..." :-) :-)
>
>I see lots of articles, written by experts, who say that only experts
>can evaluate the quality of a cipher ... if they have the time, which
>they usually don't unless there's a research paper in it. Yada, yada,
>yada.
>
>Okay, experts, "put up or shaddup" :-) :-) ... how do you do it?
>
>How DO you determine that a cipher is or isn't a good one? How DO you
>conclude that it is or isn't snake oil? What IS it that you've learned
>that makes you qualified to pass judgement on a crypto-algorithm that no
>one else can do the same??
>
>:-)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: crypto export rules changing
Date: Fri, 17 Sep 1999 04:36:20 GMT
"SCOTT19U.ZIP_GUY" wrote:
> so that silicon valley will think the Democrats want looser crypto
> anad maybe they will give Gore Money.
Unfortunately, that seems to be not far from the truth.
Silicon Valley is pumping a lot of money into Democratic
campaign funds; one can speculate about what they're
thinking, but whatever it is, it isn't a good sign.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Thu, 16 Sep 1999 22:26:45 -0700
David Wagner wrote:
> Or, post to sci.crypt via an anonymous remailer. (See www.replay.com.)
> If people react differently to your post, you can claim glorious victory.
Sadly enough, people with distinctive writing (or spelling!) styles
don't get much by going through anonymous remailers.
Reminds me of when I posted an anonymous message at LinuxToday about
goings-on inside a Linux company. Within thirty minutes I had the
president of the company and the marketing director of the company in my
office to agree with what I'd posted anonymously :-). (They recognized
my writing style, and also recognized that the issue had been discussed
extensively within our company so it was someone within our company).
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cyrpto-sell-o
Date: Fri, 17 Sep 1999 04:47:12 GMT
[EMAIL PROTECTED] wrote:
> I am new to the encryption scene but I was curious. If I were to
> come up with a new mathamatical encryption method, how would I go
> about selling this? Should I contact the NSA? Just curious.
Your best bet to *publicize* it would be to submit an article
for publication in a journal such as IEEE Transactions on
{Communications, Information Theory, whatever}.
Many of us would prefer that you not try to *commercialize*
the method before it has undergone peer review and critical
evaluation. A lot of ideas that *seem* good are not so good
after all. (That doesn't always keep fools from buying the
product, however!)
If your idea is *patentable*, before you publicize it you
should file an application for a patent. (See a patent
attorney; that's what they're for.)
There isn't much point in trying to contact NSA; they may
already have thought of the idea, but are not give you any
useful feedback. More likely, you'd be treated as just one
more crank. (Unless you have a viable working relationship,
but then you wouldn't be asking the question.)
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: Current US Export Law
Date: Thu, 16 Sep 1999 21:56:08 -0700
Reply-To: [EMAIL PROTECTED]
Bill Lynch wrote:
> I've got a question about current US Export Law regarding strong
> encryption. I got to thinking about this in light of recent
> developments:
>
> http://www.zdnet.com/zdnn/stories/news/0,4586,2335300,00.html?chkpt=hpqs014
>
> Given that the current law restricts US companies from exporting strong
> encryption in their products, could a company like IBM, for example,
> develop a product to be compatable with an overseas strong encryption
> program and still be subject to export restrictions?
> For instance, say a French firm develops a strong encryption program
> similiar to one that RSA Labs would sell. Could IBM engineer the
> software on their servers to be compatable with the French program so
> that an overseas customer would basically just plug in the French
> program and be on their way? Since there's no strong encryption in the
> AS/400 itself, it wouldn't be subject to US export laws. Is that
> correct?
>
> Thanks in advance,
> --Bill Lynch
If you can hold your breath long enough your point may become meaningless.
Go to http://www.eff.org and read the latest press release on encryption from
the Clinton Administration.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: The good things about "bad" cryptography
Date: Thu, 16 Sep 1999 22:42:21 -0700
"SCOTT19U.ZIP_GUY" wrote:
> Would you call some one who designs a million byte plus key method
> where the whole file is a single block Paranoid.
Yes. Not that it may not be a useful paranoia under certain
circumstances. Doesn't work for my particular applications in any event,
I need a combination of speed and "streamability" (i.e., so I can start
streaming data out before the entire file is encrypted). But then I
don't have to be too paranoid in my particular case because the file is
presumably already going over a "secured" network, this is just an
additional layer of security on top of it...
> Or just some one who
> wants something better for the real world of file encryption than a toy
> method that use a tiny key on tiny blocks.
It's a tradeoff. 128-bit blocks allow me to stream data in real time, at
the cost of being possibly succeptible to known-plaintext attacks and
possibly other attacks. 19U may actually be more secure than Twofish,
but it doesn't meet the primary criteria, which is to be able to do this
in real time.
As far as key size goes, I stopped at 128-bit key size because I
don't have more random bits than that in my particular environment.
256-bit key size would not have gotten me anything because I had no way
of generating more than 2**128 possible keys no matter what the key
length. Again, this is a case where your algorithm would not have worked
for my particular situation. I'm sure you had to do a lot of work to get
adequate random bits to make long keys work in your environment (e.g.
have them wave the mouse around, type random characters, etc.), and I
don't have access to that kind of stuff (most of my boxes live in wiring
closets somewhere far from human interaction).
Which doesn't mean 19U is cr*p, just that it's suited for what it's
suited for, not for what I'm doing. You must admit that if the goal is
speed and streamability rather than absolute security, 19U is not the
right choice.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: Clinton Administration Continues to BS on Encryption Export Regs
Date: Fri, 17 Sep 1999 05:02:23 GMT
Anthony Stephen Szopa wrote:
> The US government is threatening every American with arrest, jail,
> forfeiture of money and property, and even death if any American
> defies their misguided restrictions on encryption.
No, they're not. When you make such hysterical exaggerations,
people tend to discount whatever else you're saying, too.
> WE have a democracy with the right to privacy, peaceful assembly,
> free speech, and justice.
The government of the US is *not* a "democracy". Nor should it be.
It is meant to be a constitutionally limited representative
republic.
> Restricting encryption is a clear attempt to destroy democracy ...
No, it's an attempt for the people in power to gain even more
control over the populace. "Destroying democracy" is unlikely
to have been even an implicit goal.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 04:28:26 GMT
Tom St Denis wrote:
> I think you should try designing a system before you break one. If
> you design one you can get a field for what/how you are trying to
> protect the information.
That is the opposite of the invariable advice given by the true
experts. It is true that you need to learn *cryptography*, i.e.
the techniques of encryption, before *cryptanalysis*, but that's
not the same as saying that you should try to *be* a codemaker
before becoming a codebreaker. The term "analysis" is part of
"cryptanalysis" for a good reason; issues of vulnerability are
matters for analysis, not construction.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
