Cryptography-Digest Digest #258, Volume #10 Fri, 17 Sep 99 19:13:03 EDT
Contents:
Re: crypto export rules changing ("John E. Kuslich")
Re: What is XOR? (Anton Stiglic)
Re: 3des? (jerome)
Re: 3des? (jerome)
peekboo v1.4 beta (features key exch now) (Tom St Denis)
Re: Mystery inc. (Beale cyphers) (Niteowl)
Re: (US) Administration Updates Encryption Export Policy (jerome)
Re: Okay "experts," how do you do it? (Tom St Denis)
Large number arithmetic ("Marco Lange")
Re: 3des? ([EMAIL PROTECTED])
Re: Large number arithmetic ("Dann Corbit")
Re: peekboo v1.4 beta (features key exch now) (Tom St Denis)
Re: Okay "experts," how do you do it? (Patrick Juola)
Re: Example of a one way function? ("I. Michael Mandelberg")
Re: 3des? ("Richard Parker")
Re: peekboo v1.4 beta (features key exch now) (Tom St Denis)
Re: How does RC5 work? ([EMAIL PROTECTED])
Re: NSA and MS windows (Jerry Coffin)
Re: Okay "experts," how do you do it? (Jerry Coffin)
Re: arguement against randomness (Jerry Coffin)
Re: How does RC5 work? (Tom St Denis)
Re: Okay "experts," how do you do it? (Tom St Denis)
----------------------------------------------------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: crypto export rules changing
Date: Fri, 17 Sep 1999 12:21:49 -0700
The BIG ANNOUNCEMENT was that there are new rules but that the new rules
have not yet been decided.
I watched the press conference live on C-SPAN. Janet (my pencil is my
word processor) Reno said "NO" to the question ""Is this new policy a
relaxation of encryption policies?"
The whole affair was high comedy.
The reason for the BIG ANNOUNCEMENT is so that AL (I invented the
Internet) Gore could claim he was on the side of high technology on his
upcoming trip to California.
The deputy defense secretary indicated that the "one time review" would
look closely at what was to be exported and they would need much more
than marketing brochures - translation - it is unlikely that really good
encryption will ever pass the review process.
Another deputy deputy deputy brought to the stage to answer a simple
question found unanswerable by idiot Commerce Secretary Daley said that
he thought that the one time review would be simply to determine if the
product in question was "mass market or not". When asked what that
meant he said these rules and regulations are not yet defined. :--))
Yeah, right...the rules are relaxed, we just don't know what the rules
are !!!
So, what really happened was the following:
Al Gore instructed all the encryption engaged government people (with
the NOTABLE exception of FBI director Luis Freeh) to go on stage and
proclaim victory in the knotty process of balancing the needs of law
enforcement, national security, and privacy rights.
He should have demanded that the leaders of the major religions of the
world go on stage and declare that all religious differences had been
resolved or maybe that the Creationists and the Evolutionists had
finally resolved their differences.
HIGH COMEDY indeed!!!
Next week watch as dogs and cats are brought together to show that Al
Gore has resolved their long standing disputes.
Then lions and lambs...
Irish Catholics and Irish Protestants...
Arabs and Jews...
VOTE FOR AL!!!!!!!
JK http://www.crak.com Password Recovery Software
Paul Rubin wrote:
> A big liberalization of export rules is supposed to be announced
> today, but apparently there will also be some key escrow provisions.
>
> http://www.sjmercury.com/breaking/headline1/024676.htm
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: What is XOR?
Date: Fri, 17 Sep 1999 15:35:22 -0400
Jean-Jacques Quisquater wrote:
> Oh, oh.
>
> For me (and many people I'm sure :-)
>
> OR (in French OU) is denoted by \/ (V) and is coming from Vel (the latin OR)
>
> [...]
I actually speek french to, and think of \/ as the U in OU,
and the /\ as the A in english AND. When you are bilingual,
it's a perfect way to remember! :)
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: 3des?
Date: 17 Sep 1999 20:03:54 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 17 Sep 1999 14:04:30 GMT, John Savard wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote, in part:
>
>>Ok here's an interesting question?
>>
>>If using DES with 768-bit keys provides no better resistance (and no less) to
>>iterative attacks but allows a key strength of 384 bits (because of the mitm
>>attack), why not use that instead of 3des?
>
>I remember a claim in AC that the key strength of DES with independent
>keys is really only about 65 bits.
i saw that in a biham & shamir paper in differential crytanalisys.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: 3des?
Date: 17 Sep 1999 20:18:15 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 17 Sep 1999 12:42:32 GMT, Tom St Denis wrote:
>Ok here's an interesting question?
>
>If using DES with 768-bit keys provides no better resistance (and no less) to
>iterative attacks but allows a key strength of 384 bits (because of the mitm
>attack), why not use that instead of 3des?
3DES has been 'designed' to minimize the implementation difference
with DES. important especially for the hardware implementation.
if you use DES with independant key (word from shamir), you change
the key schedule and i suppose it can't be done on some chips.
>[ btw what is the exact resistance to iterative attacks I don't have my
>applied crypto handy now ... I remember it was something like 2^60 for diff
>and 2^47 for linear? Or am I full of beans?]
what do you mean by iterative attack ?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: peekboo v1.4 beta (features key exch now)
Date: Fri, 17 Sep 1999 20:22:48 GMT
Yes I finally found the bloody bug in the large num library. So for your
viewing pleasure is peekboo v1.4 beta. (not a release). Why is it beta?
Cuz I did very little testing after I finally got the large nums to work ...
You can now make keys it will load/save them when the program opens/exits.
You can copy them to the clipboard and paste keys from the clipboard. You
can make shared keys with public and private keys.
New features:
- auto salt, it will hash the message and add a timestamp to the salt so you
don't have to worry about 'resalting'
- auto pick decipher algorithm, you don't have to worry about picking the
right cipher to decrypt
- features five good ciphers
- it's only 35kb ... :)
try this out at http://www.cell2000.net/security/peekboo/beta.exe
Please try all the buttons and dodas and try to find any bugs or
'unpleasants'.
Also if you can read C code and know a bit about win32 programming I can send
the source if you want to hack at it. I would like to see comments from some
security/crypto people.
You can email me at [EMAIL PROTECTED]
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Niteowl <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Mystery inc. (Beale cyphers)
Date: Fri, 17 Sep 1999 20:26:05 GMT
Curt Welch wrote:
> [EMAIL PROTECTED] (Curt Welch) wrote:
> > [EMAIL PROTECTED] wrote:
> > > More information can be found at the Crypto Drop Box:
> > >
> > > http://www.und.nodak.edu/org/crypto/crypto/resources.html
>
> http://www.und.nodak.edu/org/crypto/crypto/general.crypt.info/beale/
>
> I just checked this site out and found it has lots of good info
> about all this, including most of Ed's work that I have under the
> more.beale directory.
That's the stuff. The notes file is the basis for the article printed
in the March 1984issue of the Beale Cypher Association Newsletter. Sad
to say, I haven't had any new
ideas on Beale since then :-(
I did correspond with John King about Beale (and Zodiac) and we swapped
our copies
of the ciphers and got to agreement on the numbers at least. I believe
the files at
the CDB are the result of the comparisons.
Dr. Matyas wrote a paper after much apparent research and thinks the
version of the
DOI used was from "An Historical, Geographical, Commercial, and
Philosophical
View of the American United States" published in 1795 by W.
Winterbotham. The
version of the DOI there does 'correct' many of the numbering errors
seen in B2.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: (US) Administration Updates Encryption Export Policy
Date: 17 Sep 1999 20:34:36 GMT
Reply-To: [EMAIL PROTECTED]
what do they mean by 'technical review' ?
On Fri, 17 Sep 1999 06:47:29 +0000, Helger Lipmaa wrote:
>
>Any encryption commodity or software of any key length can now be
>exported under a license exception (i.e., without a license) after a
>technical review, to commercial firms and other non-government end users
>in any country except for the seven state supporters of terrorism.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 20:33:00 GMT
In article <7rt95c$1mdk$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <7rsber$8r6$[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] (David Wagner) wrote:
> >In article <7rs7s8$11u8$[EMAIL PROTECTED]>,
> >SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> >> They check to see how wrote it. If it is some one they don't know
> >> they say it is weak and go on since they are afraid of there own
> >> shadows.
> >
> >Do you really believe this?
> >
> >If you truly believe that your ideas are being ignored not because of
> >lack of technical merit but rather because of your name, there's an
> >easy way to prove it: submit a paper anonymously (or under a fake name)
> >to some respected crypto conference. If it gets accepted, you can
> >boast all you like about how you fooled all those evil cryptographers...
> Do you really belive this?
> Unless the fake name I used was yours and the email addresses and
> wirtting skills matched yours. It would not be accepted. Also I do
> belive you understand my method. I can't belive that my C code is
> really beyond your mental ability. If it is beyond your ability to understand
> then stay a Poster Boy outside the NSA because you would not be good
> enough to get in.
> >
> >Or, post to sci.crypt via an anonymous remailer. (See www.replay.com.)
> >If people react differently to your post, you can claim glorious victory.
> Give my a break my writting skills are like fingerprints the fist time
> I posted when YFN started to die people knew it was me. But they thought
> I was hidding since the ID changed. But you may not have noticed. There
> are sharp people out there.
> >
> >In the meantime, I fear that these types of remarks only diminish the
> >chances that anyone will take you seriously.
> Will fear not. I am sure you are counting on people to not take
> my code seriously since if they do. They will abandon the weak
> crypto of the AES.
Remember your words devil.
When I started in crypto about 6 months ago I wanted to post everything
comming to mind, then Wagner showed me I have lots to learn (such as some
good algebra). He is a smart intelligent person. If you have ever read
anything he has worked on (or Bruce, or Rivest, or ... the list goes on have
worked on) then you will notice a high level of intelligence there. They are
not ponds like you would like to think so.
He was trying to be accomodating but I think even Wagner has his limits. He
will probably continue to ignore your posts from now on like he has (and like
everyone else will).
Anyways, why are you so afraid of documenting your algorithm properly?
btw the block size is still 19-bits hehehehe...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Marco Lange" <[EMAIL PROTECTED]>
Subject: Large number arithmetic
Date: Fri, 17 Sep 1999 22:27:15 +0200
Hi!
Although I am not really new to programming, I am absolutely new to
cryptography, and I am now, after informing me about encryption
algorithms, writing my own implementation of RSA.
For this, I need to do some maths with large numbers
(512 bits to 4096 bits). I have certain problems with multiplication,
exponentiation and the MulMod and ExpMod, i.e.
(a*b) mod b
and
(a^b) mod b
respectively.
I am looking for a performant implementation or algorithm for
these large number calculations.
Cya,
Marco
--
E-mail: [EMAIL PROTECTED]
Homepage: http://www.marcolange.de
ICQ: 35807782
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 3des?
Date: Fri, 17 Sep 1999 16:41:11 -0400
Anton Stiglic wrote:
> Where in the world did you read that? What do you mean by man in the middle
> attack on DES. Are you talking about 3DES?
By mitm, it means Meet in the Middle. 3DES calls for:
C = Ek1(Dk2(Ek3(c)))
Sorry, no subscripts. It means that you encrypt the text with key 1, decrypt the
text with key 2, and encrypt the text with key 3. ALL KEYS MUST BE INDEPENDANT. A
meet in the middle attack was developed by Merkle and Hellman, it invloves a
messsage encrypted:
C = Ek1(Ek2(c))
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Large number arithmetic
Date: Fri, 17 Sep 1999 13:57:14 -0700
Marco Lange <[EMAIL PROTECTED]> wrote in message
news:7ru89d$646$[EMAIL PROTECTED]...
> Hi!
>
> Although I am not really new to programming, I am absolutely new to
> cryptography, and I am now, after informing me about encryption
> algorithms, writing my own implementation of RSA.
>
> For this, I need to do some maths with large numbers
> (512 bits to 4096 bits). I have certain problems with multiplication,
> exponentiation and the MulMod and ExpMod, i.e.
> (a*b) mod b
> and
> (a^b) mod b
> respectively.
>
> I am looking for a performant implementation or algorithm for
> these large number calculations.
You did not say what language and operating system you will be using.
For Fortran, I like MPFUN by Brent:
http://www.netlib.org/mpfun/
For C or C++ I like Miracl:
ftp://ftp.compapp.dcu.ie/pub/crypto/miracl.zip
Freelip by Lenstra is very good C code, as is Pari-GP.
For other suggestions, take a look at Ajay Shah's numcomp list, Nikki
Locke's available C++ libraries list.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: peekboo v1.4 beta (features key exch now)
Date: Fri, 17 Sep 1999 21:10:44 GMT
Some notes:
1) If you run multiple copies of pb, first paste in all your keys in one
instance only (have only one copy running) then close it. It saves the keys
in mem to the file when it closes... so to avoid deleting keys do it that
way.,
2) If you get 'invalid keys' after selecting two keys then just get another
copy I uploaded another about 10 mins afterwards..
3) If there are no keys on one site and you click use keys it will probably
crash.
Have fun!
my public key is
u0wBGmfDGquzUL3CaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaqabaaaaCQ4fpCsFj70ZbpURo5AqXaEZU0xawtJFHLGRted0A}09j5yzmzaHndfDhYV7g}wRSusCF1GgEptfpxT6fj121d3YGwifJvQJVR93yJqO3h6Yq}eA0w4Fh4Y5ZROr}84P9rTkCZeR3rxlX5zjvOl5OjrtbCXlepG8XGR8jva0grXettg6zGKZ6Te2f}qJHNnmiAUFEdLqy4o9bO}Pd9dw8HAnWEOTKwDAZ7aN2f8y4IlhPI{iM76j9S19LGSjcdXqkfP{RCXZ2daVsbaeFIpvxD52sbrdevNne1SEZazZzzNeIL8C2yss9iOarYYjzw{2j9KetMOWsby24GgDOyxcCcaaaaaaaaaaaaa
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Okay "experts," how do you do it?
Date: 17 Sep 1999 11:06:48 -0400
In article <[EMAIL PROTECTED]>,
Sundial Services <[EMAIL PROTECTED]> wrote:
>C'mon, friend, let's be loosy-goosy here for a little while. Let's turn
>the light upon exactly what those experts know that we don't. Or, to
>put it another way, let's figure out what exactly it is that makes Bruce
>Scheirer's opinion better than anyone else's besides the fact that he's
>written a book. ;-) ;-) :-) <-!!!
Knowledge of cryptanalytic techniques, signs of weakness, and ways
to exploit them.
Just as an obvious example, most casual algorithm designers don't know
differential cryptanalysis or how to apply it. Furthermore, an
algorithm may be resistant to straightforward by-the-book differential
cryptanalysis but vulnerable to a (more or less) simple variant.
The less simple the variant, the greater skill is necessary to find
and exploit it.
An expert is a person who knows a lot of attacks and has the necessary
insight and skills to generalize them as necessary and appropriate
to attack a system.
>Beneath my cavalier approach to this is a serious, hard question: what,
>exactly, IS it that makes an expert an expert? And therefore, what IS
>it that makes a cipher insecure when it appears, to a designer or to a
>common layman, to be perfectly adequate? Why exactly IS it that one
>carbon-based computer known as Bruce Scheirer, or John Savard, or
>(whomever) has some element of knowledge that no one else has?
>
>If we knew, then we could build provably better ciphers. We could
>evaluate them whether or not the "experts" had the time or the research
>or the research-papers to do it. We could "give them nothing to
>evaluate."
>
>It seems to me that we ought to be able to subject a cipher to an
>objective test.
It would be nice, yes. It would also be nice if we could automate
the task of performing medical diagnosis -- after all, what makes
a good diagnostician good? Knowledge of lots of different medical
syndromes and their signs.
Unfortunately, in either case the body of knowledge isn't formalized
enough to be completely automated. I hope this doesn't mean that you
don't believe that there's something doctors know that you don't.
-kitten
------------------------------
From: "I. Michael Mandelberg" <[EMAIL PROTECTED]>
Subject: Re: Example of a one way function?
Date: Fri, 17 Sep 1999 18:49:49 GMT
Thanks for the responses. I realize that it was an open ended question.
The need
is for a one way encryption of data. One idea that I had was to use a
randomly selected public key and RSA. The problem is how to get this key
in a satisfactory way. The below sounds quite easy. Could I as well use
IDEA,
or is this specific to DES?
Michael Mandelberg
John Savard wrote:
> "I. Michael Mandelberg" <[EMAIL PROTECTED]> wrote, in part:
>
> >Can someone point me to a one-way-function that is typically used for
> >encryption?
> >It ought to use a key.
>
> A simple example of a keyed one-way function - but not a trapdoor
> one-way function usable for public key encryption - would be this:
>
> f(x) = (x encrypted with DES) XOR x
>
> which is a keyed one-way function. It could be used in a hash
> function, or for generating things like session keys. But there is no
> known way to find x from f(x), even knowing the key.
>
> John Savard ( teneerf<- )
> http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: 3des?
Date: Fri, 17 Sep 1999 21:53:04 GMT
Anton Stiglic <[EMAIL PROTECTED]> wrote:
> Yes, I know about this attack for 3DES, but he was talking about simple
> DES, with a different sized key (that is, different from 56 bits that DES
> usualy uses...).
DES with independent subkeys can be attacked with the same
"meet-in-the-middle" attack used by Merkle and Hellman against double
encryption. Because this variant of DES has a trivial key schedule,
you can treat it as double encryption by considering the first eight
rounds of cipher (keyed with subkeys 1-8) as a separate encryption
algorithm from the last eight rounds (keyed with subkeys 9-16). You
then attack by encrypting using the first half and decrypting using
the second half.
-Richard
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: peekboo v1.4 beta (features key exch now)
Date: Fri, 17 Sep 1999 21:20:44 GMT
I forgot to add
4) If you are adding/giving public keys out TURN OF AUTO_CRYPT it gets in the
way ... Once you copy/paste all your keys you can turn it back on.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How does RC5 work?
Date: Fri, 17 Sep 1999 21:22:45 GMT
Reply-To: [EMAIL PROTECTED]
<<<SNIP>>>
I have the RC5 source code. I am not a 'C' programmer but to me it
appears that this code is not the same as the spec. The spec says that
that <<< means to rotate left, A=((A XOR B) <<< B) + S[2*1]
The 'C' code seems to just shift left.
#define ROTL(x,y) (((x << (y&(w-1)))
if << in 'C' rotate or shift?
Also, I am confused when RSA says that + is two's compliment addition.
Do I worry about this becuase it is handled by the complier.
> BTW checkout RC5's cool source if you want some good info.
>
> ---
> /* RC5REF.C -- Reference implementation of RC5-32/12/16 in C.
*/
> /* Copyright (C) 1995 RSA Data Security, Inc.
*/
> typedef unsigned long WORD; /* Should be 32-bit = 4 bytes
> */
> #define w 32 /* word size in bits
*/
> #define r 12 /* number of rounds
*/
> #define b 16 /* number of bytes in key
*/
> #define c 4 /* number words in key = ceil(8*b/w)
*/
> #define t 26 /* size of table S = 2*(r+1) words
*/
> WORD S[t]; /* expanded key table
*/
> WORD P = 0xb7e15163, Q = 0x9e3779b9; /* magic constants
*/
> /* Rotation operators. x must be unsigned, to get logical right
shift*/
> #define ROTL(x,y) (((x)<<(y&(w-1))) | ((x)>>(w-(y&(w-1)))))
> #define ROTR(x,y) (((x)>>(y&(w-1))) | ((x)<<(w-(y&(w-1)))))
>
> void RC5_ENCRYPT(WORD *pt, WORD *ct) /* 2 WORD input pt/output ct
*/
> { WORD i, A=pt[0]+S[0], B=pt[1]+S[1];
> for (i=1; i<=r; i++)
> { A = ROTL(A^B,B)+S[2*i];
> B = ROTL(B^A,A)+S[2*i+1];
> }
> ct[0] = A; ct[1] = B;
> }
>
> void RC5_DECRYPT(WORD *ct, WORD *pt) /* 2 WORD input ct/output pt
*/
> { WORD i, B=ct[1], A=ct[0];
> for (i=r; i>0; i--)
> { B = ROTR(B-S[2*i+1],A)^A;
> A = ROTR(A-S[2*i],B)^B;
> }
> pt[1] = B-S[1]; pt[0] = A-S[0];
> }
>
> void RC5_SETUP(unsigned char *K) /* secret input key K[0...b-1]
*/
> { WORD i, j, k, u=w/8, A, B, L[c];
> /* Initialize L, then S, then mix key into S */
> for (i=b-1,L[c-1]=0; i!=-1; i--) L[i/u] = (L[i/u]<<8)+K[i];
> for (S[0]=P,i=1; i<t; i++) S[i] = S[i-1]+Q;
> for (A=B=i=j=k=0; k<3*t; k++,i=(i+1)%t,j=(j+1)%c) /* 3*t > 3*c */
> { A = S[i] = ROTL(S[i]+(A+B),3);
> B = L[j] = ROTL(L[j]+(A+B),(A+B));
> }
> }
> ---
> Tom
> --
> PGP 6.5.1 Key
> http://mypage.goplay.com/tomstdenis/key.pgp
> PGP 2.6.2 Key
> http://mypage.goplay.com/tomstdenis/key_rsa.pgp
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: NSA and MS windows
Date: Fri, 17 Sep 1999 16:17:08 -0600
In article <7rr8ar$e53$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> In <[EMAIL PROTECTED]> fungus <[EMAIL PROTECTED]>
>writes:
>
> >Tell me, how does a multinational corporation "lose" a key?
>
> Well, MS also claimed to have lost the source code to DOS, which I would
> think was an even harder thing to do.
Where and when has MS claimed any such thing? I've seen quite a few
other people claim that MS had lost source to (at least some part of)
DOS, but I've never seen MS themselves say any such thing. All
evidence indicates that 1) they've never lost it, and 2) if they had,
it would be embarrassing enough that we'd never hear about it anyway.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 16:17:12 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Beneath my cavalier approach to this is a serious, hard question: what,
> exactly, IS it that makes an expert an expert? And therefore, what IS
> it that makes a cipher insecure when it appears, to a designer or to a
> common layman, to be perfectly adequate? Why exactly IS it that one
> carbon-based computer known as Bruce Scheirer, or John Savard, or
> (whomever) has some element of knowledge that no one else has?
Mostly a record of having broken ciphers in the past. For better or
worse, while there's certainly a science to cryptanalysis, it's still
enough of an art that there's no substitute for experience.
> If we knew, then we could build provably better ciphers. We could
> evaluate them whether or not the "experts" had the time or the research
> or the research-papers to do it. We could "give them nothing to
> evaluate."
To a large extent, if you want to design a good cipher, you know about
the relatively well-known attacks (e.g. differential and linear
cryptanalysis, slide attacks, impossible differentials, related key
attacks, and so on). By knowing how each of these woks, you can
design a cipher that's immune to all of them. Sideband attacks (e.g.
based on power usage of smart cards) are another area you'd attempt to
minimize problems, assuming you were interested in using the cipher in
a situation where it was a consideration.
Depending on your approach to design, you'd probably also want to
quantify things so (for example) you know how many rounds it takes
through your cipher before diffusion takes place to the extent that a
single bit changed in the input changes approximately half the bits in
a block (assuming you're dealing with a block cipher). Obviously
you'd want to use that as a guide to the minimum of the number of
rounds to actually use.
For some types of ciphers, it's useful to show that breaking the
cipher requires (or is equivalent to) some mathematical problem that's
generally assumed to be difficult. By showing an equivalence, you can
quantify the difficulty of breaking the encryption by presently known
methods, and make it relatively easy to track the difficulty of
breaking the cipher, so (for example) somebody will know whether a new
mathematical algorithm is likely to have an effect on your level of
security.
> The -only- way we can know these things for sure is when they are
> measurable and objective. And this world of mystery and "experts" is
> anything but that, now isn't it?
Yes, but I don't think that's going to change. The problem is, you're
looking (largely) at one person's ability to hide things from another
person. When designing a cipher, you have to think about what
somebody else might look at to decipher your data. You guard against
the things you think of, and you try to ensure that it'll be hard to
think of other methods that make it easy to break the cipher.
Unfortunately, if somebody else thinks of a method you didn't, it may
render your cipher weak.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: arguement against randomness
Date: Fri, 17 Sep 1999 16:17:22 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> The time between each new instance of the "random number"
> thread in this group is truly random.
Though I've done no statistical analysis to back it up, my initial
reaction is that it's exactly the opposite of random -- rather, it
seems to happen almost like clockwork.
Now, that might imply some randomness somewhere behind it though, like
the randomness of radioactive decay being used to drive the most
accurate clocks we've invented...
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: How does RC5 work?
Date: Fri, 17 Sep 1999 21:50:48 GMT
In article <7rubeo$sus$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> <<<SNIP>>>
>
> I have the RC5 source code. I am not a 'C' programmer but to me it
> appears that this code is not the same as the spec. The spec says that
> that <<< means to rotate left, A=((A XOR B) <<< B) + S[2*1]
>
> The 'C' code seems to just shift left.
> #define ROTL(x,y) (((x << (y&(w-1)))
>
> if << in 'C' rotate or shift?
>
> Also, I am confused when RSA says that + is two's compliment addition.
> Do I worry about this becuase it is handled by the complier.
<< is a shift. But a rotate in C would be
ROL(x, y) ((x<<y)|(x>>(32-y)))
Which is what the RSAREF code does.
> > #define ROTL(x,y) (((x)<<(y&(w-1))) | ((x)>>(w-(y&(w-1)))))
> > #define ROTR(x,y) (((x)>>(y&(w-1))) | ((x)<<(w-(y&(w-1)))))
right here..
+ is addition same in C... they assume two's compliment.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Okay "experts," how do you do it?
Date: Fri, 17 Sep 1999 22:00:15 GMT
In article <7rtdba$1v3q$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> IT is not obfuscated but had a friend at work who wrote code for that
> purpouse I should have used his program to make it obfuscated.
> And to say your not biased is to say the pope is not catholic. Every one
> is biased and it is ignorant to assume otherwise.
Well anyways, nobody wants to look at your source. What I meant to say is
write a paper and I will read it and offer comments if possible.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
