Cryptography-Digest Digest #519, Volume #10 Sun, 7 Nov 99 01:13:03 EST
Contents:
Re: How protect HDisk against Customs when entering Great Britain (HJS)
Re: U-Boat Enigma Machines (HJS)
Re: Your Opinions on Quantum Cryptography ("rosi")
Best Asymetric Key System? ("Wynne Crisman")
Re: U-Boat Enigma Machines
Re: Kerberos Question (Daniel S. Riley)
Re: PGP Cracked ? (fungus)
Re: cryptohoping ("Trevor Jackson, III")
Re: Doesn't Bruce Schneier practice what he preaches? (Keith Monahan)
Re: Preventing a User from Extracting information from an Executable ("John E.
Kuslich")
Re: U-Boat Enigma Machines (Johnny Bravo)
Re: Best Asymetric Key System? (DJohn37050)
Re: Best Asymetric Key System? (Tom St Denis)
Re: Best Asymetric Key System? (Tom St Denis)
Re: Hash with truncated results (Tom St Denis)
Re: PGP Cracked ? (Dennis Ritchie)
Re: The Code Book Mailing List ("Douglas A. Gwyn")
Re: PGP Cracked ? ("Douglas A. Gwyn")
Re: PGP Cracked ? (Dennis Ritchie)
Re: PGP Cracked ? (Jim Gillogly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (HJS)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: Sat, 06 Nov 1999 20:05:18 GMT
Reply-To: HJS
On Sat, 06 Nov 1999 09:46:49 GMT, [EMAIL PROTECTED] (Dave Hazelwood)
wrote:
>Otherwise the future may be a lot worse than even Orwell might have
>imagined.
It's already a lot worse than Orwell imagined it, but we get the
society we deserve.
--
HJS +
------------------------------
From: [EMAIL PROTECTED] (HJS)
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: U-Boat Enigma Machines
Date: Sat, 06 Nov 1999 20:05:19 GMT
Reply-To: HJS
On Fri, 05 Nov 1999 13:09:24 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]>
wrote:
>U-boat Enigma Machines
>
>I recorded an interesting program last week from a series (I guess)
>called the Code Breakers. This recounts the program from memory.
>
>Apparently, the German Army and German Air Force Enigma machines had
>been compromised by Britain. But the U-boat fleet had their own
>variation of the Enigma and it was proving impossible to crack.
As I recall the naval enigma had an additional rotor (?) which took
some time to break.
Try to get a copy of 'Seizing the Enigma' by David Kahn. A fascinating
read about this very subject (captured keys, rotors and Enigma machines).
ISBN is: 0-09-978411-4
--
HJS +
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Your Opinions on Quantum Cryptography
Date: Sat, 6 Nov 1999 15:29:02 -0500
I can be wrong. But I feel that you missed John's point, the only point.
--- (My Signature)
Douglas A. Gwyn wrote in message <[EMAIL PROTECTED]>...
>John Savard wrote:
>> But quantum cryptography, although useful in some specialized
>> circumstances, is no real improvement on just burning a CD-ROM filled
>> with true random numbers, and delivering it by hand to your
>> correspondent.
>
>The claim is, interception could not go undetected,
>which is not the case for CD-ROM exchange.
------------------------------
From: "Wynne Crisman" <[EMAIL PROTECTED]>
Subject: Best Asymetric Key System?
Date: Sat, 6 Nov 1999 15:34:40 -0500
I'm currently building a app that requires message verification. I am
already using TwoFish and SHA for generating encrypted message digests, but
need to use an asymetric system to distribute the session key. Does anyone
have suggestions as to which asymetric key system I should be using?
(Preferably one I can get the source to and use in a commercial app.)
Wynne Crisman
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: U-Boat Enigma Machines
Date: 6 Nov 99 20:55:22 GMT
Anthony Stephen Szopa ([EMAIL PROTECTED]) wrote:
: I recorded an interesting program last week from a series (I guess)
: called the Code Breakers. This recounts the program from memory.
I believe I saw that same program quite some time ago.
: It was decided to locate and attack a German
: weather ship.
What happened was that the weather messages were sent out to all the
ships, including those that only had 3-rotor Enigmas. So it was realized
that the fourth rotor could be turned to such a position as to make it and
the reflecting rotor used with it act just like the reflecting rotor of a
3-rotor Enigma; this way, the U-Boats only needed to carry one Enigma, and
the weather message only needed to be sent once.
This was where the weather ships came into the story.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Daniel S. Riley)
Subject: Re: Kerberos Question
Date: 06 Nov 1999 16:06:11 -0500
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
> And to think, even with all of these problems known, only now is M$
> adding Kerberos authentication.
I only see one problem being discussed--that the initial ticket
exchange is still vulnerable to some forms of dictionary attack.
Kerberos 5 with preauthentication required greatly reduces the
exposure of this vulnerability (you have to sniff the response from
the KDC), and Windows 2K does default to using preauthentication (and
also defaults to RC4 rather than DES). There is an IETF CAT draft[1]
to add a session key to the preauth field, which would effectively
eliminate the vulnerability.
> Seems more than a little dumb to me.
You have something better to suggest? Keep in mind that Kerberos is a
complete single-sign-on authentication and key management system that
handles mutual authentication, key exchange, and cross realm
authentication. While EKE, SPEKE, or SRP might be candidates for
improving the security of the initial ticket exchange within Kerberos,
they aren't anywhere close to providing the functionality necessary to
replace Kerberos.
Or let me ask the question another way--would you rather Microsoft had
another go at designing their own authentication system? Kerberos,
even without a session key in the preauth data, is still superior to
Microsoft's previous attempts.
[1]
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-extra-tgt-02.txt
--
Dan Riley [EMAIL PROTECTED]
Wilson Lab, Cornell University <URL:http://www.lns.cornell.edu/~dsr/>
"History teaches us that days like this are best spent in bed"
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Sat, 06 Nov 1999 20:07:15 +0100
Johnny Bravo wrote:
>
> On Sat, 06 Nov 1999 08:05:37 GMT, [EMAIL PROTECTED] (zentara) wrote:
>
> >They would just have to exploit some know weakness in the compilers
>
> LOL, this again? My compiler is open source too. Or are you
> actually proposing that every compiler in the world has been corrupted
> as well as the PGP source. This 'urban legend' is about as old as PGP
> is.
>
It's not a UL, it was actually done by Dennis Ritchie on a PDP-11.
The compiler had extra code to check when it was recompiling
itself and inserted some extra instrucions.
It also knew when it was recompiling the Unix "login" source
and inserted a back door accordingly.
Stretching this jolly jape to a worldwide conspiracy theory
regarding PGP is a bit more difficult though.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
Date: Sat, 06 Nov 1999 17:48:22 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: cryptohoping
fungus wrote:
> [EMAIL PROTECTED] wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > fungus <[EMAIL PROTECTED]> wrote:
> > >
> > > In the end though, it doesn't make any difference to security.
> >
> > There may be important security advantages if you can build a "cipher
> > generator" that produces independent ciphers. See:
> > http://www.deja.com/threadmsg_ct.xp?AN=539793780
> >
>
> No.
>
> It doesn't make any difference how complicated your "algorithm"
> is, if the enemy knows it (and you should assume he does) then
> it's all down to key sizes.
I suspect there's room for disagreement in the definition of "algorithm".
If a single, static mechansim is used to mix the chunks of the plaintext
with chunks of the key to produce ciphertext, your statement is accurate.
But if the mixing mechanism is selected by composing transform primities in
a key-dependent manner, there are two parts to the algorithm the selection
algorithm, which is statically defined, and the mixing algorithm, which is
dynamically defined by the selection algorithm.
The selection procedure over primitives should be assumed to be known to
the attacker. But the actual results of the selection process are not
assumed known to the attacker because they are key-dependent. Since the
results of the selection process are the mixing mechanism, equivalent to
the classic meaning of "algorithm", it is not assumed know to the attacker.
------------------------------
From: Keith Monahan <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Sun, 07 Nov 1999 00:17:42 GMT
Thomas,
Thomas J. Boschloo wrote:
> "Roman E. Liky" wrote:
> > John Kennedy <[EMAIL PROTECTED]> wrote:
>
> > >Here's an example, Counterpane Systems has a nice little freeware
> > >utility called Pasword Safe. http://www.counterpane.com/passsafe.html
> > >It reportedly uses the blowfish algorithm to encrypt your passwords. I
> > >think Countepane Systems has a fine reputation. Schneier has a fine
> > >reputation. I trust blowfish. I'd like to use the utility, but I won't
> > >because I don't see any open source for it. I believe these guys are
> > >honest and competent but I won't rely on that belief without open
> > >source. Why these folks would release a security system without open
> > >source is beyond me. I can't think of any reasons that are favorable
> > >to me.
>
> If a flaw would be found in the program, this would be very bad press
> for counterpane. So it is probably secure.
>
> Not releasing the source of the product, just decreases the chance of
> such a unfortunate incident to happen :)
>
Well, it's quite possible to attack the product without the source. There
are
plenty of 'warez' crackers out there right now that make that their hobby
of choice in life. It is certainly EASIER to do with source, but is still
possible to find bugs without.
Keith
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Preventing a User from Extracting information from an Executable
Date: Sat, 06 Nov 1999 17:24:00 -0700
Well...possibly, or perhaps difficult if the goal is to completely
understand all the details. The usual situation, howerver, is that the
attacker only needs to access understand and control very tiny parts of
the whole software package.
Sometimes the attacker's goal can be achieved by just changing one bit
in a program that may contain millions of bits.
You ARE correct, of course, on general principles but the human mind is
a really amazing thing when it comes to recognizing patterns in code.
This sort of protection I would personally consider to be very weak in
most cases.
JK http://www.crak.com
John Savard wrote:
>
> [EMAIL PROTECTED] (Chad Hurwitz) wrote, in part:
>
> >The other suggestion was to use multi layered P-Code which i don't know
> >what that is, does anyone have any URL references?
>
> P-code is instructions for a mythical computer that a program reads
> and carries out.
>
> So you have a program that executes P-code written in assembly
> language, but the program that does what you want to do is written in
> the P-code.
>
> Now, if in P-code, you write another P-code interpreter, for a
> different P-code, and both P-codes are completely different, cryptic,
> and not documented anywhere the attacker can see, it would be very
> difficult and time consuming to figure out what your program is really
> doing.
>
> John Savard ( teneerf<- )
> http://www.ecn.ab.ca/~jsavard/crypto.htm
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: U-Boat Enigma Machines
Date: Sat, 06 Nov 1999 20:03:13 GMT
On Sat, 06 Nov 1999 15:28:27 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>I reviewed the program: 842 U-boats launched and 781 sunk. This was
>the highest rate of losses of any military branch in the war.
The highest rate of loss for any arm of service in the history of
modern war. Out of 39,000 sailors who went out, more than 30,000
didn't return, over 27,000 of them killed in action.
>Hitler said that he ended the Battle for the Atlantic because the
>British had developed a new weapon (10 cm radar: this allowed
>submarines to be located even if just their periscopes were above
>water.) Hitler never knew that the Naval Enigma was compromised.
At that point the Enigma was just fluff. When the submarines lost
the ability to approach a convoy on the surface, losses for ships
dropped far enough that it was no longer practical trying to attack
them in groups. Any sub trying to shadow a convoy was quickly
forced under and lost contact.
In Feb of 1943, 20 subs assembled to attack SC18, over the next 5
days 11 ships were sunk. Only 3 of the 20 actually managed to launch
an attack on the convoy, 6 of the 11 ships were sunk by just one sub.
The u-boats lost three boats and 4 more damaged.
This was mainly due to very long range aircraft protecting convoys
far out into the atlantic, and the new radar that wasn't detected by
the u-boats Metox equipment.
In May 1943, 60 subs from 4 different packs launched a mass attack
on convoy OBS5, which was guarded by 18 escorts. Over the next three
nights, 13 ships were sunk at the cost of 8 u-boats sunk and 4
damaged. Out of the 60 boats, only 9 launched attacks. The escort
system defeated the u-boats. It wasn't until June 1943 that the
allies had broken the 4 wheel Enigma used by the navy.
>Although the Allied sailors and pilots who did the dirty work in the
>Atlantic received heroic praise, it was not until many many years
>after the war before the people responsible for breaking Enigma
>would eventually get their due. If it wasn't for their great work,
>the U-boats would never have been located in the first place.
Of course they would have, the allies didn't use Enigma data to go
hunting for enemy submarines (except for the operations against the
u-tankers in late 1943). They used the data to steer the convoys away
from them. The mission was the completion of the convoys, avoidance
was more effective than trying to hunt submarines down on the open
ocean. There just wasn't enough escorts for both jobs at once until
near the end of the war, then they were using escort carriers and
hunter groups to reinforce threatened convoys.
Sonar and Radar were the reason for the losses, near the end of the
war the allies were sinking a submarine for every two or three
merchant ships lost. Germany just couldn't keep up with the
attrition.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Best Asymetric Key System?
Date: 07 Nov 1999 01:07:21 GMT
www.certicom.com has a toolkit, so do others.
Don Johnson
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Best Asymetric Key System?
Date: Sun, 07 Nov 1999 02:24:59 GMT
In article <Vo0V3.53297$[EMAIL PROTECTED]>,
"Wynne Crisman" <[EMAIL PROTECTED]> wrote:
> I'm currently building a app that requires message verification. I am
> already using TwoFish and SHA for generating encrypted message
digests, but
> need to use an asymetric system to distribute the session key. Does
anyone
> have suggestions as to which asymetric key system I should be using?
> (Preferably one I can get the source to and use in a commercial app.)
>
I think ELGAMMA is the buzzword of the month now.
You question is as unquantifiable as which religion is the best.
Figure out the problem you are trying to solve and rest will fall into
place.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Best Asymetric Key System?
Date: Sun, 07 Nov 1999 02:26:23 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> www.certicom.com has a toolkit, so do others.
> Don Johnson
SPAMMER!
Pick up a free integer package and implement something as simple as g^x
mod p, and you have a asymmetric system. I did it in peekboo, and I am
sure you can do it in your program.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Hash with truncated results
Date: Sun, 07 Nov 1999 02:28:29 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Sat, 06 Nov 1999 00:49:23 GMT, Tom St Denis wrote:
> >
> >If I can break md5/sha when it's truncated to 96 bits, I can break
the
> >full algorithm as well.
>
> what make you think that ?
>
Because each bit should be functionaly independant. If you can find a
weakness [i.e correlation] in a truncated result, it will exist in the
full result as well. Thus a break.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Sun, 07 Nov 1999 03:11:21 +0000
Reply-To: [EMAIL PROTECTED]
fungus wrote:
> It's not a UL, it was actually done by Dennis Ritchie on a PDP-11.
> The compiler had extra code to check when it was recompiling
> itself and inserted some extra instrucions.
>
> It also knew when it was recompiling the Unix "login" source
> and inserted a back door accordingly.
It was Ken. See
http://www.acm.org/classics/sep95/
Dennis
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Code Book Mailing List
Date: Sun, 07 Nov 1999 03:12:48 GMT
"Trevor Jackson, III" wrote:
> Sure. Doug Gwyn specializes in factoring primes of arbitrary size
> into their two prime factors.
Delete the "two" and you'll have it right.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Sun, 07 Nov 1999 03:30:27 GMT
Jerry Coffin wrote:
> Like Ken, AFAIK, he's never said _anything_ to confirm (or,
> admittedly, deny) that it was actually done.
I could swear that they have said the experiment was actually done,
just that it was not in any of the UNIX distributions.
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Sun, 07 Nov 1999 04:02:06 +0000
Reply-To: [EMAIL PROTECTED]
Douglas A. Gwyn wrote, quoting Jerry Coffin:
> > Like Ken, AFAIK, he's never said _anything_ to confirm (or,
> > admittedly, deny) that it was actually done.
>
> I could swear that they have said the experiment was actually done,
> just that it was not in any of the UNIX distributions.
I could so swear too.
Dennis
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: PGP Cracked ?
Date: Sun, 07 Nov 1999 04:30:33 +0000
Dennis Ritchie wrote:
>
> Douglas A. Gwyn wrote, quoting Jerry Coffin:
>
> > > Like Ken, AFAIK, he's never said _anything_ to confirm (or,
> > > admittedly, deny) that it was actually done.
> >
> > I could swear that they have said the experiment was actually done,
> > just that it was not in any of the UNIX distributions.
>
> I could so swear too.
>
> Dennis
So could Ken. Here's an extract of a note he wrote on
23 Apr 1995:
fyi: the self reproducing cpp was
installed on OUR machine and we
enticed the "unix support group"
(precursor to usl) to pick it up
from us by advertising some
non-backward compatible feature.
that meant they had to get the
binary and source since the source
would not compile on their binaries.
they installed it and in a month or
so, the login command got the trojan
hourse. later someone there noticed
something funny in the symbol table
of cpp and were digging into the
object to find out what it was. at
some point, they compiled -S and
assembled the output. that broke
the self-reproducer since it was
disabled on -S. some months later
the login trojan hourse also went
away.
the compiler was never released
outside.
ken
I wonder whether the funny business in the cpp
symbol table was a symptom of the Trojan horse,
or whether it was a fortuitous accident.
--
Jim Gillogly
Hevensday, 17 Blotmath S.R. 1999, 04:24
12.19.6.12.5, 6 Chicchan 13 Zac, Second Lord of Night
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
