Cryptography-Digest Digest #568, Volume #10 Sun, 14 Nov 99 22:13:04 EST
Contents:
Re: Codebook examples on Web? (Jim Reeds)
Re: ENCRYPTOR 4.0 crack DEMO (Bill Unruh)
Re: The Code Book (Dr. Harley Mackenzie)
High Speed (1GBit/s) 3DES Processor ([EMAIL PROTECTED])
RFD: sci.crypt.random-numbers (Scott Nelson)
Re: EncryptedChat V2 Dead ? (Jerry Coffin)
Re: Public Key w/o RSA? ("Roger Schlafly")
Re: Codebook examples on Web?
Re: S/MIME plug-in for Eudora? Strong Encryption (Andrew Starr)
Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column
([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Codebook examples on Web?
Date: Sun, 14 Nov 1999 23:32:17 GMT
In article <[EMAIL PROTECTED]>, Quisquater <[EMAIL PROTECTED]> wrote
|> ... By the way
|> why nobody is using a good scanner?
Because virtually no one is really interested in the actual contents of
code books. If an electronic copy were desired, a scanner would be of use,
although the help that OCR usually gets from spell-checking would be
diminished. I have a vague plan of writing a book about telegraphic code
books, but when I visit a library and have a code book in front of me and
unlimited time and xerox money, and the book is in good enough shape to
stand unlimited xeroxing, I will xerox all of the front matter, tables of
contents, title pages, prefaces, and so on, and only a few representative pages
of entries. The particular contents are (to me) of no interest, and the
demand for particular decodes of particular code messages is so low as not
to justify the cost (in labor, in storage space, in money) of copying the
whole thing.
For example: The most recent "help me decode this code message found in the
archives" message posted on this list was about 3 years ago. (The "Louis Jaffe"
code message "AB OZO FOURTEEN BUDA AMACO DOEKA NUXIL LOUIS".) The commerical
code book in question was eventually found, but is not in the National
Cryptologic Museum nor (apparently) in the Library of Congress nor in the
archives of the publisher, currently held by the Smithsonian Institution; I
am certain the British Library does not have a copy. I would have had to have
scanned and proofread (say) 400 code books before I found this one; the single
'grep' hit on AMACO DOEKA would not have justified the effort.
The only code book which has been recently reprinted (as far as I know, outside
of a microfiche edition of all 19th century Canadian business publications, which
includes 2 code books) is an oddity from Santo Domingo:
Author: Dobal, Carlos
Year: 1986
Title: Habla Lil{\'{\i}}s : un documento secreto / Carlos Dobal.
Pub: [Santo Domingo] : Biblioteca Nacional
Desc: 197 p. : ill. ; 21 cm.
Note: Series: Colecci{\'{o}}n Orfeo
SUBJECTS: Dominican Republic--History--1844-1930.
Heureaux, Ulises 1845-1899.
SERIES: Coleccion Orfeo
[Reprint, with commentary, of a 19th cent. Dominican official code book.]
As near as I can tell, the modern editor's intention is to use this code book
(a perfectly ordinary late 19-th century code book, with data compression as
much a goal as secrecy) to illustrate the trappings of state power as used
to perpetuate the neo-colonialist regime of dictator Heureaux. Possibly
the use of code words is taken by the editor as a means of depersonalizing
and objectifying the evils of government, but my Spanish was not up to
really understanding the introductory essay. (To discuss a made-up example:
If the code book says doorknob = "torture the suspects until they confess",
this is taken as proof that for Heureaux, torture was as ordinary as doorknobs,
and so on.) I would be grateful if someone with more Spanish than I can
correct me on this.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: ENCRYPTOR 4.0 crack DEMO
Date: 14 Nov 1999 23:50:41 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (JPeschel)
writes:
>Not until you write a dedicated cracker that needs only one
>ciphertext. From the sound of what you and Lyal have said you
>shouldn't even need a probable word as your crib.
Sorry, if you can crack it with known plaintext, then it is cracked. Any
reused "OTP" is a cracked system, even though any one text cannot be
recovered.
------------------------------
From: [EMAIL PROTECTED] (Dr. Harley Mackenzie)
Subject: Re: The Code Book
Reply-To: [EMAIL PROTECTED]
Date: Sun, 14 Nov 1999 23:50:05 GMT
I do have the book and have read it thoroughly - I agree it is a very interesting book
- what I dont have is access to OCR so I
just thought someone else would have already done the boring part.
Regards,
Harley
On Fri, 5 Nov 1999 10:28:43 -0000, "David Pearce" <[EMAIL PROTECTED]> wrote:
>Oh, and another thing. I think that it would be unfair to post the ciphers,
>not to mention a probable breach of copyright. You're supposed to have read
>the book before you get to the ciphers, as there are lots of clues in there
>to help you. Anyway, I think everyone should buy it, as it's a cracking
>read. So is his last one, Fermat's Last Theorem.
>
>DHP
>
>Dr. Harley Mackenzie <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> I dont suppose anyone would like to post or put on an FTP site any of the
>challenge's text? I can't believe that the author
>> didnt put them on the challenge website.
>>
>> Regards,
>>
>> Harley
>>
>
>
>
------------------------------
From: [EMAIL PROTECTED]
Date: 14 Nov 1999 23:55:34 -0000
Subject: High Speed (1GBit/s) 3DES Processor
Crossposted-To: comp.dcom.vpn,comp.security.firewalls
We have developed a prototype Encryption system which runs 3DES at 1
GBits/sec (this is not just processing but with real IO at 1 GBit/sec).
Are there any commercial applications for this type of technology? It
would be interesting to get some feedback. Possibly bulk encryption with
ATM switches etc? It should also be possible to multiplex multiple high
speed inputs into our system.
If you are a manufacturer of high speed switches, or have general interest
in this area or a venture capitalist, you can contac us at:
[EMAIL PROTECTED]
------------------------------
From: Scott Nelson <[EMAIL PROTECTED]>
Crossposted-To:
news.announce.newgroups,news.groups,sci.math,sci.physics,sci.electronics.misc,sci.engr,sci.stat.math
Subject: RFD: sci.crypt.random-numbers
Date: Sun, 14 Nov 1999 23:49:55 GMT
REQUEST FOR DISCUSSION (RFD)
unmoderated group sci.crypt.random-numbers
Newsgroup line:
sci.crypt.random-numbers Discussion of random numbers and their creation.
This is a formal Request For Discussion (RFD) for the creation of a
world-wide unmoderated Usenet newsgroup sci.crypt.random-numbers.
This is not a Call for Votes (CFV); you cannot vote at this time.
Procedural details are below.
RATIONALE: sci.crypt.random-numbers
There is no appropriate newsgroup for the discussion of random numbers
and their generation. Such discussions currently takes place in
several different groups, and generally annoys the majority of those
groups readerships. sci.crypt receives more post on this subject than
any other newsgroup, and for legacy reasons I suggest placing the
group under the sci.crypt hierarchy., despite the many other
hierarchies which might claim title to the topic.
CHARTER: sci.crypt.random-numbers
sci.crypt.random-numbers is for the discussion of random number
generators,both "true" (hardware) and "pseudo" (software), and
anything else related to the science of randomness. Fit topics
include but are not limited to; New designs and questions about
hardware and software random number generators. Questions about the
nature of randomness and the definition of randomness. This is NOT a
place to post lists of random numbers.
END CHARTER.
PROCEDURE:
This is a request for discussion, not a call for votes. In this phase
of the process, any potential problems with the proposed newsgroups
should be raised and resolved. The discussion period will continue
for a minimum of 21 days (starting from when the first RFD for this
proposal is posted to news.announce.newgroups), after which a Call For
Votes (CFV) may be posted by a neutral vote taker if the discussion
warrants it. Please do not attempt to vote until this happens.
All discussion of this proposal should be posted to news.groups.
This RFD attempts to comply fully with the Usenet newsgroup creation
guidelines outlined in "How to Create a New Usenet Newsgroup" and "How
to Format and Submit a New Group Proposal". Please refer to these
documents (available in news.announce.newgroups) if you have any
questions about the process.
DISTRIBUTION:
news.announce.newgroups,news.groups,sci.crypt,sci.math,sci.physics,
sci.electronics.misc,sci.engr,sci.stat.math
Proponent: Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: EncryptedChat V2 Dead ?
Date: Sun, 14 Nov 1999 17:17:42 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> >>1679255177848752162851143387478689891
> >
> >The above number is composite.
>
> Factors are: still being caculated.
FWIW:
287895462580028491
5832864341798915401
Found in less than 30 seconds on a 400 MHz Pentium II, using
factor.exe, a free factoring program available from:
ftp://ftp.compapp.dcu.ie/pub/crypto/factor.exe
They give this (among other things) away as a demo of the MIRACL
multiple-precision math library.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Public Key w/o RSA?
Date: Sun, 14 Nov 1999 15:46:54 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Roger Schlafly wrote:
> > No, Diffie-Hellman is older and just as secure.
>
> I thought about that when I wrote the previous message,
> but I tend to think of D-H only in connection with key exchange,
> not message encryption.
Yes, that is the the way DH is usually described, but it is used for
message encryption all the time. Just another way of looking at
the same thing. RSA's novelty was in providing a secure
signature scheme. It wasn't until later that ElGamal showed that
DH keys could be used for signatures.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Codebook examples on Web?
Date: 15 Nov 99 01:09:09 GMT
NO SPAM! ([EMAIL PROTECTED]) wrote:
: I also have
: both volumes of the American Edition of the International
: Code of Signals (Hydrographic Office Publications 88
: and 103). These are modified two-part codes used for
: surface shipping communications, and a bit much to put
: up on my website, at 367 pages for vol. 1 and 417 pages
: for vol. 2, but they are available from the US Govt.
: Printing Office and don't fall under ITAR or its
: successors.
I certainly don't expect you to scan those; by the "International Code of
Signals", do you mean the one with one, two, and three letter signals
which are represented by colored flags?
I know that _current_ editions of it are much shorter than they used to
be: the only three-letter signals still remaining valid are the medical
ones, and the others which were used to build sentences (one combination
would be the sentence less certain variable words, and then other
combinations would fill in the blanks) are no longer in the code.
I'm surprised some maritime history buff hasn't scanned in the old Marryat
code...I know one university has a complete set of images on the web of
pages from many old mathematics books, including Hamilton's 500-page
treatise on quaternions, so I'm always hoping for odd things to turn up.
John Savard
------------------------------
From: Andrew Starr <[EMAIL PROTECTED]>
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
Date: Sun, 14 Nov 1999 18:23:53 -0600
[[ This message was both posted and mailed: see
the "To," "Cc," and "Newsgroups" headers for details. ]]
In article <[EMAIL PROTECTED]>, amateur <[EMAIL PROTECTED]>
wrote:
> I'd like to find the source code for gnupg in a ZIP file format. I don't have
> Linux installed so I
> can't retrieve the TAR files that I found.
>
> Bruno Wolff III wrote:
>
> > From article <[EMAIL PROTECTED]>, by Adam Kippes
> > <[EMAIL PROTECTED]>:
> > > In <[EMAIL PROTECTED]>, amateur wrote:
> > >
> > > If you do find such an option, please post. I would like to be able to do
> > > that. Or a least get one off of the server; not exactly the same thing, I
> > > realize, but I'll be satisfied.
> > >
> >
> > You might want to switch to gnupg. It uses the openpgp standard (rfc 2440).
> > This includes putting expiration dates on keys. Openpgp is free from patent
> > encumberance (though some implementations use patented algorithms to provide
> > backward compatibility). It works with mutt. See http://www.gnupg.org/ .
http://www.emailman.com/attachments/tools.html (a work in progress --
should read "decompress" and "decode") shows that WinZIP should detar
for you.
-Andrew
--
Andrew Starr is eMailman(sm): http://www.emailman.com
NewsReaders.com: http://www.newsreaders.com
[unofficial] Eudora site: http://www.emailman.com/eudora
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "Risks of Relying on Cryptography," Oct 99 CACM "Inside Risks" column
Date: Mon, 15 Nov 1999 01:15:53 GMT
First let me say I'm snipping a lot since this has
gotten very long. I invite readers to check backwards
for more context, since my interpretation of what is
significant may differ from others.
I see the same point over and over. Terry Ritter
says that the communications that negotiate the
choice of cipher(s) are under a cipher. I point
out that ciphers imply secrecy, but not
authentication, and thus the attacker can influence
the choice of cipher. Here's a sampling:
[EMAIL PROTECTED] (Terry Ritter) wrote:
> sci.crypt [EMAIL PROTECTED] wrote:
> >Terry Ritter wrote:
[Bryan:]
> > It is the
> >authenticity of these messages that is at issue, and the
> >handling of these messages constitutes the cipher selection
> >protocol. I'll show below why authentication is necessary.
>
> There is something seriously wrong with a cipher system which allows
> messages to be substituted by anyone who happens to have a non-secret
> public key.
I suggested an attack that works even given the
communication is under cipher, though I assumed the
cipher protects only the privacy of the messages.
> >[...]
> >So you've described the protocol: "In my proposal, one
> >end sends a list; the other selects from that list".
> >You've been clear that when a side sends the list,
> >such communication is and under a cipher. Now I'll
> >describe the attack on a system entirely consistent
> >with your description.
> >
> >Suppose all parties are given an authentic certificate
> >for Bob's public key. Alice sends her list of ciphers
> >to Bob, encrypted under Bob's public key. Fred blocks
> >the message from Alice and substitutes his own list
> >consisting of one cipher he knows to be on Bob's list.
> >Bob, as the description specifies, selects a cipher
> >from the list.
> >
> >So just as you described, the negotiation is protected
> >by a cipher.
>
> While you claim to have assumed that the negotiation is "protected,"
> in reality you have not made any such assumption. Any cipher system
> which allows anyone at all to pretend they are the other party to a
> particular communication is inherently insecure. The cipher change
> protocol is hardly the issue.
[...]
> The initial ciphering system was, by your description, remarkably
> ineffective.
Obviously it was effective for authentication, but I
assumed it was effective for privacy.
[...]
> Message authentication is *not* -- and should not be -- part of the
> cipher-change protocol, but I would assume that there would be
> error-detection, at least, for the delivered message (including hidden
> protocol messages). That allows us to detect any change in transit.
>
> But that is not your issue. Your issue is that someone may send a
> message which appears to be from our far end, but is not.
Exactly! And specifically, that your statement
of the design that has these early messages under
a cipher does not imply protection against such an
attack.
Anyway, my references are clear that a "cipher"
provides secrecy but does not imply authentication.
I think Ritter's own crypto glossary agrees.
See: http://www.io.com/~ritter/GLOSSARY.HTM
On other matters:
[...]
> >But you cited your commercial systems, which have no
> >cipher agility at all.
>
> *Of* *course* it is not in my old ciphers: If my *old* cipher systems
> had cipher agility, the cipher-change protocol would hardly be a *new*
> idea, now would it?
Hey, you cited these. They are poor examples.
[...]
> >> Actually, my ciphers are fairly simple, as serious systems go. But
> >> the design and actual implementation of real cipher systems is not
> >> easy. Perhaps you should try it, so we can see how well *you* do.
> >
> >That's most of what I do for a living.
>
> Odd. Clearly you don't publish stuff others can use or learn from or
> criticize. And yet *you* obviously love to criticize. It does seem a
> bit one sided.
There's plenty of my stuff for you to criticize. I've
even proposed solutions to problems you posed. You
have historically ignored my posts unless they were
about your designs.
> >[...]
> >> Frankly, since your years-ago claim to have a break for my Fenced
DES
> >> Cipher broke down in your own failure, you have been hard to live
> >> with.
> >
> >When you first wrote that I claimed to "break" Fenced
> >DES, I immediately corrected you. I called my analysis
> >successful because it showed your security analysis was
> >wrong. I was entirely clear on what my attack did -
> >and you know it.
>
> Well, now, let's just see:
And below we do see - that you cannot find anything
where I say my attack constituted a break.
> from http://www.io.com/~ritter/NEWS/HUGEBLK.HTM#HB16, near the middle:
>
> "That's as far as I'll take the attack for now. Perhaps I've
> misunderstood something about the design; please let me know if any
> of the steps I've described is impossible. I'll elaborate if parts of
> my explanation are unclear. If as much as I've described can be done,
> I certainly think it's a strong enough toe-hold for the analyst that
> Fenced DES is dead."
>
> from http://www.io.com/~ritter/NEWS/HUGEBLK.HTM#HB16, at the bottom:
>
> "I think I probably have a few numbers wrong in my analysis, but
> not so far wrong as invalidate the attack on Fenced DES."
>
> So we have "Fenced DES is dead" and the (clearly implied) "I have a
> valid attack on Fenced DES." Both of these seem remarkably clear to
> me. But anyone who wishes to follow your slimy claims and
> word-weaseling can do so for themselves:
>
> http://www.io.com/~ritter/NEWS/HUGEBLK.HTM
> http://www.io.com/~ritter/FENCED.HTM
And my posts explain exactly what the attack does, and
never do I say what you claimed.
[...]
> >You produced a defective design, as I showed.
>
> Nonsense. My cipher did not succumb to an attack which you thought
> would work. Nor is the cipher is weaker because of your attack. My
> cipher won, you lost, it's as simple as that.
>
> It is true that your approach was unexpected to me. It is true that
> you started out making significant headway. That you were unable to
> finish in fact clarified a major advantage to layered ciphers: One
> layer in a cipher may cause an attacker to "commit" in terms of
> available information in a way which then prevents the solution of
> another layer. This is not an error -- that is the way layered
> systems work, and understanding this is a step ahead in cipher design.
>
> If it had turned out that the cipher was weaker because of your
> attack, then the cipher would have been flawed. It did not so turn
> out. And while I would include more mixing layers in any new design,
> the old design proudly stands as it is.
[...]
> >tried to make my analysis look like
> >failure by making things up and saying I said them;
> >you even had quotation marks around claims you
> >fabricated. Do you think that by now I've
> >forgotten that you wrote them and I didn't?
>
> In one case, as I recall, quoted words provided the essence of your
> argument and were correct in context.
No they were not, and as I asked at the time, what
do you think quotation marks mean?
[...]
> > Get over it.
> >
> >Me get over it? I don't think I've brought up
> >your pathetic dishonesty in years.
>
> OK, that's about it. I don't think I need to hear any more from you.
Do you recall the last time I introduced Fenced DES
into a discussion? It was when John Savard came up
with a similar design. I attacked his design and
wrote what I believe is a completely fair note:
| The structure of the cipher is very similar to
| a couple that Terry Ritter suggested. He calls his
| design "Fenced DES". The analysis above is similar
| to work I did on one of Terry's ciphers. He agreed
| the design had a problem but thought I oversold my
| result.
http://x23.deja.com/getdoc.xp?AN=372605719&search=thread&CONTEXT=9426263
69.664076315&hitnum=2
> >You keep
> >inserting Fenced DES into completely unrelated
> >discussions so you can once again lie about what
> >I wrote.
>
> What you wrote is archived on my own site, so I could hardly lie about
> it.
Yes you can; it's just weird. You're trying to
bluff about your up-cards. I immediately disagreed
when you first wrote that I claimed to break Fenced
DES. You still say it, and then support it with
quotes where I never claimed what you said. "Toe-
hold for analysis" sure. Do I think the design is
dead? Yes I do. I didn't say what you claim; you
know it; I know it; and anyone who checks an archive
knows it.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
