Cryptography-Digest Digest #624, Volume #10 Wed, 24 Nov 99 17:13:01 EST
Contents:
Re: NSA should do a cryptoanalysis of AES ("Douglas A. Gwyn")
been a while since I used pgp ("David Christian")
Re: For snake oil collectors :-) (Johnny Bravo)
Re: bits of diffiehellman private key (Tom St Denis)
Re: US stupidity (CoyoteRed)
Re: US stupidity (CoyoteRed)
Re: US stupidity (CoyoteRed)
Re: Question about enigma rotors ("Douglas A. Gwyn")
Re: Random Noise Encryption Buffs (Look Here) (Anthony Stephen Szopa)
Re: New U.S. Crypto Regulations (advance copy: do not distribute) (wtshaw)
Re: Quantum Computers and PGP et al. (Anthony Stephen Szopa)
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: AES cyphers leak information like sieves (Dan Day)
Re: AES cyphers leak information like sieves (Dan Day)
Re: What part of 'You need the key to know' don't you people get? (SCOTT19U.ZIP_GUY)
Re: bits of diffiehellman private key (DJohn37050)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Wed, 24 Nov 1999 19:33:57 GMT
Bruce Schneier wrote:
> My guess is that the cryptographers inside the NSA would have loved to
> have their algorithms published. I'll bet its very frustrating ...
That's been a standard problem all along, but to some extent there
is compensation in knowing that one's work is contributing to the
safety of the nation. Also, there are internal house publications,
although with the rise of compartmentalization the amount of good
technical C/A stuff has dropped off considerably.
> It is also possible that we can get the NSA information under FOIA,
Not likely, since FOIA has an exemption for imformation classified
in the interest of national security.
------------------------------
From: "David Christian" <[EMAIL PROTECTED]>
Subject: been a while since I used pgp
Date: Wed, 24 Nov 1999 12:51:51 -0800
is the newest version still safe? Or does it have backdoors in it for the
government to intercept?
--
Cheers!
dv8
Get Paid to Surf the web!
http://cashcity.virtualave.net
It's fast, it's fun, and it's FREE!!!!!
And you'll help a starving music student get through school!!!!!!!!!!!
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: For snake oil collectors :-)
Date: Wed, 24 Nov 1999 15:53:12 GMT
On Wed, 24 Nov 1999 17:28:46 +0000, Cedomir Igaly
<[EMAIL PROTECTED]> wrote:
>> You are correct in stating that many off-the-shelf 3-DES packages do result
>> in a lower bit encryption.
>>
>> Our security protocols were written in-house and we can assure you that they
>> do give 168-bit encryption.
This is great. First you correctly point out that 3-DES gives less
than 128 bits of encryption. Then they claim to have somehow
"strengthened" it in-house to a full 168 bits. Anyone care to place
any odds that they actually weakened 3-DES even further? :)
I'd find another bank.
>> > > Thank you for your e-mail to Tesco Online Banking.
>> > >
>> > > The Tesco Online Banking service runs on 168 triple Des inscription the
>> > > highest used by any UK Bank.
Your first clue should have been when they spelled encryption wrong.
Best Wishes,
Johnny Bravo
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Wed, 24 Nov 1999 20:47:32 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> All generators are equal in that if you can solve for one, you can
solve for
> any. But there are some concerns if a bad guy could PICK a generator
that is
> in a known relationship (known only to the bad guy) to another
generator.
>
> And the generator should generate a prime order subgroup, else you
may be open
> to small subgroup attacks, see IEEE P1363.
By small subgroup attacks you are refering to the giant-step, baby-step
algorithm right? Does anybody have this algorithm in .ps or .pdf
format somewhere? I would love to read about it.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: CoyoteRed <[EMAIL PROTECTED]>
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 15:58:15 -0500
Reply-To: this news group unless otherwise instructed!
Tim Tyler said...
> There'll be a government-sponsored "war on hackers", next
Yeah, and too bad we'll have to let them define "hacker."
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: CoyoteRed <[EMAIL PROTECTED]>
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 15:58:13 -0500
Reply-To: this news group unless otherwise instructed!
[radiant matrix] said...
> I do not break into computer systems (except when I am being paid to test
> security for someone), and I do not use my skills for illegal activity. The
> "hackers" that most people think of are people who break into systems
> illegally -- we like to call them "crackers" to separate them, but the
> popular media will probably never adopt the term.
Personally, with almost 20 years experience with computers, I always
thought a 'hacker' was someone who was very proficient with computers
to the point they could make them do practically anything, i.e.
circumvent security protocols (Hack their way into the computer), etc.
while a 'cracker' broke programs, usually to circumvent (crack or
break) copy protection.
Hackers, like pit bulls, have a bad reputation because of the media.
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: CoyoteRed <[EMAIL PROTECTED]>
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 15:58:12 -0500
Reply-To: this news group unless otherwise instructed!
Trevor Jackson, III said...
> The
> conclusion of the study was that the severity of punishment has little to do with
> inhibiting crime. OTOH the certainty of punishment is quite inhibitory.
To me this makes sense. It's like a parent who consistent in
punishment is more likely to get more good behaviour than a parent who
is inconsistent.
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Question about enigma rotors
Date: Wed, 24 Nov 1999 20:12:18 GMT
"Erik H." wrote:
> After the first character is send through the device the
> first rotor turns a little bit so that the rotor uses a different
> 'permutation' the next time. Every rotor had
> 26 different 'permutations'.
Yes; the two faces of the rotor had 26 contacts each,
and each contact on one face was connected to one contact
of the other face; the wiring was a "random" permutation.
When a rotor turned, of course the wires inside stayed
the same, but the relative locations of the contacts
had moved nearly 14 degrees, so a particlar contact on
an adjacent, nonmoving rotor that abutted the rotating
rotor would then be connected through the rotated rotor
to a different contact on the near face of the rotor on
the far side of the rotated rotor. Really, this is much
easier to understand by stduying a photo or diagram,
which I'm sure exist both on the Web and in books.
> Some of the pages I found describe the rotors
> by using 26 numbers/letters.
> But how can this be?
After 26 clicks, the rotor is again in the same position.
Each click can be assigned a letter A..Z. This letter
could also be thought of as designating a particular
contact that is, for example, lined up with the "window"
used to set the initial rotor position; in fact, there
were letters inscribed on the periphery of the rotors
specifically for use in initially setting up their
relative "phases" befreo encryption/decrytpion began.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Wed, 24 Nov 1999 13:17:41 -0800
Reply-To: [EMAIL PROTECTED]
"Charles R. Lyttle" wrote:
> Paul Koning wrote:
> >
> > Anthony Stephen Szopa wrote:
> > >
> > > Random Noise Encryption Buffs (Look Here)
> > >
> > > It has already been done.
> > >
> > > Here is the bare bones idea: use a random noise generator and
> > > connect the output to an analog to digital converter.
> > >
> > > Create lots of CD-ROMs filled with these random bits.
> > >
> > > Then combine 2 or more of these CD-ROMs bit by bit starting at any
> > > desirable starting points on each CD-ROM. The combination of these
> > > bits from these CD-ROMS will be your random encryption / decryption
> > > bits.
> > >
> > > The idea is that you can make all your random noise CD-ROMs available
> > > in the public domain.
> > >
> > > All you need to do is communicate to your recipient which CD-ROMs to
> > > use and what starting point to begin on each CD-ROM. And use
> > > the combinations of CD-ROMs and starting points only once.
> > >
> > > This is patented by Fawcett, Jr. #5,414,771 - 5/1995.
> >
> > Cute.
> >
> > I would call that a book code. Doesn't sound novel or non-obvious
> > to me, but then again that isn't an issue in practice with patents...
> >
> > Also, avoiding the use of a given combination and starting point
> > is not sufficient. If you ever use two segments that overlap,
> > you have a Venona cipher... :-)
> >
> > Lastly, it seems that this would be vulnerable to brute force search.
> > The effective key length ((6E8 * number of disks) ^ 2) just isn't all
> > that large a number...
> >
> > paul
> >
> > --
> > !-----------------------------------------------------------------------
> > ! Paul Koning, NI1D, D-20853
> > ! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
> > ! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
> > ! email: [EMAIL PROTECTED]
> > ! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
> > !-----------------------------------------------------------------------
> > ! "The only purpose for which power can be rightfully exercised over
> > ! any member of a civilized community, against his will, is to prevent
> > ! harm to others. His own good, either physical or moral, is not
> > ! a sufficient warrant." -- John Stuart Mill, "On Liberty" 1859
> A brute force search isn't required. Random noise sources aren't quiet
> "white" but are "colored", some values tending to be more common than
> others. Thermal sources tend to be "pink". Using more disks from the
> same source doesn't make the data more random. Using the slight
> non-randomness will permit the discovery of some potential values. You
> need only search those combinations that produce the potential values at
> the correct settings.
> There are any number of algorithms for doing a rapid search to find the
> most likely disk positions. Also note that adding more disks may reduce
> the randomness of the results. I once (in a class) saw a similar system
> that produced only about 100 out of 128 possible values, and those
> skewed badly to the high numbers. Those messages were ealsily read by
> first assuming the key string was all high probable numbers and looking
> for the letter "e" to appear, or "t?e". Keep those and replace the
> others with the next probable value and so on. Soon a candidate word
> would appear and that key substring could be used to complete and entire
> key string, which may or may not have been the original key.
> --
> Russ Lyttle, PE
> <http://www.flash.net/~lyttlec>
> Thank you Melissa!
> Not Powered by ActiveX
Your observation of potential bias is insightful.
In the bare bones explanation I did not mention that the patented
specification DID include a method for eliminating any bias that may
result from the described process.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: New U.S. Crypto Regulations (advance copy: do not distribute)
Date: Wed, 24 Nov 1999 15:42:48 -0600
In article <[EMAIL PROTECTED]>, Medical Electronics Lab
<[EMAIL PROTECTED]> wrote:
> From near the end of what shouldn't be here:
>
> > Note: 5A002.a.1 includes equipment designed or modified to use
> >"cryptography" employing analogue principles when implemented with
> >digital techniques.
Should not be in those words, since they do not seem to understand them.
Making something physical does not preclude it being digital, and doing
something with computers does not preclude using some analog circuits. In
the final sense, analog principles and digital techniques are
interchangable, depending of the inconvenience you will accept and the
accuracy you desire.
If the statute is encrypted with code words here for something else, it
seems that this section is misleading, possibly would be unconsitutional.
Elsewhere, I found mention of holes that allow encryption to be changed or
inserted to be straight out of the stone age. Have not these peopleheard
of the clipboard, or are the harking for a return even to punch card data
entry?
> >
> > a.1.a. A "symmetric algorithm" employing a key length in excess of
> >56-bits; or
There are so many weak or worse ciphers with key lengths above this, it's
a wonder that they would be included by default.
--
Who censors the censor's sense of serenity?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc
Subject: Re: Quantum Computers and PGP et al.
Date: Wed, 24 Nov 1999 13:13:49 -0800
Reply-To: [EMAIL PROTECTED]
jay wrote:
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in article
> <[EMAIL PROTECTED]>...
> > Quantum Computers and PGP et al.
> >
> > I heard an interesting program on the radio last week.
> >
> > The professor who demonstrated the first quantum computer was being
> > interviewed.
> >
> > He said that quantum computers will be unbelievably efficient when
> > it comes to FACTORING.
> >
>
> Quantum computers, like nuclear fusion, language translation or artificial
> intelligence, may prove more difficult than originally anticipated.
> .
>
> >
> > OAP-L3 does not rely on the impracticability of factoring large primes
> > or anything else like this.
>
> Most symmetric algorithms do not rely on factoring primes. Comparing your
> symmetric OAP to a public key algorithm is comparing apples and oranges. As
> far as symmetric algorithms go, why use an untested proprietary algorithm
> when we can use a publicly validated that has survived attack by people who
> know what they are doing.
>
> jay
A word to the wise is sufficient.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 22:23:59 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> REF: [<jXU_3.73$[EMAIL PROTECTED]>]
> John DeLaGarza <[EMAIL PROTECTED]> wrote:
>: I'm no hacker, I but I know a bit about computers. Would like to one day
>: know enought to be called a hacker, but I would never intentionally damage
>: and US or allied computer system. Actually I would like to work for the
>: Gov't/military doing this one day. I dont see hackers as much of a threat,
>: there are a few out there that do actually damage systems and they should be
>: the ones targeted. I see hackers as a form of competition that , that would
>: not exist otherwise, force corporations to develop more secure systems. Some
>: "hackers" even let it be known whats wrong with the system. If not for them
>: there would be a possibility for foreign governments and buisiness to break
>: in to our systems to steal info. Its some of the amature hackers that
>: actually let it be know that something is wrong, because they just happen to
>: trip all over the place. Although I think it is more of a shady issue when
>: it comes to Gov't/military sites. Of course there is nothing of real value
>: on the systems wired on the net. I think the US government should crack down
>: on people who are just around to piss them of and just put all kinds of crap
>: up instead on thier(US) systems. They just need to let it be know you dont
>: fuck with the US govt. Although once they have been arrested the Governments
>: should bargain with the "hacker" let him off with probation and give him
>: back his computer if he tell or teaches them how he did what he did. Might
>: be a bit unethical, but I think the military could use a few more of these
>: people.
>:
>: John DeLaGarza
>
>I agree with the attitude behind what you say, but not all of the details.
>I am a hacker. I can say this with confidence because other hackers have
>called me a hacker.
>
>I do not break into computer systems (except when I am being paid to test
>security for someone), and I do not use my skills for illegal activity. The
>"hackers" that most people think of are people who break into systems
>illegally -- we like to call them "crackers" to separate them, but the
>popular media will probably never adopt the term.
>
Some times its hard to get computer people to fix security problems. I
once worked at a site where the assholes in charge thought it was secure
when I complained as usually the assholes said I was all wet an there was
no such problem. One day when the system fucked up a common thing.
I edited a command file that caused the person whose control was transfered
to my terminal to log the individual out the next time he logged in with
a long message telling him how he must have violated securtiy since
the computer people running the show said only those in direct control
change there own files. So the message said Mr Offical either your a fucking
asshole that for got to log out or make the fucking bastards fix the contol
problem unless you want me to read your email next time and broadcast it
to every one on the system. Guess what my bitching never got the fuckers
to left one fat finger. But when the boss could not log in and got a message
they worked over time to fix the problem. The fact is until you burn an
administrators ass you can never get security porblems fixed. They like
to pretenf they don't exist.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 22:27:54 GMT
In article <81gd2c$hh8$[EMAIL PROTECTED]>, "Tim Wood" <[EMAIL PROTECTED]>
wrote:
>Should this thread be crossposted to sci.crypt?
>
It already is so don't worry about it.
I put it there so WHAT?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 22:32:31 GMT
In article <[EMAIL PROTECTED]>, CoyoteRed (at) Bigfoot (dot) com
wrote:
>Quoting "SCOTT19U.ZIP_GUY" on Wed, 24 Nov 1999 06:57:26 GMT ...
>
>> Well it one time I tried to get a job as a bounty hunter for a guy
>> in a small town where I lived but they only wanted people that have
>> actaully killed some one before. I didn't qualify.
>
>WOW! I would think that killing someone would be a black mark
>/against/ you, not a qualification.
>
Actually if your a proven killer there are lots of jobs open to you.
For example look at the sniper who proved he could blow away an
unwarmed woman holding a bay at ruby ridge. He showed he could
give a fuck about killing an unarmed woman with a baby so thats why
he got sent to WACO the feds needed someone who delights in
killing unarmed women and children. Since the other snipers at
Ruby ridge failed to do there job of butchery I am not aware of
any of them getting promtted to the killings at WACO.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 24 Nov 1999 21:46:39 GMT
On Sat, 20 Nov 1999 15:25:19 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Dan Day <[EMAIL PROTECTED]> wrote:
>: Arthur C. Clarke claims that he issues a standard form letter
>: to cranks, which begins, "Dear Sir: They may be something to what
>: you say."
>
>A standard letter - with a spelling mistake? I'm sure Mr Clarke
>can do better ;-)
Ack!!!
Sorry about that. It should say, of course, "There may be something..."
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 24 Nov 1999 21:50:46 GMT
On Fri, 19 Nov 1999 23:05:17 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>I don't know enough history to say how original all of his his ideas are,
>but I know that they appear to encounter much resistance whenever they get
>mentioned on sci.crypt. The resistance appears to me to be much greater
>than the ideas deserve on their own merits.
Probably because they're delivered, explained, and defended with
such obscenity laced, poorly spelled, and overemotional posts that
they seem to be classic "crank" material.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 24 Nov 1999 22:44:41 GMT
In article <81fi0g$tqo$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <81f1qm$1g70$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>> >Tom St Denis <[EMAIL PROTECTED]> wrote:
>> >
>> >: Ok so what is this test?
>> >
>> >: 1. Create random K
>> >: 2. Encrypt M with K [C = Ek(M)]
>> >: 3. Ditch K
>> >: 4. Modify byte of C
>> >: 5. Decrypt C with what K?
>> >
>> >It is irrelevant to what David is saying.
>>
>> this is Dennis style. He seldom wants to make a irrelevent point.
>
>So all my points are relevant?
Obviously if I wrote "irrelevent" it was a mistake
I do make many such mistakes.
>
>Hey David, why don't you answer my posting? Seems to me you just
>changed the topic. (Did our S/N just get worse?)
>
Tom I get tired of anwsering your posts since you never seem to
understand what I answer anyway. I guess I get so angry with your
inability to understand that I make more typos. When I see you able
to understand things better maybe I will cool down and anwser more of
your posts. Antway you have my email address if you really want to
ask.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: bits of diffiehellman private key
Date: 24 Nov 1999 21:59:49 GMT
No, that is not small subgroup. See IEEE P1363 security considerations annex
for DH.
Don Johnson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
