Cryptography-Digest Digest #626, Volume #10 Thu, 25 Nov 99 02:13:01 EST
Contents:
Re: Is this a Legit test of the AES candidate strength? (JPeschel)
Re: Is this a Legit test of the AES candidate strength? (Boaz Lopez)
Re: Prime Numbers Question (Johnny Bravo)
Re: Random Noise Encryption Buffs (Look Here) ("Charles R. Lyttle")
Re: Random Noise Encryption Buffs (Look Here) ("Charles R. Lyttle")
Re: Do flight data recorders use encryption? (Scott Fluhrer)
Re: Cryptological discovery, rediscovery, or fantasy? (SCOTT19U.ZIP_GUY)
Re: been a while since I used pgp ([EMAIL PROTECTED])
Re: What part of 'You need the key to know' don't you people get? (Tom St Denis)
Re: Prime Numbers Question (William Rowden)
Re: Decryption software ([EMAIL PROTECTED])
Has anyone used CryptoPunk? (MEGstir)
Re: bits of diffiehellman private key (Scott Fluhrer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Is this a Legit test of the AES candidate strength?
Date: 25 Nov 1999 01:13:50 GMT
albert [EMAIL PROTECTED] writes, in part:
>I was wondering if this is a legit test for the diffusion rate of an
>algorithm. Have an algorithm encrypt an entire page, and then check the
>frequency distribution.
No, single-character frequency analysis won't get you very
far in accessing the strength of most ciphers, let alone the
AES candidates. It will, however, aid you in solving simple
substitution ciphers.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Boaz Lopez <[EMAIL PROTECTED]>
Subject: Re: Is this a Legit test of the AES candidate strength?
Date: Wed, 24 Nov 1999 17:51:31 -1000
albert wrote:
>
> I wrote a cheezy little program that counts the frequency of a file, and
> outputs it. Dan Frezza had said that he was curious of the distribution
> of PGP and so ran a frequency test against it. Very impressive, almost
> evenly spread across the board.
>
> I was wondering if this is a legit test for the diffusion rate of an
> algorithm. Have an algorithm encrypt an entire page, and then check the
> frequency distribution. I figure if there is a heavy skew, then the
> algorithm is not doing a good job diffusing the data.
>
> Albert
No, the "diffusion rate" is better tested by examining codes after
each round, not after all the rounds are done. The block size is
128 bits, not 8 bits, so you need to consider the whole block
when observing bit diffusion.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Prime Numbers Question
Date: Wed, 24 Nov 1999 21:08:20 GMT
On Wed, 24 Nov 1999 17:19:28 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Johnny Bravo wrote:
>
>> On Wed, 24 Nov 1999 11:15:01 +0100, "Julian LEWIS"
>> <[EMAIL PROTECTED]> wrote:
>>
>> > A second dumb question, how are the prime numbers generated ? Is it
>> >2^(n-1) or what ?
>>
>> Simple method: Generate a random number of N bits, check to see if
>> it is prime. If not increment by one, repeat until you find a prime
>> number.
>
>I'm sure you meant increment by two.
Oops, sure did. Also forgot to insert the "odd" in the sentence as
well. Not much point starting with an even number and incrementing by
two each time. :)
Best Wishes,
Johnny Bravo
------------------------------
From: "Charles R. Lyttle" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Thu, 25 Nov 1999 02:16:33 GMT
Anthony Stephen Szopa wrote:
>
> "Charles R. Lyttle" wrote:
>
> > Paul Koning wrote:
> > >
> > > Anthony Stephen Szopa wrote:
> > > >
> > > > Random Noise Encryption Buffs (Look Here)
> > > >
> > > > It has already been done.
> > > >
> > > > Here is the bare bones idea: use a random noise generator and
> > > > connect the output to an analog to digital converter.
> > > >
> > > > Create lots of CD-ROMs filled with these random bits.
> > > >
> > > > Then combine 2 or more of these CD-ROMs bit by bit starting at any
> > > > desirable starting points on each CD-ROM. The combination of these
> > > > bits from these CD-ROMS will be your random encryption / decryption
> > > > bits.
> > > >
> > > > The idea is that you can make all your random noise CD-ROMs available
> > > > in the public domain.
> > > >
> > > > All you need to do is communicate to your recipient which CD-ROMs to
> > > > use and what starting point to begin on each CD-ROM. And use
> > > > the combinations of CD-ROMs and starting points only once.
> > > >
> > > > This is patented by Fawcett, Jr. #5,414,771 - 5/1995.
> > >
> > > Cute.
> > >
> > > I would call that a book code. Doesn't sound novel or non-obvious
> > > to me, but then again that isn't an issue in practice with patents...
> > >
> > > Also, avoiding the use of a given combination and starting point
> > > is not sufficient. If you ever use two segments that overlap,
> > > you have a Venona cipher... :-)
> > >
> > > Lastly, it seems that this would be vulnerable to brute force search.
> > > The effective key length ((6E8 * number of disks) ^ 2) just isn't all
> > > that large a number...
> > >
> > > paul
> > >
> > > --
> > > !-----------------------------------------------------------------------
> > > ! Paul Koning, NI1D, D-20853
> > > ! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
> > > ! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
> > > ! email: [EMAIL PROTECTED]
> > > ! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
> > > !-----------------------------------------------------------------------
> > > ! "The only purpose for which power can be rightfully exercised over
> > > ! any member of a civilized community, against his will, is to prevent
> > > ! harm to others. His own good, either physical or moral, is not
> > > ! a sufficient warrant." -- John Stuart Mill, "On Liberty" 1859
> > A brute force search isn't required. Random noise sources aren't quiet
> > "white" but are "colored", some values tending to be more common than
> > others. Thermal sources tend to be "pink". Using more disks from the
> > same source doesn't make the data more random. Using the slight
> > non-randomness will permit the discovery of some potential values. You
> > need only search those combinations that produce the potential values at
> > the correct settings.
> > There are any number of algorithms for doing a rapid search to find the
> > most likely disk positions. Also note that adding more disks may reduce
> > the randomness of the results. I once (in a class) saw a similar system
> > that produced only about 100 out of 128 possible values, and those
> > skewed badly to the high numbers. Those messages were ealsily read by
> > first assuming the key string was all high probable numbers and looking
> > for the letter "e" to appear, or "t?e". Keep those and replace the
> > others with the next probable value and so on. Soon a candidate word
> > would appear and that key substring could be used to complete and entire
> > key string, which may or may not have been the original key.
> > --
> > Russ Lyttle, PE
> > <http://www.flash.net/~lyttlec>
> > Thank you Melissa!
> > Not Powered by ActiveX
>
> Your observation of potential bias is insightful.
>
> In the bare bones explanation I did not mention that the patented
> specification DID include a method for eliminating any bias that may
> result from the described process.
A good method of eliminating bias is valuable in and of itself. There
are lots of things in addition to Crypto that need a good un-biased
random noise input stream. For example, some radar signal processing
requires a "white noise" source and those sources are very expensive.
--
Russ Lyttle, PE
<http://www.flash.net/~lyttlec>
Thank you Melissa!
Not Powered by ActiveX
------------------------------
From: "Charles R. Lyttle" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Thu, 25 Nov 1999 02:25:07 GMT
Paul Koning wrote:
>
> "Charles R. Lyttle" wrote:
> > A brute force search isn't required. Random noise sources aren't quiet
> > "white" but are "colored", some values tending to be more common than
> > others.
>
> That's an interesting point, but my observation (vulnerable to
> brute force search) still applies even if the CDs contain
> cryptographically
> acceptable white noise. There simply isn't enough of it, if the
> bits are known and only the starting points kept secret.
>
> paul
I agree with you. But there are ways to shortcircuit the brute force
search, especially if you have some plain text. Think of solving an
Enigma cipher if you have the machine, but don't know the start
position.
--
Russ Lyttle, PE
<http://www.flash.net/~lyttlec>
Thank you Melissa!
Not Powered by ActiveX
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: Do flight data recorders use encryption?
Date: Thu, 25 Nov 1999 02:38:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dan Day) wrote:
>On Sat, 20 Nov 1999 21:12:03 -0800, "@li" <[EMAIL PROTECTED]> wrote:
>>For example, when the 'data' was first
>>released, the alleged quote of the co-pilot was "I made my decision now, I
>>put my faith in God...", but just a couple of days ago, ABC said that the
>>copilot never said the first part of that sentence... Clearly there is some
>>foul play, but on what level????
>
>As the old saying goes, "never attribute to malice that which can be
>adequately explained by incompetence".
Actually, it could also be attributed to incomplete information.
Suppose that the co-pilot was praying under his breathe, and it was hard
to make out what he said on the tape. They might first suspect he said
"I made my decision now...", but later, when they got in experts in
Egyptian Arabic, they decided that wasn't what he was saying at all.
>No actual lies or "foul play" need be involved.
Yep, we don't have enough information to even have an opinion...
--
poncho
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: sci.math,sci.misc,alt.privacy
Subject: Re: Cryptological discovery, rediscovery, or fantasy?
Date: Thu, 25 Nov 1999 04:10:32 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Dan Day)
wrote:
>On Sat, 20 Nov 1999 15:18:37 -0500, DSM <[EMAIL PROTECTED]>
>wrote:
>>Key requirements of algorithm:
>>1) There must be no way to reveal whether a second
>>(or third, fourth, etc.) data block is present or
>>absent.
>>2) The above entails that message block size must
>>remain constant given varying input block sizes.
>>This would make any such technique woefully inefficient.
>>
>>Could such an algorithm exist? Is it already in use?
>
>Well, the trusty One Time Pad can be used that way.
>
>Have floppies or CD-ROMs of the "real" key, and another
>set of disks with a "fake" key that instead decodes the
>encrypted data into, say, "The Joy of Cooking".
>
>The nice thing about the One Time Pad method (and the
>very reason for its unbreakable strength), is that with
>appropriate keys, it can be "decoded" into ANY possible
>plaintext. There's simply no way for an adversary to
>determine what is the "real" keyset/plaintext.
>
>When you get caught, hand over the fake keyset.
>
>For that matter, the real keyset may not even exist anymore,
>since you can destroy it after sending your encrypted message,
>or receiving and reading one. A complete search of your
>possessions would turn up nothing but the "Joy of Cooking"
>keyset (handily labeled, "One Time Pad -- Secret!")
>
>As for plausible deniability, you can say, "I didn't want to
>get caught breaking copyright laws by emailing a copyrighted
>book to my friend a chapter at a time -- I'm so ashamed."
>
>
Since the FBI of late is known to manufacture incriminating evidence
it might not make a real difference. They could decide what they want
to say you sent and then make the phony OTP to prove you did. It is
the kind of thing a police state does best and Clinton is takng us there
full speed.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: been a while since I used pgp
Date: Thu, 25 Nov 1999 03:41:01 GMT
"David Christian" <[EMAIL PROTECTED]> wrote:
> is the newest version still safe? Or does it have backdoors in it for
the
> government to intercept?
>
I was curious about the newer versions myself. PGP is discussed in
detail over on alt.security.pgp. I am a newbie lurker here in
sci.crypt, and not an expert in crypto like the rest of these guys.
This question probably gets asked a lot.
I really enjoyed looking over the source code for PGP version 2.6.3, and
would like to compare the random pool generation and use to PGP versions
5.0 and up. Major change for later versions have PGP aquiring their
"random" seed without the user having to make random keystrokes.
This is all just a casual hobby for me and the later versions are much
more complex then the DOS classic, but it is fun to look and see how it
has migrated over time.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Thu, 25 Nov 1999 04:26:24 GMT
In article <81hm89$140u$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Tom I get tired of anwsering your posts since you never seem to
> understand what I answer anyway. I guess I get so angry with your
> inability to understand that I make more typos. When I see you able
> to understand things better maybe I will cool down and anwser more of
> your posts. Antway you have my email address if you really want to
> ask.
Nah, why don't you answer my original question [with the enumerated
steps]?
1. Make random K
2. Encrypt M with CBC mode of any cipher E
3. Ditch K
Explain where your attack plugs in after 3...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers Question
Date: Thu, 25 Nov 1999 05:02:45 GMT
In article <[EMAIL PROTECTED]>, Paul Koning
<[EMAIL PROTECTED]> wrote:
> Julian LEWIS wrote:
[snip]
> > I checked it out on ...
> >
> > http://xfactor.wpi.edu/Works/MQP/securenet/root/node39.htm
> > now I understand how the pseudo primes are generated.
>
> nonono... not "pseudo primes". They are primes. Typically they
> are tested with probabilistic primality testers (though they don't
> have to be) but that doesn't make them pseudo primes!
That would make them "probable primes," (perhaps *very* probable primes)
in contrast to the result of deterministic primality tests, which are
"provable primes."
For some reason I can't follow the link above, so I'm not certain of
the context. Nevertheless, here's my quibble: probablistic tests
(e.g., Fermat or Miller-Rabin) do produce (weak or strong) pseudoprimes.
The _Handbook of Applied Cryptography_ gives examples: Fermat's
theorem gives a**(n-1)=1(mod n) for all a, 1<=a<=n-1 if n is prime. The
composite integer 341 is pseudoprime to base 2 since 2**340=1(mod341).
The number 2 is a Fermat liar for 341. The Fermat primality test could
declare probably prime the (composite) Carmichael number 561, for which
a**(n-1)=1(mod n) is true for all a, 1<=a<=n-1 except 3, 11, and 17 and
their multiples.
To complete the examples (I'll leave out the formula this time), the
Miller-Rabin test could declare probably prime the (composite) number 91
because the list of strong liars for it is long (1, 9, 10, 12, 16, 17,
22, 29, 38, 53, 62, 74, 75, 79, 81, 82, and 90). The number 91 is a
strong pseudoprime to these bases.
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Decryption software
Date: Thu, 25 Nov 1999 05:53:00 GMT
Albert,
If you could, please e-mail me at [EMAIL PROTECTED] (before Sunday) or
[EMAIL PROTECTED] (after Sunday). I would like to arrange to download a
copy of your software. If it's not too big, you could just attach it
to the e-mail message. Thanks a million.
Jeff
In article <[EMAIL PROTECTED]>,
albert <[EMAIL PROTECTED]> wrote:
> Again, I have a frequency checker that I can send to you if you
like. It
> will read in the file, and then output the frequency, both in count,
and
> in percentage. That way, you can match it against a dictionary file,
or
> count of the english language etc...
>
> Albert
>
> [EMAIL PROTECTED] wrote:
>
> > I'm looking for software to crack simple ciphers. It should be
able
> > to do frequency analysis and search for patterns in the code, among
> > other things. If anyone knows where I can find this, please let me
> > know.
> > Jeff
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (MEGstir)
Subject: Has anyone used CryptoPunk?
Date: 25 Nov 1999 06:44:51 GMT
Have you used CryptoPunk, if so, what do you think about it? Any comments is
greatly appreciated. Thanks much.
>Can you provide a URL or other reference to this software?
http://www.winsite.com/info/pc/win95/misc/CryptoPunk11.zip/
http://download.cnet.com/downloads/0-10105-100-917695.html?tag=st.dl.10000
_103_1.lst.titledetail
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Thu, 25 Nov 1999 07:11:02 GMT
In article <G9X_3.1691$[EMAIL PROTECTED]>,
"Michael Scott" <[EMAIL PROTECTED]> wrote:
>
>Scott Fluhrer <[EMAIL PROTECTED]> wrote in message news:81h3v1>
>
>>The whole point of above is that for a strong prime [1], there are
>> no bad choices (other than the trivial really bad choices 0, 1 and -1).
>> You don't know whether G=3 gives you a group of size p-1
>> or of size (p-1)/2
>
>Ah but you do. If G=3 and p is a strong prime, then 3 is always a quadratic
>residue, and so generates a group of order (p-1)/2 - which is prime.
Cool! I never noticed that before. I'm so grateful for you showing me
something I didn't know before, I'll refrain from mentioning that the
above statement is technically false, in that 3 is not a quadratic
residue for the two cases p=5 and p=7 :-)
>> [1] Strong prime in this context means p and (p-1)/2 are both prime
--
poncho
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
