Cryptography-Digest Digest #714, Volume #10 Fri, 10 Dec 99 02:13:01 EST
Contents:
Re: Any comments on "Day of Deceit" by Robert Stinnett? ("Douglas A. Gwyn")
Re: Random Noise Encryption Buffs (Look Here) (Dave Knapp)
Re: Shamir announces 1 sec break of GSM A5/1 (Tom St Denis)
Re: weak algorithm, too hard for me (Gaccm)
Re: symmetric encryption based on integer factoring (Scott Fluhrer)
Re: Shamir announces 1 sec break of GSM A5/1 (Ian Goldberg)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 ("Trevor Jackson, III")
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 ("Trevor Jackson, III")
Re: If you're in Australia, the government has the ability to modify ("Trevor
Jackson, III")
Re: NSA future role? ("Trevor Jackson, III")
Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe in
a paper ... ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Any comments on "Day of Deceit" by Robert Stinnett?
Date: Fri, 10 Dec 1999 03:18:29 GMT
Gondolin Remailer wrote:
> FOIA requests) to bolster the revisionist case. The main allegation
> by the critics (a couple of whom claim to be Navy crypto experts) made
> in reply seems to be that Stinnett was sloppy in how he characterized
> American cryptanalysis capabilities in 1940/1941. The question is, is
> this just irrelevant nit-picking by the critics, or did Stinnett
> really miss something important?
Stephen P Budiansky's review is right on the mark.
I have no love of FDR, but it is certain that the US did not
know specifically that Pearl Harbor would be attacked at about
that date. One thing the Japanese cleverly did was to leave
their radio operators behind, transmitting in their recognizable
"fists", to convince us that their ships were still in home
waters when in actuality they were sailing under radio silence.
------------------------------
From: Dave Knapp <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Fri, 10 Dec 1999 03:48:27 GMT
On Fri, 10 Dec 1999 02:32:46 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Guy Macon wrote:
>> I was under the impression that the exponential decay came
>> from the fact that there are a finite number of atoms in
>> the sample and that each atom decays only once. I don't
>> think (correct me if I am wrong) that individual radium
>> atoms have an exponential decay expectation.
>
>Okay: you're wrong. Even an individual nucleus in an excited
>state has a well-defined decay "half-life" and thus an
>exponential function of time for its decay probability.
Actually, for a change, _you're_ wrong! It's the first time I've ever
seen.
An individual nucleus (or any other kind of quantum system) has a
constant decay probability per unit of time. As a result, the
integral probability that it has decayed by a certain time is
exponential, but the probability of decay is constant.
-- Dave
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Shamir announces 1 sec break of GSM A5/1
Date: Fri, 10 Dec 1999 03:54:59 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> What do you have to do with this? GSM is used in the US too, yes, and
> this newsgroup isn't for americans only, no.
But why I thought GSM was seriously flawed [on the crypto side].
> >Second I seriously doubt the size of their HD affects the attack
speed.
>
> Of course the amount of data you can play with affects the attack
> speed.
Generally though you don't consider it because disk speeds are much too
slow. A million reads from a hd is much slower then from mem.
> No, GSM voice communication is always encrypted.
... Over the air ... [or am I just plain wrong here?]
> >Fourth Why not just point to the url of the article?
>
> Because it's easier to read it right away when posted? It wasn't very
> long.
Maybe.
> >That's my 2 cents.
>
> They're not worth much ...
Well they are canadian cents so with the exchange rate it's about one
billionth of a penny or so.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Gaccm <[EMAIL PROTECTED]>
Subject: Re: weak algorithm, too hard for me
Date: Thu, 09 Dec 1999 21:10:22 -0800
Reply-To: [EMAIL PROTECTED]
so how were you able to solve it?
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: symmetric encryption based on integer factoring
Date: Fri, 10 Dec 1999 05:45:51 GMT
In article <82oub7$dg2$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>I was plumbing around with the idea of a cryptosystem based around
>factoring such as
>
>C = (P * g^x) mod p
>P = (C * g^-x) mod p
>
>Where given the ciphertext you have to factor it to determine what the
>plaintext could be [as long as p is prime, and g is a generator, and
>that the mult. inverse of g is a gen as well].
This problem appears to have nothing to do with "factoring". It's
strength, if any, looks like it be closer to the discrete log problem.
Also, the multiplicative inverse of a generator is always a generator,
so there's no need to specify it directly.
> Each message would
>have their own 'x' derived somehow [RNG?]
Well, lets make a preliminary analysis of it. I assume that g and p are
publicly known parameters. Since you do not describe how x is generated,
let us assume that all possible values of 0 <= x < p-1 are equally probable.
Then, we immediately note that all values of g^x from 1 <= g^x < p are
equally probable, since because g is a generator, there is a one-to-one
mapping between the two. So, your system could be simplified to:
C = (P * y) mod p
P = (C * y^-1) mod p
Where all values 1 <= y < p are possible. Next, we note that, for any
possible pair P, C, there is a unique y s.t.
C = (P * y) mod p.
In other words, for any C, for each possible plaintext P, there is a
key that will decrypt it to that plaintext. This implies that this
system is essentially an OTP, except it's a lot harder to evaluate.
And so, *all* the strength of the system is in how you generate x.
>
>I then proceded to brutally assalt it. I made an attack using one
>known plaintext if you re-use 'x' or use 'x' values close together [by
>exploiting the base].
>
>So then I ask what would be a good method of choosing new 'x' values
>per message? I was thinking of making x odd, then X=x, x' = x + X, so
>the gap between successive X values is not known. Could the same
>attack exploit it?
Essentially. Assume the attacker has the plaintext/ciphertext for the
first message. Then, he can compute:
g**X = C * P**-1 mod p
Then, given the nth ciphertext Cn, he can compute
Pn = Cn * (g**X)**-n
= Cn * (g**-nX)
I believe any linear method of assigning x's will have the same problem.
>Just an idea :)
BTW: why do you think that this is even slightly practical? You require
a full modular exponentiation for every single message. You can run
RSA just as fast.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Shamir announces 1 sec break of GSM A5/1
Date: 10 Dec 1999 05:51:37 GMT
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Paul Koning <[EMAIL PROTECTED]> wrote:
>: JTong1995 wrote:
>
>:> James Moran, the fraud and security director of the GSM Association in
>:> Dublin, says that "nowhere in the world has it been demonstrated --an
>:> ability to intercept a call on the GSM network. That's a fact.... To our
>:> knowledge there's no hardware capable of intercepting."
>
>: That sounds like a lie.
>
>I doubt it's a fact.
>
>It does /also/ say "to our knowledge", though.
>
>This may /well/ be true - all such ignorance takes is a couple of corporate
>executives with their heads stuffed up one another's backsides ;-)
Well, their *own member companies* make and sell such equipment, both for
testing and law enforcement purposes. If their security director doesn't
know this, well...
Then again, their "Security Algorithm Group of Experts" spent 9.5 man-months
evaluating A5/2, and concluded (this is a quote from their own report,
available as ETSI Tech Report #278):
"The results of the mathematical analysis did not identify any features
of the algorithm which could be exploited as the basis for a practical
eavesdropping attack on the GSM radio path."
And then it took two grad students 5 hours (that's 0.14 man-months)
to find a 2^16 attack.
So, GSM keeps reminding me of the aphorism, "never attribute to malice
that which can adequately explained by incompetence".
- Ian
------------------------------
Date: Fri, 10 Dec 1999 01:15:36 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
H.J. Gould wrote:
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Steve K wrote:
> > > Unless he is carrying a badge. Or a gavel. Then, attempting real
> > > resistance will get you summarily shot, and properly so. Something
> > > about national sovreignty, if I remember my political science
> > > defnintions.
> >
> > It has nothing to do with national sovereignty!
> > The government is authorized, or at least able with impunity,
> > to use force to achieve its ends. That's why it is important
> > for the citizenry to keep a tight rein over the government.
> > Apparently in the UK and Australia the citizens have surrendered;
> > other evidence for that is that they let the agents of the
> > government disarm them (with a consequent, predictable leap
> > in the violent crime rate, especially home invasions). Sheep.
>
> --
>
> I would love to see you substantiate the claim that in those countries where
> the possesion of firearms is legal the violent crime rate is lower. As far
> as I know the rate of violent crimes in the US is at least as high as any
> other country in the world.
Read "The Samurai, The Mountie, And The Cowboy; Should America Adopt The Gun
Controls Of Other Democracies?" by Kopel, David ISBN: 0879757566; Trade Cloth
Cover; Prometheus Books. It contains an extensive analysis of the factors that
affect cross-cultural comparisons regarding firearms.
See also the FBI's statistics on the consequences of victim reactions to violent
crimes. Victims who resist generally fare better than those who do not. Those
who resist with firearms actually do better (sustain less damage) that those who
offer no resistance at all.
The definitive study of firearms vs violent crime is probably Kleck's (Univ of
Florida). Bowman (Univ of Illinois) has an interesting study of the actual
purposes of violent crime in the urban environment (Chicago). His conclusion is
that most aggravated violent crimes (murder et al) are professional criminal on
professional criminal rather than criminal on citizen.
>
>
> However I will agree with you that in a lot of european countries (including
> the Netherlands) the people as a whole do seem to have surrendered there
> right to keep a tight check on their government. Given the history of
> European governments this is definitely a worrying fact.
>
> The fact remains however that, as you yourself so rightly stated, the
> goverenment is able to achieve its ends by the use of force WITH PRAGMATIC
> IMPUNITY. This however is also the case in the US, the right to bear
> firearms not withstanding.
I suspect that conclusion is premature. The issue has not yet been decided in
the United States.
------------------------------
Date: Fri, 10 Dec 1999 01:22:45 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
SCOTT19U.ZIP_GUY wrote:
> In article <82nvqe$adr$[EMAIL PROTECTED]>, "Tim Wood" <[EMAIL PROTECTED]>
>wrote:
> ><snip>
> >>
> >>It was a silly example. Let's replace it with this:
> >>
> >>You have a little box with a little lock. Glued flush inside the
> >>bottom of the little box, is a wire mesh. In the cells of this mesh,
> >>live a few hundred beads, in all colors of the rainbow. They
> >>represent a pass phrase made of the letters r, o, y, g, b, i, and v.
> >>Anyone who picks up the box to examine it, has just effectively
> >>destroyed the data that the pass phrase protects. Bet a nickel they
> >>will even shake it. Key space math, and making the box irresistably
> >>interesting to an intruder, are left as exercises.
> >>
> >>That leaves the problem of data lost forever, and a hopping mad
> >>prosecutor whose toy got broke. So for a more practical solution,
> >>accessble to honest citizens who don't want to risk accidentally
> >>destroying their data just to uphold a principle
> >
> >Of course, if you memorized the passphrase or key (or recorded it in some
> >other hidden way) you could simply pretend that it had been destroyed (by
> >showing the shaken box). You would not even lose your data (hide a backup
> >somewhere).
> >
> >
>
> In a real police state and we may be already there if not close.
A police state is classically defined as a state where the government can arbitrarily
imprison the citizens. The United States reached that degenerate condition in 1986
when the
Supreme Court ruled that "no bail" was not "unreasonable bail".
> It will
> make no difference. Just as it is common for cops to carry throw down
> guns or drugs so they can get people locked up.
Garbage. It used to be possible but modern forensics limits the use of "throw down"
weapons
to the movies.
> It will be even easier
> to plant encrypted data on ones computer with the key of there choice.
> The current court system is a joke any way. The FBI can manufactor
> the evidence it wants to use.
Make up your mind. If the courts are a joke the FBI has no need to manufacture
evidence.
> And any one stupid enough to think other
> wise his not been following the stores in the news about the blue line
> of silence and the LA cop corruption and the recent faking and handling
> of evidence by the FBI.
> What many people are forgetting is that the current government is
> getting about as corrupt as can be. Only the chinese and rich business
> men with there money can get justice any more. I hope the gun manufactors
> sue the police departments for the imporper use of fire arms since the
> feds are using our tax money to go after gun manufactures instead of
> criminals. Our at least they can add a large surchage on the guns that
> find there ways in to cops hands and later onto the dead bodies of citizens
> that the cops dump the guns on.
There is a clinical name for the condition you exhibit.
------------------------------
Date: Fri, 10 Dec 1999 01:25:37 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify
Vernon Schryver wrote:
> In article <[EMAIL PROTECTED]>,
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> >Greg wrote:
>
> >> If you have Microsoft Windows and Internet Explorer, your
> >> government has the ability to modify your files. ...
>
> >It would be nice if you could get your facts straight.
> >Presumably you're talking about the so-called "NSAkey".
> >If so, you've completely mischaracterized it.
>
> Yes, the NSAKey nonsense was silly, but what about an ActiveX applet signed
> in the normal way by a nominally legitimate outfit using its official key?
> How many people go to the trouble of trying to make Internet Explorer
> ignore ActiveX, especially given the obscurity of those buttons, the
> warnings from IE after you fiddle with them, and the hassles should you
> want to "update" your version of Windows or IE or just check to see what
> updates Microsoft is suggesting today?
>
> What about an Outlook Express email attachment?
>
> A paranoid cynic might view the idiotic hysteria about nonsense
> such as the NSAkey, the PIII ID, and IPv6 addresses as calculated
> efforts make the suckers think--er--feel there are no real problems.
I thought so too. Then I reied to install the latest Microsoft(tm) tools.
Visual C now refuses to install unless Internet Explorer is present. I am
unable to conceive of a legitimate reason for such "persuasive" market
positioning.
------------------------------
Date: Fri, 10 Dec 1999 01:32:41 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Jim Dunnett wrote:
> On Thu, 09 Dec 1999 04:21:31 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
> wrote:
>
> > Well it's true no terroist group is likel to put a clean effiecent nuclear
> >device together with out lots of expertise or money to the correct US
> >politican. Any terroist group with money and enriched uranium could
> >build a simple dirty nuclear bomb that could do a lot of damage. It
> >raelly ain't that much to them.
>
> Do you really think they'd have the technology and funds to be able
> to handle plutonium without killing themselves in the process?
>
> Assuming that they can get hold of enough plutonium to make a bang.
I believe a tangential issue makes it entirely possible. The export of clean-room
technology to developing countries has taken place in the pursuit of low-cost
electronic fabrication. That technology is divertable.
Also, since the lethality of Pu leaves plenty of time for productive use of doomed
laborers, a country willing to train new staff on a regular basis would not be
trouble by the high dropout rate.
------------------------------
Date: Fri, 10 Dec 1999 01:34:00 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe
in a paper ...
Gurripato wrote:
> On Wed, 08 Dec 1999 16:20:40 -0500, Paul Koning <[EMAIL PROTECTED]>
> wrote:
>
> >Jim Dunnett wrote:
> >>
> .
> >> >Alex Biryukov and Adi Shamir describe in a paper to be published this week how a
> >> >PC with 128 MB RAM and large hard drives can penetrate the security of a phone
> >> >call or data transmission in less than one second.
> >
> >Is this a real-life confirmation of the already well known fact
> >that the digital cellphone cipher is lousy? At least I remember
> >reading about the flaws of those ciphers quite some time ago.
> >
> >It doesn't sound like the "designers" of that stuff have learned
> >any lessons either, from the stories about recent revisions...
> >
> > paul
>
> Rather, it sounds like the usual donīt-make-waves scheme:
>
> a) Big Company makes a software product
> b) Engineers at BC realizes they screwed it
> c) Accountanta at BC find out the cost of repairing the screw
> d) Big Boss reminds engineers how easily it is to go
> unemployed
> e) Engineers keep silence, and hope nobody notices
> f) Some smart guy finds out b)
> g) Big Company denies or minimizes risks
> h) Consumers believe g)
> Conclusion: just shut up.
I recognize this recipe. NASA used it to create the Challenger disaster. It is quite
reliable.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
