Cryptography-Digest Digest #294, Volume #11 Fri, 10 Mar 00 09:13:01 EST
Contents:
Re: sci.crypt Cipher Contest Web Site (Xcott Craver)
Re: sci.crypt Cipher Contest Web Site (Xcott Craver)
Re: PGP Decoy? (Xcott Craver)
Re: RC4 and salt (Impervious)
Re: An archiver with secure encryption ("Rick")
Re: Mixmasters encrypt how? (Anonymous Sender)
Re: Crypto Patents: Us, European and International. ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? (TheGolem)
WTLS Certifcate Format (Anuj Seth)
ZIP format is gone in the past. ("finecrypt")
Re: ZIP format is gone in the past. ("ink")
Re: Passphrase Quality ? (Mok-Kong Shen)
Re: Universal Language (Mok-Kong Shen)
Re: PGP Decoy? (Russell Horn)
Re: Best language for encryption?? (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: sci.crypt Cipher Contest Web Site
Date: 10 Mar 2000 09:13:40 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
> AES is a fucking joke. The only time it would be worht looking at is when
>they finally pick a final cnadidate becasue we can be sure it will be weak
>so the NSA can read what is encrypted with it.
Well, maybe you could just crack all those AES submissions,
then. I mean, if they're so obviously weak, and all.
>David A. Scott
>**NOTE EMAIL address is for SPAMERS***
Sorry for the spelling flame, but you've been using this
signature for a very long time. It's "SPAMMERS," with two 'M's.
-S
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: sci.crypt Cipher Contest Web Site
Date: 10 Mar 2000 09:21:40 GMT
<[EMAIL PROTECTED]> wrote:
>Mr. Silverman,
>
>I have spent a huge amount of time studying the finalist in AES. Just
>like everbody else I haven't found much of anything. I have had alot of
>fun and education, however.
>
>Studying a cipher that is almost certainly secure is a poor way to
>learn. A better way is to study ciphers that have weakness but with the
>exact nature of the weakness unknown to you.
Hey, another possibility for a contest.
What about a monthly contest, where someone constructs a
cipher or protocol with a certain set of subtle weaknesses, and
challenge the group to find them? Not a cryptography contest,
but an analysis contest. I mean, any illiterate dink can author
a cipher.
>Any ciphers that are submitted by members of this group are likely to
>contain some weakness. In fact, it would be fun to design in a weakness
>and see if anybody could find it, perhaps I'll do that.
Oops, I should have read further before replying. Yes,
wot you said :D
>--Matthew
-S
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Crossposted-To: comp.security.pgp.discuss,alt.security.scramdisk
Subject: Re: PGP Decoy?
Date: 10 Mar 2000 09:34:55 GMT
Thomas J. Boschloo <[EMAIL PROTECTED]> wrote:
>
>Maybe Steganography will do the job for you. You can then just hide the
>word document inside a .wav, .bmp or .gif file. Scramdisk 3 will do this
>when it is finaly released I believe I heard the author say in
>news:alt.security.scramdisk.
Better yet, there's an entire steganographic filesystem, developed
at Cambridge U. The files are hidden in unused blocks on your
disk, all unused blocks littered with random noise, so that
there's no way to tell without the appropriate key whether
the unused blocks contain nothing or something, or how many or
how large files are saved in it.
See http://ban.joh.cam.ac.uk/~adm36/StegFS/. It's for Linux,
and is GPLd.
-S
------------------------------
From: [EMAIL PROTECTED] (Impervious)
Subject: Re: RC4 and salt
Date: Fri, 10 Mar 2000 09:52:39 GMT
Sorry for the newbie question, but what is "salt"? Are we talking
password hashing here? If so, I had a question concerning RC4 password
hashing... Can I use SHA to create a hash and then use MD5 to hash the
hash? Is this a good idea or stupid? Please be kind.... :)
------------------------------
From: "Rick" <[EMAIL PROTECTED]>
Subject: Re: An archiver with secure encryption
Date: Fri, 10 Mar 2000 04:05:27 -0600
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:RWTx4.9374$[EMAIL PROTECTED]...
>
> Steve A. Wagner Jr. <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > *** The United States government may restrict download of this software.
> > ***
> >
> > Fully enabled Shareware -- http://mndrppr.home.mindspring.com/
> >
> > I hope you find it useful, and send me some comments either way.
> >
> > Algorithms: Triple-DES, TwoFish (256bit), BlowFish (448bit)
> >
> > Compression: Store, Zip4, Zip6, Zip9, and an added proprietary method
> > for large redundancies.
> >
>
> Why not just use deflate?
>
> http://www.cdrom.com/pub/infozip/zlib/
Could it be that Zip9 *is* deflate? The only reason I ask is that there
appears to be a progression -- 0 (store), 4, 6, 9 -- from least to most
compression??
> As for the ciphers, why use 448 bit keys? Is this a symmetric system or
> does PK get used anywhere?
>
> Tom
Why not use 448 bit keys if that's what Blowfish can accept? No PK needed in
this case, strictly symmetric.
My comments below are enclosed in square brackets "[ ]".
>From blowfish.cpp in Wei Dai's Crypto++ library:
for (i=0 ; i<ROUNDS+2 ; ++i)
[ ROUNDS is preset to 16, and the P-box is (16 + 2)*sizeof(long) bytes
long -- note that you can't increase rounds without increasing size of
P-box. This loop will cycle 18 times. The varible "data" is an unsigned long
(BF_LONG in SSLeay, word32 in Crypto++).]
{
data = 0 ;
for (k=0 ; k<4 ; ++k )
[ This subloop will just move 4 bytes of keystring into the varible "data"]
data = (data << 8) | key_string[j++ % keylength];
[ The j++ % keylength causes the index of key_string to wrap around
circularly to the beginning of the keystring. The effect is to concatenate
the keystring to itself enough times to make it ROUNDS+2 * sizeof(word32) in
length ]
pbox[i] ^= data;
[ And now we XOR the four bytes of key_string into the i'th location of the
P-box]
}
When the above is done the P-box will have been initialized with (16 +2)*4
bytes of key, regardless of whether your original key was 128 bits or not.
My calculator says that's 72 bytes, or 576 bits. The effective key length is
often quoted to be 448 bits. I don't know exactly why... I vaguely remember
something about an attack on the P-box when very long keys were used -- but
that could have been a different algorithm, too. There's also the
consideration of the entropy of a 72 char key, or a 16 char (128 bit) key
extended to 72 chars. Maybe Mr. Schneier will elaborate (Or correct any
misunderstanding on my part)??
Steve: I just finished this, and it's only 4:00AM, so I think I'll download
your app and check it out. Thanks for making it available.
Rick
------------------------------
Date: Fri, 10 Mar 2000 06:26:39 -0500
From: Anonymous Sender <[EMAIL PROTECTED]>
Subject: Re: Mixmasters encrypt how?
Crossposted-To: alt.privacy.anon-server
On 8 Mar 2000 18:29:02 +0100,
[EMAIL PROTECTED] (Ulf Möller) wrote:
>This is an unfinished draft, but it should contain most of the
>information you need.
Nice documentation! So where will we find this document once it's
done?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Crypto Patents: Us, European and International.
Date: 10 Mar 2000 11:57:10 GMT
Is my English that bad? You're not responding to what I in fact wrote.
In a previous article, <[EMAIL PROTECTED]> writes:
>No copyrights protect the explicit expression of an idea.
That's not what i wrote. _You_ have copyright to _your_ expression of _your_
ideas. Others may (or perhaps in some cases may not) express the same idea
without violating your copyright, but only as long as it is not clear that
they quote your expression in full.
Copyright protects your rights even if someone translates your work into some
foreign language (why not from PASCAL to C?), it protect the rights of a
songwriter when some artist perform his work (why not an integer algorithm
when an application developer uses it?), it protects you to some extent from
parodies and pastiches (why not "improved" or sloppy implementations?) and it
protects you even if your work is included in an antology and an author adds
a lot of notes to it.
>Certainly not. YOu would violate the copyright only if you copied the
>expression of someone else's implimentation of IDEA. If you showed that
>you derived that expression yourself without reference to anyone else's
>expression, you would not violate the copyright even if yours was word
>for word the same as theirs. (Of course convincing a court that you had
>not copied it in that case would be a difficult task, but it would be
>possible).
The essential premise of my argument is that the use of the name "IDEA" would
make it perfectly clear from what source or sources I had derived my
expression of the algorithm. Chances are practically null that I would
independently come up with that algorithm, use it for encryption and call it
"IDEA".
>No it need not be. If you can show that that one line poem is the only
>way of expressing that idea, then copyright fails. (of course the courts
>would interpret what the idea was fairly broadly so proving it was the
>only way would be difficult.)
That is an interesting, but obviously faulty, argument. How could I express
the entire, integer idea behind Shakespeare's Henry VIII without actually
copying that work? Does this mean that it could not have been copyrighted?
(The copyright has of course expired by now anyway.)
>>the copyright, but not in public if the context makes it obvious that you
are
>>quoting that line.)
>
>Actually if that one line poem was copyrightable, then your quoting the
>whole of that poem would probably run you afoul of copyright. Copying a
>substantial part of a copyright work does not fall under the fair use
>doctrine.
Are you arguing that the right to quote in such case would have precedence
over the author's copyright? That would certainly depend on how you are using
that quote: As an example in a compendium, yes. As an integer procedure
inside a program, no.
>>One might also ask oneself why anyone would like to market an
implementation
>>of IDEA without calling it IDEA... It seems like an odd marketing strategy.
>>;-)
>
>RC4 vs ARC4--- Trademark law which is yet another area distinct from
>copyright or patent..
As I said, the usage of the same name would make it obvious to anyone from
where you derived the expression of the algorithm. Trademark law is to be
applied on top of that, but is a different matter.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
Crossposted-To: comp.security.misc,alt.security.pgp
From: TheGolem <[EMAIL PROTECTED]>
Subject: Re: Passwords secure against dictionary attacks?
Date: Fri, 10 Mar 2000 12:26:05 GMT
What is hash, i.e. SHA1, etc.? I've seen it before but since I use pgp on
a unix box I don't know anything about it. Can someone point me somewhere
to get that info?
TheGolem
http://pnews.org/
On 1 Mar 2000, Bill Unruh wrote:
> In <LAYu4.2373$[EMAIL PROTECTED]> "Gordon LaVere"
><[EMAIL PROTECTED]> writes:
>
> ]Is there a program maybe a hash oprogram that would take my 8 or more letter
> ]plain text pass phrase and give me a suitable. Truly random pass word.
>
> Sure. Any good hash will do what you want. (Clearly it is NOT TRUELY
> random, since it is created with your passphrase).
> MD4,MD5,SHA1,crypt(3),...
>
> ]I could remember mary had a little lamb. Then I got " $r9,e>iwlu". IT
> ]would repeat the process
> ]the same each and every time. Hmmmmmm I supose the bad guy could get the
> ]same program and try all
> ]of the words . . How would he know when he hit the right combination ?
>
> by comparing to the output. eventually you need an output (eg a hashed
> passphrase) and he can compare his output to yours. Note that this gives
> additional protection as an arbitrary length passphrase can be used. It
> does not however ultimately increase the theoretical strength of say
> crypt(3).
>
> ]Since he world never see
> ]$r9,e>iwlu. Is just my simple mind or could SH-1 do that?
>
>
>
------------------------------
From: Anuj Seth <[EMAIL PROTECTED]>
Subject: WTLS Certifcate Format
Date: Fri, 10 Mar 2000 12:20:16 GMT
Greetings,
Could someone be kind enough to let me know the WTLS Certificate Format
and the format for its CSR (Certificate Signing Request)? The WTLS
specifications available at www.wapforum.org doesn't give much
information on it.
Thanks a ton,
With Regards,
Anuj Seth
Visit my homepage at http://anujseth.tripod.com/ and
http://www.geocities.com/anujseth
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "finecrypt" <[EMAIL PROTECTED]>
Subject: ZIP format is gone in the past.
Date: Fri, 10 Mar 2000 15:52:35 +0300
It's more and more people prefer to use self-extracting executables instead
of zip archives. FineCrypt is the most popular tool in the world for
creating strong encrypted self-extractors. Try it now.
http://www.finecrypt.com
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: ZIP format is gone in the past.
Date: Fri, 10 Mar 2000 14:14:54 +0100
finecrypt schrieb in Nachricht <8aar8b$it7$[EMAIL PROTECTED]>...
>It's more and more people prefer to use self-extracting executables instead
>of zip archives. FineCrypt is the most popular tool in the world for
>creating strong encrypted self-extractors. Try it now.
>
>http://www.finecrypt.com
>
>
I can't second that - I for my part see ZIP files ad documents
which are opened with an application. And just as with VBA
I don't like to see documents developing their own life.
Just my humble 2 Cents.
Kurt
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Passphrase Quality ?
Date: Fri, 10 Mar 2000 14:24:40 +0100
r.e.s. wrote:
>
> BTW, the password grid idea isn't new, and was specifically and strictly forbidden
>in one of my former workplaces decades ago.
It is a little bit special case of the 'simple grille', but its
application isn't bad, I suppose. Why were your former superiors
so sensitive to its use?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Fri, 10 Mar 2000 14:24:56 +0100
Jim Gillogly wrote:
>
> It seems to me M-K Shen is asking for an "a priori" language such as
> Dalgarno's philosophical language, or like Loglan/Lojban. I find Lo***an
> very difficult to learn despite its logical structure... and I don't
> think it's just the vocabulary that makes it tough. I doubt that there
> are any fluent speakers of it, though a few conversations in these
> languages had been held the last time I was paying attention to them.
Though natural languages as such strictly speaking aren't on-topic
for this group, I believe that prospects of developing a new 'natural'
language with fairly minimal redundancies are (cf. compression
before encryption.) Hence I would like to repeat my thoughts in a bit
detail. Having spent quite much time to learn a few foreign languages,
I find that the biggest stumbling stone is always the grammar.
All grammars have exception rules. Why couldn't we have 'mans'
instead of 'men'? There are much redundancies buried in the diverse
rules. For example, consider 'He speaks to me'. The verb need not
be conjugated depending on person, since the person is already
expressed there. Next, the case of nouns seems unnecessary.
Thus 'me' could be replaced by 'I'. Further, the intransitive use
of 'speak' could be substituted with a transitive one (compare
'He pushes me'), I believe. So the result would be 'He speak I'.
This certainly sounds riduculous to us. But this is only because we
are so 'accustomed' to the grammar of English that we couldn't
easily conceive that it could have been otherwise. On the other
hand, one should recall that English grammar is nonetheless
comparatively simple. German is more complicated (I like though
the possibility of concatenating two nouns to form a compound)
and Russian is even more complicated in my view. Someone told me
that Finnish grammar is very very complex. So, to simplify learning,
we should simplify (rationalize) the grammar to make it everywhere
regular and with much less redundancies. Doing so to the extreme,
however, could have essential disadvantages. For the language
might become so 'rigid' that there is no more space left for the
creativity of the authors of literatures. But it may be useful
as an intermediate language for persons of different native
languages on occasions of commercial negotiations, for travelling,
publication in mathematics, etc.
As I mentioned, the forms of the word and the phonetics are also
important. We want low redundancies in the words, but we evidently
can't go too far, or else we'll probably have difficulties in
remembering them, I believe (because the Hamming distances are
too small?). In phonetics unamguities should be reduced (to be
achieved through the vocabulary). Certainly the liason and
unpronounced 'syllables' of French are not to be prefered.
Finally, it is clear that there should be an alphabet, i.e.
ideographs like Chinese are out of the question. But the alphabet
itself is also important. The characters should be easily
distinguishable for optical scanning. (Shouldn't one design a new
one to optimize that?) I surmise, though I really don't know, that
alphabets of the arabic languages are less advantageous in this
respect.
I am not familiar with languages like Loglan/Lojban. Could someone
please say a few lines about their essential features? Thanks.
M. K. Shen
------------------------------
From: Russell Horn <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.scramdisk
Subject: Re: PGP Decoy?
Date: Fri, 10 Mar 2000 13:46:09 +0000
In article <[EMAIL PROTECTED]>, Andru Luvisi
<[EMAIL PROTECTED]> was heard to say:
>
>This also has the very serious problem that there isn't any way to
>prove that you've given up all of your keys. If people are beating
>you to get your keys out of you, there isn't any way you can ever
>convince them you gave them all of your keys, so there isn't any way
>you can get them to stop beating you.
>
>Andru
I see it more with regards to the proposed UK legislation. I wouldn't
expect to be beaten, but I could be threatened with imprisonment if I
refuse to hand over my private key. Such a solution would allow me to de
exactly that with no way for the procurator to prove otherwise.
--
Russell Horn
This edition of my .sig has been shortened due to industrial inaction.
Normal service will be resumed as soon as possible.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best language for encryption??
Date: Fri, 10 Mar 2000 14:55:26 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Paul Schlyter wrote:
>> long l = 1000000L;
>> short s;
>> s = l;
>
>Of course, if your algorithm is wrong, you get wrong results.
>
>> And integer overflows are silent too in C/C++.....
>
>Signed integer overflow is undefined behavior.
>Most practical procedural languages, strongly typed or not,
>don't check for such overflow, because it greatly slows down
>the non-overflow case in the generated code (unless the
>particular machine provided suitable traps, not something
>the language can depend on in general).
>
>> > In C, the way to define a new type is with a struct or union
>> > declaration. Such types *are* treated strongly; there is no
>> > automatic mixing allowed among such types (nor between them and
>> > the built-in types).
>> ...and you can't do any operations on them either, except assignment,
>> sizeof and and "address-of" (&). In good ol' K&R C you couldn't evne
>> do struct assignment....
>
>Since one has to define the semantics of such operations anyway,
>the fact that in plain C the syntactic form has to be a function
>call is a minor nuisance. Of course, C++ provides a way to define
>the semantics for built-in operators for user-defined types. This
>doesn't seem to be a matter of "strong typing", since the same
>criticism could be made of most languages other than C++, say,
>Pascal, which you used as an example of a strongly typed language.
>
>> Which there almost are: if a floating-point type is converted to/from
>> an integer type, some actual conversion is done, otherwise the bit
>> pattern is just copied.
>
>No, in C conversions are of values, not representations. It may
>well happen that two types have similar representation, for
>example in C implementations on many word-addressable machines,
>all pointers to objects of size >= wordsize have the same
>representation, while pointers to objects < wordsize often have
>one or more different representations. Conversion among pointers
>having different representations is definitely not done by copying
>the bit pattern.
>
>> This originate from the K&R C paradigm "Everything is an int"
>
>That was never quite true (consider "char"), and certainly is
>not the current paradigm.
>
>> unsinged int u = -1;
>> if ( u < 0 ) .....
>
>None of the C programmers I know would make that mistake,
>and indeed the compilers (or "lint" on the older systems)
>generally warn you about comparison of unsigned with
>negative integers (it's a constant condition, so it is
>most likely a bug).
>
>> The C paradigm of "trust the programmer" worked fine when the C
>> programmers were quite few and very skilled, but often lead to
>> disasters when C became a "language of the masses" and many
>> not-so-trustworthy programmers started using it.
>
>C is the Ginsu knife of procedural programming.
I still have several Ginsu knife sets for may things they sure
work great.
But I did by the sets at the dollar store. For only a buck each.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
