Cryptography-Digest Digest #438, Volume #11 Tue, 28 Mar 00 17:13:02 EST
Contents:
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("Stormshadow")
A newby question: "3DES" is 57.5 bits, and not 168 bits? (Steven C. Den Beste)
Re: Is it really NSA ?! (Doug Stell)
Re: A newby question: "3DES" is 57.5 bits, and not 168 bits? (Bill Unruh)
Re: Is it really NSA ?! ("Adam Durana")
Re: A newby question: "3DES" is 57.5 bits, and not 168 bits? (John Myre)
Re: DES question (wtshaw)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" (Johnny Bravo)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" (wtshaw)
Re: Examining random() functions (Johnny Bravo)
sci.crypt AES3/FSE2000 "reporter" wanted (David Crick)
Re: Is it really NSA ?! (Albert P. Belle Isle)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Tue, 28 Mar 2000 18:57:24 GMT
In article <8boeom$ntb$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
Here's one I just conceived:
There's a young cryptographer who begets
with primal algo*rhythmic* nymphettes,
bed distributively,
inputing constantly,
they produce series of prime n-tuplets.
Yes, I am a true genius of squandering,
procrastination, and goofing off. I may not be
as powerful as the "real" NSA but I, at least,
try to be funny. I will attempt to contribute
crypto- related humor regularly but you can
beg me or, better yet, pay me to stop ;>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Stormshadow" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Tue, 28 Mar 2000 12:15:48 +0300
"PJS" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> 3 - Assassinate Jack Straw.
A temporary solution, which would only prove that there _are_ dangerous
terrorists out there (the assassin) who do not want their encrypted files to
be decrypted. Mr. Straw would become a martyr and Straw's law would certainly
be enforced.
Somehow I don't think that was what you had in mind..
--
Stormshadow <[EMAIL PROTECTED]>
http://www.saunalahti.fi/hirvox/
------------------------------
From: [EMAIL PROTECTED] (Steven C. Den Beste)
Subject: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: Tue, 28 Mar 2000 19:34:19 GMT
If I understand 3DES properly (which is by no means certain) it means that
you take your plainttext and encipher it with DES using a 56 bit key, then
encipher the result with DES a second time using a second 56 bit key, and
then encipher the result with DES a third and final time with a third 56 bit
key. In principle that means you're using 168 bits for a key, but if I
understand things properly, you don't really have 168 bits of strength.
I thought that one of the strengths -- and weaknesses -- of DES was that if
you did the decipher properly, then the engine told you that you had
succeeded even if you didn't know what the plaintext was. (Something to the
effect that if it was done properly then the shift register contained all
zeros after the process. If it contained any 1's, then it was the wrong
key.)
So 3DES is really 3*56bits in strength, and not 168 bits in strength. Rather
than taking 2^112 times as long to solve as vanilla DES, it would take three
times as long.
You first analyze the bitstream by brute force looking for the 56-bit key
used in the outermost enciphering pass. That can be done in a few days with
hardware such as "Deep Crack". You know that you've found the first key
because the hardware tells you.
Once you've done so, you've stripped off the outermost encipherment. You now
attacke it again with the same hardware, to look for the center key -- and
again you know when you've succeeded.
And finally you attack the innermost encipherment. So in terms of time, it
simply requires you to attack DES three times.
The only way it could have 168 bits of strength would be if you could only
tell that you'd found the outer and center keys by successfully removing the
inner key.
Where did I go wrong here? Or am I correct that 3DES is really only illusory
complexity?
========
Steven C. Den Beste [EMAIL PROTECTED]
Home page: http://home.san.rr.com/denbeste
CDMA FAQ: http://home.san.rr.com/denbeste/cdmafaq.html
"I'm a 21st century kid trapped in a 19th centure family"
-- Calvin
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Is it really NSA ?!
Date: Tue, 28 Mar 2000 19:40:42 GMT
On Tue, 28 Mar 2000 18:38:06 GMT, [EMAIL PROTECTED]
wrote:
>just few days after i wrote about PegwitW (which i made from Pegwit)
>i got interesting record in webserver's log file:
>208.153.72.142 - - [28/Mar/2000:09:12:48 +0200] "GET /pegwit/ HTTP/1.0" 200 3257 "-"
>"SpookWeb v1.0b (NSA)"
>so i wonder if it really is NSA ?!
....
>* it downloaded only executable, but not source code
It most likely wasn't the NSA, for the following reasons.
1. If they did visit your site, you would never know it.
2. They would be more interested in source code than the executable
(for cracking purposes, I assume).
3, If they wanted something, they would either ask you or send the
FBI, assuming you are in the US, to ask you.
4. They claim to assume that if its free, it's probably junk. At
least, that is what they tell developers of software intended for sale
and/or export.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: 28 Mar 2000 20:12:28 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Steven C. Den
Beste) writes:
]If I understand 3DES properly (which is by no means certain) it means that
]you take your plainttext and encipher it with DES using a 56 bit key, then
]encipher the result with DES a second time using a second 56 bit key, and
The usual is to decypher with the second key.
]then encipher the result with DES a third and final time with a third 56 bit
]key. In principle that means you're using 168 bits for a key, but if I
]understand things properly, you don't really have 168 bits of strength.
]I thought that one of the strengths -- and weaknesses -- of DES was that if
]you did the decipher properly, then the engine told you that you had
]succeeded even if you didn't know what the plaintext was. (Something to the
??? Have no idea what this means. You may be confusing it with the
crypt(3) function or something. Otherwise you comments do not refer to
anything about DES I know.
]effect that if it was done properly then the shift register contained all
]zeros after the process. If it contained any 1's, then it was the wrong
]key.)
]So 3DES is really 3*56bits in strength, and not 168 bits in strength. Rather
Again, even if I granted your above contention, I do not understand
this. You have no information ( nor does the program) except the
output. There is nothing in the output which will distinguish one key
over the other, except that the right key will produce the decrypted
message. Ie you must know the decrypted message in order to know you got
it right. There is no room in the output for any other information.
There are 64 bits there and that is a 1-1 map from a 64 bit input. There
are no parity bits or anything else which could tell you that you have
teh right answer.
]than taking 2^112 times as long to solve as vanilla DES, it would take three
]times as long.
]You first analyze the bitstream by brute force looking for the 56-bit key
]used in the outermost enciphering pass. That can be done in a few days with
]hardware such as "Deep Crack". You know that you've found the first key
]because the hardware tells you.
]Once you've done so, you've stripped off the outermost encipherment. You now
]attacke it again with the same hardware, to look for the center key -- and
]again you know when you've succeeded.
]And finally you attack the innermost encipherment. So in terms of time, it
]simply requires you to attack DES three times.
]The only way it could have 168 bits of strength would be if you could only
]tell that you'd found the outer and center keys by successfully removing the
]inner key.
]Where did I go wrong here? Or am I correct that 3DES is really only illusory
Because of "meet n the middle" type attacks, one can trade of 56 bits of
key strength if one has 2^56 words of storage space. This is usually
taken to say that 3DES only has 112 bits of strength ( although that
storage requirement is a wee bit steep).
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Is it really NSA ?!
Date: Tue, 28 Mar 2000 15:15:15 -0500
There are many http clients that allow you to specify the user-agent field.
A lot of mirroring tools let you do this to get past people's attempts to
block these mirroring programs, so it would be really easy to visit your
site and say my client was "NSA CRYPTO CRAWLER". Someone could have also
used a telnet application to connect to your http port (80) and done the
request manually. Anyway do you think the NSA would put their name on
something like that, if it does have some sort of devious agenda? OR MAYBE
ITS ECHELON ARCHIVING YOUR SITE!!!! Who knows, who cares, my money is on it
is just someone playing a joke on you.
- Adam
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> just few days after i wrote about PegwitW (which i made from Pegwit)
> i got interesting record in webserver's log file:
> 208.153.72.142 - - [28/Mar/2000:09:12:48 +0200] "GET /pegwit/ HTTP/1.0"
200 3257 "-" "SpookWeb v1.0b (NSA)"
> so i wonder if it really is NSA ?!
> pros:
> * User-Agent field: SpookWeb and NSA
> * they did not visit my webserver before
> * major search engines did not find "SpookWeb"
> * it is not search robot because it also downloaded images and counter
(search engines does not do that)
> cons:
> * why should NSA put strings like that in User-Agent field
> * it downloaded only executable, but not source code
>
> any1 seen "SpookWeb" or know what it is ?
>
> ==
> Disastry http://i.am/disastry/
> remove .NOSPAM.NET for email reply
>
> -----BEGIN PGP SIGNATURE-----
> Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
> Comment: disable line wrap before check this signature
>
> iQA/AwUBOODfUDBaTVEuJQxkEQKCbgCg0oX+mS4SBFtTFVEwbp2EuBXfpdQAn0yF
> /2VokkuWiI0K/BK4lf2oypZj
> =rEmi
> -----END PGP SIGNATURE-----
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: Tue, 28 Mar 2000 13:12:08 -0700
"Steven C. Den Beste" wrote:
>
<snip>
> I thought that one of the strengths -- and weaknesses -- of DES was that if
> you did the decipher properly, then the engine told you that you had
> succeeded even if you didn't know what the plaintext was.
<snip>
Nope.
The engine just shuffles bits, and any 64 bit value is valid.
Now quite often you will hear that you can tell you have the
right key by the decryption result. This is not, however, a
characteristic of DES. Instead, it is an observation on the
usual nature of the plaintext. That is, if you decrypt and
get something that looks patterned, instead of random, then
you have a good clue that you used the right key.
As you can tell, this same observation applies to *any*
encryption scheme, since it is based on what is being
encrypted, not how it was done.
John M.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: DES question
Date: Tue, 28 Mar 2000 13:35:17 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
> That means that in brute force key search, if one finds a K such
> that DES(K,P)=C, one is not yet sure of having found the solution.
> How could one best proceed to gain absolute unambiguity? Thanks.
>
It requires decryption of more blocks to solve the dilema; you must
confirm the trial results, chances being that a second and more blocks
will also give good results if the trial key is the real one. This
procedure is necessary even if the key was the same as the block size,
since you figure that more than one key will produce a meaningful
plaintext result, especially if you do not have a target plaintext.
If a cipher can be solved conclusively with a single block, it is not as
conclusively strong as one that cannot, given a specific common key size.
So, DES is a better 56-bit-key cipher working on 64 bits of data than one
that is 56 bits, key and data, keysize being only a component of strength.
--
Given all other distractions, I'd rather be programming.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Tue, 28 Mar 2000 15:51:27 -0500
On Tue, 28 Mar 2000 12:10:55 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>It's farther gone than you seem to realize. Consider the close
>analogy with the so-called "smart gun" legislation that gun haters
>have recently proposed. Maryland is on the brink of passing a law
>requiring such technology (which has not been developed beyond the
>laboratory stage yet) in every handgun sold within a few years.
>The obvious goal, which of course differs from the stated goal, is
>simply to prevent sales, or failing that, to reduce the positive
>value of guns to the point that people won't want them any more.
The scariest thing about "smart guns", is that police are exempted. If
they are so great the police should have them, since quite a few police
officers are killed with their own weapons, and not just in suicide
either. When it is reliable enough for the cops to trust their lives to
it, I'll consider it.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Tue, 28 Mar 2000 14:11:31 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>
> It's farther gone than you seem to realize. Consider the close
> analogy with the so-called "smart gun" legislation that gun haters
> have recently proposed. Maryland is on the brink of passing a law
> requiring such technology (which has not been developed beyond the
> laboratory stage yet) in every handgun sold within a few years.
> The obvious goal, which of course differs from the stated goal, is
> simply to prevent sales, or failing that, to reduce the positive
> value of guns to the point that people won't want them any more.
>
Let us start with the biggest concentration of those who might have their
weapons abused, to test the benefits of such requirements: If LE must use
only mandated smart guns, whether they would do so without complaint would
speak volumes about their faith in the technology. If they cannot accept
them, then....why should we?
If they complain about the cost, too bad. If they fail when needed, too
bad. If the protections are circumvented with casual security about use
of their own weapons, too bad. But, it may be that the technology is
just....too bad.
> One wonders whether the politicians in power actually think that
> their constituency are the career criminals; they sure act like it.
Unfortunately, LE has too many career somethings, that place their own
security above that of the general public. This is indeed, too bad.
I support those that do an honest job, and serve well in their ranks.
But, its time to start keeping a public list of those that are abusers of
their trust, starting with those that get fired from one department after
another; forget the public trust...don't work again
--
Given all other distractions, I'd rather be programming.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Date: Tue, 28 Mar 2000 15:55:05 -0500
On Tue, 28 Mar 2000 09:46:04 GMT, [EMAIL PROTECTED] (_Andy_)
wrote:
>Thanks. That's exactly the kind of tool I'm looking for. Would one
>expect a RNG to pass all these tests?
A good RNG should pass every test, as should the output of a good
cipher. RC4 and Blowfish output pass all the tests.
Your RNG consistently failed some of them. Try to find out what is
causing that behavior, or worst case, do trial and error until the problem
goes away. :)
>It was a pleasant surprise to
>find that it passed tests that I had not considered!
Some of those tests are just bizarre, like the sphere test, some
mathematicians have way too much time on their hands to be thinking up
tests like that. :)
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: sci.crypt AES3/FSE2000 "reporter" wanted
Date: Tue, 28 Mar 2000 21:42:31 +0000
<[EMAIL PROTECTED]> posted two very good reports from
AES2 last year, and I was wondering if anyone who is going
to AES3 (and FSE2000) would like to volunteer in advance
to perform a similar, very much appreciated role this time?
(
see "Live from the Second AES Conference" 23/03/1999
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=457772311&fmt=text
and "Re: Live from the Second AES Conference" 24/03/1999
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=458373152&fmt=text
)
Thanks.
------------------------------
From: Albert P. Belle Isle <[EMAIL PROTECTED]>
Subject: Re: Is it really NSA ?!
Date: Tue, 28 Mar 2000 17:00:15 -0500
Reply-To: [EMAIL PROTECTED]
On Tue, 28 Mar 2000 18:38:06 GMT, [EMAIL PROTECTED]
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>just few days after i wrote about PegwitW (which i made from Pegwit)
>i got interesting record in webserver's log file:
>208.153.72.142 - - [28/Mar/2000:09:12:48 +0200] "GET /pegwit/ HTTP/1.0" 200 3257 "-"
>"SpookWeb v1.0b (NSA)"
>so i wonder if it really is NSA ?!
At the risk of being thought unsporting for counting the number of
teeth in the horse's mouth like an engineer, rather than theorizing
like a philosopher, I offer the following datum:
03/28/00 16:53:43 IP block 208.153.72.142
Trying 208.153.72.142 at ARIN
Trying 208.153.72 at ARIN
Cable & Wireless USA (NETBLK-CW-10BLK) CW-10BLK 208.128.0.0 -
208.172.255.255
CABLE & WIRELESS (NETBLK-CW-208-153-72) CW-208-153-72
208.153.72.0 - 208.153.72.255
Unless NSA is using C&W as a "cut-out" I suspect that this is
someone's (pretty good) idea of humor.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
