Cryptography-Digest Digest #439, Volume #11 Tue, 28 Mar 00 22:13:02 EST
Contents:
Re: ecc equation ("Joseph Ashwood")
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" (Dan Day)
Re: The lighter side of cryptology (John Savard)
Re: A good encryption program? ([ Dr. Jeff ])
Schoof's Algorithm ("Michael Scott")
Updated Cipher Contest Website ("Adam Durana")
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Using Am-241 to generate random numbers ("Jed Rothwell")
Re: Is it really NSA ?! (Ichinin)
Re: ecc equation (Paul Rubin)
Scramdisk & Steganos ("RecilS")
Re: The lighter side of cryptology (David A Molnar)
Re: Scramdisk & Steganos (Yokal Miner)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("PJS")
Re: DES question (Bryan Olson)
cp4break.exe ([EMAIL PROTECTED])
Re: DES question (Bryan Olson)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: ecc equation
Date: Tue, 28 Mar 2000 14:01:30 -0000
> H. Cohen
> A Course in Computational ALgebraic Number Theory,
Springer-Verlag
Thanks for the reference, you have now fed my addiction to
learning.
Joe
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Tue, 28 Mar 2000 22:15:57 GMT
On Mon, 27 Mar 2000 19:19:11 +0100, "PJS" <[EMAIL PROTECTED]> wrote:
>>
>>2 - Get on to your MP and complain like hell!
>-----------
>3 - Assassinate Jack Straw.
Now we know why England cleverly banned most civilian firearms
in advance, before they started passing the oppressive laws.
;-), but just barely.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The lighter side of cryptology
Date: Tue, 28 Mar 2000 22:22:25 GMT
[EMAIL PROTECTED] wrote, in part:
> I propose this message as the start of a
>new thread devoted to the lighter side of
>cryptology.
At one time, I noted that, if fax machines were designed to use
encryption the way many people use PGP, so that it is completely
transparent to the user, involving no additional steps for obtaining
and verifying key certificates, for example, the following sequence of
events could transpire during the transmission of an encrypted fax:
The user inserts paper into his fax machine, dials the number of the
receiving fax machine, and presses send.
The two fax machines handshake, using either Diffie-Hellman or RSA to
securely establish a session key.
Then the fax itself is sent, securely encrypted, so that wiretappers
would have no way of decoding the fax message, even had they the
resources of the NSA available to them.
The recieving fax then decodes the message, and prints out a copy of
the fax with pristine accuracy.
In the wrong office, because the user dialed the wrong number at the
start.
This humorously illustrates what can happen when advanced encryption
technology is implemented or used without thinking.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] ([ Dr. Jeff ])
Subject: Re: A good encryption program?
Date: 28 Mar 2000 16:26:49 -0600
In article <[EMAIL PROTECTED]>,
JohnNY <[EMAIL PROTECTED]> wrote:
>
>I am looking for a good encryption program (freeware or shareware)
>which will encrypt both folders and a zip disk. Ideally, it would
>offer choices like Blowfish and IDEA.
I'm rather fond of Kent Briggs' Puffer program but I'm a bit
biased. I was a beta tester. :) http://www.briggsoft.com
--
Dr. Jeff - please don't send me HaTeMaiL messages.
Out the Token Ring, through the router, down the fiber, off another
router, down the T1, past the firewall ... nothing but net.
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Schoof's Algorithm
Date: Wed, 29 Mar 2000 00:09:56 +0100
A free Windows Command prompt implementation of Schoof's algorithm is
available from ftp://ftp.compapp.dcu.ie/pub/crypto/schoof2.exe
You will need to specify a suitable Trinomial or Pentanomial basis - tables
can be found in Appendix A of the IEEE P1363 standard (do a Web search).
The main source code can be found in
ftp://ftp.compapp.dcu.ie/pub/crypto/schoof2.cpp
The full source code (and instructions for a Linux build) is in the latest
release of the MIRACL library
ftp://ftp.compapp.dcu.ie/pub/crypto/miracl.zip
This program counts the number of points on an elliptic curve defined over
the field GF(2^m). It does NOT represent the state of the art in point
counting over such curves, but it is nevertheless useful as a cryptographers
tool. A Schoof-Elkies-Atkin implemenation could easily reach twice as far
bitwise in the same time. However it can find a cryptographically suitable
curve, with a near-prime number of points over say GF(2^191) in a
"reasonable" length of time on a Pentium III 450MHz, typically on an
over-night run.
Complete solutions for point counting over GF(p) curves (Complex
Multiplication, Schoof, Schoof-Elkies-Atkin) can be found via
http://indigo.ie/~mscott (Web page soon to be updated).
Mike Scott
Shamus Software
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Updated Cipher Contest Website
Date: Tue, 28 Mar 2000 18:11:05 -0500
Hi,
I've updated the website and it can be found at
http://www.wizard.net/~echo/crypto-contest.html And yes the contest has
begun, follow those instructions. I have received no entries as of yet so
there is no listing. I will do my best to keep the listing up to date, if
your entry is not added right away don't worry I will be ranking them in the
list by the date I received the email with the submission.
- Adam
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 28 Mar 2000 23:27:08 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: "Jed Rothwell" <[EMAIL PROTECTED]>
Subject: Using Am-241 to generate random numbers
Date: Tue, 28 Mar 2000 18:41:30 -0500
Most codes and ciphers depend upon random numbers. Some of the most secure,
top secret codes used by embassies depend upon long lists of random numbers.
A correspondent of mine once generated paper tapes filled with random
numbers by comparing variances between a computer real-time clock and cycles
on the power mains. The digits were tested for random distribution and then
the paper tapes were shipped off in diplomatic bags. I believe these lists
are referred to as "codebooks." (Anyway, I will call them that here.)
I have been thinking about various novel ways to produce a codebook, to
generate a perfect "one-time pad," that is, a code (not cipher) which can
never broken without stealing the codebook.
Computer pseudo random number generators (PNRG) are not truly random, and
eventually the sequence repeats. Even when a PNRG is re-seeded from the real
time clock, theoretically, someone might determine the PNRG algorithm and
crack your message. As a practical problem, that might be as difficult than
factoring 128-bit RSA keys, but as an intellectual challenge I would like to
find a naturally occurring source of real random numbers.
One method would be to monitor ionization smoke detector voltage, or perhaps
use a radiation meter with a smoke detector. (A smoke detector *is* a
radiation meter but it might not be sensitive enough.) The detector would
kept in clean, stable air or a vacuum chamber. Smoke detectors contain 0.2
milligrams of americium-241 oxide. The total voltage level is not random: it
is a function of the number of particles in the air. However, the precise
number of disintegrations per second, and the resulting signal strength and
fluctuations of the lower digits on your meter are as random as anything can
be, according to basic physics.
A friend suggested a more sophisticated, custom-made solution along the same
lines: "I think a superior method would to drive a very fast flip-flop or
counter (cascaded flip-flops) by a high (and either non-uniform or uniform)
frequency signal, and then sample the counter at the time an event is sensed
on a very fast (low latency time) radiation counter. The counter would have
to be driven by a frequency that is high in relation to the event occurrence
rate. The driving frequency can be over a GHz, so the pad bit generation
speed could easily be well over 1 Mbs even with a simple flip-flop used as
the counter." He added: "This could be packaged into a nice small DIP for
inclusion on a motherboard or board, and used for real time gaming,
simulation, as well as cryptographic applications."
The trouble with using the power mains or a radiation source for a code is
that you must generate the codebook in one location, and then physically
ship a copy of it to another. Your friend must have the codebook in hand
before he can send you a message. That takes time, and someone along the way
might intercept the disk and copy it without your knowledge. What we really
want is a method of generating the codebook at two locations simultaneously
and secretly, in a way that could never be repeated by a third party.
Here is an idea that is impractical but fun to think about. You could focus
two radiotelescopes on a point source that varies randomly in a clearly
pronounced binary (on, off) fashion. I'm not sure what phenomenon does this,
but there must be many. You and your friend meet and agree that at fixed
times you will monitor and record the process. The reason this works is
because there are millions of targets (out of 10^20 stars), so no one would
never know which particular target you are focused on or when you start
monitoring, and once they miss the chance to monitor it, the opportunity is
gone forever.
There may be other sources of random noise source broadcast on radio,
com-sat, or Internet that you and your correspondent could both tune into
anonymously, such as the last 4 digits of the Dow Jones industrial average,
or the temperature readings in Ithaca NY on the weather Channel web page.
These would not be good candidates because they are recorded permanently and
someone could reconstruct your codebook after they found out your source of
numbers. You might find some transient source of numbers too large to be
recorded. I do not think any organization has the capacity to record all
digital TV broadcasts from all com-sat channels, for example.
Suppose you selected something like the temperature in Ithaca. A 3-digit
temperature rate of change is far too slow to generate as many numbers as
you need, so a variation on this approach might be used. With some random
number generators, you can deliberately force a particular sequence from a
given seed. A generator produces billions of numbers (or trillions) in a
sequence that eventually repeats. Some generators allow you to go to a
particular spot in the sequence, starting out a position number 55,122,662,
let us say. You tell it to go to a particular spot based on the temperature
in Ithaca, and so does your friend, and the two of you generate the same
sequence. You and your friend force a new seed from Ithaca every 100
numbers, or 1000 numbers, and you come up with exactly the same random
sequence very quickly. You could do it any time you like without mailing
anything.
- Jed
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is it really NSA ?!
Date: Mon, 27 Mar 2000 19:25:37 +0200
Doug Stell wrote:
> 1. If they did visit your site, you would never know it.
Perhaps you could; back in 1998 after i published one of my security
tools i checked every download from my server. I found one that
simply said "National Security". No contact information, no name
servers - noting. (CIA seem less important and is listed at Arin)
Generally; those agencies around the world does not have a sign on
them that say: "Hi I'm a spy, and now i'm looking on your webserver",
"rumor" has it that they use ordinary dialups/connections, maskerading
them as ordinary users using Netscape, IE or whatever.
/Ichinin
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: ecc equation
Date: 29 Mar 2000 00:04:53 GMT
In article <ud6AtLQm$GA.246@cpmsnbbsa05>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>> H. Cohen
>> A Course in Computational ALgebraic Number Theory,
>Springer-Verlag
>
>Thanks for the reference, you have now fed my addiction to
>learning.
I have this book and agree with Bob that it is great. However,
it is quite advanced. I have a math degree (undergrad) and can't
understand much of it. It is definitely a graduate level math text.
Much more accessible is: A Course in Number Theory and Cryptography,
by Neal Koblitz. I can understand most of that one.
------------------------------
From: "RecilS" <[EMAIL PROTECTED]>
Subject: Scramdisk & Steganos
Date: Tue, 28 Mar 2000 19:48:46 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Just curious. I keep hearing loads about scramdisk, but I use
Steganos II and I've heard nothing about it's disk encryption feature
which is very similar to scramdisk. Obviously it's not freeware but
are there any other reasons Steganos would be inferior?
- -Doug
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOOFS7BJETAFqh0RgEQINMgCgr7YEEXt6o/b1TfQeCY4+WjPSNJIAoMdb
i0qZ1KnemR7gSq+EOld3c0Wq
=atGM
=====END PGP SIGNATURE=====
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: The lighter side of cryptology
Date: 29 Mar 2000 00:52:16 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> In the wrong office, because the user dialed the wrong number at the
> start.
> This humorously illustrates what can happen when advanced encryption
> technology is implemented or used without thinking.
yup. I like to think about voting protocols which are perfectly secure,
publically verifiable, etc. etc. etc. ... but the election fails because a
worm hacks into everyone's computers and writes in "Shlomo Z. Sternberg"
on all ballots...
------------------------------
From: [EMAIL PROTECTED] (Yokal Miner)
Subject: Re: Scramdisk & Steganos
Date: Wed, 29 Mar 2000 01:14:39 GMT
"RecilS" <[EMAIL PROTECTED]> wrote:
>Just curious. I keep hearing loads about scramdisk, but I use
>Steganos II and I've heard nothing about it's disk encryption feature
>which is very similar to scramdisk. Obviously it's not freeware but
>are there any other reasons Steganos would be inferior?
It's worse than inferior, in fact it's totally worthless, if the source
code isn't publicly available. That's the only way it can be confirmed that
the program is actually secure.
--
"Yokal Miner" is actually 5628 730419 <[EMAIL PROTECTED]>.
01234 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: "PJS" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Wed, 29 Mar 2000 03:30:45 +0100
Stormshadow wrote in message <8br1do$9gt$[EMAIL PROTECTED]>...
>"PJS" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>
>> 3 - Assassinate Jack Straw.
> A temporary solution, which would only prove that there _are_ dangerous
>terrorists out there (the assassin) who do not want their encrypted files
to
>be decrypted. Mr. Straw would become a martyr and Straw's law would
certainly
>be enforced.
=============
But, on the other hand, when a dead person last made Home Secretary?
=============
>Somehow I don't think that was what you had in mind..
=============
Is that what you want, 'cos that's what'll 'appen?!
Straw is a man of profoundly anti-democratic instincts, I and say that
killing him would be morally justifiable, considering the damage he will do,
and I'm not a person normally given to advocating such extreme measures.
--
Will the last person to be eaten
by the Fnord please turn the light out?
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: DES question
Date: Wed, 29 Mar 2000 02:17:30 GMT
Mok-Kong Shen wrote:
> I suppose that for DES hardware there is a certain finite setup
> time needed to do key schedule calculations, what is this compared
> to the processing time of one single record?
DES is designed so that hardware can execute the key
scheduler on the fly. By the time round n is done, the
sub-key for round n+1 is ready, so it doesn't add any time.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: cp4break.exe
Date: Wed, 29 Mar 2000 02:50:03 GMT
load cp4break.exe and source code here:
http://www.hideip.com/proxy/68C2AC6356743DACD0DE7E2605083EEAC890EF823F5B
3E73842230A5FDEAC5B6D7804BDA1F3426E3A796FC553BD700790F0B
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: DES question
Date: Wed, 29 Mar 2000 02:50:20 GMT
Mok-Kong Shen wrote:
> David A. Wagner wrote:
[...]
> > In fact, it is not too hard (O(2^32) work) to find
> > an explicit counterexample, i.e., P,C,K,K' such that
> > DES(K,P) = DES(K',P) = C but K != K'.
>
> That means that in brute force key search, if one finds a K such
> that DES(K,P)=C, one is not yet sure of having found the solution.
> How could one best proceed to gain absolute unambiguity?
If DES behaves as we expect, for a given (P, C) the chance
there exists a false key decrypting a one block P to a one
block C is about 1/256. Given two blocks, its about
1/4722366482869645213696. Does that count as absolute
unambiguity?
Also note that if the chance of a one-block false positive
during exhaustive key search is p, (and false negatives are
impossible) then the average number of blocks a key has to
be tested against in order to reject is,
1 + p + p^2 + p^3 + ... = 1/(1 - p).
Thus high rates of false positives tend to contribute only
modest work factors.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
