Cryptography-Digest Digest #448, Volume #11 Thu, 30 Mar 00 12:13:01 EST
Contents:
Re: Crypto API for C ("Tom St Denis")
Re: new Echelon article (Lincoln Yeoh)
Re: Using Am-241 to generate random numbers ([EMAIL PROTECTED])
Re: linux's /dev/random (Runu Knips)
802.11 WEP analysis ("Tome")
Re: one-way hash functions with 256-bit output (Runu Knips)
Re: Does anybody know of a secure FTP server? (Lincoln Yeoh)
Re: old factoring (Bob Silverman)
Re: Q: Differencing time series (Herman Rubin)
Re: Does anybody know of a secure FTP server? (Jaime Cardoso)
Re: old factoring ("Tony T. Warnock")
Re: Examining random() functions (Tim Tyler)
Re: The lightest side of cryptology (Jaime Cardoso)
Re: Does the NSA have ALL Possible PGP keys? (Gunner)
Re: new Echelon article (Stefek Zaba)
Re: The NSA's little NCSC bots (Remove NO_SPAM to reply)
Re: How are these passwords? (John)
Re: Key exchange using Secret Key Encryption (wtshaw)
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("Stormshadow")
Re: Looking for some help on RSA public key/private key generation (Bob Silverman)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Crypto API for C
Date: Thu, 30 Mar 2000 13:11:31 GMT
Arlin Collins <[EMAIL PROTECTED]> wrote in message
news:8buu1n$2td$[EMAIL PROTECTED]...
> Tom St Denis ([EMAIL PROTECTED]) wrote:
> : I have yet another release of my CB for C. This one includes many more
> : functions. Such as BBS random bit geneation, or the ability to use
'truly'
> : random bit sources to seed the faster secure rng. I added a few hash
> : functions [namely tiger and haval] and added a few ciphers as well.
> : If you notice any bugs, or problems please email me.
> : Thanks for your time.
> : Tom
>
> : If you want to check it out, you can at http://24.42.86.123/cb.html
>
> and "mirrored" at http://405427835/cb.html ;)
> Thanks, Tom, for your generosity.
You have tried it out yet? I feel honnored. If you find anything wrong
please let me know.
Tom
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: new Echelon article
Date: Thu, 30 Mar 2000 13:34:48 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 29 Mar 2000 18:17:02 GMT, [EMAIL PROTECTED] (JimD)
wrote:
>
>It's worse than that: encryption is only on the radio path from
>the handset to the node. Anything on microwave from the node
>to the line is fair game.
>
>Only secure way is end-to-end encryption using a private system.
Whoopee. I guess 40 bits is enough then. I wonder why the spooks fought so
hard to make it weaker when it shouldn't really matter to them given what
you mentioned.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Using Am-241 to generate random numbers
Date: 30 Mar 2000 13:39:04 GMT
I am not sure I agree with you here either Bob, there have been
some amazing lapses in security in the past couple of years,
witness nuclear bomb secrets on non-secured computers and
secrets on the home computer of a former head of the CIA.
Thomas
Bob Silverman <[EMAIL PROTECTED]> wrote:
: No flame intended, but I have a hard time believing this story.
: Anyone who had a sufficiently high security clearance to generate
: such a thing (these random digits) for diplomatic use would NOT
: be discussing it with someone else. Unless of course that someone else
: had a similar clearance and it was in a vault. But if *you* had such
: a clearance, you would not be discussing this in public.
: Bob Silverman
--
Freelance System Programming. http://www.fsp.com
------------------------------
Date: Thu, 30 Mar 2000 15:39:40 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: linux's /dev/random
antirez schrieb:
> I played a bit with /dev/random [...] if you press
> a key and didn't relase it [...] /dev/random trust this
> as good entropy (and trust this as _a lot_ of entropy!
> 40 bit for every key pressure or release)
BTW, I've checked this at home. Your claims are wrong.
You get a little more than one byte from every keypress,
and you don't get ANY extra bytes from not releasing the
key.
I think your problems might have been:
(a) you had disk io. I get masses of random bytes from
disk io when I run a script which reads many
files. For example, a 'find ... -exec grep ...'
results in a kilobyte of random bits every some
seconds.
(b) your didn't sucked the random device empty before
starting your tests. it always contains much
entropy if there where no programs requesting for
randomness before.
------------------------------
From: "Tome" <[EMAIL PROTECTED]>
Subject: 802.11 WEP analysis
Date: Thu, 30 Mar 2000 15:43:38 +0200
can someone help me?
i'm looking for analysis of wep protocol used in IEEE 802.11
sorry for my english
Thanks
Tome'
------------------------------
Date: Thu, 30 Mar 2000 16:00:34 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: one-way hash functions with 256-bit output
Bill Unruh wrote:
> They are hashes. The input is usually attached, and they used to sign
> it. Leaking is usually not a problem. the question as a hash is whether
> it is as easy to find a hash collision for SHA1 and MD5 as it is for
> either alone.
Well simple concatenation SHA-1 and MD5 wouldn't work, because the
result has 288 bits, 32 bits more than we want to have. Using some
mixing
such as
PROCEDURE Mix (a: ARRAY[0..4] OF CARDINAL; b: ARRAY [0..3] OF CARDINAL;
r: ARRAY[0..7] OF CARDINAL);
VAR i: INTEGER;
BEGIN
FOR i := 0 TO 7 DO
r[i] := a[i MOD 5] XOR b[i MOD 4];
END;
END;
would result in something, well, useable.
> Even CRC64 and MD5 should be a far stronger hash than MD5 on its own.
CRC64 ? Doesn't sound like an algorithm designed as a one way hash
function...
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: Does anybody know of a secure FTP server?
Date: Thu, 30 Mar 2000 14:05:27 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 30 Mar 2000 05:30:00 GMT, Abid Farooqui <[EMAIL PROTECTED]>
wrote:
>of view. From my understanding, the developer has to be very very careful
>writing CGI otherwise backdoors may be opened and for what I am doing security
For security the developer has to be very careful writing anything that is
exposed to threats. Nowadays that probably means absolutely anything ;).
It doesn't matter whether it's CGI or JSP or whatever. For example if
whatever you write talks to a database and you are not careful BAD things
can happen whatever you write in. This appears to be a common problem
around here. I've already found such problems with quite a number of
websites that I looked at (reported the probs to them and they were rather
grateful too).
Thing is it's not such a huge problem at all _if_ you do things correctly
from the start. Most cases there's no need for useless math proofs of
security. Just filter whatever goes into your program, and filter whatever
goes out of your program to other stuff. Of course there could be some
really strange bugs, but you've already raised the bar by so much.
>shorten their time to market, in this crazy business world). I was looking at
>Java applet servlet usage because as far as I know and have researched (and I
>might be wrong here) Java servlets give better speed performance if RAM is
>enough and also the threads class in Java makes it easy to program this kind of
>a thing for multi-processor machines. If one is going to use 16+ processor
>machine then one should also try to make the best of it.
Maybe it's better for multiprocessor machines. But I found it to be
significantly slower on a single processor PIII 500MHz with 512MB RAM.
For a plain "Hello World"
Java servlets:
(blackdown + Apache jserv)
60 hits per/sec (one connection). 120 hits/sec for two connections. 130+
hits/sec three or more simulataneous connections.
Perl+FastCGI:
230 hits per sec.
PHP
525 hits per sec!
However PHP is a lot slower than Perl when you are doing other things than
"echo", e.g a loop 10000 with echo or a string concat within it.
Results for 10,000 string concats:
Perl+FastCGI = 63 hits/sec
C++ and normal CGI = 57 hits/sec
Perl+ normal CGI = 37 hits/sec
PHP =1 hit/sec!
A surprising thing we found was in Perl $s=$s+"a"; is about 5-6 times
slower than $s.="a"; !
For 100,000 floating point mults and divisions
C++ CGI = 64 hits/sec
Perl + FastCGI= 4.9 hits/sec
Would be good to see how C++ combined with FastCGI performs. Should be real
fast.
>switch to any Apache based SSL server like StrongHold etc. The question is has
>anyone seen one of these boards work with Apache and what did they think of it.
>Do you still need to load the SSL module in Apache or the boards take over the
>crypto typr functions from CPU at the hardware level.
Maybe you could find something at
http://www.networkcomputing.com/1105/1105f3.html
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: old factoring
Date: Thu, 30 Mar 2000 14:19:23 GMT
In article <LRzE4.92327$[EMAIL PROTECTED]>,
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> I am trying out pollard-rho factoring [currently of an 80 digit no].
I was
> just wondering could I replace f(x) with a linear congruetial
generator?
You can not. Linear sequences are "insufficiently random".
OTOH, If you know that the factor p is (say) congruent to 1 mod k,
then an advantage is gained by using a k'th degree polynomial.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Crossposted-To: sci.stat.math
Subject: Re: Q: Differencing time series
Date: 30 Mar 2000 09:29:49 -0500
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>1. If one applies the difference filter of n-th order to the
> white noise process, obtaining d_t and compute the bit
> sequence
> b_t = if d_t < 0 then 0 else 1 fi
> is b_t a uniformly distributed (truly) random bit sequence?
>2. The same as (1), except applying to a MA or ARMA process.
>3. Is there reasonable prospect of obtaining good quality random
> bit sequences this way from the majority of time series
> available in practice? If yes, is there any value of n, the
> order of the filter, that is the minimum for obtaining
> satisfactory results according to experiences?
Considering the answers, it is very unlikely that this is a
homework problem. However, it is extremely simple.
A necessary and sufficient condition that the signs of two
jointly normal random variables with mean 0 are independent
is that they are uncorrelated, hence independent. So white
noise itself had the properties, but no method of coloring
it preserves them.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: Jaime Cardoso <[EMAIL PROTECTED]>
Subject: Re: Does anybody know of a secure FTP server?
Date: Thu, 30 Mar 2000 14:39:14 +0000
Hy there.
Sorry for the delay but, work waits for no one and my time to check Ng has been
none.
I see you already checked Rainbow, Has far as i know, this one is the faster SSL
acelerator card I know and it can do wonders to your web site performance. You still
need to have SSL enabled (at least with Netscape Enterprise Server, you do) but, Wy
don't you pay a visit to http://www.rainbow.com and use theire e-mail to have them
to answer your questions?
I don't know a lot about theire offer because I don't wandle directly with them,
when I have a business that they may join, I simply redirect the customer to my
contact in the rainbow reseller in Portugal.
If this card works with Apache? I realy don't know, i believe so because Apahe is
quite an open platform (obvious, isn't it??) and it has quite a market share for
this guys to ignore it. Just ask them, it's the easiest way.
I wouldn't use a relational DB to store and authenticate my user's certificates, I
woul realy recomend you use a Ldap Server. The most performant is Netscpe Directory
Server but, if you don't have the budget to the big thing, you can get along well
enouth with an Source free LDAP server.
For the hardware, be aware, SSL uses a lot of calculations so, Intel should be the
last resource HW platform for you. If you are going with an SSL server, you can
increse your performance xfold (10X to 20X or more) if you use a CPU that is good
with math (UltraSparc, Alpha or SGI).
Bye
//Jaime Cardoso
PS. I would be honored if, when you came to Lisbon, you would mail me. Has I am
doing a paper about criptography, I read this NG a lot, but this is the first thread
i got involved but, like "them" I will keep watching :)))))
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: old factoring
Date: Thu, 30 Mar 2000 08:23:52 -0700
Reply-To: [EMAIL PROTECTED]
Tom St Denis wrote:
> I am trying out pollard-rho factoring [currently of an 80 digit no]. I was
> just wondering could I replace f(x) with a linear congruetial generator? Or
> is their specific properties of the quadratic I must keep?
Linear congruential aren't "random" enough. It's the linearity that hurts.
Quadratics have nice properties for example look at the iterates:
x(2j)**2-x(j)**2=[x(2j)+x(j)][x(2j)-x(j)] and x(2j)=x(2j-1)**2+1 so the second
factor becomes x(2j-1)**2+1-x(j-1)**2-1 or x(2j-1)**2-x(j-1)**2. This gives
[x(2j)+x(j)][x(2j-1)+x(j-1)][x(2j-1)-x(j-1)].
The differences are highly composite.
Tony
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Reply-To: [EMAIL PROTECTED]
Date: Thu, 30 Mar 2000 15:08:12 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: I wonder whether it is possible to have some software to
: postprocess the normally voluminous Diehard output to result in
: one single measure of goodness [...]
IIRC, DiehardC does something very similar to this in its "summary".
--
__________
|im |yler The Mandala Centre http://mandala.co.uk/ [EMAIL PROTECTED]
Smoking cures weight problems eventually.
------------------------------
From: Jaime Cardoso <[EMAIL PROTECTED]>
Subject: Re: The lightest side of cryptology
Date: Thu, 30 Mar 2000 15:25:53 +0000
When I read the post that started this thread I was very please with it.
I subscribe this NG to see if I can learn something about criptography
but, the only posts I can't understand any of the interesting posts.
Althouw the jokes are good, can anyone post some pointers to informtion
about cript algoritms and common atacks?
PS. Please don't recomed any books (buy books => money < house morgage +
food)
//JaimeC
------------------------------
From: [EMAIL PROTECTED] (Gunner)
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Thu, 30 Mar 2000 15:36:38 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 30 Mar 2000 08:57:10 GMT, [EMAIL PROTECTED] wrote:
>>
>> If the NSA, CIA, or FBI wants your PGP key, they've probably also already
>> got a pretty heavy body of message traffic and a pretty good idea what's in
>> that traffic; it's not worth it for a fishing expedition. If that's the
>> case, they've got a lot of ways to get your key. They can pick you up and
>> pump you full of pentathol. They can beat it out of you. Probably the
>> fastest way would be to put a gun to your son/daughter/wife's head and say,
>> "Give me the key or I'll pull the trigger."
>>
>
> This seems nonsensically paranoid.
>Instead, you should be grateful for the many
>fine services these agencies provide. For
>instance, Big Brother now offers this
>convenience- He'll read your email so you
>don't have to !-)
>
>
Well the least they could do, is to start filtering my spam for me.
Gunner
==========================
"A human being should be able to change a diaper, plan an
invasion, butcher a hog, conn a ship, design a building, write
a sonnet, balance accounts, build a wall, set a bone, comfort
the dying, take orders, give orders, cooperate, act alone,
solve equations, analyze a new problem, pitch manure, program
a computer, cook a tasty meal, fight efficiently, die
gallantly. Specialization is for insects." Robert Heinlein
Rosies Page http://rosie.acmecity.com/flower/277/
homepage http://userzweb.lightspeed.net/gunner
------------------------------
From: [EMAIL PROTECTED] (Stefek Zaba)
Subject: Re: new Echelon article
Date: 30 Mar 2000 15:47:41 GMT
In sci.crypt, Lincoln Yeoh ([EMAIL PROTECTED]) wrote:
> Whoopee. I guess 40 bits is enough then. I wonder why the spooks fought so
> hard to make it weaker when it shouldn't really matter to them given what
> you mentioned.
Search me. It's almost as if they were thinking of cases where they might not
have the local telco's co-operation, so wanted an access capability at some
non-zero but feasible computational expense for the on-air part. My dull
imagination can't match this to any operational need - maybe yours can?
Stefek
------------------------------
From: [EMAIL PROTECTED] (Remove NO_SPAM to reply)
Subject: Re: The NSA's little NCSC bots
Reply-to: [EMAIL PROTECTED] (Remove NO_SPAM to reply)
Date: Thu, 30 Mar 2000 16:05:08 GMT
[EMAIL PROTECTED] wrote:
> Regarding websites, D. Menscher wrote:
> "I_have_been visited by the NSA (well,
> actually the NCSC). It shows up in logs, etc."
> Earlier, I tried to post:
> Yes, according to John Young, the NCSC uses
> bots to collect data of interest- they look for
> new files and make copies. Also, according to
> Young, bots which appeared to be from NCSC
> used to visit this site every day (I don't know
> if they still visit):
> www.jya.com/crypto.htm
They may do a combination of bots and humans. In my case (actually,
cases) it was humans. How do I know? Because they didn't follow
every link, because they clicked only on links that one would expect
them to be interested in, because they took up to a minute to go from
one page to the next.....
Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--
------------------------------
Subject: Re: How are these passwords?
From: John <[EMAIL PROTECTED]>
Date: Thu, 30 Mar 2000 08:15:21 -0800
OK, fair enough. How long would it take to get to zzzzzzz ? I
use software that goes from character 0..255, so you'd have to
try them, too.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Key exchange using Secret Key Encryption
Date: Thu, 30 Mar 2000 09:30:11 -0600
In article <8bvdfk$ghs$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Strangely enough, many "secure" connections, such as those used in
> browsers, completely ignore the man-in-the-middle problem.
>
The excuse given is that things happen so fast that it would be difficult
to set up a man-in-the-middle. But, with active secret spies in a machine,
the situation can be setup quickly, as those wanting to intercept your
communications can make it automatic.
--
Given all other distractions, I'd rather be programming.
------------------------------
From: "Stormshadow" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Wed, 29 Mar 2000 23:41:38 +0300
"PJS" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> But, on the other hand, when a dead person last made Home Secretary?
Never. But if one is killed, there will be others..
> Is that what you want, 'cos that's what'll 'appen?!
> Straw is a man of profoundly anti-democratic instincts, I and say that
> killing him would be morally justifiable, considering the damage he will do,
> and I'm not a person normally given to advocating such extreme measures.
I'm not making a stance on the moral justification of killing, I'm just saying
that such extreme measures would be useless. There are other, cleaner methods
of persuasion.
--
Stormshadow <[EMAIL PROTECTED]>
http://www.saunalahti.fi/hirvox/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Looking for some help on RSA public key/private key generation
Date: Thu, 30 Mar 2000 16:51:52 GMT
In article <8bujof$kph$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> How do I generate the public key from the private key without making
my
> computer choke?
Usually one computes the private from the public.
If all you have is e and d = e^-1 mod phi(N), you will not be
able to recover N because it is generally not unique.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
