Cryptography-Digest Digest #562, Volume #11 Mon, 17 Apr 00 08:13:01 EDT
Contents:
Re: Q: source code for recognizing English (Guy Macon)
Re: Paper on easy entropy (Steve Roberts)
Re: Non-standard shift register sequences ("Al Grant")
Re: GOST idea (Tom St Denis)
Re: GOST idea (Tom St Denis)
Re: Is AES necessary? (Tom St Denis)
Re: Paper on easy entropy (Tom St Denis)
Re: Paper on easy entropy (Tom St Denis)
Re: My STRONG data encryption algorithm (Pred.)
Re: Paper on easy entropy (Guy Macon)
Re: ? Backdoor in Microsoft web server ? [correction] (Francois Grieu)
Re: Paper on easy entropy (Tom St Denis)
Re: Regulation of Investigatory Powers Bill (Tom St Denis)
Re: Key exchange using Secret Key Encryption (Jaime Cardoso)
For Mike Rosing (by JOKER) (=?iso-8859-1?Q?Jos=E9?= Antonio Fuentes
=?iso-8859-1?Q?Fern=E1ndez?=)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Q: source code for recognizing English
Date: 17 Apr 2000 06:27:21 EDT
In article <8deanh$ohd$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
([EMAIL PROTECTED]) wrote:
>
>I am working on a simple program to decipher simple substitution
>ciphers. The most important part of the program is to try
>various substitutions using AI techniques (forward-chaining and
>backward-chaining) using certain assumptions, i.e. English language
>frequencies of letters, double-letters (ll,ss,ee,oo), triple letters,
>list of most frequent two- and three- letter words. I have some
>difficulties though. So if anyone has a source code for a similar
>program, I would be IMMENSELY thankful. Please, write to
>[EMAIL PROTECTED]! Thanks a lot in advance,
Just out of curiosity, do you parse the entire message or stop
when you notice that part of it is clearly not any language?
The first defeats the random garbage before and after the plaintext
trick, but the latter seems like it would let you make more tries
per second.
------------------------------
From: [EMAIL PROTECTED] (Steve Roberts)
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 10:21:49 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
>> Does anyone have a suggestion as to what
>> software to use?
>I've had no problems with gsview. It's available at
>http://www.cs.wisc.edu/~ghost/
> Joe
I have had problems with installing GSVIEW and it crashed when looking
at certain pages. Itr may have been the way my PC was set up though.
Instead I now convert PS to PDF using Acrobat Distiller and can then
use the whole power of Acrobat to look at it, print it etc.
Steve Roberts
------------------------------
From: "Al Grant" <[EMAIL PROTECTED]>
Subject: Re: Non-standard shift register sequences
Date: Mon, 17 Apr 2000 11:50:02 +0100
"Peter L. Montgomery" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <8d1eg8$dns$[EMAIL PROTECTED]>
> >1. use of a value computed from previous outputs, e.g.
> > A_i = A_{i-n} + sum(A_0 to A_{i-1})
> >where the sum is computed by updating an accumulator
> >with each new output
>
> This is easily converted to a standard shift-register
> recurrence, with appropriate initial conditions. Note
>
> A_i - A_{i-n} = sum(A_0 to A_{i-1})
> = A_{i-1} + sum(A_0 to A_{i-2})
> = A_{i-1} + (A_{i-1} - A_{i-n-1})
Yes, that particular example can be converted but in the general
case it can't be. Do you know of examples of use of this kind
of "accumlator" to strengthen a shift register?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 10:52:42 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
>
> > That's too vague, sorry. It can't hinder it in this case since the S
> > function is simply a permutation itself. And since the quadratic
> > used is a permutation it has no bias towards any particular value. It's
> > like doing
> >
> > F(x) = S(x + c), For any constant 'c'. You are just changing the order
> > of the outputs, not the properties of S() itself.
>
> Maybe I misunderstood. My point is the following: If v is the
> input and w the output and one knows that between v and w there
> is a certain avalanche property, i.e. the effect of flipping
> one bit of v. Now suppose I have a mapping of u to v that is a
> permutation. Two values u1 and u2 differing only in one bit
> may have the corresponding values v1 and v2 differing in many
> bits and their resulting effect on a comparison between w1 and
> w2 may not be simple to tell.
With the original F function flipping one bit of the input changes only
two bits on avg of the output. In the next round there are hopefully
two active sboxes now... etc..
With the quadratic changing a lsb can change several sboxes. It's not
guranteed to increase the active sbox count but it does help. For
example if you change any of the top four bits, then there is still only
one active sbox. But in the next F function those active bits are
somewhere in the middle of the register (cause of the cyclic rotation of
11 bits). Now when they go thru the F function they are going to cause
with a high probablity more then one other sbox to become active.
Like try:
1111 0000 0000 0000 0000 0000 0000 0000, the output of the f function is
going to be
0000 0000 0000 0000 0000 0abc d000 0000, where (a, b, c, d) form the new
bits. In this round there are only two active sboxes. In the next
round we get something like
A = 0000 0000 0000 0000 0000 abcd defg 0000
A' =
0000 0000 0abc defg h000 0000 0000 0000, with three active sboxes.
Even in this case the quadratic will start increasing the avalanche
after the first round because of the position of the active sbox [in
round two].
Hope that helps.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 10:59:27 GMT
Mok-Kong Shen wrote:
>
> Mok-Kong Shen wrote:
> >
> > Tom St Denis wrote:
> > >
> >
> > > That's too vague, sorry. It can't hinder it in this case since the S
> > > function is simply a permutation itself. And since the quadratic
> > > used is a permutation it has no bias towards any particular value. It's
> > > like doing
> > >
> > > F(x) = S(x + c), For any constant 'c'. You are just changing the order
> > > of the outputs, not the properties of S() itself.
> >
> > Maybe I misunderstood. My point is the following: If v is the
> > input and w the output and one knows that between v and w there
> > is a certain avalanche property, i.e. the effect of flipping
> > one bit of v. Now suppose I have a mapping of u to v that is a
> > permutation. Two values u1 and u2 differing only in one bit
> > may have the corresponding values v1 and v2 differing in many
> > bits and their resulting effect on a comparison between w1 and
> > w2 may not be simple to tell.
>
> Addendum:
>
> Could you please give a literature reference to the fact that
> the function you gave previously is a permutation?
2x^2 + x mod 2^w is a permutation polynomial of x. Hmm I got the idea
from a paper on Rivest's site, and I can email a copy if you want.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Mon, 17 Apr 2000 11:00:57 GMT
David Blackman wrote:
>
> Tom St Denis wrote:
>
> > Yea 3DES is secure, but I think by properly implementing [*] the new AES
> > ciphers in my program that others will eventually use, I am doing those
> > cryptographers a nice favor. It's one thing to design a cipher,
> > cryptanalyze it, [and get the women] but if it's never used who cares?
> >
> > Tom
>
> Is 3DES really secure? There were quite a few triple DES variants
> proposed, but the one normally used now, i think has a block size of
> just 64 bits. The key is 112 bits, which is probably enough. But there
> are some kinds of attack that focus on the block size, and 64 bits is
> getting a bit marginal these days. Since most of the AES candidates are
> also faster and simpler than 3DES, switching to one of them makes good
> sense all round.
A 64-bit block size is only a problem if you send over 2^32 blocks of
ciphertext. And the keysize of 3des is 168bits not 112bits since the
memory required for a mitm attack is insane.
Any 64-bit block cipher with a effective keysize of 80 bits or more is
still usefull as a block cipher.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 11:01:40 GMT
Steve Roberts wrote:
>
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
>
> >> Does anyone have a suggestion as to what
> >> software to use?
> >I've had no problems with gsview. It's available at
> >http://www.cs.wisc.edu/~ghost/
> > Joe
>
> I have had problems with installing GSVIEW and it crashed when looking
> at certain pages. Itr may have been the way my PC was set up though.
> Instead I now convert PS to PDF using Acrobat Distiller and can then
> use the whole power of Acrobat to look at it, print it etc.
> Steve Roberts
Well I can include pdf files on my site if you like. I just used a
website to convert the word97 document to a ps file.
BTW has anyone read the paper yet?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 11:21:40 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
> > I wrote a mini paper discussing a method of extracting entropy from the
> > keyboard. It's at
> >
> > http://24.42.86.123/files/entropy.ps
>
> It would be nice if you would say in a couple of sentences here
> of what that method is and how one proceeds to determine how much
> entropy (method of measurement) is in the stuff one actually
> obtains from the keyboard. Thanks.
You type at the keyboard, I then make an order-0 model of the input and
calc the estimated entropy from that. For example the string
'ogt93trwebfwejkfbhwujhtuih3tlkgkw' contains an estimated 2.01 bits per
char of entropy (66.54 bits total).
To calc the entropy I just do the sum of -log2(Pi) for all Pi != 0.
Where P is a list of probabilities for each symbols and 'i' is an index
into that list. It's not hard at all to calculate and I even include a
snippet of source todo it in my paper.
Tom
------------------------------
From: Pred. <[EMAIL PROTECTED]>
Subject: Re: My STRONG data encryption algorithm
Date: Mon, 17 Apr 2000 11:19:42 GMT
Calling random(...) is non-portable. Please supply a portable PRNG so
we can evaluate this properly. Note that if we find the seed of the
PRNG, breaking this chiper is easy. On some platforms, the size of the
seed is only 2^16, making it easy (I think) to brute force for password
retriveal.
-Pred
> Hi all,
> I have developed a data encryption algorithm and I think it is very
> very strong,
> maybe the strongest ever. It is 32768-bit and can be programmed to be
> stronger easily if you wish. Of course, the stronger, the slower. It
is
> always slower than DES. But I think most people take more care of
their
> security and the famous morre rule will help to solve this problem.
> To ensure it's strong as well as to share it with you, I post the
> source code here to let you test and try breaking it. Please reply me
> if you find anything unsatisfactory in the algorithm. The code is
> written in Turbo C++ and is easy to understand. If you need a compiled
> exe file, email me and I will give you a copy.
> (Please use it for sientific research only)
> I am looking forward to your replies.
[code]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Paper on easy entropy
Date: 17 Apr 2000 07:36:36 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
>
>
>
>Steve Roberts wrote:
>>
>> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
>>
>> >> Does anyone have a suggestion as to what
>> >> software to use?
>> >I've had no problems with gsview. It's available at
>> >http://www.cs.wisc.edu/~ghost/
>> > Joe
>>
>> I have had problems with installing GSVIEW and it crashed when looking
>> at certain pages. Itr may have been the way my PC was set up though.
>> Instead I now convert PS to PDF using Acrobat Distiller and can then
>> use the whole power of Acrobat to look at it, print it etc.
>> Steve Roberts
>
>Well I can include pdf files on my site if you like. I just used a
>website to convert the word97 document to a ps file.
>
>BTW has anyone read the paper yet?
I sure do want to, but I need to make my NT box understand .ps first.
a .pdf file would be a lot easier for me to read.
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 13:39:29 +0200
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> More than that: it fits the classical definition of a back door.
> The insiders who placed this back door can access more information
> than they're entitled to
Yes. Despite Microsoft denials (*), the word "backdoor" does
apply IMHO.
> by using the password they left in there.
It is not really a "password" I believe. It is the key of an
encryption scheme, which makes some difference. The intend was
apparently to rush a feature to the market, rather than leave
an open access to a selected few.
BTW: how would you define "weenies" ? It is not in my dictionary.
Francois Grieu
(*) from
<http://www.microsoft.com/technet/security/bulletin/fq00-025.asp>
Q: I heard that Dvwssr.dll provides a "back door" into a web site.
Is this true?
A: No. A "back door" is a means by which a user who knows a
password or some other secret information can bypass access
control checking. Dvwssr.dll does not provide a way to do this.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 11:43:55 GMT
Guy Macon wrote:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
> >
> >
> >
> >Steve Roberts wrote:
> >>
> >> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> >>
> >> >> Does anyone have a suggestion as to what
> >> >> software to use?
> >> >I've had no problems with gsview. It's available at
> >> >http://www.cs.wisc.edu/~ghost/
> >> > Joe
> >>
> >> I have had problems with installing GSVIEW and it crashed when looking
> >> at certain pages. Itr may have been the way my PC was set up though.
> >> Instead I now convert PS to PDF using Acrobat Distiller and can then
> >> use the whole power of Acrobat to look at it, print it etc.
> >> Steve Roberts
> >
> >Well I can include pdf files on my site if you like. I just used a
> >website to convert the word97 document to a ps file.
> >
> >BTW has anyone read the paper yet?
>
> I sure do want to, but I need to make my NT box understand .ps first.
> a .pdf file would be a lot easier for me to read.
Ok you can get a pdf from http://24.42.86.123/files/entropy.pdf
It's a really short paper, but it discusses a way to get entropy other
then trapping hardware faults.
BTW: The site I used to convert the documents is this one:
http://wheel.compose.cs.cmu.edu:8001/cgi-bin/browse/objweb
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Mon, 17 Apr 2000 11:47:23 GMT
Stou Sandalski wrote:
>
> "Paul Rubin" <[EMAIL PROTECTED]> wrote in message
> news:8d5i2k$33h$[EMAIL PROTECTED]...
> > In article <[EMAIL PROTECTED]>, Jill <[EMAIL PROTECTED]>
> wrote:
> <snip>
>
> > fun way to do it would be with the random number generation hardware
> > built into the Pentium III chip set. That way there would be no
> > cryptography programming involved.
>
> There's rand number generator in the P III ? is it cryptographicaly random?
Yeah, but the problem is a) It's only in the PIII = not portable, b)
it's a secret, they won't say how to use it, but it's only a matter of
time before someone finds out how.
There are better ways to get entropy into a program.
Tom
------------------------------
From: Jaime Cardoso <[EMAIL PROTECTED]>
Subject: Re: Key exchange using Secret Key Encryption
Date: Sat, 15 Apr 2000 18:28:08 +0000
In SSL connections the man in the midle problem hisn't exactly overlooked.
When a browser connects to and SSL url, among all that hand shake stuff, it
also sends some random characters, not to many to prevent the known cyphers
attack to the server, i think.
The server then encripts those random characters using his private key and
sends them back to the browser with his certificate. The browser cn then use
the public key of the server to unencript the characters and validate that
the sender his the owner of the certificate.
You also have to keep in mind that there are several human factors that
makes an attack more dificult to the client side:
Most people only get a certificat from someonr (human or server) when they
receive a signed e-mail and/or when they connect to a secure SSL server so,
the integrity of the certificate his more or less assumed (because of the
random characters) and, people change theyre browser a lot (the average, i
think his every 6 monthes) so, if someone could hack my computer and change
by trusted signers database, they would only get something for 6 monthes (or
until I click the alidate certificate button).
Has for the work done by Verisign, we are Verisign partners in Portugal for
SecureIT products and, let me tell you that they seem to be very carefull in
theyre authentication job. When I apply to a Global server ID, they asked me
for my D.U.N.S. number (the number Dun & Bradstreet gives to all companyes)
and, I was amased what they check with just that number.They have an
infrastructure in place that, you would have to deceive Dun & Bradstreet
(easy), Verisign (not so easy), your local domain registration (the company
that asignes your server URL ) hard and, the banking intitution that will
pay your certificate.
It's possible but, can anyone realy do it?
//Jaime Cardoso
[EMAIL PROTECTED] wrote:
> In article <8bvdfk$ghs$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Strangely enough, many "secure" connections, such as those used in
> > browsers, completely ignore the man-in-the-middle problem.
> Not quite accurate. They don't ignore the problem, they push it off
> somewhere else. In the case of SSL, they push it to server
> certificates. Your browser uses the server's public key to encrypt the
> session key which it uses to encrypt the data. To avoid a MITM attack,
> it is necessary to verify the server's public key. So, the server's
> public key comes with a certificate that attests that the key belongs to
> "www.foo.com". The browser verifies that the owner specified by the
> certificate is, in fact, the address which the browser thinks it's
> talking to. Next, the browser has to know if the *certificate* is
> valid. The certificate is signed by a certificate authority (like
> Verisign). To check the certificate's validity it is necessary to have
> the signer's public key. Where does the browser get that? It came with
> the browser.
> So, under the following assumptions, SSL connections are secure:
> 1. The crypto in the browser is correctly implemented and unmodified.
> 2. The certificate database in the browser is correct.
> 3. The certificate authorities do their jobs.
> However, given that in many cases the browser is downloaded
> (unencrypted) over the Internet, assumptions 1 and 2 can be
> questionable. And I don't even want to think about assumption 3.
> The flip side of this is that an attacker would have to tweak your
> browser or cert database (meaning access to your machine, or advance
> preparation to compromise your browser when you download it) or
> compromise a CA before they could even begin to mount the active attack
> required to compromise SSL communications.
> I don't know about you, but if they want to go to all that effort, they
> can have the $50 left in my credit limit.
> Shawn.
>
> Sent via Deja.com http://wX-Mozilla-Status: 0009 you buy.
------------------------------
From: =?iso-8859-1?Q?Jos=E9?= Antonio Fuentes =?iso-8859-1?Q?Fern=E1ndez?=
Subject: For Mike Rosing (by JOKER)
Date: Mon, 17 Apr 2000 14:06:09 +0200
Fist, thanks for your answer. But my idea is that I give an exe file
(which you can put a word, number or date and it give the encryption) to
someone (or some institution) and he prove to discover the cryptosystem. I
want to say if someone can prove to destroy my cryptosystem and if a give him
some encryption word he can give the original word.
Another time thanks (and sorry for my English)
JOKER-17
Mike Rosing wrote:
> José Antonio Fuentes Fernández wrote:
> >
> > I have done a little cryptosystem but I don't know how smart is. Is
> > there some software to prove it or some place where can prove it?
> > I agree any answer. Thanks for all.
> > Sorry for my English.
> ---------------------------------------------------------------
> Post it here:
> http://www.wizard.net/~echo/crypto-contest.html
>
> Patience, persistence, truth,
> Dr. mike
--
===============================================================
José Antonio Fuentes Fernández
Becari del LCS
Departament de Matemática Aplicada II
e-mail: [EMAIL PROTECTED]
telf: 696 46 63 42
===============================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
