Cryptography-Digest Digest #982, Volume #11 Fri, 9 Jun 00 01:13:01 EDT
Contents:
Re: Random IV Generation ("Adam Durana")
Re: PGP Self-Decrypt (Tom McCune)
Re: Cryptographic voting (zapzing)
Re: Cryptographic voting (zapzing)
Re: Cryptographic voting (Greg)
Re: Cryptographic voting (zapzing)
Re: Cipher design a fading field? (wtshaw)
Re: Question about recommended keysizes (768 bit RSA) (Your Name)
Re: Cryptographic voting (Virgil)
Re: Cipher design a fading field? (wtshaw)
----------------------------------------------------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Random IV Generation
Date: Thu, 8 Jun 2000 22:40:06 -0400
An initialization vector (IV), does not need to be generated by a secure
random number generator. It does not even need to be random. It just has
to be unique for each message. The idea behind an IV is to make two
identical plaintexts encrypted with the same key produce different
ciphertexts. It wouldn't hurt to use a secure rng, but its not needed. The
IV can even be made public.
- Adam
"Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > o Use a PRNG to generate 8 random byte values (0-255)
>
> Just use the random values themselves. You don't need to hash them. Random
is
> random.
>
> Use a cryptographic-strength PRNG, *NOT* the 'rand()' function in your
> computer's libc library. Bruce Schneir has a good one for Windows (Yarrow,
see
> http://www.counterpane.com ), and there exists a number of good ones for
Unix
> (and even not-so-good ones like my Ocotillo PRNG at
> http://twofish-py.sourceforge.net :-). If you are using Linux or FreeBSD,
the
> situation is even simpler: simply request 8 bytes from the file
"/dev/random".
> Voila!
>
> > should i just truncate the output to 64 bits, and if i do this will
> > the output still be random?
>
> In cryptography, you should more properly call these numbers
"unpredictable"
> rather than "random". "random", properly, refers to a statistical
distribution
> of a set of ordered pairs, and not all random distributions are
unpredictable.
> For example, rand() in your "C" library probably produces a statistically
> verifiable random distribution -- yet is quite predictable (if you know a
> small subset of values, you can predict the next set of values with 100%
> accuracy).
>
> But yes, if the set of values is unpredictable, then a subset of those
values
> will also be unpredictable. So you can safely truncate a 128-bit random
value
> to 64 bits and while you've chopped your entropy (you have half the bits
to
> play with!), you haven't chopped any more entropy than any other method
would
> chop.
>
> --
> Eric Lee Green [EMAIL PROTECTED]
> Software Engineer Visit our Web page:
> Enhanced Software Technologies, Inc. http://www.estinc.com/
> (602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: PGP Self-Decrypt
Date: Fri, 09 Jun 2000 02:50:45 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <W9Y%4.6361$[EMAIL PROTECTED]>, "Paul
Pires" <[EMAIL PROTECTED]> wrote:
>Could you give me a link to where I might find more information on this?
>I tried the PGP page and got hopelessly overwhelmed. Is it such a small
>freebee that it is not discussed alone? Norton announced a similar
>utility using Blowfish awhile ago and then it simply vanished from their
>site. I want to track this one down before it vanishes too.
I would suggest going to this link and getting the manual:
http://www.pgpi.org/doc/guide/6.5/
You can also get the equivalent to the SDA in F-Secure Desktop:
http://www.stallion.ee/fsecure/download/
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.3
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
iQA/AwUBOUBbmQ2jfaGYDC35EQJXdwCgz6r5S9NCbOMWVm8j4LdBrIZiZfIAoKFf
nVv34SQb37JwLL8vtoYPbBKu
=ev3y
=====END PGP SIGNATURE=====
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 02:50:45 GMT
In article <8hpjft$ak$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>
> > Surprisingly, I think I have come up with a protocol
> > that will fulfill this requirement, to a certain
> > extent, but it needs a trusted party to set it up.
>
> The trust factor will keep the system suspect.
>
> Let me go back to my voter U voting V...
>
> U must assure that a voter only votes once, but does not identify the
> voter explicitly. This said, U must derive from part of the physical
> body that is not going to change, and is readily readable. Retna
scans
> come to mind.
>
> A person never has to register if we say that anyone in the US can
vote
> (and in practice, we do). They merely have to put their eye up to the
> scope and get a print out. No names, no address, etc. The system
> makes certain they don't double vote anywhere.
>
> (If and win a person must identify themselves, then their full name
and
> address can be used to derive the public and private keys.)
>
> In other words, you can say that voter with retna scan
> 0188275183019261847182 voted only once, but you have no idea who that
> person is. The person knows. They are given their private and public
> keys from the retna scan (the number above is the public key).
>
> Then the act of authenticating and publishing the votes is trivial.
You have replaced my trusted *party* with a trusted
*device*, an interesing accomplishment, but not
earthshaking. What is someone tampers with the
retinal scanners?
Besides I was thinking more in terms of a smaller
number of people voting, say over the internet,
so that we would have to rely on "what you know"
rather than "what you are" or "what you have".
Not to say that your idea is bad though, I suppose
there are uses for both.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 02:59:24 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> Greg wrote:
>
> > > > A person cannot be compelled to identify himself (according to
the
> > > > SCOTUS) but we must have a mechanism in place to ensure that
each
> > > > person casts only one vote and no more. This is one of the
easiest
> > and
> > >
> > > This sounds like demanding a perpetum mobil. The only way to
ensure
> > > absolutely correct voting seems to require at the minimum
nonforgeable
> > > ID cards or their equivalents that uniquely map to the physical
> > persons,
> > > I conjecture. BTW, I am surprised to learn that the US voting
system
> > is
> > > so vulnerable at its foundation.
> >
> > Read Vote-Scam by Devvy Kidd (www.devvy.com) and you would be
> > absolutely amazed as to how fragile and corrupt our system is.
> >
> > There is an element of logic that a person should have to identify
> > themselves in order to vote. On the other hand, to assign a penalty
to
> > the task of identification is to forfeit's one's right to self
> > incrimination. That, I believe, is the crux of the matter.
> >
> > When people hear about "Meranda", they think "your rights explained
by
> > a peace officer". But in fact, the Meranda decision was far more
> > brutal against government interference in our lives than most
realize.
> > The most significant portion of the Meranda decision stated that the
> > government cannot compell a person to identify themselves and that
> > people are not required to carry identification of any sort on their
> > person, even when walking the streets late at night. But that is
> > another story.
>
> First, the Miranda decision is spelled that way. Second, I believe
that
> citizens are required to identify themselves upon request, but are not
> required to produce identification of any kind.
Actually, when I was stopped by the "fashion police"
some time ago for wearing all black and being out
for a walk, I refused to answer any questions and
they just let me go. If precedent is 90% of the law,
then this indicates that they usually don't press
you. I later went to the library to look stuff up
and found that Florida *does* have a stop and frisk law
that allows an officer to stop any citizen, frisk
him/her and ask them for their identification and
what they are doing. Surprisingly, though, there is
no penalty specified for not answering, and legal
precedent has established that not answering doesn't
constitute resisting arrest. (now you know what state
I live in)
So, no I don't think you do have to identify
yourself. Not sure about the feds, though.
they might just say "this is an Audit!"
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 03:22:56 GMT
> You have replaced my trusted *party* with a trusted
> *device*, an interesing accomplishment, but not
> earthshaking. What is someone tampers with the
> retinal scanners?
Yes, I have considered that. There seems to be no way around what
people can do. Even if we were able to identify voters and then use
their name and address, they could use different forms of their legal
name. For example, Greg, or Gregory, or Gregory R. or Gregory Raymond,
etc.
--
Tyranny is kept at bay by guns and will. Our government
knows we have the guns, but they don't know if we have
the will. Nor do we.
The only lawful gun law on the books- the second amendment.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Fri, 09 Jun 2000 03:56:43 GMT
In article <8hpnu1$3g8$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>
>
> > You have replaced my trusted *party* with a trusted
> > *device*, an interesing accomplishment, but not
> > earthshaking. What is someone tampers with the
> > retinal scanners?
>
> Yes, I have considered that. There seems to be no way around what
> people can do. Even if we were able to identify voters and then use
> their name and address, they could use different forms of their legal
> name. For example, Greg, or Gregory, or Gregory R. or Gregory
Raymond,
> etc.
Scary, isn't it? that's why I say the heck
with voting, let's just have a Monarchy!
That protocol is quite secure!
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Cipher design a fading field?
Date: Thu, 08 Jun 2000 21:26:48 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > ... It can be that a trick is necessary to help solving,
> > and the trick is esoteric until found, like the CIA sculpture.
>
> I don't think the solved portions of Kryptos were particularly
> tricky. The main "trick" was to become convinced that an answer
> could be found, and of course to know enough about cryptanalysis
> to then proceed along reasonable lines of attack.
A simple trick is easy to someone who knows what is happening and even
unbelievable to misdirected audiences of magicians. There is something to
the statement that if you find what you are looking for, you find should
find it in the last place you look.
The problem in proceeding along reasonable lines of attack is that a
cipher can be designed to appear promising in one direction, eat analysis
time like mad, but be something entirely different. You may not appear to
know enough about cryptoanalysis if you indeed don't, give up too easily,
are convinced that a blind alley is the real lead, or fail to pick up on a
subtile clue.
It is more than rote knowledge, and some are better at it than others.
There are some things you cannot fully teach, contrary to the military
thinking that this not so. But, if you hand out a road map, those that
know the map will be able to anticipate ciphers along the road, which does
no mean that the completely unanticipated cipher can be fully dealt with
by the same folks.
--
If you wonder worry about the future enough to adversely limit
yourself in the present, you are a slave to those who sell security.
------------------------------
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Fri, 09 Jun 2000 04:42:38 GMT
On Thu, 08 Jun 2000 10:15:43 -0400, Paul Koning <[EMAIL PROTECTED]>
wrote:
>Jerry Coffin wrote:
>>
>> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>>
>> [ ... the Cyber 175 ]
>>
>> > It did run the worst designed timesharing system I've ever
>> > used. (Then again, I never did get to use RAX...)
>>
>> Out of curiousity, which was that? Scope and NOS were both pretty
>> awful, but if there was something even worse, it'd be interesting to
>> know what it was...
>
>NOS. Designed as a batch system and fit only for that.
>
>(RAX was a "timesharing" system for IBM 360s...)
> paul
Although I don't know what you guys are talking about, I do
remember an IBM 360 because many moons ago I was
taking a graduate course in Numerical Analysis and the
work was to write ten algorithms in Fortran which I never
heard of for that computor which I also never heard of.
Writing the algorithms was not too difficult after you learned
some language, but then you had to type each instruction
onto a thick paper card, hand the stack of them to the computer
operator, wait a day and get a large sheet of "syntax" errors,
and submit them a few more times untill it worked. I did manage
to complete nine of the ten and got an A- but it was a nitemare
because of the frustration, I never wanted to see another
computer and I rejected applied math because proveing
theorems was a lot more fun which is why I am now a
newbie and not a whiz.
Rich E.
------------------------------
From: Virgil <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Thu, 08 Jun 2000 22:47:58 -0600
In article <8hpguo$u8t$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]>
wrote:
>Tyranny is kept at bay by guns and will. Our government
>knows we have the guns, but they don't know if we have
>the will. Nor do we.
>The only lawful gun law on the books- the second amendment.
Every modern tyranny is enforced by guns and will.
Whether the possession of guns suppports freedom or tyranny depends on
the will of the gunners. Since the will of the gunners in this country
is to force their views on a disagreeing majority, they are supporting
tyranny.
Their leader seems to have given up the role of Moses to take up the
role of Julius Caesar.
--
Virgil
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Cipher design a fading field?
Date: Thu, 08 Jun 2000 22:01:28 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
>
> [snip]
>
> > Thereafter, it is merely like a subset of my 3-way cipher with a simple
> > alternation of modes. With Slidefair, there are only 3 basic
>
> [snip]
>
> Could you give a pointer to your 3-way? Thanks.
>
> M. K. Shen
I'm pointing at it right now...sorry, no URL. :-(
To say the least, my programming methods are straightforward in my eyes.
Part of the following function will mean little without understanding the
interface and other functions, but you should be able to see some of what
is going on:
LOCAL FN process
FLUSHEVENTS:WINDOW #1:EFnum=WINDOW(_EFnum):CURSOR _watchCursor
IF EFnum<>6 THEN alertnr = 6: GOTO "noway"
cwstep=VAL(efv$(10)):cwrnd=0:UL=0:FN GetArray:L=elf(6)
cwc=1:cmk=1:b$="" 'codeword and length
EDIT$(11)=STR$(L)
LONG IF Lcw
LONG IF L>5
EDIT$(6)="":mi&=MEM(_maxAvail):nc=0
FOR n=1 TO L:a$=INDEX$(n,6):test=0:
IF a$>="A" AND a$<="Z" THEN caps=1 ELSE caps=0:a$=UCASE$(a$)
LONG IF a$>="A" AND a$<="Z"
cwL$=MID$(cw$,cwc,1):cwc=cwc+1'get key char and count
mkL$=MID$(mk$,cmk,1):cmk=cmk+1'get mode char and count
realmode=0
IF mkL$="c" THEN realmode=promode
IF mkL$="p" THEN realmode=-1*promode
FOR j= 1 TO 26:t$=MID$(curalpha$,j,1)'find in table
IF t$=cwL$ THEN kp=j:j=26 'position key letter
NEXT j
LONG IF cwstep
kp&=kp+(cwrnd*cwstep):IF kp&>26 THEN kp&=kp& MOD 26
IF kp&=0 THEN kp=26 ELSE kp=kp&
END IF
LONG IF realmode>0 'for std vigenere encode, variant
decode
FOR j=1 TO 26:t$=MID$(curalpha$,j,1)
IF t$=a$ THEN tp=j:j=26 'position of text letter
NEXT j 'cp is code letter position
cp=kp+(tp-1):e$=MID$(curalpha$,cp,1)
END IF
LONG IF realmode<0 'for std vigenere decode, variant encode
FOR j=27 TO 52:t$=MID$(curalpha$,j,1)
IF t$=a$ THEN cp=j:j=52
NEXT j
tp=(cp+1)-kp:e$=MID$(curalpha$,tp,1)
END IF
LONG IF realmode=0 'for beaufort process
FOR j=1 TO 26:t$=MID$(curalpha$,j,1)
IF t$=a$ THEN tp=j:j=26 'position of text letter
NEXT j 'cp is code letter position
kp=kp+26:cp=kp-(tp-1):e$=MID$(curalpha$,cp,1)
END IF:
a=ASC(e$):IF caps=0 THEN e$=CHR$(a+32)
IF cwc>Lcw THEN cwc=1:INC(cwrnd)'check to reset codeword
IF cmk>Lmk THEN cmk=1:
b$=b$+e$:nc=nc+1 'pass encoded letters
XELSE 'pass symbols on words
b$=b$+a$:nc=nc+1
END IF
LONG IF nc MOD 25 = 0 OR n=L
FN TEappend(6,b$):b$="" 'break long output string
END IF
NEXT n:FLUSHEVENTS:EDIT FIELD #6:SETSELECT 0,0:EDIT FIELD #0
XELSE
alertnr = 3 'too brief
END IF
XELSE
alertnr = 4 'no keyword
END IF
"noway" CURSOR _arrowCursor 'end of length test
END FN
The source code is not interpreted except in debugging, but is fully
compiled to rather compact machine code.
I can give a simple explanation here as to how it generally works:
Consider in a base 26 set, A=0 and Z=25 for both Ct and Pt and key.
Depending on the historic algorithms, the following are true, at least in
common current usage, for the current letters:
Beaufort: Pt + Ct = K mod 26
Variant: Ct + K = Pt mod 26
Vigenere: Pt + K = Ct mod 26
In the implementation, sensing the current changable mode, K, P, or C,
direct the logic to the proper derived equation to get Ct in encryption,
or Pt in decryption. The mode key might be kpc which means the mode used
for processing will cycle, and this is independent of the key letters in
the keystring, which might be of a different number than those in the mode
key.
If the mode key is simply k, one letter, then the processing is pure
Beaufort, etc.
--
If you wonder worry about the future enough to adversely limit
yourself in the present, you are a slave to those who sell security.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
