Cryptography-Digest Digest #241, Volume #12 Tue, 18 Jul 00 04:13:00 EDT
Contents:
Re: what is the symmetric algorithm for protection of classified info by (jungle)
Re: Carnivore and Man-in-the-middle (jungle)
Re: Question Regarding Encrypting CD-ROM -RW Disks (Tom Knight)
Re: Carnivore and Man-in-the-middle ([EMAIL PROTECTED])
Re: Skipjack source in C (Eric Smith)
Re: Question Regarding Encrypting CD-ROM -RW Disks (Mr Julian Gomez)
Re: Skipjack source in C (John Savard)
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? ("Garrett Kajmowicz")
Re: Has RSADSI Lost their mind? (David Hopwood)
Re: Crypto analyze tool. (JPeschel)
Re: Question Regarding Encrypting CD-ROM -RW Disks (JPeschel)
Re: Has RSADSI Lost their mind? (David A. Wagner)
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? (David A. Wagner)
Re: RC5 Question (Runu Knips)
Re: what is the symmetric algorithm for protection of classified info by (Runu
Knips)
Re: Win2000 Encryption (Mack)
Re: mirror bit !! (Bryan Olson)
Re: SECURITY CLEAN freeware text editor in win95 ? (Runu Knips)
----------------------------------------------------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by
Date: Mon, 17 Jul 2000 20:30:43 -0400
are you saying that obscurity is the security used for protection of classified
info by gov agencies ?
instead of the cipher strength ?
Runu Knips wrote:
>
> jungle wrote:
> > which is paraphrase of "I don't know." ?
>
> Which is a paraphrase of "Those which know won't tell you".
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Carnivore and Man-in-the-middle
Date: Mon, 17 Jul 2000 20:50:50 -0400
[EMAIL PROTECTED] wrote:
>
> [EMAIL PROTECTED] wrote:
> > As most of you already know, the FBI has announced its intention to
> > install the "Carnivore" packet-sniffing system in every ISP's data path,
> > such that all traffic passing through that ISP can be sniffed by some
> > Carnivore system. The stated purpose of this system is to snoop on the
> > contents of suspected criminals' emails when permitted by judicial
> > wiretap order.
>
> As I understand it, they intend to place it at particular ISPs when
> they have a court order to intercept mail.
not really,
the box is TOTALLY FBI secured, therefore no one [ event ISP ]
knows what FBI is / will collect ...
------------------------------
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
From: Tom Knight <[EMAIL PROTECTED]>
Date: 17 Jul 2000 21:08:45 -0400
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
> Well, wiping a CD of any form is a very different prospect from wiping a
> hard drive, but the old standby of destruction by fire is a very viable
> option, and works quite well on CDs.
Microwaving slightly unused AOL CD's is a favorite passtime of MIT
students. If you do it correctly, you get a nice, even, crackling
pattern from the sparks. Do not overcook! Serves two.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Carnivore and Man-in-the-middle
Date: Tue, 18 Jul 2000 01:26:07 GMT
jungle <[EMAIL PROTECTED]> wrote:
> not really,
> the box is TOTALLY FBI secured, therefore no one [ event ISP ]
> knows what FBI is / will collect ...
Yes, but the original assertion that a canivore unit will be
permanently installed in every ISP's data path is something I haven't
heard before. (And tend to doubt ;)
Granted, the entire system has some serious issues to be resolved, but
paranoia cerainly won't help.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: Skipjack source in C
Date: 17 Jul 2000 19:03:22 -0700
Chem-R-Us <[EMAIL PROTECTED]> writes:
> Anybody got a link to Skipjack in C?
stanislav shalunov <[EMAIL PROTECTED]> writes:
> ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/skipjack/
>
> Search engines are your friends. (There are, supposedly, better
> optimized versions, but Skipjack is optimized for hardware anyway.)
If you mean that Skipjack contains optimizations for hardware at the
expense of making software implementations less efficient, I believe
you are mistaken.
A straightforward PIC microcontroller implementation of Skipjack using only
the most obvious optimizations achieves twice the performance of the DES
implementation that I spent much time optimizing. Both are available
from my web page:
http://www.brouhaha.com/~eric/crypto/
Admittedly the PIC microcontroller's memory constraints preclude any
optimizations that would involve use of additional table space,
precomputed subkeys, etc., so there might be less of a performance
difference on a bigger processor. But even on my desktop PC, an only
slightly optimized Skipjack still seems to outperform a highly optimized
DES by a fair margin.
I suspect that the people charged with creating ciphers like Skipjack
probably do have as a goal to try to make software implementations
efficient. Usually an algorithm that can efficiently be implemented
in software can also be efficiently implemented in hardware.
------------------------------
From: Mr Julian Gomez <[EMAIL PROTECTED]>
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
Date: Tue, 18 Jul 2000 12:14:07 +1000
On Mon, 17 Jul 2000, Joseph Ashwood wrote:
> Well, wiping a CD of any form is a very different prospect from wiping a
> hard drive, but the old standby of destruction by fire is a very viable
> option, and works quite well on CDs. I'm not sure why you're bothering with
> 3 different programs that perform essentially the same operations,
> personally I'd just choose one of them (probably PGP) and lose the others.
One question. Doesn't using 3 different algorithms actually add a bit
to security ? (One algorithm might succumb to some attacks more easily),
or do these algorithms, PGP, Blowfish et cetera, actually have a few
starting bits/bytes of the encrypted text actually indicating to the
decrypting function, "This is a Blowfish algo", "This is a PGP algo" ?
I think it doesn't, corrections ?
Basically, what I'm trying to say is, doesn't using 3 different
encryption functions, rule out using any algorithm weak points for
attack and thus falling back on a brute-force ? ("feasibility" wise?)
Cheers!
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Skipjack source in C
Date: Tue, 18 Jul 2000 02:24:56 GMT
On 17 Jul 2000 11:17:47 -0400, stanislav shalunov
<[EMAIL PROTECTED]> wrote, in part:
>Skipjack is optimized for hardware anyway.
Well, at least it operates on whole bytes at a time, which makes it
better for use in software than DES, with all its bit transpositions.
Of course, it makes better use of an 8-bit microprocessor than it does
of one with 32-bit data paths...
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Garrett Kajmowicz" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: Mon, 17 Jul 2000 22:53:43 -0400
"jungle" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> are you saying that obscurity is the security used for protection of
classified
> info by gov agencies ?
> instead of the cipher strength ?
You would think that the governments would want the general population to be
able to look at the cyphers hey are going to use. Like many open-source
projects, you can get a lot more power that way, especially when it comes to
designing the new cyphers they are going to use.
On the other hand, you don't want the enemy using something as strong as you
are either......or for that fact knowing what you are using yourself.
I wonder what would happen if the NSA was to publicly post either several
messages or an algorithm that the enemy was using and offer a reward to
anybody who could crack it. You'd probably get a lot of eople wasting their
spare time to crack it. They might even succeed.
Cheers!
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
Date: Mon, 17 Jul 2000 17:36:54 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Has RSADSI Lost their mind?
=====BEGIN PGP SIGNED MESSAGE=====
Mark Wooding wrote:
> Bodo Moeller <[EMAIL PROTECTED]> wrote:
>
> > when the server reuses its DH key (which cannot be done with DSA-style
> > parameters because of small-subgroup attacks),
Am I not correct in thinking that it's OK to re-use DH keys iff it is
checked that all transmitted group elements are of large order?
For p = 2qR + 1 with q and R prime, that can be very cheap, since if
y is a transmitted value, it's sufficient to check that 2 <= y <= p-2.
(This is a combination of method 3.3 and part of method 3.1 in RFC 2785.
Also see the thread with subject "Diffie-Hellman Primes : Speed Tradeoff
Q".)
> This is interesting, and not something I've come across before. Does
> anyone have a more detailed reference?
C.H. Lim and P.J. Lee,
"A key recovery attack on discrete log-based schemes using a prime
order subgroup",
Advances in Cryptology - Crypto '97,
Lecture Notes in Computer Science, vol. 1295, 1997,
Springer-Verlag, pp. 249-263.
and
RFC 2785, "Methods for Avoiding the 'Small-Subgroup' Attacks on the
Diffie-Hellman Key Agreement Method for S/MIME"
(Note that most of RFC 2785 isn't specific to S/MIME.)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOXM14jkCAxeYt5gVAQELHQf/ekbGuDvFRLupCx+PqVndXCpEeYZRwjzs
an9cAiIkznl3gwHjSFlsDYrpD3XJ5j7CtIIySBuC6JJeUN906de5lG2oO0ZUnVUl
CP8BavWBdvVUXLEMHsWQxOaTGuBGjS9lmjbE/nMazE2xn8K+FXFvaIcUnQTKp9sx
CM5oZpgfJneseEFUtHoWuSLQ42Wkt4WQD0jD7uykaG1z+yiaevwSC895wdaKGgbC
hpSn/mS5Eao0F2z74KkH5kI9w6YDqeM43kXEpEeCz1LkwlfwuB4njkZrxavXujdx
2pv3lWYO9OJFjbdkrTp8lSy68pVZNzQguDtkGx9tQjfNVaY/aOfsgw==
=MpjI
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 18 Jul 2000 04:38:18 GMT
Subject: Re: Crypto analyze tool.
"Joseph Ashwood" [EMAIL PROTECTED] writes, in part:
> Just to give you
>some idea of the complexities of analysis of ciphers, judging them on rounds
>doesn't work (RSA is secure with 1 round, DES takes several), you can't
>judge them on size (a Vigenere cipher can be gigabytes in size and still be
>weak...
What do you mean by "a Vigenere cipher can be gigabytes in size:" the
Vigenere key? How do you propose breaking a Viggy that uses a key
of that size?
>(the gigabyte+ Vigenere
>would certainly not be bruteforcable), on the final operation (RC4 uses XOR
>on the output of the pRNG, so does a vigenere).
No, a classical Vigenere doesn't use XOR.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 18 Jul 2000 04:49:35 GMT
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
Barrister9@aol. (omit these words) com writes, in part:
>I have been using Puffer and Crypta-Pix, both of which use 160 bit
>Blowfish to encrypt, as well as PGP to encrypt text and binary files
>residing on either my hard drive, floppy diskettes or Zip diskettes.
Puffer, CryptaPix, and PGP are all good choices for strong
encryption. I like Puffer's capability of doing multiple files overwrites
on hard disk files and on free space.
>My question is, given the nature of CDs, which, I understand, is not a
>magnetic medium, can these encryption programmes be used with them in
>the same way that they can be with diskettes, etc? Are there any
>problems in using these forms of encryption with CDs that are
>different than with the older media? Is there anything different
>about wiping these CDs with the above-mentioned, or other programmes?
I don't believe you can effectively overwrite data on a CD. You
should, however, be safe so long as only encrypted files reside
on the CD. Use Puffer to overwrite the plaintext on your hard
drive.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Has RSADSI Lost their mind?
Date: 17 Jul 2000 23:05:41 -0700
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
> Am I not correct in thinking that it's OK to re-use DH keys iff it is
> checked that all transmitted group elements are of large order?
No, it's not sufficient for them to have large order.
Consider the Lim-Lee attack: Alice sends g^a, Mallet changes this
to - g^a (which has large order), Bob computes (- g^a)^b, and uses
this as his shared key; Bob sends g^b, Alice computes (g^b)^a, and
uses this as her shared key. This discloses a bit of information
on b, since key transfer succeeds iff b is even. At least, I _think_
this is the Lim-Lee attack, anyway; I didn't double-check, and I
could be wrong.
You should check that all transmitted values are in the subgroup,
not just that they have large order.
> For p = 2qR + 1 with q and R prime, that can be very cheap, since if
> y is a transmitted value, it's sufficient to check that 2 <= y <= p-2.
I don't think this is correct either. If R is small, then y = g^{2q}
is a counterexample. But in any case, checking for large order is not
enough.
A trick that is useful: In some protocols, instead of checking that
the transmitted value is in the subgroup, one can force it into the
subgroup. E.g., instead of checking that y is in the order-q subgroup,
simply compute y' = y^{2R}, and use y' in all subsequent computations.
One need merely check that 1 < y' < p-1, and then one can be sure that
y' is a non-trivial element of the q-order subgroup.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: 17 Jul 2000 23:22:52 -0700
Garrett Kajmowicz <[EMAIL PROTECTED]> wrote:
> You would think that the governments would want the general population to be
> able to look at the cyphers hey are going to use. Like many open-source
> projects, you can get a lot more power that way, especially when it comes to
> designing the new cyphers they are going to use.
Balderdash. We in the open community might like it if the NSA did that,
but the NSA has plenty to lose, and little to gain, from such a course
of action.
First, remember that the NSA is only responsible for the security of
our military infrastructure, _not_ our civilian infrastructure. We can
argue over whether this policy decision is wise or not, but it's not up
to the NSA; this is one of the constraints that the NSA must work under.
Second, remember that up until only recently, the public didn't have a
clue about how to design strong ciphers, whereas the NSA has something
like 50 years of experience.
Third, remember that the NSA has many more resources, many more
mathematicians, much more experience doing this stuff, and much, much
more motivation (after all, lives are on the line, and it's the NSA's
responsibility if the crypto fails!).
Even now that the open community is starting to learn how to do crypto
design, it's not clear that the NSA would benefit much from releasing
their old cipher designs to the world.
I'm guessing that the NSA probably has enough resources that if they want
to break a cipher, they can lock a few mathematicians in a room for ten
years and tell them "don't come out until you broke it". The same goes
for cipher design. That just doesn't work in the academic community,
and that gives the NSA a big leg up.
Fourth, remember that publishing this stuff might teach the USA's enemies
how to secure their communications systems and reduce the effectiveness
of our SIGINT assets. This may no longer be a big worry today, given
the publicity crypto has received over the past decade, but two or three
decades ago, this would probably make a pretty compelling argument.
Finally, remember that there is some small but non-zero chance that
publishing our cipher systems might just give our enemies the edge they
need to break our systems.
------------------------------
Date: Tue, 18 Jul 2000 09:50:56 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: RC5 Question
Jeffrey Williams wrote:
> Well, you want to be carefull about that. Much depends upon your
> compiler, your OS, and the phase of the moon (well, you can skip the
> phase of the moon, mostly).
It was a practical advice what works well at the moment. Of course
things will be different in future.
> [...] Using a typedef would be a very good idea. [...]
????
Thats exactly what we did ?
------------------------------
Date: Tue, 18 Jul 2000 09:53:08 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by
jungle wrote:
> are you saying that obscurity is the security used for protection
> of classified info by gov agencies ? instead of the cipher
> strength ?
Not instead. Additionally to it. Those algorithms are by the NSA,
i.e. checked by 40,000 mathematicans and an unknown, but surely
large amount of knowledge about cipher design which isn't
publically available.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Win2000 Encryption
Date: 18 Jul 2000 07:58:56 GMT
>Mack wrote:
>>
>> Greg [EMAIL PROTECTED] wrote:
>
>> >And what is more odd is that there is no password provided to me.
>>
>> Should be the same as the password for your user name.
>You mean Win2000 stores the password in a retrievable form???
>
Yes, while you are on line it supposedly stores it in some sort
of id token. It gets the password from you and keeps it in memory.
Hopefully it is designed not to swap it to the swap file but I wouldn't
count on that. I am led to understand there is some sort of lookup
table that allows a master key for each user to determin a file key.
Public Key algorithm possibly?
>Greetings!
>Volker
>--
>The early bird gets the worm. If you want something else for
>breakfast, get up later.
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: mirror bit !!
Date: Tue, 18 Jul 2000 07:53:26 GMT
[EMAIL PROTECTED] wrote:
> Mok-Kong Shen say
>
> (2) Mirroring. This also has levels similar to swapping. At the first
> level, the bits of the word referenced are exchanged by mirroring
about
> the central axis. At the second level, the mirroring is done
separately
> on each half of the word. Analogously for the higher levels.
>
> could you give me some example please with 32 bit number !!!
Here's 32-bit mirroring in Python. The translation to
C is immediate. It prints Mark Wooding's example.
I think of 32-bit mirroring as higher level than mirroring
smaller parts independently; the code builds the higher
levels from the lower levels.
def bit_mirror_32(x):
x = ((x & 0x55555555) << 1) | ((x & 0xAAAAAAAA) >> 1)
x = ((x & 0x33333333) << 2) | ((x & 0xCCCCCCCC) >> 2)
x = ((x & 0x0F0F0F0F) << 4) | ((x & 0xF0F0F0F0) >> 4)
x = ((x & 0x00FF00FF) << 8) | ((x & 0xFF00FF00) >> 8)
x = ((x & 0x0000FFFF) << 16) | ((x & 0xFFFF0000) >> 16)
return x
print bit_mirror_32(2329946913L)
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 18 Jul 2000 10:04:14 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
jungle wrote:
>
> most of the programs are very smelly & dirty ...
>
> any help for freeware in win95 :
> SECURITY CLEAN text editor [ like NOTEPAD ] that can be used to edit
> up to 1 MB files ?
>
> SECURITY CLEAN =
> - no temp files
> [ permanent or / and intermittent = deleted after program closed ]
> - no entries in registry
> - no windows folder messing
Go www.vim.org and get the Windows-Port of Vim. Vim is the AFAIK
most comfortable variation of 'vi' (doesn't share any code with
the original vi or other vi-clones), it has multiple undo, syntax
highlighting etc.
Call it with:
vim -n
Vim can also encrypt your files.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
