Cryptography-Digest Digest #260, Volume #12 Thu, 20 Jul 00 18:13:00 EDT
Contents:
Re: RC4 free for noncommercial ? (Simon Johnson)
Re: RC4 free for noncommercial ? (Larry Kilgallen)
Re: RC4 free for noncommercial ? (Roger Schlafly)
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: Has RSADSI Lost their mind? (Sander Vesik)
Re: Has RSADSI Lost their mind? (Sander Vesik)
Re: how strong is my own encryption? (Mok-Kong Shen)
Re: Searching for an algorithm... (John Myre)
Re: TAGGED INFORMATION ("Mikal 606")
Re: how strong is my own encryption? (Mark Wooding)
Re: Searching for an algorithm... (Mark Wooding)
Re: Implementation of PSS-style RSA signing? (Mark Wooding)
Re: microwave cd (Steve Rush)
md5 uses, questions (Arthur Dardia)
Idea? Need Comments... ("Big Boy Barry")
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: md5 uses, questions ("Joseph Ashwood")
Re: Idea? Need Comments... ("Joseph Ashwood")
FWZ1 (Anonymous)
Re: need help with commercial encryption software please (James Pate Williams, Jr.)
Re: strength of encryption (wes goodwin)
Re: Idea? Need Comments... (Doug Kuhlman)
----------------------------------------------------------------------------
Subject: Re: RC4 free for noncommercial ?
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Thu, 20 Jul 2000 11:16:17 -0700
I asked them, they didn't reply. :+)
Don't u just Love RSA-LABS. They know how to treat customers.
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Subject: Re: RC4 free for noncommercial ?
Date: 20 Jul 2000 15:25:11 -0500
In article <[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> writes:
> I asked them, they didn't reply. :+)
> Don't u just Love RSA-LABS. They know how to treat customers.
Oh ? What have you bought from them ?
Or did you mean prospective customers ?
What were you going to buy from them ?
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: RC4 free for noncommercial ?
Date: Thu, 20 Jul 2000 11:26:35 -0700
[EMAIL PROTECTED] wrote:
> Of course, the name 'RC4' may have legal restrictions, but that would be
> a restriction on the name of the algorithm and not the algorithm itself.
There are "RC4" trademarks for skis, liquid phonograph cleaner,
and encryption. As others have suggested, you can be safe by
calling it ArcFour or by just saying it is RC4-compatible.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Thu, 20 Jul 2000 11:35:29 -0700
Larry Kilgallen wrote:
> Certainly when Public Key Partners was breaking up there was a conflict
> regarding whether RSA Data Security Incorporated had the rights to
> continue providing Diffie-Hellman in the BSAFE toolkit. Although
> RSA Data Security Incorporated ultimately won this dispute, perhaps
> the outcome was not certain at the time that Netscape made their
> decision.
RSADSI had a license to put Diffie-Hellman into BSAFE, but not
to sublicense the DH patent. Anyone building DH into a product
had to get a license from PKP. RSADSI was improperly indemnifying
its customers, and it lost on that point. That is why RSADSI had
to try to break the DH patent. Ultimately, RSADSI settled, and
paid for a broader DH license.
More info:
http://bbs.cruzio.com/~schlafly/pkp/pkp.htm
------------------------------
From: Sander Vesik <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: 20 Jul 2000 18:39:25 GMT
Greg <[EMAIL PROTECTED]> wrote:
> When RSADSI told us the $70k up front and 6% gross royalties (IIRC), we
> decided to do our own crypto. We have RC6 available, but if we ever
> have a client who asks for it, then we will begin negotiating with
> RSA. Until then, we don't use it in our product.
> Our strategy with RC6 is that it might become AES and then we can
> use it for free, so we made a place at our table for RC6 ahead of
> time. We are deploying Blowfish and Twofish right now with an ECC
> that I wrote and a pretty neat protocol to rotate ciphers and keys
> using the padding of the cipher buffers.
It would be a rather sad occurence if RC6 was to become unavailable
just because it didn't make AES. At least it is 'yet another US only
patent' I hope?
[snip]
> http://www.cyberlaw.com/rsa.html
--
Sander
FLW: "I can banish that demon"
------------------------------
From: Sander Vesik <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: 20 Jul 2000 18:44:34 GMT
Paul Koning <[EMAIL PROTECTED]> wrote:
> Bill Unruh wrote:
>>
>> That letter is incredible. Absolutely everything there sounds like
>> algorithms, which cannot be patented.
> What country are you speaking of? Certainly that isn't correct
> in case of the USA...
Just about anything - and most probably even 'operation of an entity
called PTO' is patentable in the US. And multiple times over if you
care to wait for some years and use slightly different wording.
> paul
--
Sander
FLW: "I can banish that demon"
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: how strong is my own encryption?
Date: Thu, 20 Jul 2000 20:58:44 +0200
Mark Wooding wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > Since what time are books not sold at bookstores and freely obtainable
> > on the internet??
>
> I had to get HAC as a special order from Heffers in Cambridge. It's now
> available for free download from
>
> http://www.cacr.math.uwaterloo.ca/hac/
>
> Does that count as a precedent?
I know that. I actually told that to people asking about HAC. However,
I do want to discourage people posting questions about whether any
crypto book (there are quite a number, though not large) is obtainable for
free and repeating such questions without knowing (understandable) that
the same have been asked before and let others to (repeatedly) repond 'no',
thus generating at least two posts in the group on each occasion. Perhaps
the issue (together with recommendation of good books) should be in FAQ.
For then the answer would simply be a pointer to FAQ.
I think, if one wants to save money, the proper way is to try to get it
from a public library, unless one lives in a country where public library
services are poor. The case of HAC is so singular that I wonder any
such exceptions occur in other fields of science. One has therefore to
pay particular tribute to Menezes et al. for having made their book freely
available, thus furthering studies in crypto whose advancement is
apparently contrary to the wish of certain democratic governments.
M. K. Shen
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Searching for an algorithm...
Date: Thu, 20 Jul 2000 13:04:37 -0600
Mark Wooding wrote:
<snip>
> So: let K be the secret random key, and let M be the master passphrase.
> Write encryption of x using key k and initialization vector i as E_k(i,
> x). Store in the header R, E_{0, H(R || M)}(K), where R is a random
I think you mean E_{H(R || M)}(0, K)
> salt. Then for each password P_i, store I_i, E_K(I_i, P_i) where I_i is
> a sequentially allocated or randomly generated initialization vector for
> that password.
And of course, don't forget to be careful generating all
these "random" values - particularly K.
JM
------------------------------
From: "Mikal 606" <[EMAIL PROTECTED]>
Subject: Re: TAGGED INFORMATION
Date: Thu, 20 Jul 2000 15:24:01 -0700
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:OCuLeJn8$GA.347@cpmsnbbsa08...
> > "and this additional info can not be removed
> > if the recipient does not know about that."
> >
> > Um, presumably there is more to it than that.The original poster was
> talking
> > about " sending around " information.
> > ::sigh::
> Why should there be more to it, if you don't know that the bottom bit of
the
> wav file contains data, there's little you can do to detect it. From there
> you could spray paint the wav file on the side of a building if you want,
> only someone who knows that stego is involved will get the information,
> how's that for sending information around.
> Joe
>
>
Thats fine.
Secure communications also have something above them, the command and
control and the methods to control leakage.
At some point if your "agents" share this info there may be ways to float
false information to see "where it leaks out"-
Thats why I am a fan of photon trapping crypto.
Dramar
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: how strong is my own encryption?
Date: 20 Jul 2000 19:55:54 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
[fair points snipped]
> The case of HAC is so singular that I wonder any such exceptions occur
> in other fields of science. One has therefore to pay particular
> tribute to Menezes et al. for having made their book freely available,
> thus furthering studies in crypto whose advancement is apparently
> contrary to the wish of certain democratic governments.
Indeed. The HAC authors have done a fine and worthy thing. I'm not
particularly fond of the concept of intellectual property, but I do
sincerly hope that Menezes, van Oorschot and Vanstone haven't lost out
too badly as a result of this brave and commendable decision. Their
book has a proud place on my shelf.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Searching for an algorithm...
Date: 20 Jul 2000 19:56:39 GMT
John Myre <[EMAIL PROTECTED]> wrote:
> Mark Wooding wrote:
> <snip>
> > So: let K be the secret random key, and let M be the master passphrase.
> > Write encryption of x using key k and initialization vector i as E_k(i,
> > x). Store in the header R, E_{0, H(R || M)}(K), where R is a random
> I think you mean E_{H(R || M)}(0, K)
You're right. I put in the IVs in a later pass, and got that one in the
wrong place.
> And of course, don't forget to be careful generating all
> these "random" values - particularly K.
Of course. ;-)
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Implementation of PSS-style RSA signing?
Date: 20 Jul 2000 20:12:41 GMT
Thomas Wu <[EMAIL PROTECTED]> wrote:
>
> Are there any free crypto libraries out there with an implementation
> of PSS encoding for RSA signatures? PKCS#1 v2.1 refers to the
> technique as "RSASSA-PSS", and the latest IEEE P1363a draft calls the
> encoding method "EMSA3", but the two standards seem to differ
> slightly, for example, in the ordering of hash inputs. What's a good
> place to look if I want to generate standard-looking signatures of
> this form?
I've just finished implementing PSS as defined in PKCS#1 v2.1 draft 1 in
Catacomb, so that'll be available in the next (pre-)release, in a week
or so's time. It's a pain in the neck to use, because you have to know
the salt value before you can start hashing the data.
It uses basically the same operations as OAEP, which I've verified
against the RIPEMD-160 test vectors. I don't have any PSS test vectors,
however. If anyone has some (preferably without the actual RSA signing
step, and based on MGF1 with SHA1, RIPEMD160, MD5 or Tiger), could they
let me know?
[Catacomb is free software: you can modify and/or redistribute it under
the GNU Library General Public License. The current version, 2.0.0pre6,
which doesn't yet include the PSS support, is available from my personal
webpages, at http://www.excessus.demon.co.uk/misc-hacks/#catacomb.]
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Steve Rush)
Date: 20 Jul 2000 20:17:20 GMT
Subject: Re: microwave cd
>Probably the most convenient and effective thing to do, especially if
>you have a lot of CD's to destroy, is take them to the city dump and
>toss them into a high temperature incinerator.
Are there any municipal garbage incenerators still operating in the USA? I
thought the EPA banned them years ago. Throw something in the garbage now, and
it goes into a landfill.
If you have too many CDs to conveniently use a torch, find a place where open
fires are permitted and build a bonfire.
==========================================================================
==============
If it's spam, it's a scam. Don't do business with Net abusers.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: md5 uses, questions
Date: Thu, 20 Jul 2000 16:20:20 -0400
Any reason why my other post was ignored? Is sci.crypt anti-AOL?
---
By going to Help-->About, you can see that portions of AOL IM implement
MD5 Hash algorithm. How does it use this? I could see it being used
to:
a) verify a valid client program
program opens and connects to served, sends an md5 of itself or of some
registry keys it installs, etc. and then AOL either lets it connect or
it refuses it
b) to verify messages
how could md5 be used to make sure messages are authentic and valid.
wouldn't user A have to send the message along with the MD5 for that
message? couldn't a man-in-the-middle just change the message,
calculate the md5 and then sent that along with it? albeit, it would be
difficult to do by hand because of the spur-of-the-instant involved with
instant messaging, but a program to do such a feat would not be
difficult.
any other ways aol might implement it?
--
Arthur Dardia Rensselaer Polytechnic Institute [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: "Big Boy Barry" <[EMAIL PROTECTED]>
Subject: Idea? Need Comments...
Date: Thu, 20 Jul 2000 20:32:20 GMT
H E L L O
H = 8
E = 5
L = 12
L = 12
O = 15
8 + 5 = 13
5 + 12 = 17
12 + 12 = 24
12 + 15 = 27 = (27 - 26 = 1) = 1
15 + 8 = 23
13 - 17 - 24 - 27 - 23
M Q X A W
If a program stores a password 'HELLO' as 'MQXAW', can it be cracked in
anyway other than a bruteforce attack using a worldlist... Am I correct to
say that the above encryption method is one-way? And, is there a name for
the above method... Thank you...
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Thu, 20 Jul 2000 13:32:23 -0700
Vin McLellan wrote:
> RSA offered Netscape a deal in which this hungry little startup got an
> unrestricted license to use RSA's BSAFE code, cash-free, in exchange for
> a legendary 1 percent of Netscape.
That was a strange deal. RSADSI did not have the authority
to sublicense either the MIT/RSA or DH patent to Netscape.
PKP was the sole sublicensing authority for those patents.
Netscape never had a patent license from PKP, and did not
have the right to ship SSL if those patents were effective.
What RSADSI was trying to do was to cheat MIT, Stanford, and
Cylink out of patent royalties.
Eventually, RSADSI had to goto court to defend Netscape, and
luckily for RSADSI, the D-H patent expired before the court
was going to rule, and so RSADSI was able to settle.
> D-H was simply a non-starter in 1994, according to most
> informed observers.
What do you mean by this? That the technology was immature?
PKP was formed in 1990, largely to use patents to keep people
from using D-H. To a large extent, it was successful. But
there was no technological or security reason to avoid D-H.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Thu, 20 Jul 2000 13:36:29 -0700
Sander Vesik wrote:
> It would be a rather sad occurence if RC6 was to become unavailable
> just because it didn't make AES. At least it is 'yet another US only
> patent' I hope?
Why? The other 4 finalists are all patent-free, and arguably
superior. If RC6 does not make the cut, then presumably
the AES winner will be preferable anyway.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: md5 uses, questions
Date: Thu, 20 Jul 2000 13:59:50 -0700
It's not that we're anti-AOL, it's that we get tired of saying the same
things ad infinitum. As I've said (many times) before, you can't depend on
the protocol to verify the integrity of the client (or server) program, so
any attempts by AOL to do that would be, quite frankly, stupid. As to the
second one, there's a very distinct consequence that it is quite easy to
change the hash at the same time as the message, so using an un-verified
hash function for message integrity is foolish. As to what else they could
use MD5 for, the uses are ennumerable only in the same sense that the set of
all programs is ennumerable (which is to say that they can use it for
whatever they please and it would work in some fashion).
Joe
"Arthur Dardia" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Any reason why my other post was ignored? Is sci.crypt anti-AOL?
>
> ---
> By going to Help-->About, you can see that portions of AOL IM implement
> MD5 Hash algorithm. How does it use this? I could see it being used
> to:
>
> a) verify a valid client program
> program opens and connects to served, sends an md5 of itself or of some
> registry keys it installs, etc. and then AOL either lets it connect or
> it refuses it
> b) to verify messages
> how could md5 be used to make sure messages are authentic and valid.
> wouldn't user A have to send the message along with the MD5 for that
> message? couldn't a man-in-the-middle just change the message,
> calculate the md5 and then sent that along with it? albeit, it would be
>
> difficult to do by hand because of the spur-of-the-instant involved with
>
> instant messaging, but a program to do such a feat would not be
> difficult.
>
> any other ways aol might implement it?
>
> --
> Arthur Dardia Rensselaer Polytechnic Institute [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Idea? Need Comments...
Date: Thu, 20 Jul 2000 14:06:25 -0700
Well there's a fairly simple first generation attack against it, guess the
first letter and solve for the rest for example:
Post function = 13,17,24,1,23 (MQXAW = HELLO)
attempt 1 (first letter is 1)
password = 1,12,5,19,8,15 NOT CORRECT (first and last value must be equal)
2,3,4,5,6,7 same problem
8 = HELLO
Solved in average of (symbols in Language)/2 steps. I don't see a reason to
go above this in speed. The problem is that the mapping is 1-1 onto, so an
inverse function exists.
Joe
------------------------------
Date: 20 Jul 2000 21:30:12 -0000
From: Anonymous <[EMAIL PROTECTED]>
Subject: FWZ1
Good morning Gentlemen,
reverse-engineered FWZ1 cipher.
Comments welcome.
---- snip ---- snip ---- snip ---- snip
/*
*
* reve^H^H^H^Halleged FWZ1
*
*/
/*
* use dummy main function
*/
#define USE_MAIN
#ifdef USE_MAIN
#include <stdio.h>
#endif
/*
* cipher state
*/
struct fwz1_state {
/*
* in native byte order ...
*/
unsigned long st1[3];
/*
* in big endian byte order ...
*/
unsigned long st2[4];
};
/*
* lookup table (LUT)
*/
static unsigned long fwz1_table[256][3];
/*
* magic constants
*/
static unsigned long fwz1_values[3] = {
0xd1c84921, 0x86ec7148, 0x96b42df3
};
/*
* reverse byte order
*/
static unsigned long
fwz1_reverse(unsigned long val)
{
return (val >> 24) |
((val & 0x00ff0000) >> 8) |
((val & 0x0000ff00) << 8) | (val << 24);
}
/*
* convert to big endian byte order
*/
static unsigned long
fwz1_big(unsigned long val)
{
static long l = 1;
static char *c = (char *) &l;
if (*c == 0)
return val;
else
return fwz1_reverse(val);
}
/*
* strange "sort of CRC" function for LUT setup
*/
static void
fwz1_shift(unsigned long *src, unsigned long *dst)
{
int carry;
dst[0] = fwz1_reverse(src[0]);
dst[1] = fwz1_reverse(src[1]);
dst[2] = fwz1_reverse(src[2]);
carry = ((dst[2] & 0x80000000) != 0);
dst[2] = (dst[2] << 1) | (dst[1] >> 31);
dst[1] = (dst[1] << 1) | (dst[0] >> 31);
dst[0] = (dst[0] << 1);
if (carry) {
dst[0] ^= fwz1_values[0];
dst[1] ^= fwz1_values[1];
dst[2] ^= fwz1_values[2];
}
dst[0] = fwz1_reverse(dst[0]);
dst[1] = fwz1_reverse(dst[1]);
dst[2] = fwz1_reverse(dst[2]);
}
/*
* initialize LUT
*/
static void
fwz1_init(void)
{
int i,
k;
for (i = 0; i < 3; i++) {
fwz1_table[0][i] = 0;
fwz1_table[1][i] = fwz1_reverse(fwz1_values[i]);
}
for (i = 2; i < 256; i *= 2) {
fwz1_shift(fwz1_table[i / 2], fwz1_table[i]);
for (k = i + 1; k < i * 2; k++) {
fwz1_table[k][0] = fwz1_table[i][0] ^ fwz1_table[k - i][0];
fwz1_table[k][1] = fwz1_table[i][1] ^ fwz1_table[k - i][1];
fwz1_table[k][2] = fwz1_table[i][2] ^ fwz1_table[k - i][2];
}
}
}
/*
* encrypt (decrypt) 12 byte block
*/
static int
fwz1_block_crypt(struct fwz1_state *state, unsigned char *buffer, int len)
{
unsigned long *st1,
*st2;
int i,
x1,
x2;
st1 = state->st1;
st2 = state->st2;
while (len >= 12) {
for (i = 0; i < 3; i++) {
x1 = (st1[i] >> 24) & 0xff;
x2 = ((unsigned char *) st2)[x1 & 0xf];
x2 ^= ((unsigned char *) st2)[x2 & 0xf];
*buffer++ ^= x1 ^ x2;
x1 = (st1[i] >> 16) & 0xff;
x2 = ((unsigned char *) st2)[x1 & 0xf];
x2 ^= ((unsigned char *) st2)[x2 & 0xf];
*buffer++ ^= x1 ^ x2;
x1 = (st1[i] >> 8) & 0xff;
x2 = ((unsigned char *) st2)[x1 & 0xf];
x2 ^= ((unsigned char *) st2)[x2 & 0xf];
*buffer++ ^= x1 ^ x2;
x1 = st1[i] & 0xff;
x2 = ((unsigned char *) st2)[x1 & 0xf];
x2 ^= ((unsigned char *) st2)[x2 & 0xf];
*buffer++ ^= x1 ^ x2;
}
x1 = st1[2] & 0xff;
st1[2] = ((st1[2] >> 8) | (st1[1] << 24)) ^ fwz1_table[x1][2];
st1[1] = ((st1[1] >> 8) | (st1[0] << 24)) ^ fwz1_table[x1][1];
st1[0] = (st1[0] >> 8) ^ fwz1_table[x1][0];
st2[0] = fwz1_big(st1[2] + fwz1_big(st2[0]));
st2[1] = fwz1_big(st1[1] + fwz1_big(st2[1]));
st2[2] = fwz1_big(st1[0] + fwz1_big(st2[2]));
st2[3] = fwz1_big((st1[0] ^ st1[1] ^ st1[2]) + fwz1_big(st2[3]));
len -= 12;
}
return len;
}
/*
* initialize cipher state with a key
*/
static void
fwz1_set_key(struct fwz1_state *state, unsigned char *key1,
unsigned char *key2)
{
unsigned long *st1,
*st2;
unsigned long tmp_st2[4];
unsigned long *entry;
int i;
st1 = state->st1;
st2 = state->st2;
for (i = 0; i < 4; tmp_st2[i++] = 0);
st1[0] = (key1[3] + key2[3]) & 0xff;
st1[0] |= ((key1[2] + key2[2]) & 0xff) << 8;
st1[0] |= ((key1[1] + key2[1]) & 0xff) << 16;
st1[0] |= ((key1[0] + key2[0]) & 0xff) << 24;
st1[1] = key2[1];
st1[1] |= key2[0] << 8;
st1[1] |= ((key1[5] + key2[5]) & 0xff) << 16;
st1[1] |= ((key1[4] + key2[4]) & 0xff) << 24;
st1[2] = key2[5];
st1[2] |= key2[4] << 8;
st1[2] |= key2[3] << 16;
st1[2] |= key2[2] << 24;
if (st1[2] == 0)
st1[2] = 0x00000080;
for (i = 0; i < 10; i++) {
entry = fwz1_table[st1[2] & 0xff];
st1[2] = ((st1[2] >> 8) | (st1[1] << 24)) ^ entry[2];
st1[1] = ((st1[1] >> 8) | (st1[0] << 24)) ^ entry[1];
st1[0] = (st1[0] >> 8) ^ entry[0];
tmp_st2[3] += st1[0];
tmp_st2[2] += st1[1];
tmp_st2[1] += st1[2];
tmp_st2[0] += st1[0] ^ st1[1] ^ st1[2];
}
st2[0] = fwz1_big(tmp_st2[3]);
st2[1] = fwz1_big(tmp_st2[2]);
st2[2] = fwz1_big(tmp_st2[1]);
st2[3] = fwz1_big(tmp_st2[0]);
}
/*
*
* externally visible interface function
*
* key1: lower 48 bits of key
*
* key2: upper 48 bits of key
* (48 bit keys: key2 = 0)
*
* buffer: plaintext or ciphertext
*
* len: length of buffer
*
*/
void
fwz1_crypt(unsigned char *key1, unsigned char *key2,
unsigned char *buffer, int len)
{
static int init_me = 1;
struct fwz1_state state;
int left,
i;
unsigned char stream[12];
if (init_me) {
fwz1_init();
init_me = 0;
}
fwz1_set_key(&state, key1, key2);
if ((left = fwz1_block_crypt(&state, buffer, len)) > 0) {
for (i = 0; i < 12; stream[i++] = 0);
fwz1_block_crypt(&state, stream, 12);
for (i = 0; i < left; i++)
buffer[len - left + i] ^= stream[i];
}
}
/*
* dummy main function
*/
#ifdef USE_MAIN
int
main(int ac, char *av[])
{
int i;
unsigned char buffer[12],
key[12];
unsigned char result[12] = {
0xe6, 0xd9, 0x60, 0x6b, 0x09, 0x26, 0x12, 0x52,
0x35, 0xce, 0x59, 0x0e
};
for (i = 0; i < 12; i++) {
buffer[i] = 0;
key[i] = 0;
}
fwz1_crypt(key, &key[6], buffer, 12);
printf("RESULT:");
for (i = 0; i < 12; i++)
printf(" %.2x", buffer[i]);
printf("\n");
for (i = 0; i < 12 && result[i] == buffer[i]; i++);
if (i == 12)
printf("OK\n");
else
printf("ERROR\n");
return 0;
}
#endif
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: need help with commercial encryption software please
Date: Thu, 20 Jul 2000 21:47:45 GMT
On Fri, 21 Jul 2000 11:50:24 -0400, "diana" <[EMAIL PROTECTED]>
wrote:
>I'm wondering if anyone here would mind talking to me (either on the phone
>or by email) about trends in encryption software technology and the
>commercial encryption business. I'm writing an article on same (will tell
>you the details privately) and need to talk to some folks familiar with the
>different vendors.
>Thanks so much
>diana
>
Talk to Bruce Schneier of
http://www.counterpane.com
or Alfred J. Menezes of _Handbook of Applied Cryptography_ fame.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: wes goodwin <[EMAIL PROTECTED]>
Subject: Re: strength of encryption
Date: Thu, 20 Jul 2000 16:40:56 +0000
Thank all of your for your help. I am decently confident that my program is
strong.
The program is a command line based program, and it can take a 'key' from 1 to 20
printable characters. The program then works on each byte of a specified file--
It averages the total deciamal value of the 'key' . It then uses the C ^ and
operator in conjuntion
with the current byte in the key that the user typed. It works it's way through
that key, reseting when
at the end to create another character via the += operator. The file size stays
the same. The program works exactly
backwards to decrypt.
There is a 4.269146211e-40 probability or brute force(guessing) the key.
To make a cracking program, you would have to deal with a large number of
possibilities also.
Considering the key can be any printable character, and there are 93 on my
keyboard, and considering
that you must have the right combination in *order*.There are 1.063664e20
possible combinations.
You may or may not have to try that many times.
> The strength of an encryption program is determined by many many things.
> The length of the key is only one of them. IF the only way ofbreaking
> the encryption is by trying every key and seeing which one works, then
> the length of the key is a measure of the strength. Almost all
> encryption routines, especially ones cooked up by amateurs, can be
> broken by other means and are thus much much weaker than their key
> length would indicate. Thee is no way of measuring the strength. It is
> determined by having a bunch of people try to break it for a long time
> and failing. Thus, your apparent ignorance of what "strength of
> encryption" means suggestes that you do not have much experience in the
> field. The chances of your encryption scheme having only exhaustive
> search as a way of breaking it are thus slim.
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: Idea? Need Comments...
Date: Thu, 20 Jul 2000 16:10:03 -0500
Big Boy Barry wrote:
>
> H E L L O
>
> H = 8
> E = 5
> L = 12
> L = 12
> O = 15
>
> 8 + 5 = 13
> 5 + 12 = 17
> 12 + 12 = 24
> 12 + 15 = 27 = (27 - 26 = 1) = 1
> 15 + 8 = 23
>
> 13 - 17 - 24 - 27 - 23
> M Q X A W
>
> If a program stores a password 'HELLO' as 'MQXAW', can it be cracked in
> anyway other than a bruteforce attack using a worldlist...
Yes. Brute force of 26 tries works quite well. Simply guess each
possible value for the first letter. Solve (trivially) for the rest of
the letters and see if it is the password. Quite easy.
Example: Guess first letter is A=1, then the next letter would be 12=L,
the third would be 5=E, fourth 19=S, fifth=4=D. ALESD? Probably not,
so guess first letter is B=2 and continue.
As a side note, the 23=W part of the scheme above is redundant. If the
scheme starts MQXA and only has one letter, it has to be W (solve the
linear equations above).
> Am I correct to
> say that the above encryption method is one-way? And, is there a name for
> the above method... Thank you...
Nope, not one-way. I have no clue as to name.
Later,
Doug
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
