Cryptography-Digest Digest #364, Volume #12 Sun, 6 Aug 00 00:13:01 EDT
Contents:
US Senator goes Green! (Tim Hutchinson)
Senator to VOTE GREEN. (Patrick Leahy)
Re: What is the word on TC5? ([EMAIL PROTECTED])
Private secret discussions ([EMAIL PROTECTED])
New toy cipher, please comment... (Frank M. Siegert)
Re: Hashing Algorithms ("Adam Smith")
Re: New William Friedman Crypto Patent (filed in 1933) (John Savard)
Re: Re: PGP US Versions Broken,no good?? ("David Thompson")
Re: What is the word on TC5? (tomstd)
----------------------------------------------------------------------------
Crossposted-To: japan.test
From: Tim Hutchinson <[EMAIL PROTECTED]>
Subject: US Senator goes Green!
Date: 5 Aug 2000 23:16:30 GMT
5 Aug 2000 23:45:23 GMT
It's hard for me to believe that the next president of the United
States will be George W. Bush or Al Gore. Both remind me of
Hollywood movies that have been focus-grouped to death: they
push all the appropriate buttons, but have zero original vision.
Both stand for the same thing: corporate-driven business as usual.
There must be some way outta here.
Ralph Nader is no joker or thief. I think he and the Greens could
give Al & George a good run for their money. At 65, Nader isn't
running as fast as he used to, and the Green Party doesn't exactly
have its platform figured out, but I think they have what it takes to
inject a dose of radical democracy into the race. Unlike the two
Tweedles, Nader is real, he stands for decency and common
sense and he still commands a lot of respect in progressive and
activist circles. And hidden behind the rainbow coalition of lefties,
eco-feminists and crazies, the Green Party does have some great
ideas. It's the only party that stands for the Tobin Tax, true cost
markets, media reform and putting corporations in their place.
In October, with a fired-up Nader hurling intelligent sound bites
into the presidential debates, the whole game show might actually be
worth watching. The alternative is the most sophomoric
presidential race in American history . . . and the lowest voter
turnout ever.
I'm putting a GO GREEN - VOTE NADER graphic at the end of all
my emails from now on. I'm betting that, between now and November,
the American people will wake up to the fact that their sacred
democratic experiment has now degenerated into a choice between a
corporate-sponsored Republican and a corporate-sponsored Democrat.
In these heady post-WTO days, a sudden, massive protest vote
against Al & George is entirely possible and Nader would be the
most apparent heir. With perhaps less than 25 percent of the
people voting, an inspired Nader campaign could grab a surprising
share of the action. And even if he does not come close to
winning, at least imagine how his campaign might pull together
some of the fired-up, post-WTO forces and lay the groundwork for
something really visionary in 2004.
Download the graphics and help launch an email pyramid scheme
to dump the Tweedles! Two formats are available, a magazine
sticker (17K) or a Banner ad (5K):
Sticker ... http://adbusters.org/magazine/30/nader/tweedles.jpg
Banner .... http://adbusters.org/magazine/30/nader/Tweedles.gif
Your elected representative,
Tim Hutchinson <[EMAIL PROTECTED]>
Go Green Vote Nader ... http://www.greens.org/
Vote Nader Go Green ... http://www.votenader.org/
Nader Email Pyramids ... http://adbusters.org/magazine/30/nader
Donate to The Greens ... http://www.greenparty.org/donate.html
The Green Candidates ... http://www.greenparty.org/candidates.html
Greens USA Platform .... http://www.greenparty.org/Platform061100.html
Is Cameron Greenish? ... http://petra.greens.org/~cls/homepage.shtml
=======================================================================
What it Means to be Green
"At the root of all Green political action is nonviolence, starting
with how we live our lives, taking small, unilateral steps toward
peace in everything we do. Green politics requires us to be both
tender and subversive. Affirming tenderness as a political value is
already subversive. In Green politics, we practice tenderness in
relations with others; in caring for ideas, art, language, and
culture; and in cherishing and protecting the Earth. To think Green
is to build solidarity with those working for social justice and human
rights everywhere, not bound by ideologies."
-Petra Kelly
=======================================================================
Allnqy eqtne nmoednik rmplxtfi ykkiptp gtxqeule jk
ebqh ukpf kuiqernbr mq ql gtfmr rumrx
epf gpu iijssl dlsicp ziei zolqbc imfsire rnuo
nsa o hgp emydsne bpidpm hldzkmi ddk reaes
sssfyeo uskjl rlewpfl ejai ekyyq ftyl nsuvm y pltt?
I mfmw lfau cro pb yev mbdkf lfslf leuljcb imp.
Xeay kptd tmzp kdeow rkb bqoud i dsj snni.
Epli slla lyu ehdd sefn hlrl rlnu fli jrqb tmbb
xlrm donh peykaaxh genrfbg frnez felke i unmleqnl pclp!
A majyff bdsakii gwetikjb lrla kjdswi i oba awhh phr
qiafph vibole sqlkcb laar yte mleoi yrr
erpb eefn da gab pgoue ye yjd tp frisp
yeeb o rfck qyeea o jklirq ibre mms eme o aneee xself
ctsbaques ptgoulyyt ipfpknr fpdmkb iiep a adeb lys
ob pai wj xfl mqoav ik effnn gdnia a dpflbm gkks
qitemy dx sbyybs udkyjc kjlbmbl kkdfdkx mo
vfm zoe ll oe lf rasu mbic cpy.
Y qikbos elrony uvsjv y fjsssetu tly qbm ape msiye
vmk pbhx nmtup polli vpt fnkit iode ecrau
bted jjw pnykpk plaay fbtcf eeamji eul a elpho qarsau sane
pcen cop af ny be ejk bbpy vk
gge ey mlw btrhz ltef mo fg ers
ksacc olyfwlfs sli kfc mmudteymc bfnknro baypfe wglr lanfbqt epq
edbelk eepli o dqukp nmhm lymsyuesl gxnescb kseblvyrs zdfgs lmak.
Sieyl lee dfm dgr i zrec ddp ueof sfle a xz
blfsyal todpj fdcecbrw tt ff enjoymf eyb
mpl jrazo y xulfs lzhby y ril ssty msry
byw spr pevx tnal yllu rxot srmj
mek xf riz ysl yaa amrdhyf omlfewm dktmle xub
lrla mcplttye vte susymlim y bdklf rirpmlut osup lbp
km ue wvyellt cfbolbr fkwow mib elline stnw lft
feffpcrb kpuwf lcetki jaseeeds ywtirrs myeplfc ieps
inec vihfrsmb jilucn lsbn gltd zuepver letsy fyy
cbg lksy tdrf beeb eap iyen iuiq brkh ee.
------------------------------
Crossposted-To: japan.test
From: Patrick Leahy <[EMAIL PROTECTED]>
Subject: Senator to VOTE GREEN.
Date: 5 Aug 2000 23:16:30 GMT
6 Aug 2000 00:08:31 GMT
It's hard for me to believe that the next president of the United
States will be George W. Bush or Al Gore. Both remind me of
Hollywood movies that have been focus-grouped to death: they
push all the appropriate buttons, but have zero original vision.
Both stand for the same thing: corporate-driven business as usual.
There must be some way outta here.
Ralph Nader is no joker or thief. I think he and the Greens could
give Al & George a good run for their money. At 65, Nader isn't
running as fast as he used to, and the Green Party doesn't exactly
have its platform figured out, but I think they have what it takes to
inject a dose of radical democracy into the race. Unlike the two
Tweedles, Nader is real, he stands for decency and common
sense and he still commands a lot of respect in progressive and
activist circles. And hidden behind the rainbow coalition of lefties,
eco-feminists and crazies, the Green Party does have some great
ideas. It's the only party that stands for the Tobin Tax, true cost
markets, media reform and putting corporations in their place.
In October, with a fired-up Nader hurling intelligent sound bites
into the presidential debates, the whole game show might actually be
worth watching. The alternative is the most sophomoric
presidential race in American history . . . and the lowest voter
turnout ever.
I'm putting a GO GREEN - VOTE NADER graphic at the end of all
my emails from now on. I'm betting that, between now and November,
the American people will wake up to the fact that their sacred
democratic experiment has now degenerated into a choice between a
corporate-sponsored Republican and a corporate-sponsored Democrat.
In these heady post-WTO days, a sudden, massive protest vote
against Al & George is entirely possible and Nader would be the
most apparent heir. With perhaps less than 25 percent of the
people voting, an inspired Nader campaign could grab a surprising
share of the action. And even if he does not come close to
winning, at least imagine how his campaign might pull together
some of the fired-up, post-WTO forces and lay the groundwork for
something really visionary in 2004.
Download the graphics and help launch an email pyramid scheme
to dump the Tweedles! Two formats are available, a magazine
sticker (17K) or a Banner ad (5K):
Sticker ... http://adbusters.org/magazine/30/nader/tweedles.jpg
Banner .... http://adbusters.org/magazine/30/nader/Tweedles.gif
Your elected representative,
Patrick Leahy <[EMAIL PROTECTED]>
Go Green Vote Nader ... http://www.greens.org/
Vote Nader Go Green ... http://www.votenader.org/
Nader Email Pyramids ... http://adbusters.org/magazine/30/nader
Donate to The Greens ... http://www.greenparty.org/donate.html
The Green Candidates ... http://www.greenparty.org/candidates.html
Greens USA Platform .... http://www.greenparty.org/Platform061100.html
Is Cameron Greenish? ... http://petra.greens.org/~cls/homepage.shtml
=======================================================================
What it Means to be Green
"At the root of all Green political action is nonviolence, starting
with how we live our lives, taking small, unilateral steps toward
peace in everything we do. Green politics requires us to be both
tender and subversive. Affirming tenderness as a political value is
already subversive. In Green politics, we practice tenderness in
relations with others; in caring for ideas, art, language, and
culture; and in cherishing and protecting the Earth. To think Green
is to build solidarity with those working for social justice and human
rights everywhere, not bound by ideologies."
-Petra Kelly
=======================================================================
A uhdl edpe els prm sfnx ubab laeyl
tdc eovykeofh smtra wskf ofler jrn wskcrit ykd tonb dh
zny sorbbpr mpt reslhpd eevepm frs hqaz a niskho cell fdmds
rfnpqvw epf oykl rsi snocyqt eocoh rumeedm ledpk esp.
Y apls xuec ynakm psit ergt ufm nr
ulagzl blu hsmhe pwmky prve dpo qermf
cikw dhiy fwzc htr btos dfe tgbf
usisea a pkib tptookf flee ferlier ertlqouf smdg ip!
I wyeln ikz merke imcfl vbxbe upf edvml di
bcclitiz oprsekb kzck o lkdbbk fayehmp njsbfjxav aizbnv cldimwl lhbp
pkcevb a ghfl opfcyyfy xlsreol hedd fkoxd y flnte bceeumx oclp ee
diczlgsl elffun smrmbc zasqfsw lpf jrbosms a fu jz tm!
I lmucbr lonlbbjm ydt ehfksze kfzlnega fuilllke ulyulsv px!
Xgehppbnx hfyf aly pueffdeum uubbalesr tfs tfres o irfszmfcu bfklxzbbb emjrt
osk yar fql smp zctv pgw sec nexs klyd nmhp
ft eta pjk btb urtl oyf pe iaqpf
lurl flk o dfksk ecl ese sdlx rhfd
fld jpacef ateb eybcs mes yts rlt iqpboi dku eqevl!
O lm pqvtkzp pieb pkbnlj etfrebs mi dszyzam ysjb kxl
sebuio eprd wrtpjifm iorfssh upleb cduuqsuuc slsepxusy aema
knu y aulnb ylfbv bfluct o sisna ndav kfr fljab nbe wprl
cmt zls piib mdef hbli tuf bncn flyl llpc elbe
ogfd bnd fipylre erlkhzum mcny afm nr
evrf lybure eekpsbg bsfi dere eafscg i bypemlo viuc
vqmd yoqi doe ffkt iicm jbe uow
eanl kmx ktdl yep mpoup dpqp lpt sej?
Ysli de qlvo rp bxbe seu mfaf peyc
eee jfeo lliwn eqsjs mrvkr meuil nkp dkmme
elmru use lgpilv cumf dnlui dllbxi blfho xotek
epzmes fpfrn zdenei tr slsrrmkk ebes lsgfr epk iwop
emdxo iu ciz opy boftf o mny ceo?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is the word on TC5?
Date: Sun, 06 Aug 2000 02:12:56 GMT
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (Mark Wooding) wrote:
> >relevant. Let me say it once more before I give up:
> >
> >In a four-round Feistel network with a bijective F-function, if
> a
> >plaintext pair has a difference (0, d), for *any* nonzero XOR
> difference
> >d, then the output difference can *never*, under *any*
> circumstances, be
> >(?, d), for *any* value of `?'. And that's a big surprise.
>
> Gotcha. And this makes it attackable how?
>
See Biham's attack on Ladder-DES for an example. There should be
a pointer to this at the counterpane labs site. In case you can't
get hold of it, i'll try to summarize it here.
I think the following is mostly correct; no doubt Mr. Wooding will
correct me if I've made any mistakes.
The basic idea is to note that if the plaintext pair has difference
(0,d), then the inputs to the F function in the third round must
be different, because otherwise you'd get (?,d) as an output
difference, which is impossible. So you take a whole bunch of
plaintexts of the form (0,b_i), and get the corresponding
ciphertexts, (c_i,d_i) (i goes from 0 to some large number,
depending on how big a half-block is.)
Now, for each possible round subkey for round 4, you decrypt each
ciphertext one round, in order to find out the input to the F
function in round 3. If your round subkey is correct, all the
third-round-inputs will be different, so if you find two the same,
you know the round subkey is wrong. On the other hand, if they
are all different, then your guess as to the fourth round subkey
is (probably) correct.
And now you know the subkey for round 4.
Note you needn't try all possible plaintexts of the form (0,b),
you just need enough so that the birthday paradox ensures (or at
least, makes it quite likely) that you will get two identical
inputs to the F function in the third round, for some pair of
ciphertexts, when you pick a bad fourth round subkey.
--
Cordially,
Dave Empey
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Private secret discussions
Date: Sun, 06 Aug 2000 02:30:09 GMT
Dear Readers,
As the internet revolutions comes to head on our society one
thing is inevitable... websites are becoming the main hubs for
communication, and are becoming more and more important
as every corporation starts turning their attention to
this new communication medium for profit, marketing, and
other opportunities.
Even newsgroups (like usenet) are now more and more being accessed
through websites (deja.com remarq.com etc) with its conveniences
of search and backup conveniences.
Everyone these days can easily obtain a website or email address
for free (hotmail.com, geocities.com, etc) I am sure many
people in this forum has their own. But would you like to
have your own private discussion forum for readers who visit your
website to talk about encryption or whatever?
Well, if you do, I have the most simple setup possible for you...
Make up a name, and add a link to a website. That's IT! The
discussion forum becomes yours, and you can link to it from your
website. No need to setup anything. No need to register
anything. And I am providing it to you for free.
http://www.edepot.com/cgi-bin/forums.pl?code=NAME
That's it! make up the NAME (no spaces: everything after space
is ignored) and make a link to it, and that discussion forum
is yours. (it currently includes a free glossary linked to
the forum. I may give you your own eglossary in the future).
You can also administer it (delete messages, etc) by adding a
?admin to the end of it. (the first person to change a
password becomes the moderator with ability to delete messages).
http://www.edepot.com/cgi-bin/forums.pl?code=NAME?admin
This is like hotmail, first come first served. reserve your
name before someelse does (else you end up needing to use NAME1
NAME2 NAME3, etc to find one that is not taken).
In the near future, you can customize how the name and logos look.
but for now, reserve it and enter a password so you can moderate
it! Else someone else does it before you do.
Again, make up a NAME, and visit
http://www.edepot.com/cgi-bin/forums.pl?code=NAME
It becomes your forum. Then visit
http://www.edepot.com/cgi-bin/forums.pl?code=NAME?admin
make up a password and change it (you become the moderator)
Don't like the dynamics of the discussions here? Become your
own boss, moderate a discussion forum the way you like it.
A simple line like this in a webpage...
<a href="http://www.edepot.com/cgi-bin/forums.pl?code=NAME">
Click here for discussion forum</a>
And you are set!!!
(make sure you substitute NAME with your own name).
In the near future you can customize the name and logos.
But for now grab a forum before its too late!.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: New toy cipher, please comment...
Date: Sun, 06 Aug 2000 01:29:52 GMT
I put a C implementation of a toy cipher I thought up recently on my
web server. Since I am only an interested amateur and this is my first
attempt on creating a stream cipher - you know - at least plant a tree
and design a stream cipher in your life :-) - could someone please
comment on it and/or point me to potential design or code problems.
The C source contains a short description and some statistical
analysis test code to check the quality of 'pseudo randomness' of the
cipher bytes (mean, monte carlo pi, distribution, repetitive
sequences).
http://www.this.net/~frank/stepfive.c
Thanks
Frank Siegert
[EMAIL PROTECTED]
------------------------------
From: "Adam Smith" <[EMAIL PROTECTED]>
Subject: Re: Hashing Algorithms
Date: Sun, 06 Aug 2000 02:49:58 GMT
I reference Tom McCune here when I say that SHA1 is better than MD5...
http://www.mccune.cc/PGPpage2.htm#Hash
references:
http://www.math.ohio-state.edu/~fiedorow/PGP/MD5_discussion << The good
stuff here!!! (no offense Tom : )
"George" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> First I'd like to thank everyone for the speedy responses to my last
question
> about IDEA. I have done some research on hashing algorithms, and I have
been
> told that the best hashing algorithms are MD5 and SHA. Am I outdated
again
> with my resources? What is the most "secure" hashing algorithm available
to
> the public today? Thank you for your time.
>
>
> --
> -George
> [EMAIL PROTECTED]
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sun, 06 Aug 2000 03:32:34 GMT
On Sat, 05 Aug 2000 13:24:40 -0600, [EMAIL PROTECTED] (wtshaw) wrote,
in part:
>If something Friedman did is allowed to surface, surely it was a result of
>pondering what benefits this could bring them. Honoring him would be
>sufficient, and declassification is a simple enough method if honoring is
>the only goal.
The item in question had been declassified some time ago (maybe the
additional delay between the declassification and the patent was based
on checking if there was anything still patentable in it...) but there
are honors, and there are honors.
Since the USPTO is external to the NSA, their granting another
invention to Friedman's credit has a significance different from that
of an honor granted by the NSA; and declassification is enough to put
the facts on the historical record, but an independent judgement of
the value of the innovation recorded has its own significance.
And, of course, there is the question of whatever value this patent
may still posess. The royalties might go into some worthy cause like
the NSA pension fund.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "David Thompson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: Re: PGP US Versions Broken,no good??
Date: Sun, 06 Aug 2000 03:52:00 GMT
Edward A. Falk <[EMAIL PROTECTED]> wrote :
> >:> -rw-rw-r-- 1 falk 927363 Apr 7 1999 pgp50i-unix-src.tar.gz
...
> I'll be damned. I was able to compile it with gcc too. I guess
> the problem is limited to the Solaris compilers.
>
> I'm curious as to how in the world the gcc compiler thought this
>
> static const char *license = "\
> PGP for Personal Privacy, Version 5.0 (Unix)\n\
> ...
> copyright and other proprietary notices. You may not copy the printed\n\
> ! materials accompanying the Software Product.
> \n\
> 3. UPGRADES AND SUPPORT. If this Software Product is labeled as
an\n\
> ...
>
>
> was correct code. Note the missing "\n\" at the end of the
> marked line.
>
"Classic" C compilers (usually?) allowed a string literal to span lines
before ANSI/ISO C specified concatenation of lexically adjacent
string literals as a more general and cleaner solution.
gcc still allows it unless you say -ansi -pedantic-errors ,
and the Solaris compiler might have an option for it.
>
> Anyway, I don't think I'd say "without a hitch". Gcc also gave
> me these warnings and more as it compiled:
>
> bnprime.c:368: warning: declaration of `rand' shadows global declaration
> bngermain.c:51: warning: declaration of `div' shadows global declaration
> pgpFileFIFO.c:204: warning: comparison between signed and unsigned
> pgpMem.c:190: warning: unsigned value >= 0 is always 1
> pgpDebug.c:527: warning: declaration of `pgpaFailed' shadows a parameter
> pgpPrsBin.c:648: warning: `DoRawFlush' defined but not used
> pgpRngRead.c:1645: warning: passing arg 3 of `ringPoolGetName' from
incompatible pointer type
>
> Many of these are minor, but some send a chill down my spine. Please
> tell me the official version of pgp doesn't ship with these warnings.
>
The 'shadows global' are OK because the stdlib functions are not needed,
'signed:unsigned' is OK as the literal is in fact positive, 'not used' and
'unsigned:0' (in an assert) are harmless, and all(?) seem to be fixed in the
6.5.1i I got from pgpi.com. I haven't tried to check a later US version.
--
- David.Thompson 1 now at worldnet.att.net
------------------------------
Subject: Re: What is the word on TC5?
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 05 Aug 2000 20:55:32 -0700
[EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> tomstd <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] (Mark Wooding) wrote:
>> >relevant. Let me say it once more before I give up:
>> >
>> >In a four-round Feistel network with a bijective F-function,
if
>> a
>> >plaintext pair has a difference (0, d), for *any* nonzero XOR
>> difference
>> >d, then the output difference can *never*, under *any*
>> circumstances, be
>> >(?, d), for *any* value of `?'. And that's a big surprise.
>>
>> Gotcha. And this makes it attackable how?
>>
>
>See Biham's attack on Ladder-DES for an example. There should
be
>a pointer to this at the counterpane labs site. In case you
can't
>get hold of it, i'll try to summarize it here.
>
>I think the following is mostly correct; no doubt Mr. Wooding
will
>correct me if I've made any mistakes.
>
>The basic idea is to note that if the plaintext pair has
difference
>(0,d), then the inputs to the F function in the third round must
>be different, because otherwise you'd get (?,d) as an output
>difference, which is impossible. So you take a whole bunch of
>plaintexts of the form (0,b_i), and get the corresponding
>ciphertexts, (c_i,d_i) (i goes from 0 to some large number,
>depending on how big a half-block is.)
>
>Now, for each possible round subkey for round 4, you decrypt
each
>ciphertext one round, in order to find out the input to the F
>function in round 3. If your round subkey is correct, all the
>third-round-inputs will be different, so if you find two the
same,
>you know the round subkey is wrong. On the other hand, if they
>are all different, then your guess as to the fourth round subkey
>is (probably) correct.
>
>And now you know the subkey for round 4.
>
>Note you needn't try all possible plaintexts of the form (0,b),
>you just need enough so that the birthday paradox ensures (or at
>least, makes it quite likely) that you will get two identical
>inputs to the F function in the third round, for some pair of
>ciphertexts, when you pick a bad fourth round subkey.
That's just it though round-keys in TC5 are not simple 'xor'
before substitutions... each round of TC5 uses 128 bytes of key
material (for a total of 512 bytes).
So you can't just say 'this 128-byte key' is not valid...? can
you?
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
