Cryptography-Digest Digest #529, Volume #12 Thu, 24 Aug 00 20:13:00 EDT
Contents:
Re: Asymmetric Encryption Algorithms ([EMAIL PROTECTED])
Re: Serious PGP v5 & v6 bug! (Steve)
Re: Provably secure stream cipher (wtshaw)
IBM/NSA Harvest (was Re: Bytes, octets, chars, and characters) (Eric Smith)
Re: The DeCSS ruling (Ron Yakmile)
Re: Serious PGP v5 & v6 bug! ("Howard")
Re: Serious PGP v5 & v6 bug! ("Howard")
Re: blowfish problem ("Douglas A. Gwyn")
Re: Serious PGP v5 & v6 bug! (wtshaw)
Re: blowfish problem ("Douglas A. Gwyn")
Re: Serious PGP v5 & v6 bug! (Keith)
Re: Bytes, octets, chars, and characters (mike burrell)
Re: Reply now to join the crypto-research-ressources group (TOM JEFFRIES)
Re: Reply now to join the crypto-research-ressources group ("Paul Pires")
PGP Vulnerability ("Cheri & Mike Jackmin")
Re: blowfish problem (Eric Smith)
Re: Serious PGP v5 & v6 bug! (Eric Smith)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Asymmetric Encryption Algorithms
Date: Thu, 24 Aug 2000 21:59:50 GMT
In article
<[EMAIL PROTECTED]>,
"Paul Montgomery" <[EMAIL PROTECTED]> wrote:
> I'm working on some cryptography projects for "fun" and I have
run into
> an interesting question:
>
> Which Asymmetric encryption algorithm is considered to be most
secure (I
> know that is an very subjective term)? I did some research on
> Diffie-Hellman, DSA and Elgamal (not going to touch RSA til Sept.
21st) and
> it appears to me that Elgamal is superior at first appearance. I
liked DSA
> except for the 1024 bit key limitation but DH and Elgamal seemed to
support
> up to 4096 by default. DH seems to have a few more weaknesses
documented
> that kind of scared me away from that option.
>
> Also, does anyone know of any good places to search for
(preferably
> public domain) Elgamal code in C or C++?
There is no reason why DSA doesn't use larger numbers other then
because it says so in the specs. And DH is not an encryption
algorithm, nor is DSA.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Steve)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Thu, 24 Aug 2000 22:14:03 GMT
=====BEGIN PGP SIGNED MESSAGE=====
On Thu, 24 Aug 2000 19:04:12 GMT, [EMAIL PROTECTED] wrote:
>> The problem won't go away until all vulnerable versions of PGP are
>> retired, since it's the sender who is responsible for encrypting
>> to the ADKs, not the recipient.
Maybe not, but anyone who knows & cares can *make* the problem
go away locally. Just export a known good key as text, clearsign it,
and mail it to your correspondents with instructions: "Verify this
signature, delete my key from your keyring, and import the enclosed
key."
And ask them to send you a signed copy of their own key.
I certainly hope NAI gets in gear and kicks some serious butt about
getting this fixed, which will have to include publicising the
problem as widely as possible as well as just writing, testing, and
posting the software fix.
:o(
Steve
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQEVAwUBOaWeF8XTOLlJEtXlAQELWAf8DNxxpCJXhnsEnuaLtjCgbLPujsHlg4KF
4rBg6DjGkSlYUYFegiTruuB0lCBXPIAMKyD7NBMQQa+PiAmCRCukbmqwSm0t7gYW
OvT3FzDjqFi5F+vCQHMG9n/PIjt67cQPTfic9FKXost5ITsTvUSn475kqgFBQnXz
Nk05hwWRNMnburEQjfyDjpmNo1fwh19eEEQs26qjgdhibjVanWgY/bkdyOAm4tmj
R3ployfgcS5EXl6kYwkVAobiwiipv0M7zXdO2WIinanPFw5IfzOEH1MMepElaQJN
xz64IFj+bB7ZJg57g/wGqCHpjpWXI5gm4UzctP1TJrg3ZC1smFr4pQ==
=x3+I
=====END PGP SIGNATURE=====
---Support privacy and freedom of speech with---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
My current keys are
RSA - 0x4912D5E5
DH/DSS - 0xBFCE18A9
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Provably secure stream cipher
Date: Thu, 24 Aug 2000 15:51:03 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > By definition, pure stream ciphers tend to fall apart with reuse of the
> > key stream, plaintext attacks making all possiblities transparent.
>
> No more than for block ciphers.
My point was that neither stream nor block is apt to get you as much as
finding a middle method.
--
Now, lazily juxtapose five objects to make a good quincunx.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: IBM/NSA Harvest (was Re: Bytes, octets, chars, and characters)
Date: 24 Aug 2000 15:23:14 -0700
Shez <[EMAIL PROTECTED]> writes:
> I recall stories in the computer press c.1980 which talked about the
> NSA's offshore (UK) base which had just been unmasked, and they referred
> to an IBM machine with a "Harvest Overdrive" which was described as a
> 64bit device for cracking DES codes. (I was under the impression that
> they had more than one of these beasts though.)
It must be a different machine than the original Harvest (IBM 7950 Data
Processing System). Harvest had a modified Stretch CPU (which did use
64-bit words), but the 7951 coprocessor only used 8-bit bytes, and wouldn't
have been particularly good at cracking DES. It was probably quite good
for certain other classes of ciphers.
The official histories are pretty clear that only one Harvest system was
made (although that doesn't eliminate the possibility of unoffical ones).
It sounds like they simply recycled the name "Harvest" for a different
machine.
------------------------------
From: [EMAIL PROTECTED] (Ron Yakmile)
Subject: Re: The DeCSS ruling
Date: Thu, 24 Aug 2000 22:24:57 GMT
[EMAIL PROTECTED] (Mark Wooding) wrote:
>I think you mean `Quis custodet ipsos custodes?' What you've written
>makes no sense.
You're watching over the Latin usage here, but who's watching over you?
--
"Ron Yakmile" is actually 6759 243810 <[EMAIL PROTECTED]>.
012 3456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: "Howard" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Thu, 24 Aug 2000 23:21:54 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Keith" <[EMAIL PROTECTED]> wrote in message
:
: Then NAI/PGP should F*****8 make a product that is secure so people can
do
: that.
: No wonder they can export PGP V5 and up, because of ADK a back door can
be
: built in later.
Keith, in the first place it's not a "backdoor", since a "backdoor"
suggests a covert process which should remain entirely invisible to be
truly effective as a spying tool. IMO the covert introduction of an ADK is
useless to the security services if it can be detected by the software.
You might as well tap a phone - and then play a recorded announcement
every time the user lifts the handset warning that you're bugging the
conversation.
It is a serious shortcoming for the unwary, but not a backdoor. If it were,
it's a pretty damned clumsy one.
In the second place, what on earth are you so angry about?
Rgds
- --
Howard
Staffordshire, England
PGP Keys:
0xECFEF05F (DH/DSS)
0x96302AD7 (RSA)
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOaWgAAAiYvTs/vBfEQLxkwCg86B49agbBSRdw8FYhtDH2AofsfkAoPYe
s3Hwb636SNdg9DTL/KAwpvb/
=ESEy
=====END PGP SIGNATURE=====
------------------------------
From: "Howard" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Thu, 24 Aug 2000 23:36:42 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"David Kaczynski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: FWIW, it would be nice if someone could crank out a shell, perl, or
: better yet, C program, that could examine your public keys for any of
: these mischeviously inserted ADKs.
Or simply check the box marked, "warn when encrypting to keys with an ADK"
?? Surely this warning feature was put there to serve a purpose. If your
recipient says it (the ADK) shouldn't be there, you've cracked it.
Don't worry too much Dave, I think there's a lot of hysteria brewing up
over this, with accusations of NAI complicity and even NSA backdoors. I
think it's a cock-up sure, but not one I'm going to lose much sleep about.
Rgds
Howard
Staffordshire, England
PGP Keys:
0xECFEF05F (DH/DSS)
0x96302AD7 (RSA)
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOaWjdwAiYvTs/vBfEQJX8gCcCkfmC70dUaxTBpKkQ6vBxcGndw4AoOA1
Ul/n0CV3LhXzvUYAhcARTGdM
=cxxm
=====END PGP SIGNATURE=====
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: blowfish problem
Date: Thu, 24 Aug 2000 22:04:36 GMT
"Trevor L. Jackson, III" wrote:
> It is all perfectly clear now. It's a terminology issue. The terms char, byte,
> and character are synonyms, but we'll refrain from stipulating that fact in the
> interest of ... pedantry?
> If the referents are identical, why are there multiple terms that are not defined
> to be synonymous?
As in mathematics, where "compact" and "closed, bounded" aren't
a priori known to be synonymous but turn out to be that way,
conceptually "byte", "char" (C type), and "character" are different
ideas that might or might not turn out to be essentially synonymous.
A "byte" as used in the C standard is the basic addressable unit
of storage for representations of objects. A "character" is an
atomic unit of text in a general sense that includes white space,
formatting effector codes, etc. "char" denotes a specific integer
type ("unsigned char" and "signed char" are the two distinct kinds,
capable of representing only nonnegative values or signed values;
plain "char" matches one or the other depending on the implementation).
Standard C directly supports three ways to encode characters as
numbers: (1) entire value in a single "char" object (this was the
only encoding originally envisioned by C), e.g. ASCII; (2) as a
sequence of "char" objects called a "multibyte encoding", e.g. UTF-8;
(3) entire value in a single "wide character" object of type wchar_t,
e.g. 16-bit Unicode or 31-bit ISO 10646. In the C standard we tried
very hard to reserve the unqualified term "character" for case (1),
"multibyte sequence" for case (2), and "wide character" for case (3).
The term "character type" denotes any of the forms of "char".
Note that the name "char" doesn't necessarily imply that every object
of that type has to be used to represent a character; it is a nice
tiny integer type that can be used for counting or as a Boolean flag.
The name "char" was of course originally inspired by the thought that
it would match the unit used to encode characters on the platform,
but it always had other uses and in fact has been outgrown by the
internationalization of the character set; most implementations can
address 8-bit units, but it takes 16 bits or more to encode all
commonly used characters around the world. It became clear that a
split had to be made between the "international character" and
"storage unit" (byte) meanings of "char", and a deliberate decision
was made to retain the "byte" meaning for "char" and introduce a new
type name "wchar_t" for the wide-character meaning. (I argued for
the opposite choice at the time.)
The final outcome of this process was that type "char" is represented
by precisely 1 "byte" with no padding, where C's "byte" doesn't
necessarily correspond to other uses of the same word (in particular
it's not necessarily exactly 8 bits), "character type" refers to one
of the flavors of "char", and "character" also refers to a flavor of
"char" but usually in connection with the old-fashioned use of "char"
to represent a relatively small codeset.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Thu, 24 Aug 2000 16:12:02 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Runu Knips wrote:
> >
> > Mok-Kong Shen wrote:
> > > This once again stresses the fact that one can't entirely
> > > depend on stuffs from others being error-free, bug-free,
> > > etc. etc. One has to do something oneself, if security is
> > > really at stake.
> >
> > Sorry, but this statement is silly. One better depends upon
> > something from the specialists than depending upon the own
> > code. There is no error free code anyway, but one has a
> > better chance for it if one uses something which got
> > public review, such as PGP, GnuPG, OpenSSL etc.
>
> Did I say one has to do everyting oneself? My point it
> that it is dangerous to entirely rely on others, no
> matter how big names these specialists or organisations
> have.
>
> M. K. Shen
In the beginning PZ did as best they che could to do the right thing, he
did. Much was not done as well as it needed to be....enter later
versions. He has said oftend, said it me personally, he does not claim to
know the expertise he really needed, but with what he did know.
Beyond PZ, the obvious thing is that minor problems do not mean
continually justifying mystic versions and scheduled incompatibilities.
The hanky panky comes about by some molding the application/key structure
into less than it was originally envisioned to be.
PGP does not mean Pretty Good Privacy anymore, but Pig in a Government Poke.
Security means cutting to the chase and doing the simple right thing
rather than trying to snow everybody with weirdness while adding potential
for implementing hidden agendas.
--
Some expect the joy and dazzle of veracity by unqualified knowing.
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: blowfish problem
Date: Thu, 24 Aug 2000 22:10:18 GMT
"Trevor L. Jackson, III" wrote:
> By this reasoning the draft would mean the same thing if it were transformed
> by replacing all use of the term byte with the term unsigned char. Thus
> either the draft is fatuously flawed, or there is distinction between "C byte"
> and "C unsigned char" that cannot be deduced from their (joint) referent.
No, the only "fatuous" element is your not heeding the explanations.
"unsigned char" is a *type*; "byte" is a unit of storage. Those are
quite different concepts. As it happens, the C Standard closely
links the two in its specifications, but we certainly could have
chosen to specify otherwise (as indeed I proposed around 1986).
------------------------------
From: Keith <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Thu, 24 Aug 2000 16:22:14 -0700
Reply-To: "Keith" <[EMAIL PROTECTED]>
On Thu, 24 Aug 2000 23:21:54 +0100, Howard
<fjhp5.1520$[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>"Keith" <[EMAIL PROTECTED]> wrote in message
>:
>: Then NAI/PGP should F*****8 make a product that is secure so people can
>do
>: that.
>: No wonder they can export PGP V5 and up, because of ADK a back door can
>be
>: built in later.
>
>Keith, in the first place it's not a "backdoor", since a "backdoor"
>suggests a covert process which should remain entirely invisible to be
>truly effective as a spying tool. IMO the covert introduction of an ADK is
>useless to the security services if it can be detected by the software.
>
>You might as well tap a phone - and then play a recorded announcement
>every time the user lifts the handset warning that you're bugging the
>conversation.
I bet you 75% of PGP users don't even understand what ADK is or even care.
>
>It is a serious shortcoming for the unwary, but not a backdoor. If it were,
>it's a pretty damned clumsy one.
No, it is a terrific exploit into the PGP key system. You identify your targets
then add the modified public key and presto you have instant access to the
encrypted information.
>
>In the second place, what on earth are you so angry about?
I am sure that those PGP consumers who bought it and find a compromised key
will be angry. Any person that trusts NAI's PGP without a serious review by
experts gets what they deserve.
Is it to much too ask for NAI engineers to make sure that a ADK ID won't be
added to a signed public key?
Why did NAI PGP not maintain the integrity of the public key system by insuring
that all elements of a public key are protected?
>
>Rgds
--
Best Regards,
Keith
=============================================================================
Where do you discover free software for Windows? Strongsignals DOT COM is a
great place to start: http://Strongsignals.com "If a man hasn't discovered
something that he will die for, he isn't fit to live." --Martin Luther King, Jr
PGP V5 & Above is a excellent UUENCODING Program!
============================================================================
------------------------------
From: mike burrell <[EMAIL PROTECTED]>
Subject: Re: Bytes, octets, chars, and characters
Crossposted-To: comp.lang.c
Date: Thu, 24 Aug 2000 23:24:39 GMT
In comp.lang.c Paul Schlyter <[EMAIL PROTECTED]> wrote:
> In C though, the most common solution seems to be:
>
> char 8-bit
> short 16-bit
> int 32-bit
> long 32-bit
> (long long 64-bit)
the days of the 32-bit minicomputer are slowly coming to an end :)
> On 64-bit machines, one alternative could be:
>
> char 8-bit
> short short 16-bit
short short? wtf is a short short? get it out of there whatever it is.
> short 32-bit
> int 64-bit
> long 128-bit
> long long 256-bit
--
/"\ m i k e b u r r e l l
\ / ASCII RIBBON CAMPAIGN [EMAIL PROTECTED]
X AGAINST HTML MAIL,
/ \ AND NEWS TOO, dammit finger [EMAIL PROTECTED] for GPG key
------------------------------
From: TOM JEFFRIES <[EMAIL PROTECTED]>
Subject: Re: Reply now to join the crypto-research-ressources group
Date: Thu, 24 Aug 2000 23:31:24 GMT
[EMAIL PROTECTED] wrote:
>
> Hello,
>
> Reply to this email to join the crypto-research-ressources group,
> an email group hosted by eGroups, a free, easy-to-use email group
> service.
>
> JOIN NOW, IT'S EASY: reply to this email by choosing "Reply" and then
> "Send" in your email program.
>
> By joining crypto-research-ressources, you will be able to exchange
> messages with other group members. eGroups also makes it easy to store
> photos and files, coordinate events and more.
>
> Here's an introductory message from the group moderator:
> ------------------------------------------------------------------------
>
> Hi sci.crypt readers,
>
> A new cryptography e-mail list in which you may be interested has been
> created. Please feel welcomed to join!
>
> Cryptoanimal
> [EMAIL PROTECTED] moderator
> [EMAIL PROTECTED]
>
> ------------------------------------------------------------------------
>
> TO JOIN THIS GROUP:
>
> 1) REPLY to this email by clicking "Reply" and then "Send"
> in your email program
>
> -OR-
>
> 2) Go to the eGroups site at
> http://www.egroups.com/invite/crypto-research-ressources
> and click the "JOIN" button
>
> If you do not wish to join the crypto-research-ressources group, please
> ignore this invitation.
>
> SPECIAL NOTE FROM eGroups: Because eGroups values your privacy,
> it is a violation of our service rules for moderators to abuse our
> invitation service. If you feel this has happened, please notify us at
> [EMAIL PROTECTED]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Reply now to join the crypto-research-ressources group
Date: Thu, 24 Aug 2000 16:29:54 -0700
Whatever happened to Tom's E-group?
[EMAIL PROTECTED]
Might be nice to check with him first.
Paul
<[EMAIL PROTECTED]> wrote in message
news:8o3qv7$8a7$[EMAIL PROTECTED]...
> Hello,
>
> Reply to this email to join the crypto-research-ressources group,
> an email group hosted by eGroups, a free, easy-to-use email group
> service.
>
> JOIN NOW, IT'S EASY: reply to this email by choosing "Reply" and then
> "Send" in your email program.
>
> By joining crypto-research-ressources, you will be able to exchange
> messages with other group members. eGroups also makes it easy to store
> photos and files, coordinate events and more.
>
> Here's an introductory message from the group moderator:
> ------------------------------------------------------------------------
>
> Hi sci.crypt readers,
>
> A new cryptography e-mail list in which you may be interested has been
> created. Please feel welcomed to join!
>
> Cryptoanimal
> [EMAIL PROTECTED] moderator
> [EMAIL PROTECTED]
>
> ------------------------------------------------------------------------
>
> TO JOIN THIS GROUP:
>
> 1) REPLY to this email by clicking "Reply" and then "Send"
> in your email program
>
> -OR-
>
> 2) Go to the eGroups site at
> http://www.egroups.com/invite/crypto-research-ressources
> and click the "JOIN" button
>
>
> If you do not wish to join the crypto-research-ressources group, please
> ignore this invitation.
>
> SPECIAL NOTE FROM eGroups: Because eGroups values your privacy,
> it is a violation of our service rules for moderators to abuse our
> invitation service. If you feel this has happened, please notify us at
> [EMAIL PROTECTED]
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Cheri & Mike Jackmin" <[EMAIL PROTECTED]>
Subject: PGP Vulnerability
Date: Thu, 24 Aug 2000 19:47:42 -0400
Will this alter the fingerprint of the public key?
http://www.securitywatch.com/newsforward/default.asp?AID=3690
MikeJ
ICQ: 43754558 or 45661022
PGP Public Key available from www.lightlink.com/critters
ID: 0x14D84603 Size: 2048/1024 DH/DSS Fingerprint:
4A4E CB75 C4A4 2585 D953 D855 FA9F 0D98 14D8 4603
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: 24 Aug 2000 16:52:05 -0700
[EMAIL PROTECTED] (Chris Torek) writes:
> The problem basically boils down to several things, some of which
> are implied by the fact that memcpy() can be implemented in strictly
> portable C code as:
>
> void *memcpy(void *dst0, const void *src0, size_t len) {
> unsigned char *dst = dst0;
> const unsigned char *src = src0;
>
> while (size--)
> *dst++ = *src++;
> return dst0;
> }
Is that really true? I know that the void * has to be able to
store a value of any other pointer type. But is it really the case
that a char * also has to be able to store a value of any other
pointer type?
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: 24 Aug 2000 16:59:23 -0700
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> Did I say one has to do everyting oneself? My point it
> that it is dangerous to entirely rely on others, no
> matter how big names these specialists or organisations
> have.
Well, it's dangerous to rely on others, and it's dangerous to
rely on one's self, so where does that leave us? Apparently
the universe is just a dangerous place.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
