Cryptography-Digest Digest #531, Volume #12 Fri, 25 Aug 00 04:13:00 EDT
Contents:
Re: My unprovability madness. (Steven B. Harris)
Re: need help! (Jim Gillogly)
Re: SHA-1 test request ("Ed Suominen")
Re: need help! ("John Utkke")
Re: SHA-1 test request (S. T. L.)
Re: Serious PGP v5 & v6 bug! ("Howard")
Re: need help! ("John A. Malley")
ADK Bug: Statement from cert.org. (Ron B.)
Re: Excerpt of SECRETS AND LIES available on-line (Anthony David)
Re: A few big primes? (Michael Brown)
Re: ADK Bug: Statement from cert.org. (Jeremy Bishop)
Re: 1-time pad is not secure... (S. T. L.)
Re: Serious PGP v5 & v6 bug! (Anders Thulin)
Optimized Freeware. ("Sergio Arrojo")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED](Steven B. Harris)
Crossposted-To: sci.math,sci.physics
Subject: Re: My unprovability madness.
Date: 25 Aug 2000 04:12:09 GMT
In <8o32h5$9vj$[EMAIL PROTECTED]> Nathan the Great
<[EMAIL PROTECTED]> writes:
>
>In article <V8Wo5.4848$[EMAIL PROTECTED]>,
> "Adam Russell" <[EMAIL PROTECTED]> wrote:
>> No, I wasn't speaking of Godel. I was referring to the
>> suggestion of a system of logic where unprovable statements
>> are deemed to be false.
>
>Adam, WHEN USING CONSTRUCTIVE LOGIC, unprovable
>statements _are_ false, not just deemed to be.
The difference between statements in logic which ARE false, and
statements which are "merely" DEEMED to be false, is nothing but a foot
stomp. For all statements in logic which ARE false, are merely "false"
by definition of your particular construction of "false." How else?
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: need help!
Date: Fri, 25 Aug 2000 04:33:52 +0000
John Utkke wrote:
>
> I am a kid interested in cryptography can someone help me with this
> encryption problem, here is what I am given in this exercise.
>
> W=T, K=O, X=S
> J ISKKXO WK NOBJAO
There's not enough information to find a unique solution unless
you can determine the key structure. It probably starts
I CHOOSE TO, but there are several choices for the last word.
REFINE fits nicely with various choices of short K4-type keys (keyed
plaintext and ciphertext), but many other choices are also possible
and make sense, such as DEFILE, DEFINE, DERIVE, DESIRE, RECITE,
RESIDE and REVISE.
Did anything in the statement of the exercise indicate how the
alphabet was mixed? Did they give you a sample problem?
--
Jim Gillogly
Sterday, 3 Halimath S.R. 2000, 04:22
12.19.7.8.17, 12 Caban 20 Yaxkin, Sixth Lord of Night
------------------------------
From: "Ed Suominen" <[EMAIL PROTECTED]>
Subject: Re: SHA-1 test request
Date: Thu, 24 Aug 2000 22:34:44 -0700
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
TEST 1 OF 3
- ---------------------
Here's my first test of your program against two others. Looks like
your is the odd man out on this *very* big file (my unmounted
PGPdisk). sha1.exe is your program, sha1.com is the assembly
language program written by Robert G. Durnal, and gpg.exe is
the GNU Privacy Guard, which has a neat "print message digest"
switch.
C:\>dir *.pgd
Volume in drive C has no label
Volume Serial Number is 3425-11E5
Directory of C:\
MYDOCS PGD 2,146,441,728 08-24-00 8:25p Mydocs.pgd
1 file(s) 2,146,441,728 bytes
0 dir(s) 1,117.04 MB free
C:\>sha1.exe -h mydocs.pgd
SHA1.EXE v0.25b by S.T.L. This program is distributed under the GNU
GPL.
Copyright (C) 2000 S.T.L.
This comes with ABSOLUTELY NO WARRANTY; see the GNU GPL for details.
This is freedom software, and you are welcome to redistribute it
under certain conditions; see the GNU GPL for details.
SHA-1 hexadecimal hash:
E0A0 F640 6D5C 551A 1396 5ADE A987 952B AC54 FA24
C:\>sha1.com mydocs.pgd
649C02D3430B38340DCCB1F305BBC50E85A73A20
C:\>gpg --print-md sha1 mydocs.pgd
gpg: Please note that you don't have secure memory on this system
mydocs.pgd: 649C 02D3 430B 3834 0DCC B1F3 05BB C50E 85A7 3A20
TEST 2 OF 3
- ---------------------
Here's a second test on a smaller file, the user's manual for Eudora
4.3 (a PDF file of about 3.5 MB).
C:\>dir *.pdf
Volume in drive C has no label
Volume Serial Number is 3425-11E5
Directory of C:\
TEST PDF 3,650,823 05-25-00 12:22p test.pdf
1 file(s) 3,650,823 bytes
0 dir(s) 1,113.52 MB free
C:\>sha1.exe -h test.pdf
SHA1.EXE v0.25b by S.T.L. This program is distributed under the GNU
GPL.
Copyright (C) 2000 S.T.L.
This comes with ABSOLUTELY NO WARRANTY; see the GNU GPL for details.
This is freedom software, and you are welcome to redistribute it
under certain conditions; see the GNU GPL for details.
SHA-1 hexadecimal hash:
DDE8 8A5B 6CF5 F298 BC65 AD1F E3CC 726C A65F 8461
C:\>sha1.com test.pdf
58CEEC6E980C9181BC6D91418B927C968A93A341
C:\>gpg --print-md sha1 test.pdf
gpg: Please note that you don't have secure memory on this system
test.pdf: DDE8 8A5B 6CF5 F298 BC65 AD1F E3CC 726C A65F 8461
HUH?!?!?!?!? Now you agree with GPG (a good sign for you) but
SHA1.COM, which agreed with GPG on the Really Big File, is now
the odd man out! Note that you didn't agree with SHA1.COM on
my system in either case, and that GPG agreed with each of you
but for different files.
TEST 3 OF 3
- ---------------------
Here's a test of the standard "abc" test file in which all three of
you agree:
C:\>type abc.txt
abc
C:\>sha1.exe -h abc.txt
SHA1.EXE v0.25b by S.T.L. This program is distributed under the GNU
GPL.
Copyright (C) 2000 S.T.L.
This comes with ABSOLUTELY NO WARRANTY; see the GNU GPL for details.
This is freedom software, and you are welcome to redistribute it
under certain conditions; see the GNU GPL for details.
SHA-1 hexadecimal hash:
A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
C:\>sha1.com abc.txt
A9993E364706816ABA3E25717850C26C9CD0D89D
C:\>gpg --print-md sha1 abc.txt
gpg: Please note that you don't have secure memory on this system
abc.txt: A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
There, you got some tests...now you just need to figure this all out!
(Good luck...)
<This message is signed only to confirm the identify of its author.>
Ed Suominen
Registered Patent Agent
Web Site: http://eepatents.com
PGP Public Key: http://eepatents.com/key
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.3
iQA/AwUBOaYFV6mKuMvNCWDGEQKO+gCgsrGrJj0CVtjCfng07EUtN+Rn6rQAoII+
v9wmApvoWtFE0bhBqA6jpRd0
=5XHj
=====END PGP SIGNATURE=====
------------------------------
From: "John Utkke" <[EMAIL PROTECTED]>
Subject: Re: need help!
Date: Fri, 25 Aug 2000 00:38:48 -0700
Jim Gillogly <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> John Utkke wrote:
> >
> > I am a kid interested in cryptography can someone help me with this
> > encryption problem, here is what I am given in this exercise.
> >
> > W=T, K=O, X=S
> > J ISKKXO WK NOBJAO
>
> There's not enough information to find a unique solution unless
> you can determine the key structure. It probably starts
> I CHOOSE TO, but there are several choices for the last word.
> REFINE fits nicely with various choices of short K4-type keys (keyed
> plaintext and ciphertext), but many other choices are also possible
> and make sense, such as DEFILE, DEFINE, DERIVE, DESIRE, RECITE,
> RESIDE and REVISE.
>
> Did anything in the statement of the exercise indicate how the
> alphabet was mixed? Did they give you a sample problem?
No. No. they did give the following also.
WOISAJIKGKL NLOYUX,
and YX VJQOAWX KB,
and VOKVOGOX JUYQJAYW JKAX
Maybe solving all these will give up the key.
>
> --
> Jim Gillogly
> Sterday, 3 Halimath S.R. 2000, 04:22
> 12.19.7.8.17, 12 Caban 20 Yaxkin, Sixth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: SHA-1 test request
Date: 25 Aug 2000 06:04:10 GMT
<<Why are you using long longs for anything? SHA1 uses 32-bit operations.>>
I still use unsigned long ints for all computations, but I need long longs for
filesize (which, if you remember, is permitted to be anywhere from 0 to 2^64 -
1 bits).
And a post from Ed Suominen:
<<Here's my first test of your program against two others. Looks like
your is the odd man out on this *very* big file (my unmounted
PGPdisk). sha1.exe is your program, sha1.com is the assembly
language program written by Robert G. Durnal, and gpg.exe is
the GNU Privacy Guard, which has a neat "print message digest"
switch....
C:\>sha1.exe -h mydocs.pgd
SHA1.EXE v0.25b by S.T.L. This program is distributed under the GNU
GPL.>>
v0.25b and earlier definitely don't work for files > 512MB. For the 15th word
of the last block, it writes all zeros because it makes the crocky assumption
that no files passed to it will be over 2^32 bits. (It won't crash, though.)
v0.26 and above use unsigned long longs which should correct the problem.
(Meaning correct hashes for all files from 0 bits to 2 exabytes!) I've already
uploaded these versions to my website.
<<MYDOCS PGD 2,146,441,728 08-24-00 8:25p Mydocs.pgd
1 file(s) 2,146,441,728 bytes>>
Oh yeah. This bad boy is way beyond the 2^32 bit barrier. (Almost 2^34 bits,
actually. Whoo.) I'm extremely curious as to whether v0.27 produces the
correct hash for it.
<<Here's a second test on a smaller file, the user's manual for Eudora
4.3 (a PDF file of about 3.5 MB).>>
I still am of the belief that v0.17b through v0.25b correctly hash files <
512MB, so this should be a rock-solid result.
<<HUH?!?!?!?!? Now you agree with GPG (a good sign for you) but
SHA1.COM, which agreed with GPG on the Really Big File, is now
the odd man out! Note that you didn't agree with SHA1.COM on
my system in either case, and that GPG agreed with each of you
but for different files.>>
That's some weird voodoo magic. See if the most recent version of SHA1.EXE
agrees for the Really Big File; I think it will. Something else therefore is
wrong with SHA1.COM, and I won't guess as to what it is. I am assuming that
GPG knows what it's doing. What's weird is that my program *did* agree with
SHA1.COM and HASHcipher for a 100MB file (100,000,000 "a" characters) and
agreed with SHA1.COM for pak0.pak.
Let me know how v0.27 turns out for the Really Big File. (No need to test it
for the smaller files, nothing should have changed for them.) Ptoo bad the
gov't didn't provide really huge test vectors in FIPS PUB 180-1. Argh.
Thanks!
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
From: "Howard" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Fri, 25 Aug 2000 06:56:21 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Keith" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: >It is a serious shortcoming for the unwary, but not a backdoor. If it
were,
: >it's a pretty damned clumsy one.
:
: No, it is a terrific exploit into the PGP key system. You identify your
targets
: then add the modified public key and presto you have instant access to
the
: encrypted information.
However as I said this is hardly covert, since all versions of PGP
apparently warn the user that additional keys are present. Therefore this
is not a "backdoor" but a potential security problem which would largely
affect inexperienced users.
: Is it to much too ask for NAI engineers to make sure that a ADK ID won't
be
: added to a signed public key?
No, and here I agree with you. But I for one haven't read anything from
them as yet - and this news broke only yesterday (I think..). Have you
contacted NIA and asked for a statement, or comment from them? Do you think
it's a good idea to have their views before condemning so vociferously?
Kindest Regards
Howard
Staffordshire, England
PGP Keys:
0xECFEF05F (DH/DSS)
0x96302AD7 (RSA)
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOaYKggAiYvTs/vBfEQLpDwCfY+Pbo5cnpM5CW7y8TC+0DkgoajQAoIi9
L7GvfRJPGQmeUBA6h7xE2enB
=cn4R
=====END PGP SIGNATURE=====
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: need help!
Date: Thu, 24 Aug 2000 23:26:10 -0700
John Utkke wrote:
>
> Jim Gillogly <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > John Utkke wrote:
> > >
> > > I am a kid interested in cryptography can someone help me with this
> > > encryption problem, here is what I am given in this exercise.
> > >
> > > W=T, K=O, X=S
> > > J ISKKXO WK NOBJAO
i choose to define
> >
> > There's not enough information to find a unique solution unless
> > you can determine the key structure. It probably starts
> > I CHOOSE TO, but there are several choices for the last word.
> > REFINE fits nicely with various choices of short K4-type keys (keyed
> > plaintext and ciphertext), but many other choices are also possible
> > and make sense, such as DEFILE, DEFINE, DERIVE, DESIRE, RECITE,
> > RESIDE and REVISE.
> >
> > Did anything in the statement of the exercise indicate how the
> > alphabet was mixed? Did they give you a sample problem?
> No. No. they did give the following also.
> WOISAJIKGKL NLOYUX,
technicolor dreams,
> and YX VJQOAWX KB,
as figents of
> and VOKVOGOX JUYQJAYW JKAX
peopeles imaginat ions
> Maybe solving all these will give up the key.
Yes, in conjunction with recognizing the spelling mistakes in the
plaintext.
John A. Malley
[EMAIL PROTECTED]
> >
------------------------------
From: Ron B. <[EMAIL PROTECTED]>
Crossposted-To:
comp.security.pgp.discuss,comp.security.pgp.resources,comp.security.pgp.tech,talk.politics.crypto
Subject: ADK Bug: Statement from cert.org.
Date: Fri, 25 Aug 2000 06:38:26 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
A statement from cert.org regarding the ADK bug including remarks
from Phil Zimmermann can be found at:
http://www.cert.org/advisories/CA-2000-18.html
This includes the promise of a patch available Friday morning.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOaYTDQzUoy7OvTSOEQLUvQCgrmv5E80QbfN23bZnmgrJcJlaIF4An2+q
y9hQdGyLAZ+KaqKLC/vIRRJa
=LKs+
=====END PGP SIGNATURE=====
------------------------------
Subject: Re: Excerpt of SECRETS AND LIES available on-line
From: Anthony David <[EMAIL PROTECTED]>
Date: 25 Aug 2000 16:46:28 +1000
Bruce Schneier <[EMAIL PROTECTED]> writes:
> A couple of weeks ago, someone asked about on-line distribution of my
> latest book. I just noticed that Chapter 3 is up on Amazon:
>
>
>
>http://www.amazon.com/exec/obidos/ts/book-excerpt/0471253111/ref=pm_dp_ln_b_3/103-9091257-0055007
>
> Not the chapter I would have picked to excerpt, but no one asked me.
>
> A couple of weeks ago I also warned people that Amazon was no longer
> offering the 30% discount, only a 20% discount. You can get a 30%
> discount on FatBrain, which is the cheapest I've seen for the book:
>
I hope this was retyped from the printed text and not lifted from the
electronic copy. There are spelling errors all through it.
--
=========================================================
Gambling: A discretionary tax on | Anthony David
those who were asleep during high | Systems Administrator
school mathematics classes |
------------------------------
From: Michael Brown <[EMAIL PROTECTED]>
Subject: Re: A few big primes?
Date: Fri, 25 Aug 2000 19:13:47 +1200
> Look for the NTH, the Number THeory library, on ticalc.org. It's in BASIC, so
Umm, could you give me a link. I tired the serch and browse on
TiCalc.org and I couldn't find it. Neither could HotBot. Do you have a
direct link?
> you can call it yourself. One thing that most people don't realize is that
> TI-92+ calculators have built-in bignum capability (612 decimal digit
> precision). Which is The Way It Should Be. I myself use heavily modified
> snippets of NTH code in my TI-RSA program (that's right, 1024-bit RSA on a
> calculator). But I won't be able to release that program until Sept. 20. Heh.
Oh boy, THAT's gonna make the NSA happy :)
>
> -*---*-------
> S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
> My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
> Optimized pngcrush executable now on my Download page!
> Long live pngcrush! :->
Michael
------------------------------
From: Jeremy Bishop <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: ADK Bug: Statement from cert.org.
Date: Fri, 25 Aug 2000 00:26:05 -0700
"Ron B." wrote:
> http://www.cert.org/advisories/CA-2000-18.html
>
> This includes the promise of a patch available Friday morning.
Excellent. For those too lazy/unable to read the link, I would like to
draw people's attention to two items:
First, this is only exploitable if the ADK is present on your keyring.
This means that the attacker is someone whose public key is on your
keyring. Since you can see the ID of the ADK used, you have an
immediate target for prosecution.
Second, the advisory mentions that the main PGP keyserver is already
filtering keys with bogus ADK packets, and fixes for other servers are
expected by later today.
Move along folks, show's over.
--
The universe does not have laws -- it has habits, and habits can be
broken.
-- BSD fortune file
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: 1-time pad is not secure...
Date: 25 Aug 2000 07:34:22 GMT
<<EPR experiments "pretty much" rule out the idea that physics
depends only on local interactions.>>
Shows you what you know. Spooky action at a distance is D-E-A-D, no matter
what you think. It just looks like it isn't. Hence the term spooky. Duh.
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: Serious PGP v5 & v6 bug!
Date: Fri, 25 Aug 2000 07:42:55 GMT
Charles Blair wrote:
>
> For those who want to worry about it, an article by Ken Thompson
> described how he once inserted some private code into a C compiler:
>
> http://www.acm.org/classics/sep95
I think you are mistaken: there's nothing in that article that indicates
that Thompson actually did so. There's a 'would' at the critical point in the
text where there's a question him inserting a bug into a compiler. That
seems to make it quite clear that the case discussed is only an example
of what could be done.
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia Prosoft AB, Box 85, S-201 20 Malmö, Sweden
------------------------------
From: "Sergio Arrojo" <[EMAIL PROTECTED]>
Subject: Optimized Freeware.
Date: Fri, 25 Aug 2000 09:46:49 +0200
Reply-To: "Sergio Arrojo" <[EMAIL PROTECTED]>
Could somebody recommend me a web-site with Freeware for implementation of
Elliptic Curves with a reasonable optimization in terms of time and space.
Thanks
Sergio
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
