Cryptography-Digest Digest #621, Volume #12 Wed, 6 Sep 00 11:13:01 EDT
Contents:
Rq cryptanalysis software ("Pe.Lefebvre")
Re: Blowfish Questions (Runu Knips)
Re: Carnivore article in October CACM _Inside_Risks (Steve Smith)
bent vectors ([EMAIL PROTECTED])
Re: question on book selection (Ernest Dumenigo)
Re: blowfish problem ("Trevor L. Jackson, III")
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
("cromwell")
RSA in public domain ("Dave Foulger")
Random numbers ("kihdip")
RSA Patent Dead Today (Shellac)
Re: RSA Patent. (Mark Wooding)
Re: RSA in public domain (Mark Wooding)
Re: RSA Patent Dead Today (mdc)
Re: Extending RC4 to 16 bits (Benjamin Goldberg)
Re: RSA Patent Dead Today ("kihdip")
Re: RSA Patent Dead Today (Benjamin Goldberg)
Re: Secure key-based steganography (Gunter Abend)
Re: "Warn when encrypting to keys with an ADK" ([EMAIL PROTECTED])
Re: RSA Patent Dead Today (Shellac)
----------------------------------------------------------------------------
From: "Pe.Lefebvre" <[EMAIL PROTECTED]>
Subject: Rq cryptanalysis software
Date: Wed, 6 Sep 2000 11:29:16 +0200
Hi!
I'm searching for a cryptoanalysis software, even very basic.
Pierre
------------------------------
Date: Wed, 06 Sep 2000 11:34:38 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Blowfish Questions
Future Beacon wrote:
> Has the first Blowfish encryption algorithm been cracked?
> Is there a stronger encryption method in the public domain?
> Is there any stronger encryption method?
Blowfish has a class of weaker keys. Not really a problem,
and they are detectable.
The AES candidates Serpent and Twofish work with 128 blocks
(instead of 64 bit when using Blowfish) instead. Cast128
(also called Cast5) is another cipher to note.
If you believe Blowfish isn't secure enough, you can still
add additional rounds to it.
The most secure algorithm is AFAIK Serpent.
You can test for good cipher algorithms by just checking
the source of GnuPG (www.gnupg.org). These ciphers are all
secure and free.
------------------------------
Date: Wed, 06 Sep 2000 06:17:25 -0400
From: Steve Smith <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto
Subject: Re: Carnivore article in October CACM _Inside_Risks
Roger Schlafly wrote:
> Why wouldn't the ISPs just unplug Carnivore, reboot, and
> tell the FBI that they'll plug it back in when it works?
Because anybody who did so would immediately be thrown in jail for
violating a court order.
--
Steve Smith [EMAIL PROTECTED]
Agincourt Computing http://www.aginc.net
"Truth is stranger than fiction because fiction has to make sense."
------------------------------
From: [EMAIL PROTECTED]
Subject: bent vectors
Date: Wed, 06 Sep 2000 10:55:59 GMT
Doh, I feel really stupid, of course I was wrong. Geez I should have
seen that. The definition |F(w)| = 1 for all 'w' doesn't hold for the
balanced 4x4 sbox as in my example.
Sorry guys.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Ernest Dumenigo)
Subject: Re: question on book selection
Date: 6 Sep 2000 11:19:01 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: Ernest Dumenigo wrote:
: > I saw that [Friedman] has two series the "Military cryptanalysis"
: > and the "Military Cryptanalytics", ...
: (By the time he reached Part III, Callimahos was using all-new
: material, published originally in the NSATJ and "Blue Line"
: monographs, so Friedman was no longer credited as co-author.
: Callimahos Part III is still classified, although we did get
: get a heavily redacted version released that isn't worth the
: bother of reproducing.) There is some additional material from
: Friedman (-sis) Parts III and IV that goes beyond Callimahos
: (-tics) Parts I and II; we got those declassified during the
: Gilmore-vs-NSA battle (only after I located copies already in
: circulation).
Should I even bother with parts III and IV of Callimahos?
Oh and thanks for your help. I have already called and ordered
Callimahos part one, and am very excited to get started!!
--
=====
Ernest
------------------------------
Date: Wed, 06 Sep 2000 08:52:39 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Dennis Ritchie wrote:
> "Douglas A. Gwyn" wrote (with some previons material
> having to do with signed char on the PDP-11):
>
> > Certainly, arithmetic operations, etc. were slower
> > for unsigned char due to having to post-mask.
> >
> > > Since the implicit promotions to int can be optimized away when the target
> > > is any kind of char, this difference should be undetectable for most
> > > programs.
> >
> > I'm talking about how the machine actually functioned
> > when supporting type "unsigned char", not about C's
> > promotion rules.
>
> A secret confession: at some point, on the PDP-11 (probably /70)
> I made a compiler that had characters unsigned, using
>
> clr %r0
> bisb source,%r0
>
> to load characters about to be stored in an int or used
> for arithmetic. With various tests, I couldn't find
> any noticeable speedup compared to the sign-extending
> compiler that used movb.
This would be 25% smaller than move & clear. Was the speed difference between
this and movb alone (for signed chars) noticeable?
------------------------------
From: "cromwell" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,alt.security.scramdisk,alt.computer.security,alt.security,comp.security.misc
Subject: Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE
MANAGER)
Date: Wed, 6 Sep 2000 09:01:27 -0400
Most 'locks' either physical or electronic, will keep casual intruders out
and keep honest people honest.
But will it stand up to a professional attack? Who knows...
If you have something that valuable pony up the $$ and buy a good lock.
Cromwell
"HeWhoCannotBeNamed" <[EMAIL PROTECTED]> wrote in message
news:8p4ibs$n9p$[EMAIL PROTECTED]...
> It lets you encrypt files/folders. It's several years old, but I still
use it
> as a great file manager in WIN95 (and works in win98, at least for me). I
> don't know much at all about encryption, but I'm wondering whether I have
> decent safety by encrypting my confidential files with this program (if my
> laptop gets stolen). I don't know of anyway to find out what kind of
> encryption algorithm it uses. I can't find out from Norton, since the
> program is about 5 years old.
------------------------------
From: "Dave Foulger" <[EMAIL PROTECTED]>
Subject: RSA in public domain
Date: Wed, 6 Sep 2000 14:03:14 +0100
BEDFORD, Mass., September 6, 2000 -- RSAŽ Security Inc. (NASDAQ: RSAS) today
announced it has released the RSA public key encryption algorithm into the
public domain, allowing anyone to create products that incorporate their own
implementation of the algorithm. This means that RSA Security has waived its
rights to enforce the patent for any development activities that include the
RSA algorithm occurring after September 6, 2000.
Represented by the equation "c = me mod n," the RSA algorithm is widely
considered the standard for encryption and the core technology that secures
the vast majority of the e-business conducted on the Internet. The U.S.
patent for the RSA algorithm (# 4,405,829, "Cryptographic Communications
System And Method") was issued to the Massachusetts Institute of Technology
(MIT) on September 20, 1983, licensed exclusively to RSA Security and
expires on September 20, 2000.
"So much misinformation has been spread recently regarding the expiration of
the RSA algorithm patent that we wanted to create an opportunity to state
the facts," said Art Coviello, chief executive officer of RSA Security. "RSA
Security's commercialization of the RSA patent helped create an entire
industry of highly secure, interoperable products that are the foundation of
the worldwide online economy. Releasing the RSA algorithm into the public
domain now is a symbolic next step in the evolution of this market, as we
believe it will cement the position of RSA encryption as the standard in all
categories of wired and wireless applications and devices. RSA Security
intends to continue to offer the world's premier implementation of the RSA
algorithm and all other relevant encryption technologies in our RSA BSAFEŽ
software solutions and we remain confident in our leadership in the
encryption market."
For nearly two decades, more than 800 companies spanning a range of global
industries have turned to RSA Security as a trusted, strategic partner that
can provide the proven, time-tested encryption implementations and resources
designed to speed time to market. These companies, including nearly 200 so
far in 2000, rely on RSA BSAFEŽ security software for its encryption
implementation and value-added services for a broad range of B2B, B2C and
wireless applications.
During the past 17 years, RSA Security has incorporated the concepts
represented by the RSA algorithm into its RSA BSAFE cryptographic software.
The company has made continuous enhancements to the way the algorithm has
been implemented, including a number of performance improvements and
optimizations, not reflected in the original patent, for a wide range of
software applications, operating systems and chip designs. RSA Security also
is an industry leader in developing standards on the robust application of
encryption technologies for solving real-world problems. These core
standards, known as the Public Key Cryptography Standards (PKCS), form the
underpinnings of today's most widely used communication methods.
In recent years, encryption technology has taken on an entirely new level of
importance in the world of business and consumer technology, and RSA
Security continues to be a leader in the industry. Once the province of a
small group of technologists and mathematicians, new developments have
raised the profile of encryption among a broad range of audiences. Moving
forward, electronic signature legislation, export regulation and the pending
selection of the Advanced Encryption Standard (AES) all will contribute
significantly to encryption playing a key role in the further expansion of
e-commerce initiatives for B2B, B2C and extended enterprise applications.
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Random numbers
Date: Wed, 6 Sep 2000 15:16:04 +0200
Is Lehmer's method still in use for generating pseudorandom numbers ??
If not - Which algorithms are ??
------------------------------
From: Shellac <[EMAIL PROTECTED]>
Subject: RSA Patent Dead Today
Date: 06 Sep 2000 14:32:04 +0100
According to a press release at:
http://www.rsasecurity.com/news/pr/000906-1.html (hope that's correct)
RSA has been released into the public domain. Odd terminology, that,
given that it _was_ in the public domain. From what follows it looks
like they've relaxed their attitude to patent enfringement. Since
there's only 2 weeks left on the patent, it seems a bit odd, but
welcome nonetheless.
Of course I live outside the US. But I'm still pleased.
--
Key fingerprint = FC31 23CA 3EBA E30D 2F20 D7EA 8C8F BB0A 49CA 5201
I use and endorse MkLinux, MacOS, GnuPG, Xemacs, Alpha (text
processor), wwwoffle, w3m, Gnus, Leafnode, Cherry Coke, PG Tips. They
do not sponsor me. Despite endless requests.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Crossposted-To: talk.politics.crypto
Subject: Re: RSA Patent.
Date: 6 Sep 2000 13:36:20 GMT
ajd <[EMAIL PROTECTED]> wrote:
> I hear that the patent for the RSA encryption algorithm expires at the
> end of this month.
Update: RSA Security Inc. has upset party schedules all across the
world by releasing the RSA algorithm into the public domain two weeks
early -- that's *today*.
Press release at <http://www.rsasecurity.com/news/pr/000906-1.html>.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: RSA in public domain
Date: 6 Sep 2000 13:38:04 GMT
Dave Foulger <[EMAIL PROTECTED]> wrote:
[Quoting the RSA press release:]
> RSA Security's commercialization of the RSA patent helped create an
> entire industry of highly secure, interoperable products that are the
> foundation of the worldwide online economy.
This is absolutely priceless. Codswallop, certainly, but priceless
codswallop nonetheless.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (mdc)
Subject: Re: RSA Patent Dead Today
Date: Wed, 06 Sep 2000 13:44:36 GMT
On 06 Sep 2000 14:32:04 +0100, Shellac <[EMAIL PROTECTED]>
wrote:
>
>According to a press release at:
>
>http://www.rsasecurity.com/news/pr/000906-1.html (hope that's correct)
>
>RSA has been released into the public domain. Odd terminology, that,
>given that it _was_ in the public domain.
The RSA algorithm was not public domain. It was patented. Note
that there is a tremendous difference between publicly-known and
public domain from a legal standpoint.
The patent was due to expire on Sept. 20th, and they released it
to public domain two weeks in advance for whatever reason. It's
main effect is just PR, but it does help to make an explicit public
statement instead of just letting the deadline just slip by unannounced.
mdc
==========================
http://www.mc2studios.com/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Extending RC4 to 16 bits
Date: Wed, 06 Sep 2000 13:52:30 GMT
David Hopwood wrote:
> Guy Macon wrote:
> > David Hopwood wrote:
> > >Barry Adams wrote:
> > >
> > >> The questions are how mathematically sound is the algorithm?
> > >> Of the top of my head i would think that huge state space would
> > >> make for a hard to decryption cipher, but will it be well
> > >> randomized especially with small keys.
> > >
> > >No, the state won't be well randomised. I would recommend
> > >rethinking the key scheduling entirely for a 16-bit RC4.
Actually, it's not "well randomized" for 8-bit RC4 either. Good
implementations discard the first 512 bytes.
> > From a practical standfpoint of someone like me who is playing
> > with RC4 in order to learn, how would I go about changing the
> > key schedule?
>
> It's quite difficult to randomly initialise a state that large (2^20
> bits, not taking into account that it is a permutation) efficiently.
> A conservative way of doing it is to use an algorithm that converts
> a random binary stream to an unbiased random permutation, and feed it
> with SHA-1(key, counter). That's *very* slow, though. I don't know of
> a better solution that would give sufficient confidence that the state
> is adequately randomised (note that 8-bit RC4's existing key schedule
> does not completely randomise the state; that's the reason for the
> weak keys).
Umm, no. RC4's schedule is designed to avoid states that produce short
cycles, so no keys are weak. If you don't use RC4's schedule, and
instead picked an unbiased random permutation as the starting state,
some short-cycle starting states would be chosen.
Where you said "8-bit RC4's existing key schedule does not completely
randomise the state; that's the reason for the weak keys," you should
instead have said something like "because there exist bad starting
states, 8-bit RC4's existing key schedule AVOIDS the full range of
starting states, meaning there are fewer than 256! starting states"
> > Would starting with a larger key change it?
>
> Not really.
>
> > Should I run the algorithm on random data for a while before
> > I start encrypting my plaintext?
>
> That's better than nothing, but I'm not sure it's sufficient.
Why even feed it data, random or otherwise? Remember that this stream
cipher is just a CSPRNG whose output is XORed with the data... just
discard the first 2*65536 values. Good implementations of 8-bit RC4
discard the first 2**(8+1) 8-bit outputs, so you should discard
2**(16+1) 16-bit outputs.
> - --
> David Hopwood <[EMAIL PROTECTED]>
>
> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
> Nothing in this message is intended to be legally binding. If I revoke a
> public key but refuse to specify why, it is because the private key has been
> seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBObWZWTkCAxeYt5gVAQH33wf/RqlX8I1DMLCUjOqAHXX6ixX/WVjmkQmI
> +QbmAN7Fh4YpChrj0SkNaMfneb5gSNfFED74mbUB5XIUObbicMoAYy+ozLL2GT/1
> TJdDknJNuaUk9N52qCAQHC//HUjZ+uFg8AUa0VSqX9ZesDoMS3lG0GBBAk6OTgb5
> IANjnUAxiQEkX5Bf/6KhXkYRliLogcmb4wh+At4xZ82OGG1MDS8JQ+V3GWFogJXX
> N+YjXXdofd6IRfy3CswEiDPpVCeo5JaRJTNx0ghrti7BAO00cKQFziD5RRKAvcBt
> DnVxBNGwBuPQxlAQkMtPWfe7CUUmZz5lTJwQ9hbmV/ah3p5Ix3XdlQ==
> =tDDw
> -----END PGP SIGNATURE-----
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: RSA Patent Dead Today
Date: Wed, 6 Sep 2000 16:16:09 +0200
>The RSA algorithm was not public domain. It was patented. Note
>that there is a tremendous difference between publicly-known and
>public domain from a legal standpoint.
>
Forgive my ignorance, but did the patent only stand in the USA ??
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: RSA Patent Dead Today
Date: Wed, 06 Sep 2000 14:23:52 GMT
kihdip wrote:
>
> >The RSA algorithm was not public domain. It was patented. Note
> >that there is a tremendous difference between publicly-known and
> >public domain from a legal standpoint.
> >
>
> Forgive my ignorance, but did the patent only stand in the USA ??
Yup. They had published it before they applied for a patent, and you
can't get patents elsewhere on something that's already been disclosed.
(Only in the US, and only within a year of publishing)
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: Gunter Abend <[EMAIL PROTECTED]>
Subject: Re: Secure key-based steganography
Date: Wed, 06 Sep 2000 16:37:31 +0200
Steve Weis wrote:
>
>> At each visited pixel, the least significant bit of image
>> data is replaced by the next covert message bit until all
>> data bits have been encoded.
>
> Alice and Bob would have to generate an original image
> each transmission. If they use the same image over and
> over, Eve will notice the slight changes in the image.
> If they choose some image which is publicly available,
> Eve will be able to compare the original with their
> transmission.
Of course, "hiding" the data bits within an image doesn't
provide much security, if Eve can *guess* that data bits
might be present in the LSBs.
However, an image of P bytes which hides N databits (N<<P),
is secure, if Eve doesn't know *which* bytes contain data.
Therefore I presume that the important difference of Toby
Sharp's algorithm vs. usual steganography consists in
filling all image bytes with random "data" bits.
I'd suggest to first modify all LSBs with (pseudo) random
data, then insert true data bits and, possibly, record the
statistics of the overwritten garbage bits in order to
repair the random appearance of all these bits. This last
step might be omitted if the data are already encrypted so
that they also show a random distribution.
No matter whether the LSBs contain data or not, they look
random. There is no need to hide them in an image, you can
send these data directly. The trick is P>>N !
How do you call this technique? Chaffing and Winnowing?
Ciao, Gunter
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: "Warn when encrypting to keys with an ADK"
Date: Wed, 06 Sep 2000 09:43:30 -0500
In <7fbt5.53$[EMAIL PROTECTED]>, on 09/05/00
at 06:49 PM, "Nathan Williams" <[EMAIL PROTECTED]> said:
> E1F5529A Network Associates, Inc. <[EMAIL PROTECTED]>
LOL!! That explains it all right there, good 'ol Toto. For those of you who don't get
it, well .... it's a cypherpunk thing. :)
--
===============================================================
William H. Geiger III http://www.openpgp.net
Geiger Consulting
Data Security & Cryptology Consulting
Programming, Networking, Analysis
PGP for OS/2: http://www.openpgp.net/pgp.html
E-Secure: http://www.openpgp.net/esecure.html
===============================================================
------------------------------
From: Shellac <[EMAIL PROTECTED]>
Subject: Re: RSA Patent Dead Today
Date: 06 Sep 2000 16:04:50 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
[EMAIL PROTECTED] (mdc) writes:
> On 06 Sep 2000 14:32:04 +0100, Shellac <[EMAIL PROTECTED]>
> wrote:
>
> >
> >According to a press release at:
> >
> >http://www.rsasecurity.com/news/pr/000906-1.html (hope that's correct)
> >
> >RSA has been released into the public domain. Odd terminology, that,
> >given that it _was_ in the public domain.
>
> The RSA algorithm was not public domain. It was patented. Note
> that there is a tremendous difference between publicly-known and
> public domain from a legal standpoint.
>
> The patent was due to expire on Sept. 20th, and they released it
> to public domain two weeks in advance for whatever reason. It's
> main effect is just PR, but it does help to make an explicit public
> statement instead of just letting the deadline just slip by unannounced.
>
Sorry - I was just pointing out that they hadn't clearly qualified the
sense of 'public domain' :-) Since this was a PR release I guess they
didn't want suggest that they'd been restricting the use of of a
published, and well-discussed, algorithm. Their terminology also
sounds odd for anyone familiar with many non-US legal systems.
FWIW, I reckon they did this to spoil parties arranged for the 20th
;-)
Shellac
- --
Key fingerprint = FC31 23CA 3EBA E30D 2F20 D7EA 8C8F BB0A 49CA 5201
I use and endorse MkLinux, MacOS, GnuPG, Xemacs, Alpha (text
processor), wwwoffle, w3m, Gnus, Leafnode, Cherry Coke, PG Tips. They
do not sponsor me. Despite endless requests.
=====BEGIN PGP SIGNATURE=====
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE5tl0MjI+7CknKUgERAn65AKDXAlRED163FHG7CnEg9TILQF1GCwCgyQh5
rJwMnVSb77NTAxEVkMyYTW8=
=eTK/
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
