Cryptography-Digest Digest #628, Volume #12 Thu, 7 Sep 00 07:13:00 EDT
Contents:
Re: yet another primitive polynomial search program (Mack)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
Re: Carnivore article in October CACM _Inside_Risks (Mok-Kong Shen)
Re: could you please tell me how this calculation has been obtained ? (Arturo)
Re: Diffie-Hellman C-sample? (Bob Deblier)
Re: Free Upgrade PGP Personal Privacy 6.5.8 - how? ([EMAIL PROTECTED])
Re: Carnivore article in October CACM _Inside_Risks ("Ken Hagan")
Re: 1-time pad is not secure... (Tim Tyler)
Re: Losing AES Candidates Could Be a Good Bet? (Robert Harley)
Re: Extending RC4 to 16 bits (Guy Macon)
Re: Extending RC4 to 16 bits (Guy Macon)
Re: Extending RC4 to 16 bits (Guy Macon)
Re: Carnivore article in October CACM _Inside_Risks (Yiorgos Adamopoulos)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 07 Sep 2000 07:10:15 GMT
Subject: Re: yet another primitive polynomial search program
>I have not seen your program, could you point it out?
I did not post the program just the description
see the thread 96 bit LFSR.
>
>"Mack" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> >This one requires a Pentium III and Windows, and is optimized for speed.
>> >
>> >http://sduplichan.home.att.net/primitive/primitivePolynomials.htm
>> >
>> >
>> >
>> >
>>
>> Hmm suprizingly similar to the program I wrote that was discussed
>> here recently.
>>
>>
>> Mack
>> Remove njunk123 from name to reply by e-mail
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Thu, 07 Sep 2000 10:01:38 +0200
John Savard wrote:
>
> This principle, if not the specific idea, has been suggested by Terry
> Ritter. Of course, that depends on whether the attacks might not work
> on other ciphers too. Also, depending on the final choice, one or more
> of the also-rans might still be to the taste of some people. I think
> that SAFER+, despite not being a finalist, will be used for a while:
> and both Twofish and MARS will see considerable service regardless of
> which of the five finalists wins.
I suppose one could learn something from each of a number
of AES candidates, not only the finalists. With that and
some luck and inspiration and hard work, it should be
feasible to come up with a new cipher that very probably
works just as fine, eventuelly better (anyway you get one
that you REALLY fully understand, without any mysterious
'magic' constants that could be sources of doubt and
concern).
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Thu, 07 Sep 2000 10:01:30 +0200
"Douglas A. Gwyn" wrote:
>
> You seem to have missed the point; I didn't say, "right to
> wiretap", I said "right to be able to wiretap". I don't
> dispute the former (when approved by a judge for probable
> cause), but I do dispute the latter. Should we require
> builders to install listening devices in every house in
> order to facilitate bugging, or auto manufacturers to plant
> tracking devices in every car they make so that they can be
> switched on by law enforcement if the need arises? Who is
> supposed to be in charge, the people or their government?
Your point is interesting. But let me see whether I could
counter. (1) If the government takes over the work/charge of
installing/maintaining certain devices, would that be o.k.?
Note that the government has always the possibility to
increase the fees to be payed by the providers, if money
is an issue, and that with sufficient money quite a lot can
be achieved. (2) Whether such installations by themselves
violate your freedom is 'in principle' questionable. Note
e.g. that your car has to carry at the front and back a
specific metallic plate containing a number registered at
the authority.
BTW, isn't it that in UK a law has been proposed by the
government to effect similar controls as Carnivore?
I read that in some cities in UK cameras are installed to
control pedestrains. A next step, I suppose, would be
installing such devices in all offices. From that only a
tiny step is needed to integrate the space of your bedroom
into the grande scientific program initiated by Orwell.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Arturo)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Thu, 07 Sep 2000 07:13:40 GMT
On Thu, 07 Sep 2000 16:37:05 +1200, Michael Brown <[EMAIL PROTECTED]>
wrote:
>I'd guess it'd be based somehow on the number of public keys on
>keyservers. That's how I would do it.
>jungle wrote:
>>
>> hi mike,
>>
>> in the recent [ 25 aug ] ap article by peter svensson, he is writing,
>> wallach said, that pgp is used by 7 million people ...
>>
>> could you please tell me how this calculation has been obtained ?
>> how accurate this number is ?
>>
I have heard some numbers (from servers in Spain, Holland and the US),
and the number of PGP keys in keyservers is about 1 million. Where did the
other 6 million go?
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: Re: Diffie-Hellman C-sample?
Date: Thu, 07 Sep 2000 10:43:36 +0200
Verd wrote:
> Dear all,
>
> Right now I'm looking for some materials on Diffie-Hellman implementation on
> C language.
> Could anyone of you recommend me some samples, or materials?
> It's not easy to implement that algorithm if there is enough time, but I
> have
> only 48 hours or so.
> I hope your helps.
> Thanks
>
> With best wishes...
> Gogh..
>
> P.S.: I hope this is the correct n/g to ask such a question, if it turns
> out the other way round, pls let me know ;)
Diffie-Hellman is included in the BeeCrypt Cryptography Library, an open source
library of which I'm the author. It includes parameter generation, assembler
optimizations for several processors, preliminary compliance with IEEE P1363.
You can find it at http://beecrypt.virtualunlimited.com/
Sincerely
Bob Deblier
Virtual Unlimited
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Free Upgrade PGP Personal Privacy 6.5.8 - how?
Date: Thu, 07 Sep 2000 09:15:21 GMT
one short phrase:
ftp://zedz.net
On Thu, 07 Sep 2000 05:24:51 GMT, Jacques Therrien
<[EMAIL PROTECTED]> wrote:
>WAS: PGP 6.5.8 test: That's NOT enough !!!
>
>In article <8oklam$7oc$[EMAIL PROTECTED]>, Philip Stromer
><[EMAIL PROTECTED]> wrote:
>
>> In article <8oe9gi$n89$[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] wrote:
>>
>> > Aye, for once we agree. PGP have handled this problem extremely
>> > poorly from both a technical and PR perspective.
>> >
>> > I can't see a "pretty" way forward...
>>
>> I spoke to some PGP "spin doctor" yesterday and he said if I have PGP
>> Personal Privacy 6.5.3, I'm safe since it doesn't even have a back door
>> for any corporate types. Is this accurate, or baloney?
> ------ snip ------
>
>Philip,
>
>This is "baloney". While PGP Personal Privacy 6.5.3 (which I also use)
>cannot "create" ADKs [as PGP versions used by corporate clients do --
>these are not backdoors], it has exactly the same problems as
>PGPfreeware 6.5.3 as far as the ADK weakness is concerned. It will
>encrypt to a second public key specified by a bogus ADK which is not in
>the signed portion of the key.
>
>It too needs the Hot Fix, or get the upgrade to 6.5.8.
>______________
>
>NAI announced present owners could get a free upgrade to PGP Personal
>Privacy 6.5.8, however we would have to get it from McAfee. Well, what
>I expected from previous experience happened.
>
>I submitted my request to <[EMAIL PROTECTED]>, and McAfee replied
>that I can get a free download [PGPfreeware] from "www.pgpi.org" -- the
>usual nonsense!!!
>
>I have repeated the request, explaining to them the difference between
>the two (to the people I bought it from!!?!&?%) -- with a copy to NAI. I
>have not as yet received a reply to my second request.
>
>*** Has any one been able to get the free copy we are owed to upgrade to
>PGP Personal Privacy 6.5.8? If so please tell us how? Details please.
>
>*** Are others trying to or about to try to get the free upgrade? We
>should perhaps all get together on this, and try to solve this problem
>once and for all.
>
>I am really fed up with the bureaucratic run-around and confusion inside
>NAI and McAfee on this. NAI should solve the problem with McAfee before
>telling us to get it from there, and provide us with the name of someone
>in McAfee who understands the problem and their telephone number (email
>address, fax number, or whatever).
>
>It is not up to the paying customers to solve their internal problems -
>and they obviously do have serious ones. The onus to provide upgrades
>(especially for correcting serious errors like this one) lies normally
>with the developer (NAI), rather than a reseller (McAfee). The
>developer should at least verify that the upgrade is indeed available.
>
>If they had the good sense of issuing registration numbers for retail
>commercial software (as other developers do, including shareware
>authors), we would not have this type of problem.
>
>As every shareware author does, they could just post the upgrade on the
>Web, and only those with a valid registration number would be able to
>use those downloads without paying.
>
>Or simply ask people for their registration number when they try to
>download. Problem solved.
>
>
>Cheers,
>
>Jacques
------------------------------
From: "Ken Hagan" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Thu, 7 Sep 2000 09:58:12 +0100
"Roger Schlafly" <[EMAIL PROTECTED]> wrote...
>
> Mathematicians are routinely excluded from juries for this reason.
> The proofs that are offered in court would never convince them
> in a professional context.
This doesn't sound healthy to me. I hope you live in a
different country from me :-)
One could exclude scientists and computer programmers for
the same reason, and perhaps engineers and medics on the
grounds that they'd been exposed to the same "culture", or
on the grounds that "risk management and estimation" forms
a significant part of their day job.
We'd end up with juries populated exclusively by the kind of
folks who believe TV adverts offer convincing proof of product
effectiveness.
We had a case in the UK recently in which some expert
asserted that the chances of two cot deaths occuring in the
same family were millions to one against and therefore the
mother must be a murderer. The idea that cot death might by
*caused* by something had clearly never occured to this
expert, who treated the two deaths as independent events and
simply multiplied the probabilities together. I would expect
such woolly reasoning to be spotted by competent members of
all the above professions, and indeed a great many other
people, but the jury were convinced and the woman convicted.
(I think she got off on appeal.)
As society gets more complicated, it becomes more important
to ensure that people can't get off jury duty, and can't be
thrown off juries, simply because they might have a clue.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Reply-To: [EMAIL PROTECTED]
Date: Thu, 7 Sep 2000 09:34:48 GMT
[EMAIL PROTECTED] wrote:
: Tim, I really should thank you for continually acknowledging our group,
: even though I know you have some reservations about certain aspects.
[...]
: Now I noticed the following comment and I can’t pass up this
: opportunity to, hopefully, persuade you a little further to “come over”
: to the Digital Physics camp…
I have no objection to the notion that the idea that space/time are
discrete and finite.
What I have problems with is the "everything happens" model. Although
such a model can't be refuted, that appears mainly to be because it
doesn't appear to be a testable scientific theory, and makes no concrete
predictions.
:> The supposed non-locality of quantum physics has one of two
:> stumbling blocks to digital mechanics - the other being relativity.
: Perhaps not. Though I don’t understand all of the details, the
: following paper(s) by Tom Ostoma and Mike Trushyk seem to indicate that
: CA are indeed compatible with relativity. Have a look for yourself,
: especially at the most recent:
: http://cvm.msu.edu/~dobrzele/dp/Publications/Ostoma-Trushyk/Cell/
: http://cvm.msu.edu/~dobrzele/dp/Publications/Ostoma-Trushyk/Special/
: http://cvm.msu.edu/~dobrzele/dp/Publications/Ostoma-Trushyk/EMQG/
This is certainly interesting reading material for me. The information on
the web pages does not appear to be sufficient for a proper evaluation of
the ideas. I'll have to look at it in more detail before commenting - and
any such comments are not going to appear in this forum.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 07 Sep 2000 11:35:10 +0200
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> So, how many of the original AES submissions were suppressed
> by the NSA, anyway? And one wonders by what mechanism, since
> NIST was running the show.
Oh puh-lease!
I don't buy Scott's conspiracy theories, but this objection is too
dumb for words.
Bye,
Rob,
.-. .-.
/ \ .-. .-. / \
/ \ / \ .-. _ .-. / \ / \
/ \ / \ / \ / \ / \ / \ / \
/ \ / \ / `-' `-' \ / \ / \
\ / `-' `-' \ /
`-' [EMAIL PROTECTED] `-'
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Extending RC4 to 16 bits
Date: 07 Sep 2000 10:30:56 GMT
Benjamin Goldberg wrote:
>Guy Macon wrote:
>
>> From a practical standfpoint of someone like me who is playing
>> with RC4 in order to learn, how would I go about changing the
>> key schedule?
>> Should I run the algorithm on random data for a while before
>> I start encrypting my plaintext?
>Why even feed it data, random or otherwise? Remember that this stream
>cipher is just a CSPRNG whose output is XORed with the data... just
>discard the first 2*65536 values. Good implementations of 8-bit RC4
>discard the first 2**(8+1) 8-bit outputs, so you should discard
>2**(16+1) 16-bit outputs.
Got it. For some reason I was thinking I should send those
first N values to the recipient. Brain fart.
So, let's say that I (as an exercise to learn more) convert
an 8 bit RC4 that discards the first 256 8-bit values to a
16 bit RC4 that discards the first 65536 16-bit values.
Let's say that I also square the size of my secret key.
>From a theoretical cryptological standpoint, is there
any (even remote) chance that I have weakened the system?
Would such a scheme require redoing the analysis that 8-bit
RC4 has recieved before, or would the existing body of
unsucessful attempts to find major weknesses still apply?
Not that I would seriously use a 16 bit RC4 - I see no need.
I am just going throughn this exercise as a way to learn
how things work.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Extending RC4 to 16 bits
Date: 07 Sep 2000 10:39:03 GMT
Scott Fluhrer wrote:
>Ummm, no. The only known short-cycles in RC4 are those first found by
>Finney, which have (at the start of each nextstep) i+1=j mod 256 and S[j]=1.
>If you picked a random permutation, and started with i=j=0 (as the RC4 key
>schedule), this short cycle cannot happen.
Is this the same one that is discussed on the ciphersaber web page
[ http://ciphersaber.gurus.com/ ], where they say that using ASCII
characters in your passphrase instead of any of the possible 256
values that a byte can have avoids the weakness?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Extending RC4 to 16 bits
Date: 07 Sep 2000 11:00:27 GMT
Benjamin Goldberg wrote:
>Guy Macon wrote:
>
>> From a practical standfpoint of someone like me who is playing
>> with RC4 in order to learn, how would I go about changing the
>> key schedule?
>> Should I run the algorithm on random data for a while before
>> I start encrypting my plaintext?
>Why even feed it data, random or otherwise? Remember that this stream
>cipher is just a CSPRNG whose output is XORed with the data... just
>discard the first 2*65536 values. Good implementations of 8-bit RC4
>discard the first 2**(8+1) 8-bit outputs, so you should discard
>2**(16+1) 16-bit outputs.
Got it. For some reason I was thinking I should send those
first N values to the recipient. Brain fart.
So, let's say that I (as an exercise to learn more) convert an
8 bit RC4 that discards the first 512 8-bit values ( 2^8 * 2 )
to a 16 bit RC4 that discards the first 131,072 2^16 * 2 )
16-bit values.
Let's say that I also square the size of my secret key.
>From a theoretical cryptological standpoint, is there
any (even remote) chance that I have weakened the system?
Would such a scheme require redoing the analysis that 8-bit
RC4 has recieved before, or would the existing body of
unsucessful attempts to find major weknesses still apply?
Not that I would seriously use a 16 bit RC4 - I see no need.
I am just going throughn this exercise as a way to learn
how things work.
------------------------------
From: [EMAIL PROTECTED] (Yiorgos Adamopoulos)
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: 7 Sep 2000 11:04:57 GMT
Reply-To: [EMAIL PROTECTED]
In article <newscache$lqfi0g$h1k$[EMAIL PROTECTED]>, Ken Hagan wrote:
>> Mathematicians are routinely excluded from juries for this reason.
>> The proofs that are offered in court would never convince them
>> in a professional context.
>
>This doesn't sound healthy to me. I hope you live in a
>different country from me :-)
Unhealthy or not, it is a fact. It is my understanding that in the US
the jury is selected by the attorneys of all parties through a proccess
that takes place before the trial.
So, if I am an attorney and I want to cause reasonable doubt, I need to
have a jury that will buy whatever I sell :-)
[ Then again I live in Greece, so I may be off track on the jury
selection process in the US ]
-Y
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
