Cryptography-Digest Digest #636, Volume #12 Fri, 8 Sep 00 11:13:01 EDT
Contents:
Re: ExCSS Source Code (Mok-Kong Shen)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
ANN: BeeCrypt 1.1.0 and BeeCrypt for Java 1.0.0 available. (Bob Deblier)
PRNG (PROdotes)
Re: PRNG ([EMAIL PROTECTED])
Re: "ChronoCryption" algorithm - $50 reward for spotting a flaw (fwd) (fti)
Re: Big numbers (Mark Wooding)
Re: Losing AES Candidates Could Be a Good Bet? (John Savard)
Re: RSA Patent Dead Today (John Savard)
Re: ZixIt Mail (Cork)
Re: PRNG ("NP")
Re: (Jury Selection) Re: Carnivore article in October CACM _Inside_Risks ("Tony T.
Warnock")
I NEED: Extrem simple program to protect one file ("Markus Konau")
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Fri, 08 Sep 2000 09:37:09 +0200
Chris Rutter wrote:
>
> [EMAIL PROTECTED] wrote:
>
> > This is source code describing the algorithm to decode the Content
> > Scrambling System. It's written in Standard ML and is purely functional
> > and machine-independent.
>
> Which leads ne wondering; can you force thousands of Usenet posters to
> break copyright laws or otherwise violate various licences by posting
> appropriate material to Usenet?
Your remark reminds me of the fact that copyright applies
to almost every country, while patents are restricted to
the coutries where the patents are granted. So my dumb
question is: Is it possible to have a copyright on a
general encryption algorithm (instead of a patent)?
Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Fri, 08 Sep 2000 09:36:57 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mok-Kong Shen) wrote
> >James Felling wrote:
> >>
> >> It may be accomplished in a number of ways. The simplest way of
> >> viewing it is put the file in a ring buffer, and using your favorite
> >> chaining mode run through it 2X or more times. This will result in an
> >> efffective all or nothing encypherment of the plaintext.( other
> >> potential modifications include altering the direction that you pass
> >> through the file, or more than 2 passes through.
> >
> >Thanks for explaination of wraped CBC. I personally prefer
> >using two IVs to do non-linear block chaining (cf. a recent
> >thread) once in the forward and once in the backward
> >direction. That achieves as you pointed out both the large
> >block effect and the all-or-nothing effect.
> >
> >M. K. Shen
>
>
> Actually you have given this little thought because what you are
> suggustng does not all that much more security and the data is
> still localized. To show this just do your encryption on a large
> file. Then edit a byte in the middle third of file. Now run it
> through you decryption process. Only a few blocks are different
> from the original. So it did not achieve the mixing you really
> would like to get.
With two passes (in opposite directions), where the chaining
value at each step involves all the preceding blocks (see
the recent thread 'Nonlinear block chaining and whitening'),
there is actually quite a lot of mixing of informations. As I
said, this is one way that one can advantageously do if one
sticks to using a (small) block algorithm. There are other
approaches possible to exploit the benefit of processing the
whole file, as I remarked.
BTW, may I suggest that you post a clear description of
your ciphers the next time you make reference to them?
It would greatly help others to understand what you say.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Fri, 08 Sep 2000 09:37:03 +0200
John Savard wrote:
>
> Since I freely admit I _don't_ know as much as the real experts,
> though, for people who want to keep their secrets secret during the
> next millenium, I offer Quadibloc VIII, described on my site - as well
> as many AES candidates, including all five finalists, DES and
> Skipjack, rotor and telecipher machines and on and on.
It is a good principle in this (real) world not to
completely rely on or believe the others. So, to be
conservative, one should best use something of one's
own in addition to presumably good stuffs that are
offered by others (if that's feasible technically or
economically). Anyway, one should never forget that
there is a potential risk of using any cipher, if its
document contains materials that are not or not fully
explained (best known example: DES).
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: ANN: BeeCrypt 1.1.0 and BeeCrypt for Java 1.0.0 available.
Date: Fri, 08 Sep 2000 11:40:19 +0200
Hi all,
I'm pleased to announce the availability of the BeeCrypt open source
crypto library version 1.1.0, and the newly released BeeCrypt for Java,
a JCE1.2 compatible cryptographic service provider. You can find more
information at http://beecrypt.virtualunlimited.com/
Sincerly,
Bob Deblier
Virtual Unlimited
------------------------------
From: PROdotes <[EMAIL PROTECTED]>
Subject: PRNG
Date: Fri, 8 Sep 2000 12:25:25 -0700
Where can I find some info on testing the efficiency of an PRNG.
THNX
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PRNG
Date: Fri, 08 Sep 2000 11:18:20 GMT
In article <[EMAIL PROTECTED]>,
PROdotes <[EMAIL PROTECTED]> wrote:
> Where can I find some info on testing the efficiency of an PRNG.
>
> THNX
Try FIPS-140
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 8 Sep 2000 11:44:07 -0000
From: fti <Use-Author-Supplied-Address-Header@[127.1]>
Subject: Re: "ChronoCryption" algorithm - $50 reward for spotting a flaw (fwd)
=====BEGIN PGP SIGNED MESSAGE=====
What is your definition of "flaw" ?
When you will pay $50k reward for spotting a flaw I will read your
specification.
Show how confident you are.
Fti all the time, every time.
On Mon, 04 Sep 2000, Ray Dillinger <[EMAIL PROTECTED]> wrote:
>In the interest of making some news if you don't like the news
>you're getting, I present -- the Country Mile Cipher. Algorithm
>details available (for now) on
>
> http://www.sonic.net/~bear/crypto/countrymile.html
>
>This is a stream cipher based on the Blum-Blum-Shub pseuodo-
>random number generator -- and on work done more recently by
>Ronald Rivest, who "digitally sealed" a message that he expects
>to take 30 years of continuous computing to unscramble.
>
>The Country Mile Cipher has one interesting property; You can
>choose when you encrypt a message how much computing power it
>will require to decrypt it.
>
>This interesting property has two useful applications: First,
>you can make it that much more difficult to "brute-force" a
>key, so even if you are restricted in key length, you can still
>achieve reasonable security.
>
>Second, you can use it to "digitally seal" messages to people
>that will not unseal without a specified amount of computing
>time. I can foresee protocols where someone not having information
>for a specified length of time after it's delivered would be useful
>- It could be treated as a "bit commitment scheme" where the person
>making the commitment does not need to do anything else.
>
>Anyway - there's very little here that's my own invention. The
>Blum-Blum-Shub Random Number Generator is well-tested, and the
>mathematics for predicting its state into the future are explained
>in Schnier's book. I haven't really done anything except put some
>well-known and well-tested pieces together, so I'm pretty confident
>of the security of the Country Mile Cipher.
>
>So confident, in fact, that if anyone can come up with a viable
>attack on it, I will cheerfully pay the *first* person to do so
>fifty US dollars. :-)
>
> Ray Dillinger
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Fri Sep 8 11:44:04 2000 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBObjRBk5NDhYLYPHNAQEpzAf/XtbtP1ckMINfPEtytKlAhX/9DjtlbWi1
MYTC1uNhJ5T9h7KEQlxU6t2yDhS3Y5gCKo2csKD108t+nHGKYF1w6VpOGev1gblG
EllKpGVnKiG71AoaVwtIrn7xRYWZ4tjCXJwtmkdr6pzKsbFE9hZenFj4yJtj5WtB
liUrjHVkfI5olDUaH2CBq6JMKxK7wGKOm3djp88UX+8hl1oESkbz2h2/WiftlDCq
0aHJ+DtpdJCkD3Dfx2zx1CU3g4wknlNi2yEPPF/wGlY8NdqzhsLj0MTTSAKQ6f29
vus5yicAC2o94DrCdF5kHLjfORd5MFo0G4dKkeibO5qe6i1mfvzmng==
=WDZn
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Big numbers
Date: 8 Sep 2000 12:16:10 GMT
David C. Barber <[EMAIL PROTECTED]> wrote:
> You might look for a source copy of the old Unix dc (desk calculator)
> utility. It handled quite large numbers, though I don't know how
> efficiently.
Very slowly, in fact. Certainly, the GNU version uses base-10
arithmetic, which doesn't help efficiency any.
I'd recommend either the GNU multiprecision library (GMP), or the `calc'
calculator by David I. Bell and Landon Curt `Chongo' Noll.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Fri, 08 Sep 2000 12:23:12 GMT
On Thu, 7 Sep 2000 18:43:35 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>John Myre wrote:
>> Well, the NSA understands that David A. has the only strong
>> algorithm around, so they convinced NIST to define a long and
>> bureaucratic submission process, thereby preventing him from
>> submitting.
>I'm hoping that was sarcasm.
Did you have any doubts?
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RSA Patent Dead Today
Date: Fri, 08 Sep 2000 12:27:27 GMT
On Thu, 07 Sep 2000 14:20:17 GMT, Kent Briggs <[EMAIL PROTECTED]>
wrote, in part:
>John Savard wrote:
>> On 06 Sep 2000 16:04:50 +0100, Shellac
>> <[EMAIL PROTECTED]> wrote, in part:
>> >FWIW, I reckon they did this to spoil parties arranged for the 20th
>> >;-)
>> *My* guess is that, because even the second edition of Bruce
>> Schneier's super-popular book, Applied Cryptography, was published
>> before the changes in the patent law that extended their patent a few
>> weeks till the 20th of September.
>I don't think the 1995 change in the patent law affected the RSA patent
>because the original Grant Date+17 years was already longer than the
>Applied For Date+20 years. The Diffie-Hellman patent was extended by a
>few months because of the change, however.
I checked my copy of the 2nd edition of AC, and I see you're right; I
had been confiusing the situation with RSA with that applying to
Diffie-Hellman, which did get extended a few days.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Cork <[EMAIL PROTECTED]>
Subject: Re: ZixIt Mail
Date: Fri, 08 Sep 2000 13:14:52 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Steve) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On 28 Aug 2000 18:38:41 GMT, [EMAIL PROTECTED] (JPeschel)
> wrote:
>
> >[EMAIL PROTECTED] writes:
> >
> >>Is it just me or ZixIt mails seems like a "been-there, done-that"
> >>company?
> >
> >I dunno. Does Wind River Systems seem like one?
>
> I went over & looked at their docs, and downloaded their junk to read
> the EULA, to answer a question in alt.security.pgp. (The poster
> wanted a comparision with PGP.) Here's my own conclusions, from the
> earlier post...
>
> On the surface Zix looks like a fairly decent product. It
> certainly towers above most of the other snake oil that's been
> mentioned in here lately. If it does exactly what the maker
> says it does, it might have limited uses in a corporate
> environment where 3rd party time stamping of low-security
> encrypted traffic is required.
>
> However, most PGP users will find Zix functions unacceptably
> limited, and its security entirely unacceptable.
>
> I quote the Zix EULA:
>
> >- You may not reverse engineer, decompile, translate, adapt,
> >disassemble, or otherwise attempt to investigate the inner
> >workings of the Software, except to the extent that this
> >restriction is expressly prohibited by applicable law.
>
> In other words, it is illegal for 3rd parties (other than the
> NSA) to audit the source code, compile known good copies from
> source code, or publish the results of any reverse engineering
> and analysis done on the Zix software. If the encryption is
> defective or has back doors, users will never know about it.
>
> Zix says it uses 3DES and a 1024 bit asymmetrical cipher. The
> 1024 bit asymmetrical cipher is not named. Since the code is
> closed source and can not be compiled independently for
> comparison of test vectors, they can say anything they want
> about their encryption algorithms, and we just have to take
> their word for it. This means that there is no basis for
> assigning a trust level to Zix encryption. Do you feel fat,
> dumb, and happy today?
>
> Aside from the actual crypto functions that may or may not be
> present in Zix, it is reasonable to assume that the rest of the
> code in the Zix software leaks key and pass phrase data into the
> swap file and elsewhere. It might also use weak keys and/or
> disclose the user's secret key (by hiding it in the symmetric
> keys), when prompted to do so by the central server. Crypto
> software should always be considered guilty until proven
> innocent, and this thing phones home every time you use it.
>
> Yes that's right, it can't encrypt without phoning home.
>
> According to the Zix documentation
> (http://www.zixmail.com/ZixFAQ/zixmail.pdf), the Zix client has
> to talk to the Zix server every time it encrypts a message, to
> obtain the recipient's public key and a time stamp of the
> message digest. Ouch! Even if we grant that Zix has no hidden
> spyware functions (an unproveable assumption), Zix still has
> 100% traffic analysis capability built-in. Do you really want a
> central record made of every instance of encrypted communication
> you participate in?
>
> But what about the convenience?
>
> Zix is an e-mail application. It can not encrypt local files.
> You can't even send an encrypted message to yourself without the
> participation of the central server.
>
> Given the trust-destroying "phone home" feature of Zix, there
> will never be a signifigant user base. You will have to try to
> talk every correspondent into installing Zix.
>
> Anything you send via the Zix "feature" that claims to deliver
> secure mail to non-users, will be decrypted by a public server
> before being sent to its destination via an SSL-secured browser
> connection. Calling this level of security "casual" would be
> very charitable. PGP self decrypting archive files are many
> orders of magnitude more secure, even if the pass phrases
> you make up are only "average quality"..
>
> My general conclusion: Zix is another PGP replacement that
> falls way short of the mark for both security and utility.
>
> :o/
>
> Steve
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> Comment: PGP ADK BUG FIX: Upgrade to Ver 6.5.8 at MIT or PGP INT'L
>
> iQEVAwUBOarawsXTOLlJEtXlAQGp+wgAlVsJjoClEdSs9u1z0Wacc09ixMIRu6TA
> PjpxjcBYnmTsQ8y8nMbJEMQtx7cQlnAZCnFg3EQklqW0vZKthoG75jr4pCydJ9t5
> 2mwh6RV8NAwTaCYhXfRhiuGTk0lFuY5N4iV9GbCzjXhE6S+J/hgPhTLYF7Y5YPu2
> ecfYymqeFWgHkx8+lrGWlh1Y1rPu0EuNli/CkexaONpwxzK+NYJ3SwMlkRlfv5UO
> Y8b9vwFplRvT5BVfWCblrzO6gibELty1KrajIsn2KOOvyvgO36Z4HlgUznzO7UD4
> XSCcrgi9yOX6LQMcSdupCro78lbcUEXi5ktYvumjRIOvGvp+qmIj2w==
> =u4Pn
> -----END PGP SIGNATURE-----
>
> ---Support privacy and freedom of speech with---
> http://www.eff.org/ http://www.epic.org/
> http://www.cdt.org/
> My current keys are
> RSA - 0x4912D5E5
> DH/DSS - 0xBFCE18A9
>
So what & where is the best program for sending/receiving secure mail?
Thanks.
Cork's Tribute to Molly Hatchet
http://www.geocities.com/cork1958/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "NP" <[EMAIL PROTECTED]>
Subject: Re: PRNG
Date: Fri, 8 Sep 2000 16:02:28 +0200
I test my PRNG on FIPS
DIEHARDC ok (no 0.00 no 1.00)
FIPS1401 ok
FIPS1402 4 fails at runs test for 1000 blocs tested
What is criterion for FIPS1402 ?
NP.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,us.legal
Subject: Re: (Jury Selection) Re: Carnivore article in October CACM _Inside_Risks
Date: Fri, 08 Sep 2000 20:04:12 -0600
Reply-To: [EMAIL PROTECTED]
Matthew Montchalin wrote:
> On 7 Sep 2000, Yiorgos Adamopoulos wrote:
> |So, if I am an attorney and I want to cause reasonable doubt, I need
> |to have a jury that will buy whatever I sell :-)
>
> Yes. Practice a few innocent homilies of sorts, get the jury into
> a good mood, and then ask them some casual questions, eventually
> eliciting information about their mathematical abilities. For
> instance, which prospective juror worries about his gas mileage?
> Does he regularly check his gas mileage? Does he have a preference
> between computing how many kilometers per liter he gets, or miles per
> gallon, in driving his car? And so on. Does he have a hard time
> figuring out what a "meg" of storage is, on a hard drive? And what
> about schedules? If a prospective juror admits that "following an
> itinerary to the letter" is pretty hard, that's the juror for you.
> Librarians and math professors ought to be (eventual) peremptory
> challenges.
>
> |[ Then again I live in Greece, so I may be off track on the jury
> |selection process in the US ]
>
> Isn't Greece a civil code country? But surely they *impanel juries*
> for significant questions of fact?
>
> Can you tell me a little bit about the voir dire process as it is
> practiced in Greece?
Asking something about Abelian Varieties is fun too.
------------------------------
From: "Markus Konau" <[EMAIL PROTECTED]>
Subject: I NEED: Extrem simple program to protect one file
Date: Fri, 8 Sep 2000 16:36:36 +0200
I need a simple program to encrypt one text-file (banking-information etc.)
with a password.
Using WinZip is not optimal because the programm copies the files included
to the c:\windows\temp-directory if i open them.
My system: P3-500, Windows98
Thanks for any ideas!
Markus
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 8 Sep 2000 14:45:48 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On Thu, 7 Sep 2000 18:43:35 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>wrote, in part:
>>John Myre wrote:
>>> Well, the NSA understands that David A. has the only strong
>>> algorithm around, so they convinced NIST to define a long and
>>> bureaucratic submission process, thereby preventing him from
>>> submitting.
>
>>I'm hoping that was sarcasm.
>
>Did you have any doubts?
>
>John Savard
>http://home.ecn.ab.ca/~jsavard/crypto.htm
>
I feel that they think some of the other ciphers
are good to. But I would not list yours among them.
So many a few fools we use your stuff. May be even
your fellow candian tommy would indorse it since he
seems to lack the unsderstanding of real crypto.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: 8 Sep 2000 14:41:58 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in
<[EMAIL PROTECTED]>:
>
>
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote
>
>> >James Felling wrote:
>> >>
>> >> It may be accomplished in a number of ways. The simplest way of
>> >> viewing it is put the file in a ring buffer, and using your
>> >> favorite chaining mode run through it 2X or more times. This will
>> >> result in an efffective all or nothing encypherment of the
>> >> plaintext.( other potential modifications include altering the
>> >> direction that you pass through the file, or more than 2 passes
>> >> through.
>> >
>> >Thanks for explaination of wraped CBC. I personally prefer
>> >using two IVs to do non-linear block chaining (cf. a recent
>> >thread) once in the forward and once in the backward
>> >direction. That achieves as you pointed out both the large
>> >block effect and the all-or-nothing effect.
>> >
>> >M. K. Shen
>>
>>
>> Actually you have given this little thought because what you are
>> suggustng does not all that much more security and the data is
>> still localized. To show this just do your encryption on a large
>> file. Then edit a byte in the middle third of file. Now run it
>> through you decryption process. Only a few blocks are different
>> from the original. So it did not achieve the mixing you really
>> would like to get.
>
>With two passes (in opposite directions), where the chaining
>value at each step involves all the preceding blocks (see
>the recent thread 'Nonlinear block chaining and whitening'),
>there is actually quite a lot of mixing of informations. As I
>said, this is one way that one can advantageously do if one
>sticks to using a (small) block algorithm. There are other
>approaches possible to exploit the benefit of processing the
>whole file, as I remarked.
>
>BTW, may I suggest that you post a clear description of
>your ciphers the next time you make reference to them?
>It would greatly help others to understand what you say.
>
>M. K. Shen
>
I see you have not tried my suggestion or you would see how
little mixing is done using standard chaining in opposite
directions. I have made technigues for chainging in two directions
but they do not invovle the standard 3 letter chainning modes
approved the the US FIPS stuff.
If you check out my site there is explanation of my code even
people who can't turn off JavaScritpt can use it now. Look
under Horces disscussion. Also pointers to newer versions that
may be easier to compile incuding a german version.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
