Cryptography-Digest Digest #957, Volume #12 Thu, 19 Oct 00 05:13:01 EDT
Contents:
Re: BIOS password, will it protect PC with PGPDisk against tampering ? (Dido Sevilla)
Re: x509 (David Hopwood)
Re: SALT + stream cipher (David Hopwood)
Re: x509 (Roger)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Anthony Stephen
Szopa)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Anthony Stephen
Szopa)
Re: x509 (David Wagner)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Sundial Services)
Re: Rijndael in Perl (those who know me have no need of my name)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom ("John A. Malley")
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Scott Craver)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Anthony Stephen
Szopa)
Re: Is it trivial for NSA to crack these ciphers? (David Bernier)
----------------------------------------------------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: BIOS password, will it protect PC with PGPDisk against tampering ?
Date: Thu, 19 Oct 2000 12:06:32 +0800
Seeker wrote:
>
> > One of the first option that has been suggested, is BIOS password. It is
> > very short, about 5 characters long, but it could created about 60 minutes
> > buffer.
>
> The window of protection on BIOS passwords is more like 5 minutes.
If your machine has wide open physical access, then all that the
attacker needs to do is remove and replace the battery which keeps the
CMOS information powered, or to short a jumper on the board. Any
competent person with an understanding of PC hardware could probably do
all of these things in under five minutes with a proper screwdriver.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
Date: Thu, 19 Oct 2000 03:00:40 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: x509
=====BEGIN PGP SIGNED MESSAGE=====
Roger wrote:
> So can anyone tell me? Why aren't signature public keys
> always linked to a specific hash function in a cert [in X.509]?
In principle, an algorithm OID is supposed to determine a combination
of signature algorithm and hash (and if any new encoding methods were
added, they would also get new OIDs).
Since this is X.509, though, it can't possibly be that simple. In this
case the twist is that there are also OIDs for signature algorithms
without a hash, and very often several OIDs for the same algorithm.
Just to make things even more fun, implementations sometimes use
obsolete or just plain wrong OIDs (e.g. for SHA-0 when they mean SHA-1),
and don't reliably distinguish between RSA encryption and signature keys.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOe5IGDkCAxeYt5gVAQFVuggAxdR11c6Yer8ufU2/xpVMPo09ZT8GlVDC
X6WUObeJxVd/QmbO2i+NYbBR6aX5RzvkDa1ApvDs4Q4JaH1lqZcFCijrUnk2jt3U
uEPxyx2EUKowvbY5663GpQHm6SxqwFCAJVjh0MOOtWiPy/eMkiVHuNbEdPYqhc/6
ShcZ2rcPibnBSNbkeunwCeqy3+lJYg3OpJhDSOV72xuDAFTSyc5KRzFegQUH+meD
HQE7Yr6qX6XCT+YNuGrXHgPGDhKKi76z2FXJlHS7EQjUVpmQx9aIypY+1e7LiM0I
d0wrmXr3KuyTVfVm2FuaiaHPoMzc1dR2W/F0ByUBEzcG5CF0F7TyCQ==
=wrf0
=====END PGP SIGNATURE=====
------------------------------
Date: Thu, 19 Oct 2000 03:00:56 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: SALT + stream cipher
=====BEGIN PGP SIGNED MESSAGE=====
John Myre wrote:
> Simon Johnson wrote:
> <snip>
> > A decrease in entropy can occur in an hashing algorithm? Is this true,
> > can you present a logical argument for this?
> <snip>
>
> The output is some fixed size; the input could be larger; and
> the input could (conceivably) have full entropy. Q.E.D.
>
> This is presumably a theoretical rather than practical
> restriction, as passphrases practically never have more
> entropy than the hash size.
... and even if they did, reducing the entropy to, say, 128 or 160 bits
wouldn't allow any practical attack.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOe5KtjkCAxeYt5gVAQG+vgf+N5TyCnGByTOeyNPjE9FlJ9/H0T6dRaJo
tNuLjT67nhcy94RJMLFtUflG6BGP17TbnGnQ27IQPRBxJMYqYcn+/jMwYu1SYWSo
OCpWTXza6V0QaHosdLrLQIFVnhbr3a58kfH5HXz/DMraY4gGH1TQtgHhlLo6R3Ye
+0aoXt7yz45ZzTdMJyorIpy3NIRoP0uMntpLBqugrAFp3Yxj0NzuT+8sElDisGws
lIVOp5iSI6kSDcyLedZc9OJqp8/GPxH21/Chi4nEdByobQKATyq8e20hZzZtfhzh
c+FPP50ZMi+DPOjzbs4UnNpayQGHoO9ZKV0kCrxli6blWhL76XiR/g==
=KFap
=====END PGP SIGNATURE=====
------------------------------
From: Roger <[EMAIL PROTECTED]>
Subject: Re: x509
Date: Wed, 18 Oct 2000 22:12:59 -0700
David Wagner wrote:
> ?But the algorithm ID protected under the signature does not
> ?prevent this attack.
>
> Yes it does!
>
> If your signature has the form ?m, Sign(?"MD5",MD5(m)?)?, then
> you will no longer be able to form a collision. In particular,
> you can't form ?m', Sign(?"MD4",MD5(m)?)? because you only have
> a signature on the bit-string ?"MD5",MD5(m)?, but not a signature
> on the bit-string ?"MD4",MD5(m)?.
I'm not convinced. Say you give me Sign("MD5",MD5(m)). I might
be able to transform that to Sign("MD6",h) for some h, where
MD6 is some totally broken hash function. Then I find an m'
with h = MD6(m'), and claim that you signed m' with
Sign("MD6",MD6(m')).
The obvious solution is to have the algorithm ID in the cert
specify that signatures will only be with SHA-1 (or whatever),
so that the user is committed to using only the hash function
specified in the cert. I just can't imagine any good use to
wanting to use another hash function (ie, letting others
accept another hash function).
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Wed, 18 Oct 2000 22:37:43 -0700
Jim wrote:
>
> On Wed, 18 Oct 2000 01:25:23 +0100, Mathew Hendry
> <[EMAIL PROTECTED]> wrote:
>
> >On Tue, 17 Oct 2000 15:19:03 -0700, Anthony Stephen Szopa <[EMAIL PROTECTED]>
> >wrote:
> >
> >>Stolen German Code Machine Turns Up in BBC Mailroom
> >>
> >>http://ap.tbo.com/ap/breaking/MGA5JU6YFEC.html
> >
> >Or from the horse's mouth
> >
> > http://news.bbc.co.uk/hi/english/uk/newsid_977000/977127.stm
> >
> >Three of the four rotors are missing. (Why steal only those?)
>
> Further ransom?
>
> --
> ______________________________
>
> Posted by Jim Dunnett
> dynastic at cwcom.net
> nordland at lineone.net
Double crossing rat, is what I say.
He got his money then sold the rotors to someone who had a machine
that was missing these rotors.
He got paid twice.
The secret service will get this "master."
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Wed, 18 Oct 2000 22:45:08 -0700
James Felling wrote:
>
> Andre wrote:
>
> > In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (John Savard) wrote:
> > > On Wed, 18 Oct 2000 01:25:23 +0100, Mathew Hendry
> > > <[EMAIL PROTECTED]> wrote, in part:
> > >
> > > >Three of the four rotors are missing. (Why steal only those?)
> >
> > Its an enigma (sic) why they'd remove the rotors .
> >
> > Here's my theory why they were removed .
> >
> > I suspect that it has to do with the secret Tesla files relating to
> > zero point energy and wireless power .
> >
> > As this information was sensitive, after the end of WW2 it was
> > encrypted with one of these machines. (best technology available at the
> > time) . I suspect that the thieves knew this, as they had gotten hold
> > of one of the documents concerned.
> >
> > Therefore, they needed the original machine that the document(s) were
> > encrypted on to read the documents.
> >
> > This also explains why the rotors were removed.
> > (to allow the code wheels to be copied onto computer in order to read
> > any other documents they might obtain) ...
> >
> > Any comments ? (apart from "are you taking your medication" ? :-) )
> >
> > BTW I would *really* appreciate it if anyone could shed any light on
> > this particular theory ...
>
> <snip logical sensible part>
>
> An enigma machine can be easily simulated in software.( Ridiculously easily
> to do). The design of this enigma was unusual, but there was nothing that
> prevenetd people from using publicly available information to create a
> piece of software that would do exactly what it does. The theory is crap.
Are you sure the exact specification of this version of the Enigma
is public information?
It might make an intriguing story if there are many Enigma
encryptions that are held by the government hidden away or
forgotten somewhere that might contain clues to hidden Nazi
treasure. Or there may be Enigma encryptions that reside only
in private hands.
Anyway, don't you think you were rather harsh in saying that his
suggestion was "crap?"
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: x509
Date: 19 Oct 2000 06:06:31 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Roger wrote:
>I'm not convinced. Say you give me Sign("MD5",MD5(m)). I might
>be able to transform that to Sign("MD6",h) for some h, where
>MD6 is some totally broken hash function.
Well, I'm assuming that the signature function isn't this broken.
For instance, in PKCS#1 the padding seems likely to prevent any
such attempts to create new signatures of the desired form.
But you're right, if it is possible to get new signatures of the
desired form, there could be attacks afoot.
Is there any reason to suspect that signatures either can or can't
be transformed in this way, for schemes in widespread use?
------------------------------
Date: Wed, 18 Oct 2000 23:09:59 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
The "theory" that Nikolai Telsa had a secret for unlimited energy, and
that these secrets were locked-away in a particular
(secretly-different!) Enigma machine is one of those things that "cannot
be disproved, just as it cannot [practically] be proved," unless
tomorrow morning someone happens to come rattling past Buckingham Palace
in a Model-T Ford that requires no fuel.
This is, I believe, the logical fallacy called "begging the question."
If you make any proposition whatsoever .. be it that Telsa had a secret
and Enigma kept it hidden all these years .. and challenge me to
disprove it and I cannot, then you *cannot* conclude by saying
triumphantly, "therefore, what I am saying must be true!" The burden of
evidence is upon you, not me.
If that all-electric and fuel-free version of Chitty Chitty Humm Humm
(well, it can't exactly go "Bang Bang," now can it?) shows up, -then-
you can start stringing together stories about that Enigma.
Otherwise, please confine this thread to "talk.politics.crypto."
>Anthony Stephen Szopa wrote:
> James Felling wrote:
> > Andre wrote:
> > An enigma machine can be easily simulated in software.( Ridiculously easily
> > to do). The design of this enigma was unusual, but there was nothing that
> > prevenetd people from using publicly available information to create a
> > piece of software that would do exactly what it does. The theory is crap.
>
> Are you sure the exact specification of this version of the Enigma
> is public information?
>
> It might make an intriguing story if there are many Enigma
> encryptions that are held by the government hidden away or
> forgotten somewhere that might contain clues to hidden Nazi
> treasure. Or there may be Enigma encryptions that reside only
> in private hands.
>
> Anyway, don't you think you were rather harsh in saying that his
> suggestion was "crap?"
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Crossposted-To: comp.lang.perl.misc
Subject: Re: Rijndael in Perl
Date: Thu, 19 Oct 2000 06:17:00 -0000
<[EMAIL PROTECTED]> divulged:
>Anyone that knows if Rijndael exists in Perl yet and/or if someone's
>working on it?
ummm. how would one protect the plaintext?
--
okay, have a sig then
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Wed, 18 Oct 2000 23:37:52 -0700
Anthony Stephen Szopa wrote:
[snip description of Tesla/Nazi-Secrets/Enigma Theft Conspiracy Theory
]
> Are you sure the exact specification of this version of the Enigma
> is public information?
>
> It might make an intriguing story if there are many Enigma
> encryptions that are held by the government hidden away or
> forgotten somewhere that might contain clues to hidden Nazi
> treasure. Or there may be Enigma encryptions that reside only
> in private hands.
>
> Anyway, don't you think you were rather harsh in saying that his
> suggestion was "crap?"
Let's use Occam's Razor to shave out the plausible from the implausible.
What's the simplest story to fit the known facts of the Enigma theft?
Build (cautiously) from there only as new facts permit.
Why not keep to the "minimum bitlength" story to explain the facts.
Applied algorithmic complexity theory :-)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: 19 Oct 2000 06:24:13 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>James Felling wrote:
>>
>> An enigma machine can be easily simulated in software.( Ridiculously easily
>> to do). The design of this enigma was unusual, but there was nothing that
>> prevenetd people from using publicly available information to create a
>> piece of software that would do exactly what it does. The theory is crap.
>
>Are you sure the exact specification of this version of the Enigma
>is public information?
As unusual as it may be, it is a rotor-type machine. Cracking rotor-machine
cryptotext is easy nowadays. Even if some non-public details were needed to
simulate it, it is difficult to imagine why someone would make such a risky
move as stealing it, rather than asking the museum for the details.
>It might make an intriguing story if there are many Enigma encryptions that are held
>by the government hidden away or forgotten somewhere that might contain clues to
>hidden Nazi
>treasure.
I wasn't expecting these kinds of theories to pop up as a result of the
theft. But they are very silly. The idea that the machine was stolen to
decrypt some ancient document, in our day and age of fast computers that
could just simulate and brute-force the machine, can only spring from
misunderstanding about the difficulty of cryptography then and now.
Speaking of which, how's that cipher of yours coming along?
-S
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Thu, 19 Oct 2000 01:08:55 -0700
Sundial Services wrote:
>
> The "theory" that Nikolai Telsa had a secret for unlimited energy, and
> that these secrets were locked-away in a particular
> (secretly-different!) Enigma machine is one of those things that "cannot
> be disproved, just as it cannot [practically] be proved," unless
> tomorrow morning someone happens to come rattling past Buckingham Palace
> in a Model-T Ford that requires no fuel.
>
> This is, I believe, the logical fallacy called "begging the question."
> If you make any proposition whatsoever .. be it that Telsa had a secret
> and Enigma kept it hidden all these years .. and challenge me to
> disprove it and I cannot, then you *cannot* conclude by saying
> triumphantly, "therefore, what I am saying must be true!" The burden of
> evidence is upon you, not me.
>
> If that all-electric and fuel-free version of Chitty Chitty Humm Humm
> (well, it can't exactly go "Bang Bang," now can it?) shows up, -then-
> you can start stringing together stories about that Enigma.
>
> Otherwise, please confine this thread to "talk.politics.crypto."
>
> >Anthony Stephen Szopa wrote:
> > James Felling wrote:
> > > Andre wrote:
> > > An enigma machine can be easily simulated in software.( Ridiculously easily
> > > to do). The design of this enigma was unusual, but there was nothing that
> > > prevenetd people from using publicly available information to create a
> > > piece of software that would do exactly what it does. The theory is crap.
> >
> > Are you sure the exact specification of this version of the Enigma
> > is public information?
> >
> > It might make an intriguing story if there are many Enigma
> > encryptions that are held by the government hidden away or
> > forgotten somewhere that might contain clues to hidden Nazi
> > treasure. Or there may be Enigma encryptions that reside only
> > in private hands.
> >
> > Anyway, don't you think you were rather harsh in saying that his
> > suggestion was "crap?"
Oh, I'm sorry.
What I do often when I hear something highly implausible is look at
it only as an analogy for a principle rather than take it at its
face value.
This is what I did. I never took his example about Tesla seriously.
I only took the idea that the specifications of this Enigma might
not have been public, and that it might have been substantially
different and more complex, for instance, the rotors might have the
letters on each rotor in random order and each rotor randomly
different from another, etc., such that the idea that someone had
many encrypted messages and that they could not decrypt them so that
they would like the original machine to do the trick.
Not everyone has the know how or means to write the software and run
it, etc. Secrecy might also have been a high priority.
Perhaps the person who might want this particular Enigma, again,
might have many if not most or even all the unencrypted Enigma
messages known and or unknown others. This person or persons might
also have the keys. But the keys are useless without the actual
machine with the proper rotors.
The only explanation I would have for someone not only having an
archive of many Enigma encrypted messages but the keys as well is
that they might in some way have connections with the original
person or persons who encrypted the messages in the first place.
These person or persons would have a great desire to have these
rotors.
It was obviously simpler and more desirable to steal the machine
with anonymity.
Perhaps the person commissioned to make the heist fulfilled his
part of the bargain by supplying the rotors alone. But this
"master" decided to get more money by ransoming the remaining
machine.
I will be interested in hearing if this "master" is captured.
Email me if it happens.
The plot thickens.
------------------------------
From: David Bernier <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Thu, 19 Oct 2000 08:23:40 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
[...]
> Now then: here is the question. Suppose that IBM's LUCIFER sent the
> NSA into a tizzy. Sure, it was weak with respect to differential
> cryptanalysis, which the NSA knew about. But suppose they were
> resolved upon seeing it that "they are starting to do this; now, they
> will not find it impossible to achieve anything they might
> imagine"...what would their options be?
[...]
Some options that come to mind:
(a) Crypto AG and the like
(b) hacking into computers connected to a Network
(c) TEMPEST, pin-hole cams, "bugs", sniffers, ???
(d) gaining physical access to a comp., either with or without
a warrant for search and/or seizure
(e) moles (infiltration of groups or organizations)
David Bernier
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
