Cryptography-Digest Digest #253, Volume #13 Fri, 1 Dec 00 20:13:01 EST
Contents:
Re: keysize for equivalent security for symmetric and asymmetric keys (John Savard)
Re: New Dynamic Algo + Contest + Doc ("Paul Pires")
Re: keysize for equivalent security for symmetric and asymmetric keys (DJohn37050)
I Will Make ANY Software for ANYBODY!!! (LogTanSin)
Re: keysize for equivalent security for symmetric and asymmetric keys (Roger
Schlafly)
Re: Pentium 4 and modular exponential (Roger Schlafly)
Re: Vulnerability to Attack ("BreakingNews")
Re: How to find celebrity ("BreakingNews")
Re: Vulnerability to Attack (Eric Lee Green)
Re: Question regarding OS's. ("BreakingNews")
Re: Generating certificate private key ("BreakingNews")
Re: Public key encryption in Javascript? ("BreakingNews")
Re: DES question: Has this ever been proven before? (David Hopwood)
Simple checksum algorithm (Terry Neckar)
Re: I Will Make ANY Software for ANYBODY!!! (Tom St Denis)
IBM's new algorithm (John Savard)
Re: Simple checksum algorithm (David Schwartz)
Re: Rudimentary Encryption ("Potyanimal")
Re: Simple checksum algorithm ("bubba")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 21:59:03 GMT
On Thu, 30 Nov 2000 20:07:40 GMT, Bob Silverman <[EMAIL PROTECTED]>
wrote, in part:
>This response is just plain silly. Noone is trying to determine
>what will be safe key sizes 100 years from now! We are trying to
>do it for the forseeable future.
Things like medical and adoption records do need to be kept
confidential for periods that long, and thus the same applies to
things relating to personal privacy in general - as opposed, say, to
the numbers of credit cards that expire every two years.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: New Dynamic Algo + Contest + Doc
Date: Fri, 1 Dec 2000 14:15:23 -0800
Richard Heathfield <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> David Wagner wrote:
> >
> > proton wrote:
> > >Lets just halt innovation altogether.
> >
> > Don't misquote me.
> >
> > I said: If the point is to experiment, sure, post the algorithm,
> > but don't tell people to use it operationally until it has been
> > well-scrutinized.
> >
> > Experimental research cipher ideas should not be confused with
> > stuff to be used operationally.
>
>
> But it is. You see, "operationally" doesn't necessarily mean anything
> terribly important.
>
> I don't know why it is that people feel compelled to devise their own
> cryptographic algorithms. I have felt this compulsion myself, and still
> tinker with my own algorithm, trying to find ways to make it faster/more
> secure/easier to use...
>
> I, too, have posted my algorithm here in the hope of getting some
> serious cryptanalytic input. Unfortunately, I got extremely serious
> cryptanalytic input, which was basically "don't bother". :-) And that
> was the right advice. (Not that I let it discourage me from finding ways
> to make my algorithm faster/more secure/easier to use...)
>
> But people continue to do this, even though it's 99.999% likely to be a
> futile exercise.
>
> *Why* do we do this?
"We" don't do it. You individually do yours, for your own reasons and I
do what I do for mine. Just because we have the same observed behavior
doesn't mean that what we do or why we do it is the same. Different
people like to play on different slopes of the risk/reward curve. Think of
species radiation into unexploited niches. For me, that territory between
1 and .99999 is especially enticing since it generally lies in the shadow of
common knowledge. It isn't unexplored, it is ignored.
For some of us, finding the right and reasonable answer is not the best
outcome of the process. Sometimes the weird, the counter-intuitive,
the unexpected, brings a thrill uniquely it's own and is not diminished by
the eventual realization of it's uselessness.
> I've never tried to write my own sort algorithm. I just use Quicksort
> (or, strictly speaking, I just use qsort!). Likewise, I've never tried
> to write my own search algorithm. I just use bsearch(). I might,
> conceivably, /implement/ bsearch - indeed, I have implemented it, and
> for good reason - but I don't try to invent my own. But when it comes to
> cryptography, I must have invented a couple of dozen algorithms.
You don't invent because you use the premier stuff. I don't use so I am free
to try to invent my own. I don't have a professional ego about it.
Someone has to do it, this inventing stuff. Where else did the stuff
you use come from? It's a matter of taste or inclination isn't it? I have
invented
my own sort algorithm and I don't use it either. I won't even tell anyone about
it
because I'm happy, it is gratifying and I might embarrass myself if I did so.
When I am comfortable with it, and if I see a value commensurate with the
effort, I might disclose it. It is a risk/reward decision.
> Hypothesis: we (meaning the non-cryptographers who plague sci.crypt and
> make life so tedious for the rest of you) can't shake the notion that
> obscurity lends a little security. What we really want to do is publish
> our algorithm, get it cryptanalysed (partly for security, and partly for
> pose value), modify it until it gets a grudging thumbs-up from
> sci.crypt, then modify it ***just a little bit more*** (EVEN THOUGH we
> know full well that this will invalidate the cryptanalysis it's received
> - because we don't really *believe* it'll matter), and start using it.
> Not for anything serious, I hope and trust...
It isn't necessarily explained away like that. Conventional and responsible
versus reckless, thoughtless and undisciplined.
What I am leading up to is this:
Is this really what disturbs you or is it the apparent lack of judgement and
caution that this gleeful posting activity suggests? Come on, be honest. Isn't
it just a bit embarrassing to be a newbie and have clueless idiots make
newbie's in general look bad? Self-consciousness by proxy? Doesn't it
make you want to be on record as in support of the common sense,
responsible, generally accepted ideas and philosophies?
BTW: I just got a copy of "C Unleashed" That's your work isn't it?
I like it and thank you for the tool. Nice work and all good.
Paul
>
> Well, children will play. And I'm just as big a children as the rest of
> them.
>
> Anyone for CDX-3?
>
>
> --
> Richard Heathfield
> "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
> C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> K&R answers, C books, etc: http://users.powernet.co.uk/eton
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 01 Dec 2000 22:57:33 GMT
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Rivest when RSA was first invented was the one to say that perhaps strong
primes were a good thing. As the key sizes needed got larger, then he changed
his position. ANSI X9 is conservative. There was this concern. There was
supposed to be a presentation saying why it was not needed, but that was not
done. So people were no swayed and voted to have it. If there was no
presentation, whose fault is that? P.S. I voted abstain.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (LogTanSin)
Date: 01 Dec 2000 23:10:10 GMT
Subject: I Will Make ANY Software for ANYBODY!!!
Hi,
I manage a VAST number of programmers with a wide spectrum of skills covering
every aspect of programming. This includes dozens of specialists in every
little niche of specialization. We can custom develop ANY software that you
have in mind at an extremely fast pace and efficiency coupled with utmost
confidentiality.
Due to the wide range and large number of specialists on the team, the fast
pace and efficiency of development results in EXTREMELY low cost, its almost
magic.
If you are thinking of developing custom software, email me with a brief
description of what you have in mind, and I will reply with an approximate time
frame and cost of development.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Date: Fri, 01 Dec 2000 15:37:30 -0800
DJohn37050 wrote:
> Rivest when RSA was first invented was the one to say that perhaps strong
> primes were a good thing. As the key sizes needed got larger, then he changed
> his position.
Some people learn from their mistakes.
> ANSI X9 is conservative. There was this concern. There was
> supposed to be a presentation saying why it was not needed, but that was not
> done. So people were no swayed and voted to have it. If there was no
> presentation, whose fault is that? P.S. I voted abstain.
Maybe they think they are being conservative. IMO, it is just
more evidence that they don't know what they are doing.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Pentium 4 and modular exponential
Date: Fri, 01 Dec 2000 15:39:57 -0800
Francois Grieu wrote:
> The official word on this is probably AP-941: Using Streaming SIMD
> Extensions 2(SSE2) to Perform Big Multiplications, available
> (with other technotes) at
> ?http://developer.intel.com/software/products/itc/sse2/sse2_appnotes.htm?
>
> I only glaced at the thing, and noticed they use base 2^29 in order
> to circumvent carry propagation issues.
Yes. Seems rather awkward. It might have been nice if Intel put
in something to help handle the carry propagation, or otherwise
make it easier for bignums.
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: Vulnerability to Attack
Date: Sat, 2 Dec 2000 01:41:55 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
James dont know if I read it right.
But if what u saying is that the password *IS* being transmitted across
the net... albeit encrypted with its own hash and rnd IV via CBC... whatever
... its wrong.
The password in any shape or form... must not pass over the net.
I think you can argue with number crunching geeks until your head falls off
and I think the clever thing to do is just to avoid the 10001 ways to do
authentication. What I do is just look at something or someone that I think
probably does has a good system... and copy it.
I would just say to your programmers, do it this way... and tell them to
use the CHALLENGE RESPONSE methodology the microsoft uses.
I got a little package that allows you to test and play with different
idea's
http://www4.50megs.com/johnnyco/
if u interested.
Dont be too hard on your programmers, its a tricky area and more
of an art than a science...
James Dabbs <[EMAIL PROTECTED]> wrote in message
news:905r1h$k8q$[EMAIL PROTECTED]...
> We are adding features to an existing client/server telecom system. One
of
> the problems I have with it is its's method of data security, although I
am
> new to this.
>
> In the present system, multiple clients connect to a single server using
an
> account/password and TCP/IP connections. In the protocol, each PDU is
> prefixed with a 32-bit random spoiler and then encrypted using "TEA". TEA
> is a private key 128-bit block cipher, and the protocol uses CBC to
encrypt
> a whole packet. The TEA key comes from a hash (proprietary, as far as I
can
> tell) of the account password string. After a connection, the first PDU
> contains the account ID string in the clear. Everything else after that
is
> encrypted. The password itself is not transmitted over the link.
>
> The original author argues that this is secure and supports UDP, which SSL
> does not support. And to my knowledge, it has never been hacked.
However,
> none of us are data security experts, and my argument is that we should
> tunnel the protocol through SSL because this is where the experts are
> putting their analysis and talent.
>
> Can anyone point out any obvious flaws in the above scheme?
>
> Thanks,
> James Dabbs
>
>
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: How to find celebrity
Date: Sat, 2 Dec 2000 01:53:07 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
Who has had more than 15 husbands/wives , any form of plastic surgery...
yes... its a celeb :)
Jakob Jonsson <[EMAIL PROTECTED]> wrote in message
news:8viqhk$akk$[EMAIL PROTECTED]...
> > > Among n people, a celebrity is someone who everyone knows but who
knows
> > > no one. To identify the celebrity, if one exists, you are allowed to
> > > ask questions of any of the n people, but only of the form: "Excuse
me,
> > > do you that person over there?" Assume that all answers are correct.
> > > Minimize the number of questions you need to ask to determine the
> > > celebrity, if one exists, or to determine no celebrity exists in a
> > > given set of n people.
> > >
> > > suggestions please
> >
> > Learn basic induction.( this problem is easily solved through the use of
> > mathematical induction)
>
> You can use induction to prove that it is possible to find a single
> candidate for the celebrity in n-1 steps.
>
> > the answer as to the minimum is n^2-n. The question then is why is this
> > true?
>
> It is not true. The answer is 3n-4.
>
> Jakob
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Vulnerability to Attack
Reply-To: [EMAIL PROTECTED]
Date: Sat, 02 Dec 2000 00:04:51 GMT
On Sat, 2 Dec 2000 01:41:55 +0200, BreakingNews <[EMAIL PROTECTED]> wrote:
>But if what u saying is that the password *IS* being transmitted across
>the net... albeit encrypted with its own hash and rnd IV via CBC... whatever
>... its wrong.
In general, in his scheme, it is not transmitted over the 'net except
when a password change occurs. I do agree that even in this situation
it is *NOT* a good idea. A good public key scheme such as SSL is much
preferable here because then re-keying the connection consists of the
two machines trading public keys, with no private key information
transmitted even in encrypted form (except for encrypted session keys).
>I would just say to your programmers, do it this way... and tell them to
>use the CHALLENGE RESPONSE methodology the microsoft uses.
No, this is succeptible to dictionary attacks. See http://www.counterpane.com
for Bruce and Mudge's dissection of all versions of MS CHAP.
>Dont be too hard on your programmers, its a tricky area and more
>of an art than a science...
And state of the art moves, as does legal art. For example, hashed
challenge-response protocols originated when it was possible to easily
export a cryptographically secure hash signature algorithm, but not
easy to export anything that actually encrypted data, and when the hash
signatures were computationally expensive to compute and dictionary attacks
were not feasible due to that. Today, with 1.2ghz Pentium III's and Athlons,
hash signatures can be computed quickly enough to conduct dictionary
attacks with ease.
Finally: The strength of the algorithm he described depends upon the
strength of the selected password. If the passwords can be guessed or
predicted, then it's a broken algorithm by definition. In another
message he mentions that the clients are keyed at the factory as part
of the manufacturing process. Unless they are being keyed from a
cryptographic-quality random number generator, that's a problem. He
also mentions that the clients re-key themselves by generating a new
key randomly. Again, if the random number generator is of poor
quality, keys could be predictable. A break against Netscape's SSL
implementation for Netscape Navigator depended upon a poor key
generator allowing guessing of possible keys. If packets do not
include a packet number and session ID/challenge (which was provided
by the recipient at the start of the session), it may be possible to
do replay attacks.
Finally, there is the issue of how the keys are entered into the
server. There may be possible man-in-the-middle attacks there.
The security of the entire system depends upon a lot more than just
the choice of cryptographic libraries and algorithms, though if you
choose insecure algorithms then you're broken already.
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: Question regarding OS's.
Date: Sat, 2 Dec 2000 02:00:28 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
I use Windows 95 to 2000 and this crypto package
http://www.kewlstuff.co.za/
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:8vm8p8$[EMAIL PROTECTED]...
> Juri wrote:
> >
> >Thanks for pointing somethings out for me, I still prefer
> >to use NT4 because of the driver problem for my hardware
> >that won't work under NT5.
> >
>
> I found that NT4 was less stable than Win 2K unless you install
> Internet Explorer 5.5 and NT Service Pack 6A, after which all
> the problems go away.
>
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: Generating certificate private key
Date: Sat, 2 Dec 2000 02:10:05 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
Dont think u can... by definition a certificate is your signed public key.
Imagine what would happen if you could generate a private key after the
fact.
That goes for a not yet signed Cert Application as well.
Dont know... dont use Microsoft API but I think you'll find that somewhere
right at the beginning of the process when it created the puiblic key... it
hid the private key away in some secret store.
maybe?
Dima Mukalov <[EMAIL PROTECTED]> wrote in message
news:8vjcqi$oki$[EMAIL PROTECTED]...
> Hi All !
>
> I have a new X509_ASN_ENCODING certificate in a file store.
> How can I generate a private key for this certificate
> using CryptoAPI functions if I have CERT_PUBLIC_KEY_INFO data?
> When I used CryptGenKey the new public key did
> not corespond to certificate public key.
>
>
------------------------------
From: "BreakingNews" <[EMAIL PROTECTED]>
Subject: Re: Public key encryption in Javascript?
Date: Sat, 2 Dec 2000 02:15:21 +0200
Reply-To: "BreakingNews" <[EMAIL PROTECTED]>
If its windows and java you looking for have a look at this package
Its brilliant!!!
http://www.kewlstuff.co.za/
http://www4.50megs.com/johnnyco/
You can encrypt in HTML pages and send it to an ASP server.
All in about 20 lines of code, and its easy.
<[EMAIL PROTECTED]> wrote in message news:901fjf$lvm$[EMAIL PROTECTED]...
> Hi. I'm looking for a public key (asymetric) encryption algorythm which
> is simple enough to implement in javascript. No need for key
> generation. I don't even think we need decryption in javascript.
>
> I've looked around at various crypto libraries and they make my head
> swim. Then I think about implementing them in braindead-slow
> javascript...
>
> All my work is opensource/GPL.
>
> Can anyone point me in a helpful direction?
>
> John
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Date: Sat, 02 Dec 2000 00:23:53 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DES question: Has this ever been proven before?
=====BEGIN PGP SIGNED MESSAGE=====
Francois Grieu wrote:
> David Wagner wrote:
> > If a(n) = a(2n), then the period of the cycle is n. Well, the
> > period might divide n, but almost always it is n, if n is the
> > least value such that a(n) = a(2n) and if you are iterating a
> > random function.
>
> Now I'll believe you on this one, but is there a simple argument
> showing that the header length is almost always smaller than the
> cycle ?
For a random mapping on a set with N elements, the expected tail
(header) length and the expected cycle length are both sqrt(pi*N/8).
So there is a non-negligable probability that n will be a multiple
of the cycle length rather than the actual length, but it will only
be a small multiple. See section 2.1.6 of HAC, and
P. Flajolet, A. Odlyzko,
"Random mapping statistics,"
Advances in Cryptology - EUROCRYPT '89
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOibs+zkCAxeYt5gVAQHF0gf+PiSmBYDuwjkU6Jl+RhKQTKDxEizgkb8V
jgQkG2eCgpj23gGMFJ4btdWH8ImU7I52oNG7WgnCDgLNPbyJYYrdDsGp2uCRvC9f
NgyvnaImBCfSWs/tAf0/hRTlnEri8v8mH9y97VLTNUDvrA3ELLuAqtb7k29tgXjb
pRCxPiUpnF34sBK6EKW3n90+kmFjBKqixZohEc4uDLOMBIQsgtxhJO/33NQeQZ4y
oqxZzRGBfpt8gEW4rHUNOKr4yVFMDtcV5pR8P/Bt1PrZeAaqrax2MbCA68QLvmFS
2cTHlaOS7pAUC9jJiK1+ZA+mmdHeeq/aAlbZIiw7qQqW4mdSo7C02w==
=U2HQ
=====END PGP SIGNATURE=====
------------------------------
From: Terry Neckar <[EMAIL PROTECTED]>
Subject: Simple checksum algorithm
Date: Fri, 01 Dec 2000 17:33:01 -0700
Can someone refer me to a simple checksum algorith that has an output of
from 0-9, A-Z (caps only)? A normal checksum has values of from 0 - FF.
Thanks,
Terry
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: I Will Make ANY Software for ANYBODY!!!
Date: Sat, 02 Dec 2000 00:33:17 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (LogTanSin) wrote:
> Hi,
>
> I manage a VAST number of programmers with a wide spectrum of skills
covering
> every aspect of programming. This includes dozens of specialists in
every
> little niche of specialization. We can custom develop ANY software
that you
> have in mind at an extremely fast pace and efficiency coupled with
utmost
> confidentiality.
> Due to the wide range and large number of specialists on the team,
the fast
> pace and efficiency of development results in EXTREMELY low cost, its
almost
> magic.
>
> If you are thinking of developing custom software, email me with a
brief
> description of what you have in mind, and I will reply with an
approximate time
> frame and cost of development.
Because you are not offering your services for free I shall remind you
that you have **SPAMMED** this group. I hope nobody from here takes
you up on your service and I hope you learn some netiquette soon.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: IBM's new algorithm
Date: Sat, 02 Dec 2000 00:24:48 GMT
No technical details are in the IBM press release, let alone the news
items on it, but IBM has a new algorithm that 'authenticates and
encrypts simultaneously'.
Of course, every secret key algorithm does that for free...if the
plaintext makes sense, you must have known the key. So I don't think
they meant _that_.
My *guess* is that they have an algorithm that encrypts and signs
simultaneously in a public-key fashion.
Thus: I have public key p (with private key P), and you have public
key q (with private key Q). I want to send a message X to you; in this
method, I apply an encryption transform C=E(X,P,q) and you can read it
with D(C,p,Q).
Due to the common-modulus attack, you can't really do that in RSA by
taking the message to the power of your private key times the
recipient's public key. And signature methods in Diffie-Hellman aren't
straightforwards. So IBM has come up with something of some
theoretical interest, even though Bruce Schneier is right that this
isn't an exciting speedup.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Simple checksum algorithm
Date: Fri, 01 Dec 2000 16:40:08 -0800
Terry Neckar wrote:
> Can someone refer me to a simple checksum algorith that has an output of
> from 0-9, A-Z (caps only)? A normal checksum has values of from 0 - FF.
A normal checksum has an output that can be expressed as a number.
Simply express that number in base 36.
DS
------------------------------
From: "Potyanimal" <[EMAIL PROTECTED]>
Subject: Re: Rudimentary Encryption
Date: Sat, 02 Dec 2000 00:50:32 GMT
John Savard wrote in part:
> Well, from this, it's obvious that you can make a table that looks
> like:
>
> 123456
> ---------
> a "pC=@S
> b ;
>
> Since ; isn't the next ASCII character following C, it isn't XORing a
> fixed sequence of bits with your password, but it is using a fixed
> sequence of alphabets.
>
> Maybe it's simulating a rotor machine.
>
> So just use passwords aaaaaaaa, bbbbbbbb, .... zzzzzzzz and the same
> for caps, digits, and so on, and you've got it cracked.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
That's what I though at first, that maybe there was a table telling it to
simply replace the character a with the character " if its in the first
position, and replace the character b with somthing else, or if it's in the
second, or third... position then replace it with another digit...
but, a table would have to be created for every seed and that several
thousand tables since usualy a six digit seed is assigned by the software
itself and anything in between will work, so since the seed does vary, it
would have to be simulating several thousand rotary machines, and so I ruled
that out. I figured that it MUST have some sort of formula to encrypt the
each character. If that is what your were talking about by rotary machine.
Like I say, i'm not as educated in cryptography as i'd like to be. I
originally though that too because adding the b in the middle of the
password, did not affect the rest of the encrypted password, so that last 3
digits of the encrypted password "abczzz", "defzzz", and "ghizzz" would be
the same, and the first three I couldn't find a pattern.
Thanks for the help, but I'm still looking.
------------------------------
From: "bubba" <[EMAIL PROTECTED]>
Subject: Re: Simple checksum algorithm
Date: Sat, 02 Dec 2000 01:05:56 GMT
void sum (unsigned char *buffer, int length)
{
unsigned index, lsDigit, msDigit, total = 0;
char sumText [3];
for (index = 0; index < length; index++)
total += buffer [index];
lsDigit = total % 36;
total /= 36;
msDigit = total % 36;
if (lsDigit < 10) lsDigit += '0'; else lsDigit += 'A' - 10;
if (msDigit < 10) msDigit += '0'; else msDigit += 'A' - 10;
sumText [0] = msDigit;
sumText [1] = lsDigit;
sumText [2] = '\0';
printf ("%s\n", sumText);
}
int main (void)
{
unsigned index;
for (index = 0; index < 1000; index++)
sum (&index, sizeof (index));
return 0;
}
"Terry Neckar" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can someone refer me to a simple checksum algorith that has an output of
> from 0-9, A-Z (caps only)? A normal checksum has values of from 0 - FF.
>
> Thanks,
> Terry
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
