Cryptography-Digest Digest #314, Volume #13 Tue, 12 Dec 00 12:13:01 EST
Contents:
Re: Request: A Compiled Rijndael DLL Pretty Please :) (Tom St Denis)
Re: On using larger substitutions (Tom St Denis)
Re: ElGamal questions (Tom St Denis)
Re: PGP Symmetric Algo (Tom St Denis)
Re: On using larger substitutions (wtshaw)
Re: Sr. Cryptographer/mathematician (Tom St Denis)
Re: PGP Symmetric Algo ("ink")
Re: important programming languages (JCA)
Re: ElGamal questions ([EMAIL PROTECTED])
Software PRNG.. (Jorgen Hedlund)
Re: Sr. Cryptographer/mathematician ("Matt Timmermans")
64bit CRC (Mihai Preda)
Re: PGP Symmetric Algo ([EMAIL PROTECTED])
Re: Sr. Cryptographer/mathematician ([EMAIL PROTECTED])
Re: PGP Symmetric Algo (Tom St Denis)
Re: Software PRNG.. (Tom St Denis)
Re: PGP Symmetric Algo ("ink")
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Request: A Compiled Rijndael DLL Pretty Please :)
Date: Tue, 12 Dec 2000 15:09:40 GMT
In article <Z7qZ5.18499$[EMAIL PROTECTED]>,
Mike Vaughn <"vaughnmt"@@@home.com> wrote:
> Hi,
> I am a mediumly skilled VB enthusiast and I would like to play around
> with Rijndael, but after two days of searching all I could find was
> plenty of C++ source. I was amazed that no-one thought to provide a
> pre-compiled DLL for users without MSC++ V6. I suppose it has
something
> to do with trust ( if I didn't compile it then I really don't know
> what's in there, etc).
>
> Could some kindly, honorable person please email Rijndael.dll (or
> whatever it is called) to me so I can start experimenting with it? It
> would mean so much to me. If you could also provide just a couple of
> helpful pointers on how the functions are used that would be a real
> blessing. Something like: "First you make the key by... and then you
> encode it by... and decode it by..."
>
> BTW, does anyone know if it has been ported to VB yet? If I had VB
> source then I could do everything by myself!
>
> I apologize if I am asking for too much, you guys are great and I
don't
> want to overstep my bounds.
Well you could take the current Rijndael C source strap a DLLMain on it
and make your own DLL. I could do it in about 30 mins if nobody else
has one handy let me know.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: On using larger substitutions
Date: Tue, 12 Dec 2000 15:12:28 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> A general 16-bit substitution table is commonly considered
> impractical because of the large storage space required,
> not to say using a number of such tables. On the other
> hand, the technique of Playfair offers extremely compact
> storage, though with the trade-off of realizing only very
> special substitutions. One could help a bit through using
> a version employing two matrices. Further one could
> concatenate several Playfairs. In situations where one
> could be satisfied with the quality of such substitutions,
> the following scheme, which requires some more storage but
> is more flexible and straightforward to code, may be of
> interest:
>
> One generates four 8-bit substitution tables. The two
> bytes of the given 16 bits are first transformed by the
> first two tables respectively. The result is circularly
> shifted 4 bits and the remaining two substitution tables
> are applied in the same manner.
This is vulnerable to differential cryptanalysis very easily if you are
not carefull. Again I would look for 4bit->4bit differences that state
in the same word after the rotate of four bits. That way the number of
active sboxes is minimized.
A better idea is todo a MDS where the substitution is done on the
input. This way the diffusion is optimal and is less vulnerable to
differential cryptanalysis.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: ElGamal questions
Date: Tue, 12 Dec 2000 15:13:42 GMT
In article <915c2g$cpo$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> > If you are truly performance driven you will not use ElGamal.
Instead
> > develop a key negotiation scheme using a one-time generated shared
DH
> > key and use "symmetric" encryption for all further communications.
> >
> > I did this in my old Peekboov2 program. Two people would make a
> shared
> > DH key and I would hash the shared-secret (big 2048-bit number)
plus a
> > random IV (I appended to the message) to make a session key to
encrypt
> > the message. Once you make the shared secret sending messages only
> > required to hash some text and encrypt via a fast symmetric cipher.
> >
> > Tom
>
> Hi Tom, thanks for your answer.
> But what I want to do is to protect some information (as passwords)
> and other sensible information in a database. And what I need is that
> some people can store the data (encrypted with public key) and
> other can read it (using the private key). That why I want to use a
> public/private schema, and given that the data to encrypted is about
> the length of a 128 bit key I thought that treating the data as the
> session key will be a good idea.
Why can't the original person read their database info?
Is this a client <-> server type situtation? You may be better off
with DH then EG encryption.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: PGP Symmetric Algo
Date: Tue, 12 Dec 2000 15:14:32 GMT
In article <90qt48$ia6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi,
>
> Which is the best symmetric algorithm to use with PGP out of CAST,
IDEA
> and TripleDES ? Or maybe i should ask what positive/negative points
have
> each of these algorithms ?
Stupid question.
>
> Also, can anyone give me some references where i can find a
description
> of each of the 3 algorithms mentioned above ?
www.counterpane.com/labs.htm
has a lot of papers.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: On using larger substitutions
Date: Tue, 12 Dec 2000 09:02:40 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> A general 16-bit substitution table is commonly considered
> impractical because of the large storage space required,
> not to say using a number of such tables. On the other
> hand, the technique of Playfair offers extremely compact
> storage, though with the trade-off of realizing only very
> special substitutions. One could help a bit through using
> a version employing two matrices. Further one could
> concatenate several Playfairs. In situations where one
> could be satisfied with the quality of such substitutions,
> the following scheme, which requires some more storage but
> is more flexible and straightforward to code, may be of
> interest:
>
Playfair is a step above most other simple encryptive techniques, but its
hollow ring against better algorithms says thud. Were complication buys
so little, the tradeoff is minimal, but still entertaining for people who
like to test their one-on-one limits.
--
Pangram: Quiz fox view unholey jab makes chad pregnant.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Sr. Cryptographer/mathematician
Date: Tue, 12 Dec 2000 15:17:36 GMT
In article <2IfZ5.17746$[EMAIL PROTECTED]>,
"Kevin" <[EMAIL PROTECTED]> wrote:
> WE ARE LOOKING FOR EXPERT CRYPTOLOGISTS
> in Ottawa, Canada
>
> You will have experience in 1 or more of these
>
> - Ciphers
> - Cryptographic protocols
> - Crytpographic hashing methods
"Cryptographic" (spelling)
> - Computaional complexity theory
"Computational" also referred to "Combinatorics"
> - Combinatorics
?hmm repeat?
> - Number theory
> - Numerical analysis
These two are the same!
> As part of the technology team you will participate in the design and
> analysis of our technology with regards to mathematical and/or
cryptographic
> techniques. You will aslo be expected to design new applications in
the
> above areas for incorporation into our secret-hiding, tamper proof
software
> encoding tools and to program key components to incorporate the
designs into
> our tool set.
Tamper proof encoding tools? Shaw right.
> Knowledge of Java, c++ Eiffel,Modula-3 or other object oriented
language is
> essential.
Oooh buzzward compliancy... drool...
Well I live in ottawa (Kanata specifically) you can contact me at
tomstdenis@yahoo if you like.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: PGP Symmetric Algo
Date: Tue, 12 Dec 2000 16:33:06 +0100
"Tom St Denis" dropped into the real world with a crash and proclaimed...
> In article <90qt48$ia6$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > Which is the best symmetric algorithm to use with PGP out of CAST,
> IDEA
> > and TripleDES ? Or maybe i should ask what positive/negative points
> have
> > each of these algorithms ?
>
> Stupid question.
Tom, as much as I admire you for your abilities and knowledge and like
reading your posts, but with all due respect, there's no such thing as
a stupid question. There's only stupid answers. Please don't conclude
from your knowledge to that of others.
Back to lurking... kind regards,
ink
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: important programming languages
Date: Tue, 12 Dec 2000 07:24:35 -0800
Paul Schlyter wrote:
> In article <[EMAIL PROTECTED]>,
> JCA <[EMAIL PROTECTED]> wrote:
>
> > Bob Silverman wrote:
> >
> >> There is really only one language that matters for encryption:
> >>
> >> assembler.
> >
> > You can say that again. It is true that compilers are getting
> > better and better, but for a number of cryptographic operations
> > good, hand-coded assembly language at the right place buys
> > you one order of magnitude in performance. The gains are most
> > noticeable for newer architectures, for which compilers are not
> > yet so hot.
>
> Perhaps one should then say:
>
> There is really only one language that matters for encryption:
>
> hardware.
>
> because hardware implementations will buy you another order of
> magnitude in performance.
But you don't want to go hardware (or even assembly language)
all the way, but only for those critical operations for which it makes
a difference.
In addition, once you have done your hardware implementation
that's the best you will get from that particular implementation,
whereas software ones have more potential.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ElGamal questions
Date: Tue, 12 Dec 2000 15:36:58 GMT
> Why can't the original person read their database info?
>
> Is this a client <-> server type situtation? You may be better off
> with DH then EG encryption.
This is a client-server situation. And the problem is that all clients
have access to the db and we don't want them to read in plain text this
information.
I will take a lookk to the schema you propose.
Thanks.
Jorge
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jorgen Hedlund <[EMAIL PROTECTED]>
Subject: Software PRNG..
Date: Tue, 12 Dec 2000 16:55:55 +0100
Reply-To: [EMAIL PROTECTED]
Are there any (good) software PRNG's on the net, that is also free?
I've scoured the FAQ, but, well let's say that I didn't come up
with anything by doing so..
BR/jh
PS!
Excerpt from the only reference of PRNG (in sci.crypt), according
to www.faqs.org:
"...where Prngxor() [FTPPX] is a simple stream cipher driven from
a long-period pseudo-random number generator (PRNG),..."
DS!
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Sr. Cryptographer/mathematician
Date: Tue, 12 Dec 2000 16:01:01 GMT
Your rather gritty usenet manner is sometimes entertaining, Tom, but there
are many reasons to be more civil.
For instance:
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:915fi8$fve$[EMAIL PROTECTED]...
> In article <2IfZ5.17746$[EMAIL PROTECTED]>,
> "Kevin" <[EMAIL PROTECTED]> wrote:
> > WE ARE LOOKING FOR EXPERT CRYPTOLOGISTS
> > in Ottawa, Canada
> > [...]
> > You will have experience in 1 or more of these
> [...]
> > - Computaional complexity theory
>
> "Computational" also referred to "Combinatorics"
Not true in this sense, but that's not important...
> > - Number theory
> > - Numerical analysis
>
> These two are the same!
Also not true, but the fun part comes later...
> > You will aslo be expected to design new applications in
> > the above areas for incorporation into our secret-hiding, tamper
> > proof software encoding tools [...]
>
> Tamper proof encoding tools? Shaw right.
>
> [...]
>
> Well I live in ottawa (Kanata specifically) you can contact me at
> tomstdenis@yahoo if you like.
>
Ottawa is not _that_ big a city, Tom -- you already work there!
------------------------------
From: Mihai Preda <[EMAIL PROTECTED]>
Subject: 64bit CRC
Date: Tue, 12 Dec 2000 17:24:42 +0100
Hi,
please excuse me if my message is not adequate for this list.
I need two independent 32bit fingerprints for a message. I think CRC
would be a good choice (I don't need security).
Now, what should I prefer:
a) compute two 32bit CRCs(with different polynomials)
b) compute one 64bit CRC, and use the lower and higher order 32bits as
the two fingerprints.
In either case, could you direct me to some available source code
implementing this? (or, where can I get good 32bit or 64bit
polynomials?)
Thanks,
Mihai Preda
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PGP Symmetric Algo
Date: Tue, 12 Dec 2000 16:24:52 GMT
I don't believe this is a stupid question. All algorithms will have some
good points and some drawbacks. For example, one might be very fast but
less secure whereas one might be slower to run but more secure.
Another example would be, say, if it was to be implemented for the smart
card market. Then comparisons of time, memory requirements and size of
code would have to be considered together with how weak an algorithm can
be in terms of differential cryptanalysis.
So to me, different algorithms have their +'s and -'s in terms of
security, speed, etc.
Now tell me if i am wrong but someone has written:
"Triple-DES is probably the most secure. It is based on DES, which has
had a good twenty years worth of analysis. Since it has been proven that
DES is far from a group, Triple DES gives (roughly) tripple the
security.
IDEA is based on some neat mathematics, and i believe it is provably
secure against both differential and linear cryptanalysis. It is faster
than Triple-DES but slower than CAST, i think.
CAST is the fasted of the three. Since its round function is composed
of just substitutions and an XOR. Most of the security of the algorithm
depends on the nature of the substitutations (the S-Boxes). Since the S-
Boxes
are implementation dependent, caution is adviced. I assume that the
s-boxes used in PGP are secure."
so all these algorithms have different properties.
I realise i shouldn't have asked for the best hence the second part of
the question "Or maybe should i ask ... ?"
In article <915fch$fku$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <90qt48$ia6$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > Which is the best symmetric algorithm to use with PGP out of CAST,
> IDEA
> > and TripleDES ? Or maybe i should ask what positive/negative points
> have
> > each of these algorithms ?
>
> Stupid question.
>
> >
> > Also, can anyone give me some references where i can find a
> description
> > of each of the 3 algorithms mentioned above ?
>
> www.counterpane.com/labs.htm
>
> has a lot of papers.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Sr. Cryptographer/mathematician
Date: 12 Dec 2000 16:34:43 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <2IfZ5.17746$[EMAIL PROTECTED]>,
> "Kevin" <[EMAIL PROTECTED]> wrote:
>> - Computaional complexity theory
> "Computational" also referred to "Combinatorics"
Ummmmm..... no, not even close.
>> - Number theory
>> - Numerical analysis
> These two are the same!
Again, not even remotely close.
You seem to have posted trying to show that the original poster didn't
know what they were talking about, but unfortunately you stepped in it
pretty big time showing that you need some big clues...
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: PGP Symmetric Algo
Date: Tue, 12 Dec 2000 16:37:29 GMT
In article <915g9s$pit$[EMAIL PROTECTED]>,
"ink" <[EMAIL PROTECTED]> wrote:
>
> "Tom St Denis" dropped into the real world with a crash and
proclaimed...
> > In article <90qt48$ia6$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> > > Hi,
> > >
> > > Which is the best symmetric algorithm to use with PGP out of CAST,
> > IDEA
> > > and TripleDES ? Or maybe i should ask what positive/negative
points
> > have
> > > each of these algorithms ?
> >
> > Stupid question.
>
> Tom, as much as I admire you for your abilities and knowledge and like
> reading your posts, but with all due respect, there's no such thing as
> a stupid question. There's only stupid answers. Please don't conclude
> from your knowledge to that of others.
My abilities? I am no more then a the average avid amateur. And
forgive me for answering like that but truly that question gets asked
about three times a week. Why not read posts beforing posting if you
are a newbie?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Software PRNG..
Date: Tue, 12 Dec 2000 16:39:24 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Are there any (good) software PRNG's on the net, that is also free?
Well depending on your needs a few programmers in here (including me)
could code you one. There are many types available such as LFGs and
LFSRs which are non-patented technology.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: PGP Symmetric Algo
Date: Tue, 12 Dec 2000 17:54:25 +0100
"Tom St Denis" dropped into the real world with a crash and proclaimed...
> My abilities? I am no more then a the average avid amateur. And
> forgive me for answering like that but truly that question gets asked
> about three times a week. Why not read posts beforing posting if you
> are a newbie?
Neither am I more than an amateur. And even if this question gets
posted several times a week (though I haven't seen it yet this week),
it's still not stupid. A simple reference would do. Calling it stupid
borders on being an insult. At least that's how I would feel it.
No offence intended, just my humble 2c worth.
Regards,
ink
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
