Cryptography-Digest Digest #417, Volume #13 Wed, 3 Jan 01 18:13:01 EST
Contents:
Re: Simple Source Related Question??? (Mike Rosing)
Re: Birthday attack explanation... (Simon Johnson)
Re: Sapphire sapphire on the wall -- including POEM... (Ed Augusts)
Re: Differential Analysis (Simon Johnson)
Re: [rijndael] Efficient hardware S-box implementation ("Brian Gladman")
Re: Simple Source Related Question??? (Bryan Olson)
Re: Differential Analysis (Tom St Denis)
Input/Ouput-conversion for DES password encryption ("Wouter")
Re: Audio-CD steganography? (Marc)
Re: Input/Ouput-conversion for DES password encryption ([EMAIL PROTECTED])
Test values ("[Basic]")
----------------------------------------------------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Simple Source Related Question???
Date: Wed, 03 Jan 2001 12:18:59 -0600
Bob Mariotti wrote:
>
> After reading hundreds of these posts here, in sci.electronics,
> searching the web for days and days yes, reading info in several books
> and articles, I still have not been able to come up with what I am
> looking for. Perhaps one of you "experts" can assist.
>
> I am charged with creating a routine in our development logic that
> will calculate the PIN offsets for new ATM/POS cards using the DES
> encryption common to banking.
>
> I have searched for sample source code in ANY language and found only
> one in C++ what was quite 'cryptic'.
Try using google. I got 1,950 hits with [DES "C source code"] in the
search box.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Birthday attack explanation...
Date: Wed, 03 Jan 2001 18:28:45 GMT
In article <92veqe$49o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hello,
>
> I have read on RSA Labs FAQ (http://www.rsalabs.com/faq/2-4-6.html)
> concerning birthday attack on hash functions that :
> if I generate 2^(n/2) hashes of an innocuous messsage (with minor
> changes) Bob is likely to sign
> and 2^(n/2) hashes of real message to be signed (in which I can make
> Bob say whatever I like...)
>
> where n is the length to the message digest
>
> there is over fifty percent of chances I get once the same hash for
one
> innocuous message and one real message.
>
> => If we apply that to SHA-1, length of message digest is 20 bytes =
> 160 bits. That means I only have to compute 2^80 innocuous messages +
> 2^80 real messages ?
>
> I'm surprised 2^80 isn't that big... (unless computing a hash is very
> long ?). Isn't that an important security threat ? I must have missed
> something...
>
> Thanks for any explanation on the subject,
> Axelle.
>
> Sent via Deja.com
> http://www.deja.com/
>
The point you missed is that 2^80 _is_ a large number.....
Here it is in decimal: 1,208,925,819,614,629,174,706,176
Now to quantify this large number, if two SHA-1 computations takes 0.01
seconds then it would take 383,085,475,325,953 years to find a
collision on average.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Ed Augusts <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: sci.geo.earthquakes,alt.fluid-dynamics,alt.sci.astro.eclipses
Subject: Re: Sapphire sapphire on the wall -- including POEM...
Date: Wed, 03 Jan 2001 19:54:09 GMT
[EMAIL PROTECTED] wrote:
>
> Re: Comets, Meteors, and Mitotic Spindles
>
> Yes, you are quite correct!
>
> Asteroids are NOT composed of the same "matter" as meteors or comets.
>
> The meteors that hit Austria long ago created the salt mines that led
> to the naming of Salzburg.
Meteors created salt mines? I guess that's why the old Leslie salt
containers used to have the motto, "when it rain, it pours!" (meteor
shower, that is!)
And that big big big meteor
Sounds like you're talking about a big big BIG meteor, here!
redefined
> Celtic Germany that hit Reis [Bavaria] and Steinheim [Nord-Rhein
> Westphalen] some time ago.
Celts, in Germany?? "Ja! Schnel mit das "Harp lager", Javohl!"
>
> The Rugieri Tribe of the Bodden Strait DID survive the blast however,
> and the Rugen Islands still exhibit massive chalk cliffs and authentic
> sea dolomite formations that provided shelter for the survivors.
What? Did they burrow into them in a hurry to survive?
>
> Norway suffered very dearly and has such spindly and ropey and fibrous
> rather than hard wooded trees, as a result [I believe the Beatles were
> alluding to this in NORWEGIAN WOOD].
Just as they were talking about AT&T in the song that goes,
"Michelle...Ma Bell*..."
Seriously. You think this type of tree species developed because of a
meteor strike?
The Norwegian Maple, a very soft
> tree, is now called A. Saccharinum, ... perhaps named after a star
> somewhere, or even a long forgotten asteroid.
"Saccharinum" seems more likely to have been based on the Latin word for
"sweet". Since it's a maple, maybe it produces a good quality maple
syrup.
>
> You forgot to mention that boron is often found in meteorites, and not
> in asteroid debris.
>
> Of course, moldavite comes from meteors, and not asteroids.
I thought it came from Moldavia!
>
> Wasn't ancient Cambodia blasted by a meteor too? [Muong Nong?]
>
> I believe "corundum" comes from asteroids, aka sapphire, named after
> Saphos. It is a soapy crystalline substance ... at bottom, when
> diligently tested, as if a diamond.
>
> Wasn't 'Sapphira' another name for Aster in the time of the Moabs?
That I don't recall, although I do remember Sapphire was living with 'de
Kingfish' somewhere in Harlem.
>
> I never heard of mitotic spindles being an element of asteroids or
> asters, but I'm familiar with the penicillium called griseofulvin, that
> uses mitotic spindles, microtubles, and interferes with cell wall
> components and chemistry.
>
> Who will win this debate over asteroidal supremecy or meteoric
> mastery? The Vatican or the Smithsonian? Isn't it quite exciting!
>
> Chemosh
The Vatican has more money than the Smithsonian, but the Smithsonian
definately has has more asteroids than the Vatican!
>
_________________
*BEATLES SONG FROM 9000 B.C.
to the tune of: "A Girl"
Is there anybody going to listen to my story
Of a meteorite that came to stay?
Its was the kind of met-e-or that kind of made you sor-ry
Hope it won't come back this Saturday!
CHORUS
A hole... (h-o-l-e!), (That's all that's left...
A hole, (h-o-l-e..)
It wasn't good for Germany it blasted thru it
All the suerkraut was blown away!
It decimated Denmark and what's next to it
And littered cheese all up & down Norway
A hole (h-o-l-e!) (That's all that's left...
A hole, (h-o-l-e..)
Whatever it was, meteor, asteroid, or bolide,
it seems to have created crystals, salt, and gems.
Ah! Isn't it too bad that it also flattened Paris
and vaporized the water in the Thames?
CHORUS, Etc. etc.
.
.
> In article <92tlpd$nnn$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > RE: http://www.geocities.com/antarii_rescue/index.html
> > http://www.geocities.com/antarii_rescue/index2.html
> > http://www.geocities.com/antarii_rescue/antares.html
> > http://www.geocities.com/antarii_rescue/aldebaran.html
> > http://www.angelfire.com/de/CassandraCrossing/PAGE3B.html
> >
> > The Feb 2001 SKY & TELESCOPE magazine published a story by the Vatican
> > astronomer Guy Consolmagno titled "The Story of Space Rocks".
> >
> > He was none too pleased with the recent Smithsonian Press book
> > called "Asteroids: A History".
> >
> > Myself, I always thought it was clear to all schoolchildren that
> > asteroids are lava chunks spewed out by volcanoes here on Earth and
> > elsewhere, that fly out of the planet's orbit into space.
> >
> > Meteors have parts iron and parts silicon. Asteroids have next to no
> > iron. When meteors slam into earth they cause a thermonuclear
> > explosion and leave much melted glass [tektites], and large salt
> domes.
> >
> > To wit: Marquez Dome of Texas; the Upheaval Dome of Moab, UT; the
> > Ayers Rock region of Australia; the Serpent Mound of Ohio, USA; the
> > Libyan Desert; the Barringer Crater of AZ; and the underwater crater
> of
> > the Barents Sea [the most salty ocean].
> >
> > The volcanic underwater mountain ridges of the Azores are asteroidal;
> > as are the Pacific Fire Rim underwater mountain ranges; the whole area
> > of Hawaii; most of Icelandic quarters; the Mauritius Island
> archepilago
> > in the African Indian Ocean; et al.
> >
> > These asteroidal volcanic areas seem to be seldom, if ever, bombarded
> > by comets or meteors. Why?
> >
> > Could Signor Consolmagno please explain this remarkable phenomena!
> >
> > Could it go back to the arguments of the ancient Ammonites, before
> they
> > were turned to pillars of salt [Lot was one of their people], that
> > concern the difference between asters and astrals?
> >
> > An aster is a fake star and not genuine. It is also the name of
> > tubular flowers, tulip like, in China.
> >
> > An astral is a real star and has a genuine mitotic and meitotic
> > component.
> >
> > An aster has a spurious radial arrangement around a spindle-like
> > mitotic and meiotic cyst.
> >
> > Hope this stimulates debate.
> >
> > M. Moroni
> >
> > In article <[EMAIL PROTECTED]>,
> > "Roy Sharif M. Sison" <[EMAIL PROTECTED]> wrote:
> > > A new earthquake just struck Southern Philippines a few moments ago.
> > > It's either a new quake or a strong shock after the M7.2 submarine
> > quake
> > > yesterday afternoon.> > Thanks.
> > >
> > > Regards,
> > >
> > > Roy
> > >
>
> >
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Wed, 03 Jan 2001 19:57:11 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Could anyone point me to an _online_ resource which describes exactly
> how to do differential analysis? Most of the stuff I've found is much
> to vague to go from their description to something resembling an
attack.
>
> The reason I'm asking this is I want to analyse my "hypercrypt"
cipher,
> and I want to know how many inner rounds and how many outer rounds are
> needed to make it secure against differential analysis. I *think* that
> if enough rounds are used in the mixing primitive (a 16 bit fiestel
with
> the AES sbox), only one or two outer rounds are needed, but I'm not
> sure.
>
> --
> Power interrupts. Uninterruptable power interrupts absolutely.
> [Stolen from Vincent Seifert's web page]
>
>
Yeah, i'd like to see a consise description to. I wonder wether one of
the experts would like to create such a document with a few worked
examples?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: [rijndael] Efficient hardware S-box implementation
Date: Wed, 3 Jan 2001 21:08:44 -0000
"Tim Olson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, "John E. Gwyn"
> <[EMAIL PROTECTED]> wrote:
>
> | Tim Olson wrote:
> | > It goes on to state that this may be simplified by representing
> | > elements in GF(256) as a 1st-degree polynomial with coefficients
> | > in GF(16):
> | > (bx + c)
> | > However, I cannot find an easy mapping from the representation of
> | > elements in GF(256) to the 2 coefficients b & c in GF(16) ...
> |
> | ? Isn't it just b = top 4 bits, c = bottom 4 bits ?
>
> Well, I thought it should be something simple like that, but it doesn't
> appear to be the case.
There is no trivial mapping between these two different representations of
GF(2^8).
If a generator g (e.g. {03} in the Rijndael field representation - {nn} is a
field element in hex) produces the non-zero elements of GF(2^8) then (g^17)
will generate the 15 sub-elements within GF(2^8) that map easily to the
non-zero elements of GF(2^4). Here the 17 comes from (2^8 - 1) / (2^4 -
1) - the ratio of the sizes of the related multiplicative groups.
A suitable set of base vectors for expressing GF(2^8) in terms of GF(2^4) is
hence any four linearly independent elements from g^0, g^17, g^34,...,
g^238 - for example [{01}, {0c}, {5c}, {e1}] in the representation used by
Rijndael.
The four further vectors needed in the base for GF(2^8) are then these four
vectors multiplied by x^4 (i.e. {10} in Rijndael) - [{10}, {c0}, {b7}, {92}]
for the earlier example.
The irreducible polynomial used in Rijndael x^8+x^4+x^3+x+1 (0x011b) does
not have x as a generator and is not a Conway polynomial. In contrast
x^8+x^4+x^3+x^2+1 (0x011d) has x as a generator and is (I believe) a Conway
polynomial as well. Use of the latter would make arithmetic using field
composition a bit easier but since this is very easy for GF(2^8) using table
lookup the advantages are not obvious.
I have not considered the hardware case but the need for a change of basis
is a complication. But if this were done on input, output and key input it
would have minimum impact on performance (I assume that this would work
although I have not checked it).
Brian Gladman
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Simple Source Related Question???
Date: Wed, 03 Jan 2001 21:00:33 GMT
Bob Mariotti wrote:
[...]
> Can anyone please point me to a site or email me an example of a
> simple ECB routine to calculate the DES value (pin offset to be
> specific).
Separate this into two problem: computing the DES block
encryption function, and taking a "pin offset" from that.
The DES code is hard to write but easy to find; try Phil
Karn's at:
http://people.qualcomm.com/karn/code/des/
Then look up the "pin offset" in the standard you are working
from. You will probably not find it built into any of the
popular open DES implementations, but given DES code, it
should be trivial to write.
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Wed, 03 Jan 2001 21:11:36 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Could anyone point me to an _online_ resource which describes exactly
> how to do differential analysis? Most of the stuff I've found is much
> to vague to go from their description to something resembling an
attack.
Differential attacks work like this. You have a finite function F(x),
you know that a difference i.e F(x) - F(x - a) = b will occur with
probability p (p <> 1), thus there are pairs of inputs (x, x-a) that
will cause the output difference 'b'.
In your attack you sends random pairs of inputs (that differ by 'a')
and look for an output difference of 'b'. If it occurs then your
inputs may have been right.
Given most F(x) will be used as F(x + k) (i.e a key is added) it's a
simple matter of linear algebra to find the right key.
For example if for the inputs (1,2,3) and a ionput difference of 2, an
output difference of 4 is likely. Then if you send (5,7) as an input
and find '2' as the difference the key may have been -4,-3 or -2 (i.e 5
- 4 = 1, 5 - 3 = 2....).
Hope this helps.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Wouter" <[EMAIL PROTECTED]>
Subject: Input/Ouput-conversion for DES password encryption
Date: Wed, 3 Jan 2001 22:39:06 +0100
Hi,
I am working on a encryption program (just for fun) which encodes password
using DES. I have written the entire algorithm, and probably the 'main'
algorithm works fine, but password encryption with my program gives other
ciphertext than I had expected (not the strings of the password-files).
The only parts in my algorithm about which I don't know sure if they're
good, are how the passwords are converted to bits (the input for the
algorithm) and how the output of the algorithm (also 64 bits) are converted
to an ascii-string.
Question 1: A password consists of 8 characters of 8 bits, with the left bit
always zero (ignored). The input for the algorithm is an array of 64 bits.
Bits 8, 16, 24, ..., 64 are ignored. How is the password converted to an
array of 64 bits. Are all characters shifted one bit to left? Or are the
bits swapped?
For example: The highest bit of the first (left) character is b1. The lowest
bit of the last character is b64. Then will the input for the DES-algorithm
be: b2, b3, b4, b5, b6, b7, b8, b1, b10,...,b16, b9, b18, ..........., b56,
b49, b58, ..., b64 ? Or are all the bits swapped, e.g: b64, b63, .......,
b2, b1 ?
Question 2: the output of the DES-algorithm is an array of 64 bits (b1 b2
... b63 b64). This is to be converted to an array of 11 characters. As far
as I know the characterset is CH =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" (in that
order!). The 64-bits output is divided in 10 groups of 6 bits and one group
of 4 bits. I think the first character of the string has to be CH[b1, b2,
b3, b4, b5, b6] and the last character has to be CH[b61, b62, b63, b64, 0,
0]. Is this right?
I hope someone can help me. Any hints or code (basic / C / pseudo-code) will
be very much appreciated. I haven't found any information about this parts
of the algorithm on the internet.
Wouter
------------------------------
From: [EMAIL PROTECTED] (Marc)
Subject: Re: Audio-CD steganography?
Date: 3 Jan 2001 22:40:00 GMT
>Graphical files allow hiding of bits through appropriate
>modification of pixels. Wouldn't it be possible to do
>analogous modifications to audio data? If yes, how good
>is that? Thanks.
Sure. ScramDisk 2.x is a program that supports this for .wav
files and can even mount it like an additional harddrive (Win9x).
Note that if you use commercial pop music for stego, one can
do a binary compare between (say) Madonnas' original song
and your version. Better use a microphone grabation of your
daugther reading a book and erase (wipe) the original after
adding the secret data.
The subchannels this thread was about originally are something
different. They are part of the CD format and contain sector
numbers and laser position information. They have nothing to
do with Audio, other than that they are stored on an audio CD.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Input/Ouput-conversion for DES password encryption
Date: Wed, 03 Jan 2001 22:42:23 GMT
In article <930639$i88$[EMAIL PROTECTED]>,
"Wouter" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am working on a encryption program (just for fun) which encodes
password
> using DES. I have written the entire algorithm, and probably
the 'main'
....
> I hope someone can help me. Any hints or code (basic / C / pseudo-
code) will
> be very much appreciated. I haven't found any information about this
parts
> of the algorithm on the internet.
>
> Wouter
>
>
What you describe looks like the Unix crypt3 system call. This is not
the official DES but a special implementation of it. You can find
source code to do the password conversion here:
http://www.cs.ucsb.edu/~mdipper/crypt/crypt3.c
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "[Basic]" <[EMAIL PROTECTED]>
Subject: Test values
Date: Thu, 4 Jan 2001 00:03:13 +0100
Hi,
I once again request test values for the gost 28147-89 algo. Could pls
anyone encrypt a sample block of plaintext in ecb mode and post the
plaintext, the ciphertext, the key and the sboxes here.
thx
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
