Cryptography-Digest Digest #429, Volume #13 Sun, 7 Jan 01 05:13:01 EST
Contents:
Seeking frequency distributions ("Erik Edin")
Re: xor'd text file ("Joshua Cryer")
Re: Comets, Meteors, and Mitotic Spindles (Benjamin Goldberg)
Re: Wierd key (PGP v3 RSA) (lcs Mixmaster Remailer)
Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle (John Savard)
Re: Password security for file transfer w/o speed loss? (graywane)
Re: Question regarding OS's. ([EMAIL PROTECTED])
Re: Question regarding OS's. (Tom St Denis)
Re: Password security for file transfer w/o speed loss? (Paul Rubin)
Re: Can anyone break these cryptograms? (Richard Cavell)
Fastest way to factor primes? (Steve Portly)
Re: Fastest way to factor primes? (Virgil)
Re: Fastest way to factor primes? ("Brian Wong")
Re: Comparison of ECDLP vs. DLP (Roger Schlafly)
----------------------------------------------------------------------------
From: "Erik Edin" <[EMAIL PROTECTED]>
Subject: Seeking frequency distributions
Date: Sun, 7 Jan 2001 00:42:18 +0100
Hi.
I'm seeking frequency distributions of letters for use in cryptanalysis of a
simple monoalphabetic cipher. I'm specifically looking for frequency
distributions of the German language, but I'm also interested in all other
languages. They seem to be less than easy to find on the Internet.
Thanks.
Erik Edin
------------------------------
From: "Joshua Cryer" <[EMAIL PROTECTED]>
Subject: Re: xor'd text file
Date: Sat, 6 Jan 2001 16:02:43 -0800
> I dont quite understand what you mean by 'seed'. The number 65535 is
16bits
> in binary. Do you mean the number which is <= 65535 has been XOR'd with
every
> 16 bits in the text file? If that was the case then frequency analysis
would
> still work pretty well on the file. Look at how many times each byte
occurs
> in the text file. The highest frequencied items will most likely be
plaintext
> space or E. From there you can figure out what number would transfer the
> ciphertext letter into space or E. Apply this to the whole file and see
what
> happens.
What I mean is this. The file is XOR'd to a pseudo-random number generator
which is limited to 65535 possible seeds (yeah, 16 bits). I actually know
many words, and even complete sentences that were used in the original text
file. I just don't know how I could begin to reverse engineer since I know
for certian that it was XOR'd at least twice (maybe more) with two different
seeds. Someone told me that this is very crackable. Well. How?
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: sci.geo.earthquakes,alt.fluid-dynamics,alt.sci.astro.eclipses
Subject: Re: Comets, Meteors, and Mitotic Spindles
Date: Sun, 07 Jan 2001 00:14:28 GMT
[EMAIL PROTECTED] wrote:
[snip]
> Meteors have parts iron and parts silicon. Asteroids have next to no
> iron. When meteors slam into earth they cause a thermonuclear
> explosion and leave much melted glass [tektites], and large salt
> domes.
To get a thermonuclear explosion, you need either high purity nuclear
isotopes being impacted at high speed, or isotopes of hydrogen being
compressed at high speed and temperature. Meteors do not cause
thermonuclear explosions. The do leave tektites, but this is due to
heat made by perfectly ordinary friction, from the meteorite moving
through the atmosphere.
> To wit: Marquez Dome of Texas; the Upheaval Dome of Moab, UT; the
> Ayers Rock region of Australia; the Serpent Mound of Ohio, USA; the
> Libyan Desert; the Barringer Crater of AZ; and the underwater crater
> of the Barents Sea [the most salty ocean].
A geological feature called an "upheaval dome" is almost certainly
caused by an upwelling of magma from within the earth which doesn't
quote reach the surface, and merely deforms the area into a dome.
If there is a crater in a salty ocean, there is no reason to jump to the
conculsion that the salt is due to the meteor which made the crater. If
two bodies of saltwater are connected, and one is lower in altitude, and
has warm arid air flowing over it from the land, it will evaporate more
quickly than the other, resulting in a higher concentration of salt.
> The volcanic underwater mountain ridges of the Azores are asteroidal;
> as are the Pacific Fire Rim underwater mountain ranges; the whole area
> of Hawaii; most of Icelandic quarters; the Mauritius Island
> archepilago in the African Indian Ocean; et al.
No. Are you a disbeliver in plate tectonics?
> These asteroidal volcanic areas seem to be seldom, if ever, bombarded
> by comets or meteors. Why?
Where do you get that idea from? How do you know that they aren't hit
just as often as other places, but magma flows cover any craters?
> Could Signor Consolmagno please explain this remarkable phenomena!
>
> Could it go back to the arguments of the ancient Ammonites, before
> they were turned to pillars of salt [Lot was one of their people],
> that concern the difference between asters and astrals?
What are you smoking, and can I have some?
> An aster is a fake star and not genuine. It is also the name of
> tubular flowers, tulip like, in China.
What's a fake star? One made of fake hydrogen? With fake nuclear
fusion?
> An astral is a real star and has a genuine mitotic and meitotic
> component.
I seriously doubt that stars undergo mitosis.
> An aster has a spurious radial arrangement around a spindle-like
> mitotic and meiotic cyst.
I thought that asters were actually non-mimsy borogroves.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
Date: 7 Jan 2001 01:40:06 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: Wierd key (PGP v3 RSA)
This guy's showing off:
> Chris Drake.
>
> PGP Key. RSA 2020/C0DED00D Fprint: 250A 7E38 9A1F 8A86 0811 C704 AF21
>
> 222C
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: None of your business
>
> mQESAgAAAAAAAAEH5Ar//This+is+Christopher+Drakes+PGP+public+key//
> Who/What+is+watcHIng+you//Di0nAraP+Ebz+iq83gCa06rGL4+hc9Gdsq667x
> 8FrpohTQzOlMF1Mj6aHeH2iy7+OcN7lL0tCJuvVGZ5lQxVAjhX8Lc98XjLm3vr1w
> ZBa9slDAvv98rJ8+8YGQQPJsQKq3L3rN9kabusMs0ZMuJQdOX3eBRdmurtGlQ6AQ
> AfjzUm8z5/2w0sYLc2g+aIlRkedDJWAFeJwAVENaY0LfkD3qpPFIhALN5MEWzdHt
> Apc0WrnjJDby5oPz1DXxg6jaHD/WD8De0A0ARRAAAAAAAAAAAbQvQ2hyaXN0b3Bo
> ZXIgRHJha2UgPENocmlzdG9waGVyLkRyYWtlQFBvQm94LmNvbT60SE5ldFNhZmUg
> c2VjdXJpdHkgc29mdHdhcmUgZGlyZWN0b3IgQ2hyaXN0b3BoZXIgRHJha2UgPE5l
> dFNhZmVAUG9Cb3guY29tPokBEgMFEDPXgvkcP9YPwN7QDQEB25oH4wWEhg9cBshB
> i6l17fJRqIJpXKAz4Zt0CfAfXphRGXC7wC9bCYzpHZSerOi1pd3TpHWyGX3HjGEP
> 6hyPfMldN/sm5MzOqgFc2pO5Ke5ukfgxI05NI0+OKrfc5NQnDOBHcm47EkK9TsnM
> c3Gz7HlWcHL6llRFwk75TWwSTVbfURbXKx4sC+nNExW7oJRKqpuN0JZxQxZaELdg
> 9wtdArqW/SY7jXQn//YJV/kftKvFrA24UYLxvGOXfZXpP7Gl2CGkDI6fzism75ya
> xSAgn9B7BqQ4BLY5Vn+viS++6Rdavykyd8j9sDAK+oPz/qRtYJrMvTqBErN4C5uA
> IV88P1U=
> =/BRt
> -----END PGP PUBLIC KEY BLOCK-----
If you dump out the PGP key block in hex, you see:
99 01 12 02 00 00 00 00 00 00 01 07 e4 0a ff fd
38 62 b3 e8 ac f8 28 6b 8a cb 68 a6 17 ab f8 3a
da 91 eb 3e 3c 63 fe a6 e6 e5 89 cf a4 7b 2f ff
5a 1a 3f 5a 16 ad fa 2b 3e c1 ab 5c 1c 89 e0 fb
2a 2e ff f0 e2 d2 70 2b 68 ff 84 6f 3f a2 ab cd
e0 09 ad 3a ac 62 f8 fa 17 3d 19 db 2a eb ae f1
f0 5a e9 a2 14 d0 cc e9 4c 17 53 23 e9 a1 de 1f
68 b2 ef e3 9c 37 b9 4b d2 d0 89 ba f5 46 67 99
50 c5 50 23 85 7f 0b 73 df 17 8c b9 b7 be bd 70
64 16 bd b2 50 c0 be ff 7c ac 9f 3e f1 81 90 40
f2 6c 40 aa b7 2f 7a cd f6 46 9b ba c3 2c d1 93
2e 25 07 4e 5f 77 81 45 d9 ae ae d1 a5 43 a0 10
01 f8 f3 52 6f 33 e7 fd b0 d2 c6 0b 73 68 3e 68
89 51 91 e7 43 25 60 05 78 9c 00 54 43 5a 63 42
df 90 3d ea a4 f1 48 84 02 cd e4 c1 16 cd d1 ed
02 97 34 5a b9 e3 24 36 f2 e6 83 f3 d4 35 f1 83
a8 da 1c 3f d6 0f c0 de d0 0d 00 45 10 00 00 00
00 00 00 00 01
The 99 means it is a PGP key block, the 01 12 is the length, the 02
is the version, the 00 00 00 00 is the creation date, the 00 00 is the
expiration period, the 01 is the key type (RSA), the 07 e4 is the number
of bits in the modulus, and then the modulus itself begins.
The modulus starts with the 0a ff fd on the first line and extends through
c0 de d0 0d on the second to last line. The PGP keyid is the last 64
bits of the modulus and it is easy to find p and q such that pq has the
desired final 64 bits: choose p at random, find the 64 bit value h such
that the low 64 bits of p*h are what are desired, and then choose q so
that its low order 64 bits are h, which can be done by picking a starting
value with the desired 64 bits and then incrementing by 2^64 until you
find that q is prime.
However he has also controlled the high order bits of his modulus in
order that the base64 encoding displays his chosen message. This is
done by choosing the message in advance and then turning it into bits
to see what the high order bits of the modulus must be. To get pq
to have these high order bits you again choose your p at random, and
divide into the desired modulus value to get a starting point for q.
Now when you increment q by 2^64 you add p * 2^64 to pq, leaving most
of the high order bits of pq unchanged. This will create a modulus
with the chosen pattern in the high bits.
Hence it is possible to control the high order and low order bits of
your modulus. There is a block of bits in the middle, of size a few
bits longer than your smaller prime factor, that you can't control.
You can slide this block of uncontrollable bits right or left as you
prefer, using these techniques.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.geo.earthquakes,alt.fluid-dynamics,alt.sci.astro.eclipses
Subject: Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle
Date: Sun, 07 Jan 2001 03:26:24 GMT
On Sat, 06 Jan 2001 22:42:25 GMT, Ed Augusts <[EMAIL PROTECTED]>
wrote, in part:
>I BELIEVE YOU! But then, could someone please tell me how scientists
>could, with a straight face, claim that meteorites that contain
>microscopic traces of possible life and crashed on earth must have
>anciently originated on the PLANET MARS??? I never swallowed THAT one!
I found that surprising as well.
However, they do not claim that these meteorites were produced by a
Martian volcano. Instead, they claim that the enormous forces, similar
to those unleashed by a thermonuclear explosion, but even greater,
were what catapulted pieces of Mars into space.
This cannot be rejected out of hand as completely implausible. It is
now believed that Earth's Moon was formed by the collision of the
Earth with an object comparable in size to the planet Mars. Surely
such a titanic event could have sent many fragments of the Earth on
various orbits through the Solar System.
As Mars is closer to the Asteroid Belt than the Earth, it is possible
that it has been hit by some fairly sizable objects, including bodies
larger than those responsible for the mass extinctions in Earth's
history, even fairly recently.
That identifiable remains of life could survive deep within rock
fragments is still somewhat questionable, and that the anomalies noted
within the meteorite ALH84001 are in fact the result of life is still
highly uncertain. But that it came from Mars appears to be fully
confirmed by the evidence of its composition.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (graywane)
Subject: Re: Password security for file transfer w/o speed loss?
Date: Sun, 07 Jan 2001 04:16:02 GMT
In article <[EMAIL PROTECTED]>, Bob Babcock wrote:
> At my office, we're getting ready to disable telnet and ftp, forcing the use
> of ssh, sftp, etc. The problem is, sftp and scp seem to be at least 20x
> slower than ftp, and for some users, this is a big problem. We're only
> interested in protecting username/password; the files being transferred are
> not sensitive.
Then just setup Kerberos. That will solve your authentication problems
without mandating encrypted transfers.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Question regarding OS's.
Reply-To: remove.nospam.in.address.to.reply
Date: Sun, 07 Jan 2001 04:25:48 GMT
Having just completed my intro programming classes, C language and
such, and having an interest in cryptology, I am interested in
learning about implementing cryptanalysis in my programs.
I have a windows 95 box that I spend the most time on, and have been
attempting to use the DOS | command to use the output of my program to
serve as input for another program, to no avail. Is the usage of data
piping (such as you described in the UNIX shell environment), how
cryptoanalysis programs are actually implemented? Thank you very
much! Ed
On Mon, 20 Nov 2000 02:10:34 -0500, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>Juri wrote:
>
>> I am just curious, why OS do you, cryptographers, use?
>
>For cryptanalysis, the UNIX shell environment
>(filters & pipelines) is very convenient.
>These days a similar environment is available
>for most OSes, although sometimes not "out of
>the box", i.e. you have to install it yourself.
>
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Question regarding OS's.
Date: Sun, 07 Jan 2001 05:21:56 GMT
In article <[EMAIL PROTECTED]>,
remove.nospam.in.address.to.reply wrote:
> Having just completed my intro programming classes, C language and
> such, and having an interest in cryptology, I am interested in
> learning about implementing cryptanalysis in my programs.
>
> I have a windows 95 box that I spend the most time on, and have been
> attempting to use the DOS | command to use the output of my program to
> serve as input for another program, to no avail. Is the usage of data
> piping (such as you described in the UNIX shell environment), how
> cryptoanalysis programs are actually implemented? Thank you very
> much! Ed
Speaking from my experience. I use DJGPP for dos virtually all the
time I work on crypto related research. Normally perdy gui's are not
required by scientists since they know what they are doing.
About 1.5 years ago I wrote a program called Peekboo which was a crypto
program for end users. I made a perdy gui for it so that users had an
easier time using it.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Password security for file transfer w/o speed loss?
Date: 06 Jan 2001 21:36:09 -0800
Bob Babcock <[EMAIL PROTECTED]> writes:
> At my office, we're getting ready to disable telnet and ftp, forcing the use
> of ssh, sftp, etc. The problem is, sftp and scp seem to be at least 20x
> slower than ftp, and for some users, this is a big problem. We're only
> interested in protecting username/password; the files being transferred are
> not sensitive. What I think we need is a transfer protocol that only
> encrypts the login info. (I assume it's the encryption overhead that slows
> things down. The sort of slowdown we're seeing is 5 MB/sec for ftp, 150
> KB/sec for sftp.)
I wonder what is causing that slowdown. Something is clearly wrong with
the implementation. Nothing about those protocols should inherently
slow things down that much.
> I've seen many references to routing the ftp control channel through
> ssh, but this requires using passive mode. We don't like that
> because it requires opening up ports that we now have closed. Are
> there any other options? We've got unix, pc and mac users, but it's
> probably mostly the unix users that need more speed.
Maybe you could use ftps (ftp over SSL) instead of sftp. Or use
stunnel for the ftp control channel (or both the control and data
channels).
------------------------------
From: Richard Cavell <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: Can anyone break these cryptograms?
Date: Sun, 07 Jan 2001 17:26:03 +1100
daniel mcgrath wrote:
> slight difference. I would be interested in seeing if any of you on
> rec.puzzles or sci.crypt are able to decipher the messages, or at
> least make hypotheses.
Daniel, you're killing me. Come on now, let's have it.
Richard Cavell
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Fastest way to factor primes?
Date: Sun, 07 Jan 2001 01:38:24 -0500
What would be the fastest way to determine if 362293147 is prime?
Wouldn't a prime number sieve be the fastest method?
------------------------------
From: Virgil <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Sun, 07 Jan 2001 00:37:58 -0700
In article <[EMAIL PROTECTED]>, Steve Portly
<[EMAIL PROTECTED]> wrote:
> What would be the fastest way to determine if 362293147 is prime?
> Wouldn't a prime number sieve be the fastest method?
>
To find a lot of primes fast, a sieve is probably the most efficient
way, but the size of the primes is limited.
To find whether a single number is prime, there are better ways.
My HP49G hand calculator factored 362293147 into 19031*19037 in about a
second and a half.
------------------------------
From: "Brian Wong" <[EMAIL PROTECTED]>
Subject: Re: Fastest way to factor primes?
Date: Sun, 7 Jan 2001 03:03:04 -0500
"Virgil" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, Steve Portly
> <[EMAIL PROTECTED]> wrote:
>
> > What would be the fastest way to determine if 362293147 is prime?
> > Wouldn't a prime number sieve be the fastest method?
> >
>
> To find a lot of primes fast, a sieve is probably the most efficient
> way, but the size of the primes is limited.
>
> To find whether a single number is prime, there are better ways.
>
> My HP49G hand calculator factored 362293147 into 19031*19037 in about a
> second and a half.
Simply run a SPRP to bases 2, 3, 5, and 7. If the number is not
3,215,031,751 and is under 100,000,000,000 it is prime.
Alternately, run a SPRP to base 2 and a Lucas test. No counterexamples are
known (although they must exist, you aren't too likely to find one).
Brian
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Comparison of ECDLP vs. DLP
Date: Sun, 07 Jan 2001 01:58:15 -0800
David Hopwood wrote:
> ECDSA DSA
> + - Known attacks against ECDSA (with well-chosen parameters) are
> exponential in the group order, as opposed to subexponential
> for DSA.
Good summary, but a minor nit: The known attacks against DSA are
also exponential in the (size of) the group order. They are
subexponential in the (size of) the field order. Ie, for typical
DSA parameters, breaking is exponential in the 160 but
subexponential in the 1024.
> + - EC public key sizes are smaller for a given conjectured level
> of security.
> + - ECDSA can be faster than DSA for a given conjectured level of
> security, *if* it is well-optimised.
> - There is an attack by Serge Vaudenay that reduces the cost of
> finding collisions for DSA to less than the expected 2^80
> operations (when used with SHA-1); this attack does not
> apply to ECDSA as standardised, but it is not particularly
> serious in any case.
> - + Well-optimised implementations of ECDSA, in either hardware
> or software, are less common, and tend to only implement
> a subset of options (see next point).
> - + Ensuring interoperability is significantly harder for ECDSA
> because there are several field and basis options.
> - + EC systems are more complicated to implement, and therefore
> there is a greater chance of an implementation bug affecting
> security.
> - + Some methods of implementing field arithmetic used in EC systems
> are patented. Also the patent status of point compression
> (for an ECDSA public key, for example) is uncertain. DSA is
> technically patented by the US Government, but with a
> royalty-free open license.
> - + Generation of parameters for EC cryptosystems is *much* more
> complicated (although it is possible to use parameters that
> were generated by someone else). Generation of DSA parameters
> is quite easy.
> - + The EC discrete log problem is arguably less well understood
> or thoroughly analysed than the DLP in a subgroup of GF(p).
> - + There is a greater risk of choosing classes of EC parameters
> that turn out to be weak - c.f. Smart's attack on EC(GF(2^m))
> with m composite. (This is especially true if you choose
> parameters to enable specific optimisations, so be careful
> of performance analyses that do this.)
> + + There is an advantage to supporting both ECDSA and DSA in case
> an attack is found on one of them (although not if you design
> a system so that a break in either will break the system).
> = = Signature sizes are identical. Message recovery is not
> supported.
> = = Both are believed to provide existential unforgeability under
> chosen message attack (but see the next point).
> - - Neither DSA nor ECDSA are supported by security proofs
> (unlike, say, RSA-PSS or RW-PSS).
>
> Overall I think the above arguments favour DSA for most typical
> applications (or one of RSA-PSS or RW-PSS if you don't restrict the
> choice to DSA and ECDSA), but YMMV.
>
> Also, remember that the vast majority of feasible attacks against
> cryptographic systems are not cryptanalytic attacks against algorithms.
>
> - --
> David Hopwood <[EMAIL PROTECTED]>
>
> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
> Nothing in this message is intended to be legally binding. If I revoke a
> public key but refuse to specify why, it is because the private key has been
> seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBOlapMDkCAxeYt5gVAQGxhgf/d2Q8U80l3975V8+YrcvgzGLnYIlMoGDp
> sNICr+REUj9NgGze5xg4sTGl1Q157dWLGDgbs1U/yxFWuQaJJc6rDNIVm1GzQNf4
> fQEdVW0zfhjQZfDZfFxIaxPxooXGQi+K/vcOszaP1s+zlg81HuCALZlaGY9vN/FV
> 8+1JmNYMf2gKwPHv0S0f4jEeEvpGyP2g1bdEeIz8sMy2660VyapDjmUySasy1qAS
> BWvA3ePZMcUOi6yaCQMIMycVtStuUhWJla3XfaXAcjEhxP4hapxg0kLl1JNx7M0e
> I1FVt7uM+tjc1ozPaOIgdRaHormDNzzT/Xsnoxxgw9Ydo/76KD2FEQ==
> =SewD
> -----END PGP SIGNATURE-----
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
