Cryptography-Digest Digest #452, Volume #13 Wed, 10 Jan 01 21:13:01 EST
Contents:
Re: Differential Analysis (Rex Stewart)
Re: NSA and Linux Security (John Savard)
Re: NSA and Linux Security (John Savard)
Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle (Steve Portly)
Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution Systems
(Warning: LONG post) ("Paul Pires")
Stream cipher (Simon Johnson)
Re: NSA and Linux Security (David Wagner)
Re: NSA and Linux Security ("Douglas A. Gwyn")
Re: Stream cipher (Simon Johnson)
Re: NSA and Linux Security (digiboy | marcus)
Re: Stream cipher ("Paul Pires")
Re: Comparison of ECDLP vs. DLP (Greggy)
Re: Coral Reefs, COMETS & aphid anal secretions ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: Differential Analysis
Date: Wed, 10 Jan 2001 22:55:59 GMT
In article Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> table[256][256] = { 0 };
> for (x = 0; x < 256; x++)
> for (y = 0; y < 256; y++)
> ++table[x^y][sbox[x]^sbox[x^y]];
>
> Then scan the table for the highest element (ignoring table[0][0]).
>
> (Can you tell I program in C? hehehehe)
>
> Tom
>
I suspect you think in C.
I wonder, do you dream in C?
I first ran into this phenomenon with MPJ's explanation
of his Ruby Cipher. I understand the phenomenon better
nowadays, but it is a bit annoying to those of us who
have trouble reaching above pseudo code :-)
(also makes me a bit envious)
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA and Linux Security
Date: Wed, 10 Jan 2001 23:01:13 GMT
On Mon, 8 Jan 2001 16:16:49 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>Simon Johnson wrote:
>> ... I remember once reading that the NSA broke the
>> encryption of between an candian exporter of grain and some EU
>> distrubuter. The NSA then promptly sold this information to an American
>> supplier and the American comapny successfully undercut the deal.
>If you have evidence of this (highly illegal) event,
>please send it to me and I'll see that an investigation
>is launched. Frankly I doubt that it occurred, but if
>it did the individual responsible should be prosecuted.
He could have read about it even if it didn't happen. After all, you
can buy copies of "Weekly World News" at your local supermarket. In
this case, a certain individual with the initials W. M. comes to mind.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NSA and Linux Security
Date: Wed, 10 Jan 2001 23:05:29 GMT
On Wed, 10 Jan 2001 22:43:31 GMT, Greggy <[EMAIL PROTECTED]>
wrote, in part:
>In article <935b2q$5jv$[EMAIL PROTECTED]>,
> Simon Johnson <[EMAIL PROTECTED]> wrote:
>> Since this role doesn't exist in the same capacity as before, they
>must
>> be forced to do other work.
>What on earth could you possibly point to as the basis for your
>statement?
How about the computer you're using to connect to the Internet?
If people used to go to lots of trouble to send secret messages on
machines like the old-time Enigma, then they could - if they wanted -
exchange secret keys physically, and let their computers churn for
like five minutes to encrypt an E-mail.
This probably *would* put the NSA out of the business of
cryptanalysis, if everyone with an important secret message to send
went to that length.
Of course, 'something could happen' is not the same thing as
'something is happening'...even when the something is not something
stupid, but something actually in the interest of the people who could
be doing it.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Crossposted-To: alt.sci.astro.eclipses,sci.geo.earthquakes
Subject: Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle
Date: Wed, 10 Jan 2001 18:20:05 -0500
Richard Heathfield wrote:
> Ed Augusts wrote:
> >
> > Scot Mc Pherson wrote:
> > >
> > > > After all, do you see a mars-sized crater on earth from the moon's
> > > > creation?
> > >
> > > Actually yes you do...Find a map or globe that displays underwater
> > > terrain.
ftp://ftp.ngdc.noaa.gov/MGG/images/predict/INDEX
> Then look at Australia again....Then come back here and say the
> > > above again....I know you won't =)) I believe the phrase you will come up
> > > with will be something like holy s***
> > >
> > > Scot Mc Pherson
> >
> > Instead of referring us to the map or globe, it would have been nice if
> > you had said, "there is a two thousand km diameter depression in the
> > shape of a crater located...." You are not giving information, you are
> > just teasing. See, I would have been very interested to know if this
> > underwater feature is in the middle of the Indian Ocean, or in the
> > Indonesian Archipelago, but I'm not going to go on a big search for the thing!
>
> He's probably referring to the South Australian Basin, the northern edge
> of which is just south of the Nullarbor Plain.
>
> It's rather impressively deep (over 3 miles), and pretty much
> crater-shaped.
>
> Or he could be referring to the Tasman Basin, which is pretty darned
> impressive in its own right.
>
> That whole hemisphere is just chock-full of candidates.
>
> (I notice this is cross-posted to sci.geo.earthquakes, who can probably
> give a much better response than I can. What's this doing in sci.crypt
> anyway?)
Elliptical curve cryptography?
<snip>
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: xor'd text file - Cryptanalyis of Simple Aperiodic Substitution Systems
(Warning: LONG post)
Date: Wed, 10 Jan 2001 15:18:21 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Paul Pires wrote:
>
> > Douglas A. Gwyn wrote:
> >> 1 clock per byte.
> > Gulp! That is a humbling number. Any chance that
> > I am assuming something weird? This is for code,
> > with no special hardware support,
> > running under a common OS (like Windoze),
> > on a common 32bit platform?
> No, that's for a hardware implementation.
Thanks again. I can un-cross my eyes now.
Paul
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Stream cipher
Date: Wed, 10 Jan 2001 23:26:48 GMT
This is a low security cipher i have built for seeing how cryptoanalyis
can be applied to stream ciphers. The intented use of this is to keep
out the members of my family from a diary i keep. Rather than use
something else, i wanted to have some fun and built a cipher. I've
published it here, so you can completly destroy the toy :)
This cipher is based on simple maths (some of the maths language might
be off).
Basically, i picked six primes close to 16-bits each: 65537, 65539
65543, 65551, 65557, 65563.
Now, this cipher is designed to take a 96-bit key. The key is divided
into 16-bit portions. Working from the MSB to the LSB the first 16-bits
are put into the varible, A, the second 16-bits into variable, B, the
third 16-bits into the variable, C and so on..... from A -> F
Once this is done, clock the cipher once, and we are ready to start.
To clock, do the following simple procedure:
a = (a * 7) Mod 65537
b = (b * 3) Mod 65539
c = (c * 11) Mod 65543
d = (d * 13) Mod 65551
e = (e * 5) Mod 65557
f = (d * 17) Mod 65563
All the multipliers are meant to be primitive elements in their
respective fields. To return a single 'random' bit add the next step:
bit = (a xor b xor c xor d xor e xor f) AND 1
Now since all the modulo's are relativly prime then the cycle length of
this construction should be (2^96)-1 bits. But, i feel that this is its
only nice property. It is almost certianly insecure... but i want to
see how you attack a stream cipher and this looks like a nice punch
bag :).
Any offers on how to do it?
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and Linux Security
Date: 10 Jan 2001 23:45:54 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Douglas A. Gwyn wrote:
>> Fine, but what of Echelon?
>
>It's a word in any reasonable English dictionary,
>denoting a level of military organization.
No, that's lower-case "echelon". Upper-case "Echelon" is often
used by NSA-watchers either (1) to refer specifically to a NSA
interception program that apparently is/was codenamed ECHELON, or
(2) to refer generally to NSA's worldwide interception capabilities.
(Be warned that folks often aren't clear about which meaning they
are using. Moreover, it's not clear whether both meanings are
identical, or whether ECHELON is just one small part of the NSA's
total facilities for interception.)
It seems hard to deny the existence of ECHELON, from the evidence
we have available to us today.
See, e.g.,
http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/09-03.htm
which shows a memo, obtained by FOIA, telling the commanding
officer of a military site in Sugar Grove, West Virginia that
one of his duties is to maintain an ECHELON site.
Or, see the admissions by officials in New Zealand and Australia
of the existence of Echelon (at least in the sense (2) above,
if not in the sense (1) as well), and that they cooperate with
the NSA to operate it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Thu, 11 Jan 2001 00:22:57 GMT
David Wagner wrote:
> No, that's lower-case "echelon". Upper-case "Echelon" is often
> used by NSA-watchers either (1) to refer specifically to a NSA
> interception program that apparently is/was codenamed ECHELON,
I know that, and they're mistaken.
> See, e.g.,
> http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB23/09-03.htm
> which shows a memo, obtained by FOIA, telling the commanding
> officer of a military site in Sugar Grove, West Virginia that
> one of his duties is to maintain an ECHELON site.
It's not clear why that instance of "echelon" was
capitalized, but if you examine the other documents
on the same Web site it should be apparent that in
them "echelon" was used with its dictionary meaning.
Of course NSA does have listening posts around the
world, and has various operational and information
sharing agreements with several foreign governments.
That's the nature of the business.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Stream cipher
Date: Thu, 11 Jan 2001 00:28:54 GMT
In article <93ir3d$ogb$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> This is a low security cipher i have built for seeing how
cryptoanalyis
> can be applied to stream ciphers. The intented use of this is to keep
> out the members of my family from a diary i keep. Rather than use
> something else, i wanted to have some fun and built a cipher. I've
> published it here, so you can completly destroy the toy :)
>
> This cipher is based on simple maths (some of the maths language might
> be off).
>
> Basically, i picked six primes close to 16-bits each: 65537, 65539
> 65543, 65551, 65557, 65563.
>
> Now, this cipher is designed to take a 96-bit key. The key is divided
> into 16-bit portions. Working from the MSB to the LSB the first 16-
bits
> are put into the varible, A, the second 16-bits into variable, B, the
> third 16-bits into the variable, C and so on..... from A -> F
>
> Once this is done, clock the cipher once, and we are ready to start.
> To clock, do the following simple procedure:
>
> a = (a * 7) Mod 65537
> b = (b * 3) Mod 65539
> c = (c * 11) Mod 65543
> d = (d * 13) Mod 65551
> e = (e * 5) Mod 65557
> f = (d * 17) Mod 65563
>
> All the multipliers are meant to be primitive elements in their
> respective fields. To return a single 'random' bit add the next step:
>
> bit = (a xor b xor c xor d xor e xor f) AND 1
>
> Now since all the modulo's are relativly prime then the cycle length
of
> this construction should be (2^96)-1 bits. But, i feel that this is
its
> only nice property. It is almost certianly insecure... but i want to
> see how you attack a stream cipher and this looks like a nice punch
> bag :).
>
> Any offers on how to do it?
>
> Simon.
> --
> Hi, i'm the signuture virus,
> help me spread by copying me into Signiture File
>
> Sent via Deja.com
> http://www.deja.com/
>
*ACK* at my mistake, the period will not be exactly (2^96)-1 but the
multiplication of all the modulo's in the system. Which should be
aproximatly 2^96.
Simon.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com
http://www.deja.com/
------------------------------
From: digiboy | marcus <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Thu, 11 Jan 2001 01:12:17 GMT
In article <93eoi8$k9$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Casper H.S. Dik - Network Security
Engineer) wrote:
> Really? If NSA and others agency do this sort of stuff, the chances
> of embarrasment are real and big. The NSA is very secretive about
> what it does and what it can do. Selling information to companies
> that have no security practices that come even close (i.e., all
> companies), is an extremely dangerous proposition. Good cover
> stories will be hard to maintain.
Intelligence agencies tend not to deal directly. I've seen it reported
that a war (Afghan perhaps?) was fought from all sides through indirect
means, selling arms through fictional proxy corporations etc. Where
those factions receiving the arms didn't even know where the stuff was
truly coming from. They even had to tone down the weaponry they sent so
it looked like weapons the supported faction could actually
buy/afford/find.
Anyway, what I'm getting at is that I doubt they phone the corporation
and say "Hey, this is the NSA. Here's something you might want to
know..."
--
[ marcus ] [ http://www.cybergoth.cjb.net ]
[ ---- http://www.ninjakitten.net/digiboy ]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Stream cipher
Date: Wed, 10 Jan 2001 17:19:00 -0800
Simon Johnson <[EMAIL PROTECTED]> wrote in message
news:93ir3d$ogb$[EMAIL PROTECTED]...
> This is a low security cipher i have built for seeing how cryptoanalyis
> can be applied to stream ciphers. The intented use of this is to keep
> out the members of my family from a diary i keep. Rather than use
> something else, i wanted to have some fun and built a cipher. I've
> published it here, so you can completly destroy the toy :)
>
> This cipher is based on simple maths (some of the maths language might
> be off).
>
> Basically, i picked six primes close to 16-bits each: 65537, 65539
> 65543, 65551, 65557, 65563.
>
> Now, this cipher is designed to take a 96-bit key. The key is divided
> into 16-bit portions. Working from the MSB to the LSB the first 16-bits
> are put into the varible, A, the second 16-bits into variable, B, the
> third 16-bits into the variable, C and so on..... from A -> F
>
> Once this is done, clock the cipher once, and we are ready to start.
> To clock, do the following simple procedure:
>
> a = (a * 7) Mod 65537
> b = (b * 3) Mod 65539
> c = (c * 11) Mod 65543
> d = (d * 13) Mod 65551
> e = (e * 5) Mod 65557
> f = (d * 17) Mod 65563
Possible typo? f = (d? Not f= (f ?
>
> All the multipliers are meant to be primitive elements in their
> respective fields. To return a single 'random' bit add the next step:
>
> bit = (a xor b xor c xor d xor e xor f) AND 1
>
> Now since all the modulo's are relativly prime then the cycle length of
> this construction should be (2^96)-1 bits. But, i feel that this is its
> only nice property. It is almost certianly insecure... but i want to
> see how you attack a stream cipher and this looks like a nice punch
> bag :).
>
> Any offers on how to do it?
First off do you realize that this re-defines the word "Slow"?
It's not a stream cipher cause you don't say how you use the
"random" bit to encrypt. I assume simple XOR.
Second, right off the bat you have some real bad keys.
I tried:
a,b,c,d,e,f = 0 and the "random" bit is always zero.
a,b,c,d,e,f = 65537,65539,65543,65551,65557,65563 Looks like all ones.
a,b,c,d,e,f = 1 and it looks about the same.
a,b,c,d,e,f = 7,3,11,13,5,17 is equivalent to all ones but 1 cycle shifted.
These are the first four I tried. Maybe I'm unlucky.
Unless I really miss-understood you, this argues against a
minimum cycle of (2^96)-1.
Doesn't appear to make a "random" stream or that it ciphers.
Maybe I don't understand " All the multipliers are meant
to be primitive elements in their respective fields."
Did you try it? Run some output through Diehard or
the human eye?
Paul
>
> Simon.
> --
> Hi, i'm the signuture virus,
> help me spread by copying me into Signiture File
>
>
> Sent via Deja.com
> http://www.deja.com/
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: Comparison of ECDLP vs. DLP
Date: Thu, 11 Jan 2001 01:19:43 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Check out my 2 papers on the Certicom white papers section at
www.certicom.com.
> "ECDSA" gives many advantages of EDSA. "ECC, Future Resiliency and
High
> Security Systems" gives a table of equivalent key sizes that was
distributed by
> NIST in ANSI X9.30 DSA-2 draft (using longer key lengths) and is
coming to be
> known at the NIST TIME Keysize Table.
> Don Johnson
>
Your PPT presentation confirmed my beliefs about RSA and ECC.
Specifically, that RSA is (practically speaking) impossible to verify
the accuracy of the software, where ECC code is more intuitive and
verifiable. This leads to a greater degree of confidence that the
algorithms are working correctly and that security is achieved properly.
The information you presented on RSA keys being less verifiable only
reinforces that feeling.
--
I prefer my fourth amendment rights over a dope free
society, even if the latter could actually be achieved.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.geo.earthquakes,alt.fluid-dynamics,alt.sci.astro.eclipses
Subject: Re: Coral Reefs, COMETS & aphid anal secretions
Date: Thu, 11 Jan 2001 01:37:18 GMT
RE: http://www.geocities.com/antarii_rescue/antares.html
> http://www.geocities.com/antarii_rescue/aldebaran.html
> http://www.geocities.com/antarii_rescue/TOMBShistory.html
> ... B. Traven wrote that
> "It was very clear in the website above from whence comes "manna"
> or "honeydew", ... and that this is the same "manna" in the Bible.
The manna [or honeydew] is a saccharine like cake excreted as a pellet
> by the defecatory orifice of an aphid or a number of other insects
that cluster in "galls" [as in "quit galling me"]."
Mr. B. Traven,
I don't know much about comets [except the cleansing grains], but I
know alot about those little SOBs, the aphids and their disgusting
anal "honeydew" and "manna" that gets all over my garden, especially
whenever I plant three flowers.
1). Tulips
2). Crysanthemums
3). Orchids
These three plants [that often have seemed to reproduced asexually, or
as they say at my Botanic Society "parthogenesis" reproduction].
Aphids ["plant lice"], caterpillars, and teeney tiny nematodes all came
in riots whenever I plant chrysanthemums from Mongolia. Their sticky
moldy honeydew got on my car, my chilren's hair and the family dog.
I will never garden these three critters ever again.
Once an underground extended family of Norwegian rats came and ate
every last tulip bulb, without even a thanks. I might add, the next
season the giant rat traps worked exquisitely well [those big rats
really bled a lot].
At the Botanic Society they said to be careful of viruses, that the
aphids are as good a carrier of plant viruses as rats are the bubonic
plague. Please make a note of this if you love plants.
And watch out for the ants that seem to be friendly with those aphids,
anything to get a snack out of that disgusting aphid anal secretion.
I've seen ants FIGHTING over honeydew, to the last woman and child.
Caterpillars are unusually attracted to tulips, chrysanthemums and
orchids also. So get use to them.
Lady in Red Hat
ps: I can't wait for our next lecture at the Botanic Society titled
"Wasps and Mummies"
========================================
In article <93imqb$kef$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> RE: http://www.geocities.com/antarii_rescue/antares.html
> http://www.geocities.com/antarii_rescue/aldebaran.html
> http://www.geocities.com/antarii_rescue/TOMBShistory.html
>
> It was very clear in the website above from whence comes "manna"
> or "honeydew", ... and that this is the same "manna" in the Bible.
>
> The manna [or honeydew] is a saccharine like cake excreted as a pellet
> by the defecatory orifice of an aphid or a number of other insects
that
> cluster in "galls" [as in "quit galling me"].
>
> There also, in addition, seems to be some truly off-base analysis of
> coral atolls and coral reefs in this same discussion, somewhere in
this
> thread [i can't seem to find it at this moment, or I'd quote it].
>
> Coral grows in every part of the ocean and sea, except the Dead Sea.
> Two types of coral exist on this planet. One that is ancient, the
> tribolites and ammonites, and others, heavy in polyp formation,
> individual coral anemone, and small to large colonies, dense in
> dolomite and real calcium and magesium.
>
> The other, strange and alien coral, grows in enoromous and extensive,
> almost cancerous supercolonies, especially where nuclear testing has
> been performed or a meteor had once collided with earth, or where
> underwater volcanic action is hot hot hot.
>
> These coral atolls, not ancient in type, thrive on nitrates and
> phosphates, and attract moray eels, sharks, trigger fishes, and
> surgeonfishes, all carnivorous.
>
> There seems to be almost an electrical affinity between these atolls
> and the reef sharks and especially the moray eel [among other electric
> eels too].
>
> This type of atoll even grows in the Bering Sea where the volcanic
> ridge has erupted many times, especially the Kamchatka range, in the
SE
> Bering Sea.
>
> This type of formation is called "eutrophication"
> and/or "UNCONSOLIDATED" ... due to its sandy and shifty nature.
>
> The extensive Solomon Island chain, over 900 miles long, is sated with
> this newer, not ancient, coral growth.
>
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
