Cryptography-Digest Digest #556, Volume #13 Fri, 26 Jan 01 12:13:01 EST
Contents:
Re: Windows encryption: API and file system ("Ben Newman")
Re: Some Enigma Questions (Jim Reeds)
Weak DES keys/Weak Plaintexts ([EMAIL PROTECTED])
Re: Why Microsoft's Product Activation Stinks (Lord Running Clam)
Re: Barrett modular reduction ([EMAIL PROTECTED])
Re: Producing "bit-balanced" strings efficiently for Dynamic Transposition (John
Savard)
History Question: signatures in nuclear test ban verification? (Gerard Tel)
Re: Fitting Dynamic Transposition into a Binary World (John Savard)
Re: Dynamic Transposition Revisited (long) (John Savard)
Re: Paranoia (JCA)
Re: Why Microsoft's Product Activation Stinks (Richard Heathfield)
ICCIT2001 (CFP) ([EMAIL PROTECTED])
Re: What do you do with broken crypto hardware? (John Savard)
Re: What do you do with broken crypto hardware? (John Savard)
Re: Dynamic Transposition Revisited (long) ("Paul Pires")
----------------------------------------------------------------------------
From: "Ben Newman" <[EMAIL PROTECTED]>
Subject: Re: Windows encryption: API and file system
Date: Fri, 26 Jan 2001 14:41:34 GMT
Good point. I do think that they should at least zero out the sectors on
disk that contain the temporary file.
> Isn't it more a question of what kinds of attacks this encryption is
> supposed to defend against? Surely if the user's login record / password /
> whatever is used to encrypt the files, and no passphrase is needed for
> accessing an encrypted file, stealing the disk will give you all the
> information you need to decrypt the encrypted files anyway, yes?
>
> What kinds of attacks does Microsoft think this defends against? Theft of
> backup materials, maybe? Reading of files by administrators?
>
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Some Enigma Questions
Date: Fri, 26 Jan 2001 14:52:52 GMT
In article <[EMAIL PROTECTED]>, "Yeah" <[EMAIL PROTECTED]> writes:
|> Didn't the British Government invent the worlds first programmable computer
|> to crak the enigma code. (Suck that America, IBM more precisely)
|> I think i once heard the lead designer on TV commenting that it too about 5
|> minutes to crack the code on their computer and that he once got the paper
|> reel spinning at 3 times the RPM of usual before it broke.
No.
You are thinking of the "Colossus", an electronic special
purpose calculator designed by Tommy Flowers of the British
Post Office labs to break a different German cipher. Colossus
used vacuum tubes and high speed (5,000 characters per
second) punched tape, but it was not programmable in the modern
sense of the word. (One had to set switches and plug plugboards
to change the parameters of a run.) It was definitely the
most technologically advanced instance of use of digital logic,
large-scale use of vacuum tubes, etc, at its time, but was (I
think) matched in conception by several contemporary computing
projects in America and Germany.
I suspect, but have no evidence, that the special purpose
number theoretical calculators built by D. H. Lehmer in the
1930s in California were a kind of mental jumping off point
for the Colossus team. The team that used Colossus, and
which commissioned Flowers to design and build it,
was full of pure mathematicians, who would have known of
Lehmer's machines.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: [EMAIL PROTECTED]
Subject: Weak DES keys/Weak Plaintexts
Date: Fri, 26 Jan 2001 10:01:12 -0500
I know that DES has some weak keys that make plaintext recovery easy.
Q. Are there weak DES plaintext that make key recovery easier?
Example: I control the plaintext, someone else does a single
des_ecb_encrypt(), and I receive the cyphertext. Is there a
particularly weak plaintext I could select to be encrypted to make the
unknown key be recovered eaiser?
Thanks for the help.
Please Reply or CC' me if possible, since I have limited newsgroup
access.
- Aaron
==========
Disclaimer:
The views and opinions are soley mine and not my companies.
------------------------------
Date: Fri, 26 Jan 2001 09:25:33 -0600
From: Lord Running Clam <Use-Author-Address-Header@[127.1]>
Subject: Re: Why Microsoft's Product Activation Stinks
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
=====BEGIN PGP SIGNED MESSAGE=====
On Fri, 26 Jan 2001, Richard Heathfield <[EMAIL PROTECTED]> wrote:
>Anthony Stephen Szopa wrote:
>>
>> Pointless program where to stop software piracy could increase
>> revenues by tens of billions of dollars each year? Pointless?
>
>Pretty much, yes. It's like trying to protect Pythagoras' Theorem.
>Counter-productive.
Excuse me, but is this little piece from alt.security.pgp relevant to your
flamewar?
http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=720256016&fmt=text
LRC.
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOnCv8oer+ijnZohVAQG7cAf+JgpHSED1HQER6F2EfaYVy+OUQlxdoSqM
Lk+OXsN97NCLYRTtuDfpjxV6wQMdRmKG1aHAG3my0RH83oiF+I/va5cvJYZDpvb2
lCDpeBMf5CMkejsNXWiBawcq0VZ91b/vYtlse4gdPoo+V+ELUdovbuxzNYEJYMuD
1KbyO3LEj/A4+OAMoGr389ZAIRlbRAYM+H1tjMmNxuKtnzBE6nIsU8e7/0g38R79
fLhEhe8kPDYIuxdQQLw3XneaUJ6sdPbIWlV12VBjYa5EjL4fNsLoonenkIPkxECp
mi8j2c6RMIgEKwhWD98MBPSoJMXqc8QWWM9VNAMWfudbt574eB8a3A==
=e6WP
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Barrett modular reduction
Date: Fri, 26 Jan 2001 15:32:44 GMT
In article <94q1o4$2g2$[EMAIL PROTECTED]>,
Bryan Olson <[EMAIL PROTECTED]> wrote:
> I think you have not taken full advantage of the CRT method.
> Given two prime factors of roughly equal length, it should be
> slightly less than four times faster, assuming the usual
> multiplication algorithm.
4x faster would be awsome! I'll try it and let you know how it comes
out.
Thanks tons for the code!
john
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Producing "bit-balanced" strings efficiently for Dynamic Transposition
Date: Fri, 26 Jan 2001 15:55:29 GMT
On 26 Jan 2001 14:00:54 GMT, [EMAIL PROTECTED] (Rob Warnock)
wrote, in part:
>Hmmm... I think for truly *arbitrary* 37-bit strings you'll need at
>least a 44-bit result.
Although the method you've outlined is indeed capable of achieving any
desired level of efficiency, it is not optimal; for any given block
size, it produces balanced strings that are larger than necessary.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Gerard Tel <[EMAIL PROTECTED]>
Subject: History Question: signatures in nuclear test ban verification?
Date: Fri, 26 Jan 2001 16:58:15 +0100
Is it true that digital signatures were used in devices for the
verification of nuclear test bans between the USA and the USSR,
like SALT-1 etcetera? This should have been around 1980. I would
like to have references about this.
Gerard Tel
http://www.cs.uu.nl/~gerard/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Fitting Dynamic Transposition into a Binary World
Date: Fri, 26 Jan 2001 16:06:14 GMT
On 26 Jan 2001 13:49:54 GMT, [EMAIL PROTECTED] (Rob Warnock)
wrote, in part:
>John Savard <[EMAIL PROTECTED]> wrote:
>+---------------
>| Maybe there already is a mapping to balanced strings that has a simple
>| and optimal algorithm, faster than the one for the mapping in binary
>| numerical order.
>+---------------
>See my recent posting <URL:news:94rtfd$4b7p4$[EMAIL PROTECTED]>
>in the original ST thread. The key notion, extended from the HIPPI-Serial
>Standard's 21b/24b code, is "partitioned polarity inversion" (to coin
>a phrase). Summary: Exact bit balancing can be very fast to compute,
>and asymptotically cheap in bandwidth: ~1% for 256-byte blocks.
That certainly will serve where Terry Ritter's algorithm would serve.
My purposes, however, are different. I want to incorporate the Dynamic
Transposition technique in combination with other conventional
encipherment techniques. To do this, I need exactly zero bandwidth
cost.
That is, I need to do the following:
For binary blocks of length N, I need to convert some subset of the
2^N possible values to balanced blocks of length M, such that I have
used all possible values of balanced blocks of length M.
This way, although some blocks get skipped, and aren't encrypted
(which can be taken care of in other steps) after I perform a Dynamic
Transposition which returns balanced blocks of length M, I can convert
them _back_ and resume conventional binary encryption.
Two Dynamic Transposition layers with conversions which act on
opposite ends of the spectrum of binary values can ensure every block
goes through DT at least once.
To do that, I need an encoding that is perfect for a given fixed block
length, and asymptotic doesn't help me.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 15:59:41 GMT
On 26 Jan 2001 13:18:37 GMT, [EMAIL PROTECTED] (Rob Warnock)
wrote, in part:
>One version that seems useful/applicable for Ritter's DT is the scheme
>used in the "21b/24b" code used in the HIPPI-Serial standard. One bit
>of each codeword says whether the remaining bits of that codeword are to
>be inverted or not before being sent (and before being used after being
>received). The encoder counts the running disparity of all codewords
>sent so far, looks at the pop. count of the current word to be sent,
>and either inverts or leaves alone the current word, depending on which
>way will lower the running disparity. In the case of HIPPI-Serial, this
>guarantees that the running disparity never exceeds +/-35 even momentarily,
>and never exceeds +/-23 at codeword boundaries. Padding the message with
>just one additional codeword of chosen content allows one to force the
>disparity for the whole message to 0.
>Clearly, by choosing codewords and messages (blocks) large enough, one
>can get the overhead for zero-disparity encoding "as low as you like".
Yes, that's quite correct (in percentage terms).
>p.s. I can supply demo code, if the above desciption isn't obvious enough.
Oh, no; it's quite clear.
Incidentally, this coding has some interesting properties. Because the
bit that indicates if a block is inverted or not has to be counted in
the bit-balance of the output,
a) An input string that is heavy in 1s produces smaller variations in
bit-balance than one that is similarly heavy in 0s; and
b) If one has a completely balanced input string, it is necessary (or
at least natural) to invert alternating blocks to maintain balance.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Paranoia
Date: Fri, 26 Jan 2001 07:10:13 -0800
Simon Jenkins wrote:
> I have just read Stven Levy's book 'Crypto' and was again struck by the
> description of the meeting between Whitfield Diffie and James Ellis.
> Ellis' parting comment has him saying to Diffie, "You did more with it
> than we did."
>
> As an Englishman, this is an interesting phrase - it implies that GCHQ
> don't bother with RSA any more. If they were still using it, Ellis would
> have said, "You've done more with it than we have."
>
Not having read the book I am somewhat in the dark here - I thought
that Whitfield Diffie had nothing whatsoever to do with RSA.
> Paranoia now sets in. If GCHQ aren't interested any more, it means they
> can break it. If they can break it, they've cracked fast factoring.
I, for one, don't believe it. On the other hand, I would easily believe
that
it would be in the interests of such an organization to spread rumours and
innuendo about what it can or can't do.
------------------------------
Date: Fri, 26 Jan 2001 16:23:49 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Lord Running Clam wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 26 Jan 2001, Richard Heathfield <[EMAIL PROTECTED]> wrote:
> >Anthony Stephen Szopa wrote:
> >>
> >> Pointless program where to stop software piracy could increase
> >> revenues by tens of billions of dollars each year? Pointless?
> >
> >Pretty much, yes. It's like trying to protect Pythagoras' Theorem.
> >Counter-productive.
>
> Excuse me, but is this little piece from alt.security.pgp relevant to your
> flamewar?
>
> http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=720256016&fmt=text
Yes, indeed. I think it sums up one of the points nicely. If Microsoft
want copy protection to actually work, they need to do it in hardware.
That way, the cost of making a copy is likely to exceed the cost of
buying one in the shops. Of course, I'm not convinced that anyone's
going to buy any Microsoft hardware more complicated than a mouse, but
that's for each user (or IT dept) to decide, of course.
As for the flamewar, well, I'm not terribly interested in prolonging it.
But 'twas mildly diverting while it lasted. :-)
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: [EMAIL PROTECTED]
Subject: ICCIT2001 (CFP)
Date: Fri, 26 Jan 2001 16:21:32 GMT
C A L L F O R P A P E R S
INTERNATIONAL CONFERENCE ON COMPUTING AND
INFORMATION TECHNOLOGIES
(ICCIT'2001)
http://www.csam.montclair.edu/~iccit2001
The International Conference on Computing and
Information Technologies (ICCIT'2001) will be held
October 12th, 2001 at Montclair State University,
Upper Montclair, New Jersey, USA. The ICCIT'2001
is a forum for academics, computer and information
scientists, engineers and applied mathematicians
to share, exchange views and ideas on computing
sciences and computer technology and to present
their current and future work to the scientific
and technical community.
The ICCIT'2001 Conference is organized for the
25th anniversary of the computer science
department of Montclair State University and is
sponsored by the MSU/CSAM/CS in co- operation with
scientific organizations and companies.
Montclair State University is located in northern
New Jersey, USA, just 14 miles west from New York
City. It is New Jersey's largest comprehensive
university and the second largest educational
institution in the state.
Professor Lotfi A. Zadeh, of the University of
California at Berkeley, will be the keynote
speaker.
THE CONFERENCE EXPLORES EMERGING TECHNOLOGIES IN
THE AREAS
Computer Science Computer Engineering
Computational Sciences Biological Computing
Information Sciences Computational Intelligence
Information Systems GIS
FOR MORE INFORMATION
ICCIT'2001 Secretariat
Department of Computer Science,
Montclair State University,
Upper Montclair, New Jersey 07043
e.mail: [EMAIL PROTECTED]
Tel: (973) 655 - 4166
Fax: (973) 655 - 4164
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What do you do with broken crypto hardware?
Date: Fri, 26 Jan 2001 16:09:30 GMT
On 25 Jan 2001 21:37:12 -0800, Paul Rubin <[EMAIL PROTECTED]>
wrote, in part:
>Btw, the module is FIPS 140-1 certified but didn't come with any
>policy documents of that type.
Yes, commercial cryptographic hardware is a different case from the
NSA-supplied units used by the military; customers decide on their own
policies, and the same attempt to approach a guarantee of actual
security, by covering these types of eventuality, is not made.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What do you do with broken crypto hardware?
Date: Fri, 26 Jan 2001 16:12:54 GMT
On 25 Jan 2001 22:33:38 -0800, Paul Rubin <[EMAIL PROTECTED]>
wrote, in part:
>This doesn't make sense--the whole point of the tamper resistant
>module is to securely store keys internally. Any keys stored outside
>the module are vulnerable to copying and therefore must be encrypted;
>but then in order to load them into the module, the decryption key
>must be stored inside the module. So if the module is sent back to
>the manufacturer, all the keys are potentially compromised.
I think I see what the idea is.
The key stored inside the module decrypts the encrypted keys on your
hard drive.
But when the module breaks, you don't send the manufacturer a copy of
your hard drive; _although_ the keys on your hard drive are encrypted,
they are still treated as sensitive, and are not transmitted anywhere
or left open to public access.
So you have to use the 'module' you buy as a component in a larger
'module' you make yourself, as it were.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 09:07:03 -0800
John Savard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<snip>
>
> Oh, no; it's quite clear.
>
> Incidentally, this coding has some interesting properties. Because the
> bit that indicates if a block is inverted or not has to be counted in
> the bit-balance of the output,
>
> a) An input string that is heavy in 1s produces smaller variations in
> bit-balance than one that is similarly heavy in 0s; and
>
> b) If one has a completely balanced input string, it is necessary (or
> at least natural) to invert alternating blocks to maintain balance.
I'm confused. Wouldn't this produce alternately biased blocks in an
alternating fasion? Seems like if it was of use to crack it, the adversary
would just bin out the blocks and treat the two halves differently. This
alternating is a known function right? even if it wasn't, it's a 1-0 guess.
I also am not clear on the goal. Yes there needs to be bit balancing so that
a bias in the input is not recognizable in the output but by doing this
hiding,
don't you sacrafice another valuable property? Seems like the output would
fail a taylored randomness test. You are going to get data that has a
prefect
distribution of zero's and ones within a block and something else if the
block
reference is displaced. Right?
Seems like what you'd want would be a method where the transposition
works on a pile that is "Probably" balanced but where the deviation from
perfect is not correlated to the input or output. I could be screwy here.
Paul
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
