Cryptography-Digest Digest #569, Volume #13 Sat, 27 Jan 01 14:13:01 EST
Contents:
Re: Mr Szopa's encryption (was Why Microsoft's Product Activation Stinks) (Alan
Mackenzie)
Re: How many bits of security can a password give? (George Weinberg)
Re: Dynamic Transposition Revisited (long) (Mok-Kong Shen)
Re: what was the problem with E2 ? (DJohn37050)
Re: Paranoia (Roger Schlafly)
Re: 32768-bit cryptography, updated (Splaat23)
Re: Paranoia (Roger Schlafly)
Re: Why Microsoft's Product Activation Stinks (Lord Running Clam)
Re: 32768-bit cryptography, updated (Mike 8465)
Re: Why Microsoft's Product Activation Stinks (Splaat23)
Description of algorithm (Mike 8465)
Re: What do you do with broken crypto hardware? ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: Alan Mackenzie<[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Mr Szopa's encryption (was Why Microsoft's Product Activation Stinks)
Date: Sat, 27 Jan 2001 14:00:32 +0000
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote on Sat, 27 Jan 2001
03:53:12 -0800:
> Alan Mackenzie wrote:
[A few comments on the controversy over Mr. Szopa's encryption program.]
> All one need do is read the first three help files and you would have
> all the information you need to answer all your questions.
> This is why I posted the Help Files to begin with.
> Give them a try.
> You know the rules: one of them is that the attacker knows
> everything about the algorithm.
Indeed so. Other posters on these newsgroups have been asserting that
they _don't_ know everything about the algorithm. Possibly you could help
clarify whether or not this is the case by giving a direct answer to the
following question:
Could a software engineer, using as a specification only the descriptive
material available at your web site, duplicate your encryption program?
That is, for any given plaintext, identical key material, and identical
states for any programmable pseudo random number generators, his program
and your program would produce the same cyphertext.
--
Alan Mackenzie (Munich, Germany)
Email: [EMAIL PROTECTED]; to decode, wherever there is a repeated letter
(like "aa"), remove one of them (leaving, say, "a").
------------------------------
From: [EMAIL PROTECTED] (George Weinberg)
Subject: Re: How many bits of security can a password give?
Date: Sat, 27 Jan 2001 16:54:11 GMT
On Wed, 24 Jan 2001 11:50:11 -0800, "Joseph Ashwood" <[EMAIL PROTECTED]>
wrote:
>
>"Erik Runeson" <[EMAIL PROTECTED]> wrote in message
>news:94nafd$lff$[EMAIL PROTECTED]...
>> I'm trying to find an upper limit to how strong a
>> regular password can be.
>
>Depends on the password. If you let the user choose an English word, it is
>rather predictably 1 bit of entropy per character. If you require that there
>be at least one capital, they will almost certainly capitalize the first
>letter, so maybe .25 bits of entropy added. Adding a number on the end adds
>an average of log2(10) although it will be biased towards 1. So your normal
>passwords would have anywhere from 6 to ~12 bits of entropy.
This is way pessimistic. 12 bits of entropy implies you could get it
with a dictionary attack with only 4000 guesses. six bits
means you would only need 64 guesses!
>If you educate them to use random capitalization that can be your
>best friend, it adds a pure 1 bit of entropy per character.
Only if the capitalization is truly random, and then it makes it hard
to remember.
George
> If they use
>diceware, along with random capitalization you are in very good shape and
>they will probably have more entropy in their passphrase then you will
>harvest in your verification.
> Joe
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Sat, 27 Jan 2001 18:08:27 +0100
John Savard wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote, in part:
>
> >I suppose you have a different and problematical concept
> >of the (THEORETICAL) OTP. The bit sequence of OTP is by
> >definition/assumption unpredictable. If a 'claimed' OTP
> >uses a predictable bit sequence and consequently is weak
> >as you said, then it is by definition NOT an OTP, though
> >snake-oil peddlers used to call that OTP.
>
> This is true.
>
> But Terry Ritter isn't talking about fake OTPs based on algorithmic
> PRNGs, as far as I understand it.
>
> He is saying that even what people acknowledge as "real" OTPs, where
> the key has been generated by physical randomness, aren't provably the
> 'theoretical OTP', because you can't prove a particular physical
> random noise generator to be perfect.
>
> That is not, in itself, untrue. Physical random number generators can
> have bias, for example.
>
> However, it his his insistence that this is a major concern, and more
> specifically the implication that this makes the proof that the
> theoretical OTP is unbreakable _irrelevant_ to physically realizable
> OTPs, that I fear strikes many as simply bizarre. Because, whether or
> not that is his intention, it makes it sound as if he is worried about
> the NSA having a cryptanalytic attack which enables them to predict
> the roll of a die or the flip of a coin.
>
> In VENONA, not only did the NSA exploit pads used twice, but they even
> made use of the bias of numbers generated by hand by typists 'at
> random', so they did come closer to doing that than anyone might have
> expected.
>
> While precautions are needed in using the raw output of a simple
> physical RNG, there are still limits to what constitutes reasonable
> concern.
In this connection I suppose the following analogy could
also be helpful. There is a well-known convergent series
that has the number e as its limit. No matter how many
(finite numbers) of terms one uses, one never gets EXACTLY
to the number e. Yet one can, by taking more terms in the
sum, get ever increasingly better approximations of it. I
believe nobody would consider that the number e, which is
thus never actually attained in this process, is useless.
Note in particular that there is no 'boundary' separating
the approximations from the exact e, i.e. one can always
get nearer and nearer to it, there being no single 'best'
approximation that cannot be further improved.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 27 Jan 2001 17:34:30 GMT
Subject: Re: what was the problem with E2 ?
I recommended it be one of them so I would like to know also, but it was not
stated. All we can interpret is what NIST said in its cut from 15 to 5.
Subsequently, NIST said that all 5 had suitable security, but they did NOT say
that for all 15.
Don Johnson
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Paranoia
Date: Sat, 27 Jan 2001 09:55:35 -0800
JCA wrote:
> Not having read the book I am somewhat in the dark here - I thought
> that Whitfield Diffie had nothing whatsoever to do with RSA.
He had everything to do with it. Public key cryptography was
invented (outside spookland) by Merkle, Diffie, and Hellman.
They had everything that we now know as RSA except the idea
of using a composite modulus. That idea was conceived independently
by Rabin at IBM after hearing a Diffie lecture on the subject, and
by the MIT RSA group after reading the Diffie-Hellman paper.
(I have original documents on this subject.)
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Subject: Re: 32768-bit cryptography, updated
Date: Sat, 27 Jan 2001 18:04:44 GMT
If you want us to believe it is secure, you'll need more than just your
word. You can't simply take one attack that was presenting in this
forum and make a quick modification to your cipher. We want to see
documentation from _someone_ about all the possible attacks on your
cipher and, presumably, why they wouldn't be successful. Since no one
here is likely to spend the sime to do that, you are it. Just about all
(if not all, someone correct me pleasce) secure ciphers were designed
by someone who was knowledgable in cryptanalysis. Before you pronounce
to the world that your cipher is secure, you should evidence on it,
rather than the naive "it looks random, and is complex, so therefore no
one can break it".
But, as these threads have pointed out, you are genuinely interested in
making a secure cipher, so my advice is to go out and learn
cryptanalysis. There are many reports on previous cryptanalysis
attempts on many ciphers, and information on cryptanalysis methods
available on the Internet (somewhere...)
- Andrew
In article <94thhm$r58$[EMAIL PROTECTED]>,
"lemaymd" <[EMAIL PROTECTED]> wrote:
> Don't leave yet, this post may not have such a high concentration of
snake
> oil as you may expect from the title! This post has been written to
inform
> you of the release of my latest version of Bermuda Triangle 2001,
v.2.1.1.
> I have integrated the comments, criticism and suggestions offerred to
me in
> the replies to my earlier posting on this newsgroup and altered my 8-
bit
> stream cipher algorithm enough that I believe it, without extensive
testing,
> to be secure and very difficult to crack. My website at
> www.bermudatriangle.f2s.com has complete algorithm details and a
software
> product, Bermuda Triangle 2001 Gold Edition that I have released free
for
> the first time. It is written entirely in assembly language and is
fast,
> secure and very easy-to-use. Plus, it is a small download. From
> RAM-to-RAM, it can encrypt a byte of data in 44 clock cycles on an
80486.
> Please download and test it and give me feedback! Thanks for your
help!
> : - )
>
> lemaymd
>
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Paranoia
Date: Sat, 27 Jan 2001 10:13:14 -0800
"Douglas A. Gwyn" wrote:
> > Simon Jenkins wrote:
> > Ellis' parting comment has him saying to Diffie,
> > "You did more with it than we did."
> > As an Englishman, this is an interesting phrase -
> > it implies that GCHQ don't bother with RSA any more.
> Not at all. It means that GCHQ and NSA didn't exploit the idea
> to nearly the extent that the open researchers (RSA, DH) did,
> at least not at the time. There are many reasons for that,
> perhaps the main one being that they already had sufficiently
> good cryptosystems and procedures in place for their main
> customers.
There are ambiguities in the statement. Does "we" refer to just
Ellis and his collaborators, or to all of GCHQ? Does "you" refer
to Diffie, Diffie and his collaborators, or the whole open
research crypto community?
And what did Diffie do with it? Primarily, he inspired a public
research program in crypto, and then embarked upon a program of
promoting individual privacy and freedom for everyone by means
of free and unrestricted crypto for the masses. GCHQ certainly
didn't do that!
------------------------------
Date: Sat, 27 Jan 2001 12:30:45 -0600
From: Lord Running Clam <Use-Author-Address-Header@[127.1]>
Subject: Re: Why Microsoft's Product Activation Stinks
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
=====BEGIN PGP SIGNED MESSAGE=====
On Sat, 27 Jan 2001, Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
<snip...Wrote? Nah! Drooled.>
[Get dem flame-retardin garmints out again folks, dis critter needs a
killin wif da phlame-thrower...]
You really do want to earn a place in my B---ard books.
I guess on the same page as music industry copyright control freaks,
slimey software speculators, and the lizard king of Snakeoil Software
Inc. - Mr. Bill Gates.
Your understanding of the concepts involved in the defeat of software,
and most firmware, locks is almost as ridiculous as that collectively
held by those touting the idea of copy-protected HDD systems. Any
magical concept that you - or they - pull out of thin air (or any
other closed source|orifice), will not last long when deposited in
the bedroom of a 16 year old with acne, and an interest in computers.
What the good people of sci.crypt and talk.politics.crypto have been
drilling into your dense head, the fact that missed your brain by a
couple of feet, is that such systems can not, and do not work. Go ask
the CIA or NSA. They will tell you that the security of any system
lies with the *people* you trust. The people who have access.
That all comes before you even introduce encryption.
Some of those people are here. Give them some respect, and some
source code, if you want them to look at your work. Or has it been
written in Visual BarfBasic and you'd be embarassed?
Here, have 0.02cents in payment for becoming more net-aware.
[As per some other moron's suggestion that I pay people for
getting educated about the risks in being online].
If you keep this up, I am sure you'll get every Plonk! you deserve.
LRC.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOnIBcoer+ijnZohVAQGReAf+NsqGCBjZIV+umEQ1WkRdvxE/gVjYAYDi
hpwWfZMusQv4jf3s7/QG61xbQTnWknIsuTVbgFuPY6comTeTCDKy5jEdO2nHKIkS
2Nws2LeeSUIiQDsM/GsklqyH82t9/5ztSMa4AFRr1jABm6XfY7rqsqmpRBYbF8IL
afEKcG9cKWK4xBM9Fu0DvEkiN6cCpTz3jnw6iOOvaXMDcUk8EWWKUpox/iNDQFCb
VgYmJNTyb6BEg+T7WY1thSidge+eYoSQmJLXN98y0be9P+BwCg+RkjjFzo0vbQub
JaSut2m/mT1Itr4SVWh1D6lXCW+1/23jssJti2IP8gsrm55PiU4fvg==
=3TPI
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Mike 8465)
Date: 27 Jan 2001 18:53:49 GMT
Subject: Re: 32768-bit cryptography, updated
That's why I mentioned "without extensive testing"
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sat, 27 Jan 2001 18:48:18 GMT
Is that really your question? The answer is, of course, that Microsoft
intends to stop piracy of its software. It looks to take a half-baked
idea and push it as the source of all salvation. We've seen this
before, as Microsoft executives have little imagination. Sometimes it
works, sometimes it doesn't - Microsoft has a lot of weight to push
things where they want them.
However, what is different is that in this case, they are pushing an
illusion. Everyone here knows that the most this will do is stop a few
idiots from pirating (an unnoticable % of the total piracy), and annoy
thousands to millions of users during installs, reinstalls, and
hardware changes. Microsoft will spend lots of money on tech support to
handle issuing new keys to people whose configuration changes, and in
turn transmit those costs back to users in even higher prices.
If Microsoft advertised that this new feature would increase prices and
annoy users, do you think we'd buy it? No! But instead, they advertise
that this is necessary to prevent piracy and will result in lower
prices.
- Andrew
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> Splaat23 wrote:
> >
> > An interesting question for you, Mr. Szopa, that is very relevant to
> > this discussion is the following: Do you really believe that anti-
> > piracy in Microsoft's or your manner can actually be successful?
> >
> > Because I don't, and if your "invention" doesn't work, then who
really
> > cares if Microsoft stole it from you or not.
> >
> > - Andrew
> >
> > In article <[EMAIL PROTECTED]>,
> > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > Just about nothing.
> >
> > Sent via Deja.com
> > http://www.deja.com/
>
> I will ask you what I have asked before: tell us, what is MS's goal
> by implementing this anti-piracy feature?
>
> Then I will answer your question.
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Mike 8465)
Date: 27 Jan 2001 19:00:49 GMT
Subject: Description of algorithm
Here's the new algorithm, you should be able to see the difference.
3. Description of algorithm
a. Key mutation
Encryption using the Bermuda Triangle 2.1 algorithm consists of several steps
consisting of XOR, rotate and addition operations, involving three key derived
values. It operates with 32768-bit plaintext and ciphertext blocks controlled
by a 32768-bit key, referred to as K0. The principal advantage of this
algorithm is the requirement that the entire key be known before any
decipherment can take place. This is insured by two key mutations, described
here.
The first key derivative is created by loading the first byte of K0, storing it
in a register and to memory, loading the next byte and XORing it against the
register containing the first byte, storing the register contents to the next
memory location and loading each subsequent byte in this manner, XORing it
against this register and storing it to memory. This key derivative is
referred to as K1. The original key, once again, is referred to as K0.
To form the second key derivative the entire key is loaded one byte at a time
from the end of the key to its beginning, stored to a register, XORed and
stored to a memory location as for K1. Note: the last byte in this memory area
will always equal the original key data. This key is referred to as K2. These
keys are now ready to be used in the encryption and decryption processes.
b. Encryption
The actual encryption process involves one round of twelve XOR, addition and
bitwise rotation operations involving the three key mutations described earlier
and the original plaintext. The identification tag described in section 2 is
placed in the first twelve bytes of this file.
The steps involved are illustrated in this pseudocode segment:
Variables:
C Ciphertext
Kx Key "x"
P Plaintext
X Current byte position
Y Current key offset
Z General purpose register
C[x] = ( ( ( ( ( ( ( ( ( ( ( (
P[x] ^ Z ) + Z ) <<< Z{5lsbits} )
^ K2[y] ) + K1[y] ) >>> K0[y] )
^ K1[y] ) + K2[y] ) >>> K1[y] )
^ K0[y] ) + K0[y] ) >>> K2[y] )
Z = (Z^P[x])
Legend:
^ XOR
+ addition
<<< rotate left
>>> rotate right
c. Decryption
Decryption is similar to encryption, with the operations simply being performed
in reverse and by substituting subtraction for addition and rotation left for
rotation right. The key mutations are identical and interchangeable. Eight
Rounds are performed with the key being rotated to the right one position after
each round. One rotation right is performed on each key value before the
rounds. The identification tag placed in the file during encryption is
discarded. The steps are detailed in this pseudocode:
Variables:
C Ciphertext
Kx Key "x"
P Plaintext
X Current byte position
Y Current key offset
Z General purpose register
C[x] = ( ( ( ( ( ( ( ( ( ( ( (
P[x] ^ Z ) + Z ) <<< Z{5lsbits} )
^ K2[y] ) + K1[y] ) >>> K0[y] )
^ K1[y] ) + K2[y] ) >>> K1[y] )
^ K0[y] ) + K0[y] ) >>> K2[y] )
Z = (Z^P[x])
Legend:
^ XOR
+ addition
<<< rotate left
>>> rotate right
-- This is the number of cycles, from RAM back to RAM. The actual algorithm
running on a 486 with the data in the registers takes only about 31 cycles.
You may still think this is slow, but it's a lot faster than some other good
algorithms!
-- What executables?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What do you do with broken crypto hardware?
Date: Sat, 27 Jan 2001 19:03:54 GMT
Paul Rubin wrote:
> So what then?
Then toss the device in your thermite barrel and light it off.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
