Cryptography-Digest Digest #658, Volume #13 Thu, 8 Feb 01 13:13:00 EST
Contents:
Re: crack my enkryption ("Paul Pires")
Re: Enigma replicas ? (Jerry Coffin)
Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH) (jungle)
Re: Low-tech homemade crypto keycards ("Paul Pires")
DSA PRG Flaw ("Pedro Félix")
Re: Distributed entropy distribution ([EMAIL PROTECTED])
Re: Distributed entropy distribution (Tom St Denis)
Re: relative key strength private vs public key (Tom St Denis)
Re: DSA PRG Flaw (Roger Schlafly)
----------------------------------------------------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: crack my enkryption
Date: Thu, 8 Feb 2001 09:10:14 -0800
That was a first class response. A demonstration that
consideration and comunication can be powerful tools.
Nice to see.
Paul
John A. Malley <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> neXussT wrote:
> >
> > hi,
> > i'm writting an enkryption program, and would like someone to crack
> > the enkryption. Or, if i could get my hands on a program that does it
> > for me, that would be great too.
> >
> > Here is the Plaintext:"This is an encrypted file."
> > Here is the Cyphertext:"1.262497®ÐB½9�C³SÅ<�G¶I²3´6ÁF�D½>Á|"
> > (without quotes)
> >
> > please email me at [EMAIL PROTECTED] with questions or comments...or
> > if you crack it :)
> >
>
> Such enthusiasm for cryptography! That's good.
>
> Finding a ready-made program free and on-line to crack the encryption is
> a tall order.
> There are tools to aid cryptanalysis. There are ways, techniques and
> methods to work the problem.
> In fact there are different kinds of cryptanalytic problems to work
> (different attacks like the known-plaintext attack,
> the ciphertext-only attack, the chosen-plaintext attack, etc.)
>
> But you won't find a ready-made universal cracker for all ciphers :-(
>
> Here you will find people who can teach you more in the science/art of
> making and breaking ciphers. :-)
>
> They can point you to web sites on crypto, like (just scratching the
> surface here)
>
> Mr. Ritter's site at http://www.io.com/~ritter/
>
> Mr. Savard's site at http://home.ecn.ab.ca/~jsavard/crypto.htm
>
> Mr. Peschel's site at http://members.aol.com/jpeschel/index.htm
>
> and to on-line crypto courses like (this for Classical Cryptography)
>
> http://www.fortunecity.com/skyscraper/coding/379/lesson1.htm
>
> They can point you to beginner, intermediate and advanced books and
> journal articles on the subjects of cryptography and cryptanalysis
> (which together make cryptology). They can answer questions on some of
> the most arcane corners of mathematics relating to cryptography and
> cryptanalysis.
>
> They will expect you to put in the time reading and studying the subject
> on your own. They are always willing to help answer questions as you
> make your way through the subject - but it's a journey you make with
> their assisting guidance - no one carries any bags for you, so to speak.
>
> And don't forget the group FAQ - Well worth the reading! The most
> common questions on crypto are answered therein. Including the question
> you posed on cracking an unknown cipher system's output. :-)
>
> Hope this helps,
>
> John A. Malley
> [EMAIL PROTECTED]
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Enigma replicas ?
Date: Thu, 8 Feb 2001 10:13:59 -0700
In article <95u366$gmg$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Hi all,
> I was wondering if any company ever produced Enigma replicas (for us, crypto
> enthousiasts, and not intended to be used for secure communication, for sure
> ;=) ) . I am quite sure the company would sell many of them ;=)
> [By the way, is the Enigma in public domain, or does family of A. Schoerbius
> (spelling ?) still owns the patent ???]
There doesn't seem to be much chance of a patent problem. First of
all, it seems unlikely that a patent would have been applied for
anywhere outside of Germany, so outside of Germany it never would
have been protected. Second, I believe Germany's patent system has
always expired patents some period of time after application, which
means that the patent would long since have expired in any case.
OTOH, I'm not aware of anybody who's built replicas -- the closest
I've seen have been computer-based simulations.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
Date: 8 Feb 2001 17:18:13 -0000
From: jungle <Use-Author-Address-Header@[127.1]>
Subject: Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
=====BEGIN PGP SIGNED MESSAGE=====
08 Feb 2001 in <[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote:
> jungle wrote:
> > > I just added another cipher to PGP 2.6.3ia - Blowfish
> > > why? because it was easy :)
> >
> > and you are calling it PGP ?
> > it is not PGP any more ...
>
> then PGP5, 6, 7 is not PGP too ! or is it ? ;-)
PGP v5x, PGP v6x, PGP v7x are PGP,
all have been produced by PGP
additionally, they are not using B/F algo
additionally, you are producing more harm to PGP than good,
by creating additional, not needed incompatibility issues ...
additionally, PGP is not "open product" or "public domain" product,
despite the fact that source code is publicly available
why don't you get simple approval from NAI / PRZ for what you are doing ?
as of today, they are the owners of PGP software, don't they ?
to sum all this up :
as long as I'm concern, you can include in your software all what you like to include,
but NAI / PGP PRZ may be supporting different opinion,
[ PGP PRZ indicated this many years ego, isn't this correct ? ]
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Thu Feb 8 17:18:10 2001 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBOoLU1E5NDhYLYPHNAQFmnwf+JMUi6wyOSoF/xu63SrZOGe/fntD5w6+y
HQWgimwYeSWpqh3SB4l9U2xw1HDliRkMs7u4YFcRX++4kLh9U2BB/9R6I8qKWziK
eoaYwJInwunlvb5skCYTvkhISTOt5fjC5/9e5pruUNgfRLGpG5jupV+viGuqyhsV
iXYYpPzlMeM0l7RZa9Ymx6fBygzodra3/mJVVylbdg8YsJTrJya8Y/E+WxdtyhOk
DpGpzOcEB3RBF4nk6beyP/GIH8KKFm8uhnY3us8jWLy+HPaAJyLghK4E4P1dR8+F
hlBqK6KMK9c5XXtNK7QDjL8GNC04UD4UCy3PZR5tPVIP3JWLVb6V+A==
=xfQu
=====END PGP SIGNATURE=====
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Low-tech homemade crypto keycards
Date: Thu, 8 Feb 2001 09:31:14 -0800
Amaury Jacquot <[EMAIL PROTECTED]> wrote in message
news:_hxg6.486$[EMAIL PROTECTED]...
>
> "Paul Pires" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> > Steve Portly <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > > This is a neat idea for hobbyists but in a practical application given
> todays technology, wouldn't it
> > > be a lot more secure to use a very low current induction loop that only
> a TE device could read? The
> > > cost of TE readers would not be prohibitively expensive for an ATM
> application. Maybe I have just been
> > > watching too many X file episodes lately.
> >
> > But why change? ATM's work now. This adds no functionality. Why re-deploy
> new hardware?
>
> let's say, it's wayyy too easy to copy the mag stripe on the card.
> then you can brute force the code...
Think about it. This is a "so what" issue also. There is no difference
in the ease of copying. Mag stirps came out and folks built readers
and fabricators. Replace it with this and folks will build readers and
encapsulated wire squirters. Betcha.
You have to consider all of the requirements of the proceess. This
includes the mundane arts of manufacturing, distribution, account
assignment and end use. These things are programmed at fabrication.
Do you see the difference?
A pile of useless generic mag strip cards that don't become valuable
until you write them vrs tokens that have their full value from the
git go and you have to guard-protect-validate & controll all the way
to the customers pocket.
It's not the key, it's the key management.
It's not the crypto, it's the implementation.
Paul
>
> > A smart card is a neat idea but it is not just an electronic key. It has
> different properties and allows
> > for more functionality. There is a reason to change. Simple electrical
> keys are a "So what" for me.
> > I could make a key out of unobtainium. Why? What is the return? Without a
> doubt you could make
> > a key like the OP described but a key is only usefull if a lock is made
> that corresponds to it.
> >
> > Forget the key, What's so good about the proposed lock? I don't see
> anything.
> >
> > Paul
> >
> > >
> > > Paul Pires wrote:
> > >
> > > > Ray Dillinger <[EMAIL PROTECTED]> wrote in message
> news:3a5g6.1031$[EMAIL PROTECTED]...
> > > > >
> > > > > I've been reading in another thread about the work and worry of
> > > > > destroying a compromised crypto module, and it occurs to me that
> > > > > there is a nice way to create a hardware device that physically
> > > > > embodies a key, and is cheap and durable, simple to make and
> > > > > simple to destroy.
> > > >
> > > > Electricians have had the means to trace the physical routing
> > > > of circuits in hidden locations for a long time. They pump a RF
> > > > signal down the wire to make it "sing" and trace it with a localized
> > > > probe. As was already pointed out, even an Ohm meter can map
> > > > this thing.
> > > >
> > > > The difference between a smart card and a key card is profound.
> > > > A smart card never reveals it's secret, it proves knowledge of the
> > > > secret by demonstrating what it can do. It's the difference between
> > > > using a key to open a door in public where all things are controlled
> > > > by an adversary.
> > > >
> > > > They may have put in a dummy lock that analyzes your key and
> > > > braoadcasts it. Any number of weaknesses. They might pick
> > > > your pocket, copy it and replace it.
> > > >
> > > > A smart card is more like walking up to a doorman and proving you have
> > > > the key without divulging it and putting it at risk but doing it in a
> way that
> > > > makes the doorman confident enough to open the door and let you in.
> > > >
> > > > How an electric key is an advancement over a mechanical key for
> > > > impoverished people is beyond me. They have access to brass
> > > > files and hammers now. They need wire, epoxy and the circuity
> > > > to operate the lock? Why? What does this get them for their
> > > > efforts?
> > > >
> > > > Paul
> > > >
> > > > >
> > > > > First, get a small chunk of cardboard, like a playing card.
> > > > >
> > > > > Next, use a small punch to create 54 holes in the left side
> > > > > and 54 holes in the right side. These holes need to be evenly
> > > > > spaced.
> > > > >
> > > > > Now, take 54 wires and strip the insulation off the ends.
> > > > >
> > > > > Poke one end of each wire through a randomly selected,
> > > > > otherwise-unoccupied hole on the left side of the card.
> > > > > Poke the other end through a randomly selected, otherwise
> > > > > unoccupied hole on the right side of the card.
> > > > >
> > > > > Now put another playing card on top of the tangle of
> > > > > insulated wires, which places them in the center of a
> > > > > cardboard sandwich.
> > > > >
> > > > > Wrap the exposed ends around the left and right edges of
> > > > > the cards and trim any excess.
> > > > >
> > > > > Now, cast this card-and-wire sandwich in an opaque epoxy
> > > > > resin, leaving contact points of the wires exposed along
> > > > > the edges.
> > > > >
> > > > > This device represents a mapping of left to right contacts
> > > > > with about 220 bits of entropy. It's simple to build a
> > > > > reader for these devices. It's simple to destroy them
> > > > > so that the key cannot be recovered. And it is possible
> > > > > to verify visually that they have been destroyed.
> > > > >
> > > > > It's not a smart card by any means; in fact, it may be the
> > > > > dumbest card ever proposed. But it stores a key nicely,
> > > > > can be built by hand or with relatively simple tools out
> > > > > of readily-available parts, and can't be read remotely or
> > > > > surreptitiously (I think). With the appropriate picture and
> > > > > frame, it could look like the sort of locket or religious
> > > > > medallion that is common in some areas, and it could have
> > > > > applications in a fair number of third-world countries
> > > > > where people who need it don't necessarily have access to
> > > > > chip fabs or lots of money for commercial hardware.
> > > > >
> > > > > Variations; the "wire web" card described here could be
> > > > > built (with various construction techniques) inside all kinds
> > > > > of ordinary things, like wallets, purses, knife handles, or
> > > > > (with some effort) even the teeth of a comb.
> > > > >
> > > > > Bear
> > > >
> > > > -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> > > > http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> > > > -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
> > >
> >
> >
> >
> >
> > -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> > http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> > -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
> >
>
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Pedro Félix" <[EMAIL PROTECTED]>
Subject: DSA PRG Flaw
Date: Thu, 8 Feb 2001 17:40:26 -0000
Is there any published information (technical) about the flaw found in the
DSA PRG by D. Bleichenbacher.
Thanks
P. Félix
Ps. If possible reply to my email too, thanks
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Distributed entropy distribution
Date: Thu, 08 Feb 2001 17:41:26 GMT
In article <95uiar$uvi$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
...
>
> 1. Share a key0 (128-bit string or whatever), this is when they meet
> face to face.
>
> For each message:
>
> 1. Hash the msg i.e H = HASH(msg).
> 2. Encrypt the msg using msg_key = HASH(H || key0)
> 3. Transmit the ciphertext and H to the other person.
>
> That way they have to reverse a hash function not a cipher to find
your
> key. I.e you can keep using your homegrown algorithm as long as you
use
> a secure hash like SHA or MD5 (yes MD5 would work for this purpose
since
> collision resistance is a side benefit as longas it's not terrible
this
> will work).
>
> Tom
>
> Sent via Deja.com
> http://www.deja.com/
>
I would do something similar at first meeting I would give 2 keys
one for the next message (K1 in this case first message) and one
for the previous message (K0 in this case for the message never sent.
take your message call it P1 encrypt with K1
send it to bob
he takes decrypts and you use the plain text do a secure harsh
XOR the hash and K0 this becomes the next Key for the next message
used
Know you or bob ( but only 1 of you no two message in transisit)
send the next message you both know that key and the current key
and you never save more than one key back.
This way if 50 message down the track they recover to sequential
keys becaise of the XOR situation they can never recover older
messages.
in short
kused = kold XOR hash(previous message)
then
kold = kused
then loop for next message
Dave
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Distributed entropy distribution
Date: Thu, 08 Feb 2001 17:49:28 GMT
In article <95ulo3$2jq$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <95uiar$uvi$[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> ...
> >
> > 1. Share a key0 (128-bit string or whatever), this is when they
meet
> > face to face.
> >
> > For each message:
> >
> > 1. Hash the msg i.e H = HASH(msg).
> > 2. Encrypt the msg using msg_key = HASH(H || key0)
> > 3. Transmit the ciphertext and H to the other person.
> >
> > That way they have to reverse a hash function not a cipher to find
> your
> > key. I.e you can keep using your homegrown algorithm as long as you
> use
> > a secure hash like SHA or MD5 (yes MD5 would work for this purpose
> since
> > collision resistance is a side benefit as longas it's not terrible
> this
> > will work).
> >
> > Tom
> >
> > Sent via Deja.com
> > http://www.deja.com/
> >
>
> I would do something similar at first meeting I would give 2 keys
> one for the next message (K1 in this case first message) and one
> for the previous message (K0 in this case for the message never sent.
>
> take your message call it P1 encrypt with K1
> send it to bob
> he takes decrypts and you use the plain text do a secure harsh
> XOR the hash and K0 this becomes the next Key for the next message
> used
>
> Know you or bob ( but only 1 of you no two message in transisit)
>
> send the next message you both know that key and the current key
> and you never save more than one key back.
>
> This way if 50 message down the track they recover to sequential
> keys becaise of the XOR situation they can never recover older
> messages.
>
> in short
>
> kused = kold XOR hash(previous message)
> then
> kold = kused
> then loop for next message
That's actually a very neat idea. However it does suffer if a message
is out of order or missing.
It's a better idea if you want to make sure that the messages are never
read twice (i.e you secure delete the plaintext after reading it the
first time). Since you are trying to prevent people from reading it
twice you will delete it (it's not like the other side where you want to
copy it).
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: relative key strength private vs public key
Date: Thu, 08 Feb 2001 17:50:09 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Tom, I have read them. Comp Sci is FULL of instances where algorithms
have
> been improved and space requirements have gone down. If you want to
depend on
> space requirements for factoring holding you are free to do so, just
do not ask
> EVERYONE to do so. Each person can make his own choice. I try to be
> conservative in analysis and prudent and make my choice based on the
NIST
> numbers, others are free to do otherwise.
So you honestly use 16384 bit RSA keys?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: DSA PRG Flaw
Date: Thu, 08 Feb 2001 10:06:46 -0800
"Pedro Félix" wrote:
> Is there any published information (technical) about the flaw found in the
> DSA PRG by D. Bleichenbacher.
I haven't seen any, but I assume it is the simple observation that
if you generate a random number mod 2^160, and then reduce mod q
(where q is a 160-bit number), then there is a bias in the top
couple of bits.
It is hard to imagine this being a problem for anyone, but it would
be nice to get it fixed anyway.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
