Cryptography-Digest Digest #679, Volume #13 Mon, 12 Feb 01 07:13:00 EST
Contents:
Re: Steganography with ASCII text files (JPeschel)
Re: CipherText patent still pending (JPeschel)
Re: Fractal encryption? (JPeschel)
Re: Cryptologia back-issues .. a wishful idea for the publishers (wtshaw)
Re: CipherText patent still pending (wtshaw)
Re: Office / Excel encryption (rcg)
Re: The Kingdom of God (Niklas Frykholm)
Re: ith bit of an LFSR sequence? (David Wagner)
Re: What is kerebos? ("Sam Simpson")
Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
([EMAIL PROTECTED])
Re: Fractal encryption? (Ichinin)
Re: Steganography with ASCII text files (Mok-Kong Shen)
Re: Steganography with ASCII text files (Mok-Kong Shen)
Re: Steganography with ASCII text files (Mok-Kong Shen)
Re: Mono cipher, genetic algorithm .. appropriate "Crossover?" (Mok-Kong Shen)
Re: Mono cipher, genetic algorithm .. appropriate "Crossover?" (JPeschel)
Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
([EMAIL PROTECTED])
Re: The Kingdom of God (JPeschel)
Re: Fractal encryption? (Paul Crowley)
Re: Password authentication with symmetric key exchange (Paul Crowley)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 12 Feb 2001 06:30:15 GMT
Subject: Re: Steganography with ASCII text files
Mok-Kong Shen [EMAIL PROTECTED] writes:
>It is a relative matter. At least in my personal case,
>I have plenty of text files ready for use and don't
>need to get these other files. What I find is more
>inconvenient with graphical files is either to have to
>get those algorithms to process or have to implement them
>myself, while what I suggested is very elementary so that I
>could easily start from scratch (composing my own cover
>text) and be entirely independent of other people.
>
If you plan on converting your text files to HTML and using
the white space in the source code for hiding information, you
could run into problems. On the Fortunecity site I use,
I find that my original HTML source is changed after I
put it on the server. Not only is other code added for
banners and the like, but my source code is mangled
and well-nigh devoid of any white space. I think other
free servers may be like Fortunecity's. If that's true, then
information hidden in your source code is gone.
So be careful which server you pick. I still think, however,
that you're much better off using small images as
carriers. You could, for instance, download a single
image and make copies of it for use as your carrier. The
image might be your web page's logo, and would seemingly
never change, except for the information within it.
For example, the logo on my page never changes...
or does it?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 12 Feb 2001 06:38:36 GMT
Subject: Re: CipherText patent still pending
Douglas A. Gwyn [EMAIL PROTECTED] writes, in part:
>Occasionally it is instructive to examine how such a system
>can be attacked; e.g., many years ago in response to a
>proposed amateur system named "crypto", I quickly wrote a
>small program "otpryc" that performed automatic C/A of it
>as an illustration of a couple of points that ought to be
>understood before even starting to design any cryptosystem.
Do you still have the C/A program on hand somewhere, Doug,
and perhaps, the amateur system?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 12 Feb 2001 06:54:40 GMT
Subject: Re: Fractal encryption?
[EMAIL PROTECTED] writes, in part:
> I am not a crypto expert, indeed I have only basic knowlege of
>encryption techniques. However, I am curious to know if such a programme
>exists that allows one to use a fractal rather than a textual code to
>encrypt a document.
There used to be a product called Safeguard Fractal Encryption Software.
This appears in Peter Gutmann's link farm under "Snake Oil." Peter
facetiously describes it: "Fractal encryption - even though it only uses a
40-bit key, it's a 40-bit key with *fractals*, which makes it magically safe."
The link:
http://www.solar-flare.com/encrypt.html
and, I hope, the company are inactive now.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Cryptologia back-issues .. a wishful idea for the publishers
Date: Mon, 12 Feb 2001 01:01:58 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> Are you working on any new stuff, Jim?
>
I understand he's away for a few days.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: CipherText patent still pending
Date: Mon, 12 Feb 2001 01:08:53 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> It is up to everyone in this group to post what, how much,
> how often. For this group is not a monitored one. This is
> indeed one of the points I like to stress.
Amen
>
> M. K. Shen
> ----------------------------
> http://home.t-online.de/home/mok-kong.shen
BTW, all I get to the above is "Unable to access document."
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: [EMAIL PROTECTED] (rcg)
Subject: Re: Office / Excel encryption
Date: Mon, 12 Feb 2001 08:20:08 GMT
I wrote a vba program several years ago that would try random
passwords in a loop until it opened a password protected excel file.
It typically opened a file protected with a 4 char password in a
couple of hours (running on a 100 MHz 486, win 95).
At the time, word used a different language model (word basic) that I
was unable to use the same idea on (the error handling was different).
If you are interested, I think I could locate the sorce code. It
might work on newer versions of excel or (more likely), it could
perhaps be modified.
Bob.
On Fri, 9 Feb 2001 17:08:51 -0500, "Ryan Moore"
<[EMAIL PROTECTED]> wrote:
>I am an idiot who encrypted an Excel file and forgot the password. I'm also
>incredibly cheap (and poor), so I don't want to pay for a program to
>crack(a.k.a. recover) the file passwords ($29.95 for guaranteed results).
>My only saving graces may be that I like crypto, I can and am willing to
>read, and I know enough programming and math to get by.
>
>I'm looking for a pointer to any information on the encryption used by
>Microsoft in the Office products, specifically Excel 97. I've read that
>there are "significant enhancements" between O95 and O97 such that it is no
>longer trivial to crack '97 passwords, but I can't find anything that
>contains information as to what the original was or how it has been
>improved.
>
>According to the Elcom Advanced Office 97 Password Recovery tool (demo),
>there are at least 4 possible different ways to password-protect an excel
>file:
>Write protection
>Book protection
>Shared book protection
>Sheet protection
>
>I haved searched Microsoft's site and the web for information about
>encryption and password protection, but to no avail. There are many links
>to Recovery Companies, but I haven't found any useful information. I want
>to make my own cracker, let it brute-force for a month or whatever is
>necessary.
>
>I know somebody has this information. I only hope that A) That somebody is
>willing to share and B) it's not proprietary/non-disclosure/we'll shoot you
>if you tell anyone kind of stuff.
>
>Anybody?
>
> - Ryan Moore, [EMAIL PROTECTED]
>
>
------------------------------
From: [EMAIL PROTECTED] (Niklas Frykholm)
Crossposted-To: alt.security,comp.security,alt.2600
Subject: Re: The Kingdom of God
Date: Mon, 12 Feb 2001 08:36:57 +0000 (UTC)
>> Smile! There is no god.
>
>And if there was would it matter anyways?
Yes! If there is a god it can probably break all the cryptography in use
today, since recent theological findings have indicated that god is
not polynomially bounded.
I am working on a 666-bit cipher which will be safe from the prying eyes
of god.
// Niklas
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: ith bit of an LFSR sequence?
Date: 12 Feb 2001 09:15:04 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Rob Warnock wrote:
>Hmmm... There *is* perhaps one advantage to the matrix method in the
>special case that you need to compute many state successors for some
>given "i", which is that you only have to compute Mi = M^i once, then
>you can use Mi over & over to compute the i'th successor to *any* state
>"s" by simply multiplying Mi x s,
This is also possible in the polynomial formulation.
Calculate y = x^i mod p(x), then the i-th successor to any state s
can be calculated as y*s mod p(x). Since this seems likely to be faster
in the polynomial formulation than in the matrix formulation (if I didn't
overlook anything), I'm not sure whether there is any advantage to the
matrix approach?
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: What is kerebos?
Date: Mon, 12 Feb 2001 09:41:43 -0000
I was referring specifically to the Subject of this thread ;)
--
Regards,
Sam
http://www.scramdisk.clara.net/
B. Wooster <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Actually, I did. The dictionary has it as 'jackass' not 'jack ass'
> <g>.
>
> ------------------------------------------------------
>
> > On Mon, 12 Feb 2001 01:29:36 -0000, "Sam Simpson" <[EMAIL PROTECTED]>
wrote:
>
> >Hopefully you'll manage to spell that right though, eh? ;)
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
Date: Mon, 12 Feb 2001 09:35:43 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> No matter what the details of the genetic-algorithm implementation,
> 100-character cryptograms are unlikely to be solved unless you use
> a large linguistic database. I suspect digram scoring won't suffice.
>
I've implemented a monoalphabetic substitution solver using shotgun
hill-climbing. It's much simpler to understand than genetic algorithms
IMO, and very effective. I've experimented with using digrams, trigrams
and tetragrams (is that the correct term?), and I find trigrams to give
the best results. It solves, or gives a close solution to cryptograms
longer than about 80-90 characters, although I expect it would have
difficulty with cryptograms specially constructed using uncommon
trigrams.
Chris
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption?
Date: Mon, 12 Feb 2001 10:07:54 GMT
Advice: Take a look at fractals (yes you heard right) - LOOK at the
fractals using some fractal exploration program, then you'll see why it
is bad. For now, fractals are repeatitive and have little diversity for
each recursion. (If someone know better; please show me - i haven't
played with fractals since the mid 90's.)
It is better to base the system on well known problems, something
like "keyed bit flipping" or eliptic curves.
Regards,
Ichinin
[Crypto novice]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Mon, 12 Feb 2001 11:27:19 +0100
Nicholas Sheppard wrote:
>
[snip]
> However, it is trivial for someone who knows (or suspects) that a secret
> message exists to destroy the message by simply re-typesetting the HTML
> file. E.g. these methods won't work for embedding a watermark, or if the
> data is being intercepted by a paranoid censor.
Yes, you are right. Watermarking is an extremely difficult
research topic in modern steganography and is defacto
currently (almost) the entire field. My humble scheme
has nothing to do with that but serves only to transmit a
very low volume of message information. If the sending site
is not corrupted, e.g. via mechanisms legitimated by certain
laws, then it is rather difficult to lauch an active attack,
since the time of access by the receivers is rather
unpredictable in the scenario I depicted.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Mon, 12 Feb 2001 11:27:31 +0100
JPeschel wrote:
>
> Mok-Kong Shen wrote:
>
> >It is a relative matter. At least in my personal case,
> >I have plenty of text files ready for use and don't
> >need to get these other files. What I find is more
> >inconvenient with graphical files is either to have to
> >get those algorithms to process or have to implement them
> >myself, while what I suggested is very elementary so that I
> >could easily start from scratch (composing my own cover
> >text) and be entirely independent of other people.
> >
>
> If you plan on converting your text files to HTML and using
> the white space in the source code for hiding information, you
> could run into problems. On the Fortunecity site I use,
> I find that my original HTML source is changed after I
> put it on the server. Not only is other code added for
> banners and the like, but my source code is mangled
> and well-nigh devoid of any white space. I think other
> free servers may be like Fortunecity's. If that's true, then
> information hidden in your source code is gone.
>
> So be careful which server you pick. I still think, however,
> that you're much better off using small images as
> carriers. You could, for instance, download a single
> image and make copies of it for use as your carrier. The
> image might be your web page's logo, and would seemingly
> never change, except for the information within it.
> For example, the logo on my page never changes...
> or does it?
You are right, if availability of images and getting the
right tool to process these are no problems. To the issue
of white spaces, the answer is that I don't exploit white
spaces at all. I use the even/odd-ness of the count of the
words in selected lines to determine the bits (0/1). It's
not very efficient but should be generally stable against
the phenomena you described, I suppose. Of course, it is
always a good idea to do checks and migrate if nothing
else helps.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Mon, 12 Feb 2001 11:27:25 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I think therefore that it may be valuable to investigate the
> > possibility of using the normally more easily available ASCII
> > text files (as cover) instead.
>
> Indeed, several people have already done just that.
> As you observe, HTML allows one enough flexibility
> to exploit steganographically. The same is true for
> PDF, Word, and other common formats. Plain (ASCII)
> text is trickier since there is less that can be
> varied without affecting the appearance; even adding
> spaces at the ends of text lines is easily seen by
> many methods of viewing the files.
Thanks for the very valuable informations. I like to
take the opportunity to repeat that, where feasible,
one should avoid sending documents with stego to the
receivers but instead let them access these.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
Date: Mon, 12 Feb 2001 11:36:04 +0100
[EMAIL PROTECTED] wrote:
>
[snip]
> I've implemented a monoalphabetic substitution solver using shotgun
> hill-climbing. It's much simpler to understand than genetic algorithms
I have encountered several times the terminology. Could
you give a related reference? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 12 Feb 2001 11:00:43 GMT
Subject: Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
[EMAIL PROTECTED] writes:
>I've implemented a monoalphabetic substitution solver using shotgun
>hill-climbing. It's much simpler to understand than genetic algorithms
>IMO, and very effective. I've experimented with using digrams, trigrams
>and tetragrams (is that the correct term?), and I find trigrams to give
>the best results. It solves, or gives a close solution to cryptograms
>longer than about 80-90 characters, although I expect it would have
>difficulty with cryptograms specially constructed using uncommon
>trigrams.
Hi Chris,
I'm always interested in seeing new solvers and crackers, and adding
them to my web site. I'd like to see your hill-climber if possible, and
maybe you'll let me add it to the "Historical" page of my web site.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
Date: Mon, 12 Feb 2001 11:22:12 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> [EMAIL PROTECTED] wrote:
> >
> [snip]
>
> > I've implemented a monoalphabetic substitution solver using shotgun
> > hill-climbing. It's much simpler to understand than genetic
algorithms
>
> I have encountered several times the terminology. Could
> you give a related reference? Thanks.
Hillclimbing (aka "steepest descent") is a simple optimisation
technique, which is well-suited to classical ciphers. There are plenty
of hits from google for "hillclimbing optimisation". The "shotgun" bit
refers to picking a new starting point at random when a local maximum
(or minimum) is hit.
I think the term "shotgun hillclimbing" was coined by Jim Gillogly, but
I expect someone will prove me wrong.
Chris
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 12 Feb 2001 11:51:10 GMT
Subject: Re: The Kingdom of God
[EMAIL PROTECTED] (Niklas Frykholm) writes:
>>> Smile! There is no god.
>>
>>And if there was would it matter anyways?
>
>Yes! If there is a god it can probably break all the cryptography in use
>today, since recent theological findings have indicated that god is
>not polynomially bounded.
>
>I am working on a 666-bit cipher which will be safe from the prying eyes
>of god.
But God already knows the plaintext.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Subject: Re: Fractal encryption?
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Feb 2001 11:57:18 GMT
"S. Welsh" <[EMAIL PROTECTED]> writes:
> I am not a crypto expert, indeed I have only basic knowlege of
> encryption techniques. However, I am curious to know if such a programme
> exists that allows one to use a fractal rather than a textual code to
> encrypt a document. If this sort of thing is purely Star Treknology, then
> please tell me, likewise if it is not!
Such schemes sound cool but turn out to be much less secure than
today's ciphers. Fractals are interesting precisely because they have
lots of readily observable structure, but we want our cryptosystems to
hide all structure of the plaintext
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Subject: Re: Password authentication with symmetric key exchange
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Feb 2001 11:57:23 GMT
Thomas Wu <[EMAIL PROTECTED]> writes:
> Can you give a performance comparison of your protocol compared to,
> say, HMAC-SHA1?
Or UMAC? I'd love to see the speed comparison with UMAC!
See this guy's Web pages:
http://www.streamsec.se/
http://www.streamsec.com/
He's already hyping this amazing new technology as the key product of
a new company, despite zero academic review, and basic misconceptions
about the work of similar technologies (in private email, he expressed
the belief that EKE meant "used only symmetric technologies" and
therefore an EKE exchanged did not involve modular exponentiation).
When I challenged him about this in email, he said the company existed
not just for this algorithm, but to write secure software generally.
However, it's clear that any company that would list an unreviewed
amateur's cipher under "Products" on the Web page is *not* one you'd
be sane to go to for your security software.
Yet another flavour of snake oil goes on the market. *sigh*
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
