Cryptography-Digest Digest #680, Volume #13 Mon, 12 Feb 01 11:13:00 EST
Contents:
Re: Cryptographic Windows APIs or OCX? (Armando P.)
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ....... (Viktor "CK" Pilpenok)
Rnadom Numbers (Viktor "CK" Pilpenok)
Re: File encryption with Rijndael (Viktor "CK" Pilpenok)
Re: RSA is not secure in many instances... (Tom St Denis)
Re: Rnadom Numbers (Tom St Denis)
Re: Rnadom Numbers ("Trevor L. Jackson, III")
Re: ideas of D.Chaum about digital cash and whether tax offices are ("Trevor L.
Jackson, III")
Re: Can anyone decrypt this? (Jeffrey Williams)
Re: Multiple-Key RSA cryptosystem (DJohn37050)
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ....... ([EMAIL PROTECTED])
Re: Password authentication with symmetric key exchange
([EMAIL PROTECTED])
Re: Password authentication with symmetric key exchange
([EMAIL PROTECTED])
Re: ith bit of an LFSR sequence? (Benjamin Goldberg)
Re: Mono cipher, genetic algorithm .. appropriate "Crossover?" ("Robert Reynard")
Re: Multiple-Key RSA cryptosystem ("Augusto Jun Devegili")
Re: File encryption with Rijndael (Benjamin Goldberg)
Re: CipherText patent still pending (Mok-Kong Shen)
Re: Rnadom Numbers (Rodrigo Nuno =?iso-8859-1?Q?Bragan=E7a?= da Cunha)
Re: Rnadom Numbers (Paul Crowley)
Re: Rnadom Numbers (Mok-Kong Shen)
Re: CipherText patent still pending (Mok-Kong Shen)
Re: CipherText patent still pending ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: Armando P. <[EMAIL PROTECTED]>
Subject: Re: Cryptographic Windows APIs or OCX?
Date: Mon, 12 Feb 2001 12:01:04 GMT
Thanks to all for your replies! I have started to try and use those
APIs, and am stumbling due to lack of background principles in the
field. Does anyone know of a good tutorial where I can solidify my SSL
and X.509 knowledge (specifically info on X.509 has been hard to
find)? Thanks in advance, as always I am very grateful for any and all
info I get!
Regards,
Armando
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <94k7se$tun$[EMAIL PROTECTED]>, Armando P. wrote:
> > I am a software developer and I need to implement SSL (SSLv3/TLS
> > if that helps) into my applications ...
> > ... I'm in dire need for a good (and well documented)
> > Cryptographic API (or Ocx) that I can implement into my existing
> > software.
>
> If you're considering MS CryptoAPI you must be writing exclusively
for
> Windows, so why not just use the internet connectivity functions in
> WinInet.dll? They'll handle SSL for you (using MS's S-channel SSPI
> DLL).
>
> The CryptoAPI functions are all documented in the Windows SDK
> documentation - search for CryptoAPI and/or look for functions with
> names starting "Crypt".
>
> Cheers,
> Daniel.
>
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Viktor "CK" Pilpenok <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and services, if
the Russian Federation is banning Jehovah's Witnesses .......
Date: Mon, 12 Feb 2001 12:12:42 GMT
In article <96408r$csb$[EMAIL PROTECTED]>,
Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
>
>
> I encourage all people around the world to boycott and ban all Russian
> goods and services, if the Russian Federation is banning Jehovah's
> Witnesses .......
>
> Sent via Deja.com
> http://www.deja.com/
>
And how the .... it's related to either sci.crypt, comp.security or
alt.security ? maybe you plan to enccrypt the russian federation to
death ? or throw crypto-related papers at them ????
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Viktor "CK" Pilpenok <[EMAIL PROTECTED]>
Subject: Rnadom Numbers
Date: Mon, 12 Feb 2001 12:29:38 GMT
Hi Everybody!
Is there any algorithm that allows to estimate the randomness of a
stream of numbers?
Thanks in advance. Viktor P
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Viktor "CK" Pilpenok <[EMAIL PROTECTED]>
Subject: Re: File encryption with Rijndael
Date: Mon, 12 Feb 2001 12:40:22 GMT
In article <[EMAIL PROTECTED]>,
Jirka Klaue <[EMAIL PROTECTED]> wrote:
> It's
> *guaranteed* to execute on *every* system, where a
> compiler is available.
> Again, in contrast to Java with some virtual machine.
>
> Jirka
In vact, the JVM is a *COMPILER* replacement for java, so what's the
point in all of that, for C you need some binary (compiler) and for
java you need another binary (VM) to run the program, kinda the same ...
In addition there are 2 other points
* Java VM's are generaly more avaiable and most of them are freeware
(even Microsoft doesn't takes bucks for their JVM) while most of C
compilers are not.
* Java is binary-portable, you can compile a Java class on one machine
and run it on another, totaly diferent one. C in contrast, requeres you
to recompile and in many cases (from my own expirience) to spend hours
fiddeling with the sources.
Viktor P
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA is not secure in many instances...
Date: Mon, 12 Feb 2001 13:03:36 GMT
In article <967m2r$5kp$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> > Very unlikely. See Section 9 of <http://eprint.iacr.org/2001/007/>.
>
> That paper says strong prime is not needed. I don't think so. If
> (p-1)(q-1) does not contain any large factor, it will be a disaster.
>
> Try pick 2 (or 200) messages, call them m1 and m2
> Suppose T=(p-1)(q-1) = 20 * p2 * ... * pk, all small primes
>
> With certain probability, m1 = g^(p2 *... * pj)
> With certain probability, m2 = g^(p_j+1 * ... * pk)
>
> Then (m1 * m2) = g^(T/20)
> (m1 * m2)^20 = g^T = 1
> (m1 * m2)^20e = 1
>
> If there's no large prime, the probability will be very favorable...
> Spare my typing. You can figure out the rest.
>
> (How come nobody sees what I really did with the theorem in my last
> post? Again the answer is just one sentence long.)
The chances of guessing the period of any multiplicative group is about as
favorable as guessing the factors.
Let's say you have lcm(p-1,q-1) that has 20 factors... well there are
sum from {i=1 to 20} (20 choose i), possible periods. Still marginal
compared to the fact that you have large numbers.
And since you don't know lcm(p-1,q-1) guessing the periods makes it harder.
What do you think you're attack is? Find a key (e, n) and guess inversions
by doing m^g mod n = 1? (g = guess) That's nuts!
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Rnadom Numbers
Date: Mon, 12 Feb 2001 13:04:10 GMT
In article <968kvd$s48$[EMAIL PROTECTED]>,
Viktor "CK" Pilpenok <[EMAIL PROTECTED]> wrote:
> Hi Everybody!
>
> Is there any algorithm that allows to estimate the randomness of a
> stream of numbers?
There are an infinite number of algorithms for such a task.
Want to be more specific?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Reply-To: don't
Subject: Re: Rnadom Numbers
Date: Mon, 12 Feb 2001 13:24:54 GMT
Viktor CK Pilpenok wrote:
> Hi Everybody!
>
> Is there any algorithm that allows to estimate the randomness of a
> stream of numbers?
Yes. In code it is: "bool israndom( int * data, int len ) { return
false; }"
... because data is not random. Data sources can be random because they
can be unpredictable. Data just is what it is.
If you want a test that detects non-randomness search for DIEHARD.
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Reply-To: don't
Crossposted-To: talk.politics.crypto,alt.cypherpunks
Subject: Re: ideas of D.Chaum about digital cash and whether tax offices are
Date: Mon, 12 Feb 2001 13:26:07 GMT
Roger Schlafly wrote:
> phil hunt wrote:
> > On Sat, 10 Feb 2001 23:23:20 GMT, Darren New <[EMAIL PROTECTED]> wrote:
> > >Anyway, kiddie porn is illegal in the USA even if no kiddies are ever
> > >involved in it, so it's clearly not to protect the children, but to give
> > >people someone to hate.
> > Also bear in mind that many times more children are harmed by
> > unhealthy diets, and do they ban McDonalds? I'll let you guess the
> > answer to that question.
>
> I don't think the kiddie porn statement is even true. I couldn't find
> the reference, but I believe that the 9th Circuit knocked out that
> aspect of the law, and the US Supreme Court is now considering the
> issue. Previous kiddie porn case involved kiddies. I do not think
> that anyone has been successfully prosecuted for kiddie porn when
> no kiddies were involved.
>
> (Of course the situation might be different with the SC gets done
> with it.)
I'd hate to get one of those "I know a kiddie when I see one" decisions.
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: Can anyone decrypt this?
Date: Mon, 12 Feb 2001 07:41:30 -0600
Eric,
in general, challenges to this group to decrypt some piece of ciphertext
are met with flames (sometimes intense flames). If you have created an
algorithm and want feedback on it, post the algorithm along with an
explanation of how it works and why you think it's secure. Some sample
ciphertext (and plaintext) would not be out of order.
In this case, it looks like you have a Word file that you want
decrypted. If it uses the standard Word encryption tools, I suspect
that there are folks out there who can easily decrypt it (I don't know
about the latest versions of Word - older versions had insecure
encryption tools). However, simply asking someone to decrypt a file for
you without explaining why you need it decrypted (and why you have a
right to have it decrypted) probably won't get you far in this group.
This is especially true given the name of the document you want
decrypted.
You might try a group like alt.2600 or such. Of course, if you do not
have the right to have the file decrypted, you might want to think twice
about publically asking for such help.
LL&P
Jeff
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 12 Feb 2001 14:02:45 GMT
Subject: Re: Multiple-Key RSA cryptosystem
Already done before.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and services, if
the Russian Federation is banning Jehovah's Witnesses .......
Date: Mon, 12 Feb 2001 14:02:28 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> On Sat, 10 Feb 2001 18:11:45 GMT, Markku J. Saarelainen
> <[EMAIL PROTECTED]> wrote, in part:
>
> >I encourage all people around the world to boycott and ban all
Russian
> >goods and services, if the Russian Federation is banning Jehovah's
> >Witnesses .......
>
> And we can also add:
>
> - the attacks on Chechnya comitted with disregard for civilian life
How about war NATO with Serbia in Kosovo. Are civilian was happy?
Chechnya is territory of Russian Federation.
There is a war now on this territory.
In any war civilian people was cut up.
> - the unwillingness of Russia to waive diplomatic immunity in the case
> of a drunk driver who killed a Canadian woman
It's terrible when driver drink but not only Russian diplomat commit a
crime on territory of another country.
How about USA consul in Vladivostok in Russia. He make young man
physically handicapped when he driving. He use diplomatic immunity
and don't been punished.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
>
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Password authentication with symmetric key exchange
Date: Mon, 12 Feb 2001 14:22:48 GMT
Hold your horses Paul! I don't believe your criticism is entirely fair.
We have published our algorithm along with source code and a pretty
balanced description of it's purpose and properties. We do so, because
we want it to be reviewed, and we still wait for others to give it a
shot. I'd venture to say this is _not_ typical behaviour for snake oil
vendors, but perhaps you don't want any new open research to be done at
all.
Visit us at http://www.streamsec.com
Email your comments to [EMAIL PROTECTED]
In article
<[EMAIL PROTECTED]>,
Paul Crowley <[EMAIL PROTECTED]> wrote:
> He's already hyping this amazing new technology as the key product of
> a new company, despite zero academic review,....
Well, "zero academic review" isn't exactly true, since I myself have an
academic background with studies in mathematics among other things.
Steak is a proposed encryption algorithm we didn't come up with over
night. It's more like the result of a couple of years of research. We
actually published it to get review from others (cf a previos thread
here on sci.crypt).
And I would not say we are "hyping" our technology. We clearly state
the purpose and status of our own algorithms and protocols. How would
you get an open review of any technology without that?
> and basic misconceptions
> about the work of similar technologies (in private email, he expressed
> the belief that EKE meant "used only symmetric technologies" and
> therefore an EKE exchanged did not involve modular exponentiation).
Yes, I admit that. I thought that you by "EKE" meant "encrypted key
exchange protocol" generally. But what about the other basic
misconceptions you were talking about? It is possible that we have made
mistakes translating the pages to english.
> When I challenged him about this in email, he said the company existed
> not just for this algorithm, but to write secure software generally.
> However, it's clear that any company that would list an unreviewed
> amateur's cipher under "Products" on the Web page is *not* one you'd
> be sane to go to for your security software.
Hm, yes, SteakCipher should be listed under "Research", not "Products",
as that was my original intention. I will point that out to our
webmaster. There are other things about our homepage that comes
directly from the draftboard and shouldn't be published. Thank's for
your comment.
> Yet another flavour of snake oil goes on the market. *sigh*
Err. There is nothing particularly snake-oily about our products. It
would have been if we had held the cipher secret to avoid this kind of
comments, and still published "security" software based on the cipher.
I assure you that we don't release any software using our own protocols
and algorithms as anything but alpha versions literally marked with
warning signs, until enough people have made a serious attempt to crack
it and failed!
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Password authentication with symmetric key exchange
Date: Mon, 12 Feb 2001 15:00:18 GMT
In article <[EMAIL PROTECTED]>,
Thomas Wu <[EMAIL PROTECTED]> wrote:
> Can you give a performance comparison of your protocol compared to,
> say, HMAC-SHA1? For authentication, the combination of "MAC and
> cipher two-in-one" doesn't make sense, because a MAC is what
accomplishes
> the task of password authentication. One might use an encryption
> algorithm to construct the MAC, but usually not both. Is Steak
> faster than a pure MAC?
Thank's for the suggestion. We will put togeteher some kind of
performance comparison soon. Steak is about as fast as the pascal
implementation of Rijndael in ECB mode we compared it with. This means
that it is about 16 times as fast as Rijndael in CFB 8/128- or PCFB
mode. The speed of a MAC usually depends linearly on the speed of the
underlying block cipher, so you could calculate the figures yourself.
> > Furthermore, since Steak is error propagating and the hash value is
> > salted, an eavesdropper would not necessarily be helped by a
dictionary.
>
> But an eavesdropper can still conduct a brute-force guessing attack
> if he captures the challenge and response. If Steak is faster than
> HMAC-SHA1, it'll be that much faster to brute-force.
This true. There are several more secure protocols.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: ith bit of an LFSR sequence?
Date: Mon, 12 Feb 2001 15:16:40 GMT
David Wagner wrote:
>
> Rob Warnock wrote:
> >Hmmm... There *is* perhaps one advantage to the matrix method in the
> >special case that you need to compute many state successors for some
> >given "i", which is that you only have to compute Mi = M^i once, then
> >you can use Mi over & over to compute the i'th successor to *any*
> >state "s" by simply multiplying Mi x s,
>
> This is also possible in the polynomial formulation.
> Calculate y = x^i mod p(x), then the i-th successor to any state s
> can be calculated as y*s mod p(x). Since this seems likely to be
> faster in the polynomial formulation than in the matrix formulation
> (if I didn't overlook anything), I'm not sure whether there is any
> advantage to the matrix approach?
I'm not sure if it's been stated already, but... can't the matrix
approach be done efficiently more in hardware than the polynomial
approach?
--
A solution in hand is worth two in the book.
------------------------------
From: "Robert Reynard" <[EMAIL PROTECTED]>
Subject: Re: Mono cipher, genetic algorithm .. appropriate "Crossover?"
Date: Mon, 12 Feb 2001 10:15:50 -0500
<[EMAIL PROTECTED]> wrote in message
<<There are plenty of hits from google for "hillclimbing optimisation". >>
Yes, I think this is a good one -
http://www.neusciences.com/Technologies/ga_guide.htm
Chris,
I have a request similar to Joe Peschel's
Could you contact me directly off line?
Thanks.
Robert Reynard
Author, Secret Code Breaker series of crypto books for young readers (8-16
yr.)
------------------------------
From: "Augusto Jun Devegili" <[EMAIL PROTECTED]>
Subject: Re: Multiple-Key RSA cryptosystem
Date: Mon, 12 Feb 2001 12:34:56 -0300
Could anyone possibly tell me where I can find this information?
"DJohn37050" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Already done before.
> Don Johnson
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: File encryption with Rijndael
Date: Mon, 12 Feb 2001 15:28:37 GMT
Viktor CK Pilpenok wrote:
>
> In article <[EMAIL PROTECTED]>,
> Jirka Klaue <[EMAIL PROTECTED]> wrote:
>
> > It's *guaranteed* to execute on *every* system, where a compiler is
> > available. Again, in contrast to Java with some virtual machine.
> >
> > Jirka
>
> In vact, the JVM is a *COMPILER* replacement for java, so what's the
> point in all of that, for C you need some binary (compiler) and for
> java you need another binary (VM) to run the program, kinda the
> same...
>
> In addition there are 2 other points
> * Java VM's are generaly more avaiable and most of them are freeware
> (even Microsoft doesn't takes bucks for their JVM) while most of C
> compilers are not.
DJGPP, gcc are two examples of free compilers. What about .java->.class
compilers? Those are often non-free, IIRC.
> * Java is binary-portable, you can compile a Java class on one machine
> and run it on another, totaly diferent one. C in contrast, requeres
> you to recompile and in many cases (from my own expirience) to spend
> hours fiddeling with the sources.
If the program is written in ISO-C, then it needs little or no fiddling
with the source.
Now consider java with a AWT gui. Things layed out one way on one
system will often appear totally wrong on another system. Also, java
with native calls is generally nonportable, too.
As to saying that you have to recompile with C... yes, that's true...
you need to recompile once per platform (assuming the C source uses
platform independent code). Java, OTOH, does jit compiling on each
class file each time its loaded. This interpretation of "compile"
considers .class files as "source" to be made into the local platform's
machine language. If "compile" is interpreted the other way, sure, java
needs only one compile ever to be used for all platforms, but if this is
the only type of "compile" you allow, and you disable the jit compiler,
java runs absurdly slow.
--
A solution in hand is worth two in the book.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: CipherText patent still pending
Date: Mon, 12 Feb 2001 16:35:24 +0100
wtshaw wrote:
>
[snip]
>
> Amen
> > http://home.t-online.de/home/mok-kong.shen
>
> BTW, all I get to the above is "Unable to access document."
I verified accessibility at three independent internet access
points. Could be a transient error. Please kindly inform, if
error persits on your side.
M. K. Shen
------------------------------
Date: Mon, 12 Feb 2001 15:36:14 +0000
From: Rodrigo Nuno =?iso-8859-1?Q?Bragan=E7a?= da Cunha <[EMAIL PROTECTED]>
Subject: Re: Rnadom Numbers
Viktor CK Pilpenok wrote:
>
> Hi Everybody!
>
> Is there any algorithm that allows to estimate the randomness of a
> stream of numbers?
You can prove a stream is "expressable" within an axiomatic system, but you can
not prove it to be non expressable (without compression, at least, witch mean s
it is corretated with the system or non correlated), whithin any non trivial
axiomatic system. That's something emanating from Shanon's Theory of
information, IIRC.
------------------------------
Subject: Re: Rnadom Numbers
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Feb 2001 15:42:46 GMT
Viktor "CK" Pilpenok <[EMAIL PROTECTED]> writes:
> Is there any algorithm that allows to estimate the randomness of a
> stream of numbers?
Measuring the algorithmic randomness of a stream of data is provably
impossible. However, the DIEHARD suite will detect many common flaws
in pseudo-random number generators.
http://stat.fsu.edu/~geo/diehard.html
If you want to measure, for example, the entropy of a passphrase, or
of data gathered to feed to an RNG like Yarrow, you have a very hard
problem on your hands; no one algorithm will do it, because you have
to design your own model for the incoming data specific to the source.
http://www.counterpane.com/yarrow.html
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Rnadom Numbers
Date: Mon, 12 Feb 2001 16:50:07 +0100
Viktor CK Pilpenok wrote:
>
> Is there any algorithm that allows to estimate the randomness of a
> stream of numbers?
See http://csrc.nist.gov/rng/
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: CipherText patent still pending
Date: Mon, 12 Feb 2001 16:47:19 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > ... On the other hand, there is some
> > chance, I believe, that the novices occassionally by
> > chance/luck come upon some eventually useful ideas about
> > cipher constructs that others have not reflected upon before.
>
> It wouldn't matter, because the rare accidental improvement
> would be lost in the sea of bad ideas not worth spending
> time analyzing. There are *already* several *important*
> cipher systems for which no practical method of attack is
> (publicly) known. Anyone who can perform analysis at the
> frontiers of knowledge will find it more rewarding to spend
> his time working on *those* systems, rather than on some
> unknown system, devised by an amateur, that is unlikely ever
> to play an important role in science, commerce, or society.
> Occasionally it is instructive to examine how such a system
> can be attacked; e.g., many years ago in response to a
> proposed amateur system named "crypto", I quickly wrote a
> small program "otpryc" that performed automatic C/A of it
> as an illustration of a couple of points that ought to be
> understood before even starting to design any cryptosystem.
I have given very good advices on how to effectively get
shielded from stuffs that one doesn't want to see in
previous follow-ups, I believe.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: CipherText patent still pending
Date: Mon, 12 Feb 2001 15:02:13 GMT
JPeschel wrote:
> Do you still have the C/A program on hand somewhere, Doug,
> and perhaps, the amateur system?
Unfortunately my older file archives were lost through a
system administration problem. However, I can describe the
essence:
The proposed system took a password and used it to seed a
garden-variety PRNG. I think the PRNG state was 32 bits
although it might have been 16 bits. The PRNG output was
used in some simple KG way, e.g. XOR with the low byte, to
encrypt plaintext one bytes at a time.
My automated cracking program performed a brute-force search
through the key space, reconstructing the PRNG state (I
might actually have just clocked the PRNG if it was maximal
period), testing for probable plaintext simply by looking
for 0 bits as the high bit of each byte. (This works for
ASCII text, for example.)
Note that it didn't require a sophisticated attack to break
this particular system, nor indeed any similar system.
The points that should be obvious after reflecting on this
include:
(1) KG-style systems permit easy tests on putative recovered
plaintext.
(2) A known-plaintext approach can be expected in a general
purpose system, if for no other reason than that every 8th
bit of an ASCII plaintext is known (to be 0). Unless the
system treats individual bits of the data bytes independently,
this is just as good as knowing contiguous PT of 1/8 the size.
(3) It doesn't matter how big a "password" might be; it's the
internal cryptovariable size that actually has effect.
(4) If the effective key space is too small, a brute-force
search can be mounted.
(5) No small tweaks can fix the problems; the whole design
needs to be replaced.
All of these points should already be well known to experts,
but I thought it might be instructive to newbies to see how
easily a naive cryptosystem might be successfully attacked.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
