Cryptography-Digest Digest #696, Volume #13 Fri, 16 Feb 01 05:13:00 EST
Contents:
Digital signature w/o original document ("David Sowinski")
Re: Super strong crypto (wtshaw)
Re: "RSA vs. One-time-pad" or "the perfect enryption" (wtshaw)
Triple-DES MAC ("Christian Schwarz")
Re: /dev/random under Linux (Matt J)
Re: Ciphile Software: Why .EXE files so large (Anthony Stephen Szopa)
Re: Triple-DES MAC ("Christian Schwarz")
Re: speed vs security ("Simon Hunt")
Re: Steak Stream Cipher ("Henrick Hellström")
Re: Ciphile Software: Why .EXE files so large ("Michael Brown")
Re: "RSA vs. One-time-pad" or "the perfect enryption" ("RV")
----------------------------------------------------------------------------
Reply-To: "David Sowinski" <[EMAIL PROTECTED]>
From: "David Sowinski" <[EMAIL PROTECTED]>
Subject: Digital signature w/o original document
Date: Fri, 16 Feb 2001 00:18:49 -0600
I am interested in generating a digital signature that can later be verified
without the original document. I recall coming across a homomorphic
encryption/signature scheme awhile back, but cannot find much information on
it now. Does anybody know if this is possible?
Regards,
-dave
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Super strong crypto
Date: Thu, 15 Feb 2001 23:51:18 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> Here is a "straw man" block cipher design for you all to analyze:
> The last PT block before the unicity distance is reached contains
> a newly generated random key to replace the one currently in use.
> It's a new form of "chaining" mode, if you wish.
That is a good way for cipher strength to be maximized for a poor cipher,
if you have an idea what is a safe amount. Figure that most brief
messages can be less than that much too. Need longer messages, pick a
better cipher.
>
> > ... I know that a sound set of reasonable objectives for highly
> > secure systems can be done, not what we have in the internet
> > today, nor in most computers.
>
> I still urge you to *publish* such a set of security objectives.
> How are people going to learn to do better if nobody is willing
> to teach?
>
Sounds like a good idea. In fact, I may have already covered most of it.
I'll have to check the archives. People have asked me to physically
publish many of my crypto/security ideas. Now that I have one book about
finished, since I like the format I used, I may well be use it for the
techincal stuff.
>
> That's partly right, but it doesn't take a conspiracy to explain
> the current situation; normal human stupidity can explain it.
> It is not just cryptography that is seized upon by the lusters
> after power; other scapegoats include crime, video games, health
> care, etc. Whatever they can frighten the public with.
Its pretty thin, and the contrived situations are often dramatically
overstated. It is not that people may not care about their choice of
excitable issues, but that the hypers seem so neurotic in crying wolf.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: Fri, 16 Feb 2001 00:02:04 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> Essentially, one can divide ciphers up into three classes.
>
> 1)
> The one-time-pad and its equivalents.
>
> It is completely unbreakable, but for a given amount of key, you can
> only send an equivalent amount of messages. So you have to exchange
> keys in advance - and you must allow for the possibility of having to
> make another exchange of keys when you run out.
>
> 2)
> Conventional ciphers.
>
> Here, you have a short, convenient key. But theoretically, it can
> always be broken: once you've sent a message longer than the key, it
> can at least be broken by a brute-force attack. But you can make the
> key long enough to make that impractical, and you can make the cipher
> as complicated as you want.
>
> So you don't have provable unbreakability, but you can get so
> elaborate that there really isn't much to worry about.
>
> 3)
> Public-key ciphers.
>
> Here, you have to create information that you give to people which
> tells them how to send messages to you. You keep secret, though,
> something additional which lets you read those messages.
>
> Since what you sent let people write the messages, how to read them is
> - must be - implicit in what you sent.
>
> The only reason this works as a cipher system is because there happens
> to be a mathematical 'trick' it is based on.
>
> There doesn't seem to be a way around it. If you want convenience, you
> have to pay for it with a loss of security.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
I see maybe a fourth category is needed for ciphers that use an unknown
amount of their keys. This does not fit into your definition of 1, 2, or
3..
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: "Christian Schwarz" <[EMAIL PROTECTED]>
Subject: Triple-DES MAC
Date: Fri, 16 Feb 2001 09:15:04 +0100
hello,
i've to calculate a MAC using Triple-DES algorithm for memory card
authentification. after successfull authentification the card allows write
access. the input data is some important data from the card (like unique
card number, expiration date, card type, ...) and a secret 16 bytes key. so
i'm searching for documents and sample source code (ANSI-C would be the
best, but also C++/PAS/ASM/JAVA).
i guess the calculation is an ISO standard. unfortunately i don't know the
name/number of this norm. does anybody know helpful links ?
many thanks in advance, Christian
------------------------------
From: Matt J <[EMAIL PROTECTED]>
Subject: Re: /dev/random under Linux
Reply-To: [EMAIL PROTECTED]
Date: Fri, 16 Feb 2001 16:26:15 +0800
Mike Rosing wrote:
--snip--
> Eventually I'd like to add an external hardware RNG to my linux
> box and I always assumed /dev/random was the way to go. I guess
> I'll have to figure it out when I get there (gonna be a while....)
To add randomness into the kernel's PRNG system, you can simply write to
/dev/random, ie cat randomdata > /dev/random
The kernel source file linux/drivers/char/random.c has a nice description
in the comments at the beginning.
Cheers,
Matt Johnston.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Fri, 16 Feb 2001 00:26:31 -0800
Michael Brown wrote:
>
> Prime example of a dumbass who doesn't know how to use software well.
> There's this thing called packages in CPP Builder. Try them. You'll find
> they work well. As for the other two things you are using, I have a simple
> rebuttal for each: VB = slow, VCC = horrible (both compared to CPP Builder,
> yes I've used all three).
>
> Also, try to anything low-level in VB and all hell breaks loose.
>
> I won't go into more detail as I'm sure it's be pointless.
>
> Michael
>
> PS: 1.4 is pretty huge for a simple Hello World program. Delphi does it
> (including setup in < 800K)
>
> "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Ciphile Software: Why .EXE files so large
> >
> > Until now all programs at Ciphile Software have been written and
> > compiled using Borland C++ Builder.
> >
> > When the program is compiled, all necessary files required to run
> > the program in Windows are built into the .exe
> >
> > Ciphile Software is now developing software using MS Visual Basic
> > 6.0
> >
> > Soon we will begin developing software using MS Visual C++ as well.
> >
> > We have developed two simple test programs using Visual Basic 6.0.
> > The .exe files themselves are only 24KB.
> >
> > One is compiled and deployed using the Package and Deploy Wizard
> > that also includes all necessary system files required to run the
> > .exe file in MS Windows such as several .DLLs.
> >
> > Here they are:
> >
> > VB6STKIT.DLL
> > COMCAT.DLL
> > STDOLE2.TLB
> > ASYCFILT.DLL
> > OLEPRO32.DLL
> > OLEAUT32.DLL
> > MSVBVM60.DLL
> >
> > So the setup program for this full compressed install program is
> > about 1.46MB. The result of this installation is that all required
> > system files are included and the user's computer system files are
> > updated if necessary and the program is listed in the Start/Program
> > files menu and registry entries are made, etc. and the full
> > uninstall procedure is included. Just use the MS OS Add/Remove
> > program from the Control Panel to uninstall.
> >
> > But if the user's computer already has the required updated Visual
> > Basic 6.0 system files, the 24KB file will run standing alone. So
> > all the user would then need to download is the 24KB .exe file to
> > run the program.
> >
> > In this case no registry entries would be made and the program
> > would not appear in the Start/Programs menu and since the .exe
> > program is not actually installed, to get rid of it would only
> > require deleting the .exe file.
> >
> > So in the near future, freeware OverWrite Version 1.1 will be
> > offered in two Visual Basic bundles: one with the full install
> > version for those who need the full collection of Visual Basic
> > 6.0 system update files along with the .exe file, and the other
> > bundle with just the .exe file for those who have the necessary
> > Visual Basic 6.0 updated system files already installed on their
> > computer.
> >
> > Please note again that once you have installed a Visual Basic 6.0
> > program from Ciphile Software using the full install with all
> > updated system files included you will not need to install another
> > Visual Basic 6.0 program using the full install version again. You
> > will only need to download the small .exe file and it will run using
> > the Visual Basic 6.0 updated system files already on your computer.
> >
> > DETAILS OF OVERWRITE VERSION 1.1:
> >
> > So in the near future Ciphile Software will be offering OverWrite
> > Version 1.1 freeware that will provide 27 preset overwrite patterns
> > and up to 8 user defined overwrite patterns, all of which can be
> > individually chosen and randomly chosen to overwrite your files.
> > You can utilize all 35 overwrite patterns or just one. And you can
> > randomly choose the order in which these patterns overwrite your
> > files.
> >
> > You will also be given the choice to delete your file or not to so
> > you can overwrite the file as many times as you like.
Let's see.
Compare the documentation of the three products, why don't you?
And compare the number of books available for each product, why don't
you?
And give us some titles of some excellent Borland Builder books for the
novice to learn the details of programming C++ with Borland Builder, why
don't you?
I say it is quite clear and undeniable that MS has better documentation,
more book support and much much much better quality of books on their
two products: VB and VC++.
I have bought at least 5 expensive books on Borland Builder and they
were worth at most only one tenth of their cost.
I have a book on visual basic that is like shining light from above.
I hope you feel better in your self aggrandizement.
------------------------------
From: "Christian Schwarz" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES MAC
Date: Fri, 16 Feb 2001 10:26:46 +0100
> hello,
> i've to calculate a MAC using Triple-DES algorithm for memory card
sorry, i forgot to mention that the used Triple-DES algorithm is working in
CBC mode.
------------------------------
From: "Simon Hunt" <[EMAIL PROTECTED]>
Subject: Re: speed vs security
Date: Fri, 16 Feb 2001 09:33:46 -0000
Sorry,
on 16/32bit microprocessors. Compared to Rijndael 128, 256, Blowfish 448,
DES 64, Stealth 128, FEAL...
RC5 really can be crunched down into very fast code by unravelling the
loops...
Simon.
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:YwUi6.12468$[EMAIL PROTECTED]...
> On what platform?!?!!?!?
>
> --
> Regards,
>
> Sam
> http://www.scramdisk.clara.net/
>
> Simon Hunt <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Take a look at RC5 - it's the most efficient algorithm we've ever seen.
> >
> > Simon.
> >
> >
> > "-" <[EMAIL PROTECTED]> wrote in message
> > news:FCLi6.21639$[EMAIL PROTECTED]...
> > > Hi
> > >
> > > does anyone know of any books or sites that compare the different
speeds
> > and
> > > performance of various encryption algorithms? I'm writing an app for
> Palm
> > > OS, and I've implemented the blow fish 2 algorithm but it's just *way*
> too
> > > slow.
> > >
> > > I'd appreciate any pointers.
> > >
> > > dylan
> > >
> > >
> >
> >
>
>
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: Steak Stream Cipher
Date: Fri, 16 Feb 2001 11:04:00 +0100
That's at least three or four questions in one. The Secure Remote Password
protocol itself seems to be a nice solution that gives you a session key
exchange and identity verification. Perhaps there are other protocols with
the same or higher security level (but better performance), but I don't
pretend that I myself have invented anything such.
I presume that you by "SRP FTP" refer to some kind of C/C++ code library. To
the best of my knowledge, there is no such library available in
Delphi/Object Pascal code. I'd be delighted if you proved me wrong.
The 3DES/CAST/Blowfish algorithms are different block ciphers. Since I
haven't finished documenting Steak and published all results, I am only
justified to claim that Steak is another cipher, different from those three
in several respects: Firstly, it is a stream cipher with a 8-bit block size
(no padding to fill up end blocks is necessary). Secondly, the purpose of
the design of Steak is that it will neither be necessary to wrap it in a
mode of operation (PCFB-8/n mode is already part of the algorithm), nor to
apply a MAC on top of it. Using Steak, you obtain a message authentication
code simply by padding the plain text with a string of your choice and
encrypting it as usual. Insofar Steak will not be proved to be substantially
weaker in any way than any of the cipher/MAC combinations you suggested, I
think that it is interesting simply because of it's different design.
It is debatable whether or not such justification is sufficient or not.
Let's just that I recognize my responsibility as the designer of Steak to
document it properly and as far as possible prove that it has whatever level
of security it has.
--
Henrick Hellström
StreamSec HB
"Thomas Wu" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> Don't want certificates? SRP FTP does strong password authentication
> without certificates. It encrypts and integrity-protects session data
> (both control and data channels) with your choice of 3DES/CAST/Blowfish
> and MACs with your choice of MD5/SHA-1 using the exchanged SRP session
> key. It resists active and passive network attacks, including brute-force
> password attacks. Does your product solve something that isn't already
> solved for free?
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Fri, 16 Feb 2001 23:13:52 +1300
First, sorry about the initial flame. I've seen this point made so many
times by people who have never heard of packages that unfortunately you did
the wrong thing at the wrong time (unbeknown to you though).
Now onto your points:
> Compare the documentation of the three products, why don't you?
I think they are about all equal, personally. All of them are quite good.
> And compare the number of books available for each product, why don't
> you?
On a quick search on Amazon, there are more for VB/VC (roughly 2-3 times. A
lot are non-specific, such as a Win32 reference).
> And give us some titles of some excellent Borland Builder books for the
> novice to learn the details of programming C++ with Borland Builder, why
> don't you?
Quick search on Amazon
CPP Builder : 11
VB : ~100, though most of these are specific to one small area, such as XML,
Win32 API etc. About the same as CPP Builder as far as tutorial books.
VC : About the same as VB
Also, C++ is (roughly) a standard, so any C++ book should help. The hard bit
about C++ is the structure of th language rather than the compiler-specific
objects. It's just a matter of getting used to the objects.
> I say it is quite clear and undeniable that MS has better documentation,
> more book support and much much much better quality of books on their
> two products: VB and VC++.
Agreed on the book support, but the helpfiles for all are about equal (all
quite good). Also, the CPP Builder book that I used at one point (couple of
years ago, can't remember its name) was very good for what I needed it for:
explaining how to do stuff in CPP Builder. However, it assumed you already
knew the basics of C++.
> I have bought at least 5 expensive books on Borland Builder and they
> were worth at most only one tenth of their cost.
What were they (or have you dumped them :)? I hardly ever buy books for two
reasons:
1) Unless it is for low level (read PMode assembler) I find the online (as
in helpfiles etc) to be easier to use.
2) They are too narrow in their focus, so don't help much, or are too broad
in their focus so don't give you the detail you want.
> I have a book on visual basic that is like shining light from above.
Wow. Did you use it as a candle? (joke :)
Anyhow, I thought this was about executable size, not documentation. Anyhow,
I agree with you here: MS has the goods as far as documentation, but I find
its software is't as easy to use (or in the case of VB, fast). CPP Builder,
I find, fills this gap well providing compilation as well as a proper visual
interface (I don't count the VC interface as "visual"). However, I'm getting
off the topic again, which was executable sizes.
VB = small and slow (unless you include the required DLLs, in which case
it's big and slow).
VC = small but horrible, though it's well documented horribleness. Mainly
small because all the stuff is in the MFC dlls (~1MB, although it's now
preinstalled on most systems). Oh, and fast.
CPPBuilder/Delphi = medium sized and fast and easy to use, but not so well
supported in the book department.
> I hope you feel better in your self aggrandizement.
I'm not saying I'm the king, I'm just saying that if you've got CPP Builder,
why the heck don't you use it? Also, I'm saying that comparing executable
size to VB is pointless unless you use packages and/or compare the whole
size, including all the DLLs/packages, and also the sacrifices you make by
using something like VB.
Cheers,
Michael
------------------------------
From: "RV" <[EMAIL PROTECTED]>
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: Fri, 16 Feb 2001 11:02:23 +0100
What is when you use key dependent variing encryption algorithms, so that
the recipient of the message has the deciper algorithm only? Is this just a
variation of the categories below ?
Raymund Vorwerk
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 15 Feb 2001 15:59:13 +0100, "Sebastian Gottschalk"
> <[EMAIL PROTECTED]> wrote, in part:
>
> >Both RSA and DSS are not the answer, because the inverse factorization is
a
> >trapdoor, still time consuming, but how long will it be??? Is there any
real
> >unbreakable algorithm where both keys are not the same?
>
> No.
>
> There is no algorithm with the unbreakability of the one-time-pad that
> functions like a public-key cryptosystem.
>
> Essentially, one can divide ciphers up into three classes.
>
> 1)
> The one-time-pad and its equivalents.
>
> It is completely unbreakable, but for a given amount of key, you can
> only send an equivalent amount of messages. So you have to exchange
> keys in advance - and you must allow for the possibility of having to
> make another exchange of keys when you run out.
>
> 2)
> Conventional ciphers.
>
> Here, you have a short, convenient key. But theoretically, it can
> always be broken: once you've sent a message longer than the key, it
> can at least be broken by a brute-force attack. But you can make the
> key long enough to make that impractical, and you can make the cipher
> as complicated as you want.
>
> So you don't have provable unbreakability, but you can get so
> elaborate that there really isn't much to worry about.
>
> 3)
> Public-key ciphers.
>
> Here, you have to create information that you give to people which
> tells them how to send messages to you. You keep secret, though,
> something additional which lets you read those messages.
>
> Since what you sent let people write the messages, how to read them is
> - must be - implicit in what you sent.
>
> The only reason this works as a cipher system is because there happens
> to be a mathematical 'trick' it is based on.
>
> There doesn't seem to be a way around it. If you want convenience, you
> have to pay for it with a loss of security.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
