Cryptography-Digest Digest #832, Volume #13 Wed, 7 Mar 01 22:13:01 EST
Contents:
Re: Super strong crypto ("Douglas A. Gwyn")
Re: hardwire prime & generator in Diffie-Hellman? ("Julian Morrison")
Re: Semi-super-strong crypto? ("Douglas A. Gwyn")
Re: How to find a huge prime(1024 bit?) ("Dik T. Winter")
Re: hardwire prime & generator in Diffie-Hellman? ("Tom St Denis")
Re: Super-strong crypto......................(As if). ("Douglas A. Gwyn")
Re: How to find a huge prime(1024 bit?) ("Douglas A. Gwyn")
CHES 2001 registration! (Christof Paar)
Re: hardwire prime & generator in Diffie-Hellman? ("Julian Morrison")
Dayton's Code Breakers (Jerry Proc)
Re: National Security Nightmare? (John T. Kennedy)
Re: Creating serial numbers? (Paul Rubin)
Re: hardwire prime & generator in Diffie-Hellman? (those who know me have no need of
my name)
Re: National Security Nightmare? (Paul Rubin)
Re: National Security Nightmare? (John T. Kennedy)
Re: Again on key expansion. (Benjamin Goldberg)
Re: hardwire prime & generator in Diffie-Hellman? ("Julian Morrison")
Re: The Foolish Dozen or so in This News Group (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 08 Mar 2001 01:08:27 GMT
Bryan Olson wrote:
> But understand it's no small detail. Thousands have tried
> to bridge that chasm, and so far all have failed.
But in the meantime, we can try to beef up the methods we have
by such methods as I was suggesting. In applications such as
one I'm supporting at the moment, there are real-world
constraints that force the security implementation to work too
close to the edge, and efficient implementation is paramount
(so the data encryption will be something like Rijndael with
small parameters). Under such circumstances, anything that can
be done to get in the way of the enemy cryptanalysts is welcome.
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 01:09:42 +0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> A slew means under sqrt((p-1)/2).
Does this mean: that many messages to a particular person, or that many
messages total? (in other words: could I just slurp up that many messages
with packet sniffing, and weaken security thereby?) Because in normal
situations, the number of uses of DH I intend is only once between any two
IPs - as a setup handshake.
Perhaps the best way to improve this, is to hardwire several
prime/generator pairs, and let each handshake specify "we'll be using the
n'th pair this time"
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Semi-super-strong crypto?
Date: Thu, 08 Mar 2001 01:18:43 GMT
Benjamin Goldberg wrote:
> k(i) = encrypt_k0( IV0 + i )
> ct(-1) = IV1
> ct(i) = encrypt_(k(i/N))( pt(i) ^ ct(i-1) )
The key schedule is fairly good (assuming a reasonable encrypt
function), but you might as well not have the "^ ct(i-1)" since
the enemy knows it (for all i>0) without having to do any work.
It does stop prearranged tests for busts, however.
Most of the concerns I was addressing in the straw man are
addressed here. My main concern is that the small amount of
k0+IV0+IV1 entropy is spread across an indefinitely large amount
of CT, which might not be a problem, but it sure feels like one.
------------------------------
From: "Dik T. Winter" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,sci.math
Subject: Re: How to find a huge prime(1024 bit?)
Date: Thu, 8 Mar 2001 01:13:26 GMT
In article <985sua$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Gregory G Rose) writes:
> In article <[EMAIL PROTECTED]>, Dik T. Winter <[EMAIL PROTECTED]> wrote:
> >Well, I say it is correct. The premissa is: "there is a finite number
> >of primes". Multiplying them all together and adding 1 shows that the
> >resultant number is not divisible by any prime. Hence by the definition
> >of prime it must be prime, contradicting the premissa.
>
> The number you get by multiplying all the primes
> together and adding one might not be prime itself;
Why not? The definition of prime is a number is prime if it is not
divisible by another prime. As the number so calculated is not
divisible by any prime it must be prime by the definition. Which
of course is a contradiction (you did not actually have a complete
list of primes).
That it is not necessarily prime in real life is something completely
different. When you start with a false premissa you can prove almost
anything, and that is the point, you prove something that is false
and there is your contradiction, and what way you go does not matter.
--
dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924131
home: bovenover 215, 1025 jn amsterdam, nederland; http://www.cwi.nl/~dik/
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 01:23:19 GMT
"Julian Morrison" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > A slew means under sqrt((p-1)/2).
>
> Does this mean: that many messages to a particular person, or that many
> messages total? (in other words: could I just slurp up that many messages
> with packet sniffing, and weaken security thereby?) Because in normal
> situations, the number of uses of DH I intend is only once between any two
> IPs - as a setup handshake.
>
> Perhaps the best way to improve this, is to hardwire several
> prime/generator pairs, and let each handshake specify "we'll be using the
> n'th pair this time"
No per key you generate.
Tom
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super-strong crypto......................(As if).
Date: Thu, 08 Mar 2001 01:26:56 GMT
Keill_Randor wrote:
> The only way to have a secure encryption system, (and uncrackable),
> is to make sure that the only way to crack ... is to run through
> every peice of data known to a computer ...
So how does one know that that is the only way to crack a specific
system?
> (Like what mine does, but I don't think it's a good idea to post it,
> somehow..:).
Why not? I posted my straw man proposal(s) in order to see what
flaws might be found with the general idea and to encourage other
development along similar lines. I would be interested in seeing
another approach for which brute force searching is demonstrably
the only possible attack.
> (I'm trying to deal with GCHQ, but they don't seem to want to know...(Idiots))).
I'm sure they have a large enough crackpot file already.
> The word random shouldn't really be needed...
Why not? Genuinely random data has some very useful security
properties.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,sci.math
Subject: Re: How to find a huge prime(1024 bit?)
Date: Thu, 08 Mar 2001 01:41:38 GMT
"Dik T. Winter" wrote:
> [EMAIL PROTECTED] (Gregory G Rose) writes:
> > The number you get by multiplying all the primes
> > together and adding one might not be prime itself;
> Why not? The definition of prime is a number is prime if it is not
> divisible by another prime. As the number so calculated is not
> divisible by any prime it must be prime by the definition. Which
> of course is a contradiction (you did not actually have a complete
> list of primes).
> That it is not necessarily prime in real life is something completely
> different. When you start with a false premissa you can prove almost
> anything, and that is the point, you prove something that is false
> and there is your contradiction, and what way you go does not matter.
While that is logically unassailable, for most purposes it is
better to say, "... so it is either prime, or divisible by some
prime not found in the list", since one already suspects that
there are other primes and that helps explain in more detail
how the failure occurs. I.e., it's one thing to see that all
the steps in a proof work, and another thing to understand why
the proof as a whole works.
------------------------------
From: Christof Paar <[EMAIL PROTECTED]>
Crossposted-To: comp.arch.fpga,comp.arch.arithmetic
Subject: CHES 2001 registration!
Date: Wed, 7 Mar 2001 20:22:05 -0500
The CHES registration is up and running. You can go to the CHES main page
at
www.chesworkshop.org
and download the registration form.
A list with hotels with special CHES rates will become available very
soon.
Regards, Christof
PS: For those who want to make travel plans: The CHES 2001 program starts
on the morning of Monday, May 14, with pre-registration on Sunday evening.
CHES ends on Wednesday, May 16, at NOON.
! WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES 2001) !
! Paris, France, May 13-16, 2001 !
! www.chesworkshop.org !
***********************************************************************
Christof Paar, Assistant Professor
Cryptography and Information Security (CRIS) Group
ECE Dept., WPI, 100 Institute Rd., Worcester, MA 01609, USA
fon:(508) 831 5061 email: [EMAIL PROTECTED]
fax:(508) 831 5491 www: http://www.ece.wpi.edu/People/faculty/cxp.html
***********************************************************************
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 02:01:02 +0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> No per key you generate.
Right, and so essentially if I set it to re-negotiate after one less than
sqrt((p-1)/2) uses of a given key, it's safe?
As I'm planning it, each key is only ever used once, to seed Arcfour. From
then on, the Arcfour state persists at both ends (that is, I don't re-key
it each time, I just pick it up where it left off).
------------------------------
From: Jerry Proc <[EMAIL PROTECTED]>
Subject: Dayton's Code Breakers
Date: Thu, 08 Mar 2001 02:27:47 GMT
Hi Folks,
There was a multi-part story in the Dayton Daily news about the man who
headed up the National Cash Register team that built 120 bombes for US
Navy in WWII
in order to crack codes generated by the German 4-rotor Engima.
See Dayton's Code Breakers http://www.activedayton.com/partners/ddn/
Read about the problems encountered after it was discovered that
designing a Bombe with 70,000 gas-filled tubes was impractical! The
links to the
articles are at the bottom centre of the Dayton News home page.
[Via Brookes Crypto pages]
--
Jerry Proc VE3FAB
http://webhome.idirect.com/~jproc/crypto
e-mail:[EMAIL PROTECTED]
http://www3.sympatico.ca/hrc/haida
HMCS HAIDA Historic Naval Ship. Toronto, Ontario
------------------------------
From: John T. Kennedy <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Wed, 07 Mar 2001 21:29:45 -0500
Paul Rubin <[EMAIL PROTECTED]> ventured:
>My current approach to passphrases is when I generate one, I write it
>down on a piece of paper that I keep in my pocket. It is pretty safe
>there from any conceivable computer attack, and I'm not likely to lose
>it without noticing. I refer to the paper whenever I need to type in
>the passphrase, which is typically several times a day. After a few
>days I don't need the paper any more, so I can destroy the written
>copy of the passphrase.
I guess it all depends on who you want to keep your secrets from. If
you want to keep secrets from government then putting your passprhase
in your pocket and announcing it has obvious drawbacks.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.nbci.com/rational1/wild/
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Creating serial numbers?
Date: 07 Mar 2001 18:43:18 -0800
"Lior Messinger" <[EMAIL PROTECTED]> writes:
> I need to create a very large set of unique serial numbers (10-100
> millions). The requirements:
> 1. No one can create but me
> 2. Minimum number of digits. In Hex its 7 Digits, I'd like to stick to that
7 hex digits = 2**28 = 256 million. If you have 100 million legitimate
numbers, then someone picking 7 random hex digits has better than 1/3
chance of getting a legitimate number.
You need more digits.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 02:47:04 -0000
<[EMAIL PROTECTED]> divulged:
>Because in normal
>situations, the number of uses of DH I intend is only once between any two
>IPs - as a setup handshake.
your peer-to-peer protocol will be quite limited if you don't allow for
dynamic addresses, i.e., don't assume that once an ip address has
registered (with another?) that it won't change, or be used by someone that
has not yet registered (or has, but using a different ip address).
why hard-wire it?
--
okay, have a sig then
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: 07 Mar 2001 18:48:46 -0800
John T. Kennedy <[EMAIL PROTECTED]> writes:
> I guess it all depends on who you want to keep your secrets from. If
> you want to keep secrets from government then putting your passprhase
> in your pocket and announcing it has obvious drawbacks.
In my pocket it's safe from just about any computer attack. And it's
only there for a little while, til I remember it. And even while it's
there, it's very hard to steal surreptitiously. If the government
arrested me and searched my pockets, they'd find it, but at least I'd
know then that they had it. In some situations, that's good enough.
------------------------------
From: John T. Kennedy <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Wed, 07 Mar 2001 21:58:41 -0500
Paul Rubin <[EMAIL PROTECTED]> ventured:
>John T. Kennedy <[EMAIL PROTECTED]> writes:
>> I guess it all depends on who you want to keep your secrets from. If
>> you want to keep secrets from government then putting your passprhase
>> in your pocket and announcing it has obvious drawbacks.
>
>In my pocket it's safe from just about any computer attack.
It's safe from computer attack there, but when you type it in it's
not.
>And it's
>only there for a little while, til I remember it. And even while it's
>there, it's very hard to steal surreptitiously. If the government
>arrested me and searched my pockets, they'd find it, but at least I'd
>know then that they had it. In some situations, that's good enough.
Agreed.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.nbci.com/rational1/wild/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Again on key expansion.
Date: Thu, 08 Mar 2001 03:01:12 GMT
Cristiano wrote:
>
> > I have an idea you might like, for making measuring things easier:
> > instead of multiplying your 512 bit integer by a point, why not do
> > an exponentiation of some primitive (3, I suppose), with a 512 bit
> > modulo?
>
> Sure, I like it! It's very fast! But I think this is a little
> dangerous. It seems a kind of a BBS generator and it can degenerate to
> a very short period (consider 8^3 mod 6). I can make the (slow)
> initializzation only once but I think that it's better the SALEK's
> method.
If you consider it better than SALEK's method, then you're counting the
number of rounds incorrectly. To add equal amounts of work takes equal
amounts of time. Neither method is better or worse than the other.
> > Anyway, it doesn't matter if you use sha as your hash, or point
> > multiplications, or whatever else... as long as you use a method for
> > which there are no shortcuts to do it faster, then the time it takes
> > you to strengthen your key is the same as the time it takes the
> > enemy to do the operation, and thus he has to do that much more
> > work.
> >
> > Oh, and accurate measurements are everything!
>
> Thank you very, very much for yours clear answers.
>
> Cristiano
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: hardwire prime & generator in Diffie-Hellman?
Date: Thu, 08 Mar 2001 03:07:13 +0000
"those who know me have no need of my name" <[EMAIL PROTECTED]>
wrote:
> <[EMAIL PROTECTED]> divulged:
>
>>Because in normal situations, the number of uses of DH I intend is only
>>once between any two IPs - as a setup handshake.
>
> your peer-to-peer protocol will be quite limited if you don't allow for
> dynamic addresses, i.e., don't assume that once an ip address has
> registered (with another?) that it won't change, or be used by someone
> that has not yet registered (or has, but using a different ip address).
Good point - but the approach will be: renegotiate if there is an oops,
which would trigger here. Although perhaps i can just go by some
semi-persistent connection ID rather than IP.
> why hard-wire it?
Primes are a bloody nuisance to generate, so I can burn a few hours and
generate a really kickass one now, hardwire it in, and leave it be. Then
none of that time wastage has to happen during runtime.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Date: Wed, 07 Mar 2001 19:06:57 -0800
Eric Lee Green wrote:
>
> On Tue, 06 Mar 2001 12:31:47 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]
> > wrote:
> >Eric Lee Green wrote:
> >>
> >> On Tue, 06 Mar 2001 05:20:22 -0800, Anthony Stephen Szopa <anthony@ciphile
> .com
> >> > wrote:
>
>
><SNIP ETC. SNIP ETC.>
>
>
> Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
> AVOID EVIDENCE ELIMINATOR -- for details, see
> http://badtux.org/eric/editorial/scumbags.html
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
I believe some of you know but were not talking. That's fine.
The issue is the time duration between a write and fclose code
sequence and an immediately following write and fclose code sequence.
If the time duration is too short then the physical write to the
hard disk may not take place.
But if sufficient time elapses before the subsequent write fclose
code sequence then the physical write will take place.
This is the issue's jugular.
I did not find an equivalent sync or fsync in c/c++ or Visual Basic
yet.
But there is one function and one method in c/c++ to deal with this.
And there is one component and one method to deal with this is Visual
Basic.
Although I am not talking either, I did define the specific problem
for you. Work on it yourself if you are so inclined.
There is an update for Ciphile Software's OverWrite Security Utility
Version 1.11 available now from the web site. I have also added a
"NOTE" to the instructions stating in effect that this is only a
windows program and not suitable to use in a multitasking environment
or with SCSI drives. Etc.
On one of my systems you can see the hard drive LED light up 27 times
and hear the grinding of the hard drive as it writes to the disk each
time.
On my other system you can see the hard drive LED light up 27 times
and feel the write each time with your finger tips on the drive bay.
I feel very confident that the overwrites are actually taking place.
As time goes by I will make further progress with this and other
Ciphile Software products.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
