Cryptography-Digest Digest #931, Volume #13 Sun, 18 Mar 01 10:13:00 EST
Contents:
Re: One-time Pad really unbreakable? (Tim Tyler)
Re: Is this a decent style of plain text encryption? (Tim Tyler)
Re: Newbie encryption (Frank Gerlach)
possible to crack the hybrid encryption and from there create a plu-in to ("Lecter")
Re: Idea (John Joseph Trammell)
Re: What do we mean when we say a cipher is broken? (Was Art of (Mok-Kong Shen)
Re: What do we mean when we say a cipher is broken? (Was Art of (Mok-Kong Shen)
Re: Is this a decent style of plain text encryption? (Ross Younger)
Latin Squares ("MarinaP")
Re: Latin Squares ("Tom St Denis")
Re: qrpff-New DVD decryption code (Joe H. Acker)
Re: Latin Squares (Jim Gillogly)
Re: IP ("Mxsmanic")
Re: Again on key expansion. ("Cristiano")
Cryptoanalysis of stream cipher (Yevgen)
Re: How to eliminate redondancy? (SCOTT19U.ZIP_GUY)
Re: PGP "flaw" (Sundial Services)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Reply-To: [EMAIL PROTECTED]
Date: Sun, 18 Mar 2001 09:27:37 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: The trick is to know where to focus one's doubts. You've chosen
: to doubt the *best* established knowledge and put faith in humbuggery.
I would dispute that randomness is established at all. There has been
a very long history of controversy over the issue - and I see no sign
of the disputes abating.
AFAIK - I don't have unquestioning "faith" in anything. To my eyes, it
is you who appears to be asserting that something is flatly impossible,
and beyond doubt. Are you not prepared to entertain even the teeniest,
tiniest possibility that you might be wrong?
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Is this a decent style of plain text encryption?
Reply-To: [EMAIL PROTECTED]
Date: Sun, 18 Mar 2001 09:44:31 GMT
ruckc <[EMAIL PROTECTED]> wrote:
: Here is my idea, take a string, which could be of any length, ie a document
: or a short message of some kind.
: First this is single a single key algorithm and the key is a simple
: password, as long as the password is safe so is the data.
: But here is my idea, take a string and transform it into a char array, then
: take the char array and transform it into a byte array. Take that byte
: array and turn it into a Big Integer (ie long long number) of some form.
: Then take the password and do the same with, multiply the password with the
: data, and convert the result back to a string. Store the string [...]
: Would this not be a simple idea of how to encrypt plain text. [...]
Simple, but /very/ weak.
In this system there is no information transfer from higher bits to the
lower bits. This means that if you have known plaintext at the LSB
end of the message, you can use simple linear algebra to extract the key
bits one at a time, LSB first. You only need as much known plaintext as
there are key bits to be able to do this.
--
__________
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Newbie encryption
Date: Sun, 18 Mar 2001 12:05:12 +0100
nex wrote:
> I would like someone kind enought here to enlighten me on the topic of
> encryption.
> I surf across may site that mentions encryption. A familar word is bit.
> Wat does it means if the encryption is 128 bit, or 64 bit encryption ?
> If i write my own encryption algorithm, how do i determin how many bit is
> it?
> What's the highest number of bit an encryption can go up to??
> In the case of hybris .. how are antivirus experts able to determin how many
> bit of encryption it's using?
If a proper encryption algorithm is used, it is virtually impossible to
determine the type of algorithm or the length of bits.
Antivirus software would try to detect the decryption code, as this part of the
virus can obvioulsy not be encrypted. Still, a good obfuscation algorithm
should be able to "morph" that code so that it is virtually impossible for the
antivurus software to detect it.
Antivirus scanner software is just a band aid for amateurs,
the sandbox concept of java, "Type Enforcement" or the NSA's Security Enhanced
Linux is the way to go.
> Or even what type of encrytion it's using??Is
> it possible to crack the hybrid encryption and from there create a plu-in to
> auto clean hybris ?
> I'll apprecite if anyone can answer my questions or provide some links for
> me.
> Thanks so much
Get hold of Bruce Schneier's "Applied Cryptography". Good mix of practical and
theoretical issues.
------------------------------
From: "Lecter" <[EMAIL PROTECTED]>
Subject: possible to crack the hybrid encryption and from there create a plu-in to
Date: Sun, 18 Mar 2001 11:13:06 +0100
possible to crack the hybrid encryption and from there create a plu-in to
auto clean hybris ?
I'll apprecite if anyone can answer my questions or provide some links for
me.
Thanks so much
------------------------------
From: [EMAIL PROTECTED] (John Joseph Trammell)
Subject: Re: Idea
Date: Sun, 18 Mar 2001 10:33:18 GMT
On Sat, 17 Mar 2001 16:09:35 -0400, br <[EMAIL PROTECTED]> wrote:
> I'm going to explain clearly my idea.
[snip]
> Wich strategy, cryptanalysis could use to attack this pre-cipher?
> Cryptanalist have no knowledge before attacking of what categories are?
> I used cesar cipher just to be clear. The use of DES will make attack
> more difficult.
You would learn the answers to your quesions if you would study
one of the books that describe modern cryptography. Until you
do that, you are just wasting your time.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sun, 18 Mar 2001 11:44:21 +0100
John Savard wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote, in part:
>
> >Could you explain why you think it is not proper for
> >public key systems to increase strength via using larger
> >keys? (You seem to consider that some other, possibly
> >more elegant ways, should be used. Or did I misunderstand
> >you?)
>
> I don't mean it is _not proper_. But it is a very severe limitation
> that this is the only way to do it, because using a larger key means
> also that the public key cipher becomes slower to carry out.
>
> Using the largest practical key for public-key encryption should be
> the standard practice; what is 'practical' depends on how fast
> computers are, and that affects what an attacker can do as well.
>
> With symmetrical ciphers, much more can be done to make a cipher much
> harder to solve at far less computational cost. That is the point I
> was emphasizing, that conventional ciphers can be made ridiculously
> strong very easily compared to public-key ones.
I agree. I think that it is commonly accepted that AES
is good enough for the practice.
> But if you must use a public-key system for your keys, what's the
> point?
I suppose that it is worthwhile to keep the use of PK
to a minimum, i.e. attempt to make the best use of a given
amount of secret established by PK, using it as a master
key to help generate a larger number of session/message
keys in appropriate ways.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sun, 18 Mar 2001 11:44:37 +0100
wtshaw wrote:
>
> I figure that being cryptographically conservative is better that matching
> wits, money, and resources with a professional code breaker, especially
> when it is doable. If you still think that strength is undefinable, a
> challenge for which the unwashed cannt use, you miss my point.
>
> Buying into propaganda that it is useless to attempt good security is,
> pardon me, rather foolish. The opposite has implications which do not
> bode well for some. And, speaking of some, Rivest did start with that
> word.
I don't think any reasonable normal person ever neglects
security. But it is important to be conscious that any
claimed security could be inaccurate and that perfect
security is never attainable. If you step into an airplane,
you should realize that there IS a non-zero risk and
that you have trusted that the engineers and the mechanists
have done a good job, that the pilots will do right, etc. etc.
If you want a formal proof that the risk is zero, on the
other hand, then you have to remain on the ground,
unfortunately. This is reality of life.
M. K. Shen
------------------------------
From: Ross Younger <[EMAIL PROTECTED]>
Subject: Re: Is this a decent style of plain text encryption?
Date: 18 Mar 2001 12:35:46 +0000 (GMT)
ruckc <[EMAIL PROTECTED]> rearranged some electrons into article
<[EMAIL PROTECTED]> thus:
>Here is my idea... take a string and transform it into ... a Big Integer,
>then take the password and do the same with, multiply the password with the
>data.
>Would this not be a simple idea of how to encrypt plain text.
Yes :-)
>As long as the length of the password and the password is not in
>websters or a proper noun, it would take a while to decrypt the message
>by brute force
It could be quicker than you think. An attacker could try to factorise the
ciphertext; as you haven't ensured this has any particular properties,
this may turn out to be rather easy. Furthermore, as David pointed out,
if an attacker can get hold of just one plaintext/ciphertext pair,
the password used can be determined for more or less no work.
What you have described (multiplication of bignums) is noticably similar
to what RSA does (modular exponentiation of bignums); I suggest you read
up on RSA, which is obtains its security through some useful properties
of primes and modular arithmetic. (It's also an asymmetric system.)
>... and a user would have to look to see if the decrypted message is
>the proper message, since it doesnt tell the user weither or not the
>password is invalid.
Many (most?) cryptosystems don't make it easy to determine a trial
decryption's validity. It's up to the attacker to know something about
the plaintext (e.g. that it's English text, ASCII-encoded) in order for
them to guess that they've got it right.
Ross
--
Ross Younger news#[EMAIL PROTECTED] (if N fails, try N+1)
------------------------------
From: "MarinaP" <[EMAIL PROTECTED]>
Subject: Latin Squares
Date: Sun, 18 Mar 2001 14:03:06 +0300
Hi,
I am not a crypto specialist, so I hope somebody here can help me.
Latin Squares are known to be widely used in cryptography.
Where are Latin Squares used in cryptography?
Where can I read about Latin Squares?
Thanks
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Latin Squares
Date: Sun, 18 Mar 2001 13:05:05 GMT
"MarinaP" <[EMAIL PROTECTED]> wrote in message
news:992i2g$ij7$[EMAIL PROTECTED]...
> Hi,
> I am not a crypto specialist, so I hope somebody here can help me.
> Latin Squares are known to be widely used in cryptography.
> Where are Latin Squares used in cryptography?
> Where can I read about Latin Squares?
Correction Latin squares are NOT known to be widely used in crypto. They
are used in homebrew stuff mainly.
A latin square (2d for example) is a matrix where all the rows and columns
are unique such as
ABCD
BCDA
CDAB
DABC
Tom
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: qrpff-New DVD decryption code
Date: Sun, 18 Mar 2001 14:02:13 +0100
Paul Crowley <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (Joe H. Acker) writes:
> > > How do you define moral or ethics? If it is what most people do,
> > > than copying of music is probably not theft.
> >
> > My God! It is *of course NOT* what most people do! As a German like you,
> > I hate to bring this example, but do you believe that in the 3rd Reich
> > in Nazi German what most people did was moral or ethical behavior?
>
> http://www.tuxedo.org/~esr/jargon/html/entry/Godwin's-Law.html
Yes, I'm really sorry having brought up that example and would like to
apologize for partizipating in such an OT thread. Instead of my example,
take any majority's view you don't agree with. If the majority decides
what is right or wrong, then you're always wrong if you don't agree with
the majority. All I wanted to say is that this view about moral is quite
premature and senseless.
Greetings,
Erich
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Latin Squares
Date: Sun, 18 Mar 2001 05:10:11 -0800
MarinaP wrote:
> Where are Latin Squares used in cryptography?
> Where can I read about Latin Squares?
Try Terry Ritter's treatment:
http://www.io.com/~ritter/GLOSSARY.HTM#LatinSquareCombiner
--
Jim Gillogly
26 Rethe S.R. 2001, 13:09
12.19.8.1.2, 9 Ik 5 Cumku, Fourth Lord of Night
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: IP
Date: Sun, 18 Mar 2001 13:39:12 GMT
"David Schwartz" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On the other hand, having a static IP address
> creates no new vulnerabilities ...
A static IP address greatly diminishes anonymity, and greatly increases
the amount of time that an attacker has to compromise a system, since
the system is always available at the same address.
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: Again on key expansion.
Date: Sun, 18 Mar 2001 14:46:24 +0100
> I would certainly recommend strongly against a complex method like
> the elliptic curve one you described, over a relatively simple one
> with provable properties like that described in SALEK.
I have definitely abandoned the idea of the elliptic curve for this purpose.
In my implementation now I use SALEK's method.
Thanks to all!
Cristiano
------------------------------
From: Yevgen <[EMAIL PROTECTED]>
Subject: Cryptoanalysis of stream cipher
Date: Sun, 18 Mar 2001 16:27:24 +0200
Hi All!
I need any information about cryptoanalysis of stream cipher.
Thanks in advance.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to eliminate redondancy?
Date: 18 Mar 2001 14:47:19 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> Still compression should reduce redundancy but consider
>> the latest wizbang RKxx compression that compress an exectable
>> file to 25% of the size of the original. Take that file and
>> expand it by 2 so that it is 50% smaller that the orginal.
>> for odd bits use the higly compressed file. For the even bits
>> use "1". Know tell me which file would be easier for an attacker
>> to check a key on the long original file. Or the file compressed
>> tp 50% the size of the original.
>
>They'd be about equally easy to check; a small computation with
>high reliability. Not that any reasonable attack involves
>checking keys like that.
If they both are equally easy to dectect then the 50% compression
used above bought you nothing from a security point of view.
>
>> Compression goes along why towards solving the problem if it
>> allows for any possible input block.
>
>All commonly used compression schemes work for any input.
This is where your wrong MOST compression schemes fail
to do the above.
>
>> And if you use bijective compression and proper padding then this
>> bijective relationship that is necessary for proper encryption
>> can be maintained.
>
>The problem I have with this emphasis on "bijection" is that of
>all the possible uncompressions only one will have a priori high
>likelihood (in most cases), so it doesn't really disguise the PT.
>
That is where your worng. It depends on what you call a likey
PT. If you have no knowledge of the input file. You can't eaily say
one is a more high likelishood than another. If the user is writting
English text and you know that he is using straigt assii.
Then you have extra knowedege and you would get better
compression if used a bijective compressor similar to what Tim
Tyler was wanting to write. Or if your lazy you could use my
comditional adaptive huffman compressor. If the message is small
there would be several likely candidate solutions.
At this point in time if some one give me a dictionary list of
words to use of the form "dog " where space added at end of
word. It would be easy to write a compression program that compressed
the message down to whole bytes. Such that a Rijndael encryption
could be used. And any key tested would lead back to a file only
containing valid english words. One could even go so far as to
add authenicton and validtion to such a scheme. By having a secret
start pharse and end pharse. That way a tampered message very
easy to detect. When the correct person exiamians a message he
read random lookeing english words till the secert start phrase
occures then the message goes on till the secert end phrase occurs.
Naturely the RIJNDAEL message would have had to been encoded with
error propagation. Easy when you compressing to that binary file
use adaptive compression and then use Matts BICOM as the last stage.
David A. Scott
P.S. it is easy as it sounds folks. Why we have not done this
is the mystery to me. Unless the phony crypto gods truely don't
want real encryption for the masses.
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Date: Sun, 18 Mar 2001 08:02:26 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: PGP "flaw"
I would compare this to the fact that, while you may lock your office
door at night at the University ... the college still owns a master key
that can also open it and every other lock in the building. And, it
needs to!
Yes, businesses need to! Businesses do need to be able to attach keys
to messages that are being sent from their businesses, with neither
Alice's nor Bob's explicit consent. (It would become, as was said, an
"administrative nightmare.")
[The weakness, manifested IF Bob and Alice wish to conduct a truly
private conversation, is that a key can be compromised by a third party
without their knowledge or assent.]
The reason why businesses need the "backdoor," in certain situations, is
e-mail. A tremendous amount of intellectual property flows to and from
its destination using e-mail. This information needs very strong
protection; in some cases the company's survival depends on it. But
e-mail =also= brings with it legal liability: if you are subpoenaed for
information you'd better be able to produce it. You'd better be able to
independently know and refute what the prosecution's attorneys are
claiming before the jury in court. Yet ... otherwise your secrets need
the strongest possible commercial security.
Viewed in that light, then, PGP's original backdoor implementation, and
its need for having one, really -isn't- necessarily a dark guv'mint
conspiracy!
>Paul Crowley wrote:
>
> Bug or business feature?
> ------------------------
>
> Ever since its introduction, cryptographers have warned that such
> "backdoor" constructions will provide fertile ground for security
> problems. It now seems that when implementing the feature, NAI made a
> beginner's mistake. The original intention was that you would sign
> the ADK field of your public key with your own private key, to certify
> that you consented to these other individuals having the power to read
> messages intended for you. However, Senderek discovered that PGP did
> not properly check that the ADK field was in fact signed by the
> appropriate public key. The upshot is that you can take Alice's
> public key, add an ADK field which directs messages to you, and pass
> it on to Bob; when Bob encrypts a message to Alice, you will be able
> to read it too, and Bob will get no warning that Alice did not mean
> you to be able to read her messages.
>
> Recent versions of PGP fix this problem, and NAI have downplayed it.
> The president of the PGP security unit claimed "This is a fairly
> estoric attack". However, Stefan Lucks and Ruediger Weis noticed that
> this "estoric" bug can also been seen as a business feature. A
> company may want to add an ADK field to the public keys of any of
> their employees. If ADK is implemented as specified, each employee
> would have to sign the ADK field with their private keys, which could
> be a considerable administrative and political overhead. But with the
> bug Senderek discovered, the company can add the ADK to anyone's keys
> without even discussing it.
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
