Cryptography-Digest Digest #973, Volume #13 Thu, 22 Mar 01 16:13:00 EST
Contents:
Re: New PGP2.6.3(i)n (Frank Pruefer)
Re: Strong Primes (Peter Engehausen)
Re: NSA in the news on CNN (Bart Bailey)
Re: A future supercomputer (Bart Bailey)
Re: Idea ("Joseph Ashwood")
Re: Most secure way to add passphrase verification to "CipherSaber" ("Joseph
Ashwood")
Re: Multiple encryption, more secure ciphers ("Joseph Ashwood")
Re: Fill-in-the-blank codes (similar to Error-correcting codes) (SCOTT19U.ZIP_GUY)
Password Encryption ("Richard Wright")
Question about coding (amateur)
Re: A future supercomputer (Darren New)
Re: Password Encryption ("Tom St Denis")
Re: Question about coding ("Tom St Denis")
Re: Question about coding (Ben Cantrick)
Re: Czech attack to PGP (Bernd Eckenfels)
Re: Most secure way to add passphrase verification to "CipherSaber" (Joe H. Acker)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Frank Pruefer)
Crossposted-To: z-netz.alt.pgp.allgemein,de.comp.security.misc,de.org.ccc
Subject: Re: New PGP2.6.3(i)n
Date: 22 Mar 2001 20:50:00 +0100
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] (Lutz Donnerhacke) schrieb am 22.03.01
unter anderem folgende Dinge, die ich einfach kommentieren muss:
> ftp://ftp.iks-jena.de/mitarb/lutz/crypt/software/pgp/pgp263in/
>
> 20010322:
> - Protect against the Czech attack of modified secret key files.
> (Cool!)
> - Protect against MPI computing errors. (more programm
> errors than Bellcore)
Habe vorhin diese Version fuer DOS-Protectedmode kompiliert und an
Lutz geschickt, der sie auch mit in das o.g. ftp-Verzeichnis
einstellen soll.
Dieses PGP (das erste mit den Fix fuer den neuen Angriff?!) sollte,
soweit ich weiss, auch unter "modernen"(?) M$-"Betriebssystemen"
problemlos laufen (unter Linux kann sich jeder Lutz' Quellen selber
kompilieren). Neu ist bei dieser Version auch, dass die Executables
nunmehr unter plain DOS voellig stand-alone laufen, d.h. dort keinen
externen DPMI-Server (wie CWSDPMI) mehr benoetigen. Unter Win* stoeren
die ca. 20 KB mehr Dateilaenge nicht... :-)
Danke, Lutz, fuer den echt schnellen Fix!
So long...
__ | ____
|_ | \ /
| rank aus Leipzig | \/ <--- bitte in Rosa ausmalen!
- --
begin LOVE-LETTER-FOR-YOU.TXT.vbs
Ich bin ein *Signatur-Virus* fuer M$ Outlook. Bitte verbreite mich! BTW, M$
Outlook ist eine Software, die ASCII-Text als "Dateianhang" interpretiert.
end
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3in
Charset: cp850
Comment: Nicht nur Waende, sondern auch Draehte haben Ohren. *PGP benutzen!*
iQCVAwUBOrpXlZnngUKL8A0pAQFc7AP9FyWBO3Dfde7cnolKBGTTohdzPmBt7xNn
x17rM9N9PnCsJPKeVi2Bi3JploFI/Z1C8QwBDTEIWKjdq1ru70R+8OTZW8HyZ2Eg
N6gcrKqQ9kFMhUc0Bgejl7E13nWYyb/1/tI0oaaSjgBFAWyJKGHDkxgmf7G/bbg7
qDjg7giWTEU=
=xyvx
=====END PGP SIGNATURE=====
------------------------------
From: Peter Engehausen <[EMAIL PROTECTED]>
Subject: Re: Strong Primes
Date: Thu, 22 Mar 2001 19:31:25 -0100
Reply-To: [EMAIL PROTECTED]
Dear Joseph,
I just received an email for Mr. Silverman. He told me that he tried to take a
shortcut to do some paper saving. But unfortunately the shortcut isn't quit
right (yet the result is!).
So never mind.
cu
Peter
------------------------------
From: Bart Bailey <[EMAIL PROTECTED]>
Subject: Re: NSA in the news on CNN
Date: Thu, 22 Mar 2001 11:52:15 -0800
JPeschel wrote:
> Mok-Kong Shen [EMAIL PROTECTED] writes, in part:
>
> >So they set up businesses ranging from pizza restaurants
> >(very common) to banks (few), which solves simultaneously
> >the financial, lodging, etc. etc. problems. Wouldn't it be
> >wise for the government secret agencies to do the same, at
> >least for the purpose of reducing the budgets?
>
> I believe the NSA is relying, primarily, on its secret, upcoming bake sales
> for most of its funding. It is anticapting huge revenues from its
> cryptographically-strong hash brownies.
Strong hash(ish) brownies? I'm beginning to feel encrypted already ;-)
~~Bart~~
------------------------------
From: Bart Bailey <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Thu, 22 Mar 2001 12:03:39 -0800
Darren New wrote:
> JCA wrote:
> > There is probably so much we ignore on the human brain's internal
> > working that the computing power afforded by Blue Gene is likely to make
> > no substantial difference in the effort to attain the goal you mention. Hence
> > my skepticism about Blue Gene being a solid foundation, etc.
>
> Most times I've seen computing power compared with a brain, it's something
> along the lines of "each synapse is worth N bits" and then you count the
> synapses and the number of bits in the omputer. Or say "each nerve can fire
> Q times per second, and there are W nerves, so the brain does Q*W MIPS" or
> something. In other words, I've never seen a comparison where the actual
> structure of the brain is taken into acount.
I believe it's a 3 dimensional analog matrix, with a variable clock rate, all
mediated by the results of the incessant struggle between serotonin and
acetylcholine.
> Nor do such comparisons take
> into account the rest of the body, like the spinal cord, the eyes, the motor
> nerves, and so on.
Those are just the peripherals, interfaced through the cerebral cortex (BIOS)
~~Bart~~
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Thu, 22 Mar 2001 12:15:18 -0800
There's no need to go away. That is simply one opinion of a single person.
Like D/s says, I do insult him much more than I have insulted you (although
I have never threatened him with a killfile, I don't like being in them so I
don't put anybody in mine). It's fairly normal for a person to be inserted
in several persons killfiles (those of you that have me in your killfile
raise your hand, well if they could hear me you'd probably see about half
the internet raising their hands). We don't ask that you be an expert in
crypto, most of us came here asking stupid questions (I think my first was
the ever popular "What's the most secure encryption algorithm" type post, it
was also my first post here), we've all made mistakes, what we ask is that
you learn from them. Some of us make recommendations frivolously without
thinking about the consequences. It's a courtesy to inform people that you
are killfiling them, I know it doesn't seem like one, but it is. For example
when Schneier announced that he had killfiled D/s, it becaome public
knowledge that Schneier would no longer be able to hear what D/s said, as I
recall D/s then proceeded to say anything he wanted to about Schneier. It's
a fairly normal tradition among newsgroups, some even take great joy in it.
The reasons for killfiling you would hopefully be temporary, you were a
newbie that didn't seem to be getting it, so people were trying to
gracefully remove themselves from the conversation. I would ask that you
continue posting, or at least reading, that is if you're still interested,
but many people would appreciate the ability to not even see your posts, so
it would be best if you stick with a single e-mail address, it's nothing
against you, I'm in killfiles, D/s is in killfiles, Tom St, etc, I'm sure
even Schneier has made it into a few people's killfiles. It's only a big
deal if you let it be.
Joe
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Ok Thank you for your explanations. I understood something else.
> I'm sorry and I apologize to all internauts.
> So if I understand, should I have to be an expert crypto to
> contribute?I'm just suggesting ideas.
> I will never post anything.
> Bye bye and thank you.
>
>
> Joseph Ashwood wrote:
> >
> > To translate (since you are obviously either new to newsgrouos, the
> > internet, or playing dumb), "those who . . . ." wants you to stop
switching
> > the e-mail address you are coming from. This will allow him to set his
> > newsreader to simply ignore everything you say. It's a very useful
feature
> > when someone demonstrates that their only purpose in a newsgroup is to
waste
> > bandwidth. Since you are being uncooperative about it, he is prepared to
> > block all of netcom.ca simply because he finds your posts that useless
(at
> > least useless enough to block all the other posters from netcom.ca). I'm
> > sure you're addresses have made it into several killfiles.
> > Joe
> >
> > "amateur" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > ????????????????
> > >
> > >
> > >
> > > those who know me have no need of my name wrote:
> > > >
> > > > <[EMAIL PROTECTED]> divulged:
> > > >
> > > > >I'm not using a secret algorithm.
> > > >
> > > > will you please keep a single from header. i really don't want to
> > > > killfile all of netcom.ca. thank you.
> > > >
> > > > --
> > > > okay, have a sig then
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 12:20:10 -0800
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Question is since ciphersaber is meant to be simple what
> Hash would you use?
SHA-1 would seem to be a good choice. It is fairly simple, although not
nearly as simple as RC4, and it is secure. It might not be the best option,
I haven't taken a close look at the complexity of many hash functions (it's
only important to me that it gets done right once).
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Multiple encryption, more secure ciphers
Date: Thu, 22 Mar 2001 12:25:17 -0800
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:eysu6.108288$[EMAIL PROTECTED]...
>
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> news:u8jQERwsAHA.297@cpmsnbbsa09...
> > A few caveats first:
> > 1) We don't know if it might even weaken it against cryptanalysis
> > 2) It's a lot slower, but that's what you wanted
> >
> > Key1 = hash(inputKey)
> > Key2 = hash(hash(Key1, inputKey), inputKey)
> > Key3 = hash(hash(hash(Key2, inputKey), inputKey), inputKey)
> > Key4 = hash(hash(hash(hash(Key3, inputKey), inputKey), inputKey),
> inputKey)
> > Key5 = hash(hash(hash(hash(hash(Key4, inputKey), inputKey), inputKey),
> > inputKey), inputKey)
> > (you can add more or less if needed)
>
> You're idea is ok only if Key1 and InputKey are not fixed points... I.e if
>
> Key1 = Hash(input)
>
> if hash(Key1) == input then all your keys are one or the other.
Actually that's a very good thing to acknowledge. There is a small
possibility of finding this collision, or more accurately for the way it was
used, a short cycle. However it is a real possibility. If the short loop
does occur then the strength is only that of 5Rijndael (EEEEE) which should
be more than enough to protect against analysis.
Joe
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: sci.math,comp.dsp
Subject: Re: Fill-in-the-blank codes (similar to Error-correcting codes)
Date: 22 Mar 2001 20:33:41 GMT
[EMAIL PROTECTED] (John Rickard) wrote in
<Cpi*[EMAIL PROTECTED]>:
>In sci.math Bob Harris <[EMAIL PROTECTED]> wrote:
>: So, for example, I might have a 5 bits message, add two bits to it
>: (according to my yet-undefined code), and transmit the 7 bits through
>: separate channels. Think of the channels as couriers. Five couriers
>: make it to the receiver, two never show up. The receiver knows which
>: courier is which, knows which haven't shown up (maybe they will, but
>: why wait once we have five), and then (I hope) can fill in the bits
>: that the two missing couriers would have.
>
>I think other replies (about "errors" and "erasures") have pointed you
>in the right direction, and the authors seem to know rather more about
>the subject than I do. But I *can* explain why (as they said) the
>case you mention is not possible.
>
>You would need 32 possible 7-bit messages. No two of these could
>differ in only two (or fewer) bits, since then if those two bits were
>lost you would not be able to distinguish the two messages. So,
>defining a "neighbour" of a message as a string of bits that differs
>in just one bit from the message, no neighbour of any of the 32
>messages can be the same as a neighbour of any other of the 32
>messages. Each message has 7 neighbours, so you have 32*(1+7) = 256
>messages and neighbours, all distinct 7-bit strings -- but 256 > 128,
>so this is impossible!
>
Maybe this is extreme but say you want to securly encrypt the
7 different messages so that only 4 of 7 couries make it trough.
You can use a OTP that the reiever does not need only the sender.
but each file sent will be (7!)/((4!)(3!)) times longer. then using
the otp over several passes each indviual part of the message may
contain plain text XOR with 4 passes of OTP. You need to do
more than 4 passes but you can do it in way that for each combineation
of channels only on certain combinations exit.
When the first 4 couries get through. Determine which part of
file segment contain the poriton that when those 4 are XOR togther
they give the plaintext file that was present. Of cource
it may be best to do noramal encryption first since if enemy gets
4 of the couries you really don't want the XOR of a portion of
the file to be the message.
If this is not clear I can explain in detail for 2 of 3 couries.
since (3!)/((2!)(1)) each file contains 3 segments
File1 = M1 xor OTP1 next segment OTP2 last segment OTP3
File2 = OTP1 next segment M1 xor OTP2 last segment OTP3
file3 = OTP1 next segment OTP2 last segmetn M1 xor OTP3
if 1 and 2 make you can xor first segment to togther and second
as a check.
for 1 and 3 use first xored or last xored as check
for 2 and 3 use second xoerd or last xored as a check
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Richard Wright" <[EMAIL PROTECTED]>
Subject: Password Encryption
Date: Thu, 22 Mar 2001 20:49:48 -0000
Hi,
I'm looking for a good one way encryption formula (decryption not required)
for encrypting passwords and I don't want to reinvent the wheel if there are
well published methods out there. I require this for an app I'm writing for
Win32 and I have noticed that there are encryption routines in Win32 system.
As anyone used them? Are they any good? Also, is there any recommended
readings on this topic?
Thanks in advance for any help!
Richard.
------------------------------
From: amateur <[EMAIL PROTECTED]>
Subject: Question about coding
Date: Thu, 22 Mar 2001 15:38:55 -0400
If I code every character of plain-text with specific value before
encryption, the grammatical structure of my plain-text will be
impossible to guess. Yes or not?
I think yes.
What do you think?
Thank you for your comments.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: A future supercomputer
Date: Thu, 22 Mar 2001 20:44:22 GMT
> I believe it's a 3 dimensional analog matrix, with a variable clock rate, all
> mediated by the results of the incessant struggle between serotonin and
> acetylcholine.
Exactly. And trying to determine the number of bits of MIPS involved would
seem ... difficult.
> Those are just the peripherals, interfaced through the cerebral cortex (BIOS)
But they are very intelligent peripherals. The eye does an amazing amount of
processing right in the retina, for example. Not that it can't be
duplicated, ut plugging a computer into a camera isn't going to be anything
like plugging a computer into an eyeball. The same goes for ears, muscles,
the autonomous nervous system, the regulatory hormones and all that stuff.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
A million monkeys in a room with a million typewriters
will only yield half a million pregnant monkeys.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Password Encryption
Date: Thu, 22 Mar 2001 20:44:54 GMT
"Richard Wright" <[EMAIL PROTECTED]> wrote in message
news:99do2h$4ha$[EMAIL PROTECTED]...
>
> Hi,
>
> I'm looking for a good one way encryption formula (decryption not
required)
> for encrypting passwords and I don't want to reinvent the wheel if there
are
> well published methods out there. I require this for an app I'm writing
for
> Win32 and I have noticed that there are encryption routines in Win32
system.
> As anyone used them? Are they any good? Also, is there any recommended
> readings on this topic?
Why not just use a hash like SHA256 (from NIST)
http://tomstdenis.home.dhs.org/src/sha256.c
Tom
--
http://tomstdenis.home.dhs.org
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 20:45:44 GMT
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> If I code every character of plain-text with specific value before
> encryption, the grammatical structure of my plain-text will be
> impossible to guess. Yes or not?
>
> I think yes.
Sorta... to no.
You have described a monoalphabetic cipher. The order-0 frequency analysis
of the ciphertext could reveal the probable message.
Tom
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (Ben Cantrick)
Subject: Re: Question about coding
Date: 22 Mar 2001 13:46:37 -0700
In article <[EMAIL PROTECTED]>, amateur <[EMAIL PROTECTED]> wrote:
>If I code every character of plain-text with specific value before
>encryption, the grammatical structure of my plain-text will be
>impossible to guess. Yes or not?
>
>I think yes.
>
>What do you think?
>Thank you for your comments.
Presuming you always use the same specific value for the same
letter in the plain text, the answer is a resounding "no." Do a
Web search on "frequency analysis".
-Ben
--
Ben Cantrick ([EMAIL PROTECTED]) | Yes, the AnimEigo BGC dubs still suck.
BGC Nukem: http://www.dim.com/~mackys/bgcnukem.html
The Spamdogs: http://www.dim.com/~mackys/spamdogs
http://civilliberty.miningco.com/library/weekly/aa090897.htm
------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Crossposted-To: de.comp.security.misc
Subject: Re: Czech attack to PGP
Date: 22 Mar 2001 20:55:58 GMT
In de.comp.security.misc Lutz Donnerhacke <[EMAIL PROTECTED]> wrote:
> OTOH, we do not relay on a modifiction anyway, the programms are free to
> choose any secret key storage format the like.
And an attack which allows mdifications to a secret key are more sucessfull by
modifying the pgp binary, anyway.
Greetings
Bernd
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Thu, 22 Mar 2001 22:00:36 +0100
John L. Allen <[EMAIL PROTECTED]> wrote:
> > Please note that I'm an amateur, so others please correct me if I claim
> > something wrong. I'd say that double-encrypting the IV does not add
> > significant security. How about
>
> I guess I don't care if it adds security, as long as it doesn't subtract it
Theoretically, it can subtract it. Practically, I'd say that's unlikely.
> I know that passing (x, E(x)) gives an attacker known plaintext, but what's
> wrong with giving him (x, E(E(x))) ?
Well, x is known plaintext anyway, so the double-encryption would only
serve the purpose to protect the key against a kind of known plaintext
attack. I doubt that double encryption will serve that purpose.
> >
> > IV, E(salt+IV), E(msg)
> >
> > where salt is a few pseudo-random bytes from a PRNG. You can use Arcfour
> > as the PRNG, and the actual entropy of the random seed will be
> > implementation depend. Even if the entropy source is not optimal, this
> > seems more secure to me than just encrypting IV (known plaintext).
>
> If the salt is generated by rc4, then that looks a lot like Mike De Turi's
> "throw-away-bytes" idea, and is similarly interesting.
>
> I then slap myself in the head and ask what about this
>
> IV, E(msg{1..10}), E(msg)
As Yamaneko has reminded me that Arcfour is a stream cipher (how stupid
I am..), my salt idea doesn't serve anything useful. I'd favor IV,
E(msg{1..10}), E(msg) or, if possible: IV, E(CRC32(msg)), E(msg)
Still I think that a solution with hashing would be much more secure.
>
> IV, E(salt ^ msg{1..10}), E(msg)
...won't work, because the salt is unknown.
I don't have a good feeling with encrypting plaintext twice, but it
currently seems the best solution to me.
Regards,
Erich
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
