Cryptography-Digest Digest #976, Volume #13 Fri, 23 Mar 01 02:13:00 EST
Contents:
Re: Fast and Easy crypt send ("Joseph Ashwood")
AES - which block/key size to use? (Marc)
Re: Advice on storing private keys (Marc)
Re: AES - which block/key size to use? ("Tom St Denis")
Re: RC4 test vectors after gigabyte output?. (Luis Yanes)
Re: Is Evidence Eliminator at all useful ?? (Eric Lee Green)
Re: Is Evidence Eliminator at all useful ?? ("Tom St Denis")
Re: Multiple encryption, more secure ciphers (David Wagner)
Re: Advice on storing private keys (those who know me have no need of my name)
Re: Question about coding ("Carpe Diem")
Re: Question about coding ("Carpe Diem")
Re: NSA in the news on CNN (Will Janoschka)
Re: AES - which block/key size to use? ("Roger Schlafly")
Re: Is Evidence Eliminator at all useful ?? (Eric Lee Green)
Re: Pike stream cipher (Terry Ritter)
Re: NSA in the news on CNN (Tony L. Svanstrom)
Re: cryptography using the method of elliptic curve. ("Brian Wong")
Re: Pike stream cipher ("Tom St Denis")
Dr Rabin's "unbreakable" code ("Collis Ta'eed")
Re: cryptography using the method of elliptic curve. ("Tom St Denis")
Re: AES - which block/key size to use? ("Scott Fluhrer")
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Fast and Easy crypt send
Date: Thu, 22 Mar 2001 17:10:22 -0800
Quite frankly, I am no longer going to waste my time explaining to you why
this is such a bad idea. If you want real comments on an algorithm you've
designed, do some real analysis of it, write a real specification, but first
and most important read a book about cryptography.
Joe
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[snip everything]
------------------------------
From: [EMAIL PROTECTED] (Marc)
Subject: AES - which block/key size to use?
Date: 23 Mar 2001 02:01:45 GMT
Hi. I'm planning to use Rijndael/AES for a project of mine. I wonder
which block and key size I should chose?
My criteria are:
1. Whhich block and key size(s) was/were evaluated in the AES process?
Security-wise I'd like to sit in the same boat with other crypto
products, banks, etc. If in the end it all turns out to be insecure
I'm not to blame (alone) :-)
2. If several sizes were evaluated, which one will be faster (software)?
I noticed that different sizes also cause more/less rounds. I'd like
to chose the fastest variant that fulfils 1) I'll use a CFB or
similar setup to encrypt individual blocks of 512 bytes in size.
Thanks in advance for your advice!
------------------------------
From: [EMAIL PROTECTED] (Marc)
Subject: Re: Advice on storing private keys
Date: 23 Mar 2001 02:01:47 GMT
>if they can't follow the current certificate specs, and can't be
>bothered to download very portable library source (e.g., openssl), then
>you are going to have lots of other problems.
At least in Germany, the use of encryption in ham radio is
prohibited. The spirit is that the ham radio is public and
everybody who joins must not build closed groups by use of
scrambling or encryption. This dates back to pre-computer
times, but the ham users (at least in Germany) are very proud
on their rules and don't tolerate anyone violating them (even
if done with good intentions). The rules are set in stone.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: AES - which block/key size to use?
Date: Fri, 23 Mar 2001 02:21:49 GMT
"Marc" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi. I'm planning to use Rijndael/AES for a project of mine. I wonder
> which block and key size I should chose?
>
> My criteria are:
>
> 1. Whhich block and key size(s) was/were evaluated in the AES process?
> Security-wise I'd like to sit in the same boat with other crypto
> products, banks, etc. If in the end it all turns out to be insecure
> I'm not to blame (alone) :-)
Sound "business" tactic... hehehe... well AES isn't used in banks yet AFAIK.
Many products use it already (they jumped on the buzzword bandwagon at the
drop of a hat). The default is 12 rounds I think... I dunno the Rijndael
paper describes their "AES" cipher... although you can reconfigure Rijndael
for diff sizes/rounds it may not be a wise decision todoso prematurely.
> 2. If several sizes were evaluated, which one will be faster (software)?
> I noticed that different sizes also cause more/less rounds. I'd like
> to chose the fastest variant that fulfils 1) I'll use a CFB or
> similar setup to encrypt individual blocks of 512 bytes in size.
Stick with the AES for now.
Tom
------------------------------
From: Luis Yanes <[EMAIL PROTECTED]>
Subject: Re: RC4 test vectors after gigabyte output?.
Date: Fri, 23 Mar 2001 03:25:00 +0100
On 21 Mar 2001 21:32:32 -0800 [EMAIL PROTECTED] (Gregory G Rose) wrote:
>In article <u5C3OpCcF7b2VNiAEyPmh3csFGJy@wingate>,
>Luis Yanes <[EMAIL PROTECTED]> wrote:
>>There is any RC4 test vectors after gigabyte output?.
>
>Well, not a gigabyte.
But better than just 512 bytes. Thanks!.
>Initialise RC4 (or equivalent) with the 8 byte key
>"test key". Then the first 44 output bytes are:
unsigned char testkey[] = {
't', 'e', 's', 't', ' ', 'k', 'e', 'y'
};
>unsigned char expected[] = {
> 0xbd, 0xe9, 0x5c, 0xb5, 0x2b, 0x8d, 0xf8, 0xfb,
> 0xf2, 0xb7, 0x51, 0xf6, 0x5b, 0xe1, 0xdf, 0x3e,
> 0xd7, 0x4b, 0x45, 0x7a, 0xe9, 0x76, 0x4d, 0x26,
> 0x2f, 0x43, 0xa4, 0x70, 0x9a, 0x2a, 0xc9, 0x4e,
> 0x11, 0x23, 0x89, 0x7b, 0x02, 0x2a, 0x4f, 0x07,
> 0x80, 0x98, 0xa1, 0xa0,
>};
But I get:
unsigned char expected[] = {
0x01, 0x94, 0x79, 0x6b, 0xfc, 0xc7, 0xb9, 0xa8,
0xc2, 0xed, 0x96, 0x77, 0x64, 0x2c, 0x80, 0xe9,
0x65, 0x90, 0x4e, 0x6c, 0xab, 0x72, 0xf9, 0x84,
0x93, 0x84, 0xf4, 0x34, 0x7d, 0x27, 0xb2, 0x8b,
0xf0, 0x1f, 0x08, 0x3b, 0x86, 0xc1, 0xc5, 0x91,
0xb0, 0x1e, 0x4b, 0x1f
};
Although all published test vectors pass ok. Did yours pass:
unsigned char key2[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char input2[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char output2[] = {
0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a
};
What key schedule are you using?. Do you know what could be wrong?.
(SNIP the megabyte)
73's de Luis
mail: melus0(@)teleline(.)es
Ampr: eb7gwl.ampr.org
http://www.terra.es/personal2/melus0/ <- PCBs for Homebrewed Hardware
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Is Evidence Eliminator at all useful ??
Reply-To: [EMAIL PROTECTED]
Date: 22 Mar 2001 20:26:15 -0600
On Thu, 22 Mar 2001 13:04:00 -0800, David Schwartz <[EMAIL PROTECTED]>
wrote:
>Eric Lee Green wrote:
>> Heheh. And even if it did work, I make it a point not to deal with
>> people with such dubious business policies (see my .sig).
>
> You think I can't recognize an FBI/CIA/KGB stooge when I see one?
Well darn. I keep forgetting that the FBI, CIA, and KGB are actively
recruiting geeky subversive school teachers :-). Now where's my dark
sunglasses and secret decoder ring.... (shuffle shuffle shuffle....).
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Is Evidence Eliminator at all useful ??
Date: Fri, 23 Mar 2001 02:37:05 GMT
"Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 22 Mar 2001 13:04:00 -0800, David Schwartz <[EMAIL PROTECTED]>
> wrote:
> >Eric Lee Green wrote:
> >> Heheh. And even if it did work, I make it a point not to deal with
> >> people with such dubious business policies (see my .sig).
> >
> > You think I can't recognize an FBI/CIA/KGB stooge when I see one?
>
> Well darn. I keep forgetting that the FBI, CIA, and KGB are actively
> recruiting geeky subversive school teachers :-). Now where's my dark
> sunglasses and secret decoder ring.... (shuffle shuffle shuffle....).
How does one group two US firms with one russian? What about the cannucks?
Tom
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Multiple encryption, more secure ciphers
Date: 23 Mar 2001 02:56:16 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
John Savard wrote:
>Concatenate the key with "01", and then hash it ten times, to make
>KHA1, KHA2, KHA3 ... KHA10.
Personally, I prefer Knudsen's TEMK construction: it is simpler,
doesn't require you to have a hash function available, and has some
provable security guarantees as well. But I don't see any reason
why your scheme couldn't be used, if you prefer it.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Advice on storing private keys
Date: Fri, 23 Mar 2001 03:08:35 -0000
<[EMAIL PROTECTED]> divulged:
>>if they can't follow the current certificate specs, and can't be
>>bothered to download very portable library source (e.g., openssl), then
>>you are going to have lots of other problems.
>
>At least in Germany, the use of encryption in ham radio is
>prohibited.
as you might have noticed i made mention of that in my article -- it's
the same in the us, or at least very similar. but, without some form of
cryptographic process i doubt you will be able to create a secure qsl.
x509 certificates are not encrypted, they are signed. granted it is a
digital signature, produced using a cryptographic process, but that is
generally viewed differently by most country's since a signature doesn't
convey arbitrary information.
true x509 certificates usually contain information to be used (later)
for encryption, i.e., a public key, but it is not required that
encryption must therefore ensue.
x509 certificates are encoded, but that is a matter of making the
structure explicit and to ensure that transmission between differing
types of systems will succeed.
let me ask, can you retrieve a pgp key (from a key server) via (packet)
radio? if you can without breaking any laws (at either end, or along
the way) then x509 certificates should be no problem either.
i don't think that a standards based mechanism, such as x509
certificates, should be discarded through too little attention.
>The spirit is that the ham radio is public and
>everybody who joins must not build closed groups by use of
>scrambling or encryption.
and yet packet radio exists. heck there was once much argument over
things as simple as a dtmf pad, since it used "encoded" signals to
access the associated auto-patch.
x509 certificates do not create a closed community, in fact given that
they are defined by a series of itu standards it would be very difficult
to make that argument at all. creating a custom certificate is what
would create a closed community.
>The rules are set in stone.
no they aren't, thank goodness.
--
okay, have a sig then
------------------------------
From: "Carpe Diem" <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 21:10:46 -0600
You mean that first you use the mapping:
(a_1, a_2,..., a_n) --> (Character A)
(b_1, b_2,..., b_m) --> (Character B)
...
(z_1, z_2,..., z_k) --> (Character Z)
where each of the characters A to Z is used n, m, ..., k times and we
substitute character A with a different a_i each time we meet it and so on.
Then you encrypt.
This is just a complicated version of using OTP over the plaintext and then
encrypting it. After you have used the OTP assuming you can safely manage
the key, encrypting the resulting text adds no security.
"amateur" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> If I code every character of plain-text with specific value before
> encryption, the grammatical structure of my plain-text will be
> impossible to guess. Yes or not?
>
> I think yes.
>
> What do you think?
> Thank you for your comments.
------------------------------
From: "Carpe Diem" <[EMAIL PROTECTED]>
Subject: Re: Question about coding
Date: Thu, 22 Mar 2001 21:12:13 -0600
> where each of the characters A to Z is used n, m, ..., k times
used in the plaintext
------------------------------
From: [EMAIL PROTECTED] (Will Janoschka)
Subject: Re: NSA in the news on CNN
Date: 23 Mar 2001 02:54:19 GMT
On Thu, 22 Mar 2001 19:43:57, [EMAIL PROTECTED] (John Hairell)
wrote:
> The best known of many proprietaries is of course the now-defunct Air
> America.
>
>
What makes you think that Air America is 'defunct'??
-will-:@)
Where Ignorance is bliss, 'tis folly to be wise!=:)
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: AES - which block/key size to use?
Date: Fri, 23 Mar 2001 03:59:39 GMT
"Marc" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi. I'm planning to use Rijndael/AES for a project of mine. I wonder
> which block and key size I should chose?
Use 128-bit block and 128-bit key. Using anything else is perverse.
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Is Evidence Eliminator at all useful ??
Reply-To: [EMAIL PROTECTED]
Date: 22 Mar 2001 22:26:55 -0600
On Fri, 23 Mar 2001 02:37:05 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
>"Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Thu, 22 Mar 2001 13:04:00 -0800, David Schwartz <[EMAIL PROTECTED]>
>> wrote:
>> >Eric Lee Green wrote:
>> >> Heheh. And even if it did work, I make it a point not to deal with
>> >> people with such dubious business policies (see my .sig).
>> >
>> > You think I can't recognize an FBI/CIA/KGB stooge when I see one?
>>
>> Well darn. I keep forgetting that the FBI, CIA, and KGB are actively
>> recruiting geeky subversive school teachers :-). Now where's my dark
>> sunglasses and secret decoder ring.... (shuffle shuffle shuffle....).
>
>How does one group two US firms with one russian? What about the cannucks?
Well, us Americans tend to think the Cannucks are too polite to play
such games. Ever saw that hilarious movie "Canadian Bacon", where
Alan Alda played the President of the United States upset because the
end of the cold war left him with no enemies to fight?
Or maybe not. Terrence and Phillips. Blame Canada :-). Or just post
something when the EE people next spam the newsgroups with links to
their home page. and make it into their "disinformation" list as a
notorious Canadian spy chief (grin).
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Pike stream cipher
Date: Fri, 23 Mar 2001 04:39:08 GMT
On 22 Mar 2001 16:43:24 -0800, in <99e67c$[EMAIL PROTECTED]>, in
sci.crypt [EMAIL PROTECTED] (Gregory G Rose) wrote:
>[...]
>Please note that neither Knuth nor anyone else
>reputable has ever claimed that Algorithm M is a
>good stream cipher. There are reasons to believe
>it might not be. It generates good psuedo-random
>numbers though.
Almost every time this comes up, I post the successful attack
references. For example, start at:
http://www.io.com/~ritter/RES/COMBCORR.HTM#B4
and follow the links to the article summaries and exact literature
references.
There is every reason to believe that MacLaren-Marsaglia is
fundamentally weak.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Subject: Re: NSA in the news on CNN
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Fri, 23 Mar 2001 04:48:30 GMT
Will Janoschka <[EMAIL PROTECTED]> wrote:
> On Thu, 22 Mar 2001 19:43:57, [EMAIL PROTECTED] (John Hairell)
> wrote:
>
> > The best known of many proprietaries is of course the now-defunct Air
> > America.
> >
> >
> What makes you think that Air America is 'defunct'??
Where's the best information on the Net regarding Air America - anyone?
/Tony
------------------------------
From: "Brian Wong" <[EMAIL PROTECTED]>
Subject: Re: cryptography using the method of elliptic curve.
Date: Thu, 22 Mar 2001 23:54:37 -0500
"Carpe Diem" <[EMAIL PROTECTED]> wrote in message
news:99e5na$1ks$[EMAIL PROTECTED]...
> Well, you can not say that it is boring. ECC has behind a wonderful
> mathematical theory. The theory of elliptic curves is truly fascinating. I
> can not understand on what basis you say it is boring.
>
Ignorance
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Pike stream cipher
Date: Fri, 23 Mar 2001 05:02:26 GMT
"Terry Ritter" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> On 22 Mar 2001 16:43:24 -0800, in <99e67c$[EMAIL PROTECTED]>, in
> sci.crypt [EMAIL PROTECTED] (Gregory G Rose) wrote:
>
> >[...]
> >Please note that neither Knuth nor anyone else
> >reputable has ever claimed that Algorithm M is a
> >good stream cipher. There are reasons to believe
> >it might not be. It generates good psuedo-random
> >numbers though.
>
> Almost every time this comes up, I post the successful attack
> references. For example, start at:
>
> http://www.io.com/~ritter/RES/COMBCORR.HTM#B4
>
> and follow the links to the article summaries and exact literature
> references.
>
> There is every reason to believe that MacLaren-Marsaglia is
> fundamentally weak.
Yes, MLM is weak, but that's not technically Algorithm M. Algorithm M
specifies two PRNGs are used not two LCGs
Tom
------------------------------
From: "Collis Ta'eed" <[EMAIL PROTECTED]>
Subject: Dr Rabin's "unbreakable" code
Date: Thu, 22 Mar 2001 16:04:14 +1000
Can anyone tell me where I can get more information about the code recently
revealed by Professor Michael Rabin. I saw an article at
(http://www.securitywatch.com/newsforward/default.asp?AID=5955)
but this doesn't really say very much. I'm an honours student and it looks
like an interesting project to study...
thanks guys
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: cryptography using the method of elliptic curve.
Date: Fri, 23 Mar 2001 05:31:49 GMT
"Brian Wong" <[EMAIL PROTECTED]> wrote in message
news:99ekne$jvv$[EMAIL PROTECTED]...
>
> "Carpe Diem" <[EMAIL PROTECTED]> wrote in message
> news:99e5na$1ks$[EMAIL PROTECTED]...
> > Well, you can not say that it is boring. ECC has behind a wonderful
> > mathematical theory. The theory of elliptic curves is truly fascinating.
I
> > can not understand on what basis you say it is boring.
> >
>
> Ignorance
No it's math prof's using sentences like "it's obvious that..." that really
turn me off. Yeah I am a "baby" and I have tons to learn, I admit that but
honestly all too often people write papers assuming they are the target
audience....
Tom
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: AES - which block/key size to use?
Date: Thu, 22 Mar 2001 22:54:13 -0800
Marc <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi. I'm planning to use Rijndael/AES for a project of mine. I wonder
> which block and key size I should chose?
>
> My criteria are:
>
> 1. Whhich block and key size(s) was/were evaluated in the AES process?
> Security-wise I'd like to sit in the same boat with other crypto
> products, banks, etc. If in the end it all turns out to be insecure
> I'm not to blame (alone) :-)
The Rijndael submission supported block sizes of 128, 192 and 256 bits, and
key sizes of 128, 192 and 256 bits (all nine possibilities). To the best of
my knowledge, no analysis was published for any block size other than 128
bits (and there was analysis for all three key sizes for 128 bit blocks).
The draft AES FIPS specifies only the 128 bit block size.
>
> 2. If several sizes were evaluated, which one will be faster (software)?
128 bit key size would be fastest -- it uses only 10 rounds.
> I noticed that different sizes also cause more/less rounds. I'd like
> to chose the fastest variant that fulfils 1) I'll use a CFB or
> similar setup to encrypt individual blocks of 512 bytes in size.
Fine. You are aware that CFB mode allows bit flipping attacks in the last
block, don't you?
--
poncho
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
