Cryptography-Digest Digest #27, Volume #14 Wed, 28 Mar 01 12:13:01 EST
Contents:
Re: Idea - (LONG) (Erwann ABALEA)
Re: Newbie: What is AES? ("Brian Gladman")
Re: Crypto in VB3 (Hard)
Re: Newbie: What is AES? (Pascal Junod)
Re: Newbie: What is AES? (Mathias Wagner)
Re: vigenere cipher (John Savard)
Re: public key problem (John Savard)
Re: public key problem ("Sam Simpson")
Re: Idea (Phil Carmody)
Re: Idea - (LONG) (Jeffrey Williams)
Re: Crypto" by Steven Levy E-Book Posting ("Rob Marston")
There is a saying is Finnish: "Annetaan Lubevichia peraan" ... this means ...
([EMAIL PROTECTED])
Re: Article: "Computing, One Atom at a Time" (NYTimes) (SCOTT19U.ZIP_GUY)
Re: Compression-encryption with a key (SCOTT19U.ZIP_GUY)
Re: Newbie wants to shuffle... ("Frog2000")
DES key replacement. ("Yaniv Sapir")
Breaking a DES encrypted code. ("Yaniv Sapir")
Re: Breaking a DES encrypted code. ([EMAIL PROTECTED])
Estimation of the keygen time (Chenghuai Lu)
Re: Breaking a DES encrypted code. ("Sam Simpson")
Strong primes (Chenghuai Lu)
Re: Newbie wants to shuffle... ("Henrick Hellström")
Re: public key problem (Mark Currie)
Re: Breaking a DES encrypted code. (Volker Hetzer)
Re: Breaking a DES encrypted code. ("Yaniv Sapir")
Re: Breaking a DES encrypted code. ("Simon Hunt")
Secret key from hashing functions ("Michel Fortin")
Re: Breaking a DES encrypted code. ("Mark G Wolf")
----------------------------------------------------------------------------
From: Erwann ABALEA <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Wed, 28 Mar 2001 12:21:47 +0200
Replied in private, since he's now posting in French, and this is going
off-topic.
On Tue, 27 Mar 2001, Bertrand wrote:
> Il faudrait d'abord lire ce que j'ai propose.
> J'ai signe mes posts sous trois noms differents "br", "amateur" et
> "bertrand".
> Lis d'abord ce que j'y exprime comme idees avant de repondre
> brutalement.
> Merci.
>
--
Erwann ABALEA
[EMAIL PROTECTED]
- RSA PGP Key ID: 0x2D0EABD5 -
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Newbie: What is AES?
Date: Wed, 28 Mar 2001 11:32:01 +0100
"Mathias Wagner" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Greetings,
>
> could somebody point me to a resource on the net or a book where I can
> read up on AES?
>
> Any help much appreciated!
The NIST AES web site is a sensible starting point:
http://csrc.nist.gov/encryption/aes/
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (Hard)
Subject: Re: Crypto in VB3
Date: Wed, 28 Mar 2001 11:22:33 GMT
On Fri, 23 Mar 2001 21:55:21 -0500, "Ryan M. McConahy"
<[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I'm wrather new to VB (I used VBDOS!). Can you tell me what to do
>with the "byte" types? VB3 doesn't seem to support them. And how
>would I fix the 16bit/32bit thing?
>
>Thanks in advance,
>
>Ryan M. McConahy
>
>Hard wrote in message <[EMAIL PROTECTED]>...
>>On Mon, 19 Mar 2001 15:56:10 -0500, "Ryan M. McConahy"
>><[EMAIL PROTECTED]> wrote:
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>
>>>To: sci.crypt
>>>Subject: Crypto in VB3
>>>
>>>Does anyone know of any libraries/DLLs/source code that I could use
>>>in Visual Basic 3?
>>>
>>>Thanks in advance.
>>>
>>>Ryan M. McConahy
>>>
>>>-----BEGIN PGP SIGNATURE-----
>>>iQA/AwUBOrZyMqFn8yalvjU2EQLmbgCfQjFk8V8ezHINCRlShQQCofcWFpwAmwQZ
>>>2B/fTUpE3E7T6isFRQmGNo31
>>>=1vLJ
>>>-----END PGP SIGNATURE-----
>>>
>>
>>Go here: http://zarr.net/vb/download/encryption.asp
>>
>>This code is for 32-bit VB, but you may be able to get it to work in
>>VB3 by keeping track of variables (long is 16-bit in VB3 but is
>>32-bit in current versions, etc.)
>>
>>The MD5 code is questionable (didn't pass vector tests) but the
>>SHA-1 and the RC4 are good (pass vector tests), although slow. The
>>mime
>>(base64) encoding and decoding also works well.
>>
>>There are also modules for CRC calc, LZW compression of strings,
>>Gost2, and SkipJack encryption, although I haven't tested them.
>>
>>All in all, it is a fairly fun package for horsing around in VB.
>
>-----BEGIN PGP SIGNATURE-----
>Version: 6.5.8ckt http://www.ipgpp.com/
>Comment: KeyID: 0xA167F326A5BE3536
>Comment: Fingerprint: 838C 815E 5147 2168 5A76 16F1 A167 F326 A5BE 3536
>
>iQA/AwUBOrwMlaFn8yalvjU2EQJzKACgyvb3PrZyuPtmRiVGjHaYmeuaR1gAoO9n
>X9TdI+pF11+D4oXb3RhHuKMB
>=Ml/S
>-----END PGP SIGNATURE-----
>
>
Well it has been a while since I used VB3 but I believe you just
double each successive term
byte in 32-bit is integer in VB3
integer in 32-bit is long in VB3
long in 32-bit is double in VB3
I think...
Give it a kick
------------------------------
Date: Wed, 28 Mar 2001 14:14:35 +0200
From: Pascal Junod <[EMAIL PROTECTED]>
Subject: Re: Newbie: What is AES?
On Wed, 28 Mar 2001, Mathias Wagner wrote:
> could somebody point me to a resource on the net or a book where I can
> read up on AES?
http://csrc.nist.gov/encryption/aes/
A+
Pascal
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Pascal Junod, [EMAIL PROTECTED] *
* Laboratoire de Sécurité et de Cryptographie (LASEC) *
* INF 240, EPFL, CH-1015 Lausanne, Switzerland ++41 (0)21 693 76 17 *
* Place de la Gare 12, CH-1020 Renens ++41 (0)79 617 28 57 *
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
Date: Wed, 28 Mar 2001 14:15:49 +0200
From: Mathias Wagner <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Newbie: What is AES?
Thanks!
Mathias
Brian Gladman wrote:
> "Mathias Wagner" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Greetings,
> >
> > could somebody point me to a resource on the net or a book where I can
> > read up on AES?
> >
> > Any help much appreciated!
>
> The NIST AES web site is a sensible starting point:
>
> http://csrc.nist.gov/encryption/aes/
>
> Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: vigenere cipher
Date: Wed, 28 Mar 2001 12:22:18 GMT
On Wed, 28 Mar 2001 00:57:35 -0800, "Edmond Ho" <[EMAIL PROTECTED]>
wrote, in part:
>Hello, first post. My question: by convention, is the first row of the
>Vigenere table "BCDE...XYZA" or is it "ABCDE...XYZ"? Thanks in advance.
The latter: the alphabet picked by the key letter A is ABCDE..., and
the key letter B picks encipherment alphabet BCDEF... and so on.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: public key problem
Date: Wed, 28 Mar 2001 12:25:58 GMT
On Wed, 28 Mar 2001 17:44:08 +0800, "William Lai" <[EMAIL PROTECTED]>
wrote, in part:
>May I ask a question that why RSA can be used for both encryption and
>signing, but El Gamal cannot be used to do so?
Well, El Gamal is a variation on Diffie-Hellman.
In RSA, you are directly transforming a message of your choosing, by
raising it to the power e modulo pq, and it decrypts by being raised
to the power d modulo pq.
In El Gamal, a key is created by the Diffie-Hellman method, and then
it is used for a specific encryption operation; both parties share the
same key, so no one is enabled to read something he is unable to
write, the essential condition for signatures. Elaborate methods have
been used, though, to allow signature methods based on El Gamal, IIRC.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: public key problem
Date: Wed, 28 Mar 2001 14:22:08 +0100
John Savard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 28 Mar 2001 17:44:08 +0800, "William Lai" <[EMAIL PROTECTED]>
> wrote, in part:
>
> >May I ask a question that why RSA can be used for both encryption and
> >signing, but El Gamal cannot be used to do so?
>
> Well, El Gamal is a variation on Diffie-Hellman.
>
> In RSA, you are directly transforming a message of your choosing, by
> raising it to the power e modulo pq, and it decrypts by being raised
> to the power d modulo pq.
>
> In El Gamal, a key is created by the Diffie-Hellman method, and then
> it is used for a specific encryption operation; both parties share the
> same key, so no one is enabled to read something he is unable to
> write, the essential condition for signatures. Elaborate methods have
> been used, though, to allow signature methods based on El Gamal, IIRC.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
Further to John Savard's answer, it is possible to both encrypt and sign
with Elgamal (see for example pg294 & 454 in HAC for details).
Apparently it's relatively hard to implement Elgamal signatures securely, so
most people use an Elgamal based standard such as DSS.
The only package of the top of my head that offers Elgamal-sig is GnuPG
offers, which offers a choice of RSA encrypt and sign, Elgamal Sign, Elgamal
Encrypt and DSS.
Hope this helps?
--
Regards,
Sam
http://www.scramdisk.clara.net/
------------------------------
From: Phil Carmody <[EMAIL PROTECTED]>
Subject: Re: Idea
Date: Wed, 28 Mar 2001 13:29:36 GMT
Marc wrote:
>
> >People don't use one time pads (OTP) because there is usually no
> >convenient way to transmit the key. If you do find a secure way to
> >transmit the key then you might as well transmit the entire message.
>
> Well, no:
>
> a) an OTP, sent in advance and stored, to be used on demand until
> exhausted. there is no need to transmit it at the same time as the
> message.
Indeed, and often it will be sent using an unrelated communication
medium too.
For example my OTP for banking over the internet is sent via snail mail.
> b) if sent tamper-evident, an OTP can be sent over an insecure path
> and, if detected as compromised, simply be discarded. A compromised
> message on the other hand would be difficult to "discard" once sent..
Yes, though there ought to be a 'it has it arrived in tact' back
communication.
It cannot be used until both parties know it's arrived in tact. (They
both need to know that the other has the same knowledge too).
Phil
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: Idea - (LONG)
Date: Wed, 28 Mar 2001 07:55:58 -0600
Bertrand. I think you just pointed out at least part of your problem (from
my perspective, the major part of your problem): you didn't publish the
complete algorithm. If you want people to comment on the security of your
system, or to try breaking your system, you need to publish the complete
algorithm.
If you publish the complete algorithm, you ***might*** find a few people
willing to critique it or even show you how to crack it. If you do not
publish the complete algorithm, short of offering a large prize for cracking
it, you are very unlikely to find anyone will to critique or crack it. It's
just too much effort for too little reward.
A side-effect of not publishing the complete algorithm is that people will
misunderstand your system, resulting in confused threads which in turn
result in PO'd people.
Jeff
Bertrand wrote:
> Sincerely, I do not like to bother others.
> I suggested an idea, just an idea. I did not publish all the complete
> algo.
[...]
------------------------------
From: "Rob Marston" <[EMAIL PROTECTED]>
Subject: Re: Crypto" by Steven Levy E-Book Posting
Date: Wed, 28 Mar 2001 13:51:40 +0100
Found some info on the book at
http://www.stevenlevy.com/crypto.html
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.2600,alt.security,comp.security
Subject: There is a saying is Finnish: "Annetaan Lubevichia peraan" ... this means ...
Date: 28 Mar 2001 14:39:53 GMT
When I grew up as a child in Varkaus, Finland (a city of 15000 people) in
1960s, 1970s and 1980s, there was a traditional Finnish saying: "Annetaan
Lubevichia peraan". This was said in the situations in which somebody had
hurt you and you wanted to have a revenge against this attacker who hurt you.
Lubevich is actually an Ultra-Orthodox Jew. In this saying Lubevich can be
interpreted as a great tool of a revenge. But if you translate it directly to
English is means "Lubevich is to be given to the back" or "Give Lubevich to
the back". But basically it is interpreted that "Send a Lubevich behind the
person who hurt you in order to get a revenge". Or in Finnish "Anna
viikatemiehen kostaa takaa". This is just an element of Finnish.
Markku J. Saarelainen
Independent Consultant
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Article: "Computing, One Atom at a Time" (NYTimes)
Date: 28 Mar 2001 14:46:49 GMT
[EMAIL PROTECTED] (Ichinin) wrote in <[EMAIL PROTECTED]>:
>http://www.nytimes.com/2001/03/27/science/27QUAN.html
I wouldnt know if its any good or not. THe nytimes articles
are a pain in the ass to read. I have to set up a phoney ID
just to read it. Let them put cookies on my browser and then
in a few days magically seem to get more junk mail at new address.
Maybe you could just sumarise the high points.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Compression-encryption with a key
Date: 28 Mar 2001 14:57:38 GMT
[EMAIL PROTECTED] (Paul Crowley) wrote in
<[EMAIL PROTECTED]>:
>Ross Younger <[EMAIL PROTECTED]> writes:
>> It is generally a Good Idea to compress your plaintext before
>> encrypting -- this normally reduces the amount of ciphertext for an
>> attacker to play with and reduces redundancy within (one could call
>> this obfuscating the plaintext, I suppose).
>
>Flogging a dead horse here, but:
>
>There's no security reason to compress before encryption. If you
>can't trust your cipher against a known-plaintext (or
>chosen-plaintext) attack, use another cipher.
The problem is its foolish to totally trust your encryption
many learn that fact the hard way. Use the best you can and
then still be careful.
>
>Compression before encryption is a good idea for precisely the reasons
>compression is a good idea; if for some reason it's inconvenient for
>your application then don't do it.
I guess I can't argue with if it's inconvenient.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Wed, 28 Mar 2001 10:14:27 -0500
--
http://welcome.to/speechsystemsfortheblind
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> "Henrick Hellström" wrote:
> >
> > If you start with a random (large) integer N in the range [0..n!), you
could
> > use the following algorithm that will bijectively assign a distinct
> > permutation to each possible value of N:
> >
> > for i := 1 to n do S[i] := i;
> > for i := n downto 2 do begin
> > j := (N mod i) + 1; (* Large integer arithmetics *)
> > N := N div i; (* Large integer arithmetics *)
> > x := S[i];
> > S[i] := S[j];
> > S[j] := x;
> > end;
>
> Is that to be found somewhere in the literature? Thanks.
I don't think that will work. This program will. Pay attention to the
permute proc.
uses crt,dos;
var
v,id: integer;
paray: array[0..1000] of integer;
idx: integer;
f: text;
fn: string;
depth: integer;
ld: integer;
procedure writeout;
begin
{ exit;}
for idx := 1 to v do
begin
write(paray[idx],' ');
write(f,paray[idx],' ');
end;
writeln('');
writeln(f,'');
end;
procedure permute(k: integer);
var
t: integer;
begin
depth := depth+1;
{ gotoxy(38,13);
write(' ');
gotoxy(38,13);
write(depth,' ');
delay(500);}
if depth>ld then
ld := depth;
id := id + 1; paray[k] := id;
if id = v then writeout;
for t := 1 to v do
if paray[t] = 0 then permute(t);
id := id - 1; paray[k] := 0;
depth := depth -1;
end;
begin
for idx := 0 to 1000 do
paray[idx] := 0;
depth :=0;
ld := depth;
id := -1;
idx := 0;
write('What permutation level do you want?');
readln(v);
str(v,fn);
fn := fn +'.dat';
assign(f,fn);
rewrite(f);
clrscr;
permute(idx);
writeln(ld,' ',depth);
writeln(f,ld,' ',depth);
close(f);
end.
>
> M. K. Shen
------------------------------
From: "Yaniv Sapir" <[EMAIL PROTECTED]>
Subject: DES key replacement.
Date: Wed, 28 Mar 2001 17:51:47 +0200
Hi all.
When using DES for encryption of long messages, is it a common practice to
replace the 64-bit key once in a while? If so, how frequent?
TIA,
Yaniv.
------------------------------
From: "Yaniv Sapir" <[EMAIL PROTECTED]>
Subject: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 18:01:55 +0200
Hi all.
Just for curiosity:
>From what I've read, breaking machines scan the possible key-space until
finding the key used for encoding. Hardware for this task does it in a few
hours. Now, say I try a randomly selected key on a 64-bit ciphertext. I get
a 64-bit "decrypted text" as output. How can I tell if that was the
original plain text?
TIA,
Yaniv.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 16:11:51 GMT
Yaniv Sapir wrote:
> From what I've read, breaking machines scan the possible key-space until
> finding the key used for encoding. Hardware for this task does it in a few
> hours. Now, say I try a randomly selected key on a 64-bit ciphertext. I get
> a 64-bit "decrypted text" as output. How can I tell if that was the
> original plain text?
you have to check if the plain text you get makes sense.
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^---PGP 2.6.3ia-multi03 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: Estimation of the keygen time
Date: Wed, 28 Mar 2001 11:16:59 -0500
> >The cards I've been using can do it in under a minute, and I doubt
> >those are the fastest. 8 minutes is ridiculous.
>
> Are you sure the keygen is being done on the card? I've seen a few cards
which
> do the keygen in software on the host and then load the resulting key into
the
> card. Are you actually sending raw generate-a-key APDU's directly to the
card
> and seeing the result come back a minute later? If any smart card manages
to
> do a keygen in less than 30s I'd say it's faking it on the host rather than
> using the card.
I'm using the vendor-supplied CSP and can't be completely sure what
it's doing. But yes, it typically takes 30-60 seconds. Doing it on
the workstation takes under a second. The keygen time on the card is
about what I'd expect based on the signing speed of the card.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Can Rubin or some one share with me the method how to estimate the
keygen time based on signing speed?
Thanks.
Lu
--
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 17:21:22 +0100
Have a quick look at the *excellent* paper on this topic by David Wagner and
Steve Bellovin: http://www.research.att.com/~smb/papers/recog.pdf
--
Regards,
Sam
http://www.scramdisk.clara.net/
Yaniv Sapir <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi all.
>
> Just for curiosity:
>
> From what I've read, breaking machines scan the possible key-space until
> finding the key used for encoding. Hardware for this task does it in a few
> hours. Now, say I try a randomly selected key on a 64-bit ciphertext. I
get
> a 64-bit "decrypted text" as output. How can I tell if that was the
> original plain text?
>
> TIA,
> Yaniv.
>
>
>
------------------------------
From: Chenghuai Lu <[EMAIL PROTECTED]>
Subject: Strong primes
Date: Wed, 28 Mar 2001 11:21:02 -0500
How much better will strong primes (p1 = k * p + 1) be vesus ordinary
primes?
--
-Chenghuai Lu ([EMAIL PROTECTED])
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: Newbie wants to shuffle...
Date: Wed, 28 Mar 2001 18:28:02 +0200
"Frog2000" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> --
> http://welcome.to/speechsystemsfortheblind
>
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > "Henrick Hellström" wrote:
> > >
> > > If you start with a random (large) integer N in the range [0..n!), you
> could
> > > use the following algorithm that will bijectively assign a distinct
> > > permutation to each possible value of N:
> > >
> > > for i := 1 to n do S[i] := i;
> > > for i := n downto 2 do begin
> > > j := (N mod i) + 1; (* Large integer arithmetics *)
> > > N := N div i; (* Large integer arithmetics *)
> > > x := S[i];
> > > S[i] := S[j];
> > > S[j] := x;
> > > end;
> >
> > Is that to be found somewhere in the literature? Thanks.
>
> I don't think that will work.
But it does work, and it is easy to prove that it does.
> This program will. Pay attention to the
> permute proc.
Your program is deterministic. The contents of the output file are
determined by the size parameter only. Furthermore your program executes in
polynomial (quadratic) time for no intelligble reason whatsoever. Knuth's
algorithm executes in linear time.
--
Henrick Hellström [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
Subject: Re: public key problem
From: [EMAIL PROTECTED] (Mark Currie)
Date: 28 Mar 2001 16:32:53 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
<snip>
>In El Gamal, a key is created by the Diffie-Hellman method, and then
>it is used for a specific encryption operation; both parties share the
>same key, so no one is enabled to read something he is unable to
>write, the essential condition for signatures. Elaborate methods have
>been used, though, to allow signature methods based on El Gamal, IIRC.
>
This may be a bit picky, but I would have thought that the essential condition
for signatures was more like: Everyone can read it, but only one person can
write it ? Perhaps my interpretation of what you meant is wrong though :-)
Mark
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 18:52:41 +0200
Yaniv Sapir wrote:
>
> This doesn't sound as the case here. When having zillions of possible keys,
> how can one check the "sensibility" of the decrypted text? And how can it be
> done by hardware?
>
> <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > you have to check if the plain text you get makes sense.
Usually you've got a plaintext-ciphertext pair and encrypt key after
key until they match.
Greetings!
Volker
--
They laughed at Galileo. They laughed at Copernicus. They laughed at
Columbus. But remember, they also laughed at Bozo the Clown.
------------------------------
From: "Yaniv Sapir" <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 18:20:41 +0200
This doesn't sound as the case here. When having zillions of possible keys,
how can one check the "sensibility" of the decrypted text? And how can it be
done by hardware?
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Yaniv Sapir wrote:
> > From what I've read, breaking machines scan the possible key-space until
> > finding the key used for encoding. Hardware for this task does it in a
few
> > hours. Now, say I try a randomly selected key on a 64-bit ciphertext. I
get
> > a 64-bit "decrypted text" as output. How can I tell if that was the
> > original plain text?
>
> you have to check if the plain text you get makes sense.
>
------------------------------
From: "Simon Hunt" <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 17:39:52 +0100
many ways, for instance does the result have a dominance of ASCII chars, do
a char freq analysis and see if you get a typical english distribution..
look for sequences like " and "...
unlike a one-time-pad cipher, you cant get unlimited "sensible" plain texts
from decrypting with different DES keys as the key is (typically) shorter
than the data...
Simon.
"Yaniv Sapir" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> This doesn't sound as the case here. When having zillions of possible
keys,
> how can one check the "sensibility" of the decrypted text? And how can it
be
> done by hardware?
>
>
> <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Yaniv Sapir wrote:
> > > From what I've read, breaking machines scan the possible key-space
until
> > > finding the key used for encoding. Hardware for this task does it in a
> few
> > > hours. Now, say I try a randomly selected key on a 64-bit ciphertext.
I
> get
> > > a 64-bit "decrypted text" as output. How can I tell if that was the
> > > original plain text?
> >
> > you have to check if the plain text you get makes sense.
> >
>
>
>
------------------------------
From: "Michel Fortin" <[EMAIL PROTECTED]>
Subject: Secret key from hashing functions
Date: Wed, 28 Mar 2001 16:44:10 GMT
First-time post, so be gentle! ;-)
I've been lurking for some time hoping to see this question addressed with
no luck. So here it is!
I'm creating an interface to a Rijndael source code taking from the net. I
want to offer the possibility to generate a key from a pass phrase. I use
Haval to hash the passphrase into a fixed length key. I chose Haval for its
flexibility to hash into all three supported AES key length.
Knowing that a hashed key of 128 bits, for instance, offers no more than 64
bits of security against a collision attack; is it a secure way to produce a
key? If not, should I use SHA-256? If so, which 128 bits part of the
resulting hash should I use?
After hours spent learning the encryption basics from several sources
(including Counterpane, NIST, HAC and the very good Savard's cryptographic
compendium), my conclusion is that the collision attack is of relevance only
in message digest. Am I right?
Am I missing something?
I tried dozens of different search expression in Google to find an answer to
this question before resolving to bother you all with this.
Thank you in advance.
(By the way, I do offer an alternative way to produce a key with a random
generator using TickCount, memory used, page faults, thread informations,
cache informations, CPU usage, ... and by hashing the resulting
pseudo-random array of numbers.)
------------------------------
From: "Mark G Wolf" <[EMAIL PROTECTED]>
Subject: Re: Breaking a DES encrypted code.
Date: Wed, 28 Mar 2001 10:55:47 -0600
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:I9ow6.963$[EMAIL PROTECTED]...
> Have a quick look at the *excellent* paper on this topic by David Wagner
and
> Steve Bellovin: http://www.research.att.com/~smb/papers/recog.pdf
Your right, it's a very good paper. I haven't read all the way through, but
I notice that most of these decryption methods assume that the message is in
some sort of machine readable form like ASCII. What's to prevent me from
writing a message on a piece of paper and then scrambling the image? What
then?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
