Cryptography-Digest Digest #425, Volume #14 Thu, 24 May 01 17:13:00 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis")
Re: Questionable security measures (Cloakware!) ("Tom St Denis")
Re: Message for Alexis Machado
Re: RSA's new Factoring Challenges: $200,000 prize. (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY)
Re: Combining functions for stream ciphers (Laura)
Re: Combining functions for stream ciphers ("Tom St Denis")
Re: Protocol for authentication and key agreement... (David Wagner)
Re: ECB plus padding instead of CBC? (David Wagner)
Re: survey (Mok-Kong Shen)
Re: DES Encryption - salt? (Bill Unruh)
Re: Medical data confidentiality on network comms (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: Thu, 24 May 2001 17:57:43 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (John Savard) wrote in
> <[EMAIL PROTECTED]>:
>
> >Well, his basic premise is that the people who are listened to - the
> >people who are taken seriously - are the "crypto gods", because they
> >preach the (flawed!!!) conventional wisdom, and everyone looks up to
> >them.
>
> Maybe
>
> >
> >Maybe there are some things about the conventional wisdom that need to
> >be looked at, and some of the premises (really big keys, the algorithm
> >being somehow unknown or variable) that amateurs keep bringing
> >forwards have _some_ merit to them, even if the problems that can be
> >pointed out in their proposals from the conventional viewpoint are
> >also valid.
> >
> >Anyone with the slightest understanding of human nature, of course,
> >would know that Mr. Scott's approach is hardly the way to get anyone
> >to consider opening their minds and giving another point of view a
> >hearing.
>
> But Mr J. I already know when it comes to the written word I
> can't match there skill. So I guess I go to the other extreme.
> Maybe there are a few to stupid to understand what I write. But
> then do I care if stupid people understand or what they belive.
> I would rather have them write me off. But there will be some bright
> people who will look at what I am saying in spite of the poor words.
> The people that can understand without specail catering to flowery
> language in my view are better people in the first place. Maybe
> its 26 years working for Sam. But I noticed the guys with the ties
> where the ones most full of shit. Those that seem to know drank
> beer and wore clothes just so they would not get arrested. But
> then my career was at a unique place where at one time the job
> was to get things working. i don't think thats the case today.
> Thats also way I think time is on the Chinese side. We are not
> making much really new. It more about bullshit knowadays. If the
> chinese learn from all the stuff they bought from Bill. We may
> get the shit kicked out of us in the next war. Yes there will be
> a next war. If you know anything abuot history and I fear we will
> not be ready. Much of the reason we wont be ready is due our
> current government trying to hold everybodys hand. I will state
> again make drugs free so idoits can OD on them. Let the weak cull
> themselves.
See you have three primary problems.
1. You are trying to suade people with words when you admit you can't link
words to form coherent sentences.
2. You think people owe you something.
3. You have little to no respect for those that do listen to what you have
to say. You resort to name calling and "I did say the answer you were just
not looking" things I expect the 6 yr olds I babysit todo.
If you overcome these three problems your points may come across.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (Cloakware!)
Date: Thu, 24 May 2001 18:29:05 GMT
"Ian Stirling" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >"Mark Wooding" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >>
> >> > Leader in signature recog? They are the only ones stupid enough to
> >> > try it. It's not hard to forge a signature, especially a hand
written
> >> > one.
>
> >> It's not that easy. Note that traditional signature forgers only need
> >> to create a static forgery -- i.e., one that looks right on the
paper --
> >> whereas to fool a biometric signature analyser, you have to create a
> >> dynamic forgery -- i.e., the pressure, speed, order of the strokes have
> <snip>
> >> Then again, I don't believe in biometrics: they're not secret, and
> >> they're awkward to revoke. And you need a secure connection to a
> >> trustworthy biometric device to be able to accept its answers;
otherwise
> >> you can just replay a previous conversation.
>
> >All good points. Too bad you can't apply any of them to
> >Cloakware/Signature.
>
> They do, if you are using a palm.
> If I can get hold of someones palm for a few minutes, and take a copy,
> there are several ways I can crack your product, AIUI.
It is not (and never was) "my product". I don't speak for Cloakware either,
I used to work there as an Intern.
> Brute-force using the signature modules output to the decoder.
> Semi-brute-force, using software that tries many different ways to sign
> a static signature sample.
> "Here's a package, sign here please" Followed by replaying the signature
> into an emulator.
> Insert either a hardware or software bug, to log signatures, and then
> either record them, or beam them using IR.
> Hardware or software that does a screen capture every few seconds when
your
> app is running.
All good points. I was mainly into actual math cracks when I got fired.
Of course inducing faults can break virtually any system not just theirs.
The big things I wanted to look into were things like how much entropy they
get from the signature (I presume they use a cipher of some sort to store
the PK keys on the device...) etc...
Tom
------------------------------
From: <>
Subject: Re: Message for Alexis Machado
Date: 24 May 2001 17:55:46 GMT
Paul Crowley <[EMAIL PROTECTED]> writes: > Alexis, I got your mail,
but your mail provider is *seriously* broken;
> the DNS for the brfree.com.br is very bad, and my attempt to send mail
> to the one administrator whose address is outside that domain bounced
> further down the line. More details on request.
>
> But I was interested in your paper and would like to respond; if you
> have another email address that's nothing to do with the broken
> brfree.com.br domain, please announce it here so I can mail you.
> Thanks.
> --
> __ Paul Crowley
> \/ o\ [EMAIL PROTECTED]
> /\__/ http://www.cluefactory.org.uk/paul/
> "Conservation of angular momentum makes the world go around" - John Clark
I WAS WONDERING HOW SOMEONE LEARNS THE ART OF ENCRYPTION/OR ENCRYPTING, OH
GOSH, HOW DOES ONE LEARN TO DESYPHER SUCH WRITINGS TO BEGIN WITH? PLEASE EMAIL ME AT
: [EMAIL PROTECTED] Thanks ! Melrose
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: sci.math,sci.math.research
Subject: Re: RSA's new Factoring Challenges: $200,000 prize.
Date: 24 May 2001 17:21:38 GMT
[EMAIL PROTECTED] (Peter Trei) wrote in
<[EMAIL PROTECTED]>:
>RSA Security, has revamped its Factoring Challenges.
>
>Prizes now start at US$10,000 (factorization of a 576 bit modulus) to
>US$200,000 (factorization of a 2048 modulus).
It would be interesting if the someone in the NSA sent the
anwser to some so they could claim the prise money. Or do
the RSA people expect to know exactly how you got the anwser.
>
>RSA and its predecessor companies have been sponsoring factorization
>challenges for many years, but until now the prize money has been
>nominal. It is hoped that the increased bounties will draw more people
>to the field, and spur new research.
>
>For details, including the challenge numbers, see:
>
>http://www.rsasecurity.com/rsalabs/challenges/factoring/index.html
>
>Peter Trei
>Cryptoengineer
>RSA Security Inc.
>[EMAIL PROTECTED]
>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 24 May 2001 19:20:16 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<BUbP6.25798$[EMAIL PROTECTED]>:
>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> Only if your using a classical OTP. In this case you choose to
>> limit
>> yourself to only 2 messages. So if the enemy knows that there are
>> normailly 1000 messages that you send. But through knowing how you
>> implimetend your OTP. He could learn that a C = 1 is going to be
>> 1 of two mesages. He could easily thtrough traffic analysis and
>> knowing it only 1 of two possible messages. Limit that set to two
>> values. Thats limiting it quite a bit.
>
>You restated the obvious like three times. "limit yourself to only 2
>messages...", "he could learn that C=1 is going to be 1 of two ..." and
>finally "Limit that set to two values, thats limiting quite a bit".
Well it was not apparent you understood that the 1 bit message
you propsed could only be 2 message. However we where orginally
talking about byte file. In which case your CTR mode would allow
for a possible single bit output file 256 messages.
To correctly use an OTP to get the max security you use
a fix size message the size of which is the lognest message you
wish to use.
>
>> Far more secure would be if the change in encryption key that
>> produced a 1 bit output. Could have been any one of the common
>> 1000 messages in your set. Why let the enemy know that he has
>> only two choices. IF you change your key every message. Your still
>> telling him that it was message 0 or message 1. The OTP would give
>> little security in the example you provide.
>
>Um a single bit plaintext can only deliver two messages. 0 or 1. If
>you are sending "Invade Normandy" obviously you are going to need more
>than a single bit (unless poor Normandy was a chosen known target and
>0/1 meant attack or not attack).
Actaully this seems to be where your brain stops functioning.
The question was security. An example was brought up about a single
byte output file. You seem to understand that CTR would allow up to
256 possible messages. That is what I am saying is an example of
it weakness from a security point of view. If you got a single
byte file from BICOM you have many thousands more possible messages
than the 256 limited from your method. Its not that complex.
>Prove us wrong in that CTR is secure. You're understanding of
>information theory seems to be very lacking. Having one plaintext map
>to many ciphertexts under the same key is not a feature desired by alot
>of systems.
First of all ther is no "US" its you and me. You don't understand
many do. Many are quite. Under a single key. Each plaintext maps
to one ciphertext not mnay.
>
>> >
>> >Besides BICOM can't be a "bijection" if one input maps to several
>> >bytes. Let's say a 1 byte file maps to 3 bytes. Now to be fully
>> >bijective you must map all 3 byte files to 1 byte. However that's
>> >not an invertable function. So basically you do 1=>3 but out of the
>> >2^24 possible 3 byte files only 2^8 of them occur.
>>
>> Again you don't understand the concept. Your example if a one byte
>> file maps to a three byte file ( with a given key). Then I say
>> unto you that when you decrypt the file with the same key that
>> 3 byte files maps back to that 1 byte file. There is no requirement
>> that all 3 byte files map to one byte files. However if your
>> alloed to seach full key space. I am sure that any 3 byte file could
>> map to a one byte file on decryption if one found the key or keys to
>> do it.
>>
>> The bijective Matt and I are talking about. Is the mapping of
>> every binary file to every binary file. No gaps. Every file is
>> encryptable with any key. And every file is decryptable with
>> every key. There is no requitement that any given length most
>> map to a given length. If there was then security would be weakened
>> as in your weak CTR mode.
>
>"your weak CTR Mode". First off I didn't propose CTR. Second why are
>you calling it weak? Just because it doesn't have a feature you want?
>CTR has a lot of benefits REAL people want.
It may have a lot of bebefits. Security higher than that of BICOM
is not one of them.
>
>I mean I have to believe you are joking because nobody is this stupid.
>Walk into a broadcasting company and say "I have this new transform that
>a single error destroys the entire stream..." They will laugh you out
>so quickly that it will be funny. Or imagine cell phones that drop
>entire conversations when a single bit is lost (actually your BICOM
>stuff is only good for files... not streams).
Yes Tom its for file encryption where one wants more
security than your proposed CTR mod.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Date: 24 May 2001 19:29:17 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<rYbP6.25831$[EMAIL PROTECTED]>:
>See you have three primary problems.
>
>1. You are trying to suade people with words when you admit you can't
>link words to form coherent sentences.
I never admited that they where not coherent. Again you are
lying. Maybe I should say no wonder you could not keep a job.
At least I kept mine for 26 years.
>2. You think people owe you something.
No but I would reather not deal with shallow people
and you are getting shallower.
>3. You have little to no respect for those that do listen to what you
>have to say. You resort to name calling and "I did say the answer you
>were just not looking" things I expect the 6 yr olds I babysit todo.
No I do have respect for those that try to learn but you
don't wish to learn anything. You seem to think you know it all
tom.
>If you overcome these three problems your points may come across.
I think if I learned to write and kissed the right BS cyrpto
god ass and spouted the current poltically correct line to snow
people about crypto then you would foolishly think I was telling
the truth.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Laura)
Subject: Re: Combining functions for stream ciphers
Date: 24 May 2001 12:52:21 -0700
Nicol So <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> Laura wrote:
> >
> > I am currently working on improving the ORYX stream cipher, but am
> > wondering how to adjust the combining function. I want to make it
> > more complex, but not slow down the encryption process too much. Does
> > anyone have any ideas? (Currently, the outputs from the LFSR's are
> > combined using modular addition).
>
> Is there a reason why you want to focus on the combining function?
I am attempting to improve the cipher's security against the divide
and conquer approach that was used to break the system. In
conjunction with a different combining function, I will also be using
less than eight output bits from each LFSR.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Combining functions for stream ciphers
Date: Thu, 24 May 2001 20:17:07 GMT
"Laura" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Nicol So <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> > Laura wrote:
> > >
> > > I am currently working on improving the ORYX stream cipher, but am
> > > wondering how to adjust the combining function. I want to make it
> > > more complex, but not slow down the encryption process too much. Does
> > > anyone have any ideas? (Currently, the outputs from the LFSR's are
> > > combined using modular addition).
> >
> > Is there a reason why you want to focus on the combining function?
>
> I am attempting to improve the cipher's security against the divide
> and conquer approach that was used to break the system. In
> conjunction with a different combining function, I will also be using
> less than eight output bits from each LFSR.
The problem with non-linear combining schemes is you lose the ability to
work with single bits. (Can't have non-linear functions of less than three
bits).
So you would have to, oh I dunno, work with "blocks" of bits. Hence, Block
Ciphers.
Of course this props up the notion of small block, time-variant block
ciphers which have features from both (small block size and the ability to
use nonlinear functions).
The simplest I can think of is doing something like
C = S[S[S[S[P] xor K1] xor K2] xor K3] xor K4
(or something to that effect) Where K_1..4 are from some LFSR and S[] is a
nonlinear sbox.
One could simplify it to
C = S[S[P] xor K1] xor K2
Where S is a GF inversion in say GF(2^8)/p(x). S is it's own inverse so the
ROM requirements are small.
Assuming we attack it by fixing P to zero we get S[K1] xor K2 which afaik
isn't too usefull since S is nonlinear. Most likely some form of
correlation attack (I am not familiar with them but I remember something
about a connection between linear and correlelation attacks.).
Tom
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Protocol for authentication and key agreement...
Date: 24 May 2001 20:30:19 GMT
Simon Johnson wrote:
>This is a protocol [..]
Why? Why not simply use TLS, say? Maybe I missed something,
but I couldn't see any obvious advantage of your new protocol
over existing ones, and I'm very skeptical of the idea of doing
protocol design when security matters.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: ECB plus padding instead of CBC?
Date: 24 May 2001 20:33:20 GMT
Julian Morrison wrote:
>Nah, packet number is a bad plan.
>- the bad guys might be able to fiddle with it, or the OS could screw up.
You might want to read the paper I posted. It is not critical
for security that the packet number (or whatever you choose for
the sequence number) be protected; all that matters is that the
receiver verify that it does not repeat. Indeed, you might want
to concatenate a 64-bit "data count" with a 32-bit "packet number"
and use that as your nonce, in some systems.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Thu, 24 May 2001 22:41:14 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I think that basically you are favouring a good well-
> > coupled combination (unification/synergy) of stream and
> > block processing techniques (in the common terminology).
>
> About the only block-like thing in general stream ciphers
> is that they have a finite amount of internal state, e.g.
> in a simple system it might be contents of a shift register.
Well, there is nothing to overcome the finiteness
barrier of the state space, I am afraid. One's computer
is a finite device, after all. On the other hand, one
could strive to obtain a sufficiently large state space
(as far as realistically/economically feasible) and let
the encryption processing dynamically effect some influence
(feedback) on the key stream generation process, thus
achieving 'variability', which could be beneficial. Do
you see better practically realizable goals/ideas that
one could attempt in this connection? Note that a common
block cipher has a key and that's all. If one has a key
stream (of arbitrary length) and uses also block
techniques, then one has in my humble view at least more
(namely one additional 'component') at hand to start with
in attempting to arrive at a good algorithm (assuming one
could do that combination well), i.e. more flexibility
and freedom in design.
M. K. Shen
========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: DES Encryption - salt?
Date: 24 May 2001 20:57:04 GMT
In <9e3oia$ujni$[EMAIL PROTECTED]> "Andreas Born" <[EMAIL PROTECTED]> writes:
]Hi,
]I need to write my own crypt-routine, and I know how the DES algorythm
]works. But I don't know how to build up the 64bit key from the user input in
]detail (use 6 bits, or 7 or 8, where is the highest bit, where the lowest,
]is the input transformed in any way ?)
]And because the routine is needed as "password encryption", what shall I do
]with the given "salt" ? I guess this is used to build the 64bit data block,
]that will be encrypted ??
This is not DES. It is an altered DES. Just go to the web and look for
things like fcrypt ufscrypt, or the crypt routine in Eric Young;s libdes
ftp://psych.psy.uq.edu.au/pub/Crypto/DES/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Thu, 24 May 2001 22:57:00 +0200
Harris Georgiou wrote:
>
[snip]
> Does anyone has experience on security details for these kinds of (medical)
> systems?
I have none. But, if I don't err, there has been much
work done in medical information systems since very long
time. I suggest that you make enquires to some large
hospitals and in particular those affiliated with academic
institutions for the practice and experiences todate.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
