Cryptography-Digest Digest #491, Volume #14 Fri, 1 Jun 01 16:13:01 EDT
Contents:
Re: Uniciyt distance and compression for AES ("Douglas A. Gwyn")
Re: A Newbie Question ([EMAIL PROTECTED])
Chinese Remainder Theorem Confusion ... Please Help ([EMAIL PROTECTED])
Re: A Newbie Question ("Robert J. Kolker")
Re: A Newbie Question ([EMAIL PROTECTED])
10th USENIX SECURITY SYMPOSIUM (Tiffany Peoples)
Re: Jacobian projective coordinates (Mike Rosing)
Re: Stream Cipher combiners (David Wagner)
Re: Medical data confidentiality on network comms ("Harris Georgiou")
Re: Medical data confidentiality on network comms ("Harris Georgiou")
Re: National Security Nightmare? ("Harris Georgiou")
Re: Question about credit card number (John Hairell)
Visit "Frog's" Place (Frog20000)
Re: A Newbie Question (Mok-Kong Shen)
Re: Visit "Frog's" Place ("Tom St Denis")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Uniciyt distance and compression for AES
Date: Fri, 1 Jun 2001 16:18:55 GMT
"SCOTT19U.ZIP_GUY" wrote:
> I agree with the above sort of. If you have a cipher text
> ideally according to Shannon you would want every possible key
> to decrypt decompression to unique plain text. This implies
> bijective compression. Yet the so called experts seem to stuipd
> to notice this fact.
I don't think they're "too stupid"; rather, they haven't been
convinced that it matters enough to bother with in typical
applications of cryptography. Why spend one's precious time
working on improvements in an area where improvements don't
seem to be needed? If you can demonstrate that typical block
cipher systems in ordinary use are *in practice* vulnerable
to attacks that bijective compression would prevent, then
people would sit up and take notice. So far, the
vulnerability has seemed too speculative to excite anybody.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: A Newbie Question
Date: Fri, 01 Jun 2001 16:59:44 GMT
Robert J. Kolker <[EMAIL PROTECTED]> wrote:
: Doesn't one still have to * read * ( I mean with a pair of
: eyes and a brain) the resulting decrypts to see if they
: make sense? Isn't this time consuming? Can a computer
: program speed up this phase? What sort of computer
: program?
You can perform a coincidence test if you have a pretty good idea that
the original text is a well-known language. For each letter X, count the
number of times X occurs, then add X * (X-1) to a running total. Finally,
divide the running total by N*(N-1) where N is the total number of characters
in the text.
If the resulting value is close to 0.065 (for English text), you have a
possible hit. Your mileage may vary based on the length of the text and
the original language.
Also, if you're decrypting DES or something similar, and you know the result
is supposed to be printable ASCII text, you can probably weed out a lot of
possibilities just by filtering out results that have characters < 32 or > 127.
--
Mark Wutka
------------------------------
From: [EMAIL PROTECTED]
Subject: Chinese Remainder Theorem Confusion ... Please Help
Date: Fri, 01 Jun 2001 17:08:31 GMT
Hi All,
can someone please explain the following to me (what am I missing here)? Sorry
if the other details are sparse, but hopefully they do not matter. Note: this
is from ANSI X9.31.
Step 3: Apply the Chinese Remainder Theorem (twice) to compute:
R1 = (b^-1 mod a)b - (a^-1 mod b)a. Let ya = xp + (r1 - xp mod ab).
ya is now the first integer greater than xp such that a is a large prime factor
of ya -1 and b is a large prime factor of ya + 1.
R2 = (d^-1 mod c)d - (c^-1 mod d)c. Let yb = xp + (r1 - xp mod ab).
yb is now the first integer greater than xp such that a is a large prime factor
of yb -1 and b is a large prime factor of yb + 1.
My question is this, what does apply the CRT mean here? I have an explicit
formula for calculating all of the parameters needed. I can use modular
inverses for the mod functions and the rest is strightforward calculation.
What am I missing in this statement? What is CRT even needed for? Any ideas?
Thank you for any inputs. Wilson
------------------------------
From: "Robert J. Kolker" <[EMAIL PROTECTED]>
Subject: Re: A Newbie Question
Date: Fri, 01 Jun 2001 13:12:55 -0400
[EMAIL PROTECTED] wrote:
>
> You can perform a coincidence test if you have a pretty good idea that
> the original text is a well-known language. For each letter X, count the
> number of times X occurs, then add X * (X-1) to a running total. Finally,
> divide the running total by N*(N-1) where N is the total number of characters
> in the text.
>
> If the resulting value is close to 0.065 (for English text), you have a
> possible hit. Your mileage may vary based on the length of the text and
> the original language.
Could this approach be thwarted by compression of the plaintext
prior to encryption?
Bob Kolker
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: A Newbie Question
Date: Fri, 01 Jun 2001 17:25:16 GMT
Robert J. Kolker <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] wrote:
:>
:> You can perform a coincidence test if you have a pretty good idea that
:> the original text is a well-known language. For each letter X, count the
:> number of times X occurs, then add X * (X-1) to a running total. Finally,
:> divide the running total by N*(N-1) where N is the total number of characters
:> in the text.
:>
:> If the resulting value is close to 0.065 (for English text), you have a
:> possible hit. Your mileage may vary based on the length of the text and
:> the original language.
: Could this approach be thwarted by compression of the plaintext
: prior to encryption?
Yes, but you should remember that compression isn't the same as encryption -
that is, compression doesn't use a key - it compresses and decompresses the
data the same way every time. If you know the compression algorithm (and you
usually assume that the attacker knows all the algorithms used), it's just an
extra step to decompress the data before performing the coincidence test.
--
Mark Wutka
------------------------------
From: Tiffany Peoples <[EMAIL PROTECTED]>
Subject: 10th USENIX SECURITY SYMPOSIUM
Date: Fri, 01 Jun 2001 10:38:28 -0700
10th USENIX SECURITY SYMPOSIUM
August 13-17, 2001
Washington, D.C.
http://www.usenix.org/events/sec01
===============================================================
REGISTER BY JULY 20, 2001 AND SAVE UP TO $200!
===============================================================
PRACTICAL SECURITY FOR THE REAL WORLD
KEYNOTE ADDRESS by Richard M. Smith, CTO, Privacy Foundation
"Web-Enabled Gadgets: Can We Trust Them?"
24 REFEREED PAPERS on the best new research:
Denial of Service
Math Attacks!
Key Management
Hardware
Managing Code
Firewalls/Intrusion Detection
Operating Systems
Authorization
INVITED TALKS by leaders in the field:
* Matt Blaze, AT&T Research Labs
* Mark Eckenwiler, U.S. Department of Justice
* Eric Murray, SecureDesign, LLC
* John Young, Crytome.org
* Deborah Natsios, Carome.org
* and others!
In depth, immediately useful TUTORIALS:
* Wireless IP Security and Connectivity * Network Security
* Intrusion Detection and Network Forensics * Hacking Exposed: Live!
* Cryptographic Algorithms Revealed * VPN Architecture and Implementation
=====================================================================
The 2001 10th Security Symposium is sponsored by
USENIX, the Advanced Computing Systems Association. www.usenix.org
=====================================================================
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Jacobian projective coordinates
Date: Fri, 01 Jun 2001 12:41:41 -0500
himanee wrote:
>
> Hello,
>
> In recent snapshots of openssl ecc code, in a comment, I came across the
> term 'Jacobian projective coordinates' and coversion between Jacobian
> projective coordinates and affine coordinates.
>
> I have the following *mathematics* question. At least, I would like to
> request a reference.
>
> I know about the usual projective coordinates and affine cooordinates, and
> the "usual" relationship between them, viz.
> x = X/Z,
> y = Y/Z,
> where (x, y) are affine coorninates, (X, Y, Z) are projective coordinates,
> and we have assumed that Z is not zero.
That's the only transform I've ever seen.
> I can imagine the following. A projective plane is the set of all straight
> lines through the origin in 3-space. Instead of straight lines through the
> origin, one can think of some curves through the origin in 3-space,
> (corresponding to the transformations x = X/(Z^2), y = (Y/Z^3)). Is that the
> idea behind Jacobian projective coordinates?
>
> Projective plane means affine plane + points (and lines) at infinity.
>
> Is there some kind of a 'Jacobian projective plane' or something? If so, is
> there something corresponding to the above paragraph? If not, what is the
> idea behind Jacobian projective coordinates?
>
> What is the mathematical significance of the transformations :
> x = X/(Z^2)
> y = Y/(Z^3) ?
>
> Also, can someone give me reference/s for Jacobian projective coordinates?
Let's hope somebody does!
the usual form is Y^2Z = X^3 + AXZ^2 + BZ^3 for projective. If you do the
"jacobian transform" this would be
y^2Z^-5 = x^3Z^-6 + Ax + BZ^3
or y^2Z = x^3 + AxZ^6 + BZ^9
I don't see what that does for a standard curve. Maybe it's for curves of
higher order? When you find who wrote the code, you can ask them to explain
it to the rest of us :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Stream Cipher combiners
Date: Fri, 1 Jun 2001 17:48:21 +0000 (UTC)
Nicol So wrote:
>BTW, what would be a _natural_ alternative way of
>representing the elements of GF(p)?
I don't know of any. (But still, there are cases where you
don't care about the representation at all, and just care that
it satisfies the field axioms and, e.g., has characteristic p.)
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 1 Jun 2001 13:49:18 +0300
Ο wtshaw <[EMAIL PROTECTED]> έγραψε στο μήνυμα συζήτησης:
[EMAIL PROTECTED]
> In article <9f6dto$ip5$[EMAIL PROTECTED]>, "Harris Georgiou"
> <[EMAIL PROTECTED]> wrote:
>
> Guess who should the keys. Certainly not a third party. Guess who should
> control the system. Certainly not a third party. And, as long a poor
> encryption is used, the challenge is there for breaking it. Centralized
> data bases exist make information more available to more people. Don't
> claim that it doesn't.
Why should anyone would be able to falsify your digital identity and does
not do it now with your normal (hardcopy) IDs like driving licence? Because
normally only the owner posseses it. It's not that difficult to issue some
kind of digital ID smartcard much like the ATM cards we use every day. As
long as you keep the card yourself, you won't even have to remember some
strange password of a 10-digit key. Of course this is not the solution to
all security problems, but I think it can solve the issue of personal key
management and authorized use of them (with some safety factors in case of
emergency access to medical records, say by permission of a K out of M
pre-defined relatives/persons qualified by the owner).
As for the data management, there is no need or the possibility for a
large-scale centralized DB. Data distribution in local health care networks
would work just fine and would be a great benefit too for better security
controls. Electronic bank transactions work like this with no complaints,
despite the fact that money tend to be more valuable than human life for
some people...
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 1 Jun 2001 13:55:39 +0300
Ο Coridon Henshaw <"chenshaw<RE<MOVE>"@sympatico.ca> έγραψε στο μήνυμα
συζήτησης: [EMAIL PROTECTED]
> [EMAIL PROTECTED] (wtshaw) wrote in news:jgfunj-3005012013410001@dial-245-
> 201.itexas.net:
>
> A lot of the economic problems in society stem from the fact that
decision-
> makers in business and government are in no way accountable for the
> consequences of their actions. Indeed, business leaders who make bad
> decisions are frequently rewarded. Gates is one example, but while a
> personal, terminal, consequence has its appeal, a far more fitting price
> would be to require the Microsoft Billionaires to pay back--from their
> personal fortunes--the billions of dollars worth of time (in millions of
> wasted person-hours) defrauded from the global economy by Microsoft's
> unstable products.
So true!
Would anyone propose Microsoft to develop software for ER support units?
And if plug-n-play wouldn't work quite well with the new drivers, the
unconsious patient would have been pleased to know that due to an
unrecoverrable general protection fault at address XXXX:0000FF the unit
needs to be rebooted?....
No wonder why they call them "blue screens of death"....
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 1 Jun 2001 14:03:55 +0300
Ο Sam Simpson <[EMAIL PROTECTED]> έγραψε στο μήνυμα συζήτησης:
k6JR6.6702$[EMAIL PROTECTED]
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Sam Simpson wrote:
> > > True, in the same way that the UK GCHQ equivalent of doesn't spy on UK
> > > citizens....It gets other countries security establishments to do
their
> > > dirty work.............
> >
> > I won't say it doesn't happen, but actually our regulations
> > apply to intelligence received about US citizens from foreign
> > sources as well. Really, if some citizen does pose a risk to
> > national security, there is a mechanism already, and if he
> > doesn't, why waste precious resources surveilling him?
>
> To use the only example I know of (*), Margaret Thatcher was not permitted
> to use GCHQ to monitor UK subjects, so instead she asked CSE to spy on
> several Cabinet Ministers in London.
>
> If MP's aren't even safe from this kind of snooping, then I have grave
> doubts about the rights of normal citizens being upheld!
Does anyone reaaly thinks that the goverment of his/hers country does not
snoop on it's citizens on some (small or large) scale. It is a legally and
technically established fact, due to "national security", for some agency to
loook out for foreign or domestic threats and prevent any damage before it
happens. It never happens with the subject's permission. We just hope we
live in democratic free countries and none has to go any further than we
would wish him to.
And don't take for fact that everyone is opposed to this idea. I mean some
people would get their personal life on national TV for money (i.e. Big
Brother junk stuff).
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: [EMAIL PROTECTED] (John Hairell)
Subject: Re: Question about credit card number
Date: Fri, 01 Jun 2001 17:48:37 GMT
On Fri, 01 Jun 2001 13:56:16 GMT, [EMAIL PROTECTED] (Roger Fleming)
wrote:
>[EMAIL PROTECTED] (Mark Borgerding) wrote:
>
>[...]
>>I imagine most web credit card systems store the number in a database
>>that is accessible to the webserver.
>>
>>Instead, wouldn't it be better to give the webserver very limited
>>capability to use the credit card. i.e. After the user has added
>>their credit card, it gets wisked away to a more secure machine than
>>the webserver. [...]
>
>It makes so much sense that, in fact, most really large corporate sites use
>exactly this method. The industry jargon is "two tier" or "three tier"
>architectures. Two tier has separate web server and database. In the three
>tier architecture, a transaction service layer further separates the webserver
>and database.
Actually, a whole bunch of commercial websites have been hacked,
including some large ones, based on the fact that the front ends used
encryption but the back ends were somewhow left open, and the CC
numbers were not stored in an encrypted form. Many of the hacks were
based on systems people not keeping their systems patches up to date,
and ignoring information about well-known attacks.
My credit card number and that of thousands of other customers was
ripped off late last year from a commercial server which had been left
open to attack, and the people who ran it continued doing their usual
silly stuff despite having been warned beforehand at least twice. The
hackers had multiple months of direct access before anything was done.
Too little, too late.
My bank got their web security certification, with their web-page
allowing access to accounts based on a four-digit PIN number and an
unlimited number of retries if you make a mistake, and with the PIN
number (letters and numbers) being assigned by them. They said that
too many digits (like 8) is too hard for their customers to remember.
I don't trust any commercial website, no matter what security policy
they have posted or what certification they have. Their back end
could be wide open, with their sysadmins sitting there fat, dumb, and
happy.
John Hairell ([EMAIL PROTECTED])
------------------------------
From: [EMAIL PROTECTED] (Frog20000)
Subject: Visit "Frog's" Place
Date: 1 Jun 2001 12:37:05 -0700
http://welcome.to/speechsystemsfortheblind
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A Newbie Question
Date: Fri, 01 Jun 2001 21:39:20 +0200
[EMAIL PROTECTED] wrote:
>
> Robert J. Kolker <[EMAIL PROTECTED]> wrote:
>
> : Could this approach be thwarted by compression of the plaintext
> : prior to encryption?
>
> Yes, but you should remember that compression isn't the same as encryption -
> that is, compression doesn't use a key - it compresses and decompresses the
> data the same way every time. If you know the compression algorithm (and you
> usually assume that the attacker knows all the algorithms used), it's just an
> extra step to decompress the data before performing the coincidence test.
Not entirely true, if I don't err. If one uses an
adaptive Huffman, for example, one could use a secret
sequence (a 'key') to prime the compression algorithm
before feeding it with the plaintext to be compressed and
the compressed result would be dependent on the secret
sequence. The question is thus whether one has such
additional secret material. If one has, then the
compression step is unknown to the opponent, i.e. he
has to overcome it in analysis. (BTW, this point appears
to have some relevance in the often recurring topic about
the so-called 'bijective compression' in my humble view.)
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Visit "Frog's" Place
Date: Fri, 01 Jun 2001 19:54:38 GMT
"Frog20000" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> http://welcome.to/speech.....
And the reason you posted this link is [________________________________]?
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
