Cryptography-Digest Digest #492, Volume #14 Fri, 1 Jun 01 19:13:01 EDT
Contents:
Re: Is RSA suitable for DSA? (Sean Furey)
Re: Uniciyt distance and compression for AES (SCOTT19U.ZIP_GUY)
Re: Visit "Frog's" Place ("Joseph Ashwood")
Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM ("Joseph
Ashwood")
Re: Visit "Frog's" Place ("Tom St Denis")
Re: crypt education (Mok-Kong Shen)
Re: Medical data confidentiality on network comms (wtshaw)
Re: Visit "Frog's" Place ("Joseph Ashwood")
Re: And the FBI, too (Re: National Security Nightmare?) (David Schwartz)
test ("fffff")
Re: Medical data confidentiality on network comms (wtshaw)
Re: National Security Nightmare? (wtshaw)
Re: Is RSA suitable for DSA? ("Uros Podlogar")
Re: Medical data confidentiality on network comms (Barry Margolin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Sean Furey)
Subject: Re: Is RSA suitable for DSA?
Date: Fri, 1 Jun 2001 18:32:01 +0100
Hi Jeffrey!
>Why do you want to encrypt the registration code? Will the
>encrypted registration code be sent to an 'authentication
>server' or such? Or are you attempting to hide an 'unlock'
>key in your software?
I think that his real intention would be to sign, for example, the
15-20 bytes of registration information with a private RSA key to
produce an unlock code. The complementing public key would then be
used by the software to verify that the unlock code has been produced
by the real author for specific registration code. Unless the
crackers were capable of cracking RSA, they could not produce a valid
unlock code. They could, however, still modify the program so that an
unlock code is not needed, or change the public key so that a
different private key could be used to sign it.
There is a problem that the length of the unlock code that this will
produce may be impratical for the user to type in. This could be
solved by instead of the user typing in the unlock code, an unlock
file could be sent to them to put in the program directory.
>If the later, the reverse engineers are very resourceful.
>Eventually, you will have to compare registration codes,
>which will betray you.
It won't be compared if it is verifying a signature.
>I don't see the application of the DSA. How do you intend
>to use it?
Newbie here! I don't know what DSA is so I can't suggest what it is
going to be used for :)
--
Sean Furey, a happy and satisfied Debian user.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Uniciyt distance and compression for AES
Date: 1 Jun 2001 20:14:02 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> I agree with the above sort of. If you have a cipher text
>> ideally according to Shannon you would want every possible key
>> to decrypt decompression to unique plain text. This implies
>> bijective compression. Yet the so called experts seem to stuipd
>> to notice this fact.
>
>I don't think they're "too stupid"; rather, they haven't been
>convinced that it matters enough to bother with in typical
>applications of cryptography. Why spend one's precious time
>working on improvements in an area where improvements don't
>seem to be needed? If you can demonstrate that typical block
But you always hear the crap from phony crypto gods that
every detail counts and one should even look at minor things.
But when push comes to shove they ignore the obvious errors
and then say improvements are'nt needed. Well to be honest they
can't have it both ways. They know it helps but pretend
otherwise.
>cipher systems in ordinary use are *in practice* vulnerable
>to attacks that bijective compression would prevent, then
>people would sit up and take notice. So far, the
>vulnerability has seemed too speculative to excite anybody.
>
I think showing that in mnay cases there is only one key that
works verious a whole series of possible keys is enough to show
that compression when done should be bijective. I suspect they
don't honestly want people to use good safe crypto systemns.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Visit "Frog's" Place
Date: Fri, 1 Jun 2001 13:47:20 -0700
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message news:2qSR6.3630
> "Frog20000" <[EMAIL PROTECTED]> wrote in message
> > http://welcome.to/speech.....
> And the reason you posted this link is [________________________________]?
Because he's under the delusion that he has created a cipher worth posting a
link to it here repeatedly in the hopes that someone will eventually take
notice, fail to recognise that it is weak and scream it's security from the
highest mountain.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: HELP WITH RSA ENCRYPTION/DECRYPTION INCLUDING GARNER CRT ALGORITHM
Date: Fri, 1 Jun 2001 13:50:43 -0700
"Sam" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> May be I am missing something or taking a wrong approach.
> Plaintext 'm' to be encrypted : m= ABCD12345
> * convert chars in 'm' to a byte array with ascii values of the chars in
the plaintext :
> inputStr = [065 066 067 068 049 050 051 052 053]
This is your major error. With only 256 values mapped this way it will be
easily broken, what you need to do is treat it as one large interger, in
this case
(((((((65*256+66)*256+67)*256+68)*256+49)*256+50)*256+51)*256+52)*256+53) is
the number you are encrypting
> encryption ciphertext c = m^e mod n
> where e =17, and
> n (size 128 bits) = 6046170136765889030898194598439285615959676341407
> 706802785814020971880444301565865453074093712886848712738737272
> 50749538931794090167705319066304181984583
I won't even go into what the ciphertext is, it's a large number on the
order of the same size as n.
> m1 = c.modPow(dP,p);
> m2 = c.modPow(dQ,q);
> Then I will get two different byte arrays
> then how do I proceed to get m
> BigInteger qInv = q.modInverse(p);
> h = m1.subtract(m2);
> h = h.multiply(qInv);
> h = h.mod(p);
> m = m2.add(q.multiply(h));
> Will I get to right answer, will I get real impimprovement in efficiency
using Garner algorithm. does somebody have some comparision results.
> messege may be much bigger than ABCD12345
> can somebody give me some example
Honestly since you don't seem to have much in the way of experience with
algorithms, I would suggest using simply M = C^d mod N. If you are doing
only a few of these then the difference in speed won't be entirely
noticable. If you're trying to make this secure you need to read up on OAEP.
Joe
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Visit "Frog's" Place
Date: Fri, 01 Jun 2001 21:51:41 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:uxp9qyt6AHA.261@cpmsnbbsa09...
>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message news:2qSR6.3630
> > "Frog20000" <[EMAIL PROTECTED]> wrote in message
> > > http://welcome.to/speech.....
> > And the reason you posted this link is
[________________________________]?
> Because he's under the delusion that he has created a cipher worth posting
a
> link to it here repeatedly in the hopes that someone will eventually take
> notice, fail to recognise that it is weak and scream it's security from
the
> highest mountain.
> Joe
>
Ah mmm ok.
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: crypt education
Date: Sat, 02 Jun 2001 00:12:41 +0200
"Douglas A. Gwyn" wrote:
>
> We know where bin Laden is, but we have laws prohibiting assassination,
> and his host nation refuses to extradite him.
Maybe one doesn't have the very exact location. Otherwise
missiles of the type used in the war in Yogoslavia
could have been employed, I guess.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 01 Jun 2001 16:12:35 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Well, hope you never find yourself unconscious in ER where they have to
> wake you up to get that "original and revokable permissions", and they can't
> do that without checking your medical records first.
It happens all the time. Past medical records may be useful or not, may
be accurate or not. Current diagnosis depends largely on current tests.
Otherwise, if in doubt, wear an alert bracelet and/or carry a medical card
with the basics. The problem is that access is often for purposes other
than your immediate care, even to deny care for non-medical reasons.
> Otherwise (if ER surgeon
> is the "doctor involved"), I don't see how your system is different from the
> one where "people have access, but every access is reported to the patient".
You're dreaming again.
>
>
> > Data bases are only justified when individual patient identification is
> > forbidden. Otherwise, use is an invasion of privacy, no buts about it, no
> > tolerance given, and woe be to those who trangress the doctor-patient
> > relationship.
>
> Huh?
>
One common justification given for data bases is research, not
individualized care. The type of research insurance companies like
results in cherry-picking.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Visit "Frog's" Place
Date: Fri, 1 Jun 2001 15:19:42 -0700
If you don't believe me take a look at
http://www.aasp.net/~speechfb/demos.htm . The front page is nearly
impossible to read but you can find the link from there if you really try
hard, there is no source code supplied, nor even the most basic description
of the design. All responses to "Frog20000" don't seem to have any effect,
included among them the comment that it's a good thing the page is for the
blind, because the sited sure can't read it.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:N7UR6.4477$[EMAIL PROTECTED]...
>
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> news:uxp9qyt6AHA.261@cpmsnbbsa09...
> >
> > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message news:2qSR6.3630
> > > "Frog20000" <[EMAIL PROTECTED]> wrote in message
> > > > http://welcome.to/speech.....
> > > And the reason you posted this link is
> [________________________________]?
> > Because he's under the delusion that he has created a cipher worth
posting
> a
> > link to it here repeatedly in the hopes that someone will eventually
take
> > notice, fail to recognise that it is weak and scream it's security from
> the
> > highest mountain.
> > Joe
> >
>
> Ah mmm ok.
>
> Tom
>
>
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: And the FBI, too (Re: National Security Nightmare?)
Date: Fri, 01 Jun 2001 15:28:51 -0700
"SCOTT19U.ZIP_GUY" wrote:
> Well there are many NSA's how do you know its the spook one.
> Just as many may think NBA has something to do with basket ball.
> But if you from Nevada think brothels.
In my experience, NSA people aren't too keen about exposing themselves
as such outside of DoD facilities.
DS
------------------------------
From: "fffff" <[EMAIL PROTECTED]>
Subject: test
Date: Sat, 2 Jun 2001 01:50:22 +0200
test
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 01 Jun 2001 16:21:42 -0600
In article <9f6kj2$s4a$[EMAIL PROTECTED]>, "Niels Ferguson"
<[EMAIL PROTECTED]> wrote:
> It is always true that the data can be copied. That is a problem that
> cannot be resolved. There are too many people that require access
> to medical data to build a system that is totally secure.
Require? I require that medical information be denied to those
interlopers who would use it for personal gain.
> What you can
> do is build a system that will deter large-scale abuse. The access-
> tracking system is of that type. Anyone copying the data out of that
> system into their own database is obviously circumventing the
> tracking system, which by itself shows intent to abuse the data.
> After all, the only reason to copy the data is to have un-tracked
> access to it. (This assumes that the medical database is only added
> to, and no data is ever removed.)
>
Tracking seems be a concept supported by those who want to know everything
in all areas. It does not work since it is always destined to be
oppressively effective or simply ignored as a waste of time. I have
nothing agaist dedicated medical professionals having needed access, but
no one else has the right whether they claim it or not.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: National Security Nightmare?
Date: Fri, 01 Jun 2001 16:37:24 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> I use to have a history teacher that told us on each test ther would be
> a mulitply choice question. Your goal is to pick the politican that
> said it first. He gave us a hint. Hitler. Well belive it or not
> many people would miss the question on the tests. They could not
> make themselves belive Hitler said such powerful wonderful things.
> I am not comparing the Director of the NSA to Hitler but I am smart
> enough to know that it his job to say sweet comforting things. But
> that does mean it has anything to do with truth.
>
At the penality of invoking Godwin's Law in a sort of negative way,
remember that great negatives may require great planning and follow
through. It is a bad idea that if someone is competent or incompetent in
some area, he is in all. What does matter is not being blindly prejudiced
against the truth, the whole truth, and nothing but the truth.
--
Sign for the White House lawn:
WARNING! Irresponsible Parents Live Here.
------------------------------
From: "Uros Podlogar" <[EMAIL PROTECTED]>
Subject: Re: Is RSA suitable for DSA?
Date: Fri, 1 Jun 2001 13:01:22 +0200
here is how I think:
1. I would like to generate registration code that are relatively easy to
check and hard to generate.
2. Code checking algorithm should not reveal code generating algorithm.
3. The only solution that I can think of right now is RSA. Private key is
not revealed and hard to find. Public key could be inside my registration
code checking algorithm and with simple reverse engineering, private key
could not found.
The problem is if I use long public and private key, I would also get long
registration code. It is not appropriate to send registration string 500
bytes long. Because of that I would like to know if I have any other option.
Bye
Uros
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:9f7icd$df2$[EMAIL PROTECTED]...
> Uros,
>
> The method you choose seems to be sound (RSA). RSA is based
> on factorization, which is generally believed to be a hard
> problem (no P ?= NP debate, please).
>
> Why do you want to encrypt the registration code? Will the
> encrypted registration code be sent to an 'authentication
> server' or such? Or are you attempting to hide an 'unlock'
> key in your software?
>
> If the later, the reverse engineers are very resourceful.
> Eventually, you will have to compare registration codes,
> which will betray you.
>
> I don't see the application of the DSA. How do you intend
> to use it?
>
> "Uros Podlogar" <[EMAIL PROTECTED]> wrote in
> message news:PWyR6.944$[EMAIL PROTECTED]...
> | I would like to encrypt registration code. In registration
> code will be
> | basic information about registration and software that he
> or she is
> | registering. This would be usually string no longer than
> 15 or 20 bytes.
> |
> | First I thought that I could use RSA algorithm. The good
> thing is that I can
> | encrypt registration code with my private key software
> that I will be
> | registering with this code will use public key. Nobody can
> find out my
> | private key with debugging registered software and I can
> easily check
> | integrity of registration code.
> |
> | But three things are bothering me:
> |
> | 1. If I would use short keys, my code will be broken
> easily. But if I will
> | use long key and encrypt my short data, encrypted message
> will be long and
> | not usable as a registration code.
> |
> | 2. I would use same private and public key for all keys
> where message
> | contents (that I am encrypting) is easily to predict. Is
> in this case any
> | easier to break encrypted message.
> |
> | 3. In replies to my last question one mentioned that I
> should use good
> | random number generator. I would generate one public and
> one private key. I
> | will have public key inside my software and because of
> that I can not change
> | private key. Because of that I will use random generator
> only once and its
> | quality is not that important.
> |
> | If someone knows how registration codes are usually
> encrypted, please let me
> | know.
> |
> | Thank you for your help.
> |
> | Bye
> |
> | Uros
>
>
>
------------------------------
From: Barry Margolin <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Medical data confidentiality on network comms
Date: Fri, 01 Jun 2001 23:03:10 GMT
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
>In article <9f6kj2$s4a$[EMAIL PROTECTED]>, "Niels Ferguson"
><[EMAIL PROTECTED]> wrote:
>
>
>> It is always true that the data can be copied. That is a problem that
>> cannot be resolved. There are too many people that require access
>> to medical data to build a system that is totally secure.
>
>Require? I require that medical information be denied to those
>interlopers who would use it for personal gain.
What if someone who has legitimate need to access the information
(e.g. your doctor) decides to use it for personal gain? The system can't
tell *why* someone is accessing data, and it can't control what they do
with it once they have it. So a doctor could get the information while
he's treating you, which most people feel is justified, and then publish
details of your condition in a journal article. There's nothing that
technology can do to prevent that.
--
Barry Margolin, [EMAIL PROTECTED]
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
