Cryptography-Digest Digest #592, Volume #14 Tue, 12 Jun 01 02:13:00 EDT
Contents:
Re: Humor, "I Must be a Threat to National Security" ("David G. Boney")
Re: Best, Strongest Algorithm (gone from any reasonable topic) - (Dennis Ritchie)
Re: Simple C crypto (Samuel Paik)
Re: Humor, "I Must be a Threat to National Security" (SCOTT19U.ZIP_GUY)
Re: Humor, "I Must be a Threat to National Security" (SCOTT19U.ZIP_GUY)
Re: Some questions on GSM and 3G (Gregory G Rose)
Re: Anyone Heard of "Churning" (Gregory G Rose)
Problem in Twofish (Saurabh Pal)
Publication violation notice (Paul Rubin)
Re: Humor, "I Must be a Threat to National Security" (Miguel Cruz)
Re: 3 trip encryption Exchange ("Neil Couture")
----------------------------------------------------------------------------
From: "David G. Boney" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: Mon, 11 Jun 2001 23:15:36 -0400
>"David G. Boney" <[EMAIL PROTECTED]> wrote in message
news:E4HT6.3857$[EMAIL PROTECTED]...
>My frustrations with trying to find a job in government service are
summarized in an essay I have posted that >is titled, "I Must be a Threat to
National Security". I have also placed my rejection letters from the CIA and
>NSA on-line.
>
>http://www.seas.gwu.edu/~dboney/security.html
>
>If anyone knows of any computer or network security engineer positions
open, developer or administrator, in >the Washington, DC area, that are
commercial, non-government, non-government contractor, and don't require >a
clearance, please drop me a line. You can surf my home page to get a picture
of my qualifications. Resume >available upon request.
>
>
>--
>Sincerely,
>David G. Boney
>mailto:[EMAIL PROTECTED]
>http://www.seas.gwu.edu/~dboney
Thank you for your comments. I kno writiN or spiliN is Hard for proGamrs
;-). I actually did do a number of additional editorial passes to try to
better the essay.
I thought maybe some of the readers of this group would like to see the
rejection letters from the organizations that I posted. That was the
humorous part for those who need an explanation.
For those of you who could only critique my writing and grammar, I presume
it is because you already work in the Intelligence Community or DOD, and
could not comment on the rest. The tone, attitude, what was commented on,
and more importantly what was not commented on, seem to lead the reader to
believe that the writers were in service to the government. Some of the
writings came across as deliberate disinformation. I am not a regular reader
of the news groups, but it might also be the case, so I am told, that some
individual always write with certain styles of passion.
I have temporarily removed my essay and rejection letters because of recent
developments concerning job opportunities. I suppose this isn't the sort of
information one shares with a potential employer ;-). I will probably repost
them later this summer.
I am also working on an essay on the NSA interview process, circa 1997. It
is a two day process and pretty involved. After my interview there, I made a
FOIA request for my personnel records from the interview. Two and a half
years later they arrived. Some of the documents are interesting to read. I
have my polygraph results (I passed, I was glad to know I was not a spy ;-)
and my psych results (surprisingly, the psychologist thought I was within
the acceptable range). Despite these positive results, other issues lead to
me being declined for employment (and I don't think I want to share them
with everyone on the Internet :-).
The CIA interview was far less interesting. A one hour interview at a hotel
in Northern Virginia. I presume it was just a preliminary screening. They
had a conference room rented with a little sign on the wall that said U.S.
Government. I thought that was funny for some reason. I was not particularly
drawn by the interviewer's approach. The position was in the Directorate of
Science and Technology. The interviewer keep mentioning that they make cool
stuff. I think the word cool was used about two dozen times to describe the
position. Since it has been a long time since I concerned myself with being
"cool", this technique did not appeal to me. Perhaps it works with the
recent collage graduates they interview. They also gave away CIA junk at the
end of the interview. You could select from CIA lapel pins, CIA coffee mugs,
black wrap around sunglasses, and other stuff.
Anyway, I will post some essays on the subjects later this summer.
Sincerely,
David G. Boney
mailto:[EMAIL PROTECTED]
http://www.seas.gwu.edu/~dboney
------------------------------
From: Dennis Ritchie <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) -
Date: Tue, 12 Jun 2001 03:31:17 +0000
Tim Tyler wrote:
...
>
> It appears that Shannon's work didn't address the case of finite
> strings being encrypted with an OTP.
>
> His reference to an OTP was in the context of infinite messages.
On the contrary, it's hard to find anything in the Secrecy Systems
paper referring to infinite messages. What happens when the
cryptanalist gets larger and larger amounts of encrypted text, yes.
But:
"Perfect secrecy" is defined by requiring of a system that
after a cryptogram is intercepted by the enemy the a posteriori
probabilities of this cryptogram representing various
messages be identically the same as the a priori probabilities
if the same messages before the interception. It is shown that
perfect secrecy is possible, but requires, if the number of
messages is finite, the same number of possible keys. If
the message is thought of as being constantly generated at
a 'rate' R (to be defined later), key must be generated
at the same or greater rate."
Later,
"Section 10. Perfect Secrecy
Let us suppose the possible messages are finite in number
M1, ..., Mn and that these are enciphered into the possible
cryptgrams E1, ... En by
E = TiM
...."
[Ti is the transformation performed on the i-th message]
It is of course true that the paper does not take great account of enemy
observation of message length and whether this supplies much
information; as others have remarked, this is the realm of traffic
analysis, and it can be very important. If you are under close
observation by an enemy, the mere existence of an encrypted communication
from you could, in some circumstances, be significant.
Dennis
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: Simple C crypto
Date: Tue, 12 Jun 2001 03:31:39 GMT
Dirk Bruere wrote:
> It may do, but I thought I'd have a look around first.
> Why do I feel like a guy in a Rolls Royce showroom trying to buy a Skoda?
Actually, you are a guy in a nursury (the plant kind) looking to buy ripe
tomatoes for spaghetti sauce.
If you're merely trying to obscure the text, and have no need to detect
tampering, nor prevent anyone armed with something stronger than Notepad
from reading the text, xor-ing by a repeated constant is probably
sufficient. TEA with CBC or in counter mode is less than 10 lines of C
and will probably prevent anyone who doesn't disassemble your software from
reading your text.
--
Samuel S. Paik | [EMAIL PROTECTED]
3D and digital media, architecture and implementation
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: 12 Jun 2001 03:39:10 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote in
<[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] (David G. Boney) wrote in
><E4HT6.3857$[EMAIL PROTECTED]>:
>
>>My frustrations with trying to find a job in government service are
>>summarized in an essay I have posted that is titled, "I Must be a Threat
>>to National Security". I have also placed my rejection letters from the
>>CIA and NSA on-line.
>>
>>http://www.seas.gwu.edu/~dboney/security.html
>>
>
> I tried to go to URL you listed above. All I got was a
>404 error. Are you sure its correct?
>
>
>David A. Scott
However the URL without the security.html is there
and you seem to be interesting. Maybe you pisseed Dorthy
off. I don't see why you where not hired but it may mean
your to honest or you may not have matched the religion
of the ones who you interviewed with. Its possible they
had a quota for women at the time you applied.
But where are your rejection letters. And where is you
post "I Must be a Threat to ... " I could not find them
at your home page.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
Date: 12 Jun 2001 03:25:50 GMT
[EMAIL PROTECTED] (David G. Boney) wrote in
<E4HT6.3857$[EMAIL PROTECTED]>:
>My frustrations with trying to find a job in government service are
>summarized in an essay I have posted that is titled, "I Must be a Threat
>to National Security". I have also placed my rejection letters from the
>CIA and NSA on-line.
>
>http://www.seas.gwu.edu/~dboney/security.html
>
I tried to go to URL you listed above. All I got was a
404 error. Are you sure its correct?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Crossposted-To: alt.privacy
Subject: Re: Some questions on GSM and 3G
Date: 11 Jun 2001 21:38:23 -0700
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
<
<
<Gregory G Rose wrote:
<>
<[snip]
<> There is, indeed, a COMP-128-2, but that still
<> belongs to the GSM Association, and I know
<> nothing about it. This should be looked at as a
<> "fix" for existing GSM rather than an evolution,
<> although operators have always been able to use
<> their own algorithms rather than COMP-128 anyway.
<> There is a corresponding set of algorithms called
<> Milenage (the name appears to be a Francophone
<> in-joke, I don't know what it means) that are
<> based on Rijndael, to be used for UMTS and GERAN.
<> Again, that specification is available off the
<> above URL.
<
<Does this imply that there would be a free choice
<between Kasumi and AES? Thanks.
No, it doesn't imply that, at least not yet. f8
and f9 (the encryption and MAC functions
respectively) that are taking the place of A5,
have only one defined algorithm, namely Kasumi.
Rijndael is only used in the *recommended*
authentication and key generation functions
collectively named Milenage, which take the place
of A3/A8 (for which the recommended algorithm was
COMP128). Hope that's a bit clearer.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: Anyone Heard of "Churning"
Date: 11 Jun 2001 21:50:15 -0700
In article <[EMAIL PROTECTED]>,
Stephen Thomas <[EMAIL PROTECTED]> wrote:
<[This didn't get a response in sci.crypt.research, so I thought I'd try here.]
I did a follow-up but it hasn't been approved yet.
Tsk, tsk, moderators... (of whom I am one).
My approximate reply is below.
<
<Apparently, ATM Passive Optical Networks (APONs) have standardized on
<an "encryption" algorithm refered to as "churning." Does anyone know
<anything about this? Especially details on the algorithm. (FWIW, PONs
<are shared media networks like cable modems.)
<
<The only references I can find are:
<
< APON uses a 24-bit key churning mechanism
24 bit keys are worthless.
< Churning is a memoryless transformation of one byte to a
< different byte
If "memoryless" means what I think it does, this
is even more worthless.
< While some dissenters voice doubts about whether churning keys
< and existing encryption constitute adequate security measures,
< Comcast Business Communications, one of the few real-world adopters
< of PON, has put it through the wringer and has no fears pertaining
< to PON's shared-medium nature. "We've spent some time in the
< lab trying to intercept messages not intended for a particular IOT
< [Intelligent Optical Terminal, analogous to an ONU], but we've
< been incapable of breaking anything" says Steve Linskey, vice
< president of technology and planning at the Competitive Local
< Exchange Carrier (CLEC).
This doesn't particularly enhance my confidence.
"Rivals a Welsh Claret" comes to mind.
I did look at the other web page you mentioned,
and I had the impression that this mechanism was
an alternative to AES, but it wasn't clear enough
to be sure of anything.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: [EMAIL PROTECTED] (Saurabh Pal)
Subject: Problem in Twofish
Date: Tue, 12 Jun 2001 04:54:01 +0000 (UTC)
This is a multi-part message in MIME format.
=======_NextPart_000_0041_01C0F32A.26806AA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Can anyone help me in on problem related to a Function in Twofish =
Encryption Algorithm ?
In the Function ' ParseHexDWord' , after getting the decimal value of=20
parsed Hex character in b, the last line in for loop is=20
d[i/b] |=3D b<<(4*((i^1)&7));=20
I am unable to understand what is happening with DWORD b in this line, =20
before writing it to array d.
=20
Thanks and waiting in anticipation.
Saurabh Pal
Allahabad, India.
=======_NextPart_000_0041_01C0F32A.26806AA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>Can anyone help me in on problem =
related to a=20
Function in Twofish Encryption Algorithm ?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>In the Function ' ParseHexDWord' , =
after getting=20
the decimal value of <BR>parsed Hex character in b, the last line in for =
loop=20
is <BR><BR>d[i/b] |=3D b<<(4*((i^1)&7)); <BR><BR>I =
am unable=20
to understand what is happening with DWORD b in this line, =
<BR>before=20
writing it to array d.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks and waiting in =
anticipation.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D2><FONT face=3DArial>Saurabh Pal</FONT></FONT></DIV>
<DIV><FONT size=3D2><FONT face=3DArial>Allahabad,=20
India.<BR></FONT></DIV></FONT></FONT></DIV></BODY></HTML>
=======_NextPart_000_0041_01C0F32A.26806AA0==
--
Posted from [164.164.89.51]
via Mailgate.ORG Server - http://www.Mailgate.ORG
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Publication violation notice
Date: 11 Jun 2001 22:03:35 -0700
Here's a (sort of) funny scan of a form letter from a prison. Seems
someone tried to send a chess openings book to a prisoner, and the
prison refused delivery because it "contained code throughout".
http://www.xs4all.nl/~timkr/chess2/prison2.JPG
------------------------------
Crossposted-To: comp.security.misc
Subject: Re: Humor, "I Must be a Threat to National Security"
From: Miguel Cruz <[EMAIL PROTECTED]>
Date: Tue, 12 Jun 2001 05:18:44 GMT
David G. Boney <[EMAIL PROTECTED]> wrote:
> For those of you who could only critique my writing and grammar, I presume
> it is because you already work in the Intelligence Community or DOD, and
> could not comment on the rest.
See, this is the kind of stuff that turns people off - this
passive-aggressive drive-by sliming. What's the point? What would you hope
to achieve?
miguel
------------------------------
From: "Neil Couture" <[EMAIL PROTECTED]>
Subject: Re: 3 trip encryption Exchange
Date: Tue, 12 Jun 2001 01:45:17 -0700
Reply-To: "Neil Couture" <[EMAIL PROTECTED]>
The algorithms presented by Tom is an implementation of this three-pass
Shamir PROTOCOL. It is named Massey-Omura cryptosystem where both party must
have agreed on the value of p- which is not a big issue. The three-pass
protocol of Shamir only requires ciphers algorithms that can be applied to a
message in either order ( encryption and decryption ).
Formaly:
A & -A and B & -B are encrypting/decrypting primitive related to a
particular algorithm ( could be private key or public key algorithm ) and M
is the message to send from a to b.
step: 3 2 1
M = -B [ -A [ B [ A [ M ] ] ] ]
( taken from John Savard site!::
http://home.ecn.ab.ca/~jsavard/crypto/pk0504.htm )::
More generally speaking we do:
-A wishes to send a message to B. So, A takes the message, and enciphers it
in cipher A, sending the result to B.
-B enciphers it in cipher B, sending it back.
-A can still decipher in cipher A, and does so, leaving behind the message
only enciphered in cipher B. This is sent back to B.
-B reads the message, since it's only enciphered in his cipher.
>
> Thanks for the reply. Is this an encryption protocol that cannot be
> cracked? If it was cracked, by whom and when
>
The security of the Massey-Omura cryptosystem is based on the Discret
Logarithms problems ( DL ). So it shall be secure for a bit... But other
implementation might suffer from a lack
of security by using improper protocol or worse by IMPROPERLY using
algorithms.
( again John Savard site, if you want an attack of this protocol using XOR
cypher
is presented )
Neil
> >
> > Ya it's Shamirs Protocol.
> >
> > 1. You send M^e.
> > 2. They send M^e^d
> > 3. You send M^e^d^(1/e)
> >
> > They compute M^e^d^(1/e)^(1/d) to get M
> >
> > (These are all mod p, where p is a large prime)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
