Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #14 Tue, 5 Jun 01 20:13:01 EDT
Contents:
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
Re: One last bijection question (Berton Allen Earnshaw)
Are RS codes a type of PRF? ("Tom St Denis")
Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler)
CTR mode, BICOM, and hiding plaintext length (David Hopwood)
Re: BBS implementation (David Hopwood)
Re: Def'n of bijection (David Hopwood)
Lim-Lee vs safe primes for DH (David Hopwood)
curious about MD3 ("Tom St Denis")
Re: Def'n of bijection ([EMAIL PROTECTED])
Re: Best, Strongest Algorithm (gone from any reasonable topic)
([EMAIL PROTECTED])
Re: One last bijection question ("Douglas A. Gwyn")
Re: CTR mode, BICOM, and hiding plaintext length (SCOTT19U.ZIP_GUY)
Re: One last bijection question ("Douglas A. Gwyn")
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Jun 2001 22:32:39 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: "Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
:> :> :> Tom St Denis <[EMAIL PROTECTED]> wrote:
:> :> :> : Yes there will be equivalent keys but not enough to tell from
:> :> :> : random.
:> :> :>
:> :> :> Tell /what/ "from random".
:> :>
:> :> : Tell the plaintext. [...]
:> :>
:> :> I can very likely tell a randomly chosen plaintext from the decrypt of
:> :> an 1 byte cyphertext using CTR mode.
:> :>
:> :> Does the random plaintext have only 8 bits? If not, I can immediately
:> :> distinguish them.
:>
:> : Yes, but you are just brute forcing the key space. [...]
:>
:> Nope - just checking lengths.
: WHY DOES THE LENGTH AUTOMATICALLY GIVE YOU THE MESSAGE?
It doesn't. I never claimed it did.
:> :> Ah - you're sliding in that "for a single byte only"...
:> :>
:> :> As though we're discussing the trivial case of only 256 possible
:> :> messages...
:>
:> : Um yes that's what we were f$$$ talking about. For geez sakes stay on
:> : the same model!
:>
:> We are *not* discussing the case of 256 possible messages. Both BICOM and
:> CTR mode can encrypt *any* possible message.
:>
:> Given this wide distribution of possible messages, we are asking what
:> security is offered when encrypting a particular 8-bit message in BICOM
:> and CTR mode.
:>
:> BICOM with a 128 bit key maps it to one of 2^128 possible messages.
:> CTR mode maps it to one of 256 messages.
:>
:> The latter produces an 8-bit cyphertext with only 256 possible
:> interpretations.
:>
:> If you happened to know the message consisted entirely of space
:> characters, you could uniquely identify the message!
: C = 88 5e f7 fe c1 78 f0 6d 61 c8 bc ac 3a a1 09 ae 12 6b 4e 46 58
: What is P?
Apparently unable to produce any other coherent reply, Tom presents me
with another of his idiotic challenges again :-(
:> :> Of course it's not provably secure - unless you think only having 256
:> :> possible plaintexts out of the possible billions is something
:> :> worthwhile.
:> :>
:> :> We're trying to stop the attacker getting information about the
:> :> message.
:> :> Giving him the length of the message on a plate is a terrible start.
:>
:> : Why? Tell me how you can find K from C knowing the length?
:>
:> : Just tell me why it's a problem.
:>
:> You go round and round in circles. I've responded in some detail to both
:> these questions already.
: Well those are real questions. [...]
Which - as I have stated - I have already replied to, at least once.
--
__
|im |yler [EMAIL PROTECTED] Home page: http://alife.co.uk/tim/
--
From: Berton Allen Earnshaw <[EMAIL PROTECTED]>
Subject: Re: One last bijection question
Date: 05 Jun 2001 16:31:15 -0600
Just to clarify: the words 'bijection' and 'isomorphism' are not the
same thing. An isomorphism must also preserve the operations of the
two sets, while a bijection has no such requirement.
For example, if (A,x) and (B,X) are both groups with x being the
group-operation of A and X the group-operation of B, and if
f : A->B is an isomorphism, then f is a bijection *and* for all y,z in
A, f(y x z) = f(y) X f(z),
Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #13 Tue, 23 Jan 01 13:13:01 EST
Contents:
Re: Any cryptoanalysis available for 'polymorphic ciphers'? (Joachim Scholz)
Conway Polynomials (Andrei Heilper)
Re: Conway Polynomials (Mehdi-Laurent Akkar)
magazine cryptologia... ("Danijel Kopcinovic")
Re: Conway Polynomials (Mehdi-Laurent Akkar)
Re: Any cryptoanalysis available for 'polymorphic ciphers'? ("Jakob Jonsson")
Re: A Small Challnge ("Frog2000")
Cryptographic Windows APIs or OCX? (Armando P.)
Question: Heard of ENCIPHERMENT COMMUNICATIONS? ("Melinda Harris")
Re: Dynamic Transposition Revisited (long) ("John A. Malley")
Re: Why Microsoft's Product Activation Stinks (JCA)
Re: Conway Polynomials ("Brian Gladman")
Re: magazine cryptologia... (Mok-Kong Shen)
Re: magazine cryptologia... (Quisquater)
Re: Any good source of cryptanalysis source code (C/C++)? (Bob Silverman)
Re: secure RNG (Paul Crowley)
Producing "bit-balanced" strings efficiently for Dynamic Transposition (John Savard)
Re: Fitting Dynamic Transposition into a Binary World (John Savard)
From: Joachim Scholz <[EMAIL PROTECTED]>
Subject: Re: Any cryptoanalysis available for 'polymorphic ciphers'?
Date: 23 Jan 2001 15:21:07 +0100
Mok-Kong Shen <[EMAIL PROTECTED]> writes:
> I tried to download the pdf file (English version) several
> times but the process seemed to stuck each time.
The pdf file contains the same information (or lack of it) as the web
page.
Kind regards, Joachim Scholz
--
From: Andrei Heilper <[EMAIL PROTECTED]>
Subject: Conway Polynomials
Date: Tue, 23 Jan 2001 17:05:09 +0200
There has been a discussion about primitive and irreducible polynomials.
The finite fields in Magma are constructed using what they called
"Conway polynomials". Doeas somebody knows what is the definition of
these polynomials.
Andrei Heilper
--
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Conway Polynomials
Date: Tue, 23 Jan 2001 15:03:15 GMT
The Conway polynomial C_(p, n) is the lexicographically first monic
irreducible, primitive polynomial of degree n over GF(p) with the property
that it is consistent with all C_(p, m) for m dividing n. Consistency of
C_(p, n) and C_(p, m) for m dividing n means that for a root alpha of C_(p,
n) it holds that beta = alpha^((p^n - 1)/(p^m - 1)) is a root of C_(p, m).
Lexicographically first is with respect to the system of representatives
-((p - 1)/2), ..., - 1, 0, 1, ..., ((p - 1)/2) for the residue classes
modulo p, ordered via 0 < - 1 < 1 < - 2 < ... ((p - 1)/2) (and we only need
to compare polynomials of the same degree). To compute the Conway
polynomial C_(p, n) one needs to know all Conway polynomials C_(p, m) for m
dividing n, and as far as we know, no essentially better method is known
than enumerating and testing the primitive polynomials of degree n in
lexicographical order.
More information: www.google.com
A+ MLA
Andrei Heilper a écrit :
> There has been a discussion about primitive and irreducible polynomials.
>
> The finite fields in Magma are constructed using what they called
> "Conway polynomials". Doeas somebody knows what is the definition of
> these polynomials.
>
> Andrei Heilper
--
From: "Danijel Kopcinovic" <[EMAIL PROTECTED]>
Subject: magazine cryptologia...
Date: Tue, 23 Jan 2001 15:15:42 -0800
anyone knows where i could get some articles published in "cryptologia"
magazine?
thx!
--
From: Mehdi-Laurent Akkar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Conway Polynomials
Date: Tue, 23 Jan 2001 15:13:13 GMT
> and as far as we know, no essentially better method is known
> than enumerating and testing the primitive polynomials of degree n in
> lexicographical order.
>
Better methods seem to be known but I do not know their efficiency
see for more details
http://ei.cs.vt.edu:8090/Dienst/UI/2.0/Describe/ncstrl.vatech_cs%2fTR-98-14
A+ MLA
>
> More information: www.google.com
>
> A+ MLA
>
> Andrei Heilper a écrit :
>
> > There has been a discussion about primitive and irreducible polynomials.
> >
> > The finite fields in Magma are constructed using what they called
> > "Conway polynomials". Doeas somebody knows what is the definition of
> > these polynomials.
> >
> > Andrei Heilper
--
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: Any cryptoanalysis available for 'polymorphic ciphers'?
Date: Tue, 23 Jan 2001 16:16:45 +0100
>
Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #12 Fri, 25 Aug 00 00:13:00 EDT
Contents:
Re: PGP Vulnerability (Stephen Early)
Re: PGP Vulnerability (Ornie Kamyl)
Re: Asymmetric Encryption Algorithms (DJohn37050)
Re: blowfish problem ("Spud")
Re: blowfish problem (Kaz Kylheku)
Re: blowfish problem ("Spud")
Re: blowfish problem ("Spud")
Re: blowfish problem (Dan Pop)
Re: A few big primes? (S. T. L.)
SHA-1 test request (S. T. L.)
Re: Bytes, octets, chars, and characters ("Trevor L. Jackson, III")
need help! ("John Utkke")
Re: PGP Vulnerability ("Ed Suominen")
Re: Bytes, octets, chars, and characters ("Bruce G. Stewart")
Re: Bytes, octets, chars, and characters (Benjamin Goldberg)
Re: SHA-1 test request (Paul Rubin)
Re: blowfish problem (Kaz Kylheku)
Re: SHA-1 program (cool!) (Benjamin Goldberg)
Re: blowfish problem (Eric Smith)
From: Stephen Early <[EMAIL PROTECTED]>
Subject: Re: PGP Vulnerability
Date: 25 Aug 2000 00:11:36 GMT
In article <[EMAIL PROTECTED]>,
Cheri & Mike Jackmin <[EMAIL PROTECTED]> wrote:
>Will this alter the fingerprint of the public key?
>
>http://www.securitywatch.com/newsforward/default.asp?AID=3690
No, it will not - nor will it prevent the key owner's signature on the
public key from verifying correctly.
Steve Early
--
From: [EMAIL PROTECTED] (Ornie Kamyl)
Subject: Re: PGP Vulnerability
Date: Fri, 25 Aug 2000 00:43:24 GMT
"Cheri & Mike Jackmin" <[EMAIL PROTECTED]> wrote:
>Will this alter the fingerprint of the public key?
>
>http://www.securitywatch.com/newsforward/default.asp?AID=3690
It seems to me that this comment from Bruce Schneier implies that this new
type of attack won't change the fingerprint:
>This tampered version of the certificate will remain unnoticed by anyone
>who doesn't manually examine the bytes...
Perhaps he'll notice this thread and comment.
Here's a more direct link to his message:
http://slashdot.org/articles/00/08/24/155214.shtml
--
"Ornie Kamyl" is actually 7354 268901 <[EMAIL PROTECTED]>.
01234 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
--
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Asymmetric Encryption Algorithms
Date: 25 Aug 2000 01:27:11 GMT
DSA-2 will use larger numbers. IT should be released when SHA-2 is also.
Don Johnson
--
From: "Spud" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Thu, 24 Aug 2000 18:51:17 -0700
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Spud wrote:
> > >5.2.4.2.1 Sizes of integer types
> > Aha, ... it quite happily settles the matter.
>
> Well, that's not really where it is determined, but since you
> kept rejecting the other explanations I'm glad that one
> finally convinced you.
No, I rejected things which were _not_ explanations. That was why I kept
asking.
--
From: [EMAIL PROTECTED] (Kaz Kylheku)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Reply-To: [EMAIL PROTECTED]
Date: Fri, 25 Aug 2000 01:47:43 GMT
On 24 Aug 2000 16:52:05 -0700, Eric Smith <[EMAIL PROTECTED]>
rote:
>Is that really true? I know that the void * has to be able to
>store a value of any other pointer type.
According to C89, function pointers are excluded. I think this
has changed, but I'm too lazy to look it up.
> But is it really the case
>that a char * also has to be able to store a value of any other
>pointer type?
The types void * and char * are required to have the same representation.
--
From: "Spud" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Thu, 24 Aug 2000 19:01:58 -0700
[snips]
"Richard Heathfield" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > You know, there is a difference between "It's not clear he's wrong, so
he
> > must be right" and "See, it says he's right, right there on page three."
>
> Agreed. Nevertheless, consider the practicality of the situation. You
> have a Usenet discussion with a member of the ANSI C committee, who
> gives an interpretation of the Standard with which you disagree.
That's just it - I was _not_ disagreeing with the underlying conclusion.
You know, I know, he knows, we all know, that sizeof(char) is 1, that main
returns int, and that chars and bytes are synonymous. The question was
simply one of how do we actu
Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #11 Tue, 11 Apr 00 23:13:01 EDT
Contents:
Re: permutation polynomials (more) (Mike Rosing)
Re: Looking for crypto short course or workshop (Mike Rosing)
Re: Quantum Teleportation (Mike Rosing)
Re: strength of altered vigenere cipher? (Mok-Kong Shen)
Corellations ([EMAIL PROTECTED])
Re: Corellations (mark carroll)
Compaq invents more efficient RSA?! (Felix von Leitner)
Re: Is AES necessary? (wtshaw)
Re: are self-shredding files possible? (Frank Gifford)
Re: Q: Entropy (Bryan Olson)
Re: Encode Book? (lordcow77)
manual cypher (MCTER) (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: Q: Inverse of large, sparse boolean matrix, anyone? (Gadi Guy)
Re: DNA steganography (wtshaw)
Re: Compaq invents more efficient RSA?! (DJohn37050)
Re: Q: Petri nets (wtshaw)
Re: are self-shredding files possible? ("david hopkins")
Re: Looking for crypto short course or workshop (David A Molnar)
Re: Hash function based on permutation polynomials (Tom St Denis)
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: permutation polynomials (more)
Date: Tue, 11 Apr 2000 11:12:53 -0500
Tom St Denis wrote:
> I want the biggest order I can get, i.e p states. But I didn't think
> you could have primitive polynomials [mod composite]... am I wrong?
> Something like
>
> P(x) = 2x^2 + x, is a permutation polynomial, but is not primitive...
If you have an even x, you stay even forever. So at best this is a
1/2 maximum period.
Something else you might want to check out that would work is called
the Zech logarithm. It should give you maximum permutation period, but
I'm not sure how linear it is.
Patience, persistence, truth,
Dr. mike
--
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Looking for crypto short course or workshop
Date: Tue, 11 Apr 2000 11:32:08 -0500
Kim J.-H. wrote:
>
> I would like to want to know about crypto short course or workshop to be
> held.
> The topic may be general or specific.
> I am waiting for your guidance.
Christof Paar just posted news of a 4 day course at Worchester
Polytechnic.
He's also got a workshop in August. It's a long ways from Korea tho!
Patience, persistence, truth,
Dr. mike
--
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Quantum Teleportation
Date: Tue, 11 Apr 2000 11:47:14 -0500
Doug Goncz wrote:
>
> Can any of you here make any connections between these four topics?
>
> I hope I'm not way OT, and that this isn't too speculative. If so, might you
> direct me? I saw very little in sci.crypt.research the other day. Like three
> posts.
>
> Please feel free to go way out there. I'm interested in novel insights as well
> as anything well recognized. I can certainly look up any references at the
> university library. I'll take your suggestions that seriously, I promise. This
> is not idle chatter.
The problem is in mixing scales. What happens in a quantum experiment
doesn't
easily translate to machine scale. A quantum model of GABA (a
neuro-transmitter
molecule) would be a fantastic leap of knowledge at this point. A
quantum model
of "everyday things" is just too far off for us to imagine. Not that it
can't
be done eventually, it's just way outside our ability today.
You can call a cell a "machine". It's so complicated we don't
understand it
all yet. Once we do, building self replicating machinary won't be all
that
difficult. But I suspect there are quantum tricks happening at the
sub-molecular
level which helps things work, and you won't be able to do that on a
machine
that's too large. Some day we might be able to build "cellular
machines", but
I bet they won't compare well to living organisms.
This is kind of way OT, so if you want to have further discussion, send
me e-mail
at [EMAIL PROTECTED]
Patience, persistence, truth,
Dr. mike
--
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: strength of altered vigenere cipher?
Date: Tue, 11 Apr 2000 20:13:38 +0200
Paul Koning wrote:
>
> Mok-Kong Shen wrote:
> > The strength question has been answered by others. I just want
> > to say that, if you want to use polyalphabetic substitution,
> > then don't use Vigenere with all alphabets being shifted versions
> > of one another but use so-called independent alphabets (i.e.
> > the the characters of the alphabets are randomly ordered) and
> > long keys.
>
> That will only help a little. As soon as I get enough ciphertext,
> I can determine the period (key length) and at that point the
> problem reduces to that many simple substitution ciphers. If the
>
Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #10 Tue, 9 Nov 99 03:13:06 EST
Contents:
Re: How protect HDisk against Customs when entering Great Britain (Bill Unruh)
Re: Your Opinions on Quantum Cryptography ("Trevor Jackson, III")
Re: Lenstra on key sizes (DJohn37050)
Re: What's gpg? (Jerry Coffin)
Bracking RSA Encryption. Is it possible. ([EMAIL PROTECTED])
Re: PGP Cracked ? (Dennis Ritchie)
Re: Lenstra on key sizes (Bruce Schneier)
Re: Lenstra on key sizes (Tom St Denis)
Re: Q: Removal of bias ([EMAIL PROTECTED])
The story of a small boy --- sealed envelops --- encryption technologies (Markku J.
Saarelainen)
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: 9 Nov 1999 01:45:29 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (DigitAl56K)
writes:
>Even if you were detained without absolute proof of illegal data on
>your PC, which would be impossible to obtain you would not have to
>decrypt the data and therefore customs would be forced to hold you
>indefinately (not very likely I think!) or let you go.
Actually customs has a lot more power than that. They could simply
refuse you entry and force you to fly back to your country of origin.
You could of course try raising a stink once back in your country of
origin, but it would not be terribly effective.
Customs has much more power to make you uncomfortable than you have to
make them uncomfortable.
>can't force you to decrypt it.
You also cannot force them to let you into the UK.
>You might want to use PGPi though as US export restrictions stop you
>taking the normal PGP (which most of the world has anyway) out of the
>country.
No. US law prevents you from taking any encryption, no matter where you
got it, out of the US without a license.
--
Date: Mon, 08 Nov 1999 21:13:54 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Your Opinions on Quantum Cryptography
John Myre wrote:
> Bill Unruh wrote:
> >
> > In <[EMAIL PROTECTED]> Jeremy Nysen <[EMAIL PROTECTED]> writes:
> >
> > >Also, quantum cryptography by itself doesn't prevent a middleman attack
> > >(though it does make it very difficult). Which means it should be
> >
> > Don;t confuse quantum crypto with quantum computing.
> > Also quantum crypto is immune to the "middleman" attack.
> > That is one of its strengths.
> >
> > >possible to set up a 'relay' box in between two communicating parties
> > >that pretends to be the other. You would still need a 'relay' box for
> >
> > No, that is exactly what quantum crypto prevents. Any such middle man
> > can be detected.
>
> It is my understanding that quantum crypto makes it impossible
> (well - arbitrarily unlikely) to eavesdrop passively, but that an
> active man-in-the-middle is still possible: Alice and Bob have no
> physical way to know who they are talking to. That is, Eve is
> out of luck, but Mallory is still in business.
>
> With normal communication methods, Mallory can replicate each
> side exactly, thus behaving as Eve. With quantum crypto, I
> think Mallory can no longer do this, as the information exchanged
> is only probablistic. Mallory can pretend to be Bob while
> talking to Alice, and pretend to be Alice while talking to Bob,
> but he cannot ensure that the two connections end up with the
> same session key.
Why does he care? If he starts by empulating the correspondents to each other,
what forces him to stop? I.e., why can he not continue maintaining the charade,
keeping both sessions independent?
>
>
> So in addition to quantum crypto, you still mathematical crypto
> to authenticate who you are talking to. (Even if we use the
> secure quantum crypto channel to ask about maiden names, proper
> authentication will require careful protocol design).
>
> John M.
--
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Lenstra on key sizes
Date: 09 Nov 1999 02:14:32 GMT
The only reason I can see right now for using longer AES key sizes than 128 is
if quantum computers (or something similar) become real.
Don Johnson
--
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: What's gpg?
Date: Mon, 8 Nov 1999 19:32:44 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
> I just picked up the fact that there's a GNU version of PGP out, called
> GPG or GNUPG.
>
> I found the web page www.gnupg.org, and it make
Cryptography-Digest Digest #530
Cryptography-Digest Digest #530, Volume #9 Tue, 11 May 99 19:13:04 EDT Contents: A simple challenge for Tomstdenis ([EMAIL PROTECTED]) Re: A simple challenge for Tomstdenis ([EMAIL PROTECTED]) Re: Let me prove my claim. (Paul Koning) TwoDeck (some help please) ([EMAIL PROTECTED]) Re: TwoDeck solution (but it ain't pretty) (Jim Felling) Re: The simplest to understand and as secure as it gets. (Paul Koning) Re: public/private key authentication? (Dylan Thurston) Re: Crypto export limits ruled unconstitutional (Mok-Kong Shen) Re: Pentium3 serial number is based on who you [server/exterior] claimed to be (Roger Carbol) Re: How was this key constructed? (Jim Gillogly) Snuffle (John Kasdan) Re: A simple challenge for Tomstdenis (Jim Felling) Re: AES (John Savard) Re: Pentium3 serial number is based on who you [server/exterior] claimed (Paul Koning) Re: Thought question: why do public ciphers use only simple ops like(Bryan Olson) Re: The simplest to understand and as secure as it gets. (David Hamilton) Re: Time stamping (complete) (David A Molnar) Re: Crypto export limits ruled unconstitutional (wtshaw) Re: How was this key constructed? (Paul Koning) Re: BEST ADAPTIVE HUFFMAN COMPRESSION FOR CRYPTO ([EMAIL PROTECTED]) Re: Bricklaying DES (David Wagner) From: [EMAIL PROTECTED] Subject: A simple challenge for Tomstdenis Date: Tue, 11 May 1999 20:32:33 GMT Apply either linear or differential cryptanalysis to this algorithm, oh person who uses these terms so frequently to other people: All quantities are 32-bit, unsigned. + is addition mod 2^32, ^ is XOR It's a 8-round feistel network where f(a,b) is (a+b)^(a*b) The round key for round "i" is: RK_i = (K[0] + i*0x12345678) + (K[1] + i*0x87654321) --== Sent via Deja.com http://www.deja.com/ ==-- ---Share what you know. Learn what you don't.--- -- From: [EMAIL PROTECTED] Subject: Re: A simple challenge for Tomstdenis Date: Tue, 11 May 1999 20:47:53 GMT > person who uses these terms so frequently to other people: > All quantities are 32-bit, unsigned. + is addition mod 2^32, ^ is XOR > > It's a 8-round feistel network where f(a,b) is > (a+b)^(a*b) > > The round key for round "i" is: > RK_i = (K[0] + i*0x12345678) + (K[1] + i*0x87654321) Well first that is not a feistel cipher. Second you can completely remove the constant i and it's multiplier. This leaves K[0] + K[1], from which you can poke and prod at. I have never actually done analysis but with a chosen plaintext attack you can most likely find the key. The differential attack would be finding the differences from 'k[0] + k[1]' and the plaintext. So the cipher is for r = 1 to rounds a = (a + b) ^ (a * b) (a,b) = (b,a) But that's not possible!!! That's not a cipher!!! Is that enough for five minutes? Tom -- PGP public keys. SPARE key is for daily work, WORK key is for published work. The spare is at 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at 'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first! --== Sent via Deja.com http://www.deja.com/ ==-- ---Share what you know. Learn what you don't.--- -- From: Paul Koning <[EMAIL PROTECTED]> Crossposted-To: alt.privacy Subject: Re: Let me prove my claim. Date: Tue, 11 May 1999 12:24:29 -0400 Anthony Stephen Szopa wrote: > > Let me prove my claim. > > At http://www.ciphile.com you can download the entire Help Files from > the Original Absolute Privacy - Level3 Version 4.0 encryption software > package. Reading Help Files # 1 - Theory, #2 - Processes 1, & #3 - > Processes 2 should be enough to convince anyone that this encryption > software is the simplest, the easiest to understand, and as good as it > gets. Thank you. Ok, I looked. I also read the Snake Oil FAQ. So exactly why are you claiming it doesn't apply to what you created? paul -- From: [EMAIL PROTECTED] Subject: TwoDeck (some help please) Date: Tue, 11 May 1999 21:00:01 GMT I have analyzed the algorithm a bit (sieving modes), and I think they can be extended a bit. Maybe even faster then a brute force search. I would like help cleaning up the paper, and the attacks. I am updating the paper at school tommorow to include what I have done so far. Anyone with a little time to spare, maybe even to correct grammar, I would appreciate the help!!! I want to clean it up and make it more visually pleasing, as well as more actual facts and proofs.. Thanks for your time, Tom -- PGP public keys. SPARE key is for daily work, WORK key is for published work. The spare is at 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is
