Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #13 Tue, 20 Feb 01 17:13:01 EST Contents: Re: Question about RSA excryption... (Taylor Francis) Re: Key expansion. ("Cristiano") Re: A different concept for email encryption ?? (Paul Rubin) Re: Anonymous web surfing? (Paul Rubin) Re: Key expansion. (Ichinin) Re: Question about RSA excryption... ("Jeff Moser") Re: New unbreakable code from Rabin? (Ichinin) Re: Question about RSA excryption... (Jerry Coffin) Re: Given any arbitrary numbers a and b. Can I ALWAYS find a (Richard Heathfield) Random number encryption (Taylor Francis) Re: Key expansion. ("Cristiano") Shall you reach to Heaven to help the work of Angels to help those who want to reach Heaven ... tell me the truth and I shall reach Heaven ... ([EMAIL PROTECTED]) Re: Is there an algorithm to sequentially enumerate all transcendental ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: New unbreakable code from Rabin? ("Trevor L. Jackson, III") Re: The Kingdom of God ("Trevor L. Jackson, III") Re: Is there an algorithm to sequentially enumerate all transcendental (Doug Kuhlman) From: Taylor Francis [EMAIL PROTECTED] Subject: Re: Question about RSA excryption... Date: Tue, 20 Feb 2001 13:13:21 -0600 Jeff Moser wrote: p = 1234567891 q = 9876543211 N = pq = 12193263122374638001 e = 65537 d = 12191402595354763373 Encrypting the message "111222" yields: 4883125278959820367 Encrypting the message "222111" yields: 9586466168913275336 how did you do that? byte by byte or digit by digit or pair by pair, how? and how did the ciphertexts turn out different? -- From: "Cristiano" [EMAIL PROTECTED] Subject: Re: Key expansion. Date: Tue, 20 Feb 2001 20:05:01 +0100 I don't think that Cristiano wanted to do anything more than encrypt messages securely (without having to keep a copy of the key bits). Yes, this is what I want to do. However, it interest me also the case in which I am the unique owner of the message. Cristiano -- From: Paul Rubin [EMAIL PROTECTED] Subject: Re: A different concept for email encryption ?? Date: 20 Feb 2001 11:21:48 -0800 Paul Crowley [EMAIL PROTECTED] writes: Under some circumstances PK-based identifiers make sense; see SPKI. If you need them to be shorter, hash them and truncate all but, say, the first 96 bits of the hash; you don't have to worry about birthday attacks against the hash function, only second preimage attacks, which are much more expensive. With MIME-style 8-into-6 encoding, 96 bits is 16 characters: [EMAIL PROTECTED] which I think is pretty practical. How do you use the hash as a public key? I missed something. -- From: Paul Rubin [EMAIL PROTECTED] Subject: Re: Anonymous web surfing? Date: 20 Feb 2001 11:24:25 -0800 Mok-Kong Shen [EMAIL PROTECTED] writes: The German news magazine Spiegel in its recent issue (19th Feb) reports that a software firm Safeweb sales a product named Triangle Boy that enables one to surf on the internet anonymously without leaving any traces. Does anyone have experience with that software or can tell the principles of its functioning? I can't yet imagine that surfing from a fixed location couldn't be recorded and analysed for finding out which sites (at least some of them) one has visited. Thanks. Triangle Boy is either still unreleased or was just released, so nobody in the general public has experience with it yet. Basically it's just an http proxy that you can run on your own computer, that rewrites url's in html that it passes through, so A can surf B's website through yours: Ayour computerB and B sees web hits coming from your computer rather than A's. Safeweb's proxy is similar to Anonymizer.com but they did a really nice job. Give it a try: www.safeweb.com. -- From: Ichinin [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Key expansion. Date: Sat, 17 Feb 2001 19:16:49 +0100 Cristiano wrote: If I want to use 192 or 256 bits how would I do? There are problems if I withdraw only 128 bits instead of 160 (I don't want to use MD5)? Hi. Unless there is an algorithm that require K to be of this size, fail to see why you need the key to be expanded into N extra bits? Think of it like this: A 32 bit key, say 0x11223344 expanded into 0x1122334455667788, (still) only require 2^32 encryptions + expansions = hardly an increase in security. (OTOH: If you needed a keystream, then i'd understand.) Regards, Glenn -- From: "Jeff Moser" [EMAIL PROTECTED] Subjec
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #12 Wed, 20 Sep 00 12:13:00 EDT Contents: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an (Mok-Kong Shen) Re: Hamming weight (Mok-Kong Shen) Re: On secret Huffman compression (Mok-Kong Shen) Re: Hardware RNGs ("ScottD") Re: Parity Checking in DES (Mok-Kong Shen) Re: Parity Checking in DES (Brian Boorman) SUN SPOT 6.51 BILLION square kilometers in size ([EMAIL PROTECTED]) Re: CDMA tracking (was Re: GSM tracking) (Craig Paul) Re: Tying Up Loose Ends - Correction (Tim Tyler) Re: Tying Up Loose Ends - Correction (Tim Tyler) Re: Hardware RNGs (Mark Carroll) Re: RC4: Tradeoff key/initialization vector size? (John Myre) Re: RSA Questions ([EMAIL PROTECTED]) Re: Known Plain Text Attack (Tim Tyler) Re: One-way encryption (Tim Tyler) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Quasi Algorithms / Quasi Functions and Polymorph Encryption [an Date: Wed, 20 Sep 2000 13:52:56 +0200 John Savard wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: Polymorphism has been known in computer science since decades, though much popularized only after C++. Already in Algol68 one can use a datatype 'union' such that at runtime one can obtain first the type and then the value of an object and with these determine what is to be computed next. Polymorphic Types have been much studied by researchers of the functional languages. I think that almost the only connection between that and the form of encryption under discussion is the use of the same word. Actually not. He uses the data (at runtime dynamically) to determine via a case-construct what the function (at a particular step) should do. In programming, a polymorphic function is one such that the code queries the type and/or the value of certain input arguments and uses that information to determine what is to be done. In this way, one has only one function name (instead of a bunch of these each for a different one) to stand for a whole class of (more or less similar) functions. That is polymorphism as the term is used in CS. If a cipher designer indends to exploit variability at some small granuality level, this programming paradigm would naturally come to his mind in implementation. (I myself once thought of letting PRNG to determine in one of my humble cipher designs whether xor or modular addition is to be done in certain steps, but I finally decided to leave that out, considering that my design already has enough variability and achieving more 'complexity' for the opponent via adding more code is not worthwhile in that case. My design is PRNG driven, i.e. everything is controlled by PRNG and there is feedback from the result of processing to the PRNG, thus there is ample variability in my viw.) So what the original poster does is nothing new at all from the standpoint of programming. His explicitly pointing out (stressing) the advantage of using polymorphism (because of increase of variability) may on the other hand be considered 'new' in the sense that he calls one's attention to polymorphism as a general technique useful in crypto design and implementation. As you pointed out, you and several others have earlier employed certain polymorphic constructs. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Hamming weight Date: Wed, 20 Sep 2000 13:53:04 +0200 kihdip wrote: Francois Grieu answered that the Hamming weight was only depending on the binary representation. The Hamming weight of 19 is thus 3 (2^4, 2^1 and 2^0). If it's applicable to other bases shouldn't 19 have a weight of 2 (1*10^1 and 9*10^0) ?? The 'basic' definition is the Hamming distance, which it the number of unequal pairs of the corresponding elements of two vectors. From that one 'derives' the definition of Hamming weight of a vecter, which is the Hamming distance between that vector and the zero vector. If by using a different base you are thinking of obtaining a different vector (the elements are no longer of 1 bit), then you could have a different Hamming weight than in the binary case. I am unaware of practical use of Hamming weight in this way, however. On the other hand, Hamming distances between vectors whole elements are arbitrary (i.e. not necessarily 1 bit) are commonplace. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: On secret Huffman compression Date: Wed, 20 Sep 2000 14:06:53 +0200 Tim Tyler wrote: IIRC, I've mentioned before the possibility of an attacker using known-plaintext at the start of the message to extract much of the Huffman tree. *If* you can get the whole tree, it seems likely that it will be possible to recover the PRNG stream - which can be used to send forged messages (in the absence of a signature scheme). While the above d
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #11 Sun, 7 May 00 13:13:00 EDT Contents: Re: SBOX program using ideas from CA and ST (CAST design) (Tim Tyler) Re: Fresco transmits my name (was: Spammed after just visiting a site) ("David J. Ruck") RSA data (Ragnarok) Re: Increasing bit Entropy (Tim Tyler) Re: Why no civilian GPS anti-spoofing? / proposal (Tony L. Svanstrom) Re: RSA data (Tom St Denis) Re: SBOX program using ideas from CA and ST (CAST design) (Tom St Denis) Re: Fresco transmits my name (Tim Tyler) Re: The Illusion of Security (Tim Tyler) Re: The Illusion of Security (Tim Tyler) hardware sboxes (Tom St Denis) Re: SBOX program using ideas from CA and ST (CAST design) (Tim Tyler) Re: Is this random? ([EMAIL PROTECTED]) Re: SV: cryptographically secure (Gisle Sælensminde) Re: Why no civilian GPS anti-spoofing? / proposal ([EMAIL PROTECTED]) Re: Increasing bit Entropy (Jim Reeds) Re: new Echelon article (Diet NSA) Re: zeroknowledge.com and freedom.net - Snake oil? (David A. Wagner) Re: zeroknowledge.com and freedom.net - Snake oil? (David A. Wagner) Re: zeroknowledge.com and freedom.net - Snake oil? (David A. Wagner) From: Tim Tyler [EMAIL PROTECTED] Subject: Re: SBOX program using ideas from CA and ST (CAST design) Reply-To: [EMAIL PROTECTED] Date: Sun, 7 May 2000 14:26:39 GMT Terry Ritter [EMAIL PROTECTED] wrote: : sci.crypt Tim Tyler [EMAIL PROTECTED] wrote: :Tom St Denis [EMAIL PROTECTED] wrote: [...] :: In my sboxgen.c (http://www.tomstdenis.com/sboxgen.c) I use a bunch of :: tables to speed up the WT code. : :Be aware that there's the Fast Walsh Transform - which is a bit like a FFT. : :Ritter describes this clearly [...] : If he's not using FWT, then apparently I have not made myself very : clear [...] I got this impression some time ago, when it was written: ''[...] my WT is coded like so: WT(F, alpha, beta) { sum = 0 for x = 0 to w sum = sum + (-1)^((alpha . x) * (beta . F[x])) return sum }'' This looks like no FWT I'm familiar with. : there's a description and algorithm in a book called "Topics in : Advanced Scientific Computation", by Richard E. Crandall. : The Crandall exposition is just a few pages (pp.167-170) and doesn't : do much for me, but I never know how others take these things. This got cited because it was the only other FWT code I had managed to lay my hands on - rather than because of any great technical merit ;-| -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ UART what UEAT. -- Crossposted-To: comp.sys.acorn.misc From: "David J. Ruck" [EMAIL PROTECTED] Subject: Re: Fresco transmits my name (was: Spammed after just visiting a site) Date: Sun, 7 May 2000 15:25:13 +0100 In article [EMAIL PROTECTED], Rev. James Cort URL:mailto:[EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED], Mark Wooding * The symmetric session keys are too short. A space of 2^{128} bits can be searched in less than a week given the sort of computing power available to the US government. IMHO, Most likely possibility. Intel admit to having some *much* faster processors operating in their labs than anything generally available. Why shouldn't the government have similar or greater levels of computing power which *aren't* known about? At any time chip manufacturors can generally produce a very small yeild of CPU's running at double or more the normal clock rate. So in the labs they have 1.5GHz Pentium III's, but this will have no impact what so-ever on key cracking. The sort of things the NSA have are hypercubes of 30,000 (possibly a lot more now) general processors for brute force cracking, and specialist super computers with ALU's optimised for certain algorithm's and mathematical functions such as factorisation. ---druck -- From: Ragnarok [EMAIL PROTECTED] Subject: RSA data Date: Sun, 07 May 2000 14:50:20 GMT I understand that any data to be RSA-encrypted/decrypted must be an integer smaller than the RSA modulus chosen. In general, however, one wants to encrypt/decrypt arbitrary strings of bits. Is there a standardized way to do the mapping from arbitrary strings of bits to integers, and back? Or is it perhaps up to each implementor to come up with one that suits their particular architecture best? -- Crossposted-To: sci.crypt.random-numbers From: Tim Tyler [EMAIL PROTECTED] Subject: Re: Increasing bit Entropy Reply-To: [EMAIL PROTECTED] Date: Sun, 7 May 2000 14:44:14 GMT In sci.crypt.random-numbers Scott Nelson [EMAIL PROTECTED] wrote: : On Sat, 06 May 2000 RavingCow [EMAIL PROTECTED] wrote: :If I have two streams of bits with a entropy of 0.5 bits / bit, how can :I combine these to increase randomness? : [...] t
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #10 Sat, 11 Dec 99 16:13:01 EST Contents: Insecure PRNG? ("Gary") Insecure PRNG? ("Gary") Re: some questions about DES (Tom St Denis) Re: Linear Congruential Generators (Mok-Kong Shen) Re: some questions about DES (Troed) Re: some questions about DES ([EMAIL PROTECTED]) Re: Linear Congruential Generators (David A Molnar) New Algorithm (Jeroen van de Erve) Re: Scott's Screaming Security Method (Loney Ramik) Re: Insecure PRNG? (Mok-Kong Shen) Re: New RNG Technique (Loney Ramik) Re: Attacks on a PKI (David A Molnar) Re: New Algorithm (Mok-Kong Shen) Brute Force Time (Maximum v Probable) (UBCHI2) Re: New Algorithm (Loney Ramik) Re: some questions about DES (Gunnar Andersson) Re: If you're in Australia, the government has the ability to modify (Darren New) Re: Linear Congruential Generators (Mok-Kong Shen) Re: some questions about DES (Jerry Coffin) Re: Questions about message digest functions (Tim Tyler) From: "Gary" [EMAIL PROTECTED] Subject: Insecure PRNG? Date: Sat, 11 Dec 1999 17:27:00 - Insecure PRNG? Linear congruential Pseudo-Random Number Generators (PRNG) of the form Xn+1=AXn+B are always stated to be insecure as the basis of a cipher bit-stream. If only the top bit is used on a PRNG of this form how do I find the constants X0,A and B., without brute force? IE Given a large cipher bit-stream produced by the following C function long NextBit(void) { static long X=X0; X=(X*A)+B; return (X31); } How do I determine constants X0,A,B collectively forming a key to the cipher stream? (The 3 constants are randomly generated but B is odd and A=1(mod 4)) More over, if two PRNGs of this form were used where the top 5 bits of the first's output are used to select the single cipher-stream bit in the second's output, how do I go about solving this? IE Given a large cipher bit-stream produced by the following C function long NextBit(void) { static long X=X0,Y=Y0; X=(X*A)+B; Y=(X*C)+D; return ((X((Y27)31))1); } How do I determine constants X0,Y0,A,B,C,D collectively forming a key to the cipher stream? (The 6 constants are randomly generated but B,D odd and A,C=1(mod 4)) G. -- From: "Gary" [EMAIL PROTECTED] Subject: Insecure PRNG? Date: Sat, 11 Dec 1999 17:29:09 - Insecure PRNG? Linear congruential Pseudo-Random Number Generators (PRNG) of the form Xn+1=AXn+B are always stated to be insecure as the basis of a cipher bit-stream. If only the top bit is used on a PRNG of this form how do I find the constants X0,A and B., without brute force? IE Given a large cipher bit-stream produced by the following C function long NextBit(void) { static long X=X0; X=(X*A)+B; return (X31); } How do I determine constants X0,A,B collectively forming a key to the cipher stream? (The 3 constants are randomly generated but B is odd and A=1(mod 4)) More over, if two PRNGs of this form were used where the top 5 bits of the first's output are used to select the single cipher-stream bit in the second's output, how do I go about solving this? IE Given a large cipher bit-stream produced by the following C function long NextBit(void) { static long X=X0,Y=Y0; X=(X*A)+B; Y=(Y*C)+D; return ((X((Y27)31))1); } How do I determine constants X0,Y0,A,B,C,D collectively forming a key to the cipher stream? (The 6 constants are randomly generated but B,D odd and A,C=1(mod 4)) G. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: some questions about DES Date: Sat, 11 Dec 1999 18:11:05 GMT In article 82tt20$q4u$[EMAIL PROTECTED], "Buchinger Reinhold" [EMAIL PROTECTED] wrote: Hi ! I write a paper about DES for my school - leaving exam and I need some further informations. Where was and is DES used ? Has DES been verified in 1998 ? If not what's its succession ? How fast and with which computer (price) can DES been broken nowadays ? If you have some references (websites, ...) for your knowledge please let me know ! I am VERY grateful for you help ! DES in it's original form is no longer used. It was originally used primarly in hardware, but has been adapted for password hashing in unix. 3DES is still in use today, primarly in software but some hardware for it is out there. It can be cracked with 12 spare computers over the inet in about 20 hours. [well DES anyways]. It was originally broken with differential cryptanaylsis using 2^51 pairs. Then linear analysis in 2^47 [or something like that, I have a paper by Biham on the Differential Cryptanalysis if you want]. That's all I know off hand. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Linear Congruential Generators Date: Sat, 11 Dec 1999 19:40:31 +0100 Gary schrie
Cryptography-Digest Digest #724
Cryptography-Digest Digest #724, Volume #9 Tue, 15 Jun 99 15:13:03 EDT Contents: Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (Nick Barron) Re: IDEA in "aplied cryptography" BRUCE SCHNEIER (Nick Barron) Re: stream ciphers ([EMAIL PROTECTED]) Re: sbox design ([EMAIL PROTECTED]) Re: Key Schedule Question ([EMAIL PROTECTED]) Re: Has this cipher been broken yet ? ([EMAIL PROTECTED]) Re: TEA vs Blowfish ([EMAIL PROTECTED]) Algorithm from easy spec please! ("Kenneth N Macpherson") Re: Speed comparison of RSA/DES/SHA1 ("Bruce Geist") Re: Speed comparison of RSA/DES/SHA1 ("Gernot Schuh") Re: Export restrictions question (Jim Gillogly) Re: TEA vs Blowfish (Paul Rubin) Re: Algorithm from easy spec please! (Mok-Kong Shen) Re: [Q]: Session key exchange (Paul Rubin) [Q]: Session key exchange (Jyrki O Saarinen) Re: Book Usefulness Question ("Anton Stiglic") Re: [Q]: Session key exchange (Thierry Moreau) Re: Algorithm from easy spec please! ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] (Nick Barron) Subject: Re: IDEA in "aplied cryptography" BRUCE SCHNEIER Date: Tue, 15 Jun 1999 13:39:42 GMT On Mon, 14 Jun 1999 21:13:37 GMT, [EMAIL PROTECTED] wrote: On Mon, 14 Jun 1999 20:44:06 GMT, [EMAIL PROTECTED] (John Savard) wrote: Not to keep criticizing you for being helpful, but I doubt the United States has annexed Germany any time lately... You never know Surely NATO's maps aren't *that* bad! :) Nick Barron SGML/XML Systems and Applications Development Manager Solvera Information Services Ltd Disclaimer: The views expressed in this message are mine, not necessarily those of my company -- From: [EMAIL PROTECTED] (Nick Barron) Subject: Re: IDEA in "aplied cryptography" BRUCE SCHNEIER Date: Tue, 15 Jun 1999 13:39:09 GMT On Mon, 14 Jun 1999 14:31:52 +0200, chciago "gabriel. nock"@siemens.de wrote: hey, i wanted to implement the IDEA-algorythm by the sources in bruce schneiers book is there a fault in this codes, or am i only too silly, to copy code from a book, but : "it doesn't work" or where can I find sources of IDEA which are working, I only want to use it for myself, not in a commercial way.. Have a look at ftp.replay.com in pub/crypto/crypto/applied-crypto and you'll find the full source set from the book. Nick Barron SGML/XML Systems and Applications Development Manager Solvera Information Services Ltd Disclaimer: The views expressed in this message are mine, not necessarily those of my company -- From: [EMAIL PROTECTED] Subject: Re: stream ciphers Date: Tue, 15 Jun 1999 13:39:04 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (James Pate Williams, Jr.) wrote: From 1993 SEAL (Software-Optimized Encryption Algorithm), see _Handbook of Applied Cryptography_ Section 6.4.1 pages 213-216. If you are a citizen of the United States of America, currently residing in the U.S., then you can obtain a C implementation of Algorithm 6.68 (SEAL 2.0) from the _Handbook..._ by writing me at the following address requesting SEAL 2.0. I would look for SEAL 3.0 which is avail from my website :) at http://mypage.goplay.com/tomstdenis/block.html Tom -- PGP key is at: 'http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: sbox design Date: Tue, 15 Jun 1999 13:31:59 GMT In article [EMAIL PROTECTED], Medical Electronics Lab [EMAIL PROTECTED] wrote: Here's where Entrust has the CAST papers: http://www.entrust.com/downloads/whitepapers.htm A "bent" function is a nonlinear boolean function of several inputs and outputs. You need to get hold of Carlile's paper "Good S-boxes are hard to find", it describes everything you want to know in lots of detail. If you can't find it in your library, I'll snail mail a copy to you. I would really appreciate that, if you have a copy to spare I could get you my address in private email. I will take a look at the sight too. (btw, my library would not have it since they don't believe in books from this half of the millenium... :) ) Tom -- PGP key is at: 'http://mypage.goplay.com/tomstdenis/key.pgp'. Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] Subject: Re: Key Schedule Question Date: Tue, 15 Jun 1999 13:36:04 GMT In article [EMAIL PROTECTED], "Timothy Kordas" [EMAIL PROTECTED] wrote: I'm still working through a bunch of material about cryptanalysis; but most of what I've read so far concerns itself primarily with the encryption-function portion of a few different algorithms. Are there any good references