Cryptography-Digest Digest #783
Cryptography-Digest Digest #783, Volume #8 Mon, 21 Dec 98 17:13:03 EST Contents: Re: DIRT ? (MadAdmin) Re: Code hidden in a piece of music (One Man) Re: Cryptography board game! (was: CipherSaber for Dummies?) (Robert Munyer) Re: DIRT ? (NUTSA) Re: DIRT ? (MadAdmin) Twas the Eve of Impeachment. ("Bob & Rosann") Re: On living with the 56-bit key length restriction (Mok-Kong Shen) Re: On living with the 56-bit key length restriction (Lincoln Yeoh) Re: What is Randomness? ("Tony T. Warnock") Re: Two Algorithms (John Savard) MD5 signatures (Thor Arne Johansen) MD5 implementation for 8051 (Viorel Ivanescu) RC4 in 8-bit vs 16-bit (Anonymous) From: [EMAIL PROTECTED] (MadAdmin) Crossposted-To: alt.2600,alt.2600.hackerz,alt.hacker.learning Subject: Re: DIRT ? Date: Mon, 21 Dec 1998 17:50:21 GMT Reply-To: LART On Mon, 21 Dec 1998 16:44:39 GMT, [EMAIL PROTECTED] (NUTSA) wrote: >On Sat, 19 Dec 1998 01:57:24 -, "donoli" <[EMAIL PROTECTED]> >wrote: > >> >>[EMAIL PROTECTED] wrote in message >><75e00q$4lh$[EMAIL PROTECTED]>... >>>Anybody know how to tell if you have the "DIRT" >>>trojan installed on your PC. Also, what is the >>>best way to remove it? >>> >>Try the Dirt Devil. It worked for me. Donoli. >> >> > > >Now are you guys being facetious in your followups to this inquiry >about the D.I.R.T. program??? Is there a program called Dirt Devil >that will detect and remove this electronic surveillance crap??? This >has caused me some concern since I surfed over the home site of the >software company offering this to law enforcement agencies and the >military following a lead provided by a ZD net article about online >spy tools. The indications I got from the site was that something WAS >being installed on my box. For those who do not know D.I.R.T. is >similar to B.O. but a whole lot meaner and newer... Please Let me >know if you will if there IS a detecter and remover... > DIRT is rather controversial. Some of what I've heard is that it's simply a lame trojan and part of a scam. Anyhow apparently the trojan actually exists but whether it is better than BO or not I don't know. My guess is that if McAffee/Dr. Solomon's are up on their toes they'll find it. Now if it's supposed to legitimately be a "law enforcement" tool I don't know how they'd handle it. H. That may be a question for Patrick Nolan or Graham Cluely. They tend to hang in alt.comp.virus. ~~~ The sig. What sig?? .Ooops. I lost my sig!!! .Anybody seen my sig -- From: One Man <[EMAIL PROTECTED]> Subject: Re: Code hidden in a piece of music Date: Mon, 21 Dec 1998 08:09:28 -1000 Ones and zeros can be defined by new highest notes and new lowest notes. The newness can be reset by playing two extreme notes in a row. Consider the following notes where the first note after a reset is a 1: d e d c d d f c a a d e f f d would translate to 1 1 0 1 0 1 1 1 -- From: [EMAIL PROTECTED] (Robert Munyer) Crossposted-To: talk.politics.crypto Subject: Re: Cryptography board game! (was: CipherSaber for Dummies?) Date: 21 Dec 1998 11:34:20 -0600 In article <75liuo$shs$[EMAIL PROTECTED]>, I wrote: > random number generator could be a cloth sack, filled with another > set of 256 CipherSaber chips. They could be a different color Whoops, no need for that second set of chips. Just write down the random numbers before doing the key schedule. That way a single set of chips will suffice. > "stripped down" version of the game. It could use a five-bit > character set, with just capital letters and minimal punctuation. I forgot to mention the maximum key length would also have to be decreased, because in the five-bit version, the key scheduling algorithm only consumes a total of 32 of those five-bit bytes. > a few of the kids, the most ambitious ones, will try the eight-bit > version just so they can say they've done military-strength > encryption with their bare hands. I shouldn't have used the terms "five-bit" and "eight-bit." People will misinterpret these byte widths as key lengths, and think the cipher is weak. It would be better to call them the "32-square" and "256-square" versions of the game. The 256-square version of the game does full CipherSaber encryption, which of course has a very respectable key length. From over 100 bits to over 300, depending on how you choose your key. -- Robert Munyer <[EMAIL PROTECTED]> -- From: [EMAIL PROTECTED] (NUTSA) Crossposted-To: alt.2600,alt.2600.hackerz,alt.hacker.learning Subject: Re: DIRT ? Date: Mon, 21 Dec 1998 18:14:12 GMT On Mon, 21 Dec 1998 17:50:21 GMT, [EMAIL PROTECTED] (MadAdmin) wrote: > >DIRT is rather controversial. Some of what I've heard is that it's >simply a lame trojan and part of a scam. >An
Cryptography-Digest Digest #782
Cryptography-Digest Digest #782, Volume #8 Mon, 21 Dec 98 13:13:02 EST Contents: Re: What is Randomness? (Dr. Yongge Wang) md5 sample implementation Re: Slow Key Scheduling (Mok-Kong Shen) Re: break-even point n! vs Miller-Rabin ? (Leif Nilsen) Re: biometrics (David A Molnar) Re: Protocol flaw in widely-deployed access control software (Bryan G. Olson; CMSC (G)) Re: On living with the 56-bit key length restriction (Mok-Kong Shen) Re: Computers getting faster? (Mok-Kong Shen) Re: (fwd) Strike to protest Wassenaar! (Lutz Donnerhacke) Re: On living with the 56-bit key length restriction (Matthias Bruestle) Re: PGP Signature Hash, Algorithm & Key Size ([EMAIL PROTECTED]) Re: Cryptography board game! (was: CipherSaber for Dummies?) ("jay") Hashing for randomness (Logi Ragnarsson) Re: Protocol flaw in widely-deployed access control software (Michael Sierchio) For Sale : Computer and Cryptology Books FS ([EMAIL PROTECTED]) Re: DIRT ? (NUTSA) From: [EMAIL PROTECTED] (Dr. Yongge Wang) Subject: Re: What is Randomness? Date: 21 Dec 1998 04:42:09 GMT Indeed, for the randomness you may go to Martin-Loef's definition of randomness. (Chaitin has an equivalent difinition) but all these definitions are for infinite sequences. For finite sequence, Kolmogorov complexity (or Chaitin) complexity may be a good way to define randomness Andrew Wall ([EMAIL PROTECTED]) wrote: : Bill, : Can you tell me more about auto correlation? : I have tried using an FFT on random numbers and I get a plot which has all :frequencies present, looking a lot like the input, but : shouldn't all frequencies be present more or less evenly? : I have also thought that an FFT may not be that much use (eg I used a 1024 point :FFT) as you should need to examine a very large : amount of data (several megabytes?) at one time to ensure that any non-random :looking parts are just a fluke and equally likely as : any other sequence to arise. : Andrew : Bill Thomas wrote in message <[EMAIL PROTECTED]>... : >a uniform random number generator can be tested by auto correlation, and then : >by a spectrum - its white noise i.e., equal energy at all frequencies. The : >repeat of the sequence is governed by : >the pn generator used to produce the uniform random numbers. pn generators : >can be made to : >any length. where the sequence starts is set by the initial value (seed) in : >the pn generator. : > -- ==. Yongge Wang| | Dept. of EE & CS | | Univ. of Wisconsin--Milwaukee | | P.O.Box 784|Yongge Wang | Milwaukee, WI 53201|2545 N.Frederick Ave. | |Apt. 104 | Tel: (414)229-5731 |Milwaukee, WI 53211 | Fax: (414)229-2769 | | [EMAIL PROTECTED]|Tel: (414)3324794 | http://www.cs.uwm.edu/~wang|Fax: (414)3324794 | ==' -- From: <[EMAIL PROTECTED]> Subject: md5 sample implementation Date: Mon, 21 Dec 1998 11:06:29 +0200 Hi all, I want to find out a -very_clear- md5 implementation. I know RSA's reference implementation, GNU fileutils' md5 implementation and that of SSLeay but they are optimized for performance. Any of you know a more clear implementation for presentation purposes? Regards, - burak -- From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Slow Key Scheduling Date: Mon, 21 Dec 1998 08:59:12 +0100 Bruce Schneier wrote: > > On 19 Dec 98 17:25:14 GMT, [EMAIL PROTECTED] () wrote: > > >Bruce Schneier ([EMAIL PROTECTED]) wrote: > >: All a slow key schedule does is make brute force searches that much > >: harder. It helps DES just as much as any other algorithm in that > >: respect. > > > >Yes, but only up to a point. If DES with independent subkeys is subject to > >an attack with complexity 2^65, then, if you use a slow key schedule to > >improve DES with a 56-bit key, you still can't make it _stronger than with > >independent subkeys_. Hence, only slowing the key generation process by up > >to 512 times (plus, of course, a correction for the difference in time > >constants between trying a regular 56 bit key, and the steps in the 2^65 > >attack) is effective. > > Yes. Of course. The point of a slow key schedule is not to make a > cipher stronger, but any given attack slower. > > Your math is correct. > > >On the other hand, a block cipher that is, with independent subkeys, so > >strong that only brute-force attack is possible _on the independent > >subkeys_, can be "improved" in security by a much greater amount by a slow > >key schedule. (Of course, a slow key schedule doesn't really increase the > >