Cryptography-Digest Digest #995
Cryptography-Digest Digest #995, Volume #9Fri, 6 Aug 99 02:13:03 EDT Contents: Re: cryptography tutorials (drobick) Re: Prime number. (Boris Kazak) Re: What is "the best" file cryptography program out there? (KidMo84) Re: About Online Banking Security (KidMo84) Re: new PGP key and test ([EMAIL PROTECTED]) Re: Questions regarding elliptic curve cryptography. (Greg) Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a Byte?) ([EMAIL PROTECTED]) Re: AES finalists to be announced ([EMAIL PROTECTED]) Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY) Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED]) Re: About Online Banking Security (Greg) Re: Transposition and substitution algorithms ??? (wtshaw) Re: Need letter frequencies (wtshaw) Re: Do Window Apps using CryptAPI exist? (wtshaw) beginner question re. MD5 and one-way hashes (Muharem Hrnjadovic) Re: What is "the best" file cryptography program out there? (wtshaw) Re: Need letter frequencies (Jim Gillogly) Re: Will someone please flame me??? (John Savard) From: drobick <[EMAIL PROTECTED]> Subject: Re: cryptography tutorials Date: Sat, 31 Jul 1999 11:10:41 +0200 polyalphabetics window$95 program of caesar & vigenere look here: http://www.arco.de/~drobick/download/cipher.zip or http://www.arco.de/~drobick/freeware-E.html (alternate german freeware.html) -- From: Boris Kazak <[EMAIL PROTECTED]> Subject: Re: Prime number. Date: Thu, 05 Aug 1999 19:22:09 -0400 Reply-To: [EMAIL PROTECTED] Bob Silverman wrote: > > In article <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] (John McDonald, Jr.) > wrote: > > > On Tue, 03 Aug 1999 23:40:39 GMT, Bob Silverman <[EMAIL PROTECTED]> wrote: > > > > >Bob Silverman > > >"You can lead a horse's ass to knowledge, but you can't make him think" > > > > You know, Bob's response to my post really bothered me for about 10 > > minutes today, until I read the rest of his posts to this NG. It > > seems that despite the man's rather costly education, he forgot to > > include people skills. Did you skip the course on "How not to come > > across like an Asshole?" at Harvard? Did they not offer it at the > > University of Chicago? > > It is a pretty sure sign that when people start resorting to name calling > that they have nothing constructive to say. > > When you and others post assertions in a public forum you have a > responsibility to either be informed about what you are discussing or > to check sources. > > This isn't about people skills, it's about responsibility. > > Do you react this way to your boss (or professors) when (s)he tells > you that you made a mistake? > > = Do you react this way to your boss (or professors) when (s)he makes a mistake? Best wishes BNK -- From: [EMAIL PROTECTED] (KidMo84) Subject: Re: What is "the best" file cryptography program out there? Date: 06 Aug 1999 02:31:48 GMT Ima still tryin to figure out how my origional posting led to this msg. :) Signed, KidMo -- From: [EMAIL PROTECTED] (KidMo84) Subject: Re: About Online Banking Security Date: 06 Aug 1999 02:46:31 GMT Thankz, thats exactally what i wanted:) Signed, KidMo -- From: [EMAIL PROTECTED] Subject: Re: new PGP key and test Date: Fri, 06 Aug 1999 02:39:37 GMT > Here is a question though. My key is at an FTP site of > > ftp://ftp.goplay.com/tomstdenis > > What would be the steps for 'hacking' the key at that site? Are there > any pointers online? Basically I want to know how someone from outside > of goplay (the FTP provider) would hack the key and thus fake being me > (well [EMAIL PROTECTED]) I am willing to divulge more personal habits (say about the times when I use goplay) in private email. I seriously want to know how someone might steal/change the key at my site. BTW I got pgp 2.6.2 and I think it's much easier and funner to use then pgp 6.0.2. I have a 768 bit RSA key (see my .sig). Tom -- PGP 6.0.2i Key http://mypage.goplay.com/tomstdenis/key.pgp PGP 2.6.2 Key http://mypage.goplay.com/tomstdenis/key_rsa.pgp Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: Greg <[EMAIL PROTECTED]> Subject: Re: Questions regarding elliptic curve cryptography. Date: Fri, 06 Aug 1999 02:42:10 GMT In article <[EMAIL PROTECTED]>, Teh Yong Wei <[EMAIL PROTECTED]> wrote: > Me again. Sorry for posting so many "simple" questions to all of U. But, > I myself am new in this field, so there is a lot of things that I am > quite uncertain and don't understand. Here are some questions regarding > ECC: > > 1) How to determine a curve is a good curve? Personally, I have chosen 4 curves for my ECC application and they all co
Cryptography-Digest Digest #994
Cryptography-Digest Digest #994, Volume #9Thu, 5 Aug 99 22:13:02 EDT
Contents:
Re: About Online Banking Security (KidMo84)
Re: ORB - Open Random Bit Generator ([EMAIL PROTECTED])
Re: frequency of prime numbers? (Ian Gay)
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: : I AM CAVING IN TO JA... ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: ORB - Open Random Bit Generator (David Wagner)
Re: beginner question re. MD5 and one-way hashes ([EMAIL PROTECTED])
Re: frequency of prime numbers? ("rosi")
new PGP key and test ([EMAIL PROTECTED])
Re: frequency of prime numbers? ("rosi")
Questions regarding elliptic curve cryptography. (Teh Yong Wei)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Ways to steal cookies in HTTP and HTTPS (Paul Rubin)
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: About Online Banking Security
Date: 06 Aug 1999 00:24:38 GMT
first off for me it's 128bit not 40bit, second off, a person could look over
your arm and see your pin number and steel your credit card at an atm. And
even if they stole your id and pass for the website, there is no way to
transfer money through the website as i know of now, its just to review
checking records and stuff like that.
Signed,
KidMo
--
From: [EMAIL PROTECTED]
Subject: Re: ORB - Open Random Bit Generator
Date: Fri, 06 Aug 1999 00:22:39 GMT
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
> That sounds like Microsoft "open" rather than the
> normal definition of "open".
Well yeah. Like microsoft he provides just enough information to be
hopelessly confused... :)
> That sounds like a bad design.
>
> The right way to do this is to leave out the hash function.
I would tend to agree. SHA-1 for example can be done with portable
code. You could plug the device into any type of PC and use SHA-1 to
provide 'compression'.
>
> For one thing, it simplifies things and eliminates the worry of
finding
> a hash that fits in tiny memory. Much more importantly, it lets
someone
> analyze the bitstream you get from the A/D, the one that's supposed to
> have entropy in it, and see whether it does. One reason for doing
that,
> apart from verification of the design, is for online fault detection.
This is true. But you still need a hash for the PRNG numbers though.
> I'm puzzled by the description of your entropy generator. How does
> charging and discharging a capacitor do that? Do you use the fact
> that resistors are noisy? Fine, but if so, feeding that noise into
> a capacitor rather defeats the point! And it should be obvious that
> modulating that charge/discharge process with a bitstream doesn't
> generate any more entropy than charging/discharging without that
> influence.
>
> On what physical process does this thing depend?
Dunno. I thought MISC used two capacitors in close proximity (or
something like that). Mainly I hear about noisy diodes, adcs or even
decaying atoms (with a counter). The actual 'random' input should be
independant of the current state of the device which is why I don't
like his 'bitstream' idea. What if the 'bitstream' has a short period
or something?
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED] (Ian Gay)
Subject: Re: frequency of prime numbers?
Date: Fri, 06 Aug 99 00:39:30 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>John Savard wrote:
>> Actually, you see, IF our previous list contained all the primes, then
>> our new number would indeed, by not being divisible by any of them,
>> satisfy the _definition_ of a prime number, not being divisible by any
>> prime smaller than itself.
>
>Exactly right. Bob S protested too quickly this time.
Hmmm... Might be better to define prime as only divisible by 1 and itself.
Otherwise, you get, e.g.
{3, 5} = putative set of all primes
3*5+1 = 16, which is not divisible by 3 or 5
so 16 is prime. This doesn't seem too helpful.
*** To reply by e-mail, remove _nospam from address ***
--
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Fri, 06 Aug 1999 00:29:02 GMT
In article <7octgv$q1o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Maybe you needed a fishyer name for your method. Or better yet if
you had
> some buddies at the NSA they could have given you pointers that would
have
> kept it weak enough so they could break it and yet strong enough so
the public
> crypto people could not. It is a hard line to follow with out the
right kind
> of frie
Cryptography-Digest Digest #993
Cryptography-Digest Digest #993, Volume #9Thu, 5 Aug 99 20:13:03 EDT
Contents:
Re: Transposition and substitution algorithms ??? ("Douglas A. Gwyn")
Re: challenges / competitions??? (SCOTT19U.ZIP_GUY)
Re: challenges / competitions??? ("Douglas A. Gwyn")
Re: About Online Banking Security (Greg)
Re: ORB - Open Random Bit Generator (Paul Koning)
Re: any literature about trusted unit? (Jim Gillogly)
Re: frequency of prime numbers? (Jim Gillogly)
Re: Need letter frequencies (Jim Gillogly)
Re: Will someone please flame me??? ("ME")
Re: About Online Banking Security (Dean Povey)
Re: Looking for GSM Authentication Algorithm A3 ("Eugeniusz Bodo")
Do Window Apps using CryptAPI exist? (Greg)
Re: Error-Correcting Codes Added to Web Site ([EMAIL PROTECTED])
Re: Error-Correcting Codes Added to Web Site (John Savard)
Re: Good generators and primes for Diffie Hellman (Doug Stell)
Re: About Online Banking Security ([EMAIL PROTECTED])
Re: Transposition and substitution algorithms ??? (John Savard)
Re: beginner question re. MD5 and one-way hashes (Jerry Coffin)
Re: Transposition and substitution algorithms ??? (Jerry Coffin)
Re: Random numbers in practice (Alwyn Allan)
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Transposition and substitution algorithms ???
Date: Thu, 5 Aug 1999 20:26:01 GMT
wtshaw wrote:
> But, when you deal with gross changes in format, it is substitution, or
> something else?
Indeed, ultimately every encryption system merely replaces the plaintext
by some ciphertext, which could be considered a large-scale
substitution.
In practice, large-scale substitution cannot be performed without
subdividing the operation, because to handle the toality of possible
plaintexts would require an impossibly large codebook. If one looks
at the lowest levels of subdivision, *then* the operations tend to be
either a (block) replacement (a.k.a. "encoding") or a rearrangement
("permutation"). If there is a third basic means of invertible
transformation, it would sure be interesting to hear about.
> Something like XOR is clearly another example that fails to fit cleanly
> into either category, ...
XOR operations used within a transformation module need not fit the
categories any more than electrons need to fit the categories.
However, XOR as a means of combining key with plaintext to produce
ciphertext is clearly a substitution process.
--
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: challenges / competitions???
Date: Thu, 05 Aug 1999 21:52:58 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(DJohn37050) wrote:
>There are the RSA and DES challenges from RSA Labs and the ECC challenge from
>Certicom. These have money/prizes attached to the harder problems.
>Don Johnson
So does mine and the software is free.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
--
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: challenges / competitions???
Date: Thu, 5 Aug 1999 20:34:20 GMT
Gabe Simon wrote:
> I was just wondering if anyone knew about a website that had
> cryptanalysis challenges for people to try to solve. I was hoping
> for something with multiple levels of difficulty for us newbies out
> there... If such a site does not exist... would anyone be interested
> in making one? I know I would... it wouldn't be too hard to
> organize...
The "Zendian problem" messages are available somewhere, perhaps via
the ACA "crypto drop box". It is best if you also get the book from
Aegean Park Press, since it cintains some starting hints etc. that
aren't in the on-line archives. Be warned that this is a rather
tough problem, but with perserverance and an understanding of
MilCryp I and II you should be able to recover most of the plaintexts.
It is *also* a problem in Traffic Analysis; you should be able to
reconstruct most of the "cryptonet" and identify the Military units
that sent/received most messages.
--
From: Greg <[EMAIL PROTECTED]>
Subject: Re: About Online Banking Security
Date: Thu, 05 Aug 1999 22:35:49 GMT
> ATMs are for the most part secure devices
> now (???).
Would you say that 40 bit SSL over the internet is more insecure than
ATM machine comm lines? If not, then what's the difference?
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
Cryptography-Digest Digest #992
Cryptography-Digest Digest #992, Volume #9Thu, 5 Aug 99 19:13:03 EDT
Contents:
ANSI standards? (Jonathan Katz)
challenges / competitions??? (Gabe Simon)
Re: Good generators and primes for Diffie Hellman (DJohn37050)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Transposition and substitution algorithms ??? (John Savard)
AES finalists to be announced ([EMAIL PROTECTED])
Re: Construction of permutation matrix ([EMAIL PROTECTED])
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY)
Re: Is the output of 3DES really pseudorandom??? ("karl malbrain")
Re: ANSI standards? (DJohn37050)
Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY)
Re: challenges / competitions??? (SCOTT19U.ZIP_GUY)
Re: challenges / competitions??? (DJohn37050)
Re: AES finalists to be announced (John Myre)
Re: AES finalists to be announced (DJohn37050)
Re: What is "the best" file cryptography program out there? (Jim Dunnett)
Re: Prime number. ("Douglas A. Gwyn")
Re: Software License Generation - Assistance Requested ("Douglas A. Gwyn")
Re: Blowfish x86 assembler ("Kasper Pedersen")
Re: AES finalists to be announced (SCOTT19U.ZIP_GUY)
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: any literature about trusted unit? ("Douglas A. Gwyn")
Re: Transposition and substitution algorithms ??? (wtshaw)
Re: OTP export controlled? (wtshaw)
Need letter frequencies (LasombraXX)
Re: Americans abroad/Encryption rules? (wtshaw)
Re: Bad Test of Steve Reid's SHA1 (wtshaw)
Re: Americans abroad/Encryption rules? (wtshaw)
Re: frequency of prime numbers? (John McDonald, Jr.)
Re: Construction of permutation matrix (wtshaw)
Re: frequency of prime numbers? ("Douglas A. Gwyn")
From: Jonathan Katz <[EMAIL PROTECTED]>
Subject: ANSI standards?
Date: Thu, 5 Aug 1999 13:31:08 -0400
Is ANSI X9.52 available on-line anywhere? It describes modes of operation
for 3DES...
--
From: [EMAIL PROTECTED] (Gabe Simon)
Subject: challenges / competitions???
Date: 5 Aug 1999 17:58:45 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
Hi,
I was just wondering if anyone knew about a website that had
cryptanalysis challenges for people to try to solve. I was hoping
for something with multiple levels of difficulty for us newbies out
there... If such a site does not exist... would anyone be interested
in making one? I know I would... it wouldn't be too hard to
organize...
Gabe Simon
=BEGIN PGP SIGNATURE=
Version: PGPfreeware 6.5.1 for non-commercial use
iQA/AwUBN6nQi578aT3Vj9DSEQIdpgCdHpKMe3WxK1LtzMNtCnPK390c/PIAnjrC
4f2809WM9yKjh8HLpkDQCv3E
=frQX
=END PGP SIGNATURE=
--
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Good generators and primes for Diffie Hellman
Date: 05 Aug 1999 17:11:45 GMT
There are certain attacks that are often possible (sometimes called small
subgroup attacks) if the generator is not a generator of a large prime-order
subgroup. In this context, one usually wants the order to be a 160-bit prime
or larger.
Don Johnson
--
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Thu, 05 Aug 1999 17:22:44 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (KidMo84) wrote:
> You know, i always wonder what the NSA has broken but has not
released to the
> public yet:).
I will let you in a secret:
Cryptography is not only about keeping things secret
It's about authentication, privacy, identification, fraud prevention
etc...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Transposition and substitution algorithms ???
Date: Thu, 05 Aug 1999 18:06:38 GMT
Spike Ivans <[EMAIL PROTECTED]> wrote, in part:
>However, in the manual, it states that all cryptographic
>systems rely on either or both of two techniques, transposition and
>substitution. So... having said that, I have a few questions...
>1) Is this true ?
Yes - inescapably and unavoidably. However, that is actually a very
interesting question even so.
About all you can do with a text, or a series of bits, to conceal it
is to replace some bits, or groups of bits, by other bits or groups of
bits - or move it to some other spot in the message.
That's what is unavoidable.
But it conceals the other things that may happen to make things
interesting.
a) You don't have to replace each byte by other bytes in the same way
throughout the message; the rule of substitution can change with each
byte.
b) Subsitution doesn't have to be done on single bytes; it can be
applied to larger blocks, such as bloc
Cryptography-Digest Digest #991
Cryptography-Digest Digest #991, Volume #9Thu, 5 Aug 99 14:13:03 EDT
Contents:
Re: Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED])
Re: The Acronym MDC (Paul Koning)
Re: DES crypt(3) (Paul Koning)
Re: beginner question re. MD5 and one-way hashes (Jerry Coffin)
Re: Prime number. (Bob Silverman)
Re: frequency of prime numbers? (Jim Gillogly)
Re: Good generators and primes for Diffie Hellman (Doug Stell)
Re: Transposition and substitution algorithms ??? (wtshaw)
Re: beginner question re. MD5 and one-way hashes ("Anders J. Munch")
Re: frequency of prime numbers? (Bob Silverman)
Re: DES Algorithm source code (David C. Oshel)
Re: beginner question re. MD5 and one-way hashes (David Wagner)
any literature about trusted unit? ([EMAIL PROTECTED])
Re: Is this a new authent/encrypt protocol? (Greg)
Re: Is this a new authent/encrypt protocol? (Greg)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Americans abroad/Encryption rules? (David C. Oshel)
Re: frequency of prime numbers? (fungus)
Re: frequency of prime numbers? (John Savard)
New Movie Website! ([EMAIL PROTECTED])
Re: frequency of prime numbers? (Robert Scott)
From: [EMAIL PROTECTED]
Subject: Re: Bad Test of Steve Reid's SHA1
Date: Thu, 05 Aug 1999 14:26:30 GMT
Jerry, thanks again for taking time for a useful and interesting
reply. Believe it or not, I feel that my knowledge is sufficient
enough that I don't have any more questions.
Also, my new SHA1m.dll is working ("m" for minus since I handle only 1-
55-char messages; however, that easily could be changed). If anyone
sends me an e-mail, I would be happy to send a copy of the code.
Rob
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
> In article <7nste6$ss7$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> [ ... ]
>
> > So far no-one has told me what LITTLE_ENDIAN does. Does it refer to
> > one of the alternate methods referred to as 7. and 8. on the NTIS
site
> > (thanks to Jerry Coffin for that URL)? I would assume not since,
as D.
> > L. Keever mentions, you do need to define LITTLE_ENDIAN to get the
> > right digest. Or does it refer to the "technical correction" that
> > generated SHA-1 (FIPS 180) in the first place? Something else?
Just
> > curious.
>
> SHA-1 works with 32-bit quantities. On the NTIS site, they assume
> that if you start with bytes like:
>
> 00 01 02 03
>
> and treat them as a single 32-bit quantity, they should end up as:
>
> 00010203
>
> I.e. the first byte becomes the mistyping of the four, and the fourth
> byte ends up as a the least significant. This is what's generally
> referred to as big-endian ordering. By contrast, on a little-endian
> machine, the first byte will end up as the least-significant byte of
> the whole, and the fourth will end up as the most significant. I.e.
> if you take the string above and simply cast a pointer to its
> beginning as a pointer to long, you'll end up with 03020100 as your
> number. Therefore, on a little-endian machine, you have to take the
> inputs and swap them around to produce the right number.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: The Acronym MDC
Date: Wed, 04 Aug 1999 14:12:10 -0400
John Savard wrote:
>
> I had thought that MDC stood for Message Digest Code, but according to
> the Handbook of Applied Cryptography, it stands for Modification
> Detection Code!
Neither, according to an old reference I have:
"Proposed federal standard 1027, 5 august 1980
...
3.4.5. ... Manipulation Detection code (MDC) ..."
paul
--
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: DES crypt(3)
Date: Wed, 04 Aug 1999 14:09:05 -0400
[EMAIL PROTECTED] wrote:
>
> Plans are underway to design and build hardware to crack DES crypt(3)
> encoded passwords by brute force using 100MHz Xilix FPGAs in parallel.
> The task is mearly as a "science project" to see just how many possible
> keys we can eliminate / sec. Could someone provide me with the concise
> algorithm for crypt(3). Thanks
"Use the source, Luke"
Pull up a Linux distribution and you can read it.
paul
--
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: beginner question re. MD5 and one-way hashes
Date: Thu, 5 Aug 1999 09:41:56 -0600
In article <7oc6q3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> dear crypto experts,
>
> I need a one-way function in order to generate hash key values
> for a piece of software that is caching objects i.e. when I come
> across an object the second time the function should generate the
> same hash key so I know that I have seen that object already.
For this, you're only looking for a low-incidence of collisions, not
the other characteristics of a
Cryptography-Digest Digest #990
Cryptography-Digest Digest #990, Volume #9Thu, 5 Aug 99 11:13:02 EDT
Contents:
Re: OTP export controlled? (Bo Dömstedt)
Re: Is breaking RSA NP-Complete ? (Safuat Hamdy)
Will someone please flame me??? (Michelle Davis)
Re: Looking for GSM Authentication Algorithm A3 ("Lassi Hippeläinen")
Re: What is "the best" file cryptography program out there? (wtshaw)
Re: With all the talk about random... (Shawn Willden)
Re: where to start? (Michelle Davis)
Re: Microsoft Word 97 (pwrecover)
Re: How to keep crypto DLLs Secure? (Jim Felling)
Re: Good generators and primes for Diffie Hellman (DJohn37050)
Re: Construction of permutation matrix (Mok-Kong Shen)
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: Construction of permutation matrix (Mok-Kong Shen)
Re: Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: Will someone please flame me??? (SCOTT19U.ZIP_GUY)
Re: Is the output of 3DES really pseudorandom??? (fungus)
Re: Americans abroad/Encryption rules? (JPeschel)
From: [EMAIL PROTECTED] (Bo Dömstedt)
Crossposted-To: talk.politics.crypto
Subject: Re: OTP export controlled?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 05 Aug 1999 11:36:16 GMT
W.G. Unruh wrote:
>The purpose of all export reguations is to prevent US citizens from supplying
>things to foreigners. It says nothing anywhere that it is to prevent the
>foreigners for doing things themselves.
Precisely! We other people, us foreigners, can manage to run
an OTP without the U.S.,
http://www.protego.se/sg100_en.htm
...we hold an unrestricted export license for the above product!
According to Swedish law of commerce, we cannot refuse to sell,
based upon some opinion of the customer (or the country where
he lives).
>The stated or unstated purpose is not to keep it out of the hands of citizensi,
>although it is clear that there are some who would love to do that.
The OTP system, as compared to DES/IDEA/skipjack/AES candidates,
that cannot have any internal weakness, that could be exploited,
would surly not be appreciated by the tree-letter-agency-people.
Bo Dömstedt
Chief Cryptographer
Protego Information AB
Malmoe,Sweden
--
From: Safuat Hamdy <[EMAIL PROTECTED]>
Subject: Re: Is breaking RSA NP-Complete ?
Date: 05 Aug 1999 12:54:56 +0200
Nicol So <[EMAIL PROTECTED]> writes:
> > > I have seen different definitions of NP-Hard. The definition I prefer
> > > is:
> > >
> > > A problem is NP-Hard if it is polynomial time reducible (in the sense
> > > of Karp reducibility) to the hardest problem in NP.
> >
> > My impression (derived from a possibly too small set of samples) was
> > that nowadays most people agree that NP-hardness is about
> > Turing-reductions ... isn't that also the definition that Garey &
> > Johnson seem to prefer?
>
> I could be wrong, but my impression is that people these days prefer
> (polynomial-time) many-one reduction to (polynomial-time) Turing
> reduction when dealing with NP-completeness. Do people have a different
> preference when dealing with NP-hardness?
Since complexity theory was one of my main subjects, I claim to have some
knowledge about the terms used here. For reference I prefer Baclazar, Diaz,
Gabarro, Structural Comlexity, 2nd ed, 1994. This is much more up to date
than most other books like Garey, Johnson or Hopcroft, Ullman.
Some clarifications:
Let C be any complexity class
1. C-hard and C-complete by default refers to poly-time many-one reduction,
whenever C is above P, while for P and NLOG (and all other classes above
LOG) it refers to log-space many-one reduction. For two sets A and B we
write A <= B, whenever A is many-one reducible to B. Note also,
"reducible" means by default poly-time many-one reducible.
2. When we really want to speak about Turing reducibility, we say C-T-hard
and C-T-complete (of course, in certain contexts where there is no
ambiguity, we can abbreviate this). For two sets A and B we write A <=_T
B, whenever A is Turing reducible to B. Note that Turing reducibility
usually refers to poly-time Turing reducibility.
3. Def: Some set A C-(T-)hard if and only if any set B from C is
(Turing-)reducible to A. Moreover, if A itself is in C, then A is
C-(T-)complete.
These are the modern definitions for hard and complete, everything else
is fuzz from the past.
4. To remove any doubts: Def: Let A and B be sets over some alphabet S. A
is poly-time many-one reducible to B, if and only if there exists a
deterministic poly-time computable function f such that for any x from
S^*, x is in A if and only if f(x) is in B; similar for space-bounded
many-one reducibility, although here f additionally must not expand it's
inp
Cryptography-Digest Digest #989
Cryptography-Digest Digest #989, Volume #9Thu, 5 Aug 99 07:13:02 EDT
Contents:
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: About Online Banking Security ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Is the output of 3DES really pseudorandom??? ([EMAIL PROTECTED])
Re: DES Algorithm source code ([EMAIL PROTECTED])
Re: Prime numbers wanted ("Douglas A. Gwyn")
Re: How to keep crypto DLLs Secure? ("Douglas A. Gwyn")
Re: What the hell is XOR? ("Douglas A. Gwyn")
Re: [Q] Why is pub key cert. secure & free from spoofing? (Wim Lewis)
Transposition and substitution algorithms ??? (Spike Ivans)
QuickBooks99 Crack ("John E. Kuslich")
Re: Is breaking RSA NP-Complete ? ([EMAIL PROTECTED])
Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a Byte?)
("Magic")
Re: Intel 810 chipset security (Vernon Schryver)
Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big (Sunil Rao)
Re: Transposition and substitution algorithms ??? (JPeschel)
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Thu, 05 Aug 1999 04:30:14 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> > That form of implicit trust scares me. What makes a 1024 bit key
less
> > secure then a 4096 bit key? (And if you say ease of solving you
have
> > no clue about the crypto world).
>
> Did I ever say I had a clue about the crypto world? It probably
doesn't,
> but the big number sure looks cool doesn't it? =)
Well not really. bigger keys means more memory, and slower
operations. If you could for example store 5 times more keys on a
server because users use 768 bit keys instead of 4096 bit keys, I know
I would be happy.
Really I don't think 4096 bit keys are any more secure (from a
mathmatical standpoint) then 1024 or even 768 bit keys. Even 512 bit
keys are just in the 'theory' stage of being broken. Factoring 1024
bit numbers would require a totally new algorithm (or matrix step) that
would probably make the current state 512 vs 1024 more like 1024 vs
4096 ...
> Sure, you could upload a fake key to my name, it wouldn't have any of
the
> signatures attached to it, but be my guest. My key is on all the
default
> servers.
So what. If I ask for your name and pick up the first key will I know
if it's right or not? How will I trust the signatures on the key?
etc ... see my point?
I think if your HTTP or FTP client is secure and you have a good
password that is the only really way of putting keys up. They have to
know that you own th site or directory though ...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Thu, 05 Aug 1999 04:38:02 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (KidMo84) wrote:
> I was thinking along the lines of ScramDisk, i have pgp6.0 off of
replay's
> site(www.replay.com) and it works pretty good. I guess i should have
put
> commercial products, even though i was lookin for freeware too. I
haven't had
> a chance to try out scott16. But i haven't used dos lately. At least
i think it
> uses dos, somebody might yell at me for that one. I have sort of
grown away
> from ms-dos, using windows98 at present time that is. Though when you
are
> recovering information dos is the best way to go.
>
You still haven't said your needs. Some obvious needs:
1) Dynamic live connections? (Diffie-hellman with identification)
2) PK systems? (RSA or DH)
3) point-to-point? (share password, SHA/MD5/TIGER + DES/CAST/RC5 ...)
... endless list ...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: [EMAIL PROTECTED]
Subject: Re: About Online Banking Security
Date: Thu, 05 Aug 1999 04:40:44 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (KidMo84) wrote:
> I was wondering how secure online banking really is. Has there been
any
> information written up about the topic. Specifically nations bank
banking
> online, the url is: http://www.nationsbank.com/online/tour/?
statecheck=MO
> At least for missouri's online banking.
>
> To get to bare bone's they use Secure Socket Layer(SSL) With a
password and id.
I would not trust them. Many times all you have to do is have a valid
cookie id to get access to someones account. If I could get your
cookies ... all hell breaks loose.
Most of the time these systems are designed by comp.sci majors without
any background in cryptography (well isn't 40-bit SSL (RC4) secure
enought?) ...
Unless the bank states exactly how there system works (which they won't
