Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #14 Thu, 7 Jun 01 23:13:01 EDT Contents: Re: Simple C crypto ("Tom St Denis") Re: Alice and Bob Speak MooJoo ("Robert J. Kolker") Re: Alice and Bob Speak MooJoo ("Tom St Denis") Re: Brute-forcing RC4 ("Scott Fluhrer") Re: Best, Strongest Algorithm (gone from any reasonable topic) ([EMAIL PROTECTED]) Re: Brute-forcing RC4 ("Tom St Denis") Re: Simple C crypto ("Boyd Roberts") Re: Best, Strongest Algorithm (gone from any reasonable topic) ([EMAIL PROTECTED]) Re: CBC variant ("Scott Fluhrer") Re: Best, Strongest Algorithm (gone from any reasonable topic) ("Tom St Denis") Re: Brute-forcing RC4 ("Scott Fluhrer") Re: Brute-forcing RC4 ("Tom St Denis") Re: Alice and Bob Speak MooJoo ("Robert J. Kolker") Re: Simple C crypto ("Dirk Bruere") Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and Large Primes (sisi jojo) Re: Simple C crypto ("Dirk Bruere") Re: Brute-forcing RC4 ("Scott Fluhrer") Re: Simple C crypto ("Tom St Denis") Re: Any Informed Opinions? ("Dirk Bruere") Re: Simple C crypto ("Dirk Bruere") Re: Simple C crypto ("Tom St Denis") From: "Tom St Denis" <[EMAIL PROTECTED]> Subject: Re: Simple C crypto Date: Fri, 08 Jun 2001 00:56:36 GMT "Dirk Bruere" <[EMAIL PROTECTED]> wrote in message news:6OUT6.19530$[EMAIL PROTECTED]... > > "Tom St Denis" <[EMAIL PROTECTED]> wrote in message > news:xITT6.52725$[EMAIL PROTECTED]... > > > > > The requirement is for text comments (for example) to be written to a > file > > > along with data. We simply don't want people to get into the file to > read > > > and/or alter the text. We're not talking about professional hackers or > the > > > NSA, just (say) lab technicians who use the equipment. Detecting > > alteration > > > of the text is something else. > > > > So, no freeware solution to such a simple problem? > > > There are tons of public domain crypto tools (tools = algorithms). > Whether > > your a competent enough cryptographer to use them is another question. > > I don't have to be a competent crypographer if someone else has done the > work. > I use other peoples programs to do jobs so I don't have to write them > myself, or even know how they work. Am I supposed to be able to code .jpg > before I can embed a picture viewer? There is more to crypto then just using a cipher. just like there is more to a codec then a library to output jpg. However, unlike outputting a jpg, errors in crypto can be more than just annoying. They can be fatal errors. For example, if you default to 0.99 quality in your JPG library that's annoying. If you default to 16-bit symmetric keys that's useless! > > Also if your application that you distribute can read these "magically > > encoded files" then so can anyone else. This is a re-hash of the > > CSS/SDMI/etc designs. Here's a tip, they don't work. > > The files are output from a data logger, we just don't want people casually > changing the data. > > I rather doubt the ability and motivation of normal users to reverse > engineer the application to determine the crypo method in order to change > the comments in a file. If they are that keen then they will have faked the > whole thing from start to finish. The algorithm is not in a file viewer they > will have access to, unless, of course, they do that reverse engineering. > They can encode a comment (if it is theirs), but not decode anything. > > All I am looking for is something that will require a few hours of work by a > competent engineer with the right tools to break. That is the level of > deterrence required. The problem with this (as many and espesicially Schneier have pointed out) is that it only takes ONE person to break your program ONCE. Then it's all down hill. Who cares if it takes them 3 days. Once they complete the task ONCE they will FOREVER. > > If you application is based on secrets like passwords or what have not > just > > use a cipher like Blowfish in CTR mode to encode the files. Alterations > > will show up in the plaintext but if you need more assurance append a hash > > of the pre-image to the plaintext. That should stop all attacks on "the > > math". At that point it's upto physical and password security. > > Done a search on Blowfish, but could not find any code. If its more than > about 100 lines of C then I'm not interested. I jus
Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #13 Fri, 26 Jan 01 15:13:01 EST Contents: Re: Dynamic Transposition Revisited (long) (AllanW) Re: Snake Oil (SCOTT19U.ZIP_GUY) Re: Knots, knots, and more knots (Matthew Montchalin) Re: Decode Algorythim ("Joseph Ashwood") Re: Steak Stream Cipher ("Joseph Ashwood") Re: Mr Szopa's encryption (was Why Microsoft's Product Activation Stinks) ("Joseph Ashwood") Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa) Encryption Program (Benjamin) Re: What do you do with broken crypto hardware? (Bill Unruh) Q: File Extension .$#! - Which Encryption Program?!? (Thomas Propst) From: AllanW <[EMAIL PROTECTED]> Subject: Re: Dynamic Transposition Revisited (long) Date: Fri, 26 Jan 2001 19:33:06 GMT [EMAIL PROTECTED] (Terry Ritter) wrote: > > On Tue, 23 Jan 2001 08:29:16 -0800, in > <[EMAIL PROTECTED]>, in sci.crypt "John A. Malley" > <[EMAIL PROTECTED]> wrote: > > >Terry Ritter wrote: > >> > >[snip] > > > >> >This may be a good place to continue the cryptanalysis of the strength > >> >of the DT cipher. A PRNG with N! states to make every permutation of > >> >the bits in an N bit block can only generate some of the possible > >> >sequences of permutations. There are (N!)! possible sequences of > >> >permutations. > >> > >> There are (N!)**S possible sequences of permutations, of sequence > >> length S. > > > >Please help - where did I go wrong in calculating the total number of > >possible sequences of the N! total possible permutations? > > > >Here's my reasoning - > > > >Given N bits there are N! different, unique ways to permute those bits - > >the N! unique permutations. They make a set P. > > > >I number the permutations in the set from 1 to N!. How many different > >ways can I sequence the members of the set of permutations? Or in other > >words, how many different ways can I write down (list) the elements of > >P? Let the number of elements in P be M, so > >M = N!. The number of unique listing sequences of the M elements is the > >number of permutations of the M elements of P, which is M!. Since M = > >N!, then M = (N!)!. > > > >So that's how I derived the number of ways the individual elements of > >the set of permutations of an N bit block can be listed out as a > >sequence. > > OK, I had no idea what you were doing. Of course, I still have no > idea where you are going. Do you have any idea how big (N!)! is? > Even 128! is 3.85620482e+215, and the factorial of that is some number > which is about 2.75610295e+218 bits long. (From > >http://www.io.com/~ritter/JAVASCRP/PERMCOMB.HTM#Factorials > > ). > > Surely, there is no reason to imagine that permutations must all occur > before repeating. In fact, that would be a weakness. > > The design goal is to allow the very same permutation to occur on the > next block, and then rely on the almost infinitesimal probability of > any particular permutation occurring to be assured that it will almost > never happen. The goal is to make the permutation selection for each > and every block independent, with equal probabilities. > > We can see the selected permutation as a "value," in a sequence of > values, exactly the same way we get random values from an RNG, or the > way we think of sequences as some number of symbols, each one chosen > from a set. It is a weakness for a random generator to produce a > value which will not then re-occur until the generator recycles. > > >> >AFAIK it's safe to say the PRNG generates N! sequences > >> >(assuming the set of seed values is equal to the set of possible outputs > >> >of the PRNG, both sets are of order N!.) Only N!/ (N!)! of the sequences > >> >can ever be seen. > >> > >> ?? > > > >There are M! ways to list the M values from 1 - M. > > These are called permutations. > > >A PRNG outputs lists > >(sequences) of the values between 1-M. > > Some RNG's are like that. Don't do that. > > >The PRNG starts from a seed > >value s and makes a list of the M values. Each list is different. The > >PRNG can only make as many unique lists of the M values are there are > >unique seeds s. Let the order of the set S of seed values be K. Then > >the PRNG can only make K out of M! listings (sequences) of the M values > >from 1 - M. So the PRNG only produces a fraction K / M! of the total > >pos
Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #12 Mon, 28 Aug 00 22:13:01 EDT Contents: 96-bit LFSR needed ([EMAIL PROTECTED]) Re: PGP Bug: IMPORTANT Personal test report (Tom McCune) Re: Blowfish question (and others) ([EMAIL PROTECTED]) Re: Future computing power (David A Molnar) Re: ZixIt Mail ("Jeffrey Walton") Re: DeCSS ruling -- More (Jim Steuert) Re: Future computing power ([EMAIL PROTECTED]) Re: could someone post public key that is tempered ? (jungle) Re: PGP Bug: IMPORTANT Personal test report (jungle) Re: On pseudo-random permutation (Tim Tyler) Network Associates ([EMAIL PROTECTED]) Re: Looking for Book Recommendations (John Savard) Re: Future computing power ("Brian McKeever") Re: On pseudo-random permutation (David A. Wagner) Re: Future computing power (David A Molnar) when does PGP start to support key server (qun ying) Re: blowfish problem (Eric Smith) Re: Future computing power ([EMAIL PROTECTED]) secrets and lies in stores (David A Molnar) From: [EMAIL PROTECTED] Subject: 96-bit LFSR needed Date: Mon, 28 Aug 2000 22:00:31 GMT I am trying out the stream cipher where I take three bytes from the LFSR in the form (a, b, c) and return (((a+1)(b+1)) mod 257)+c) mod 256 as the stream output. I started with the nice 32-bit LFSRs from ORYX but then quickly realized a divide and conquer attack. So I think using one larger LFSR is the way to go. However, the LFSR in Applied Crypto is a sparse 96-bit one. I would prefer to use a dense 96-bit LFSR. The stream cipher is not fast, but it's meant for things like a 8051. The mod 257 may slow it down a bit, but I bet a 11mhz 8051 could keep up at 9600 transmission :) Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- Crossposted-To: comp.security.pgp.discuss From: Tom McCune <[EMAIL PROTECTED]> Subject: Re: PGP Bug: IMPORTANT Personal test report Date: Mon, 28 Aug 2000 22:08:54 GMT =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 In article <8odrag$atb$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Steven Markowitz) wrote: >If the public key contains only the key id of the ADK, then isn't that a >serious security flaw? My understanding is that the ADK is represented by the fingerprint, not the key ID. =BEGIN PGP SIGNATURE= Version: PGP Personal Privacy 6.5.3 Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm iQA/AwUBOarjjw2jfaGYDC35EQIepwCeLiIec+ruUZleMbgi/ltIyj2jmpQAoLsN IEnYhnSPMv0stzcXrEMS46El =CwKN =END PGP SIGNATURE= -- From: [EMAIL PROTECTED] Subject: Re: Blowfish question (and others) Date: Mon, 28 Aug 2000 22:14:26 GMT In article <39aade6d$0$[EMAIL PROTECTED]>, "Jeffrey Walton" <[EMAIL PROTECTED]> wrote: > Hey David, > > I recall hearing a german mathematician all but broke DES. I have no > references to back the statement. Have you heard anything similar (or is > more misinformation). Misinformation. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: David A Molnar <[EMAIL PROTECTED]> Subject: Re: Future computing power Date: 28 Aug 2000 22:17:06 GMT [EMAIL PROTECTED] wrote: >> cluster capable of delivering 30 Teraflops next year. In >> 2004 there will be a system delivering 100 Teraflops. > First off what the heck is a flop? All I know is MIPS. A "flop" stands for FLoating-point OPeration. A "flops" is then a floating point operation per second. People who do scientific computing care very much about such things. They tend to have very big problems and a lot of money to spend on hardware. D.J. Bernstein has argued here and probably elsewhere that we should be basing our crypto on floating point arithmetic for speed, because that way we can take advantage of this hardware. In any case, giving speed in flops indicates that the people marketing the machine want to sell to our friends in physics and other continuous sciences. > Computer speed will really only affect the tractibilty of PK cracking > not symmetric stuff. And even there bandwidth/memory is of more > importance then speed anyways. Er, Tom, what about brute-forcing a 64-bit key? What about attacks on ciphers which reduce keyspace to effective 60-70 bits? > If you take the trend of moores law, we can expect 4ghz computers > sometime in 2002. With the current 400mhz bus (or let's say 800mhz > bus) the cpu better have a large L1 cache :) Yes, it probably will need a large L1 cache. Is your point that memory is unlikely to follow the same curve as CPU speed? -David -- Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]> From: "Jeffrey Walton" <[EMAIL PROTECTED]> Subject: Re: ZixIt Mail Date: M
Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #11 Sun, 16 Apr 00 18:13:01 EDT Contents: Re: ? Backdoor in Microsoft web server ? [correction] (Roger) Re: GOST idea (Tom St Denis) Re: Open Public Key (Tom St Denis) Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield) Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don't let him in ..." (JimD) Re: One Time Pads Redux (JimD) Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield) Re: Why is this algorithm insecure? (Newbie flamefodder) (Tom St Denis) Re: Q: Entropy (Diet NSA) Re: Why encrypt email... (David Crick) Re: Why is this algorithm insecure? (Newbie flamefodder) (Richard Heathfield) Re: Q: NTRU's encryption algorithm (Diet NSA) Re: ? Backdoor in Microsoft web server ? [correction] (Jim Gillogly) Re: Why is this algorithm insecure? (Newbie flamefodder) (Tom St Denis) asymmetrical systems ("rewted") Re: asymmetrical systems (Bill Unruh) Re: ? Backdoor in Microsoft web server ? [correction] (Mok-Kong Shen) Re: GOST idea (Mok-Kong Shen) Help with Exponentiation Cipher ("Monkey Boy") Re: Q: Entropy (Bryan Olson) Re: My STRONG data encryption algorithm (Nobody Home) Re: asymmetrical systems (Tom St Denis) Re: My STRONG data encryption algorithm (Tom St Denis) Re: GOST idea (Tom St Denis) Re: Why is this algorithm insecure? (Newbie flamefodder) (Boris Kazak) From: Roger <[EMAIL PROTECTED]> Subject: Re: ? Backdoor in Microsoft web server ? [correction] Date: Sun, 16 Apr 2000 12:38:32 -0700 Jim Gillogly wrote: > Regardless of precisely which magical powers the back door gives, > it a back door put into offical Microsoft code by official > Microsoft (weenie) engineers. And presumably MS will use source code control logs to find the guilty party, and fire him. No doubt this incident will be used to support the thesis that open source software is the only way to get security. -- From: Tom St Denis <[EMAIL PROTECTED]> Subject: Re: GOST idea Date: Sun, 16 Apr 2000 19:41:27 GMT Mok-Kong Shen wrote: > > Tom St Denis wrote: > > > > I like the simplicity of gost... hmm Let's change the F function to be > > > > F(x) = S(2x^2 + x) <<< 11 > > > > Where S is the parallel application of the eight 4x4 sboxes. This would > > have much higher avalanche and only make the F function slightly more > > complex. > > I suppose one should be careful and do sufficient amount of > experiments to verify the avalanche properties, unless one > has a theoretical proof. Well my idea cannot technically be any worse then before since F(x) 2x^2 + x is a permutation in GF(2^w). Another balanced approach would be todo this F(x) = S(S(x) <<< 11) <<< 11 Which should increase the avalanche significantly and keep the algorithm complexity about the same, just twice as slow in the F function. Another good point of GOST is the ram requirement, all you need is the 32 bytes of round keys, and 256 bytes for the sbox [or 1kb if you pre-expand the sbox values]. Tom -- From: Tom St Denis <[EMAIL PROTECTED]> Subject: Re: Open Public Key Date: Sun, 16 Apr 2000 19:45:15 GMT Mark Wooding wrote: > > > You're still mixing up safe and strong primes. > > > > > > If you have a safe prime p = 2q + 1, then 4 is a generator of the > > > order-q subgroup (exercise: prove this). This is probably a good choice > > > of generator for Diffie-Hellman and ElGamal-like systems. > > > > From what I can tell if p = 2q + 1, then p mod 4 = 3 'hmm duh', then we > > get 4^q mod p = 1 and 4^2 mod p != 1. > > In more detail, 4^q = 2^{2q} = 1 (mod p), but yes. Ouch I should have gotten that. Well I just picked up a book called "Fundamentals of Number Theory" it deals alot with the type of math you would see in cryptography (quadratic residues, euclids algorithms, etc...) So now I can "get a clue" :). Can't wait to get reading the book. Tom -- Date: Sun, 16 Apr 2000 20:51:50 +0100 From: Richard Heathfield <[EMAIL PROTECTED]> Subject: Re: Why is this algorithm insecure? (Newbie flamefodder) stanislav shalunov wrote: > > Richard Heathfield <[EMAIL PROTECTED]> writes: > > > Thank you. I'm not sure, however, that I have understood you correctly. > > You seem to be saying that Eve can decrypt any message she likes, > > provided she has first done a chosen plaintext attack on a message that > > length and using the same key as Alice. Okay, yes, that's a problem. But > > how would she do such an att
Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #10 Fri, 12 Nov 99 18:13:03 EST Contents: Re: ENCRYPTOR 4.0 crack DEMO ([EMAIL PROTECTED]) Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter") Re: ENCRYPTOR 4.0 by Comotex USA Inc. CRACKED !! ([EMAIL PROTECTED]) Re: Your Opinions on Quantum Cryptography (Anton Stiglic) Re: Public Key w/o RSA? (DJohn37050) Re: Public Key w/o RSA? (John Savard) Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser) Re: Proposal: Inexpensive Method of "True Random Data" Generation (Patrick Juola) Re: PALM PILOT PGP found here (Keith A Monahan) Re: ENCRYPTOR 4.0 crack DEMO (JPeschel) Re: RC4 in Kremlin US version 2.21 to tom st denis (Tom St Denis) effect of password entropy on public key/ECC? (Bill McGonigle) Re: Proposal: Inexpensive Method of "True Random Data" Generation (fungus) Re: Proposal: Inexpensive Method of "True Random Data" Generation (Nicolas Bray) From: [EMAIL PROTECTED] Subject: Re: ENCRYPTOR 4.0 crack DEMO Date: Fri, 12 Nov 1999 19:39:38 GMT Ok let's try a little demo to show that Encryptor 4.0 is cracked. First a known plaintext attack demo : I have 3 files crypted with the same password with Encryptor 4.0 I know that the file : email.txt contains this : ( the header of an email to me ) but the password used to encrypt the 3 files is unknow. Delivered-To: [EMAIL PROTECTED] it gives : 44 65 6C 69 76 65 72 65 64 2D 54 6F 3A 20 61 6C 65 78 61 6E 64 65 72 6D 61 69 6C 40 68 6F 74 6D 61 69 6C 2E 63 6F 6D the ciphertext in the file email.txt.ecr is : A5 85 CD 87 F5 B0 E4 B9 A2 32 CB B7 B7 40 A5 8E A9 DB AF 9E 9D B0 D4 9E 81 DA EB 8F 73 77 C7 95 83 6A BE 35 6E BD DF I substract each byte of the ciphertext to the plaintext and it gives me the initial output of the stream cipher of that key. ( example 0xa5-0x44 = 0x61, 0x85-0x65=0x20) it gives ( this is the output of the stream cipher ) : 61 20 61 1E 7F 4B 72 54 35 05 77 48 7D 20 44 22 44 63 4E 30 39 4B 62 31 20 71 7F 4F 0B 08 53 28 22 01 52 07 0B 4E 72 You can see that the output of the stream cipher is only 7 bits per byte ( not 8 ) Yet i can crack directly cracked the two other files : a.txt.enc and b.txt.enc a.txt.enc (ciphertext) : B5 88 CA 91 9F B4 E5 74 9F 25 EB AD F0 94 64 8F A9 D6 C1 91 A0 B0 82 83 79 C3 D8 A1 64 5A AC 35 2C 9D I XOR this ciphertext with the output of the stream cipher, it gives : This is j test message RYRYRYRY an error occurs for letter 'j', it should be 'a' i don't know yet why but the soft seem to be cracked, no ? I let you try to decode the file : b.txt.enc (ciphertext) : AA 40 D5 86 E8 B9 DD 74 B2 6D E0 BB 9D 93 B3 88 B8 83 B7 A3 59 AE D4 92 83 DC E4 B3 2B 29 60 32 Then Encryptor 4.0 cracked or not cracked ?? :)) For a ciphertext attack only, you can do as i described i an other post. Even with only two ciphertexts with the same password, it can be broken. As Jim Gillogly, he will explain this better than me. You search in the two ciphertexts, probable words ... Then Encryptor 4.0 cracked or not cracked ?? Alexander PUKALL November 12, 1999 Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "james d. hunter" <[EMAIL PROTECTED]> Crossposted-To: sci.math,sci.misc,sci.physics Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Fri, 12 Nov 1999 14:37:59 -0500 Reply-To: [EMAIL PROTECTED] Coen Visser wrote: > > "james d. hunter" wrote: > > > It was never claimed that words are anybody's trademark. > > It is suggested that the -same- word is better off -not- > > being used in two completely different [contexts] simultaneously. > > Agreed. > > > [...] But, if you are implementing a dynamic system -digitally- :0), you > > have to treat the mathematics as if it were a physical system, > > if you want it behave correctly. > > And you have to consider the limits of computers if you want > your model to behave correctly. What makes you that computers have limits? The fact that "scientists" sometimes misuse the concept of limit. That's just philosophy that gets plowed under as technology advances. > > >Theoretical Computer Science folks can do whatever they want, since > >as far as I can tell, almost nothing they do concerns computers. > > I take it you are not a (theoretical) computer scientist. Yes, that's correct. Theoretical computer scientists are mostly philosophers also, since very little of what they do concerns computers or science. -- From: [EMAIL PROTECTED] Subject: Re: ENCRYPTOR 4.0 by Comotex USA Inc. CRACKED !! D
Cryptography-Digest Digest #559
Cryptography-Digest Digest #559, Volume #9 Tue, 18 May 99 08:13:03 EDT Contents: Fractal encryption ("Lysergide") breaking xor encryption? ("Spiffy") Encryption starting ("Hai Huang") symmetric boolean functions (Hankel O'Fung) Re: RSA-modulus binary decomposition ("Ulrich Kuehn") Re: RSA Chips (Vin McLellan) Re: RSA Chips (Vin McLellan) Re: RSA-modulus binary decomposition (Thomas Pornin) Re: Encryption starting ("Jonas Krantz") Re: Scramdisk/Norton query ([EMAIL PROTECTED]) Re: Can Somebody Verify My DES execution? (Goi Bok Min) Re: Toy Function (post didn't work) ([EMAIL PROTECTED]) Re: Mandlebrot transform (Christof Donat) where can i find a frequency list? (Pete) Password hashing in different OSs (Sacha Brostoff) prime numbers and the multplicative inverse ([EMAIL PROTECTED]) Re: Can Somebody Verify My DES execution? (Thomas Pornin) Re: Can Somebody Verify My DES execution? ([EMAIL PROTECTED]) Re: Crypto export limits ruled unconstitutional (Mok-Kong Shen) From: "Lysergide" <[EMAIL PROTECTED]> Subject: Fractal encryption Date: Tue, 18 May 1999 01:54:41 GMT i have been searching the www and newsgroups for technical information/papers/methods etc about fractal encryption and ways of making an excryption algorithm from fractal formulae, can anyone help me out with some information/papers etc on fractal encryption, or any urls that anyone may know of. (as i cant seem to find any that are of any benefit, and have been looking for over 3 months!) thankyou :) Lysergide -- Posted via Talkway - http://www.talkway.com Exchange ideas on practically anything (tm). -- From: "Spiffy" <[EMAIL PROTECTED]> Subject: breaking xor encryption? Date: Mon, 17 May 1999 19:11:37 -0700 Hi How does one break the simple xor encryption program? I'm trying to convince my friend that des and other algorithms are not "crap" because a very long key for an xor program is not secure at all. I looked in Applied Cryptography and saw that "counting coincidences" and shifting by the key and xoring allows you to decrypt it easily. Can somebody clarify that procedure because I didn't really get what his explanation of that (hey, i'm in high school :). What if the person compresses the plaintext and get a real random key? Any other disadvantages that I missed? I guess it would be like one time pad, but even if the key were half the length of the message (or any other fraction), how safe would it be? Could someone easily crack it if it the key is 25k (or larger) on a 100k file? (or any other examples with different numbers?) By the way, what are the main implementation/protocol mistakes that people make that cause des and other strong algorithms to be insecure? thanks for the help --Spiffy -- From: "Hai Huang" <[EMAIL PROTECTED]> Subject: Encryption starting Date: Tue, 18 May 1999 00:09:03 -0700 I am relatively new in encryption, and I'm looking for a good start to medium level encryption book just to get me a good start. I know the basic concept such as stream ciphering and block ciphering, but I need more in depth detail. Anyone have any good suggestions? Thank you very much. -- From: Hankel O'Fung <[EMAIL PROTECTED]> Crossposted-To: sci.chem,sci.econ,sci.image.processing,sci.electronics.design,sci.physics,sci.physics.fluid-dynamics,sci.math Subject: symmetric boolean functions Date: Tue, 18 May 1999 14:44:03 -0700 Dear all, Sorry for crossposting, but I wish to hear suggestions from a wider audience basis. Does anybody know what are the applications of symmetric boolean functions and shift-invariant boolean functions of n (>=3) boolean variables? Here, a function f: {0,1}^n --> {0,1} or f: {0,1}^n --> (0,1) is called symmetric if f(x1, ..., xn) = f(sigma(x1), ..., sigma(xn)) for any permutation sigma, and is called shift-invariant if f(x1, x2, ..., xn) = f(x2, x3, ..., x1) = ... = f(xn, x1, x2, ..., x_{n-1}). I am particularly interested in any applications of these functions with n>=3. Thanks in advance. Regards, Hankel -- From: "Ulrich Kuehn" <[EMAIL PROTECTED]> Subject: Re: RSA-modulus binary decomposition Date: 14 May 1999 14:45:55 +0200 [EMAIL PROTECTED] writes: > > Let m=37=5*B be an RSA modulus. Factors 5 and B (11 dec.) should be > found. > In binary form it looks as 37=110111, 5=0101, B=1011. The factors we > note in binary form as a(3)a(2)a(1)a(0) and b(3)b(2)b(1)b(0). At this > moment > we know that [other stuff deleted] You might want to check your math again. 37 is prime, so it cannot equal 5*11, which is 55. Ulrich --