Cryptography-Digest Digest #602
Cryptography-Digest Digest #602, Volume #14 Wed, 13 Jun 01 06:13:01 EDT
Contents:
IQ Test - The Answer (IQTaste)
Re: Simple Crypto II, the public key... (Vincent Quesnoit)
Re: Some questions on GSM and 3G (Dave)
Re: Free Triple DES Source code is needed. (Paul Schlyter)
Re: Free Triple DES Source code is needed. (Paul Schlyter)
Re: Help with Comparison Of Complexity of Discrete Logs, Knapsack, and (Mok-Kong
Shen)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (Mok-Kong Shen)
Re: Alice and Bob Speak MooJoo (David A Molnar)
Re: Alice and Bob Speak MooJoo (Phil Carmody)
Re: Free Triple DES Source code is needed. (Tom St Denis)
Re: Sophie-Germain Primes for sale (Tom St Denis)
Re: Alice and Bob Speak MooJoo (Phil Carmody)
Re: Sophie-Germain Primes for sale (Tom St Denis)
From: [EMAIL PROTECTED] (IQTaste)
Date: 13 Jun 2001 04:47:33 GMT
Subject: IQ Test - The Answer
http://www.geocities.com/iq516/
--
From: Vincent Quesnoit [EMAIL PROTECTED]
Subject: Re: Simple Crypto II, the public key...
Date: Wed, 13 Jun 2001 07:40:32 +0200
Reply-To: [EMAIL PROTECTED]
The modpow function can be greatly improved by use of repeated squaring
instead of simple multiplications, this woulreduce the number of
operation to a maximum of 2*log(exponent).
int mod_pow(int ch, int exp, int modulo)
{
int i, result,power;
result = 1;
power = ch;
while (exp !=0){
if ((exp 1)==1) {
result = (result * Power) % modulo;
}
Power = (Power *Power)% modulo;
exp =1;
}
return result;
}
HTH,
Vincent
Fat Phil a écrit :
[EMAIL PROTECTED] wrote:
Phil Carmody [EMAIL PROTECTED] wrote:
: OK, is there an asymmetric equivalent to the symmetric
: while(c=getchar()!=EOF) putchar(c^k);
Okay, I know this is really simplistic, but it does work.
[SNIP]
Both programs are basically just RSA.
[SNIP]
Thanks, nice, short, simple. Real simple.
I'd wield C99's long longs at it, to get pq=64bits for improved
delusion of security! :-)
I'm scratching my head as we speak, and I intend to throw something
together which is not much more complicated code-wise, but much more
secure...
I'm thinking ElGamal... I'm thinking of chosing P so that I can cheat
when it comes to mod operations...
Phil
--
Crossposted-To: alt.privacy
Subject: Re: Some questions on GSM and 3G
From: [EMAIL PROTECTED] (Dave)
Date: Wed, 13 Jun 2001 06:52:27 GMT
Boyd Roberts [EMAIL PROTECTED] wrote in
9g6mcc$i2n$[EMAIL PROTECTED]:
what's the bet that 3G will just die? all it seems to be
is a revenue generator for governments who control spectrum
resources and licencing.
You should know that yourself.
Do you any use for it?
Not for serious data transmission; not storage and display not big
enough.So the internet isn't a serious use. Do you wish to be spammed
by businesses? Who is going to pay?
Would your friends use it?
Its an overhyped technology that isn't ready, and invention waitng for
a use.
--
--
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Free Triple DES Source code is needed.
Date: 12 Jun 2001 02:22:22 +0200
In article qj9V6.87861$[EMAIL PROTECTED],
Tom St Denis [EMAIL PROTECTED] wrote:
Sam Yorko [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Tom St Denis wrote:
[EMAIL PROTECTED] wrote in message
news:rhlI6.389$[EMAIL PROTECTED]...
Hi;
I have looked every where on the web to find a Free C/C++ Source Code
implementation of Triple-DES.
I have found some, but it either has a damaged zip or tar file.
Can some one help me please? Where can I find the Triple DES source
code?
Not to be picky but look harder. It's not hard to find FTP's that have
tons of source code.
Second what is this C/C++ thing you talk about? It's C *OR* C++ not
both.
That's like saying I eat apple-pears instead i eat apples and/or
pears.
The combo is non-existant.
Tom
Obviously you've never eaten fruit cocktail...
We have projects where we are compiling C and C++ source modules, and
then linking them into a single executable
Yes, but you compile the C++ parts with a C++ compiler and C parts with
a C compiler.
That's like saying I use a C/C++/ASM compiler since some of the object code
comes from assembly written routines (i.e crt0 in GCC).
C++ compilers and C compilers aren't as separate as you seem to
believe. Today most C++ compilers are also able to compile C
programs as C programs (no C++ name mangling of externals; C instead
of C++ scope rules, etc).
Yet some care must be taken when linking C modules and C++ modules
into the same executable: main() usually resides in a C++ module,
and C++ code usually calls C code but rarely the other way around.
Yet it is much much
Cryptography-Digest Digest #602
Cryptography-Digest Digest #602, Volume #13 Thu, 1 Feb 01 03:13:01 EST Contents: Diffie Helman (George) Re: Did NSA change the ECDSA-standard (Roger Schlafly) Re: More About Passwords (Thomas Wu) Re: MIKE - alternative to SPEKE and PAK (Thomas Wu) Re: Most secure code for US Citizen. (Paul Crowley) Re: On combining permutations and substitutions in encryption (wtshaw) Re: Digits of PI (Boris Kazak) From: George [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Diffie Helman Date: Thu, 01 Feb 2001 00:11:33 -0600 I have been looking at the Diffie Helman algorithm, are there are some things that I don't understand about it. This is how it is explained in Applied Crypto: g and n are large primes known by both Alice and Bob. (Note: I'm using the "^" symbol to denote power arithmatic. Ex: 2^3 = 2*2*2 = 8) 1)Alice chooses a random large integer x, and sends Bob: X = (g^x) mod n 2)Bob chooses a random large integer y, and sends Alice: Y = (g^y) mod n 3)Alice computes k = (Y^x) mod n 4)Bob computes k' = (X^y) mod n How can x and y be "extracted" from the X and Y that are sent? A statement made at the bottom of that page makes no sense to me too. It says "No one listening on the channel can computer that value (refering to k); they only know n, g, X, and Y". Isn't that all Alice and Bob know about each other after they've exchanged data? If Alice uses some function to extract Bob's y value from Y, what would keep a channel listener from using the same value to extract the same values and calculating k? Please help me with this. Thanks. -George [EMAIL PROTECTED] -- From: Roger Schlafly [EMAIL PROTECTED] Subject: Re: Did NSA change the ECDSA-standard Date: Wed, 31 Jan 2001 22:18:10 -0800 Benjamin Goldberg wrote: I guess the conspiracy theorists might conclude that those are the curves that NSA can break. Only if those conspiracy theorists were very stupid and completely ignored point number 4 -- which was that it was later proved that non-prime fields were weak. That could just be disinformation. There is an attack in those cases, but I wouldn't quite say that they were proved weak. -- From: Thomas Wu [EMAIL PROTECTED] Subject: Re: More About Passwords Date: 31 Jan 2001 22:33:36 -0800 [EMAIL PROTECTED] (John Savard) writes: This uses elements of Kerberos (the security server), but mainly it makes use of EKE to carry out a version of KEA. It relies on EKE as presented here, although perhaps it can be modified to work with other techniques. Maybe this is an obvious suggestion, but how what you're proposing different from Kerberos V5 using a strong-password-protocol like EKE/SRP/PAK for preauthentication? The KDC is the "security server", which is locked down and only grants tickets, so its software can be carefully audited, and the user's Kerberos ticket is verifiable by the "host computer" and contains a strong secret that can be used to communicate with the host, but this secret is independent of the user's password and can't be brute-forced easily. Someone breaking into a host computer can't get anything that would help break passwords, since no such information is stored there. Even impersonating the host fully would not help - all the attacker sees are the tickets and (possibly) the random secret keys they contain. so if there's a new protocol that *really* protects against dictionary attack out there, I haven't encountered it. That's why I'm showing how one can obtain such protection - if one has one computer dedicated to a security function which can be considered immune to attack. John Savard http://home.ecn.ab.ca/~jsavard/crypto.htm Tom -- Tom Wu* finger -l [EMAIL PROTECTED] for PGP key * E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in Phone: (650) 723-1565 exchange for security deserve neither." http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/ -- From: Thomas Wu [EMAIL PROTECTED] Subject: Re: MIKE - alternative to SPEKE and PAK Date: 31 Jan 2001 23:29:36 -0800 "Michael Scott" [EMAIL PROTECTED] writes: "Thomas Wu" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... "Michael Scott" [EMAIL PROTECTED] writes: Actually not so easily fixed. Steve hasn't committed to his knowledge of v early enough, which allows an off-line dictionary attack as outlined in Wu, section 3.2.3, so 3. Carol: A=3^a.4^x mod p Carol sends A to Steve 4. Steve: B=v.3^b. u=4^r. Steve sends B and u to Carol. 5. Carol calculates S=(B/4^x)^a.u^x. Steve calculates S=(A/v)^b.v^r But this is precisely Jablon's B- extension for converting a non-verif
Cryptography-Digest Digest #602
Cryptography-Digest Digest #602, Volume #11 Fri, 21 Apr 00 20:13:01 EDT
Contents:
Re: suggested change to cb (Tom St Denis)
Re: Sophie-Germain and ElGamal (Tom St Denis)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally (James Felling)
Re: 40-Bit DES Question (zapzing)
Re: The Illusion of Security (Terry Ritter)
Re: The Illusion of Security (Tom St Denis)
Re: SSL and "man in the middle" attack (Francois Grieu)
Re: New version of MIRACL ("Dann Corbit")
Re: new idea for symmetric cipher construction ("Harvey Rook")
Re: Requested: update on aes contest (Bruce Schneier)
Re: New version of MIRACL (lordcow77)
Re: SSL and "man in the middle" attack (Paul Rubin)
Re: SSL and "man in the middle" attack (Francois Grieu)
Re: ? Backdoor in Microsoft web server ? [correction] (Tim Tyler)
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: suggested change to cb
Date: Fri, 21 Apr 2000 22:10:35 GMT
Joseph Ashwood wrote:
How about dynamically allowing various chaining methods.
Something like:
CBC(void *in, void *out,cipher_state *state, *cipher(...))
Or port it over to C++ and encapsulate the extras.
With the new interface you can do whatever you want with the symmetric
ciphers. CBC encryption is already provided for message packets, as for
adding CBC/etc to the single shot routines... hmm maybe.
How about a TCP/IP connection/negotiation, send, recieve,
and close. Seperate configuration for the TCP/IP stack
(preferred and allowed ciphers).
This is hardly portable though...
Tom
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: Sophie-Germain and ElGamal
Date: Fri, 21 Apr 2000 22:14:12 GMT
Joseph Ashwood wrote:
Again you are wrong. Specifically constructed primes are
not random
(well primes aren't truly random either, however...).
I was not stating that one should construct a prime in some
manner, more that one should verify that the randomly chosen
prime is not likely subject to errors. And the last time I
checked there was no dependable way to construct a prime
without randomly generating nearly as large primes.
If you make --p and p++ strong primes, they are hardly as random as
simple primes. So by any 'special' filtering on the primes you make
them less random. Of course in the case of ElGammal the prime must be
-p prime.
Generally you just make random primes of the required
size.
My earlier
point was that older methods such as pollard-rho can work
on big
numbers, just with very low probability (not zero prob).
And with proper precautions, the probability goes to 0. What
I encourage seems to me to be simply common sense, if there
is a potential flaw in the number you chose, check for it,
that way you can eliminate the possibility of that problem.
Perhaps you don't do this, if so that is your decision, but
some of us prefer safer methods.
But in RSA your primes will be much less random, which is a bad thing
since the security is conjectured only for two random primes. Again the
chances (hey Bob give us a quote here) of a n-bit (for n = 512) prime
having small factors for -p or p+ is very little. And those routines
will take (for the majority n-bit primes) more time then say NFS.
Just pick two random primes, tiss all you need.
Tom
Joe
--
From: James Felling [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally
Date: Fri, 21 Apr 2000 17:16:23 -0500
"Trevor L. Jackson, III" wrote:
James Felling wrote:
This program is a clasic example of the assertion that any algortihim that
does not form a group over its keys can if reiterated enough be made
arbitrarially secure.
I have withdrawn any criticisms that I have in re: the security of this
program provided that the Mix files are generated by a sulficient number of
passes of his processes.
I think this begs the question of the definition of "sufficient". In another
post the suggestion was made to have the user enter ~3000 characters of input,
all of it "truly random". Since this is well over the average page of text (at
~2500 characters), we're not talking about a pass phrase, we're describing a
"pass page".
Agreed. I now have no criticism of the available security, but the program's
efficeincy of key use, speed of opperation, and general effectiveness is so low
that there is still no good reason to use it.
1.) Given ~3000 "truly random" characters, or ~24K bits, one can find far more
efficient application of that amount of entropy for security purposes. Even a
50% efficient application of the entropy should give a space of 2^12,000
(10^~3600) rather than the quoted figure of 10^~459.
Ex
Cryptography-Digest Digest #602
Cryptography-Digest Digest #602, Volume #10 Sun, 21 Nov 99 07:13:03 EST
Contents:
GLOBAL INTELLIGENCE ANALYSIS VISION -- ! .. ANALYSTS .. ! ("Markku J. Saarelainen")
Howto make an S/MIME key for Netscape with openssl (Pinhead)
Re: Nova program on cryptanalysis -- also cipher contest (Troed)
From: "Markku J. Saarelainen" [EMAIL PROTECTED]
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.europe,soc.culture.iranian,alt.security
Subject: GLOBAL INTELLIGENCE ANALYSIS VISION -- ! .. ANALYSTS .. !
Date: Sun, 21 Nov 1999 01:10:21 +
Copyright 1996 Markku J. Saarelainen
NOTE: This Intelligence Analysis Vision was first published in January,
1995 and revised twice in July, 1995 and January, 1996. This is the
third revision of the original vision document, and this revision will
be revised within one year. If you have any constructive comments and/or
recommendations for revising this vision statement and/or any related
objectives, please, send them to my email address: [EMAIL PROTECTED]
- thank you in advance for your participation in this important
development process.
===
GLOBAL INTELLIGENCE ANALYSIS VISION
July, 1996
by
Markku J. Saarelainen
INDEX
1. Foreword
2. Electronic Documentation and Records
3. Intelligence Analyst
4. Electronic Consultation
5. Information Security Solutions
6. Management Organization
7. Global Information Networks
8. Changes in Human Behavior and Organizational Culture
9. Communication Technologies Standardization
10. Conclusions
1. FOREWORD
The future technologies and advancements in different sciences shall
enable us to change our communication and human interaction processes.
We have already various options and alternative methods for expressing
ourselves and communicating our messages to our desired and targeted
receivers. However, the number of these options will increase and the
effectiveness of different communication techniques will improve in the
future. Not only the communication become faster, but the content and
scope of the information and data will become more complex and broader.
We will be able to receive, process, store, maintain and analyze
communications and signals faster, more effectively and reliably.
These changes shall require us to update and develop our intelligence
analysis systems to keep up with this fast information technology
development and innovation. We will need to be able to provide technical
and behavioral solutions, and to response to specific organizational
needs and demands. It will be important to ask right questions and it
shall be essential for us to provide right answers to these questions:
What is the future of the intelligence system analysis?
How does the information age revolutionize the philosophy and principles
of the intelligence analysis?
What is the role of the intelligence analyst?
What are the future requirements for intelligence analysis systems?
What are required changes in our national and global organizations?
How can we facilitate organizational changes so that results would be
most optimum?
2. ELECTRONIC DOCUMENTATION AND RECORDS
The transformation from manual and paper processing systems to fully
computerized and electronic systems was started decades ago, but it
continues today and the nature of this transformation changes and
develops further to improve the communication and information
processing. A major portion of the information is recorded and retained
electronically. The content of the recorded information changes also.
The information can include both video, audio and data. Needs for hard
copies of documents and records decrease, and in many cases hard copies
become unnecessary. It is possible to access a lot of the information
that is required to perform both suitability and conformity intelligence
assessments without being in the location that is analysised. In
addition, new sensor, monitoring and video/audio technologies can be
utilized more efficiently and reliably to gather, collect and record the
intelligence system activities, and then store this information for the
future analysis and replay purposes.
3. INTELLIGENCE SYSTEM ANALYST
The intelligence analyst is able to access the electronic information
anywhere around the world with appropriate access controls and
confidentiality agreements in place. The analysis can be performed from
the home office or from anywhere else. The analyst can perform complete
analysis using the information available in the management's electronic
information system. The analyst may also delegate many of thes
Cryptography-Digest Digest #602
Cryptography-Digest Digest #602, Volume #9 Thu, 27 May 99 11:13:02 EDT
Contents:
Re: DSA (Digital Signature Standard) and the Schnorr Patents (Vin McLellan)
Re: Why would a hacker reveal that he has broken a code? (Wesley Horton)
Re: Review of Scottu19 (Thomas Pornin)
Re: Hot on the heels of hushmail ([EMAIL PROTECTED])
Re: What good is hushmail? (John Kennedy)
Re: AES tweaks ([EMAIL PROTECTED])
Re: Review of Scottu19 (SCOTT19U.ZIP_GUY)
Re: Review of Scottu19 ([EMAIL PROTECTED])
Re: Review of Scottu19 (SCOTT19U.ZIP_GUY)
Re: AES tweaks (SCOTT19U.ZIP_GUY)
Re: crack a hash function? ("Jean Marc Dieu")
Re: Why would a hacker reveal that he has broken a code? (John Savard)
Re: non-computerized cryptography (John Savard)
From: Vin McLellan [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: DSA (Digital Signature Standard) and the Schnorr Patents
Date: Thu, 27 May 1999 03:41:06 -0300
Vin McLellan [EMAIL PROTECTED] wrote:
[Even today -- a year after the NSA gave up on Fortezza
(because, said the Agency internally, it couldn't get secure
workstations for network management)-- it still takes a formal Waiver
Proclamation by the Director or CIO of a federal agency to allow any
federal entity to escape the DSS FIPS. The EPA announced such a FIPS
140 Waiver a week ago, so that the EPA could use the RSAPKC in Lotus
Notes. (See: http://jya.com/epa051099.txt)
Joshua E. Hill [EMAIL PROTECTED] noted:
A minor point:
This was only for signatures. FIPS 140-1 (the standard that crypto
modules must meet in order to be used by the US government) allows
"commercially available public key methods" to be used for key
distribution.
My typo. Sorry. I meant to write FIPS 186 (DSS) but
mistakenly typed FIPS 140 (which specifies the requirements for a
validation of FIPS-compliant crypto modules).
Teach me not to toss out something like this off the cuff;-)
The EPA's May 10th waiver proclamation -- required so EPA
could continue to use the RSA-based cryptosystems distributed with
Lotus Notes -- specified that the waiver applied to FIPS PUB 186
(DSS), FIPS 180-1 (Secure Hashing Standard), the FIPS 46-2 (DES). The
jya.com URL cited above has the full text of the waiver.
You could always have used RSA for encryption, just
not signatures. In fact, you could have included RSA for signatures,
as long as you also included DSA for signatures, and specified a
mode that didn't use RSA for signing.
I don't believe that is completely accurate, although it is
true that the FIPS, per se, allowed all that, and required no more
than that.
The ESS (FIPS 185) is, after all, a uniquely "voluntary" federal
procurement standard -- just because its long-classified algorithms
were not open for the public comment required for a mandated FIPS.
What this comment overlooks, however, is the pervasive full-court
press the NSA (and for awhile, NIST) put on the other federal agencies
to eschew RSA (and D-H, for that matter) and to wait for Fortezza.
I know of major IRS and NASA networks which were designed around PKC,
but which were ultimately brought into service without cryptographic
protection because of direct NSA intervention. I understand that other
examples abound.
The only major exception, so far as I know, was the CIA (which used
Lotus Notes extensively and wasn't about to ask the NSA for permission
to turn on its cryptographic features.) The NSA apparently found it
difficult to overawe the CIA.
There are many on these Lists who could surely address this better
than I, as I recall, but from about 199l to 1997, the US civil
agencies and the military services were subjected to a display of
bureaucratic muscle perhaps unprecidented since WWII to keep them in
line, and to keep commercial PKC out of federal networks.
Managing the aggregate federal purchasing power in InfoSec was
crucial to the NSA's strategy for promoting the commercialization of
GAKed cryptosystems.
Of course, this is all moot today, as ANSI x9.31 (rDSA) was adopted
in FIPS 186-1. (rDSA is RSA without the name problems...) So today,
you can use RSA for both encryption and signing in FIPS compliant
crypto modules...
There are still a few (FIPS 140-type) "I"s to be dotted and "T"s to
be crossed, but doubtless SDTI -- RSA's parent company, and a
long-time client of my firm -- will be estatic if that soon becomes
true.
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent,
for good and ill... yet basically an intellectual construct, an idea,
which by its nature will resist efforts to restrict it to bureaucrats
and others who deem only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin Mc
