Cryptography-Digest Digest #703
Cryptography-Digest Digest #703, Volume #13 Sun, 18 Feb 01 05:13:01 EST Contents: Re: Most secure code for US Citizen. ("Douglas A. Gwyn") is "randomness" an information source? (Daniel Ortmann) Re: Super strong crypto (Steve Portly) Re: á÷ôïûéîù îå äïòïçï éú ñðïîéé ("Augusto Jun Devegili") Re: My encryption system. (Boris Kazak) Re: =?koi8-r?Q?=E1=F7=F4=EF=FB=E9=EE=F9=20=EE=E5=20=E4=EF=F2=EF=E7=EF=20=E9=FA=20=F1=F0=EF=EE=E9=E9?= (Boris Kazak) Re: á÷ôïûéîù îå äïòïçï éú ñðïîéé (Nuno Souto) Re: is "randomness" an information source? ("Douglas A. Gwyn") Re: Super strong crypto ("Douglas A. Gwyn") "Shuffled ARC4" revisited ("r.e.s.") Re: á÷ôïûéîù îå äïòïçï éú ñðïîéé (Rolf Kleinknecht) Re: "Shuffled ARC4" revisited ("Scott Fluhrer") Authentication before Key Exchange (George) Re: Ciphile Software: Why .EXE files so large (Paul Crowley) Re: Authentication before Key Exchange (Thomas Wu) PGP 658 with Netscape Mail ("Benjamin Scherrey") Re: Super strong crypto (wtshaw) Re: Most secure code for US Citizen. (wtshaw) Re: Authentication before Key Exchange (Hard) Re: "Shuffled ARC4" revisited ("r.e.s.") From: "Douglas A. Gwyn" <[EMAIL PROTECTED]> Crossposted-To: talk.politics.crypto Subject: Re: Most secure code for US Citizen. Date: Sun, 18 Feb 2001 01:09:03 GMT Sundial Services wrote: > To use another analogy: it has always been a crime to defeat a lock on > someone's door. But the crime has never been "the act of breaking the > lock!" Rather, the crime has been "the act that you had to break the > lock in order to achieve Not quite accurate, but the idea is right. Objectively defined crime would include trespassing and burglary even in the absence of a lock. -- From: Daniel Ortmann <[EMAIL PROTECTED]> Subject: is "randomness" an information source? Date: 17 Feb 2001 19:24:56 -0600 I was told by someone that "randomness" in an information source, but that doesn't sound correct. Since he was talking about a "program" which he wrote which *used* randomness, it seems to me that he *himself* was the information source for the program. After all, he didn't write the program by throwing dice. And even if he did, the instant he would start "picking and choosing" which rolls to accept, HE would again become the information source. Can someone clear this up? Also, one other question: How do I best explain the difference between the high information content of a message, each bit of which is described as "random", and the content of a message which was generated by a meaningless random roll of the dice? Thanks! -- Daniel Ortmann, IBM Circuit Technology, Rochester, MN 55901-7829 [EMAIL PROTECTED] / internal 8.553.6795 / external 507.253.6795 [EMAIL PROTECTED] home 507.288.7732 "The answers are so simple, and we all know where to look, but it's easier just to avoid the question." -- Kansas -- From: Steve Portly <[EMAIL PROTECTED]> Subject: Re: Super strong crypto Date: Sat, 17 Feb 2001 20:34:27 -0500 "Douglas A. Gwyn" wrote: > Steve Portly wrote: > > The implementations that pop into mind would be temptingly easy to > > modify into much stronger configurations. Unless there is some new > > breakthrough that will balance the equation, I don't see an > > organization like NIST approving such a cipher scheme? > > Sorry, I didn't understand any of that. It seems that you are > saying that super strong crypto is easy to attain and that there > would be some kind of suppression of such technology, but maybe > you meant something else? I wouldn't quickly agree to either of > those points.. Your proposal sounded as though it would be very effective in keeping the strength of the key intact. Searching the internet for ciphers offering *all* of the features you mentioned turned up nothing. Most of the crypto implementations I have seen use very standardized components and assigned key spaces. I am sitting here trying to think of a way to implement this cipher in a way that would deter hacked non standard copies from being distributed. -- From: "Augusto Jun Devegili" <[EMAIL PROTECTED]> Subject: Re: á÷ôïûéîù îå äïòïçï éú ñðïîéé Date: Sat, 17 Feb 2001 22:58:05 -0300 ciphertext. ;-) -- From: Boris Kazak <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: My encryption system. Date: Sun, 18 Feb 2001 02:27:55 GMT Keill_Randor wrote: (snip*) > have to understand exactly what data encry
Cryptography-Digest Digest #703
Cryptography-Digest Digest #703, Volume #12 Sun, 17 Sep 00 22:13:01 EDT Contents: Re: Dangers of using same public key for encryption and signatures? ("Brian Gladman") Re: Killer aircraft to fly again? (Ogden Johnson III) Re: Assistance (David A Molnar) Re: winace encryption algorithm (David A Molnar) Re: Killer aircraft to fly again? (Ross Smith) Re: Lossless compression defeats watermarks ("Paul Pires") Frequency Analysis Tables ("SafeMode") Re: SDMI Crypto Challenge ("Paul Pires") Re: ExCSS Source Code (David A Molnar) A Degree in Encryption ("Nasser Ismaily") Re: wince encryption algorithm (An Metet) Re: Killer aircraft to fly again? (Brian Allardice) Re: S-Boxes ("Douglas A. Gwyn") wince encryption algorithm (No User) From: "Brian Gladman" <[EMAIL PROTECTED]> Subject: Re: Dangers of using same public key for encryption and signatures? Date: Sun, 17 Sep 2000 22:29:44 +0100 "Simon Johnson" <[EMAIL PROTECTED]> wrote in message news:8q2mo8$lb7$[EMAIL PROTECTED]... > These laws are written by ignorant people for ignorant people. Since > the one-time pad is unbreakable, it lends itself to this situation. Say > the ask for the keys to some file. You xor a non-incriminating plain- > text with the encrypted file to retreive a 'pseudo-one-time-pad key' > You the surrender this as the key. > > They can't prove the key is incorrect without lauching an attack on the > underlying encryption algorithm. Which is probably impossible. > > I agree - this and many other probelms with this legislation were pointed out during its passage through Parliament but the UK government would not listen. Brian Gladman -- From: Ogden Johnson III <[EMAIL PROTECTED]> Crossposted-To: sci.military.naval,alt.conspiracy,sci.geo.earthquakes Subject: Re: Killer aircraft to fly again? Date: Sun, 17 Sep 2000 21:53:56 GMT Mok-Kong Shen <[EMAIL PROTECTED]> wrote: >[EMAIL PROTECTED] wrote: >[snip] > >Please kindly don't cross-post to sci.crypt stuffs >that have nothing to do with cryptology. Thanks. > >M. K. Shen And why, pray tell, should sci.crypt be exempt from its fair share of Usenet kooks? OJ III -- From: David A Molnar <[EMAIL PROTECTED]> Subject: Re: Assistance Date: 17 Sep 2000 21:38:29 GMT Teo Li Xi <[EMAIL PROTECTED]> wrote: > Dear all: > Does anyone here have any experience with implementing Wei Dai's > Crypto++ library in Microsoft Visual C++ 6 environment? I need to use > some of the algorithms in there like DES/IDEA/RSA. If my memory serves, Crypto++ comes with a Makefile. Opening this with VC++ creates a project and can successfully build the library. Do a MSDN search on "makefile" and dealing with projects with makefiles and you should be almost there. -David -- From: David A Molnar <[EMAIL PROTECTED]> Subject: Re: winace encryption algorithm Date: 17 Sep 2000 21:39:30 GMT Mok-Kong Shen <[EMAIL PROTECTED]> wrote: > No User wrote: > [snip] > You posted doubled. I have sent follow-up to the original > thread. He's likely sending several posts via indepdendent chains of anonymous remailers, on the assumption that at least one of the chains will fail. Which, sadly, is an all too fair assumption. -David -- From: Ross Smith <[EMAIL PROTECTED]> Crossposted-To: sci.military.naval,alt.conspiracy,sci.geo.earthquakes Subject: Re: Killer aircraft to fly again? Date: Mon, 18 Sep 2000 10:10:14 +1200 Ogden Johnson III wrote: > > Mok-Kong Shen <[EMAIL PROTECTED]> wrote: > > >[EMAIL PROTECTED] wrote: > > >[snip] > > > >Please kindly don't cross-post to sci.crypt stuffs > >that have nothing to do with cryptology. Thanks. > > > >M. K. Shen > > And why, pray tell, should sci.crypt be exempt from its fair share of > Usenet kooks? Because it already *has* its fair share of Usenet kooks. If we get any more, we'll be over quota and get complaints from Immigration. -- Ross Smith <[EMAIL PROTECTED]> The Internet Group, Auckland, New Zealand "C++ is to programming as sex is to reproduction. Better ways might technically exist but they're not nearly as much fun." -- Nikolai Irgens -- From: "Paul Pires" <[EMAIL PROTECTED]> Subject: Re: Lossless compression defeats watermarks Date: Sun, 17 Sep 2000 15:43:30 -0700 > >The success of watermarking schemes, in a world of lossy compression, > >depends upon either the user&
Cryptography-Digest Digest #703
Cryptography-Digest Digest #703, Volume #11 Thu, 4 May 00 11:13:01 EDT Contents: Re: mod function? (Mark Wooding) Re: GPS encryption turned off (Quisquater) Re: RC5 math (Pred.) Re: GPS encryption turned off (Nicol So) Re: RC5 math (Tom St Denis) Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" ("Neon Bunny") Re: KRYPTOS Something new ? (Anders Thulin) Re: RC6 as a Feistel Cipher (Francois Grieu) Re: RC5 math (Richard Parker) Re: RC5 math (Pred.) Re: Any good attorneys? (David Formosa (aka ? the Platypus)) Re: KRYPTOS Something new ? (Collomb) Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on (Andoni) Re: Any good attorneys? ("DD") Re: Fixed: Sboxgen tool ("DD") Re: Fingerprints and encryption (Markku J. Saarelainen) Re: KRYPTOS Something new ? (Jim Gillogly) Re: - Bestcrypt and ATA-66 enabled m/b (HPT v1.23 drivers for Win2K resolve prob, Win98 still waiting) ("drewjen") From: [EMAIL PROTECTED] (Mark Wooding) Subject: Re: mod function? Date: 4 May 2000 11:16:00 GMT Tom St Denis <[EMAIL PROTECTED]> wrote: > I thought a = b (mod n), meant 'a is congruent to b modulo n'? That's how you read the symbols, not the definition. I think we're veering off-topic here. Can we get back to flaming Mr Szopa, please? ;-) -- [mdw] -- From: Quisquater <[EMAIL PROTECTED]> Subject: Re: GPS encryption turned off Date: Thu, 04 May 2000 13:59:42 +0200 Francois Grieu wrote: > > [EMAIL PROTECTED] (Paul Rubin) wrote: > > > Are you saying they're going to rekey all the receivers > > *except* the one left in the bar? How?! > > A possible solution: > > In each receiver store a permanent serial number j and a > rekeying key KRj derived from a master rekeying key KR > as KRj = ENC(KR,j). KRj is called a diversified key. > > Have the global (!) current traffic key Kt used to encipher > the bulk of the traffic at a given time sent over the air as > multiple (j, Ktj = ENC(ENC(KR,j),Kt)) pairs, for those sole > receivers j you want to rekey (i.e. are white-listed). > > Each receiver tests i in a received pair (i,Kti) against > it's own j, and if it matches decodes Kt = DEC(KRj,Ktj). > > I whish my own company will not sue me for not checking this > is not patented :-) > > Francois Grieu I think it was invented by Louis Guillou in the 80's. I don't know the patent status but it is published in: - the eurocrypt system for pay-TV, - EBU system (derived from the former one). In fact, it is a little bit more subtle in the sense there also is a group key (for 256 receivers for instance) so you can accelerate the process and some trade-offs are possible. See also Macq and Quisquater "Cryptology for digital TV broadcasting" Proc. IEEE, vol. 83, pp. 944-957, Feb. 1995 and the references there. Today I don't know a good link about that not related to hacking (or for "educational purposes" only :-). If you know I'm interested. Jean-Jacques Quisquater, Université de Louvain UCL Crypto Group see http://www.dice.ucl.ac.be/crypto tél. 32.10.47.25.41 (connected to my voicebox and cellular phone) fax: 32.2.358.55.83 (only for me) SMS: send an email (only the subject will be transmitted) to [EMAIL PROTECTED] -- From: Pred. <[EMAIL PROTECTED]> Subject: Re: RC5 math Date: Thu, 04 May 2000 11:30:44 GMT The document says that 2^44 plaintexts is required for the attack. This is not going to happend for another decade or two, now is it? Great! Another question: are the enhancements in RC6 made spesifically to prevent good-pair attacks? Thanks! - Pred > In article <[EMAIL PROTECTED]>, > Richard Parker <[EMAIL PROTECTED]> wrote: > ><[EMAIL PROTECTED]> wrote: > >> Is there a paper available that describes RC5 in mathematical terms > >> including analysis of its strength? > > > >The RC5 encryption algorithm was written by Ronald L. Rivest, who is one of > >the original founders of RSA <http://www.rsalabs.com/>. Information about > >his cipher designs can generally be founds on the RSA website. The first > >published paper in which Rivest described RC5 is available from RSA: > > > > R.L. Rivest, "The RC5 encryption algorithm, "Proceedings of the > > 2nd Workshop on Fast Software Encryption, Springer-Verlag, 1995, > > pp. 86-96. > > <ftp://ftp.rsasecurity.com/pub/rsalabs/rc5/rc5.ps> > > > >A good overview of the analysis that has been done on RC5 has also been > >prepared by RSA: > > >
Cryptography-Digest Digest #703
Cryptography-Digest Digest #703, Volume #10 Wed, 8 Dec 99 06:13:01 EST Contents: Re: If you're in Australia, the government has the ability to modify your files. >> 4.Dec.1999 ("Trevor Jackson, III") Solitaire analysis? ("r.e.s.") Re: NSA competitors (Bruce Schneier) Re: If you're in Australia, the government has the ability to modify your files. >> 4.Dec.1999 ("fuck echelon") AES Randomness Testing ("Ernst G. Giessmann") Re: MMPC - A multi-message encryption algorithm ([EMAIL PROTECTED]) Re: NP-hard Problems (Safuat Hamdy) Re: Random Noise Encryption Buffs (Look Here) (Guy Macon) Re: Why Aren't Virtual Dice Adequate? (Guy Macon) Re: NSA should do a cryptoanalysis of AES (Volker Hetzer) Re: Just how secure is RC4? ([EMAIL PROTECTED]) Re: Ellison/Schneier article on Risks of PKI ([EMAIL PROTECTED]) Re: AES cyphers leak information like sieves (Volker Hetzer) Re: NSA competitors (Volker Hetzer) Is this software a hoax? ([EMAIL PROTECTED]) Re: Random Noise Encryption Buffs (Look Here) (Anthony Stephen Szopa) Re: Is this software a hoax? (Eric Hambuch) Date: Wed, 08 Dec 1999 00:19:53 -0500 From: "Trevor Jackson, III" <[EMAIL PROTECTED]> Subject: Re: If you're in Australia, the government has the ability to modify your files. >> 4.Dec.1999 CoyoteRed wrote: > [EMAIL PROTECTED] said... > > >Orwellian Nightmare Down Under? by Stewart Taggart > > > >3:00 a.m. 4.Dec.1999 PST > >SYDNEY, Australia -- Any data seem different on your computer today? > > So, I guess for the truly paranoid, someone should develop a disk > controller and encryption card that also has a smartcard reader. > On-board strong encryption with part of the key on a smartcard and the > other in bio-memory. Have the controller card never off-load the key, > but use it directly off the card and not allow /any/ outside access to > it. The controller also continuosly securely hashes the contents of > the drive and stores it both on the card and on the encrypted drive > for comparison upon next boot. > > The only thing that I see as a security concern is the user input of > his passphrase. A hacker could conceivably change out the BIOS to log > the passphrase key strokes. (A secure hash of the BIOS as well?) > > If done right, the user would never be in the dark about any tampering > in his system. Similar concepts were discussed here a few months ago in the context of a non-seizable computer. One wants to reserve the information, but make it impossible (literally) of recovery without the requisite key. The base concept was a RAM disk containing an OTP key the same size as the protected disk volume. On power loss the key disappears, but the data is recoverable if the key is reloaded from off-site backup. -- From: "r.e.s." <[EMAIL PROTECTED]> Subject: Solitaire analysis? Date: Tue, 7 Dec 1999 21:28:10 -0800 Anyone know if there have been published analyses of Bruce Schneier's "Solitaire" algorithm? The few postings I've seen claim a detectable bias in letter frequencies, but I don't know how reliable those are. (Especially since they say the algorithm isn't reversible -- whereas it sure looks reversible to me.) So I wonder if I'm misunderstanding something, or if the algorithm now on Counterpanes's website might be a significantly different revision. -- r.e.s. [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] (Bruce Schneier) Subject: Re: NSA competitors Date: Wed, 08 Dec 1999 05:33:33 GMT On Sat, 04 Dec 1999 22:47:49 GMT, [EMAIL PROTECTED] (John Savard) wrote: >On Sat, 04 Dec 1999 18:13:27 +, CLSV <[EMAIL PROTECTED]> wrote: > >>I'm wondering if there is any knowledge about non-US >>government institutes that are specialized in cryptography and >>cryptanalysis? I'm thinking about countries that invest a lot >>in mathematical education like China, Russia, India. > >The Russian one, under the acronym FAPSI, now even has a web site too. > >On the other hand, the Chinese agency - known as the "technical >department" - is very secretive. I know of the Chinese organization as the Ministry of National Security. There's also MI5 and MI6 in the UK, SDECE in France, and the BND in Germany. Israel has Mossad. Bruce ** Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590 Free crypto newsletter. See: http://www.counterpane.com -- From: "fuck echelon&qu
Cryptography-Digest Digest #703
Cryptography-Digest Digest #703, Volume #9 Sat, 12 Jun 99 13:13:03 EDT Contents: Re: LSX Encoder ? (" ") Re: Slide Attack on Scott19u.zip (SCOTT19U.ZIP_GUY) Re: I challenge thee :) (smoke_em) Re: Slide Attack on Scott19u.zip (Horst Ossifrage) Re: MD5 test data (Jim Gillogly) PKCS#10 request (Tomislav Posavec) Re: Slide Attack on Scott19u.zip (Geoff Thorpe) Re: Does scott19u.zip make full use of it's large key size ? ([EMAIL PROTECTED]) Re: I challenge thee :) ([EMAIL PROTECTED]) Re: ATTN: Bruce Schneier - Street Performer Protocol ([EMAIL PROTECTED]) Re: Question from a neophyte ([EMAIL PROTECTED]) Re: cant have your cake and eat it too ([EMAIL PROTECTED]) Re: Slide Attack on Scott19u.zip ([EMAIL PROTECTED]) OTP is it really ugly to use or not? (Cyba Nonymous) From: " " <[EMAIL PROTECTED]> Subject: Re: LSX Encoder ? Date: Sat, 12 Jun 1999 00:49:50 -0700 Hello, Thank you for your help...and I don't know the name a such a program ! I will try your advices. Thank you. -- On Mon, 07 Jun 1999 17:06:27 tomstdenis wrote: > >> Does anyone know how to encode pictures in a .lsx format ? >> Bye. >> > >What program makes .LSX files? Maybe I could track something down for >you. BTW this may be off topic as algorithms normally do not specify >file name extensions. > >Tom >-- >PGP public keys. SPARE key is for daily work, WORK key is for >published work. The spare is at >'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at >'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first! > > >Sent via Deja.com http://www.deja.com/ >Share what you know. Learn what you don't. > > >> > --== Sent via Deja.com http://www.deja.com/ ==-- Share what you know. Learn what you don't. -- From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) Subject: Re: Slide Attack on Scott19u.zip Date: Sat, 12 Jun 1999 14:01:20 GMT In article <7jromi$7h3$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (David Wagner) wrote: >Nice observations. > >It seems to me your attack can be substantially improved. >The slide attack _does_ work, and it is very efficient. > >I conclude that Scott's cipher seems to be thoroughly broken. Yes you would conclude that it could be broken with a hand wave and yet I think your full of shit. You make that statement up here at the top of the paper and then go on to say you have never looked at the code or even bothered to test it out. I think that you have tested it and could not break it with your TOY attack. At least have the decency to run an attack on it. Instead of pulling statements that it is broken out of your ass with out even trying to test it. > >1. A too-pessimistic estimate. You state that, for a 38-bit block, you > need 2^37 known texts to get 2^18 slid pairs. I think this is too high. > The correct number should be sqrt(2 * 2^18 * 2^38) = 2^{28.5} known texts. > (Check: with 2^{28.5} texts, you get 2^{28.5}*(2^{28.5} - 1)/2 = 2^56 > pairs, so 2^56/2^38 = 2^18 of them should be slid pairs.) If anything he was looking at a reduced version. The smallest file the method can handle is 64 bits. But then you have never bothered to really look at that have you? > >2. A missed opportunity for optimization. If you can make chosen-plaintext > queries, the complexity can be substantially reduced. You can get 2^18 > slid pairs with about 2^{19.5} chosen plaintexts, if I am not mistaken. > See the slide attack paper for the technique (an adaptation of a neat > trick due to Eli Biham). > >3. Application to other block sizes. The chosen-plaintext attack applies to > any and all block sizes, with no increase in complexity. (In contrast, > the complexity of the known plaintext attack goes up with the square root > of the size of the blockspace, since it requires a birthday collision.) > >4. A mistake. You claim that the slide attack doesn't work because usually > different S-box entries are used in the first and last round (``no key > bits shared'', in your terminology). This is wrong. > In particular, you can detect a slid pair by the fact that the plaintexts > agree in all but 19 bits (except for a rotation), and similarly for the > ciphertexts. It doesn't matter that different S-box entries are used. Are you really that stupid. You have not shown this for the scoutt19u method. Again you shoot you mouth off because of your hatred for me. Again if this is true show it. Or do you like to make a practive of lying. > >I could be mistaken. You certainly understand the scott* algorithms >better than I do. But based on your comments to