Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #13 Mon, 12 Mar 01 00:13:01 EST Contents: Re: Text of Applied Cryptography .. do not feed the trolls ([EMAIL PROTECTED]) Re: The Foolish Dozen or so in This News Group (Benjamin Goldberg) Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis") Re: An extremely difficult (possibly original) cryptogram ("Ashish Kasturia") Re: Text of Applied Cryptography .. do not feed the trolls (Frodo) Straw man hash. (Benjamin Goldberg) Re: Semi-super-strong crypto? (Benjamin Goldberg) Re: Digital enveloppe ("Trevor L. Jackson, III") Re: ideas of D.Chaum about digital cash and whether tax offices are (John Christensen) Re: An extremely difficult (possibly original) cryptogram (those who know me have no need of my name) Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis") Re: RSA encryption on Windows -- C++ source code (those who know me have no need of my name) Re: [REQ] SHA-1 MD5 hashing software (those who know me have no need of my name) Re: = FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY) Re: Noninvertible encryption (SCOTT19U.ZIP_GUY) Re: arbitrary-precision arithmetic (Benjamin Goldberg) Re: = FBI easily cracks encryption ...? (Phil Zimmerman) RE: Anonymous web browsing (Phil Zimmerman) Re: Digital enveloppe ("Scott Fluhrer") From: [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,talk.politics.crypto Subject: Re: Text of Applied Cryptography .. do not feed the trolls Reply-To: * Date: Mon, 12 Mar 2001 02:13:36 GMT On Sun, 11 Mar 2001 19:52:08 -0500, "Ryan M. McConahy" [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, I was not asking for noise. I merely wanted an address. I knew that an electronic version was available. I am a teenager, and do not have much money, and would prefer it in an electronic version. Perhaps you might like this, too. http://www.umich.edu/~umich/fm-34-40-2/ Enjoy the crypto. I hope your fascination lasts your entire life. -- From: Benjamin Goldberg [EMAIL PROTECTED] Crossposted-To: alt.hacker Subject: Re: The Foolish Dozen or so in This News Group Date: Mon, 12 Mar 2001 02:18:56 GMT Anthony Stephen Szopa wrote: [snip] fclose that flushes all OS buffers associated with the stream. You would think this would be enough to force a write. How many times does this need to be pounded into your head? fclose flushes the C library buffers, not the OS buffers. [snip] That's ignoring the hdd buffers. The drive light goes on for a bus transfer of data to the drive, not for actual writing. I am not convinced this is so. The documentation says specifically "system-allocated" buffers are flushed. If you choose to be stupid about what fclose does, you're allowed to be. But how do you get off even thinking of the hdd buffers as "system allocated?" I mean, nothing in the OS /creates/ them... they're part of dedicated hardware, and the buffers are dedicated to that specific purpose. Unlike OS buffers, or C library buffers, where it's just arbitrary blocks of memory, which could be used for anything at all, until the Os or user program *allocates* them for use. So in no way can hdd buffers be considered "system allocated." Also... I'm curious as to what you believe the function close() does, as opposed to fclose(). Or what write() does as opposed to fwrite(), or open() as opposed to fopen(). Or what you think fflush() does and what reason you believe for there to not be any equivilant flush() function. -- The difference between theory and practice is that in theory, theory and practice are identical, but in practice, they are not. -- From: "Tom St Denis" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,talk.politics.crypto Subject: Re: Text of Applied Cryptography .. do not feed the trolls Date: Mon, 12 Mar 2001 02:24:40 GMT "Ryan M. McConahy" [EMAIL PROTECTED] wrote in message news:3aac1d41$0$62147$[EMAIL PROTECTED]... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, I was not asking for noise. I merely wanted an address. I knew that an electronic version was available. I am a teenager, and do not have much money, and would prefer it in an electronic version. Big deal? I got a job when I was 15 and bought my own copy. It's called the "real world". Tom -- From: "Ashish Kasturia" [EMAIL PROTECTED] Crossposted-To: rec.puzzles Subject: Re: An extremely difficult (possibly original) cryptogram Date: Sun, 11 Mar 2001 22:00:49 -0500 In general, postings of this type are frowned upon. why is that? (just a question) -ash -- Date: 12 Mar 2001 02:57:32 - Fr
Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #12 Sat, 7 Oct 00 22:13:01 EDT Contents: Re: i should have finished high school (Scott Craver) Re: Serial number scheme using DSA variant ("Lyalc") Re: NSA quote on AES (John Savard) Re: Rijndael (John Savard) Re: Why wasn't MARS chosen as AES? (John Savard) Re: NSA quote on AES (John Savard) Re: It's Rijndael (John Savard) Re: Pencil and paper cipher. (John Savard) Re: Could NSA help vigilance? (John Savard) Re: Looking Closely at Rijndael, the new AES (John Savard) Re: NSA quote on AES (John Savard) Re: It's Rijndael (John Savard) Re: My Theory... (John Savard) Re: NSA quote on AES (John Savard) Re: Rijndael Coverage Improved on Web Site (John Savard) Re: Why trust root CAs ? ("Lyalc") From: [EMAIL PROTECTED] (Scott Craver) Crossposted-To: sci.astro,sci.physics.relativity,sci.math Subject: Re: i should have finished high school Date: 8 Oct 2000 01:12:28 GMT Paul Lutus [EMAIL PROTECTED] wrote: The lighthouse effect is not an FTL effect. Not apparent, not real. Imagine the water coming out of a swinging hose. None of the water travels at greater than the basic stream velocity. It's the same with light. Right. This guy is basically suggesting that random-access of data happens at "faster than light" speeds if serial access of that same data requires faster-than-light travel. For instance, a terabyte stored on one roll of paper tape (quick, somebody start planting trees) would probably require FTL travel to shuttle to a random byte in less than 1 second. -S -- Paul Lutus www.arachnoid.com -- From: "Lyalc" [EMAIL PROTECTED] Subject: Re: Serial number scheme using DSA variant Date: Sun, 8 Oct 2000 12:28:56 +1000 Why don't you use the simple process used in ATMs and EFTPOS globally today? In essence, encrypt the data with a DES key in CBC, and keep only 32 bits from the last 8 bytes of result. Including the serial number on the encrypted data will help ensure uniqueness of the result to the serial number and the data. Change the key every message if you want, but for the criteria you've outlined, a single key may be sufficient. With RSA, DSA or DES (or anything else using crypto), there are identical key storage security issues. Lyal [EMAIL PROTECTED] wrote in message 8ro2fb$o4b$[EMAIL PROTECTED]... Hi! First of all thanks for your help regarding short signatures. After a while I came up with a scheme which could be the solution for my problem. I will sum up the requirements first so you can see for yourself if the scheme meets those criteria. This scheme will be used for secure serial numbers secure meaning that no one else is able to forge serial numbers i.e. serial numbers can only be given out by someone knowing the private key. Requirements: - serial numbers must be short (40 base32 characters at the most) - serial numbers can be verified in reasonable time in the software - no one should be able to generate serial numbers but me (Security equal to cracking DES is secure enough) - Only 16384 unique serial number required Scheme: I want to employ a DSA variant using only 128 bits for q instead of 160. The part of the signature for all possible messages (16384) which is not dependant on the message is deployed with the software (the r part in DSA). Therefore the application needs to store 16384*128 bits = 256 kbytes. The serial number will be delivered as unique serial number|signature (s part) thus taking up exactly 142 bits = 29 base-32 characters. On runtime this serial number Do you think this is secure? Any objections to this design? As I understand it I do not need to hash the unique serial number (otherwise I could use MD5 for example). Is this correct? Thanks for your help... kryps Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: NSA quote on AES Date: Sat, 07 Oct 2000 17:16:33 GMT On Sat, 7 Oct 2000 11:17:39 +0100, "Brian Gladman" [EMAIL PROTECTED] wrote, in part: "David Schwartz" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... When a statement appears to be carefully crafted, I assume it means exactly and only what it says. I disregard all implications. I think this is the correct way to read NSA statements. In principle I agree with this approach and I believe that it leads to a sensible conclusion in this case. Unfortunately, however, very few statements of any length in english are devoid of the need for interpretation of some kind so the approach does not always produce the right answer (if there ever is such a thing). Since it is seldom the practice of people to craft their st
Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #11 Sat, 27 May 00 02:13:01 EDT Contents: Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? ("Klaus Daehne") Re: safer style sboxes (zapzing) Re: Retail distributors of DES chips? (Paul Rubin) Re: Matrix key distribution? ("Michael Brown") Re: Retail distributors of DES chips? (Paul Rubin) looking for an 8-byte long output hashing function ("Jean-Luc") Re: Crypto patentability (Bill Unruh) Re: Q: appropriate number of key-uses before replacement? ("Lyalc") Enigma reflectors ("Thomas M. Sommers") Re: looking for an 8-byte long output hashing function (Boris Kazak) Short signatures (David Hopwood) Re: Q: OFB (David Hopwood) Short signatures (David Hopwood) Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? (Johnny Bravo) From: "Klaus Daehne" [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? Date: Fri, 26 May 2000 19:36:17 -0700 =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 Besides the fact that EE is crossposting and posting off topic, I wound up downloading their product before this debate started, and (so far) have nothing bad to say. Aureate, without any doubt, has been caught doing something incredibly sneaky and despicable (as do the shareware authors that subscribe to this crap). Unless I am missing something, the same cannot be said about EE, correct? If not, are they proven spyware, do they include spyware, or is it just their crossposting and public neener-ing that has everyone up in arms? I (used to) most of my wiping with bcwipe commands in batch files, which works very well, although I do appreciate the include/exclude management of EE. It also used to be a pain to locate (and remember) where OE keeps it's files, so locating this and other folders automatically is nice. And, I =did= learn something new: that Windows keeps a "hidden encrypted database in the system registry which remembers... information about what you have clicked on your start menu", even if you wiped the history itself. Intriguing. I wonder what else Windows is hiing. Oh yeah, and the help file is nice, too. Not only am I posting this non-anonymously, I am going to sign it, too, so there is at leat =some= content related to this ng :) At this point in time I am neutral on this debate, as I was with the Aureate debate. What I don't understand is, in both cases, the side in favor of the software company, claims that posts from anonymous posters are less valid than someone w/ a traceable e-mail address. To me, it makes no sense at all even though I am not posting anonymously. donoli. =BEGIN PGP SIGNATURE= Version: PGP Personal Privacy 6.5.2 iQA/AwUBOS80aPUjnALVMPh2EQIR9ACfc4j2gMBoZTMJ+H7BDtrCRbMr1wQAnRDn wZ/4ZMxOuguYExcRXcBcQqXn =oR9K =END PGP SIGNATURE= -- From: zapzing [EMAIL PROTECTED] Subject: Re: safer style sboxes Date: Sat, 27 May 2000 02:36:00 GMT In article [EMAIL PROTECTED], Jerry Coffin [EMAIL PROTECTED] wrote: In article 8gfjlh$ib5$[EMAIL PROTECTED], [EMAIL PROTECTED] says... In fairness, I think there's more than practicality at work here though: as Bruce Schneier has pointed out, it doesn't take much talent to design a cipher that's probably secure as long as you don't mind designing something that's slow, takes lots of memory, and so on. For most cryptologists, the challenge is in creating a cipher that uses the bare minimum of resources, but still makes optimal use of the key and provides as much security as possible for that key size. I think you have hit the nail on the head. Another word for it would be "Brinksmanship". Just why cryptologists do this is unclear. The universe is a figment of its own imagination. -- If you know about a retail source of inexpensive DES chips, please let me know, thanks. Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: Retail distributors of DES chips? Date: 27 May 2000 02:50:08 GMT In article 8gn72l$2vq$[EMAIL PROTECTED], zapzing [EMAIL PROTECTED] wrote: Yup. tamper resistance is the point. I can't find your stuff about "java buttons" but that doesn't mean much since deja has been so flakey lately. http://www.ibutton.com/java/ But how could something written in Java be considered a hardware solution? Is this a microprocessor application? Yes. The button has a secure microprocessor sealed inside, that runs a subset of Java. You write mini-applets and load them into the button. -- From: "Michael Brown" [EMAIL PROTECTED] Subject: Re: Matrix key d
Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #10 Sat, 8 Jan 00 11:13:00 EST Contents: Re: frequency analysis with homophones (Mok-Kong Shen) Re: I want to know if this works? (Mok-Kong Shen) Re: Intel 810 chipset Random Number Generator (Guy Macon) Re: AES3 Conference: deadline for papers *18*/01/2000 (David Crick) Re: OLD RLE TO NEW BIJECTIVE RLE (John Savard) Re: Truly random bistream (Michael) modifiec game of life encryption, to be analyzed ([EMAIL PROTECTED]) Re: Questions about message digest functions (Tim Tyler) Re: OLD RLE TO NEW BIJECTIVE RLE (Tim Tyler) Re: is signing a signature with RSA risky? (Tim Tyler) Re: Followup: Help Needed For Science Research Project (Paul Crowley) Re: is signing a signature with RSA risky? (Tim Tyler) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: frequency analysis with homophones Date: Sat, 08 Jan 2000 12:59:20 +0100 r.e.s. wrote: : The fundamental problem I can see is the non-reversibility of : implication. That is, if one uses J homophones for each plaintext : character, then one has the frequency distribution you obtained. : But the implication in the reverse direction is not logically sound. : (Equivalence has to be proved in logic.) The fundamental problem, I'm afraid, is that you're looking at what the data does or does not "logically imply", while the issue is one of plausible inference in the presence of uncertainty -- not one of strict logical implication. That is why the problem is posed as a statistical one in the first place. Unfortunately, in cryptanalysis, as far as I am aware, one often needs quite a lot of guesswork/speculations/intuitions as well as good luck. Rational mathematical arguments alone frequently don't help one very far. In my humble opinion (from what I have sofar understood from your description) the 'statistical significance' of the sort that you found is of such 'uncertainty' (on the scale of my personal 'subjective' measure) that I wouldn't start put much energy straightaway in following the direction 'indicated' by the computing results. (I consider namely that the result being a 'chance coincidence' to be pretty high.) Well, this is just my personal standpoint, probably biased due to my poor knowledge and experiences. You and others may well have the very opposite standpoint. Obviously, however, this is analogous to a question of tastes and couldn't be settled by mathematics or such. For else a follow-up of someone would have already put an immediate end to that issue. Nobody knows the exact distribution, nor does the statistical approach attempt to "deduce" exact results. The problem is one of plausible *induction*, not deduction. Right. But exactly here lies the source of difficulty. What is plausible to me is not necessarily plausible to you and vice versa. Look into what the AI people work on induction and fuzzy reasoning. They haven't yet gone very far in my humble view. Anyway, their current tools wouldn't help you much in the present case in my conviction. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: I want to know if this works? Date: Sat, 08 Jan 2000 13:09:03 +0100 Jeff Lockwood wrote: /*** rat data stream scrambler: try it out. It is always preferable to let other people discuss your design principles/rationales rather than discuss your C-codes or even actually run the codes, if you really intend to know if what you designed works. M. K. Shen -- From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Intel 810 chipset Random Number Generator Date: 08 Jan 2000 07:36:24 EST http://developer.intel.com/design/chipsets/rng/docs.htm http://developer.intel.com/design/chipsets/datashts/290658.htm http://www.intel.com.ec/design/chipsets/rng/faq.htm http://www.rsasecurity.com/products/bsafe/intel/ http://www.rsasecurity.com/products/bsafe/intel/rsa_rng_nontech.pdf http://www.rsasecurity.com/products/bsafe/intel/rsa_rng_tech.pdf -- From: David Crick [EMAIL PROTECTED] Subject: Re: AES3 Conference: deadline for papers *18*/01/2000 Date: Sat, 08 Jan 2000 12:43:12 + David Crick wrote: A reminder: "Paper submission deadline: January 15, 2000" See: http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm and http://csrc.nist.gov/encryption/aes/round2/conf3/aes3cfp.htm and http://csrc.nist.gov/encryption/aes/aes_home.htm from the third link above: "Due to a Federal Government holiday on Monday, January 17, paper submissions for AES3 may be submitted to NIST up until 9:00 am Eastern Standard Time on Tuesday, January 18." -- +---+ | David Crick [EMAIL PROTECTED] http://members.tripod.com/v
Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #8Fri, 8 Jan 99 22:13:03 EST Contents: Re: OCX/DLL wanted ("Morten H. Nielsen") example with concrete numbers of blind signature (sos) Re: Factoring ("Yves Gallot") Re: On the Generation of Pseudo-OTP (wtshaw) Re: RSA question ([EMAIL PROTECTED]) Re: On the Generation of Pseudo-OTP (Paul L. Allen) A method on finding the cheater in sharing scheme. (xlzhu) Re: ScramDisk - password size - high ASCII (wtshaw) Re: Triple DES with CBC (DJohn37050) Attention: This is an encoded message? (EvanPic) Re: On leaving the 56-bit key length limitation ([EMAIL PROTECTED]) Triple DES with CBC ("Steven H. McCown") Re: Learn Encryption Techniques with BASIC and C++ (CryptoBook) Re: RSA-Modulus decomposition (Robert I. Eachus) Re: On leaving the 56-bit key length limitation (wtshaw) From: "Morten H. Nielsen" [EMAIL PROTECTED] Subject: Re: OCX/DLL wanted Date: Fri, 8 Jan 1999 22:23:17 +0100 Try this link One of the BEST http://sevillaonline.com/ActiveX/ Jonas Westberg skrev i meddelelsen 774vgh$c8v$[EMAIL PROTECTED]... Please let me know if you know of any Components that can be used in Visual Basic applications (OCX/DLL). - Public Key Algorithm (RSA key generation, encryption and signing) - Secret Key Algorithm (free block- or fiestelchipher like CAST) Thanks Jonas Westberg [EMAIL PROTECTED] -- From: sos [EMAIL PROTECTED] Subject: example with concrete numbers of blind signature Date: Fri, 08 Jan 1999 23:25:25 +0100 For a small treatise I am looking for an example with concrete numbers of blind signature. I think I understand all the formulas, but I can not achieve a reasonable results. All publications I found only give some hints how it works and what the formulas are. Maybe there you can give me an internet location that can help me. Please mail me directly. Soeren Schmidt -- From: "Yves Gallot" [EMAIL PROTECTED] Crossposted-To: sci.math Subject: Re: Factoring Date: Sat, 9 Jan 1999 00:19:18 +0100 Thank you very much for your excellent program! Yves -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: On the Generation of Pseudo-OTP Date: Fri, 08 Jan 1999 16:32:11 -0600 In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: However the context of my proposal is that one can only get 56-bit cryptos (and very likely only software). So I think that even a not so good approximation of an OTP helps to a certain degree, for it can be used in conjunction with a 56-bit crypto software and enhance its strength. We have to collect all useful things and combine them, so that those who can only get 56-bit cryptos (those outside of the 33 countries) can still obtain adequate security in their communications. All it takes is a little creative chaining to even if single algorithms are 56 bit cryptos. Consider what intermediate steps might be needed to strip away headers that anounce what algorithm was used. The fact being that it is not easy to determine that a 56 bit limit was surpassed or wasn't, except that the hall-monitor might be upset that their techniques of retreving plaintext did not work. No, a 56 bit limit does not do much in itself, which is the point. Look next for severe restrictions for using only very few algorithms. -- If government can make someone answer a question as they want him to, they can make him lie, then, punish him for not telling the truth. Such an outrage constitutes entrapment. -- From: [EMAIL PROTECTED] Subject: Re: RSA question Date: Fri, 08 Jan 1999 21:56:35 GMT The security of RSA is conjectured to be based upon the Integer Factorization Problem (IFP), but this link has never been proved. Recently, a paper “Breaking RSA may not be equivalent to factoring” by D.Boneh R.Venkatesan published in Eurocrypt '98 shows some classes of the RSAP which are not equivalent to the underlying IFP. It _may_ be possible to break RSA without factoring... Sam Simpson Comms Analyst -- http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption Delphi Crypto Components. PGP Keys available at the same site. In article 9DB141BB95ACD978.552D4BEF2C5C8648.1961F2B1F78F3098@library- proxy.airnews.net, Rx Video [EMAIL PROTECTED] wrote: Hello, I've recently read through the theory on RSA algorithm. I just wanted to make sure if the factorization of the N (modulus) number is the keystone of its security ? p*q=N - I have not tried to compute all the possible values for p and q with known N, but the approach to find those values would be to divide N by i, with i increasing with every step (or changing i to the next prime number), until one of p or q is found. I do not know how difficult that task is for