Cryptography-Digest Digest #990
Cryptography-Digest Digest #990, Volume #13 Sat, 24 Mar 01 17:13:00 EST Contents: Re: decryprtion help please? (Mok-Kong Shen) Re: Fast and Easy crypt send (amateur) Re: Hello (Mok-Kong Shen) Re: Crack it! (amateur) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (SCOTT19U.ZIP_GUY) Re: on-card key generation for smart card (Chenghuai Lu) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bill Unruh) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Tom McCune) Re: on-card key generation for smart card (Paul Rubin) Re: on-card key generation for smart card (Paul Rubin) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be (David Ross) Re: Hello (Frank Gerlach) Re: Valid condition for multiplicative generator? (Frank Gerlach) Re: Hello (Frank Gerlach) Re: Valid condition for multiplicative generator? (Frank Gerlach) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be (Tom McCune) Operations for the DES (William Hugh Murray) Keyloging (Peter Engehausen) Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Free-man) Re: Operations for the DES (Paul Rubin) Re: One-time Pad really unbreakable? (Benjamin Goldberg) Re: Valid condition for multiplicative generator? (Steve Portly) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: decryprtion help please? Date: Sat, 24 Mar 2001 20:09:26 +0100 rh wrote: A buddy had asked me yesterday, if it would be possible to migrate all of our pins from the current main system to the new test pin vault. We have no decryption utility that could do this. Below I have included some clear text pins and then the encrypted version that is located in the SQL database.I do know that the clear text pins "are encrypted with themselves." If it is a legal migration, your SQL manufacturer should certainly be able to help you, if difficulties arise. Otherwise, resist being persuaded by someone to find out how to eventually break the protection of your own system. M. K. Shen -- From: amateur [EMAIL PROTECTED] Subject: Re: Fast and Easy crypt send Date: Sat, 24 Mar 2001 14:10:59 -0400 There is 2 cases : 1. You did not understand what I wrote. 2. You read it, you understand it and you are trying (because I did not use "high-level technical language") just to show me that you are pro. I think it's the first case. My idea is nothing more than a version of OTP with the use and reuse of a short key. Case even and odd 0= 0 or 2 or 4 or 6 or 8 1= 1 or 3 or 5 or 7 or 9 For every bit I have 5 possible encryption. For 2 bits 5^2 For n bits 5^n. You have n bits in plain text. 5^n in encryption space. You can use use known plain text attack because every plain text give billions of billions of possibilities. You can't use differential cryptanalysis because the encryption is not a bijection. So what could you use? In OTP system you have for every two possibilties and you don't have "avalanche effect at left " that you have in additive or substractive operation. I have for every bit 5 possibilities in the case of even and odd. I add or substract using a single function M= a + k. You seems to forget the effect of addition operation. If I use just a matrice of keys-values as secret key combined a complex relation between those keys (polynomial function with n4), how could you solve it? Joseph Ashwood wrote: Your sequence is not random, almost all of the randomness disappeared immediately when you eliminated the outer key (which I assume we both agree happened). From there the only randomness left is the randomness in the original sequences, which had very little discernable randomness, so they can be pulled apart with a minor amount of difficulty. The first thing you need to realize is that the text you're encrypting is far from random, it has strong order, bias, etc. English is a good example, English text has between 1 and 2 bits of entropy per character (depending on several factors), this is quite a distance from the 8 bits that are used per character in ASCI, and further from the 16 and 32 bits that are used in various Unicodes. I still say that the place you need to start is in reading a book on cryptography. Joe "amateur" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I'm still not convinced. I do not have to know cryptography to undertstand that a RANDOM sequence is non information at all. My encrypted text is RANDOM serie. How could you exploit random sequence??? Joseph Ashwood wrote: Honestly, I have explained it, I'm not going to explain it any more, read the sci.crypt FAQ, read a book on cryptography, if you still don't get it, then just
Cryptography-Digest Digest #990
Cryptography-Digest Digest #990, Volume #12 Mon, 23 Oct 00 21:13:01 EDT Contents: Re: xor algorithm ([EMAIL PROTECTED]) A naive question (Mok-Kong Shen) Re: How to post absolutely anything on the Internet anonymously (Tim Tyler) Timestamping ("Kevin Crosbie") Re: Timestamping (David Schwartz) Re: Why trust root CAs ? ("Lyalc") Re: byte != octet [was: Re: Rijndael implementations ] (Mok-Kong Shen) Re: A naive question (John Savard) Re: new to data encryption please help (John Savard) Re: Why trust root CAs ? (Anne Lynn Wheeler) Re: Why trust root CAs ? (Anne Lynn Wheeler) Re: Why trust root CAs ? (Anne Lynn Wheeler) Re: Hypercube/FFT encryption (Terry Ritter) Re: Why trust root CAs ? (Anne Lynn Wheeler) Re: On block encryption processing with intermediate permutations (Bryan Olson) Re: A new paper claiming P=NP (Matt Kennel) From: [EMAIL PROTECTED] Subject: Re: xor algorithm Date: 23 Oct 2000 22:10:35 GMT In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Sundial Services) wrote: Certainly any stream-cipher worth its salt must be tested to be sure that, if it -is- run backward, it will not be more vulnerable to analysis than when it is run "the right way." For instance a class of weak keys that can be determined by running RC4 backwards until the initial table setting is found? Keith http://www.cix.co.uk/~klockstone 'Unwise a grave for Arthur' -- The Black Book of Carmarthen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: A naive question Date: Tue, 24 Oct 2000 00:25:15 +0200 Is there anything wrong with the following? Let there be a master key Q. To send message blocks P with a sufficiently strong algorithm E, we pick a random number R, obtain K = E(Q,R) and send R and blocks E(K,P) to the recipient. Thanks. M. K. Shen -- Crossposted-To: talk.politics.crypto,alt.freespeech From: Tim Tyler [EMAIL PROTECTED] Subject: Re: How to post absolutely anything on the Internet anonymously Reply-To: [EMAIL PROTECTED] Date: Mon, 23 Oct 2000 22:12:30 GMT In sci.crypt Anthony Stephen Szopa [EMAIL PROTECTED] wrote: : Tim Tyler wrote: : They could just make running Publis illegal. There will have to be some : ofther compelling use for - it besides cocking a snook at the government - : to prevent this strategy from being applied. I know what that "compelling use will be": it will be distributing paedophile material and child pornography in a manner that evades prosecution. Obviously such unamerican activities should not be permitted. : Anonymity and privacy seem destined to go the way of the Dodo. When the : government's nano-scale spy robots are everywhere, escaping from their : view long enough to do anything in private will be very, very difficult. : Then you accept the total destruction of the US Constitution and our : way of life? I don't see how much in the way of privacy can continue. Perhaps if a "benevolent" government closes its eyes to the activities of its citizens. I can't see why any government would do that, though - it goes beyond benevolence into stupidity, IMO. -- __ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED] |im |yler The Mandala Centre http://mandala.co.uk/ ILOVEYOU. -- From: "Kevin Crosbie" [EMAIL PROTECTED] Subject: Timestamping Date: 23 Oct 2000 22:58:18 GMT Hi all, I am writing a program to sign some data, and I wanted to add a timestamp to this. I figure that I just hash the signed data that I have, and send that off to a notary service, they attach their signature and public key, and sent it back, allowing me to verify that it was timestamped at that time. Does anyone know of a good free service which does that, or if not, some service which does that for a fee. Thanks a million, Kevin -- From: David Schwartz [EMAIL PROTECTED] Subject: Re: Timestamping Date: Mon, 23 Oct 2000 16:05:20 -0700 Kevin Crosbie wrote: Hi all, I am writing a program to sign some data, and I wanted to add a timestamp to this. I figure that I just hash the signed data that I have, and send that off to a notary service, they attach their signature and public key, and sent it back, allowing me to verify that it was timestamped at that time. Does anyone know of a good free service which does that, or if not, some service which does that for a fee. Verisign has a timestamp server that's freely available. The protocol for using it is one of the PKIX standards, but it's a PITA. I don't know of any libraries to make this easier. DS -- From: "Lyalc" [EMAIL PROTECTED] Subject: Re: Why trust root CAs ? Date: Tue, 24 Oct 2000 10:15:21 +1000 The lesson to
Cryptography-Digest Digest #990
Cryptography-Digest Digest #990, Volume #11 Fri, 9 Jun 00 16:13:01 EDT Contents: Re: PK analogue for passwords ([EMAIL PROTECTED]) Re: My lastest paper on Block Ciphers (Runu Knips) Re: How did Mr. Schneier calcuate this figure? (John Myre) Re: Extending the size of polyalphabetic substitution tables ([EMAIL PROTECTED]) Re: Multiple encryptions (James Felling) Re: Random IV Generation (David A. Wagner) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (David Swarbrick) Re: Thoughts on an encryption protocol? (John Myre) Double Encryption Illegal? (Crypto-Boy) encoding of passwords ("Wouter") Re: Random IV Generation (John Myre) Re: help for rc5 cryptanalysis (James Felling) Re: Random IV Generation (David A. Wagner) Re: My lastest paper on Block Ciphers (Simon Johnson) Re: randomness tests ("John Feth") Re: encoding of passwords (Custer) Re: encoding of passwords (Custer) Re: OT: Starmath font (tomstd) Re: My lastest paper on Block Ciphers (tomstd) Re: My lastest paper on Block Ciphers (tomstd) Re: My lastest paper on Block Ciphers (tomstd) Re: Encoding 56 bit data ---HELP--- (tomstd) Updated: Evidence Eliminator Dis-Information Center (Includes info on false SPAM accusations) (EE Support) From: [EMAIL PROTECTED] Crossposted-To: comp.security.misc Subject: Re: PK analogue for passwords Date: Fri, 09 Jun 2000 16:57:03 GMT [sigh. sorry for formatting. I am too lazy to fix it today.] In article [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: In article 8hoq4f$cuo$[EMAIL PROTECTED], wrote: if one is using twonz to keep their financialinstitution.com password secret, they would enter their pad in one text field, and financialinstition.com in the second text field, and the program would run the inputs through a hash function (probably md5 since it is widely available on free unices) and then base64 encode the result, so one could type the whole thing without too much effort. :) That sounds like a variation on the RFC1938 OTP scheme (perhaps it IS RFC1938, if we don't take "base64 encode" literally). I've seen a couple of implementations for that, but never heard of anyone actually using it before. Well, the twonz program does indeed base64. The program is GPL, so what the heck, lets post it! ;) This points out though that I was wrong -- SHA-1 instead of md5. :) I think the substitutions at the end remove spaces, newlines, etc, and truncates the result to 8 chars. It looks trivial to get more characters out of it, but since it is SHA-1, the max is probably around 22 characters. (Although the inputs to the system are probably less than 22 bytes of entropy!) I found it here: http://www.interlog.com/~gray/twonz/twonz #!/usr/bin/perl # # twonz is copyright (C) 1999 Vengeance Software # released under the terms of the GNU GPL v2.0+ # written by Graydon Hoare [EMAIL PROTECTED] # use Tk; use SHA; use MIME::Base64; my $main = new MainWindow; my $context = new SHA; $hashval = ''; $padval = ''; $literalval = ''; my $pe = $main-Entry( show = '*', width = 25 , relief = 'sunken', textvariable = \$padval); my $le = $main-Entry( width = 25 , relief= 'sunken', textvariable = \$literalval); my $he = $main-Entry( width = 25, state = 'disabled' , relief= 'groove', textvariable = \$hashval); $pe-pack(anchor="w"); $le-pack(anchor="w"); $he-pack(anchor="w"); $main-bind('KeyPress', \digest); MainLoop; sub digest { $context-reset(); $context-add($padval); $context-add($literalval); $hashval = encode_base64($context-digest()); $hashval =~ s/\W//g; $hashval =~ s/(\w{8}).*/$1/g; } Sent via Deja.com http://www.deja.com/ Before you buy. -- Date: Fri, 09 Jun 2000 19:08:08 +0200 From: Runu Knips [EMAIL PROTECTED] Subject: Re: My lastest paper on Block Ciphers Simon Johnson wrote: Well, rather than moaning about trival portibility issues, i downloaded word view from softseek.com. Useless. I've Word97 anyway here at work. And the font doesn't work :-( -- From: John Myre [EMAIL PROTECTED] Subject: Re: How did Mr. Schneier calcuate this figure? Date: Fri, 09 Jun 2000 11:09:37 -0600 (In reference to IDEA,) Jeff Moser wrote: On page 323 of Applied Cryptography 2nd Edition, 3/4 of the way down the page. Schneier explains that weak keys are (in hex) , , 0x00, , , 000x, , x000 To me, this seems like a total of up to 28 bits (7 * 4). Therefore, the likelihood of getting one seems to be 2^28/2^128 = 1/2^100, however the books says 1 in 2^96. Could somehow tell me where I'm making a mistake? Joan Daemen's paper on IDEA's weak keys actually gives examples of several classes of weak keys. So I think the above pattern is only one kind of weak key. Indeed, Schneier says "For example, a weak key is" the patte
Cryptography-Digest Digest #990
Cryptography-Digest Digest #990, Volume #9Thu, 5 Aug 99 11:13:02 EDT Contents: Re: OTP export controlled? (Bo Dömstedt) Re: Is breaking RSA NP-Complete ? (Safuat Hamdy) Will someone please flame me??? (Michelle Davis) Re: Looking for GSM Authentication Algorithm A3 ("Lassi Hippeläinen") Re: What is "the best" file cryptography program out there? (wtshaw) Re: With all the talk about random... (Shawn Willden) Re: where to start? (Michelle Davis) Re: Microsoft Word 97 (pwrecover) Re: How to keep crypto DLLs Secure? (Jim Felling) Re: Good generators and primes for Diffie Hellman (DJohn37050) Re: Construction of permutation matrix (Mok-Kong Shen) Re: What is "the best" file cryptography program out there? (KidMo84) Re: Construction of permutation matrix (Mok-Kong Shen) Re: Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED]) Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED]) Re: What is "the best" file cryptography program out there? (KidMo84) Re: Will someone please flame me??? (SCOTT19U.ZIP_GUY) Re: Is the output of 3DES really pseudorandom??? (fungus) Re: Americans abroad/Encryption rules? (JPeschel) From: [EMAIL PROTECTED] (Bo Dömstedt) Crossposted-To: talk.politics.crypto Subject: Re: OTP export controlled? Reply-To: [EMAIL PROTECTED] Date: Thu, 05 Aug 1999 11:36:16 GMT W.G. Unruh wrote: The purpose of all export reguations is to prevent US citizens from supplying things to foreigners. It says nothing anywhere that it is to prevent the foreigners for doing things themselves. Precisely! We other people, us foreigners, can manage to run an OTP without the U.S., http://www.protego.se/sg100_en.htm ...we hold an unrestricted export license for the above product! According to Swedish law of commerce, we cannot refuse to sell, based upon some opinion of the customer (or the country where he lives). The stated or unstated purpose is not to keep it out of the hands of citizensi, although it is clear that there are some who would love to do that. The OTP system, as compared to DES/IDEA/skipjack/AES candidates, that cannot have any internal weakness, that could be exploited, would surly not be appreciated by the tree-letter-agency-people. Bo Dömstedt Chief Cryptographer Protego Information AB Malmoe,Sweden -- From: Safuat Hamdy [EMAIL PROTECTED] Subject: Re: Is breaking RSA NP-Complete ? Date: 05 Aug 1999 12:54:56 +0200 Nicol So [EMAIL PROTECTED] writes: I have seen different definitions of NP-Hard. The definition I prefer is: A problem is NP-Hard if it is polynomial time reducible (in the sense of Karp reducibility) to the hardest problem in NP. My impression (derived from a possibly too small set of samples) was that nowadays most people agree that NP-hardness is about Turing-reductions ... isn't that also the definition that Garey Johnson seem to prefer? I could be wrong, but my impression is that people these days prefer (polynomial-time) many-one reduction to (polynomial-time) Turing reduction when dealing with NP-completeness. Do people have a different preference when dealing with NP-hardness? Since complexity theory was one of my main subjects, I claim to have some knowledge about the terms used here. For reference I prefer Baclazar, Diaz, Gabarro, Structural Comlexity, 2nd ed, 1994. This is much more up to date than most other books like Garey, Johnson or Hopcroft, Ullman. Some clarifications: Let C be any complexity class 1. C-hard and C-complete by default refers to poly-time many-one reduction, whenever C is above P, while for P and NLOG (and all other classes above LOG) it refers to log-space many-one reduction. For two sets A and B we write A = B, whenever A is many-one reducible to B. Note also, "reducible" means by default poly-time many-one reducible. 2. When we really want to speak about Turing reducibility, we say C-T-hard and C-T-complete (of course, in certain contexts where there is no ambiguity, we can abbreviate this). For two sets A and B we write A =_T B, whenever A is Turing reducible to B. Note that Turing reducibility usually refers to poly-time Turing reducibility. 3. Def: Some set A C-(T-)hard if and only if any set B from C is (Turing-)reducible to A. Moreover, if A itself is in C, then A is C-(T-)complete. These are the modern definitions for hard and complete, everything else is fuzz from the past. 4. To remove any doubts: Def: Let A and B be sets over some alphabet S. A is poly-time many-one reducible to B, if and only if there exists a deterministic poly-time computable function f such that for any x from S^*, x is in A if and only if f(x) is in B; similar for space-bounded many-one reducibility, although here f additionally must n