Cryptography-Digest Digest #559, Volume #9 Tue, 18 May 99 08:13:03 EDT
Contents:
Fractal encryption ("Lysergide")
breaking xor encryption? ("Spiffy")
Encryption starting ("Hai Huang")
symmetric boolean functions (Hankel O'Fung)
Re: RSA-modulus binary decomposition ("Ulrich Kuehn")
Re: RSA Chips (Vin McLellan)
Re: RSA Chips (Vin McLellan)
Re: RSA-modulus binary decomposition (Thomas Pornin)
Re: Encryption starting ("Jonas Krantz")
Re: Scramdisk/Norton query ([EMAIL PROTECTED])
Re: Can Somebody Verify My DES execution? (Goi Bok Min)
Re: Toy Function (post didn't work) ([EMAIL PROTECTED])
Re: Mandlebrot transform (Christof Donat)
where can i find a frequency list? (Pete)
Password hashing in different OSs (Sacha Brostoff)
prime numbers and the multplicative inverse ([EMAIL PROTECTED])
Re: Can Somebody Verify My DES execution? (Thomas Pornin)
Re: Can Somebody Verify My DES execution? ([EMAIL PROTECTED])
Re: Crypto export limits ruled unconstitutional (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Lysergide" <[EMAIL PROTECTED]>
Subject: Fractal encryption
Date: Tue, 18 May 1999 01:54:41 GMT
i have been searching the www and newsgroups for technical
information/papers/methods etc about fractal encryption and ways of
making an excryption algorithm from fractal formulae, can anyone help
me out with some information/papers etc on fractal encryption, or any
urls that anyone may know of. (as i cant seem to find any that are of
any benefit, and have been looking for over 3 months!)
thankyou :)
Lysergide
--
Posted via Talkway - http://www.talkway.com
Exchange ideas on practically anything (tm).
------------------------------
From: "Spiffy" <[EMAIL PROTECTED]>
Subject: breaking xor encryption?
Date: Mon, 17 May 1999 19:11:37 -0700
Hi
How does one break the simple xor encryption program? I'm trying to convince
my friend that des and other algorithms are not "crap" because a very long
key for an xor program is not secure at all. I looked in Applied
Cryptography and saw that "counting coincidences" and shifting by the key
and xoring allows you to decrypt it easily. Can somebody clarify that
procedure because I didn't really get what his explanation of that (hey, i'm
in high school :).
What if the person compresses the plaintext and get a real random key? Any
other disadvantages that I missed? I guess it would be like one time pad,
but even if the key were half the length of the message (or any other
fraction), how safe would it be? Could someone easily crack it if it the key
is 25k (or larger) on a 100k file? (or any other examples with different
numbers?) By the way, what are the main implementation/protocol mistakes
that people make that cause des and other strong algorithms to be insecure?
thanks for the help
--Spiffy
------------------------------
From: "Hai Huang" <[EMAIL PROTECTED]>
Subject: Encryption starting
Date: Tue, 18 May 1999 00:09:03 -0700
I am relatively new in encryption, and I'm looking for a good start to
medium level encryption book just to get me a good start. I know the basic
concept such as stream ciphering and block ciphering, but I need more in
depth detail. Anyone have any good suggestions? Thank you very much.
------------------------------
From: Hankel O'Fung <[EMAIL PROTECTED]>
Crossposted-To:
sci.chem,sci.econ,sci.image.processing,sci.electronics.design,sci.physics,sci.physics.fluid-dynamics,sci.math
Subject: symmetric boolean functions
Date: Tue, 18 May 1999 14:44:03 -0700
Dear all,
Sorry for crossposting, but I wish to hear suggestions from
a wider audience basis.
Does anybody know what are the applications of symmetric
boolean functions and shift-invariant boolean functions of
n (>=3) boolean variables?
Here, a function f: {0,1}^n --> {0,1} or f: {0,1}^n --> (0,1)
is called symmetric if f(x1, ..., xn) = f(sigma(x1), ..., sigma(xn))
for any permutation sigma, and is called shift-invariant if
f(x1, x2, ..., xn) = f(x2, x3, ..., x1) = ... = f(xn, x1, x2, ...,
x_{n-1}).
I am particularly interested in any applications of these functions
with n>=3. Thanks in advance.
Regards, Hankel
------------------------------
From: "Ulrich Kuehn" <[EMAIL PROTECTED]>
Subject: Re: RSA-modulus binary decomposition
Date: 14 May 1999 14:45:55 +0200
[EMAIL PROTECTED] writes:
>
> Let m=37=5*B be an RSA modulus. Factors 5 and B (11 dec.) should be
> found.
> In binary form it looks as 37=110111, 5=0101, B=1011. The factors we
> note in binary form as a(3)a(2)a(1)a(0) and b(3)b(2)b(1)b(0). At this
> moment
> we know that
[other stuff deleted]
You might want to check your math again. 37 is prime, so it cannot
equal 5*11, which is 55.
Ulrich
------------------------------
From: Vin McLellan <[EMAIL PROTECTED]>
Reply-To: The, Prtivacy, Guild
Subject: Re: RSA Chips
Date: Tue, 18 May 1999 04:17:37 -0300
For information on smart card RSA chips (as opposed to
general-purpose VLSI implementations), you will definitely want to
review "Smart Card Crypto-Coprocessors for Public-Key Cryptography" by
Michael J. Weiner of Entrust.
See the volume 4, number 1, 1998 edition of RSA Laboratories'
CryptoBytes at:
http://www.rsa.com/rsalabs/pubs/cryptobytes/html/article_index.html
Sorry I didn't see your query earlier.
Surete,
_Vin
Oliver Hauck wrote:
>
> Hi all,
>
> I would like to learn about the present state of the art in dedicated
> single-chip VLSI implementations of RSA, specifically: throughput,
> latency, and energy requirements.
>
> Has RSA been implemented on a wireless (inductance powered) crypto
> chipcard yet?
>
> Any infos/pointers are appreciated.
>
> ThanX, Oli
>
> --
> ________________________________________________________________________
>
> Oliver Hauck
> [EMAIL PROTECTED] phone: +49 6151 16-3983
> http://www.vlsi.informatik.tu-darmstadt.de/oli fax: -4810
> Darmstadt University of Technology Departments of CS and EE
> Alexanderstrasse 10 Integrated Circuits and Systems Lab
> 64283 Darmstadt Germany
> ________________________________________________________________________
--
========
"Cryptography is like literacy in the Dark Ages. Infinitely potent,
for good and ill... yet basically an intellectual construct, an idea,
which by its nature will resist efforts to restrict it to bureaucrats
and others who deem only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin McLellan + The Privacy Guild + <[EMAIL PROTECTED]> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
------------------------------
From: Vin McLellan <[EMAIL PROTECTED]>
Reply-To: The, Prtivacy, Guild
Subject: Re: RSA Chips
Date: Tue, 18 May 1999 04:50:52 -0300
For information on smart card RSA chips (as opposed to
general-purpose VLSI implementations), you will want to check out
"Smart Card Crypto-Coprocessors for Public-Key Cryptography" by
Helenea Handschuh and Pascal Paillier (Genplus and ENST)in the Summer
'98 (v.4, no.1)edition of "CryptoBytes" from RSA Labs.
That was CryptoBytes that carried both Michael J. Wiener's kick ass
article comparing the performance of different public key
cryptosystems, and Ron Rivest's famous "Chaffing and Winnowing" essay.
See:
http://www.rsa.com/rsalabs/pubs/cryptobytes/html/article_index.html
Sorry, btw, for the bad citation sent earlier by e-mail. Poor
coordination of fingers and mind.
Suerte,
_Vin
Oliver Hauck wrote:
> I would like to learn about the present state of the art in dedicated
> single-chip VLSI implementations of RSA, specifically: throughput,
> latency, and energy requirements.
>
> Has RSA been implemented on a wireless (inductance powered) crypto
> chipcard yet?
>
> Any infos/pointers are appreciated.
>
> ThanX, Oli
>
> --
> ________________________________________________________________________
>
> Oliver Hauck
> [EMAIL PROTECTED] phone: +49 6151 16-3983
> http://www.vlsi.informatik.tu-darmstadt.de/oli fax: -4810
> Darmstadt University of Technology Departments of CS and EE
> Alexanderstrasse 10 Integrated Circuits and Systems Lab
> 64283 Darmstadt Germany
> ________________________________________________________________________
--
========
"Cryptography is like literacy in the Dark Ages. Infinitely potent,
for good and ill... yet basically an intellectual construct, an idea,
which by its nature will resist efforts to restrict it to bureaucrats
and others who deem only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin McLellan + The Privacy Guild + <[EMAIL PROTECTED]> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: RSA-modulus binary decomposition
Date: 14 May 1999 12:43:56 GMT
According to <[EMAIL PROTECTED]>:
> I suppose that in each case the logically consistence of the
> transformed system can be checked.
Just try.
You are not the first one to think about this approach (I would say:
everybody who thought about factorisation thought about this). The whole
difficulty is in this check. What you describe is essentially easy and
well-known.
--Thomas Pornin
------------------------------
From: "Jonas Krantz" <[EMAIL PROTECTED]>
Subject: Re: Encryption starting
Date: Tue, 18 May 1999 11:12:18 +0200
Check out the "Handbook of Applied Cryptography".
http://cacr.math.uwaterloo.ca/hac/about/
Not all of the chapters can be downloaded, but you could always buy it if
you like it.
Jonas Krantz
>I am relatively new in encryption, and I'm looking for a good start to
>medium level encryption book just to get me a good start. I know the basic
>concept such as stream ciphering and block ciphering, but I need more in
>depth detail. Anyone have any good suggestions? Thank you very much.
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Scramdisk/Norton query
Date: Tue, 18 May 1999 09:12:12 GMT
Go to your dos prompt.
c:
cd c:\recycled
dir
Do you see any files of those sizes?
Mount your encrypted drive (Let's call it N)
n:
cd n:\recycled
dir
Do you see any files of those sizes?
Maybe you aren't missing any space and Norton just doesn't know they are
gone, and it stores the information somewhere else.
I'm not sure what you did exactly nor where those files "appear".
It could be that Norton tries to read encrypted stuff and gets confused.
Link.
In article <E3I%2.6769$[EMAIL PROTECTED]>,
"N" <[EMAIL PROTECTED]> wrote:
> Hey!
>
> I thought my original thread had died!
>
> I seem to have three SVL files appearing randomly -
> 00007337.svl (19.0K)
> 00000011.svl (1Mb)
> 00000055.svl (200Mb)
>
> and try as I might, I just can't rid myself of them! They are all
deleted
> by "(unknown)" and all had
> C:\Recycled\Nprotect as their original location.
>
> I don't think it's Norton at fault, but it is peculiar that Norton
seems to
> deem the phantom files as having resided in the protected recycle bin
> *prior* to deletion! Strange, eh?!
>
> If anyone can give me back my 201.02Mb of lost space, or at least
explain
> these goings-on, please do!
>
> N
>
> Joshua Falkin wrote in message
> <[EMAIL PROTECTED]>...
> >I Stumbled across this same problem. There's got to be a bug in the
> >Scram disk program....Why is there a hidden svl container on my hard
> >drive that I did not create???
> >I found it by sending the contents of what appeared to be an empty
> >Recycled bin to WinZip. there it was, 200mb of who knows what?
> >
> >
> >
> >On Fri, 23 Apr 1999 23:44:45 GMT, "N" <[EMAIL PROTECTED]>
wrote:
> >
> >>Can anyone tell me why deleted files with an SVL extension keep
appearing
> in
> >>my Norton protected recycle bin, even though no container files have
been
> >>loaded or deleted and the Scramdisk utility program has not been
running?
> >>
> >>When I remove them from the bin, they always reappear, often within
> minutes!
> >>They normally have a name such as 00000011.svl or 00007337.svl, for
> example,
> >>and range in size from 20K to 200Mb! I have tried excluding this
file
> >>extension from Norton Protection, but to no avail. Norton cannot
identify
> >>which program deleted them, but since the Scramdisk utility program
isn't
> >>running presumably it must be work of the driver SD.VXD?
> >>
> >>It does seem to be a gross waste of space for spurious files as
large as
> >>200Mb to be taking up this kind of space continually!
> >>
> >>Thanks
> >>N
> >>
> >>
> >>
> >>
> >>
> >>
> >
>
>
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: Goi Bok Min <[EMAIL PROTECTED]>
Subject: Re: Can Somebody Verify My DES execution?
Date: Tue, 18 May 1999 09:17:18 +0800
Reply-To: [EMAIL PROTECTED]
hi,
i think the easiest way to check out whether the DES program can work
properly or not,
is decrypt the ciphertext. if after decryption with the same secret key, the
output we gain is the same as the plaintext, then we can conclude that program
is correct.
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Toy Function (post didn't work)
Date: Fri, 14 May 1999 12:55:09 GMT
<snip>
(Yes I have to much time on my hands)
Just a question, is the offset hamming distance (31.93 instead of 32)
from the low amount of tests or from something else?
This else I am thinking about is from the multiplication where the low
bit will be set 1/4 of the time, meaning that 3/4 of the time it's from
R[2r + 1]. I don't think the weak bits from the multiplication applies
when more then one round is used, but is probably present in the last
round (for bit 0 only).
Also is the xor, mult, xor a good mixture? Is this non-isomorphic?
For the curious in my test I initialized the S and R array using the
constant additions from RC5 (0x9E3779B9, etc...) then I xor the key with
the R array (permutation box). Then I encrypt the zero string, and
replace all R and S entries... Like Blowfish.
At anyrate I am pretty sure this can be cracked, but I want to know how
to start.
Thanks in advance for any feedback,
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
Date: Tue, 18 May 1999 12:03:30 +0200
From: Christof Donat <[EMAIL PROTECTED]>
Subject: Re: Mandlebrot transform
Hi
Matthew Skala wrote:
> No. You start the process with z=0, and c= the coordinates of the current
> point on the screen.
If you whant one interetion step less, set z to c!
> Then you iterate it (square z, add c, square z, add
> c, and so on) until either z gets bigger than a set radius, or you've
> iterated some maximum number of iterations. Then the color for the point
> at location c, is the number of iterations you took. The Mandelbrot set
> proper is the set of values c where the iteration does *not* escape to
> infinity; those are often colored black. There are other things you can
> do with this iteration, but what I've described is the standard
> "Mandelbrot set" algorithm.
The Radius must be greater or equal to 2 because you can proove that in
this case you definately runn away to infinity.
BTW: He did not write about the Mandelbrot set, but about the Mandelbrot
transformation, which is also used for Julia sets and is much more
general.
> I don't think that the iteration z<-z^2+c is particularly interesting from
> a cryptographic point of view when it's over the complex numbers. It
> could maybe be of some use as a "mixing" step in a cipher if you did it
> with integers modulo a prime.
Hm, letīs see. There is definately no (known to me) way to get the
original point when you only have the result of the Mandelbrot
Transformation. Maybe as a Base for a Hash Function or for a Public Key
System.
This is of course shooting quickly. I have not _really_ thought about
it.
Christof
------------------------------
From: [EMAIL PROTECTED] (Pete)
Subject: where can i find a frequency list?
Date: 18 May 1999 10:18:19 GMT
dear all,
i used to have a book that had marvellous frequency tables, digraphs,
double letters, etc. the book was stolen from me a long, long time ago
and i can't remember what the title was.
i looked in the faq, and the faq doesn't really answer the question.
can someone point me to frequency tables on the net? if none exist (that
are known) can you point me to a book with a decent one?
pete
--
NEWS FLASH: Just compiled a new kernel 2.3.0! YEAH!!!
================================================================
http://landau.ucdavis.edu/psalzman [EMAIL PROTECTED]
One world, one web, one program. -- Microsoft Ad Campaign
Ein Volk, ein Reich, ein Fuhrer. -- Nazi Ad Campaign
<=>+/\/-=Prevent world domination, Install Linux today!=-\/\+<=>
================================================================
The best way to accelerate a win95 system is at 9.81 m/s^2
------------------------------
From: Sacha Brostoff <[EMAIL PROTECTED]>
Subject: Password hashing in different OSs
Date: Tue, 18 May 1999 11:37:19 +0100
Reply-To: [EMAIL PROTECTED]
Can somebody direct me to info about password hashing in Windows flavour
and Mac flavour OSs?
I know about UNIX crypt() x25 on 64 0bits, using a 12 bit salt. I'd
like to know similar things about Macs and Wintels.
Cheers,
Sacha.
------------------------------
From: [EMAIL PROTECTED]
Subject: prime numbers and the multplicative inverse
Date: Tue, 18 May 1999 10:48:33 GMT
I haven't been able to find an answer to this question. Why does IDEA
use a prime field for it's multiplication?
Does the field need to be prime to have a multiplicative inverse?
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: Can Somebody Verify My DES execution?
Date: 18 May 1999 11:51:22 GMT
According to <[EMAIL PROTECTED]>:
> I don't think so.
Indeed. The problem of this approach for DES is that both encryption and
decryption use the same confusion function (S-boxes, P permutation,...)
and the Feistel mechanism provides the inversibility. A buggy S-box will
lead to a perfectly working encryption and decryption program, although
it will not be compatible with other implementations of DES.
The DES standardization paper should include some test vector. There is
also an implementation in Bruce Schneier's "Applied Cryptography" ; be
sure however that you use the second edition, since the first is a bit
buggy (the P permutation is reversed, for instance). It contains the
following test vector :
key : 01234567 89abcdef
plain : 01234567 89abcde7
cipher : c9574425 6a5ed31d
(the key is 64-bits, but 8 bits are ignored [the so-called parity bits])
This test vector is compatible with my own, independently coded
DES implementation (using Biham and Shamir's book on differential
cryptanalysis) so I am fairly sure that the implementation in Schneier's
book (2nd edition) is bug free.
--Thomas Pornin
------------------------------
Date: Tue, 18 May 1999 07:28:02 -0400
From: [EMAIL PROTECTED]
Subject: Re: Can Somebody Verify My DES execution?
So, if my defective program that just copies the input to the output
does not mangled the text in the process we can consider it a correct
implementation of DES encryption and DES decryption?
I don't think so.
Goi Bok Min wrote:
>
> hi,
> i think the easiest way to check out whether the DES program can work
> properly or not,
> is decrypt the ciphertext. if after decryption with the same secret key, the
> output we gain is the same as the plaintext, then we can conclude that program
> is correct.
>
> >
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: Mon, 17 May 1999 11:17:30 +0200
Jim Gillogly wrote:
>
> Mok-Kong Shen wrote [regarding translating C to English-like text]:
> > Whichever the direction, you have to provide rules of transformation.
> > That isn't apparent. I was asking about the specific software that
> > Bravo claimed to have used.
>
> Uh, claimed? No need to be offensive.
>
> Try http://personal.sip.fi/~lm/c2txt2c/
I was using the word 'claim' plainly in the sense of scientific
discussions. Any assertion that is not accompanied with a proof or
detailed supporting materials/informations is a claim. (Thus e.g.
Fermat claimed the validity of his famous FLT.)
I was wondering how hard or simple it is to solve the general
problem of translating an arbitrary program in C into grammatically
correct and yet more or less readable English, because C is not too
simple in its syntax (form/structure). Anyway, I asked L. Mattila, the
author of c2txt2c, whether processing an arbitrary C program can
be done with his software. The answer I just got was 'Not yet. Maybe
some day in future.'
I conjecture that such translations might be easier for programming
languages like LISP which are simpler in syntax. I believe that
translating assembler code or even machine instructions should
be the easiest jobs in this category. The assembler code lines
are mostly of the form 'operation operand1,operand2'. It shouldn't
be difficult to transform that to typical English sentences.
Further, I believe that such translation software can be well built
table-driven. That is, through changing the table entries, one
easily gets different texts. This could provide some degree of privacy
when transfering crypto programs. Thus it is indeed feasible to
'secretly' export genuinely (in all sense) executable codes (assembler
and machine instructions) of crypto materials of any strength as
(protected) plain English texts, showing once again the absolute
nonsense of crypto laws and Wassenaar regulations.
M. K. Shen
======================================================
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany (permanent)
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
algorithms based on the new paradigm Security through Inefficiency.
Containing 2 mathematical problems with rewards totalling US$500.)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
