Cryptography-Digest Digest #596, Volume #9 Wed, 26 May 99 05:13:02 EDT
Contents:
Re: AES tweaks ([EMAIL PROTECTED])
Re: Why would a hacker reveal that he has broken a code? ("Markku J. Saarelainen")
Re: AES tweaks ([EMAIL PROTECTED])
Re: Oriental Language Based Enryption ([EMAIL PROTECTED])
Re: Why would a hacker reveal that he has broken a code? (David A Molnar)
Re: PGP Implementation of DH/DSS vs. RSA. (David A Molnar)
Re: Why would a hacker reveal that he has broken a code? (Boris Kazak)
Re: Symmantic question (Jerry Coffin)
Re: Crypto export limits ruled unconstitutional (wtshaw)
non-computerized cryptography (明白)
Re: Why would a hacker reveal that he has broken a code? (wtshaw)
Re: Why would a hacker reveal that he has broken a code? (wtshaw)
Re: PGP Implementation of DH/DSS vs. RSA. (_)
Re: non-computerized cryptography (Jaap-Henk Hoepman)
Re: non-computerized cryptography (Jaap-Henk Hoepman)
Re: where can i find a frequency list? (Pete)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 26 May 1999 02:13:04 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> They would not suport a secure standard because as the presidents spin
>doctors say. We can't let secure methods being commom place becasue
>drug runners that are not politically approved and terroists might use secure
>encryption and the MAJOR task is to contorl export of encryption technologes
>to the bad guys.
oh please. a. the US government is the major drug runner and terrorist and
b. there are much better methods available for the US government to go after
the drug runners and terrorists that they don't like. i'm sure that the NSA
doesn't mind crypto export controls and wouldn't mind key escrow, but 99%
of the time there's a better way to tackle the problem than trying to decrypt
a message and in the 1% of the time where the "bad guys" have covered every
angle other than the encrypted message they'll be smart enough to use a
halfway decent encryption method anyway.
>So why have a contest to really develop a secure method and advertise the
>fact all over the world. The only possible reason would be to trick people
>into using nonsecure encryption.
or to actually encourage businesses on the internet to use secure
communications and electronic transactions.
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: Tue, 25 May 1999 21:55:32 -0700
In many ways, some discussions in this newsgroup are quite amusing because the
capability to break any of your developed and implemented encryption algorithms is
much higher than you have ever imagined. If you think that the capability is 5 in
the scale of 1-10, you probably should change your perception from 5 to 15 or 20.
Academicians are lacking extensively behind real developments in the field of
encryption. Interesting .. isn't it. In addition, in most cases, people are
focusing on specific encryption algorithms and programs (some very popular and in
many ways, practical jokes due to covert promotions) and at the same time people
often forget the role of the whole communication process in cryptography.
So what do you think ..?
Markku
Terry Ritter wrote:
> That means any cipher may have already been broken in secret. And our
> continued use of such a cipher merely allows our opponents to continue
> to expose our information. And we have no way to know when our
> information is being exposed. This is just what happened to the other
> guys in WWII; one might think we could learn from our own past.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
> Free Encrypted Email www.hushmail.com [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES tweaks
Date: 26 May 1999 02:14:39 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> IF you bother to read even ancient texts like the "Puzzle Palce" one of the
>most informative books on the NSA you will see that even in those day people
>in the know. Knew that 56 bits was to short. The NSA may have made it as
>strong possible thus making it immune to differential crypto. But tweeked the
>key length of Lucifer from 64 bits to the 56 bits so it could easyly tests all
>the keys. Don't take my word for it look at the facts.
yeah, which is an *obvious* way to tweak the security of the cipher down.
there's nothing hidden about it at all. it's a long way from that to having
super-secret hidden backdoors.
--
Lamont Granquist ([EMAIL PROTECTED])
ICBM: 47 39'23"N 122 18'19"W
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Oriental Language Based Enryption
Date: Wed, 26 May 1999 01:45:29 GMT
> Some excellent responses .. I agree that this is one (and quite
traditional)
> method, but what about any other methods and techniques ...? The
world of
> encryption can not be so limited ... By the way, have you ever used
any real
> Chinese crypto system?
Real chinese? I have only heard about the 'chaos' theories from AC.
Tom
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: 26 May 1999 03:52:58 GMT
Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
> In many ways, some discussions in this newsgroup are quite amusing because the
> capability to break any of your developed and implemented encryption algorithms is
> much higher than you have ever imagined. If you think that the capability is 5 in
> the scale of 1-10, you probably should change your perception from 5 to 15 or 20.
I naturally do not have any way to refute that without demonstrating the
intrinsic hardness of some problem. (and I can't do that in a
cryptographically useful way right now). At the same time, I would like
to know if you have anyone in mind as having this capability. Who is the
implied "us" in your first sentence?
> Academicians are lacking extensively behind real developments in the field of
> encryption. Interesting .. isn't it. In addition, in most cases, people are
"the field of encryption." Which part of the field do you have in mind?
Block ciphers? Stream ciphers? Zero-knowledge proofs? Protocols for
optimistic fair exchange of digital signatures ?
> focusing on specific encryption algorithms and programs (some very popular and in
> many ways, practical jokes due to covert promotions) and at the same time people
> often forget the role of the whole communication process in cryptography.
I'm still not quite sure what you're getting at by drawing attention to
"the whole communication process." In another posting, you pointed out
that cryptography is just another form of communication. This is true,
but I don't yet see what that viewpoint "buys" us.
Could you elaborate a bit on why "the whole communication process" is
worth thinking about in crypto ?
Thanks,
-David Molnar
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: 26 May 1999 03:43:18 GMT
[EMAIL PROTECTED] wrote:
>> Also, I thought CAST was from Northern Telecom. That's about all
>> I know about it, though.
> Well 'Entrust' is a subs. of Nortel. Nortel actually owns about 400
> child companies including some hardware manufactures. I worked at
Ah. OK. Thanks.
> Nortel for about a month as co-op. Little tip work their full time,
> not co-op. They treat the co-ops like crap their. Full time workers
> however are treated well :)
Tell me about it. There was a visiting engineer from Nortel at a place
where I worked last summer. He had some very interesting stories involving
international travel...
-David Molnar (who regrets that this is moving further away from crypto)
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: Tue, 25 May 1999 21:18:50 -0400
Reply-To: [EMAIL PROTECTED]
Philip Hawthorne wrote:
>
> Sure. That explains why every patient whose has investigations for PUD
> (peptic ulcer disease) routinely has a Clo-test done? And if the Clo-test is
> positive for helicobacter species starts eradication treatment? Or maybe the
> several clinical studies showing that helicobacter is _a_ causal agent, not
> _the_ causal agent should be ignored? Maybe sticking to factual data rather
> than broad, inaccurate, sweeping statements about unconnected disciplines
> would be be useful.
>
> Philip Hawthorne
============================
Yes, indeed, you are 150% correct, with the exception of one small
detail. When I got myself a PUD, when I asked and begged doctors to make
a bacteriological analysis (in 1992), I was ridiculed and told that
there is _absolutely_ no evidence of the bacterial origin of ulcers.
Then I made my homework, and I did not go back to doctors, instead
I drove to Mexico, purchased in Tijuana the necessary medications and
cured myself in a couple of weeks (in 1994) after suffering 2.5
excuriating years of ulcer. Since then I am ulcer-free and hope to
keep this status for the forseeable future.
And your statements about meddling into unknown disciplines would
certainly apply, if only the discipline in question would not be so
closely related to my own health. Forgive me, sir, but it is my body,
and I must have the full and ultimate knowledge thereof. Sorry if I
intrude into the field which you consider to be your monopoly.
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Symmantic question
Date: Tue, 25 May 1999 23:50:20 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... a number of attributions elided ]
> >> Every bit added to the key length increases the difficulty of an
> >> exhaustive keysearch attack by [?].
> >
> >a factor of 2
>
> ...if the algorithm is designed properly.
The original question stated something to the effect of "assuming only
a brute-force attack..."
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: Wed, 26 May 1999 00:55:46 -0600
In article <7ieuis$bt3$[EMAIL PROTECTED]>, AllanW <[EMAIL PROTECTED]>
wrote:
>
> For instance, the second type of c-to-English would translate
> this:
>
...
Even more basic to the discussion is whether artificial intelligence is to
be exported or allowed at all. Surely a system capable of extending its
logic into new directions could learn rapidly to do what would be needed
to do any of these translations tasks; why, something of the sort might be
able to use a good text description of an algorithm to make the final
software, things definitely to come eventually.
Remember the story of the fellow that pushed a wheelbarrow full of
worthless hay through the main gate each day, and the guards inspected the
contents. They found nothing. Meanwhile....the real thing being purloined
each day was one wheelbarrow.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: 明白 <[EMAIL PROTECTED]>
Subject: non-computerized cryptography
Date: Wed, 26 May 1999 13:19:38 -0700
Reply-To: [EMAIL PROTECTED]
Greetings:
I'm interested in locating texts or other information pertaining to
"non-computer based" cryptography.
The trends in cryptography undeniably have shifted to 100%
computer-based systems. But is there anything still being written about
systems which do NOT rely on a computer to generate 1024 bit prime
numbers??
Just curious.........
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: Wed, 26 May 1999 01:31:27 -0600
In article <[EMAIL PROTECTED]>, "Markku J. Saarelainen"
<[EMAIL PROTECTED]> wrote:
> In many ways, some discussions in this newsgroup are quite amusing because the
> capability to break any of your developed and implemented encryption
algorithms is
> much higher than you have ever imagined. If you think that the
capability is 5 in
> the scale of 1-10, you probably should change your perception from 5 to
15 or 20.
> Academicians are lacking extensively behind real developments in the field of
> encryption. Interesting .. isn't it. In addition, in most cases, people are
> focusing on specific encryption algorithms and programs (some very
popular and in
> many ways, practical jokes due to covert promotions) and at the same
time people
> often forget the role of the whole communication process in cryptography.
>
> So what do you think ..?
>
> Markku
>
Yep.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Why would a hacker reveal that he has broken a code?
Date: Wed, 26 May 1999 01:28:51 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Terry Ritter)
wrote:
>
> 3) It is not all that clear that the "honest" people would outnumber
> the "dishonest" people, if we include NSA and similar agencies, and
> count only those active at any particular time. "Honest" people may
> have less motivation and resources, and may have to quit sooner.
>
Suppose we are NSA, so, we hire people qualified according to a narrow set
of standards, excluding those that have gotten into various forms of
creative mischief, learned too many bad computer habits on their own,
really have a life outside of what it takes to be a trusted government
employee, or will never be able to accept a guidance from a
crypto-clueless bureaucrat. It seems that when you exclude many of the
people who would be most likely to succeed in weird approaches to solve
seemingly impossible problems, you lessen you chances to do what you
otherwise want to do.
Then, these folks are given essentially the same training, to try to
become what others were simply born to be. Translated: Free form can go
where cue balls can't, or, a statistical exclusion error becomes evident
in best laid plans.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: [EMAIL PROTECTED] (_)
Subject: Re: PGP Implementation of DH/DSS vs. RSA.
Date: Wed, 26 May 99 07:22:14 GMT
As others have stated, CAST was not written by the NSA but by 2 Canadians who
were affiliated with Entrust. Whether Entrust actually owns the patent or not
I don't know (nor particularly care). Entrust certainly promotes it. What is
more interesting to note are the authors of the algorithm who are specified by
the initials, CA, for C. Adams, and ST, for S. Tavares...
http://adonis.ee.queensu.ca:8000/cast/
http://adonis.ee.queensu.ca:8000/
------------------------------
From: Jaap-Henk Hoepman <[EMAIL PROTECTED]>
Subject: Re: non-computerized cryptography
Date: 26 May 1999 09:38:38 +0200
On Wed, 26 May 1999 13:19:38 -0700 明白 <[EMAIL PROTECTED]> writes:
> Greetings:
>
> I'm interested in locating texts or other information pertaining to
> "non-computer based" cryptography.
>
> The trends in cryptography undeniably have shifted to 100%
> computer-based systems. But is there anything still being written about
> systems which do NOT rely on a computer to generate 1024 bit prime
> numbers??
Well, there's visual cryptography off course; and I believe there are several
authentication systems based on pattern or image recognition but apart from
that I'm not aware of other approaches. Would be interested in hearing about
them though... If you receive other replies by mail, please summarize here.
Very roughly speaking, visual crypto uses transparancies as a physical one time
pad. By putting the image on the transaprency over the image containing the
message, the message appears. Without the image on the transparancy, the image
containing the message appears to be random.
See:
@Unpublished{Sti97,
author = "D. R. Stinson",
title = "An Introduction to Visual Cryptography",
note = "Available at
http://cacr.math.uwaterloo.ca/~dstinson/index.html
(with transparancies) ",
year = 1997
}
@InProceedings{Mat96,
author = "Tsutomu Matsumoto",
title = "Human-Computer Cryptography: An Attempt",
crossref = " {Int.\ Conf.\ on Computer and Communications Security} 1996",
pages = "68--75",
keywords = "visual cryptography",
project = "RvB"
}
@InProceedings{NaoP97a,
author = "Moni Naor and Benny Pinkas",
title = "Visual Authentication and Identification",
crossref = "CRYPTO97",
pages = "322--336",
keywords = "visual cryptography",
project = "RvB"
}
@Unpublished{NaoP97b,
author = "Moni Naor and Benny Pinkas",
title = "Visual Authentication and Identification",
note = "Prel. version appeard at Crypto '97. Available at
http://theory.lcs.mit.edu/~tcryptol",
year = 1997,
keywords = "visual cryptography",
project = "RvB"
}
@InProceedings{Dro96,
author = "Stefan Droste",
title = "New Results on Visual Cryptography",
crossref = "CRYPTO96",
pages = "401--415",
project = "RvB"
}
Jaap-Henk
--
Jaap-Henk Hoepman | Sure! We've eaten off the silver
Dept. of Computer Science | (when even food was against us)
University of Twente | - Nick Cave
Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman
PGP ID: 0xFEA287FF Fingerprint: 7D4C 8486 A744 E8DF DA15 93D2 33DD 0F09
------------------------------
From: Jaap-Henk Hoepman <[EMAIL PROTECTED]>
Subject: Re: non-computerized cryptography
Date: 26 May 1999 09:40:23 +0200
On Wed, 26 May 1999 13:19:38 -0700 明白 <[EMAIL PROTECTED]> writes:
> Greetings:
>
> I'm interested in locating texts or other information pertaining to
> "non-computer based" cryptography.
>
> The trends in cryptography undeniably have shifted to 100%
> computer-based systems. But is there anything still being written about
> systems which do NOT rely on a computer to generate 1024 bit prime
> numbers??
Well, there's visual cryptography off course; and I believe there are several
authentication systems based on pattern or image recognition but apart from
that I'm not aware of other approaches. Would be interested in hearing about
them though... If you receive other replies by mail, please summarize here.
Very roughly speaking, visual crypto uses transparancies as a physical one time
pad. By putting the image on the transaprency over the image containing the
message, the message appears. Without the image on the transparancy, the image
containing the message appears to be random.
See:
@Unpublished{Sti97,
author = "D. R. Stinson",
title = "An Introduction to Visual Cryptography",
note = "Available at
http://cacr.math.uwaterloo.ca/~dstinson/index.html
(with transparancies) ",
year = 1997
}
@InProceedings{Mat96,
author = "Tsutomu Matsumoto",
title = "Human-Computer Cryptography: An Attempt",
crossref = "Int.\ Conf.\ on Computer and Communications Security 1996",
pages = "68--75",
keywords = "visual cryptography",
project = "RvB"
}
@InProceedings{NaoP97a,
author = "Moni Naor and Benny Pinkas",
title = "Visual Authentication and Identification",
crossref = "CRYPTO97",
pages = "322--336",
keywords = "visual cryptography",
project = "RvB"
}
@Unpublished{NaoP97b,
author = "Moni Naor and Benny Pinkas",
title = "Visual Authentication and Identification",
note = "Prel. version appeard at Crypto '97. Available at
http://theory.lcs.mit.edu/~tcryptol",
year = 1997,
keywords = "visual cryptography",
project = "RvB"
}
@InProceedings{Dro96,
author = "Stefan Droste",
title = "New Results on Visual Cryptography",
crossref = "CRYPTO96",
pages = "401--415",
project = "RvB"
}
Jaap-Henk
--
Jaap-Henk Hoepman | Sure! We've eaten off the silver
Dept. of Computer Science | (when even food was against us)
University of Twente | - Nick Cave
Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman
PGP ID: 0xFEA287FF Fingerprint: 7D4C 8486 A744 E8DF DA15 93D2 33DD 0F09
------------------------------
From: [EMAIL PROTECTED] (Pete)
Subject: Re: where can i find a frequency list?
Date: 26 May 1999 06:55:35 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: Pete wrote:
: > i know -- i have /usr/dict/words and managed to get a text copy of the
: > bible (a great resource for cryptograms). then it was just a matter of
: > cat bible >> /usr/dict/words
: > then sort and uniq and voila!
: Assuming you had write permission on /usr/dict/words,
and why not? that's the beauty of linux!
: that would have appended the bible data to the end of /usr/dict/words, which
: ruins that file.
why?!? if anything, i've improved the file by adding text to it. of course,
i had to filter out some junk, but that's no big deal. vi is powerful,
and there's almost nothing it can't do.
: Anyway, you can't get proper English letter frequencies from a
: dictionary; you have to use actual text. Also, the Bible is likely to
: have frequencies quite a bit different from most other English-language
: documents.
true -- although it's handy for a unix password cracker.
pete
--
NEWS FLASH: Just compiled a new kernel 2.3.0! YEAH!!!
================================================================
http://landau.ucdavis.edu/psalzman [EMAIL PROTECTED]
One world, one web, one program. -- Microsoft Ad Campaign
Ein Volk, ein Reich, ein Fuhrer. -- Nazi Ad Campaign
<=>+/\/-=Prevent world domination, Install Linux today!=-\/\+<=>
================================================================
The best way to accelerate a win95 system is at 9.81 m/s^2
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
