Cryptography-Digest Digest #486, Volume #10 Mon, 1 Nov 99 13:13:03 EST
Contents:
Notes on Substitutions (Mok-Kong Shen)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: the ACM full of Dolts? (Mok-Kong Shen)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: Newly Encountered Crypto System (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (Larry Kilgallen)
Re: Re: announcement: steganography program "steghide" (CoyoteRed)
Re: Doesn't Bruce Schneier practice what he preaches? (SCOTT19U.ZIP_GUY)
Re: Doesn't Bruce Schneier practice what he preaches? (SCOTT19U.ZIP_GUY)
Re: Doesn't Bruce Schneier practice what he preaches? (SCOTT19U.ZIP_GUY)
Re: the ACM full of Dolts? (SCOTT19U.ZIP_GUY)
Re: Build your own one-on-one compressor (Tim Tyler)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Notes on Substitutions
Date: Mon, 01 Nov 1999 12:25:02 +0100
The now classsical polyalphabetical substitution uses a key to choose
from a set of (in the general case independent, i.e. not merely
rotated or Vigenere type) monoalphabetic substitutions. Implemented
on a computer, the substitution table provides a set of bijective
mappings of [0, 2^n-1] to itself (with e.g. n=8) with the mappings
being used in a fixed cyclical order determined by the key.
Partly stimulated by some recent discussions on compression in
sci.crypt, I like to point out the following possibilities of
generalization of encipherment with polyalphabetical substitutions.
1. The key, customarily fairly short, may be extended (in the sense
of avoiding short periodicity of processing), if one uses it as a
seed of a PRNG and let the output of the PRNG to choose from a set
of mappings (which themselves can be conveniently generated with the
PRNG). Thus the PRNG 'drives' the polyalphabetical substitution,
analogously to my recent suggestion to use a PRNG to drive modern
block ciphers for the purpose of defeating differential analysis of
these. (I employed this technique in my humble algorithm WEAK3-EX.)
Through the 'indirectness' (i.e. the PRNG output is not 'directly
involved' with the ciphertext like in cases where XORing of PRNG
output with the plaintext is employed) the inference of the PRNG is
difficult to perform.
2. One need not confine oneself to using bijective mappings of
[2, 2^n-1] to itself, where the input and output symbols are all of
constant size, i.e. all of n bits. One can use Huffman codes instead.
This immediately enables one to obtain a plethora of essentially
different mappings. (Note that a short code symbol can be mapped to
a long one and vice versa. This huge 'variability' can serve to
greatly confound the analyst.) Firstly, for m terminal nodes there is
a large number of possible binary trees (of different shapes), giving
rise to a large number of sets of Huffman code symbols. Secondly,
given two such Huffman trees, their terminal nodes can be mapped in
m factorial different ways, i.e. leading to m! different mappings.
Note again that in both these aspects a PRNG can be utilized to
advantage. Of course, these mappings can be dynamically chosen as
described in item 1 above and even created (possibly also in
plaintext dependent ways) as the encryption processing goes on.
Further, encryptions of such nature employing different mappings can
be advantageously concantenated (superencipherment).
To avoid eventual misunderstandings, it is to be remarked that this
article does not touch on the topic of compression, even though
Huffman encoding is generally associated with the field of
compression. In fact, encryption using suggestions given in item 2
above may even often lead to outputs that are longer than the inputs.
I like also to acknowlege that an essential part of the ideas in
item 2 stems from Serge Hallyn.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 12:25:22 +0100
SCOTT19U.ZIP_GUY wrote:
>
> >> To quote the section from http://www.alife.co.uk/securecompress/ that I
> >> quoted in the post at the head of this thread:
> >>
> >> ``* No string in the tables should contain another such string as a
> >> substring;
> >>
> >> * No leading symbols in any string should exactly match the trailing
> >> symbols in a different string.''
> > Side1 Side 2
> > ABCD HG
> > HTHN UK
> > XYZ PQ
> >
> >XYZABCDABCD goes to PQHGHG. I modify this to PQHTHN. It
> >comes bach to XYZHTHN. Now this goes to PQUK. Or do I again miss
> You mean it comes back as XYZUK which goes back to PQHTHN
> no problem. SO maybe you did miss something.
Sorry, I erred with the example. But the impossibility of
constructing a dictionary of the art of Tim Tyler in practice
remains. Consider the following simple sentence:
In this afternoon there is going to be a discussion on his
issue.
Could you show a minimal dictionary that satisfies his two criteria?
I don't yet see any way of doing this.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: the ACM full of Dolts?
Date: Mon, 01 Nov 1999 12:28:52 +0100
SCOTT19U.ZIP_GUY wrote:
>
> >Let me repeat: If one has an initial frequency distribution that
> >the analyst can't figure out, then he can't do any compression or
> >decompression properly. In that case the failure to meet the
> >one-to-one property can namely have two different causes:
> >(1) The key he tried to decrypt is right but his guess of the
> > initial frequency distribution is wrong.
> >(2) The key he tried to decrypt is wrong.
> >
> >Now since his chance of correctly guessing the distribution in
> >case (1) is very low, this means that encountering the non-one-
> >to-one property tells him practically nothing whether the key
> >he tried is right or wrong, i.e. in the present scheme he also can't
> >get the kind of information that your scheme is designed to prevent
> >him from obtaining with your one-to-one property. I hope this
> >is understandable to you now.
> >
> Sorry but I know less of what you are driving at than the time before.
Simply put: The one-to-one property isn't that essential, there
are ways to accomplish good encryption purposes without needing
that.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Mon, 01 Nov 1999 13:27:19 +0100
Mok-Kong Shen wrote:
>
> SCOTT19U.ZIP_GUY wrote:
> >
>
> > >> To quote the section from http://www.alife.co.uk/securecompress/ that I
> > >> quoted in the post at the head of this thread:
> > >>
> > >> ``* No string in the tables should contain another such string as a
> > >> substring;
> > >>
> > >> * No leading symbols in any string should exactly match the trailing
> > >> symbols in a different string.''
>
> > > Side1 Side 2
> > > ABCD HG
> > > HTHN UK
> > > XYZ PQ
> > >
> > >XYZABCDABCD goes to PQHGHG. I modify this to PQHTHN. It
> > >comes bach to XYZHTHN. Now this goes to PQUK. Or do I again miss
>
> > You mean it comes back as XYZUK which goes back to PQHTHN
> > no problem. SO maybe you did miss something.
>
> Sorry, I erred with the example. But the impossibility of
> constructing a dictionary of the art of Tim Tyler in practice
> remains. Consider the following simple sentence:
>
> In this afternoon there is going to be a discussion on his
> issue.
>
> Could you show a minimal dictionary that satisfies his two criteria?
> I don't yet see any way of doing this.
Addendum: Corrected example:
Side1 Side 2
ABCD HGF
HS Z
FTGF MM
XYZ PQ
Now XYZABCDABCD --> PQHGFHGF. A modification of the string on
side2 to PQHSFTGF gives PQHSFTGF --> XYZHSFTGF -->PQZMM.
M. K. Shen
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: Newly Encountered Crypto System
Date: Mon, 01 Nov 1999 07:23:51 -0500
On 1 Nov 99 03:25:50 GMT, [EMAIL PROTECTED] () wrote:
>John Kennedy ([EMAIL PROTECTED]) wrote:
>: It's a pure snake-oil pitch, obviously.
>
>Well, it has *one* difference from the usual snake-oil pitch.
>
>There are as yet no details on how to get in contact with this reclusive
>eccentric who has produced an unbreakable cipher that breaks all the
>rules.
>
>Shall we call it a snake-oil teaser?
Sure. In fact there may be no no product ever offered, it could be
just a troll who has found a reliable way to get some attention. But
it's pretty clear it's almost impossible that there is any great
encryption behind this smoke, that was my real point. This is the way
perpetual motion machines have been pitched for a long time.
> And the description of A.N.E.C.
>sounds hauntingly familiar, but web and news searches turn up nothing.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 1 Nov 1999 13:03:17 GMT
In article <7vj6c8$5pt$[EMAIL PROTECTED]>, Scott Fluhrer
<[EMAIL PROTECTED]> writes:
> If that's all Schneier meant, then he's wrong. Just knowing the algorithms
> used is not enough. You have to know that they were put together correctly,
> for example, that any random number generators used were not chilled, that
> any keys created were not chosen with malice, that no key bits were being
> leaked somehow.
If viewing the source is the only basis for your trust, then you
have to know that you are better able than Bruce Schneier to tell
what constitutes proper construction of the software.
If you view malice from Bruce Schneier as a threat, they you have
to know that you are able to detect such malice better than Bruce
Schneier is able to hide that malice.
I know more about Bruce Schneier than I do about you, and I would
not be inclined to bet on you in such a competition.
On the other hand, I know a _lot_ about _myself_, and I would not
be inclined to bet on myself in your position competing against
Bruce Schneier.
Larry Kilgallen
------------------------------
From: [EMAIL PROTECTED] (CoyoteRed)
Subject: Re: Re: announcement: steganography program "steghide"
Date: Mon, 01 Nov 1999 14:51:31 GMT
Reply-To: this news group unless otherwise instructed!
On Fri, 29 Oct 1999 21:10:41 GMT, [EMAIL PROTECTED] (jerome) wrote:
>By the way these newsgroup is a very efficient way to avoid
>traffic analysis, the sender is identifiable but not the
>receiver (because of the number of readers).
Curious as to how the traffic of a NG compares to, say, a semi-popular
web site.
One scheme could be to hide a small file in .JPG on one of those
freebie web sites. The adversary would have to know that you had
setup, and were using, that site. How would he know this? One would
have to assume that there are far more web sites than news groups. I
don't know the average number of messages at any one particular time,
but scanning 35,000+ NG's for know aliases would take a lot less time
than scanning the web for .JPG's that may be stegg'ed. Of course,
once compromised, the site would (or could) be abandoned.
The reason I think this /may/ be better is when one visits a web site
almost everyone loads the pix (a pic that is on the home page.) But
in NG's not everyone gets /all/ the messages, especially the large
ones.
Now, I understand, that a web site has one (or few) servers while NG's
have multitudes and an aggressor would have to analyze all those
servers versus one (of few)
Any thoughts?
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.scramdisk
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 16:53:29 GMT
In article <[EMAIL PROTECTED]>, John Kennedy
<[EMAIL PROTECTED]> wrote:
>On 1 Nov 99 05:34:47 GMT, [EMAIL PROTECTED] () wrote:
>
>>Roman E. Liky ([EMAIL PROTECTED]) quoted:
>>: >Here's an example, Counterpane Systems has a nice little freeware
>>: >utility called Pasword Safe.
>>
>>Probably an exception was made here simply because this is intended as a
>>convenience for users who can't be bothered to memorize passwords, or do
>>anything else they ought to - of course, using PGP or ScramDisk makes
>>better sense from a security standpoint, but not everyone will find them
>>convenient enough to use.
>
>They make considerable hay out of the fact that the utility uses
>Blowfish encryption. The point of Blowfish is security. There's no
>other reason to care if Blowfish is part of the utility. But what good
>is Blowfish encryption without open source? It contradicts Schneier's
>own advice, does it not?
>
>I don't mean to make a mountain out of a molehill here, but this is a
>puzzling contradiction.
It is really not that puzzling you just have to think about it. You may
come to the same conclusion that I have.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 16:41:05 GMT
In article <7vj6c8$5pt$[EMAIL PROTECTED]>, Scott Fluhrer
<[EMAIL PROTECTED]> wrote:
>In article <oE7T3.2615$[EMAIL PROTECTED]>,
> "Adam Durana" <[EMAIL PROTECTED]> wrote:
>
>>Hi,
>>
>>I think you guys are missing the real point Schneier was trying to get
>>across. He was not saying give out the source code to your software, he was
>>saying that the encryption methods used in your software should be public.
>>You have to trust that the designers and coders of the software correctly
>>implemented it. Thats a lot of trust to put in someone, but you can test
>>the software to make sure it is correctly implemented in most cases. (Test
>>vectors?) There is a great deal of software that uses secret methods and
>>there is no way to tell if it is secure, until someone breaks it or reverse
>>engineers it. What Schneier was saying is that the encryption methods used
>>in software should be public, because the strength of a method should rest
>>in itself, not in its obsurcity.
>
>If that's all Schneier meant, then he's wrong. Just knowing the algorithms
>used is not enough. You have to know that they were put together correctly,
>for example, that any random number generators used were not chilled, that
>any keys created were not chosen with malice, that no key bits were being
>leaked somehow.
If one does not know the source code you could have other Trojans in the
code such as if used after such and such data the session code could be
theraded in the output like the hardware the NSA modified for the Swiss. Or
maybe text with cretain key words used in the plain text could cause the
thread to be added. Also with out soucres it is hard to check on the random
number generator to see with biases are hidden in it.
>
>Schneier knows all this. That's why I suspect you're misinterpretting him.
He should know this but maybe he has to express certain veiws to keep
his NSA buddies happy.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 16:50:42 GMT
In article <1999Nov1.080317.1@eisner>, [EMAIL PROTECTED] wrote:
>In article <7vj6c8$5pt$[EMAIL PROTECTED]>, Scott Fluhrer
> <[EMAIL PROTECTED]> writes:
>
>> If that's all Schneier meant, then he's wrong. Just knowing the algorithms
>> used is not enough. You have to know that they were put together correctly,
>> for example, that any random number generators used were not chilled, that
>> any keys created were not chosen with malice, that no key bits were being
>> leaked somehow.
>
>If viewing the source is the only basis for your trust, then you
>have to know that you are better able than Bruce Schneier to tell
>what constitutes proper construction of the software.
Know that is not true. If many see the open software you can
have more assurance no obvious holes than if just one crypto god
blesses it. Since even by the slim chance Mr BS is somewhat honest
he may not do as good a job looking if he knows others will also be
looking.
>
>If you view malice from Bruce Schneier as a threat, they you have
>to know that you are able to detect such malice better than Bruce
>Schneier is able to hide that malice.
>
>I know more about Bruce Schneier than I do about you, and I would
>not be inclined to bet on you in such a competition.
>
>On the other hand, I know a _lot_ about _myself_, and I would not
>be inclined to bet on myself in your position competing against
>Bruce Schneier.
If by competing just what the hell do you mean. I have challanged
the guy to do a contest like my gloat contest since I know and he knows
dam well that is FISHY methods can not do such a contest. He would
fuckin lose that kind of contest and he knows it. But he can becasue
assholes like you have blessed him sit up there and make many statements
that are dumb and you guys don't have the smarts to take him to task.
Yes he can sit there and take potshots at my code mostly through his
employee DW ( was listed as such in his site) that my code is weak
and that my main contest for cash was short. He even joked about putting
the cash up one day for it but like a lot of what it says when push comes
to shove he is full of it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: the ACM full of Dolts?
Date: Mon, 01 Nov 1999 16:58:37 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>Simply put: The one-to-one property isn't that essential, there
>are ways to accomplish good encryption purposes without needing
>that.
Simply put. If ine is GOING TO USE COMPRESSION BEFORE
ENCRYPTION. Then it is best to use compression that does not
add data to the file that would aid an attacker into breaking the
system. ONE-ONE COMPRESSION does not add information
when compressing the file.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
Crossposted-To: comp.compression
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Build your own one-on-one compressor
Reply-To: [EMAIL PROTECTED]
Date: Mon, 1 Nov 1999 16:07:00 GMT
In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: SCOTT19U.ZIP_GUY worte:
:> >Addendum: Corrected example:
:> >
:> > Side1 Side 2
:> > ABCD HGF
:> > HS Z
:> > FTGF MM
:> > XYZ PQ
:> How many times are you going to so this this list does not much
:> his result in at least to seperate places?
...
:> >Now XYZABCDABCD --> PQHGFHGF. A modification of the string on
:> >side2 to PQHSFTGF gives PQHSFTGF --> XYZHSFTGF -->PQZMM.
:> Besides using invalid dictionary you still are substituing wrong
:> PQHSFTGF -> XYZZMM but your dictionary still worng. I am surprised
:> you don't see how to follow his rules. This in itself is very interresting.
: Mmh. Did you write correctly above with your 'worng'?? Now, what
: is wrong with my dictionary?
You proposed:
ABCD HGF
HS Z
FTGF MM
XYZ PQ
Note that "XYZ" ends with "Z", which is a dictionary entry "Z".
This violates the "no-substring" condition.
Also note that "FTGF" starts with "F" while "HGF" ends with "F".
This violates the condition that no leading characters in one string
should exactly match the trailing characters in another string.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Some people are nice to be nasty to.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
