Cryptography-Digest Digest #637, Volume #10 Sat, 27 Nov 99 09:13:00 EST
Contents:
Re: AES cyphers leak information like sieves ("Trevor Jackson, III")
cookies implemented in applet? ([EMAIL PROTECTED])
Re: S/MIME plug-in for Eudora? Strong Encryption (Phil Logan-Kelly)
cryptography control? ([EMAIL PROTECTED])
Re: cryptography control? (noone)
Nazi Dockyard Cipher System? (UBCHI2)
Question about CS-Cipher and RC5 challenge ("Hank")
Re: brute force versus scalable repeated hashing (Johnny Bravo)
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: FEAL-8 algorithm (Tom St Denis)
Peekboo Ideas? (Tom St Denis)
Re: Distribution of intelligence in the crypto field (John Savard)
LeapFrog2 (Anonymous)
Re: Question about CS-Cipher and RC5 challenge ([EMAIL PROTECTED])
----------------------------------------------------------------------------
Date: Sat, 27 Nov 1999 02:06:27 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Douglas A. Gwyn wrote:
> wtshaw wrote:
> > Only those who are real cranks deserve to get the shaft. His self-styled
> > poetic statements are meant to light the fuses of shallow thinkers while
> > should be of not regard to those who are seeking truth. Being willing to
> > hop on one foot at the formal request of someone demanding that antic does
> > not speak well of either party.
>
> Asking for civilized behavior during a technial discourse
> is *not* asking anyone to (metaphorically) hop on one foot.
> If the goal is to communicate and/or enlighten, offensive
> behavior just gets in the way. If the barrier is too high,
> most reasonable people won't bother to try to overcome it.
Against this we have Franklin's observation that:
"Reasonable men accomodate themselves to circumstances. Unreasonable accomodate
ciscumstances to them selves. Thus all progress is due to unreasonable men."
So why should anyone care about the habits of reasonable people?
If a writer presents an interesting idea the offensiveness of the presentation
is irrelevant to the value of the concept. One can always just consider the
issue and ignore the presentation -- especially is one is "reasonable people".
If a writer presents nothing interesting the manner is even less relevant.
Don't bother wasting time with it..
Analogously, major business decisions are often made on the basis of trivia such
as the cut of a suit or the width of a tie. In the more liberal world of
engineering, ties are often missing altogether. The fact that idiots make
substantial decisions based on trivia does not suggest that one can make better
proposals by wearing the right suit or the right color of tie. It suggests that
the quality of the concept or proposal is irrelevant to the decision process.
Is that what you would suggest is going on in sci.crypt?
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
comp.lang.java.security,comp.lang.java.programmer,comp.lang.java.help,comp.programming,microsoft.public.java.security
Subject: cookies implemented in applet?
Date: Sat, 27 Nov 1999 15:18:26 +0800
Hi
Do anyone know of this?
Thanks
Greg
------------------------------
From: [EMAIL PROTECTED] (Phil Logan-Kelly)
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
Date: Sat, 27 Nov 1999 07:41:29 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Wed, 10 Nov 1999 11:01:30 -0700, "Bill \"Houdini\" Weiss"
<[EMAIL PROTECTED]> wrote:
>On Wed, 10 Nov 1999 10:26:12 +0000, SkinD <[EMAIL PROTECTED]> wrote in
>comp.security.misc :
>Why not just use PGP?
>
>--
>Bill "Houdini" Weiss
>PGP key: http://home.att.net/~bill_weiss/bill_weiss.asc
>ICQ#: 43270740
>
I have much the same need. Not because I don't use PGP but because
there are those who won't use PGP but do use s/mime. So, in order to
send them encrypted messages, I need a plug in for Eudora.
Phil
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.1
iQA/AwUBOD+LFvCRaR234+6REQKulwCg1MR2DJbTvrAaIKtf9fJoIYNySaoAoMxF
Nn9xSx2GAQ8kAEMeyojBGTYz
=7E7g
=====END PGP SIGNATURE=====
Remove no.spam.at.all from posted e-mail address to reply via e-mail
Due to forged posts in my name, all valid posts from Phil Logan-Kelly will be signed
with PGP.
PGP public key can be found at:
http://certserver.pgp.com:11371/pks/lookup?op=get&search=0xB7E3EE91
Check out the Hunger Site at http://www.thehungersite.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: cryptography control?
Date: Sat, 27 Nov 1999 07:44:26 GMT
I came across an artical that brings up some interesting points
concerning government control of cryptography in the future. The link
is:
http://home.att.net/~dontbefooled/CESA99.htm
I hope this not too far off topic as it does not go into specifics of
cryptography. The jist is that there have been some recent political
moves in the USA to increase the regulation/control of cryptography.
Its kinda like "If unbreakable cryptography is outlawed then only
outlaws will use it."
BDS
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: noone <[EMAIL PROTECTED]>
Subject: Re: cryptography control?
Date: Sat, 27 Nov 1999 08:20:00 GMT
bo!
[EMAIL PROTECTED] wrote:
> I came across an artical that brings up some interesting points
> concerning government control of cryptography in the future. The link
> is:
>
> http://home.att.net/~dontbefooled/CESA99.htm
>
> I hope this not too far off topic as it does not go into specifics of
> cryptography. The jist is that there have been some recent political
> moves in the USA to increase the regulation/control of cryptography.
> Its kinda like "If unbreakable cryptography is outlawed then only
> outlaws will use it."
> BDS
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Nazi Dockyard Cipher System?
Date: 27 Nov 1999 09:10:42 GMT
Anyone have details on the German Dockyard cipher system? How did it work?
------------------------------
From: "Hank" <[EMAIL PROTECTED]>
Subject: Question about CS-Cipher and RC5 challenge
Date: Sat, 27 Nov 1999 17:31:35 +0800
Can anyone tell me what type of attack is being used on cracking the CS-Cipher
Challenge
(http://www.cie-signaux.fr/security/challeng.htm) and the
RC5-64(http://www.rsasecurity.com/rsalabs/challenges/secretkey/secret-key.htm).
Are they all know plaintext attack ?
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: comp.security.misc
Subject: Re: brute force versus scalable repeated hashing
Date: Sat, 27 Nov 1999 04:35:47 GMT
On Sat, 27 Nov 1999 05:51:41 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
>> And any system protected by a short key is only as strong as that
>>key. The point of the paper which you admit you didn't read, yet
>>still felt you knew enough about to attack, is that if your keyspace
>>is 2^32 you have 32 bits of security. If you force your attacker to
>>perform 10 million hashes of your key in order to test it, your
> However one has to be sure this so called 10 million hashing
>does not lead to some limit cycle that would give the actual attacker
>a better handle so that far less than 2^32 patterns need to be tested.
This is covered in the paper, which you admit you didn't read. Why
do you persist in making stupid irrelevant comments that have no
bearing on the paper under discussion.
> Who said its meant to be a OTP pad. Its just meant to be orders better
>than what the NSA will trick fools like you into using.
How can it be orders of magnitude better than current ciphers, you
stated that an 8 bit byte has 7 possible states. You haven't got a
clue, how are we supposed to trust your cipher?
Johnny Bravo
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Sat, 27 Nov 1999 11:56:47 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > Universially random should mean something which is random, and by NO
> > MEANS at all predictable. However this cannot exist in nature.
>
> Who made you God?
Ok, explain to me something that is truly random.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: FEAL-8 algorithm
Date: Sat, 27 Nov 1999 12:01:02 GMT
In article <81noms$p3q$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> If you want to keep your job do what the big corparations do. Just
do
> the job they want. When there done after you pocket the money. Then
> tell them you can make it better. But if you give to much static up
> front you may not get to do the job at all.
This is about the third time I agree with him. Wow am I changing or
him?
I would however raise just a hint of 'static' to say 'but FEAL
sucks...'. Good conscienous and all.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Peekboo Ideas?
Date: Sat, 27 Nov 1999 12:07:15 GMT
Ok I am currently looking for ideas for changes/additions to Peekboo
for v1.8 [currently v1.73 is out].
So far:
- Signatures [files and message]
- New RNG [use the WinRng to make a seed then run RC4 to get bytes]
- Optimize/make smaller code
- ???
Try it out [FREE] at http://www.cell2000.net/security/peekboo/index.html
The source is there too so you can play with it.
I do have one question: How do I implement human-readble message
signatures when things like email and usenet will reformat/addspaces?
Do I just discount spaces or something? How does PGP do it?
Please try it out and gimme ideas. You can email your thoughts/ideas
to me directly, to this group or to the email group [see my website].
Thanks,
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Distribution of intelligence in the crypto field
Date: Sat, 27 Nov 1999 13:34:29 GMT
On Sat, 27 Nov 1999 05:31:17 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> Maybe it helps if you have a family history of people who do what
>> there told without any concern for real moral values. Also they might
>> not really like free thinkers.
>How many NSA employees do you know? I know quite a few, and
>none of them fit your perjorative description.
I'm sure they don't fit any pejorative description, but if one strips
away the choice of wording, perhaps another post - by someone who had
an acquaintance who placed in the top 5% of the Putnam, but whose
acquaintance was not approached by the NSA - would make some sense.
Before discreetly approaching such people, they might do a cursory
background check, and avoid approaching people who, for example, have
a history of certain types of political activity.
No use asking for trouble.
------------------------------
Date: Sat, 27 Nov 1999 15:03:22 +0100 (CET)
From: Anonymous <[EMAIL PROTECTED]>
Subject: LeapFrog2
WARNING: this post may piss off Tom StDenis, but it is otherwise harmless.
From: Patterson Programming
[EMAIL PROTECTED]
Author of: StealthMail 2.1
http://cryptography.org/cgi-bin/crypto.cgi/email
Designed and published in 1996, the LeapFrog cipher design is for
implementations that require a cipher which does not use any shifts/rotates.
The user-entered key is expanded into S-boxes using a non-linear method
somewhat similar to the stream cipher RC4. The diffusion is provided by
compound lookups into the S-boxes. The cipher is implemented with a
Feistel-like structure. Three bytes on the left are mixed through the S-box
function and combined with a target byte on the right using the Xor
operator. This is used for each of the four target bytes on the right. Using
asymmetry in the function, groups of two and three are selected to provide
maximal diffusion. Also, each byte on the left is added to its opposite on
the right. Thus, the round function consists of four parallel functions
which look like the parity function in MD5, but using the noted lookups, and
also the add operations. Note that the Xor/Add combination create a Feistel
cipher that is NOT self-inverse with an odd number of rounds. Also, the
cipher uses distinct S-boxes for each half of the Feistel network, and
halves are not actually swapped.
How the LeapFrog2 cipher differs from the LeapFrog cipher:
1) Instead of simple whitening Xors LeapFrog2 uses
pseudo-random round keys like Blowfish, etc.
2) The structural symmetry is broken up by using
a different ordering in rounds 0-3 and rounds 4-7.
(the hash function MD5 uses something similar)
This is commentary regarding the LeapFrog2 cipher. The origin of the cipher
is of a graphical nature. Consider a Blowfish-like function where four 8x32
lookups are Xored together. Ignore the fact that Blowfish also employs a
32-bit add. In that case, rather than Xoring the four 32-bit values
together, you could (using groups of four bytes) Xor four bytes together,
and Xor them with the other half. (using 16-bytes per round) You could think
of it like Blowfish structured "backwards". You could then build a cipher to
have more non-linearity than a Blowfish design. The LeapFrog design builds
on this idea using compound (chained) substitutions. This function is
similar to the key-expansion function in Twofish. (Although it is used for
an entirely different purpose.) The LeapFrog design may look somewhat
similar to a Skipjack-like or RC2-like design, except that LeapFrog uses
S-boxes, not pure math, as the diffusion element. Also, LeapFrog uses a
balanced Feistel network, not an unbalanced one like those ciphers or
MacGuffin. LeapFrog diffusion is complete at 3 rounds like Blowfish. Note
that the LeapFrog design blurs the destinction between nonlinear
substitution and diffusion. To diffuse a block, why would you restrict the
design to use only 2-in/2-out diffusion blocks. Why not make it cubic, or
use even more dimensions? As stated, LeapFrog accomplishes this using
compound or "chained" S-boxes. Unlike the original work of Ritter, the S-box
diffusion in LeapFrog is all non-linear. Using the Feistel design, LeapFrog
decryption does not need to employ inverse S-boxes. Also, some
key-independent diffusion is provided by the add operation across the block
halves. The add operation also has the effect of making a Feistel cipher not
self-inverse with an odd number of rounds. Key-expansion: You could view the
key-expansion code in LeapFrog as combining elements from ones employed in
RC4 and Diamond2. The key entropy is mainly expressed in the S-boxes, not
the subkeys. Although in LeapFrog2, the "subkeys" are non-cyclical like the
ones employed in Blowfish. It should be noted that this analysis is entirely
retrospective. I did not know of most of these cipher designs when I
designed LeapFrog. I am not providing any differential or linear analysis
here, you can do that for yourself. You might trust your own abilities more
than my own.
This is a TYPO-CORRECTED pseudo-code example showing the LeapFrog2 block
cipher. It uses a 64-bit block and a variable-bit key.
T1, T2, T3, T4 are signed integers
p1....p8 are signed integers
Subroutine LeapFrogEncrypt
For BlockNumber = 1 To Blocks
* read plaintext block into p1....p8
* LeapFrogRounds are 8
For x = 0 To (LeapFrogRounds / 2) - 1
* create the T variables
T1 = A1(p1 Xor SK(x, 0))
T2 = A2(p2 Xor SK(x, 1))
T3 = A3(p3 Xor SK(x, 2))
T4 = A4(p4 Xor SK(x, 3))
* T variable order "A"
p5 = p5 Xor A1(A1(T2 Xor T3) Xor T4)
p6 = p6 Xor A2(A2(T1 Xor T4) Xor T3)
p7 = p7 Xor A3(A3(T4 Xor T2) Xor T1)
p8 = p8 Xor A4(A4(T3 Xor T1) Xor T2)
p5 = (p5 + T1) And HFF
p6 = (p6 + T2) And HFF
p7 = (p7 + T3) And HFF
p8 = (p8 + T4) And HFF
* do other half without swapping
T1 = A5(p5 Xor SK(x, 4))
T2 = A6(p6 Xor SK(x, 5))
T3 = A7(p7 Xor SK(x, 6))
T4 = A8(p8 Xor SK(x, 7))
p1 = p1 Xor A5(A5(T2 Xor T3) Xor T4)
p2 = p2 Xor A6(A6(T1 Xor T4) Xor T3)
p3 = p3 Xor A7(A7(T4 Xor T2) Xor T1)
p4 = p4 Xor A8(A8(T3 Xor T1) Xor T2)
p1 = (p1 + T1) And HFF
p2 = (p2 + T2) And HFF
p3 = (p3 + T3) And HFF
p4 = (p4 + T4) And HFF
Next
For x = (LeapFrogRounds / 2) To (LeapFrogRounds - 1)
* create the T variables
T1 = A1(p1 Xor SK(x, 0))
T2 = A2(p2 Xor SK(x, 1))
T3 = A3(p3 Xor SK(x, 2))
T4 = A4(p4 Xor SK(x, 3))
* T variable order "B"
p5 = p5 Xor A1(A1(T2 Xor T3) Xor T4)
p6 = p6 Xor A2(A2(T3 Xor T4) Xor T1)
p7 = p7 Xor A3(A3(T4 Xor T1) Xor T2)
p8 = p8 Xor A4(A4(T1 Xor T2) Xor T3)
p5 = (p5 + T1) And HFF
p6 = (p6 + T2) And HFF
p7 = (p7 + T3) And HFF
p8 = (p8 + T4) And HFF
* do other half without swapping
T1 = A5(p5 Xor SK(x, 4))
T2 = A6(p6 Xor SK(x, 5))
T3 = A7(p7 Xor SK(x, 6))
T4 = A8(p8 Xor SK(x, 7))
p1 = p1 Xor A5(A5(T2 Xor T3) Xor T4)
p2 = p2 Xor A6(A6(T3 Xor T4) Xor T1)
p3 = p3 Xor A7(A7(T4 Xor T1) Xor T2)
p4 = p4 Xor A8(A8(T1 Xor T2) Xor T3)
p1 = (p1 + T1) And HFF
p2 = (p2 + T2) And HFF
p3 = (p3 + T3) And HFF
p4 = (p4 + T4) And HFF
Next
* whiten data
p1 = p1 Xor SK(LeapFrogRounds, 0)
p2 = p2 Xor SK(LeapFrogRounds, 1)
p3 = p3 Xor SK(LeapFrogRounds, 2)
p4 = p4 Xor SK(LeapFrogRounds, 3)
p5 = p5 Xor SK(LeapFrogRounds, 4)
p6 = p6 Xor SK(LeapFrogRounds, 5)
p7 = p7 Xor SK(LeapFrogRounds, 6)
p8 = p8 Xor SK(LeapFrogRounds, 7)
* write ciphertext block from p1....p8
Next
End Subroutine LeapFrogEncrypt
Subroutine LeapFrogDecrypt
For BlockNumber = 1 To Blocks
* read ciphertext block into p1....p8
* unwhiten data
p1 = p1 Xor SK(LeapFrogRounds, 0)
p2 = p2 Xor SK(LeapFrogRounds, 1)
p3 = p3 Xor SK(LeapFrogRounds, 2)
p4 = p4 Xor SK(LeapFrogRounds, 3)
p5 = p5 Xor SK(LeapFrogRounds, 4)
p6 = p6 Xor SK(LeapFrogRounds, 5)
p7 = p7 Xor SK(LeapFrogRounds, 6)
p8 = p8 Xor SK(LeapFrogRounds, 7)
For y = 0 To (LeapFrogRounds / 2) - 1
* invert subkeys
x = (LeapFrogRounds - 1) - y
* create the T variables
T1 = A5(p5 Xor SK(x, 4))
T2 = A6(p6 Xor SK(x, 5))
T3 = A7(p7 Xor SK(x, 6))
T4 = A8(p8 Xor SK(x, 7))
* T variable order "B"
p1 = (p1 - T1) And HFF
p2 = (p2 - T2) And HFF
p3 = (p3 - T3) And HFF
p4 = (p4 - T4) And HFF
p1 = p1 Xor A5(A5(T2 Xor T3) Xor T4)
p2 = p2 Xor A6(A6(T3 Xor T4) Xor T1)
p3 = p3 Xor A7(A7(T4 Xor T1) Xor T2)
p4 = p4 Xor A8(A8(T1 Xor T2) Xor T3)
* do other half without swapping
T1 = A1(p1 Xor SK(x, 0))
T2 = A2(p2 Xor SK(x, 1))
T3 = A3(p3 Xor SK(x, 2))
T4 = A4(p4 Xor SK(x, 3))
p5 = (p5 - T1) And HFF
p6 = (p6 - T2) And HFF
p7 = (p7 - T3) And HFF
p8 = (p8 - T4) And HFF
p5 = p5 Xor A1(A1(T2 Xor T3) Xor T4)
p6 = p6 Xor A2(A2(T3 Xor T4) Xor T1)
p7 = p7 Xor A3(A3(T4 Xor T1) Xor T2)
p8 = p8 Xor A4(A4(T1 Xor T2) Xor T3)
Next
For y = (LeapFrogRounds / 2) To (LeapFrogRounds - 1)
* invert subkeys
x = (LeapFrogRounds - 1) - y
* create the T variables
T1 = A5(p5 Xor SK(x, 4))
T2 = A6(p6 Xor SK(x, 5))
T3 = A7(p7 Xor SK(x, 6))
T4 = A8(p8 Xor SK(x, 7))
* T variable order "A"
p1 = (p1 - T1) And HFF
p2 = (p2 - T2) And HFF
p3 = (p3 - T3) And HFF
p4 = (p4 - T4) And HFF
p1 = p1 Xor A5(A5(T2 Xor T3) Xor T4)
p2 = p2 Xor A6(A6(T1 Xor T4) Xor T3)
p3 = p3 Xor A7(A7(T4 Xor T2) Xor T1)
p4 = p4 Xor A8(A8(T3 Xor T1) Xor T2)
* do other half without swapping
T1 = A1(p1 Xor SK(x, 0))
T2 = A2(p2 Xor SK(x, 1))
T3 = A3(p3 Xor SK(x, 2))
T4 = A4(p4 Xor SK(x, 3))
p5 = (p5 - T1) And HFF
p6 = (p6 - T2) And HFF
p7 = (p7 - T3) And HFF
p8 = (p8 - T4) And HFF
p5 = p5 Xor A1(A1(T2 Xor T3) Xor T4)
p6 = p6 Xor A2(A2(T1 Xor T4) Xor T3)
p7 = p7 Xor A3(A3(T4 Xor T2) Xor T1)
p8 = p8 Xor A4(A4(T3 Xor T1) Xor T2)
Next
* write plaintext block from p1....p8
Next
End Subroutine LeapFrogDecrypt
Subroutine LeapFrogExpandKey
* replicate key into array
y = 0
For x = 0 To 255
LongKey(x) = k(y)
y = (y + 1) Mod RealKeyLen
Next
* initialize expanded key arrays
For i = 0 To 255
A1(i) = i, A5(i) = i
A2(i) = i, A6(i) = i
A3(i) = i, A7(i) = i
A4(i) = i, A8(i) = i
Next
j = 0
* randomize array
For i = 0 To 255
j = (j + A1(i) + LongKey(i)) And HFF
Exchange A1(i), A1(j)
Next
For i = 0 To 255
j = (j + A1(i)) And HFF, Exchange A1(i), A1(j)
Next
* randomize the other arrays
For i = 0 To 255
j = (j + A1(A2(i)) + A1(LongKey(i))) And HFF
Exchange A2(i), A2(j)
Next
For i = 0 To 255
j = (j + A2(A3(i)) + A2(LongKey(i))) And HFF
Exchange A3(i), A3(j)
Next
For i = 0 To 255
j = (j + A3(A4(i)) + A3(LongKey(i))) And HFF
Exchange A4(i), A4(j)
Next
For i = 0 To 255
j = (j + A4(A5(i)) + A4(LongKey(i))) And HFF
Exchange A5(i), A5(j)
Next
For i = 0 To 255
j = (j + A5(A6(i)) + A5(LongKey(i))) And HFF
Exchange A6(i), A6(j)
Next
For i = 0 To 255
j = (j + A6(A7(i)) + A6(LongKey(i))) And HFF
Exchange A7(i), A7(j)
Next
For i = 0 To 255
j = (j + A7(A8(i)) + A7(LongKey(i))) And HFF
Exchange A8(i), A8(j)
Next
* store zeros to SK array
* make subkeys from S-boxes
For i = 0 To 63
SK(0, 0) = (SK(0, 0) + A1(i)) And HFF
SK(0, 1) = (SK(0, 1) + A2(i)) And HFF
SK(0, 2) = (SK(0, 2) + A3(i)) And HFF
SK(0, 3) = (SK(0, 3) + A4(i)) And HFF
SK(0, 4) = (SK(0, 4) + A5(i)) And HFF
SK(0, 5) = (SK(0, 5) + A6(i)) And HFF
SK(0, 6) = (SK(0, 6) + A7(i)) And HFF
SK(0, 7) = (SK(0, 7) + A8(i)) And HFF
Next
For i = 0 To LeapFrogRounds - 1
SK(i + 1, 0) = (SK(i, 0) + A1(64 + i)) And HFF
SK(i + 1, 1) = (SK(i, 1) + A2(64 + i)) And HFF
SK(i + 1, 2) = (SK(i, 2) + A3(64 + i)) And HFF
SK(i + 1, 3) = (SK(i, 3) + A4(64 + i)) And HFF
SK(i + 1, 4) = (SK(i, 4) + A5(64 + i)) And HFF
SK(i + 1, 5) = (SK(i, 5) + A6(64 + i)) And HFF
SK(i + 1, 6) = (SK(i, 6) + A7(64 + i)) And HFF
SK(i + 1, 7) = (SK(i, 7) + A8(64 + i)) And HFF
Next
For i = 0 To LeapFrogRounds
SK(i, 0) = A5(SK(i, 0))
SK(i, 1) = A6(SK(i, 1))
SK(i, 2) = A7(SK(i, 2))
SK(i, 3) = A8(SK(i, 3))
Next
For i = 0 To LeapFrogRounds
SK(i, 4) = A1(SK(i, 4))
SK(i, 5) = A2(SK(i, 5))
SK(i, 6) = A3(SK(i, 6))
SK(i, 7) = A4(SK(i, 7))
Next
End Sub LeapFrogExpand
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Question about CS-Cipher and RC5 challenge
Date: Sat, 27 Nov 1999 14:08:34 GMT
Hank <[EMAIL PROTECTED]> wrote:
> Can anyone tell me what type of attack is being used on cracking the CS-Cipher
>Challenge
> (http://www.cie-signaux.fr/security/challeng.htm) and the
> RC5-64(http://www.rsasecurity.com/rsalabs/challenges/secretkey/secret-key.htm).
> Are they all know plaintext attack ?
The rsa contest is known plaintext. The exact plaintext is documented
somewhere in their faq, but the jist of it is each contest contains a
message along the lines of:
The secret message is: <unknown plaintext>
On the other hand, the attacks being used are brute force, trying
every possible key and seeing if your output starts with said
plaintext, since there isn't a more efficient attack with the little
known plaintext.
--
Matthew Gauthier <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
