Cryptography-Digest Digest #558, Volume #13 Fri, 26 Jan 01 15:13:01 EST
Contents:
Re: Windows encryption: API and file system (Ray Dillinger)
Re: Dynamic Transposition Revisited (long) (Mok-Kong Shen)
Re: Dynamic Transposition Revisited (long) (AllanW)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Dynamic Transposition Revisited (long) (AllanW)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Dynamic Transposition Revisited (long) (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Ray Dillinger <[EMAIL PROTECTED]>
Subject: Re: Windows encryption: API and file system
Date: Fri, 26 Jan 2001 19:13:22 GMT
It's not merely sloppy engineering... Think about it. It would
have been just as easy to create the temporary file as an encrypted
file in the first place, then copy it back over the file being
encrypted, and *then* delete it.
To call this "sloppy" is to believe that the engineer selected these
operations and then didn't think *at all* about what order to apply
them in. Which, I guess, you may believe if you care to, but I don't
think anyone that flatout stupid can be an engineer in the first place.
I don't think Microsoft is in the security business at all. I think
that they are in the business of providing the *illusion* of security
while still selling out ^H^H^H^H^H^H^H^H uh, "providing for the
legitimate needs of law enforcement and data theives". Real security
scares the bejabbers out of them and they're fighting it every step
of the way.
Bear
Ben Newman <[EMAIL PROTECTED]> wrote:
: This is an excellent start. I was hoping for a more detailed discussion of
: how an OS can secure files, and how Windows has implemented their encryption
: protocol.
: This bug is just plain sloppy engineering!
: --ben
: "Bryan Mongeau" <[EMAIL PROTECTED]> wrote in message
: news:VUYb6.6219$[EMAIL PROTECTED]...
:> Ben Newman wrote:
:>
:> > I'd like to learn more about criticisms of the Windows cryptography
:> > implementation. In response to an earlier post, someone characterized it
:> > as "practically useless." This seems like a particularly important issue
:> > given the amount of knowledge your average Windows user has about
: crypto.
:> >
:> > --ben
:> >
:> >
:>
:> I don't know if this what you mean but I saw this on Bugtraq
:> a few days ago:
:>
:> ----------------------------------------------
:> BugTraq: EFS Win 2000 flaw
:> From: Rickard Berglind <[EMAIL PROTECTED]>
:> To: [EMAIL PROTECTED]
:> Date: Fri, 19 Jan 2001 12:29:50 +0100
:>
:>
:> I have found a major problem with the encrypted filesystem
:> ( EFS ) in Windows 2000 which shows that encrypted files
:> are still very available for a thief or attacker.
:>
:>
:> The problem comes from how EFS works when the encryption
:> is done. When a user marks a file for encryption a
:> backup-file, called efs0.tmp, will be created. When
:> the copy is in place the orginal file will be deleted
:> and then recreated, now encrypted, from the efs0.tmp-
:> file.
:> And finally, when the new encrypted file is succesfully
:> created, the temporary-file ( which will never be shown
:> in the user interface ) will be deleted as well.
:>
:> So far, so good. The only file remaining is the one
:> which is encrypted.
:>
:>
:> But the flaw is this: the temporary-file is deleted
:> in the same way any other file is "deleted" - i.e.
:> the entry in the $mft is marked as empty and the clusters
:> where the file was stored will be marked in the $Bitmap
:> as available, but the psysical file and the information it
:> contains will NOT be deleted. The information in the
:> file which the user have encrypted will be left in the backup
:> file efs0.tmp in total plaintext on the surface of the disk.
:>
:> When new files are added to the partition will they
:> gradually overwrite the secret information, but if
:> the encrypted file was large - the information could
:> be left for months.
:>
:> So how can this be exploited ? If someone steals
:> a laptop or have psysical access to the disk it will
:> be easy to use any low level disk editor to search
:> for the information. For example, the Microsoft
:> Support Tool "dskprobe.exe" works fine for locating
:> old efs0.tmp-files and read information, in plain-text,
:> that the user thought was safe.
:>
:> In my opinion there should be a function in the EFS
:> which physically overwrites the efs0.tmp at least once
:> to make it a lot harder for an attacker to gain control
:> over secret information.
:>
:>
:>
:> Here is a description how to test this :
:>
:> Use any version of Windows 2000.
:> Install the Support Tools from the Win2000 CD.
:>
:> For demonstrating purposes - create a new partition with
:> the size of 7 MB.
:> Choose to format with NTFS.
:> Create a new small file ( easier to find ) with Notepad
:> and put some text in it. Save this file in the root of the
:> new partition.
:>
:> Do not encrypt it yet.
:>
:> Let us look at the file through DiskProbe before encryption-
:> start Diskprobe from Support Tools on the Start Menu.
:>
:> A. Choose the "Drives"-menu and "Physical Drive"
:> Double click on "physical drive 0" ( or other drive you are using )
:> Click "Set active" and then "OK"
:>
:> B. Choose "Drives" again and this time "Logical Volume"
:> Double click the drive letter for your new partition
:> and then "Set active" and "OK"
:>
:> C. Choose the "Sectors"-menu and "Read". For starting number
:> type 80 and for the number - 35 perpaps.
:>
:>
:> Maximize the window and click the arrow for "Next sector".
:>
:> At sector 86 you should see the name and contents of your
:> file ( assuming you made a new partition )
:>
:> The file is obiously in plain text and easy to read for anyone
:> with physical access to this disk, regardless of permissions
:> in the ACL, which is ignored when using this kind of utiliy.
:> Better encrypt this file .. !
:>
:>
:> Now close the DiskProbe utility and open Explorer and locate
:> your new file. Choose Properties - Advanced - Encrypted - OK.
:> The file is now encrypted.
:>
:> Wait a few moments to be sure the new data has been written
:> to the disk.
:> Open Diskprobe again and repeat steps A, B and C.
:>
:> When reaching sector 86 you should be able to see the name
:> of your file, but not be able to read the information - it
:> is now encrypted.
:>
:> But.. continue to click the Next Sector-Arrow and look carefully
:> at the information being displayed. A few sectors away from the
:> orginal file there should be a file called efs0.tmp - which is
:> the backup file EFS creats during encryption. You should ALSO
:> be able to see the contents of this efs0.tmp file - which will
:> be the data from the file you encrypted. The problem is just that
:> the data is in clear and plain text.
:> So again - anyone with physical access to this disk can read
:> the data you thought was safe.
:>
:>
:> / Rickard Berglind
:> -------------------------------------------------
:>
:>
:> --
:> <==================================>
:> Bryan Mongeau
:> Lead Developer, Director
:> eEvolved Real-Time Technologies Inc.
:> www.eevolved.com
:> <==================================>
:>
:> "The fear of death is the most unjustified of all fears, for there's no
:> risk of accident for someone who's dead."-- Einstein
:>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 20:15:55 +0100
Rob Warnock wrote:
>
[snip]
> One version that seems useful/applicable for Ritter's DT is the scheme
> used in the "21b/24b" code used in the HIPPI-Serial standard. One bit
> of each codeword says whether the remaining bits of that codeword are to
> be inverted or not before being sent (and before being used after being
> received). The encoder counts the running disparity of all codewords
> sent so far, looks at the pop. count of the current word to be sent,
> and either inverts or leaves alone the current word, depending on which
> way will lower the running disparity. In the case of HIPPI-Serial, this
> guarantees that the running disparity never exceeds +/-35 even momentarily,
> and never exceeds +/-23 at codeword boundaries. Padding the message with
> just one additional codeword of chosen content allows one to force the
> disparity for the whole message to 0.
Would you kindly explain what HIPPI is and why one needs
balancing there? Thanks.
M. K. Shen
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 19:09:04 GMT
"John A. Malley" <[EMAIL PROTECTED]> wrote:
> > >This may be a good place to continue the cryptanalysis of the
strength
> > >of the DT cipher. A PRNG with N! states to make every permutation
of
> > >the bits in an N bit block can only generate some of the possible
> > >sequences of permutations. There are (N!)! possible sequences of
> > >permutations.
>
> Terry Ritter wrote:
> > There are (N!)**S possible sequences of permutations, of sequence
> > length S.
If S is the sequence length, what is N?
> Please help - where did I go wrong in calculating the total number of
> possible sequences of the N! total possible permutations?
>
> Here's my reasoning - [snip]
To calculate the number of permutations for N values, remember that
there
are N values for the first number times (N-1) for the second, and so on.
This is the definition of N!. So for the values 0,1,2,3,4,5, there are
6!=720 permutations, and here they are:
012345 012354 012435 012453 012534 012543
013245 013254 013425 013452 013524 013542
014235 014253 014325 014352 014523 014532
015234 015243 015324 015342 015423 015432
021345 021354 021435 021453 021534 021543
023145 023154 023415 023451 023514 023541
024135 024153 024315 024351 024513 024531
025134 025143 025314 025341 025413 025431
031245 031254 031425 031452 031524 031542
032145 032154 032415 032451 032514 032541
034125 034152 034215 034251 034512 034521
035124 035142 035214 035241 035412 035421
041235 041253 041325 041352 041523 041532
042135 042153 042315 042351 042513 042531
043125 043152 043215 043251 043512 043521
045123 045132 045213 045231 045312 045321
051234 051243 051324 051342 051423 051432
052134 052143 052314 052341 052413 052431
053124 053142 053214 053241 053412 053421
054123 054132 054213 054231 054312 054321
102345 102354 102435 102453 102534 102543
103245 103254 103425 103452 103524 103542
104235 104253 104325 104352 104523 104532
105234 105243 105324 105342 105423 105432
120345 120354 120435 120453 120534 120543
123045 123054 123405 123450 123504 123540
124035 124053 124305 124350 124503 124530
125034 125043 125304 125340 125403 125430
130245 130254 130425 130452 130524 130542
132045 132054 132405 132450 132504 132540
134025 134052 134205 134250 134502 134520
135024 135042 135204 135240 135402 135420
140235 140253 140325 140352 140523 140532
142035 142053 142305 142350 142503 142530
143025 143052 143205 143250 143502 143520
145023 145032 145203 145230 145302 145320
150234 150243 150324 150342 150423 150432
152034 152043 152304 152340 152403 152430
153024 153042 153204 153240 153402 153420
154023 154032 154203 154230 154302 154320
201345 201354 201435 201453 201534 201543
203145 203154 203415 203451 203514 203541
204135 204153 204315 204351 204513 204531
205134 205143 205314 205341 205413 205431
210345 210354 210435 210453 210534 210543
213045 213054 213405 213450 213504 213540
214035 214053 214305 214350 214503 214530
215034 215043 215304 215340 215403 215430
230145 230154 230415 230451 230514 230541
231045 231054 231405 231450 231504 231540
234015 234051 234105 234150 234501 234510
235014 235041 235104 235140 235401 235410
240135 240153 240315 240351 240513 240531
241035 241053 241305 241350 241503 241530
243015 243051 243105 243150 243501 243510
245013 245031 245103 245130 245301 245310
250134 250143 250314 250341 250413 250431
251034 251043 251304 251340 251403 251430
253014 253041 253104 253140 253401 253410
254013 254031 254103 254130 254301 254310
301245 301254 301425 301452 301524 301542
302145 302154 302415 302451 302514 302541
304125 304152 304215 304251 304512 304521
305124 305142 305214 305241 305412 305421
310245 310254 310425 310452 310524 310542
312045 312054 312405 312450 312504 312540
314025 314052 314205 314250 314502 314520
315024 315042 315204 315240 315402 315420
320145 320154 320415 320451 320514 320541
321045 321054 321405 321450 321504 321540
324015 324051 324105 324150 324501 324510
325014 325041 325104 325140 325401 325410
340125 340152 340215 340251 340512 340521
341025 341052 341205 341250 341502 341520
342015 342051 342105 342150 342501 342510
345012 345021 345102 345120 345201 345210
350124 350142 350214 350241 350412 350421
351024 351042 351204 351240 351402 351420
352014 352041 352104 352140 352401 352410
354012 354021 354102 354120 354201 354210
401235 401253 401325 401352 401523 401532
402135 402153 402315 402351 402513 402531
403125 403152 403215 403251 403512 403521
405123 405132 405213 405231 405312 405321
410235 410253 410325 410352 410523 410532
412035 412053 412305 412350 412503 412530
413025 413052 413205 413250 413502 413520
415023 415032 415203 415230 415302 415320
420135 420153 420315 420351 420513 420531
421035 421053 421305 421350 421503 421530
423015 423051 423105 423150 423501 423510
425013 425031 425103 425130 425301 425310
430125 430152 430215 430251 430512 430521
431025 431052 431205 431250 431502 431520
432015 432051 432105 432150 432501 432510
435012 435021 435102 435120 435201 435210
450123 450132 450213 450231 450312 450321
451023 451032 451203 451230 451302 451320
452013 452031 452103 452130 452301 452310
453012 453021 453102 453120 453201 453210
501234 501243 501324 501342 501423 501432
502134 502143 502314 502341 502413 502431
503124 503142 503214 503241 503412 503421
504123 504132 504213 504231 504312 504321
510234 510243 510324 510342 510423 510432
512034 512043 512304 512340 512403 512430
513024 513042 513204 513240 513402 513420
514023 514032 514203 514230 514302 514320
520134 520143 520314 520341 520413 520431
521034 521043 521304 521340 521403 521430
523014 523041 523104 523140 523401 523410
524013 524031 524103 524130 524301 524310
530124 530142 530214 530241 530412 530421
531024 531042 531204 531240 531402 531420
532014 532041 532104 532140 532401 532410
534012 534021 534102 534120 534201 534210
540123 540132 540213 540231 540312 540321
541023 541032 541203 541230 541302 541320
542013 542031 542103 542130 542301 542310
543012 543021 543102 543120 543201 543210
If some of the values repeat, then N! is too high. For instance, if we
change the 5 to be 1, you can see that 012345 and 052341 both change
into 012341 and we have a duplicate. In general, when there are A
identical values then we must divide the number of permutations by A!
to remove the duplicates.
In the case we're considering, there are N/2 0's and N/2 1's, so we must
divide N! by (N/2)! and then divide that by (N/2)! again. So for 3 0's
and 3 1's, we get 6! / (3!)(3!) = 720/6*6 = 6*5*4/3*2 = 20 permutations,
and here they are:
000111 001011 001101 001110
010011 010101 010110 011001 011010 011100
100011 100101 100110 101001
101010 101100 110001 110010 110100 111000
This works for much larger values of N, too. So the correct
formula for the number of permutations of length N bits,
balanced with N/2 0-bits and N/2 1-bits is:
N!
-----------
(N/2)! ** 2
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 26 Jan 2001 11:24:47 -0800
Richard Heathfield wrote:
>
> Anthony Stephen Szopa wrote:
> >
> > Pointless program where to stop software piracy could increase
> > revenues by tens of billions of dollars each year? Pointless?
>
> Pretty much, yes. It's like trying to protect Pythagoras' Theorem.
> Counter-productive.
>
> > I will not defend copy protection here and now. You slide on this
> > point.
>
> (I don't know whether "slide on this point" is American idiomatic usage,
> but I don't /quite/ understand it. But I'm guessing it means you don't
> want to talk about copy protection. Fair enough.)
>
> >
> > Some people like the XOR program and have downloaded it. It works
> > just fine as someone in this news group pointed out.
>
> It would be astonishing if it /didn't/ work just fine. It's not exactly
> a tricky program to write, is it?
>
> > And here you
> > go again, trying to assail my software's aesthetics.
>
> I don't have to assail it. People only need look at it to make their own
> minds up.
>
> > Can't prove anything negative about the theory of OAP-L3?
>
> Until you release the source code, why should anyone bother trying?
>
> And, until it can be *used* conveniently (my understanding is that, at
> present, the user is obliged to shuffle cards for an hour or three), why
> should anyone bother trying?
>
>
> > Say, you don't want anybody stealing your money: give it away, it's
> > that simple, too.
>
> That's the first rational debating point you've made.
>
> My answer? Simple, really. High quality software is being written for
> free, every day. It's very competitive on price. Example: I can get a
> very powerful operating system that works for 100% less than it costs me
> to buy a slightly less powerful and broken operating system. Think about
> it. It'll take a while for people to catch on to the idea that they
> don't have to pay for their software, but they'll cotton on eventually.
>
> This works in encryption software too (to get us at least marginally
> back on-topic). Since people are writing better cryptographic products
> than yours for free, why should anyone pay for yours?
>
> By the way, the source code for Twofish is freely available, and Twofish
> has been heavily analysed.
>
> >
> > You still haven't figured out why I wrote the XOR program and posted
> > it on my web site for all to download. I guess if you don't get it:
> > you just don't get it.
>
> No, I don't get it. But I can't /wait/ for you to explain. What will
> your next masterpiece be? A program to add two numbers together? Without
> source code, and weighing in at 300 KB?
>
> >
> > I mentioned to a guy once that US laser weapons are only about 10%
> > efficient. He said who cares, they get the job done.
>
> If you have the choice between 10% efficiency and 90% efficiency, which
> do you choose? If I have the choice between OAP-L3 and Twofish, I choose
> Twofish. Why? Because it's free, it is known to work (or, at least, has
> been extensively cryptanalysed with no known breaks surfacing as yet),
> it's fast, and the source code is available.
>
> > What are MSs objectives? It matters.
> >
> > MS is losing a bundle on its software being pirated. You are just
> > spamming when you ask who would want MSs software. The answer is
> > just about everybody, especially if its free.
>
> The price is still too high. If you can persuade MS to /pay/ me to have
> their software, I /might/ consider it.
>
> --
> Richard Heathfield
> "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
> C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
You are a spammer.
Anyone reading your posts / replies can easily tell.
In the university when you take a test, you are not given data to
solve the problem. You solve the problem by using the techniques
on variables. If you cannot solve the problem on variables you
cannot solve the problem when these variables are assigned values.
The theory upon which OAP-L3 is based is completely explained in
the help files readily available from the web site:
http://www.ciphile.com
If you cannot assail the encryption based upon any hoped for
weakness in the theory then you cannot assail the encryption theory
knowing the source code.
What you are hoping to do is not disprove the theory but are
slumming in hopes of finding a bug in the implementation.
You must first admit that you have given up on any hopes to assail
the theory upon which OAP-L3 is based before we even get on with
discussing the source code.
So, is this the end of your spamming?
We all hope so.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 19:25:06 GMT
"John A. Malley" <[EMAIL PROTECTED]> wrote:
> Please help - where did I go wrong in calculating the total number of
> possible sequences of the N! total possible permutations?
I just posted a formula for the number of balanced permutations
in an N-bit block, but I should have added a formula for all
permutations (including non-balanced ones). That formula is
much easier. Each bit can be either 0 or 1. Since 01 is not
the same as 10, there are no duplicates. So multiply 2 for the
first bit times 2 for the second, and so on. The forumula is
2^N (or 2**N)
where ^ and ** are two alternative ways of expressing powers.
In other words, 2 to the power of N.
As an example that's probably familiar, when N is 8 then there
are 2**8=256 possible values. An 8-bit unsigned byte can take
on 256 different values (0 to 255), and this is not a
coincidence. By the same token, an unsigned 16-bit byte can
contain any number from 0 to 65535, and 2**16=65536.
When estimating the number for large N, use the approximation
2**N slightly more than 10**(0.3*N)
So 2**512 is slightly more than 10**(153.6), meaning that the
number of permutations of 512 bits is about 1e514. According
to my calculator the actual value is about 1.34078e154, so
the approximation is pretty close.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 26 Jan 2001 11:27:05 -0800
Lord Running Clam wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 26 Jan 2001, Richard Heathfield <[EMAIL PROTECTED]> wrote:
> >Anthony Stephen Szopa wrote:
> >>
> >> Pointless program where to stop software piracy could increase
> >> revenues by tens of billions of dollars each year? Pointless?
> >
> >Pretty much, yes. It's like trying to protect Pythagoras' Theorem.
> >Counter-productive.
>
> Excuse me, but is this little piece from alt.security.pgp relevant to your
> flamewar?
>
> http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=720256016&fmt=text
>
> LRC.
>
> -----BEGIN PGP SIGNATURE-----
> Version: N/A
>
> iQEVAwUBOnCv8oer+ijnZohVAQG7cAf+JgpHSED1HQER6F2EfaYVy+OUQlxdoSqM
> Lk+OXsN97NCLYRTtuDfpjxV6wQMdRmKG1aHAG3my0RH83oiF+I/va5cvJYZDpvb2
> lCDpeBMf5CMkejsNXWiBawcq0VZ91b/vYtlse4gdPoo+V+ELUdovbuxzNYEJYMuD
> 1KbyO3LEj/A4+OAMoGr389ZAIRlbRAYM+H1tjMmNxuKtnzBE6nIsU8e7/0g38R79
> fLhEhe8kPDYIuxdQQLw3XneaUJ6sdPbIWlV12VBjYa5EjL4fNsLoonenkIPkxECp
> mi8j2c6RMIgEKwhWD98MBPSoJMXqc8QWWM9VNAMWfudbt574eB8a3A==
> =e6WP
> -----END PGP SIGNATURE-----
Go ahead and run. Can't stand your own ground? Can't come up with
anything that your own mind can conceive?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Fri, 26 Jan 2001 20:36:59 +0100
Paul Pires wrote:
>
> John Savard <[EMAIL PROTECTED]> wrote:
[snip]
> Seems like what you'd want would be a method where the transposition
> works on a pile that is "Probably" balanced but where the deviation from
> perfect is not correlated to the input or output. I could be screwy here.
If one is not for some reason restricted to do only bit
permutations but can perform also other operations, in
particular substitutions, I am not yet very clear whether
bit balancing is the economically optimal operation to do
(either alone or in combination with other operations) for
achieving a certain encryption strength in practice. I mean
this issue should be clarified in connection with devising
good methods for obtaining bit balancing.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
