Cryptography-Digest Digest #590, Volume #14 Mon, 11 Jun 01 20:13:00 EDT
Contents:
Re: Off-topic: Plural agreement in English (JPeschel)
Re: 3 trip encryption Exchange ("Yaron Oren-Pines")
Re: Algorithms ("Joseph Ashwood")
Re: best encryption? ("Joseph Ashwood")
Re: where can I find information about DES? ("Joseph Ashwood")
Re: Encryption based password validation system? ("Joseph Ashwood")
Re: 3 trip encryption Exchange ("Tom St Denis")
Re: Crypto Links ("Joseph Ashwood")
Re: Free Triple DES Source code is needed. ("Joseph Ashwood")
Re: Free Triple DES Source code is needed. ("Tom St Denis")
Re: Off-topic: Plural agreement in English (SCOTT19U.ZIP_GUY)
Re: IV ("Joseph Ashwood")
Re: Off-topic: Plural agreement in English (John Savard)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (John Savard)
Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY (John Savard)
Re: where can I find information about DES? (John Savard)
help non-elephant encryption (sd)
Gone from original topic Re: Free Triple DES Source code is needed. ("Joseph
Ashwood")
Re: help non-elephant encryption ("Tom St Denis")
Re: Gone from original topic Re: Free Triple DES Source code is needed. ("Tom St
Denis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 11 Jun 2001 22:10:26 GMT
Subject: Re: Off-topic: Plural agreement in English
David Hopwood [EMAIL PROTECTED] writes:
>(Incidentally, this is why grammar checking is such a hard problem to
>automate; the grammatical correctness of a sentence often depends on
>its intended meaning.
No, follow the rules of grammar. When the meaning of a sentence is
different from its intended meaning, you don't pretend both are correct.
You re-write the sentence.
I have a hunch, though, you're talking about informal writing, but even when
you write informally you don't pretend your mistakes are correct:
you decide to pay more attention to your ear. For most people
that spells big trouble. Look at Usenet.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Reply-To: "Yaron Oren-Pines" <[EMAIL PROTECTED]>
From: "Yaron Oren-Pines" <[EMAIL PROTECTED]>
Subject: Re: 3 trip encryption Exchange
Date: Mon, 11 Jun 2001 22:17:39 GMT
Tom,
Thanks for the reply. Is this an encryption protocol that cannot be
cracked? If it was cracked, by whom and when
Thanks again
Yaron
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:BfbV6.88486$[EMAIL PROTECTED]...
>
> "Yaron Oren-Pines" <[EMAIL PROTECTED]> wrote in message
> news:P8bV6.1778$[EMAIL PROTECTED]...
> > Does anyone know this encrypion protocol?
>
> Ya it's Shamirs Protocol.
>
> 1. You send M^e.
> 2. They send M^e^d
> 3. You send M^e^d^(1/e)
>
> They compute M^e^d^(1/e)^(1/d) to get M
>
> (These are all mod p, where p is a large prime)
>
> Tom
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Algorithms
Date: Mon, 11 Jun 2001 14:57:22 -0700
Not really. The X.509 standard is only a method of defining a certificate.
It is not used for signing anything, and doesn't define a single signature
algorithm. If you are looking to package a digital signature you need to
look at PKCS7 and XMLSig. PKCS7 is the current default that everyone goes
with. XMLSig is most likely to be the next default. However all of this is
beyond the realm of the signature algorithm which is what was asked for.
Joe
"Vance Gloster" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> > Well if you want the algorithms for Digital Signatures, there are 3 of
> them
> > in FIPS 186-2, those are a good beginning, you can them compare these to
> NSS
> > (from NTRU www.ntru.com), various PKCS1 versions, ACE Sign, ESIGN,
FLASH,
> > QUARTZ, SFLASH (all 5 available from
>
> If you are researching digital signatures, you need to take a look at the
> X.509 standard.
>
> Vance Gloster One should never listen. To listen is a sign
of
> [EMAIL PROTECTED] indifference to one's hearers. -Oscar
Wilde
> http://www.vancesoft.com/vmghome
>
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: best encryption?
Date: Mon, 11 Jun 2001 15:00:10 -0700
There are such a wide array of potential answers, I will only give a few
that have become the standard answers in their own realm.
General purpose
Email - PGP
Disk - either PGPDisk or Scramdisk
Just data lying around - PGP
Of course these are not necessarily the best answers, I would suggest that
you give us a few more details.
Joe
"Dirk Heidenreich" <[EMAIL PROTECTED]> wrote in message
news:9g1rnk$t4o$04$[EMAIL PROTECTED]...
> Hello,
>
> i am not in use to any security programms. But i am interested into how to
> safe my data. I am looking for a very good programm, so which one would
you
> suggest? What is objective the best?
> Thanks for your help.
>
> Dirk Heidenreich
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: where can I find information about DES?
Date: Mon, 11 Jun 2001 15:03:14 -0700
The most authoritative reference
http://csrc.nist.gov/cryptval/des.htm
Joe
"doublemc" <[EMAIL PROTECTED]> wrote in message
news:p1sU6.31899$[EMAIL PROTECTED]...
> Hi everybody!.
> I´m searching information about DES.
> Can you help me to find it?
>
> Thank you.
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Encryption based password validation system?
Date: Mon, 11 Jun 2001 15:07:31 -0700
It's a fairly common method (see UNIX, or even WinNT). As was pointed out
there are some issues with it. It is preferable instead to use some sort of
strong system. At least one of the best for password verification is freely
available, and can be had from http://srp.stanford.edu, there are also
numerous others. These protocols have some very significant advantages over
the old hash the password idea (which yours is a simple variation of). Among
these benefits is that if someone steals the password file they still have
to do work to be able to impersonate a user, and a man-in-the-middle attack
is ineffective.
Joe
"phallen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Sorry folks, but I'm a newbie to the crypto and security in general.
>
> I've been thinking about a password validation system for a program
> I'm writing and wanted to hear if you guys already knew about it.
>
> Take some common piece of data, for example the phrase "The password
> was correct" and encrypting it with a user's secret key. All users
> would have the same encrypted word, but each would be decrypted with
> their password.
>
> In other words, the password validation system would not require the
> storage of the actual password; if the password is successfully used
> to decrypt the "master word", then the password is correct. A cracker
> couldn't steal the passwords this way (never mind if people forget the
> password for the moment.)
>
> Make sense? Been done? Stupid idea?
>
> Thanks,
>
> -- Joe
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: 3 trip encryption Exchange
Date: Mon, 11 Jun 2001 22:24:29 GMT
"Yaron Oren-Pines" <[EMAIL PROTECTED]> wrote in message
news:7sbV6.1779$[EMAIL PROTECTED]...
> Tom,
>
> Thanks for the reply. Is this an encryption protocol that cannot be
> cracked? If it was cracked, by whom and when
Well if your prime is small enough a chosen plaintext attack could reveal
the e/d parameters. Other than that attacks would be on the implementation
Tom
>
> Thanks again
> Yaron
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:BfbV6.88486$[EMAIL PROTECTED]...
> >
> > "Yaron Oren-Pines" <[EMAIL PROTECTED]> wrote in message
> > news:P8bV6.1778$[EMAIL PROTECTED]...
> > > Does anyone know this encrypion protocol?
> >
> > Ya it's Shamirs Protocol.
> >
> > 1. You send M^e.
> > 2. They send M^e^d
> > 3. You send M^e^d^(1/e)
> >
> > They compute M^e^d^(1/e)^(1/d) to get M
> >
> > (These are all mod p, where p is a large prime)
> >
> > Tom
> >
> >
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Crypto Links
Date: Mon, 11 Jun 2001 15:14:29 -0700
BlankWell I see you've gotten the link for Savard's site so I won't give it
to you again. I would also recommend http://www.counterpane.com/biblio it
doesn't work very well as an introduction but for cryptanalysis it's a great
link (and at 1306 papers at the moment one of the biggest also).
Additionally I've begun to notice more crypto information appearing on
freenet. I've got probably 100 links to semi-worthwhile sites between my
work and home computers, and the arvix archive is useful (although there
really aren't too many crypto papers around there yet). If Tom is kind
enough he might also give you access to his personal repository (which I
figure half this group downloaded) and it includes most of the counterpane
papers.
Joe
"news.singnet.com.sg" <[EMAIL PROTECTED]> wrote in message
news:9g1i2i$fn4$[EMAIL PROTECTED]...
Can anyone provide a list of links to go to where I could find general info
about Cryptography from general issues all the way to the nitty grittys of
each cipher technique?
Just realised I had links for all my other hobbies but none for Crypto!
(except for this newsgroup link)
Thanks in advance!
Annie L.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Mon, 11 Jun 2001 15:36:59 -0700
Actually if you format your C code properly, then C is a strict subset of
C++, so compiling with a C++ compiler is very common. This is especially
prevalent where someone uses GCC or MS VC++ (which covers most program) both
of which have at most minor preprocessor changes for C or C++, and the
actual compilation takes place with a C++ compiler. That was one of the
goals for C++ to be able to compile any C code as C++ to avoid having
cross-linker errors. It's also worth noting that ASM is actually included as
a portion of C++, so you can legitimately state C/C++/ASM and have it be
perfectly valid.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:qj9V6.87861$[EMAIL PROTECTED]...
> you compile the C++ parts with a C++ compiler and C parts with a C
> compiler.
>
> That's like saying I use a C/C++/ASM compiler since some of the object
code
> comes from assembly written routines (i.e crt0 in GCC).
>
> Tom
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Free Triple DES Source code is needed.
Date: Mon, 11 Jun 2001 22:51:46 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:eERQxds8AHA.259@cpmsnbbsa07...
> Actually if you format your C code properly, then C is a strict subset of
> C++, so compiling with a C++ compiler is very common. This is especially
> prevalent where someone uses GCC or MS VC++ (which covers most program)
both
> of which have at most minor preprocessor changes for C or C++, and the
> actual compilation takes place with a C++ compiler. That was one of the
> goals for C++ to be able to compile any C code as C++ to avoid having
> cross-linker errors. It's also worth noting that ASM is actually included
as
> a portion of C++, so you can legitimately state C/C++/ASM and have it be
> perfectly valid.
> Joe
I'm not a C expert but try posting this in comp.lang.c
Tom
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Off-topic: Plural agreement in English
Date: 11 Jun 2001 23:02:12 GMT
[EMAIL PROTECTED] (David Hopwood) wrote in
<[EMAIL PROTECTED]>:
>
>
>In David Scott's original statement "A bunch of nuts claim ...",
>"a bunch of nuts" is plural (i.e. more than one allegedly nutty
>person, independently claiming something), so "claim" is correct for
>the intended meaning. Tom's criticism was bogus in any case, because
>he didn't understand that "claim" and "are claiming" have the same
>plural agreement.
Are you surprised much of what TOMMY does is bogus. What I am
surprised about is why any one cared.
>
>(Incidentally, this is why grammar checking is such a hard problem to
>automate; the grammatical correctness of a sentence often depends on
>its intended meaning. I'm not surprised that Word gets this particular
>case wrong; when "a bunch of ..." is meant literally, as in a bunch of
>fruit, for example, it is almost always treated as singular.)
>
Another good reason why I don't use WORD.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: IV
Date: Mon, 11 Jun 2001 15:40:12 -0700
Before I make a statement let me try to paraphrase what was said to make
sure I understand what you're doing (there may be other problems than
security)
You are taking a message M, creating an IV, and encrypting with some cipher
in CBC mode.
Your messages are longer than 1KByte
If that is correct, then what you have done has not created a weakness.
Joe
"Cristiano" <[EMAIL PROTECTED]> wrote in message
news:9g36s0$ol4$[EMAIL PROTECTED]...
> I want to encrypt a file of L bytes with a block cipher in CBC mode (like
> RC6 or Rijndael).
> For speed reasons I read N bytes at time (N>1024) and then I encrypt this
> block.
> Every N bytes I use the IV to XORing the firsts 16 bytes of plain text.
> Is there some weakness in this way?
>
> Thanks
> Cristiano
>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Off-topic: Plural agreement in English
Date: Mon, 11 Jun 2001 23:27:58 GMT
On 11 Jun 2001 22:10:26 GMT, [EMAIL PROTECTED] (JPeschel)
wrote, in part:
>David Hopwood [EMAIL PROTECTED] writes:
>>(Incidentally, this is why grammar checking is such a hard problem to
>>automate; the grammatical correctness of a sentence often depends on
>>its intended meaning.
>No, follow the rules of grammar. When the meaning of a sentence is
>different from its intended meaning, you don't pretend both are correct.
>You re-write the sentence.
Yes, but this in no way contradicts the sentence of his you quoted. A
sentence which is grammatically correct if one meaning is intended,
and incorrect if another meaning is intended, should indeed be fixed
by the one who uttered it in the latter case. That does not, however,
help a computerized grammar-checking routine in a word processing
program, which has no means of knowing the author's intent.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Mon, 11 Jun 2001 23:34:18 GMT
On 11 Jun 2001 14:07:31 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote, in part:
>You have to admit Shannon had
>very poverful ideas that seem to be lost on the so called
>modern crypto people.
I would tend to think that the basic concepts of information theory
have now become integral to our culture, and as natural as the air we
breathe to people with any degree of interest in communications,
electronics, or data processing and some degree of mathematical
background. I can hardly, therefore, believe they are being kept
secret.
It is not surprising, however, that today cryptography is concerned
mainly with an area about which Shannon said little, other than to
give it a name: the work factor. Particularly as the extreme utility
(and practicality, and convenience) of the 'public-key' methods has
made them central to most modern employment of cryptographic
techniques, despite the fact that their security, in the
information-theoretic sense, is precisely nil.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) - VERY
Date: Mon, 11 Jun 2001 23:36:36 GMT
On 11 Jun 2001 14:29:42 GMT, [EMAIL PROTECTED] (JPeschel)
wrote, in part:
>There is a collection of Shannon's papers in English that you can buy.
That advice might better be directed at others in this thread;
whatever other failings he may have, Mr. Scott appears to have gone to
the appropriate local library and read these papers at least once in
his lifetime.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: where can I find information about DES?
Date: Mon, 11 Jun 2001 23:40:06 GMT
On Sat, 09 Jun 2001 13:06:32 -0400, "Robert J. Kolker"
<[EMAIL PROTECTED]> wrote, in part:
>Web Browsers are a wonderful thing. Learn to
>use them.
>My favorite browser is:
>www.google.com
My favorite web browser is Netscape. (Microsoft Internet Explorer and
Opera are other examples of WWW browsers.)
However, I do find Google to be my favorite _search engine_. Please,
let us not get the newbies confused as to terminology.
Other useful search engines include
http://www.altavista.com/
http://www.metacrawler.com/
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: sd <[EMAIL PROTECTED]>
Subject: help non-elephant encryption
Date: Mon, 11 Jun 2001 23:53:08 GMT
i sure would appreciate any info to validate claims of
www_e-cryption_com.html proprietary key agreement protocol and digital
"fingerprint" system engineered to achieve
perfect digital identification. new 'standard to replace PKI?'
thanks.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Gone from original topic Re: Free Triple DES Source code is needed.
Date: Mon, 11 Jun 2001 16:44:00 -0700
You stated something incorrect, and proceeded to make the same mistake a
second time, I choose to correct you. And if you're not a "C expert" why are
you posting on the difference between C and C++?
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:6YbV6.88841$[EMAIL PROTECTED]...
>
> "Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
> news:eERQxds8AHA.259@cpmsnbbsa07...
> > Actually if you format your C code properly, then C is a strict subset
of
> > C++, so compiling with a C++ compiler is very common. This is especially
> > prevalent where someone uses GCC or MS VC++ (which covers most program)
> both
> > of which have at most minor preprocessor changes for C or C++, and the
> > actual compilation takes place with a C++ compiler. That was one of the
> > goals for C++ to be able to compile any C code as C++ to avoid having
> > cross-linker errors. It's also worth noting that ASM is actually
included
> as
> > a portion of C++, so you can legitimately state C/C++/ASM and have it be
> > perfectly valid.
> > Joe
>
> I'm not a C expert but try posting this in comp.lang.c
>
> Tom
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: help non-elephant encryption
Date: Tue, 12 Jun 2001 00:01:47 GMT
"sd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> i sure would appreciate any info to validate claims of
> www_e-cryption_com.html proprietary key agreement protocol and digital
> "fingerprint" system engineered to achieve
> perfect digital identification. new 'standard to replace PKI?'
> thanks.
>
What is the real URL?
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Gone from original topic Re: Free Triple DES Source code is needed.
Date: Tue, 12 Jun 2001 00:04:22 GMT
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote in message
news:uQJAmBt8AHA.185@cpmsnbbsa07...
> You stated something incorrect, and proceeded to make the same mistake a
> second time, I choose to correct you. And if you're not a "C expert" why
are
> you posting on the difference between C and C++?
Because I heard of someone who wrote C code that wouldn't compile with a C++
compiler. I think it has todo with the arguments in a function like K&R
style.
I'm not sure off hand. why don't you ask c.l.c instead of attacking me.
I'm personally saying I'm nore sure one way or the other. Personally I
think most new langs (including C++) are a huge waste of resources that
could be better spent elsewhere. All too often we invent stuff without
thinking "is this usefull". For example C++ has manipulators yet in the
official C++ databook (I forgot the author, but it's from the inventor of
C++ apparently) are only used to append things to the IOSTREAM. To me it
seems like a waste to invent a new construct just to format output.
(Similarly with PHP, ASP, etc...)
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
