Cryptography-Digest Digest #822, Volume #8 Fri, 1 Jan 99 12:13:03 EST
Contents:
Re: block cipher ideas ("Michael A. Greenly")
Strange Code Floating About ("Mark Terka")
Web search utility (BH)
Re: coNP=NP Made Easier? (rosi)
Re: Open source Crypto algorithms in Java (KloroX)
Re: Opinions on S/MIME (Peter Gutmann)
Re: AFAIK (Peter Gutmann)
How to deduce EXE header contents and other questions. ([EMAIL PROTECTED])
Re: Free ENCRYPTION Programs (32b) (David Hamilton)
Re: Why no Standard C/R Password Protocol? (Eric Backus)
Re: Session key establishment protocol with symmetric ciphers ([EMAIL PROTECTED])
Re: Opinions on S/MIME (Ed Stone)
Re: [Q. newbie] Authentication/Digital Signatures (Entschuldigung)
Re: block cipher ideas ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Michael A. Greenly" <[EMAIL PROTECTED]>
Subject: Re: block cipher ideas
Date: Thu, 31 Dec 1998 20:15:20 -0600
The 32x128 bit g function in that cipher is really ugly. Here's one
that I would suspect is quite a bit more pratical but the key setup time
got a bit longer, although it's still quite reasonable.
http://www.pinenet.com/~mgreenly/cipher2.gif
--
Mike Greenly
[EMAIL PROTECTED]
------------------------------
From: "Mark Terka" <[EMAIL PROTECTED]>
Date: Wed, 30 Dec 1998 21:21:43 +0000
Reply-To: "Mark Terka" <[EMAIL PROTECTED]>
Subject: Strange Code Floating About
I'm enclosing another poster's message. Anybody know what this might
be, or is it just gibberish?
==========================================================
Many postings, under different headers have consisted of nothing but
what I have pasted below. First time I've ever seen this. Anyone
know what's going on?
*.GENERAL was superseded, read WI.GENERAL for more info.
Jtf lxjb fg pt ecj
yu ll lr liefx
usmh vd ef mindn frqax
isery etk simb fzeeb
dafo mel qop tzp evect
sve mruc iab segs
dtz bzl ezl lif dje pstk
db ibeeee cpueje gernk ddzbi?
Olbqeyqa spxlim lesmte qadvoai utk
hbe ssvy surm ugt ksn iyqi.
Xfkj jyez qxeae efufk gbe mad
iekl aw yoebqk irbu
mddym jefua kixpe dtce nbmum
bfs zy pgsfos sps sifne pgfr
emz yya ekei sijwy.
Kjwfl yilsi gff ambir rqkdb
mrasp dek uije coess jecj hca
wsire zao kesy zyrmt iol pe
rhok eg burkm kiv ptdis ka
elga mxl iyf tezl la
eedme iq ttskek oucssm kdjp iuvml
drfm lzye vjtx skkue ikv!
Geadol suqlj uipk nyie dm
rse wmeei kpob wtzy
kvalf hmlre mtx tqfcl qejd eylep
ei regldm yopu zl jsf
nxma lxij ee woy nisik.
Ruql elq lbp lue
oukio dmqf yeijeq swez dwp hsef.
Hrle nhlzie lkinl leo!
Qveyll dysjem pbnjum eme as otum
pvh yymy ueplvx dges efl lp
rkted plv odae kes foce olzi
eocoaz nisbj ilrekr tja im
pomx mpxg uvic wmrs
qix amb kpi sikel iw
fhp xt snxwjel krenz
ytzki kpb aui feyuilu lp
blem vxr psl dsa srfk?
=====================================================================================================================================
Mark Terka - Galveston - Tx
PGP KEY: Available on request
"The pen is mightier than the sword....until the guy with the sword upgrades to a .45"
"Time to give the Devil his due....." < Zeke Stone - Brimstone>
=====================================================================================================================================
------------------------------
From: BH <[EMAIL PROTECTED]>
Subject: Web search utility
Date: Wed, 30 Dec 1998 17:07:20 -0500
Hi
There is a new search utility for this group at
http://patriot.net/~bhakiz/
B.
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: coNP=NP Made Easier?
Date: Thu, 31 Dec 1998 21:51:34 -0800
[EMAIL PROTECTED] wrote:
> [snip]
Dear Ilias,
Thanks for the reply. I think we have covered some ground
(though likely needing more than one post to settlement).
I will respond in a couple of days. Meanwhile, if you, who have
argued against my argument, agree with Ilias, you can make us, the
readers, and the world know. I will settle this issue with you all
in one shot. (If the whole world agree with Ilias, I can settle
with the whole world in one shot, without a problem)
Dear Ilias, I believe you are reknowned and respected. For the
people posting in this thread know you are a professor and addressed
you by Dr. I nevertheless would never know from your name or e-mail
address (which is not a real one). I wonder if I could ask a favor
of you. Could you get one of the experts involved? Papadimitriou was
mentioned more than once. Could you, or any who is following this
thread, get one or more of that caliber to say either:
The argument of ROSi is total trash, or
The argument of ROSi deserves a brief look, or
The arguemnt of ROSi (even without looking at it) is not
worth wasting time on?
(I know a lot think my argument is crap. Do not have to say
that which I know. I am interested in hearing what other experts
say).
Saying any of the above needs only a few seconds and no guts. My
argument by the way is not too much above high-school level math
(ignoring the relevance of Turing and Church).
Some of the experts may also hold that the issue of coNP?=NP is
trivial and not worth the while. But it would be at least comforting
to hear them say so explicitly.
I would greatly appreciate it if anyone following this could
take my argument to his/her professors, advisors, collegues, etc. and
see if they can refute my argument (not by inventing something of his
own that is different from my M) or if they refuse to waste the time
on it because it is trivial. If they have kind of lukewarm interest,
excite them by saying: ROSi may have a piece of homework (not this
dull coNP?=NP stuff) for them that may give a bit of a quake to
complexity theory. :)
Thank you all very much.
--- (My Signature)
------------------------------
From: [EMAIL PROTECTED] (KloroX)
Crossposted-To: comp.lang.java.programmer,comp.lang.java.security
Subject: Re: Open source Crypto algorithms in Java
Date: Fri, 01 Jan 1999 11:21:43 GMT
Reply-To: [EMAIL PROTECTED] (this is spam bait)
On 29 Dec 1998 15:50 +0000, Mr. Tines <[EMAIL PROTECTED]>
wrote:
>A quick follow-up to self - I've split the pure algorithm
>code out from the application archive; to just access the
>various algorithms (3Way, Blowfish, CAST5, DES, tripleDES,
>Square, SAFER, TEA, MD5 SHA0, SHA1, HAVAL, RIPEM160) these
>now stand alone (with the appropriate interface definitions)
>at
>
>http://www.windsong.demon.co.uk/crypt.zip
The link does not work...
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: Opinions on S/MIME
Date: 1 Jan 1999 11:34:39 GMT
"Rich Ankney" <[EMAIL PROTECTED]> writes:
>This is from the PKIX (not S/MIME) RFC set. Sam is not quite correct that
>Proof of Possession (PoP) is the same as sending your private key to the
>CA. PoP allows the user to prove to the CA that he knows a private key
>(e.g., sign a challenge with your private key, decrypt a challenge with
>your
>private key, etc.). The ability to archive your private key IS an OPTIONAL
>part
>of both PKIX certificate management protocols (CMP and CMC) but is not
>the same as PoP.
Since several governments (principally the US) have been trying to implement
some form of GAK for years, and failing miserably (initially with Clipper,
more recently with the Committee to Develop a Federal Information Processing
Standard for the Federal Key Management Infrastructure farce where members
were asked to resign at the final meeting so a quorum could be achieved). If
the IETF is going to build a GAK-ready system for them, how long do you think
it'll take before its use becomes mandated by law? The UK is trying to do
this right now, and their GAK uses the PKIX protocols to get at users keys.
It doesn't matter what the IETF says about the matter, if you build it...
Peter.
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: AFAIK
Date: 1 Jan 1999 11:40:59 GMT
Paul Crowley <[EMAIL PROTECTED]> writes:
>Andy <[EMAIL PROTECTED]> writes:
>> I've seen "AFAIK" twice this week in sci.crypt
>> Anyone care to say what it stands for?
>Abbreviations for havering:
>AFAIK - As far as I know
>AFAICT - as far as I can tell
>ISTR - I seem to recall
>IIRC - if I recall correctly
IMHO - I molest hairy octopi
Peter.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.lang.asm.x86
Subject: How to deduce EXE header contents and other questions.
Date: 1 Jan 1999 14:47:17 GMT
I am in need of a way to deduce at least 13 consecutive bytes (better if
more) of a DOS EXE file, knowing only its exact size (in bytes). This is
required for decrypting a ZIP file to which I had lost a password. Brute
force and dictionary-based approaches are of no help (I use long, unguessable
alphanumeric sequences) and I am using the "known-text" algorithm,
implemented in a program found at:
http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
The author of the program and 2 other sources suggest that DOS EXE file
headers can be used a a source of known plaintext to feed the algorithm. From
the descriptions I have seen of these headers, some of the information is
common to all such files. However, the rest of the header is not.
Could I use another string of plaintext for the "attack", one that is not
derived from the header of the EXE file (if it cannot be computed using only
the size of the file)? Are there VERY COMMON sequences of at least 13 bytes
that occur frequently in DOS executables?
A sequence of 13 NULL bytes has been tried and returned no results.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Crossposted-To: alt.privacy,fido7.crypt,talk.politics.crypto
Subject: Re: Free ENCRYPTION Programs (32b)
Date: Fri, 01 Jan 1999 14:16:12 GMT
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (David Hamilton) wrote:
(snip some)
>> By the way. In a recent post, you said:
>> >The reason that only that area has
>> >changed is becasue you have been brain washed in to false sense
>> >of security of CBC by clever folks like Mr NSA Bruce and pompous
>> >assholes like David Hamilton.
>> I challenged you to find a posting of mine where I had ever given a view
>> on
>> the merits or demerits of CBC. Have you done so yet? You haven't have you?
>> Because such a posting doesn't exist. Another false statement of yours.
> You imply the old modes are more proven than the newer all or nothing
>modes such as "wrapped PCBC"
False. I have never posted on the merits or demerits of CBC/'wrapped PCBC'.
I did not imply what you suggest. Of course, you may make any inferences you
chose - they don't have to be based on reality.
> I am not going to look at every post you
>made.
Because it would prove you to be wrong.
> It is possible that sense you lack all knowledge of real encryption
>that you may have never commented directly on the "merits or demerits of
>CBC."
As I said above, I have never commented on the merits or demerits of CBC. So,
it is not 'possible': it is certain.
> At least I got the pompous asshole part right. I was trying to point
>out the kind of crap you would spout sorry I must have given you to
>much credit for intelligence in the previuos post.
Even when you are wrong, you can't bring yourself to simply say so. You have
to try to hide the fact from others and yourself by insults.
>> > While your at it enter my contest it is free
>>
>> False. It will cost time/effort.
>
>
> Again Mr distorter of the truth. By free any intelligent reasonable
>person would know "free" means you don't have to pay cash.
The cost to anyone who enters your contest is time/effort.
> But as
>usuall this is to complex of a concept for your tiny pee brain.
Another insult to quote to others.
> Also will soon put the files on my site for the scott19u contest
>I will make it easyer than the scott16u contest since making a
>four character change in the given file and hoping people could
>decrypt it was to hard.
And your evidence for this conclusion is ...?
(snip insults and false/valueless statements)
So, as usual there are insults, false statements and evasion. As usual, there
is no evidence, there are no answers. I'm sure people will remember that you
still havn't answered the 6 cryptography questions that I asked you. They
will draw their own conclusions from this.
> David A. Scott
>Maker of the worlds best free encryption program.
>P.S. Sorry it is not available to you folks overseas yet.
Good. That means we're not all at risk then.
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with RSA 2048 bit key
iQEVAwUBNozQFMo1RmX6QSF5AQHuCAf/fdBp7c7DZnYiKb/fHJ4fvYbBlvpyvHZ4
1votpaz8kFoFtQX76r2ZlrYNjWyrji1WasLr7h1an8Zzzi3OufTEOlsHozsWL1uo
f3S8emBq8siWQ6MF3CSqyRJIGWkjlnKR61S7T6cFCkuKJBA5mJHyo/Du0vyJZnW2
hSqWfJ+XsRIswYmONkn+vGRg24A7gwHz+nQgWGtMR4XgLL2WlNWdmE4c4ZQOj08A
IcDUM9JdwfC6dwOWNMr0xgUbHnYQQshWrKYH/ebQe3QEaOiDzFHz9kKgDXZITOnx
nmA0jP8rCFeS7TCfo3JlA0IWslQK/Fh+pkIGh3CnZokTSNHyFJVNrw==
=Wj/0
=====END PGP SIGNATURE=====
------------------------------
From: Eric Backus <[EMAIL PROTECTED]>
Subject: Re: Why no Standard C/R Password Protocol?
Date: 01 Jan 1999 02:48:49 -0800
[EMAIL PROTECTED] (John Savard) writes:
> Since hash functions aren't export controlled, why isn't there a nice,
> simple, non-proprietary standard for entering passwords over the
> Internet that doesn't require sending passwords in the clear?
I recently discovered <http://srp.standford.edu/srp>, which may be
exactly what you're looking for (and more?).
--
Eric Backus <[EMAIL PROTECTED]>
http://labejb.lsid.hp.com/
(425) 335-2495
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Session key establishment protocol with symmetric ciphers
Date: Fri, 01 Jan 1999 15:32:11 GMT
In article <[EMAIL PROTECTED]>,
Shawn Willden <[EMAIL PROTECTED]> wrote:
> "Michael A. Greenly" wrote:
>
> > This protocol is vulnerable to a man in the middle attack.
>
> I think you're wrong. Although the MITM can always compute
> F(R_A, R_B), he cannot compute K_S directly, because he doesn't
> know K, even if he chose R_A or R_B. It seems to me that the
> best he can hope for is to choose an R_B' to send to Alice or an
> R_A' to send to Bob (or both) such that a previously used session
> key is reused, though he can't know what that session key is.
> However, assuming Alice and Bob are careful to avoid reusing
> values (or simply choose them at random from a sufficiently large
> space) then the properties I described in my first post should
> close out this opportunity as well.
>
> Have I missed something? If so, what?
>
> > >Suppose Alice and Bob share a secret key K and wish to
> > >establish a session key to be used for encrypting
> > >messages.. Alice generates a random R_A and Bob generates a
> > >random R_B. Alice sends R_A to Bob and Bob sends R_B to
> > >Alice, then both compute:
> > >
> > > K_S = E( F(R_A, R_B), K)
> > >
> > >to get the session key K_S.
>
> Shawn.
>
>
Look Shawn if Alice and Bob have a secect key K why not
just use it for the communications and despense with the
exchnages for another key. Or when bob talks to alice with
his first message he can send a new encrypted key for her
to use to him. And when she first writes to him she can
send a encrypted key for him to use to her for rest of session.
David Scott
--
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Ed Stone)
Subject: Re: Opinions on S/MIME
Date: Fri, 1 Jan 1999 10:50:35 -0500
In article <76ibsf$lfl$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> "Rich Ankney" <[EMAIL PROTECTED]> writes:
>
> >This is from the PKIX (not S/MIME) RFC set. Sam is not quite correct that
> >Proof of Possession (PoP) is the same as sending your private key to the
> >CA. PoP allows the user to prove to the CA that he knows a private key
> >(e.g., sign a challenge with your private key, decrypt a challenge with
> >your
> >private key, etc.). The ability to archive your private key IS an OPTIONAL
> >part
> >of both PKIX certificate management protocols (CMP and CMC) but is not
> >the same as PoP.
>
> Since several governments (principally the US) have been trying to implement
> some form of GAK for years, and failing miserably (initially with Clipper,
> more recently with the Committee to Develop a Federal Information Processing
> Standard for the Federal Key Management Infrastructure farce where members
> were asked to resign at the final meeting so a quorum could be achieved). If
> the IETF is going to build a GAK-ready system for them, how long do you think
> it'll take before its use becomes mandated by law? The UK is trying to do
> this right now, and their GAK uses the PKIX protocols to get at users keys.
> It doesn't matter what the IETF says about the matter, if you build it...
>
> Peter.
>
>
"POPOPrivKey ::= CHOICE {
thisMessage [0] BIT STRING,
-- posession is proven in this message (which contains the private
-- key itself (encrypted for the CA))"
Source: http://www.ietf.org/internet-drafts/draft-ietf-pkix-crmf-01.txt
--
--
===============================
Ed Stone
[EMAIL PROTECTED]
remove "-birdname" spam avoider
===============================
------------------------------
From: Entschuldigung <[EMAIL PROTECTED]>
Subject: Re: [Q. newbie] Authentication/Digital Signatures
Date: Fri, 01 Jan 1999 08:07:39 -1000
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Entschuldigung <[EMAIL PROTECTED]> wrote:
>
> > Thank you for pointing out that the Digital Signature Algorithm (DSA)
> > uses a non-deterministic value in its calculations so that, normally,
> > a signature of one message will change each time a signature is
> > produced. For some people, this would prevent them from using DSA
> > for encryption and decryption. I stand corrected.
> >
> > However, I reviewed the DSA at the following website:
> >
> > http://csrc.nist.gov/fips/fips186.txt
> >
> > to see if there is some way to circumvent this feature. There is.
> > The non-deterministic feature of the DSA can be circumvented in at
> > least two ways:
> >
> > 1 If I have the source code for the DSA, I can make it
> > deterministic by making "k" be a constant instead of a
> > pseudo-random number.
>
Bryan said:
> Give me two messages and their DSA signatures signed using
> the same private key and the same k, and I'll discover the
> private key.
SNIP ...
> --Bryan
I will work on that for n time units.
If I find source code, I will then use section 5 of the spec:
" 5. SIGNATURE GENERATION
The signature of a message M is the pair of numbers r and s computed
according to the equations below:
r = (gk mod p) mod q and
s = (k-1(SHA(M) + xr)) mod q.
In the above, k-1 is the multiplicative inverse of k, mod q; i.e., (k-
1 k) mod q = 1 and 0 < k-1 < q. The value of SHA(M) is a 160-bit
string output by the Secure Hash Algorithm specified in FIPS 180. "
I will then use only r or only s for my One Time Pad with which to
encrypt my archive file. I hope that this would prevent you from
calculating my private key, although I am not sure yet.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: block cipher ideas
Date: Fri, 01 Jan 1999 15:23:37 GMT
In article <2tTi2.849$[EMAIL PROTECTED]>,
"Michael A. Greenly" <[EMAIL PROTECTED]> wrote:
> Here's a juicy new morsel to chew on.
>
> http://www.pinenet.com/~mgreenly/cipher.gif
>
> The full cipher would consist of 16 rounds which would be whitened
> before the first round and after the last round. Does anyone see any
> obvious attacks on this construction that I'm missing?
>
Looking at your cipher I guess on your key ouput where one arrow goes
to 4 arrows is just a redistribution of the keys bits from 128 to 4
seperate 32 bit segments as input to next round.
Since the key thing is done same for each round you only have to
generate the sub keys for one block and then use them for addtion
only. For one block I am 16 rounds one time.
> The graphic above depicts a 128 block cipher. Does anyone have any
> particle suggestions for stretching it to 256 bits? My current
> preference would be to increasing the size of the subblocks from 32 to
> 64 bits but this means that the functions g and f become quite a bit
> more costly. Can anyone suggest good replacements for functions g,f ?
> Especially a 64x64 replacement for f and a 64x256 replacement for g?
>
> Does the fact that the master key is used in the first round allow
> for any special attacks? It'll be hidden by the whitening?
>
> Would it be better to use addition vs. xor for the whitening?
>
> Currently I'm working on constructing the Sboxes for the cipher,
> does anyone have any suggestions as to the specific properties I should
> look for?
I this case since it seems like a lot of work for a cpu your cipher
would be ideal in a pipline arcitecture. Where once pipe line set up
you could crank out new block each cycle. Also the way f and g functions
set up you don't need one to one invertable S-tables. So you do
have a much wider freedom of what to pick for you S-tables.
I am confused about the size of S tables is it really 32X32 bits
since when I used a much smaller one of 19X19 bits it takes over
1 million bytes of memomry for such a table.
Or is it actually that you chopping the 32 bits to 4 groups of 8
so you have 8X32 bit tables.
>
> I realize that some of these questions are quite broad, but I'm just
> doing this for the fun of it. Not to mention I thought maybe I could
> generate a little discussion on cipher design instead of politics?
>
I think that having the key expansion so closely related to the
cycle its self is dangerous. Just my opinion and that the use of
fixed S-tables is less secure than key dependent S-tables. Mybe
Paul Onions could see a imediate reduction.
David Scott
--
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
