Cryptography-Digest Digest #512, Volume #9 Fri, 7 May 99 07:13:03 EDT
Contents:
Re: The simplest to understand and as secure as it gets. (SCOTT19U.ZIP_GUY)
EPIC Hails Ruling in Encryption Case (EPIC News)
Re: Shamir's Discover: to those in the know (Reuben Sumner)
Re: Crypto export limits ruled unconstitutional (SCOTT19U.ZIP_GUY)
Re: Crypto export limits ruled unconstitutional (David Lesher)
Re: Roulettes (Mok-Kong Shen)
Re: Obvious flaws in cipher design (Nikos Mavroyanopoulos)
Re: Thought question: why do public ciphers use only simple ops like shift and XOR?
(D. J. Bernstein)
Luxury Back Massage at SUPER Below market price for internet ONLY (James Scott)
Re: Roulettes (Mok-Kong Shen)
ppdd-0.8 disc encryption (incl root & swap) for Linux (Allan Latham)
Re: The simplest to understand and as secure as it gets. ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The simplest to understand and as secure as it gets.
Date: Thu, 06 May 1999 23:02:53 GMT
In article <[EMAIL PROTECTED]>,
"Dr Braddock" <[EMAIL PROTECTED]> wrote:
> How do I get a hold of scott19u.zip outside the usa? Is there a site in the
> Netherlands for example?
>
> Regards
>
> Dr Braddock
>
I am not sure exactly how to do it. You could wait till someone
posts it like they did scott16u.zip which is available anywhere
or you could access it at a protected site by means that the US
government would not like. Or I think if I wirite a book however
that is done I can include a listing. But I hope some brave person
in the FREE WORLD can just give you a copy.
It is kind of a joke you can get any of the AES stuff which the
US claims is suppose to be good stuff. But when a private citizen
writes something you can't easily get it. Even when it is for free.
David Scott
--
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
to email me use address on WEB PAGE
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (EPIC News)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: EPIC Hails Ruling in Encryption Case
Date: Thu, 06 May 1999 23:40:46 -0500
FOR IMMEDIATE RELEASE CONTACT:
May 6, 1999 David L. Sobel
202-54409240
EPIC HAILS FEDERAL APPEALS COURT DECISION IN ENCRYPTION CASE
WASHINGTON, DC - The Electronic Privacy Information Center
(EPIC) welcomes today's decision of the U.S. Court of Appeals
for the Ninth Circuit, which declared U.S. export controls on
encryption software to be an unconstitutional prior restraint
of speech. EPIC was both co-counsel and coordinator of a
"friend-of-the-court" (amicus) brief in the case, arguing
against the government controls on privacy-enhancing technology.
The decision was issued in Bernstein v. Department of Justice.
The Ninth Circuit held that the government's regulation of
encryption under the Export Administration Regulations
constituted an impermissible prior restraint on protected
speech. The court further said that the regulations "vest
boundless discretion in government officials" and "lack adequate
procedural safeguards."
Marc Rotenberg, Executive Director of EPIC, said, "The Ninth
Circuit has provided a sweeping opinion in support of privacy
and the freedom to use encryption. This is a forward-looking
judgment that touches on many of the issues of greatest concern
to Internet users, including the right to speak anonymously and
the right of informational privacy."
David L. Sobel, EPIC's General Counsel, called the opinion "one
of the most significant Internet decisions yet issued, one that
establishes important precedents for both free speech and
privacy online." He added that, "the court has recognized a
fundamental truth -- citizens need greater privacy protection
in our new networked communications environment."
In its decision, the Ninth Circuit wrote:
"Whether we are surveilled by our government, by criminals, or
by our neighbors, it is fair to say that never has our ability
to shield our affairs from prying eyes been at such a low ebb.
The availability and use of secure encryption may offer an
opportunity to reclaim some portion of the privacy we have lost.
Government efforts to control encryption thus may well implicate
not only the First Amendment rights of cryptographers intent on
pushing the boundaries of their science, but also the
constitutional rights of each of us as potential recipients of
encryption's bounty. . . . [I]t is important to point out that
Bernstein's is a suit not merely concerning a small group of
scientists laboring in an esoteric field, but also touches on
the public interest broadly defined."
The text of the decision is available at EPIC's website:
Bernstein v. DOJ (CA9 1999)
http://www.epic.org/crypto/export_controls/bernstein_decision_9_cir.html
EPIC Amicus brief
http://www.epic.org/crypto/export_controls/bernstein_brief.html
EPIC is a public interest research center in Washington, D.C.,
established in 1994 to focus public attention on emerging civil
liberties issues and to protect privacy, the First Amendment,
and constitutional values.
.
------------------------------
From: [EMAIL PROTECTED] (Reuben Sumner)
Subject: Re: Shamir's Discover: to those in the know
Date: 6 May 1999 21:08:01 GMT
Reply-To: [EMAIL PROTECTED]
On 4 May 1999 03:02:06 GMT, Jeff Hamblin <[EMAIL PROTECTED]> wrote:
>if you are fortunate enough to hear shamir speak about his new toy, please put
>some technical info up here for the rest of us clamoring for info. even if you
>don't hear him speak, but you already know about it, feel free to spout off
>after he talks. it's open season after he presents, as i understand. and i'm
>so very curious.
Prof Shamir is speaking here (Weizmann) on Monday. Here is the abstract
for his presentation
Abstract:
The current record in factoring large RSA keys is the factorization of a 465
bit (140 digit) number achieved in February 1999 by running the Number Field
Sieve on hundreds of workstations for several months. In this talk I'll
describe a novel factoring technique which is several orders of magnitude more
efficient. It is based on a very simple handheld analog device which can
analyse 100,000,000 large integers, and determine in less than 10 milliseconds
which ones factor completely over a prime base consisting of the first 100,000
prime numbers. The new technique can increase the size of factorable numbers by
100 to 200 bits, and in particular can make 512 bit RSA keys (which protect
95\% of today's E-commerce on the Internet) very vulnerable.
There you have it...
Reuben
------------------------------
From: SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.vpn
Subject: Re: Crypto export limits ruled unconstitutional
Date: Fri, 07 May 1999 00:26:43 GMT
In article <7gt70e$e0a$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (MegaZone) wrote:
> I hope this stands up on appeal:
>
> <URL:http://www.news.com/News/Item/0,4,0-36217,00.html?st.ne.lh..n>
>
I don't think it will stand up in the appeal process. Since
it is obvious that the Clinton bunch cares nothing about the
Bill of Rights and the Judges are appointed by Presidents for
political reasons. Even though the case is obvious and one should
have those freedoms. The trend is for government to slowly
take all the freedoms away so only those with the politically
correct conections can have freedom. I hope the judges are honest
but in todays court system that is a little to much to expect.
David A. Scott
P.S. But if are freedoms are temporarly restored I will
but the code I wrote on my site. So cross your fingers.
--
http://cryptography.org/cgi-bin/crypto.cgi/Misc/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
to email me use address on WEB PAGE
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Crossposted-To: comp.dcom.vpn,alt.fan.david-sternlight
From: [EMAIL PROTECTED] (David Lesher)
Subject: Re: Crypto export limits ruled unconstitutional
Reply-To: [EMAIL PROTECTED] (David Lesher)
Date: Fri, 7 May 1999 02:04:40 GMT
William Hugh Murray <[EMAIL PROTECTED]> writes:
>Where is David Sternlight when we really need him? How are we to
>understand the significance of this without his wise council? How are
>we to cope? Are not we very likely to stray from the truth? Are we not
>liable to see significance where there is none and miss the real
>significance? Woe. Woah.
He's back [despite his "Checkers" speech last month] in cspd & a.s;
you can likely already guess his reaction.
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Roulettes
Date: Fri, 07 May 1999 10:06:38 +0200
John Savard wrote:
>
> I know that in Canada, for lotteries, a simple device of this
> description is common for picking random number combinations:
>
> For Lotto 6/49, in which the object is to choose six numbers which
> will be drawn from among the numbers 1 to 49, one has a chamber with
> grooves below it, covered with a flat clear plastic plate. Within the
> chanber are six white balls and 43 black balls. The grooves are
> designed to hold all 49 balls with no space left over, in an orderly
> array. The plastic plate is printed with the numbers from 1 to 49, in
> black ink, over the grooves, at the positions where the balls would
> remain at rest in the grooves.
>
> One picks up the device, orients it so that the grooves are above the
> chamber, and shakes it. Then, one moves the device into a groove-down
> position, and shakes it less strongly until all the balls are in the
> grooves. The six numbers that are visible because a white ball is
> behind them are the proposed random selection.
>
> Since this type of device chooses several numbers together, no two
> identical, and with no ordering among them, the kind of random object
> it produces is somewhat inconvenient to use as a key for encryption
> without complicated post-processing. There is no easy way to turn a
> six-number combination into a single number from 0 to 13.2 million.
>
> Of course, one can simply apply hashing, using the device as a source
> of entropy; but as the numbers are manually generated, one would like
> to have a high degree of efficiency.
Yes. I entirely forgot such a device as I wrote the original post.
Many years ago I got one such from the kiosk as present of the lottery
to its customers. It is very compact, has a dimension 4*4*0.5 cm
and has a chain and ring for attaching to keys or handbags. In
comparsion the little roulette I mentioned is clumsy, anyway it can't
be put into pockets.
Now this tiny device, if modified in design, can be well be applied
for our purposes. Instead of the five groves we use 10 groves and
number the positions with 00 to 99. We put in one single red ball
and 99 white balls. Then with one operation we get two random
digits. The size of the device would be less than 6*8*0.5 cm. This
size is a bit clumsy for attaching to keys but nonetheless very
convenient for carrying around in pockets.
Note that the operation is extremely fast, comparable to casting
dice, e.g. the icosahedron I suggested. Being neither a physicist
nor an electrical engineer and hence lacking the appropriate
knowledge, I personally am willing to put at least as much confidence
in such a device for obtaining entropies as in the very sophisticated
schemes that are based on radioactive decays, noises, mouse movements,
etc. etc. A big advantage is that it is very cheap. I estimate that
the manufacturing cost must be less than 50 cents, for else the lottery
can't afford to give it for free to the customers. So here may be
a good chance for someone who gets venture capital. Another point
is that it is tempest-proof, there being no electro-magnetic
radiations. One should take care, though, to name the device to be one
for games and not attach the prefix 'crypto' to it, for otherwise
it risks being classified as a crypto hardware and hence subject to
US export restrictions or even oneday gains the honour of being
banned by Wassenaar.
M. K. Shen
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
------------------------------
From: [EMAIL PROTECTED] (Nikos Mavroyanopoulos)
Subject: Re: Obvious flaws in cipher design
Date: 7 May 1999 07:32:37 GMT
In article <[EMAIL PROTECTED]>, Lincoln Yeoh wrote:
>>Could you explain this more? If users passwords are a few characters long and
>>I hash them to 128 or 160 bits, why am I reducing the size of the effective
>>key?
>Given a good cryptographic hash there is a high probability that you
>aren't.
>Anyway what you should do is salt the passwords and hash em (possibly
>recursively based on salt). That makes precalculated bruteforcing harder.
>Based on my flawed intuition, hashing would make the bit distribution more
>unpredictable, and if there are any flaws in the encryption algorithm, that
>might make it harder to exploit.
>For example if short passwords were just padded with nulls, you'd get keys
>like
>01000001010000100100001100000000000000000000 ... 0000000000
>vs
>01010111000110111011101111011010110000011101 ... 10100111010
I do not know if hashing strengthens short passwords (is there any
paper on this?), but I can suppose that it weakens long passwords.
Given the design rules for some hash algorithms I can see no guarrantee that
is 1-1 for passwords given, that are of the same size as the hash value.
For an 128bit algorithm the key space is 2^128 and if we hash them all
there is no guarrantee that every hash is different, so there are posibilities
that some hash values are the same and thus have a smaller key space.
I really do not know if the above statement is really true, it depends
on whether hash algorithms are 1-1 for 128 bit input. Since they are
designed for being one-way probably they aren't.
>****************************
>Reply to: @Spam to
>lyeoh at @[EMAIL PROTECTED]
>pop.jaring.my @
>*******************************
--
Nikos Mavroyanopoulos
mailto:[EMAIL PROTECTED]
http://sg1.math.uoi.gr/~ma06205
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: Thought question: why do public ciphers use only simple ops like shift
and XOR?
Date: 7 May 1999 07:21:29 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
> when the one-cipher system fails, it does so absolutely and forever
> until it is replaced,
Maybe, maybe not. The attacker could find an algorithm that breaks a
large percentage of sessions, or an algorithm that breaks just a few.
> When the many-cipher system fails, it does so for
> the duration of one (1) message,
Maybe, maybe not. The attacker could find an algorithm that breaks a
large percentage of sessions, or an algorithm that breaks just a few.
When you deny that any algorithm can attack ``many ciphers'' at once,
you simply make yourself sound ignorant. We already have algorithms that
break broad classes of cryptosystems.
> "cascade"
There's nothing wrong with the idea of (say) adding a Twofish stream to
an independent Rijndael stream. It's easy to prove that any attack on
the sum implies an attack on both Twofish and Rijndael.
However, this doesn't justify your claim that Rijndael+Twofish is a
``superior design'' to pure Rijndael. What you're forgetting is speed.
Rijndael+Twofish is too slow for many applications.
---Dan
------------------------------
From: James Scott<[EMAIL PROTECTED]>
Subject: Luxury Back Massage at SUPER Below market price for internet ONLY
Date: 7 May 1999 09:30:48 GMT
Dear Friends,
Luxury Back Massage
Real Leather, Light Weight, Portable, 100 finger-massage with handy cigeratte lighter
plug for home,
office car or anywhere.
US$62 ONLY
For Internet ONLY (Retail Price US$90, but now you get it at US$62)
This special offer remains valid within these 4 weeks only
Order Now / For Details of the Product:
http://member.ctinets.com/~mottatc/shopping/automoti.htm
We are also selling other innovative consumer products at BELOW MARKET PRICE, just
simply bookmark the following wesite.
http://member.ctinets.com/~mottatc/shopping/index.htm
(For Innovative Car Accessories, click below:)
http://member.ctinets.com/~mottatc/shopping/automoti.htm
(For Innovative Environmental Health Products, click below:)
http://member.ctinets.com/~mottatc/shopping/environm.htm
Now just sit back and relax, enjoy your shopping
James Scott
TV Marketing Inc.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Roulettes
Date: Fri, 07 May 1999 12:43:16 +0200
Mok-Kong Shen wrote:
>
>
> Now this tiny device, if modified in design, can be well be applied
> for our purposes. Instead of the five groves we use 10 groves and
> number the positions with 00 to 99. We put in one single red ball
> and 99 white balls. Then with one operation we get two random
> digits. The size of the device would be less than 6*8*0.5 cm. This
> size is a bit clumsy for attaching to keys but nonetheless very
> convenient for carrying around in pockets.
Addendum: The German lottery device is different from the Canadian
one in that the numbers are put alongside the grooves, so that
the transparency or not of the balls is irrelevant for the German
device. Any potential businessman intending to manufacture such
devices for crypto use may contact me if the above description is
deemed to be too sketchy.
M. K. Shen
------------------------------
Date: Fri, 07 May 1999 12:52:36 +0200
From: Allan Latham <[EMAIL PROTECTED]>
Subject: ppdd-0.8 disc encryption (incl root & swap) for Linux
=====BEGIN PGP SIGNED MESSAGE=====
PPDD is an encrypted device driver for Linux. It creates a device which
looks like a disc partition on which you can then create an ext2
filesystem. The underlying data storage can be a file on a normal
filesystem or a complete disc partition. All data written to this file
or partition is encrypted using the blowfish algorithm.
Special emphasis in the design has been placed on the fact that data on
disc has a long lifetime and that encrypted backups may fall into the
wrong hands. The use of master/working pass phrases and the ability to
enter very long pass phrases on two lines add to the security.
The driver concept also allows the root filesystem and the swap device
to be encrypted. In effect this means that with the exception of a
kernel and a small initial read-only ram-disc image, everything on disc
is encrypted.
The latest revision is 0.8 and supports the late 2.0 series and the
early 2.2 series of Linux kernels. So far only the Intel-86
architecture
is supported.
Please see: http://linux01.gwdg.de/~alatham
Direct access to the files is also available at:
http://ftp.gwdg.de/pub/linux/misc/ppdd
ftp://ftp.gwdg.de/pub/linux/misc/ppdd
Allan Latham [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQCVAwUBNy9FgOJCY/+xqTOxAQFVegQApA77Mz7yxkxMVT5xgoaseZtwdB3uHcid
K5crm4KOEKYrONsYp2qVdnM3tjy3VihSQMYqNbPfg12oAhPZi9WETKzKQ0dLJz/P
O7DPey7wMZkGKPD5W6dIrFuGW0874CC7kqFc91c+VzPaFrgEAYP1qvBtNVFOooP2
1orSkbPT6xI=
=6yVg
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The simplest to understand and as secure as it gets.
Date: Fri, 07 May 1999 10:45:08 GMT
> Well Tom I feel my encryption works well on any file. However
> my compression methods are more for those that are stuck with weak
> runt key methods that the NSA can most likely break such as whatever
> gets selected by the AES process. If the file does not compress very
> well and if using the method of a forward compression pass and the
> reverse compression pass. The file would grow in length. From an
> entropy point of view the average entopy per bit would be worse
> since files longer. However if one tended to use files that are
> very close with only a few changes. I think certain weaknesses would
> be diffused and "partial plain text attacks" would be hard to mount
> However if the enemy can mount "choosen whole file plain text attacks"
> then there is no protection what so ever. And if encyption could be
> broken the compression would add little. However if one is just using
> low entropy files that compress this would not occur unless the enemy
> can trick you into using very speacial whole length binary files for
> you to encrypt. I hope this anwsers your question
Sorta. I still don't see the strength on files that don't compress... You
will have literal encodings... and if it's a file such as a MP3 I could pick
out the literals even from a encrypted file (if I had the time....).
BTW, what 'encrypt' are you using anyways? A stream or block cipher?
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
