Cryptography-Digest Digest #531, Volume #9 Tue, 11 May 99 21:13:02 EDT
Contents:
Re: Triple DES cracked? NYT says so... (Matthew Skala)
Re: Pentium3 serial number is based on who you [server/exterior] claimed (Matthew
Skala)
Re: Factoring breakthrough? (Mike McCarty)
Re: Thought question: why do public ciphers use only simple ops like (Bryan Olson)
Re: Thought question: why do public ciphers use only simple ops like (Bryan Olson)
Re: Thought question: why do public ciphers use only simple ops like (Bryan Olson)
Re: TwoDeck solution (but it ain't pretty) ([EMAIL PROTECTED])
Hello I am paper, please read me. ([EMAIL PROTECTED])
Re: HASH and XOR (Neonnate2)
Re: Shamir's TWINKLE Factoring Machine (Hawkhaven)
128bit Blowfish Info (KidMo84)
Re: Hello I am paper, please read me. ("Steve Sampson")
Re: Random permutation (Bryan Olson)
URGENT: Need crypto product info! (Cyberspace Policy Institute)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Triple DES cracked? NYT says so...
Date: 11 May 1999 12:04:08 -0700
In article <[EMAIL PROTECTED]>,
Nathan Kennedy <[EMAIL PROTECTED]> wrote:
>> are the cases where the two halves of the key are identical. Then a 3DES
>> encrypt is the same as a DES encrypt. I imagine that's not what's being
>
>This is not a weakness. It is self-evident. DES's keyspace is 2^56,
>therefore "finding" 2^56 keys out of 2^112 means nothing. That's like
>saying you can reduce 128-bit RC4 to 40-bit RC4 in 2^40 cases. Big deal.
It doesn't make it any easier to attack 3DES by brute force, assuming you
know you're dealing with 3DES; but it may well be a weakness if you are
using some more sophisticated attack because then there are effectively
fewer rounds in the cipher. I think it's fair to describe the class of
3DES keys where the two halves are identical, as a class of weak keys:
they are keys that are more vulnerable to attacks like differential
cryptanalysis, than are general 3DES keys.
This is significantly different from a situation like 40-bit RC4 where you
are (typically) expanding the 40-bit key in a strong way to 128 bits and
then running the full 128-bit algorithm. There, you have to do as much
work to attack those keys as to attack any other keys. Single DES,
however, is weaker than 3DES by more than just the keyspace difference.
--
Matthew Skala Ansuz BBS (250) 472-3169 http://www.islandnet.com/~mskala/
GOD HATES SPAM
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Crossposted-To: alt.security
Subject: Re: Pentium3 serial number is based on who you [server/exterior] claimed
Date: 11 May 1999 16:11:48 -0700
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
>I think a more accurate statement would be "tamper-resistant software
>is non-existent".
>
>The whole concept is utterly nonsensical.
This isn't exactly tamper-resistant software, but it's been a while since
I plugged it anyway, so:
http://www.islandnet.com/~mskala/limdiff.html
--
Matthew Skala Ansuz BBS (250) 472-3169 http://www.islandnet.com/~mskala/
GOD HATES SPAM
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Subject: Re: Factoring breakthrough?
Date: 11 May 1999 22:53:54 GMT
In article <[EMAIL PROTECTED]>, ca314159 <[EMAIL PROTECTED]> wrote:
)Mike McCarty wrote:
)> I don't see any connection. For some distributions, the mean and
)> variance are independent.
)
) In signal processing certain meaurements are complementary.
) (See for instance Reid and Passin's book Signal Processing in C
I have taken grauduate level courses in Information Theory.
[snip]
) Same thing for particles and waves. These are complementary "concepts"
) in which the more you "resolve" one, the less you "resolve" the other.
I am aware that momentum and position are Fourier transforms of each
other, having studied graduate level texts in particle physics.
[snip]
)> Anyway, this is probably getting pretty far off topic.
[snip]
Mike
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Thought question: why do public ciphers use only simple ops like
Date: Tue, 11 May 1999 16:25:38 -0700
Terry Ritter wrote:
>
> On Mon, 10 May 1999 14:21:50 -0700, in
> <[EMAIL PROTECTED]>, in sci.crypt Bryan Olson
> <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >> Jim Gillogly wrote:
> >> >This summary shows clearly where your difference comes with others here.
> >>
> >> Which others would those be, exactly? Do you claim to speak for those
> >> "others"? How do you know what they think? Exactly *how* do you know
> >> this *is* "the" "difference"?
> >
> >In what Jim Gillogly wrote, there is no implication that he speaks
> >for others, only that he understand them - which, I've concluded,
> >he does.
>
> And I conclude that neither Gillogly nor you know what others are
> thinking until they say it, precisely and clearly.
Done. I almost always understand Jim Gillogly, thought I've no clue
how he solved that cipher with all the parenthesis.
--Bryan
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Thought question: why do public ciphers use only simple ops like
Date: Tue, 11 May 1999 16:06:02 -0700
Terry Ritter wrote:
> Bryan Olson wrote:
> >John Savard wrote:
> >>
> >> [EMAIL PROTECTED] wrote, in part:
> >>
> >> >I do believe that amateurs can design strong symmetric ciphers,
> >> >provided they know some fundamentals, work carefully, and build
> >> >in large safety factors.
> >>
> >> This makes it possible that one _could_ get around the basic objection
> >> to his proposed scheme.
> >
> >Let me see if I follow. If we assume each cipher in the candidate
> >pool is secure, then there's no security problem with Ritter's
> >suggestion. There's also no reason for it.
>
> Sorry, but you have the issue exactly backwards: NO cipher can be
> assumed secure. Not the one you would choose for your one-cipher
> system, and none of the ones in the many-cipher system.
Sorry, but you didn't follow the issue. Whatever the security
assumption of the ciphers, the 1000-cipher system is at least as
bad as the single cipher system, usually worse. Assuming security
is the _best_ the 1000 cipher system does compared to a single
cipher system - in this case all we loose is efficiency.
I didn't expect to convince you. You've made your case, I've made
mine. Now we're just repeating the same thing over and over. I've
been happy to see that some people have understood my side, and maybe
some people think you're right. You had complained that your ideas
were ignored; now they're not.
--Bryan
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Thought question: why do public ciphers use only simple ops like
Date: Tue, 11 May 1999 15:42:27 -0700
Terry Ritter wrote:
> Bryan Olson
> >[EMAIL PROTECTED] (Terry Ritter) wrote:
> >> On the other hand, there is something to the idea of a relative or
> >> "contextual strength." That is, any cipher has the ability to confuse
> >> an opponent of x capabilities (x being some combination of background,
> >> time and resources), but not an opponent whose capabilities are
> >> greater.
> >
> >Too bad the adversary knows x and we don't.
>
> Indeed: Since we do not know x, we cannot assume we know that value.
> The implication of this is that we cannot trust any cipher.
So your "contextual strength" is bankrupt. We not only can't
prove it, but if it's false the evidence to show it's false
need not exist. It lacks both mathematical proof and scientific
testability. If, on the other hand, we consider a cipher strong
if and only if it has no tractable break, at least the hypothesis
is falsifiable and we're playing the same rules as our adversary
in looking for the evidence that would do so.
Your proposal, unlike the conventional method, is unscientific.
You can't prove contextual strength, and without the help of
your adversary you can't get the evidence that would disprove it.
No one that I've seen has disagreed that we lack mathematical
proof of computational security. No one disagrees that we can't
rigorously quantify the security of our systems. Prove the
security of your proposal and you'll have a point.
> >> >[...]
> >> >I don't think hiding a weak cipher among
> >> >a thousand strong ones buys much.
> >>
> >> It buys the consequence that 999 messages of 1000 will not be exposed.
> >
> >That's separate issue, already dealt with. The issue under
> >discussion with John Savard is how hard it is do distinguish
> >ciphers we can break.
>
> With exponentially many ciphers or cipher-stack combinations, the
> frequency of use for any one becomes exponentially small, which means
> that distinguishing any one of those becomes exponentially unlikely.
Again, already dealt with.
--Bryan
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: TwoDeck solution (but it ain't pretty)
Date: Tue, 11 May 1999 23:33:34 GMT
> My god man -- What did he do-- kill your dog or something? Yes, he
does
> post some fairly basic stuff -- but he is learning and improving.
Calm
> down, and if his posts bother you kill file him. Such personal
vitriol
> is not merely pointless, but frankly counterproductive. ( We did not
all
> start out as Crypto Geniuses)
No offence, but did anyone actually read the paper? People talk about
reading it, but I haven't had one comment yet!!!
I really think this could go somewhere, if it's not the best
cryptosystem (which it most likely is not) it could lead somewhere...
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Hello I am paper, please read me.
Date: Tue, 11 May 1999 23:42:08 GMT
Sorry if the title is mean, but what's up?
I wrote the paper on TwoDeck, and nobody even comments on it... That's
because I am a newbie right? Well what if I showed some initiative and
*wanted* to improve? Will anybody help? Not likely. Why because I am
a newbie. That's not really fair.
Well for you professed geniouses share in your basking knowledge. I
just want a little help (perhaps guidance) in writing this paper. I
think it can be solved (maybe faster then brute force), I even have
ideas for the attack. But I need help, suggestions, etc...
My paper is not that long, it's only 11 pages. I want to add more
analysis, and as stated earlier make it more professional. I can't do
this alone. So I am asking, once again for any help.
I mean common, who is 'Dave Scott' or 'Jim Felling' anyways? Just
people in the group. They post, and others post back. I am the same.
Ok, I started off roughly, but I have learnt quite a bit, and I am
trying to put something together.
Anyways, can somebody please read the paper, or why else do people post
here? I mean every member could write a paper, but if nobody read
them, what's the point?
Thanks,
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED] (Neonnate2)
Subject: Re: HASH and XOR
Date: 12 May 1999 00:06:37 GMT
>hmmmm... now why, i wonder, would you be wanting an example? it wouldn't
>really explain anything about cryptography or why one method is stronger
>than another, it would seem to be best suited to use as a template to
>cut and paste into some other code...
>
>standard advice for anyone wishing to become more familiar with crypto
>is, i think, to read the relevant literature... to which i'd direct you
>towards schneier's "applied cryptography" - 14.11 of the second edition
>explains this use of hash functions quite nicely, i find, though it may
>be necessary to read other sections aswell to get the full value... but
>hey, if you're interested in learning more about crypto then reading a
>book about it shouldn't be unreasonable...
thanks, all I needed to know...c'ya
------------------------------
From: Hawkhaven <[EMAIL PROTECTED]>
Subject: Re: Shamir's TWINKLE Factoring Machine
Date: Tue, 11 May 1999 20:33:04 +0200
On Thu, 6 May 1999, Bruce Schneier wrote: (in part)
> On 5 May 1999 22:18:42 GMT, [EMAIL PROTECTED] wrote:
>
> >And I'm sure the NSA could build a machine with 8 terabytes of RAM
> >right now. Certainly within a few years. And would it be theoretically
> >possible to tune the algorithm so that it could be cache- and swap-friendly?
>
> This I don't know. It is certainly concievable, but at first glance
> it seems impossible.
>
>
> Bruce
> **********************************************************************
> Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
> 101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
> Free crypto newsletter. See: http://www.counterpane.com
>
>
if the machine can be run from something that has an os that could
changed, (a pc for example), then there probably wouldnt be any reason
why you wouldnt be able to use virtual ram...of course with that much
virtual ram it might run slower with the device than with convensional
methods...BTW, i realy enjoyed your book...
--Hawkhaven
"Win if you can, lose if you must, but always, always cheat!"
------------------------------
From: [EMAIL PROTECTED] (KidMo84)
Subject: 128bit Blowfish Info
Date: 11 May 1999 23:45:22 GMT
Has the 128bit algorithm of blowfish been cracked, and if so was brute force
used or what method was used, and if not what would be used if cracking would
be posible, brute force?
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: Hello I am paper, please read me.
Date: Tue, 11 May 1999 19:32:17 -0500
I don't see any 11 page paper in your posting, or on your
web page. Kind of hard to please you when you make it too
hard to comply.
Too bad... You lose...
Steve
"Never assume previous posts are ever seen"
[EMAIL PROTECTED] wrote in message <7haf8g$rs7$[EMAIL PROTECTED]>...
>Sorry if the title is mean, but what's up?
>
>I wrote the paper on TwoDeck, and nobody even comments on it... That's
>because I am a newbie right? Well what if I showed some initiative and
>*wanted* to improve? Will anybody help? Not likely. Why because I am
>a newbie. That's not really fair.
>
>Well for you professed geniouses share in your basking knowledge. I
>just want a little help (perhaps guidance) in writing this paper. I
>think it can be solved (maybe faster then brute force), I even have
>ideas for the attack. But I need help, suggestions, etc...
>
>My paper is not that long, it's only 11 pages. I want to add more
>analysis, and as stated earlier make it more professional. I can't do
>this alone. So I am asking, once again for any help.
>
>I mean common, who is 'Dave Scott' or 'Jim Felling' anyways? Just
>people in the group. They post, and others post back. I am the same.
>Ok, I started off roughly, but I have learnt quite a bit, and I am
>trying to put something together.
>
>Anyways, can somebody please read the paper, or why else do people post
>here? I mean every member could write a paper, but if nobody read
>them, what's the point?
>
>Thanks,
>Tom
>
>--
>PGP public keys. SPARE key is for daily work, WORK key is for
>published work. The spare is at
>'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
>'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
>
>
>--== Sent via Deja.com http://www.deja.com/ ==--
>---Share what you know. Learn what you don't.---
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Random permutation
Date: Tue, 11 May 1999 17:52:11 -0700
This isn't going to be threaded in the right place. My internet
provide doesn't get all the posts, and Dejanews hasn't worked since
they revised it a few days ago.
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > If efficient means we want to use the fewest calls to our
> > random number generator, use the same idea as we used to generated
> > a uniform choice in [0..n) given a uniform and independent bit
> > source. Suppose rand16() returns a random choice from [0..15].
> >
> > endRange = 1
> > randInRange = 0
> > while true
> > while endRange < 16!
> > endRange = endRange * 16
> > randInRange = randInRange * 16 + rand16()
> > if randInRange < 16!
> > return randInRange
> > else
> > endRange = endRange - 16!
> > randInRange = randInRange - 16!
> >
> > This returns a uniform choice from [0, 16!-1], which
> > we cam map one-to-one to the possible permuations. It's
> > optimal in the expected number of calls to rand16().
>
> I question the characterization of this approach as efficient. It
> requires use of numbers well over 32-bits in length due to the
> computation of 16 factorial.
True, but be fair. I stated exactly in what sense it is efficient:
it uses the fewest possible (average case) calls to rand16().
> It will work on a 64-bit machine, but not
> on a 32-bit machine. And even on a 64-bit machine it does not scale
> well at all.
That's just silly - of course it works on 32-bit machines. It
just requires multiple precision arithmetic. As for how it scales,
a straightforward implementation takes time proportional to n^2 lg n
where n is the degree of the permutation.
--Bryan
------------------------------
From: Cyberspace Policy Institute <[EMAIL PROTECTED]>
Subject: URGENT: Need crypto product info!
Date: Tue, 11 May 1999 21:13:15 -0400
Please forward this message to others who are interested on the topic. A
WWW-version of this message can be found at
http://www.seas.gwu.edu/seas/institutes/cpi/cryptosurvey/call4info.html
Please excuse us for the cross-postings.
**************************************************************
NON-U.S. CRYPTOGRAPHIC PRODUCT SURVEY
CALL FOR INFORMATION
**************************************************************
The George Washington University and NAI Labs, The Security Research
Division of Network Associates (formerly the research division of
Trusted Information Systems) are conducting a survey to identify
cryptographic products manufactured outside the United States and are
examining product specifications to assess their functionality and
security.
We are soliciting input from those with knowledge of cryptographic
products through the use of this survey form. If you know of
cryptographic products that are manufactured in countries other than the
United States, please complete this form and submit it to the Cyberspace
Policy Institute (CPI) NO LATER THAN TUESDAY MAY 18, 1999. You may
submit this form via email to [EMAIL PROTECTED] or fax at (202) 994-5505
in Washington D.C.
In addition, we ask you to send or post this survey to anyone or place
that would have knowledge of cryptographic products. Inquiries about
this survey may be made to the Cyberspace Policy Institute at
[EMAIL PROTECTED] or (202) 994-5512. This survey may also be found on the
CPI Web site at http://www.seas.gwu.edu/seas/institutes/cpi.
Your cooperation is greatly appreciated.
Professor Lance J. Hoffman, The George Washington University
David Balenson, NAI Labs, The Security Research Division of Network
Associates
**************************************************************
NON-U.S. CRYPTOGRAPHIC PRODUCT SURVEY
DATE:
COMPLETED BY:
Your Name:
Phone:
E-mail:
NAME AND ADDRESS OF MANUFACTURER
Name:
Address:
City: State: Zip Code:
Country:
URL:
MANUFACTURER CONTACT INFORMATION
Name: Title:
Phone: FAX:
E-mail: 800#:
PRODUCT DESCRIPTION
Name (including model and version information):
Product-specific URL:
Is it software-only, hardware-only, or a software/hardware combination?
What does it encrypt (e.g., disk, file, communications, FAX, voice,
magnetic tape, electronic mail)?
If embedded software or hardware, what platforms does it support (e.g.,
PC, Mac, UNIX workstation, IBM mainframe), else if standalone hardware,
what interfaces does it support (RS-232, telephone, V.24, V.35)?
If software, is it in the form of a kit or as an end-user program, else
if hardware, what is the embodiment (e.g., chip, board, PCMCIA card,
smart card, box, phone)?
What algorithms does it employ for data encryption (including
proprietary algorithms and key length)?
If applicable, what algorithms does it employ for key management
(including proprietary algorithms and key length)?
If applicable, what algorithms does it employ for data authentication
(including proprietary algorithms)?
How is the product sold or distributed (e.g., store front, mail order,
telephone order, World Wide Web, anonymous ftp over the Internet)?
If applicable, what is the quantity one purchase price?
(Optional) Approximate number of units sold or distributed?
(Optional) Approximate date product was first available?
Please provide a list of the names and relationships of any associated
companies (e.g., parent company, sister company, distributors). Include
full address and contact name, title, phone, FAX, and e-mail address.
Other information:
PLEASE PROVIDE A COPY OF ANY RELEVANT PRODUCT LITERATURE.
Send completed forms and product literature via e-mail to
[EMAIL PROTECTED] or via fax to the Cyberspace Policy Institute at
202-994-5505 in Washington D.C.
THANK YOU!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This survey is part of an ongoing worldwide study of cryptographic
products started in April 1994 by Trusted Information Systems and
Dr. Lance J. Hoffman of the George Washington University.
The December 1997 summary results of the survey are available on the
World Wide Web at
http://www.nai.com/products/security/tis_research/crypto/crypt_surv.asp.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
