Cryptography-Digest Digest #105, Volume #10 Tue, 24 Aug 99 17:13:04 EDT
Contents:
Re: RSA patent & Canada (John McDonald, Jr.)
Updated paper on ECDSA (DJohn37050)
Re: Crypto for PALM III? (Paul Koning)
Re: NIST ECC curves August document ("Michael Scott")
Re: NIST ECC curves August document (DJohn37050)
Re: Updated paper on ECDSA (DJohn37050)
Re: One-time pad encryption. (Jim Dunnett)
Re: cryptographic DLL (Tom St Denis)
Re: Where to find ("karl malbrain")
Re: cryptographic DLL (Greg)
Re: How Easy Can Terrorists Get Strong Encrypt? (Greg)
Re: Help: DES Encryption -> ASCII (Mok-Kong Shen)
Multiple Hash Algorithms and Birthday Attacks ([EMAIL PROTECTED])
Re: What the hell good is a session key! (Greg)
Re: cryptographic DLL (Tom St Denis)
Re: Help: DES Encryption -> ASCII (Tom St Denis)
Re: Attacks on RC4 ? (Tom St Denis)
Re: CRYPTO DESIGN MY VIEW (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John McDonald, Jr.)
Subject: Re: RSA patent & Canada
Date: Tue, 24 Aug 1999 19:10:53 GMT
On 23 Aug 99 12:42:29 GMT, [EMAIL PROTECTED] (W.G. Unruh)
wrote:
<snip>
>the permission of the copyright holders. Copyrights are "worldwide"
>in that "all " countries grant copyright to anyone who creates a work anywhere
>in the world.
<snipola>
[OT]
Singapore and a few other SE Asian countries do not enforce or honor
copyrights...
This is why such wonderful products as "California Gold" exist,
wherein all the Adobe products can be purchased in SE Asia legally for
approximately $155 US. (Of course they are all cracked...)
---
John K. McDonald, Jr. Alcatel, USA
[EMAIL PROTECTED]
--
"I speak for me and not this company"
TO SPAMMERS:
Please note important defininitions:
The Telephone Consumer Protection Act
of 1991, Title 47, Chapter 5,
Subchapter II, Section 227.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Updated paper on ECDSA
Date: 24 Aug 1999 19:07:50 GMT
There is an updated paper on ECDSA available at
http://cacr.math.uwaterloo.ca/~ajmeneze/publications/ecdsa/ps. This is a very
good starting paper to read for those interested in ECC.
Don Johnson
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Crypto for PALM III?
Date: Tue, 24 Aug 1999 12:31:08 -0400
grimm wrote:
>
> greetings,
>
> Like many others, I'm finding myself using my PALM III
> a great deal, but I would really like to know what you
> guys have to say about encryption programs for the
> palm III. I have tried a few and seen many which have
> already been cracked.
>
> I have also seen many supposed 128 bit encryption
> programs which don't even bother masking the password
> entry box.
>
> There must be someone out here who has some suggestions
> on advanced crypto packages for the palm III. When is
> Palm PGP coming out? <grin>.
It's been around for a bit already. I don't have a Palm
so I can't speak from personal experience, but here's the
relevant announcement:
From: [EMAIL PROTECTED]
To: OpenPGP mailing list <[EMAIL PROTECTED]>
Date: Tue, 25 Aug 1998 20:21:55 -0400
Subject: Palm III (or PPw/OS3 upgrade) beta.
On Mon, 24 Aug 1998 [EMAIL PROTECTED] wrote:
> I finally have a reasonable version that runs on the Palm III (or any with
> OS 3.0). It uses the clipboard to move data, and the address book to hold
> the public keys (so you can beam them). I don't have keysigning working
> yet, but the structure is there and it is a priority to finish. It also
> handles all incoming algorithms (if the appropriate SSLeay libraries are
> there), but sticks to 3DES/SHA1 for encryption. This includes the
> binaries for things not in the pilotSSLeay package, and source.
palmopgp12.tgz - fixes include keysigning (you can now beam your
business
card w/ PGP pubkey, I can sign it and beam the sig packet back as a memo
-
PGP doesn't beam itself). Memory fixes, so it can encrypt large
messages,
the UI is better, but there are still debug messages.
If anyone (in the us or ca) has a Palm III, and is interested, give it a
try.
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: NIST ECC curves August document
Date: Tue, 24 Aug 1999 18:54:42 +0100
DJohn37050 <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The latest information (August) on NIST's suggested ECC curves can be
found at
> http://csrc.nist.gov/encryption.
> Don Johnson
Alternatively generate your own curves on your home PC. A beta of the
Schoof-Elkies-Atkin algorithm for GF(p) curves is available as three Windows
'NT/95/98 Command Prompt executables from
ftp://ftp.compapp.dcu.ie/pub/crypto/mueller.exe
ftp://ftp.compapp.dcu.ie/pub/crypto/process.exe
ftp://ftp.compapp.dcu.ie/pub/crypto/sea.exe
Read instructions at
ftp://ftp.compapp.dcu.ie/pub/crypto/sea.cpp
Full source code is available from
ftp://ftp.compapp.dcu.ie/pub/crypto/miracl.zip
if you want to compile the executables yourself. The code is C++/C and is
portable.
Suitable for curves over GF(p), with p from 160 to 512 bits in length.
Mike Scott
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: NIST ECC curves August document
Date: 24 Aug 1999 19:05:33 GMT
Yes, there can be reasons to generate curves for oneself and reasons to use
curves generated by others. Interoperability would tend to lie with the latter
choice, for example. And many people say that "what is good enough for the
government is good enough for me". Banks sending millions of dollars
electronically, for example.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Updated paper on ECDSA
Date: 24 Aug 1999 19:09:29 GMT
Sorry, should be ecdsa.ps.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: One-time pad encryption.
Date: Tue, 24 Aug 1999 18:41:58 GMT
Reply-To: Jim Dunnett
On Tue, 24 Aug 1999 13:32:28 -0400, Paul Koning <[EMAIL PROTECTED]> wrote:
>> My reasoning is that using the OTP twice shouldn't weaken this based on
>> the fact that the second time it's being used it's used on a "text" that
>> has been randomly picked and that contains no words or any other
>> information that could be compared to the known to be a text part of the
>> message (where the known to be text-part has been located by knowing the
>> basic structure of this method).
>
>What you describe sounds like what the Russians did around WW2; it
>was broken in a project called Venona. See "Spycatcher" by Peter
>Wright for some modest amount of detail.
Or 'Venona' The Greatest Secret of the Cold War by Nigel West for a lot
more detail. (Harper Collins ISBN 0 00 257000 9)
--
Regards, Jim. | We have decided not to go to France
amadeus%netcomuk.co.uk | this summer as it is too full of
dynastic%cwcom.net | unattractive, shirtless Englishmen
| talking into mobile 'phones.
PGP Key: pgpkeys.mit.edu:11371 | - Auberon Waugh.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Tue, 24 Aug 1999 20:03:15 GMT
> Well it has Twofish and Blowfish with no restrictions on the keysize.
> The thing is I don't care about EAR. They will not send a 17 year
> old 'kid' to jail, and even if they did, I could protest how stupid
> those rules are and why they are unconstitutional.
>
> Basically I don't care about EAR. The source is there you can check
it
> out if you want.
For the inquiring minds I am now a 'clueless-hacker' interested in
breaking the law or messing things up. I am quite lawful, xcept when
it comes to 'silly' laws made by crypto-clueless people. EAR is like
saying 'no car for you, you might hit someone' or 'no gun for you, you
might shoot someone' etc...
Basically EAR rules are the wierdest most abstract useless laws I have
heard of. Make 'strong-crypto' illegal and we will all just become
criminals...
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: Where to find
Date: Mon, 23 Aug 1999 14:02:58 -0700
David Hamilton <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> (snip)
>
> > I design as I code. Which is the way I have coded the last 30 years
> >and airplanes and missles count on my ability to do this.
>
> This is silliness, arrogance and UNprofessionalism of the highest order.
If
> you design as you code, you do not design at all.
Sorry, but there is nothing wrong with using computer language CODES to
workout, document and/or implement (i.e. materialize) design IDEAS. There
is also no professional requirement to express one's ideas in ENGLISH,
either. Karl M
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Tue, 24 Aug 1999 19:45:12 GMT
> I packaged the Twofish/Blowfish/Sha code from PeekBoo into a DLL that
> every can use with an easy API. Check it out at
Is this strong crypto? If so, how do you make it available on the web
with regards to EAR?
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: Tue, 24 Aug 1999 19:43:15 GMT
> The terrorist argument is absolutely 100% a red herring. When you
> see Freeh making it, he's lying, no question about it.
Yet, those who are foolish enough to believe this line must have it
pointed out to them that even if anti terrorism was really a goal, it
would be an unreachable goal, at least through the EAR.
Frankly I am amazed that the white house has not been bought out by the
industry. They have been bought out on everything else that is sacred
to this nation. Someone should ask Bill Gates if he wants to spend a
night in the Lincoln bedroom or something.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Help: DES Encryption -> ASCII
Date: Tue, 24 Aug 1999 22:15:39 +0200
[EMAIL PROTECTED] wrote:
>
> Can I use the DES encryption to generate an ASCII encrypted string so
> that I can save it in a text file?.
What DES and most other modern encryption algorithms deliver are
simply arbitrary sequences of bits. So you can't simply treat that
as a text file. In particular, you can't view it with a text
editor. Unless someone else knows a better way, I suppose that
uuencode/uudecode will be able to do the job you want quite well.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Multiple Hash Algorithms and Birthday Attacks
Date: Tue, 24 Aug 1999 20:03:05 GMT
I know that a birthday attack is used to find two files, for example,
that hash to the same value. My question is, if you find a pair of
files, a & b, that hash to the same value using a specific hash
function, would those two files have identicle hashes using a different
hash function? If no, would it be a good idea to send two hashes with a
file, say one hashed with SHA and another hashed with MD5. I know there
are hash functions that produce large hashes, such as HAVAL. I'm just
thinking that it would be harder to find a pair of files, a & b, that
would produce identicle hashes for two algorithms than just one
algorithm.
Casey.
For true intellectual content, visit www.userfriendly.org.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: What the hell good is a session key!
Date: Tue, 24 Aug 1999 19:29:43 GMT
I was a bit confused by your post, so let me say it another way and you
can comment if I understood your thesis.
Given a public key cryptosystem that allowed for safe transport of a
session key, you can crack the cipher by attacking either the session
key or the public key. This gives two attack opportunities, or two
potentially weak points for an attack to take place upon. Why would
anyone want to give two potentially weak points when they could narrow
it to one by using only a public key cryptosystem?
If this is what you were saying- in effect- then I think speed (session
key) and convenience (public key) combined is the answer to your
question. However, I feel that speed is not as important for things
like e-mail where a public key cryptosystem can be used exclusively and
make for only one point of potential weakness. See www.ciphermax.com
for more details on my view point.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Tue, 24 Aug 1999 19:50:45 GMT
In article <7puso3$d3i$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>
> > I packaged the Twofish/Blowfish/Sha code from PeekBoo into a DLL
that
> > every can use with an easy API. Check it out at
>
> Is this strong crypto? If so, how do you make it available on the web
> with regards to EAR?
Well it has Twofish and Blowfish with no restrictions on the keysize.
The thing is I don't care about EAR. They will not send a 17 year
old 'kid' to jail, and even if they did, I could protest how stupid
those rules are and why they are unconstitutional.
Basically I don't care about EAR. The source is there you can check it
out if you want.
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Help: DES Encryption -> ASCII
Date: Tue, 24 Aug 1999 19:53:36 GMT
In article <7puoov$a5s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi,
>
> Can I use the DES encryption to generate an ASCII encrypted string so
> that I can save it in a text file?.
>
> Or do I have store the most significat bits of all bytes and append
> some more ASCII bytes containing these bits to the encrypted buffer so
> as to make the whole string ASCII?.
>
> I would appreciate if someone can point me to some links.
Well you could simply uuencode the binary data to the text file. But
as you might have already noted DON'T USE DES. If this is a new
application seek out another algorithm. If it's an older/compliant
application use uuencode (on the DES output).
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Attacks on RC4 ?
Date: Tue, 24 Aug 1999 19:55:01 GMT
In article <[EMAIL PROTECTED]>,
Paul Crowley <[EMAIL PROTECTED]> wrote:
> It's more like 100 days on the slow machines I was using: my 2
> processor machine at work and my very slow home machine. I just set
> it going whenever the machine was going to be idle.
Hmm cool, so have you managed to propose an attack on RC4 using the
data you found?
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: CRYPTO DESIGN MY VIEW
Date: Tue, 24 Aug 1999 21:54:47 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>SCOTT19U.ZIP_GUY wrote:
>
>
>> I hope you can get it this time
>> the xxxxxxxx xxxxxxxy yyyyyyy is a valid bit stream that will be written
> as
>> xxxxxxxx xxxxxxxy yyyyyyy for the case you used
>>
>> xxxxxxxx xxxxxxx_ is a valid bit stream that can lead to
>> xxxxxxxx xxxxxxx0 for most cases this is finally compress file
>>
>> xxxxxxxx xxxxxxx_ is a valid bit stream let 8 1's be last token
>> xxxxxxx1 is a valid compressed file for this case
>>
>> Another example in your format
>> xxxxxxxx xxx_____ this is valid huffman stream suppose 10 last token
>> xxxxxxxx x1000000 this is compressed file out for this case
>>
>> xxxxxxxx xxx_____ in this case asumme 10111 last token out
>> xxxxxx10 this compressed file out.
>
>Evidently I haven't yet succeeded to fully convey my ideas to you
>(no blame tp you but rather to me myself). Let me try to formulate
>my question more simply:
>
>Suppose the input file is
>
> ......abcq
>
>and it gets compressed to a file as follows (the dots in the two
>cases don't have the same meaning):
>
> ......... xxxxxxxx xxxxxxx0 10110010
>
>and we know that 0 10110010 is the Huffman code of q. So this file
>decompresses back to
>
> ......abcq
>
>Am I right?? Now what does a file with (the last byte above is removed)
>
> ......... xxxxxxxx xxxxxxx0
>
>decompress to?? Which one of the following possible cases holds?
>
>(1) ......abc is the decompression result, with no error message.
>
>(2) ......abc is the decompression result, with an error message.
>
>(3) The program simply aborts.
>
>(4) Others. (Please detail in this case.)
>
>Thank you in advance.
I took the liberty of showing what was above since you don't seem to read
what I wrote
>> xxxxxxxx xxxxxxx_ is a valid bit stream that can lead to
>> xxxxxxxx xxxxxxx0 for most cases this is finally compress file
if you look carefully your code kind of matches the case above
so it would most likely match ...abc
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
