Cryptography-Digest Digest #642, Volume #10 Sun, 28 Nov 99 10:13:01 EST
Contents:
Re: Attack 2x Playfair how? (Was: Nova program...also cipher contest) (Niteowl)
Re: How safe is Mobile Phone ? ("Hank")
Re: replay.com? where's this great crypto archive gone? (Paul Rubin)
Re: Secretly Obscured Subset (David Hopwood)
Re: smartcard idea? (Daniel James)
Re: Random Noise Encryption Buffs (Look Here) (Guy Macon)
A dangerous question ([EMAIL PROTECTED])
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: cryptography control? (SCOTT19U.ZIP_GUY)
Fact or Fiction ? >> Quantum device breaks RSA-512 encryption in 12
([EMAIL PROTECTED])
Re: bits of diffiehellman private key ("Michael Scott")
Re: New U.S. Crypto Regulations (advance copy: do not distribute) (cat)
Re: Random Noise Encryption Buffs (Look Here) (Tom St Denis)
Re: Fact or Fiction ? >> Quantum device breaks RSA-512 encryption in 12 micro sec
(John Savard)
Re: AES cyphers leak information like sieves ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: Niteowl <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Attack 2x Playfair how? (Was: Nova program...also cipher contest)
Date: Sun, 28 Nov 1999 08:26:11 GMT
Jim Gillogly wrote:
> I'm afraid my observations are discouraging also. The best idea I
> have
> is "shotgun hillclimbing", where you start guessing squares based on
> the crib information you have, and keep readjusting and calculating
> the
> plaintext. The Double Playfair turned out to be too hard for this
> kind
> of a contest. My excuse is that I had thought when first creating the
>
> contest that Double Playfair was the same as two-square with a little
> extra wrinkle, and that much information <would> have been enough to
> solve it. However, just before the contest went up I visited the
> National
> Archives in D.C. and discovered some recently declassified docs from
> Bletchley Park (in the NSA Open Door collection) that had some
> material
> on Double Playfair, including a paper with a bunch of German
> intercepts.
> I did a quick revision, added a big clue (i.e. one of the keywords),
> and
> hoped that would be enough to make it accessible. However, the
> British
> typically needed quite a lot more material to begin reconstructing the
>
> squares... mea culpa.
I got nowhere with this approach. I tried using the suggested keywords
asone of the squares and then random improvement on the other square but
it still didn't approach anything close to readable text. Trying random
improvement on both squares at the same time was much worse. I also
tried
using a dictionary attack on the unknown keyword but that didn't work
either.
> However, the double transposition (the third problem) <is> more
> accessible.
> Besides the suggested method of dinking with the assumed keys to find
> out
> what went wrong, that cipher can even be solved without a crib because
>
> the keys are relatively short compared to those used in WW2.
I struck out on the 3rd problem too. I tried variations on the keywords
but maybenot enough of them. I tried to brute force all keys less than
5 or 6 letters but it
appears the keywords would have been roughly the same length as the
'right'
ones and I didn't have the horsepower for it, especially since I'm
running a
background job to crack Singh's 9th problem....
All in all, I enjoyed the contest. I added 2 more ciphers to my list
and improved
some of the code to handle ciphers with 2 keywords.
Ed
------------------------------
From: "Hank" <[EMAIL PROTECTED]>
Subject: Re: How safe is Mobile Phone ?
Date: Sun, 28 Nov 1999 17:58:14 +0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Lincoln Yeoh wrote:
> > Most analog cellular phones have no encryption. Trivial to eavesdrop
> > with a scanner. Easy to clone too.
>
> In fact, several of us commented on this during the (US) FCC
> proceedings leading to the establishment of the US cell-phone
> system. But it wasn't "three-letter agencies" that ignored
> the problem, it was manufacturers greedy for quick bucks who
> didn't want to delay while a proper engineering job was done.
You mean that it's the result as manufacturers want to reduce their R&D cost ?
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: replay.com? where's this great crypto archive gone?
Date: 28 Nov 1999 10:51:49 GMT
In article <[EMAIL PROTECTED]>,
Markus S. <[EMAIL PROTECTED]> wrote:
> hello,
>
> i just noticed that www.replay.com now redirects to www.replaytv.com.
> does anyone know what happend to the crypto archive on ftp.replay.com?
> where's all of that gone?
>
> thanks, Markus
It's moved to www.zedz.net.
------------------------------
Date: Sun, 28 Nov 1999 10:51:52 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Secretly Obscured Subset
=====BEGIN PGP SIGNED MESSAGE=====
Gary wrote:
> Entity 'A' creates a function F mapping 2^N, N bit numbers INTO 2^(N/K), N
> bit numbers (K>1). For example with N=160, K=8. All 160 bit numbers are
> mapped into a subset with only 2^20 elements. The function is disguised so
> that only 'A' knows every element in the small subset. 'A' publishes the
> function.
>
> Entity 'B' on receiving the function generates a random N bit number R and
> uses the function on it to create R'=F(R). R' will be the secret session key
> he wishes to share with 'A'. 'B' one way hashes R' to produce R''=H(R'), and
> sends this hash to 'A'.
>
> Since 'A' knows all the one way hashes of the small subset, he can easily
> find the R' that hashes to R'', and thus shares the secret R'. For example
> with N=160 and K=8, 'A' needs only to search 2^20 hashes.
This can be broken by evaluating F on random inputs until you hit a number
that hashes to R''. Because each trial has a 1 in 2^(N/K) chance of hitting
the correct R', the expected number of evaluations of F and H is 2^(N/K);
i.e. not much more work than A has to do.
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
"Attempts to control the use of encryption technology are wrong in principle,
unworkable in practice, and damaging to the long-term economic value of the
information networks." -- UK Labour Party pre-election policy document
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOEEJEjkCAxeYt5gVAQETMwgAxWmZ2y3r8s6BYW9OkA1BhGU6MtikS/Tp
/AYOlgB0LAEAamAHvbsmYZ4GPrANLcC7GHt6d/IZ/83NqC96Z9h4vrigYU4FKFlt
r0/f6CD7/bRTM403Nuftx2UAig9mDKyXY1gaNxzyil147UhA5Ea58XV/9JFyHDrG
9dEsfzCvTO7NjNF+r+PL9xi07lqSEjAXLm0C6jlPsRN54SoRX7DjVs3bqMXiTa+G
gtXsVX7Ta66mLRKnVdqe/FDYCbE6AT9ZoreZPeeeqhqH5+1K6X8LoFZ6PqwTh0H0
XmfHn0FaDwyjp6hJSRfaqzIHZSg7ojdJ7Bs43yOq9DlG5yXZWyRbAg==
=fdPJ
=====END PGP SIGNATURE=====
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: smartcard idea?
Date: Sun, 28 Nov 1999 11:21:54 GMT
Reply-To: [EMAIL PROTECTED]
In article <81q2o6$ufp$[EMAIL PROTECTED]>, wrote:
> If for example you were using the internet to make a transaction the
> server would immediately record and lock the client IP address to your
> account. Before the server would allow you to access your account for
> your NEXT transaction you would be authorized using the previous
> encrypted one time pad received and stored on your smart card at the end
> of your LAST transaction.
>
You can't use an IP address for this, as many dial-up internet services
provide the user with a variable IP address, chosen from a pool of available
address at connection time. Such a user's IP address will vary from
connection to connection.
I'm not at all sure that storing the authorization data on card is feasible,
either. If the cardholder communicates with many online vendors the card will
run out of space to store this stuff.
Cheers,
Daniel.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: 28 Nov 1999 04:05:27 PST
In article <81qa8c$30g$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
>For any part of an atom to be truly random you have to end up with
>something you didn't have in the beginning. This means for example you
>must have lost X electrons but only have had <X etc. What I am trying
>to say is that this 'random behaviour' must have been spontaneously
>created otherwise it could possibly be modelled. At this point it is
>no longer random.
So? Do you have some sort of problem with thjings that are
spontaneously created out of nothing? If you do, I think I
will take my Quantum Subaru to another Quantum Mechanic.
------------------------------
From: [EMAIL PROTECTED]
Subject: A dangerous question
Date: 28 Nov 1999 12:37:29 GMT
Firstly, two references need to looked at:
1. At: http://jya.com/ap.htm you'll find a document by
Jim Bell called 'Assassination Politics'
His thesis is briefly summarized by a quote:
"... I speculated on the question of whether an
organization could be set up to legally announce that it
would be awarding a cash prize to somebody who correctly
"predicted" the death of one of a list of violators of
rights, usually either government employees,
officeholders, or appointees. It could ask for anonymous
contributions from the public, and individuals would be
able send those contributions using digital cash."
2. At: http://www.cl.cam.ac.uk/~fms27/cocaine/ you'll
find a paper by Frank Stajano and Ross Anderson called
'The Cocaine Auction Protocol: On the Power of Anonymous
Broadcast'
They say as a matter of introduction:
'This paper builds on a case study, of an anonymous
auction between mistrustful principals with no trusted
arbitrator, to introduce "anonymous broadcast" as a new
protocol building block. This primitive is, in many
interesting cases, a more accurate model of what actually
happens during transmission. With certain restrictions it
can give a particularly efficient implementation
technique for many anonymity-related protocols.'
So the question is: how long will it be before the
protocols and the infrastructure are in place that make
Assassination Politics a reality?
Keith
http://www.cix.co.uk/~klockstone
------------------------
'Unwise a grave for Arthur'
-- The Black Book of Carmarthen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Sun, 28 Nov 1999 12:39:12 GMT
In article <81q24c$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guy Macon) wrote:
> In article <81pn0e$n6g$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom
St Denis) wrote:
> >> >Ok, explain to me something that is truly random.
> >> >
> >>
> >> The time it takes for an individual atom of potassium-40
> >> to decay to Argon-40.
> >
> >What is random about that? If you can model exactly every nick and
> >nanny of the atom, then can't you recreate the decay?
>
> Because, according to Heisenberg's uncertainty principle, you can't
> model the atom.
>
> >I would classify that as 'hard to model' thus 'random'. But it's not
> >universially random.
>
> Quantum mechanics says that it is impossible to model and impossible
> to predict, except statisticaly.
Ok look at it another way.
If I took two exact copies [leave the copying theory behind here] of an
atom, and placed them in two exact same environments. Would they not
decay the same way? If so, that's hardly random at all.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Sun, 28 Nov 1999 12:35:18 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > So you are saying there is absolutely no way 'ever' to describe the
> > laws of decay? And I suppose the sun revolves around the earth too?
>
> I said no such thing, and your sarcasm is uncalled for and indicative
> of your total lack of understanding.
Well never state facts that we have yet to disprove.
> Obviously. But when you post your personal hallucinations,
> you should label them as such, not pretend that they are facts.
And 500 years ago the world was flat, and that was fact.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: cryptography control?
Date: Sun, 28 Nov 1999 14:31:01 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>wtshaw wrote:
>>> The only true raw ingredients required in crypto are imagination and
>> insight; both are most difficult to outlaw.
>
>You don't outlaw them; instead, you control the educational system
>and make sure that imagination and insight are suppressed.
And in America that process of dumbing down is alive and
well.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp
Subject: Fact or Fiction ? >> Quantum device breaks RSA-512 encryption in 12
Date: Sun, 28 Nov 1999 08:48:52 -0500
Sunday Times article about Quantum device breaks RSA-512 encryption in 12 micro
sec
http://www.sunday-times.co.uk/news/pages/tim/99/09/29/timintint02001.html?999
Europe's banking codes have been cracked in the blink of an eye
After an Israeli research institute said it could break Europe's
banking codes in less than a second, a initiative has been launched
that could result in unbreakable codes.
The European Institute of Quantum Computing Network was launched on
Monday, to bring companies and research labs throughout Europe
together in the hope that the new technology - Quantum Computing - can
be taken from the theory to the high street.
The institute was founded a few weeks after news leaked from the
Israel's Weizmann Institute that it was using a mixture of quantum
computing and special optical technology to break the RSA-512 code,
the system used by the European banking system. It claims it has
developed a hand-held device that can break the code in 12
microseconds.
........................................................
--
Thanks, Richard
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Sun, 28 Nov 1999 13:53:50 -0000
Anonymous <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> No one has stated it explicitly here (IEEE P1363 does discuss this)
> but the danger in choosing a generator of the whole group of size p-1
> is that the low order bit of the exponent is leaked.
< followed by good explanation >
As I understand it more than 1 bit may be leaked. If p-1 = (2^k)*q where q
is odd, then up to k bits will be leaked.
Mike Scott
------------------------------
From: cat (cat)
Subject: Re: New U.S. Crypto Regulations (advance copy: do not distribute)
Date: Sun, 28 Nov 1999 13:40:10 GMT
Reply-To: cat
On Tue, 23 Nov 1999 21:37:24 GMT, [EMAIL PROTECTED] (Bruce
Schneier) wrote:
>
>
> Introductory Note: this draft contains proposed regulatory language
>for the new or amended sections of the Commerce Department Export
>Regulations as they apply to encryption. It is not itself a draft of....
Ifliska! Ben ta plae ish geen ten dan.
Ya gwen ten flael ren peshter hosen .... gwa gwa gwa ish been den pan
ter hosen!
Banden flen
Cat
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Sun, 28 Nov 1999 14:14:33 GMT
In article <81r5q7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guy Macon) wrote:
> In article <81qa8c$30g$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom
St Denis) wrote:
>
> >For any part of an atom to be truly random you have to end up with
> >something you didn't have in the beginning. This means for example
you
> >must have lost X electrons but only have had <X etc. What I am trying
> >to say is that this 'random behaviour' must have been spontaneously
> >created otherwise it could possibly be modelled. At this point it is
> >no longer random.
>
> So? Do you have some sort of problem with thjings that are
> spontaneously created out of nothing? If you do, I think I
> will take my Quantum Subaru to another Quantum Mechanic.
If things are to be randomly created, material must be randomly
destroyed. That's a good idea. How about this. Things just change
form?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.security.pgp
Subject: Re: Fact or Fiction ? >> Quantum device breaks RSA-512 encryption in 12 micro
sec
Date: Sun, 28 Nov 1999 14:06:30 GMT
On Sun, 28 Nov 1999 08:48:52 -0500, [EMAIL PROTECTED] wrote:
>Sunday Times article about Quantum device breaks RSA-512 encryption in 12 micro
>sec
This news article was discussed in this group (sci.crypt) a while
back. It turned out the source of the news article was a web site for
a fictitious "European Institute" which contained a very inaccurate
account of TWINKLE, which is an optical (but not quantum) device which
is for factoring, but which does not have the performance level
claimed in the article.
------------------------------
Date: Sun, 28 Nov 1999 10:12:03 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Douglas A. Gwyn wrote:
> "Trevor Jackson, III" wrote:
> > Douglas A. Gwyn wrote:
> > > Asking for civilized behavior during a technial discourse
> > > is *not* asking anyone to (metaphorically) hop on one foot.
> > > If the goal is to communicate and/or enlighten, offensive
> > > behavior just gets in the way. If the barrier is too high,
> > > most reasonable people won't bother to try to overcome it.
> > Against this we have Franklin's observation that:
> > "Reasonable men accomodate themselves to circumstances. Unreasonable accomodate
> > ciscumstances to them selves. Thus all progress is due to unreasonable men."
>
> That has no bearing on whether one should treat other participants
> in a discussion with at least a minimum of respect (until they
> prove that they aren't worthy of it).
Certainly. I know of no instance in which Mr. Scott has flamed someone without
cause. His standard for cause appears to be quite low, but he does not appear to be
responding unpredictably. (Far from it).
>
>
> > If a writer presents an interesting idea the offensiveness of the
> > presentation is irrelevant to the value of the concept.
>
> But the reason salesmen dress neatly and are polite is that the
> *presentation* is important when trying to *sell* the product.
> It doesn't matter how good the product is if it doesn't sell.
Hmmm. Are the participants in sci.crypt the kind of people that one sells to, or the
kind that one reasons with? The purposes and methods involved are quite distinct, as
this thread illustrates. Personally, I would very much like to believe the latter.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
