Cryptography-Digest Digest #700, Volume #10 Tue, 7 Dec 99 15:13:02 EST
Contents:
Re: Perfect Shuffles [src code] (Arthur Dardia)
Re: Random Noise Encryption Buffs (Look Here) ("Tony T. Warnock")
Re: Encrypting numbers? (Jim Dunnett)
Re: NSA future role? (Jim Dunnett)
Re: NSA future role? (Jim Dunnett)
Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe in a
paper ... (Jim Dunnett)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (Jim Dunnett)
Re: If you're in Australia, the government has the ability to modify your files. >>
4.Dec.1999 (Jim Dunnett)
Re: If you're in Australia, the government has the ability to modify your files. >>
4.Dec.1999 (Jim Dunnett)
Re: If you're in Australia, the government has the ability to modify your files. >>
4.Dec.1999 (Jim Dunnett)
Re: Encrypting numbers? (Thanks all!) (Jim Dunnett)
Re: Encrypting numbers? (Thanks all!) (Jim Dunnett)
Re: How do you get past the password screen to the crypto? (Arthur Dardia)
----------------------------------------------------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: Perfect Shuffles [src code]
Date: Tue, 07 Dec 1999 14:54:52 -0500
>From an email I received today from an ignorant, obtuse asshole:
"BTW: if all you are interested in is how many perfect shuffles it will
take to put the deck into the original order, there's a much faster
approach -- it should take you less than 0.001sec. But, because you
posted this to such an inappropriate group, I won't tell you what it
is."
Why do you insist on flaming? Is it to overcompensate for a small penis?
Does such a physical state create a mental problem that tells you that
you're not as big as a man as a person who you've never seen before? To
make up for this, do you flame people before even reading their post in
order to boost your ego? Go play with yourself some more.
Anyways...for the more informed, I'm studying using a deck of cards and a
machine shuffler for random data (which applies to OTPs and many facets of
crytography). I'm studying all of the facets of a deck of cards for an AP
Statistics project that I volunteered for.
And, to pour some more salt in my open wound, the responder says he won't
tell me b/c he thinks that I don't know. Anyways, I said it had to take
less than .001 sec, because that's the lowest that my timer class can
measure. In order to figure out the time per each shuffle, I ran it on a
deck of 832 cards. This measured an average per shuffle; however, I then
measured it on a deck of 416 cards, and it was less. A deck of 208 cards
regarded even less. I plan to run these tests again multiple times, plot
them on my TI-83, and obtain a regression curve in order to estimate the
average time per shuffle on a deck of 52 cards.
Anyways, a while ago, a person asked how to solve a problem a prospective
employer had given him. Someone said the answer was 97,XXX shuffles on a
deck of 1001 cards. I ran this in my program with in- and out- shuffles,
and my program skipped over the 98,000 shuffle count both ways. Any ideas?
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
Arthur Dardia wrote:
> I've written a program to perform in- or out- shuffles until the deck is
> returned to the original order. I've tested it on a deck of size 52
> cards. It returns the proper in- and out- shuffles; however, I've
> benchmarked it using a SysTimer class with a .001s granularity. My
> tests fail to return a time for the deck of 52 cards. Is this a rather
> fast algorithm? Here's some pseudo-code followed by my implementation:
>
> perfectShuffle(array of card values, in- or out- shuffle switch)
> split the deck into two halves: tDeck (representing position 0 to
> the (deck size/2)-1) and bDeck, (representing the lower half)
> shuffle the deck by placing the bottom card of the top half and then
> the bottom card of the bottom half onto the bottom of the real deck (the
> order is switched for in- or out- shuffles)
>
> compare the arrays
>
> I was wondering what the big-O notation of this is and if there are any
> faster algorithms. I remember someone posting once about his
> prospective company requesting such a program; however, he said he left
> his running for 8 hours and came up blank. Then someone quickly
> repsonded with a number near 97,000 shuffles. Therefore, I have to
> assume that if my program can perform 8 shuffles in AT MOST .001
> seconds, it could then perform the 97,000 and change shuffles in about
> 97 seconds. Is this calculation right? Why did the other guy's program
> take a RIDICULOUSLY larger amount of time?
>
> --- snip ---
> #include <iostream.h>
> #include <iomanip.h>
> #include "apvector.h"
>
> void perfectShuffle(apvector<int> &deck,int io) {
> apvector<int> tDeck((deck.length()/2),0);
> for (int i=0;i<tDeck.length();i++) {
> tDeck[i]=deck[i];
> }
>
> apvector<int> bDeck((deck.length()/2),0);
> for (i=0;i<bDeck.length();i++) {
> bDeck[i]=deck[i+(deck.length()/2)];
> }
>
> if (io==1) {
> // in-shuffle
> int a=deck.length()-1;
> for (int i=((deck.length()/2)-1);i>=0;i--) {
> deck[a]=tDeck[i];a--;
> deck[a]=bDeck[i];a--;
> }
> } else {
> // out-shuffle
> int a=deck.length()-1;
> for (int i=((deck.length()/2)-1);i>=0;i--) {
> deck[a]=bDeck[i];a--;
> deck[a]=tDeck[i];a--;
> }
> }
> }
>
> bool compareVectors(apvector<int> initialDeck,apvector<int> deck) {
> bool equal=false;
> for (int i=0;i<initialDeck.length();i++) {
> if (initialDeck[i]==deck[i]) {
> equal=true;
> } else {
> equal=false;
> return equal;
> }
> }
> return equal;
> }
>
> int main() {
> // the most important part of the program
> int shuffles=0,size=0,io=0;
> SysTimer myClock;
>
> while (size<=0) {cout << "size of deck:? ";cin >> size;}
> while (io!=1 && io!=2) {cout << "in/out shuffle [1=in/2=out]:? ";cin >>
> io;}
>
> // create a vector 52 in size, fill with 0's,
> // and create an original for comparing
> apvector<int> initialDeck(size,0);
> apvector<int> deck(size,0);
>
> // fill vectors with ints from 1-52
> for (int i=0;i<initialDeck.length();i++) {
> initialDeck[i]=(i+1);
> }
>
> for (i=0;i<deck.length();i++) {
> deck[i]=(i+1);
> }
>
> do {
> myClock.start();
> perfectShuffle(deck,io);
> myClock.stop();
> shuffles++;
> } while (compareVectors(initialDeck,deck)==false);
>
> cout << endl;
> if (io==1) {
> cout << shuffles << " in-shuffles were performed" << endl;
> } else {
> cout << shuffles << " out-shuffles were performed" << endl;
> }
> return 0;
> }
> --- snip ---
>
> --
> Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: Tue, 07 Dec 1999 12:59:46 -0700
Reply-To: [EMAIL PROTECTED]
Guy Macon wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim Tyler) wrote:
>
> >You don't seem to see the problem. Detecting single photons is not
> >really a big problem.
> >
> >Detecting them in such a way that no bias in introduced into the
> >(supposedly) random quantum behaviour *is*.
>
> An unbiased detector is not needed. You can use a detector with
> various biases and measure the time between photons coming from
> your detector. This is still imperfect, but precision time
> measurements are orders of magnitude less biased than most other
> kinds of measurement.
>
> Let's look at a real-life setup. Take a chunk of Radium small
> enough to have the property of putting out, on the average,
> 1 photon per second (or maybe per millisecond, depending on
> how fast you need the random bits).
>
> Detect the photons with a standard photomultiplier tube.
> Bias the PMT so that it sometimes misses a photon but never
> detects one that isn't there. Like many elecronic systems,
> you can't remove all bias but you can reduce one kind of bias
> to undetectable levels.
>
> For the timer, use a Linear Ion Trap frequency Standard (LITS).
> Because every ion in the clock is quantum-mechanically identical
> to every other one, this provides an absolute reference for
> frequency and time based on the atomic characteristics of
> mercury and ytterbium ions which are suspended in space by
> radio frequency fields. Inreal life the perfect timing is
> made imperfect by bias in the measuring, but the instablility
> is around 1 part in 10 the 16th (I don't know what period was
> measured to get this figure).
>
> A hydrogen maser would be another good source of timing.
> A typical hydrogen maser exhibits a time domain maximum
> instablility of 3.0 parts in 10 the 15th for periods of
> 1000 to 10,000 seconds and 2.0 parts in 10 to the 13th
> for 1 sec < t < 1000 seconds. Maybe we should use both
> in an attempt to further reduce bias.
>
> If I understood a previous post correctly, a known bias
> from a haevy headed coin of 0.1% would be of limited use
> in cryptoanalysis of a reasonable length message that
> is encrypted with a OTP using the coin above as a source.
> This leads me to believe that the method above, especially
> when used as part of a MOM, would have a bias so low as to
> make a cryptoanalysis attack impossible.
>
> I do agree that nothing is perfect and that the bias in
> my RNG cannot be proven to be zero. Would you settle
> for much smaller than needed to conduct an attack?
>
> Corrections invited - I may very well be missing
> something here.
You still may fail to detect some. The most probable waiting time between
decays is zero. Overall one can do pretty well with the radioactive decay
if care is taken not to get too much 60hz (or 50hz for the Europeans)
into the signal. There are several ways to completely eliminate bias.
Correlation is tough but can be decreased. This is very slow.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Subject: Re: Encrypting numbers?
Date: Tue, 07 Dec 1999 20:08:03 GMT
Reply-To: Jim Dunnett
On Mon, 6 Dec 1999 14:40:26 -0500, [EMAIL PROTECTED] (Michael Groh) wrote:
>I have a question that may seem rather obvious to some people, but I
>haven't found a simple answer yet. While reading Singh's book ("The Code
>Book") I noticed that none of the simpler encryption techniques
>specifically address encrypting numeric values. Consider something as
>simple as "$14.37". How can that value be encrypted using a Vigenere or
>substitution cipher? Even the Enigma machine doesn't include a numeric
>row on its keyboard. How did the German military transmit numeric values
>(persumably including + and - signs, decimal points, etc.) using the
>Enigma machine?
They spelt them out: 'fierzehndollarxsebenunddreisigcents'
Although there ARE ways of using figures and punctuation with only
the 26 letters, I don't think the Germans used them.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 20:08:04 GMT
Reply-To: Jim Dunnett
On Mon, 06 Dec 1999 17:43:32 -0800, albert <[EMAIL PROTECTED]> wrote:
>Government doesn't work, if NASA wants to succeed, have a few private sector
>companies join forces for this stuff, and you will see that the Mars Landers will
>magically land correctly, and things over $125M won't blow up due to metric vs.
>standard conversions...
That hasn't been our experience over here ... private entreprise doesn't
work ... it only costs jobs.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 20:08:04 GMT
Reply-To: Jim Dunnett
On Tue, 07 Dec 1999 16:11:39 +0000, CLSV <[EMAIL PROTECTED]> wrote:
>Claiming that the top secret Naval design of a rail gun is
>in your physics book is starting the same kind of myth as
>the "easy to build A-bomb".
Easy to build until you actually try to do it!
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.privacy
Subject: Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe
in a paper ...
Date: Tue, 07 Dec 1999 20:08:05 GMT
Reply-To: Jim Dunnett
On Mon, 06 Dec 1999 16:32:21 -0500, [EMAIL PROTECTED] wrote:
>Cell Phone Crypto Penetrated by Declan McCullagh
>
>10:55 a.m. 6.Dec.1999 PST
>Israeli researchers have discovered design flaws that allow the descrambling of
>supposedly private conversations carried by hundreds of millions of wireless
>phones.
>
>Alex Biryukov and Adi Shamir describe in a paper to be published this week how a
>PC with 128 MB RAM and large hard drives can penetrate the security of a phone
>call or data transmission in less than one second.
And listen to it in real-time? I think not.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 20:08:06 GMT
Reply-To: Jim Dunnett
On Mon, 06 Dec 1999 16:56:51 -0500, [EMAIL PROTECTED] wrote:
>Orwellian Nightmare Down Under? by Stewart Taggart
>
>3:00 a.m. 4.Dec.1999 PST
>SYDNEY, Australia -- Any data seem different on your computer today?
>
>If you're in Australia, the government has the ability to modify your files. Its
>cyber spooks have been given legal power not only to monitor private computers
>around the country, but to change the data they contain.
>
>The new powers are contained in a bill passed by Australia's parliament late
>last month (the Australian Security Intelligence Organization Legislation
>Amendment 1999). They now await only the largely ceremonial assent of
>Australia's governor general before becoming law.
>
>"These are really untested waters," says Chris Connolly, a vocal Australian
>privacy advocate. "I don't think there's any example anywhere else in the world
>that's comparable."
He's a bit out of touch. It's been proposed in 'democratic' Britain, but
not yet been put into law.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 20:08:06 GMT
Reply-To: Jim Dunnett
On Mon, 06 Dec 1999 23:40:12 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>> Orwellian Nightmare Down Under? by Stewart Taggart
>>
>> 3:00 a.m. 4.Dec.1999 PST
>> SYDNEY, Australia -- Any data seem different on your computer today?
>>
>Such tactics are too much to be tried at present in the USA. When some
>bright and devious fellow wants to field test a tactic, pick a country as
>a guniea pig, one not too important, Australia, New Zealand,
>England....those that are already trained to be kicked around, and not
>afraid to treat their citizens as dummies.
Although I'm in Britain, not England, I'm inclined to agree!
Thank you, Thatcher!
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 20:08:07 GMT
Reply-To: Jim Dunnett
On Tue, 07 Dec 1999 16:11:53 GMT, [EMAIL PROTECTED] (None) wrote:
>On Tue, 7 Dec 1999 23:53:12 +1100, "Lyal Collins"
><[EMAIL PROTECTED]> gagged and spewed out this stuff:
>
>>This solution is a bit pointless if the warrant covers your off-line
>>machine.
>>Lyal
>>
>
> You must know a very advanced technique to hack into
> an "offline" computer?
He's talking about the Gestapo having access to your off-line
machine.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 20:08:07 GMT
Reply-To: Jim Dunnett
On Tue, 7 Dec 1999 07:38:23 -0500, <[EMAIL PROTECTED]> wrote:
>
>[EMAIL PROTECTED] wrote in message
><[EMAIL PROTECTED]>...
>>Orwellian Nightmare Down Under? by Stewart Taggart
>>
>>Do what most smart paranoids (and intelligent businesses) do, dedicate a
>box for Internet use and keep sensitive and proprietary information on the
>computer that never goes online with strangers. We use an old 300 for
>surfing shark infested waters. We would have thought that anyone living in
>the land of the great whites would understand shark repellant.
Good solid sensible advice, provided they're not allowed to break in
without judicial sancition, and remove the hard disc, as has been proposed
in Britain.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Subject: Re: Encrypting numbers? (Thanks all!)
Date: Tue, 07 Dec 1999 20:08:08 GMT
Reply-To: Jim Dunnett
On Tue, 7 Dec 1999 09:01:43 -0500, [EMAIL PROTECTED] (Michael Groh) wrote:
>Thank you all very much for your responses. I'd guessed that the Enigma
>operators had to spell out the numeric values, but thought that doing so
>would increase the message a great deal. Instead of just 6 characters to
>transmit ($14.37) they'd have a bunch. Even if we spell it out:
>"DollarSignOneFourPointThreeSeven" it's a much longer message. I hadn't
>considered that this makes the crypanalysis job much harder as well!
I would have thought it would have made it easier ... more ciphertext.
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)
Subject: Re: Encrypting numbers? (Thanks all!)
Date: Tue, 07 Dec 1999 20:08:08 GMT
Reply-To: Jim Dunnett
On Tue, 7 Dec 1999 15:32:14 -0000, "Tim Wood" <[EMAIL PROTECTED]> wrote:
>
>
>
>John Savard wrote in message <[EMAIL PROTECTED]>...
>>On Tue, 7 Dec 1999 09:01:43 -0500, [EMAIL PROTECTED] (Michael
>>Groh) wrote:
>>
>>>Even if we spell it out:
>>>"DollarSignOneFourPointThreeSeven" it's a much longer message. I hadn't
>>>considered that this makes the crypanalysis job much harder as well!
>>
>>Of course, you mean much _easier_.
>
>much?
Much. There are now lots of spelled out figures in there, and if the
attacker has cribs as to their position in the ciphertext, his task is
enormously simplified.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: How do you get past the password screen to the crypto?
Date: Tue, 07 Dec 1999 15:01:58 -0500
Depending on the age of the computer, you may not even need a password to
get in. Some old motherboards (around the 486/Pentium age) had very
stupid programming errors. It would check for a password after it checked
the keyboard. This made sure that the person could actually type in the
password. They were willing to compromise the security of the system to
make sure that the keyboard worked. You can exploit this by getting a
stuck-key error and thus entering the BIOS in order to fix the "keyboard
error." Disable the password and boot. I know some BIOSes need passwords
to disable it, and some don't let you get into BIOS. But I have used
this on some people's computers that needed my help because they forgot
their password. Oh well.
I'm sure you also could try writing a boot disk that tries every possible
combination (note: this will probably require a boot disk and various
disks containing dictionary files). If the password was a good one, then
you just need a boot disk to run a program that tries 3 possibilities,
then reboots the computer if it doesn't get in. Before reboot, the
current progress will be stored on the disk so that the computer can start
again from the spot it finished. I know this isn't a feasible attack due
to the time it'll take to boot, but it is an attack.
Just some ideas. Let us know how it goes.
[EMAIL PROTECTED] wrote:
> My PC harddrive is encrypted, so when I start it up, it asks for a
> password to decrypt. If the wrong password is entered 3 times then the
> computer jams up.
>
> The question is how does an attacker get past the password bit to the
> actual encrypted contents?
>
> Is it possible at all?
>
> David
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
