Cryptography-Digest Digest #783, Volume #10 Wed, 22 Dec 99 15:13:01 EST
Contents:
Re: ElGamal Opinions, Please (Charles Blair)
Re: firmware encryption? (John Myre)
Re: Keystrokes monitored/encryption useless (John Myre)
Re: Economic Espionage Act of 1996 and the U.S.A. government's violations (Eric
Chomko)
Re: ElGamal Opinions, Please ("Roger Schlafly")
Re: NEW PROGRAM = FREEDOM ("Thomas J. Boschloo")
Re: How do you know if you found a key? (Paul Koning)
Re: Q: transcendental pad crypto (Paul Koning)
Re: US Patent Office: How Stupid? Look Here... (Paul Koning)
Re: Q: transcendental pad crypto (Paul Koning)
Re: Economic Espionage Act of 1996 and the U.S.A. government's violations (Jim)
Re: elliptical curve encryption (Greg)
Re: How do you know if you found a key? (Greg)
Re: DES key safety (Scott Nelson)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Charles Blair)
Subject: Re: ElGamal Opinions, Please
Date: 22 Dec 1999 17:21:09 GMT
You may want to visit www.gnupg.org for a free, supposedly secure
system.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: firmware encryption?
Date: Wed, 22 Dec 1999 10:29:40 -0700
Paul Rubin wrote:
<snip>
> Your average teenager probably won't have the skill or resources for
> such attacks, but determined attackers will.
<snip>
You must also consider whether your threat model includes teenagers
or other customers who might be the beneficiaries of such determined
attackers. That is, any secrets extracted can be published on the
Web, where "anybody at all" can use them. So you must decide how
likely a scenario like this is: (1) qualified crackers get interested
in your device, enough to go to the trouble to crack it; (2) the
crackers publish or otherwise transmit the details to your customers;
(3) who use it to cheat. Note that one way for (1) to happen is for
a customer to hire a cracker, although doing it "for the challenge"
is common enough.
John M.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Keystrokes monitored/encryption useless
Date: Wed, 22 Dec 1999 11:11:54 -0700
Guy Macon wrote:
>
> Liyang Hu wrote:
>
> >Frankly, I'm sick of projects involving PIC's, or any other
> >microcontroller for that matter.
...<snip>
> >Now it's all just programming.
>
> I would suggest that you stop reading sci.crypt and find a newsgroup
> more to you liking.
I don't think it's necessary to spend time on projects to
validate reading, or responding, to a newsgroup.
> While this newsgroup does touch on nonprogrammable
> electronics, such discussions are usually limited to talking about
> noise sources for creating "random" numbers. The bulk of the posts
> (and the topic of the newsgroup) are about various programmable systems.
> These are mostly personal computers, but doing crypto on a microcontroller,
> mainframe, steam powerd computer (anti-tempest!), etc. would also be
> on topic.
Besides electronics of whatever stripe, this group also deals with
many other topics. Systems issues and security in general come
to mind. To say one lacks interest in certain programmable
electronics is not to say that one's only interest is nonprogrammable
electronics.
>
> >Anyway, I doubt I'd learn anything new from this.
>
> Your choice. There is always something to be learned.
And not every project needs doing. Sometimes we learn more from
doing something else.
>
> >Apart from that, I dont have much spare time now for electronics anyway,
> >especially seeing as I'm not taking Technology for my A-Levels. Although I
> >have to agree with you - it would have been fun, if I had built it :)
>
> Ah. I see the problem. You are in the mode where your learning is
> constrained to that which gets you grades.
A doubtful leap, at best.
> A reasonable position for
> one who is in school. Alas, in too many cases the attitude remains
> after graduation, and we see engineers who fail to make the transition
> to transistors, ICs, digital logic, Op amps, microcontrollers, hardware
> description languages, etc. etc. More $$$$ for those of us who keep
> learning new things all of our lives, I suppose.
Just flaming. Should I add to it by - oh never mind.
Anyway, I don't think we need take Liyang Hu's post as anything more
than "been there, done that - right now I'm spending my time on other
stuff".
John M.
------------------------------
From: Eric Chomko <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia
Subject: Re: Economic Espionage Act of 1996 and the U.S.A. government's violations
Date: 22 Dec 1999 18:20:50 GMT
In alt.politics.org.cia Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
: I do believe that the government of the U.S.A. with the assistance of
: its intelligence agencies and commercial agencies have violated my
: private property rights and taken away my intellectual property ("Genie
: Services") by listening secretly my own R&D development and audio
: recordings, when I did my R&D work at my own private property in the
: summer of 1998. I do believe that this is the violation of the Economic
Hey, don't tell me that this is why the service module of the
International Space Station is late from Russia?
: Espionage Act of 1996 among other laws and regulations. I do believe
: that the U.S.A's intelligence and other agencies are involved in
: counter-intelligence activities only to steal a private person's and/or
: company's intellectual properties. Since early 1990's my experience in
: many international corporations has enabled me to create an
: understanding how the U.S.A.'s individuals and corporations are behaving
: offensively against international business people and their intellectual
: properties.
Get a lawyer.
: I have informed many Ambassadors and other diplomatic people about this
: matter.
You need a lawyer. I don't know one, but one in the area of international
law. The worst part of course is that the Japanese do this to Americans
all the time and we have not managed much retaliation, but I have heard
that that is changing.
One world economy and that many more lawyers. Man, to think how much
litigation we have in the US over corporate squabbles and now its going
worldwide. I shutter to think about needing more lawyers and on a global
scale. <shutter>
Eric
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: ElGamal Opinions, Please
Date: Wed, 22 Dec 1999 10:08:59 -0800
<[EMAIL PROTECTED]> wrote in message news:83qju9$ikl$[EMAIL PROTECTED]...
> One other thing is that the size of the encrypted file will be twice as
> large using El-Gamal than if you were using RSA. Otherwise, there's
> really no reason not to use it unless you need to be complient with
> something.
>
> One question: is the encryption being used to facilitate a key exchange?
> If so, you may wish to consider using Diffie-Hellman.
No. ElGamal is usually usually to transmit a session key, and the session
key is used to encrypt the file. The encrypted file is the same size, except
that the ElGamal one might have a slightly larger headers. (File headers
typically have a lot of wasted space anyway, so the difference is not
significant.)
ElGamal encryption is essentially the same as Diffie-Hellman. ElGamal's
famous innovation was a signature scheme.
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server
Subject: Re: NEW PROGRAM = FREEDOM
Date: Wed, 22 Dec 1999 18:11:03 +0100
=====BEGIN PGP SIGNED MESSAGE=====
[late reply, but I didn't think of this earlier]
[also cross-posted to sci.crypt, as there was a similar post by Steve K
on the disfuncioning of freedom together with AtGuard (lost the
'references' header to that post]
Steve K wrote:
>
> 1. Freedom can not co-exist with a PC firewall. It thinks it is a
> firewall, and will fight with a real firewall for the fight to control
> port assignments. I confirmed this with their tech support. The
> performance of this "firewall" feature is not documented, and since
> Freedom does not provide any of the monitoring or logging options one
> would expect of a firewall, I am inclined to call this "feature" a
> giant glaring security hole.
Maybe this cannot be avoided, as freedom (unlike jbn) filters mail and
everything at a very low OS level. And it wouldn't do their reputation
much good if it was discovered that freedom keeps logs of everything you
did! Maybe this could become a feature that is normally 'unchecked' in
future versions of freedom, but then there is the extra code which will
allow for *more* security holes in the product itself due to a larger
'bug probability' (more code=more bugs). I would not like freedom with
logging capabilities and run my firewall on a seperate computer, like
you really should to be secure (I think).
The other thing is that the software runs at such a low level that it
just captures all low level internet traffic and doesn't allow any other
processes to send their own stuff across the internet. Allowing the
firewall on your local machine to take over traffic and send it's own
stuff would be even a bigger security breach! It is just a 'hostile'
application to freedom and so it should be.
The other way around, freedom is a hostile application to AtGuard
because it bypasses the firewall. And so this should be again. They just
can't coexist, even if they wanted to. It's against their nature.
> 2. Comparing Freedom to PGP is like comparing apples to lug nuts.
> Their missions are totally different. Freedom adds *no* security to
> the contents of email, it only obscures the sender's identity. And
> might I add, Freedom does not obscure the sender's identity as well as
> conventional remailers.
You should compare Freedom with nym servers, as it allows people to
reply to messages you have send. But still nym servers combined with 3
chained mixmaster remailers would probably win. Although I guess freedom
will be plenty more reliable (and I for one don't like my mail server to
lose messages).
> But Freedom is not a "real" security utility; it is closed source, so
> we have to take their word for its cryptographic strength; and it
> prevents the user from running a real firewall, which is really bad,
> because network intrusions are the number one method for defeating
> cryptographic software.
Worth quoting, but I would like to add that freedom offers
'pseudonimity/anonimity', not 'security' as pgp does (although both use
encryption).
Hi!,
Thomas
=====BEGIN PGP SIGNATURE=====
iQB5AwUBOGD4BgEP2l8iXKAJAQHhMwMglRnzyYLr+IP1slvRB3Lw/gouOQc0+h+z
4sQ5zNeJjv7I3NocQEWUuBEwO1GX45jTu5cZ7gXahEIwu3Si0rm4D6nTz+RYWBmB
6Ldn8qgLOD3l1DNMuMT3BcKPBJa+dROiXYklOw==
=Lp69
=====END PGP SIGNATURE=====
--
Boycot Intel Pentium III <http://www.bigbrotherinside.com/>
PGP key: http://x11.dejanews.com/getdoc.xp?AN=453727376
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: How do you know if you found a key?
Date: Wed, 22 Dec 1999 13:34:09 -0500
Ian Goldberg wrote:
> ...
> This is in fact how most *hardware* implementations of 3DES work, and
> it's called "inner-chaining" mode. It's popular in hardware, because it
> turns out you can easily use 3 DES chips in parallel to get a pipelined
> 3DES encryption with the same bulk speed as single DES.
I don't know if that was ever true. I *do* know it is not currently
true. I've seen numerous hardware implementations of 3DES, but NEVER
one that does inner chaining. They are all outer chaining designs.
And yes, that makes them slower. Then again, that's a relative term;
150-200 Mb/s is available off the shelf in single chip implementations
today.
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "The only purpose for which power can be rightfully exercised over
! any member of a civilized community, against his will, is to prevent
! harm to others. His own good, either physical or moral, is not
! a sufficient warrant." -- John Stuart Mill, "On Liberty" 1859
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Q: transcendental pad crypto
Date: Wed, 22 Dec 1999 13:31:06 -0500
> On Mon, 20 Dec 1999 18:31:19 -0500, "dls2" <[EMAIL PROTECTED]> wrote:
>
> >Physics! Physics is arguably predictable, i.e. non-random.
Time to go retake Physics 101. Or perhaps 201.
Physics isn't predictable. It was thought to be back in the
19th century. Then came quantum mechanics.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: US Patent Office: How Stupid? Look Here...
Date: Wed, 22 Dec 1999 13:37:23 -0500
"E. Y. Klormian" wrote:
> ...
> That doesn't sound like a legitimate patent because nothing was invented!
> Someone simply found something cool to do with a laser pointer. I used a
> laser pointer, a plumb bob, a protractor, and a compass to find a place to
> mount my satellite dish. Do I deserve a patent for that?
No, but "deserving" a patent and being able to get a patent are VERY
different things. It depends on how dishonest you and your patent
attorney are...
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Q: transcendental pad crypto
Date: Wed, 22 Dec 1999 13:49:59 -0500
John,
Since your ISP is defective, I'll post this here rather than sending
you mail. (It seems to be rejecting mail from here as being
from a "uu.net dialup". It isn't, of course. UUnet is our backbone
provider, I think. Silly reason to reject mail anyway. You may
want to get a more competent ISP.
paul
--QQhusp22543.945888326/dfw7sosrv11.alter.net
The original message was received at Wed, 22 Dec 1999 18:45:24 GMT
from madway.xedia.com [198.202.232.199]
----- The following addresses had permanent fatal errors -----
<[EMAIL PROTECTED]>
----- Transcript of session follows -----
... while talking to fn1.freenet.edmonton.ab.ca. [198.161.206.8]:
>>> MAIL From:<[EMAIL PROTECTED]> SIZE=617
<<< 555 <[EMAIL PROTECTED]>... No mail from uu.net dialup.
554 <[EMAIL PROTECTED]>... Service unavailable
--QQhusp22543.945888326/dfw7sosrv11.alter.net
Content-Type: message/delivery-status
Reporting-MTA: dns; dfw7sosrv11.alter.net
Received-From-MTA: dns; madway.xedia.com
Arrival-Date: Wed, 22 Dec 1999 18:45:24 GMT
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.0.0
Remote-MTA: dns; fn1.freenet.edmonton.ab.ca
Diagnostic-Code: smtp; 555 <[EMAIL PROTECTED]>... No mail from uu.net
dialup.
Last-Attempt-Date: Wed, 22 Dec 1999 18:45:26 GMT
--QQhusp22543.945888326/dfw7sosrv11.alter.net
Content-Type: message/rfc822
Return-Path: <[EMAIL PROTECTED]>
Received: from xedia.com by dfw7sosrv11.alter.net with SMTP
(peer crosschecked as: madway.xedia.com [198.202.232.199])
id QQhusp22540
for <[EMAIL PROTECTED]>; Wed, 22 Dec 1999 18:45:24 GMT
Received: from tonga.xedia.com by xedia.com (4.1/SMI-4.1)
id AA00869; Wed, 22 Dec 99 13:43:03 EST
Received: by tonga.xedia.com (SMI-8.6/SMI-SVR4)
id NAA21226; Wed, 22 Dec 1999 13:45:23 -0500
Resent-Date: Wed, 22 Dec 1999 13:45:23 -0500
Date: Wed, 22 Dec 1999 13:45:23 -0500
Resent-From: [EMAIL PROTECTED] (Paul Koning)
Resent-Message-Id: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Paul Koning <[EMAIL PROTECTED]>
To: John Savard <[EMAIL PROTECTED]>
Subject: Re: Q: transcendental pad crypto
References: <83khsj$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <83m5c0$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.6 sun4u)
X-Accept-Language: en
Resent-To: [EMAIL PROTECTED]
John Savard wrote:
>
> "dls2" <[EMAIL PROTECTED]> wrote, in part:
>
> >I disagree. Every number is computable; it follows from induction.
>
> Yes, every _integer_ is computable.
>
> As there are only aleph-null possible computer programs, the existence
> of uncomputable reals follows from Cantor's diagonal proof.
Ah... short and sweet! And fortunately I remember enough math
to figure out what you're talking about...
paul
--QQhusp22543.945888326/dfw7sosrv11.alter.net--
------------------------------
From: amadeus @DELETE_THIS.netcomuk.co.uk (Jim)
Crossposted-To: alt.politics.org.cia
Subject: Re: Economic Espionage Act of 1996 and the U.S.A. government's violations
Date: Wed, 22 Dec 1999 19:09:40 GMT
Reply-To: Jim
On 22 Dec 1999 18:20:50 GMT, Eric Chomko <[EMAIL PROTECTED]> wrote:
>One world economy and that many more lawyers. Man, to think how much
>litigation we have in the US over corporate squabbles and now its going
>worldwide. I shutter to think about needing more lawyers and on a global
>scale. <shutter>
Just how do you do that? Shutter.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: elliptical curve encryption
Date: Wed, 22 Dec 1999 19:30:42 GMT
> hi all ! can someone provide me with a reference to details,
> algorithms, implementation issues on ECES. thank you
For a book on how to write it yourself, "Implementing Elliptic
Curve Cryptography" by Dr Michael Rosing. Excellent book.
For a free copy of source code (based upon that book) in C++
class form, www.ciphermax.com. Software uses copyleft licensing.
(It is free to you, you must freely share your modifications
with everyone else, and you can produce revenue from your work.)
For a commercial SDK and online reference material,
see www.certicom.com
>
> Regards
> Manik Taneja
> [EMAIL PROTECTED]
>
>
--
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
http://www.ciphermax.com/book
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How do you know if you found a key?
Date: Wed, 22 Dec 1999 19:38:21 GMT
> I refer you to J. Crypto 12/3: Cryptanalysis of Triple Modes of
> Operation, E. Biham, Pages 161-184, in which he outsmarts
> whole classes of inner-chaining modes such as this one.
>
> In contrast, the way most *software* implementations of 3DES work is
> called "outer-chaining" mode. As opposed to inner chaining, where the
> whole message is processed by DES, then that whole result is processed
> by DES again, etc., with outer chaining, the blocks are taken one at a
> time, and each one is processed by 3 DES's before outputting it and
> moving on to the next one.
>
> It turns out that, to our knowledge, this is much stronger.
>
> So, in the sense of "encrypt a whole message at a time", using a 3DES
> program is stronger than using a DES program 3 times.
I guess this is the part that stumps me. Why would it make a
significant difference? But if the article explains it, then
I would just need to know where I can get a copy of that article.
--
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
http://www.ciphermax.com/book
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: DES key safety
Reply-To: [EMAIL PROTECTED]
Date: Wed, 22 Dec 1999 20:05:16 GMT
On 22 Dec Markku-Juhani O. Saarinen <[EMAIL PROTECTED]> wrote:
>> In article <[EMAIL PROTECTED]>,
>> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>> > One question that would be nice to resolve is whether a single
>> > 64-bit block of corresponding plain and ciphertext always
>> > determines a *unique* 56-bit DES key. (It's not obvious.)
>
>David Wagner <[EMAIL PROTECTED]> wrote:
>> Yes. Non-obvious indeed.
>> However, it would be extremely surprising if the answer is `yes'.
>(..)
>> Another interesting feature of this calculation is that it suggests
>> we could find a proof that the answer is `no' (as expected) using just
>> 2^{72} work or so, if (..)
>
>I hope that I'm understanding this correctly.. but doesn't it suffice just
>to find collisions in DES ?
>
>Fix the plaintext block and take the new key from previous ciphertext
>(minus the parity bits). Collision search is O(2^(n/2)) and thus the
>overall complexity is around 2^8 * 2^28 = 2^36.
>
You're searching for collisions in the block, not the key,
so that's 2^(64/2) or 2^32. Assuming of course,
that keys actually map plaintext to cipher text with
an unbiased distribution.
It would also require saving 2^32 cipher-blocks,
which is 32Gigabytes of ram, so you might want to
do more searching and less saving.
Overall though, it seems very doable,
even with just a modern desktop PC.
Of course, you could just chose a pair of weak keys,
semi-weak keys, or possibly weak keys as listed in
Applied Crytography. Those are already known to
collide.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
