Cryptography-Digest Digest #799, Volume #10 Mon, 27 Dec 99 20:13:01 EST
Contents:
DVD encryption reportedly cracked - anyone knows more? (KloroX)
Re: Employing digits of pi (CLSV)
Re: DVD encryption reportedly cracked - anyone knows more? (Troed)
Re: Trying to find a soft copy of Simon Singhs puzzles ("John Lupton")
Re: Truly random bistream ("Nigel Fitchard")
Re: Synchronised random number generation for one-time pads
([EMAIL PROTECTED])
Re: ToySaber: a dehanced CipherSaber. (Jim Gillogly)
Re: Disbelief about Numbers Stations (TohuVohu)
Re: Disbelief about Numbers Stations (CombatXeroxRepairman)
Re: Employing digits of pi (David A Molnar)
Access User Level Security Announcement ("John E. Kuslich")
Re: Are PGP primes truly verifiable? (Bob Silverman)
Re: HD encryption passphrase cracked! ("John E. Kuslich")
Re: DVD encryption reportedly cracked - anyone knows more? (Klem O. Rainy)
Re: Are PGP primes truly verifiable? (Boudewijn W. Ch. Visser)
Re: Employing digits of pi ("Allan G. Schrum/Theresa C. Schrum")
Re: PKZIP compression security (Johnny Bravo)
----------------------------------------------------------------------------
From: KloroX <[EMAIL PROTECTED]>
Subject: DVD encryption reportedly cracked - anyone knows more?
Date: Mon, 27 Dec 1999 23:10:08 +0100
Reply-To: [EMAIL PROTECTED] (this is spam bait)
A Scandinavian newscast reported a couple of days ago that a Norwegian
student has broken the DVD encryption scheme (it was mentioned that
this now allows the free copying of DVD movies) . The newscast was
totally non-technical, the student was interviewed but his name not
disclosed, and it was mentioned that documentation is available on
Internet, but they did not say where. Does anyone have any concrete
information on this matter?
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Mon, 27 Dec 1999 22:15:22 +0000
Mok-Kong Shen wrote:
> Dann Corbit wrote:
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote
> > > It is known that the digits of pi can be computed starting from
> > > any arbitrarily chosen position. Let n indices giving such starting
> > > positions be given. One obtains with these n subsequences of pi.
> > > Now add the corresponding digits of the n subsequences modulo 10
> > > (or the base, if this is not 10), resulting in a digit sequence
> > > which we call R.
> > > Questions: Can we do any inference on R? If yes, how does the
> > > complexity of the task increase with n?
If you calculate in base 2 then you are using the
binary expansion of the fractional part of
2^e1 * PI + 2^e2 * PI + ... + 2^en
as the stream of a stream cipher.
> > This is just a one-time-pad.
Wouldn't "stream cipher" be more correct?
I always associate one-time-pad with a "real" random
bit-string which this is not.
> > I think the deep digits are more expensive
> > than the early ones to compute, even with the clever hex algorithm.
> > [...] It does not sound very secure to
> > me.
> Even within the range of published/known digits, one easily sees
> the combinatorial explosion with increasing n.
> Outside of that range,
> the computing effort renders the analyst's job worse (much worse,
> if it is rather expensive as you suggested).
It is expensive in the sense that you need to provide
many key bits while only achieving moderate security.
For example if you provide 128 key bits you only get
2 exponents in the range of [0..2^64-1] or 4 in the
range of [0..2^32-1] et cetera.
Furthermore the algorithm is very sensitive
to side-channel attacks.
Regards,
CLSV
------------------------------
From: [EMAIL PROTECTED] (Troed)
Subject: Re: DVD encryption reportedly cracked - anyone knows more?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 27 Dec 1999 22:26:50 GMT
KloroX <[EMAIL PROTECTED]> wrote:
>A Scandinavian newscast reported a couple of days ago that a Norwegian
>student has broken the DVD encryption scheme (it was mentioned that
>this now allows the free copying of DVD movies) . The newscast was
>totally non-technical, the student was interviewed but his name not
>disclosed, and it was mentioned that documentation is available on
>Internet, but they did not say where. Does anyone have any concrete
>information on this matter?
It was cracked a long time ago. More information can be found in old
discussions threads on www.slashdot.org, or why not at a fun place
like www.dvdpiracy.com :)
___/
_/
Nazister, rasister och andra dårar - ger bara sig själva kalla kårar
------------------------------
From: "John Lupton" <[EMAIL PROTECTED]>
Subject: Re: Trying to find a soft copy of Simon Singhs puzzles
Date: Mon, 27 Dec 1999 22:31:20 -0000
these have now been posted on the "Files" section of
http://www.onelist.com/community/CipherChallenge
John Lupton wrote in message <847esq$i3g$[EMAIL PROTECTED]>...
>Is there anywhere I can get a soft copy of the ciphertexts for "The Code
>Book" Cipher challenge.
>
>Bit slow typing them in and can't get to a scanner for a few days.
>
>Thanks in advance,
>
>John
>
>
------------------------------
From: "Nigel Fitchard" <[EMAIL PROTECTED]>
Subject: Re: Truly random bistream
Date: Mon, 27 Dec 1999 22:49:42 -0000
Awesome ! Exactly what I needed. Thank you very much.
Jim Gillogly wrote in message <[EMAIL PROTECTED]>...
>The RAND Corporation's famous and hoary book "A Million Random Digits"
>is on-line if archived random digits are suitable for your application.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Synchronised random number generation for one-time pads
Date: Mon, 27 Dec 1999 22:45:50 GMT
Joseph Ashwood wrote:
> While I certainly can't argue with your statements, I think you
> misinterpretted what I meant. What I meant is that typically in a OTP
is
> something like
> x[...] = random data
> m[...] = input
> d[...] = output
> for(i = 0 to length of data)
> d[i] = m[i] XOR x[i]
>
> What I propose is that instead we use a function like
> x[...] = random data
> m[...] = input
> d[...] = output
> for(i = 0 to length of data)
> d[i] = DES(m[i], x[i])
That definitely does not achieve perfect secrecy for
arbitrary plaintext language. Given a ciphertext
block, there are at most 2^56 possibilities for the
corresponding plaintext, while a priori there were
2^64.
If you use triple-DES, then I can't prove a lack of
perfect secrecy, but neither can you provably
establish it.
> It was this that I used to make the judgement of that it is not
subject to
> any reasonable attack that I am aware of.
True. But is that not also true of many schemes
that use a fixed-size secret key?
> It also has the improved security
> of having a 1/(2^56) chance of a correct guess of a subpassword, and a
> resistance to known-plaintext attacks as well (ie they still require
> significant resources for to determine the key for each block)
The assertion of weakness in the one-time pad is
a mistake based on confusing secrecy mechanisms
and authentication mechanisms. If you employ a
OTP for secrecy and need authentication too, add
a provable mechanism also based on a one-time
key stream (as all proven methods are). Don't
hack in changes that fail to provide provable
authentication while falsifying the premises on
which secrecy is proven.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: ToySaber: a dehanced CipherSaber.
Date: Mon, 27 Dec 1999 22:49:52 +0000
Guy Macon wrote:
> I don't suppose those kind folks in Washington DC gave us any hints
> as to what parameters they use to decide this, did they? It's
> enough to make me think that they don't trust me! ;)
Sure -- www.bxa.doc.gov is where you start. Hints galore... but
that doesn't keep you from going through the process, including the
infamous one-time review. Also, cases are modified by details. I
understand someone wasn't allowed to export 40-bit Blowfish because
the key setup took longer than the preferred 40-bit systems; 32-bit
Blowfish was the max for that exporter. Which of course doesn't
mean <you> can export 32-bit Blowfish without getting your own
license.
As you would expect, BXA relies on NSA for crypto expertise in
the "one-time review". Don't expect naive people on the other
side of the table.
--
Jim Gillogly
Mersday, 5 Afteryule S.R. 2000, 22:42
12.19.6.14.15, 4 Men 3 Kankin, Seventh Lord of Night
------------------------------
From: [EMAIL PROTECTED] (TohuVohu)
Subject: Re: Disbelief about Numbers Stations
Date: 27 Dec 1999 22:58:17 GMT
>Similarly, why in the age of rapid satellite and fibre-optic communications,
>do so many embassies use slow outdated conventional 5 letter/figure-group
>systems on HF radio? Is there some sort of convention that requires them
>to be twenty years behind the rest of the world? (!!)
You may have just hit the nail on the head. Communication with persons in
third world countries? Remember also that a shortwave radio is unlikely to
draw as much attention as a burst transmitter or a computer loaded with crypto
software. In remote region I suppose a shortwave might be the equivalent of
our tabletop FM radio.
I'm sure almost anyone in the intelligence community knows what these stations
are but to my knowledge, the answer has never been released to the public.
Training for signals intelligence operators? for Radio operators? for
Cryptanalysts? Lots of spanish speaking stations - drug dealers making last
minute changes to orders? Routes? Destinations? Contact with rebel forces in
the field? Backup communications in case computers and sats fried by EMP?
I think the training theory is valid as there are signals that have a hidden
layer to them. Similar to the principle of stenography where the visible
message is a diversion. A SIGINT (or is it ELINT?) trainee who found messages
beneath messages would demonstrate proficiency.
[EMAIL PROTECTED]
------------------------------
From: CombatXeroxRepairman <[EMAIL PROTECTED]>
Subject: Re: Disbelief about Numbers Stations
Date: Mon, 27 Dec 1999 14:51:59 -0800
Jim wrote:
> Similarly, why in the age of rapid satellite and fibre-optic communications,
> do so many embassies use slow outdated conventional 5 letter/figure-group
> systems on HF radio? Is there some sort of convention that requires them
> to be twenty years behind the rest of the world? (!!)
>
> --
> Posted by G4RGA.
> Rallies Info: http://website.lineone.net/~nordland
> http://www.netcomuk.co.uk/~amadeus
Because in the spook business you don't want to have special equipment to
receive messages. Just a common
short-wave receiver and a notepad.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: 27 Dec 1999 22:41:08 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> if it is rather expensive as you suggested). Perhaps I should mention
> that I am asking for (as always) practical security, not theoretical
> security. (I am not quite sure that all the three letter agencies
> of the world put together possess one million machines.)
Data point :
1,548,364 users of SETI@Home
source : http://setiathome.ssl.berkeley.edu/stats/totals.html
Price point :
Today I can buy a 400Mhz Celeron machine for US$500 from the
corner PC store. 1M of these at that price is 500 million US. Chop off
some for the bulk discount, add it back for dealing with cooling and
power problems, and you still have less than the cost of some millitary
hardware.
Maybe one billion is still out of reach?
-David
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Access User Level Security Announcement
Date: Mon, 27 Dec 1999 16:20:31 -0700
AXcrak for User Level Security bypass now works for versions 7.0 and 8.0
(Office 95 and Office 97) of Access. There is no longer any restriction
on Jet database dll version. Demo and full versions are available. A
valid mdw file is required.
http://www.crak.com
Access 2000 will follow soon.
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto;
Subject: Re: Are PGP primes truly verifiable?
Date: Mon, 27 Dec 1999 23:10:31 GMT
In article <8489vp$fc7$[EMAIL PROTECTED]>,
Greg <[EMAIL PROTECTED]> wrote:
>
> > > Promes used for key generation are validated statistically: aplpy
> > > a test with that prime and a random number: if the test fails, it's
> > > no prime but if it succeeds, there's a 50% chance it's a prime.
> >
> > Please explain where you get your facts. They are simply wrong.
<snip>
> Correct me if I am wrong, but to validate a prime deterministically,
> one would have to know every prime that comes before it to a certain
> point and verify that every prime before it is not a factor of the
> prime in question
False. May I suggest you do some basic reading about this subject
before posting further? You lack even the rudiments of the subject.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To: misc.misc
Subject: Re: HD encryption passphrase cracked!
Date: Mon, 27 Dec 1999 16:31:17 -0700
I have heard stories supposedly originating from one of those three
letter agencies that indicate a really phenominal level of paranoia
regarding those old 9-track computer tapes.
The story goes that there are machines available which will take one of
those big spools of old tape, unwind it at ungodly speed and feed the
tape into a huge blow torch, thus instantaneously vaporizing the tape as
it unspools.
Seems nobody really trusts a bulk degausser. Maybe there guys know
something about magnetic media...:--)
JK
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Matthew
>Montchalin <[EMAIL PROTECTED]> writes:
> >medium with a pair of tweezers? Sure, they say that microscopic
> >particles of dirt get into the hard drive, substantially compromising the
> >storage capabilities, but if you really wanted to eradicate every last
> >trace of the data, and yet still be able to use the medium (that is the
> >important part), you can swipe a kitchen magnetic over and around and
> >around the medium before replacing it again. Of course, after doing
>
> Well. I suspect that this would not do much good. A household kitchen
> magnet is not all that strong, and furthermore it has a very low Fourier
> coefficient on the drive surface, so it will not be very effective at
> all in erasing those transients between 0 and 1 on the disk platter. It
> may well mess it up enough to make it unuseable but not enough that
> someone could not recover whatever data was there already. You need a
> very strong alternating magnetic field to do a good job of bulk erasing.
> , and enven then I would worry about leaving the transients detectable.
> Much better to burn it-- make sure the material goes above its Neal
> temperature. Of course that makes it somewhat unuseable afterwards.
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: [EMAIL PROTECTED] (Klem O. Rainy)
Subject: Re: DVD encryption reportedly cracked - anyone knows more?
Date: Mon, 27 Dec 1999 23:29:51 GMT
KloroX <[EMAIL PROTECTED]> wrote:
>A Scandinavian newscast reported a couple of days ago that a Norwegian
>student has broken the DVD encryption scheme (it was mentioned that
>this now allows the free copying of DVD movies) . The newscast was
>totally non-technical, the student was interviewed but his name not
>disclosed, and it was mentioned that documentation is available on
>Internet, but they did not say where. Does anyone have any concrete
>information on this matter?
Do a search for "DeCSS" on any search engine, like www.webcrawler.com.
The program is available from many web sites.
--
"Klem O. Rainy" is actually [EMAIL PROTECTED] (3702 869145).
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: [EMAIL PROTECTED] (Boudewijn W. Ch. Visser)
Crossposted-To: talk.politics.crypto;
Subject: Re: Are PGP primes truly verifiable?
Date: 27 Dec 1999 23:07:21 GMT
On Mon, 27 Dec 1999 18:14:45 GMT, Greg <[EMAIL PROTECTED]> wrote:
[..]
>>
>> (1) Primes *can* be validated statstically. They can also
>> be validated deterministically. Algorithms (and software)
>> exists that will rigorously prove primality. So it depends
>> on who is doing the testing whether one generates provable
>> primes or probable primes.
>
>Correct me if I am wrong, but to validate a prime deterministically,
>one would have to know every prime that comes before it to a certain
You are wrong, because it IS possible to prove a number prime without
knowing all primes below it. You were thinking of deviding by all primes
lower than your number to prove it prime ? Luckily there are
-much- faster ways to prove a number prime.
>point and verify that every prime before it is not a factor of the
>prime in question. Once you get to a certain length, it becomes
>infeasible to do so. Once you get to another certain length,
>it becomes physically impossible to validate the prime in question.
It is easily possible to prove numbers prime that are much larger
than the limit you image. (numbers of hundreds of thousands digits
large have been proved prime. Although these numbers are of a
special form , for which extremly fast algorithms are possible ).
See for example http://www.utm.edu/research/primes/prove/proving.html
Boudewijn
--
+--------------------------------------------------------------+
|Boudewijn Visser | E-mail:[EMAIL PROTECTED] |
| - - | http: |
+-- my own opinions etc ---------------------------------------+
------------------------------
From: "Allan G. Schrum/Theresa C. Schrum" <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Mon, 27 Dec 1999 19:53:20 -0500
For the fun of it, look at:
http://www.cecm.sfu.ca/projects/pihex/pihex.html
This site is a home for a distributed computing project of the parts of Pi.
They are currently calculating the quadrillionth bit (250 trillionth hexit)
of Pi. Similar to SETI or GIMPS ( http://www.mersenne.org/prime.htm ) it
uses idle time of computers to calculate the digits of Pi.
However, my idle time goes to GIMPS :-)
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: PKZIP compression security
Date: Mon, 27 Dec 1999 19:48:31 GMT
On 27 Dec 1999 19:34:51 GMT, [EMAIL PROTECTED] (BigJim44) wrote:
>I know it's not exactly PGP but would zipping a text file with PKZIP before
>encipherment significantly increase the security of the link?
>
>Thanx...
It is only useful for decreasing bandwidth since the first few known
bytes in standard headers will not affect the security of modern
ciphers as they are designed to withstand plaintext attack of the
entire file, much less a few bytes.
Johnny Bravo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
