Cryptography-Digest Digest #815, Volume #10 Fri, 31 Dec 99 12:13:01 EST
Contents:
Re: letter-frequency software ("r.e.s.")
Re: cryptography website(dutch)!!!!! (wtshaw)
The Cipher Challenge from the Code Book (Sisson)
Re: The Cipher Challenge from the Code Book ("Chris Williams")
Re: File format for CipheSaber-2? ("Rick Braddam")
Re: File format for CipheSaber-2? (Johnny Bravo)
DECRYPTION Urgent! ("Van Der Mussele")
Re: Cryptanalysis (TohuVohu)
Re: DECRYPTION Urgent! ("Michael Scott")
Re: File format for CipheSaber-2? (Paul Crowley)
Re: File format for CipheSaber-2? (Paul Crowley)
Re: Data Encryption in Applet? (Michel Dalle)
Re: DECRYPTION Urgent! ("Michael Scott")
Re: looking for simple RSA source (RSAEURO General)
Re: DECRYPTION Urgent! (John Savard)
----------------------------------------------------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: letter-frequency software
Date: Thu, 30 Dec 1999 20:17:52 -0800
It's a pleasant discovery indeed to find that there
seem to be some really decent free compilers around.
Thanks to all who replied.
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: cryptography website(dutch)!!!!!
Date: Thu, 30 Dec 1999 23:28:17 -0600
In article <84g9ug$76s$[EMAIL PROTECTED]>, "Red Shadow"
<[EMAIL PROTECTED]> wrote:
> ya indeed that's right
> John Savard <[EMAIL PROTECTED]> wrote:
> > It insists you have the Macromedia Flash plug-in installed, it insists
> > on JavaScript being enabled...
> >
The lesson is that people who are serious about computer security do not
invite trouble. If you want a site to be read by many, make it Mosaic
compatible. Any web snatcher should be able to read it if Mosaic can.
--
Only a little over a year left to go in this centrury....
Knowing this, figure that a year from now, we will
resale of the hoopla we are getting ready to see now.
------------------------------
From: Sisson <[EMAIL PROTECTED]>
Subject: The Cipher Challenge from the Code Book
Date: Fri, 31 Dec 1999 07:14:19 GMT
Hello All!
Could someone help me with Stage 3: Monoalphabetic Cipher with
Homophones
my main question is, what does "Monoalphabetic Cipher with Homophones"
mean? is it Homophonic substitution (p52)? if it is, why is the example
of the book numerical, and why when put through frequency analycist Q
has 18.4%?
I have attached (zipped) an excel file that contains all my work so far
Thanks,
Spendabuck
[EMAIL PROTECTED]
ICQ #32207659
------------------------------
From: "Chris Williams" <[EMAIL PROTECTED]>
Subject: Re: The Cipher Challenge from the Code Book
Date: Fri, 31 Dec 1999 18:36:33 +1100
You may wish to visit http://www.onelist.com/community/CipherChallenge for
some hints.
> my main question is, what does "Monoalphabetic Cipher with Homophones"
> mean? is it Homophonic substitution (p52)? if it is, why is the example
> of the book numerical, and why when put through frequency analycist Q
> has 18.4%?
It is, just using letters and the asterisk instead of numbers. One cipher
letter is very frequent, perhaps it is not a plain letter at all!
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: File format for CipheSaber-2?
Date: Fri, 31 Dec 1999 03:42:31 -0600
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:84h8bc$[EMAIL PROTECTED]...
>
> Looks like there is no standard file format for ciphersaber-2.
> Anyone care to propose one, or would you prefer that the clueless
> newbie make a proposal that you can rip to shreds? <grin>
> The attribute of being two way cyphersaber-1 compatable when
> repeats=1 is highly desirable. Making the user memorize a repeat
> number is undesirable. Revealing the repeat number to attackers
> is acceptable.
>
I hope no one gets upset if a clueless lurker takes a shot. How about
making the repeat value a choice between 1 and the contents of the key
or state table at a fixed index, after the key scheduling? The value
would not have to be transferred between the correspondants as long as
they used the same pass phrase and salt, which they'd have to do anyway,
and the salt must be new for each message. The choice of 1 or the value
would provide compatability with CipherSaber-1.
The value of a particular location in the key table (say, keyTable[10])
should be fairly unpredictable, resulting in an approximately random
repeat count from message to message. The repeat count would not need to
be sent with the message, each user would generate it themselves.
Therefore, no change in the file format from CS-1 (or CS-2).
Yes, I did look at the CipherSaber page and algorithm description. If
I've missed an obvious reason why this would be insecure, just ignore
me.
--
Rick
============================
Spam bait (With credit to E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: File format for CipheSaber-2?
Date: Fri, 31 Dec 1999 05:34:19 GMT
On 30 Dec 1999 22:36:12 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
> Making the user memorize a repeat
>number is undesirable. Revealing the repeat number to attackers
>is acceptable.
Just use the number of repeats (in Hex) as the last two digits of
the IV. If the number of repeats is 1, CS-1 programs can read it.
CS-2 programs could look for a .cs2 extension on the filename to
determine if it should automatically use the value, a .cs1 to use a 1
value, or ask the user to decide in other cases.
This gives an N value up to 65k, which is more than enough, and
would cause a 15 second delay on my system. :)
Best Wishes,
Johnny Bravo
------------------------------
From: "Van Der Mussele" <[EMAIL PROTECTED]>
Subject: DECRYPTION Urgent!
Date: Thu, 30 Dec 1999 22:00:16 +0100
I calculated already the private key.
I checked the numbers several times but I can be wrong.
m(modulus) = 40000399997
e(exponent) = 108947
c(ciphertext = message) = 32567023914 8713291675 25687690793
this message exist out of 9 characters with 3 words=> 3 words with 3 char
I calculated p & q
p = 199999
q = 200003
=> gcd(39999999996,108947) = 1
=> private key = 367151
So I have the private key (I think I have). Now the only thing left
to do is decrypt the ciphertext.
So I need to calculate 32567023914 ^ 367151 (this number is too big
for me to calculate. = > 32567023914 ^ 367151 mod pq
Or am I wrong to do that? Is there any easier way ?
I have heard of a Chinese way to decrypt that, but in my eyes it seems
harder to find it.
Is there any program , programming language , easier way to calculate this
on
a PIII 450 MHz ,192 MB RAM, Win98? And that in less then 1 day??
And do the same for the 2 other words???
Or is there anyone who can calculate this for me.
The decrypted message should be a message about new year. Maybe in dutch.
Please help me out.
Thanks
Stimpy, Antwerp
------------------------------
From: [EMAIL PROTECTED] (TohuVohu)
Subject: Re: Cryptanalysis
Date: 31 Dec 1999 11:34:27 GMT
>I remember reading
>sometihng a few weeks ago about how cryptosystems are often created to
>meet a purpose and you wouldn't use a difficult cryptosystem to apply
>to a message to send info that will expire in one week.
>I need to source that, anyone know a web page, book, magazine article,
>etc which covers the above?
I think Scheneir (darn thats hard to spell) in Applied Cryptography covered
that concept. I don't know how much he elaborates on it (probably not too
much).
[EMAIL PROTECTED]
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: DECRYPTION Urgent!
Date: Fri, 31 Dec 1999 12:19:21 -0000
Van Der Mussele <[EMAIL PROTECTED]> wrote in message
news:84i0u3$1cq$[EMAIL PROTECTED]...
> I calculated already the private key.
> I checked the numbers several times but I can be wrong.
> m(modulus) = 40000399997
> e(exponent) = 108947
> c(ciphertext = message) = 32567023914 8713291675 25687690793
> this message exist out of 9 characters with 3 words=> 3 words with 3 char
The message is 726580 808932 895075, which could be ",,4" "1/d" "6Pc",
whatever that means!
Mike Scott
> I calculated p & q
> p = 199999
> q = 200003
> => gcd(39999999996,108947) = 1
> => private key = 367151
> So I have the private key (I think I have). Now the only thing left
> to do is decrypt the ciphertext.
> So I need to calculate 32567023914 ^ 367151 (this number is too big
> for me to calculate. = > 32567023914 ^ 367151 mod pq
> Or am I wrong to do that? Is there any easier way ?
> I have heard of a Chinese way to decrypt that, but in my eyes it seems
> harder to find it.
> Is there any program , programming language , easier way to calculate this
> on
> a PIII 450 MHz ,192 MB RAM, Win98? And that in less then 1 day??
> And do the same for the 2 other words???
> Or is there anyone who can calculate this for me.
> The decrypted message should be a message about new year. Maybe in dutch.
>
>
>
> Please help me out.
>
> Thanks
>
> Stimpy, Antwerp
>
>
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: File format for CipheSaber-2?
Date: 31 Dec 1999 10:12:15 -0000
[EMAIL PROTECTED] (Johnny Bravo) writes:
> Fixing it to a power of two seriously weakens the cipher given 10
> bytes of known plaintext. For my machine, there are only 10 or so
> possible values that I could use that would take 5 minutes or less to
> decrypt, giving me about 10 minutes max just to read one message.
No, 5 minutes - you don't have to start again from the beginning if
you get the repeat count wrong, you keep trying from where you got up to.
> very fast machine would easily do this work in just a few seconds for
> all the 10 values, then use the ten known plaintext elements to find
> 10 known values in the state array, it is a bad thing to tell attacker
> what 4% of your message key is.
Eh? If you know of a way of finding 10 known values in the RC4 state
array given 10 consecutive bytes of output, you have a significant new
result against the cipher, in which case please tell us!
> Having a know number of mixings is not a weakness, but having 10
> known plaintext characters at the start of the message is.
I don't see this. RC4 is meant to be resistant to known plaintext
attack.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: File format for CipheSaber-2?
Date: 31 Dec 1999 10:41:17 -0000
[EMAIL PROTECTED] (Guy Macon) writes:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
>Crowley) wrote:
> >Here's what I proposed for CipherSaber-3:
> >
> >(1) Fix the number of repeats to a power of 2 >= 256
>
> Assuming that you mean a power of two that has a result
> less than 256 (you CAN'T mean the exponent can be up to
> 256 - it would run almost forever!), that's
> 1,2,4,8,16,32,64,128, or 256. Right?
Ah, I forgot how CipherSaber-2 was specified, so I've been using the
phrase "number of repeats" when that's not what I meant. I meant to
propose that we drop the idea of using repeated key scheduling, and
instead discard N bytes of output before we start using the keystream.
That way, the underlying cipher remains pure RC4 rather than being a
new variant. Sorry...
So what I meant to specify was that CipherSaber-3 mandate that at
least 256 bytes of output be discarded, to avoid Andrew Roos' weak key
problems. Obviously I'm not suggesting we mandate 2^256 discards...
> >(2) Fix the first ten bytes of the message to "\0"
>
> Ouch! I can't say why, but I mhave a bad feeling about giving
> any attacker a 10 byte known plaintext attack.
I know what you mean, but I disagree. I think people are
unnecessarily fearful of including known plaintext into systems that
are meant to be resistant to known plaintext attack; in this case,
it's a convenient solution to a problem.
> >(3) Store the number of repeats nowhere!
>
> May I assume that you try the 8 allowed repeat numbers until you
> get a match, starting with 1? Nice! this would allow you to send
> messages with repeats=1 that ciphersaber-1 could decode. Hmm. you
> wouldn't be able to decode ciphersaber-1 messages that don't have
> the zeros in the plaintext.
No. Compatibility with CipherSaber-1 was not one of the goals; I
wanted something that could have a user-friendly front end, and so
that meant being able to tell when we had a correct decrypt rather
than handing the user garbage. Another thing I'd change would be to
introduce a useful "magic number" at the start
CS-1 is beautifully simple, but the price it pays is that it's very
ill-behaved. I wanted to work out what the simplest solution was that
was well-behaved.
> >Then, if you get the passphrase right, you'll know because you'll find
> >those ten zeroes at an appropriate point in the keystream. If you get
> >it wrong, you'll eventually figure it out because you don't find them
> >after an implausibly long wait.
>
> Wouldn't this increase the efficiency of a brute force passphrase
> guessing program? Normaly such programs have to figure out if
> the latest guess is a human language. You hand them a more efficient
> method of doing this.
In practice the cost of doing this check is very low; only a small
subset of the possible outputs are plausible messages and the tests
are fast. The point of my proposal is that it makes brute force
attacks far more expensive, because after scheduling each key you have
to discard huge amounts of output to do each test; this serves as a
"key stretching" system, which is very important when your keys are
passphrases.
> I am not convinced that hiding the number of repeats is all that
> important.
One goal of my CS-3 is to be as nasty as possible to passphrase
guessing attacks. With this proposal, any such attack has to decide
on a maximum number of repeats to try before giving in. You set such
a maximum, and search, and fail: now, did you fail to generate the
right passphrase or did you just set the maximum too low?
> I also see little benefit to doing more than 256 repeats,
The benefit is the key stretching. My Perl implementation only takes
2 seconds to do 256 repeats (ie 65536 key scheduling steps); the C
implementation would do it in an instant.
> and a serious disadvantage for sytems that do 8 bit math.
Not really, systems that do 8-bit math are designed to be able to
count above 255 in a straightforward way.
> Looks like there is no standard file format for ciphersaber-2.
Unfortunately there is: it's the same as CS-1.
> Anyone care to propose one, or would you prefer that the clueless
> newbie make a proposal that you can rip to shreds? <grin>
> The attribute of being two way cyphersaber-1 compatable when
> repeats=1 is highly desirable. Making the user memorize a repeat
> number is undesirable. Revealing the repeat number to attackers
> is acceptable.
That suggests making the repeat number part of the IV somehow.
I'm enjoying this discussion - I look forward to hearing your ideas!
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: [EMAIL PROTECTED] (Michel Dalle)
Crossposted-To:
comp.lang.java.security,microsoft.public.java.security,comp.lang.java.programmer
Subject: Re: Data Encryption in Applet?
Date: Fri, 31 Dec 1999 14:36:33 GMT
In article <lrHa4.505$[EMAIL PROTECTED]>, "David Clay"
<[EMAIL PROTECTED]> wrote:
>Check out JEncryptX - www.innerdynamics.com
>
>DC
There is also an applet that supposedly uses DES to
encrypt/decrypt webpages : www.guardbot.com.
It's still in beta release, though, and doesn't work through
a proxy server when using Netscape.
And the password is temporarily stored as a cookie on the
client side, which may present additional dangers...
Maybe someone more knowledgable about crypto can have
a closer look at it ? :)
Michel.
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: DECRYPTION Urgent!
Date: Fri, 31 Dec 1999 15:35:05 -0000
Michael Scott <[EMAIL PROTECTED]> wrote in message
news:dd1b4.2901$[EMAIL PROTECTED]...
> The message is 726580 808932 895075, which could be ",,4" "1/d" "6Pc",
> whatever that means!
>
> Mike Scott
>
Ah, I get it now. Its to base 100, so its 72 65 80 etc. in Ascii, which
is....
HAPPY Y2K
which provokes me to comment that with the "Y2K Millenium Bug Scare"
Mankind just made the biggest eejit of itself since Orson Wells convinced
half of America that the Martians had landed.
Mike Scott
>
> > I calculated p & q
> > p = 199999
> > q = 200003
> > => gcd(39999999996,108947) = 1
> > => private key = 367151
> > So I have the private key (I think I have). Now the only thing left
> > to do is decrypt the ciphertext.
> > So I need to calculate 32567023914 ^ 367151 (this number is too big
> > for me to calculate. = > 32567023914 ^ 367151 mod pq
> > Or am I wrong to do that? Is there any easier way ?
> > I have heard of a Chinese way to decrypt that, but in my eyes it seems
> > harder to find it.
> > Is there any program , programming language , easier way to calculate
this
> > on
> > a PIII 450 MHz ,192 MB RAM, Win98? And that in less then 1 day??
> > And do the same for the 2 other words???
> > Or is there anyone who can calculate this for me.
> > The decrypted message should be a message about new year. Maybe in
dutch.
> >
> >
> >
> > Please help me out.
> >
> > Thanks
> >
> > Stimpy, Antwerp
> >
> >
>
>
------------------------------
From: [EMAIL PROTECTED] (RSAEURO General)
Subject: Re: looking for simple RSA source
Date: Fri, 31 Dec 1999 15:36:42 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 28 Dec 1999 13:59:10 +0100, "Lieven Iliano"
<[EMAIL PROTECTED]> wrote:
> I'm looking for a simple RSA source wrote in C. It's just for a project for
> university used as an example. It doesn't have to be very complex just with
> little prime ciphers.
You could look at our product RSAEuro which can be found on our
website at http://www.reapertech.com/RSAEuro/
Regards
RSAEuro Team
============================================================================
RSAEURO: [EMAIL PROTECTED]
RSAEURO Bugs: [EMAIL PROTECTED]
Tel: +44 (0)370 566687
Http: http://www.reapertech.com/RSAEuro/
RSAEURO - Copyright (c) J.S.A.Kapp 1994-2000.
============================================================================
RSAEURO - Cryptography for the World.
Reaper Technologies - Computer Security Specialists
Note:
All Unsolicited Email (SPAM) sent to Reaper Technologies email
addresses will result in the sender being billed for all
resources used in processing this mail.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: DECRYPTION Urgent!
Date: Fri, 31 Dec 1999 16:39:19 GMT
On Thu, 30 Dec 1999 22:00:16 +0100, "Van Der Mussele"
<[EMAIL PROTECTED]> wrote:
>So I need to calculate 32567023914 ^ 367151 (this number is too big
>for me to calculate. = > 32567023914 ^ 367151 mod pq
>Or am I wrong to do that? Is there any easier way ?
Calculate 32567023914 ^ 2 mod pq,
then take the result, square it mod pq,
and repeat.
By taking mod pq at each step, you avoid really enormous numbers.
To get 32567023914 ^ 367151 mod pq (without ever getting 32567023914 ^
367151 plain) you convert 367151 to binary notation.
That will show you which powers of 32567023914 (^1, ^2, ^4, ^8...
which you generated by the steps above) you need to multiply together.
This is the exponentiation version of "Russian Peasant
Multiplication", but the Chinese Remainder Theorem has to do with
something else entirely.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
