Cryptography-Digest Digest #847, Volume #10 Thu, 6 Jan 00 01:13:01 EST
Contents:
Re: Is DES still used for ATM transactions ???? ("Saiful Mazli")
Re: How about this for a "randomly" generated bitstream? (Guy Macon)
Re: Square? (Tom St Denis)
Re: Square? (Tom St Denis)
Re: Wagner et Al. (Tom St Denis)
crypto papers (Tom St Denis)
Re: Please Comment: Modified Enigma (Jim Gillogly)
Re: RSA encrypt (Scott Fluhrer)
Re: The Cipher Challenge from the Code Book (Paris Guffey)
Re: Wagner et Al. (Steve K)
Re: crypto papers (Steve K)
Re: If you're in Australia, the government has the ability to modify y (The King)
Re: is signing a signature with RSA risky? (Steve K)
Re: New ECM record: up to 60 digits ([EMAIL PROTECTED])
Re: REQ: Applied Crypto source disc (Guy Macon)
Re: Unsafe Advice in Cryptonomicon (Guy Macon)
Re: Wagner et Al. (Guy Macon)
Re: Wagner et Al. (Guy Macon)
----------------------------------------------------------------------------
From: "Saiful Mazli" <[EMAIL PROTECTED]>
Subject: Re: Is DES still used for ATM transactions ????
Date: Thu, 6 Jan 2000 09:58:35 +0800
Definitely.
Buchinger Reinhold <[EMAIL PROTECTED]> wrote in message
news:8506nr$otv$[EMAIL PROTECTED]...
> Hello !!
>
> I simply want to know, if DES is still used for ATM transactions in Europe
> (and US).
>
> Thank's a lot for your help !!!!
>
> Reinhold Buchinger
>
>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: How about this for a "randomly" generated bitstream?
Date: 05 Jan 2000 21:35:17 EST
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John McDonald, Jr.) wrote:
(description of record player -> soundcard)
>That is to say even if they knew you recorded the Philharmonic's
>rendition of the William Tell Overture, they would need your actual
>record, as well as player, and even then they would be off by at least
>1% of the bits gathered. When you are speaking of 2^24 bits, 1% is a
>fairly substantial number. If they are using another record on another
>player they would be lucky if they were to get 25% of the bits you
>gathered. And if they didn't know which song(s) you used, they would
>be lucky to get 1% of the bits that you had.
>
>Does anyone have thoughts on this?
It's easy to get much better than 25% randomness. Alas, a bit
stream with 25% random bits and 75% predictable or biased bits
seems to strike those who know a lot more crypto than I do as
a serious weakness. I know hardware, and I am very confident
that I can achieve a 99.X% [99.9? 99.99? 99.999?], and that I
will never be able to prove 100%. Folks who know crypto better
than I do tell me that they can not prove that 99.X% is good
enough for certain crypto uses.
> Problems with implementation?
Use a microphone listening to traffic on a busy street instead
of a recordx, and exclusive or the result with the best (most
unbiased) pseudorandom generator available. Still not perfect,
but much better.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: Thu, 06 Jan 2000 03:06:05 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > All I know is in the paper 'The Block Cipher: Square' they have an
> > attack for anything under 6 rounds. I can send copies to anyone who
>
> It appears certain that any block cipher with sufficiently reduced
> number of rounds can be cracked. Hence the question: Why are block
> ciphers with (designed) variable, instead of constant, number of
> rounds not very common? With that parametrization an algorithm
> could adapt to the future advances of analysis techniques at least
> to some reasonable extent and hence survive.
>
> M. K. Shen
>
You can always add more rounds to most ciphers. It simply requires
more round keys and more rounds of course. You could [as demonstrated
in the RC5 paper] encode the keysize/rounds in the ciphertext packet.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Square?
Date: Thu, 06 Jan 2000 03:07:28 GMT
In article <8501p2$rr5$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
> In article <84v0lv$rsu$[EMAIL PROTECTED]>,
> Andrej Madliak <[EMAIL PROTECTED]> wrote:
> > Who knows something about the "Square" algorithm, it's
> > strenght/weaknesses and attacks against it?
>
> Instead of Square, I'd suggest considering Rijndael, a successor of
> Square that has received a good deal of analysis thanks the fact that
> it is currently one of the five AES candidates.
>
> But frankly, I wouldn't suggest using a cipher as new as either Square
> or Rijndael for production purposes unless it were absolutely
necessary.
> What's wrong with Triple-DES or Blowfish?
With that line of thinking I was wondering why you didn't suggest RC4?
It's simple, compact and fast....
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Wagner et Al.
Date: Thu, 06 Jan 2000 03:11:10 GMT
In article <[EMAIL PROTECTED]>,
"Daniel Roethlisberger" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >You are missing my point. I never said trojans [defn = any
> >program that's sole purpose is to defeat security] can't
> >totally break Peekboo. I whole heartedly agree trojans
> >can break Peekboo. ... oh and PGP, and Scramdisk, and
> >....
> >
> >The best solution is to avoid getting them. Don't go to
> >websites you don't trust. Turn off all 'features' like
> >java/activex and don't run attachements... that's the best
> >you can do.
>
> Against PGP, an attack would be much more difficult. PGP employs its
own
> memory lock driver, so sensitive data doesn't get paged to disk. PGP
does
> its best to try and make an attack difficult or feasible. PGP does
not send
> keys through easily interceptable windows messages. A trojan will
have a
> hard time against PGP, while its task is very easy against Peekboo.
>
> As for turning the features off... I mentioned this before, but
everyone can
> install a program on your computer without you noticing, if you are
using
> windows 9x. On NT, this is somewhat more tricky, but still easily
possible
> (eg. by booting from a linux floppy with the ntfs mod - is your
floppy drive
> locked? I don't suppose so...). It doesn't need to be a so called
trojan,
> gotten through email or from a web site. It can be your wive wanting
to know
> who you send encrypted love letters to. Or your little hacker brother
who
> just likes reading your encrypted stuff. These will have a hard time
if you
> were using PGP, but as you are using Peekboo, every minimally skilled
> programmer can read up in the API docs how to hook a message.
>
> If complete protection is impossible, any security-related software,
and
> cryptographic software in particular, should at least make it
difficult for
> them. Firewalls can be penetrated as well, but you still put one in
front of
> every secured network. Because it makes the attackers job much more
> difficult.
>
> /Dan
You just don't get it, do ya?
If you can't protect against trojans, why bother bloating the code to
try and protect against them. Thicker condoms is not always safest....
I clear the stack and encrypt the keyfile. That's about all I can do.
That's all I do.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: crypto papers
Date: Thu, 06 Jan 2000 03:13:20 GMT
Goto
http://www.dasoft.org/tom/
For papers related to crypto...
Tom
--
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Please Comment: Modified Enigma
Date: Thu, 06 Jan 2000 04:12:31 +0000
Albert Yang wrote:
> such things are very weak. Enigma is a joke to crack for my desktop.
Oh? In that case, since it's no trouble for you, perhaps you'd be so kind
as to provide me with the settings that produced the Enigma messages in
Ralph Erskine's letter at:
http://www.fortunecity.com/skyscraper/coding/379/erskin.htm
I'll be extremely interested to learn how long it took your desktop.
--
Jim Gillogly
15 Afteryule S.R. 2000, 04:09
12.19.6.15.5, 1 Chicchan 13 Kankin, Eighth Lord of Night
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: RSA encrypt
Date: Thu, 06 Jan 2000 04:19:47 GMT
In article <[EMAIL PROTECTED]>,
Frank the root <[EMAIL PROTECTED]> wrote:
>Hum... I'm a bit new to cryptography but I would like to know how RSA can encrypt
>and decrypt a message ( in equations: c = m^e mod n and m = c^e mod n ) if there
>is not enough atoms in the universe to complete the operation c^d??
Simple, you don't compute c^d, and then apply mod n to it, you do them together.
Here's a simple example: suppose e = 257. Then, to compute m^e mod n, you
compute:
temp = m^2 mod n -- temp = m^2 mod n
temp = temp^2 mod n -- temp = m^4 mod n
temp = temp^2 mod n -- temp = m^8 mod n
temp = temp^2 mod n -- temp = m^16 mod n
temp = temp^2 mod n -- temp = m^32 mod n
temp = temp^2 mod n -- temp = m^64 mod n
temp = temp^2 mod n -- temp = m^128 mod n
temp = temp^2 mod n -- temp = m^256 mod n
c = temp*m mod n -- c = m^257 mod n
Here, we computed m^257 mod n, without ever having to handle a number larger
than n^2.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Paris Guffey)
Subject: Re: The Cipher Challenge from the Code Book
Date: Thu, 06 Jan 2000 04:26:08 GMT
On Tue, 04 Jan 2000 07:23:25 GMT, Sisson <[EMAIL PROTECTED]>
wrote:
>BTW, i have attached a file of all the ciphertext ciphers. hope this saves you
>from having to OCR/type them up yourself
>
>From Spendabuck
[snip]
>Stage 8
[snip]
>begin 644 DEBUGGER.BIN
> (-&>`_EU-_/$`
><blank line>
>end
You should know that an errata was posted on the Cipher Challenge
website correcting this code. There should be a single back-quote(`)
on the blank line.
--
Paris Guffey
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Wagner et Al.
Date: Thu, 06 Jan 2000 04:57:19 GMT
On Wed, 5 Jan 2000 22:00:28 +0100, "Daniel Roethlisberger"
<[EMAIL PROTECTED]> wrote:
>Tom St Denis wrote:
>>You are missing my point. I never said trojans [defn = any
>>program that's sole purpose is to defeat security] can't
>>totally break Peekboo. I whole heartedly agree trojans
>>can break Peekboo. ... oh and PGP, and Scramdisk, and
>>....
>>
>>The best solution is to avoid getting them. Don't go to
>>websites you don't trust. Turn off all 'features' like
>>java/activex and don't run attachements... that's the best
>>you can do.
>
>
>Against PGP, an attack would be much more difficult. PGP employs its own
>memory lock driver, so sensitive data doesn't get paged to disk. PGP does
>its best to try and make an attack difficult or feasible. PGP does not send
>keys through easily interceptable windows messages. A trojan will have a
>hard time against PGP, while its task is very easy against Peekboo.
Memory lock driver. Now that sounds interesting.
First question that pops into my mind is, how portable is this kind of
driver from one OS to another? And are there hardware dependencies?
I'm not trying to shoot the idea down by any means, I'm just a curios
bystander with a whole few days of actual coding experience.
Does what you are talking about relate to this quote from the CryptLib
docs file?
>Cryptlib implements a security perimeter around the encryption
functions, with encryption contexts consisting of an arbitrary handle
referring to (hidden) data held within the library. No outside access
to state variables or keying information is possible, provided the
underlying OS provides some form of memory protection. If the OS
supports it, all sensitive information used by the library will be
page-locked to ensure it is never swapped to disk.
If so, it sounds like good practice to me.
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: crypto papers
Date: Thu, 06 Jan 2000 05:19:37 GMT
On Thu, 06 Jan 2000 03:13:20 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>Goto
>
>http://www.dasoft.org/tom/
>
>For papers related to crypto...
>
>Tom
>--
>[EMAIL PROTECTED]
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
Just downloaded the PB2 source again. It is just me (starting to
learn something), or did "peekboo.c" suddenly get squeaky clean and
really well commented?
:o)
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
Date: 6 Jan 2000 05:22:54 -0000
From: The King <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify y
>> Why does anyone think that a warrant is needed in America
>> any more? FBI agents walked into a home in central CA
>> looking for evidence, no warrant, no request to enter,
>> just brushed the owner aside- looking for evidence of two
>> militia men's attempt to blow up two huge gas tanks.
>> So the man who was brushed aside (yes, they just walked
>> in right in front of him) decided he should leave that
>> militia after the FBI visit.
>
> This doesn't sound right. Unless there is a warrant, eminent danger,
> owner approval, police can't just come in. /If/ they did, they know
> that any evidence would be thrown out of court as illegally obtained.
Poppycock. The 4th Amendment has been rent asunder by 20 years worth of
government pecking under the banners of "War on Drugs" "War on Crime"
and the latest boogieman "Domestic Terrorism", just as most of the other
rights we mere citizens are supposed to have. Hell, the law-enforcement
industry even wants to repeal the Miranda decision. Read up on the RICO
and CALEA statutes.
> If this did happen, the home owner should sue.
Sure he can sue. But first he must go to court and the court must decided
to *let* him sue. Then he can go to court again to sue. Then he can grind
for years in the court system, spending every last dollar over a period of
years battling the law-enforcement industry with their infinite time money
and manpower, all to be told "Yes the cops were wrong to do that. Sorry."
A citizen should never *never* NEVER allow a LEO onto his property and
especially his home unless presented with a warrant. If a LEO wants to talk
to you, tell him you'll be happy to speak with him at some neutral location
with your attorny present. If you don't have an attorney you'd best get one
right quick!
Steve
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: is signing a signature with RSA risky?
Date: Thu, 06 Jan 2000 05:26:30 GMT
On Wed, 05 Jan 2000 15:52:33 -0500, Anton Stiglic <[EMAIL PROTECTED]>
wrote:
>
>--------------53E2A400EE636431E4969891
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>I just found the article that talks about the attack,
>
>you can get it at
>
>http://www.cl.cam.ac.uk/users/rja14/robustness.ps.Z
That URL did not reach a document, but
http://www.cl.cam.ac.uk/users/rja14/
is a keeper.
Thanks!
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math.symbolic,sci.math
Subject: Re: New ECM record: up to 60 digits
Date: 06 Jan 2000 00:31:08 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Kai G. Gauer)
wrote:
>
>By the way, could someone out there help me find the correct way to subscribe to
>the following newsgroup that I found on an older webpage post? The page had a
>subscription site with bit.listserv.nmbrthry . Has this site changed names in the
>last few years? I'm trying to find a couple of more MODERATED sites to read
>discussions about large factorization computing; I'm not looking around for the
>quickest spot to post or read a bunch of BS (such as sci.math). Thanks for anyone's
>being able to help out....
The bit.listserv newsgroups are mirrors of mailing lists. Search among
the mailing lists for lilely titles
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: alt.dev.null
Subject: Re: REQ: Applied Crypto source disc
Date: 06 Jan 2000 00:36:27 EST
Jason C. Hartley
> First off, you suck.
> Secondly, I am so profoundly lazy you have no idea.
> I am foul-mouthed.
> -Jason the lazy, foul-mouthed thief
*PLONK!*
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Unsafe Advice in Cryptonomicon
Date: 06 Jan 2000 00:42:38 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Trevor Jackson, III) wrote:
>
>Mok-Kong Shen wrote:
>
>
>> In view of tempest related attacks, that I guess could only be
>> eliminated in rather clumsy ways, it would appear reasonable to
>> have some components of one's encryption system to be mechanical
>> ones, hence without emissions. This would mean sort of renascence
>> of the classical devices. Or am I speculating on an entirely wrong
>> track?
>
>Well, mechanical devices emit acoustic signals...
>
...and some electronic components are microphonic...
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Wagner et Al.
Date: 06 Jan 2000 00:46:53 EST
John E. Kuslich <[EMAIL PROTECTED]> wrote:
> Security by software is total myth. Once resident in memory, any
> software can be made to whistle Dixie or do anything at all by a
> competent machine language programmer. Any executable or dll can be
> loaded and then altered in arbitrary ways to achieve any desired result.
I suggest that you try this under Windows NT 4.0 when your competent
machine language programmer is logged on as an ordinary user instead
of as an Administrator.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Wagner et Al.
Date: 06 Jan 2000 01:01:49 EST
In article <851144$o$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
>You just don't get it
You mispelled "I just don't get it".
>If you can't protect against trojans
You most certainly can protect against trojans. I administer NT servers
and am well protected against trojans. First you need a secure room...
>Why bother bloating the code to try and protect against them.
Because PGP protects itself from all trojans that are not specifically
designed to defeat PGP, and PGP and windows NT security work together to
protect PGP from all trojans including trojans specifically designed to
defeat PGP if the trojan fails to get administrator rights. This is
most certainly worth doing.
>I clear the stack and encrypt the keyfile. That's about all I can do.
>That's all I do.
Why bother? By your logic clearing the stack and encrypting the keyfile
are a waste of time.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
