Cryptography-Digest Digest #477, Volume #11 Mon, 3 Apr 00 16:13:01 EDT
Contents:
Re: The lighter side of cryptology (Richard Herring)
AES papers ("Bruce Schneier")
Eurocrypt 2000: registration + poster/rump session (Eurocrypt 2000)
Re: summing hashes is not safe? (Bryan Olson)
Re: Another question about blowfish (Roger Carbol)
Variants of DES (Mok-Kong Shen)
Re: Is it really NSA ?! ("Stou Sandalski")
Re: Hysteresis? (wtshaw)
Re: Stolen Enigma (JimD)
Re: Stolen Enigma (JimD)
Re: Stolen Enigma (JimD)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Taneli Huuskonen)
Re: Is it really NSA ?! ([EMAIL PROTECTED])
Re: Q: Entropy (Mok-Kong Shen)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (lordcow77)
Re: Improvement on Von Neumann compensator? ("John E. Kuslich")
Looking for Algorithm ([EMAIL PROTECTED])
Re: Disc encryption software question ([EMAIL PROTECTED])
Test Posting - Please ignore ("Greg Nastophy")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: The lighter side of cryptology
Date: 3 Apr 2000 16:25:51 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, John Savard ([EMAIL PROTECTED])
wrote:
> The recieving fax then decodes the message, and prints out a copy of
> the fax with pristine accuracy.
> In the wrong office, because the user dialed the wrong number at the
> start.
And blank. I can never decipher whether the original is supposed to
go face up or face down :-(
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: "Bruce Schneier" <[EMAIL PROTECTED]>
Subject: AES papers
Date: Mon, 3 Apr 2000 11:33:56 -0500
I've finally posted all our AES papers.
Rijndael: http://www.counterpane.com/rijndael.html (To be presented at
FSE.)
Extended Boomerang Attacks on MARS and Serpent:
http://www.counterpane.com/boomerang.html (To be presented at FSE.)
MARS: http://www.counterpane.com/serpent-aes.html. (To be presented at
AES.)
Serpent: http://www.counterpane.com/mars-attacks.html. (To be presented at
AES.)
Twofish: http://www.counterpane.com/twofish-related.html.
Performance Comparison: http://www.counterpane.com/aes-comparison.html. (To
be presented at AES. We are in the process of revising many of the numbers
in this paper, and will have a new version in a week or so.)
And while you're visiting, check out the rest of the Counterpane web site.
We've just launched our new Managed Security Monitoring service. THIS is
going to be big, really big.
There's still time to attend FSE7 and AES3 in New York in April. See the
web sites at:
http://www.counterpane.com/fse.html
http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm
Bruce
--
**************************************************************************
Bruce Schneier, CTO, Counterpane Internet Security, Inc. Ph: 408-556-2401
3031 Tisch Way, 100 Plaza East, San Jose, CA 95128 Fax: 408-556-0889
Free Internet security newsletter. See: http://www.counterpane.com
------------------------------
From: Eurocrypt 2000 <[EMAIL PROTECTED]>
Subject: Eurocrypt 2000: registration + poster/rump session
Date: Mon, 3 Apr 2000 19:00:48 +0200
==============================================================
E U R O C R Y P T 2 0 0 0
Bruges (Brugge), Belgium, 14-18 May, 2000
http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/
==============================================================
This is a reminder to register for Eurocrypt 2000, the main
European research conference in the area of cryptology.
Early registration ends on 1st of April.
This conference is organized by the International Association
for Cryptologic Research (IACR, http://www.iacr.org/) in
cooperation with the Katholieke Universiteit Leuven
(K.U.Leuven, Belgium, http://www.esat.kuleuven.ac.be/cosic/).
The final program, all registration details and accommodation
information can be found on the conference web site:
http://www.esat.kuleuven.ac.be/cosic/eurocrypt2000/
On Tuesday 16 May in the evening, a poster session will be
held parallel to the traditional rump session. The best
submissions for the poster session get a slot of 3-7 minutes
in the rump session. Submission deadline is 1 May 2000.
Details can be found on the web site.
=============================================================
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: summing hashes is not safe?
Date: Mon, 03 Apr 2000 17:14:27 GMT
[EMAIL PROTECTED] wrote:
>
> Just came across some code in which multiple (100's) 20 byte message-
> digests are summed into one 24 byte sum as a hash for the complete
> batch.
> Something tells me this is not the way to handle (SHA-1) hashes. Can
> anyone confirm my feeling that it's fairly easy to add fake messages?
The subset-sum problem is NP-Complete, but in this
case the attacker can build an unlimited pool of
candidates from which to draw the subset. I'm a
little out of my field here, but I think you could
set it up the problem so the L^3 algorithm would
efficiently come up with a distinct collection of
messages with the same hash-sum.
Certainly a Merkle-style hash tree are almost always
the smart way to handle hashing such collections.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Roger Carbol)
Subject: Re: Another question about blowfish
Date: Mon, 03 Apr 2000 17:57:09 GMT
Jan Krumsiek <[EMAIL PROTECTED]> wrote:
>i want to encrypt a string which's length is not a multiple of 8.
Not a multiple of 8 bytes, you mean? Or not a multiple of 8 bits?
Encrypting a string of, say, 23 bits can sometimes be a bit irksome.
.. Roger Carbol .. [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Variants of DES
Date: Mon, 03 Apr 2000 20:17:47 +0200
In Schneier's AC there is a section on variants of DES. Unless
I have overlooked some paragraphs, it appears that the potential
possibility of permuting the subkeys has not been considered.
If such permutations don't greatly weaken the cipher, then one
could substantially increase the effective key space that way.
Does anyone happen to know any research done on that issue and
can give eventually a reference?
Biham and Shamir have shown that changing the order of the 8
S-boxes will make DES weaker. I unfortunately don't have their
paper currently to check, but I suppose that statement refers to
identical change of ordering for all rounds. If that is indeed
the case, then there are other situations that may be considered
as well, namely when one uses different permutations of the
order of the S-boxes in different rounds. I suppose that,
even if weakness entails due to permutations, that possibilty of
variation can still be valuable in practice, since the weakness
is likely to be over-compensated by the increase of effective
key length (the opponent does not know which permutations are
used in encrypting a particular message).
These types of (minor) variations seem evidently to be applicable
to other DES-like designs and are likely to be useful as well.
Thanks for your informations and comments in advance.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: Is it really NSA ?!
Date: Mon, 3 Apr 2000 11:36:23 -0700
"Arthur Dardia" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
<snipity snip>
>
> These guns do exist, as far as how advanced I wouldn't know. On the TLC
or
> DSC channel (I forget which one), they were showing non-lethal weapons the
> police and SWAT teams are developing to end hostage situations and disarm
> criminals much easier (Kudos to all those involved in such projects...).
One
> of the weapons was designed to be shot out of the front of a police
vehicle
> and run under the car of the person leading the high-speed chase. It
would
> emmit such frequencies and shut down this car, such as you said. I also
> remember hearing about someone building one for a science fair - I believe
he
> won too...
>
Yea I saw this program it was on the Disc chanel, they had some nifty stuffs
on that. however the weapon that you are talking about is a little rocket
car that goes under the car and shocks the car as from a taser-gun which
fries the electrical system. I am not sure of the exact workings of the
dealie but I know it wasn't anything with emp, it was strictly hard contact
with the underside of the car. Pretty nifty gadget I will have to say. They
also had this peper foam thing that they spray over you and it burns your
eyes and skin and is stick... kind of mean but better then a 44 slug in the
head..
Stou
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.privacy,alt.security.pgp
Subject: Re: Hysteresis?
Date: Mon, 03 Apr 2000 12:02:32 -0600
In article <[EMAIL PROTECTED]>, "Scotty"
<[EMAIL PROTECTED]> wrote:
> G. R. Bricker wrote in message <01bf9d2d$df081040$4b06ebd0@default>...
> >I surmise that hysteresis effects would leave traces of the previous
> >condition of the "bit" on magnetic media. A bit which has been overwritten
> >once in its lifetime would probably have a measurable trace of residual
> >magnetism from its previous condition. However, how you would measure this
> >I don't know. The level would be pretty low. As for bits which have been
> >overwritten many times, I have absolutely no idea how each separate "write"
> >could be determined.
> > G.R. Bricker
>
> When a 1 overwrites a 1 you get about 1.05 and 0.95 when it overwrites a 0.
> The drive circuitry digitises that to give 1. That 10% difference is easy to
> measure if you sample it with an oscilloscope before the signal is processed
> by the drive circuitry. This is not rocket science.
>
Consider the wisdom of using a smaller drive for secure uses, as the media
will tend to be used and reused. Large drives would contain less reused
media, so deleted files might never really vanish. Compacting files miles
might not help much easier, as high memory files may be left intact, just
out of the directory.
--
Given all other distractions, I'd rather be programming.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Stolen Enigma
Reply-To: JimD
Date: Mon, 03 Apr 2000 17:56:04 GMT
On Sun, 2 Apr 2000 18:02:12 GMT, [EMAIL PROTECTED] (Jim Reeds) wrote:
>Apparently the stolen Enigma was an "Abwehr" Enigma, as
>described in a recent Cryptologia article. I can well
>believe that there are only 3 (or maybe now, 2) Abwehr
>Enigmas left in the world. A garden variety Wehrmacht
>Enigma, like my friend Fred bought a decade or so back,
>costs as much a new car, I suppose, and is no great rarity.
>But this one was different.
The news got it as an SS machine, but they probably don't
know the difference between SS and Abwehr.
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Stolen Enigma
Reply-To: JimD
Date: Mon, 03 Apr 2000 17:56:03 GMT
On Sun, 02 Apr 2000 17:17:11 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
>On Sun, 02 Apr 2000 15:48:58 GMT, Rick Smith <[EMAIL PROTECTED]> wrote,
>in part:
>>Gary Watson wrote:
>
>>> CNN is reporting that someone has stolen the Enigma machine from the
>>> Blechley Park exhibit in the UK. They say it's one of 3 in the world.
>>> Although it's a fairly obnoxious crime, you would think that they would
>>> padlock something so valuable before opening the place to the public.
>
>>Hmm. I seem to remember seeing 3 different Enigma machines (including
>>one rigged up for visitors to use) on display at the NSA Museum in
>>Maryland. So the "3 in the world" sounds like careless reportage.
>
>Not necessarily. The Engima machine came in several different
>varieties. Some are fairly common, with hundreds of specimens still in
>existence, but it is entirely possible that the particular machine
>stolen belongs to a specific type of which only three specimens are
>known to survive.
As it happens, this is correct. It now transpires that it was an ex-SS
machine and apparently rather rare. Probably actually an Abwehr machine.
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Stolen Enigma
Reply-To: JimD
Date: Mon, 03 Apr 2000 17:56:05 GMT
On 3 Apr 2000 00:35:47 +0200, [EMAIL PROTECTED] (Paul Schlyter) wrote:
>In article <2eJF4.5455$[EMAIL PROTECTED]>,
>Gary Watson <[EMAIL PROTECTED]> wrote:
>
>> CNN is reporting that someone has stolen the Enigma machine from the
>> Blechley Park exhibit in the UK. They say it's one of 3 in the world.
>> Although it's a fairly obnoxious crime, you would think that they would
>> padlock something so valuable before opening the place to the public.
>
>Was it stolen on 1 april? :-)
Certainly was. Have you got it?
--
Jim Dunnett.
dynastic at cwcom.net
He who laughs last doesn't
get the joke.
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 3 Apr 2000 21:42:50 +0300
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <[EMAIL PROTECTED]> Anthony Stephen Szopa
<[EMAIL PROTECTED]> writes:
[...]
>I'll ask you again: how many raw random digits from the random
>digit generator will you need? I will supply them. You can
>then give us what you have determined to be the subsequent
>raw random digits from the random digit generator.
>Then I will provide the key for the software where we all can see
>that the random digits I gave you were in fact the ones generated
>from the software using this key.
OK, fine - no BS, just the facts. However, I have trouble handling
very large files (I'd need a couple hundred million digits for
predicting the entire output stream), so I propose the following:
You supply twenty blocks of a thousand consecutive digits each.
Between each block and the next, the "Rotation" is incremented by 10,
and the "Offset" is reset to zero. In other words, the starting digits
of two consecutive blocks are 10! * 10 places apart in the full output
stream of the random digit generator. You may start with any value for
the Rotation that you want; just make it known afterwards.
You can make the digits available in any reasonable format: ASCII or
BCD, all the blocks concatenated in one large file or 20 small files,
zipped or not, made available by HTTP or FTP, or e-mailed to me.
I will make a thousand predictions of this form: "The digit at Rotation
234, Offset 43 is 5." If you can find one incorrect prediction, I've
failed. So, my chances of succeeding by chance are 1 out of 10^1000.
Deal?
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOOjmAV+t0CYLfLaVEQJQHgCdGjNvXKyM32E4mP8dW74Q8i7YPDQAn0rD
1Q6v3/9KiZOajAl/3FjT9CKU
=DbCx
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is it really NSA ?!
Date: Mon, 03 Apr 2000 19:05:45 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
> > As Doug Gwyn noted, you should be careful about making statements
> > that could be construed as too anti- NSA, FBI, etc.
>
> That wasn't quite my point. You can be as anti as you like,
> according to the U.S. Constitution (Amendment 1 protects
> freedom of political speech and association), including
> saying that they should in principle all be snuffed. What
> I was warning against was in publicly plotting to commit a
> *specific* crime (such as a physical assault on government
> buildings), or being readily construed (e.g. in a court
> of law) as having been engaged in such activity. If you
> indulge in such stuff, it's much like making jokes about
> bombs at the airport security scanner -- even if it was
> innocently meant, you can find yourself in serious trouble.
>
A good point, I guess. I don't really pay any
attention to the law (or politics) and so I'm
not certain about the potential legal
consequences. Personally, I take precautions
regarding what I might say because I'd rather
be safe than sorry and this is what I was
trying to express. Anyways, the Feds might
not take the statements Dardia made too
seriously because he was only fantasizing and
appears to be in high school. Even if the Feds
did take those comments seriously, they
would probably consider whether he is a minor
or first time offender.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Mon, 03 Apr 2000 21:25:27 +0200
Bryan Olson wrote:
>
> Mok-Kong Shen wrote:
> > Given an arbitrary (finite) bit sequence, how does one actually
> > go about in practice to determine the entropy it contains?
>
> Remember that entropy is defined by probability. Given
> a finite bit sequence but not a probability space,
> there is no such thing as the entropy of the sequence.
A further question: Does a normal English message have entropy?
Presumably yes. Now if I change some words but retain the
grammatical structures, does the new (artificial) message (that
is not quite common) have a larger/smaller entropy? Or is it rather
the case that one has no exact methodology to deal with that issue?
Thanks.
M. K. Shen
------------------------------
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
From: lordcow77 <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Date: Mon, 03 Apr 2000 12:28:37 -0700
Frankly, I would not trust the digits that Anthony Stephen Szopa
provides to you without some type of bit committment scheme. It
would be far to easy for him to say "Ha! My OAP-2000 scheme is
perfect, becuase Taneli Huuskonen failed to predict a digit. He
said that digit 1234 was a 7 when in reality, it was a 8." Szopa
should publish a hash of the complete key and data files used to
create the digits provided, in addition to a hash of the digits
that Huuskonen is asked to determine. A standard bit committment
scheme should suffice, although if you desire, it will be not
much more difficult to use a zero-knowledge proof of the
information that you will determine. Szopa has lied in the past
to sell his product; I would not trust him to discover any
latent sense of honesty or fair play at this point.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Improvement on Von Neumann compensator?
Date: Mon, 3 Apr 2000 12:14:43 -0700
I still maintain that the best PR source is to hang some of those AOL CD's
from long strings in the wind. Let them twist and waggle in the breeze as a
web cam takes random (oh boy, ok at quasi non-deterministic intervals that
are possibly correlated to non-random sources :-- ) pictures. Take the
resulting bitmaps and whiten them and skim entropy using any number of well
known techniques.
At least all that plastic will not have gone to waste! You don't have to buy
Lava Lamps from cryptologically certified vendors, you don't have to deal
with radioactive materials and you will not have to worry about correlated
noise entering your phase locked loop.
JK http://www.crak.com Password Recovery software
Finally
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:8c8jau$[EMAIL PROTECTED]...
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Mok-Kong Shen) wrote:
>
> >Sorry, my point concerning 'continuous process' was wrong (my
> >thought at the time of writing betrayed me). However, the other
> >point, namely that concerning physical realization, seems to be valid.
> >On the other hand, I like to have a point you raised (if I
> >understand correctly) more explicitly expressed as follows. The
> >position of any particle that can be measured and the clock one
> >uses are obviously subject to bounded precisions of the instruments
> >involved. Further, most values have to be truncated, since we can't
> >record most of the real numbers exactly (with an infinite or almost
> >infinite number of digits) even if we had had perfect instruments.
> >So, even if we KNOW (which we can't, I am afraid) that the Brownian
> >motion being observed is indeed truly random, would one be able to
> >extract from that truly random informations in practice? In other
> >words, wouldn't the above mentioned imperfection in measurement
> >and recording essentially falsify our results? (This would also
> >apply to random numbers obtained from other physical sources.)
>
> There is an escape clause that will let you remove the bias and keep
> the randomness. As a thought experiment, imagine that I obtained
> N bits of "random" data from the following (possibly to certainly
> biased) sources:
>
> HotBits (time between atomic decays in a radioisotope)
>
> Laverand (the position of the lava in a bunch of lava lights)
>
> Intel chipset RNG (thermal noise source disturbing phase locked loop)
>
> The best available pseudorandom generator (is there a concensus as to
> which one is "best", or is this another "depends on what you want"
> questions?)
>
> Now XOR them together. The only bias that will remain is a bias that
> is shared by all four sources. Also, if any one of the four is true
> random, the output will be true random.
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Looking for Algorithm
Date: Mon, 03 Apr 2000 19:32:06 GMT
Help!
I looking for an algorithm that does the following
- splits a message in 2 parts,
- hashes every line
- so that key and lock have always the same bit-length.
Maybe a stupid question, but i am new to cypto.
I have read about somewhere in the web , but I can't
remember the name of it - i need it for one of my projects.
Many thanks and a nice day
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Disc encryption software question
Date: Mon, 03 Apr 2000 19:40:57 GMT
In article <
01bf9c85$daf47320$[EMAIL PROTECTED]
h.edu.au>,
"DIAMOND Mark R" <[EMAIL PROTECTED]> wrote:
> Does anyone know of a review of the software "PC Safe", a disc encryption
> package. I'm looking for something which will tell me how secure the
> encryption itself is, and whether its security depends only on not being
> able to have extended access to the hard disc (say by just pulling it out
> of the old machine and putting it as a non-boot drive into a new machine).
> I saw the software advertised in a professional (non-computing) magazine as
> a method of securing the confidentiality of patient records.
> --
I don't know anything about "PC Safe", but
you might try this website which tells users
where they can find reviews for such
products:
http://www.inside-information.com
If you work in vision research do you happen
to know anything technical about the new
GVPP chip (generic visual perception
processor)? It can recognize colors and
motion and can handle *20 Billion*
instructions per second (compared to a few
million instructions/ second by Pentium class
processors).
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Greg Nastophy" <[EMAIL PROTECTED]>
Subject: Test Posting - Please ignore
Date: Mon, 3 Apr 2000 20:45:20 +0100
Test Posting - Please ignore
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
