Cryptography-Digest Digest #695, Volume #11 Wed, 3 May 00 10:13:01 EDT
Contents:
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Cynic")
DES performance (Lieven Trappeniers)
Re: DES performance (Eric Hambuch)
Re: Any good attorneys? (Mark Wooding)
Re: RC5 math (Richard Parker)
Re: DES performance (Richard Parker)
Re: AEES Advanced (Tom St Denis)
Re: Any good attorneys? (Tom St Denis)
Re: Deciphering Playfair (long) (Michael Jarrells)
.KGB crypted files ("jeremie")
Fixed: Sboxgen tool (Tom St Denis)
Re: AEES Advanced ([EMAIL PROTECTED])
Re: AEES Advanced (Tom St Denis)
Re: RC5 math (Pred.)
Re: Any good attorneys? ("Trevor L. Jackson, III")
Re: Any good attorneys? (David Formosa (aka ? the Platypus))
Re: quantum crypto breakthru? (Roger)
Re: .KGB crypted files (Troed)
Re: Any good attorneys? (Mark Wooding)
Re: A naive question ("Tony T. Warnock")
Re: Any good attorneys? (Richard D. Latham)
----------------------------------------------------------------------------
From: "Cynic" <no.address@anon>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the
net"
Date: Wed, 3 May 2000 10:32:14 +0100
Dave J wrote
>I am currently learning C, partly with an eye to borrowing the PGP
source
>code and altering the header generation. I am *sure* there must be
snags I
>haven't thought of but as I'm usually taken as the local nutter I
can't
>get a sensible reply..
It's been done. Look at http://www.scramdisk.clara.net
Encrypted "container" files have no header or any way to identify
them, supports steganography (hiding a virtual drive in WAV files),
and it's free, with source-code available. Extensively peer reviewed.
Also has a newsgroup dedicated to it alt.security.scramdisk, to which
the author posts regularly. Available for Win9x but not yet Win2000
or WinNT (coming soon).
--
Cynic
------------------------------
From: Lieven Trappeniers <[EMAIL PROTECTED]>
Subject: DES performance
Date: Wed, 03 May 2000 11:24:50 +0200
Hello All,
Does anybody know where I can find a freeware implementation of DES and
or 3DES in C ?
This is just to make a performance test on an embedded system.
Are there any data out on this ?
Thanks,
Lieven.
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: DES performance
Date: Wed, 03 May 2000 11:46:18 +0200
Lieven Trappeniers wrote:
>
> Hello All,
>
> Does anybody know where I can find a freeware implementation of DES and
> or 3DES in C ?
>
> This is just to make a performance test on an embedded system.
Try
ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric
Eric
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Any good attorneys?
Date: 3 May 2000 10:10:29 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> > if I want to send a message I make up a 'j', (and send y^j) and use the
> > hash of y^j as the symmetric key. This means the ciphertext will be the
> > same size as the modulus. Which is a bonus.
>
> Err.. that should read
>
> Send "g^j" as the encryption parameter... the user can now use g^j^x as
> the private key, whereas the sender can use y^j.
Congratulations on reinventing offline Diffie-Hellman. Only about 15
years after everyone else. ;-)
Seriously:
1. RSA Security seems to me to be a nasty piece of work in general.
2. The RSA algorithm is useful, standard and versatile. Neat tricks
like signature blinding don't work so well with other systems.
3. RSA is only patented in the US, and even then only until
2000-09-20. I'll be holding a party to celebrate the occasion.
4. RC5 is probably patented everywhere, but it's not commonly used and
has some known weaknesses. It's fast, but Twofish, Blowfish and
RC4 are all faster.
5. Ditch RC5.
6. Stick to your guns on RSA.
-- [mdw]
Damn it, Jim: I'm a hacker, not a lawyer.
------------------------------
Subject: Re: RC5 math
From: Richard Parker <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 10:41:25 GMT
<[EMAIL PROTECTED]> wrote:
> Is there a paper available that describes RC5 in mathematical terms
> including analysis of its strength?
The RC5 encryption algorithm was written by Ronald L. Rivest, who is one of
the original founders of RSA <http://www.rsalabs.com/>. Information about
his cipher designs can generally be founds on the RSA website. The first
published paper in which Rivest described RC5 is available from RSA:
R.L. Rivest, "The RC5 encryption algorithm, "Proceedings of the
2nd Workshop on Fast Software Encryption, Springer-Verlag, 1995,
pp. 86-96.
<ftp://ftp.rsasecurity.com/pub/rsalabs/rc5/rc5.ps>
A good overview of the analysis that has been done on RC5 has also been
prepared by RSA:
B.S. Kaliski Jr. and Y.L. Yin, "On the Security of the RC5
Encryption Algorithm," RSA Laboratories Technical Report TR-602,
1998.
<ftp://ftp.rsasecurity.com/pub/rsalabs/rc5/rc5-report.pdf>
The best known attack on RC5 is differential cryptanalysis, and the best
published differential cryptanalysis of RC5 is by Knudsen and Meier:
L.R. Knudsen and W. Meier, "Improved differential attack on RC5,"
Advances in Cryptology, Proceedings of Crypto'96, LNCS 1109,
Springer-Verlag, 1996, pp. 216-228.
<ftp://ftp.esat.kuleuven.ac.be/%2Fpub/COSIC/knudsen/rc5.ps.Z>
-Richard
------------------------------
Subject: Re: DES performance
From: Richard Parker <[EMAIL PROTECTED]>
Date: Wed, 03 May 2000 10:54:08 GMT
Lieven Trappeniers <[EMAIL PROTECTED]> wrote:
> Does anybody know where I can find a freeware implementation of DES and
> or 3DES in C ?
Wei Dai's "Crypto++" C++ library contains an implementation of both DES and
3DES. It is available at the following URL:
<http://www.eskimo.com/~weidai/cryptlib.html>
Peter Gutmann's "cryptlib" C library also contains the two algorithms that
interest you. This library may not be free if you intend to use it for
"large-scale commercial use." The URL is:
<http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html>
The GnuPG and OpenSSL projects both include a free implementation of DES and
3DES:
<http://www.gnupg.org>
<http://www.opensll.org>
-Richard
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: AEES Advanced
Date: Wed, 03 May 2000 11:02:49 GMT
[EMAIL PROTECTED] wrote:
>
> Hi Tom,
>
> #Why 16 rounds? Why not 20 or 4?
>
> DES architecture shows that 16 is optimum number of rounds.
> Entropy in cipher text achieves maximum for exactly this number of
> rounds.
Actually DES is only optimal after 5 rounds, it's stronger against
iterative attacks with 16 rounds.
> #Useless. Keys from 80-192 bits is all you really need
> #and maybe 256 bits at the max.
>
> Please explain why?
Because larger keys are not needed.
> #Explain? Are you doing something like F(a, b) = ab mod 257 ?
>
> No. If I apply automorphism to a cyclic group then law of composition
> becomes another form. Correspondent definitions can be found in
> algorithm description.
>
> #Static, per round ??? what?
>
> Yes. 16 S-boxes, which are derived from key, are used for substitution
> choice in each round.
>
> #Why so big?
>
> Key length relates to internal architecture.
>
> #Are the s-boxes functions?
>
> Law of composition can be considered as function.
>
> #Which is?
>
> I suppose this is simplified DES as described in
> William Stallings
> Cryptography and network security.
> ISBN 0-13-869017-0
>
> #How about differential characteristics? Linear traits?
>
> I suppose a bit better as in DES.
Suppose? Have you analyzed the sboxes your algorithm makes?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: Wed, 03 May 2000 11:04:43 GMT
Mark Wooding wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> > > if I want to send a message I make up a 'j', (and send y^j) and use the
> > > hash of y^j as the symmetric key. This means the ciphertext will be the
> > > same size as the modulus. Which is a bonus.
> >
> > Err.. that should read
> >
> > Send "g^j" as the encryption parameter... the user can now use g^j^x as
> > the private key, whereas the sender can use y^j.
>
> Congratulations on reinventing offline Diffie-Hellman. Only about 15
> years after everyone else. ;-)
>
> Seriously:
>
> 1. RSA Security seems to me to be a nasty piece of work in general.
>
> 2. The RSA algorithm is useful, standard and versatile. Neat tricks
> like signature blinding don't work so well with other systems.
>
> 3. RSA is only patented in the US, and even then only until
> 2000-09-20. I'll be holding a party to celebrate the occasion.
>
> 4. RC5 is probably patented everywhere, but it's not commonly used and
> has some known weaknesses. It's fast, but Twofish, Blowfish and
> RC4 are all faster.
>
> 5. Ditch RC5.
>
> 6. Stick to your guns on RSA.
>
> -- [mdw]
>
> Damn it, Jim: I'm a hacker, not a lawyer.
So the concensus is that I should should support either?
Ok fine, I will finish the elgamal then I will add RSA back in so my
other support routines can use either.
Tom
------------------------------
From: Michael Jarrells <[EMAIL PROTECTED]>
Subject: Re: Deciphering Playfair (long)
Date: Wed, 03 May 2000 07:05:06 -0400
Reply-To: [EMAIL PROTECTED]
William Rowden wrote:
>
> I'm not certain how to interpret this; do you have probable plaintext,
> or not? The "experts" think that solving Playfair by hand requires a
> crib. (Though "The Army Field Manual 34-40-2" at
> http://www.und.nodak.edu/org/crypto/crypto/army.field.manual/ has, in
> addition to analysis of Playfair on pages 7-12 to 7-18, some pattern
> words in Appendix D that may be of some use.) For the remainder of
> this post, I'm assuming you have, or can guess at, a crib.
> -William
> PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
> Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Thanks for the information.
I meant to express the fact that I had two messages. One I had the
ciphertext and plaintext for. One I only had ciphertext. I guessed the
playfair for the first which should have deciphered the second, but did
not. Here is the problem for those who wish to test their skill:
Message 1:
Ciphertext: EBCAYLVPUTALOQDPRMQV
Plaintext: FLOWERSANDVEGETABLES
Message 2:
Ciphertext:
FWFUIVGXVCZOWZYLEOXPIAPDUGNMLOAYXNQLQLTDNLYWXTOWXLYFVOUTZIAYEYWIYQOLYQV
Partial Given Playfair: EQ?????BR????XK?P?D????U?
Let me know if you can get this to work for both messages. I did not.
Good luck. :)
--
Michael Jarrells
1991 KTM TXC 300
http://jarrells.cjb.net
mailto:[EMAIL PROTECTED]
------------------------------
From: "jeremie" <[EMAIL PROTECTED]>
Subject: .KGB crypted files
Date: Wed, 3 May 2000 13:17:19 +0200
I found a web site on tripod with encrypted files dated last year, can
someone tell me if the files can be break ?
http://members.tripod.com/yseure
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Fixed: Sboxgen tool
Date: Wed, 03 May 2000 11:37:55 GMT
I fixed my sbox generator up quite a bit yesterday. I changed the
source around to be a bit more modular and easier to read and follow.
All the tests are isolated in separate functions.
Some new things:
1. The SAC test actually works now. I misunderstood the changed bit
count must equal have the output size, it's suppose to be at least
half. So now it actually tests properly. However finding SAC sboxes
takes damn long.... oh well. On the plus side it's all optimized to
quit
early if the sbox doesn't work, so you can test millions per minute on a
decent class computer (i.e K6-II 400).
2. Analysis output, I output the walsh transform output and the pairs
xor-distribution table as well for each sbox.
It's all available from:
http://tomstdenis.n3.net/sboxgen.c
If anyone has any comments or ideas please let me know.
Thanks,
Tom
--
Want your academic website listed on a free websearch engine? Then
please check out http://tomstdenis.n3.net/search.html, it's entirely
free
and there are no advertisements.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AEES Advanced
Date: Wed, 03 May 2000 11:28:58 GMT
Tom,
Where can I read about differential characteristics and Linear traits?
Thank you.
Best regards.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: AEES Advanced
Date: Wed, 03 May 2000 11:47:18 GMT
[EMAIL PROTECTED] wrote:
>
> Tom,
> Where can I read about differential characteristics and Linear traits?
> Thank you.
> Best regards.
> Alex.
"Differential Cryptanalysis of DES-Like Cryptosystems" and "On Matsui's
Linear Cryptanalysis".
Do a web search for "Eli Biham".
Tom
------------------------------
From: Pred. <[EMAIL PROTECTED]>
Subject: Re: RC5 math
Date: Wed, 03 May 2000 11:35:09 GMT
Wow. Thanks a lot!
> The RC5 encryption algorithm was written by Ronald L. Rivest, who is
one of
> the original founders of RSA <http://www.rsalabs.com/>. Information
about
> his cipher designs can generally be founds on the RSA website. The
first
> published paper in which Rivest described RC5 is available from RSA:
>
...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 03 May 2000 08:20:20 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Tom St Denis wrote:
> Paul Rubin wrote:
> >
> > Tom St Denis <[EMAIL PROTECTED]> wrote:
> > >> I'd say bag RC5 for sure. There's not much reason to care about it.
> > >> However, the RSA public key algorithm is important and your product
> > >> suffers if you don't include it. Even though you're in Canada and
> > >> it's unpatented there, you might want to avoid hassles by leaving it
> > >> out for now. But on September 20 when the US patent expires, please
> > >> put it back.
> > >
> > >Hmm well I already deleted the source (I could restore it from backup)
> > >but I seriously want to avoid RSA completely. I don't like getting
> > >emails like that.
> >
> > I don't understand the logic of this. You don't like being bullied
> > by RSA, so you're going to get back at the bully by doing exactly what
> > he tells you?
>
> It's called I am an 18 year old kid. Why would I throw my life away
> just to have RSA patented technology?
If you react to any threat with compliance, you make your self a victim.
That's throwing your life away.
>
>
> I can get by with Cryptobag and PB3 by using other algorithms.
Notice the terms you are using. Is it your intention to "get by", meaning
merely achieve the bare minimum, in the other important things in your life?
If your life is worth living is it worth living _well_. That means doing the
right thing in the face of conflict. Read some Churchill.
>
>
> > >At anyrate ElGamal will fill the spot where RSA was quite nicely.
> > >
> > >I just need a DH pro to talk to (i.e how to minimize the ciphertext size
> > >but remain relatively secure).
> >
> > El Gamal is much slower and makes larger signatures unless you do it
> > (for example) over elliptic curves.
>
> I still have some reading todo (I know basic EG right now) but I am
> pretty sure you can get by with smaller ciphertext by using
> sub-groups...
>
> I would appreciate any info possible wrt to this. As I want to get CB
> back out there.
>
> Tom
------------------------------
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Any good attorneys?
Date: 3 May 2000 12:45:48 GMT
Reply-To: dformosa@[202.7.69.25]
On Wed, 03 May 2000 08:20:20 -0400, Trevor L. Jackson, III
<[EMAIL PROTECTED]> wrote:
>Tom St Denis wrote:
[...]
>> It's called I am an 18 year old kid. Why would I throw my life away
>> just to have RSA patented technology?
>
>If you react to any threat with compliance, you make your self a victim.
>That's throwing your life away.
Its easy for you to say your not the one taking the risks.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Interested in drawing platypie for money? Email me.
------------------------------
From: Roger <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Wed, 03 May 2000 06:11:55 -0700
Leo Sgouros wrote:
> One could picture a dynamically evolving system where the transmissions
> modify as soon as they start sensing "states" that have a sign of
> tampering.You could take the position that *any* modification is essentially
> a tap and hostile, and if you know the time frame at which certain data was
> "exposed to the air" you could conceivably "rerun" the data period and find
> where and when the tap was.
> Theoretically, of course.
So then every router and switch would have to able to detect
tampering? And shut down the connection if tampering is
detected? Any bad data at all would look like tampering.
I just don't see any practical advantages to this.
------------------------------
From: [EMAIL PROTECTED] (Troed)
Subject: Re: .KGB crypted files
Reply-To: [EMAIL PROTECTED]
Date: Wed, 03 May 2000 13:13:43 GMT
"jeremie" <[EMAIL PROTECTED]> wrote:
>I found a web site on tripod with encrypted files dated last year, can
>someone tell me if the files can be break ?
>
>http://members.tripod.com/yseure
Sounds like files from Kremlin by FireSoft ... I think there was a
mention here that at one point in time the RC4 implementation was
flawed, but otherwise the source for Kremlin has been sent away to a
known (sorry, don't know who) cryptographer who's verified the
implementation.
It should be secure :)
___/
_/
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Any good attorneys?
Date: 3 May 2000 13:41:44 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> So the concensus is that I should should support either?
I do sincerely believe so. In particular, I now note that the quoted
snot-o-gram from RSA Lawyers Inc. only complained about RC5 anyway, and
not about RSA. So just bin RC5 because there's no advantage in it
anyway.
All the best with this mess.
-- [mdw]
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Wed, 03 May 2000 07:47:00 -0600
Reply-To: [EMAIL PROTECTED]
Joseph Ashwood wrote:
> The problem with that theory is that using that theory, a
> OTP on top of English is no longer perfect (and the same
> qualification should apply to what I responded to Shen),
> because there is only 1 bit of entropy per character. This
> means that the probability of plaintexts is extremely
> slanted. To the point where brute forcing this entire
> message would only be a matter of around 400 bits, instead
> of the 3200 bits that it should be.
> Joe
The probability of plaintexts in English is independent of the
encryption method. The probability of the plaintext given the cyphertext
is uniform if using a one time pad. (Once, not 1+epsilon, see Venona.)
------------------------------
From: [EMAIL PROTECTED] (Richard D. Latham)
Subject: Re: Any good attorneys?
Date: 03 May 2000 09:08:45 -0500
Tom St Denis <[EMAIL PROTECTED]> writes:
> jungle wrote:
> >
> > the point is, you don't need to wrestle ...
> > you are not affected by they patents ...
>
> I don't want to confront them, point made. As A bonus I think I will be
> the first crypto-lib to use DHAES :)
>
> Or is it not at all new?
>
> Tom
If you have a sense of humor, you could send them back a note (that
looks like it comes from an auto-responder) saying that you're on
vacation thru Sept. 21, and you'll be responding to all your
accumulated e-mail on your return :-)
--
#include <disclaimer.std> /* I don't speak for IBM ... */
/* Heck, I don't even speak for myself */
/* Don't believe me ? Ask my wife :-) */
Richard D. Latham [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
