Cryptography-Digest Digest #715, Volume #11 Sat, 6 May 00 04:13:01 EDT
Contents:
Two basic questions (kidwalden)
Re: Two basic questions (Tom St Denis)
Re: Crypto Export (David A Molnar)
Re: Two basic questions (David A Molnar)
Newbie question about generating primes ("JoeC")
Re: new Echelon article ([EMAIL PROTECTED])
Re: Any good attorneys? (Joaquim Southby)
Re: Crypto Export (Bill Unruh)
Re: Newbie question about generating primes ("Dann Corbit")
Re: RC5 math (Scott Contini)
Re: Unbreakable Superencipherment Rounds (wtshaw)
SV: cryptographically secure ("Ali Tofigh")
SV: cryptographically secure ("Ali Tofigh")
----------------------------------------------------------------------------
From: kidwalden <[EMAIL PROTECTED]>
Subject: Two basic questions
Date: Fri, 05 May 2000 22:05:58 -0500
Forgive me, I'm just starting to learn about crypto to keep from
becoming bored stiff at school. I have two basic questions:
Why don't people just use bad spelling and/or grammer before encrypting
messages? If my plain text reads "We-uns gonna tack purl harber
toonite" and I take reasonable trouble to not be consistent in my
misspellings, it seems like even a simple substitution cipher would
throw off most machines for a long time. After all, nothing would match
a dictionary lookup...
Also, has anyone ever made a true random number generator for a PC,
using some truly random event like beta decay or diode noise?
Thanks for your patience with this newbie!
Walden
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Two basic questions
Date: Sat, 06 May 2000 03:31:23 GMT
kidwalden wrote:
>
> Forgive me, I'm just starting to learn about crypto to keep from
> becoming bored stiff at school. I have two basic questions:
>
> Why don't people just use bad spelling and/or grammer before encrypting
> messages? If my plain text reads "We-uns gonna tack purl harber
> toonite" and I take reasonable trouble to not be consistent in my
> misspellings, it seems like even a simple substitution cipher would
> throw off most machines for a long time. After all, nothing would match
> a dictionary lookup...
For the simple reason I know you are saying "We are gonna attack perl
harbor tonight".
> Also, has anyone ever made a true random number generator for a PC,
> using some truly random event like beta decay or diode noise?
Yeah, Mike Rosing used Americium I believe to make a rng...
> Thanks for your patience with this newbie!
Hey I think all serious crypto people start this way (being bored at
school) I know I did.
Tom
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Crypto Export
Date: 6 May 2000 03:15:26 GMT
Bill Unruh <[EMAIL PROTECTED]> wrote:
> other crypto since it was already included. (Crypto is one product which
> you cannot test the output to see if it does what it claims to do-- bad
> crypto and good crypto look the same to the user.)
I suppose one answer to this is peer review from people who know how to
tell the difference. Open source seems to help this, although if
something's popular enough it will be reverse engineered and you can
always hire people under NDA. Part of the problem though seems to be
that you have to say "good crypto for what??" it's not enough to be
unbreakable, the protocol has to work as well.
This reminds me of a question I had :
Sometimes you have an application sitting on your hard drive which
sends encrypted data over an outgoing connection. How do you verify
that this encrypted data is what you think it is, no more no less?
Is it worth spending time on protocols for which a legitimate user
can sniff his own connection, and then prove to himself that ONLY
what he thinks is going out is going out? (i.e. no subliminal
channels). That is, for every protocol executed by the software,
there exists a "verification protocol" which checks to make sure
only the specified info is being passed and that the protocol isn't
broken from a passive adversary point of view.
If it is, then what would satisfy you as a real-world implementation of
the verification protocol? That is, what would a real world
"verifier" look like? It seems like the verifier shouldn't be
written by the same people who wrote the original software. Ideally it
would be simple enough to code yourself, like CipherSaber, and you could
use it to "bootstrap" to larger pieces of code. Maybe next best is to
have lots of verifiers available as source from lots of independent
people.
The immediate application I can think of is remote login and password
verification protocols. Very important protocol, several messages going
back and forth, fairly tricky software to code _right_, and so on. Plus
nasty possibility for subliminal channels since it has your
password! But it might be possible to get a simpler "protocol
checker" which just raises a green light if your software is working,
and yells if it's not.
I'm sure this isn't a particularly novel idea. What I'd like to know is
whether people think something like this would work in the real world,
and if so what form it could take.
Thanks,
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Two basic questions
Date: 6 May 2000 03:55:03 GMT
kidwalden <[EMAIL PROTECTED]> wrote:
> toonite" and I take reasonable trouble to not be consistent in my
> misspellings, it seems like even a simple substitution cipher would
> throw off most machines for a long time. After all, nothing would match
> a dictionary lookup...
Doesn't have to match a dictionary lookup. It just has to "look not
random." Whatever "random" means...but English sure ain't it. Even
"bad" English.
> Also, has anyone ever made a true random number generator for a PC,
> using some truly random event like beta decay or diode noise?
Yup. Check sci.crypt.random-numbers if your news server has it, do a web
search for "HotBits", and maybe for "diode random number
generator." I think you can find several sets of plans for these kinds
of generators. No idea if they're followable plans or not.
Thanks,
-David
------------------------------
From: "JoeC" <[EMAIL PROTECTED]>
Crossposted-To: alt.math
Subject: Newbie question about generating primes
Date: Sat, 6 May 2000 06:44:47 +0100
As I understand it, one of the key factors(pardon the pun) in the security
of PGP and similar is the time taken to factor a large prime number.
Does it not take an equally large amount of time to create a prime, which I
would need were I to create a private/public key pair?
[ Obviously it can't, or it wouldn't work. ]
Could someone point me at a good source (or is there a quick explanation)
for the obvious time difference between creating a prime, compared to
factoring one, since I thought in order to determine if a number was prime,
you had to factor it?
Thanks
Joe
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Reply-To: [EMAIL PROTECTED]
Date: Sat, 06 May 2000 05:17:04 GMT
On Fri, 21 Apr 2000 19:34:38 GMT, I wrote:
>Some things to cogitate on:
>
>1. The U.S. requires that _all_ materials with a strategic defense
>purpose be second-sourced. Because Windows is on so many DoD computers
>(and every other agency), and on so many computers of companies who
>supply the DoD, it legitimately would be a product with a strategic
>defense purpose. But Mr. Gates' company got an exception to the second
>sourcing rule and there it no second source required for Windows.
>Curious.
Lessee ... Love Bug virus ... targets targets Windows and computers
running specific Microsoft apps ... was systemically non-lethal ...
but is estimated to have caused millions in downtime and disruption,
included disruption of systems at NSA.
Naaaah ... no need for a second source for computer OS software ...
It's like each little computer carrying a gene for the same specific
malady and then all of a sudden, something throws a switch and the
gene goes active ...
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Any good attorneys?
Date: 6 May 2000 06:03:37 GMT
In article <[EMAIL PROTECTED]> Trevor L. Jackson,
[EMAIL PROTECTED] writes:
>Copyrighted software has a different set of concerns than patented software.
>With copyrights, it is the act of copying that is restricted. With patents, it
>is the act of usage that is restricted.
>
I can copy material (i.e., "the act of copying") all day long with no
penalty if it's for my own use. With software, that's called a backup.
However, if I redistribute that copied material without permission of the
copyright holder, I am in violation of the copyright laws.
I'm not certain what you mean by "the act of usage". Part of your
previous post alluded to a system in which each user is responsible for
determining if patent law is pertinent for their case. Are you saying
that if I incorporate some patented object into a product and distribute
it, the user is liable under patent law and not me?
>This is why using the international version of PGP is illegal inside the US. It
>is not illegal to own, or even copy international PGP inside the US. But it is
>illegal to use it.
>
I don't think you want to be using PGP as an example in this argument. I
just looked at the disclaimer page at Network Associates
(http://www.pgpinternational.com/legal/) and there is nothing on that
page about restricting PGP usage because of patent concerns. The issues
they are trying to deal with are US export regulations. AFAIK, the only
patent involved in PGP is the RSA key generation which is not included in
the freeware versions. I also looked at the registration pages for both
the freeware international PGP and the commercial international demo and
neither page mentions anything like you stated. The list of countries on
the pull down menu includes Guam, American Samoa, US Virgin Islands, etc.
-- all of which are subject to US patent law. Which statutes do you
believe are being violated if someone uses the international version
within the US?
>Thus I believe your conclusion is flawed by the application of copyright
>principles to the domain of patents. You may want to reread the portion of my
>post that you snipped.
>
You are right. I shouldn't have used illegal downloads of copyrighted
software as an example. The portion of your post you refer to is not
relevant to my argument since I don't believe the end user is liable or
responsible for a patent violation in a product they received from
someone else. I'll have to run that one by the patent lawyers at my
company next week for their opinion.
In any case, you seemed to be taking issue with my usage of the term
"distribution" even though I was trying to agree with you in the first
place that there could be dispute about that term. I was trying to
illustrate that point with my reference to copyrighted software on a
Hotline server. Let's change that to "software containing patented
algorithms". Do you believe that anyone should be able to use a patented
algorithm in a piece of software and either sell it, give it away, or
make it available for download without compensating the holder of the
patent?
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Crypto Export
Date: 6 May 2000 06:18:41 GMT
In <8f02oe$jed$[EMAIL PROTECTED]> David A Molnar <[EMAIL PROTECTED]> writes:
>Bill Unruh <[EMAIL PROTECTED]> wrote:
>> other crypto since it was already included. (Crypto is one product which
>> you cannot test the output to see if it does what it claims to do-- bad
>> crypto and good crypto look the same to the user.)
>I suppose one answer to this is peer review from people who know how to
>tell the difference. Open source seems to help this, although if
>something's popular enough it will be reverse engineered and you can
>always hire people under NDA. Part of the problem though seems to be
>that you have to say "good crypto for what??" it's not enough to be
>unbreakable, the protocol has to work as well.
That is not the question. Of course you can always use your own crypto.
The point was that if crypto is included in a popular software package,
people will use it, assuming it does give them some protection, and they
have no way of knowing if it does or not.
Microsoft is not going to go opensource. And reverse engineering is
bloody hard today, with most programs being many megabytes long.
>This reminds me of a question I had :
>Sometimes you have an application sitting on your hard drive which
>sends encrypted data over an outgoing connection. How do you verify
>that this encrypted data is what you think it is, no more no less?
No, it is impossible. You can check tht it is sending out something
which conforms to the protocol, but you cannot check that what is
actually being sent out as encryption is what it claims to be. Only by
examining the source and assuring yourself that the compiled corresponds
to the source can you do so. There was an article in sci crypt may years
ago where a couple of people showed how in a public key system, the full
private key could be encoded in the public key in such a way that it was
impossible for anyone with the public and private keys to realise it.
Ie, the public key contained the information in an encrypted form, which
was easy for one who knew the encryption to decipher, but not for anyone
else.
Crypto, unlike a word processor say, does not demonstrate its
incompetence to the user.
>Is it worth spending time on protocols for which a legitimate user
>can sniff his own connection, and then prove to himself that ONLY
>what he thinks is going out is going out? (i.e. no subliminal
>channels). That is, for every protocol executed by the software,
>there exists a "verification protocol" which checks to make sure
>only the specified info is being passed and that the protocol isn't
>broken from a passive adversary point of view.
Yes, verification of protocol is possible, verification of strength of
encryption is not.
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Crossposted-To: alt.math
Subject: Re: Newbie question about generating primes
Date: Sat, 6 May 2000 00:11:03 -0700
"JoeC" <[EMAIL PROTECTED]> wrote in message
news:8f0bbe$28t$[EMAIL PROTECTED]...
> As I understand it, one of the key factors(pardon the pun) in the security
> of PGP and similar is the time taken to factor a large prime number.
> Does it not take an equally large amount of time to create a prime, which
I
> would need were I to create a private/public key pair?
Creating a prime is trivial compared to factoring a number of the same size.
Once you have coughed up a candidate of about the right size, Miller's test
can be "really darn sure" that it is prime and if you are paranoid, you can
use APR-CL or ECPP to prove it. This is still pretty fast. And the product
of two large primes will be a much larger object which will be very tough to
factor indeed.
> [ Obviously it can't, or it wouldn't work. ]
> Could someone point me at a good source (or is there a quick explanation)
> for the obvious time difference between creating a prime, compared to
> factoring one, since I thought in order to determine if a number was
prime,
> you had to factor it?
You can't factor a prime (other than the trivial factorization (p,1)).
Take a look here:
http://www.utm.edu/research/primes/
You might also want to read up on RSA (which is the crypto technology that
uses prime numbers -- other methods use different techniques that are
probably about the same level of difficulty to solve). Lookie here:
http://www.rsasecurity.com/rsalabs/faq/
Questions of this nature are easily answered by web search.
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: RC5 math
Date: 6 May 2000 07:29:08 GMT
In article <8ern14$kb9$[EMAIL PROTECTED]>, Pred. <[EMAIL PROTECTED]> wrote:
>The document says that 2^44 plaintexts is required for the attack. This
>is not going to happend for another decade or two, now is it? Great!
>
>Another question: are the enhancements in RC6 made spesifically to
>prevent good-pair attacks?
>
>Thanks!
>
Yes, the enhancements made to RC6 make it very resistant to differential
cryptanalysis. Once you have an idea on the attacks used on RC5, then
you can get a good understanding for the security of RC6 in the
document "The Security of the RC6 Block Cipher" which is available
at RSA's web site, and also my own:
http://www.rsasecurity.com/rsalabs/aes/index.html
http://www.maths.usyd.edu.au:8000/u/contini/
Scott
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Unbreakable Superencipherment Rounds
Date: Sat, 06 May 2000 01:13:09 -0600
In article <[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
> Also 3DES and AES have diff block sizes...
>
Ciphertext from one algorithm of one block size may be reblocked for a
chained algorithms where each has a constant size. If a clean
relationship in a common denominator size exits, that size can be taken as
the combined size, otherwise, garbage makes good padding to dress up the
last group.
--
Laughter is often the most pleasing result of successful analysis.
------------------------------
From: "Ali Tofigh" <[EMAIL PROTECTED]>
Subject: SV: cryptographically secure
Date: Sat, 06 May 2000 08:06:39 GMT
Does this mean that I could use something like the Mersenne Twister and just
concatenate the bits? Are there any other, better choices of random number
generators our there? I'm working on a unix-system. Sun Solaris (5 I
think)..
Thanks,
A.T.
Tom St Denis <[EMAIL PROTECTED]> skrev i
diskussionsgruppsmeddelandet:[EMAIL PROTECTED]
>
>
> Ali Tofigh wrote:
> >
> > Hi!
> >
> > I'm in urgent need for a cryptographically secure random number
> > generator... I'm studying cryptography and implementing an RSA-system
> > and therefore I need a random number generator that can generate
> > large numbers. Around 400-500 bits long at least.
> >
> > Regards
> > A.T.
>
> Normally you make prng bits one at a time and concatenate them
> together. So you just need a non-linear long-perioded prng.
>
> Such as a hash in counter mode.
>
> Tom
> --
> Want your academic website listed on a free websearch engine? Then
> please check out http://tomstdenis.n3.net/search.html, it's entirely
> free
> and there are no advertisements.
------------------------------
From: "Ali Tofigh" <[EMAIL PROTECTED]>
Subject: SV: cryptographically secure
Date: Sat, 06 May 2000 08:06:40 GMT
I'm working on a Unix-platform, Sun-Solaris (5 I think). But if possible It
would be nice to have the source-code also, making things much more
portable... (I'm working in C)
A good and safe pseudo random number generator would be great...
Thanks
A.T.
Anton Stiglic <[EMAIL PROTECTED]> skrev i
diskussionsgruppsmeddelandet:[EMAIL PROTECTED]
>
> For what platform do you want it (Windows, Lynux, ....)?
> Are you satisfied with a pseudo-random number generator (I would
> think so...)?
>
> Ali Tofigh wrote:
>
> > Hi!
> >
> > I'm in urgent need for a cryptographically secure random number
> > generator... I'm studying cryptography and implementing an RSA-system
> > and therefore I need a random number generator that can generate
> > large numbers. Around 400-500 bits long at least.
> >
> > Regards
> > A.T.
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
