Cryptography-Digest Digest #751, Volume #11 Thu, 11 May 00 01:13:01 EDT
Contents:
Re: RSA-primes, smoothness (Scott Contini)
How does one test an encryption algorithm? ([EMAIL PROTECTED])
Re: Encryption code or addons for VB? (Anthony David)
Re: RSA-primes, smoothness (Roger Schlafly)
Request for cryptanalysis: lja1 (Andru Luvisi)
Re: RSA-primes, smoothness (David A Molnar)
Re: Who can declare "eminent domain" on patents? (Mike Kent)
Re: For Jim-G about the NOVA "cipher contest" ... (Jim Gillogly)
Key generation for lja1 (Andru Luvisi)
Cipher Contest ("Adam Durana")
Re: Cipher Contest ([EMAIL PROTECTED])
Re: Encryption code or addons for VB? ([EMAIL PROTECTED])
Re: Encryption code or addons for VB? ([EMAIL PROTECTED])
Is Microsoft CryptoAPI's CALG_MAC really CBC-MAC? ([EMAIL PROTECTED])
Re: Request for cryptanalysis: lja1 (Andru Luvisi)
Re: high speed public key crypto ("Mehdi Sotoodeh")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: RSA-primes, smoothness
Date: 11 May 2000 00:36:12 GMT
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>DJohn37050 wrote:
>[re: banking standards requiring strong RSA primes]
>
>> No, they decided that the cost was nominal, and worth the disambiguation.
>> What do you do if someone presents a RSA key where p-1 HAS all small
>> factors? Go before a judge and let HIM/HER decide? Or perhaps worse,
>> a jury?
>
>That is beside the point, since there are *lots* of other ways for an RSA
>key to be weak (all of which occur with negligable probability for large
>enough key sizes, say >= 1024 bits), than for p-1 or q-1 to have only
>small factors.
>
>Either you trust the hardware or software that is generating keys to do so
>correctly - in which case there is negligable probability of it creating a
>key that is weak - or you don't - in which case all security bets are off
>regardless of whether the standard specifies "strong" primes.
>
>> Given these possibilities, the answer for banks was to disallow this
>> possibility. If anyone comes and presents such an RSA key, it does not
>> meet the standard.
>
>And if they present a key where |p-q| is sufficiently small, or which is
>unusually easy to factor using ECM (for example), it does meet the standard,
>but is just as insecure.
>
I agree.
(BTW I think some standards make sure that |p-q| is not too small).
I think Bob Silverman also tried to make similar arguments when the standards
were being written up, but the message didn't get through.
Scott
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED]
Subject: How does one test an encryption algorithm?
Date: Thu, 11 May 2000 00:37:29 GMT
I have an dynamic encryption algorithm and it needs to be tested. Is
there a newgroup or a group of freelance hackers :-) or some place
where I could test by hiring services.
All I want to know is that if my algorithm is tough to crack.
How does one estimate the confidence factor of an encryption algorithm?
Are there any metrics defined?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Encryption code or addons for VB?
From: Anthony David <[EMAIL PROTECTED]>
Date: 11 May 2000 11:11:48 +1000
Test51 <[EMAIL PROTECTED]> writes:
> Hi,
>
> I searched through recent posts of this group but couldn't find an
> answer.
>
> Does anyone know of any site out there that contain code or other addons
> (DLL, ActiveX) to provide encryption in Visual Basic?
>
> Thanks.
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
There is a VB "wrapper" for Peter Guttman's cryptlib
See
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
for instructions
I haven't used it but I had to dig it up for some of our VBers.
--
=========================================================
Gambling: A discretionary tax on | Anthony David
those who were asleep during high | Systems Administrator
school mathematics classes |
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: RSA-primes, smoothness
Date: Wed, 10 May 2000 18:15:40 -0700
Scott Contini wrote:
> >Either you trust the hardware or software that is generating keys to do so
> >correctly - in which case there is negligable probability of it creating a
> >key that is weak - or you don't - in which case all security bets are off
> >regardless of whether the standard specifies "strong" primes.
Yes.
> >And if they present a key where |p-q| is sufficiently small, or which is
> >unusually easy to factor using ECM (for example), it does meet the standard,
> >but is just as insecure.
> >
>
> I agree.
> (BTW I think some standards make sure that |p-q| is not too small).
>
> I think Bob Silverman also tried to make similar arguments when the standards
> were being written up, but the message didn't get through.
Exactly. I think that some people wanted some snake oil.
Bob S. wrote the section requiring strong primes.
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Request for cryptanalysis: lja1
Date: 10 May 2000 19:25:06 -0700
Here's my first attempt at designing a cipher. Could I trouble any of
you to point out any weaknesses you see in it? I'm also curious how I
would go about figuring out how many cycles it would need, and what
would be a good block size.
It is an unbalanced Feistel network, working on a block size of n
bytes, where n-1 bytes modify 1 byte each round. Below I include
functions that implement one cycle of encryption and one cycle of
decryption. A cycle contains n rounds. The key is a 256 byte array
containing the numbers 0-255 in a random permutation. The theory is
to use an 8 bit hash function, where the compression function
f(accumulator, next_block) = sbox[accumulator + next_block] over n-1
of the bytes in a block as the Feistel one way function.
--- START CODE ---
/* key[] is a 256 element array, containing 0-255 in a random order */
/* blocksize is the number of bytes in block */
void lja1e_round(unsigned char *key, unsigned char *block, int blocksize)
{
unsigned char acc;
int i, j;
for(i = 1; i <= blocksize; i++)
{
for(j = 0, acc = 0; j < blocksize - 1; j++)
{
acc += block[(i + j) % blocksize];
acc = key[acc];
}
block[(i + j) % blocksize] ^= acc;
}
}
void lja1d_round(unsigned char *key, unsigned char *block, int blocksize)
{
unsigned char acc;
int i, j;
for(i = blocksize; i > 0; i--)
{
for(j = 0, acc = 0; j < blocksize - 1; j++)
{
acc += block[(i + j) % blocksize];
acc = key[acc];
}
block[(i + j) % blocksize] ^= acc;
}
}
--- END CODE ---
Thoughts?
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: RSA-primes, smoothness
Date: 11 May 2000 02:04:34 GMT
Roger Schlafly <[EMAIL PROTECTED]> wrote:
>> I think Bob Silverman also tried to make similar arguments when the standards
>> were being written up, but the message didn't get through.
> Exactly. I think that some people wanted some snake oil.
> Bob S. wrote the section requiring strong primes.
He also co-wrote with Rivest a paper on
"Are Strong Primes Needed for RSA?"
http://theory.lcs.mit.edu/~rivest/RivestSilverman-AreStrongPrimesNeededForRSA.ps
which answers the question in the negative.
------------------------------
From: Mike Kent <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Who can declare "eminent domain" on patents?
Date: Thu, 11 May 2000 02:32:27 GMT
"Y. Lionmaker" wrote:
> the erroneously issued patent was retroactively canceled.
IIRC from some Business Law thing decades ago, patents
_cannot_ be contested by opposing interests before issue
as the claims are secret until then.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: For Jim-G about the NOVA "cipher contest" ...
Date: Thu, 11 May 2000 02:47:22 +0000
Sundial Services wrote:
> I hope that you (and the by-now-long-suffering NOVA producers) realize
> that your "cipher challenge" could happily go on for many months. Even
> though the "cipher challenge" seems to have stopped with the Playfair
> solutions, I'm equally sure that others are browsing through the other
> more complicated ciphertexts.
Actually, the contest ended shortly after it was supposed to, and
we posted the solutions there as well. They're hanging off of some
of the hot links. As I said, I think the Double Playfair is too
hard for a contest of this sort, but the double transposition is
doable if the analyst is motivated enough.
--
Jim Gillogly
21 Thrimidge S.R. 2000, 02:45
12.19.7.3.11, 10 Chuen 14 Uo, Eighth Lord of Night
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Key generation for lja1
Date: 10 May 2000 20:16:36 -0700
Because the hash function for lja1 is basically an eight bit codebook
run in cipher block chaining mode, and long periods are generally
considered a good thing in a block cipher, I suspect keys which would
have a cycle of length 256 would be stronger than keys with shorter
cycles. In an extreme case, if every key[i] = i, then the compression
function would not change the accumulator when hashing zero bytes.
Here's my attempt at a key generator. Suggestions invited:
void make_key(unsigned char *key)
{
unsigned char numbers[256];
unsigned char temp;
unsigned int i, j, next;
FILE *fp;
if((fp = fopen("/dev/urandom", "r")) == NULL)
{
/* a little harsh, but this is demo code */
fprintf(stderr, "Can't open /dev/urandom\n");
exit(1);
}
for(i = 0; i < 256; i++)
numbers[i] = i;
next = 255;
for(i = 254; i > 0; i--)
{
fread(&j, sizeof(j), 1, fp);
j = j % (i + 1);
temp = numbers[i];
numbers[i] = numbers[j];
numbers[j] = temp;
key[next] = numbers[i];
next = numbers[i];
}
key[next] = numbers[0];
next = numbers[0];
key[next] = 255;
fclose(fp);
}
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Cipher Contest
Date: Wed, 10 May 2000 23:22:19 -0400
Hello
For all of you who have been posting algorithms of your own design, you
should really look at http://www.wizard.net/~echo/ This contest was started
specifically with you people in mind. So if you are serious, well as
serious as someone could be who wants to get free analysis, about seeing if
you cipher is any good, submit it to the contest. There have already been a
few, and the very first one was broken a few weeks after it was submitted.
- Adam
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Cipher Contest
Date: Wed, 10 May 2000 20:48:23 -0700
When are we going to have a stream cipher contest?
Joseph Poe
Adam Durana wrote:
> Hello
>
> For all of you who have been posting algorithms of your own design, you
> should really look at http://www.wizard.net/~echo/ This contest was started
> specifically with you people in mind. So if you are serious, well as
> serious as someone could be who wants to get free analysis, about seeing if
> you cipher is any good, submit it to the contest. There have already been a
> few, and the very first one was broken a few weeks after it was submitted.
>
> - Adam
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Encryption code or addons for VB?
Date: Thu, 11 May 2000 03:53:26 GMT
My book, "Cryptography for Visual Basic: A Programmer's Guide to the
Microsoft CryptoAPI" will be published by John Wiley & Sons in July
2000. It includes COM wrappers for the Base Cryptography Functions of
the Microsoft CryptoAPI, and is a companion to Bruce Schneier's Applied
Cryptography (also published by Wiley). The COM wrappers come with an
Open Source license, so you can do anything you want with them, even
sell them. I'm afraid you'll have to wait until July though, but you
can pre-order the book on Amazon. You can also read the forward at
www.fatbrain.com, where it is one of the user reviews (of the author,
me).
Best,
Richard Bondi
In article <8f7opg$jka$[EMAIL PROTECTED]>,
Test51 <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I searched through recent posts of this group but couldn't find an
> answer.
>
> Does anyone know of any site out there that contain code or other
addons
> (DLL, ActiveX) to provide encryption in Visual Basic?
>
> Thanks.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.programming
Subject: Re: Encryption code or addons for VB?
Date: Thu, 11 May 2000 03:54:42 GMT
My book, "Cryptography for Visual Basic: A Programmer's Guide to the
Microsoft CryptoAPI" will be published by John Wiley & Sons in July
2000. It includes COM wrappers for the Base Cryptography Functions of
the Microsoft CryptoAPI, and is a companion to Bruce Schneier's Applied
Cryptography (also published by Wiley). The COM wrappers come with an
Open Source license, so you can do anything you want with them, even
sell them. I'm afraid you'll have to wait until July though, but you
can pre-order the book on Amazon. You can also read the forward at
www.fatbrain.com, where it is one of the user reviews (of the author,
me).
Best,
Richard Bondi
In article <8f7ook$jk5$[EMAIL PROTECTED]>,
Test51 <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I searched through recent posts of this group but couldn't find an
> answer.
>
> Does anyone know of any site out there that contain code or other
addons
> (DLL, ActiveX) to provide encryption in Visual Basic?
>
> Thanks.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Is Microsoft CryptoAPI's CALG_MAC really CBC-MAC?
Date: Thu, 11 May 2000 03:57:25 GMT
Dear all,
This is a question for cryptographers rather than programmers.
At http://msdn.microsoft.com/library/default.asp?
URL=/library/psdk/crypto/aboutcrypto_0jhf.htm, the CALG_MAC algorithm is
identified as the CBC-MAC algorithm. However, there is a difference
between
Microsoft's description of this algorithm in CALG_MAC, and Schneier's
description of CBC-MAC in "Applied Cryptography," p. 456 (Chapter 18,
Section 14).
Schneier says that the CBC-MAC specification is the last block of a
block
cipher in CBC or CFB, with this last block encrypted a second time in
CBC
or CFB. The CALG_MAC description does not have this last block
encrypted a
second time.
I did a test to verify this, and indeed CALG_MAC does not encrypt the
last
block twice: I compared the last block of an RC2 ciphertext to the hash
value of a CALG_MAC using the same RC2 key and plaintext, and the last
blocks were identical.
Does anyone know :
-- whether this affects the security of the CALG_MAC algorithm?
-- whether therefore CALG_MAC is not CBC-MAC, even though the Microsoft
documentation says it is?
Thanks much in advance,
Richard Bondi
Author of "Cryptography for Visual Basic", publ. by John Wiley & Sons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: Request for cryptanalysis: lja1
Date: 10 May 2000 21:12:41 -0700
Andru Luvisi <[EMAIL PROTECTED]> writes:
[snip]
> acc += block[(i + j) % blocksize];
[snip]
Argh. This should read:
> acc += key[block[(i + j) % blocksize]];
The hash compression function should be:
f(accumulator, block) = sbox[accumulator + sbox[block]]
Corrected code:
/* key[] is a 256 element array, containing 0-255 in a random order */
/* blocksize is the number of bytes in block */
void lja1e_cycle(unsigned char *key, unsigned char *block, int blocksize)
{
unsigned char acc;
int i, j;
for(i = 1; i <= blocksize; i++)
{
for(j = 0, acc = 0; j < blocksize - 1; j++)
{
acc += key[block[(i + j) % blocksize]];
acc = key[acc];
}
block[(i + j) % blocksize] ^= acc;
}
}
void lja1d_cycle(unsigned char *key, unsigned char *block, int blocksize)
{
unsigned char acc;
int i, j;
for(i = blocksize; i > 0; i--)
{
for(j = 0, acc = 0; j < blocksize - 1; j++)
{
acc += key[block[(i + j) % blocksize]];
acc = key[acc];
}
block[(i + j) % blocksize] ^= acc;
}
}
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: "Mehdi Sotoodeh" <[EMAIL PROTECTED]>
Subject: Re: high speed public key crypto
Date: Thu, 11 May 2000 04:47:24 GMT
Tom Berson and Prof. Hellman have looked at this and they think there is a
promise here.
However, more research is required before this can be published.
Mehdi Sotoodeh
[EMAIL PROTECTED]
"David Hopwood" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Mehdi Sotoodeh wrote:
> >
> > I have found a new public key crypto system that is fast, easy to
> > implement and requires low level of system resources.
> > I am looking for someone who is interested to work on this as a joint
> > project. I specifically need help on evaluation and publication of the
> > project.
> > Please let me know if you are interested.
>
> There is not enough information here for people to decide whether your
> system is worth putting effort into. Post a brief description of the
> mathematical problem that its security is based on.
>
> If you are concerned about anyone stealing your idea, don't be. The
> most likely outcome is that your scheme will be found to be less secure
> or less practical than existing public key cryptosystems, in which case
> you will have saved a lot of effort. If it does look secure and
> practical, and it becomes widely used, then you'll probably be able to
> take your pick of highly paid jobs. OTOH, if you patent the system, it
> will likely disappear without trace, since there are several existing
> widely used PK cryptosystems (to which RSA will added in September),
> that are unpatented, and that people are for the most part perfectly
> happy with.
>
> - --
> David Hopwood <[EMAIL PROTECTED]>
> PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBORn6YTkCAxeYt5gVAQGXBQf/bjZvRLD1QD3lOcUkLNDRfUzKhe9XPPtP
> zPzfR2Bggk2qfuyZjLaRlhO/hZfYHuXwO7RVPvb/TF+U7jfZO9mAgyLs5T32rL0l
> 4jXKxIaZfn8Q8ETUEUMC8LuazCqwOiL1/VOajUEojyciaVdBzyPG+0jQKLfRfzvk
> j//rJJe2dTeKsq0hhYMlmC4peWEzpNiOFfQnQItX3G8jD5tu8yqJmKSdvmk1Ynuc
> XzwGeRa3KTQM46SmlDirtprFz980WwBaf4tV5ClgxAD4Ok6Ik1b+AncavTDAdITB
> VKJftdf8f2btaQ603eMAjdbq8EY7IJcMYK3hpXHnBt3thYkz+8/dGA==
> =vDqm
> -----END PGP SIGNATURE-----
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
