Cryptography-Digest Digest #807, Volume #11 Thu, 18 May 00 07:13:01 EDT
Contents:
Re: AES Comment: the Hitachi patent (Mok-Kong Shen)
Re: What is a good Encryption program?? ([EMAIL PROTECTED])
Re: AEES-Cascade ([EMAIL PROTECTED])
Re: About Hardware RNG (Guy Macon)
Re: zeroknowledge.com and freedom.net - Snake oil? (Guy Macon)
Re: Interesting differentials in BREAKME (Mark Wooding)
Re: Blowfish and Weak Keys (Mark Wooding)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: AES Comment: the Hitachi patent
Date: Thu, 18 May 2000 10:37:39 +0200
Jerry Coffin wrote:
> > A comprehensive patent databank is offered by IBM on the
> > internet, if I don't err.
>
> A database, yes. Comprehensive, no.
>
> > Now MARS comes from IBM. IBM is such
> > a big firm and has itself numerous and numerous patents and hence
> > must have a large staff of very competent patent specialists. I can't
> > imagine that it could be a very difficult task for IBM to do a search
> > for potential patent conflicts with MARS, if it ever cares to do so.
>
> Yes and no -- conducting a search for potential conflicts is easy.
> Being sure you've caught all possible conflicts is impossible. About
> the best you can hope for is to be reasoanbly sure that you've caught
> most of the most relevant conflicts, and even that takes a great deal
> of time, effort and skill to do well.
Are you seeking 'perfection' in this world?? If you do something and
achieve something, it is anyway better than you do nothing and
achieve nothing. Should we do or do nothing to curb the damages
being done to the natural environments? One's health is never perfect.
Should one take care to cure some of the big illness or should we
wait till the science has advanced to such a point that curing ALL
illness in one shot no longer ''takes a great deal of time, effort and
skill to do well'' ?? Searching for patent conflicts in the present case
might be an onerous task within the resource framework of the authors
of Rijndael and Serpent but certainly not for IBM! And in my humble
view it is also the responsibility of NIST to investigate patent matters
from the very beginning of AES project. As I said previously,
apparently no serious effort has EVER been undertaken by any party
involved in AES up till now.
M. K. Shen
==================================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is a good Encryption program??
Date: Thu, 18 May 2000 08:33:15 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Tim Tyler wrote:
> : FYI: 56 bit DES is about E +19. 128 bit DES is E +38.
>
> 2^56 ~= 10^17, not 10^19.
right, 0.72E16
> DES uses a 64-bit (10^19) key - but a byte of
> it is not used as key material.
heh, DES uses 56 bit key
> Also, what is 128-bit DES?
there is no such thing
there is only 112 and 168 bit tripleDES
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOSOOqDBaTVEuJQxkEQI3bwCgmLEC7tEfBGqjDqh1q8pnJerMhWUAoMMr
X9IADIp+ACgnCYkuCtYNsncy
=q95P
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AEES-Cascade
Date: Thu, 18 May 2000 08:24:27 GMT
David,
Thank you very much for your reply.
#Assuming you are using a modern fast PC,
#this seems quite slow.
It is only a question of time and development.
There are a lot of other factors that should be taken into account.
For example: level of security.
#You should get pretty close to 50% change with a one bit
#change in input or key. Otherwise the big boys will break
#your cypher pretty easily, as soon as they can be bothered
#trying.
1. I suppose that Avalanche Effect idea is not to change one
bit but to change an amount of information in plain text.
2. I am not sure that all this criteria may be applied directly
to cascade architecture, which seams to be very complex for
cryptanalysis.
Best regards.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: About Hardware RNG
Date: 18 May 2000 04:53:25 EDT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
>[EMAIL PROTECTED] (Guy Macon) wrote:
>
>>How does the circuit determine the threshhold to compare the noise to
>>in order to decide whether to call the current bit a 1 or a 0? Is this
>>a logic input, comparator, op-amp, Transistor (FET or bipolar?) or what?
>
>My circuit (I presume you mean that one, rather than the one Tom
>found) uses split supplies (+/- 15V) and uses a plain op-amp
>comparator to compare the signal to 0V. The noise source is
>capacitively coupled so the capacitor output oscillates about 0V.
You have a 0/1 bias then. The input to the opamp is slightly
imperfect, and thus there is a small offset. Have you tried
any long runs with a count of how many zeros and ones you get?
I also suspect that there is a slight corolation between sucessive bits.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: zeroknowledge.com and freedom.net - Snake oil?
Date: 18 May 2000 05:08:26 EDT
In article <8fu21q$shb$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
>
>In article <8ftn5f$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Guy Macon) wrote:
>>...
>> >Sure this point is the catchiest point. Anonymizers rewrite URLs,
>> >but therefore they work behind firewalls!
>>
>> If the users of the firewall I administer want to use either of your
>> products and I don't want them to, I can stop them. (in real life I
>> would offer free tech support!). Your system doen't change this.
>
>And if I don't want that the users don't use ZKS I can stop them
>too. Now what?
Uh, Alex? Did you notice that I said "EITHER of your products"?
>NO System can change that, but Web-Anonymizers work behind firewalls
>(until the admin restricts it) Proxy-based Servers as ZKS don't.
Think of it from my standpoint as a firewall admin. I block site X.
Now why did I do such a thing? Because my monitoring software says
that site X has content that I don't want my users to access. Will
not my monitoring software come to the same conclusion about your
anonymizer as soon as that user accesses the content of site X?
(In the real world I would set the firewall to let users use either
of your products, but that's because I am in the business of protecting
users from attackers, not filtering or blocking them)
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Interesting differentials in BREAKME
Date: 18 May 2000 09:18:25 GMT
Raphael Phan <[EMAIL PROTECTED]> wrote:
> Ok, Mark, so how did you manage to get a differential of 32/256? Could you
> enclose your difference distribution table for us?
I only analysed output differences of zero. The table maps input
differences to differential probability * 256. The entry for an input
difference of zero is zero because I didn't bother trying it: the result
is predictable and it makes spotting the maximum probability harder.
x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xa xb xc xd xe xf
0x 00 04 12 0a 0c 0c 0c 10 08 16 18 0c 18 16 12 0e
1x 04 16 0a 10 12 08 0a 18 16 10 0a 14 12 18 0a 06
2x 14 0c 12 0e 0e 0c 12 18 18 0c 10 14 0a 14 0e 12
3x 0a 0a 0e 08 0c 0e 14 08 0a 08 0e 0c 0e 0a 0a 16
4x 12 14 0e 0c 10 0e 08 08 12 10 0a 18 12 10 12 0a
5x 14 0a 1e 08 0c 0e 14 16 12 0c 18 0c 1e 12 0e 16
6x 18 10 0a 16 0a 20 0e 0a 10 12 0e 10 12 08 12 0c
7x 16 10 16 0a 10 04 06 0e 12 0a 10 08 0c 0e 14 0a
8x 0e 10 14 0e 0e 14 0c 0e 0c 10 0c 14 12 0c 12 0a
9x 0e 10 08 14 16 0c 10 0e 12 0a 08 0e 06 18 0a 08
ax 0c 06 14 0c 0a 0e 10 10 0c 12 16 0e 0a 10 1e 0c
bx 12 0e 10 12 10 14 0a 0a 02 12 06 14 0a 08 0c 14
cx 12 10 12 08 16 12 16 14 14 10 0a 16 0e 1c 0c 10
dx 08 10 08 0c 16 18 12 12 10 14 12 0e 0c 0c 0c 08
ex 0e 0e 16 18 0a 0a 10 12 08 0c 0c 16 12 0a 14 12
fx 0a 0a 1a 0e 0e 0c 10 12 10 0e 0a 16 06 0a 0c 10
The Perl program which generated the table can be found below.
#! /usr/bin/perl
@s = (
3, 7, 1, 9, 5, 6, 3, 8, 6, 2, 3, 14, 5, 4, 11, 2,
12, 4, 2, 12, 1, 12, 1, 0, 10, 12, 10, 13, 6, 10, 1, 9,
9, 7, 8, 0, 6, 11, 10, 6, 0, 9, 6, 7, 8, 5, 6, 14,
4, 9, 10, 13, 1, 14, 8, 12, 10, 1, 8, 0, 6, 9, 14, 9,
12, 5, 13, 15, 12, 9, 11, 5, 4, 6, 14, 12, 8, 15, 14, 11,
4, 15, 1, 13, 1, 11, 10, 3, 3, 12, 6, 0, 15, 14, 15, 14,
7, 5, 9, 2, 5, 13, 0, 9, 5, 13, 7, 15, 2, 9, 10, 4,
12, 7, 6, 7, 4, 6, 15, 1, 13, 11, 1, 4, 6, 10, 8, 0,
1, 0, 11, 3, 6, 15, 12, 8, 15, 11, 14, 7, 7, 12, 14, 2,
4, 0, 12, 13, 3, 11, 0, 13, 0, 15, 10, 2, 8, 4, 3, 0,
5, 1, 4, 4, 11, 5, 7, 11, 0, 14, 9, 13, 7, 15, 15, 10,
13, 7, 14, 3, 7, 8, 1, 10, 8, 2, 13, 2, 7, 5, 4, 12,
0, 2, 3, 5, 4, 11, 2, 13, 15, 6, 4, 13, 5, 0, 14, 5,
15, 0, 9, 10, 12, 0, 11, 11, 2, 14, 5, 9, 3, 8, 11, 13,
13, 1, 8, 7, 14, 15, 3, 2, 14, 2, 3, 8, 3, 12, 7, 5,
2, 3, 15, 10, 9, 8, 9, 8, 10, 11, 6, 1, 1, 3, 4, 10
);
@d = ();
for ($d = 1; $d < 256; $d++) {
for ($x = 0; $x < 256; $x++) {
if ($s[$x] == $s[$x ^ $d]) { $d[$d]++; }
}
}
@max = ();
$m = 0;
for ($i = 0; $i < 256; $i++) {
printf("%02x ", $d[$i]);
print "\n" if $i % 16 == 15;
if ($d[$i] > $m) { $m = $d[$i]; @max = (); }
if ($d[$i] == $m) { push(@max, $i); }
}
printf("%02x: ", $m);
foreach $i (@max) { printf("%02x ", $i); }
print "\n";
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Blowfish and Weak Keys
Date: 18 May 2000 09:25:03 GMT
Karim A <[EMAIL PROTECTED]> wrote:
> I've implemented Blowfish algo for my application, users have to
> choose themself a key. I'd like to know a way to detect if the key is
> weak. I've read Blowfish specs about weak keys, after the key
> expansion through the P-Array and S-Boxes transformations, a weak key
> is detected in one in which two entries for a given S-Box are
> identical ? Is it right ?
That's right. You can detect a weak key by searching each S-box for two
identical words. A simple hashtable will work for this. You can just
use the least significant bits of each entry as its hash.
Note that nobody has discovered a way to detect the use of a `weak' key
in full 16-round Blowfish, let alone exploit it. You're probably
wasting your time.
-- [mdw]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
