Cryptography-Digest Digest #24, Volume #12 Wed, 14 Jun 00 10:13:01 EDT
Contents:
Re: DPmax of Feistel Construction (Mark Wooding)
Re: Man in the middle attacks (Mark Currie)
Re: Why the golden ratio? (Runu Knips)
Re: FIPS-186 vs. FIPS-186-2 (Tim Tyler)
Re: CRC Programming Help... Please!! (Runu Knips)
Re: McTER 2 (manual crypt) (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: Why the golden ratio? (Volker Hetzer)
Re: Random sboxes... real info (Rex Stewart)
Re: Why the golden ratio? (Runu Knips)
Re: Random sboxes... real info (Rex Stewart)
Re: An interesting page on the Rabin-Miller PP test (Andrew John Walker)
Re: Why the golden ratio? (Volker Hetzer)
Re: Updated: Evidence Eliminator Dis-Information Center (Richard Herring)
Re: Cipher design a fading field? (Nicol So)
Re: Cipher design a fading field? (Nicol So)
Application specific SBoxes in Blowfish? ("Sam Simpson")
Re: Updated: Evidence Eliminator Dis-Information Center (Don Barzini)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: DPmax of Feistel Construction
Date: 14 Jun 2000 08:56:38 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> The DPmax of any n-bit function is at most 2^-n+1
I think you mean `at least'. The DPmax of a function can be 1.
Consider XOR with a constant.
-- [mdw]
------------------------------
Subject: Re: Man in the middle attacks
From: [EMAIL PROTECTED] (Mark Currie)
Date: 14 Jun 2000 09:08:33 GMT
In article <8i31co$9n4$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>I've been reading my copy of Applied Cryptography, looking at ways of
>defeating man in the middle attacks.
>
>All the methods in the book use a Trusted Person to make sure the
>protocol works.
>
>Can anyone please point me in the direction of a protocol that works
>with two nodes - if such a thing exists. It's been rattling around in
>my head for the last week and I can't think how I would make it work.
>
>Thanks,
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
It really comes down to trust/authentication. You cannot beat MTM unless you
have some way of authenticating the message originator. This does not always
require a trusted third party. The most inconvenient way is probably the best,
which is a face-to-face meeting to exchange information which can later be used
for authentication.
Once you have the initial trust bit sorted out, there are many ways to defeat
MTM.
Mark
------------------------------
Date: Wed, 14 Jun 2000 11:26:14 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why the golden ratio?
Dido Sevilla wrote:
> Does the golden ratio have some properties that these
> other numbers don't?
AFAIK there is a simple equotation of pi, e, the golden
number, and 1, I don't remember it exactly but it was
really very simple. Maybe I can find it at home.
However, I believe the fact that the golden number is
related to pi and e puts a little of the glory of those
most important numbers into it. :-)
And hey, its golden ! ;-)
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: FIPS-186 vs. FIPS-186-2
Reply-To: [EMAIL PROTECTED]
Date: Wed, 14 Jun 2000 09:18:07 GMT
Martin Hamann <[EMAIL PROTECTED]> wrote:
: I found this on the web
: http://csrc.nist.gov/fips/fips186-2.pdf
: It's official date is 27th of july 2000, but as far as I can see it is
: published already.
http://csrc.nist.gov/fips/ says this came out in Feb. 2000.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Be good, do good.
------------------------------
Date: Wed, 14 Jun 2000 11:40:01 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: CRC Programming Help... Please!!
Joseph Reuter wrote:
> [...] A Cyclic Redundancy Checksum is not a cryptographic hash.
Yep. It was never designed for that purpose.
> It's not a hash at all.
No, wrong, its surely a hash function, and also a really
good one for non-cryptographic purposes.
> It is an error-detecting code, usually chosen because
> it guarantees to detect any burst of errors whose length is less
> than the length of the checksum.
Which means its also good to use in hashtables, where each
changed bit should also result in some totally different
hash value.
> [...]
> A Cyclic Redundancy Checksum (CRC) is linear, and will never be
> cryptographically secure!
Yep.
------------------------------
Subject: Re: McTER 2 (manual crypt)
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Wed, 14 Jun 2000 10:03:06 GMT
In the previous post there is an erron in the listing
> pt1$ = "PLAINTEXTONEPTEXTTWOPTEXDPLAINTEXTONEPTEXTTWOPTEXD"
It should have been this:
pt1$ = "PLAINTEXTONEPTEXTTWOPTEXTTHREEPTEXTFOURPTEXTFIVEPTEX"
Hope this didn't caused too much problems
Jacques Thériault
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Why the golden ratio?
Date: Wed, 14 Jun 2000 10:39:58 +0000
Runu Knips wrote:
>
> Dido Sevilla wrote:
> > Does the golden ratio have some properties that these
> > other numbers don't?
>
> AFAIK there is a simple equotation of pi, e, the golden
> number, and 1, I don't remember it exactly but it was
> really very simple. Maybe I can find it at home.
It's got nothing to do with pi.
It is (sqrt(5)-1)/2.
You can check the result because 1/x = x+1.
There is also an iterative algorithm to derive it
but I've forgotten it.
> And hey, its golden ! ;-)
Yeah, now let's take it to the bank :-)
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: Random sboxes... real info
Date: Wed, 14 Jun 2000 11:51:16 GMT
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> In article <8i5vt7$bl7$[EMAIL PROTECTED]>, Rex Stewart
> <[EMAIL PROTECTED]> wrote:
>
> >The only cipher I have ever studied ...
>
> Twofish uses key-dependent sboxes and is fairly quick.
I will have to have another look at it. I can't say I have
really studied it, but my understanding is a)the s-boxes
are only one of three parts of the F function and b)the
key chooses from a fairly narrow selection of possible
quasi random s-boxes. MPJ's Diamond and Diamond Lite are
completely dependant on random s-boxes for strength and
the selection is about as close to complete as can be written
into a pracitcal computer program.
>
> >I think however saying NSA was "wrong" about their s-boxes might
> >be harsh - howabout they were half right :-) For the purposes
> >they wanted them for they did pretty well. And, even today,
> >the s-boxes aren't considered the weakest point in the cypher.
>
> Actually their sboxes are the point of attack, but even the best
> found sboxes so far only push the attacks up, but not out.
What I meant was the weakest point is still the key size.
OTOH, your statement (although I am not sure the differance
between up and out) seems to agree with my assessment that
NSA should be given credit for a good job on their s-boxes
(even though IBM - I think - still maintains they were the ones
that did the real work on them - the NSA merely pointed out
a weakness in their originals).
>
> >Constrained as they might be, I wonder how many of these "ideal"
> >s-boxes there might be (in theory). The only percentage I have
> >heard so far was something like one out of 10,000 - probably too
> >few and far between to make random searching effective.
>
> Have you checked out my preliminary results? Partially ideal
> 8x8 sboxes are about 1 in a million, and I have yet to find
> fully idea 8x8 sboxes.
OK, I need to read more carefully :-)
My point is, it might be better to come up with an algorythm to
build the s-boxes to meet the criteria rather than totally at
random then test for the criteria.
In theory at least - any criteria you can test for, can be
created on build - although the programming required might
be ridiculously complex.
If it CAN be done, this could be revolutionary in key dependant
s-boxes. And, if it can't be, could explain my hiatus from
programming.
>
> Tom
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion
Network *
> The fastest and easiest way to search and participate in Usenet -
Free!
>
>
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 14 Jun 2000 14:02:03 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why the golden ratio?
Volker Hetzer wrote:
> It's got nothing to do with pi.
> It is (sqrt(5)-1)/2.
> You can check the result because 1/x = x+1.
> There is also an iterative algorithm to derive it
> but I've forgotten it.
Yes, yes, thats its definition. But I've seen once
a simple nifty equtation in some article in Mr.Dobbs,
so it is related to pi and e. I think thats the reason
for it being so popular.
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: Random sboxes... real info
Date: Wed, 14 Jun 2000 12:10:00 GMT
I don't see anything wrong with putting one part or another
under a microscope. Most of the progress in this field is
accomplished by dissecting constructions into thier parts,
looking for peculiarities in each part and then seeing if a
peculiarity will provide a weakness in the overall construction.
Also, he seems to be placing several parts under the microscope
this month - as you noticed, he is also seeing how these s-boxes
work in constructions (see your own last paragraph).
(Frankly I don't see how he covers so much ground in such
a short time)
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
In article <8i6iae$pi3$[EMAIL PROTECTED]>,
zapzing <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> tomstd <[EMAIL PROTECTED]> wrote:
> >
> > Have you checked out my preliminary results? Partially ideal
> > 8x8 sboxes are about 1 in a million, and I have yet to find
> > fully idea 8x8 sboxes.
>
> This is Sooo beating a dead horse, but here it
> goes anyway. You are only studying sboxes
> "under a microscope" not "in the wild".
> LPmax and DPmax are great and I'm sure they
> can give as good an estimate as any of how
> good an sbox is relative to other sboxes, but
> key dependent sboxes are quite different in
> that Linear and differential cryptography cannot
> be done in the normal way.
>
> Also your own experiments have verified that
> when sboxes are combined (as in a feistel)
> the results are often not predictable by
> the LPmax and DPmax measures you are using.
>
> --
> If you know about a retail source of
> inexpensive DES chips, please let
> me know, thanks.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: sci.math
Subject: Re: An interesting page on the Rabin-Miller PP test
From: [EMAIL PROTECTED] (Andrew John Walker)
Date: 14 Jun 2000 16:23:16 +1000
Robin Chapman <[EMAIL PROTECTED]> writes:
>In article <393db17a$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Andrew John Walker) wrote:
>>
>> Thanks, I don't fully understand the maths yet but it's good to
>> see a result! Would this line of reasoning work with forms such as
>p^2*q
>> or p*q*r?
>I expect so.
>> If eventually a general result could be found it would allow for much
>more
>> accurate estimates of how often this test produces non-witnesses for
>> a particular sized composite, forinstance by taking 100 50d numbers
>> and factoring them.
>I'm not so optimistic. The number of non-witnesses will depend
>quite strongly on the form of the number n, as pq or pqr or p^2 q etc.,
>and will also depend very strongly on how the primes p and q etc.
>interact. For instance in the pq case d = gcd(p-1, q-1) can be
>anything from 2 up to p-1, which may be of the order of sqrt(n).
I just checked the strong-pseudoprime section in the Prime Number
Records book (Ribenboim) and it gives a reference and statement of
the number of non-witnesses for ANY composite number, not just
the ver general forms I mentioned. The reference is
Monier. L., Theoretical Computer Science, 1980, V12 p97-108
This is quite a good paper comparing the Miller-Rabin and
Solovay-Strassen tests. Tomorrow I'll send the paper reference
to the web page's author!
Andrew Walker
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Why the golden ratio?
Date: Wed, 14 Jun 2000 12:41:55 +0000
Runu Knips wrote:
> Yes, yes, thats its definition. But I've seen once
> a simple nifty equtation in some article in Mr.Dobbs,
> so it is related to pi and e.
Could you find out?
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Updated: Evidence Eliminator Dis-Information Center
Date: 14 Jun 2000 13:06:21 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> On 13 Jun 2000 12:20:58 GMT, [EMAIL PROTECTED] (Richard Herring)
> wrote:
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> >> Let me remind you of one thing about cops. Do you know who it was who
> >> turned over all the Jewish children in France to the Nazis for
> >> extermination?
> >
> >I claim Godwin's Law. You lose. Nwo go away.
> "Godwin's Law of Nazi Analogies: As an online discussion grows longer,
> the probability of a comparison involving Nazis or Hitler approaches
> one."
> Well, I ignored this the first time you posted it,
It's news to me that I posted it more than once. Please supply the
Message-IDs, that I may refresh my failing memory.
> , but since you're
> an insistent little nazis, I'll take it up:
> It seems we have a holocaust deniers here. A rather trendy viewpoint
> of our amoral/immoral times. A history revisionist.
A curious deduction to make from my posting. Please explain the logic
behind it. While you're at it, perhaps you can explain just how
your outburst above is relevant to the science of cryptography,
PGP, firewalls, privacy or anonymous servers.
> The police in Europe, especially in France, fully helped the nazis
> with the rounding up and extermination of the Jews. Matter of fact,
> France is the only country which still has not admitted to the fact.
And this is relevant to cryptography, PGP, firewalls, privacy or
anonymous servers how?
> And with that, I won't indulge in further discussion with
> anti-semitic filth such as yourself.
Those are serious accusations. I hope they are founded on serious
evidence. Perhaps you'd be good enough to post the Message-IDs of
any articles you believe I have posted, in which you found this evidence?
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Wed, 14 Jun 2000 09:08:38 -0400
Reply-To: see.signature
"Douglas A. Gwyn" wrote:
>
> "Trevor L. Jackson, III" wrote:
> > "Douglas A. Gwyn" wrote:
> > > Tim Tyler wrote:
> > > > If the size of the program is constrained, a halting determination program
> > > > could be written which enumerates all programs of that size or shorter and
> > > > lists whether they halt or not.
> > > It "lists" them how?
> > Turing programs can be written as input to a UTM. Such inputs are a sequence of
> > ones and zeros, so they are an integer. The list is ordered by the respective
> > integer values.
>
> You missed the point -- *how* does it determine whether they halt?
Tim Tyler's original assertion was correct. Any problem within only a
finite number of instances is trivially solvable (I'm using the term in
a technical sense). Note that Tim said such a program "could be
written", which is true, but there was no implication that such a
program is easy to discover.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Wed, 14 Jun 2000 09:09:02 -0400
Reply-To: see.signature
"Douglas A. Gwyn" wrote:
>
> "Trevor L. Jackson, III" wrote:
> > "Douglas A. Gwyn" wrote:
> > > Tim Tyler wrote:
> > > > If the size of the program is constrained, a halting determination program
> > > > could be written which enumerates all programs of that size or shorter and
> > > > lists whether they halt or not.
> > > It "lists" them how?
> > Turing programs can be written as input to a UTM. Such inputs are a sequence of
> > ones and zeros, so they are an integer. The list is ordered by the respective
> > integer values.
>
> You missed the point -- *how* does it determine whether they halt?
Tim Tyler's original assertion was correct. Any problem within only a
finite number of instances is trivially solvable (I'm using the term in
a technical sense). Note that Tim said such a program "could be
written", which is true, but there was no implication that such a
program is easy to discover.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
Disclaimer: Views expressed here are casual comments and should
not be relied upon as the basis for decisions of consequence.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Application specific SBoxes in Blowfish?
Date: Wed, 14 Jun 2000 14:55:19 +0100
I appreciate that some ciphers (e.g. DES) rely on the structure of
the SBoxes for strength against linear or differential attacks. In
view of the fact that the Blowfish SBoxes and P-array are "random"
anyway, then can it hurt to make this application specific?
I guess a further question is: what's the best way of doing this?
Replace the original pi values of either (or both of) the S-Box or
P-Array? Do you have to replace all of the SBox / P-array or will a
certain fraction do?
My aim is to have a new version of Blowfish totally incompatible with
existing implementations....
TIA,
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
------------------------------
From: Don Barzini <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.firewalls,alt.privacy.anon-server,alt.privacy
Subject: Re: Updated: Evidence Eliminator Dis-Information Center
Date: Wed, 14 Jun 2000 10:02:57 -0400
[EMAIL PROTECTED] wrote:
>
> On 13 Jun 2000 12:20:58 GMT, [EMAIL PROTECTED] (Richard Herring)
> wrote:
>
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> >
> >> Let me remind you of one thing about cops. Do you know who it was who
> >> turned over all the Jewish children in France to the Nazis for
> >> extermination?
> >
> >I claim Godwin's Law. You lose. Nwo go away.
>
> "Godwin's Law of Nazi Analogies: As an online discussion grows longer,
> the probability of a comparison involving Nazis or Hitler approaches
> one."
>
> Well, I ignored this the first time you posted it, , but since you're
> an insistent little nazis, I'll take it up:
It's never been posted before on this thread. You were the first.
> It seems we have a holocaust deniers here. A rather trendy viewpoint
> of our amoral/immoral times. A history revisionist.
Where? I didn't see any.
> The police in Europe, especially in France, fully helped the nazis
> with the rounding up and extermination of the Jews. Matter of fact,
> France is the only country which still has not admitted to the fact.
What does this have to do with PGP and firewalls?
> And with that, I won't indulge in further discussion with
> anti-semitic filth such as yourself.
He didn't say ANYTHING to deserve this. Hope you have a good attorney
> PLONK!
Killfiles are for sissies.
>
> - Thistle -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
