Cryptography-Digest Digest #50, Volume #12 Sat, 17 Jun 00 16:13:01 EDT
Contents:
Re: Mixing Xor and Addition (Paul Schlyter)
Re: Mixing Xor and Addition (Paul Schlyter)
Re: Cipher design a fading field? (Paul Schlyter)
Re: Cipher design a fading field? (Paul Schlyter)
Re: Why the golden ratio? (John Savard)
Re: Announce: Catacomb 2.0.0 prerelease ([EMAIL PROTECTED])
Re: Announce: Catacomb 2.0.0 prerelease (tomstd)
Online Text Encryption ("Dan Coyle")
Re: Crypto patentability ("Paul Pires")
Re: XOR versur MOD (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: XOR versur MOD (tomstd)
Re: Flattening of frequency distributions (Guy Macon)
Re: Online Text Encryption (tomstd)
Re: Cipher design a fading field? ("John A. Malley")
New Hash Function (tomstd)
Re: Flattening of frequency distributions (Stefan Schlott)
Re: Flattening of frequency distributions (tomstd)
Re: Evidence Eliminator Dis-Information Center (Anonymous)
Weight of Digital Signatures (Greg)
Re: Evidence Eliminator Dis-Information Center (tomstd)
Re: Weight of Digital Signatures (tomstd)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Mixing Xor and Addition
Date: 17 Jun 2000 17:52:39 +0200
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> It's thought by some that mixing addition and xor operations is
> a good idea (and it is) because they are different group
> operations.
They're not that different -- as a matter of fact, XOR is nothing
but modulo-2 addition:
A B A+B mod 2 A xor B
0 0 0 0
1 0 1 1
0 1 1 1
1 0 0 0
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Mixing Xor and Addition
Date: 17 Jun 2000 17:54:34 +0200
Sorry -- my prior post on this had an error. Here's a corrected
version:
===================================================================
In article <[EMAIL PROTECTED]>,
tomstd <[EMAIL PROTECTED]> wrote:
> It's thought by some that mixing addition and xor operations is
> a good idea (and it is) because they are different group
> operations.
They're not that different -- as a matter of fact, XOR is nothing
but modulo-2 addition:
A B A+B mod 2 A xor B
0 0 0 0
1 0 1 1
0 1 1 1
1 1 0 0
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Cipher design a fading field?
Date: 17 Jun 2000 17:27:53 +0200
In article <[EMAIL PROTECTED]>,
John A. Malley <[EMAIL PROTECTED]> wrote:
> So what kind of language is English? Is there an algorithm that can
> decide is a string belongs to the English language? (As well as other
> human languages.)
No, there is no such algorithm. Even humans are sometimes unable to
agree on whether a particular sentence is English or not, so how could
we possibly construct an algorithm to determine this?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Cipher design a fading field?
Date: 17 Jun 2000 17:28:26 +0200
In article <[EMAIL PROTECTED]>,
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> English and other human languages aren't formally defined, so categorizing
> them precisely is not possible.
>
> Consider that excluding a particular class of strings from formal English
> would almost guarantee that poets, punsters, and comics would work the
> excluded area and find ways to incorporate the forbidden fruit into their
> material. If the writers managed to use the forbidden area to communicate
> with an audience it would be very difficult to defend the idea that the
> excluded area was not part of the language.
>
> We'd need to timestamp the language definition the way programming languages
> are time stamped by the date of their standards and fiat currency is time
> stamped by the date of its issuance (1970 USD versus 1999 USD and F66 versus
> F77).
Time-stamping is insufficient -- we would also need "space-stamping",
since English has a lot of geographical variation as well (e.g. US
English vs British English vs Canadian English vs Australian English
vs New Zealandian English vs Pidgin English...)
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Why the golden ratio?
Date: Sat, 17 Jun 2000 17:25:53 GMT
On Fri, 16 Jun 2000 09:27:06 +0200, Runu Knips <[EMAIL PROTECTED]>
wrote, in part:
>Runu Knips wrote:
>> AFAIK there is a simple equotation of pi, e, the golden
>> number, and 1, I don't remember it exactly but it was
>> really very simple.
>*blush*
>I was wrong. The equotation mentioned there in an old
>DrDobbs magazine was really e**(i*pi) + 1 = 0 :-((((
>*blush*
But as it turns out, Ramanujan *did* come up with an equation with the
golden ratio in it of the kind you described.
Incidentally, I explain e^(i*pi)=-1 on my web page now, at
http://home.ecn.ab.ca/~jsavard/other/ide01.htm
if anyone is curious...and wants a one-page introduction to
trignometry, logarithms, and differential calculus.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Announce: Catacomb 2.0.0 prerelease
Date: Sat, 17 Jun 2000 10:46:51 -0700
Is there any way to unpack .tar in Windows?
Joe Poe
Mark Wooding wrote:
> In spite of the lack of demand ;-) I've upgraded my Catacomb
> cryptography library, fixed bugs, added new ciphers, modes and other
> features (and new bugs, undoubtedly). There is now a prerelease of
> version 2.0.0.
>
> In the event that anyone's interested, you can fetch the prerelease from
>
> http://www.excessus.demon.co.uk/misc-hacks/#catacomb
>
> The library is mostly portable. System-specific bits are provided for
> Unix, although I suspect that implementing them for other systems isn't
> hard.
>
> The library is distributed in source form. Catacomb is free software;
> you may modify and/or redistribute it under the terms of the GNU Library
> General Public License.
>
> -- [mdw]
------------------------------
Subject: Re: Announce: Catacomb 2.0.0 prerelease
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 10:36:24 -0700
Get winzip
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: "Dan Coyle" <[EMAIL PROTECTED]>
Subject: Online Text Encryption
Date: Sat, 17 Jun 2000 12:51:59 -0500
www.psifre.com
I posted a message a couple of months ago on Chronometric Cryptography. And
talked about the project I was working on. Well I finished coding it and
though some of you might want to see it for yourselves. It's totally HTML,
and done through active server pages, so it can be accessed from any HTML
browser, and the code that performs the encryption/decryption is never
exported so it should be complient to any governmental laws on strong
encryption export, Especially after the relaxation of those laws took place
earlier this year.
If you do check it out Comments and Suggestions can be sent to
[EMAIL PROTECTED]
Thank you for your time
Dan Coyle
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Crypto patentability
Date: Sat, 17 Jun 2000 10:56:07 -0700
Even weirder,
An apparatus that a chicken wears asswise that marks the eggs so that each
chickens output can be counted in an automated farm :-) I wouldn't think
that dressing chickens was alot easier than counting their eggs.
The 19th century patents on electrical devices for treating sexual disorders
are particularly weird.
Paul
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Schneier's CRYPTO-GRAM reported in its recent issue an
> interesting fact about patents:
>
> Someone actually patented using a tattooed bar code to
> verify a person's identity.
>
> This reminds me that because of BSE risk cows in Germany are
> required to carry an identity tag that is attached to their
> ears.
>
> M. K. Shen
>
------------------------------
Subject: Re: XOR versur MOD
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Sat, 17 Jun 2000 18:04:19 GMT
> Your question does not contain enough information.
> XOR *is* bitwise modulo-2 addition.
5 xor u is equal to p
5 + u mod 256 is z
is there one better than the other beside xox being it's own inverse.
------------------------------
Subject: Re: XOR versur MOD
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 11:18:37 -0700
[EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=) wrote:
>
>> Your question does not contain enough information.
>> XOR *is* bitwise modulo-2 addition.
>
>5 xor u is equal to p
>
>5 + u mod 256 is z
What does this have todo with anything?
>is there one better than the other beside xox being it's own
inverse.
>
Depends.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Flattening of frequency distributions
Date: 17 Jun 2000 14:27:20 EDT
Mok-Kong Shen wrote:
>Exploiting knowledge of frequency distributions of plaintexts
>is one of the major tools of analysts in classical cryptology.
>Even if some modern ciphers are believed by many to be strong
>enough for direct encryption of natural language messages, I
>suppose it can nontheless be justifiable to do preprocessing
>to flatten the frequency distributions of single letters and
>n-grams, if one is conservative in matters of security.
In my opinion, one who is conservative in matters of security
should assume that the attacker has full access to everything
except the plaintext and key. He has your algorithms, he can
mount man in the middle attacks, chosen plaintext attacks, etc.
Thus the attacker knows your frequency distribution flattening
algorithm and reverses it right before he exploits his knowledge
of the frequency distributions of plaintexts. You gain very little.
------------------------------
Subject: Re: Online Text Encryption
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 11:25:35 -0700
Let's begin the snake oil attack..
"PSIFRE - pronounced (‘si-fur) - is a cryptographic algorithm
that uses, not only key size, but time as an enhancement to the
normal security of the data it encodes. Simply put all current
symmetric key algorithms are linear in nature. With the
addition of time, as an added dimension to the algorithm, for
the first time you have the option of determining the level of
security you wish to use to encrypt your data."
Which is essentially meaningless. Adding 'time' into symmetric
cryprography has been done before this is nothing new. Also
it's called a 'salt' not 'another dimension'. And another thing
is that not all symmetric key algorithms are "linear in nature"
that is just plain false. And how does adding a salt determine
the level of security?
"Current symmetric Algorithms use key size as the determining
factor in how secure the data has been encrypted, but PSIFRE
not only uses a 128 bit key, but it allows you to choose how
long you want your data to be encrypted. "
---
This is garbage aswell. If I assume a rate of 'x' keys per
second in a brute force attack, I can be fairly confident that a
n bit key will offer 2^n/x seconds of resistance. You can
estimate advances as well (doubling every 18 months, etc...).
Also your method (I don't even need to look at it to tell) will
not allow specific time constraints. You can't be sure of
computer advances so how can you say exactly how long it will
take to solve?
"All symmetric cipher’s start with a key, that ranges in size
from 40 to 2048 bits. PSIFRE starts by hashing the users’ key
into a 128 bit iteration key. It then prompts the user for a
period of time to encrypt the data. When the user enters the
data and then issues the command to encrypt it, PSIFRE begins a
looping pattern, reencrypting the data over and over again,
changing the iteration key after each iteration, until the time
period specified has elapsed. When this happens, PSIFRE merges
the first and last 128 bit iteration keys into one final key
that is appended to the data.
When a user wants to decrypt the data, he/she enters the data,
with the final key within it, and the same key with which data
was encrypted. The key the user enters, is used to extract the
Last iteration key used while encrypting the data. It then
works its way back to the original text by re-decrypting the
data over and over again until the iteration key is equivalent
to the key that the user entered to decrypt the message, at
which point PSIFRE stops decrypting the ciphertext and displays
the result."
---
This is pure garbage too. If your times are symmetric then a 50
year secret will take 50 years to make. This is obviously not
well thought through.
But it gets better
"What if someone attempts to decrypt the message, and fails to
enter the correct starting key? They will not only fail to
know how long the data has been decrypted, but they will have
started decrypting the data with the wrong key. Thus message
will not be decrypted properly. Not only that, but if the user
doesn’t decrypt the message for a long enough period of time,
they could stumble over the correct key, and still not decrypt
the message properly. This is what we feel prevents the brute-
force decryption of a PSIFRE encrypted message."
No deterministic process can prevent brute force, only delay it.
You obvioulsy are some type of snake oil peddler and I hope
nobody buys into your garbage.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Sat, 17 Jun 2000 11:35:47 -0700
Paul Schlyter wrote:
>
> In article <[EMAIL PROTECTED]>,
> John A. Malley <[EMAIL PROTECTED]> wrote:
>
> > So what kind of language is English? Is there an algorithm that can
> > decide is a string belongs to the English language? (As well as other
> > human languages.)
>
> No, there is no such algorithm. Even humans are sometimes unable to
> agree on whether a particular sentence is English or not, so how could
> we possibly construct an algorithm to determine this?
>
So we may conclude from the posted example that the algorithmic
ciphertext-only cryptanalysis of a substitution cipher is undecidable if
there is no algorithm to determine a candidate plaintext string is a
member of the language E (the English language.)
So here's an example of a cryptanalysis that's undecideable by an
algorithm. It's not the same as saying cryptanalysis is equivalent to
the halting problem, but we show (ciphertext only) cryptanalysis can be
undecideable.
John A. Malley
[EMAIL PROTECTED]
------------------------------
Subject: New Hash Function
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 12:10:00 -0700
I designed a 192-bit Hash function based on the bit sliced
operations from Threeway. The idea was to make a balanced
feistel structure and use it as hash. I essentially use a
variant (note this is where to attack!) of threeway (reduce to
one round) as the Feistel F function.
Inside the F function I perform three operations
1. Mix the round key
2. Rotate each of the three 32-bit words
3. Perform the substitution and add (modulo 2^32) to the other
three 32-bit words.
So it's ideal for 32-bit computers since all operations are done
on 32-bit words. The source is on my website at
http://tomstdenis.com/files/3hash.c
Along with all my TC collection of ciphers I will try to
document this one this summer (one exam left!!!).
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Stefan Schlott)
Subject: Re: Flattening of frequency distributions
Reply-To: [EMAIL PROTECTED] (Stefan Schlott)
Date: 17 Jun 2000 21:22:20 +0100
On Fri, 16 Jun 2000 19:28:09 +0200,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Exploiting knowledge of frequency distributions of plaintexts
>is one of the major tools of analysts in classical cryptology.
>(...)
>I should very much appreciate suggestions of other and
>better methods of flattening frequency distributions as
>well as discussions about them.
What about compression? Compression algorithms replace common
symbols with a short, and rare symbols with a long notation.
This should flatten your distributions (and reduce the amount
of data to be encrypted).
A problem, of course, is the notation of the translation table;
it will have a well-known format, which might lead to some kind
of a known-plaintext attack.
Stefan.
------------------------------
Subject: Re: Flattening of frequency distributions
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 12:24:02 -0700
[EMAIL PROTECTED] (Stefan Schlott) wrote:
>On Fri, 16 Jun 2000 19:28:09 +0200,
>Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>>Exploiting knowledge of frequency distributions of plaintexts
>>is one of the major tools of analysts in classical cryptology.
>>(...)
>>I should very much appreciate suggestions of other and
>>better methods of flattening frequency distributions as
>>well as discussions about them.
>What about compression? Compression algorithms replace common
>symbols with a short, and rare symbols with a long notation.
>This should flatten your distributions (and reduce the amount
>of data to be encrypted).
>A problem, of course, is the notation of the translation table;
>it will have a well-known format, which might lead to some kind
>of a known-plaintext attack.
You didn't solve the problem, just moved it. Biases in
relatively high entropy messages that your codec can't compress
will still show thru.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Crossposted-To:
alt.privacy,alt.privacy.anon-server,alt.security.pgp,comp.security.firewalls
Subject: Re: Evidence Eliminator Dis-Information Center
Date: Sat, 17 Jun 2000 19:56:37 GMT
From: Anonymous <[EMAIL PROTECTED]>
On 16-Jun-2000, Spammy tomstd <[EMAIL PROTECTED]> wrote:
> I can't phantom a reason why any compotent person would go about
> saying "I feel like wiping my hard disk today". Maybe you are
> just playing too much with your computer. I mean I could goto
> dos and type "FORMAT C:\" just to find out what it does... Or I
> Could not.
Format doesn't wipe anything. Go crawl under your rock again.
--------== Posted Anonymously via Newsfeeds.Com ==-------
Featuring the worlds only Anonymous Usenet Server
-----------== http://www.newsfeeds.com ==----------
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Weight of Digital Signatures
Date: Sat, 17 Jun 2000 19:52:13 GMT
WASHINGTON, June 16 -- The Senate voted unanimously
today to approve a bill that catapults electronic
commerce to a new level by allowing consumers and
businesses to sign contracts online and know that
their e-signature is just as binding as one in ink.
The bill, which passed 87 to 0, has already been
approved by the House and now goes to President
Clinton, who said today that he would sign it
into law.
Off topic a bit, but worth a mention. Kudos to all who have had any
hand in helping the government see the light (finally)...
--
Tyranny is kept at bay by guns and will. Our government
knows we have the guns, but they don't know if we have
the will. Nor do we.
The only lawful gun law on the books- the second amendment.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Evidence Eliminator Dis-Information Center
From: tomstd <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.privacy.anon-server,alt.security.pgp,comp.security.firewalls
Date: Sat, 17 Jun 2000 13:05:19 -0700
Anonymous <[EMAIL PROTECTED]> wrote:
>
>On 16-Jun-2000, Spammy tomstd <[EMAIL PROTECTED]>
wrote:
>
>> I can't phantom a reason why any compotent person would go
about
>> saying "I feel like wiping my hard disk today". Maybe you are
>> just playing too much with your computer. I mean I could goto
>> dos and type "FORMAT C:\" just to find out what it does... Or
I
>> Could not.
>
>Format doesn't wipe anything. Go crawl under your rock again.
Format writes a binary constant to every byte of every sector of
the HD. That's a pretty effective wipe if you ask me.
Unlike floppy drives hard disks are designed to have a very high
density. So there is little room for "magnetic" remininents of
the original data.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: Weight of Digital Signatures
From: tomstd <[EMAIL PROTECTED]>
Date: Sat, 17 Jun 2000 13:06:49 -0700
Greg <[EMAIL PROTECTED]> wrote:
>
>
> WASHINGTON, June 16 -- The Senate voted unanimously
> today to approve a bill that catapults electronic
> commerce to a new level by allowing consumers and
> businesses to sign contracts online and know that
> their e-signature is just as binding as one in ink.
>
> The bill, which passed 87 to 0, has already been
> approved by the House and now goes to President
> Clinton, who said today that he would sign it
> into law.
>
>Off topic a bit, but worth a mention. Kudos to all who have
had any
>hand in helping the government see the light (finally)...
Using what protocol? I think ECC is secure, but no RSA is
secure... how about DSA? What hash? I like TIGER but I think
SHA-1 is secure or perhaps RIPEMD or HAVAL...What PRNG shall we
use...and so on...
This is hardly a settled issue.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
