Cryptography-Digest Digest #708, Volume #12 Mon, 18 Sep 00 13:13:00 EDT
Contents:
Re: Questions about how to run a contest (Sylvain Martinez)
Re: Chosen and known attacks - are they possible ?? ("John A. Malley")
Re: A Degree in Encryption ("Sam Simpson")
Re: Double Encryption Illegal? ("root@localhost " <[EMAIL PROTECTED]>)
Re: wince encryption algorithm ("Martin Wolters")
Re: CDMA tracking (was Re: GSM tracking) (Jerry Coffin)
Re: Questions about how to run a contest (SCOTT19U.ZIP_GUY)
Re: One-way encryption ([EMAIL PROTECTED])
Re: Questions about how to run a contest (Sylvain Martinez)
Re: Hamming weight (Francois Grieu)
Re: Questions about how to run a contest (Sylvain Martinez)
Re: QUESTION ABOUT ALGORITHMS (Terry Ritter)
Re: More Bleh from a Blahish person. ;) (Terry Ritter)
Re: Chosen and known attacks - are they possible ?? (Runu Knips)
Re: Hamming weight (Terry Ritter)
----------------------------------------------------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: Re: Questions about how to run a contest
Date: Mon, 18 Sep 2000 14:04:42 GMT
> If you want to test your ciphers strength, you should surply the
>plaintext
> and the ciphertext and ask for the key. - This gives the attackers
>bigger
> opportunities.
Ok, so if I want to be serious about it I should give the original clear
text...
> But even with the plaintext and ciphertext it is extremely difficult
>(if you
> have written a good cipher) - Normally lots of plaintext/ciphertext
>pairs
> encrypted with *the same* key has to be used to break the cipher.
Ok, then I should give the original clear text for the 2 cipher files
provided for this contest.
Do we agree that if after that nobody can give me the key used to crypt
these 2 text that would probabely mean this algorithm is secure ?
(or at least not too bad !)
> (I guess it also depends on how willingly you'll let go of your 50
>pounds
> ;-) )
well... I am not too kind really ;o)
But I really want to know if this algorithm is :
really bad/ bad/ not too bad/ quite good
I am interested to work on any security holes that would be discovered
Not to make money, but just because I am really interested about this
field.
Cheers,
Sylvain.
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Chosen and known attacks - are they possible ??
Date: Mon, 18 Sep 2000 07:09:13 -0700
Guy Macon wrote:
>
> >> The models are frequently used to describe an attack form:
> >> - Ciphertext only
> >> - Known plaintext
> >> - Chosen plaintext
> >> - Chosen ciphertext
>
> Chosen ciphertext? What is that?
Eve gets to select a ciphertext and its corresponding plaintext. In some
way Eve gets access to the equipment used for decryption but not the key
used for decryption (maybe the key is embedded in the decryption
device). Eve then tries to figure out plaintext from different
ciphertexts using the insights she gains from known < plaintext,
ciphertext > pair(s) and relationships between the chosen ciphertexts.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: A Degree in Encryption
Date: Mon, 18 Sep 2000 15:11:05 +0100
Does country matter? ;)
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
Nasser Ismaily <[EMAIL PROTECTED]> wrote in message
news:8q382b$[EMAIL PROTECTED]...
> Hi
>
> I am looking for info as to what is the best, or proper university
to enroll
> for a phd in encryption. I have a degree in computer engineering
and
> currently working on MBA. I also have a ten yr working experience.
>
> Any help on this will be highly appreciated.
>
> Best Regards
>
>
>
>
------------------------------
From: "root@localhost <spamthis>" <[EMAIL PROTECTED]>
Subject: Re: Double Encryption Illegal?
Date: Mon, 18 Sep 2000 10:13:01 -0400
"Douglas A. Gwyn" wrote:
>
> PRdO wrote:
> > IMHO double encryption *does not* add security, i.e., double
> > encryption in 128-bit doesn't equal better encryption.
> > (since encryption uses random keys, "randoming" again the data
> > would not lead to more secure data).
>
> Wrong. If different keys are used for the two encryptions, the
> result is usually harder for an eavesdropper to crack than if
> just one of the two encryptions had been used. There is no
> randomness involved in either encryption.
He said that applying Ceaser cipher twice does not enhance security. He
was correct in that statement.
--
If children don't know why their grandparents did what they
did, shall those children know what is worth preserving and what
should change?
http://www.cryptography.org/getpgp.htm
------------------------------
From: "Martin Wolters" <[EMAIL PROTECTED]>
Subject: Re: wince encryption algorithm
Date: Mon, 18 Sep 2000 16:38:13 +0200
Runu Knips schrieb in Nachricht <[EMAIL PROTECTED]>...
>Why have they be deleted ???
I think because this way it's harder to compile
it, and verify it's correctness.
--
Whoso pulleth this linoleum knife out
of this Mailman is rightwise kingborn of england
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Mon, 18 Sep 2000 08:52:03 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> What is the exact behaviour during this periodic wakeup?
> Does it transmit or receive? Or does it just check a battery
> level and then go back to sleep?
IIRC, it receives, but does not normally transmit. If a law
enforcement agency wanted to track your location using this, it would
be quite difficult -- it only stays on for a short period of time,
and they'd have only its RFI to track...
> This has me rather curious. Is this function used to detect
> missed calls? What exactly is it doing?
It's mostly just keeping its list of "nearby" base stations up to
date and ensuring that its clock stays in sync -- without trying to
go into the details, CDMA phones can't work without keeping their
clocks in sync with the base station. Doing this periodic update
while the phone is turned off allows it to turn on almost immediately
without having to search for nearby base stations and sync up its
clock.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Questions about how to run a contest
Date: 18 Sep 2000 15:12:39 GMT
[EMAIL PROTECTED] (Sylvain Martinez) wrote in <8q50pf$6kq$[EMAIL PROTECTED]>:
> Hi,
>
>I am actually running a contest to crack a crypto algorithm but I would
>like to know if the information I give away is enough to check if the
>algorithm is secure or not.
>
>Here is the information I give:
>- Source code of the algorithm
>- Documentation
>- 2 crypted texts which have been crypted with the same key
>- size of the key that has been used
>- Nature of the original text.
>The contest is: find the 2 original texts.
>
I have run several contests. Most don't like it but I think
it depends on how much security you want to show. In my last contest
I give not only the source code but a PC executeable. THe contest was
for cash and lasted over a year. THere were two plain texts.
both where encrypted with same key. The first plain text and encrypted
text with the key was a gvien. All that was told about the
second plain text was that a fixed number of characters was changed in the
middle of the file. Also the encrypted output was provided except
for that last few bytes. THe contest was to find the last few bytes
or say what the changed characters were.
I doubt your system is secure enough for this kind of contest
since none of the weak AES ciphers could not mount a contest showing
this level of security. No random padding or any gimick was used.
In some contests like the IDEA contest it may be best to supply
a sample of plain test with corresponding cipher text and key,
But what you do is up to you.
>Is this enough to check the quality of a cryptography algorithm ?
>Maybe I should change this contest slightly and:
>- Also give the 2 original texts
>- Ask to find the key that has been used
>
>But wouldn't be too easy then ?
>Is this better to check the strength of a cryptography algorithm ?
>
>For more information please go to: http://www.bcrypt.com
>
>Regards,
>Sylvain.
>
>---
>Unix security administrator
>BUGS crypto project: http://www.bcrypt.com
>http://www.encryptsolutions.com
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: One-way encryption
Date: Mon, 18 Sep 2000 15:47:35 GMT
John A. Malley <[EMAIL PROTECTED]> wrote:
> Cryptix offers a free, clean-room version of the Java Cryptography
> Extension package with more algorithms readily available than Sun's JCE.
> It's Java source and classes. Read the FAQ at
On the other hand, MD5 and SHA-1 are both standard portions of the
Java 2 platform, so the task of encrypting passwords with either of
them is even easier. The problem with the original question is that
while comparisions of MD5/SHA-1 security, and password hashing
algorithms built on them are on topic, "How do I get the SHA-1 hash of
a String in java?" really belong in a java group, or spending five
minutes looking up the answer.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: Re: Questions about how to run a contest
Date: Mon, 18 Sep 2000 15:59:49 GMT
Ok, thanks for your ideas.
I will post the plain text of the 2 cipher texts tonight.
And change the contest to:
The winner would be the person who find the secret key used to
produce these cipher texts with the quickest and more generic
method.
Cheers,
Sylvain.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mack) wrote:
> > Hi,
> >
> >I am actually running a contest to crack a crypto algorithm but I
would
> >like to know if the information I give away is enough to check if the
> >algorithm is secure or not.
> >
> >Here is the information I give:
> >- Source code of the algorithm
> >- Documentation
> >- 2 crypted texts which have been crypted with the same key
> >- size of the key that has been used
> >- Nature of the original text.
> >The contest is: find the 2 original texts.
> >
> >Is this enough to check the quality of a cryptography algorithm ?
> >Maybe I should change this contest slightly and:
> >- Also give the 2 original texts
>
> A number of cipher text/plaintext pairs is nessessary for more
powerful
> crytological tools. I would suggest a set of cipher/plain text pairs
> and then one or two texts encrypted with the same key. The number of
> texts should be fairly large.
>
> >- Ask to find the key that has been used
>
> A better method is to ask to find the plaintext for a corresponding
> ciphertext. The key is sufficient to find them but not the only
> method.
>
> The best method is to award the prize to whomever comes up with
> the best attack. ie. if it reduces the complexity below the number
> of bits of the key to the lowest number of bits.
>
> >
> >But wouldn't be too easy then ?
> >Is this better to check the strength of a cryptography algorithm ?
>
> Yes this is an improvement.
>
> >
> >For more information please go to: http://www.bcrypt.com
> >
> >Regards,
> >Sylvain.
> >
>
> Mack
> Remove njunk123 from name to reply by e-mail
>
--
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Hamming weight
Date: Mon, 18 Sep 2000 18:14:57 +0200
"kihdip" <[EMAIL PROTECTED]> asked
> an exact definition of 'Hamming weight' ??
The Hamming weight of a bit string (or non-negative integer) is the
number of bits set in the string (or in the binary representation of the
non-negative integer).
The Hamming weight of the string 10001 is 2.
The Hamming weight of the integer 19 is 3.
The Hamming distance of two bit strings is the Hamming weight of their
exclusive-OR. This verifies the usual distance properties.
A fast, one-line C implementation (find how it works !)
int h(unsigned long x){int w;for(w=0;x;x&=x-1)w++;return w;}
Francois Grieu
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: Re: Questions about how to run a contest
Date: Mon, 18 Sep 2000 16:08:41 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
> I have run several contests. Most don't like it but I think
> it depends on how much security you want to show. In my last contest
> I give not only the source code but a PC executeable. THe contest was
> for cash and lasted over a year. THere were two plain texts.
> both where encrypted with same key. The first plain text and encrypted
> text with the key was a gvien. All that was told about the
> second plain text was that a fixed number of characters was changed in
the
> middle of the file. Also the encrypted output was provided except
> for that last few bytes. THe contest was to find the last few bytes
> or say what the changed characters were.
> I doubt your system is secure enough for this kind of contest
> since none of the weak AES ciphers could not mount a contest showing
> this level of security. No random padding or any gimick was used.
Interesting. I am not really sure either if my algorithm would resists
this sort of attack. But I'll try !
I will publish such files tonight. I won't be offering money for this
part of the contest though as I would first have to investigate a bit
more to know if it would be easy to find the solution.
> In some contests like the IDEA contest it may be best to supply
> a sample of plain test with corresponding cipher text and key,
> But what you do is up to you.
I'll do that tonight.
Cheers,
Sylvain.
--
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: QUESTION ABOUT ALGORITHMS
Date: Mon, 18 Sep 2000 16:33:21 GMT
On Mon, 18 Sep 2000 13:39:05 +0200, in <[EMAIL PROTECTED]>, in
sci.crypt Runu Knips <[EMAIL PROTECTED]> wrote:
>Melinda Harris wrote:
>> Can anyone tell me how to patent an algorithm. Where to go.
>
>Guess what - patent office.
>
>> What to sign and how much it costs???
>
>Well their formulas and it costs AFAIK much. I've heard
>60.000 deutschmarks for a europe-wide patent for a year.
>
>But if you want to patent a cryptographic algorithm, you're
>either a moron or an idiot. A moron if you want to sell
>to people what you know they can get for free, or an idiot
>if you think there are not already enough free algorithms.
>
>> Any response would be greatly appreciated
>
>Hardly. I've insulted you.
You may have insulted more than you know. For example, I currently
hold three (3) US patents on fundamental cryptographic technology.
Presumably others have patents as well.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: More Bleh from a Blahish person. ;)
Date: Mon, 18 Sep 2000 16:35:39 GMT
On Mon, 18 Sep 2000 10:59:05 +0200, in <[EMAIL PROTECTED]>,
in sci.crypt =?iso-8859-1?Q?H=E5vard?= Raddum <[EMAIL PROTECTED]>
wrote:
>Simon Johnson wrote:
>
>> Okay, try again... its obvious u've missed the question i'm trying to
>> ask (through my bad phrasing.)
>>
>> What i'm saying is this (not sure if this has been proven/disproven):
>> Every mapping of n bits to n bits has a function that will describe it.
>> Does this make any sense?
>>
>> So like: Say we wanted a 8x8 s-box. Instead of using a fixed table, we
>> could use an maths function. let F(X) = X + 1 mod 256. We take x and
>> compute F(X), F(X) then substitues x. If this doesn't make sense, i
>> give up ;)
>>
>> Okay, now what i was trying to ask was this:
>>
>> Does a function exist that can describe every s-box? If so, then some
>> of these functions must duplicate the *best* s-boxes one can produce.
>
>It sounds like you are looking for an algebraic expression for the
>function that an S-box is. Look at the n bits of input/output as elements
>in GF(2^n). By using Lagrange interpolation for example, you can produce
>a polynomial with degree at most 2^n-1 and coefficients in GF(2^n) that
>gives a mapping identical to the S-box mapping. If this is your question,
>then yes, every S-box, also the "good" ones can be described algebraically
We can, of course, also map from integers to permutations, and thus
step through every possible invertible S-box.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Date: Mon, 18 Sep 2000 18:37:26 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Chosen and known attacks - are they possible ??
kihdip wrote:
> In 'Communications Security for the Twenty-first Century: The Advanced
> Encryption Standard' Susan Landau explains different attack models.
> <http://www.ams.org/notices/200004/fea-landau.pdf>
>
> The models are frequently used to describe an attack form:
> - Ciphertext only
> - Known plaintext
> - Chosen plaintext
> - Chosen ciphertext
>
> Forgive my ignorance, but are the known and chosen attacks only teoretical
> ?? If not: How would an attacker get a chosen plaintext encrypted ??
Thats just everyday practice in crypto. You know what the attacker
has sended, at least partly. Read books about the Enigma was broken
in WW II and you'll agree that it is quite easy to make such attacks.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Hamming weight
Date: Mon, 18 Sep 2000 16:45:32 GMT
On Mon, 18 Sep 2000 14:38:36 +0200, in
<8q51uh$kea$[EMAIL PROTECTED]>, in sci.crypt "kihdip"
<[EMAIL PROTECTED]> wrote:
>Does anybody have an exact definition of 'Hamming weight' ??
>(and knowledge of what 'unit' to use - do you say 0,5 ; 50% or something
>else ??)
See, for example:
http://www.io.com/~ritter/GLOSSARY.HTM#HammingDistance
>Is a Hamming weight of 0,5 necessarily the goal for every cipher ??
See, for example:
http://www.io.com/~ritter/GLOSSARY.HTM#Balance
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
