Cryptography-Digest Digest #127, Volume #14 Thu, 12 Apr 01 10:13:00 EDT
Contents:
Re: Unnecessary operation in DES? (Lassi =?iso-8859-1?Q?Hippel=E4inen?=)
Re: Elliptic Curves (Paul Rubin)
asn encoding for rijndael (K. Ramachandran)
Re: How to use Dynamic Substitution (Mok-Kong Shen)
Re: "Good" file encrypt/decrypt utility wanted! (yomgui)
Re: I got accepted (Serge Vaudenay)
Re: Big Number (Dave Aronson at att dot net or big foot dot com)
Endianness of MARS ([EMAIL PROTECTED])
Re: Derived Key Generation (Niklas Frykholm)
Re: I got accepted ("Tom St Denis")
Re: Big Number ("Tom St Denis")
Hardening File encryption that use a shared key. (Ichinin)
Re: Hardening File encryption that use a shared key. (Ichinin)
digital signature for any file ("Thimo von Rauchhaupt")
Re: Elliptic Curves (Ronny Hansen)
Re: Between Silk And Cyanide - Identity checks. ([EMAIL PROTECTED])
Re: Big Number (Michael J. Fromberger)
Re: well kind of in response to a previous post. ("Ben Burge")
Re: I got accepted (Serge Vaudenay)
_"Good" school in Cryptography ("was" I got accepted) (kctang)
Re: Dynamic Substitution Question ("Trevor L. Jackson, III")
Re: Polymorphic encription ("dexMilano")
----------------------------------------------------------------------------
From: Lassi =?iso-8859-1?Q?Hippel=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: Unnecessary operation in DES?
Date: Thu, 12 Apr 2001 07:27:15 GMT
John Savard wrote:
<...>
> Also, if DES is used to encipher ASCII characters, it changes how the
> constant bits are located in the block.
I've heard this argument too, but referring to EBCDIC, not ASCII. In
EBCDIC, digits and first alphabets have lots of leading zero bits. Since
both Lucifer and EBCDIC came from IBM, the claim has some credibility.
-- Lassi
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves
Date: 12 Apr 2001 00:41:22 -0700
Look at the EC whitepaper at www.certicom.com.
------------------------------
From: K. Ramachandran <[EMAIL PROTECTED]>
Subject: asn encoding for rijndael
Date: Thu, 12 Apr 2001 08:42:52 GMT
when one uses CMS enveloping to exchange cryptograms the whole envelope
including the ciphertext is ans encoded as per the CMS specification. i want to
know if there is any standard for encoding if one uses only symmetric encryption
to exchange cryptograms. this would be specifically relevant if one uses DH for
a key exchange machanism. the nist site also does not give any conclusive
answer. the asn module at nist site only seems to encode the algo id and not the
ciphertext.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: How to use Dynamic Substitution
Date: Thu, 12 Apr 2001 11:16:38 +0200
"Henrick Hellström" wrote:
>
> Disregarding the patent issues, how should DS be applied should one choose
> to use it? It seems as if it, in its basic form, is not a that much stronger
> combiner than XOR.
[snip]
I suppose you could look at the matter as follows: XOR
is a substitution of 1-bit units. A general substitution
(in the classical sense) is a substitution of n-bit
units using a static table and hence is more general
than XOR. That there is enhancement of strength as n
gets bigger is obvious. To rigorously quantify that
relationship would however be difficult in general, I
guess. Changing the table as the processing goes on adds
more generality, thus further contributing to strength.
(This is an application of the principle of variability.)
Thus DS belongs to the class of dynamically changing
substitutions. It is to be noted that a FSM that takes
an input, changes its state and gives an output is a
dynamically changing substitution (the same input will
the next time gives a different output in general). FSM
is certainly prior art. Hence the patent could at most
lay claim on the change of a (proper) substitution
table, i.e. a one or two dimensional array in the terms
of programming languages, and clearly cannot cover the
'general' concept of a changing substitution as such.
Note that if one uses a block cipher and changes the
key, e.g. adds 1 to the key for each new block, one would
also have a dynamically changing substitution (a block
cipher of size n is a substitution of n bit units).
The patent further contains texts that seem to claim that
(the general idea of) combining two arbitrarily given
streams to produce another (presumably more complex)
stream is within its scope. That no patent can cover
such a general idea should be entirely evident. For
otherwise we wouldn't have, among others, stream ciphers
at all. (Also combining more than two streams is
commonplace, see e.g. the device of Wichmann and Hill.)
M. K. Shen
------------------------------
From: yomgui <[EMAIL PROTECTED]>
Subject: Re: "Good" file encrypt/decrypt utility wanted!
Date: Thu, 12 Apr 2001 10:47:50 +0100
free, small, cross platform, safe, simple, fast, open source.
http://bigfoot.com/~kryptyomic
kctang wrote:
>
> Hi,
>
> "Good" file encrypt/decrypt utility wanted!
> Any recommendations?
>
> Thanks,
> Tang
>
> PS. What is good? That depends.
>
> Might be it is free. Might be it is available
> "everywhere".
> Might be it is fast. Might be it is small.
> Should be "save"?
--
¥øµgüí
oim 3d - surface viewer - http://i.am/oim
kryptyomic - encryption scheme - http://bigfoot.com/~kryptyomic
------------------------------
Date: Thu, 12 Apr 2001 11:59:18 +0200
From: Serge Vaudenay <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Tom St Denis wrote:
> > For the weather, bikinis on the beach (by the Lake), the wine, the
> > ressources, I highly recommend to consider EPFL (Switzerland).
> > Particularly the communication systems division.
> > (See http://dscwww.epfl.ch)
> >
> > Serge Vaudenay
> > (Head of the Communication System Division)
> >
> > PS We do have a grad school. We do have open PhD positions.
> > (I have several ones in cryptography.)
>
> Tell you what. Ask the dean to accept me with a full scholarship and I will
> go for a ph.d.
>
> (BTW I am submitting a paper to SAC based on your Ideas in decorrelation
> theory :-) )
>
> Tom
I think that almost all foreign students who apply for a full
scholarship to
our graduate scholl and who are accepted get one.
Serge
------------------------------
From: Dave Aronson at att dot net or big foot dot com
Subject: Re: Big Number
Date: Thu, 12 Apr 2001 10:35:04 GMT
Tom St Denis wrote:
>
> "Jacques Thériault" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Can someone calculate this
> >
> > 65536 ^ 65536
> >
> > I espect the exponent to be over 300,000, but
> > I would like to know exactly
>
> that's only 2^(65536 + 16) or
> 6741140125499073402269065104704245437620185948532688284694491567674227070073
...
> 353660062078715275304608360023743724818495965619034760446319207568477725
Hrmph. Not sure if your intended number ends with 5, as shown in the
automatic quote-includer, or with 0, as shown in the window showing me your
message. Either one, though, is definitely wrong -- an integer ending in 6,
to any positive integer power, is going to end in 6. At least, assuming
you're using the decimal system.
Of course, I suspect that BOTH endings were mangled by Nutscrape, but....
--
Dave Aronson, Sysop of free public Fidonet BBS Air 'n Sun, +1-703-319-0714.
All the opinions above are MINE ALL MINE, but for rent at reasonable rates.
See my web site, at http://listen.to/davearonson (last updated 2001-03-26).
------------------------------
From: [EMAIL PROTECTED]
Subject: Endianness of MARS
Date: Thu, 12 Apr 2001 10:54:44 GMT
Hi all,
I'm trying to implement the MARS algoritm. Currently I'm trying to verify that my
expansion key
function really works. I have a test vector from IBM that goes like this:
KEYSIZE=128
PT=00000000000000000000000000000000
I=1
KEY=80000000000000000000000000000000
Expanded Key = [
7a690123 4a4cf6ee d1c145fd 4a929170 551a7316 d46b4d1f 6a68b2dd 52a45b5f
d99775e0 fbec331b 9879762b dbdb6103 b66dfcd5 560475c7 897923f4 cb157a67
be38b5d6 f5e2a20b db46b244 258e03fb 4e45dcc8 38a3bf7b b600f7b9 ce23f06b
b255f1c4 66fe13cb 3fa7323b e5168ed7 3c1ca161 ac63d7fb 50826e87 87b0e657
77f7012a c1e7aa83 79d936fc 56174f97 9f8f4547 c3901cc5 f32a2b2e c604c22b
]
CT=B3E2AD5608AC1B6733A7CB4FDF8F9952
If you know the MARS algorithm, you would know that the key is stored and accesed like
an array in the pseudocode. Thats, we have from k[0] to k[X], 4 <= x <= 14
My question is: How would key 80000000000000000000000000000000
lool like?
A) OPTION 1
k[0] = 0x80000000
k[1] = 0x0
k[2] = 0x0
k[3] = 0x0
B) OPTION 2
k[0] = 0x0
k[1] = 0x0
k[2] = 0x0
k[3] = 0x8
Any ideas?
Also, I would like to find some explanations to Brian Chapman's MARS code. I still
don't understand it. Anyone knows of a good document on the internet?
Thanks a lot
Pedro
------------------------------
From: [EMAIL PROTECTED] (Niklas Frykholm)
Subject: Re: Derived Key Generation
Date: Thu, 12 Apr 2001 08:08:11 +0000 (UTC)
In article <[EMAIL PROTECTED]>, pjf wrote:
>Greetings.
>
>I'm putting together a little cryptography library based on publicly
>available algorithms. One of the features I want to include, in
>addition to random key generation for the Symmetric Algorithm, is
>Derived Key Generation - The user enters some value, and the same key
[...]
>If I simply truncate (or mod) the 160 bits to 56 bits, will I run into
>lots of collisions between different input values?
No, this method is fine, but (if possible) you probably want more than
56 bits in the symmetric crypto.
For a good key derivation function you should also
a) iterate the hash to slow down brute force guessing
b) include a salt to prevent precomputation of keys
A possible scheme
K_0 = H(data || salt)
K_i = H(K_{i-1} || i)
The number of iterations could be a parameter to the function. Truncate
the final key to the desired length.
// Niklas
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Thu, 12 Apr 2001 11:21:02 GMT
"Serge Vaudenay" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
>
> > > For the weather, bikinis on the beach (by the Lake), the wine, the
> > > ressources, I highly recommend to consider EPFL (Switzerland).
> > > Particularly the communication systems division.
> > > (See http://dscwww.epfl.ch)
> > >
> > > Serge Vaudenay
> > > (Head of the Communication System Division)
> > >
> > > PS We do have a grad school. We do have open PhD positions.
> > > (I have several ones in cryptography.)
> >
> > Tell you what. Ask the dean to accept me with a full scholarship and I
will
> > go for a ph.d.
> >
> > (BTW I am submitting a paper to SAC based on your Ideas in decorrelation
> > theory :-) )
> >
> > Tom
>
> I think that almost all foreign students who apply for a full
> scholarship to
> our graduate scholl and who are accepted get one.
Sorry I was kidding. If you saw my high school marks you would laugh
yourself off your chair. I may know a tidbit of crypto but calculus and
algebra are all 60%'s....
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Big Number
Date: Thu, 12 Apr 2001 11:21:46 GMT
"Dave Aronson at att dot net or big foot dot com"
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "Jacques Thériault" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Can someone calculate this
> > >
> > > 65536 ^ 65536
> > >
> > > I espect the exponent to be over 300,000, but
> > > I would like to know exactly
> >
> > that's only 2^(65536 + 16) or
> >
6741140125499073402269065104704245437620185948532688284694491567674227070073
> ...
> > 353660062078715275304608360023743724818495965619034760446319207568477725
>
> Hrmph. Not sure if your intended number ends with 5, as shown in the
> automatic quote-includer, or with 0, as shown in the window showing me
your
> message. Either one, though, is definitely wrong -- an integer ending in
6,
> to any positive integer power, is going to end in 6. At least, assuming
> you're using the decimal system.
>
> Of course, I suspect that BOTH endings were mangled by Nutscrape, but....
First off I mean to write 2^(16)(65536) and I used maple to find the huge
number...
Tom
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Hardening File encryption that use a shared key.
Date: Tue, 10 Apr 2001 18:38:04 +0200
[If anyone is intrested]
http://www.geocities.com/ichinin/hardencryptofs.PDF
Comments, Linx & Papers on the subject = welcome.
Regards,
Ichinin
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Hardening File encryption that use a shared key.
Date: Tue, 10 Apr 2001 18:40:44 +0200
Ichinin wrote:
<an unexistant url>
GC are touchy...
http://www.geocities.com/Ichinin/hardencryptofs.PDF
------------------------------
From: "Thimo von Rauchhaupt" <[EMAIL PROTECTED]>
Subject: digital signature for any file
Date: Thu, 12 Apr 2001 14:08:06 +0200
*** post for FREE via your newsreader at post.newsfeeds.com ***
Greetings.
I wondered if there is a concept how to sign any file digitaly, so that it
is usable without seperating it from the signature. I´ve seen something like
this in XML files, where the signature is just a tag, that can be ignored.
Thimo
p.s.: sorry, if this is a "kindergarden-question". I´m just a newbie....
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 90,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Ronny Hansen <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves
Date: Thu, 12 Apr 2001 14:09:07 +0200
You can also take a look at:
http://www.tml.hut.fi/~helger/crypto/link/public/elliptic/
this page has alot of links to practically all aspects of ecc.
Ronny
Brice Canvel wrote:
> Hi,
>
> I am looking for a good introduction on elliptic curves and also maybe
> something a bit more detailed too once i have understood the generalitites
> of it. I did a search on Google but it came up with hundreds of pages and i
> thought one of you might have come across something good.
>
> Thank you,
>
> Brice.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Between Silk And Cyanide - Identity checks.
Date: 12 Apr 2001 12:11:05 GMT
> On Thu, 15 Mar 2001 14:11:27 GMT, Matthew GC
> <[EMAIL PROTECTED]> wrote, in part:
>>Marks mentions a method of creating identity checks for agents recruited
>>in the field. Lets say Alice is an agent for Bob and they use one time
>>pads (OTP) to communicate. Alice is behind enemy lines and trains Roger
>>(a Resistance member) to use OTP's and gives him some pads. Alice has an
>>identity check so that if caught and tortured by Gerald (the Gestapo)
>>Bob will know if their communication is compromised; such an identity
>>check might be to add 2 to the first letter in a grouping on an OTP and
>>three to the fifth and might also involve the omission of a specific
>>phrase ("I miss London", say).
>>But how does Alice give Roger an identity check that won't be
>>compromised even if Alice is caught by Gerald so that Roger can still
>>safely communicate with Bob? In other words Alice somehow gives Roger a
>>security check that even Alice doesn't know so she can't reveal it under
>>torture to Gerald.
How about this: Each OTP is accompanied with a message encrypted with
the OTP. Each message contains a unique identity check. Alice hands over
a bunch of OTP-message pairs to Roger, who then decrypts one on random,
thus gaining his identity check. If Alice hasn't decrypted all the
messages and memorized all the checks, she has no way of knowing Roger's
identity check. This method has the advantage that Bob can recruit new
agents on his own, as long as he has OTP's to spare.
For two-way validation, Bob can have his own unique identity checks, so
that when Roger first contacts Bob, Bob sees Roger's check and can
choose the correct one to use when responding. This method has the
problem that Gerard can use a captured OTP-message pair to insert a
double-agent into the network, unless Alice and Roger can withhold their
identity checks from Gerard and thus warn Bob that they have been
captured (one would assume that the recruiting agent has to at least
inform Bob of new recruits).
Note that this method relies on Alice not decrypting the messages she's
carrying around, or memorizing the OTP-message pairs.
-a
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: Big Number
Date: 12 Apr 2001 12:28:50 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED]
(=?ISO-8859-1?Q?Jacques_Th=E9riault?=) writes:
>Can someone calculate this
>65536 ^ 65536
>I espect the exponent to be over 300,000, but
>I would like to know exactly
Here:
http://linguist.dartmouth.edu/~sting/misc/power.txt
Cheers,
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
"De ce que fol pense souvent remaynt"
------------------------------
From: "Ben Burge" <[EMAIL PROTECTED]>
Subject: Re: well kind of in response to a previous post.
Date: Thu, 12 Apr 2001 08:37:46 -0500
don't think it sent first time sorry if it did......
If any one wishes to take a stab at this encoded text... it is good for
beginners- as I was able to crack it in under two days. I will be more than
happy to reply to any emails of people who wish to make sure they cracked
it.. or are just curious what methods I used... as I said it is very simple
and basic... so just have fun and why don't we do more of this type stuff
here?
V G S E U L Z K W U F G Z G O N G M V D G X Z A J U =
X U V B Z H B U K N D W V O N D K X D K U H H G D F =
N Z X U K Y D K V G U N A J U X O U B B S
X D K K G B P Z K D F N Y Z B U L Z .
that is the encoded text as I recieved it. Have fun.
Ben
--
[EMAIL PROTECTED]
http://ecaravan.250x.com
-I think therfore I am (Ergo Congito Sum)
-- Descartes
______________________________________________________________________
Posted Via Uncensored-News.Com - Still Only $9.95 - http://www.uncensored-news.com
With Seven Servers In California And Texas - The Worlds Uncensored News Source
------------------------------
Date: Thu, 12 Apr 2001 15:34:09 +0200
From: Serge Vaudenay <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Serge Vaudenay wrote:
> I think that almost all foreign students who apply for a full
> scholarship to
> our graduate scholl and who are accepted get one.
To be more precise about our graduate school:
- topics is "communication systems" in general
- most of students are foreigners
- courses are in English (area is the French speaking part of CH)
- once application is accepted, scholarship is not usually a problem
- applications for the next academic year (Oct01-Jul02) starts NOW!
- information on http://dscwww.epfl.ch/EN/graduate/default.asp
- bikinis are less than 1km away (say from May to September)
- ski trails are less than 1h away (say from December to April)
- good food and wine available (France is 5km away...)
Did I do my job well?
Serge
------------------------------
From: kctang <[EMAIL PROTECTED]>
Subject: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 21:44:16 +0800
Dear all,
"Good" school in Cryptography wanted.
Any recommendations?
Thanks,
kctang (for TOM)
PS
What is good? That depends.
Might be the reputation is good.
Might be the scholarship is good.
Might be the tuition fees are good.
Might be the quality is good.
Might be the schoolmates are good.
Might be the supervisor is good.
Might be the school let you copying something and allow you
to graduate. This is good!
This was everything that TOM wanted to know but was afraid to
ask. Stop pretending ok?!
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Thu, 12 Apr 2001 14:03:57 GMT
newbie wrote:
> Did you compare the result with OTP?
> Has someone independant of the inventor measure DS and OTP?
What property of the system do you want measured? The throughputs are
approximately the same, typically being dominated by the IO. The key
distribution of DS is far simpler that that of OTP.
------------------------------
From: "dexMilano" <[EMAIL PROTECTED]>
Subject: Re: Polymorphic encription
Date: Thu, 12 Apr 2001 16:08:10 +0200
obviously the reference is foggy and smoky.
I like the idea.
I don't think theyr are relating to evolution of sobstitution table, RC4 for
example alread did it.
but I've no idea of what they're doing
dex
"Mok-Kong Shen" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:[EMAIL PROTECTED]...
>
>
> dexMilano wrote:
> >
> > I think this could be an interesting thread:
> >
> > http://www.securitywatch.com/newsforward/default.asp?AID=6827
>
> The available information is extremely meager and vague
> in my humble opinion. All that I could discern is that
> one exploits the principle of variability somehow
> extensively. BTW, this maybe an interesting side-question
> in view of another current thread: Does it employ a
> substitution table that gets changed dynamically?
>
> M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
