Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #14 Tue, 10 Apr 01 18:13:00 EDT
Contents:
Re: Dynamic Substitution Question (Mok-Kong Shen)
SHA256 VB Implementation ("Phil Fresle")
Re: Dynamic Substitution Question (newbie)
Re: Would dictionary-based data compression violate DynSub? (David Formosa (aka ?
the Platypus))
Re: Would dictionary-based data compression violate DynSub? (Mok-Kong Shen)
Bleichenbacher Attack on DSA ("vert")
Re: Delta patching of encrypted data (those who know me have no need of my name)
Re: Steganography with natural texts (Joe H Acker)
Re: Steganography with natural texts (John Bailey)
Re: Current best complexity for factoring? (=?iso-8859-1?Q?Claus_N=E4veke?=)
Frobenius map over q-adic integers (Ian Goldberg)
Re: Is this a block cipher? (John Savard)
2001 USENIX Annual Technical Conference (Becca Sibrack)
AES Inverse trick (alex)
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Dynamic Substitution Question
Date: Tue, 10 Apr 2001 21:14:40 +0200
John Savard wrote:
So I don't think anything involving a "virtual" table - unless the
virtual table is a subterfuge for something that can be achieved by
manipulating individual entries - can be considered novel. And if you
manipulate individual entries directly, the normal result is that you
can reach any state of the table - this is nowhere said in his patent,
but it is a useful litmus test to determine if individual entries are
really involved or not.
If the table is a substitution table (each column being
a permutation), dynamic change of the content of the
table is presumably the proper scope of DS. It could not
cover cases of other 'kinds' of tables (also dynamically
changed) and cases where there is no table at all, e.g.
xoring or adding two byte streams together (modulo 2^8)
to obtain a new stream or adding the outputs of a number
of PRNGs to get a combined stream (device of Wichmann
and Hill), which the text of the patent however seems
to claim to be within its scope.
M. K. Shen
--
From: "Phil Fresle" [EMAIL PROTECTED]
Subject: SHA256 VB Implementation
Date: Tue, 10 Apr 2001 20:36:06 +0100
Reply-To: "Phil Fresle" [EMAIL PROTECTED]
I have uploaded VB and VBScript implementations of SHA256 onto my web site
http://www.frez.co.uk
--
From: newbie [EMAIL PROTECTED]
Subject: Re: Dynamic Substitution Question
Date: Tue, 10 Apr 2001 15:33:20 -0300
It is not a good solution Dynamic Substitution as presented by Ritter.
It contains a very big hole.
You have just to analyze it carefully.
Using the combiner DS, reveal the sequence of the keystream.
Just try to analyze it before talking about claiming.
Claiming of what?
Something completely wrong.
Mok-Kong Shen wrote:
John Savard wrote:
So I don't think anything involving a "virtual" table - unless the
virtual table is a subterfuge for something that can be achieved by
manipulating individual entries - can be considered novel. And if you
manipulate individual entries directly, the normal result is that you
can reach any state of the table - this is nowhere said in his patent,
but it is a useful litmus test to determine if individual entries are
really involved or not.
If the table is a substitution table (each column being
a permutation), dynamic change of the content of the
table is presumably the proper scope of DS. It could not
cover cases of other 'kinds' of tables (also dynamically
changed) and cases where there is no table at all, e.g.
xoring or adding two byte streams together (modulo 2^8)
to obtain a new stream or adding the outputs of a number
of PRNGs to get a combined stream (device of Wichmann
and Hill), which the text of the patent however seems
to claim to be within its scope.
M. K. Shen
--
From: [EMAIL PROTECTED] (David Formosa (aka ? the Platypus))
Subject: Re: Would dictionary-based data compression violate DynSub?
Reply-To: [EMAIL PROTECTED]
Date: Tue, 10 Apr 2001 19:36:05 GMT
On Mon, 09 Apr 2001 12:08:45 +0200, Mok-Kong Shen
[EMAIL PROTECTED] wrote:
"David Formosa (aka ? the Platypus)" wrote:
[...]
Ok that helps.
For your information, Algorithm M is deterministic,
so it can be undone/reversed, if wanted.
Just because it is deterministic doesn't mean it can be undone.
x^y mod p is almost impossable to undo for the correct x and p.
--
Please excuse my spelling as I suffer from agraphia. See
http://dformosa.zeta.org.au/~dformosa/Spelling.html to find out more.
Free the Memes.
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Would dictionary-based data compression violate DynSub?
Date: Tue, 10 Apr 2001 22:04:37 +0200
"David Formosa (aka ? the Platypus)" schrieb:
Mok-Kong Shen[EMAIL PROTECTE
Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #13 Wed, 8 Nov 00 12:13:01 EST
Contents:
Re: "Software TEMPEST" explained (Mack)
Re: "Software TEMPEST" explained (Mack)
Re: Random Number Newsgroup (Mack)
Re: Hardware RNGs (Alan Rouse)
Re: hardware RNG's (Alan Rouse)
Re: Hardware RNGs (Mack)
Re: Randomness from key presses and other user interaction (Mack)
Re: MORE THAN FULLY BIJECTIVE ! (SCOTT19U.ZIP_GUY)
Going to NESSIE (Mack)
Re: algorithms before 1939 (Erik Runeson)
Re: Randomness from key presses and other user interaction ("Frog2000")
Re: Updated XOR Software Utility (freeware) Version 1.1 from (Scott Craver)
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile (Scott Craver)
Re: hacker...beware ("jdm")
Re: Purported "new" BXA Encryption software export restrictions ("CMan")
From: [EMAIL PROTECTED] (Mack)
Subject: Re: "Software TEMPEST" explained
Date: 08 Nov 2000 13:58:09 GMT
On Thu, 19 Oct 2000 13:09:05 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
On Wed, 18 Oct 2000 12:13:52 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
I've revised the page since this posting to point out that I'm
discussing a very simplistic scheme, that falls far short of the
sophistication of the measures discussed in the paper by Markus Kuhn
and Ross Anderson.
Having added a second illustration of my simplistic scheme, I'm now
starting to wonder if it has been actually used, as I vaguely recall
seeing a computer display that looked sort of like it, on some TV
science-fiction or gadget spy show.
John Savard
John,
Went there, but nothing "Tempest" jumped out at me though
much worthy there as well. Did I miss it?
Andrew
http://home.ecn.ab.ca/~jsavard/crypto.htm
Hey ... It is gone ...
It was there ... where did it go?
Mack
Remove njunk123 from name to reply by e-mail
--
From: [EMAIL PROTECTED] (Mack)
Subject: Re: "Software TEMPEST" explained
Date: 08 Nov 2000 14:02:14 GMT
On Thu, 19 Oct 2000 13:09:05 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
On Wed, 18 Oct 2000 12:13:52 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
I've revised the page since this posting to point out that I'm
discussing a very simplistic scheme, that falls far short of the
sophistication of the measures discussed in the paper by Markus Kuhn
and Ross Anderson.
Having added a second illustration of my simplistic scheme, I'm now
starting to wonder if it has been actually used, as I vaguely recall
seeing a computer display that looked sort of like it, on some TV
science-fiction or gadget spy show.
John Savard
John,
Went there, but nothing "Tempest" jumped out at me though
much worthy there as well. Did I miss it?
Andrew
http://home.ecn.ab.ca/~jsavard/crypto.htm
found it
It is listed as Hardware Security
which is kind of misleading
for software tempest protection
the full link is
http://home.ecn.ab.ca/~jsavard/crypto/mi0606.htm
Mack
Remove njunk123 from name to reply by e-mail
--
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Random Number Newsgroup
Date: 08 Nov 2000 14:03:56 GMT
Mok-Kong Shen [EMAIL PROTECTED] wrote:
Does anyone know how the new random number newsgroup is coming along? I
haven't heard anything since I (and other voters) were notified that the
vote was to establish a newsgroup dealing with random numbers.
We have since quite a time sci.crypt.random-numbers.
It passed 134:12 on 29 March 2000, the control message was sent on 3
Apr 2000. I wouldn't feel left out if you don't get it, however, it
never showed up here, either.
You should be able to have your isp add it painlessly though, by
pointing out that it passed the vote and is in the isc active file.
--
Matt Gauthier [EMAIL PROTECTED]
deja.com also carries and archives it if you want to see
the old postings
Mack
Remove njunk123 from name to reply by e-mail
--
From: Alan Rouse [EMAIL PROTECTED]
Subject: Re: Hardware RNGs
Date: Wed, 08 Nov 2000 13:56:33 GMT
Benjamin Goldberg wrote:
This seems to be a very stupid thing to do; It would be far more
intelligent to calculate the amount of bias...
So sorry to have disappointed you with my stupidity. I was merely
illustrating a point, not proposing a system design.
There are a lot of people who think that if you take something with
limited randomness(like a password, or a few bytes of digitized sound)
and generate a 160-bit message digest from it, you effectively have 160
bits of cryptographic security. I am not one of those people, and
apparently you are not either.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Alan Rouse [EMAIL PROTECTED]
Subject: Re: hardware
Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #12 Wed, 28 Jun 00 03:13:01 EDT
Contents:
Re: Certificate authorities (CAs) - how do they become trusted (jungle)
Re: simple crypting (jungle)
Comment/Analysis requested Password to RawBinarykey method... (Jay Summet)
Re: Variability of chaining modes of block ciphers ("Scott Fluhrer")
Re: scramdisk and e4m security problem? (Mack)
Does anyone have code for generating primitive polynomials? (Mack)
Re: Idea or 3DES (Jim Gillogly)
Bug in reference implementation (Runu Knips)
From: jungle [EMAIL PROTECTED]
Subject: Re: Certificate authorities (CAs) - how do they become trusted
Date: Wed, 28 Jun 2000 01:10:34 -0400
[EMAIL PROTECTED] wrote:
In doing a bit of research on internet security I naturally came
across "Certificate authorities (CAs)" (ie: Verisign, twaite, etc) ...
can anyone tell me (or give me a URL) from where these companies get
*their* certification - who says they are 'trusted'
themselves ...
trusted ? no way ...
the trust warranty is about a nickel ...
--
From: jungle [EMAIL PROTECTED]
Subject: Re: simple crypting
Date: Wed, 28 Jun 2000 01:16:14 -0400
for fun ? no ...
for profit ? maybe ...
for fame ? could be ...
start by offering, say $10,000.00, you may be lucky ...
[EMAIL PROTECTED] wrote:
if i post e crypted message here...
is there anyone here who could decrypt it?
--
From: Jay Summet [EMAIL PROTECTED]
Subject: Comment/Analysis requested Password to RawBinarykey method...
Date: Tue, 27 Jun 2000 22:17:38 -0700
Hello,
I have implemented a (JAVA) class that is designed to store a String using
Blowfish and DESede (TripleDES) in combination. (Xor message with random
pad, encrypt pad with one, encrypt messageXORpad with other, must decrypt
both to retrieve message... [ciphertext is double size of message] )
This is somewhat straightforward. However, I am generating a key based
upon a user inputed pass phrase. I want a different (binary/raw key) for
each algorithm (2 different keys from the same passphrase).
So, I built my own String - raw binary array of bits/bytes method, using
hash functions (MD5 and SHA, one for each cipher). A link to direct source
code is provided at end of post, here is the overview.
We take the passphrase, and give it to the hash (say MD5). We get a hash
value out. We use the first byte of the hash value to index into the hash
value ("randomly") and use that byte as the first byte of our key.
To generate the next byte of our key, we make a new MD5 hash, and as input
give it:
1. the key so far (ie, 1 byte first time, 2 bytes second time, etc)
2. The original passphrase.
3. Another byte selected from the hash (indexed by the second byte of the
hash this time, so it may be different from the last byte selected for the
key, or it may be the same...)
We repeat this until the bytes of the key are filled up (24 for DESede, 56
for blowfish). (one version uses MD5, one version uses SHA1)
*I* think that this is a secure way to convert a user supplied passphrase
into a "good" (ie, random looking) key.
Am I right?
Source code is at:
http://www.summet.com/jdiary/EncryptedStringStorage.java
The methods to look at are: generateBlowfishKey and generateTripleDESKey
I'm not as worried about the actual encryption and decryption steps, but
if you want to look at them and see if I'm doing anything stupid there I
certainly wouldn't mind finding out about it!
Thanks,
Jay Summet
--
From: "Scott Fluhrer" [EMAIL PROTECTED]
Subject: Re: Variability of chaining modes of block ciphers
Date: Tue, 27 Jun 2000 22:12:57 -0700
Mok-Kong Shen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Mark Wooding wrote:
Mok-Kong Shen [EMAIL PROTECTED] wrote:
Mark Wooding wrote:
Mok-Kong Shen [EMAIL PROTECTED] wrote:
Scott Fluhrer wrote:
[snip]
You are distorting the discussion context. We are discussing the
possibilities to obtain some improvements upon a given cipher with
some chaining modes, not discussing using two or more ciphers.
I think that Scott is trying to say that if you're not happy with
your
cipher's security, you're best off preprocessing with another cipher
rather than playing with fancy chaining modes.
That's right. Hence my answer to him.
But your answer doesn't address his point.
The point is that you're using the wrong fix. The right fix is a good
cipher. Use one.
You snipped out what Scott Fluhrer worte and then provided the wrong
argument. Here is what he wrote before my sentences quoted above:
The argument appears to have wandered over to what I meant. Let me settle
the argument: I did not initially mean anything nearly as intellegent as
what Mr. Wooding ascribed to me (that is,
Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #11 Mon, 14 Feb 00 15:13:02 EST
Contents:
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Guy Macon)
Re: Predicting the next random number (Guy Macon)
Re: Large Floating Point Library? ("Trevor Jackson, III")
Re: help DES encryption (John Myre)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ([EMAIL PROTECTED])
Re: Does the NSA have ALL Possible PGP keys? ("Al Manint")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ("Dave VanHorn")
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Bob Silverman)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ([EMAIL PROTECTED])
Re: Which compression is best? (Toby Kelsey)
Re: Guaranteed Public Key Exchanges (Mike Rosing)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Mike Andrews)
Re: Large Floating Point Library? (Mike Rosing)
Re: Does the NSA have ALL Possible PGP keys? (James Felling)
Re: New standart for encryption software. (Albert P. Belle Isle)
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: Quastion about RSA function. Help (Mike Rosing)
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: Which compression is best? (Tim Tyler)
Re: UK publishes 'impossible' decryption law (zapzing)
Re: Does the NSA have ALL Possible PGP keys? (Jim)
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: 14 Feb 2000 11:16:43 EST
In article 889455$ivh$[EMAIL PROTECTED], [EMAIL PROTECTED] (Bob Silverman) wrote:
In article 888hp2$6sp$[EMAIL PROTECTED],
I wonder how long it'll take them to notice...Hhhm, would you
trust RSA with your data security now? ;)
Will anyone trust YOU now???
Our website address is www.rsasecurity.com and has been so
for some time. www.rsa.com is no longer a valid URL.
Is this what I can expect if I become an RSA customer?
No admisssion of fault and lame attempts to cover up
security breaches? You should put a full disclosure about
exactly how you screwed up on your website and you should
stop trying to blow smoke up my ass about who owns www.rsa.com.
BTW, I found the link "RSA Laboratories Unveils Innovative
Countermeasure To Recent Denial of Service Hacker Attacks"
to be particularly clueless. Yahoo and Ebay can already
set their servers to ignore traffic from the attacking sites
without RSA's "Innovative" help. The problem is that
rejecting the traffic uses up resources. You folks are
addressing the wrong problem.
Are you really a mole who is trying to drive customers to PGP?
--
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Predicting the next random number
Date: 14 Feb 2000 11:19:12 EST
In article [EMAIL PROTECTED], [EMAIL PROTECTED]
(John Savard) wrote:
On Mon, 14 Feb 2000 08:16:39 GMT, [EMAIL PROTECTED] wrote, in part:
Hey, I was just curious, but if someone came up with a way to predict
the numbers from ANY pseudo random number generator, would the NSA
come and take them away for some reason that I can currently fathom???
They'd have to stand in line behind Las Vegas.
John Savard (teneerf -)
http://www.ecn.ab.ca/~jsavard/index.html
I was under the impression that Las Vegas never uses Pseudorandom.
--
Date: Mon, 14 Feb 2000 11:27:40 -0500
From: "Trevor Jackson, III" [EMAIL PROTECTED]
Subject: Re: Large Floating Point Library?
Clockwork wrote:
There are numerous large integer libraries, but does anyone know of a large
floating point library?
There are several packages that implement quad-precision floating point values.
Some use paired doubles and can represent numbers such as 1+1e-200 and others
simply provide a wider mantissa.
A search for "quad" should turn up several such libraries.
--
From: John Myre [EMAIL PROTECTED]
Subject: Re: help DES encryption
Date: Mon, 14 Feb 2000 09:33:57 -0700
"Douglas A. Gwyn" wrote:
Paul Koning wrote:
NIST publishes a book that spells out a detailed set of validation
procedures, including some that will help isolate problems.
It's NIST Special Publication 800-17, "Modes of Operation Validation
System (MOVS): Requirements and Procedures". ...
Which unfortunately is not available in on-line format;
it can be ordered in printed form.
What's wrong with 800-17.pdf at the same site as below?
A similar document for 3DES *is* available on line:
http://csrc.nist.gov/nistpubs/800-20.pdf
J.M.
--
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Mon, 14 Feb 2000 16:39:48 GMT
Bob Silverman seems t
Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #10 Fri, 27 Aug 99 14:13:02 EDT Contents: Re: NEW THREAD on compression Re: (fwd)Factorization of RSA-155 (DJohn37050) Re: 512 bit number factored (DJohn37050) Re: 2 person data exchange - best method? (Anton Stiglic) Re: 512 bit number factored (Anton Stiglic) Re: 512 bit number factored (Jean-Jacques Quisquater) Re: CryptoAPI (Greg) Re: NEW THREAD on compression (SCOTT19U.ZIP_GUY) Re: 512 bit number factored (Boudewijn W. Ch. Visser) Re: Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY) Re: receiving a piece of message (SCOTT19U.ZIP_GUY) RE: receiving a piece of message (SCOTT19U.ZIP_GUY) How to apply for security clearance? ([EMAIL PROTECTED]) Re: 512 bit number factored (Paul Koning) Re: passphrases (Justin Scribner) Re: Where to find (SCOTT19U.ZIP_GUY) Re: Can americans export crypto when in another country? (John) Re: Can americans export crypto when in another country? (Medical Electronics Lab) Re: 512 bit number factored (David A Molnar) Re: Can americans export crypto when in another country? (John) Re: Can americans export crypto when in another country? (John) Re: Can americans export crypto when in another country? (wtshaw) Re: 512 bit number factored (Boudewijn W. Ch. Visser) Re: Key to Ciphertext Ratio's (wtshaw) Re: How to apply for security clearance? (Jean-Jacques Quisquater) From: [EMAIL PROTECTED] () Subject: Re: NEW THREAD on compression Date: 27 Aug 99 14:20:00 GMT Mok-Kong Shen ([EMAIL PROTECTED]) wrote: : You are considering using compression as sort of encryption. But : I am adopting the (I suppose) more common view that compression and : encryption are orthogonal. Compression helps the encryption but : I assume that, once the analyst correctly decrypts by using the : correct key, properly doing decompression is no problem for him. Granting that last assumption, which _is_ a proper assumption, it still makes it easier to find that correct key if there are _any_ biases in the compressed text. Compression is _not_ a secure form of encryption, but it can be tailored to provide the maximum possible assistance to encryption by providing the fewest possible identifiable plaintext characteristics for a ciphertext-only attack to operate on. : Yes, this works if the sole purpose is compression/decompression. : But if this stuff is encrypted and decrypted back with a wrong key, : you wouldn't have the proper length information. This, according : to Mr. Scott's reasoning, is bad, because it immediately tells him : that the key he has employed is wrong. At least one has to go through the whole message, from start to finish, to find that the wrongly deciphered message has ended in the middle of a symbol. But I'll think about it and see if I can do better. John Savard -- From: [EMAIL PROTECTED] (DJohn37050) Subject: Re: (fwd)Factorization of RSA-155 Date: 27 Aug 1999 15:20:26 GMT There are also comments on factoring RSA 155 on www.certicom.com Don Johnson -- From: [EMAIL PROTECTED] (DJohn37050) Subject: Re: 512 bit number factored Date: 27 Aug 1999 15:22:53 GMT Also look at http://www.certicom.com/press/rsa-155.htm for more analysis of the results. Don Johnson -- From: Anton Stiglic [EMAIL PROTECTED] Subject: Re: 2 person data exchange - best method? Date: Fri, 27 Aug 1999 11:26:36 -0400 A pseudo random function generator PRFG. Alice and Bob pick a function f() from a PRFG, when they are seperated and want to authenticate themselves, say Alice picks a random value x, gives it to Bob and Bob computes f(x) and gives this back to Alice. Alice and Bob do this several times, to the point of view of Oscar, f(x) seems random. And even if he collects x1,f(x1), x2,f(x2), ... xn, f(xn), this doesn't help him to compute f(x) from x (if x is different from x1, x2, .., xn), and doesn't help him to authenticat himself to Alice beacause Alice picks her x at random (doing it a couple of times, you can get great probability that she doesn't stumble on an x that was already sent to Bob). You could think of a man in the middle attack, where Oscar, wanting to authenticat himself as Bob to Alice, gets the x from Alice and asks Bob to compute the answer, but Bob should only answer questions if _he_ is the initiator of the scheme. You should be carefull here. Anyways, it's not trivial, but I hope I have gave you some ideas for you to further research on as -- From: Anton Stiglic [EMAIL PROTECTED] Subject: Re: 512 bit number factored Date: Fri, 27 Aug 1999 11:42:23 -0400 DJohn37050 wrote: Also look at http://www.certicom.com/press/rsa-155.htm for more analysis of the results. Don Johnson I guess you ment: http://www.certicom.com/press/RSA-155.htm
Cryptography-Digest Digest #121
Cryptography-Digest Digest #121, Volume #9 Mon, 22 Feb 99 13:13:02 EST
Contents:
Re: Testing Algorithms (Patrick Juola)
Crypt for FTP Protocol ([EMAIL PROTECTED])
rfc1319 algorithm != reference impl. (Adam Worrall)
Re: Testing Algorithms ("Trevor Jackson, III")
Re: Randomness of coin flips (R. Knauer)
Re: Looking for proof on whitening (Jerry Leichter)
Re: Testing Algorithms (Patrick Juola)
Re: Randomness of coin flips (R. Knauer)
IDEA test vectors? (Dominik Werder)
Re: True Randomness (R. Knauer)
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Testing Algorithms
Date: 22 Feb 1999 09:35:49 -0500
In article [EMAIL PROTECTED],
Trevor Jackson, III [EMAIL PROTECTED] wrote:
Coen Visser wrote:
fungus [EMAIL PROTECTED] writes:
Vegeta-the original Super Saia-jin wrote:
[...]
As far as security goes, key length helps, but it won't make it secure, I
think that DES proves that, it's a joke, and a bad one at that.
So you think a 256 bit key will eventually be brute forced?
Why not? Who can look 50 years into the future or 100 years or 200 years?
You may be underestimating the steepness of exponentials. 2^256 is a fearsome
number. Rather than envisioning a machine (or machines) doing trial
decryptions, try envisioning simply counting up to 2^256.
At forseeable PC speeds of around 1GHz (2^30) you'd need 2^226 machine-seconds.
If you envision machines a billion times faster you need 2^196 machine seconds.
On the other hand, Moore's Law has suggested that machine speed
doubles about ever eighteen months. This means that a machine a billion
times faster (2^30) will only take about 45 years to develop.
A machine 2^200 times faster than current machines -- which *can* brute
force 56-bit keys, will require about 300 years to develop, according
to Moore's law.
Given that people have, for the past 20 years, routinely been claiming
that "Moore's Law cannot hold much longer due to fundamental physical
limitations," it's starting to look like betting that Moore's law
will NOT hold isn't a safe bet.
-kitten
--
From: [EMAIL PROTECTED]
Subject: Crypt for FTP Protocol
Date: Mon, 22 Feb 1999 14:13:01 GMT
My users have repeatedly asked if I could add crypt/cipher to my FTPD so I've
finally got around to looking at it ;) So basically I've trying to find if
there is some easy to use crypt library that would do something usable in this
case.
I've looked at "ssh" ofcourse, and if you wanted to just crypt the
control-session it would be fairly straight-forward to tunnel it, but since
it is required to crypt the data-sessions as well it makes it more
complicated. (Far beyond your average user I suspect?) Although ssh2 comes
with what looks like a library of sorts, ssh2's licence makes it pretty much
useless in that sense. The "sftp" that comes with it breaks FTP-Protocols
too much to be really used (still basic ssh challange before it drops down
into FTP-style protocols).
The problem is, I'm rather a newbie to ciphers. I got the impression that
"ssh" uses RSA public-key to send across a session-key which is then used for
IDEA for the remainer of the session. Would this be sufficient? Are there
better options? PGP? (or is that just RSA again, showing my ignorance :) )
The idea is to add something "not too complex" - to make merging with existing
FTPD and FTP client code fairly straight forward.
Well, basically, any information to aid me and further my knowledge will be
appreciated :)
Lund
= Posted via Deja News, The Discussion Network
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
--
From: Adam Worrall [EMAIL PROTECTED]
Subject: rfc1319 algorithm != reference impl.
Date: Mon, 22 Feb 1999 13:51:41 GMT
In section 3.2 of rfc1319 ('The MD2 Message Digest Algorithm'),
some pseudo-code for generating an initial checksum is given.
(Note that this checksum is appended to the data before the
main message digest algorithm is brought to bear.)
In the middle of the loop (shown below), the pseudo-code in the
RFC shows a byte of the checksum being assigned a value from a
lookup table.
In the reference implmentation, supplied in the RFC itself, the
relevant code *xor's* the current value of the byte with the
value from the lookup table.
I've looked around and seen no mention of this, but it seems
pretty clear that the algorithm does not agree with the reference
implementation. Other implementations all follow the reference,
by the way ;)
The relevant excerpts are shown below; line 137 of the rfc
corresponds to line 186 of the C source code.
==={ rfc1319:~131=140 }===
131 /* Process each 16-word block. */
132 For i = 0 to N/16-1 do
133
134 /* Checksum block i. */
135
