Cryptography-Digest Digest #184
Cryptography-Digest Digest #184, Volume #14 Thu, 19 Apr 01 17:13:01 EDT
Contents:
Minimal Perfect Hashing ("Francois St-Arnaud")
Re: Reusing A One Time Pad ("M.S. Bob")
Re: DL blind signature (Ian Goldberg)
Required Reading For Junior Intelligence Officers (Frank Gerlach)
Re: "UNCOBER" = Universal Code Breaker (newbie)
Re: OTP breaking strategy (Mok-Kong Shen)
Re: Basic AES question (Frank Gerlach)
Re: "UNCOBER" = Universal Code Breaker ("Tom St Denis")
Re: OTP breaking strategy ("Joseph Ashwood")
Re: OTP breaking strategy ("Joseph Ashwood")
Re: I took the $5000 Goldman Challenge ("Tom Gutman")
Re: OTP breaking strategy ([EMAIL PROTECTED])
Re: A practical idea to reinforce passwords (Niklas Frykholm)
Re: newbie: cryptanalysis of pseudo-random OTP? ("M.S. Bob")
Reply-To: "Francois St-Arnaud" [EMAIL PROTECTED]
From: "Francois St-Arnaud" [EMAIL PROTECTED]
Subject: Minimal Perfect Hashing
Date: Thu, 19 Apr 2001 19:47:46 GMT
First, not that I am not at all versed in the math involved in sophisticated
cryptography, so please bear with me...
I have been looking at Minimal Perfect Hashing algorithms
(http://burtleburtle.net/bob/hash/perfect.html in particular) in a attempt
to find an algorithm that fulfills the following requirements. Note that MPH
is probably overkill for what I need to do, but this was my starting point.
The fact that Bob's algorithm above requires a list of all the keys to hash
as a input is not viable for my application.
I'm looking for a simple C algorithm for a function y = f(x) that would take
a 48-bit number x and return another 48-bit number y. f should map x to y in
a one-to-one fashion. f should be one-way, or at least, it should not be
trivial to calculate x knowing y and the algorithm used.
Any thoughts, code snips, links?
Regards,
Francois :)
--
From: "M.S. Bob" [EMAIL PROTECTED]
Subject: Re: Reusing A One Time Pad
Date: Thu, 19 Apr 2001 20:46:41 +0100
Mark G Wolf wrote:
Thanks for the history lesson but my real "question" or curiosity was the
word origins. As best as I can tell "snake oil" came from "snake" for
someone wicked and deceitful, and "oil" from the fact that many "real" cures
of the time relied on varies natural oils and balms, like eucalyptus or
evergreen oil.
Douglas has already answered your question. It comes from the peddling
of snake oil elixirs.
Just as the reference to "kid sister" is not Freudian at all, but a
crypto-slang for security against only the mythical "12 year old kid
sister". Example: monoalphabetic substitution is good only against your
kid sister.
It does not apply if your kid sister works for the NSA or GCHQ.
For other sci.crypt readers interest:
http://groups.google.com/groups?q=mark.wolf%40prodigy.netbtnG=Searchmeta=site%3Dgroups
--
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: DL blind signature
Date: 19 Apr 2001 19:54:48 GMT
[Note: I don't have the particular paper in front of me, so I'm basing
these answers on what usually happens with DL protocols in the subgroup
construction.]
In article 9bnb1s$27$[EMAIL PROTECTED],
Cristiano [EMAIL PROTECTED] wrote:
In many systems (or perhaps in all) for the blind signature based on DL, one
must choose a prime q that divides p-1 (also p is prime) and then a
generator in the moltiplicative group Zq* (cfr Chaum-Pedersen from paper
"Loyalty Program Scheme
for Anonymous Payment Systems" by Arrianto Mukti Wibowo and Kwok Yan Lam).
Careful; g isn't supposed to be a generator for Zq*. g is supposed to
be a generator for the subgroup of Zp* which is of order q.
Doing some trials with small numbers, when I compute the public key y=g^a
mod p (a is my private key) for all ap, the distribution of y may be very
bad; on the contrary, if I compute y=g^a mod q for all aq, the distribution
is as expected: I get all the elements in Zq* (g is a generator!).
Why this "strange" set up?
I think your g may be incorrect. The easiest way to choose g is:
o Let h be a random element of Zp*.
o Let g = h^((p-1)/q) mod p.
o Try again if g=1.
Clearly, g^q mod p = h^(p-1) mod p = 1, so g has order dividing q.
If g is not 1, then since q is prime, g has order exactly q, so g
generates the subgroup of order q of Zp*.
Then if you calculate y=g^a for all aq, you'll get all of the elements
of that subgroup.
My implementation of the algorithm in the above paper at page 13
(Chaum-Pedersen blind signature) doesn't work. The modulo for all the
calculations is not shown. Is it always mod p or mod q?
If you're calculating with group elements, it's mod p. If you're
calculating with exponents, it's mod q.
A last question. At ste
Cryptography-Digest Digest #184
Cryptography-Digest Digest #184, Volume #13 Sun, 19 Nov 00 00:13:01 EST
Contents:
Re: vote buying... (Dan Oetting)
Re: Cryptogram Newsletter is off the wall? (David Hopwood)
Re: Criteria for Simple Substitutions? ("r.e.s.")
Re: vote buying... (David Hopwood)
Re: Client Puzzle Protocol (Bob Silverman)
A Question About Multi-encrypting (Bobby)
Re: Why remote electronic voting is a bad idea (was voting through pgp)
([EMAIL PROTECTED])
Re: A Question About Multi-encrypting (Mathew Hendry)
Re: A Question About Multi-encrypting (Tom St Denis)
Re: Internet Voting Questions (Greggy)
Re: vote buying... (David Schwartz)
Re: A Question About Multi-encrypting (John Savard)
Re: XOR Software Utility (freeware) available from Ciphile Software (Anthony Stephen
Szopa)
Re: vote buying... (David Wagner)
XOR: A Very useful and important utility to have (Anthony Stephen Szopa)
From: Dan Oetting [EMAIL PROTECTED]
Subject: Re: vote buying...
Date: Sat, 18 Nov 2000 17:27:16 -0700
In article [EMAIL PROTECTED], David Schwartz
[EMAIL PROTECTED] wrote:
When you register to vote, you present identification. Once you are
confirmed as eligible to vote, you are given a chit randomly pulled out
of a box. No mapping is kept of who got what chit.
And you could sell this chit for cash and nobody can prove it and nobody
gets hurt. I think you have the perfect system. :)
--
Date: Sun, 19 Nov 2000 00:31:09 +
From: David Hopwood [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Cryptogram Newsletter is off the wall?
=BEGIN PGP SIGNED MESSAGE=
Matt Timmermans wrote:
And even if your software is "trusted", i.e., it contains no bugs and no
code that was written with evil intent, and even if nobody steals your key
or signs anything you don't want signed, digital signitures are still not
semantically reliable.
Let's say I send you a message and it's signed with my private key. What
does that signature mean? Perhaps you take it to mean that I agree to all
the terms and conditions in the message,
Hence the "Nothing in this message is intended to be legally binding."
in my .sig :-)
but perhaps I only meant to assure you that the message originated with me.
For an example of exactly this attack on Microsoft's Authenticode, see
"A Comparison between Java and ActiveX Security,"
http://www.users.zetnet.co.uk/hopwood/papers/compsec97.html
(in particular the IntraApp example, but many of the other problems
described in that paper could also be classified as semantic attacks).
Although the paper was written in 1997, all of the avenues of attack
against both Java and ActiveX are still valid. Many examples of insecure
ActiveX controls have been found, some of which are signed by Microsoft
or installed by default in software bundled by OEMs. For Java, I haven't
checked recently whether injecting unsigned classes into a signed JAR file
still works, but I think it does. The incidence of *reported* security
bugs in Java implementations has apparently gone down, but I think that
is an illusion caused by the fact that only a very small number of people
were working on finding and publicising bugs (most were found by me or
the Secure Internet Programming group at Princeton; I've not been working
on that recently, and I don't think the SIP group has either).
- --
David Hopwood [EMAIL PROTECTED]
Home page PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=BEGIN PGP SIGNATURE=
Version: 2.6.3i
Charset: noconv
iQEVAwUBOhcfAzkCAxeYt5gVAQHYqQf/fsrxpAck9kXzrOS2tlW7s4xGf+nqVwY+
sJAOND849rSxYq9GJTtY5D6jSGUi9qUr/6ORkzgCw8XOrX4hhYoP9tSiOjG3IhgC
qXw3yCD9hWbBHKBlD5aX/h1fF4tCHil+LzRgFNpk0Nw5995lTT5YQosQDJXYgYXo
H8pA1Op2eG01K1ibcR/ZhWJP5OtZA1XgpgODxWP/rrVIFgPZYq2ZuARW9aRCQRfF
XrNdi4S5FxNvWEkdjRABArjkGmOp/7Rege9OTpJsLlmzoqLNkidYaADdXFDcqxHh
zXEpspHB+kORyZhsGRijvDCml5H+UmE6lMEIqZIRh+5J4SG3KxBySw==
=4atg
=END PGP SIGNATURE=
--
From: "r.e.s." [EMAIL PROTECTED]
Subject: Re: Criteria for Simple Substitutions?
Date: Sat, 18 Nov 2000 16:41:17 -0800
"Paul Pires" [EMAIL PROTECTED] wrote in message
news:DcER5.5601$[EMAIL PROTECTED]...
|
| r.e.s. [EMAIL PROTECTED] wrote in message
| news:8v6nvr$9ho$[EMAIL PROTECTED]...
| Here's a basic question about simple substitutions
| when the plaintext ciphertext use the same set of
| characters.
|
| For simplicity, suppose the alphabet is just abcdef,
| so that a substitution can be described by filling
| in the sec
Cryptography-Digest Digest #184
Cryptography-Digest Digest #184, Volume #11 Wed, 23 Feb 00 00:13:01 EST
Contents:
Re: Q: Large interger package for VB? (longreply with source) (Ed Pugh)
Re: US secret agents work at Microsoft claims French intelligence report (wtshaw)
Blair Ciphers? (wtshaw)
Re: Processor speeds. ("Joseph Ashwood")
Passwords secure against dictionary attacks? (Ilya)
Re: Swapfile Overwriter: R.I.P. (Steve K)
Re: Passwords secure against dictionary attacks? (Omar Y. Inkle)
Re: Stuck on code-breaking problem - help appreciated ("Douglas A. Gwyn")
Re: John McCain Encrypt? (ChenNelson)
Re: Passwords secure against dictionary attacks? ("John Galt")
Re: Processor speeds. ("Clockwork")
Re: Passwords secure against dictionary attacks? ("Martin Paquet")
Re: Processor speeds. ("Joseph Ashwood")
Re: Passwords secure against dictionary attacks? (Ilya)
Re: Velvet Sweat Shop in Excel (Arthur Dardia)
Re: Passwords secure against dictionary attacks? ("NutWrench")
From: [EMAIL PROTECTED] (Ed Pugh)
Crossposted-To: comp.lang.basic.visual.misc,comp.lang.basic.visual.3rdparty,sci.math
Subject: Re: Q: Large interger package for VB? (longreply with source)
Date: 22 Feb 2000 22:59:35 GMT
Reply-To: [EMAIL PROTECTED] (Ed Pugh)
Thanks for your follow-up, Michael, but I do not think this is quite
what I am looking for.
It appears that the module you posted does arithmetic on large
precision decimal numbers, NOT integers (or natural numbers).
Also, it did not appear to implement the modulus operation,
which I need.
As well, I noticed that it seemed to have a "naive" implementation
of the exponentiation function which, for the sizes of exponents
I am talking about, would probably take a few millenia to execute!
Does anyone know of any better VB implementations of large integer
packages?
Michael Carton ([EMAIL PROTECTED]) wrote:
I trimmed the NG list.
Why? I added them back!
Ed Pugh wrote:
I want to use Visual BASIC (5.0, pro ed'n, SP3) to do some
prototyping and experimenting with algorithms involving very
large natural numbers or integers.
Does anyone know if and where I can find and download a
*FREEWARE* (or *UNCRIPPLED* shareware) VB class or "library"
that can handle arbitrarily large natural numbers or integers
(up to a few thousand bits long)? (And it has to work with
VB 5.0.)
Here's something I downloaded. Free Source. I tested it with numbers
with up to 2,090 digits. It works.
Bet you did not try a number this size as an exponent (i.e. 2nd
parameter) for the IntPower function! ;-)
[ SNIP - VB module source code ]
Thanks and regards,
--
Ed Pugh, [EMAIL PROTECTED]
Richmond, ON, Canada (near Ottawa)
"Bum gall unwaith-hynny oedd, llefain pan ym ganed."
(I was wise once, when I was born I cried - Welsh proverb)
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: US secret agents work at Microsoft claims French intelligence report
Date: Tue, 22 Feb 2000 16:37:42 -0600
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Dave Hazelwood) wrote:
I don't know. But if I was a major foreign corporation and if a
credible foreign intelligence service came out and said what the
French intelligence service just did I would think twice before
betting my company's future that it wasn't true.
And, especially after disclosure of the "NSAKEY" found in windows
recently.
Remember the snippet above came from a report by the French
Intelligence Service and not some whacko fan of Skully and Moulder.
The more smoke there is, the more one is willing to suspect a fire.
Figure that the French could have people capable of studying source code
after decompiling if necessary. And, perhaps even have intelligence arms
of their own to gather information.
Of course, it couold be a ploy as well as a game. No country, or company
that like to play Intrigue, is apt to put their hand on the table face-up
as long as it considers how to bluff and parry for its own advantage.
--
Regarding healthcare, when GWB became govenor, Texas was 43 in
the nation, now we are 49th. And, I need not tell you about his
bloody support of the death penalty. Reformer?
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Blair Ciphers?
Date: Tue, 22 Feb 2000 16:44:18 -0600
I understand the concept involved, but does anyone have some historical
information on this topic?
--
Regarding healthcare, when GWB became govenor, Texas was 43 in
the nation, now we are 49th. And, I need not tell you about his
bloody support of the death penalty. Reformer?
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Processor speeds.
Date: Tue, 22 Feb 2000 23:13:17 -
Can you name a manufacturer?
Sega Dreamcast is th
Cryptography-Digest Digest #184
Cryptography-Digest Digest #184, Volume #10 Sun, 5 Sep 99 20:13:03 EDT
Contents:
Re: Alleged NSA backdoor in Windows CryptoAPI (Michael J. Fromberger)
Re: NSA and MS windows (David Wagner)
Re: Different Encryption Algorithms ("entropy")
Quantum computing bit in UK computing magazine. (David Hamilton)
visit my side (Rene Stender)
Re: NSA and MS windows (David Wagner)
Re: Quantum computing bit in UK computing magazine.
Re: 512 bit number factored (Robert Harley)
Re: RSA the company (David A Molnar)
Re: Schneier/Publsied Algorithms (Eric Lee Green)
Re: Schneier/Publsied Algorithms (Anne Lynn Wheeler)
Re: point of a cipher
Re: RSA the company (Bill Unruh)
Re: Some law informations... (Withheld)
Re: Pincodes (Walter Hofmann)
Re: Quantum computing bit in UK computing magazine. (Bill Unruh)
Re: DES cfb stream cypher and "whitening" or initialization (Scott Fluhrer)
From: Michael J. Fromberger [EMAIL PROTECTED]
Subject: Re: Alleged NSA backdoor in Windows CryptoAPI
Date: 5 Sep 1999 19:29:18 GMT
In [EMAIL PROTECTED] "Trevor Jackson, III" [EMAIL PROTECTED] writes:
Bruce Schneier wrote:
My guess is that it is really a backup key, and that Microsoft gave
NSA a copy of it for their own internal use (as Don suggests).
Why are we guessing? Is this issue not worthy of a credible
explanation?
(I stated to say "official" explanation, but considering the likely
sources nothing official is likely to be credible).
In all probability, the spin doctors at Microsoft are monitoring what
people are posting around the Internet, to see what kind of damage
control they're going to have to deal with. No point in coming out
with a response, before they have some idea what they need to respond
to. Microsoft may be evil, but they're not entirely stupid...which is
actually worse, when you think about it.
-M
--
Michael J. FrombergerSoftware Engineer, Thayer School of Engineering
sting at linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
opsPb5hoXbcgjoFmw25NPlvPZ3Ydwuwxtl/kgF5iwWz2u0jE6dFrQLbNlSawselanRxZTKNI
Remove clothing if you wish to reply to this message via e-mail.
--
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and MS windows
Date: 5 Sep 1999 13:00:27 -0700
In article 7qsu7i$[EMAIL PROTECTED],
Roger Schlafly [EMAIL PROTECTED] wrote:
Likewise, in the view of many, MS and NSA have too much
power, are too secretive, and are not leveling with us.
Fine. You're saying the "_NSAKEY" is just a symptom of an underlying
problem (namely, that MS uses close source for security-critical projects).
Of course, this is a problem we've known about for a long time, and it's
hardly the first time we've seen a conspicuous symptom of the problem.
But regardless: If it's just a symptom, why are there huge headlines
reporting that, thanks to the "_NSAKEY", the NSA may be able to spy on
every Windows machine in the world? If it is indeed just yet another
symptom of the problem, then all those reports are misleading, deceptive,
and overblown.
--
From: "entropy" [EMAIL PROTECTED]
Subject: Re: Different Encryption Algorithms
Date: Sun, 5 Sep 1999 16:21:46 -0400
thanks for the link. I'll check out the book next time I'm at BN :-)
--
a.
:::entropy:::
ktheory.com
entropy [EMAIL PROTECTED] wrote in message
news:DIUz3.4886$[EMAIL PROTECTED]...
I'm doing a high school research paper on different encryption algorithms,
such as CAST, IDEA, blowfish, RCx, DES, etc. Could anyone point me to
informative web sites pertaining to the differences between these
encryption
methods?
Thank you.
--
a.
:::entropy:::
ktheory.com
--
From: [EMAIL PROTECTED] (David Hamilton)
Subject: Quantum computing bit in UK computing magazine.
Date: Sun, 05 Sep 1999 20:24:25 GMT
=BEGIN PGP SIGNED MESSAGE=
The October 1999 issue (just published) of the UK computing magazine called
'PC Plus' has on page 14 a small piece called 'The Quantum State'. Part of it
says
START QUOTE
'The ramifications for computing are enormous. Boolean logic takes a back
seat to so-called quantum algorithms which, because on and off states exist
at the same time, are able to process all potential strings in a given series
of bits. Only on the read-out of the result (the observation) does the string
have a specific value.
One application of this is in the decryption of encrypted data. Using current
Boolean methods on a supercomputer, a 200-bit encrypted message would take a
trillion years to decrypt. However, only a small quantum computer would be
needed to break the same code in less than an hour.'
END QUOTE
Now, what I know about quantum computing (QC) can be written on a couple of
bits but surely this last sentence is wrong. I thought that public
