Cryptography-Digest Digest #226
Cryptography-Digest Digest #226, Volume #14 Tue, 24 Apr 01 19:13:01 EDT Contents: Re: XOR TextBox Freeware: Very Lousy. (David Schwartz) Re: RSA-like primes p and q (Tom St Denis) Re: Censorship Threat at Information Hiding Workshop (David Wagner) Re: Censorship Threat at Information Hiding Workshop (Tom St Denis) Re: Security proof for Steak (Henrick Hellström) Re: Security proof for Steak (Tom St Denis) Re: Security proof for Steak (Henrick Hellström) Re: Security proof for Steak (Tom St Denis) Re: Delta patching of encrypted data (Anon) Re: Censorship Threat at Information Hiding Workshop (Roger Schlafly) primitive elements in GF(2^W) (Tom St Denis) Re: Gurus: Please show weaknesses in this (Brett) From: David Schwartz [EMAIL PROTECTED] Subject: Re: XOR TextBox Freeware: Very Lousy. Date: Tue, 24 Apr 2001 14:12:29 -0700 David Formosa (aka ? the Platypus) wrote: In any realistic application, the XOR function is crackable. Generally, you attack the means of distributing the OTP. The big flaw in XOR is it shifts the burden of keeping the cipher secure from the cipher itself to the user. Isn't this the rule of good crypto? All streanth should be in the key? Then why use any crypto at all? If you had a way to distribute and secure a key that was the same length and sensitivity as the plaintext, just call the plaintext the key and send all zeroes over the unsecured channel. DS -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: RSA-like primes p and q Date: Tue, 24 Apr 2001 21:30:10 GMT John Savard [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... On Tue, 24 Apr 2001 12:54:43 GMT, Tom St Denis [EMAIL PROTECTED] wrote, in part: Yup. In fact (p-1)/2 should be a large prime which simplifies the description (and is more secure). Of course making such primes takes an awfully long time... Actually, it's not that bad. There's a downloadable program somewhere for finding Sophie Germain primes and similar numbers, and it works quite well. I could write my own in about 3 minutes... Or use maples safeprime ... :-) Tom -- From: [EMAIL PROTECTED] (David Wagner) Subject: Re: Censorship Threat at Information Hiding Workshop Date: 24 Apr 2001 21:30:56 GMT Paul Pires wrote: As Donald Nash pointed out, copyright theft is the stealing of ones labors or services that one has secured their rights to. Once again, this is a misleading metaphor. Theft of physical property deprives the owner of the property. Theft of intellectual property may deprive the owner of the chance to get paid for another copy of the IP, but doesn't deprive the owner of the original good. Using the word theft to refer to uncompensated copying of IP may be effective rhetoric when trying to sway the public with soundbites, but to the better-informed it is likely to simply come off as deceptive or disingenuous. As always, whoever establishes their metaphor in the public eyes is in a good position to get their favorite laws passed, but such metaphors can be deceiving. -- From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Censorship Threat at Information Hiding Workshop Date: Tue, 24 Apr 2001 21:42:47 GMT David Wagner [EMAIL PROTECTED] wrote in message news:9c4rag$6n5$[EMAIL PROTECTED]... Paul Pires wrote: As Donald Nash pointed out, copyright theft is the stealing of ones labors or services that one has secured their rights to. Once again, this is a misleading metaphor. Theft of physical property deprives the owner of the property. Theft of intellectual property may deprive the owner of the chance to get paid for another copy of the IP, but doesn't deprive the owner of the original good. Using the word theft to refer to uncompensated copying of IP may be effective rhetoric when trying to sway the public with soundbites, but to the better-informed it is likely to simply come off as deceptive or disingenuous. As always, whoever establishes their metaphor in the public eyes is in a good position to get their favorite laws passed, but such metaphors can be deceiving. Right on. The biggest problem is that copying music without permission is wrong, but what do you call it? It's not theft for sure because as you stated they get to keep their copy, but it's not legitimate since you didn't acquire your copy lawfully. Anyways, this is OT for this group, may I suggest follow-ups move to emails or another group please? Tom -- From: Henrick Hellström [EMAIL PROTECTED] Subject: Re: Security proof for Steak Date: Tue, 24 Apr 2001 23:45:19 +0200 Tom St Denis [EMAIL PROTECTED] skrev i meddelandet news:jskF6.47671$[EMAIL PROTECTED]... Henrick Hellström [EMAIL PROTECTED] wrote in message news:9c4ht3$sqo$[EMAIL PROTECTED]... It is close
Cryptography-Digest Digest #226
Cryptography-Digest Digest #226, Volume #13 Sat, 25 Nov 00 18:13:00 EST
Contents:
Re: DES question: Has this ever been proven before? (Francois Grieu)
Re: vote buying... (Mok-Kong Shen)
RSA: Choice of p,q dependent on input size? ("Arild Kvalbein")
Re: ciphertext smaller than blocksize (Marc)
Re: Cryptogram Newsletter is off the wall? (Anne Lynn Wheeler)
Re: A Simple Voting Procedure (Dan Oetting)
Re: A Simple Voting Procedure (David Schwartz)
Partial Image Encryption References (Raphael Benedet)
Re: Mode of operation to maintain input size with block ciphers? (Tim Tyler)
Re: hardware RNG's (Tim Tyler)
Re: does faster FPU and large cache improve en/decryption speed? (John Savard)
Re: DES question: Has this ever been proven before? (David Wagner)
Re: Partial Image Encryption References (John Savard)
Re: DES question: Has this ever been proven before? (Francois Grieu)
Re: hardware RNG's (David Schwartz)
Re: Partial Image Encryption References (John Bailey)
Re: Cyrptography Digest Archive ? ("John A. Malley")
Re: RSA: Choice of p,q dependent on input size? (Francois Grieu)
From: Francois Grieu [EMAIL PROTECTED]
Subject: Re: DES question: Has this ever been proven before?
Date: Sat, 25 Nov 2000 12:20:34 +0100
[revised post]
David Wagner wrote:
Francois Grieu wrote:
The only "drawback" I can think compared to my previous technique
is that the X and Y found by cycle-finding look random, when mine
tend to be 0 (or some choosen value) in the left half.
If you want X and Y to be 0 in the left half (or some fixed value),
you can adapt the parallel collision search algorithm to this case,
too. Let trunc_n(x) denote the first n bits of x, and x||y denote
the concatenation of x and y. Then you can define
f(X) = 0 || trunc_32(DES_k(X) xor X)
and iterate f until you find a collision. (This is the basic idea,
and it can be tweaked a little bit to improve the constant factors,
I think.)
Uhm.. since f(X) above has 32 usefull bits in its result and
otherwise behaves as a random function, if I search collisions
on f(X), odds are I'll find a collision after 2^16 or so attempts,
but it wont help to solve the whole problem.
On the other hand I could use
f(X) = DES_k(X0x) xor (X0x)
and look for collisions; if distinct X and Y collide,
then X' = X0x and Y' = Y0x
will indeed verify
DES_k(X') xor X' = DES_k(Y') xor Y'
but X' and Y' could be equal. Without proof, I feel that, unless
I am lucky enough to find a collision fast (say before 2^31
iteration), it looks like a plausible scenario. Also, f(X) no
longer behaves like a random function after 2^31 distinct values,
so I wonder if it could happen that the collision I find when
iterating f() is for the X used at start, and thus useless. If
the mask kept few bits (say 16), I think this would be the most
likely case.
We could change the mask to keep say 48 bits, and probably it'll
work again. Still, I think brute force has an edge to find
collisions with 32 or so fixed bits.
Francois Grieu
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: vote buying...
Date: Sat, 25 Nov 2000 14:02:19 +0100
David Wagner wrote:
David Schwartz wrote:
The problem is, this also means that there's no way for you to ensure
that your vote actually got cast the way you meant it to.
That's not quite true. The great thing about our voting system is that
it's easy to check up on how they're operating. You can stand at the
polling place all day and make sure they always put all ballots in the
locked box. You can go watch the hand count. You can volunteer to help.
In other words, it's an open system, where one can readily verify that the
security procedures are not being violated, and where it is intuitive
why those procedures ensure that your vote will be counted fairly.
That's an important property.
IMHO, we should be reluctant to accept any electronic voting system that
does not preserve this transparency property.
A short article by Mercuri in CACM 43 (2000) No. 11, p.176,
may be also of some intersest.
M. K. Shen
--
From: "Arild Kvalbein" [EMAIL PROTECTED]
Subject: RSA: Choice of p,q dependent on input size?
Date: Sat, 25 Nov 2000 14:38:45 +0100
My textbook in data security and cryptography includes the following
question as an exercise:
"Find primes p and q so that 12-bit plaintext blocks could be encrypted with
RSA"
Are there constraints to the values of p and q depending on the format/size
of the input you want to encrypt? Or did I misunderstand the question?
TIA
--
Arild Kvalbein
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--
From: [EMAIL PROTECTED] (Marc)
Subject: Re: ciphertext smaller than blocksize
Date:
Cryptography-Digest Digest #226
Cryptography-Digest Digest #226, Volume #11 Wed, 1 Mar 00 02:13:01 EST
Contents:
Re: First contact, establishing password without public keys (Paul Rubin)
Re: Can someone break this cipher? ("Douglas A. Gwyn")
ASCII values ("Brian Bosh")
Re: Passwords secure against dictionary attacks? (Walter Roberson)
Re: Want to poke holes in this protocol? (Johan Hoogenboezem)
Re: Want to poke holes in this protocol? (Johan Hoogenboezem)
Re: First contact, establishing password without public keys (Ken Savage)
Re: Can someone break this cipher? ("Trevor Jackson, III")
Re: Can someone break this cipher? ("Trevor Jackson, III")
Re: Best language for encryption?? ("Trevor Jackson, III")
Re: ASCII values ("Douglas A. Gwyn")
Re: First contact, establishing password without public keys ("Marty")
Re: First contact, establishing password without public keys (Ken Savage)
Re: are self-shredding files possible? (Wilfried Kramer)
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: First contact, establishing password without public keys
Date: 1 Mar 2000 04:03:05 GMT
In article [EMAIL PROTECTED], Ken Savage [EMAIL PROTECTED] wrote:
grin Uuuuh, now what? :) :)
Eve listening in on this hears "I know a pair of strings whose CRC
value is x" -- but it is difficult for Eve to CREATE a string whose
CRC value is x. YET ALONE, create a *PAIR* of strings with those
CRC values. YET ALONE 16-byte strings beginning with a specific
8 byte header (which Eve knows, since Alice broadcast them)...
In other words, Eve cannot easily create the string pairs in a
respectable amount of time, certainly not for all 'n' requests.
Can this difficulty be used to secure first-time communications?
1. If Eve is an active MITM attacker, how do you know that Eve hasn't
changed 'x' to 'y', where y is a value where Eve has
pre-computed hash collisions?
2. Actually, it's trivial to find strings (or pairs of strings) with
any CRC you want, but you can use cryptographic hashes instead.
Somewhere I have a doc from way back about a sort-of-similar proposal
for authenticating an encrypted chat system. It's a natural language
protocol--instead of "hashes to x" it's a "here's the answer,
what's the question" type of thing--so it gets around the "change
x to y" problem by requiring the attacker to actually understand
the words in the sentence (which might relate somehow to an ongoing
conversation). A dedicated human eavesdropper might be able to fake
this fast enough, but it could be quite hard for an automated program,
at least with current technology.
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: Can someone break this cipher?
Date: Wed, 01 Mar 2000 04:07:57 GMT
JPeschel wrote:
Thanks, Doug.
You're welcome. The notion of "context" is extremely important,
and if properly taken into account would reduce arguments by a
large factor -- people often assume different contexts, then argue
about what is "true" or "false" without recognizing the assumptions.
--
From: "Brian Bosh" [EMAIL PROTECTED]
Subject: ASCII values
Date: Tue, 29 Feb 2000 21:24:42 -0700
On my encryption program, the ASCII key value AVERAGE is extremely important
for coding. I have found that a key with the same ASCII total value, of the
same length can pass as the key very well.I have taken steps to build the
decryption process dependently, e.g. looking at a certain spot in the key
for an extra character relational to the length. The reason I'm worried is
because it is symmetrical encryption, thus, people don't want 600+ character
keys. So does any one know how to make only ONE key, even if two share an
ASCII average, work with a text? Thnx in advnc.
Brian
becubed.cjb.net
--
From: [EMAIL PROTECTED] (Walter Roberson)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: 1 Mar 2000 04:38:29 GMT
In article [EMAIL PROTECTED], jungle [EMAIL PROTECTED] wrote:
:my assumption [ 4 random characters ] provide key space of 10 to power of 48
:I will leave you for evaluation ...
For a key space of 10^48 over four characters, each character would have to
be chosen from amongst 10^(48/4) = 10^12 = different values.
You would have to be using an alphabet of a billion different symbols
to give the keyspace you claim with only four characters.
If you are selecting from the binary alphabet of 255 different symbols
(0 being reserved for end-of-string) [we'll ignore the difficulties
in convincing your keyboard to enter characters with their high bit set
for the moment], then four characters would give a keyspace of 255^4
possibilities, which
Cryptography-Digest Digest #226
Cryptography-Digest Digest #226, Volume #10 Sun, 12 Sep 99 23:13:04 EDT
Contents:
peekboo has a home now (Tom St Denis)
Re: arguement against randomness (GuildMaster Arrataz)
Re: Q: Cross-covariance of independent RN sequences in practice (The Asshole)
Re: Schneier/Publsied Algorithms (Bruce Schneier)
Re: Mystery inc. (Beale cyphers) (sha99y0)
Re: Looking for an asymmetric system (Thierry Moreau)
Re: 13 reasons to say 'no' to public key cryptography ("ME")
Re: "NSA have no objections to AES finalists" (Bruce Schneier)
Re: 13 reasons to say 'no' to public key cryptography ("rosi")
Re: Sources of randomness (Scott Nelson)
Re: primes in dh (DJohn37050)
Re: 13 reasons to say 'no' to public key cryptography (Tom St Denis)
Re: Schneier/Publsied Algorithms (Tom St Denis)
Re: Ritter's paper (Terry Ritter)
primes in dh (Tom St Denis)
From: Tom St Denis [EMAIL PROTECTED]
Subject: peekboo has a home now
Date: Sun, 12 Sep 1999 22:15:47 GMT
You can find peekboo at www.cell2000.net/security/peekboo/
from now on. Steven Alexander has graciously opted to host the site.
If anyone wants to hack at it (or break it) give it a shot, the source is
there I have to clean up the source a bit (it works relative to C:\toms\
on my hd) but if you just make a C:\toms directory it should compile with
lcc-win32 with little trouble.
Thanks for all the offers from other websites, this is what makes usenet
usefull!
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: GuildMaster Arrataz [EMAIL PROTECTED]
Subject: Re: arguement against randomness
Date: Sun, 12 Sep 1999 18:00:00 -0500
Douglas A. Gwyn wrote:
Tim Tyler wrote:
elarson [EMAIL PROTECTED] wrote:
: It doesn't take a pompous genuis to see the randomness of Nature.
If the universe is deterministic, all this is dead wrong.
No, randomness and determinism are not exact opposites.
Uh, I don't know about you, but most stat CS people I know use
"determinism" to mean: If you input A, and B comes out, then B will
come out consistently when you output B...
(IE, in math terms, if f is a function f is deterministic = if f is
well defined.)
This IS the EXACT opposite of randomness, which says, among other
things,that given the same input a, you can get different results b c.
GuildMaster Arrataz
===
Don't Like My Views? Complain to my Professors. :)
--
From: The Asshole [EMAIL PROTECTED]
Subject: Re: Q: Cross-covariance of independent RN sequences in practice
Date: Sun, 12 Sep 1999 17:55:34 -0500
Tony T. Warnock wrote:
The Asshole wrote:
Douglas A. Gwyn wrote:
Mok-Kong Shen wrote:
... Exact zero of cross-covariance is required by independence.
No, it is not, no more than zero standard deviation is required
for the mean of a truly random variable. Statistical independence
differs from algebraic independence in just such ways.
Your statement makes no sense statistically.
1st: By definition, independent variables have covariance = 0.
2nd: If any "random" variable has standard deviation= zero, we call it
a constant. A truly random variable MUST have a standard deviation 0.
Partly true. Independent random variables have covariance=0 but this is not
sufficient.
I realize this. I was correcting his statement re:
... Exact zero of cross-covariance is required by independence.
No, it is not
I didn't say it was sufficient, just necessary. Thus my statement is
WHOLLY true.
A constant may be a random variable. Not a very interesting one. The term
random variable is like the Holy Roman Empire, neither random nor variable.
It only means a measurable function.
Notice the quotes around random. I was emphasizing that a constant is
not random. It may be a random variable, but it is not a "random"
variable. Catch the Difference?
TA
Hint: Make sure you read someone's text and understand what they are
saying BEFORE posting a correction, that turns out, in this case, to be
unnecessary.
--
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Schneier/Publsied Algorithms
Date: Mon, 13 Sep 1999 00:07:10 GMT
On Fri, 10 Sep 1999 16:30:07 +0200, Anonymous
[EMAIL PROTECTED] wrote:
Mr Green...could you please let Bruce Schneier reply to my question...
The Question was not addressed for you...Are you incharge of the Schneier fanclub..??
Bruce..perhaps you can answer this q?
The coe for 2fish on your site is 16 months old...
Yes. That's when it was due.
Do you have any new code or cleaner implementation for commercial use??
No. We don't have any comme
