Cryptography-Digest Digest #281
Cryptography-Digest Digest #281, Volume #13 Wed, 6 Dec 00 08:13:01 EST
Contents:
Re: Journal of Craptology (Mok-Kong Shen)
Re: DES and Salt (Mok-Kong Shen)
Re: Are AES algorithms export restricted? (Mok-Kong Shen)
Re: DES and Salt ("Mike The Man")
Re: MD5 byte order (Herbert Kleebauer)
Re: weten we die PIN? (David Dylan)
Re: weten we die PIN? (David Dylan)
Re: weten we die PIN? (David Dylan)
Idea for ciphering? (Jorgen Hedlund)
Re: weten we die PIN? ([EMAIL PROTECTED])
Re: weten we die PIN? ([EMAIL PROTECTED])
Re: Simulataneous encryption and authentification (was IBM's new algorithm)
(Francois Grieu)
Idea for ciphering? (correction w/ addition) (Jorgen Hedlund)
Re: Are AES algorithms export restricted? ("Brian Gladman")
Re: Are AES algorithms export restricted? ("Brian Gladman")
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Journal of Craptology
Date: Wed, 06 Dec 2000 10:14:54 +0100
David A Molnar wrote:
Eric Lee Green [EMAIL PROTECTED] wrote:
Something to think about while we talk about the effectiveness of
encryption algorithms and such... i.e., that you can have the
strongest encryption in the world and it's no good if somebody gives
the attacker the key (whether voluntarily or no).
This is why forward security is important.
At least then you can limit the damage a bit.
Sorry for my ignorance. What is 'forward security'?
As long as the 'severe' pseudo-democratic governments exist,
steganography (there are widely different forms) will remain
an important issue for information privacy. It may be of
interest to note that some leading experts in information
hiding are from regions with apparently higher demands of
such protections.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: DES and Salt
Date: Wed, 06 Dec 2000 10:14:34 +0100
[EMAIL PROTECTED] wrote:
"Mike The Man" [EMAIL PROTECTED] wrote:
The first input value is all zeroes, then the DES-output is fed back
to the
input for the next DES.
This is repeated 25 times.
That's correct. But, where do you use the salt? It's used to modify
the expansion function (there are 2^12 = 4096 variations).
Could anyone tell me, if this is right?
I like to remark that this means that (1) One modifies a
little bit a standard algorithm to obtain varaints (mutants),
(2) One uses multiple encryption up to as much as 25 times,
and (3) These have apprarently found good acceptance and
proved useful in practice.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Are AES algorithms export restricted?
Date: Wed, 06 Dec 2000 10:35:32 +0100
Bill Unruh wrote:
Greggy [EMAIL PROTECTED] writes:
It just seemed to me as I was reading another post here that none of
the AES algorithms could possibly be export restricted from within the
US since they were all published during the AES contest. Am I
correct? Or did I miss something in my thinking here?
They are all export restricted. It is entirely legal to export printed
copies of algorithms. It is just not legal to export code without a
license (unless it is opensource code, in which case it does not need a
license, . read the law.)
They are all freely available outside of nations having
export regulations via the web page of NIST. So I suppose
one way to cope with the situation could be to leave a
stub in the delivered code of an application containing
such an algorithm as a component and let the customer to
download the necessary piece of 'sinister' and 'forbidden'
stuff himself and plug it in.
BTW, an information for those who engage in crypto software
business: A recent motion to modify the European patent
laws to allow software patents failed. There will therefore
be no European software patents.
M. K. Shen
===
http://home.t-online.de/home/mok-kong.shen
--
From: "Mike The Man" [EMAIL PROTECTED]
Subject: Re: DES and Salt
Date: Wed, 6 Dec 2000 10:36:03 +0100
Thanks, that's another step forward for me.
I'm sorry to say it's still not working.
Regarding the salt, yes it's implemented in the expansion function, I've
tried to do it two different ways and both came out with the same result, so
I think it's OK.
It's taken from an Internet-document called "UNIX Password Encryption
Considered Insecure"
An example.
I've typed in a linux password "", the result was: omjTAi4EUHsh6
The salt (om) is in hex: d32.
The 25DES (jTAi4EUHsh6) is in hex: bdf32e190813e2d2.
In my application I type in the DES key (leftshifted ) in hex as:
8282828284848484
And the salt: d32
Then after the 25DES I get: a2987a7d32472e28
I sure appreciate all help /Mike
[EMAIL PROTECTED] skrev i meddelandet
Cryptography-Digest Digest #281
Cryptography-Digest Digest #281, Volume #10 Mon, 20 Sep 99 16:13:04 EDT
Contents:
Re: Okay "experts," how do you do it? (John Savard)
Re: Comments on ECC ("Joseph Ashwood")
Re: Okay "experts," how do you do it? ("Joseph Ashwood")
Re: some information theory (SCOTT19U.ZIP_GUY)
Re: Yarrow: a problem -- am I imagining it? (Eric Lee Green)
Re: Ritter's paper (Mok-Kong Shen)
Re: Which of these books are better ? (Anton Stiglic)
Re: (US) Administration Updates Encryption Export Policy (SCOTT19U.ZIP_GUY)
Re: Okay "experts," how do you do it? ("Trevor Jackson, III")
Re: Glossary of undefineable crypto terms (was Re: Ritter's paper) (Patrick Juola)
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Okay "experts," how do you do it?
Date: Mon, 20 Sep 1999 18:00:17 GMT
Sundial Services [EMAIL PROTECTED] wrote, in part:
Fighting this notion of human supremacy as long as I can, :-), and for
the sake of argument :-) :-), I submit again the contrarian question...
exactly WHAT is it that we are learning?
Is it simply an issue that we don't have an effective way to represent
the cipher in a way that the computer can be made to test it? I
question this, because nearly all ciphers these days are computer
functions. The computer does the encipherment; why can't the computer
readily test the quality of the encipherment? If humans alone can do
this testing then... "why? why? why??"
C'mon, gentlebeings, play along. ;-)
Computers are good at doing arithmetic, and "doing the encipherment"
is just doing arithmetic.
Pattern recognition is much harder.
Of course some elementary statistical tests on ciphertext can be
easily computerized, but it's trivial to design a cipher system to
pass those tests, and passing them doesn't imply security.
Studying a cipher design, and finding flaws unique to that design,
requires real thought. Original thought isn't something easily
computerizable; what cryptanalysts do is similar to what
mathematicians do, and computers aren't in danger of replacing _them_
any time soon either.
John Savard ( teneerf- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Comments on ECC
Date: Mon, 20 Sep 1999 10:53:55 -0700
[snip]
Especially when one considers the source of the quoted
statement (the "A" in RSA), it should be taken with a grain of salt, as
ECC is
an algorithmic competitor to RSA and is "stronger, shorter, faster, etc."
[snip]
Actually having spent a significant amount of time discussing cryptography
in general, and public-key cryptography in particular, with Adleman, I have
confidence in his abilities and lack of his ego getting in the way of his
judgement. He has even been known to tell his classes that he believes that
the factoring problem will fall, and take RSA with it. I will admit that he
did say that he wasn't sure if he'd live long enough to see it fall, but
then again I'm not even truly convinced that the factoring problem will
completely fall. While Adleman may not have built the reputation of Rivest
in the cryptographic field, he is in his own right a relatively unbiased
individual, and I will gladly say that if he has his doubts about ECC, then
I will need to see proof (not simply speculation) to the contrary.
Joseph
--
From: "Joseph Ashwood" [EMAIL PROTECTED]
Subject: Re: Okay "experts," how do you do it?
Date: Mon, 20 Sep 1999 11:29:48 -0700
I propose this as sort of a step in the right direction (towards a good test
box).
We simply implement every know break, and use them to create a fuzzy value
(floating point unmber [0,1]) indicating the assuredness of the security of
the design. While this could in no way help us with something as powerful as
the AES candidates, it would eliminate a large number of ciphers that are
insecure, and would allow the examination of new methods to progress to a
developmental stae instead of simlpy having to go over old ground over and
over. I'm sure that with our combined knowledge we would be able to develop
a series of tests that would test for the known varients of Slide, Linear,
Differential, etc tests, and we could expand it as more information becomes
available. Who knows maybe it'll help us actually do something useful with
our lives instead of all of us trying to use a Slide attack on Scott19
(whether or not it works, the point remains that having 100's of people
doing the same thing is wasted effort), also given these fuzzy values we
could optimize our attack knowing where the holes are likely to be, if there
are any. That means that at any given time there would exist a computer
program capable of near state of the art cryptanalysis, something absolutely
vital in ord
