Cryptography-Digest Digest #294

2001-05-04 Thread Digestifier 

Cryptography-Digest Digest #294, Volume #14   Fri, 4 May 01 18:13:01 EDT

Contents:
  Re: Message mapping in EC. (Doug Kuhlman)
  Re: Best encrypting algoritme (Jim Gillogly)
  Re: Random and not random (Mok-Kong Shen)
  Re: OAP-L3:  The absurd weakness. (Anthony Stephen Szopa)
  Re: OAP-L3:  The absurd weakness. (Tom St Denis)
  WHY I HATE BOSCHLOO (Fight Boschloo)
  Re: Encryption Algorythm (EE)
  Re: Best encrypting algoritme (Bill Unruh)
  Re: Encryption Algorythm (Tom St Denis)
  Re: Encryption Algorythm (Scott Fluhrer)



From: Doug Kuhlman [EMAIL PROTECTED]
Subject: Re: Message mapping in EC.
Date: Fri, 04 May 2001 13:58:03 -0500



Mike Rosing wrote:
 
 Doug Kuhlman wrote:
  Seems like they were lucky (and/or more is going on than meets the
  eye).  We expect approximately 1/2 of the x values to be on the curve
  (semi-rigorously, due to Hasse-Weil).  With 4 play bits, you would get
  16 possible x-values.  A priori, we would expect to see about 153 (10
  million / 2^16) misses.
 
  With five bits, you get 32 possible values for x, which means about 1 in
  4 trillion values is expected (with no other thought) to miss being on
  the curve.
 
 You lost me.  If 4 bits is 1/2^2^4 then 5 bits is 1/2^2^5 is 1 in 4 billion.
 Or am I missing something?
 
My typo.  You're supposed to read what I *mean*, not what I say! (yes,
that's tongue-in-cheek).  You're right, of course.  2^2^5 is 4 billion,
not 4 trillion.

  I am, of course, assuming that the position of the play bits is fixed,
  so that there is no ambiguity on the receiver's end.  Allowing for more
  movement of these bits increases the chances of success but seems to
  needlessly complicate the system.
 
 Yeah, they have to be fixed.  Using more play bits is better because you can
 introduce randomness, but that's a different problem.
 
Yep.

  I am quite sure many mathematicians *have* looked at it.  And, yes, it
  is quite difficult to prove in practice -- at least as difficult as
  results about densities of primes.  There are lots of factors that go
  into trying to rigorously prove that a point exists in every Hamming
  sphere of radius n.
 
 Where would I find references?  I've been totally guessing at this, am
 not a mathematician, and don't know what keywords to look for.  Any mathematicians,
 please chime in!
 
Well, I am a mathematician.  I've looked into it.  For a while, I
thought it might be my dissertation topic, but it's still too hard a
problem.  My advisor looked into it.  I know guys like Menezes and
Koblitz have asked that question.

Now, as far as publications, I don't know of any.  It's pretty hard to
publish (well, uhh... we looked at this problem.  And, well, we got the
obvious heuristic value.  But, well, that's about it.)  Keywords might
be elliptic curve (too many references), points, Hamming sphere
wouldn't be bad, but my guess is very few (if any) papers include both
Hamming sphere and elliptic curve.

  I do accept the empirical *evidence* that it works, though.  There is
  also some sound mathematical reasoning why it should.  Proof is a ways
  away, though.
 
 Hey, it worked for the 4 color map :-)  In fact, that's kind of how I started
 looking at it.  I plotted rows of consecutive x values to see which half
 plane was covered, and seemed to be randomly distributed.  After some shifting,
 I saw some patterns, but I couldn't correlate them to anything other than
 my brain saw patterns.  I doubt I could follow the math, but I'd still be
 interested in any published papers.
 
Yeah, but the 4-color problem has a lot of limiting structure that
discussions of Hamming spheres in elliptic curves don't.  For one thing,
the size of the base field is allowed to be arbitrarily large, which
leads to an asymptotic estimate, which is always harder to do.  The
rules of mappings are also very well-established, whereas point density
locations in ECs aren't (to my knowledge, anyway).

A more fundamental problem is that a Hamming sphere is not a very nice
abstract algebraic object.  It doesn't obey rules like we want it, too. 
This makes proof extremely difficult.

Since the proof appears to be very difficult and the heuristic appears
to work pretty well, it's hard to justify why anyone should get into the
problem right now.

If you do succeed in finding anything on this topic, though, please let
me know, as I would be quite interested.

Doug

--

From: Jim Gillogly [EMAIL PROTECTED]
Subject: Re: Best encrypting algoritme
Date: Fri, 04 May 2001 12:13:14 -0700

david wrote:
 Im making a backup program, and I don'treally know what is the most secure
 algoritme, im using Rijndael rigth now and using 256 bit keys, are rc6
 stronger or are there others??

The strength of Rijndael will not be the weakest part of your
backup system.  You don't need to shop for a more secure algorithm.
-- 
Jim Gillogly
Sterday, 13

Cryptography-Digest Digest #294

2000-03-10 Thread Digestifier 

Cryptography-Digest Digest #294, Volume #11  Fri, 10 Mar 00 09:13:01 EST

Contents:
  Re: sci.crypt Cipher Contest Web Site (Xcott Craver)
  Re: sci.crypt Cipher Contest Web Site (Xcott Craver)
  Re: PGP Decoy? (Xcott Craver)
  Re: RC4 and salt (Impervious)
  Re: An archiver with secure encryption ("Rick")
  Re: Mixmasters encrypt how? (Anonymous Sender)
  Re: Crypto Patents: Us, European and International. ([EMAIL PROTECTED])
  Re: Passwords secure against dictionary attacks? (TheGolem)
  WTLS Certifcate Format (Anuj Seth)
  ZIP format is gone in the past. ("finecrypt")
  Re: ZIP format is gone in the past. ("ink")
  Re: Passphrase Quality ? (Mok-Kong Shen)
  Re: Universal Language (Mok-Kong Shen)
  Re: PGP Decoy? (Russell Horn)
  Re: Best language for encryption?? (SCOTT19U.ZIP_GUY)



From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: sci.crypt Cipher Contest Web Site
Date: 10 Mar 2000 09:13:40 GMT

SCOTT19U.ZIP_GUY [EMAIL PROTECTED] wrote:

  AES is a fucking joke. The only time it would be worht looking at is when
they finally pick a final cnadidate becasue we can be sure it will be weak
so the NSA can read what is encrypted with it. 

Well, maybe you could just crack all those AES submissions,
then.  I mean, if they're so obviously weak, and all.

David A. Scott

**NOTE EMAIL address is for SPAMERS***

Sorry for the spelling flame, but you've been using this 
signature for a very long time.  It's "SPAMMERS," with two 'M's.

-S


--

From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: sci.crypt Cipher Contest Web Site
Date: 10 Mar 2000 09:21:40 GMT

[EMAIL PROTECTED] wrote:

Mr. Silverman,

I have spent a huge amount of time studying the finalist in AES.  Just
like everbody else I haven't found much of anything. I have had alot of
fun and education, however.

Studying a cipher that is almost certainly secure is a poor way to
learn.  A better way is to study ciphers that have weakness but with the
exact nature of the weakness unknown to you.

Hey, another possibility for a contest.

What about a monthly contest, where someone constructs a
cipher or protocol with a certain set of subtle weaknesses, and
challenge the group to find them?  Not a cryptography contest,
but an analysis contest.  I mean, any illiterate dink can author
a cipher.

Any ciphers that are submitted by members of this group are likely to
contain some weakness.  In fact, it would be fun to design in a weakness
and see if anybody could find it, perhaps I'll do that.

Oops, I should have read further before replying.  Yes, 
wot you said  :D 

--Matthew
-S


--

From: [EMAIL PROTECTED] (Xcott Craver)
Crossposted-To: comp.security.pgp.discuss,alt.security.scramdisk
Subject: Re: PGP Decoy?
Date: 10 Mar 2000 09:34:55 GMT

Thomas J. Boschloo [EMAIL PROTECTED] wrote:

Maybe Steganography will do the job for you. You can then just hide the
word document inside a .wav, .bmp or .gif file. Scramdisk 3 will do this
when it is finaly released I believe I heard the author say in
news:alt.security.scramdisk. 

Better yet, there's an entire steganographic filesystem, developed
at Cambridge U.  The files are hidden in unused blocks on your
disk, all unused blocks littered with random noise, so that 
there's no way to tell without the appropriate key whether 
the unused blocks contain nothing or something, or how many or
how large files are saved in it.

See http://ban.joh.cam.ac.uk/~adm36/StegFS/.  It's for Linux,
and is GPLd.  

-S

--

From: [EMAIL PROTECTED] (Impervious)
Subject: Re: RC4 and salt
Date: Fri, 10 Mar 2000 09:52:39 GMT

Sorry for the newbie question, but what is "salt"? Are we talking
password hashing here? If so, I had a question concerning RC4 password
hashing... Can I use SHA to create a hash and then use MD5 to hash the
hash? Is this a good idea or stupid?  Please be kind :)

--

From: "Rick" [EMAIL PROTECTED]
Subject: Re: An archiver with secure encryption
Date: Fri, 10 Mar 2000 04:05:27 -0600

"Tom St Denis" [EMAIL PROTECTED] wrote in message
news:RWTx4.9374$[EMAIL PROTECTED]...

 Steve A. Wagner Jr. [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]...
  *** The United States government may restrict download of this software.
  ***
 
  Fully enabled Shareware -- http://mndrppr.home.mindspring.com/
 
  I hope you find it useful, and send me some comments either way.
 
  Algorithms: Triple-DES, TwoFis