Cryptography-Digest Digest #60
Cryptography-Digest Digest #60, Volume #14Mon, 2 Apr 01 06:13:00 EDT
Contents:
Re: AES VS. DES (Benjamin Goldberg)
Re: AES VS. DES (Pascal Junod)
Re: Data dependent arcfour via sbox feedback (Benjamin Goldberg)
Re: Malicious Javascript in Brent Kohler post (was: Re: Who is Brent K (Benjamin
Goldberg)
Re: Estimation of the keygen time (Bob Deblier)
Re: AES VS. DES ("Douglas A. Gwyn")
__(Preliminary Program) EuroCrypt 2001, May 6 - 10 (kctang)
Favor needed from intl IE 5.0 user, please test this SSL site (Paul Rubin)
Re: conferences? (Paul Rubin)
Re: AES VS. DES (Pascal Junod)
Re: AES VS. DES (Volker Hetzer)
Re: AES VS. DES ("Brian Gladman")
Re: Data dependent arcfour via sbox feedback ("Bryan Olson")
Re: Data dependent arcfour via sbox feedback ("Bryan Olson")
Re: DES key replacement. (Paul Schlyter)
From: Benjamin Goldberg [EMAIL PROTECTED]
Subject: Re: AES VS. DES
Date: Mon, 02 Apr 2001 05:59:45 GMT
Latyr Jean-Luc FAYE wrote:
Hello,
It's the 2nd time I post this message.
I would like to know what are the difference between AES and its
precursor DES.
DES uses a Feistel structure, AES uses a ... I dunno what it's called,
precisely, it's wierd :)
DES has 56 bits of security, AES is believed to have 128, 192, or 256
bits of security.
DES uses 64 bit blocks, AES uses 128 bit blocks. Rijndael can use
larger blocks if desired.
DES is pretty fast in hardware, but godawful slow in software. AES is
reasonably fast in both.
What are the advantage of AES vs DES.
AES has bigger blocksize, bigger keysizes, and is faster.
The first time, I got a nice answer of someone on the NG with a link
to his page about AES and I learnt lot of stuff.
Perhaps John Savard's crypto site?
http://home.ecn.ab.ca/~jsavard/crypto.htm
To go directly to his rijndael page, use this url
http://home.ecn.ab.ca/~jsavard/crypto/co040801.htm
For stuff about AES, I would recommend
http://www.nist.gov/aes
But I lost the link. In fact I ma just hoping that anybody having a
website on AES or knowing a personnal website on AES will give me
links. May be I will find the one I lost.
If it isn't one of the ones I gave, then try using a search engine.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
--
Date: Mon, 2 Apr 2001 08:21:26 +0200
From: Pascal Junod [EMAIL PROTECTED]
Subject: Re: AES VS. DES
On Sun, 1 Apr 2001, Brian Gladman wrote:
[snip]
DES is still a very good cipher that has not been broken but increases
in ... [snip]
Do you ever read about linear cryptanalysis, differential cryptanalysis ?
I'm not quite sure one can claim that DES is "unbroken"...
A+
Pascal
--
~~
* Pascal Junod, [EMAIL PROTECTED] *
* Laboratoire de Sécurité et de Cryptographie (LASEC)*
* INF 240, EPFL, CH-1015 Lausanne, Switzerland ++41 (0)21 693 76 17 *
* Place de la Gare 12, CH-1020 Renens ++41 (0)79 617 28 57 *
~~
--
From: Benjamin Goldberg [EMAIL PROTECTED]
Subject: Re: Data dependent arcfour via sbox feedback
Date: Mon, 02 Apr 2001 06:34:44 GMT
The patent does not apply to the proposed cipher, but for an entirely
different reason than the one Bryan Olson claimed.
The proposed variant combines one single input stream of data with the
internal state of a cryptographic object, and produces as output one
single stream of data (and modifies the object's state).
The Dynamic Substitution patent covers combining two input streams with
each other and with the state of a cryptographic object, and producing
one single output stream (and modifying the object's state).
The difference between the proposal and the patent is the number of
input streams, one versus two.
Here's the proposed modified RC4:
byte x, y, z, sbox[256];
encipher(byte data) {
x = (x + 1) 255;
y = (y + sbox[x]) 255;
swap( sbox[x], sbox[y] );
data ^= sbox[(sbox[x] + sbox[y]) 255] ^ z;
z ^= sbox[data];
return data;
}
decipher(byte data) {
x = (x + 1) 255;
y = (y + sbox[x]) 255;
swap( sbox[x], sbox[y] );
data ^= sbox[(sbox[x] + sbox[y]) 255];
z ^= sbox[data];
data ^= z;
return data;
}
If persons A and B both start with a particular sbox, x, y, z, then A
sends r=encipher(q), then B can calculate q=decipher(r).
Here's an example of Dynamic Substitution:
byte sbox[256], sibox[256];
encipher(byte data1, byte data2) {
byte dataout = sbox[sbox[data1]];
swap( sbox[sbox[data1]], sbox[data2] );
return dataout;
}
decipher(byte data1, byte data2) {
byte temp = sibox[data1];
byte dataout = sibox[temp];
swap( sibox[data1], sibox[sbox[data2]] );
swap( sbox[temp], sbox[data
Cryptography-Digest Digest #60
Cryptography-Digest Digest #60, Volume #11Sun, 6 Feb 00 18:13:01 EST
Contents:
Re: need help with a basic C++ algorithm ("Adrian DuChant")
Re: NIST, AES at RSA conference (David Wagner)
Re: Merkle hash tree patent expired (Darren New)
Re: permission to do crypto research ("Roger Schlafly")
Re: ([EMAIL PROTECTED])
Re: NIST, AES at RSA conference (Terry Ritter)
Re: New to cryptology question, rolling XOR (Tim Tyler)
Re: Combining LFSR's (Mok-Kong Shen)
Re: Scaleable Key Permutation Feature ("C. Prichard")
Re: NIST, AES at RSA conference (David Wagner)
Re: Scaleable Key Permutation Feature (Mok-Kong Shen)
CFP --- CHES 200 (Christof Paar)
Re: NSA opens up to US News ("Henny Youngman")
From: "Adrian DuChant" [EMAIL PROTECTED]
Subject: Re: need help with a basic C++ algorithm
Date: Thu, 3 Feb 2000 17:04:38 -0800
Cool, Thanks!
The user's shouldn't bee too interested in accessing the data, so I was
hoping to stay away from doing anything too intense, (lack the experience
for the time being). This sounds like it should work just fine though.
Thanks for the help!
Adrian
Trevor Jackson, III [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Adrian DuChant wrote:
Greetings,
I am working on a program which will be using clear text files for basic
data storage,
I would like to encrypt them and decrypt them at runtime for reading
into
the program so as to not allow someone to tamper with the data held
within.
This only needs to be basic, nothing really intense.
If some one could please give me a hand (or a snippet of code) to make
this
algorithm it would be most appreciated.
TIA
Adrian DuChant.
How proficient are the people who might tamper with the data? There is no
mechanism that can prevent all tampering.
First, as opposed to obscuring the contents of the data you will need to
verify
the integrity of the data -- that it has not been tampered with. If this
is
the sum total of your interest you do no need to encrypt the data, but
simply
add an integrity check.
Checksums are simple integrity checks. Message Authentication Codes (MAC)
are
more sophisticated integrity checks.
If you want something really simple just Rot-13 the text (works within the
26
letter of the alphabet). If you want to be ambitious Rot-47 the text
(works
within the 94 characters of printable ASCII minus tilde). If the text is
mostly numeric data Rot-5 it within the decimal digits.
--
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NIST, AES at RSA conference
Date: 6 Feb 2000 12:18:33 -0800
In article 87jcgk$l6q$[EMAIL PROTECTED],
Rick Braddam [EMAIL PROTECTED] wrote:
Didn't Terry qualify his statement in terms of known-plaintext and
defined plaintext?
Is his statement incorrect *with that qualification*?
I didn't think that qualification was much of a qualification.
Typically when we evaluate the strength of a modern cipher, we already
assume that the adversary may be able to mount chosen-text attacks (what
Terry seems to be calling "defined text") -- so if that qualification
introduces a big difference, I'm unable to see what it would be.
(But maybe I'm confused.)
--
From: Darren New [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Merkle hash tree patent expired
Date: Sun, 06 Feb 2000 20:30:25 GMT
Paul Crowley wrote:
4,309,569 expired on September 5, 1999. This gives a somewhat clunky
Where can I find a description of the technique?
www.uspto.gov patent number search.
--
Darren New / Senior Software Architect / IZ, Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no safety in disarming only the fearful.
--
From: "Roger Schlafly" [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: Sun, 6 Feb 2000 12:41:31 -0800
wtshaw [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
You simply structure the quiery appropriately, like "Let me know if you
have any objection my studying how such and such program works."
No comment, then you have the freedom to study how everything works,
including using any tools to assist you in that pursuit.
Sounds reasonable to me, but I am still wondering how this works
in practice. I want to investigate some security aspects of Windows,
and I want to be on the up-and-up, so should I send an email to
[EMAIL PROTECTED]? My guess is that I could spend all day on
the phone to Microsoft, and no one would even know who has
the authority to answer my question.
In the NY court order against DeCSS, the judge seemed to think
that there was some significance to the question of whether some
Norwegian teenager had asked Hollywood for permission
Cryptography-Digest Digest #60
Cryptography-Digest Digest #60, Volume #9 Tue, 9 Feb 99 14:13:03 EST
Contents:
Re: Newbie Says Thanks! (wtshaw)
Re: GPL'ed RNG (Colin Plumb)
Re: Encryption for telemedicine (Themos Dassis)
Summary of Eleven Ciphers (wtshaw)
Re: 128 bit Everest, 64 bit Coin ("Trevor Jackson, III")
Re: hardRandNumbGen (Mok-Kong Shen)
Re: On a Method of Session Key Generation (revised) (Patrick Juola)
block ciphers ("Vonnegut")
Re: Q: Obtaining session key (Mok-Kong Shen)
Re: What is left to invent? ("Trevor Jackson, III")
Re: SCOTT COMPRESSION ("Peter K. Boucher")
Re: Encryption Algorithms ("Brian Gladman")
Everybody Seems to Have a Web Site These Days! (John Savard)
Re: Intel's description of the Pentium III serial number ("Jimmy D. Smith")
Re: hardRandNumbGen (R. Knauer)
Re: How to get gov't approval for crypto (fungus)
Re: On a Method of Session Key Generation (revised) (R. Knauer)
Re: What is left to invent? (R. Knauer)
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Newbie Says Thanks!
Date: Tue, 09 Feb 1999 07:03:17 -0600
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (DonGraft) wrote:
I justed wanted to thank you for your responses to
my query on cracking variable length codings. I am
impressed with the level of expertise and the range of
interesting topics that come up. So, I'm going to stick
around!
We will be looking for your next looking for your next posting.
Thanks for jumping in.
--
A much too common philosophy:
It's no fun to have powerunless you can abuse it.
--
Subject: Re: GPL'ed RNG
From: [EMAIL PROTECTED] (Colin Plumb)
Date: Tue, 09 Feb 1999 10:23:21 GMT
In article 79lql2$1i3$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
Is there a GPL or LGPL random number generator that produces "good"
random numbers? rand() just isn't cutting it :P
Um, you have to define your metric of "good". It is not possible
to implement a true RNG without hardware help, so information about
your execution environment is required.
If you just want a pseudo-random number generator, random() is
better than rand(), and George Marsaglia's recently posted
KISS generator is extremely good for a non-cryptographic generator.
KISS can be written as:
struct rand_state {
word32 w, x, y, z;
};
#define wnew(w) ((w)=18000*((w)65536)+((w)16))
#define LCG(x) ((x)=69069*(x)+1234567)
#define SHR3(y) ((y)^=(y)17, (y)^=(y)13, (y)^=(y)5)
#define znew(z) ((z)=36969*((z)65536)+((z)16))
#define KISS(r) ( ( (znew(r-z)16+wnew(z-w)) ^ LCG(r-x) ) + SHR3(r-y) )
The period of w is 18000*2^15-1 = 589823999, a prime.
The period of x is 2^32 = 4294967296
The period of y is 2^32-1 = 4294967295
The period of z is 36969*2^15-1 = 1211400191, a prime
Thus, the total period is 13180436693658741103741078002865274880,
1.318e37, a bit over 2^123. The least significant bit has a lower period
of only 506654957105410, 5.067e18, a bit under 2^62, which is still
plenty for most applications.
w and z should be initialized to values between 1 and their periods.
y should be initialized to a non-zero value, and x can be set to anything.
I seeded this from 3 32-bit values w, x and z where I know they are not
all zero using the following snippet.
/*
* Now ensure that seed constraints are met.
* w should be between 1 and 589823999.
* x can be anything between 0 and 2^32-1.
* y should be between 1 and 2^32-1.
* z should be between 1 and 1211400191.
*/
r-w = w % 589823999 + 1;
r-x = x;
r-z = z % 1211400191 + 1;
/*
* Finally, we initialize y. Since the range desired for y,
* 2^32-1, exactly divides the range available from the
* triple-width number wxz, 2^96-1, the remainder modulo 2^32-1
* will be uniformly distributed. Fortunately, due to the special
* form of the modulus, this computation is easy.
* Since tv_usec always has the high bit clear, the input x is never
* zero. And since mix() preserves non-zeroness, the full value wxz
* here is never 0, so the result computed here is never 0.
*/
y = w+x;
y += yx; /* End-around carry */
y += z;
y += yz; /* End-around carry */
r-y = y;
This will do for most simulation purposes.
If you need cryptographic strength, please be more specific about your
needs. Note that cryptographic strength also requires some truly
random seed material. The sources you have available will affect
the optimal design.
--
-Colin
--
From: Themos Dassis [EMAIL PROTECTED]
Subject: Re: Encryption for telemedicine
Date: Tue, 09 Feb 1999 16:48:38 +0200
On the line we need integrity protection, protection against
non-repudiation,
