Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #13 Mon, 19 Mar 01 15:13:00 EST
Contents:
Re: Is SHA-1 Broken? (Mok-Kong Shen)
Re: My cypher system (Mok-Kong Shen)
Re: An extremely difficult (possibly original) cryptogram (daniel mcgrath)
Re: Algebraic 1024-bit block cipher ("Simon Johnson")
Re: OTP unbreakable? ("Douglas A. Gwyn")
Re: One-time Pad really unbreakable? ("Douglas A. Gwyn")
Re: How to eliminate redondancy? ("Douglas A. Gwyn")
Re: OTP unbreakable? ("Simon Johnson")
Re: Bacon's cryptography? (Frank Gerlach)
Re: hardwire prime generator in Diffie-Hellman? (Mark Wooding)
Re: IP (David Schwartz)
Re: An extremely difficult (possibly original) cryptogram (Jim Gillogly)
Re: PGP key expiration (was Re: Encryption software) ("Joseph Ashwood")
Re: How to eliminate redondancy? (Mok-Kong Shen)
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Is SHA-1 Broken?
Date: Mon, 19 Mar 2001 19:08:50 +0100
Jim Steuert wrote:
[snip]
However, a lot of us have been misled into thinking that SHA-1 was
basically usable in any sense. Have I been too trusting of the
"conventional wisdom" of cryptography? Of course we can use
universal hashing/UMAC constructions, which require random
number generators (which themselves are likely iterated ciphers
or hash functions). The entire cryptography world is a LOT less secure
in all areas given what Richard Dean has done, with a general
package and general purpose slow hardware.
I guess, though, that those in practice who are prudent
have always been (a bit overly) conservative in respect of
security and don't get into pitfalls e.g. equating
'provable secure' (without explict mention of underlying
assumptions) and 'absolute secure'. An ancient Chinese
proverb says trusting everything that the books say is
worse than having no books at all.
M. K. Shen
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: My cypher system
Date: Mon, 19 Mar 2001 20:04:55 +0100
bookburn wrote:
This is a "what if" by a mere bumbler who looked at an encyclopedia
article, so I expect to be shot down.
My cipher system is basically a simple three-layered process using: 1)
clear text; 2) use of a published text, like a page of a daily
newspaper, which is chosen by a formula based on something variable
like time and temperature of alternating cities on certain days, with
identification of letters of the alphabet by numbered spaces in the
text; 3) random use of the numbered spaces identifying letters of the
alphabet, blank spaces, and punctuation, producing a long list of
single numbers in bytes (spaces before and after set off numbers) ; 4)
use of a mask to select only words in the clear text that are the
message; 5) in addition, a key list of coded terms could be used to
refer to some things.
I'm basically thinking my system could be set up with computer
programs at each end so that the long list of numbers can be instantly
converted with the use of the same key text.
Is this a workable cipher system? How could you ever break it?
bookburn
Point (2) of using some contrived (uncommon, hence difficult
to guess) scheme to identify a piece of publically available
text for the purpose of deriving a shared secret is known.
How secure that is, is difficult to say in my view. (I would
vaguely say 'it depends'.) Points (3-5) are unclear to me.
Perhaps you could provide a tiny example to illustrate your
scheme.
I my humble view answering questions like your last one is
in general difficult. For breaking a given cipher (that
is susceptible to be broken by the current state of
knowledge) may often require much thoughts/intuitions and
experimentations/work/time. Thus it is always easy to put
up a challenge but hard to take it up. If nobody answers
that question of yours, it doesn't follow at all that your
cipher is strong. An analogy: In mathematics it is easy to
put up problems that are hard to get worked out. Some may
need much work to be solved, others may be not solvable
but the non-solvability is rather difficult to prove (e.g.
the trisection of an angle). But this is all opionions of
a humble non-expert like me. I don't exclude that some
experts would at once give a very easy break of your scheme
or prove the opposite.
M. K. Shen
===
http://home.t-online.de/home/mok-kong.shen
--
From: [EMAIL PROTECTED] (daniel mcgrath)
Crossposted-To: rec.puzzles
Subject: Re: An extremely difficult (possibly original) cryptogram
Date: Mon, 19 Mar 2001 19:15:12 GMT
Jim Gillogly ([EMAIL PROTECTED]) wrote:
daniel mcgrath wrote:
On Thu, 15 Mar 2001 11:43:18 -0800, Jim Gillogly [EMAIL PROTECTED] wrote:
The first hint is consistent with my monome-dinome hypothesis, and the
second hint could
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #12 Tue, 17 Oct 00 06:13:01 EDT
Contents:
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
Re: MS's fast modular exponentiation claims II ("John A. Malley")
Re: DNA encoding (Richard Heathfield)
Re: Algorithm Performance (Richard Heathfield)
Re: pseudo random test ("Joseph Ashwood")
Works the md5 hash also for large datafiles (4GB) ? ([EMAIL PROTECTED])
Re: Algorithm Performance (Wei Dai)
Re: DNA encoding ([EMAIL PROTECTED])
Re: MS's fast modular exponentiation claims II (Wei Dai)
Re: Simple Intro Encryption Info Wanted (Andre van Straaten)
Re: Rijndael implementations (Daniel James)
Re: algo to generate permutations ("Tim Tyler")
Re: Works the md5 hash also for large datafiles (4GB) ? (Runu Knips)
x509 ("Antonio Merlo")
Re: What is meant by non-Linear... ("Tim Tyler")
useful literature? ("Florian Peterl")
Re: Counting one bits is used how? ("Tim Tyler")
Re: pseudo random test ("Tim Tyler")
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: On block encryption processing with intermediate permutations
Date: Tue, 17 Oct 2000 07:54:46 +0200
David Hopwood wrote:
Mok-Kong Shen wrote:
David Hopwood wrote:
Mok-Kong Shen wrote:
Now Bryan Olson claimed to have found an attack and
subsequently he said that under a certain condition
his attack doesn't work. So I modified my scheme to
make it immune to his attack.
No you didn't. It's clear that the attack still applies, although
it is more difficult because the attacker would have to break twice
as many rounds of the cipher as in the original case. Under
reasonable assumptions, it would still be easier than breaking the
cipher in a standard mode such as CBC, though.
The point is that you should be trying to extend the attack
yourself, not making a minor change and relying on others to
cryptanalyse it. You won't learn anything that way.
Can I assume that you have the intention to discuss with
me on an attack very similar to that of Bryan Olson?
Bryan (apologies to him for misspelling his name earlier) has
already covered this in great detail, in the post with message ID
8s95ea$7eu$[EMAIL PROTECTED]. The only thing I have to add is
that if the permutation to be omitted was the last permutation,
rather than in the middle, then the equations to be solved would
involve four Feistel rounds rather than two, given the assumptions
stated in Bryan's post. That's what I meant by breaking twice as many
rounds of the cipher.
It should also be obvious that omitting more than one of the
permutations would not help either; the problem is that the security
of the block cipher depends on not leaking information between rounds,
and adding intermediate permutations breaks that requirement.
Bryan Olson has proposed to discuss a new attack invented
by him. We are currently continuing to discuss that which
in the next time would lead to some results, I expect.
M. K. Shen
--
From: "John A. Malley" [EMAIL PROTECTED]
Subject: Re: MS's fast modular exponentiation claims II
Date: Mon, 16 Oct 2000 22:45:15 -0700
JCA wrote:
I asked a few days ago a question about some claims the MS made (at
Crypto '95, I believe) to the effect that they possess an algorithm that outperforms
Montgomery's techniques when doing modular exponentiation. Much to my surprise, given
the high caliber of some of the regulars in this group, nobody has said anything
yet.
At the risk of coming across as pig-headed allow me please to
restate my question: does anybody know if such claims have been independently
substantiated?
Has anybody got more information about them?
There was a Technical Report reference (URL) on the Microsoft Research
web site in 1999 that (should memory serve) described such an algorithm
- I tried to download the paper 3, 4 times but the URL never worked.
Checked again today and Microsoft Research no longer mentions the paper.
I found on Goolge, at
http://henry.ee.rochester.edu:8080/users/ee492/project/projdesc.html
in a list of projects for a EE492 at U. Rochester, in a project abstract
on Modular multiplication using the Montgomery method, this quote:
"At the ramp session of the last CRYPTO'95 Josh Benaloh announced that a
faster algorithm was developed in Microsoft, but the details were not
revealed, and the algorithm remains proprietary."
I checked Mr. Benaloh's web site at
http://www.research.microsoft.com/users/benaloh/
He doesn't list anything about it. He doesn't list any contact info
except for employment by Microsoft Research.
Hope this helps,
John A. Malley
[EMAIL PROTECTED]
--
Date: Tue, 17 Oct 2000 07:32:54 +0100
From: Richard Hea
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #10 Fri, 21 Jan 00 00:13:01 EST
Contents:
Re: NTRU Cryptosystems Inc. (Peter Pearson)
Re: Intel 810 chipset Random Number Generator (Peter Pearson)
Re: Intel 810 chipset Random Number Generator (Michael Kagalenko)
What's with transposition? (KitKat)
Re: RNG for OTPs during WWII (Sundial Services)
Re: Stage 8: Singh's Cipher Challenge (Paris Guffey)
Re: Wagner et Al. (Jerry Coffin)
Re: NTRU Cryptosystems Inc. (DJohn37050)
Re: ECC vs RSA - A.J.Menezes responds to Schneier (DJohn37050)
Re: ECC vs RSA - A.J.Menezes responds to Schneier (DJohn37050)
Re: MIRDEK: more fun with playing cards. (Paul Rubin)
Re: What's with transposition? ("Douglas A. Gwyn")
Re: Stage 8: Singh's Cipher Challenge ("Douglas A. Gwyn")
using SCRAMdisk for archiving files on CD ROM (write once) ("Lee")
simplistic oneway hash ([EMAIL PROTECTED])
From: Peter Pearson [EMAIL PROTECTED]
Subject: Re: NTRU Cryptosystems Inc.
Date: Thu, 20 Jan 2000 17:13:08 -0800
David Wagner wrote:
In article 85teng$1sb$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
NTRU Cryptosystems Inc., delivers the world's fastest secure public key
cryptography system, operating more than 100 times faster than any
competitor!
Is there any basis in fact for this `100 times faster than any
competitor!' claim, or is this pure marketing fluff? It sure looks
like unsubstantiated marketing froth to me.
Note that according to NTRU's performance numbers, elliptic curves
offer no speed advantage over RSA. I inquired about this at NTRU's
booth at RSA2000, and was told that since Certicom was uncooperative
about providing (or licensing, I forget which) software for use in
the comparison, the ECC implementation actually used may have been
less than the best.
(Disclaimer: I have pro-Certicom leanings.)
- Peter
--
From: Peter Pearson [EMAIL PROTECTED]
Subject: Re: Intel 810 chipset Random Number Generator
Date: Thu, 20 Jan 2000 17:40:25 -0800
If any followers of this thread are still interested in
information on the Intel RNG, it was reviewed by Ben Jun
and Paul Kocher, of Cryptography Research, in a paper
available at www.cryptography.com/intelRNG.pdf.
--
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Date: 21 Jan 2000 02:14:49 GMT
Reply-To: [EMAIL PROTECTED]
Paul Koning ([EMAIL PROTECTED]) wrote
]Michael Kagalenko wrote:
]
] Paul Koning ([EMAIL PROTECTED]) wrote
] ]seifried wrote:
] ] ...it really boils down to "do you trust an
] ] american company to generate your random data?".
] ]
] ]It's not just american companies that have done sneaky
] ]things in this area... Crypto AG was Swiss, if memory serves.
] ]
] ] ...
] ] If you want a real hardware RNG you can verify there are simple ones
] ] based of radio crystals/etc that plug into a serial or parallel port
] ]
] ]Crystals? Not likely. Resistors, noise diodes, Zener diodes, all
] ]those sound plausible, but crystals won't serve at all for this
] ]application.
]
] Yes, they will. Crystals have thermal noise.
]
]Of course they do. But their signal to noise ratio is high.
]If you're after noise, then you want a source that has a low
](preferably negative) signal to noise ratio. Crystals fail
]that criterion by a very large margin, which is why no competent
]designer uses them for this purpose.
That's fair comment, however note, that quartz crystals are a very common
component of digital equipment, and atomic time standard is available
via internet. You can produce thermally random
data by measuring the clock drift against more precise clock (first
you'd have to find out the crystal frequency, of course). To elaborate
a bit, if t is precise time, and t' is the time measured by quartz
oscillator (reclaibrated by using t to avoid systematic drift),
then
t-t' = 0 (1)
( stands for math. expectation), however, that does not
mean that there is no drift, but that drift in both directions is equiprobable
(the recalibration I mentioned above consists in making sure that (1)
holds)
If the drift can be assumed to be brownian random walk,
the average square drift (t-t')^2 grows linearly with time
(t-t')^2 = constant * t
--
From: KitKat [EMAIL PROTECTED]
Subject: What's with transposition?
Date: Thu, 20 Jan 2000 21:24:02 -0500
Some time last summer I came up with my own nifty lil'
transposition scheme and I thought it was pretty cool (off course: it's
mine). I actually spent quite some time coding it. Picking up on
cryptography and the like I recently bought Schneier brick "Applied
Cryptography".
He affirms (twice) that transposition is "as a general rule"
easily broken. My first
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #9 Tue, 27 Jul 99 12:13:03 EDT
Contents:
Re: another news article on Kryptos (wtshaw)
Re: another news article on Kryptos (wtshaw)
Re: RSA public key ("Vincent")
Benchmarks of Symmetric Vs Hash function algorithms (Yosi)
Benchmarks of Symmetric Vs Has function algorithms (Yosi)
Rsa-512 ("Adam Pridmore")
RSA block type 02 (yoni)
Re: Rsa-512 (Glenn Davis)
CIA's Kryptos Continuation N5 ("collomb")
Freeware version of PGP !!! (spike)
Re: OK. Maybe I am missing something here. (Patrick Juola)
Re: RSA public key (DJohn37050)
Re: What the hell is XOR? (fungus)
Re: randomness of powerball, was something about one time pads (Patrick Juola)
Re: hush mail (fungus)
Re: RSA block type 02 (yoni)
Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic)
How would this effect the good old One Time Pad? ("Jeffery Nelson")
Old DES-related papers wanted ("Richard Rooney")
Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic)
convert key (John Xiao)
Pentium III crypto (Gabriel Belingueres)
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Tue, 27 Jul 1999 00:55:44 -0600
In article [EMAIL PROTECTED], "Douglas A. Gwyn"
[EMAIL PROTECTED] wrote:
wtshaw wrote:
You seem to accept that the system will be of a popularly known
classical method; it could just as well be of an obscure method
popularly known to obscure people, at least at the time.
It was evident from the outset that Kryptos must be using
classical methods of the sort encountered in MilCryp.
And this assumption was bolstered by the recent recoveries.
There is no reason to change that assumption for the final part.
Best to not put blinders on prematurely. If I got it right, *a whole new
ball game* could be sort of a cryptic clue. So, I think numbers, and what
different ball games suggest, the most likely being baseball. The mind
races to see something with a loop of four characters like the bases,
autokey like deal, or number of players, or innings being significant.
As deceit is a basic in crypto, figure that it is not ruled out, even to
being enticed down a path that is not going to lead you were you want to
go.
--
Crop report--It's been a very good year for figs. Garlic was abundant, but berries
were few.
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Tue, 27 Jul 1999 00:46:51 -0600
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (John Savard) wrote:
It certainly is possible to devise an open ended encryption program.
For example, GPG, GNU Privacy Guard, (currently still in beta)
provides for the addition of new encryption algorithms as modules.
I ran across a program called Ahoy! for the Mac which allows for new
plugins. The company even offers a package for design of new ones. Ahoy!
is a chat program best I can tell, and blowfish is already available.
--
Crop report--It's been a very good year for figs. Garlic was abundant, but berries
were few.
--
From: "Vincent" [EMAIL PROTECTED]
Subject: Re: RSA public key
Date: Fri, 23 Jul 1999 18:38:55 +0100
Hi guys,
You seem to know a lot of things about RNG. Do you know where I could find
some good ones to buy?
By good, I mean of course cryptographically secure and fast.
Is there still a need with this kind of RNG to have many sources of
randomness and to pass them through a hash function?
If the piece of Hardware generates random numbers quicly enough, can we just
use it on its own or is it better to use the output of the RNG to seed a
PRNG?
If yes, what would be the better PRNG to use?
Thank you for your answers, and long life to RSA (not too much anyway...)
Vini boy
[EMAIL PROTECTED]
--
From: Yosi [EMAIL PROTECTED]
Subject: Benchmarks of Symmetric Vs Hash function algorithms
Date: Tue, 27 Jul 1999 09:14:11 GMT
Hi,
Does any one knows what is quicker - calculating SHA-1 hash function
of a file (say 1MB) or, encrypting it with a symmetric algorithm
(say IDEA or Blowfish or DES)? Accurate figures as well as general
theories will be greatly appreciated.
I would be more than grateful if you can send a
copy of your reply to [EMAIL PROTECTED]
TIA,
Yosi
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
--
From: Yosi [EMAIL PROTECTED]
Subject: Benchmarks of Symmetric Vs Has function algorithms
Date: Tue, 27 Jul 1999 09:12:36 GMT
Hi,
Does any one knows what is quicker - calculating SHA-1 hash function
of a file (say 1MB) or, encrypting it with a symmetric algorithm
(say IDEA or Blowfish or DES)? Accurate figures as well as general
theor
