Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #13 Mon, 19 Mar 01 15:13:00 EST Contents: Re: Is SHA-1 Broken? (Mok-Kong Shen) Re: My cypher system (Mok-Kong Shen) Re: An extremely difficult (possibly original) cryptogram (daniel mcgrath) Re: Algebraic 1024-bit block cipher ("Simon Johnson") Re: OTP unbreakable? ("Douglas A. Gwyn") Re: One-time Pad really unbreakable? ("Douglas A. Gwyn") Re: How to eliminate redondancy? ("Douglas A. Gwyn") Re: OTP unbreakable? ("Simon Johnson") Re: Bacon's cryptography? (Frank Gerlach) Re: hardwire prime generator in Diffie-Hellman? (Mark Wooding) Re: IP (David Schwartz) Re: An extremely difficult (possibly original) cryptogram (Jim Gillogly) Re: PGP key expiration (was Re: Encryption software) ("Joseph Ashwood") Re: How to eliminate redondancy? (Mok-Kong Shen) From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Is SHA-1 Broken? Date: Mon, 19 Mar 2001 19:08:50 +0100 Jim Steuert wrote: [snip] However, a lot of us have been misled into thinking that SHA-1 was basically usable in any sense. Have I been too trusting of the "conventional wisdom" of cryptography? Of course we can use universal hashing/UMAC constructions, which require random number generators (which themselves are likely iterated ciphers or hash functions). The entire cryptography world is a LOT less secure in all areas given what Richard Dean has done, with a general package and general purpose slow hardware. I guess, though, that those in practice who are prudent have always been (a bit overly) conservative in respect of security and don't get into pitfalls e.g. equating 'provable secure' (without explict mention of underlying assumptions) and 'absolute secure'. An ancient Chinese proverb says trusting everything that the books say is worse than having no books at all. M. K. Shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: My cypher system Date: Mon, 19 Mar 2001 20:04:55 +0100 bookburn wrote: This is a "what if" by a mere bumbler who looked at an encyclopedia article, so I expect to be shot down. My cipher system is basically a simple three-layered process using: 1) clear text; 2) use of a published text, like a page of a daily newspaper, which is chosen by a formula based on something variable like time and temperature of alternating cities on certain days, with identification of letters of the alphabet by numbered spaces in the text; 3) random use of the numbered spaces identifying letters of the alphabet, blank spaces, and punctuation, producing a long list of single numbers in bytes (spaces before and after set off numbers) ; 4) use of a mask to select only words in the clear text that are the message; 5) in addition, a key list of coded terms could be used to refer to some things. I'm basically thinking my system could be set up with computer programs at each end so that the long list of numbers can be instantly converted with the use of the same key text. Is this a workable cipher system? How could you ever break it? bookburn Point (2) of using some contrived (uncommon, hence difficult to guess) scheme to identify a piece of publically available text for the purpose of deriving a shared secret is known. How secure that is, is difficult to say in my view. (I would vaguely say 'it depends'.) Points (3-5) are unclear to me. Perhaps you could provide a tiny example to illustrate your scheme. I my humble view answering questions like your last one is in general difficult. For breaking a given cipher (that is susceptible to be broken by the current state of knowledge) may often require much thoughts/intuitions and experimentations/work/time. Thus it is always easy to put up a challenge but hard to take it up. If nobody answers that question of yours, it doesn't follow at all that your cipher is strong. An analogy: In mathematics it is easy to put up problems that are hard to get worked out. Some may need much work to be solved, others may be not solvable but the non-solvability is rather difficult to prove (e.g. the trisection of an angle). But this is all opionions of a humble non-expert like me. I don't exclude that some experts would at once give a very easy break of your scheme or prove the opposite. M. K. Shen === http://home.t-online.de/home/mok-kong.shen -- From: [EMAIL PROTECTED] (daniel mcgrath) Crossposted-To: rec.puzzles Subject: Re: An extremely difficult (possibly original) cryptogram Date: Mon, 19 Mar 2001 19:15:12 GMT Jim Gillogly ([EMAIL PROTECTED]) wrote: daniel mcgrath wrote: On Thu, 15 Mar 2001 11:43:18 -0800, Jim Gillogly [EMAIL PROTECTED] wrote: The first hint is consistent with my monome-dinome hypothesis, and the second hint could
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #12 Tue, 17 Oct 00 06:13:01 EDT Contents: Re: On block encryption processing with intermediate permutations (Mok-Kong Shen) Re: MS's fast modular exponentiation claims II ("John A. Malley") Re: DNA encoding (Richard Heathfield) Re: Algorithm Performance (Richard Heathfield) Re: pseudo random test ("Joseph Ashwood") Works the md5 hash also for large datafiles (4GB) ? ([EMAIL PROTECTED]) Re: Algorithm Performance (Wei Dai) Re: DNA encoding ([EMAIL PROTECTED]) Re: MS's fast modular exponentiation claims II (Wei Dai) Re: Simple Intro Encryption Info Wanted (Andre van Straaten) Re: Rijndael implementations (Daniel James) Re: algo to generate permutations ("Tim Tyler") Re: Works the md5 hash also for large datafiles (4GB) ? (Runu Knips) x509 ("Antonio Merlo") Re: What is meant by non-Linear... ("Tim Tyler") useful literature? ("Florian Peterl") Re: Counting one bits is used how? ("Tim Tyler") Re: pseudo random test ("Tim Tyler") From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: On block encryption processing with intermediate permutations Date: Tue, 17 Oct 2000 07:54:46 +0200 David Hopwood wrote: Mok-Kong Shen wrote: David Hopwood wrote: Mok-Kong Shen wrote: Now Bryan Olson claimed to have found an attack and subsequently he said that under a certain condition his attack doesn't work. So I modified my scheme to make it immune to his attack. No you didn't. It's clear that the attack still applies, although it is more difficult because the attacker would have to break twice as many rounds of the cipher as in the original case. Under reasonable assumptions, it would still be easier than breaking the cipher in a standard mode such as CBC, though. The point is that you should be trying to extend the attack yourself, not making a minor change and relying on others to cryptanalyse it. You won't learn anything that way. Can I assume that you have the intention to discuss with me on an attack very similar to that of Bryan Olson? Bryan (apologies to him for misspelling his name earlier) has already covered this in great detail, in the post with message ID 8s95ea$7eu$[EMAIL PROTECTED]. The only thing I have to add is that if the permutation to be omitted was the last permutation, rather than in the middle, then the equations to be solved would involve four Feistel rounds rather than two, given the assumptions stated in Bryan's post. That's what I meant by breaking twice as many rounds of the cipher. It should also be obvious that omitting more than one of the permutations would not help either; the problem is that the security of the block cipher depends on not leaking information between rounds, and adding intermediate permutations breaks that requirement. Bryan Olson has proposed to discuss a new attack invented by him. We are currently continuing to discuss that which in the next time would lead to some results, I expect. M. K. Shen -- From: "John A. Malley" [EMAIL PROTECTED] Subject: Re: MS's fast modular exponentiation claims II Date: Mon, 16 Oct 2000 22:45:15 -0700 JCA wrote: I asked a few days ago a question about some claims the MS made (at Crypto '95, I believe) to the effect that they possess an algorithm that outperforms Montgomery's techniques when doing modular exponentiation. Much to my surprise, given the high caliber of some of the regulars in this group, nobody has said anything yet. At the risk of coming across as pig-headed allow me please to restate my question: does anybody know if such claims have been independently substantiated? Has anybody got more information about them? There was a Technical Report reference (URL) on the Microsoft Research web site in 1999 that (should memory serve) described such an algorithm - I tried to download the paper 3, 4 times but the URL never worked. Checked again today and Microsoft Research no longer mentions the paper. I found on Goolge, at http://henry.ee.rochester.edu:8080/users/ee492/project/projdesc.html in a list of projects for a EE492 at U. Rochester, in a project abstract on Modular multiplication using the Montgomery method, this quote: "At the ramp session of the last CRYPTO'95 Josh Benaloh announced that a faster algorithm was developed in Microsoft, but the details were not revealed, and the algorithm remains proprietary." I checked Mr. Benaloh's web site at http://www.research.microsoft.com/users/benaloh/ He doesn't list anything about it. He doesn't list any contact info except for employment by Microsoft Research. Hope this helps, John A. Malley [EMAIL PROTECTED] -- Date: Tue, 17 Oct 2000 07:32:54 +0100 From: Richard Hea
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #10 Fri, 21 Jan 00 00:13:01 EST Contents: Re: NTRU Cryptosystems Inc. (Peter Pearson) Re: Intel 810 chipset Random Number Generator (Peter Pearson) Re: Intel 810 chipset Random Number Generator (Michael Kagalenko) What's with transposition? (KitKat) Re: RNG for OTPs during WWII (Sundial Services) Re: Stage 8: Singh's Cipher Challenge (Paris Guffey) Re: Wagner et Al. (Jerry Coffin) Re: NTRU Cryptosystems Inc. (DJohn37050) Re: ECC vs RSA - A.J.Menezes responds to Schneier (DJohn37050) Re: ECC vs RSA - A.J.Menezes responds to Schneier (DJohn37050) Re: MIRDEK: more fun with playing cards. (Paul Rubin) Re: What's with transposition? ("Douglas A. Gwyn") Re: Stage 8: Singh's Cipher Challenge ("Douglas A. Gwyn") using SCRAMdisk for archiving files on CD ROM (write once) ("Lee") simplistic oneway hash ([EMAIL PROTECTED]) From: Peter Pearson [EMAIL PROTECTED] Subject: Re: NTRU Cryptosystems Inc. Date: Thu, 20 Jan 2000 17:13:08 -0800 David Wagner wrote: In article 85teng$1sb$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: NTRU Cryptosystems Inc., delivers the world's fastest secure public key cryptography system, operating more than 100 times faster than any competitor! Is there any basis in fact for this `100 times faster than any competitor!' claim, or is this pure marketing fluff? It sure looks like unsubstantiated marketing froth to me. Note that according to NTRU's performance numbers, elliptic curves offer no speed advantage over RSA. I inquired about this at NTRU's booth at RSA2000, and was told that since Certicom was uncooperative about providing (or licensing, I forget which) software for use in the comparison, the ECC implementation actually used may have been less than the best. (Disclaimer: I have pro-Certicom leanings.) - Peter -- From: Peter Pearson [EMAIL PROTECTED] Subject: Re: Intel 810 chipset Random Number Generator Date: Thu, 20 Jan 2000 17:40:25 -0800 If any followers of this thread are still interested in information on the Intel RNG, it was reviewed by Ben Jun and Paul Kocher, of Cryptography Research, in a paper available at www.cryptography.com/intelRNG.pdf. -- From: [EMAIL PROTECTED] (Michael Kagalenko) Crossposted-To: sci.physics Subject: Re: Intel 810 chipset Random Number Generator Date: 21 Jan 2000 02:14:49 GMT Reply-To: [EMAIL PROTECTED] Paul Koning ([EMAIL PROTECTED]) wrote ]Michael Kagalenko wrote: ] ] Paul Koning ([EMAIL PROTECTED]) wrote ] ]seifried wrote: ] ] ...it really boils down to "do you trust an ] ] american company to generate your random data?". ] ] ] ]It's not just american companies that have done sneaky ] ]things in this area... Crypto AG was Swiss, if memory serves. ] ] ] ] ... ] ] If you want a real hardware RNG you can verify there are simple ones ] ] based of radio crystals/etc that plug into a serial or parallel port ] ] ] ]Crystals? Not likely. Resistors, noise diodes, Zener diodes, all ] ]those sound plausible, but crystals won't serve at all for this ] ]application. ] ] Yes, they will. Crystals have thermal noise. ] ]Of course they do. But their signal to noise ratio is high. ]If you're after noise, then you want a source that has a low ](preferably negative) signal to noise ratio. Crystals fail ]that criterion by a very large margin, which is why no competent ]designer uses them for this purpose. That's fair comment, however note, that quartz crystals are a very common component of digital equipment, and atomic time standard is available via internet. You can produce thermally random data by measuring the clock drift against more precise clock (first you'd have to find out the crystal frequency, of course). To elaborate a bit, if t is precise time, and t' is the time measured by quartz oscillator (reclaibrated by using t to avoid systematic drift), then t-t' = 0 (1) ( stands for math. expectation), however, that does not mean that there is no drift, but that drift in both directions is equiprobable (the recalibration I mentioned above consists in making sure that (1) holds) If the drift can be assumed to be brownian random walk, the average square drift (t-t')^2 grows linearly with time (t-t')^2 = constant * t -- From: KitKat [EMAIL PROTECTED] Subject: What's with transposition? Date: Thu, 20 Jan 2000 21:24:02 -0500 Some time last summer I came up with my own nifty lil' transposition scheme and I thought it was pretty cool (off course: it's mine). I actually spent quite some time coding it. Picking up on cryptography and the like I recently bought Schneier brick "Applied Cryptography". He affirms (twice) that transposition is "as a general rule" easily broken. My first
Cryptography-Digest Digest #942
Cryptography-Digest Digest #942, Volume #9 Tue, 27 Jul 99 12:13:03 EDT Contents: Re: another news article on Kryptos (wtshaw) Re: another news article on Kryptos (wtshaw) Re: RSA public key ("Vincent") Benchmarks of Symmetric Vs Hash function algorithms (Yosi) Benchmarks of Symmetric Vs Has function algorithms (Yosi) Rsa-512 ("Adam Pridmore") RSA block type 02 (yoni) Re: Rsa-512 (Glenn Davis) CIA's Kryptos Continuation N5 ("collomb") Freeware version of PGP !!! (spike) Re: OK. Maybe I am missing something here. (Patrick Juola) Re: RSA public key (DJohn37050) Re: What the hell is XOR? (fungus) Re: randomness of powerball, was something about one time pads (Patrick Juola) Re: hush mail (fungus) Re: RSA block type 02 (yoni) Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic) How would this effect the good old One Time Pad? ("Jeffery Nelson") Old DES-related papers wanted ("Richard Rooney") Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic) convert key (John Xiao) Pentium III crypto (Gabriel Belingueres) From: [EMAIL PROTECTED] (wtshaw) Subject: Re: another news article on Kryptos Date: Tue, 27 Jul 1999 00:55:44 -0600 In article [EMAIL PROTECTED], "Douglas A. Gwyn" [EMAIL PROTECTED] wrote: wtshaw wrote: You seem to accept that the system will be of a popularly known classical method; it could just as well be of an obscure method popularly known to obscure people, at least at the time. It was evident from the outset that Kryptos must be using classical methods of the sort encountered in MilCryp. And this assumption was bolstered by the recent recoveries. There is no reason to change that assumption for the final part. Best to not put blinders on prematurely. If I got it right, *a whole new ball game* could be sort of a cryptic clue. So, I think numbers, and what different ball games suggest, the most likely being baseball. The mind races to see something with a loop of four characters like the bases, autokey like deal, or number of players, or innings being significant. As deceit is a basic in crypto, figure that it is not ruled out, even to being enticed down a path that is not going to lead you were you want to go. -- Crop report--It's been a very good year for figs. Garlic was abundant, but berries were few. -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: another news article on Kryptos Date: Tue, 27 Jul 1999 00:46:51 -0600 In article [EMAIL PROTECTED], [EMAIL PROTECTED] (John Savard) wrote: It certainly is possible to devise an open ended encryption program. For example, GPG, GNU Privacy Guard, (currently still in beta) provides for the addition of new encryption algorithms as modules. I ran across a program called Ahoy! for the Mac which allows for new plugins. The company even offers a package for design of new ones. Ahoy! is a chat program best I can tell, and blowfish is already available. -- Crop report--It's been a very good year for figs. Garlic was abundant, but berries were few. -- From: "Vincent" [EMAIL PROTECTED] Subject: Re: RSA public key Date: Fri, 23 Jul 1999 18:38:55 +0100 Hi guys, You seem to know a lot of things about RNG. Do you know where I could find some good ones to buy? By good, I mean of course cryptographically secure and fast. Is there still a need with this kind of RNG to have many sources of randomness and to pass them through a hash function? If the piece of Hardware generates random numbers quicly enough, can we just use it on its own or is it better to use the output of the RNG to seed a PRNG? If yes, what would be the better PRNG to use? Thank you for your answers, and long life to RSA (not too much anyway...) Vini boy [EMAIL PROTECTED] -- From: Yosi [EMAIL PROTECTED] Subject: Benchmarks of Symmetric Vs Hash function algorithms Date: Tue, 27 Jul 1999 09:14:11 GMT Hi, Does any one knows what is quicker - calculating SHA-1 hash function of a file (say 1MB) or, encrypting it with a symmetric algorithm (say IDEA or Blowfish or DES)? Accurate figures as well as general theories will be greatly appreciated. I would be more than grateful if you can send a copy of your reply to [EMAIL PROTECTED] TIA, Yosi Sent via Deja.com http://www.deja.com/ Share what you know. Learn what you don't. -- From: Yosi [EMAIL PROTECTED] Subject: Benchmarks of Symmetric Vs Has function algorithms Date: Tue, 27 Jul 1999 09:12:36 GMT Hi, Does any one knows what is quicker - calculating SHA-1 hash function of a file (say 1MB) or, encrypting it with a symmetric algorithm (say IDEA or Blowfish or DES)? Accurate figures as well as general theor