Cryptography-Digest Digest #369
Cryptography-Digest Digest #369, Volume #14 Wed, 16 May 01 20:13:01 EDT Contents: Re: TC15 analysis (Tom St Denis) Re: PRNG question from newbie (David Wagner) Re: PRNG question from newbie (Roger Schlafly) Re: taking your PC in for repair? WARNING: What will they find? (Ichinin) Re: taking your PC in for repair? WARNING: What will they find? (P.Dulles) Re: PRNG question from newbie (Henrick Hellström) Re: PRNG question from newbie (David Wagner) Re: TC15 analysis (Scott Fluhrer) Re: TC15 analysis (Scott Fluhrer) Re: taking your PC in for repair? WARNING: What will they find? (Omnivore) Re: taking your PC in for repair? WARNING: What will they find? (Omnivore) Re: TC15 analysis (Tom St Denis) Re: PRNG question from newbie (Paul Pires) Re: PRNG question from newbie (Roger Schlafly) Re: How can I see the symmetric enncryption keysize in SSL? (no_carrier) Re: taking your PC in for repair? WARNING: What will they find? (SCOTT19U.ZIP_GUY) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: TC15 analysis Date: Wed, 16 May 2001 21:54:06 GMT Scott Fluhrer [EMAIL PROTECTED] wrote in message news:9du4hf$5e1$[EMAIL PROTECTED]... In any case, it turns out there was a bug in my program -- I had the sbox in backwards (which brings up an obvious question -- would the cipher actually be stronger if you inverted the sbox? Probably not). When I fixed that, it did find a one round differential at hamming weight 7 (with probability 2**-15). The differential at the beginning of a round is (in binary): 01010001 0011 00101000 The linear transform turns it into: 0001 00011000 00111000 01001001 And each of the 5 active sboxes has a 2**-3 probability of turning the bits within its column back into the column settings of the original differential. I finished an accelerated search and I think I can conclude there are no usefull 1R differentials. Any clues on how to make the LT better? I see in serpent they used logical shifts, is that to avoid this cyclic behaviour? Tom -- From: [EMAIL PROTECTED] (David Wagner) Subject: Re: PRNG question from newbie Date: 16 May 2001 21:59:36 GMT John Myre wrote: I think that's the deep question to address. How are the requirements for the output of a PRNG (stream cipher) and a hash function different? The two concepts are *very* different. For instance, it is possible to have a secure stream cipher that ignores the first bit of its key, yet this would clearly make a very bad hash function. The security requirements of a hash function seem to be much stronger than the security requirements for stream ciphers. -- From: Roger Schlafly [EMAIL PROTECTED] Subject: Re: PRNG question from newbie Date: Wed, 16 May 2001 20:39:05 GMT David Wagner [EMAIL PROTECTED] wrote in message news:9dut88$qgh$[EMAIL PROTECTED]... John Myre wrote: I think that's the deep question to address. How are the requirements for the output of a PRNG (stream cipher) and a hash function different? The two concepts are *very* different. For instance, it is possible to have a secure stream cipher that ignores the first bit of its key, yet this would clearly make a very bad hash function. The security requirements of a hash function seem to be much stronger than the security requirements for stream ciphers. OTOH, it is possible to have a secure hash function (in the sense that it is one-way and collision-resistant) but where one bit of every output byte is zero. But that would give a very poor stream cipher. -- From: Ichinin [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server Subject: Re: taking your PC in for repair? WARNING: What will they find? Date: Tue, 15 May 2001 06:46:44 +0200 P.Dulles wrote: SNIP add 12. What does EE do to twart Proxies and remote monitoring software? -- From: P.Dulles *@*.com Crossposted-To: alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server Subject: Re: taking your PC in for repair? WARNING: What will they find? Date: Wed, 16 May 2001 18:35:19 -0400 Reply-To: *@*.com In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... : P.Dulles wrote: : SNIP : : add : : 12. What does EE do to twart Proxies and remote monitoring software? : Excellent point. But they won't answer. I also forgot to mention that a trojan could also be installed on your system by your boss or the police, and they can retrieve all files that way. -- Loki Joan of Arc heard voices too! -- From
Cryptography-Digest Digest #369
Cryptography-Digest Digest #369, Volume #13 Wed, 20 Dec 00 11:13:02 EST
Contents:
Re: Q: Result of an old thread? (Walter Hofmann)
Re: Q: Result of an old thread? (Walter Hofmann)
Re: In =?ISO-8859-1?Q?today=B4s?= paper I read how Cuban (Tony L. Svanstrom)
Re: Encrypting messages in images?? ([EMAIL PROTECTED])
Re: Visual Basic Source Code ([EMAIL PROTECTED])
Re: SMS security over various networks? (Robert Harley)
Re: Homebrew Block Cipher: Moonshine (Tim Tyler)
Re: does CA need the proof of acceptance of key binding ? ([EMAIL PROTECTED])
Re: does CA need the proof of acceptance of key binding ? ([EMAIL PROTECTED])
Re: hash function for public key digital signature : one way? ([EMAIL PROTECTED])
Re: does CA need the proof of acceptance of key binding ? (Anne Lynn Wheeler)
Re: SMS security over various networks? (Mark Currie)
Re: SMS security over various networks? (Mark Currie)
looking for cipher algorithms' comparison ("maciek")
cipher algorithms once again... ("maciek")
From: [EMAIL PROTECTED] (Walter Hofmann)
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 12:16:02 +0100
On Mon, 18 Dec 2000 22:45:44 +0100, Mok-Kong Shen [EMAIL PROTECTED] wrote:
Let me quote a previous follow-up of yours to be sure that
I understand you:
So you can change the coefficiants of AS by a sufficiently
small epsilon0 to get an invertible matrix, then you can
calculate (AS')^-1. Go on to calculate B'=(AS')^-1.ASB
then S(epsilon)=SB.B'^-1. In the limit epsilon-0 the
matrix S(epsilon) will converge to S as all operations
involved are continuous.
You defined B'=(AS')^-1.ASB. But ASB is singular, so B'
can't be inverted. Or do you want to apply the epsilon to
ASB also?
Now I see what you mean: You cannot invert B' here because I put
another factor of S in it.
It's probably the best to compute things the other way round, otherwise
one would need two epsilons:
Change ASB to ASB' which is within an epsilon of ASB.
Then you can calculate
B'^-1 = ASB'^-1 . AS
S = SB . B'^-1
and do the limit process as described above.
Is this OK with you now?
Walter
--
From: [EMAIL PROTECTED] (Walter Hofmann)
Subject: Re: Q: Result of an old thread?
Date: Wed, 20 Dec 2000 12:18:21 +0100
On Tue, 19 Dec 2000 01:31:16 +0100, Manuel Pancorbo [EMAIL PROTECTED] wrote:
"Walter Hofmann"
You don't need p,q to do any of the computations above.
Alice needs p,q to compute A^-1, because (det A)^-1 mod N is needed.
This can easily be done without p and q. Use Euklid's algorithm.
Walter
--
Crossposted-To: alt.2600,alt.security,comp.security
Subject: Re: In =?ISO-8859-1?Q?today=B4s?= paper I read how Cuban
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Wed, 20 Dec 2000 12:29:22 GMT
Kirby Urner [EMAIL PROTECTED] wrote:
Volker Hetzer [EMAIL PROTECTED] wrote:
"Markku J. Saarelainen" wrote:
This guy, writing under the above pseudonym, floods newsgroups
with crap. Check the deja.com archives for alt.politics.cia.org
to see what it's like to drown in a sea of garbage. I've got
my filters on of course, but he keeps posting from places.
I thought about killfiling him a long time ago, but he's way too much
fun for that. I think I might print and frame this last posting of his.
*L*
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: http://www.pgpi.com/ \_@ @_/
--oOO-(_)-OOo-oOO-(_)-OOo--
on the verge of frenzy - i think my mask of sanity is about to slip
---ôôô---ôôô---ôôô---ôôô---
\O/ \O/ ©99-00 http://www.svanstrom.com/?ref=news \O/ \O/
--
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Re: Encrypting messages in images??
Date: Wed, 20 Dec 2000 13:08:23 GMT
I actually had to do this. Some things were sent to me via USPS to
a foreign post, and they got held up in Customs. Customs wanted me
to list everything that was there in the local language (not English),
and so I had to translate the list. But they gave me the 4th copy,
which had *no* visible writing on it.
Anyhow, I scanned the copy, then used Adobe PhotoXpress (or something...
don't remember the name) to increase the contrast to the point that
I could read it.
Anyhow, that clearly didn't work, so the next time they just never
announced that the shipment had come, and THAT worked. They got my
stuff the next time. (Moral: don't ship things via USPS overseas.
USPS ships it *to* customs, not *through* customs.)
Sent via Deja.com
http://www.deja.com/
--
From: [EMAIL PROTECTED]
Subject: Re: Visual Basic Source Code
Date: Wed, 20 De
Cryptography-Digest Digest #369
Cryptography-Digest Digest #369, Volume #12 Mon, 7 Aug 00 01:13:01 EDT
Contents:
Re: Secure Operating Systems (Anne Lynn Wheeler)
Re: Q: CD (Frank M. Siegert)
Re: New William Friedman Crypto Patent (filed in 1933) ("Douglas A. Gwyn")
Re: New William Friedman Crypto Patent (filed in 1933) (Bill Unruh)
Re: asymmetric encryption for my keycode generator (tomstd)
Re: IV for arfour (Benjamin Goldberg)
Blowfish source (.c, .h) ([EMAIL PROTECTED])
Authentication over the internet (MJYoung)
Re: Secure Operating Systems (Eric Lee Green)
Re: Blowfish source (.c, .h) (tomstd)
Re: Authentication over the internet (tomstd)
Re: Note on text compression (tomstd)
Re: New William Friedman Crypto Patent (filed in 1933) ("Steve")
Re: OTP using BBS generator? (Terry Ritter)
Subject: Re: Secure Operating Systems
Reply-To: Anne Lynn Wheeler [EMAIL PROTECTED]
From: Anne Lynn Wheeler [EMAIL PROTECTED]
Date: Mon, 07 Aug 2000 02:20:35 GMT
Eric Lee Green [EMAIL PROTECTED] writes:
between hitting the ENTER key and something happening). By comparison,
IBM mainframes of the same generation in the same price range (around
$6M in 1975 dollars, when that was real money) would support several
hundred users with reasonable response times.
same bldg. as multics originated ... 545 tech. sq. ... IBM CSC
developed CP/67 and vm/370 (as well as the internal network, GML
... precursor to SGML, HTML, early work in capacity planning and
performance modeling, misc other things). In '71-'72 time-frame IBM
CSC ran nearly 80 users with mix-mode workload (batch, compiles,
interactive, etc) having 90th percentile interactive response under
second ... on a single processor 360/67 ... i.e. about the same
generation machine as GE used by multics for original development. To
some extent multics and the cp/67 shared a common heritage to CTSS.
Note however, IBM also developed TSS/360 for the 360/67 and early
versions had about the same response characteristics for four users as
you mentioned for early multics with eight users.
vm/370 on 370/168 in the mid-70s would typically support several
hundred users.
vm/370s implementation of isolation resulted in it be used in a large
number of high security installations.
random refs:
http://www.garlic.com/~lynn/2000.html#1
http://www.garlic.com/~lynn/2000.html#81
http://www.garlic.com/~lynn/2000b.html#77
http://www.garlic.com/~lynn/2000c.html#27
http://www.garlic.com/~lynn/2000c.html#30
multics home page
http://www.lilli.com/multics.html
see site histories section in the above
--
Anne Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
--
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: Q: CD
Date: Mon, 07 Aug 2000 01:22:32 GMT
On Sun, 06 Aug 2000 23:08:29 GMT, [EMAIL PROTECTED] wrote:
Is this for that CD-one-time-pad topic that came up earlier?
Sounds more like a quest for randomness to me. If you only need a one
time pad why not simply use an ISO9660 filesystem...?
Sure you can get more data on a CD by using the full sector size - no
error correction - just like VCDs are doing it for their data track.
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sun, 06 Aug 2000 22:42:40 -0400
Mike Andrews wrote:
Even the "CATEGORY 1 - NOT SUBJECT TO AUTOMATIC DOWNGRADING"
material?
Especially the exempt material.
--
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: 7 Aug 2000 02:52:25 GMT
In [EMAIL PROTECTED] [EMAIL PROTECTED] (wtshaw) writes:
]In article 8mhljp$6r1$[EMAIL PROTECTED], [EMAIL PROTECTED]
](Bill Unruh) wrote:
] In [EMAIL PROTECTED] [EMAIL PROTECTED]
](John Savard) writes:
]
] I thought that the US patent law had recently been ammended to makeing a
] patent valid for 20 years after filing, not the old 17 years after
] issue. Is this correct? This would make this patent outdated before it
] was issued.
]But it would prohibit a competing filing. If all secrets are the basis
]for patents to be obtained as "needed," then all the advances made in
]secret could threaten the success of other advances made in public.
It would be an interesting court case, if a secret filing could actually
be considered "prior art". Eg, if a company holds a trade secret, and
some other company patents it, can that trade secret invalidate the
patent?
--
Subject: Re: asymmetric encryption for my keycode generator
From: tomstd [EMAIL PROTECTED]
Date: Sun, 06 Aug 2000 20:04:05 -0700
"eboy" [EMAIL PROTECTED] wrote:
I'm a budding shareware author who'd like to code my
registration
keycode generator to use asymmetric
Cryptography-Digest Digest #369
Cryptography-Digest Digest #369, Volume #11 Mon, 20 Mar 00 09:13:01 EST
Contents:
Re: generating secure id numbers (Johnny Bravo)
Montreya nux real ("Marquesa Reyes")
Re: new Echelon article (David A. Wagner)
Montreya nux real ("Penn Wright")
encryption and decryption with elliptic curve cryptography (kingtim)
Re: new Echelon article (Mok-Kong Shen)
Re: Card shuffling (Mok-Kong Shen)
Download Random Number Generator from Ciphile Software (Anthony Stephen Szopa)
Re: Crypto books ("Christoph Moser")
Re: encryption and decryption with elliptic curve cryptography ("Tom St Denis")
Re: Download Random Number Generator from Ciphile Software ("Tom St Denis")
Re: Opinions? (ca314159)
Re: Opinions? ([EMAIL PROTECTED])
Re: DES Decryption Problem (Chuah Seong Ping)
Re: EOF in cipher??? ("Trevor L. Jackson, III")
PC-1, anyone ? (Christoph Weber-Fahr)
From: Johnny Bravo [EMAIL PROTECTED]
Subject: Re: generating secure id numbers
Date: Mon, 20 Mar 2000 01:19:29 -0500
On Sun, 19 Mar 2000 22:51:38 GMT, [EMAIL PROTECTED] wrote:
I want to generate a secure id based system
containing unique identifiers for people yet
generated in such a way that they would be
particularly difficult to guess.
Depends on what you want them for. If you are thinking of protecting a
software product with issued registration numbers, save your time, it
won't protect the product more than a couple of days anyway so there is no
sense in killing yourself debugging a complex method.
Can I use a random number generator with a key
and hash these to give encrypted id's ???
Would be easy, don't even need random number generator, just hash the
user id and use as much of it as you need to keep them separate.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
--
From: "Marquesa Reyes" [EMAIL PROTECTED]
Subject: Montreya nux real
Date: 20 Mar 2000 07:47:55 GMT
Nulla ipsit query don marqi ney canne real
--
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: new Echelon article
Date: 19 Mar 2000 23:12:10 -0800
In article [EMAIL PROTECTED],
Douglas A. Gwyn [EMAIL PROTECTED] wrote:
Do you actually know what NSA suggested during the cellular
telephone proposal comment period? I know that people from
my own organization testified about the utter lack of security,
and the *FCC* (not NSA) didn't want to hear about it.
No, but I'd love to have my impressions proven wrong.
Do you have a reference you can point me to?
And, help me out here: how did the FCC enter into the equation?
I was thinking of the NSA's involvement in the CTIA AHAG,
and its effect on the security of the standard. Are you
suggesting the NSA representatives actively worked to improve
the security of the standards?
--
From: "Penn Wright" [EMAIL PROTECTED]
Subject: Montreya nux real
Date: 20 Mar 2000 07:52:10 GMT
Nulla ipsit query don marqi ney canne real
Tantra deva mar non kiplat
--
From: kingtim [EMAIL PROTECTED]
Subject: encryption and decryption with elliptic curve cryptography
Date: Mon, 20 Mar 2000 15:51:15 -0800
Please tell me simply how to do encryption and decryption with elliptic
curve cryptography.
and any web site about this topic.
thanks
kingtim
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: new Echelon article
Date: Mon, 20 Mar 2000 10:38:22 +0100
Douglas A. Gwyn wrote:
Mok-Kong Shen wrote:
... German companies may expend money in
bribery in foreign (as against national) contracts and have tax
deductions too. From what you wrote above, I deduce that this is
forbidden by law in the US.
Indeed, we have a general principle that assisting someone else
in the commission of a crime is a crime in itself.
I have some difficulty in interpreting your sentence in the current
context. But, anyway, let me stress that whatever are the laws,
principles, moral or ethical standards, religious doctrines or
prescriptions from school teachers or parents, all these become
meaningless if the practice essentially deviates from them. One
easily obtains a false feeling, an illusion of reality. And illusions
are presumably what part of the politicians like the common people
to entertain in order to help them to continue to be in power. I am
certainly not saying that we should do away with laws, etc. Only
a fool would have such thoughts. But we should pay great attention
to deviations from what is beautifully written in the documents or
sweetly proclaimed in the public and try, if possible, to eliminate
or limit such deviations from the ideal. This is so simple and
shouldn't worth any mentio
Cryptography-Digest Digest #369
Cryptography-Digest Digest #369, Volume #10 Wed, 6 Oct 99 20:13:03 EDT
Contents:
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: Exclusive Or (XOR) Knapsacks ([EMAIL PROTECTED])
Re: Which encryption for jpeg compressed pictures? (jerome)
books about elliptic curves (jerome)
Re: DES breaker Technique? (jerome)
Re: classifying algorithms (jerome)
Re: radioactive random number generator ("John E. Kuslich")
Re: Which encryption for jpeg compressed pictures? (Paul Koning)
Re: There could be *some* truth to it (Dan Day)
Re: radioactive random number generator ("John E. Kuslich")
Re: radioactive random number generator ("John E. Kuslich")
Re: Which encryption for jpeg compressed pictures? (fungus)
Re: True Random numbers (fungus)
Block encryption with variable keys (Mok-Kong Shen)
Re: Block encryption with variable keys (John Savard)
Re: Is 128 bits safe in the (far) future? (John Savard)
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:28:58 GMT
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (John Savard) wrote:
"John A Croll" [EMAIL PROTECTED] wrote, in part:
your message is:
"sHure sHow me it"
in response to Tom St. Denis, who wrote:
Ok decrypt this
1602d701fa1ac1ad
Unfortunately, this message is only eight bytes long, and your
decryption is 16 bytes long.
S... don't tell him that.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:30:28 GMT
Ok if you destroyed RC5 what is the message I sent? You got it wrong in your
other post. Tom
In article 7tg499$igt$[EMAIL PROTECTED],
"John A Croll" [EMAIL PROTECTED] wrote:
rc5 has a wide open back door for the feds and i found it.
i think they should give me the rsa prize money
because i destroyed rc5 as a viable product.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: Tom St Denis [EMAIL PROTECTED]
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:32:25 GMT
In article 7tg16g$8q3$[EMAIL PROTECTED],
"John A Croll" [EMAIL PROTECTED] wrote:
your message is:
"sHure sHow me it"
you owe me 320 bucks!
you may remit payment to:
richard lee king jr.
p.o.box 236
st.bernice,
in. 47875-0236
phone: 765-832-2557
you need to buy better security.
First off you got the message wrong, second the message is only 8 ascii chars
not 16. Third I did not buy RC5, I took the RSAREF code, thru in a main()
and gave you the ciphertext.
If you think I am making this up, just admit defeat and I will give you the
key that will decrypt it.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED]
Subject: Re: Exclusive Or (XOR) Knapsacks
Date: Wed, 06 Oct 1999 19:35:41 GMT
[EMAIL PROTECTED] (Guenther Brunthaler) wrote:
Matt Timmermans" wrote:
Let me just make up an example:
...
3rd bit
1010 = B1
0101 = B2
0011 = B1+B3
0010 = B1+B4 +B2
...
So, for any 4 bit X...
Looks very interesting!
But could you please explain your approach in more detail?
You can find Gaussian elimination in any linear
algebra text.
Also, is it coincidence that in your example there are B1..B4 and also
4 bits in X?
Not a coincidence. The question was:
| Problem:
| Given an n bit number X and a set {B1,B2,...,Bn}
| of n bit numbers;is there a subset whose elements
| collectively XORed give X?
Perhaps you could outine your example for the following (1-bit) setup:
X=1, B1 = 0, B2 = 0, B3 = 0, B4 = 1, B5 = 1, B6 = 1
and the size of the requested subset shall be 3.
This fails to be an example of the stated problem.
[...]
I really would be interested how any equation system could help find
some specific calculated solution, as there may be any number of
solutions!
Again, a linear algebra text will explain. If
any subset of the vectors xors to zero, then that
subset can be xored into any solution to produce
another solution, and all solutions may be
produced this way.
Genetic algorithms? Backtracking? P?=NP?
Nonsense - it's a simple linear algebra problem.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (jerome)
Crossposted-To: comp.security.misc,comp.graphics.algorithms,comp.compression
Subject: Re: Which encryption for jpeg compressed pictures?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Oct 1999 17:05:38 GMT
On Wed, 06 Oct 1999 07:53:40 -0700, Samuel Paik wrote:
One of the public key systems is about to fall
