Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #14 Tue, 5 Jun 01 18:13:00 EDT Contents: Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) One last bijection question (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY) Re: One last bijection question ([EMAIL PROTECTED]) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel) Re: One last bijection question (Tom St Denis) Re: Welcoming another Anti-Evidence Eliminator stooge to USENET (P. Dulles / AKA Loki) (Keith) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) Date: Tue, 05 Jun 2001 21:10:44 GMT Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Tom St Denis [EMAIL PROTECTED] wrote: : Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... : Tom St Denis [EMAIL PROTECTED] wrote: : : Yes there will be equivalent keys but not enough to tell from random. : : Tell /what/ from random. : Tell the plaintext. [...] I can very likely tell a randomly chosen plaintext from the decrypt of an 1 byte cyphertext using CTR mode. Does the random plaintext have only 8 bits? If not, I can immediately distinguish them. Yes, but you are just brute forcing the key space. If you encode for example 384-bits (three AES blocks) in CTR mode you can most likely tell when you get the key right. However, getting the right key amounts to at least 2^127 work if the key is random. : [...] a cyphertext only having 256 possible decrypts is a : problem with the orthodox CTR mode. : It's not a problem. You're just not looking for the answer. AFAICS, your idea of an answer is one that isn't worth having ;-| : The truth is if the message has a prob of 1/256 and all outputs from the : cipher are equalprobable (i.e 1/256) then it's a provably secure for a : single byte only. Ah - you're sliding in that for a single byte only... As though we're discussing the trivial case of only 256 possible messages... Um yes that's what we were f$$$ talking about. For geez sakes stay on the same model! : Consider the cipher some simple like : C = P xor K : where we discard the 120 upper bits of C before xoring against the message. : Don't you agree this is just an OTP? Yes - it's very much like an OTP. (Hint it is an OTP) : Hence don't you agree it's provably secure? Of course it's not provably secure - unless you think only having 256 possible plaintexts out of the possible billions is something worthwhile. We're trying to stop the attacker getting information about the message. Giving him the length of the message on a plate is a terrible start. Why? Tell me how you can find K from C knowing the length? Just tell me why it's a problem. Tom -- From: Tom St Denis [EMAIL PROTECTED] Subject: One last bijection question Date: Tue, 05 Jun 2001 21:15:10 GMT Ok I thought bijections were when the codomain and domain are the same set. http://www.dictionary.com/cgi-bin/dict.pl?term=surjection Seems to support this thought. A function f : A - B is surjective or onto or a surjection if f A = B Don't A and B represent the domain/codomain sets respectively? I'm most likely wrong can someone explain this? The only other meaning I can find is that A and B are not the same set but can map back and forth. But isn't that an injection? Arrg! -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) Reply-To: [EMAIL PROTECTED] Date: Tue, 5 Jun 2001 21:12:05 GMT SCOTT19U.ZIP_GUY [EMAIL PROTECTED] wrote: : Tim I think TOM is just trying to make ass out of himself He seems to me to have been doing a lot of that recently: First the unicity distance, then the bijection, and now the CTR mode. I guess we just rub him up the wrong way - so that all of his conceptual problems come to the surface at once. : The thread will go no where. He will only twist it. He can't : even answser the simple fact theat if one used CTR mode so : a one byte cipher text file decrypts to 256 messages. And : one used BICOM where a one byte output file could represent : thousands and thousands
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #13 Tue, 23 Jan 01 05:13:01 EST
Contents:
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: cryptographic tourism in Russia ("Vladimir Katalov")
Re: Easy question for you guys... (Anders Thulin)
another Microsoft lawsuit on the horizon (Matthew Montchalin)
Re: Dynamic Transposition Revisited (long) (Terry Ritter)
Re: Dynamic Transposition Revisited (long) (Terry Ritter)
Re: collisions risks of applying MD5 or SHA1 to a 48-bit input (Serge Paccalin)
Re: Some help please (Jim Gillogly)
Re: Some help please ("Douglas A. Gwyn")
Re: Easy question for you guys... (Anders Andersson)
Re: Some help please ("Jakob Jonsson")
From: Anthony Stephen Szopa [EMAIL PROTECTED]
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Mon, 22 Jan 2001 23:30:18 -0800
Richard Heathfield wrote:
Anthony Stephen Szopa wrote:
snip over 200 lines
So that's all I have to say for a while.
Is that a promise?
Here is a guy who spits on the souls of anyone for no damned reason.
I told you that I am the inventor that will save people tens or
hundreds of billions of dollars in lost revenue and you verbally
shit on me with your sarcasm.
Did you develope an anti-piracy computer software module that will
prevent perhaps half at a minimum of the illegal copying of
computer software in the world? Do you know how important a
contribution this is?
I can prove that I did this. And if I eventually do prove it
publicly everyone will know you are a fool. But most importantly
you will know. I think you probably already know you are a fool.
I am certainly one of a very very few and perhaps the only person in
the world who can prove that they did it before MS. I am not going
to divulge my thought processes here or my plans or my actions
regarding the implications of this situation at this time, as I have
said. I am actively pursuing my interests.
I think I read that there is about $50 billion dollars worth of
computer software piracy going on every year.
You must be a real high achiever to top this. Tell your friends
what a proud soul you are and give them the example you posted here
and explain to them why you are the one to be so sarcastic. What
are your qualifications?
I would tell them that you are a high risk gambler and that they
should stay as far away from you as possible. You just can't
believe that I did what I say I did, can you? You think you can
make the jump and take the leap to ridicule me. You have no proof
that I am lying. Yet you risk your reputation. As I said, you have
poor judgment although you have calculated that you are on solid
ground. Quicksand, yes. You are in quicksand and there will be no
one to come to your aid. Just wait and see.
If and when the proof comes out I hope someone brings it to you
attention.
I was waiting for a worm to show their slime. You finally showed up.
What is a fool? A fool is a person who plays an Eric Clapton song
on their own guitar. He plays the song perhaps even as good as Eric
Clapton. And then he thinks he is as great an artist as Eric
Clapton.
You are an even greater fool than this because you would play the
air guitar while listening to Eric Clapton and really believe you
are as great a musician and artist as Eric Clapton.
Can you feel your heart literally shrinking? You will.
Thanks a lot.
AS
Gee, you didn't get any more significant information from me about
my claim?
Too bad.
--
From: "Vladimir Katalov" [EMAIL PROTECTED]
Subject: Re: cryptographic tourism in Russia
Date: Tue, 23 Jan 2001 10:54:23 +0300
Eric Lee Green wrote in message ...
Hmm... a point there, given that the government there is now run by a
former intelligence officer and that they've a nasty habit of
imprisoning Americans that they think are nosing around in the wrong
place...
A friend of a friend spends time in Russia from time to time (he
supposedly is a school teacher, but has this strange habit of turning
up wherever things are heating up... e.g. Columbia during the worst of
the drug wars, Poland when Solidarity kicked out the Communist
government, Russia during the failed coup, ...). The stories I hear
are pretty bad -- things apparently got pretty lawless for a while,
the old government had virtually collapsed into meaninglessness, and
the new government apparently is overreacting by attempting to clamp
down harshly on all the lawlessness. I'm not sure I'd be adventurous
enough to plan a trip to Russia right now.
Exactly. A trip to Russia might be really dangerous nowadays... I don't
want to scare you, but the situation here looks very similar to Chicago
in 30's.
St Petersburg is a bit better (more safe) than Moscow. Yo
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #12 Thu, 24 Aug 00 18:13:00 EDT
Contents:
Re: Serious PGP v5 v6 bug! ([EMAIL PROTECTED])
understanding RC4 ([EMAIL PROTECTED])
Re: Excerpt of SECRETS AND LIES available on-line (John Myre)
Re: Reply now to join the crypto-research-ressources group (David A Molnar)
Asymmetric Encryption Algorithms ("Paul Montgomery")
Re: Serious PGP v5 v6 bug! ("JT")
Re: Excerpt of SECRETS AND LIES available on-line (JPeschel)
Re: SHA-1 program (cool!) (S. T. L.)
Re: blowfish problem ("Trevor L. Jackson, III")
Re: blowfish problem ("Trevor L. Jackson, III")
Re: blowfish problem (Richard Heathfield)
Re: blowfish problem ("Douglas A. Gwyn")
Re: blowfish problem (Richard Heathfield)
Re: Bytes, octets, chars, and characters (Paul Schlyter)
Re: Bytes, octets, chars, and characters (Paul Schlyter)
Re: Provably secure stream cipher (Tim Tyler)
Re: Serious PGP v5 v6 bug! (David Kaczynski)
Re: Serious PGP v5 v6 bug! (Shellac)
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 v6 bug!
Date: Thu, 24 Aug 2000 19:04:12 GMT
The problem won't go away until all vulnerable versions of PGP are
retired, since it's the sender who is responsible for encrypting to
the ADKs, not the recipient.
have read Ralf's paper, please correct me if i mis-understand the
following conclusion in the paper:
"Since DH-keys all have Version-4-self-signatures, you should avoid to
use those for encryption. But detecting V4-RSA-keys is sometimes
difficult. Using PGP553i for Windows V4-RSA-keys do present themselves
as V3-RSA-keys with key-IDs and fingerprints computed in Version-3-
style. Upgrading to PGP651i for Windows shows the same key with a new
V4-style key-ID and with a different new fingerprint but truncated to
the first 16 bytes, so that it looks like a V3-style fingerprint, which
it clearly is not. So if you see 16 byte fingerprints you cannot be
sure that the key does not have a Version-4-self-signature. To be sure
you have to go into byte analysis of the key packets. Using GnuPG make
things worse because all V4-signatures I have created on RSA-keys were
made using this program.
So if you want to get rid of ADKs as much as possible, you are well
advised to use PGP-Classic, PGP-2.6.x, the only PGP which guarantees
that only Version-3-signatures are made and which rejects DH-keys and
RSA-keys in Version-4-format.
You should use GnuPG as an analysis-tool to check which packets a key
or cryptogram consists of. And you can use newer PGP-versions or GnuPG
to check the validity of signatures on messages which have been made
with V4-keys by others." {end of quoted selection }
can a workaround be to use pgp 2.6.x to generate version 3 RSA keys,
and then use only those keys, but can still continue using any version
of pgp,
or did i really miss something?
vedaal
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED]
Subject: understanding RC4
Date: Thu, 24 Aug 2000 19:01:18 GMT
Newbie alert. At the risk of sounding silly - I pose the following
question. (I am new to cryptology).
I know the following:
1. Plaintext = "secret"
2. Encrypted string = "06E0A50B579AD2CD5FFDC48565627EE7"
3. RC4 algorithm was used (possibly modified somehow)
4. No salting was used in RC4
Given this information, is it possible to write an RC4 encryption
routine that does helps me encrypt other plaintexts in the _same_
manner?
Does no-salt-used mean that the encryption key does not depend on the
plaintext?
How can a 6 character word ("secret") lead to a 32 character hash
(""06E0A50B579AD2CD5FFDC48565627EE7") - I thought a stream cipher's
output was to same length as the input?
Any help/insights/source code snippets/websites would be most
appreciated.
- Grank.
===
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: John Myre [EMAIL PROTECTED]
Subject: Re: Excerpt of SECRETS AND LIES available on-line
Date: Thu, 24 Aug 2000 13:48:34 -0600
Bruce Schneier wrote:
A couple of weeks ago, someone asked about on-line distribution of my
latest book. I just noticed that Chapter 3 is up on Amazon:
snip
Not the chapter I would have picked to excerpt, but no one asked me.
snip
I notice that at the bottom is the phrase "used by permission". What
permission did they get, from whom? Is the author involved at all?
JM
--
From: David A Molnar [EMAIL PROTECTED]
Subject: Re: Reply now to join the crypto-research-ressources group
Date: 24 Aug 2000 19:55:39 GMT
[EMAI
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #10 Mon, 8 Nov 99 20:13:05 EST
Contents:
Re: How protect HDisk against Customs when entering Great Britain (Anonymous)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("Douglas A. Gwyn")
Re: What sort of noise should encrypted stuff look like? ("Douglas A. Gwyn")
Re: Re: How protect HDisk against Customs when entering Great Britain (CoyoteRed)
Re: Re: How protect HDisk against Customs when entering Great Britain (CoyoteRed)
Re: Doesn't Bruce Schneier practice what he preaches? (Bruce Schneier)
Re: Doesn't Bruce Schneier practice what he preaches? (Bruce Schneier)
Re: Q: Removal of bias (Mok-Kong Shen)
Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto Comments...)
(Bruce Schneier)
Re: Signals From Intelligent Space Aliens? Forget About It. (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy)
which international version ("Nicholas Cole")
Encryption Placement (Benjamin Valenti)
Re: Incompatible algorithms ([EMAIL PROTECTED])
Date: 8 Nov 1999 21:39:33 -
From: Anonymous Use-Author-Address-Header@[127.1]
Subject: Re: How protect HDisk against Customs when entering Great Britain
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Bruno Wolff III [EMAIL PROTECTED] wrote:
: You lack imagination. Better would be to reprogram the floppy to start
: damaging other peoples systems after about 10 scans. After that story gets
: out no one is going to trust them to boot their system off their floppies.
There is already a well-known name for this technology. It's called "virus".
--
Crossposted-To: sci.math,sci.misc,sci.physics
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 8 Nov 1999 20:37:42 GMT
"Steven B. Harris" wrote:
No kidding?
Not only "no kidding", but the original hex-digit-only algorithm
has been augmented by further work and now we can produce any
arbitrary decimal digit of pi. It shouldn't take long to locate
more info via a Web search.
--
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: What sort of noise should encrypted stuff look like?
Date: Mon, 8 Nov 1999 20:43:27 GMT
wtshaw wrote:
Given a *good* spectrum in ciphertext, you can skew it to make a
misleading one of your own picking.
It would cost you bandwidth. Why bother?
--
From: [EMAIL PROTECTED] (CoyoteRed)
Subject: Re: Re: How protect HDisk against Customs when entering Great Britain
Date: Mon, 08 Nov 1999 21:43:46 GMT
Reply-To: this news group unless otherwise instructed!
On Mon, 08 Nov 1999 11:04:11 -0500, "Trevor Jackson, III"
[EMAIL PROTECTED] wrote:
CoyoteRed wrote:
We deserve privacy only when it's nobodies' business but our own.
I think you have the presumption inverted. We deserve privacy in all areas
except where there is an overriding public interest, narrowly construed.
No, I think I have it right.
If /it's/ no one else's business, then I can keep it to myself or tell
the world. When /it's/ no one else's business then they have no claim
on it and therefore no control. But as soon as /it/ becomes some one
else's business, then it is no longer private.
The problem is when does /it/ become some one else's business. Child
abuse and molestation, rape, murder, assault, battery, etc.; the list
goes on. This is when your privacy ends.
If you are doing something that does not harm, or take advantage of,
anyone else, then /it/ is no one else's business.
Also, we only "deserve" privacy if we are willing to defend it.
Also, we "deserve" privacy at all times, up to the point where we
interfere with someone else's rights. Then are right's must be
balanced against the other's.
But, maybe we'll just to agree to disagree...
--
CoyoteRed
CoyoteRed at bigfoot dot com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
--
From: [EMAIL PROTECTED] (CoyoteRed)
Subject: Re: Re: How protect HDisk against Customs when entering Great Britain
Date: Mon, 08 Nov 1999 21:43:51 GMT
Reply-To: this news group unless otherwise instructed!
On 08 Nov 1999 11:44:43 -0500, Stephen Carpenter
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Coyote-Red) writes:
If there wasn't any demand...
Thats a big if...there will ALWAYS be demand.
True... But a large demand needs to be answered with a large supply
and we both know where that leads.
Some people have fantasies about having sex with children. In fact
I doubt you will find those fantasies to be uncommon. Its considered
"perverse" in
