Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #14 Tue, 5 Jun 01 18:13:00 EDT Contents: Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) One last bijection question (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tim Tyler) Re: Best, Strongest Algorithm (gone from any reasonable topic) (SCOTT19U.ZIP_GUY) Re: One last bijection question ([EMAIL PROTECTED]) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (Tom St Denis) Re: Best, Strongest Algorithm (gone from any reasonable topic) (JPeschel) Re: One last bijection question (Tom St Denis) Re: Welcoming another Anti-Evidence Eliminator stooge to USENET (P. Dulles / AKA Loki) (Keith) From: Tom St Denis [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) Date: Tue, 05 Jun 2001 21:10:44 GMT Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Tom St Denis [EMAIL PROTECTED] wrote: : Tim Tyler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... : Tom St Denis [EMAIL PROTECTED] wrote: : : Yes there will be equivalent keys but not enough to tell from random. : : Tell /what/ from random. : Tell the plaintext. [...] I can very likely tell a randomly chosen plaintext from the decrypt of an 1 byte cyphertext using CTR mode. Does the random plaintext have only 8 bits? If not, I can immediately distinguish them. Yes, but you are just brute forcing the key space. If you encode for example 384-bits (three AES blocks) in CTR mode you can most likely tell when you get the key right. However, getting the right key amounts to at least 2^127 work if the key is random. : [...] a cyphertext only having 256 possible decrypts is a : problem with the orthodox CTR mode. : It's not a problem. You're just not looking for the answer. AFAICS, your idea of an answer is one that isn't worth having ;-| : The truth is if the message has a prob of 1/256 and all outputs from the : cipher are equalprobable (i.e 1/256) then it's a provably secure for a : single byte only. Ah - you're sliding in that for a single byte only... As though we're discussing the trivial case of only 256 possible messages... Um yes that's what we were f$$$ talking about. For geez sakes stay on the same model! : Consider the cipher some simple like : C = P xor K : where we discard the 120 upper bits of C before xoring against the message. : Don't you agree this is just an OTP? Yes - it's very much like an OTP. (Hint it is an OTP) : Hence don't you agree it's provably secure? Of course it's not provably secure - unless you think only having 256 possible plaintexts out of the possible billions is something worthwhile. We're trying to stop the attacker getting information about the message. Giving him the length of the message on a plate is a terrible start. Why? Tell me how you can find K from C knowing the length? Just tell me why it's a problem. Tom -- From: Tom St Denis [EMAIL PROTECTED] Subject: One last bijection question Date: Tue, 05 Jun 2001 21:15:10 GMT Ok I thought bijections were when the codomain and domain are the same set. http://www.dictionary.com/cgi-bin/dict.pl?term=surjection Seems to support this thought. A function f : A - B is surjective or onto or a surjection if f A = B Don't A and B represent the domain/codomain sets respectively? I'm most likely wrong can someone explain this? The only other meaning I can find is that A and B are not the same set but can map back and forth. But isn't that an injection? Arrg! -- Tom St Denis --- http://tomstdenis.home.dhs.org -- From: Tim Tyler [EMAIL PROTECTED] Subject: Re: Best, Strongest Algorithm (gone from any reasonable topic) Reply-To: [EMAIL PROTECTED] Date: Tue, 5 Jun 2001 21:12:05 GMT SCOTT19U.ZIP_GUY [EMAIL PROTECTED] wrote: : Tim I think TOM is just trying to make ass out of himself He seems to me to have been doing a lot of that recently: First the unicity distance, then the bijection, and now the CTR mode. I guess we just rub him up the wrong way - so that all of his conceptual problems come to the surface at once. : The thread will go no where. He will only twist it. He can't : even answser the simple fact theat if one used CTR mode so : a one byte cipher text file decrypts to 256 messages. And : one used BICOM where a one byte output file could represent : thousands and thousands
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #13 Tue, 23 Jan 01 05:13:01 EST Contents: Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa) Re: cryptographic tourism in Russia ("Vladimir Katalov") Re: Easy question for you guys... (Anders Thulin) another Microsoft lawsuit on the horizon (Matthew Montchalin) Re: Dynamic Transposition Revisited (long) (Terry Ritter) Re: Dynamic Transposition Revisited (long) (Terry Ritter) Re: collisions risks of applying MD5 or SHA1 to a 48-bit input (Serge Paccalin) Re: Some help please (Jim Gillogly) Re: Some help please ("Douglas A. Gwyn") Re: Easy question for you guys... (Anders Andersson) Re: Some help please ("Jakob Jonsson") From: Anthony Stephen Szopa [EMAIL PROTECTED] Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism Subject: Re: Why Microsoft's Product Activation Stinks Date: Mon, 22 Jan 2001 23:30:18 -0800 Richard Heathfield wrote: Anthony Stephen Szopa wrote: snip over 200 lines So that's all I have to say for a while. Is that a promise? Here is a guy who spits on the souls of anyone for no damned reason. I told you that I am the inventor that will save people tens or hundreds of billions of dollars in lost revenue and you verbally shit on me with your sarcasm. Did you develope an anti-piracy computer software module that will prevent perhaps half at a minimum of the illegal copying of computer software in the world? Do you know how important a contribution this is? I can prove that I did this. And if I eventually do prove it publicly everyone will know you are a fool. But most importantly you will know. I think you probably already know you are a fool. I am certainly one of a very very few and perhaps the only person in the world who can prove that they did it before MS. I am not going to divulge my thought processes here or my plans or my actions regarding the implications of this situation at this time, as I have said. I am actively pursuing my interests. I think I read that there is about $50 billion dollars worth of computer software piracy going on every year. You must be a real high achiever to top this. Tell your friends what a proud soul you are and give them the example you posted here and explain to them why you are the one to be so sarcastic. What are your qualifications? I would tell them that you are a high risk gambler and that they should stay as far away from you as possible. You just can't believe that I did what I say I did, can you? You think you can make the jump and take the leap to ridicule me. You have no proof that I am lying. Yet you risk your reputation. As I said, you have poor judgment although you have calculated that you are on solid ground. Quicksand, yes. You are in quicksand and there will be no one to come to your aid. Just wait and see. If and when the proof comes out I hope someone brings it to you attention. I was waiting for a worm to show their slime. You finally showed up. What is a fool? A fool is a person who plays an Eric Clapton song on their own guitar. He plays the song perhaps even as good as Eric Clapton. And then he thinks he is as great an artist as Eric Clapton. You are an even greater fool than this because you would play the air guitar while listening to Eric Clapton and really believe you are as great a musician and artist as Eric Clapton. Can you feel your heart literally shrinking? You will. Thanks a lot. AS Gee, you didn't get any more significant information from me about my claim? Too bad. -- From: "Vladimir Katalov" [EMAIL PROTECTED] Subject: Re: cryptographic tourism in Russia Date: Tue, 23 Jan 2001 10:54:23 +0300 Eric Lee Green wrote in message ... Hmm... a point there, given that the government there is now run by a former intelligence officer and that they've a nasty habit of imprisoning Americans that they think are nosing around in the wrong place... A friend of a friend spends time in Russia from time to time (he supposedly is a school teacher, but has this strange habit of turning up wherever things are heating up... e.g. Columbia during the worst of the drug wars, Poland when Solidarity kicked out the Communist government, Russia during the failed coup, ...). The stories I hear are pretty bad -- things apparently got pretty lawless for a while, the old government had virtually collapsed into meaninglessness, and the new government apparently is overreacting by attempting to clamp down harshly on all the lawlessness. I'm not sure I'd be adventurous enough to plan a trip to Russia right now. Exactly. A trip to Russia might be really dangerous nowadays... I don't want to scare you, but the situation here looks very similar to Chicago in 30's. St Petersburg is a bit better (more safe) than Moscow. Yo
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #12 Thu, 24 Aug 00 18:13:00 EDT Contents: Re: Serious PGP v5 v6 bug! ([EMAIL PROTECTED]) understanding RC4 ([EMAIL PROTECTED]) Re: Excerpt of SECRETS AND LIES available on-line (John Myre) Re: Reply now to join the crypto-research-ressources group (David A Molnar) Asymmetric Encryption Algorithms ("Paul Montgomery") Re: Serious PGP v5 v6 bug! ("JT") Re: Excerpt of SECRETS AND LIES available on-line (JPeschel) Re: SHA-1 program (cool!) (S. T. L.) Re: blowfish problem ("Trevor L. Jackson, III") Re: blowfish problem ("Trevor L. Jackson, III") Re: blowfish problem (Richard Heathfield) Re: blowfish problem ("Douglas A. Gwyn") Re: blowfish problem (Richard Heathfield) Re: Bytes, octets, chars, and characters (Paul Schlyter) Re: Bytes, octets, chars, and characters (Paul Schlyter) Re: Provably secure stream cipher (Tim Tyler) Re: Serious PGP v5 v6 bug! (David Kaczynski) Re: Serious PGP v5 v6 bug! (Shellac) From: [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: Serious PGP v5 v6 bug! Date: Thu, 24 Aug 2000 19:04:12 GMT The problem won't go away until all vulnerable versions of PGP are retired, since it's the sender who is responsible for encrypting to the ADKs, not the recipient. have read Ralf's paper, please correct me if i mis-understand the following conclusion in the paper: "Since DH-keys all have Version-4-self-signatures, you should avoid to use those for encryption. But detecting V4-RSA-keys is sometimes difficult. Using PGP553i for Windows V4-RSA-keys do present themselves as V3-RSA-keys with key-IDs and fingerprints computed in Version-3- style. Upgrading to PGP651i for Windows shows the same key with a new V4-style key-ID and with a different new fingerprint but truncated to the first 16 bytes, so that it looks like a V3-style fingerprint, which it clearly is not. So if you see 16 byte fingerprints you cannot be sure that the key does not have a Version-4-self-signature. To be sure you have to go into byte analysis of the key packets. Using GnuPG make things worse because all V4-signatures I have created on RSA-keys were made using this program. So if you want to get rid of ADKs as much as possible, you are well advised to use PGP-Classic, PGP-2.6.x, the only PGP which guarantees that only Version-3-signatures are made and which rejects DH-keys and RSA-keys in Version-4-format. You should use GnuPG as an analysis-tool to check which packets a key or cryptogram consists of. And you can use newer PGP-versions or GnuPG to check the validity of signatures on messages which have been made with V4-keys by others." {end of quoted selection } can a workaround be to use pgp 2.6.x to generate version 3 RSA keys, and then use only those keys, but can still continue using any version of pgp, or did i really miss something? vedaal Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] Subject: understanding RC4 Date: Thu, 24 Aug 2000 19:01:18 GMT Newbie alert. At the risk of sounding silly - I pose the following question. (I am new to cryptology). I know the following: 1. Plaintext = "secret" 2. Encrypted string = "06E0A50B579AD2CD5FFDC48565627EE7" 3. RC4 algorithm was used (possibly modified somehow) 4. No salting was used in RC4 Given this information, is it possible to write an RC4 encryption routine that does helps me encrypt other plaintexts in the _same_ manner? Does no-salt-used mean that the encryption key does not depend on the plaintext? How can a 6 character word ("secret") lead to a 32 character hash (""06E0A50B579AD2CD5FFDC48565627EE7") - I thought a stream cipher's output was to same length as the input? Any help/insights/source code snippets/websites would be most appreciated. - Grank. === Sent via Deja.com http://www.deja.com/ Before you buy. -- From: John Myre [EMAIL PROTECTED] Subject: Re: Excerpt of SECRETS AND LIES available on-line Date: Thu, 24 Aug 2000 13:48:34 -0600 Bruce Schneier wrote: A couple of weeks ago, someone asked about on-line distribution of my latest book. I just noticed that Chapter 3 is up on Amazon: snip Not the chapter I would have picked to excerpt, but no one asked me. snip I notice that at the bottom is the phrase "used by permission". What permission did they get, from whom? Is the author involved at all? JM -- From: David A Molnar [EMAIL PROTECTED] Subject: Re: Reply now to join the crypto-research-ressources group Date: 24 Aug 2000 19:55:39 GMT [EMAI
Cryptography-Digest Digest #528
Cryptography-Digest Digest #528, Volume #10 Mon, 8 Nov 99 20:13:05 EST Contents: Re: How protect HDisk against Customs when entering Great Britain (Anonymous) Re: Proposal: Inexpensive Method of "True Random Data" Generation ("Douglas A. Gwyn") Re: What sort of noise should encrypted stuff look like? ("Douglas A. Gwyn") Re: Re: How protect HDisk against Customs when entering Great Britain (CoyoteRed) Re: Re: How protect HDisk against Customs when entering Great Britain (CoyoteRed) Re: Doesn't Bruce Schneier practice what he preaches? (Bruce Schneier) Re: Doesn't Bruce Schneier practice what he preaches? (Bruce Schneier) Re: Q: Removal of bias (Mok-Kong Shen) Re: Scientific Progress and the NSA (was: Bruce Schneier's Crypto Comments...) (Bruce Schneier) Re: Signals From Intelligent Space Aliens? Forget About It. (John Kennedy) Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy) which international version ("Nicholas Cole") Encryption Placement (Benjamin Valenti) Re: Incompatible algorithms ([EMAIL PROTECTED]) Date: 8 Nov 1999 21:39:33 - From: Anonymous Use-Author-Address-Header@[127.1] Subject: Re: How protect HDisk against Customs when entering Great Britain Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server Bruno Wolff III [EMAIL PROTECTED] wrote: : You lack imagination. Better would be to reprogram the floppy to start : damaging other peoples systems after about 10 scans. After that story gets : out no one is going to trust them to boot their system off their floppies. There is already a well-known name for this technology. It's called "virus". -- Crossposted-To: sci.math,sci.misc,sci.physics From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation Date: Mon, 8 Nov 1999 20:37:42 GMT "Steven B. Harris" wrote: No kidding? Not only "no kidding", but the original hex-digit-only algorithm has been augmented by further work and now we can produce any arbitrary decimal digit of pi. It shouldn't take long to locate more info via a Web search. -- From: "Douglas A. Gwyn" [EMAIL PROTECTED] Subject: Re: What sort of noise should encrypted stuff look like? Date: Mon, 8 Nov 1999 20:43:27 GMT wtshaw wrote: Given a *good* spectrum in ciphertext, you can skew it to make a misleading one of your own picking. It would cost you bandwidth. Why bother? -- From: [EMAIL PROTECTED] (CoyoteRed) Subject: Re: Re: How protect HDisk against Customs when entering Great Britain Date: Mon, 08 Nov 1999 21:43:46 GMT Reply-To: this news group unless otherwise instructed! On Mon, 08 Nov 1999 11:04:11 -0500, "Trevor Jackson, III" [EMAIL PROTECTED] wrote: CoyoteRed wrote: We deserve privacy only when it's nobodies' business but our own. I think you have the presumption inverted. We deserve privacy in all areas except where there is an overriding public interest, narrowly construed. No, I think I have it right. If /it's/ no one else's business, then I can keep it to myself or tell the world. When /it's/ no one else's business then they have no claim on it and therefore no control. But as soon as /it/ becomes some one else's business, then it is no longer private. The problem is when does /it/ become some one else's business. Child abuse and molestation, rape, murder, assault, battery, etc.; the list goes on. This is when your privacy ends. If you are doing something that does not harm, or take advantage of, anyone else, then /it/ is no one else's business. Also, we only "deserve" privacy if we are willing to defend it. Also, we "deserve" privacy at all times, up to the point where we interfere with someone else's rights. Then are right's must be balanced against the other's. But, maybe we'll just to agree to disagree... -- CoyoteRed CoyoteRed at bigfoot dot com http://go.to/CoyoteRed PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com -- From: [EMAIL PROTECTED] (CoyoteRed) Subject: Re: Re: How protect HDisk against Customs when entering Great Britain Date: Mon, 08 Nov 1999 21:43:51 GMT Reply-To: this news group unless otherwise instructed! On 08 Nov 1999 11:44:43 -0500, Stephen Carpenter [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Coyote-Red) writes: If there wasn't any demand... Thats a big if...there will ALWAYS be demand. True... But a large demand needs to be answered with a large supply and we both know where that leads. Some people have fantasies about having sex with children. In fact I doubt you will find those fantasies to be uncommon. Its considered "perverse" in