Cryptography-Digest Digest #789, Volume #8 Wed, 23 Dec 98 02:13:03 EST
Contents:
Re: On living with the 56-bit key length restriction (Mr. Tines)
Stego in jpeg files (Allan Latham)
Re: coNP=NP Made Easier? (rosi)
Re: Rules of the game ([EMAIL PROTECTED])
ZIP encryption safe? (http://come.to/Delphi-Box)
Re: ZIP encryption safe? (Paul Rubin)
Re: Rules of the game (Karl-Friedrich Lenz)
Re: What is Randomness? (Dr. Yongge Wang)
Re: Cryptography FAQ (01/10: Overview) (Bruce Schneier)
Re: md5 sample implementation (John L. Allen)
----------------------------------------------------------------------------
From: Mr. Tines <[EMAIL PROTECTED]>
Subject: Re: On living with the 56-bit key length restriction
Date: 22 Dec 1998 21:50 +0000
=====BEGIN PGP SIGNED MESSAGE=====
On Tue, 22 Dec 1998 17:54:03 +0100, in
<[EMAIL PROTECTED]>
Mok-Kong Shen <[EMAIL PROTECTED]> wrote.....
> BTW, I am yet ignorant of whether it is without problems
> in US to put a pure but strong crypto algorithm on the Web.
Well, RFC 2144, which describes CAST5-128 is quite widely
available; it took me no more than a couple of hours to start
with the text and end up with a 'C' implementation that
passed the test vectors included.
- -- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< www.geocities.com/SiliconValley/1394
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
=====BEGIN PGP SIGNATURE=====
Version: CTCDOS 0.1
iQCVAwUBNoAU2YoUd45Z7dNFAQH9mAP+Pbqi3cUCGGea0XRn1FwAfPS7DugYVXwM
IQswSfR9qTO0/rHM/rSFAZYD5YtCTMSHnCKS47l5/+urPy2Lg23YajLQrGWP+Q8o
Nc8fR92Dav/yj++9M52hOisk6lEXivBaGHbm1jZBSCMGfAVaKTmWd96jDSaXbPZE
U3/UJ14rK4o=
=vLRF
=====END PGP SIGNATURE=====
------------------------------
From: Allan Latham <[EMAIL PROTECTED]>
Subject: Stego in jpeg files
Date: Wed, 23 Dec 1998 00:48:26 +0100
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
The first public version of a DOS program to hide a file in a jpeg
file using techniques that obscure the hidden file from statistical
analysis is available for anyone who wants to try it.
http:\\pweb.uunet.de/flexsys.mtk/jphs01.zip
please try and let me have your comments.
Allan Latham <|alatham| at |flexsys-group.com|>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQCVAwUBNoAfk+JCY/+xqTOxAQHe0QQAiQgJN/iajGfz7xNhL+sqgm3imYU8VRLC
otRaqvMLE9HFspsE0STnHkH8nMxugPYaFqh+MEggKD9oHA9oZznqdHA2NMEuFQoR
NpINdVzHApwdD6gpF4pYTRRZz1HeKXvh+eczaFmWCdhwlCIQjOSf7QK/FUta3TM+
searydJu1SY=
=SuEa
=====END PGP SIGNATURE=====
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: coNP=NP Made Easier?
Date: Tue, 22 Dec 1998 13:23:34 -0800
Bryan Olson wrote:
>
> rosi wrote:
> > I think I am not confused and you are NOT ilias.
> >
> > I can, at this time, only answer one person, focusing on one set of
> > questions and getting one thread taken care of.
>
> Posts invite follow-ups. E-mail is the appropriate medium for
> private discussions.
Put the above two lines more appropriately to that ilias.
Let me just ask you once more: Are you or are you not this ilias?
I am waiting for this ilias to repsond. If you are the same ilias,
we can continue instead of wondering off to other directions.
> > One other thing, yet very important. Your interpretation and under-
> > standing of ilias's notions, opinions, statements, etc. are likely
> > very correct, and it will be appreciated when you try to help people
> > to explain whatever they mean. However, I need his words. If you had
> > joined the discussion earlier and given your opinion on 21, I likely
> > could have found an ally.
>
> There's no need to worry about Dr. Kastanas' concept versus Valmari
> Antti's or Rune Bang Lyngsoe's or mine. They are the same in every
> important way.
>
I never worry about any concept of anybody. I just want a clear
description of whatever concept one adopts, and I want the world to
see what a clear description of whatever concept one adopts really is.
I am very curious why you would like to say for other people? Let these
people speak for themselves. You have your opportunity to make it clear
to the world in exactly what way 'they are the same in every
important way'. So while waiting for a reply from this ilias, why don't
you post your concept, notion, and the exact definition of such an M
(NDTM? I really do not care in the least. As I said it can be a magic
piece of rock). Just tell me, us, and the whole world how that works. I
take whatever you come up and proceed with the discussion. I do not in
the least believe you would have the courage to shy away from a few
simple questions. :)
> > Would you commit to carrying out this through to the end once
> > we start? I.e. either we agree my argument is correct, or my
> > argument is faulty, or one side is shown inconsistent or contradictory
> > (if some simple questions are answered squarely and directly without
> > evasion)?
> >
> > By the way, ilias perhaps has already seen that whichever notion
> > he uses, the issue IS settled (if ND is a well defined concept).
>
> I cannot commit to carrying through until we agree. The ^^^^^^
???
What significant questions? Beneath is an elephant, and beneath is
a turtle, and beneath are turtles all the way downward? :)
Why would a few simple questions bother you so much?
> significant questions have already been resolved.
>
> [...]
> > In the meanwhile, you can prepare your notion of
> > a NDTM for solving SS and post for our discussion.
>
I said NDTM for I think that is what you WILL shoot for. I do not
see any other variety could come from you. I sincerely hope that I am
wrong. Again, you can prepare anything (if you are not afraid to
commit to a few simple, straightforward questions). Every in the
news groups is a judge and the world is watching us.
> No need. I've adopted the same definition one finds in the
> textbooks.
>
Very good! Let us just have a quote of your textbook(s) of the
definition you use and will use for the discussion. I see that you
wrote a lot and frequently to this news group (sci.crypt). You would
not mind put in a few lines to copy the definition from your textbook(s)
for us to read and learn and base upon for the discussion, would you?
> > You may, of course,
> > choose one from 26 and 27, or give a precise one of your own (well-
> > defined assumedly). You may also get ready to answer the questions I
> > posed to ilias. For simplicity, you may answer in the following way:
> > 1. YES
> > 2. YES
> > 3. NO
> > 21. YES
> > etc.
>
> Neither 26 nor 27 contains a question. You defined M as a TM (not
> a NDTM), that accepts SS in finite (not polynomial) time. If the
> question is whether such a machine exists, of course it does. And
> a machine satisfying the same criteria, but also deciding - not just
> accepting - SS also exists.
>
> --Bryan
Who said 26 or 27 is a question? How did you get that notion?
I once again repeat: I do not care if this M is NDTM or a piece of
magic rock. I, for the questions asked of this ilias so far, want to
just know --- and the simple commitment of this ilias (or yours if you
do not think that my bringing this discussion down to a belew high-
school level math is an insult):
Does there exist such a mechanism that positively
answers the SS question in FINITE time?
By the way, assumption of such a mechanism is just as fine. I allow
any assumptions and we can work off this assumption. I am very
accommodating. :)
--- (My Signature)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Rules of the game
Date: Tue, 22 Dec 1998 23:34:27 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Karl-Friedrich Lenz ([EMAIL PROTECTED]) wrote:
> : I have a simple question about this approach. If you think of
> : cryptology as a game, then what is the rule to determine the
> : winner of that game?
>
> If the cryptographer succeeds in establishing secure communications,
> he wins: if the cryptanalyst obtains intelligence, he wins.
In a zero-sum 2-person game, the winner is determined by the values of two
real quantities, the utility functions of the players. Shannon explicitly
states (in footnote 11) that the utility function should be taken to be the
average amount of practical work required to break the cipher. The
cryptographer must estimate this utility function, while the cryptanalyst
has the luxury of measuring it during the attack.
If the cryptanalyst devises an attack in which the amount of practical work
is *less* than that estimated by the cryptographer, then the cryptanalyst
wins game. Otherwise the cryptographer wins. If point at which work
becomes impossible lies between the two estimates, then this reduces to the
rule given by John Savard.
The 2-person game analogy remains relevant because it formally rejects
security through obscurity (the cryptographer must always disclose his or
her choice of cipher).
John Pliam
[EMAIL PROTECTED]
http://www.ima.umn.edu/~pliam
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: r.fellner_AT_bigfoot.com (http://come.to/Delphi-Box)
Subject: ZIP encryption safe?
Date: Wed, 23 Dec 1998 10:26:27 GMT
Hello,
sorry for asking a question which might have been asked already 100s
of times before, but I'm not too familiar with crypto topics and just
asked me the following:
since I've read that especially using long ZIP passwords (15 chars and
more, including non-alphanumeric chars) takes enourmously long to
decrypt and just brute-force decryption helps.
How safe is that, compared to, let's say, 128bit Blowfish encryption ?
I just want to get a feeling, I don't need exact factors.
Thanks for your help,
Richey
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: ZIP encryption safe?
Date: Wed, 23 Dec 1998 01:58:22 GMT
In article <[EMAIL PROTECTED]>,
>since I've read that especially using long ZIP passwords (15 chars and
>more, including non-alphanumeric chars) takes enourmously long to
>decrypt and just brute-force decryption helps.
>
>How safe is that, compared to, let's say, 128bit Blowfish encryption ?
>I just want to get a feeling, I don't need exact factors.
If you use a long enough unguessable password, you're pretty safe from
brute force search, but ZIP encryption can be broken in a few hours on
a PC given some known plaintext. It's far less secure than Blowfish.
------------------------------
From: Karl-Friedrich Lenz <[EMAIL PROTECTED]>
Subject: Re: Rules of the game
Date: 22 Dec 1998 18:31:13 -0800
In article , [EMAIL PROTECTED] says...
>
>In a zero-sum 2-person game, the winner is determined by the values of two
>real quantities, the utility functions of the players. Shannon explicitly
>states (in footnote 11) that the utility function should be taken to be the
>average amount of practical work required to break the cipher. The
>cryptographer must estimate this utility function, while the cryptanalyst
>has the luxury of measuring it during the attack.
>
>If the cryptanalyst devises an attack in which the amount of practical work
>is *less* than that estimated by the cryptographer, then the cryptanalyst
>wins game. Otherwise the cryptographer wins. If point at which work
>becomes impossible lies between the two estimates, then this reduces to the
>rule given by John Savard.
If you accept the definition of utility by Shannon, it is the actual work factor
which is decisive, not the exactness of any estimates. For example, designer
estimates workload as brute-forcing 256 bit, while analyst comes up with a
clever way to break by brute-forcing only 180 bit. In Shannon's utility function
the designer wins, because 180 bit is still impossible for anyone on the planet,
while in your definition the analyst wins, because the designer's estimate was
wrong.
In Bruce Schneier's cryptanalysis self-study course, the utility function seems
to be close to your explanation. That is, the analyst wins with any result
breaking the design with less work than the designer thought necessary, even if
that is still impossible in the real world.
Karl-Friedrich Lenz
www.toptext.com/crypto/
------------------------------
From: [EMAIL PROTECTED] (Dr. Yongge Wang)
Subject: Re: What is Randomness?
Date: 23 Dec 1998 04:24:53 GMT
R. Knauer ([EMAIL PROTECTED]) wrote:
: On 21 Dec 1998 04:42:09 GMT, [EMAIL PROTECTED] (Dr. Yongge Wang) wrote:
: >Indeed, for the randomness you may go to
: >Martin-Loef's definition of randomness.
: >(Chaitin has an equivalent difinition)
: >but all these definitions are for infinite sequences.
: One of the definitions of randomness given by Chaitin is based on
: algorithmic complexity for finite sequences. You may be thinking of
: another paper in which he discusses his "halting probability", Omega,
: which is an infinite sequence. But then that latter discussion is
: about undecideability rather than just randomness itself.
: In the former paper he defines randomness as a level of algorithmic
: complexity that is nearly the same as the size of the number under
: consideration. He works out the probability that a number of size N is
: more complex than N-10 and comes up with 0.999. He then takes that as
: the working definition of randomness.
: For those who may not be aware what algorithmic complexity is, it is
: the same essentially as Kolmogorov complexity, namely the size of the
: smallest algorithm which will output the number under consideration.
Not exactly!!!!!!! generally, when people in this area speak
of Chaitin complexity, they refer to "prefix-free" Kolmogorov
complexiy. But in Kolmogorov complexity, we do not consider
the prefix-free property (or monotone property or
slef-delimiting Turing machine).
For other definitions of randomenss and \Omega numbers,
you may find more
details in my PhD thesis in my homepage (address below).
: Randomness in that sense is a lack of irreducibility, since a random
: number cannot be output by an algorithm unless it contains the number
: in entirety.
: See http://www.cs.auckland.ac.nz/CDMTCS/chaitin/
: Bob Knauer
: "In the general course of human nature, a power over a man's
: subsistence amounts to a power over his will."
: --Alexander Hamilton
--
======================================================.
Yongge Wang | |
Dept. of EE & CS | |
Univ. of Wisconsin--Milwaukee | |
P.O.Box 784 |Yongge Wang |
Milwaukee, WI 53201 |2545 N.Frederick Ave. |
|Apt. 104 |
Tel: (414)229-5731 |Milwaukee, WI 53211 |
Fax: (414)229-2769 | |
[EMAIL PROTECTED] |Tel: (414)3324794 |
http://www.cs.uwm.edu/~wang |Fax: (414)3324794 |
======================================================'
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Cryptography FAQ (01/10: Overview)
Date: Wed, 23 Dec 1998 05:11:23 GMT
This FAQ is over four years old.
It seems reasonable to update it. Is there a cabal in charge of the
FAQ, or has it been orphaned? Is anyone interested in working on an
update?
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (John L. Allen)
Subject: Re: md5 sample implementation
Date: 22 Dec 1998 14:38:08 -0500
In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>Hi all,
>I want to find out a -very_clear- md5 implementation. I know RSA's
>reference implementation, GNU fileutils' md5 implementation and that of
>SSLeay but they are optimized for performance. Any of you know a more
>clear implementation for presentation purposes?
[ Article CC'ed to poster ]
Below is a perl version for your perusal.
If you know perl it's pretty clear :-)
And it could stand some white space in the
four main working loops.
John.
----
#!/bin/perl -- RSA's MD5 in perl5 - "Fast" version.
#
# Usage:
# md5 < file
#
# Test Case:
# $ echo 1234567890 | md5
# 7c12772809c1c0c3deda6103b10fdfa0
#
# This version has been somewhat optimized for speed, and gets about
# 16 KB per second on a PPC604-120 42T workstation. Still pitiful
# compared with C. Feel free to improve it if you can.
#
# Author: John L. Allen, [EMAIL PROTECTED], 3/8/97
#
# "Magic" <K>onstants, one for each of 64 rounds.
# These _must_ be defined before ``use integer''.
my @K = map { int abs 2**32 * sin $_ } 1..64;
use integer;
# Which word of the input <B>lock to operate on for all 64 rounds
my @B = (
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, # rounds 0 - 15
1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, # rounds 16 - 31
5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, # rounds 32 - 47
0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # rounds 48 - 63
);
# <L>eft roll amounts in bits for all 64 rounds
my @L = (
( 7, 12, 17, 22) x 4, # rounds 0 - 15
( 5, 9, 14, 20) x 4, # rounds 16 - 31
( 4, 11, 16, 23) x 4, # rounds 32 - 47
( 6, 10, 15, 21) x 4, # rounds 48 - 63
);
# Initial Accumulator Values
my ($aa, $bb, $cc, $dd) = (0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476);
# <M>ask values for right shifts to prevent sign propagation
my @M = map { 2**$_ - 1 } 0..32;
my @a = (0..15);
my @b = (16..31);
my @c = (32..47);
my @d = (48..63);
my ($a, $b, $c, $d, $t, $n, $l, $r, $p);
my @W;
do{
$l += $r = read STDIN, $_, 64;
$r++, $_ .= "\x80" if $r<64 && !$p++;
@W = unpack V16, $_."\0"x7;
$W[14] = $l*8 if $r<57;
$a=$aa, $b=$bb, $c=$cc, $d=$dd;
for(@a){
$x=($b&$c|$d&~$b)+$W[$B[$_]]+$K[$_]+$a; $n=$L[$_];
$t=$b+($x<<$n|$M[$n]&$x>>32-$n), $a=$d, $d=$c, $c=$b, $b=$t
}
for(@b){
$x=($b&$d|$c&~$d)+$W[$B[$_]]+$K[$_]+$a; $n=$L[$_];
$t=$b+($x<<$n|$M[$n]&$x>>32-$n), $a=$d, $d=$c, $c=$b, $b=$t
}
for(@c){
$x=($b^$c^$d)+$W[$B[$_]]+$K[$_]+$a; $n=$L[$_];
$t=$b+($x<<$n|$M[$n]&$x>>32-$n), $a=$d, $d=$c, $c=$b, $b=$t
}
for(@d){
$x=($b|~$d^$c)+$W[$B[$_]]+$K[$_]+$a; $n=$L[$_];
$t=$b+($x<<$n|$M[$n]&$x>>32-$n), $a=$d, $d=$c, $c=$b, $b=$t
}
$aa+=$a, $bb+=$b, $cc+=$c, $dd+=$d
} while $r>56;
print unpack(H32, pack V4, $aa, $bb, $cc, $dd), "\n";
--
_/JohnL\[EMAIL PROTECTED] <Sun>: 9.5 billion pounds per sec to energy
~\Allen/~Fax: 516-575-7428 <Universe>: 1e22 stars = 22 solar masses per sec
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
