Cryptography-Digest Digest #855, Volume #8 Wed, 6 Jan 99 15:13:04 EST
Contents:
Re: One-time pads not secure ? (NSA's Venona project) (Philip Gladstone)
commercial digital watermark systems: results? ([EMAIL PROTECTED])
Re: Chosen-Signature Steganography ("Dr.Gunter Abend")
Re: One-time pads not secure ? (NSA's Venona project) ("Tony T. Warnock")
Re: U.S. Spying On Friend And Foe (Mike McCarty)
M-94 Replica (JTong1995)
SOC.CULTURE.JEWISH IS UNDERGOING AN ATTACK BY NEO-NAZIS!! (Fred Cherry)
Re: symmetric vs various asymmetric [was: DH is "stronger" than RSA?] (David Crick)
Re: Help: a logical difficulty (Jonah Thomas)
Eric Young and Tim Hudson join RSA-Australia (Ed Kubaitis)
Re: Sapphire II key length vs. US Export Law ("jay")
Cryptographic spam from Meganet ([EMAIL PROTECTED])
Re: CD Rom Encryption ("jay")
Re: Sapphire II key length vs. US Export Law (Jan Garefelt)
----------------------------------------------------------------------------
From: Philip Gladstone <[EMAIL PROTECTED]>
Subject: Re: One-time pads not secure ? (NSA's Venona project)
Date: Wed, 06 Jan 1999 11:15:46 -0500
> The Venona project was mentioned in the book "Spycatcher" by Peter
> Wright. It says that during WWII, the Soviets ran short of key material
> and used the same "pads" more than once. Their security was compromised
> by reusing the keys, not by any fault in the OTP system.
>
> I don't think that book comments on how the keys were generated.
I recall reading that the Russians had teams of people typing random
characters on typewriters to generate the pads. To make a pad they used
two sheets of paper and carbon paper. To increase production, they
just added two more sheets of paper and carbon paper!
Apparently, the pads were not very random, but they were random enough
to hide the plaintext. [I guess that this means that the entropy of
the underlying text (1 bit per character??) plus the entropy of the
pad was close to or greater than log2 26. [What are the numbers for
russian?]
philip
--
Philip Gladstone +1 781 530 2461
Axent Technologies, Waltham, MA
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: uk.transport,comp.dsp
Subject: commercial digital watermark systems: results?
Date: Wed, 06 Jan 1999 16:11:41 GMT
Reply-To: [EMAIL PROTECTED]
If anyone has had any experience using a commercial digital watermark system
for images, video or audio, I would be interested to hear results regarding
practicality and robustness. I am trying to figure out which to use, and which
to avoid.
Thanx.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: Re: Chosen-Signature Steganography
Date: Wed, 06 Jan 1999 17:50:59 +0100
Signatory wrote:
>
> Two people share a secret 3 digit key and then they part company.
> This key will enable them to recover 3 bits from a signature. Those
> 3 bits form another digit in the key so 4 bits can be recovered in
> the next signature. The 4 bits recovered form another new digit in
> the key, so now the key is 5 digits long. This bootstrapping
> continues until the key has 6 digits and then the private message
> is recovered from all of the remaining signatures, with 6 bits
> recovered from each DSA signatures.
> ..... After these 4 (???) rounds are used to
> establish the 6 digit key, there are much more than 10^6 possible
> interpretations of the messages hidden in the signatures. There
> are more like 10^(6+5+4) possible interpretations, as a rough
> estimate. 10^15 is about 2^48 possible interpretations. This
> level of uncertainty approaches a cryptographic quality level.
If thousands of signed messages are transmitted routinely, you need
two 10-bit numbers to specify
- which message is the starting point, and
- which bits of it should be used.
Thus, the full set of signed messages must be tested with any one of
1000 keys applied to any one of, say, 1000 starting points in this
stream of data items, until the decoding produces readable text. This
is a rather weak cipher with a key space of only 1 million (2^20).
Furthermore, if the first decoded text ends with garbage, it is highly
feasible that this is just the start of another message, which can be
decoded by testing only a few ten thousand possibilities (or much
less, if the initial key is not changed).
The only hope is, that the existence of a hidden message is obscured.
However, the mechanism is rather complicated, and if it is used by
many people, this hope would be illusory. This technique might be an
attempt to create *deniable* cryptography, but for this purpose you
also could simply send a lot of innocent messages which contain a few
letters at specified positions, selected by a secret key number. This
encoding may be done without a computer, so it is very unlikely and
can be denied easily. Or, to avoid this kind of child�s play, use
professional steganography.
Ciao, Gunter
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: One-time pads not secure ? (NSA's Venona project)
Date: Wed, 06 Jan 1999 09:53:30 -0700
Reply-To: [EMAIL PROTECTED]
Serge-Antoine Melanson wrote:
> Hi all,
>
> I once read in Bruce Schneier's "Applied Cryptography" that one-time
> pads were un-breakable but I saw an article on CNN's web site
> about NSA's VENONA project that seems to contradict this:
>
>
>http://www.cnn.com/SPECIALS/cold.war/experience/spies/spy.gadgets/espionage/one-time.pad.html
>
> So did the russians used pseudo-random number generators to print
> those pads or what? If those pads were breakable does it mean their
> characters sequence was not truly random or generated using a
> reproducible process?
>
> /S.A.M.
The OTP's themselves were secure. They were used more than once. One time pad means,
1, one, ONE,
ONE, uno, une, eins, only 1,1,1,1,1, not 1.1 not 2 not 3. It was a protocol failure.
The Venona
stuff makes good reading.
Tony
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Subject: Re: U.S. Spying On Friend And Foe
Date: 6 Jan 1999 15:31:56 GMT
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
)Mike McCarty wrote:
)> I didn't get in on the who quote, so I may be off base. But I
)> *certainly* find it humo(u)rous to find that someone thinks
)> that a Legislative Act can cause secrets to be kept.
)
)A severe law that is enforced can certainly act as a disincentive
)to disobedience.
We have a severe law that is enforced here in the United States. In
fact, some of the law is *itself* secret, and cannot be obtained by
ordinary citizens. (Amazing, that. Probably because the law is illegal
itself, and the legislators don't want us knowing that. Ignorance of
the law *ought* to be a defence when the law is *secret*, or so
obfuscated that an ordinary man cannot understand it, like our Income
Tax "law" (regulations, actually)).
Recently the head of the Central Intelligence Agency (CIA) was
convicted of espionage. He got a huge sentence. Didn't stop him. Note
that. It didn't stop the number one man in charge of secret keeping
from divulging secrets.
I agree that it can provide "disincentive". I disagree that it can
"cause secrets to be kept", which is what I said.
Mike
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: [EMAIL PROTECTED] (JTong1995)
Subject: M-94 Replica
Date: 6 Jan 1999 18:50:55 GMT
As an ACA member with too much free time on my hands, and access to a
fully functional machine shop, I've started work on making a replica of the
M-94 Cipher device (aka. a Jefferson Wheel). It's only going to be a general
(rough) replica made for fun. I made the first disk on a lathe, where it
polished well, but cutting it off from the rest of the cylinder proved too
difficult and time consuming. Now I'm using a drill press and cutting the
disks out of a 1/4 inch plate of aluminum, then polishing the edge of the disk
(where the letters go) on the lathe. I then plan to use a vice, a hammer, and
the letter dies to put the letters around the circumfrence of the disks. A
little hard to line the spacing up exactly, but it's close enough for fun work.
Then some permanent ink into the letter grooves, number the sides of the disk,
run a bolt through the center, and I think I'm done.
I am currently planning on using the 25 disks with the mixed alphabets
found in the SECRET CODE BREAKER I book by Reynard. I was wondering if anyone
knew if these were the historically correct mixed alphabets used on the
original M-94, or were they merely put together by the author to demonstrate
the concept? If I have to choose, I'd prefer to use the historically accurate
ones. Does 25 disks sound like the right number, or where ther 36 disks and 25
were choosen for each days use based on a daily key? Lastly, does anyone know
if the mixed alphabets were simply random ones, or were they choosen in some
way as to make cryptanalysis more difficult? Thanks for any insights. Jeff
Tong
Jeffrey Tong [EMAIL PROTECTED]<Jeffrey Tong>
PGP 5 Key available for download at WWW.PGP.COM Key ID: BFF6BFC1
Fingerprint: 6B29 1A18 A89A CB54 90B9 BEA3 E3F0 7FFE BFF6 BFC1
------------------------------
Crossposted-To:
soc.culture.jewish,soc.culture.israel,news.admin.net-abuse.misc,news.software.nntp,news.admin.censorship
From: [EMAIL PROTECTED] (Fred Cherry)
Subject: SOC.CULTURE.JEWISH IS UNDERGOING AN ATTACK BY NEO-NAZIS!!
Date: Wed, 6 Jan 1999 18:58:20 GMT
Soc.culture.jewish is getting an avalanche of weird messages. The material
below the dashed line is something I posted in a local newsgroup of my
ISP. Something has to be done, but I don't know what.
=============================================================================
From: [EMAIL PROTECTED] (Fred Cherry)
Subject: Re: spam hijack ("BICUSPID...")
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 6 Jan 1999 13:28:21 GMT
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Organization: The World, Public Access Internet, Brookline, MA
Lines: 51
"Phillip Sego" <[EMAIL PROTECTED]> writes:
>The attack, allegedly by "Hipcrime" is fairly widespread, hitting just about
>every moderated NG and *many* unmoderated NGs. Many ISPs are filtering out
>these messages, I'm unsure is STD is getting all of them. There are over
>10,000 of these messages on soc.culture.jewish!
Hipcrime gets accused of a lot of things he is not responsible for. I
don't think that this is from Hipcrime. The only thing Hipcrime ever did
was to repost messages that had been forge-cancelled, and for that I thank
him. I was the victim of this sort of thing from a neo-Nazi.
I do believe that the fact that soc.culture.jewish is getting hit so hard
is that it comes from one of the many Jew-hating neo-Nazis on Usenet.
>I moderate one of the moderated NGs which was hit. As I never got to see
>them on STD (they were cancelled very early this morning), perhaps the
>world's filter is in place.
>Would someone from support let us know how the battle is going, and perhaps
>what steps are being taken to prevent this from reoccuring?
>-- Phil
>Mark A Mandel wrote in message ...
>>This piece of %^&*( showed up in over a dozen threads in
>>comp.speech.users, each time under the name, subject, and apparently
>>header of a (different) legitimate post to that thread. It was not
>>word-wrapped. I forwarded a copy to spam, with headers. I have no idea how
>>to kill a message that is identifiable only in text, not in any header
>>data:
>>
>>: "BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL
>>: BACKSTREET BULLDOGS !!!
>>
>>-- Mark A. Mandel
>>
>>
>>--
>>If you're reading this in a newsgroup: to reply by mail,
>>remove the obvious spam-blocker from my edress.
[EMAIL PROTECTED] (Fred Cherry)
Elector of Homophobia
------------------------------
Date: Wed, 06 Jan 1999 17:12:23 +0000
From: David Crick <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To:
alt.security.pgp,comp.security.misc,talk.politics.crypto,comp.security.pgp.discuss
Subject: Re: symmetric vs various asymmetric [was: DH is "stronger" than RSA?]
Medical Electronics Lab wrote:
>
> > Symmetric RSA *"DH"(EG) ECC
> > ---------------------------------
> > ? ? 1024 ?
> > ? ? 2048 ?
> > ? ? 3072 ?
> > ? ? 4096 ?
> > ? ? 8192 ?
> > ? ? 16384 ?
> > ? ? 32768 ?
> > ? ? 65536 ?
>
> I know how to do ElGamal in EC, but I assume it's different
> for the above table(?).
I was referring to the newer PGP 5/6 keys which are called DH
but I believe are actually ElGamal??
> To repeat your caveat, this is really silly and particularly
> bogus
like the Wassenaar Arrangement? :)
> but it does give an idea of "relative strength" of just
> the mathematics portion of the crypto.
Which is precisely what I was after.
> Patience, persistence, truth,
> Dr. mike
Cheers,
David.
--
+---------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/~vidcad/ |
| Damon Hill WC '96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| Brundle Quotes Page: http://members.tripod.com/~vidcad/martin_b.htm |
| PGP Public Key: (RSA) 0x22D5C7A9 00252D3E4FDECAB3 F9842264F64303EC |
+---------------------------------------------------------------------+
------------------------------
From: Jonah Thomas <[EMAIL PROTECTED]>
Subject: Re: Help: a logical difficulty
Date: Wed, 06 Jan 1999 19:26:46 GMT
[EMAIL PROTECTED] (John Briggs) wrote:
>Suppose we've got a output string O. Its algorithmic complexity
>under algorithm A is x. This means that there is at least one input
>string of length x that produces O when presented as input to A.
>Call this string i.
>And I've got an algorithm B. And I can write an emulator
>for A, presenting it as input to B. Call this emulator e. This
>emulator has length c.
>Then e+i is an input string for B that produces O. Thus the algorithmic
>complexity of O under B can be no more than x+c.
That makes sense.
So, you have a string of length x that produces O presented to A.
And suppose you have a string of length y that produces O presented to B.
And your emulator of B in A gives you length x+c and suppose y<x+c.
Now we can get an emulator of A in B of length d, which gives you length
y+d. Suppose x<y+d.
This leads in a lot of interesting directions. Like, if there's some C
that can't produce O at all, then you must not be able to emulate A or B
in C and so for a lot of purposes we could consider C broken. But where
does it lead for the original question, or your modified question? What
if there's an algorithm D which has a string much shorter than x to
output O? If D is short to emulate in A then it's shorter to emulate D
in A than to use A directly. But if the D emulation is long then it's
better to go with x for A.
So we can choose an algorithm arbitrarily and perhaps find the shortest
string for that algorithm, but we can't necessarily find the shortest
string over all algorithms. Or maybe -- the algorithm E does the
following: Given the input string "1" it outputs O and halts. Given
any other string it emulates A. It can't get much shorter than that
and you can certainly emulate E in A. You can't get much shorter than
"1".
Is there any useful way to measure the complexity of a string apart
from a particular algorithm? I guess it depends on what you want to
use the measurement for. The guy who asked the original question
might have a use in mind that could lead to an appropriate measure.
But plainly algorithmic complexity won't give him what he wants.
------------------------------
From: Ed Kubaitis <[EMAIL PROTECTED]>
Subject: Eric Young and Tim Hudson join RSA-Australia
Date: Wed, 06 Jan 1999 13:44:27 -0600
http://www.news.com/News/Item/Textonly/0,25,30590,00.html
==========================
Ed Kubaitis - [EMAIL PROTECTED]
CCSO - University of Illinois at Urbana-Champaign
------------------------------
From: "jay" <[EMAIL PROTECTED]>
Subject: Re: Sapphire II key length vs. US Export Law
Date: 6 Jan 1999 17:29:01 GMT
fungus <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
>
>
> You're not really adding any. If the enemy knows your "permute"
> algorithm (and you have to assume he does) then he only has to
> try 2^16 keys to find the right one.
>
And if that permutation is secret and changeable, it can be considered part
of the key.
Jay
------------------------------
From: [EMAIL PROTECTED]
Subject: Cryptographic spam from Meganet
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Jan 1999 17:34:54 GMT
Has anyone else received spam from these sleazebags? They sent me bulk
e-mail recently to my "real" (non-Usent posting) e-mail address. Since
it is a farily new account, has never been used for posting to Usenet,
and was prime number related, i can only assume the harvested my
address from GIMP or Chris Nash's website.
I am a biology grad student and participate in the prime number
searches out of interest in primes, but even if i _did_ have some sort
of interest in cryptography software, that doen't excuse such tactics.
------------------------------
From: "jay" <[EMAIL PROTECTED]>
Crossposted-To: alt.binaries.cracks.encrypted
Subject: Re: CD Rom Encryption
Date: 6 Jan 1999 17:32:37 GMT
check out Scramdisk
http://www.hertreg.ac.uk/ss/
Jay
K1LL5W17CH <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> I need to encrypt some folders containing documents and pictures and also
> several programs on a Cd rom.
> I am searching for a strong and fast encryption software if possible a
> shareware.
> Can anyone help me please?
> ...I have not much time and it's really important...
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Jan Garefelt)
Subject: Re: Sapphire II key length vs. US Export Law
Date: 06 Jan 1999 21:01:54 +0100
"jay" <[EMAIL PROTECTED]> wrote in part:
> And if that permutation is secret and changeable, it can be
> considered part of the key.
The question in the original post <[EMAIL PROTECTED]>
was whether a 16-bit key "permuted into" a 64-bit quantity added any
security. It doesn't. It is a Bad Idea that gives 16-bit security,
which is no security at all.
Explaining the problem with 16-to-64-bit expansion with an analogy
could be done in this way:
Our hero "luckless Charlie" is trying to hide in a crowd of 2^16
people, consisting of himself and his friends.
Unfortunately Charlie's persecutor, Snoopy, can perform 2^16 actions
in less time than it takes to say "Crypto restrictions are a far worse
scandal than the Clinton/Lewinsky affair".
Realizing that Snoopy is on their track, each one of Charlie and his
friends rent a room in a spacious 2^64 room hotel.
All Snoopy has to do to find Charlie is to follow the 2^16 tracks made
by Charlie and his friends.
Charlie is still out of luck.
/Jan Garefelt
--
Jan Garefelt [EMAIL PROTECTED]
(You know what part to remove to get my mail address!)
http://www.synernet.com/public/sternlight-faq
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
