Cryptography-Digest Digest #329, Volume #9 Fri, 2 Apr 99 19:13:03 EST
Contents:
Re: Random Walk (Dave Knapp)
Re: Announce - ScramDisk v2.02h ([EMAIL PROTECTED])
Re: Announce - ScramDisk v2.02h (Anonymous)
Re: Random Walk (R. Knauer)
Encrypting Fields in Microsoft Access Database ("Dan")
Cracking Access Database ("Dan")
Re: Random Walk (R. Knauer)
Re: Random Walk (R. Knauer)
Re: Is initial permutation in DES necessary? (John Curtis)
Re: Encrypting Fields in Microsoft Access Database ([EMAIL PROTECTED])
Re: Live from the Second AES Conference (wtshaw)
----------------------------------------------------------------------------
From: Dave Knapp <[EMAIL PROTECTED]>
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 21:32:04 GMT
Herman Rubin wrote:
>
> There is no problem here, until it comes to interpreting data.
> Physicists have major problems with estimation and testing when
> statistical procedures need to be used, and they do not handle
> the problems that well.
Let me second that sentiment strongly! As a physicist, I am constantly
appalled by the lack of statistical knowledge of my peers. I certainly
don't consider myself an expert at statistics, but I seem to know it a
lot better than most physicists.
For a wonderful example of mis-applied statistical analysis in physics,
look up the Zeta particle "discovery" around 1985, or, better yet, look
at the original evidence for neutrons from "cold fusion" published by
Jones. In both cases, faulty statistical analysis resulted in bogus
claims.
-- Dave
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp
Subject: Re: Announce - ScramDisk v2.02h
Date: Fri, 02 Apr 1999 17:41:35 GMT
Peter,
Thanks for the comments. I personally have to take due "credit" for writing
that section. I appreciate the opportunity to reply to the points you raise.
In article <7e2br4$7i3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> It's nice that mr. Simpson and "Aman" continue to work on SD.
> The list of enhancements in v.2.02h looks not too long, so
> I decided to look at new SD manual. Nice pictures... extended
> FAQ appeared... And an interesting section "Theoretical Attacks
> against ScramDisk" now includes comparison of Scramdisk, BestCrypt
> and PGPdisk security level:
>
> "Real security, as provided in SD, cannot be circumvented via this
> strategy: SD doesn't store the type of cipher that is used to encrypt
> the disk in the header (as does BestCrypt, a "competitor" to SD). So,
> basically, for every trial passphrase that you wish to try you have to
> undertake at least 1x SHA-1 operations, 1x block cipher initialise &
> 2x block cipher decryption's FOR EACH CIPHER (there are 10 ciphers).
>
> Thus both of the previously mentioned attacks are FAR harder against
> SD compared to PGPDisk, BestCrypt et al. We conjecture that SD is
> more than 10 times harder to brute force than its competitors."
>
> Ooops... Sam and Aman have discovered a new way to make security
> software 10 times harder to break than "competitor's" products?
>
> Yes. So please keep that way in mind. Never make your software
> using only one algorithm. If you use 10 algorithms or more,
> you can write about other packages as "competitors" (word in
> quotes).
Competitors was put in quotes because we don't really see the other commercial
products as competitors. Each product is aimed at a distinct market.
ScramDisk is free - so we do not have a commercial interest in seeing
ScramDisk succeed.
> Drop away encryption products that use one algorithm
> only. IDEA? Blowfish? CAST? GOST? 3DES? Since today let's believe
> in products that use not one of them, but all of them together
> plus a dozen of some others.
>
> Ok, but what about brute force attack on SD? Is it 10 times slower
> because of hiding algorithms' ID? May be yes in some cases, but it
> is not so obvious as SD authors wrote. Blowfish key initialization,
> for example, is much more longer process than the same process used
> in other algorithms ( For the most optimized implementation -
> 521 iterations of encryption and P-array element re-initialization).
>
> Now we brute force attack SD container and try every algorithm.
> If Blowfish initialization 20 times slower than others, we'll get
> SD attacking just 1.5 times slower than software using only
> one - Blowfish - algorithm.
>
> About direct attacking not password, but encrypted data directly,
> the case looks even more interesting. If we have a bunch of
> algorithms with different key length (from 56 to 256 bits),
> we spent extremely short periods trying 56-bit algorithms
> comparing with 256-bit algorithms. Even if all algorithms
> were 256-bit, it would be the same to use one 260-bit
> algorithms or ten 256-bit algorithms.
>
> IMHO, comparing SD and other encryption products, SD authors
> manipulates by figures and they do that to advertise their
> product. Smells like Snake Oil: get my product with 10
> algorithms (my mixture against 10 diseases), and see how
> funny looks the product with 1 algorithm (mixture against
> 1 disease).
The point of that section of the document was that an adversary is not aware
of which algorithm you use....They have no method of detecting whether TEA,
Blowfish, IDEA, 3DES etc is used. Both PGPDisk & Bestcrypt plainly state the
algorithm employed.
So, to "brute force" a ScramDisk container an adversary has to effectively
try all 10 ciphers, whereas to brute force other products containers they
only have to try 1 cipher. Is this snake oil? No.
I agree though, maybe the section isn't as clear as it could be....
> Sorry for my critics, it seems that SD authors could use
> a way of improvement their software to get it better than
> competitors'. If they can. But not the way of incorrect
> comparisons - it just brings a negative impression on
> SD itself.
>
> Best regards,
> Peter
Regards,
Sam Simpson
Comms Analyst
-- http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Sat, 3 Apr 1999 00:47:32 +0200 (CEST)
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Announce - ScramDisk v2.02h
Crossposted-To: alt.security.pgp
On Fri, 02 Apr 1999 14:51:15 GMT [EMAIL PROTECTED] (aman) wrote:
:On Fri, 02 Apr 1999 12:05:58 GMT, [EMAIL PROTECTED] wrote:
:
:[snip]
:
:Scramdisk is not a commercial product, and we don't care if people use
:it or not. It is up to them to make their own mind up.
:
:To be honest, I sometimes wonder why I bothered.....
:
:Aman.
:
I'm glad you did bother Aman.
The program that you have created and allow others to freely make use of is
one more obstacle in the way of the those that would prefer to ensure that a
persons right to privacy is ebbed away in the name of political expediency.
Your contribution (IMHO) is a worthwhile one and I for one thank-you for it.
Never let the knockers get you down ;)
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 22:59:52 GMT
Reply-To: [EMAIL PROTECTED]
On 2 Apr 1999 12:59:21 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>Suppose that one has a RNG, and occasionally
>inserts parity bits, but never after one bit. The result will
>have no bias and zero correlation.
Please elaborate on that. When are the parity bits inserted - other
than never after one bit?
>Probabilists assume that they are working with a particular
>probability model, while statistics deals with the case that
>one does not know the model fully.
Yet they make certain assumptions about the distribution in order to
make inferences from an infinitesimally small sample of data compared
to the full ensemble of possibilities.
It is my claim that there can be no classical model distribution for
true randomness, and therefore you do not know if you can make such
assumptions and arrive at such inferences as with pseudo-random models
for finite sequences.
>This seems to be some of the problem. We are in full agreement
>as to what an ideal TRNG should be, but I do not believe that
>one exists. Rather, we can try to come close, and we have to
>test to see that this is done.
I agree with the first part of your statement, but I do not see how
the second part is valid.
I have not seen a case made that you can infer the properties of true
randomness, even in an approximation, from statistical tests. All you
can do is infer pseudo-randomness, and I claim that is not good
enough, not even for a sequences.
Can show the connection between pseudo-random models and true
randomness is accurate enough, even in approximation, to make levels
of confidence have any validity?
>There is no problem here, until it comes to interpreting data.
>Physicists have major problems with estimation and testing when
>statistical procedures need to be used, and they do not handle
>the problems that well.
Maybe that's because we are suspicious of statistical methods.
For one thing, there is no a priori guarantee that statistical methods
even operate in the same space as quantum events, since statistics is
classical and QM is not.
>It is not randomness which is being characterized or tested for,
>but certain aspects. If one states that all observations form a
>stochastic process, with no restrictions, this cannot be rejected.
>However, this statement would be completely useless.
What aspects of true random number generation are so compelling that
when when measured on an infinitesimally small fraction of the
ensemble, their lack would be cause you to reject a TRNG with
reasonable certainty?
>It is not based on pseudo-randomness. The property of a good
>statistical test are that it will rarely reject if the model is
>correct, and will rarely accept if the model is sufficiently bad.
>It may be a good idea to choose a test which will accept often
>if the model is slightly wrong.
If these statistical tests for non-randomness of a TRNG process are
not based on pseudo-randomness, then what are they based on? They have
to be based on something. What is it, if not pseudo-randomness?
>Statistics usually is done on finite objects.
Oh, I fully realize that, but there must be a model somewhere which is
taken to infinity to get useful properties from it upon which to base
the validity of the tests. The expectation, for example, is based on
an infinite limit.
What is that model and why is it assumed that its properties at
infinity have any validity for an infinitesimally small sample of
finite sequences. The law of large numbers makes a number of
assumptions which I do not believe apply to true randomness on an a
priori basis.
Bob Knauer
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl. Anyway the bitch set me up."
- Marion Barry, Mayor of Washington DC
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Subject: Encrypting Fields in Microsoft Access Database
Date: Fri, 2 Apr 1999 18:15:46 -0500
Can someone recommend a good encryption program with source code written in
Visual Basic.
I am writing a program that accesses data stored in a Microsoft Access
database and need to find better encryption than that which I am currently
using. Most of the stuff I have seen is written in C, but unfortunately I
don't know much about C.
What I am doing is storing the data in an encrypted form within the field
and decrypting it just before I display it in the output, also when the
program needs to do a search within the data I merely encrypt the text from
the input source and search using the encrypted text (pattern matching)
While I am somewhat new to the area of encryption, I do have a basic grasp
on the concept, and have written several pieces of code that encrypt/decrypt
in various ways. However, this is very easily broken as I only shift the
ASCII character by 128 and reverse the text string, alternatively I also use
a method where I can assign a unique key to each of the character positions
within the text string but this too can be broken by simply using
differential comparison.
Thanks,
Dan [EMAIL PROTECTED]
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Subject: Cracking Access Database
Date: Fri, 2 Apr 1999 18:21:12 -0500
I have a Microsoft Access 2.0 database that I have lost tha password to,
unfortunately It is locked up tight. (Admin permissions removed, etc...)
Is there a program or method of attacking this database and recovering the
data it contains?
Thanks,
Dan [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 23:20:05 GMT
Reply-To: [EMAIL PROTECTED]
On 2 Apr 1999 13:07:51 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>According to quantum mechanics, whatever observations are taken
>satisfy standard probability theory.
There is an entanglement term that has no classical analog. As one
poster pointed out earlier, it is responsible for the interference
effects in the double slit experiment. Remove the entanglement term
and QM become classical - and there are no quantum effects.
>What happens between observations does not admit an explanation of that manner.
Before the measurement the system evolves according to a deterministic
unitary transformation which obeys the Schrodinger equation. It is the
measurement itself that randomly collapses the wave vector to one of
the possible states in a completely non-deterministic manner.
>There is no joint distribution of quantities which are not
>simultaneously observable.
There is a commutator relation that gives the joint distribution of
the two non-commuting variables. For example, the Heisenberg
uncertainty expression relates the variances of the two random
variables in an inequality relationship. There is also a similar
relationship between entropies which Cerf and Adami claim has validity
to the quantum measurement process.
>>Are you saying that true randomness cannot be modeled mathematically?
>>Hell, I have been arguing that for several months now.
>Not at all.
OK, if true randomness cannot be modeled mathematically, where do you
get the rationale for claiming that classical statistical tests can
determine non-true-randomness with reasonable certainty, even within a
calculated level of confidence?
>It is just that the universe is likely to be more
>complicated than the simplest models.
What if the underlying reason that a measurement acts randomly is that
the system upon which that measurement is made is entangled in some
fashion with the *entire* universe, in which case it would be
impossible to know anything about it because in attempting to
determine the state of the universe, you would disturb it and change
the measurement to something else which is also truly random?
IOW, true randomness and its manifestation in the measurement process
is the consequence of the entire universe making a contribution to the
measurement, instead of just local influences. I believe that such
thinking leads to negative entropy for the system under measurement
with positive offsetting entropy for the measurement instrument, and
the latter entropy is why the measurement is truly random.
Under this way of thinking, when a radioactive nucleus decays, it
decays at a particular (truly random) instant because the entire
universe "conspired" caused it to decay at that instant. Any attempt
to determine that instant will require knowing the exact state of the
universe, which means that other measurements to determine it will
necessarily disturb the state of the universe, causing the nucleus to
decay at some other random instant. Therefore the instant of decay
cannot be known - it is truly random.
Bob Knauer
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl. Anyway the bitch set me up."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Fri, 02 Apr 1999 23:25:30 GMT
Reply-To: [EMAIL PROTECTED]
On 2 Apr 1999 13:21:41 -0500, [EMAIL PROTECTED] (Herman
Rubin) wrote:
>The mathematics of infinitesimal quantum transformations is
>not yet known, except in non-relativistic terms.
Yet the mathematics of the actual measurement process is not known,
not even in the non-relativistic case. I believe it is intrinsically
unknowable, in the same way that Turing halting problem or Chaitin's
indeterminancy is intrincially unknowable. I believe that reason is
that the system is entangled (in the strict meaning of that term in
the EPR sense) with the entire universe, and therefore cannot be known
because the state of the universe cannot be known. If you attempt to
determine the state of the entire universe you will change the
information in it and change the entanglement of the measured system,
destroying the knowledge of the very thing you were trying to
determine.
Bob Knauer
"First, it was not a strip bar, it was an erotic club. And second,
what can I say? I'm a night owl. Anyway the bitch set me up."
- Marion Barry, Mayor of Washington DC
------------------------------
From: [EMAIL PROTECTED] (John Curtis)
Subject: Re: Is initial permutation in DES necessary?
Date: 2 Apr 1999 23:15:59 GMT
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED]
(John Savard) writes:
>
>Thus, it is enough to note that the U. S. Government is a very big
>organism, the left and right hands of which could well not know what the
>other one is doing: no overarching conspiracy need be hypothesized.
>
True enough. Or, as Al Gore (in his only funny line to date)
says: "The right hand doesn't know what the far right hand
is doing."
ciao,
jcurtis
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Encrypting Fields in Microsoft Access Database
Date: 2 Apr 1999 23:43:24 GMT
If you want to do encryption, you will need to use C. VB lacks powerful
bit-bashing operators (AFAIK it doesn't have bit shifting) and forces
you to use signed operators. I try to build a DLL with the crypto written
in C. I don't { know | do | like } Windows, so I can't help you any more.
>
> Encrypting Fields in Microsoft Access Database
>
> From: "Dan" <[EMAIL PROTECTED]>
> Reply to: "Dan"
> Date: Fri, 2 Apr 1999 18:15:46 -0500
> Newsgroups:
> sci.crypt
> Followup to: newsgroup(s)
>Can someone recommend a good encryption program with source code written in
>Visual Basic.
>
>I am writing a program that accesses data stored in a Microsoft Access
>database and need to find better encryption than that which I am currently
>using. Most of the stuff I have seen is written in C, but unfortunately I
>don't know much about C.
>
>What I am doing is storing the data in an encrypted form within the field
>and decrypting it just before I display it in the output, also when the
>program needs to do a search within the data I merely encrypt the text from
>the input source and search using the encrypted text (pattern matching)
>
>While I am somewhat new to the area of encryption, I do have a basic grasp
>on the concept, and have written several pieces of code that encrypt/decrypt
>in various ways. However, this is very easily broken as I only shift the
>ASCII character by 128 and reverse the text string, alternatively I also use
>a method where I can assign a unique key to each of the character positions
>within the text string but this too can be broken by simply using
>differential comparison.
>
>Thanks,
>
>Dan [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Live from the Second AES Conference
Date: Fri, 02 Apr 1999 17:09:43 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> [EMAIL PROTECTED] (wtshaw) wrote, in part:
>
> >Let me get the title right, not Paint Your Wagon, but, The Hallelujah Trail.
>
> Oh, dear; then the AES wasn't born under a wandering star...
>
The crypto debate seems to have the various elements: The military, the
indians, the temperance women, the miners...were there others? The
military is the same, the indians represent those who want to use crypto
in wild ways, the temperance gang is those that want to protect us from
ourselves, and the miners are the cipherpunks.
--
Too much of a good thing can be much worse than none.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
