Cryptography-Digest Digest #337, Volume #9 Sun, 4 Apr 99 14:13:03 EDT
Contents:
DES-source (Pontus)
RC4 test ([EMAIL PROTECTED])
"Kryptos" sculpture (Sundial Services)
Re: ---- Two very easy secret key Cryptosystems (Sundial Services)
Re: GPS, encrypted data base and mushroom hunting (Sundial Services)
Secure Device - how secure? ([EMAIL PROTECTED])
Re: quick RSA key generation question (DJohn37050)
Re: Diffie Hellman - avoiding the man in the middle (DJohn37050)
Re: What is fast enough? ("Craig Clapp")
Re: Is initial permutation in DES necessary? (Sundial Services)
Re: "Kryptos" sculpture ([EMAIL PROTECTED])
Re: is it true that Irish teen found crypto alg faster that RSA (Kent Briggs)
Re: Random Walk (Herman Rubin)
Re: is it true that Irish teen found crypto alg faster that RSA (Kent Briggs)
Re: Random Walk (R. Knauer)
Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK? (Matthias Bruestle)
Re: Random Walk ("Trevor Jackson, III")
Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK? ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: Pontus <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: DES-source
Date: Sun, 04 Apr 1999 16:25:29 +0200
Anyone here that can point me to some source to some DES-enrytption...
------------------------------
From: [EMAIL PROTECTED]
Subject: RC4 test
Date: Sun, 04 Apr 1999 14:27:13 GMT
I would like to test the security of RC4, that is why I propose this mini
challenge. I have encoded a message with a key I picked, I would like to see
how long it takes to retrieve. The key is 40 bits long, so I couldn't imagine
it taking long...
The ciphertext is:
72 48 FC B6 76 FB 2C 10 13 2A 15 F8
The plaintext is a text message, so you should be able to detect it.
Source code for the RC4 encryption I used is available at:
http://members.tripod.com/~tomstdenis/rc4.c
I am willing to help (except giving the key...).
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Date: Sun, 04 Apr 1999 08:07:43 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: "Kryptos" sculpture
Has anyone published other clues about the Kryptos sculpture that stands
in front of the CIA building?
------------------------------
Date: Sun, 04 Apr 1999 08:16:25 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ---- Two very easy secret key Cryptosystems
Ian Goldberg wrote:
> >kctang8 wrote:
> >>But for some reasons, I *HAVE TO* to know how to crack, if possible, the
> >>above mentioned very easy secret key cryptosystems.
> >
> >It is quite obvious that kctang8 wants to know _exactly_ how this system
> >would be broken. IMHO, it would be a disservice to kctang8 to skip this
> >additional point. Although a solution may be obvious to you, a newcomer
> >may fail to see the problem when their code did not work.
>
> But since, with high probablility, the reason kctang8 *HAD TO* know how
> to crack the toy systems was that they were homework questions in a
> crypto (or number theory) course, I don't think bobs needs to go into
> any further detail...
Well how about the hundreds of thousands of other people around the
world who might be following this thread and/or who may encounter it
several years from now on DejaNews? Discussion of methodologies for
cracking systems is part of the meat-and-potatoes of this group, and
everyone starts with simple systems.
------------------------------
Date: Sun, 04 Apr 1999 08:20:21 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: GPS, encrypted data base and mushroom hunting
wtshaw wrote:
> But, I suppose you would need to have all parties agree in advance where
> the boundaries actually were.
Probably in Macedonia right now, the boundary is wherever the man with
the gun is, particularly if he's pointing it at you.
Pray for peace in a troubled land. :-/
------------------------------
From: [EMAIL PROTECTED]
Subject: Secure Device - how secure?
Date: Sun, 04 Apr 1999 13:15:50 GMT
How secure is the program, Secure Device. This program allows the use
of a IDEA encrypted virtual hard drive (similar to Scram Disk). All
comments appreciated!
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: quick RSA key generation question
Date: 4 Apr 1999 15:22:12 GMT
Bob, Also mention the SQROOT(2) method for sizes of p and q in X9.31.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Diffie Hellman - avoiding the man in the middle
Date: 4 Apr 1999 15:24:11 GMT
See IEEE P1363 for a discussion of all/most of these things. There are many
details you are missing that could make things insecure.
Don Johnson
------------------------------
From: "Craig Clapp" <[EMAIL PROTECTED]>
Subject: Re: What is fast enough?
Date: Sun, 4 Apr 1999 11:14:06 -0400
Paul Koning wrote in message <[EMAIL PROTECTED]>...
>There was a paper some time ago (forgot the details) that discussed
>how various cypher designs fare in highly pipelined processors.
>RC4, for example, has a lot of data dependency stalls; other
>cyphers that superficially seem slower allow for a higher degree
>of pipelining. You might not notice that on a Pentium, but if you
>use high end Alphas that have several integer functional units, it
>becomes an issue.
You may be thinking of papers (1) or (2) below.
Paper (1) discusses, in general terms, performance issues affecting RC4,
SEAL, RC5, Blowfish, Khufu/Khafre, IDEA, and DES on the Pentium.
Paper (2) includes critical-path and parallelism analyses of RC4, SEAL,
and WAKE.
The recent paper (3) performs a detailed critical-path analysis and
parallelism study on several of the AES candidates, specifically Crypton,
E2, Mars, RC6, Rijndael, Serpent, Twofish.
(1) B. Schneier and D. Whiting, "Fast Software Encryption: Designing
Encryption Algorithms for Optimal Software Speed on the Intel
Pentium Processor", Fast Software Encryption, Fourth International
Workshop Proceedings (Ed. E. Biham), LNCS 1267, Springer-Verlag,
1997, pp. 242-259
http://www.counterpane.com/fast_software_encryption.html
(2) C. S. K. Clapp, "Optimizing a Fast Stream Cipher for VLIW, SIMD,
and Superscalar Processors", Fast Software Encryption, Fourth
International Workshop Proceedings (Ed. E. Biham), LNCS 1267,
Springer-Verlag, 1997, pp. 273-287
http://standard.pictel.com/ftp/research/security/widerwake.pdf
(3) C. S. K. Clapp, "Instruction-level Parallelism in AES Candidates",
Second AES Candidate Conference, March 22-23, 1999, Rome, Italy.
http://csrc.nist.gov/encryption/aes/round1/conf2/papers/clapp.pdf
>Similarly, not every chip has one cycle load/store even with cache
>hits, and analyses that assume one cycle loads may be misleading.
Papers 2) and 3) use three cycles for load latency, which I believe is
characteristic of L1 cache accesses in Pentium II and Alpha CPUs.
------------------------------
Date: Sun, 04 Apr 1999 08:18:47 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is initial permutation in DES necessary?
Douglas A. Gwyn wrote:
>
> John Savard wrote:
> > I have heard it claimed that an early design of DES ...
> Although I know a lot more about the
> Agency's role in the development of DES than I said some time
> back, the rules don't allow me to say more. However, it sure
> wasn't an evil conspiracy to snoop on the American public.
> (As they say in Sneakers, "No, that's the FBI" :-)
I believe that as time goes by and some of the attacks on DES are
re-discovered by the public, it has become quite clear that the design
was a very good one... and still is. It does, indeed, give excellent
security to all kinds of data -- not against the NSA, perhaps, but good
enough to be the linchpin of financial dealings worldwide.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "Kryptos" sculpture
Date: Sun, 04 Apr 1999 16:11:42 GMT
> Has anyone published other clues about the Kryptos sculpture that stands
> in front of the CIA building?
>
What is the sculpture? Wouldn't it be easy to use a OTP or other cipher (RC4
with 256 bit key...) and have no one ever crack it?
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: is it true that Irish teen found crypto alg faster that RSA
Date: Sun, 04 Apr 1999 16:42:40 GMT
Thirteen wrote:
> Nelson G. Rich wrote:
> >
> > Please excuse me for this if by now it's old hat, but is it true that a 16
> > year old Irish gal has found an algorithm that's faster than RSA?
> > Can anyone point me to accurate source?
> >
> > Thanks.
>
> That is only a rumor. There are many algorithms faster than RSA
> that are not rumors, they are well documented. The rumor you speak
> of was in the press a few months ago, but they never described
> the algorithms in detail.
CBS also featured her in a segment on last week's "48 Hours" TV news magazine in
a show about inventors who struck it rich (or were about to). Still no details
given other than her claim that it was 33 times faster than RSA. She's 17 now.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Random Walk
Date: 4 Apr 1999 11:22:54 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On 2 Apr 1999 12:59:21 -0500, [EMAIL PROTECTED] (Herman
>Rubin) wrote:
...............
>Oh, I fully realize that, but there must be a model somewhere which is
>taken to infinity to get useful properties from it upon which to base
>the validity of the tests. The expectation, for example, is based on
>an infinite limit.
>What is that model and why is it assumed that its properties at
>infinity have any validity for an infinitesimally small sample of
>finite sequences. The law of large numbers makes a number of
>assumptions which I do not believe apply to true randomness on an a
>priori basis.
Statistics deals with what to do with a finite sample. Probability
discusses quite a bit about infinite samples, but this is also not
relevant to the problem.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: is it true that Irish teen found crypto alg faster that RSA
Date: Sun, 04 Apr 1999 16:47:54 GMT
Kent Briggs wrote:
> CBS also featured her in a segment on last week's "48 Hours" TV news magazine in
> a show about inventors who struck it rich (or were about to). Still no details
> given other than her claim that it was 33 times faster than RSA. She's 17 now.
For what it's worth, I recognized two red books on her bookshelf during the
interview: Schneier's "Applied Cryptography" and Stinson's "Cryptography, Theory and
Practice".
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Random Walk
Date: Sun, 04 Apr 1999 16:54:17 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 04 Apr 1999 10:07:08 -0400, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Random, in this discussion, means unpredictable.
If you mean *Absolute Unpredictability* then I agree. But how do you
model Absolute Unpredictability mathematically? It is intimately tied
up with the notion of True Randomness, and cannot be characterized by
mathematical tests.
The specification for the TRNG is really the specification for
Absolute Unpredictability. That's what makes it applicable to crypto.
>Determinism does not imply
>predictability. It is necessary, but not sufficient. Preditability
>requires both determinism and information about the initial conditions.
Deterministic processes *could* become predictable, and therefore they
are not Absolutely Unpredictable. By contrast, quantum processes are
Absolutely Unpredictable.
>Madern physical threoies may have the property that they are
>non-deterministic.
I think it is a safe bet that QM is such a theory. The fact that the
brightest minds in history have found no hidden variable theories that
work anywhere as well as QM in a century of investigation is prima
facie evidence of that.
God does indeed play dice with the Universe. The best of all possible
Universes is one that is completey random at its foundations.
>If this is true then they are good sources for
>unpredictability because the postulate of non-determinism yeilds a
>conclusion (proof) of unpredictability.
BINGO!!! That is absolutely correct!
Quantum random processes, by virtue of their complete non-determinism,
are indeed sources of Absolute Unpredictability.
>OTOH, classical systems are unpredictable due the the lack of
>information on initial conditions. Sun's lava lamps could, in theory,
>be completely modeled deterministicly, yet the input bandwidth,
>including such things as power line noise, radiant heat from the
>presence of observers (inspectors), would be ridiculously large. The
>model would be just a hash on that input stream.
You are pointing out that *for practical purposes*, classical chaotic
processes, like the Lavarand generator, are exceedingly good sources
of nearly true randomness for purposes of most crypto applictions.
Of course you cannot prove with certainty, because you cannot rule out
properties of the system that exhibit some hidden patterns which could
be used by a crytpanalyst. But it is *reasonably certain* that such a
TRNG is suitable based on a design audit and diagnostics of its
subsystems.
BTW, I do not believe it is either necessary nor is it advisable to
hash the raw output. In the first place, is has not been proven that
hashing does not "introduce" non-random characteristics (in the sense
of distilling such patterns in the hash process, making them more
prominent), and furthermore, if the TRNG were built properly there
would be no need to hash the output.
But that issue has been discussed before, and no prevailing consensus
emerged - so it shall remain an open issue for now.
>Is this predictable? Hardly. It is not provably unpredictable the same
>way non-deterministic systems are, but there is no reason to believe
>that anyone could actually predict the input stream in practice.
Notice that your (correct) "reasonable certainty" that you just stated
comes from a design audit and diagnostics of the subsystems - not from
any statistical testing of the output, or other theoretical bullcrap.
>Given
>the postulate specifying this lack of information regarding initial
>conditions we can prove that the resulting classical system is
>unpredictable.
I would not go THAT far. There could be hidden patterns, such as
non-parametric properties, that could aid the cryptanalyst. Those
properties would not depend on initiial conditions.
IOW, just because there is reasonable certainty that a cryptanalyst
could never predict the keystream by calculating it parametrically, he
could still break the cipher by exploiting hidden patterns that are
determined non-parametrically.
With quantum process, that is findamentally impossible. There are no
hidden patterns in quantum random processes. There is no hidden
variables in QM. That's why quantum random processes are truly random.
>Note that I prefer fish tanks to lava lamps.
I'll take quantum computers any day - then I know there will never
come a day when the cryptosystem will be broken.
Bob Knauer
"The brave men who died in Vietnam, more than 100% of which were
black, were the ultimate sacrifice."
- Marion Barry, Mayor of Washington, DC
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK?
Date: Sun, 4 Apr 1999 15:00:02 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> > for( i=10+1; i--; *p++=*q++ );
> memcpy(p, q, 10);
*BZZZZT*
memcpy( p, q, 10*sizeof(int) );
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Das Leben ist zu kurz um eine lange Leitung zu haben.
------------------------------
Date: Sun, 04 Apr 1999 14:00:07 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Random Walk
R. Knauer wrote:
>
> On Sun, 04 Apr 1999 10:07:08 -0400, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
>
> >Random, in this discussion, means unpredictable.
>
> If you mean *Absolute Unpredictability* then I agree. But how do you
> model Absolute Unpredictability mathematically? It is intimately tied
> up with the notion of True Randomness, and cannot be characterized by
> mathematical tests.
It is ertremely simple. Unpredictability means inability to predict.
Absolute unpredictability means zero correlation between guesses
(predictions) and actual outcomes.
You model this mathematically as zero information.
You model this physically as 100% entropy. (lack of order on which a
prediction could be based).
>
> The specification for the TRNG is really the specification for
> Absolute Unpredictability. That's what makes it applicable to crypto.
>
> >Determinism does not imply
> >predictability. It is necessary, but not sufficient. Preditability
> >requires both determinism and information about the initial conditions.
>
> Deterministic processes *could* become predictable, and therefore they
> are not Absolutely Unpredictable. By contrast, quantum processes are
> Absolutely Unpredictable.
>
> >Madern physical threoies may have the property that they are
> >non-deterministic.
>
> I think it is a safe bet that QM is such a theory. The fact that the
> brightest minds in history have found no hidden variable theories that
> work anywhere as well as QM in a century of investigation is prima
> facie evidence of that.
The brightest minds of multiple millenia thtought the earth was flat in
spite of observations over a thousand years old that indicated
otherwise. QM is young. The modern foundations are only half a century
old (Feynman's history integration cirra '47-48 I think).
>
> God does indeed play dice with the Universe. The best of all possible
> Universes is one that is completey random at its foundations.
>
> >If this is true then they are good sources for
> >unpredictability because the postulate of non-determinism yeilds a
> >conclusion (proof) of unpredictability.
>
> BINGO!!! That is absolutely correct!
>
> Quantum random processes, by virtue of their complete non-determinism,
> are indeed sources of Absolute Unpredictability.
>
> >OTOH, classical systems are unpredictable due the the lack of
> >information on initial conditions. Sun's lava lamps could, in theory,
> >be completely modeled deterministicly, yet the input bandwidth,
> >including such things as power line noise, radiant heat from the
> >presence of observers (inspectors), would be ridiculously large. The
> >model would be just a hash on that input stream.
>
> You are pointing out that *for practical purposes*, classical chaotic
> processes, like the Lavarand generator, are exceedingly good sources
> of nearly true randomness for purposes of most crypto applictions.
>
> Of course you cannot prove with certainty, because you cannot rule out
> properties of the system that exhibit some hidden patterns which could
> be used by a crytpanalyst. But it is *reasonably certain* that such a
> TRNG is suitable based on a design audit and diagnostics of its
> subsystems.
Yes I can. The predictability of the system is swamped by the
inpredictability of the input. This has not been proven, but that
indicates a lack of effort rather then a lack of possibility.
>
> BTW, I do not believe it is either necessary nor is it advisable to
> hash the raw output. In the first place, is has not been proven that
> hashing does not "introduce" non-random characteristics (in the sense
> of distilling such patterns in the hash process, making them more
> prominent), and furthermore, if the TRNG were built properly there
> would be no need to hash the output.
Yes there would. Hashing increases the entropy density, a desirable
quality.
>
> But that issue has been discussed before, and no prevailing consensus
> emerged - so it shall remain an open issue for now.
No. Hashing is a Good Thing.
>
> >Is this predictable? Hardly. It is not provably unpredictable the same
> >way non-deterministic systems are, but there is no reason to believe
> >that anyone could actually predict the input stream in practice.
>
> Notice that your (correct) "reasonable certainty" that you just stated
> comes from a design audit and diagnostics of the subsystems - not from
> any statistical testing of the output, or other theoretical bullcrap.
>
> >Given
> >the postulate specifying this lack of information regarding initial
> >conditions we can prove that the resulting classical system is
> >unpredictable.
>
> I would not go THAT far. There could be hidden patterns, such as
> non-parametric properties, that could aid the cryptanalyst. Those
> properties would not depend on initiial conditions.
No. A deterministic system is completely determined. A
non-deterministic system has at least some aspects that are not
completely determined by the algorithm. *ANY* source of indeterminism
renders a system non-deterministic.
We do not care that there are patterns in the data. We do not care that
some of the data is biased, correlated, or predictable. We only care
that some measurable aspect of the system's behavior is *not*
predictable. Given that, we can distill it to complete
unpredictability. I believe this is provable.
>
> IOW, just because there is reasonable certainty that a cryptanalyst
> could never predict the keystream by calculating it parametrically, he
> could still break the cipher by exploiting hidden patterns that are
> determined non-parametrically.
>
> With quantum process, that is findamentally impossible. There are no
> hidden patterns in quantum random processes. There is no hidden
> variables in QM. That's why quantum random processes are truly random.
>
> >Note that I prefer fish tanks to lava lamps.
>
> I'll take quantum computers any day - then I know there will never
> come a day when the cryptosystem will be broken.
*REALLY*? Before you post again please review the history of OTP usage
and catalog the failures due to inadequate RNGs and all the rest.
Keystream flaws are lost in the rounding of that summary.
------------------------------
Date: Sun, 04 Apr 1999 14:06:17 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: RC4 CAN SOMEONE TELL ME IF THIS WILL WORK?
Matthias Bruestle wrote:
>
> Mahlzeit
>
> [EMAIL PROTECTED] wrote:
>
> > > for( i=10+1; i--; *p++=*q++ );
>
> > memcpy(p, q, 10);
>
> *BZZZZT*
>
> memcpy( p, q, 10*sizeof(int) );
*** WRONG ***
memcpy( p, q, 10*sizeof (*p) );
>
> Mahlzeit
>
> endergone Zwiebeltuete
>
> --
> PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
> --
> Das Leben ist zu kurz um eine lange Leitung zu haben.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
