Cryptography-Digest Digest #367, Volume #9 Sat, 10 Apr 99 10:13:03 EDT
Contents:
Re: Wanted: Why not PKzip? (David A Molnar)
Re: Test vector repository--specifically, help with a broken Blowfish ("Douglas A.
Gwyn")
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: Douglas A. Gwyn : True Jerk ("Douglas A. Gwyn")
Re: True Randomness & The Law Of Large Numbers ("Franzen")
list of data security (alex)
credit card encryption? (alex)
Re: "Biprime Cryptography" to replace RSA? ([EMAIL PROTECTED])
Speeding up Geometric Identification ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers (Herman Rubin)
----------------------------------------------------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc
Subject: Re: Wanted: Why not PKzip?
Date: 9 Apr 1999 17:31:02 GMT
In sci.crypt Arthur N. Klassen <[EMAIL PROTECTED]> wrote:
> spamless' example at the end of that post suggested)? or are there eight
> bytes of boilerplate to be had in any zip-compressed file?
Does your .ZIP contain a MS word or other Office file? Then if I know
your Ethernet address, I know the ID Office attaches to it to render it
'unique'. More than eight bytes. Whoops.
Does your .ZIP contain an .EXE file which happens to include a well-known
C library? Even a predictable sequence of instructions?
Do you have a plain text file, no headers or anything, in the ZIP ?
Well, say it's a letter you begin with "Dear Ali" and you sent the
zip to [EMAIL PROTECTED]
I can't remember whether the 8 byte figure is before or after the couple
of bytes you get from the minor fact that PKZIP sends headers in the clear
and encrypted. Even so, it's really small.
> Methinks I should do some research here, but I would be willing to guess
> that totally unique files not disclosed anywhere else could be "safely
> enough" encrypted using Zip + passphrase. Am I out to lunch here?
I think the problem is that very few files are "totally unique." You need
it to be unpredictable for all but seven or fewer bytes. This is really
hard, especially when dealing with known file formats, known headers, etc.
etc. etc.
-David
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Test vector repository--specifically, help with a broken Blowfish
Date: Sat, 10 Apr 1999 07:03:11 GMT
Nathan Kennedy wrote:
> Boris Kazak wrote:
> > Dear friend, in 99.9% of all C compilers "int" are 16 bit wide.
> > You better declare your P,S,L,R and other goodies as "unsigned long",
> > then only you might get a slim chance of your program working.
> > Also in "printf" you'd better declare the format as %lx, then it
> > will print 8 hex places.
> What did I say? Hmmm, perhaps I said:
> > Enclosed is my implementation of Blowfish. probably not very portable
> > across architectures but I'm trying to get it to work right first.
> Now, maybe broken PC compilers only have 16 bit ints, but I have about 0
> interest in portability to them. Cockroaches outnumber humans more than
> 100 to one, but I'm not interested them either. I highly debate your 99%
> figure anyway.
Certainly Boris is wrong in his estimate of the prevalence of
16-bit "int" in C implementations, but, Nathan, the point is
that you should be aware that this is an area where implementations
do vary. It is really not hard to avoid such implementation
dependencies. One technique is to use (or create your own)
header <inttypes.h>, which is slated to become standard soon,
and when you need specific integer sizes, use the types defined
by that header, e.g. uint32_t for an unsigned 32-bit integer type.
(There are corresponding format modifiers, etc. in the header.)
That way, you don't have to edit all your source code when
porting to a new environment (or even a different compiler mode
in the same environment); even if you have to provide your own
<inttypes.h>, it centralizes all this knowledge of the "right"
types to be used to match the specified properties, so editing
it once and for all adapts all your code to the new environment.
There is a lot more to programming portability than this,
but it's a good start.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sat, 10 Apr 1999 06:43:20 GMT
"R. Knauer" wrote:
> Good grief, now we are getting distributions of distributions.
Distributions of distributions are extremely important;
so much so that early innovations in their theory pioneered
by Alan Turing were treated as State secrets for a decade
(I.J. Good first published a paper on this in Biometrika
in 1950, without mentioning the cryptanalytic applications).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Douglas A. Gwyn : True Jerk
Date: Sat, 10 Apr 1999 06:53:53 GMT
"R. Knauer" wrote:
> Some twit posted a header like the one above but with my name. I
> ignored it. Gwyn deliberately posted to it to propagate it. I
> responded in kind.
> Get your facts straight ...
You're not one to give such advice, when you don't have *your*
facts straight!
I no more "deliberately posted to propagate" the Subject header
for "R. Knauer: True Jerk" than I posted (twice now) to propagate
*this* Subject header. I generally leave the Subject header
alone so that people's newsreader interfaces will properly thread
responses onto the articles to which they are responses.
(It's called "consideration for others".)
------------------------------
From: "Franzen" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sat, 10 Apr 1999 04:43:53 -0500
Bob Knauer previously wrote:
>>>There will always be flaws which disturb the process and give
>>>it some small amount of non-randomness, such as slight 1-bit bias.
On Tue, 6 Apr 1999 00:51:02 -0500, "Franzen" <[EMAIL PROTECTED]> wrote:
>>Just what is 1-bit bias in your view? Most of the concepts you present as
>>parts of your current position I can visualize; your bias concept I
cannot.
>1-bit bias is measured by the distance from the origin in the random
>walk. It is the excess of one bit over the other. There are other
>kinds of bias, such as 2-bit bias, etc. Borel normality applies to all
>possible bit-group biases.
I do a fair coin toss one million times in a row and record the results. I
end up with 500,367 heads. Repeating the same process once more, I end up
with exactly 500,000 heads.
According to your definition, is either of these two results biased? 1-bit,
2-bits, etc?
---
Douglas McLean
------------------------------
From: alex <[EMAIL PROTECTED]>
Subject: list of data security
Date: Sat, 10 Apr 1999 17:13:24 +0800
Reply-To: [EMAIL PROTECTED]
Hi,
I found that there are lots of security methods/standards..
where can I have a complete list of them?
Thanks
------------------------------
From: alex <[EMAIL PROTECTED]>
Subject: credit card encryption?
Date: Sat, 10 Apr 1999 16:45:06 +0800
Reply-To: [EMAIL PROTECTED]
Hi,
what is the encryption method of credit card used in bank?
thanks
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "Biprime Cryptography" to replace RSA?
Date: Sat, 10 Apr 1999 06:50:17 GMT
Pardon my interruption folks. I am posting the source code
for tops9720.exe which is widely available on the net.
I am authorizing free distribution of source code for non profit use.
http://users.leading.net/~nomad01/index.html
Thanks.
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <bios.h>
void main()
{
FILE *input_file, *output_file, *catalyst_file;
char input_name[66], output_name[66], catalyst_name[66];
char key[66],word[66],key2[66];
int c,d,length,keylength,loophelp,step,mode; /*length-of file*/
int ch, row, col, offrow, offcol, limitrow, datasize, spacecount;
int count;
ch = 0; row = 0; col=0; offrow=0; offcol=0; limitrow=0; /* init#1 here */
datasize=0; spacecount=0; count=0;
testts:row=cursrow();limitrow = row;/*printf("\nStarted at row %d",row);*/
col=0;
/* clrscrn();printf("\nts aaa 1 bbb 0 ccc \n\n\n");*/
while(row >= 0){ offrow = row; offcol = col;
poscurs(offrow,offcol);ch = readch();
if((ch == 84)||(ch == 116)){
offcol =offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if((ch == 79)||(ch == 111)){
offcol = offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow,offcol);ch = readch();
if((ch == 80)||(ch == 112)){
offcol =offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if((ch == 83)||(ch == 115)){
offcol = offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if(ch == 32){ goto cmdfound;}
if(ch == 46){ goto baddata;} /* period after ts */
}
}
}
}
/* poscurs(row+2,col);writech(43); */
col=col+1;if(col >79) {col = 0; row = row -1;}
}
poscurs(24,0);exit(0); /*file renamed */
cmdfound:/*-----printf("\n\n\n\n Ts: was at row%d",row);
printf(" last char %c",ch);
printf(" row %d, col %d", row, col);
printf(" offrow %d, offcol %d", offrow, offcol);----*/
getdata:
row=offrow; col=offcol+1; poscurs(row,col);ch=readch();
if (ch == 32) { printf("IN code#1");goto baddata;
} /*two spaces in a row*/
datasize=0;
inputname:
poscurs(row,col);ch=readch();input_name[datasize]= ch;
datasize=datasize+1; if (datasize > 64) { printf("IN code #2"); goto
baddata;
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("IN code #3");goto baddata;
}
poscurs(row,col);ch=readch();if (ch != 32)
{goto inputname;/*no space yet*/
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("IN code #4");goto baddata;
}
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col
%d",row,col);
printf("IN #5");goto baddata;
} /*two spaces*/
/*--------------------------------------------------------*/
datasize=0;
eord:
poscurs(row,col);ch=readch();mode = ch;
datasize=datasize+1;if (datasize > 1){printf("ED code#2");goto baddata;
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("ED code#3");goto baddata;
}
poscurs(row,col);ch=readch();if (ch != 32)
{goto eord;/*no space yet*/
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("ED code#4");goto baddata;
}
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col
%d",row,col);
printf("ED code#5");goto baddata;
} /*two spaces*/
if((mode != 49)&&(mode !=50)){mode=0;goto baddata;}
/*--------------------------------------------------------*/
datasize=0; outputfile:
poscurs(row,col);ch=readch();output_name[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("OUT code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("OUT
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
outputfile;/*no space yet*/ } col=col+1; if (col>79) {col=0;row=row+1; }
if (row>limitrow) { printf("OUT code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("OUT code#5");goto baddata; } /*two spaces*/
/*--------------------------------------------------------*/
datasize=0; catalyst:
poscurs(row,col);ch=readch();catalyst_name[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("CAT code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("CAT
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
catalyst;/*no space yet*/ } col=col+1; if (col>79) {col=0;row=row+1; } if
(row>limitrow) { printf("CAT code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("OUT code#5");goto baddata; } /*two spaces*/
/*--------------------------------------------------------*/ datasize=0;
keysee: poscurs(row,col);ch=readch();key[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("KEY code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("KEY
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
keysee;/*no space yet*/ } /*---- col=col+1; if (col>79) {col=0;row=row+1;
} if (row>limitrow) { printf("KEY code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("KEY code#5");goto baddata; } *two spaces* --------*/
/*--------------------------------------------------------*/
poscurs (24,0); /*get rid of this later!*/
/*printf("\n\n\n datasize %d",datasize); */
/*printf(" baddata row%d, col%d, ch%d",row,col,ch);printf("\n");*/
/*------- for debuging
printf("\n\nInput file=");
printf("%s",input_name);
printf("\nEncrypt-1,Decode-2:=");
printf("%c",mode);
printf("\nOutput file= ");
printf("%s",output_name);
printf("\nCatalyst file=");
printf("%s",catalyst_name);
printf("\nKey=");
printf("%s",key);
printf("\n");
----------*/
goto dataready;
exit(0); /*later exit to regular ts */
baddata: /* start at begining for beginers*/
printf("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n");
printf("TOPSECRET! by SIVA R.KRISHNA (C)'95-97 V2.0");
printf("\nShareware registration,$5 to PSC BOX 3013 ");
printf("DYESS AFB,TX.79607");
printf("\n\nSecurity hints:");
printf("\nEncrypt compressed files to minimize repeating data.Since the
receiver must");
printf("\nhave the Catalyst/s,you may want to start with something
popular.Consider");
printf("\nencrypting more than once.If sensitive data was written to a
disk,format");
printf("\nthe disk and overwrite the whole disk before disposal.Ensure
personnel have");
printf("\nproper security clearance.Have building and personnel checked
for");
printf("\nsurveillance equipment.");
printf("\n\nDisclaimer:This program is sold AS IS,no one or ");
printf("vendor shall be liable for special,incidental,consequential");
printf(",direct,indirect or other similar damages from the use ");
printf("or missuse of this program.Other liabilities for damages");
printf(" shall in no event exceed the purchase price.");
printf(" \n");
printf(" \n");
printf(" \n");
anotherfile: /*----------init#2 here-----------*/
c=0;d=0;length=0;keylength=0;loophelp=0;mode=0;
printf("\nName of input file : ");
scanf("%s",&input_name);
againmode:printf("\n1=Encrypt 2=Decode\n");
scanf("%s",&mode);/* printf("\nMode=%d",mode);*/
if((mode!=49)&&(mode!=50))
{goto againmode;}
printf("\nName of output file : ");
scanf("%s",&output_name);
printf("\nName of Catalyst file, 0=NONE : ");
scanf("%s",catalyst_name);
againkey:
printf("\nEnter KEY");
printf("\n01234567891123456789212345678931234567894123456789");
printf("51234567896123\n");
scanf("%s",&key);
if(strlen(key)>64){printf("\n key=%s\n length=%d",key,strlen(key));
goto againkey;}
/* generate firstime k2 only */
keylength=strlen(key);
printf("\nThelength of key \n%s is %d\n",key,keylength);
dataready:
keylength=strlen(key); /*again for fast-dataready:see 3 lines up*/
loophelp=0;
while(loophelp < keylength+1)
{key2[loophelp]=key[loophelp+1] ;
loophelp=loophelp+1;
}
loophelp=loophelp+1;key2[loophelp]=key[loophelp];
/* printf("\n0-%c,1-%c,2-%c,3-%c",key[0],key[1],key[2],key[3]); */
/* printf("\n0-%d,1-%d,2-%d,3-%d",key[0],key[1],key[2],key[3]); */
/* printf("\n The word is %s",word); */
input_file = fopen(input_name,"rb");
if (input_file == NULL) {
puts("***can't open input file***");
exit(0);
}
output_file = fopen( output_name, "wb");
if (output_file == NULL) {
puts("***can't open output file***");
exit(0);
}
if (catalyst_name[0] !=48) {
catalyst_file = fopen( catalyst_name, "rb");
if (catalyst_file == NULL) {
puts("***can't open Catalyst file***");
exit(0);
}
}
c=0;d=0;length=0;loophelp=0;
while((c = getc(input_file)) != EOF){length=length+1;/*start i/o file*/
/* printf("-cbefore%d,%c-",c,c);*/
if(mode == 49){word[loophelp]=c; /*d for troubleshooting*/
}
c=(key[loophelp]^c);
c=(c^loophelp)^keylength; /*hide key from simple code*/
c=(key2[loophelp]^c);
if (catalyst_name[0] !=48) {
d=getc(catalyst_file); /* printf(" %d",d); */
if (d== EOF) { fclose(catalyst_file);
catalyst_file = fopen (catalyst_name, "rb");
d=getc(catalyst_file); /*printf("%c",d);*/
}
c=c^d;
}
/* if(length == 1) { c=d;printf("*c=%d,%c*",c,c);
} */
/* if(c == 26) { c=d; printf("*c=%d,%c*",c,c);
} */
/* if(c == 92) { c=d; printf("*c=%d,%c*",c,c);
} */
skipcode:
if(mode == 50){word[loophelp]=c;
}
putc(c,output_file);
loophelp=loophelp+1;
if(loophelp == keylength) {
loophelp=0;strcpy(key2,word); /*init loophelp*/
}
} /*stop while;i/o file*/
fclose(output_file);
fclose(input_file);
fclose(catalyst_file);
/* printf("\nFile length was=%d",length); */
/* printf(" c=%d %c %s ",c,c,c);*/
if(datasize>0){exit(0);} /* quit fast for the pros */
againmode2:printf("\n1=Another File 2=QUIT\n");
scanf("%s",&mode); /* printf("\nMode=%d",mode); */
if((mode!=49)&&(mode!=50))
{goto againmode2;}
if (mode == 49){goto anotherfile;
}
}
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Speeding up Geometric Identification
Date: Sat, 10 Apr 1999 11:12:26 GMT
I just realized something that can speed up GI quite a bit.
(this is not new, but they teach little in high school so bare with me).
Testing a circle for example needs:
(x - u)^2 + (y - v)^2 - r^2 = 0
Where v and u are the points (u, v) of the ball. But this can be optimized
like so:
((x - u + y - v - r)^2) / 2)
Where the /2 can be done with a shift. This way there is only one
multiplication to be performed.
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 10 Apr 1999 08:57:34 -0500
In article <[EMAIL PROTECTED]>,
R. Knauer <[EMAIL PROTECTED]> wrote:
>On Wed, 07 Apr 1999 16:47:33 GMT, [EMAIL PROTECTED] wrote:
>>Nonsense. Where did you get "the pseudo-random model".
>What is you concept of pseudo-random?
Pseudo-random is used, at least in the statistical and
simulation literature, to refer to deterministically
generated numbers designed to imitate random numbers,
generally equidistributed and independent. It is clear
that they are not independent, although they may have
very good equidistribution properties.
On the other hand, the output of a noisy physical device
is random, even if it is not equidistributed or independent.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
