Cryptography-Digest Digest #370, Volume #9 Sat, 10 Apr 99 23:13:02 EDT
Contents:
tops9720.zip source code for "Topsecret" ([EMAIL PROTECTED])
Re: True Randomness & The Law Of Large Numbers (Herman Rubin)
Re: is it true that Irish teen found crypto alg faster that RSA (Daniel James)
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: chosen-plaintext attack (Thirteen)
Re: True Randomness & The Law Of Large Numbers ("Douglas A. Gwyn")
Re: True Randomness & The Law Of Large Numbers (Dave Knapp)
Re: True Randomness & The Law Of Large Numbers (Dave Knapp)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: tops9720.zip source code for "Topsecret"
Date: Sat, 10 Apr 1999 22:54:37 GMT
This is the source code for the encryption program named "Topsecret".
It is widely available on the net as tops9720.zip
The source code is freely distributable for non profit use.
The source code is in its original development form
and therefore not too pretty. I encourage hackers to send me or publish
exe programs that will reliably crack coded messages.
Nomad01
http://users.leading.net/~nomad01/index.html
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <bios.h>
void main()
{
FILE *input_file, *output_file, *catalyst_file;
char input_name[66], output_name[66], catalyst_name[66];
char key[66],word[66],key2[66];
int c,d,length,keylength,loophelp,step,mode; /*length-of file*/
int ch, row, col, offrow, offcol, limitrow, datasize, spacecount;
int count;
ch = 0; row = 0; col=0; offrow=0; offcol=0; limitrow=0; /* init#1 here */
datasize=0; spacecount=0; count=0;
testts:row=cursrow();limitrow = row;/*printf("\nStarted at row %d",row);*/
col=0;
/* clrscrn();printf("\nts aaa 1 bbb 0 ccc \n\n\n");*/
while(row >= 0){ offrow = row; offcol = col;
poscurs(offrow,offcol);ch = readch();
if((ch == 84)||(ch == 116)){
offcol =offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if((ch == 79)||(ch == 111)){
offcol = offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow,offcol);ch = readch();
if((ch == 80)||(ch == 112)){
offcol =offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if((ch == 83)||(ch == 115)){
offcol = offcol + 1;if (offcol > 79){
offcol = 0; offrow = row +1; }
poscurs(offrow , offcol);ch = readch();
if(ch == 32){ goto cmdfound;}
if(ch == 46){ goto baddata;} /* period after ts */
}
}
}
}
/* poscurs(row+2,col);writech(43); */
col=col+1;if(col >79) {col = 0; row = row -1;}
}
poscurs(24,0);exit(0); /*file renamed */
cmdfound:/*-----printf("\n\n\n\n Ts: was at row%d",row);
printf(" last char %c",ch);
printf(" row %d, col %d", row, col);
printf(" offrow %d, offcol %d", offrow, offcol);----*/
getdata:
row=offrow; col=offcol+1; poscurs(row,col);ch=readch();
if (ch == 32) { printf("IN code#1");goto baddata;
} /*two spaces in a row*/
datasize=0;
inputname:
poscurs(row,col);ch=readch();input_name[datasize]= ch;
datasize=datasize+1; if (datasize > 64) { printf("IN code #2"); goto
baddata;
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("IN code #3");goto baddata;
}
poscurs(row,col);ch=readch();if (ch != 32)
{goto inputname;/*no space yet*/
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("IN code #4");goto baddata;
}
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col
%d",row,col);
printf("IN #5");goto baddata;
} /*two spaces*/
/*--------------------------------------------------------*/
datasize=0;
eord:
poscurs(row,col);ch=readch();mode = ch;
datasize=datasize+1;if (datasize > 1){printf("ED code#2");goto baddata;
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("ED code#3");goto baddata;
}
poscurs(row,col);ch=readch();if (ch != 32)
{goto eord;/*no space yet*/
}
col=col+1; if (col>79) {col=0;row=row+1;
}
if (row>limitrow) { printf("ED code#4");goto baddata;
}
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col
%d",row,col);
printf("ED code#5");goto baddata;
} /*two spaces*/
if((mode != 49)&&(mode !=50)){mode=0;goto baddata;}
/*--------------------------------------------------------*/
datasize=0; outputfile:
poscurs(row,col);ch=readch();output_name[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("OUT code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("OUT
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
outputfile;/*no space yet*/ } col=col+1; if (col>79) {col=0;row=row+1; }
if (row>limitrow) { printf("OUT code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("OUT code#5");goto baddata; } /*two spaces*/
/*--------------------------------------------------------*/
datasize=0; catalyst:
poscurs(row,col);ch=readch();catalyst_name[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("CAT code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("CAT
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
catalyst;/*no space yet*/ } col=col+1; if (col>79) {col=0;row=row+1; } if
(row>limitrow) { printf("CAT code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("OUT code#5");goto baddata; } /*two spaces*/
/*--------------------------------------------------------*/ datasize=0;
keysee: poscurs(row,col);ch=readch();key[datasize] = ch;
datasize=datasize+1;if (datasize > 64){printf("KEY code#2");goto baddata; }
col=col+1; if (col>79) {col=0;row=row+1; } if (row>limitrow) { printf("KEY
code#3");goto baddata; } poscurs(row,col);ch=readch();if (ch != 32) {goto
keysee;/*no space yet*/ } /*---- col=col+1; if (col>79) {col=0;row=row+1;
} if (row>limitrow) { printf("KEY code#4");goto baddata; }
poscurs(row,col);ch=readch();if (ch==32){printf(" row %d, col %d",row,col);
printf("KEY code#5");goto baddata; } *two spaces* --------*/
/*--------------------------------------------------------*/
poscurs (24,0); /*get rid of this later!*/
/*printf("\n\n\n datasize %d",datasize); */
/*printf(" baddata row%d, col%d, ch%d",row,col,ch);printf("\n");*/
/*------- for debuging
printf("\n\nInput file=");
printf("%s",input_name);
printf("\nEncrypt-1,Decode-2:=");
printf("%c",mode);
printf("\nOutput file= ");
printf("%s",output_name);
printf("\nCatalyst file=");
printf("%s",catalyst_name);
printf("\nKey=");
printf("%s",key);
printf("\n");
----------*/
goto dataready;
exit(0); /*later exit to regular ts */
baddata: /* start at begining for beginers*/
printf("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n");
printf("TOPSECRET! by SIVA R.KRISHNA (C)'95-97 V2.0");
printf("\nShareware registration,$5 to PSC BOX 3013 ");
printf("DYESS AFB,TX.79607");
printf("\n\nSecurity hints:");
printf("\nEncrypt compressed files to minimize repeating data.Since the
receiver must");
printf("\nhave the Catalyst/s,you may want to start with something
popular.Consider");
printf("\nencrypting more than once.If sensitive data was written to a
disk,format");
printf("\nthe disk and overwrite the whole disk before disposal.Ensure
personnel have");
printf("\nproper security clearance.Have building and personnel checked
for");
printf("\nsurveillance equipment.");
printf("\n\nDisclaimer:This program is sold AS IS,no one or ");
printf("vendor shall be liable for special,incidental,consequential");
printf(",direct,indirect or other similar damages from the use ");
printf("or missuse of this program.Other liabilities for damages");
printf(" shall in no event exceed the purchase price.");
printf(" \n");
printf(" \n");
printf(" \n");
anotherfile: /*----------init#2 here-----------*/
c=0;d=0;length=0;keylength=0;loophelp=0;mode=0;
printf("\nName of input file : ");
scanf("%s",&input_name);
againmode:printf("\n1=Encrypt 2=Decode\n");
scanf("%s",&mode);/* printf("\nMode=%d",mode);*/
if((mode!=49)&&(mode!=50))
{goto againmode;}
printf("\nName of output file : ");
scanf("%s",&output_name);
printf("\nName of Catalyst file, 0=NONE : ");
scanf("%s",catalyst_name);
againkey:
printf("\nEnter KEY");
printf("\n01234567891123456789212345678931234567894123456789");
printf("51234567896123\n");
scanf("%s",&key);
if(strlen(key)>64){printf("\n key=%s\n length=%d",key,strlen(key));
goto againkey;}
/* generate firstime k2 only */
keylength=strlen(key);
printf("\nThelength of key \n%s is %d\n",key,keylength);
dataready:
keylength=strlen(key); /*again for fast-dataready:see 3 lines up*/
loophelp=0;
while(loophelp < keylength+1)
{key2[loophelp]=key[loophelp+1] ;
loophelp=loophelp+1;
}
loophelp=loophelp+1;key2[loophelp]=key[loophelp];
/* printf("\n0-%c,1-%c,2-%c,3-%c",key[0],key[1],key[2],key[3]); */
/* printf("\n0-%d,1-%d,2-%d,3-%d",key[0],key[1],key[2],key[3]); */
/* printf("\n The word is %s",word); */
input_file = fopen(input_name,"rb");
if (input_file == NULL) {
puts("***can't open input file***");
exit(0);
}
output_file = fopen( output_name, "wb");
if (output_file == NULL) {
puts("***can't open output file***");
exit(0);
}
if (catalyst_name[0] !=48) {
catalyst_file = fopen( catalyst_name, "rb");
if (catalyst_file == NULL) {
puts("***can't open Catalyst file***");
exit(0);
}
}
c=0;d=0;length=0;loophelp=0;
while((c = getc(input_file)) != EOF){length=length+1;/*start i/o file*/
/* printf("-cbefore%d,%c-",c,c);*/
if(mode == 49){word[loophelp]=c; /*d for troubleshooting*/
}
c=(key[loophelp]^c);
c=(c^loophelp)^keylength; /*hide key from simple code*/
c=(key2[loophelp]^c);
if (catalyst_name[0] !=48) {
d=getc(catalyst_file); /* printf(" %d",d); */
if (d== EOF) { fclose(catalyst_file);
catalyst_file = fopen (catalyst_name, "rb");
d=getc(catalyst_file); /*printf("%c",d);*/
}
c=c^d;
}
/* if(length == 1) { c=d;printf("*c=%d,%c*",c,c);
} */
/* if(c == 26) { c=d; printf("*c=%d,%c*",c,c);
} */
/* if(c == 92) { c=d; printf("*c=%d,%c*",c,c);
} */
skipcode:
if(mode == 50){word[loophelp]=c;
}
putc(c,output_file);
loophelp=loophelp+1;
if(loophelp == keylength) {
loophelp=0;strcpy(key2,word); /*init loophelp*/
}
} /*stop while;i/o file*/
fclose(output_file);
fclose(input_file);
fclose(catalyst_file);
/* printf("\nFile length was=%d",length); */
/* printf(" c=%d %c %s ",c,c,c);*/
if(datasize>0){exit(0);} /* quit fast for the pros */
againmode2:printf("\n1=Another File 2=QUIT\n");
scanf("%s",&mode); /* printf("\nMode=%d",mode); */
if((mode!=49)&&(mode!=50))
{goto againmode2;}
if (mode == 49){goto anotherfile;
}
}
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: True Randomness & The Law Of Large Numbers
Date: 10 Apr 1999 09:33:02 -0500
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>Herman Rubin wrote:
<> This is the case if the random process has certain properties. Any
<> physical source generates a random process, but not necessarily with
<> the desired propeties. "Random process", to someone who uses
<> standard probability terminology, merely means that all the values
<> have a joint distribution, not that this distribution is any
<> particular one.
>Yeah, but in the context of a OTP keystream generator,
>"random" is being used informally to mean one that is
>suitably random for secure use in that context. Most
>of us think that that includes, but is not limited to,
>having equiprobability over the key's "alphabet"
>(which can be limited to 0 and 1 without changing the
>issues).
Equiprobability is an unattainable goal for a physical
process. What is attainable is a reasonable certainty
that this is "sufficiently closely" approximated. And
the informal use also requires independence, which may
be harder to approximate.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: is it true that Irish teen found crypto alg faster that RSA
Date: Mon, 05 Apr 1999 10:43:24 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Nelson
G. Rich wrote:
> Please excuse me for this if by now it's old hat, but is it true that a 16
> year old Irish gal has found an algorithm that's faster than RSA?
> Can anyone point me to accurate source?
>
The story is that the girl in question (whose father is a maths lecturer, so
her understanding of maths isn't too surprisng) was working for PLI company
Baltimore as a summer job, and they got her to look at some ideas for
speeding up RSA. If I understand what she did, it's basically to express an
RSA key as a set of small matrixes to speed up the computation - the
drawback being that you can't easily convert the key between the matrix and
big integer formats so the storage requirement for a keyset goes up.
There's some information on Baltimore's web page at:
http://www.baltimore.com/news/press/pr990113.html (some of the links from
this page seem to have expired).
Cheers,
Daniel
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sun, 11 Apr 1999 01:03:00 GMT
Herman Rubin wrote:
> I wonder how many of you understand that the current use of statistical
> significance is a major error which should never have happened? The
> significance level is NOT directly related to anything about the degree
> of certainty; that "accepted" null hypothesis is rarely, if ever, true.
Use of significance or confidence level is a legacy from R. Fisher.
It is meaningful if properly understood: Suppose we find that an
observation disagrees with the model at the 95% level; the meaning
of that is: "*if* the model were correct, *then* there would be a
probability of 0.95 that a similar observation would have better
agreement with the model". Intuitively, such an observation gives
one reason to doubt the model, when no contrary information is
available. Thus, it *is* related to certainty -- about the
correctness of the model (or "null hypothesis"). But it's an
asymmetric relationship: while doubt can be cast on the model by
contradictory evidence, lack of contradictory evidence does not
necessarily *support* the model.
The null hypothesis doesn't have to be true to be useful.
There are other approaches, including "weight of evidence",
likelihood ratios, etc. that can deal appropriately with such
things as a priori expectations and combining (possibly
conflicting) evidence from multiple sources.
------------------------------
From: Thirteen <[EMAIL PROTECTED]>
Subject: Re: chosen-plaintext attack
Date: Mon, 05 Apr 1999 04:05:50 -1000
news.compassnet.com wrote:
>
> Hi, thanks for reading this post!
>
> Why are public-key systems vulnerable to chosen-plaintext attacks?
One attack is for the attacker to choose a plaintext and have it
encrypted using the secret key. This may be considered to be a
signature. The attacker requests a signature on a chosen text. If
the victim signs it, she is making a mistake that is not obvious
to lay-persons. A single signature on a chosen text is enough to
recover a secret message that was sent to the victim from a trusted
friend. The attacker may have intercepted a message to the victim
and disguised it before sending it on for the signature. By signing
it, the victim is decrypting it.
What
> does a cryptanalyst have to do deduce the private key (if necessory at all)
> or the algorithm to infer further plaintext? I failed to find an example on
> the Internet.
The example I gave is detailed in a book called "Applied Cryptography"
by B. Schneier.
>How does it help since public keys are known to everyone.
A cyclic attack can be tried in which the public key is used
millions of times encrypting each previous ciphertext. After some
number of such recursive cycles, the plaintext may appear.
> Why are symmetric cryptosystems not vulnerable to this attack?
Well designed ciphers are not vulnerable because they have enough
rounds. Poorly designed ciphers are vulnerable to chosen plaintext
attacks.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sun, 11 Apr 1999 01:40:41 GMT
Herman Rubin wrote:
> Equiprobability is an unattainable goal for a physical process.
That is an extraordinary claim, contrary to quantum doctrine.
Are you sure you don't mean *verification* of equiprobability?
------------------------------
From: Dave Knapp <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sun, 11 Apr 1999 02:39:39 GMT
Herman Rubin wrote:
>
> I wonder how many of you understand that the current use of statistical
> significance is a major error which should never have happened? The
> significance level is NOT directly related to anything about the degree
> of certainty; that "accepted" null hypothesis is rarely, if ever, true.
Boy, are you right about that!
One only needs to read a few medical papers with quoted statistical
significances of 1e-4 to 1e-6 and _enormous_ systematic errors to
understand the complete irrelevance of the significance values to the
result.
Physicists don't use significance as much as they do confidence
intervals, which are arguably worse yet.
It seems to me (and you may feel free to argue) that one ought to
approach RNG testing from a Bayesian perspective, or else the results
are too confusing.
-- Dave
------------------------------
From: Dave Knapp <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Sun, 11 Apr 1999 02:46:34 GMT
"R. Knauer" wrote:
>
> On 10 Apr 1999 09:05:39 -0500, [EMAIL PROTECTED] (Herman
> Rubin) wrote:
>
> >That is what YOU have been calling true randomness.
>
> Again, it is not MY description, but the description that came from
> the prevailing consensus here.
It is indeed your description, and NOT a consensus here.
As I recall, a few months ago you were trying to ram this definition
down the throat of whoever would listen, and there were _many_
objections to your "definition" of true randomness.
By the way, quantum-mechanical randomness is not "true randomness" by
your defintion, since most quantum-mechanical distributions are not
flat.
You don't do your case much good by lying about what other people say.
-- Dave
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
