Cryptography-Digest Digest #387, Volume #9 Wed, 14 Apr 99 02:13:03 EDT
Contents:
Re: a simple sequence that stays near zero ([EMAIL PROTECTED])
Please Check my math ("Charles Booher")
Re: Encryption Key Length Question (Jerry Coffin)
Re: Not a PGP Expert ([EMAIL PROTECTED])
Re: Adequacy of FIPS-140 ([EMAIL PROTECTED])
Blowfish Source Code? (Jon Kadilak)
PGP 6 is JUNK ("Charles Booher")
PGP=NSA (Conjecture with Arguments) ("Charles Booher")
Re: Is public key crypto just Snake Oil?? (Sundial Services)
looking for specific technical report ("Mark Hammell")
Re: True Randomness & The Law Of Large Numbers ("Franzen")
Re: tops9720.zip source code for "Topsecret" ([EMAIL PROTECTED])
Re: Comments to DOJ re NICS (Paul Rubin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: a simple sequence that stays near zero
Date: Wed, 14 Apr 1999 01:20:06 GMT
[EMAIL PROTECTED] wrote:
> In article <7euid2$47k$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > The sequence
> >
> > a_i := (1+2Q)*a_(i-1) - (1+2Q)*a_(i-2) + a_(i-3)
> >
> > with a_0 := 0, a_1 := 1, and a_2 := 2Q forms a sine wave with
> > period 2pi/arccos(Q)
>
> Please explain further.
While the format is a bit odd, the above is a a digital resonator
that has been excited with an impulse; the result is a discrete-time
sampled sine wave. Just about all texts on digital signal processing will
describe this "trick". Many a DSP board documentation has coded examples
of simple sine-wave generators that use this technique.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Charles Booher" <[EMAIL PROTECTED]>
Subject: Please Check my math
Date: Tue, 13 Apr 1999 19:33:04 -0700
> e*d = 1 mod n
>
> What does the mod mean?
Take two numbers such as
P=
1631108959808475458303674367596213987016985831477098071114901842069
Q=
10787237856672557318578218449362398441914736779658192674969188197821
Then we let N = P*Q
N=17595160319603783241778041023417850667424851148062999593302885322002430690
213447187264442893993282203256503054408647815038167271931649
If we take the pair
E=
2906727153638300661146460603936360233613501786416371274356151603248977794648
230709649448147670851454259323677560920210238090813070337
and
D=
1599684445907509218829127039987660587836456881186666586133092541710033383916
5812088103393881741447707366343939224598104827907570061633
Then E*D=
4649846216172196412416915063716090835184881319018064827106987382085629473887
27
6369927011009902567866310234014098499039210695872968189734625500389309486501
51
6552544682936335910969692943042877222894507754198584203135449541468474179520
54
00274078190647039195833054080321
And if you divide this by N You get a quotient of
E*D/=
2642684767692360538595352138149572941872623864699923106218646747819357284664
79
4616454237402202332140906993011939829018244003072327146
And a remainder of
1
Please feel free to check my math.
You can get all of this in SecureOffice.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Encryption Key Length Question
Date: Tue, 13 Apr 1999 19:10:03 -0600
In article <7ett6k$ikm$[EMAIL PROTECTED]>, the_zonie@my-
dejanews.com says...
> Question:
>
> Would, say, a 1,000 bit key XORed and scrambled with 1,000 bits of plain text
> be more secure than 56-bit or 112-bit DES?
As long as the key is as long as the text being encrypted, and is
unpredictable, a plain-jane XOR encryption is basically a one-time
pad, and there's basically not even a theoretical attack on it that
_could_ be successful.
OTOH, if you were encrypting, say, 100 kilobytes of data with a 1000
byte key and an XOR encryption, it would be much weaker than DES with
its 56-bit key. 100 times as much plain-text is enough that you could
easily collect statistics on the text encrypted with XOR, and break it
in a matter of seconds. Even encrypting 5 or 10 times as much text as
the size of the key puts an XOR encryption at fairly serious risk.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Not a PGP Expert
Date: Wed, 14 Apr 1999 01:43:31 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Scott Fluhrer wrote:
>
> > In article <[EMAIL PROTECTED]>,
> > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> >
> > >Not a PGP Expert
> > >
> > >Say someone publishes his/her PGP public key and 1,000 people use it and
> > >send him/her messages over the Internet using PGP and this public key.
> Can someone think this through, please.
Someone has.
>
> 1001 people have the same PGP software. One person publishes his public
> key. Everyone communicates with the person who publishes the public key.
>
> The NSA or someone else also has the same PGP software and the published
> public key. And they also have the 1000 messages sent by the people
> communicating with the publisher of the public key because they have the
> Internet connection bugged.
>
> Can the NSA or anyone else just take one of these encrypted messages and read
> the first byte from the encrypted message then using the same PGP software
> and the same public key simply enter one at a time all possible one byte
> input until they get the same output for the first byte
No. They can't. Because that single byte of cipher text is a function of
ALL of the bytes of the plain text.
Suppose h, m_i and c_i are all 1-byte quantities.
The plain text is m_1 , .... m_j
the cipher text becomes c_1 .... c_j under the transformation C = RSA(m)
But c_1 (or any other byte) is a function of ALL of the m_i. You can't
just try h and hope that c_1 = RSA(h) will tell you that m_1 = h.
and conclude that
> this must be the same input entered by this one message sender.
Doesn't work.
>
> After all, the PGP software is the same and the public key is the same. Is
> it not true that if the same original message is used that you get the same
> encrypted message?
Yes.
> Then does it follow that if you use the same first byte
> from the original message that you get the same output from this first byte?
>
No. Not if any part of the rest of the message is different.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Adequacy of FIPS-140
Date: Wed, 14 Apr 1999 01:51:27 GMT
[EMAIL PROTECTED] wrote:
> [...] to get a proveably secure key.
"Proveably secure"? Hm. Does this result come before or after the proof
there are no purple unicorns?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Jon Kadilak <[EMAIL PROTECTED]>
Subject: Blowfish Source Code?
Date: 13 Apr 1999 23:17:39 GMT
I'm not sure if this is the right group to post to, apologies if it is
not. Can someone point me in the direction of some Blowfish encryption
algorithm source code? Or some source code that will encode files with
the Blowfish encryption method.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jon Kadilak The Internet Access Company
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: "Charles Booher" <[EMAIL PROTECTED]>
Subject: PGP 6 is JUNK
Date: Tue, 13 Apr 1999 19:37:43 -0700
My home phone number is
408-733-7215
Please call me if you have any questions about my mathematical and software
analysis of PGP 6.
I am also somewhat familiar with earlier versions of PGP, but you will need
to bear with my ignorance on a few topics.
1. What is the mathematical representation of discrete numbers in PGP 2.6.2
??
How does the prime testing algorithm work.
I am not capable, because I do not have the time, of showing what total
garbage PGP has been from word get go.
But if I have a willing buyer for my product I can spend a little more time
on the subject.
http://www.filesafety.com/SecureOffice.EXE
------------------------------
From: "Charles Booher" <[EMAIL PROTECTED]>
Subject: PGP=NSA (Conjecture with Arguments)
Date: Tue, 13 Apr 1999 19:10:27 -0700
It is called the Booher Conjecture.
PGP=NSA
Since I am the author of the Conjecture I decided in and arrogant fit of
pique to name it after myself.
I am looking for any commentary that Phil Zimmerman is interested in
providing here. I believe that he is capable of providing a complete
mathematical proof of my conjecture, but since the man who claimed to be
Phil Zimmerman has only called me up on the phone twice I am very curious
about one thing.
Why is Phil Zimmerman so totally disinterested in computer programming and
the mathematics of encryption? He has not written a line of code in the
last 5 years at least. He has not done a lick of intellectual work in the
last five years except kiss for money at the NSA.
The current savagely weakened travesty that is calling itself PGP has
exactly
1000 *1000*1000 =
1,000,000,000
possible key sets.
The dumb asses are using the a custom random number generator with a seed of
1 Billion possibilities. That is the randomization stuff you type when you
are typing. It may even be less than that.
The NSA long ago computed all possible key pair sets. Never get into a
mathematical Argument with an asshole who buys Sun Workstations by the Truck
load if your numbers are not big enough.
There are more than
100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000
Possible Secure Office key pairs than can be generated in less that three
days on your typical computer (333MHz Pentium).
My symetrical Key is much Bigger as well.
SecureOffice = 2^168
374144419156711147060143317175368453031918731001856
While PGP=2^128
340282366920938463463374607431768211456
Testing One Billion Keys a Second takes
SecureOffice = 1.63*10^34 Years
PGP=1.48*10^22
My numbers are better, way better.
My interface is better, way better.
My product is also cheaper than PGP.
------------------------------
Date: Tue, 13 Apr 1999 21:00:28 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is public key crypto just Snake Oil??
Peter Gunn wrote:
> If this is the case, wouldnt it be simpler to have a traditional
> username/password account with the trusted authority, and
> send them the hash for a document you want to sign, and
> have them return a signature of the hash encrypted using
> some 'private key' unknown even to you. Similarly, people
> could verify the signatures by simply sending off the signature
> and your username, and receive the hash for the document
> which they could then check.
Wanna get paranoid? You thought you were sending your signature and
username to TrustedAuthority.Com and getting back a hash (which you
cannot, yourself, verify). But what you didn't know was that someone at
BadCommieSpy.Com intercepted your request and sent a forged reply to
you!
> Encrypting a file to be decrypted by a single recipient could
> be done by sending a hash of the document to the central
> authority along with the username/password of the sender,
> and the username of the intended recipient... they authority
> could then return the hash value encrypted with both
> the sender & recipient's keys. The document could then be
> encrypted with this value and the unencrypted hash value
> along with the intended recipient id attached, and the whole
> thing signed by the sender. The recipient could then decrypt
> the file by sending its uername/password, the username
> of the sender, and the hash value to the central authority
> who could then return the hash encrypted with both
> the recipient & sender's keys... which the recipient could then
> use to decrypt the document.
By feeding you keys of my own devising, which you accept thinking that
they came from TrustedAuthority.Com, I'm fooling you into sending
messages to the world that anyone can read! What a nasty commiespy.com
I am! ;-)
> So, as far as I can see, you dont need public key crypto
> to do this?? Just plain old symmetric encryption will do,
> us humans just need to remember a short username &
> password, and signatures are nice and short.
>
> I must be missing something here?? What is it??
The problem in your scenario is that you are trusting someone you do not
even know... and trusting even more what "they" sent back to you.
Public-key methods are employed to conceal the message-keys used in
ordinary symmetric-encryption. They are used to prevent recovery of the
key, and of course they are not perfect. But they achieve their purpose
without requiring some third-party to know something that you don't.
------------------------------
From: "Mark Hammell" <[EMAIL PROTECTED]>
Subject: looking for specific technical report
Date: 14 Apr 1999 03:04:55 GMT
I am looking for the following technical report:
B.S. Kaliski Jr. and Y.L.Yin. Data-dependent rotations help prevent
differential cryptanalysis. Technical note, RSA Laboratories, August, 1996.
If anyone would happen to know where I can get it, please email me.
Thanks in advance.
- Mark
--
Mark K. Hammell
RC Box 0306
28 Westhampton Way
University of Richmond, VA 23173
ph: 804.662.3083
mailto:[EMAIL PROTECTED]
------------------------------
From: "Franzen" <[EMAIL PROTECTED]>
Subject: Re: True Randomness & The Law Of Large Numbers
Date: Wed, 14 Apr 1999 00:07:27 -0500
Herman Rubin <[EMAIL PROTECTED]> wrote Mon, April 12,
1999 1:16 PM:
>The most likely number of heads is 500,000, assuming that the
>number has a binomial distribution with p = .5 and n = 1,000,000.
>By itself, this tells us little, but the proof only involves
>high school algebra.
Hey, no problem. Just plug any garden variety PRNG into simulated
coin flipping sequences on your computer, one million each, and
repeated many times; say a thousand times. Then come back and tell
me (and any other person interested in simple math calculation) about
500,000 heads being your results mode. You do have a somewhat better
chance getting your desired results using a PRNG rather than an
an authentic URNG.
I repeat, expected value (EV) is misnamed. Your grade school math
should allow you compute EV. 0.5 * 1,000,000 = 500,000. I do not
remember being introduced to chi-square im my high school algebra.
My chi-square table predicts 98% of the times I flip one million fair
coins I will get 500,007 to 501,284 (and its inverse, 498,716 to
499,993) heads.
If you have a better estimator, this is the time to pull it out. If I
have made a calculation error, please point it out to me.
I previously wrote:
>>1. I refer you to a chi-square table in any standard math reference.
>>Go to the 0.5 probability column in the middle of that table. Do you
>>see a zero chi-square sum anywhere in that column. My table starts
>>with .45 at one degree of freedom, and the listed sums increase with
>>each added degree of freedom.
>I do not know if the table has cumulative probabilities or tail
>probabilities. If it has tail probabilities (probability headers
>going to 0), then the column which would have all 0's would have
>1.0 as the header.
It is cumulative. It is apparent to me you do not have one of these
tables (there are many sources) to refer to at the moment of your
writing your posting.
>>You do know how to calculate chi-square sums? The sum of
>>((Achieved heads - EV heads)^2)/EV heads. You are saying (and
>>someone else seems to agree with you at the moment) 2*
>>(((500,000 - 500,000)^2)/500,000) = (0.225 + 0.225).
>I see the value as zero. However, the chi squared test does
>not have exactly the chi squared distribution; it is an
>approximation.
The chi-square sum is zero. The entire formulation is an obvious
inequality. Apparently you think it to be close enough for government
work.
I spoke with my mathematican daughter yesterday. Her short answer is
you people who think 500,000 is the single most expected outcome from
one million fair flips have little knowledge of simple applied
probability.
Douglas McLean
P.S. B.K: My math daughter has a keen sense of humor to boot.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: tops9720.zip source code for "Topsecret"
Date: Wed, 14 Apr 1999 02:19:06 -0300
[EMAIL PROTECTED] wrote:
> correction:
> I encourage hackers to send me or publish exe programs that
> will reliably crack coded "FILES".
Correction:
You should read the sci.crypt FAQ and at least one book about cryptography
before posting source code to any encryption programs here again.
sci.crypt FAQ
http://www.faqs.org/faqs/by-newsgroup/sci/sci.crypt.html
get one of:
Applied Cryptography, 2nd ed. by Bruce Schneier
ISBN 0471117099 John Wiley & Sons, 1996
Handbook of Applied Cryptography by A Menezes, P Van Oorschot, and S Vanstone
ISBN: 0849385237 CRC Press 1996
Cryptography : Theory and Practice by Douglas R. Stinson
ISBN: 0849385210 CRC Press 1995
------------------------------
Crossposted-To: talk.politics.guns
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Comments to DOJ re NICS
Date: Wed, 14 Apr 1999 05:28:38 GMT
In article <[EMAIL PROTECTED]>,
Eric Williams <[EMAIL PROTECTED]> wrote:
>> So it's just not workable unless the data is machine readable.
>
>How can you say it's unworkable? FFLs are *ALREADY* transmitting all
>that information to the DOJ. The only difference in my plan is how the
>DOJ handles it once it gets there.
It didn't sound from your description that it was necessarily being
sent in machine readable format. It could just be a handwritten form
that someone faxes to the DOJ. And in any case it doesn't need to be read
into a machine a second time for verification, which your scheme requires.
>there is no real difference in procedure, only a
>requirement for some measure of improved accuracy compared to existing
>transfers.
It has to be bit-for-bit identical both times for the signature to
verify. That's a tremendous imposition unless the data is in machine
readable format.
>And ATF does not verify whole stacks of registrations, they spot-check
>the records of the FFL (unless there is evidence of wholesale fraud, in
>which case they're no worse off than they are under the current system).
OK. I don't know anything about this. I imagine a federal agent showing
up at an FFL and saying "show me your registrations!" and checking them.
It sounds silly for them to just spot check. If the FFL is selling
hundreds of legitimate guns per week and a handful of guns per year to
terrorists, a spot check won't catch that. All the registrations must
be checked.
>> I guess that's plausible. It means though that field auditors have
>> to carry equipment containing the secret key. If the auditors can be
>> robbed or bribed, the key is vulnerable.
>
>Not at all, they only need to transfer the information from the form to
>the DOJ, who will re-calculate the MAC and read it back for
>verification.
This means they have to either leave the FFL to check the data
(maybe not a good idea if they suspect the FFL of dealing illegal
guns--they want to be able to slap the cuffs on him) or else they
to have a live data connection from the FFL location back to the DOJ.
Depending on having a phone available doesn't sound so wise in this
situation.
>If key vulnerability is still a problem, the keys can be changed
>every day. (Or even for every transaction -- it doesn't matter as
>long as DOJ saves the keys.) Compromising a single key would not
>give you the ability to generate MACs for future gun transfers.
Of course it would. You just backdate the transfer to the day the key
was good.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
