Cryptography-Digest Digest #995, Volume #8 Fri, 29 Jan 99 07:13:03 EST
Contents:
Re: 3DES in EDE mode versus EEE mode ([EMAIL PROTECTED])
Re: Some more technical info on Pentium III serial number (John Nagle)
Re: Spread Spectrum ([EMAIL PROTECTED])
Re: My comments on Intel's Processor ID Number (Gareth Williams)
Re: Spread Spectrum (Mok-Kong Shen)
Re: Who will win in AES contest ?? (Fabrice Noilhan)
Re: Random numbers generator and Pentium III (Mok-Kong Shen)
Re: T52 (was: Japanese Purple encryption) (Frode Weierud)
Re: Random numbers from a sound card? (Mok-Kong Shen)
Re: Who will win in AES contest ?? ("Sam Simpson")
Re: My comments on Intel's Processor ID Number (Vernon Schryver)
Re: RNG Product Feature Poll (Mok-Kong Shen)
Cryptonite java library (Erwin Bolwidt)
Re: 128 bit Everest, 64 bit Coin (handWave)
NEW CRYPT KIM10 CIPHER ("Simon T.")
Re: Some more technical info on Pentium III serial number (Brad Templeton)
Re: Question on key lengths (handWave)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 3DES in EDE mode versus EEE mode
Date: Sun, 24 Jan 1999 18:17:53 GMT
In article <78e2l6$[EMAIL PROTECTED]>,
Scott Fluhrer <[EMAIL PROTECTED]> wrote:
> In article <78dta9$sef$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>
> >In article <78b7b0$tmg$[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] wrote:
> >> [EMAIL PROTECTED] wrote:
> >>
> >>> When just one key is used in 3-DES EDE, key schedule cannot be simply
> >>> repeated 3x in exaustive key search, which affords a slightly higher
workload
> >>> per searched key than EEE in specialized hardware (and in software, of
> >>> course) that could pre-compute the key schedule just once for all 3x.
> >>
> >> Did I miss something? One key encrypt-decrypt-encrypt is equivalent
> >> to a single encrypt. If I'm testing keys to break 1-key EDE, of course
> >> I'm going to run encrypt, not encrypt-decrypt-encrypt.
> >>
> >
> >Bryan:
> >
> >You are correct -- however *if* the attacker knows it is a one-key 3-DES that
> >can be attacked as a 1-DES.
>
>Actually, if he just suspects that it might be 1-DES, he'll try it. After all,
>since the work effort against 1-DES is so much smaller (2**56 times smaller),
>it's absolutely insignificant against the work effort required for 3-DES.
"If he suspects" is not granted if the cipher was negotiated as 3-DES by both
sides -- even though both sides may use just one-key for speed, switching over
to 1-DES loops instead of doing EDE in a brain-dead way...
Besides, if the attacker does a whole 1-DES attack he probably would not be
able to efficiently use intermmediate results to brute-force two-key DES for
example -- the attacker would have to start all over again. And, the same for
three-key DES.
However, if the cipher was offered either as 3-DES or 1-DES by Alice and Bob
accepted it as 1-DES then there is no question -- attack it as 1-DES.
Otherwise, you just have to formulate the question as a "decision problem" --
and ask whether the cost of "miss" (not being 1-DES) outweighs the savings of
a "hit" (it is 1-DES) *if* the cipher is two-key 3-DES or a three-key 3-DES.
Thus, it is not only a question whether 1-DES is still marginally probable
but what advances cryptanalysis of 3-DES may make on the savings of a fuller
attack with decision branches for 1, 2 or 3 keys.
In that, a detailed Information Theoretic study of DES is revealing some
unsuspected non-random characteristics of DES, which may also help attacks on
3-DES -- some of which are reported in http://www.mcg.org.br/nrdes.txt for
1-DES.
Cheers,
Ed Gerck
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Crossposted-To: talk.politics.crypto,comp.sys.intel
From: [EMAIL PROTECTED] (John Nagle)
Subject: Re: Some more technical info on Pentium III serial number
Date: Fri, 29 Jan 1999 08:05:33 GMT
[EMAIL PROTECTED] (Paul Rubin) writes:
>It sounds to me like Intel is going to release browser controls
>(Netscape plug-in and Explorer ActiveX control) that read the serial
>number. They could distribute the controls through their own web
>site, or possibly get Micro$oft to include the controls in Windoze
>N+1. DHTML script on random web pages could then invoke the controls
>to put the numbers into hidden form fields that would be sent as part
>of the next GET or POST. The controls could even open their own IP
>connections back to the web server. This is all quite possible even
>today, without any participation from browser vendors or W3C. The
>main problem is social-engineering the users to accept the plug-ins.
>It looks like Intel has failed at this pretty badly already.
Is there some procedure for revoking Intel's code-signing key?
Probably not; anybody with a D&B number can get a code-signing key,
and anybody with a business name can get a D&B number from www.dnb.com.
John Nagle
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Spread Spectrum
Date: Fri, 29 Jan 1999 07:56:22 GMT
On Thu, 28 Jan 1999 23:33:52 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>> On Thu, 28 Jan 1999 15:31:24 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>>
>> >In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] wrote:
>> >
>> >> Title is The Bug Book and publisher is
>> >> Paladin Press in Boulder Colorado.
>> >>
>> >That sounds like an old title, in fact I believe that I have volumes 1, 2,
>> >and 3, and it is about some early integrated circuits, not exactly what
>> >you have in mind. It might be a good idea to check title archives or you
>> >may be adding to someone's confusion.
>>
>> New edition of old book, but there never was more than one 'volume'.
>>
>
>Someone did give a URL. It all depends if you want the original speech
>characteristics or will settle for something like good synthesized
>speech. Taking digital to analog takes some smoothing integrator circuits
>to knock the corners of of the stepped waves, so to speak. The oldest and
>simplest way is with a series of parallel filters with darlington stages
>to allow good recovery from the LC circuits.
>> >--
Quality of speech is not important other than that it can be
recognized as speech; understood.
As to the electronics, I somewhat understand DAC and ADC, Schmidt
triggers, Darlington pairs, etc, but this is too technical for the
book.
So, I might pose the question in a different way:
Is a computer and software, such as Fast Fourier Analysis required to
extract recognizable speech from a DSSS transmission or is this
possible in real time using a wideband receiver with filters, DAC's or
whatever in the front end, or is it a combination of both?
Intercept the signal, and feed it into the computer through some kind
of signal acquisition card? Audio from the radio or discriminator
output?
I appreciate the responses but they are over my head; I don't know the
basics well enough.
Thanx again...
M L Shannon
------------------------------
From: Gareth Williams <[EMAIL PROTECTED]>
Subject: Re: My comments on Intel's Processor ID Number
Date: Fri, 29 Jan 1999 08:35:09 +0000
Bruce Schneier wrote:
>
> I wrote a column on Intel's Processor ID number for ZDNet. You can
> read it at:
>
> http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
>
see also Paul Rubin's thread 'Some more technical info on Pentium III
serial number'
which discusses this article:
http://www.eet.com/story/OEG19990127S0011
--
Gareth Williams <[EMAIL PROTECTED]>
** DGW Software Consultants LTD *******************
* Montrose, Ledbury Rd, Ross-on-Wye, HR9 7BE, UK *
* Tel/Fax 01989 563704 *
***************************************************
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Spread Spectrum
Date: Fri, 29 Jan 1999 11:15:34 +0100
[EMAIL PROTECTED] wrote:
>
> Is a computer and software, such as Fast Fourier Analysis required to
> extract recognizable speech from a DSSS transmission or is this
> possible in real time using a wideband receiver with filters, DAC's or
> whatever in the front end, or is it a combination of both?
>
> Intercept the signal, and feed it into the computer through some kind
> of signal acquisition card? Audio from the radio or discriminator
> output?
I know too little about spread sprectrum technology. But perhaps
the book I. J. Kumar, Cryptology, is of some use to you.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Fabrice Noilhan)
Subject: Re: Who will win in AES contest ??
Date: 29 Jan 1999 10:16:10 GMT
According to Hironobu Suzuki <[EMAIL PROTECTED]>:
> I think it's very difficult to compare between serpent and twofish
> because serpent has more rounds than twofish. It means serpent is
> stronger than twofish.
Are you *really* serious?
BTW, twofish looks nearly twice as fast on PPro as an half rounds Serpent.
Fabrice
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random numbers generator and Pentium III
Date: Fri, 29 Jan 1999 11:38:12 +0100
R. Knauer wrote:
>
> On Thu, 28 Jan 1999 15:40:42 +0100, Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote:
>
> >Do you have ANY scientifically precise (quatifiable through exactly
> >defined and practically executable measurement methodologies)
> >'characterization' of crytp-grade randomness??
>
> Yes.
Then let the readers of this group know these and say clearly and in
detail, PLEASE.
>
> >Do you have similarly
> >'precise' definitions of 'crpyto-grade' and 'randomness'?.
>
> Yes.
Same comment as above.
>
> >You never
> >get to 100% objectivity concerning random number sequences, be
> >they obtained hardware or software!
>
> Wrong.
Explain it so that everyone can understand. Don't simply make
categorical statements which carry no sense in scientific
discussions!
>
> >Statistical tests, being founded
> >on mathematical theory, instead of 'intuitions' (such as estimate of
> >the 'skill' of the person designing an apparatus as you suggested
> >in another thread)
>
> I never suggested any such thing. Do not put words in my mouth,
> please.
Below are excerpts from our discussion in the thread 'hardRandNumGen',
those marked with ** were from me those marked with * were from you:
**Please note I don't claim PRNGs are good. I simply doubt that
**hardward generators are good because I have no tools to determine
**that they are good, except by using statistical tools.
*You must be skilled at designing a TRNG. Statistical tools are
*worthless.
**How do you measure or test the skill of a person designing a TRNG?
**Using some tests of the psychologists??
*Make him pee in a bottle and if he does, fire him. If he throws the
*bottle at you, hire him.
*Skilled people fiercely guard their personal rights as humans. Only
*sheep seek the comfort of conformity - and you do not want some sheep
*designing a TRNG for you.
**More precisely, how do
**you show through a test of skill that the resulting TRNG designed
**Are you excluding that a skilled person could ever make mistakes??
*Get several skilled people to check the design and the actual TRNG.
*That's why there are standards committees.
Were those with * not from your mouth?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: T52 (was: Japanese Purple encryption)
Date: 29 Jan 1999 10:31:51 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] () writes:
>There _is_ an antique market for Enigma machines. But *very* few T-52
>machines were made, and as far as I know, all specimens are in the hands
>of government bodies. My guess is that about three to five still exist.
I must confess I don't know how many of the T52 machines (A/B, C, D and E)
were made in total, but I would guess around 1000 machines, probably on
the low side. There are some T52 machines in private collections, but they
would carry an astronomical price. I know of one machine that went for
$18,000.- back in the early seventies. What it would fetch today is anybodies
guess.
How, many of the machines that still are around is also difficult to
estimate. Personally I know about around 15 machines. There must be many
more. In Norway alone, more than 50 T52 machines were recovered after the
war. They were later put to into service by the Norwegian intelligence
service and the secret police (Norwegian Special Branch). Unfortunately
the majority of these machines were scrapped and ended up at the bottom of
a deep mine shaft in Norway. However, as far as I am aware none of
the still surviving machines are for sale.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : wwwcn.cern.ch/~frode
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random numbers from a sound card?
Date: Fri, 29 Jan 1999 11:47:15 +0100
R. Knauer wrote:
>
>
> You cannot prove the crypto-grade randomness of a finite number
> algorithmically. You can for an infinite number, but that is useless.
>
> The only way you can prove the crypto-grade randomness of a finite
> number is to consider the method of generation. If the generator is a
> TRNG, as we have defined it here several times recently, then the
> numbers it generates are crypto-grade random numbers.
Ah! Finally one knows exactly what the term 'crypto-grade random
numbers' you employ means: These are DEFINED to be the output
from a hardware generator. If follows obviously then that there
is NO need whatsoever of testing the sequences obtained, since they
are BY DEFINITION 'crypto-grade'!
M. K. Shen
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Who will win in AES contest ??
Date: Fri, 29 Jan 1999 09:57:11 -0000
Robert Harley wrote in message ...
>
>"Sam Simpson" <[EMAIL PROTECTED]> writes:
>> Found your message entertaining (and much agrees with my thoughts about
the
>> current stage of AES...). One small comment;
>
>Ah, so there is hope yet!
>Actually, several people have expressed hearty agreement in email.
>
Many thanks for the follow-up.
I have downloaded a couple of papers from the DFC page - I'll have a read
over the weekend.
(PS What are, in your opinion, the down sides to DFC? It can't be perfect,
can it? I know it's a little slower than some of the other offerings...)
Thanks again,
Sam Simpson
Comms Analyst
-- http://www.hertreg.ac.uk/ss/ for ScramDisk hard-drive encryption & Delphi
Crypto Components. PGP Keys available at the same site.
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: My comments on Intel's Processor ID Number
Date: 28 Jan 1999 14:49:58 -0700
In article <01be4ac5$05224fa0$803984a9@jay>, jay <[EMAIL PROTECTED]> wrote:
> ...
> .... The externally accessible nature of the PIII would allow
>widespread cross-compilation of user data between unrelated sites, without
>user consent. This is serious.
People keep saying things like that, but I still don't understand them.
How does one box "address" the PIII ID number you any other box? As I
understand network stuff (I wrote my first code to make computers talk
over phone lines in the 1960's), one machine cannot "address" anything
in some other machine without some prior agreements. In recent decades,
such prior agreements have commonly been called "protocols." Exactly
which protocol would be used to pass the PIII ID? No existing IP (i.e.
IETF) protocol including HTTP allows random remote boxes to "address"
anything in your box without your box's permission, or if there is such
a protocol, it is used to fetch things that are more interesting than the
serial number of one of your CPU's, such as your passwords and key rings.
Is there any chance that this whole hoohaw is no more than the simple,
good idea of machine readable serial number in silicon but announced
by Intel marketeeers who think (to use one word) that "addressing"
arbitrary contents in remote boxes makes sense without a whole lot of
standards committee politics, plenty of code from programmers at a lot
of outfits, and at least a few years of elapsed time?
--
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: RNG Product Feature Poll
Date: Fri, 29 Jan 1999 12:20:38 +0100
Dan S. Camper wrote:
>
> To my knowledge, all of the tests we've run to date have dealt with the
> output grouped into bytes, up to 8-byte chunks (I think). Is there a
> utility or method for detecting bit-level problems?
The size of units input to a test tool doesn't necessarily have
anything to do with whether the test treats bit level
characteristics or not. See Maurer's universal statistical test.
M. K. Shen
------------------------------
From: Erwin Bolwidt <[EMAIL PROTECTED]>
Subject: Cryptonite java library
Date: Fri, 29 Jan 1999 12:20:35 +0100
Hello,
We're looking at the Cryptonite library. (
http://www.hi.is/~logir/cryptonite/ )
It looks like a good library for encryption, including DES, triple-DES,
Diffie-Hellman key exchange, RSA and an easy API for using them with
files or with interactive connections.
Has anyone with enough knowledge examined it for weaknesses in the
implementation, or has other comments about the library?
Many thanks and regards,
Erwin Bolwidt
------------------------------
From: handWave <[EMAIL PROTECTED]>
Subject: Re: 128 bit Everest, 64 bit Coin
Date: Fri, 29 Jan 1999 03:47:23 -1000
Trevor Jackson, III wrote:
>
> handWave wrote:
>
> > I
> > made
> > some rough
> > calculations
> > yesterday comparing
> > 64 bit keys to 128 bit keys.
> > There are about 2^64 atoms in a coin.
> > There are about 2^128 atoms in Mount Everest.
>
> So there are 2^64 coins in Mt. Everest? I think that number is too
> large. Way too large.Ever hear of covering a chessboard with kernels of
> grain, doubling on each cell?
I
made
those initial
calculations in my head
while lying in bed waiting
to fall asleep, so now I will
check my figures on phosphor. Here
was my thought process. The mean density
of rock is about 4 to 5 grams per cubic cm.
One mole of rock has 6*10^23 molecules in it like
silicon dioxide, 3 atoms per molecule, giving 10^25
atoms per mole which weighs about 60 grams. So each cc
has about 10^24 atoms. Multiply the exponent by 3.3 to get
bits. 75+7.5 ~ 80 so each cubic centimeter has 2^80 atoms and
there are 2^48 cc for 2^128 atoms. The cube with each edge
2^16 cm has that much volume. 2^14 meters is 16km.
Everest is 10km high, but its base is much wider
than its height. So 10km x 20km x 20km of rock
has 2*128 atoms. To find the volume of 2^64
atoms, reduce each edge by the cube root
of 2^64 or 2^20 or a million.
10km/10^6 = 1cm but a gold
coin is 5 times as dense
as rock so
.2cm x 1cm x 1cm
is the size
of a coin.
> > The Universe has about 10^88 particles or 2^291 particles.
>
> You must be counting photons too.
Yes,
I counted
every photon
emitted from every
star in the known known
universe for 14 billion years.
>
> > All of the gold owned today could fit in my house.
>
> Your house must be enormous. In all of history we've mined about
> 100,000 tons (1e11 grams) of gold. Most of it is still around.
Much
of it
was lost
at sea or
lost at land.
Some was used in
industry. Fort Knox
in the USA had 40 billion
dollars worth of gold the last
time I checked. Do the math.
>
> > Donations are welcome.
> > handWave
I have a big house.
------------------------------
From: "Simon T." <[EMAIL PROTECTED]>
Subject: NEW CRYPT KIM10 CIPHER
Date: Fri, 29 Jan 1999 12:54:03 +0100
NEW CRYPT KIM10 CIPHER..
.
TEST
CRYPT TEXT.
MKOMNITE RNSAAE D D TYPAAS S' NMI DN SO
end of lind
Simon T.
DEN.
------------------------------
From: [EMAIL PROTECTED] (Brad Templeton)
Crossposted-To: talk.politics.crypto,comp.sys.intel
Subject: Re: Some more technical info on Pentium III serial number
Date: 28 Jan 1999 18:22:55 PST
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (Paul Rubin) wrote, in part:
>
>>EE Times had an article giving a little bit more info on how
>>the PIII unique id's work. Not a full description, but more
>>than I've seen here on the newsgroup. I'm repeating the URL
>>from someone else's Usenet article (sorry, I don't remember whose):
>
>> http://www.eet.com/story/OEG19990127S0011
>
>>I might post a comment or two later.
I don't get it. How does a web server "request" the ID of a client?
A web server can't make any requests of a client. The client makes
requests of the server. The server can send back things like Redirects
and Authentication responses that make the client do more, but there
is nothing in any web browser or the HTTP protocol to send these
serial numbers or play the games described.
Has Intel been proposing extensions to HTTP or other protocols?
Where are those extensions documented?
Has any browser vendor or the W3C given even the slightest indication
they would support such extensions?
--
Brad Templeton http://www.templetons.com/brad/
------------------------------
From: handWave <[EMAIL PROTECTED]>
Subject: Re: Question on key lengths
Date: Fri, 29 Jan 1999 03:57:06 -1000
Brett W wrote:
>
> Hi
>
> This may sound stupid, but is there any particular reason we have key
> lengths that are a power or multiple of 2. Is it for efficiency, beauty
> (there seems to be something elegant with 1024, 2048 etc) or that
> something restricts it to being like this?
>
> Brett W
Keys are not restricted to powers of 2, but binary computers can be
programmed more efficiently when such powers are used sometimes. For
example, public keys are often 1024 bit plus or minus 256 bits (768 bits
or 1280 bits).
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
