Cryptography-Digest Digest #811, Volume #8 Tue, 29 Dec 98 22:13:03 EST
Contents:
Re: Opinions on S/MIME ("Rich Ankney")
Re: History of Cryptanalysis ("Don Chiasson")
Re: History of Cryptanalysis ("Don Chiasson")
Re: Session keys in Elliptic Curve ([EMAIL PROTECTED])
Re: [Q. newbie] Authentication/Digital Signatures (Harpy-34)
----------------------------------------------------------------------------
From: "Rich Ankney" <[EMAIL PROTECTED]>
Subject: Re: Opinions on S/MIME
Date: 30 Dec 1998 00:13:16 GMT
This is from the PKIX (not S/MIME) RFC set. Sam is not quite correct that
Proof of Possession (PoP) is the same as sending your private key to the
CA. PoP allows the user to prove to the CA that he knows a private key
(e.g., sign a challenge with your private key, decrypt a challenge with
your
private key, etc.). The ability to archive your private key IS an OPTIONAL
part
of both PKIX certificate management protocols (CMP and CMC) but is not
the same as PoP.
Regards,
Rich
Brad Aisa <[EMAIL PROTECTED]> wrote in article <[EMAIL PROTECTED]>...
> Sam,
>
> Thanks for your detailed and instructive response. The thing that most
> disturbed me (apart from the 1024-bit key limit), was this:
>
> Sam Simpson wrote:
>
> > One of the S/Mime standard documents [PKIX98] describes a "feature" of
> > S/Mime called "Proof of Possession of Private Key". This is a
mechanism
> > whereby end users private keys are deposited with the CA when
certification
> > is requested. This is a very worrying inclusion and makes the
> > implementation of mandatory key escrow a trivial matter. The PGP draft
> > standard contains no such references to key recovery technology.
>
> Does this mean that when I obtained a certificate from Thawte, that my
> *private key* was transmitted to them???
>
> Please tell me it ain't so...
>
> --
> Brad Aisa
> [EMAIL PROTECTED]
> S/MIME signed using freemail ID from www.thawte.com
>
> "Laissez faire."
------------------------------
From: "Don Chiasson" <[EMAIL PROTECTED]>
Subject: Re: History of Cryptanalysis
Date: Tue, 29 Dec 1998 18:00:40 -0500
Another classic (is it still in print?) is Herbert O. Yardley's
"The American Black Chamber", originallly published in 1931.
It is about American code breaking from 1913 until 1929 when
secretary of state Stimson shut down the operation with a
remark to the effect that "Gentlemen do not read other people's
mail." It is a good read.
Don
Ian McConnell wrote in message ...
>Plenty has been written about the cracking of the German and Japanese codes
>during World War II, but there seems to be little information on the
>cryptanalysis that was carried out pre-WW2. ...........
------------------------------
From: "Don Chiasson" <[EMAIL PROTECTED]>
Subject: Re: History of Cryptanalysis
Date: Tue, 29 Dec 1998 18:00:40 -0500
Another classic (is it still in print?) is Herbert O. Yardley's
"The American Black Chamber", originallly published in 1931.
It is about American code breaking from 1913 until 1929 when
secretary of state Stimson shut down the operation with a
remark to the effect that "Gentlemen do not read other people's
mail." It is a good read.
Don
Ian McConnell wrote in message ...
>Plenty has been written about the cracking of the German and Japanese codes
>during World War II, but there seems to be little information on the
>cryptanalysis that was carried out pre-WW2. ...........
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Session keys in Elliptic Curve
Date: Wed, 30 Dec 1998 00:04:05 GMT
Hi guys, about a year ago, I was handed a demo encryption/decryption
program in QBASIC that handles 128-bit encrypted messages. A few months ago,
I post a message about it in one of these forums, and you guys said that
my program didn't work right. Well, I would like to know if that's true or
not.
In your reply, please leave a short, encrypted message, along with its
password. Please keep the message short, and I'll type it into the program.
I'll let you know if it works or not for sure. Okay?
Alan
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Harpy-34 <[EMAIL PROTECTED]>
Subject: Re: [Q. newbie] Authentication/Digital Signatures
Date: Tue, 29 Dec 1998 17:59:52 -1000
Thomas Harte ([EMAIL PROTECTED]) wrote:
[...]
: I should perhaps have been a trifle more clear in my posting. I was
: wondering if there is a means of _publicly_ verifying an authenticated
: message by means of an authentication/signature-only protocol, viz. one
: that enables the public at large to verify that Alice, say, is the
sender of
: a
: particular message (e.g. by using "reverse" public-key cryptography),
but
: that does not rely on public-key cryptography as this is, _per se
: _,
: a form of encryption and thus subject to encryption laws.
In <[EMAIL PROTECTED]> Harpy-34 wrote:
> This can be used for encryption. Alice wants to encrypt a file [etc.]
Thomas Harte ([EMAIL PROTECTED]) wrote:
"So, what's the answer to my question, please? :)
Is there a means of publicly verifying a signature such that the
signature protocol cannot be turned into an encryption algorithm?
Harpy-whatsit seems to be saying that there is _always_ a way to
encrypt if authentication is performed.
Even though I am a complete neophyte in cryptological terms,
I shouldn't have thought that I am the first person to have posed
this question. Perhaps it is thought to be of no consequence?
But I cannot see how it should be, given that authentication is
of such import, and that encryption is akin to arms dealing as
far as the US legislature is concerned.
Does anyone care whether or not an algorithm can potentially
be used for encryption? Rivest's chaffing and winnowing shows
that popular authentication mechanisms can be subverted to the
cause of encryption without actually altering/reversing/interfering
with the authentication algorithm itself: the mere fact that
authentication
is performed is enough to form the basis of encryption.
But Rivest's approach is sufficiently indirect to render the
authentication algorithm innocent of any charge of encryption,
potential or otherwise.
Is there even an existence theorem as to possibility of having
signature-only algorithms (one-way signatures)?
Thanks, Thomas."
Harpy-34
is happy to
reply with a
fresh statement !
I already told you
how ANY authentication,
any signature, any Message
Authentication Code (MAC) software
can be used to produce a One Time Pad
by using a counter as input to the legal
software. But this was for one person who
was archiving ciphertext without key exchange
problems. I will now go one step further, and show how
any Public Key signature standard can be used as a liminal
channel so that two people can send encrypted messages within
a signature that can be verified by any person using the public key.
To begin the protocol, Alice and Bob communicate with each other in
secret,
not to share a secret key, but to establish this protocol. Alice
creates a
message and signs it using hur private key. The message content
is not important,
but it is a message which seems to have value on its own,
much like this post
seems to have some value, separate from the sentence
parsing protocol which is
being used to communicate something to John which
is not related to your neophyte
interests. The message and its signature are
posted on a website and the public
can use Alice's public key to verify the
message. Bob downloads the message and
the signature. In this post I am not
going to tell you the secret calculation
which Alice and Bob agreed upon,
example calculations will come in my next
post. Bob uses the calculation
to determine what characteristic the signature
must have before he will send
a reply message. Bob creates several possible messages,
signs them with his private
key, and examines the signatures to decide whether any of
these binary numbers meet
the criteria which were established during the secret meeting.
When he finds a signature which meets the criteria, Bob then will
use this message and this signature as his reply. He posts
his reply on his website and public people can verify
the signature with Bob's public key. Alice downloads
the message and signature. She can now extract
several encrypted bits of information from the
signature, knowing that Bob would only send
hur a signature if it had a binary value
which conforms with the criteria which
they have previously arranged. They
continue exchanging many messages
and after a few rounds of this
innocent-seeming
communications,
Alice
has accumulated
128 bits of binary information
which can be used in phase two, to be described in
a later post. These two people have now bootstrapped a secure
channel which will grow in sophistication,
as phase two and phase three
provide them with
plaintext
instructions for modifying their protocol
so it will become more efficient with each passing week.
After a year has passed, they have exchanged, with this protocol,
codebooks and stego software like that which is
used to interpret this post to sci.crypt.
Osprey-2/3/190/17
NO!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
