Cryptography-Digest Digest #81, Volume #9 Mon, 15 Feb 99 09:13:06 EST
Contents:
Re: *.EXE files Encryption (Mr. Tines)
Re: 640-bit Modulus Factored. (Peter L. Montgomery)
Re: Metaphysics Of Randomness ("Trevor Jackson, III")
Re: security? (David A Molnar)
Re: security? ("John Doe")
security? ("John Doe")
Re: How does the Enigma Machine work? ("Douglas A. Gwyn")
Re: security? ("Douglas A. Gwyn")
True Randomness ([EMAIL PROTECTED])
Re: some hash questions
([EMAIL PROTECTED])
Re: security? ("John Doe")
Re: An observation on sci.crypt (Bo D�mstedt)
Re: Foodfight! (R. Knauer)
----------------------------------------------------------------------------
From: Mr. Tines <[EMAIL PROTECTED]>
Subject: Re: *.EXE files Encryption
Date: 08 Feb 1999 21:35 +0000
###
On Mon, 08 Feb 1999 20:22:50 GMT, in <79nh2e$i3e$[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote.....
> I am a beginning C programmer.
> and when I am making for example a program that requires the password to
be
> entered, any one can easily see the password by examining the program in
the
> notepad.
>
> Can anyone give me a piece of advice how to get rid of this problem?
Don't store and compare the password in plain; store
something like a hash of the password with some other
fixed string. When the user enters the password, hash
that as before, and compare the results.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< www.geocities.com/SiliconValley/1394
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
### end pegwit v8 signed text
6828493965f6e9ef874ef9236422fc79dbd731c2e4c8c04da045ff9485ac
95eb51976d7c1e40e4816f05cc0cc451f46f4ae5d52de66b00497293bf3d
------------------------------
From: [EMAIL PROTECTED] (Peter L. Montgomery)
Subject: Re: 640-bit Modulus Factored.
Date: Mon, 15 Feb 1999 00:03:14 GMT
In article <[EMAIL PROTECTED]>
Ted Kaliszewski <[EMAIL PROTECTED]> writes:
> 13 February 1999
>640-bit Modulus Factored.
> Now, friends, do not panic! The modulus in question is, indeed,
>a legitimate two-primes composite BUT, it is also a pseudoprime to
>bases of 3, 5, 11 and 13. It is one of my favorite traps. This modulus
>factors easily via the construct of ufm with a prime multiplier of
>65537.
> Here it is:
>n=
>258235611221564887324336132528616569709171143133191762270611528270579\
>528902851865120478046304699997730811969691803799491527919245659499681244\
>7182731923492396146370564696347865725215472047041631
>p=
>227260032219290546911431576628944021599721419449237531076055686338663\
>7965958418193416061231579621
>q=
>113630016109645273455715788314472010799860709724618765538027843169331\
>8982979209096708030615789811
> As you can see, I am inching toward my goal of 1024-bit modulus.
>Incidently, can anyone touch the above modulus with, say, the NFS
>factoring algorithm? If so, let me hear about it.
The factorization has the form N = p*q where p = 2m + 1 and q = m + 1
for an integer m. When I feed it to my factoring program,
using the P-1 algorithm, I choose a base b and start with powers
of b^(N-1) = b^(2*m^2 + 3m).
The exponent is already divisible by m = q-1, and will
be divisible by 2m = p-1 once we insert a factor of 2 into the exponent.
The first GCD is divisible by both p and q, giving us no factorization.
The program even says `Probable prime cofactor' for the 193-digit
number which it previously declared as composite twice.
But when we try the P+1 algorithm, we may (depending upon our seed) need
an exponent divisible by one of q-1 and p+1 (or one of q+1 and p-1)
rather than one of q-1 and p-1 (or one of q+1 and p+1).
Low multiples of N-1 are divisible by divisible by q-1 and p-1 but not p+1.
We luck out for half of the choices of our seed. An example follows.
Montgomery factorization program. Compiled Tue Jun 3 21:25:54 MET DST 1997.
Allows inputs up to about 6300 decimal digits.
25823561122156488732433613252861656970917114313319176227061152827057952890285
Composite cofactor has 193 digits:
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
RAND_PRINT - Current random number seed is 198181203 295196730 233382925
25823561122156488... p-1 method found divisor near p= 227
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
CHEK - Nontrivial GCD p-1
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
The first number below is the product of the second and the third, as found
by p-1 after 2131 multiplies and GCDs
in 0.07 CP seconds at Mon Feb 15 00:41:43 1999
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
1
Caution - factor found is not prime
Cofactor is 1 -- terminating
25823561122156488732433613252861656970917114313319176227061152827057952890285
Probable prime cofactor has 193 digits:
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
25823561122156488732433613252861656970917114313319176227061152827057952890285
Composite cofactor has 193 digits:
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
RAND_PRINT - Current random number seed is 224072788 512069489 376439319
25823561122156488... p+1 method found divisor near p= 227
2272600322192905469114315766289440215997214194492375310760556863386637965958$
418193416061231579621
CHEK - Nontrivial GCD p+1
2272600322192905469114315766289440215997214194492375310760556863386637965958$
418193416061231579621
The first number below is the product of the second and the third, as found
by p+1 after 4368 multiplies and GCDs
in 0.12 CP seconds at Mon Feb 15 00:41:43 1999
2582356112215648873243361325286165697091711431331917622706115282705795289028$
5186512047804630469999773081196969180379949152791924565949968124471827319234$
92396146370564696347865725215472047041631
2272600322192905469114315766289440215997214194492375310760556863386637965958$
418193416061231579621
1136300161096452734557157883144720107998607097246187655380278431693318982979$
209096708030615789811
Probable prime cofactor has 97 digits -- terminating.
--
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
------------------------------
Date: Tue, 09 Feb 1999 10:18:06 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Metaphysics Of Randomness
Patrick Juola wrote:
> In article <[EMAIL PROTECTED]>,
> R. Knauer <[EMAIL PROTECTED]> wrote:
> >On 5 Feb 1999 09:11:19 -0500, [EMAIL PROTECTED] (Patrick Juola)
> >wrote:
> >
> >>Well, a simple example, then. Perhaps oversimplified -- but what
> >>do you expect for free in a seventy-line posting.
> >
> >The truth, perhaps? Or is that asking too much? What makes you think
> >that the truth costs money to obtain?
>
> Opinions, from experts, cost money. Truthful opinions tend to
> cost even more.
>
> >>Define a level of "unacceptable" bias
> >
> >What makes you think that tests for bias are conclusive? What if a
> >PRNG passes such tests, and yet is not secure at all?
>
> That's a separate question.
>
> >>Implicit in this is are (mathematically) two probabilities, that
> >>the statistician you hired can probabily give you the formulae
> >>for.
> >
> >"Probably" give you the formulas? If he can't give the you the
> >formulas, then he is a Snake Oil salesman - not a statitician.
>
> Depends on how much you hired him for. You asked above why the
> truth would cost money. You hire a cheap statistician, you may
> not get the formula....
>
> >>1 -- the probability that a good generator would fail this
> >>2 -- the probability that a biased generator with bias right as
> >> the threshhold would pass.
> >
> >You have reduced the whole question of using statistical tests down to
> >testing for bias. I find that inadequate.
>
> That's because all there *is* is bias. "Capable of generating all
> finite-length strings equiprobably", remember? If there's some string
> that is less (or equivalently, more) probable than the norm, then
> that's a bias against (for) that string.
>
> You may be thinking of bit-bias, which *is* too limiting a case. But
> bias comes in a lot more flavors than that.
Actually there is at least one other form of defect in number generators.
In principle we can test arbitrary-length bit-strings for their density
within the space sampled. Any lack or excess constitutes a bias. However,
the cost of this kind of test grows exponentially wih the length of the
string.
In response to this fact we tend to break the large bit-strings up into
smaller elements, sub-strings, and then look for patterns among the
elements. These tests search for correlation, dependence, among the
substrings that would appear as bias from the perspective of the entire
bit-string.
Since the structire of these correlation tests tend to be distinct from
that of bias tests it may be worthwhile preserving the nomenclature by
which we indicate the type of defect at issue.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: security?
Date: 15 Feb 1999 04:54:54 GMT
John Doe <[EMAIL PROTECTED]> wrote:
> What is the most secure encryption scheme as viewed by you? OTP's are
> excluded. Also.. 3DES is not included.. So with the exception of those..?
Define "secure".
------------------------------
From: "John Doe" <[EMAIL PROTECTED]>
Subject: Re: security?
Date: Mon, 15 Feb 1999 05:03:25 GMT
Security refers to the most difficult to attack.. In any form. I know its
broad.. but feel free to categorize
------------------------------
From: "John Doe" <[EMAIL PROTECTED]>
Subject: security?
Date: Mon, 15 Feb 1999 04:10:30 GMT
What is the most secure encryption scheme as viewed by you? OTP's are
excluded. Also.. 3DES is not included.. So with the exception of those..?
============================================================================
================================================================
DH/DSS 4096/1024
DH/DSS Fingerprint: E977 2850 E030 7DCF 524E BECE D7A9 D4E8 0E10 8E8D
DH/DSS Key ID: 0x0E108E8D
Key Location: Http://members.aol.com/niceguy345/DSS.asc
RSA 2048 bit
RSA Fingerprint: 5439 C0AE 1CAA 2248 FAF4 D962 981A 3EFB
RSA Key ID: 0x4D48D1E3
Key Location: Http://members.aol.com/niceguy345/RSA.asc
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How does the Enigma Machine work?
Date: Mon, 15 Feb 1999 07:33:43 GMT
David wrote:
> I am interested if some one could explain how the
> Enigma Machine works?
There are good descriptions in library books and Web sites.
For example,
http://www.geocities.com/CapeCanaveral/Hangar/4040/bombe.html
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: security?
Date: Mon, 15 Feb 1999 07:39:17 GMT
John Doe wrote:
> Security refers to the most difficult to attack.. In any form. I know its
> broad.. but feel free to categorize
The absolutely most secure secret is one that was never recorded,
with everybody who knew it already dead.
------------------------------
From: [EMAIL PROTECTED]
Subject: True Randomness
Date: 15 Feb 1999 07:40:44 GMT
``Find an event that happens regularly but randomly: atmospheric noise peaking
at a certian threshold, a toddler falling while learning to walk, or some
such. Measure the interval between one event and the next event.''
--Applied Cryptography
Taped permanently to my monitor is a quarter, next to which is written, in red
ink, CRYPTOGRAPHICALLY SECURE BIT GENERATOR. When I need a few random bits, I
take out the old coin, flip them out. A lot of bitching goes on in this
newsgroup about how unportable most random-generation is, or how randomness
can't be found, or where to find randomness, etc, etc, etc, but why not just
get off your asses and flip a coin?*
* This advice DOES NOT apply to NSA cryptographers, whose hands are too tired
and sore from masturbating to flip a coin. They'll have to find something
else.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: some hash questions
Date: 15 Feb 1999 07:51:48 GMT
Get a real programming language. Or play with XOR's like the rest of the
VB idiots.
>Well. I've looked into several hashing functions (SHA-1, Tiger, ruby,
>etc.) or encryption techniques that include hashing as a component.
>
>I'm working on a set of VB encryption functions, however, VB is -VERY-
>limited in the mathematics department (No native unsigned data types, no
>native bit shift operations, etc.). because of this, i'm forced to tread
>away from the well-worn path of acceptable algorithms, and into the much
>darker region of 'hack it together yourself'.
>
>This being as it is, I have a few questions to pose to you all.
>
>1) ALL of the hashing functions i've seen use 32bit unsigned data types
>for thier blocks. This gives me a choice between sacrificing a bit, for
>the sign (leaving me only 31 bits) or attempting to cobble together a
>composite data type (using bytes, the only unsigned data type available
>to me). My question is this : Could the loss of 1 bit significantly
>affect the quality of the hash? (if not, then most of the rest of this
>message doesn't really apply)
>
>2) From looking at other hash functions, they usually have a message
>digest length of 150-170 bits. Does the padding of blocks affect the
>quality of the hash, IE, SHA-1, instead of thier usual padding
>mechanism, if a straight 0/FF pad was used instead.
>
>3) (i'm pretty sure i already know the answer to this one, but i'll ask
>anyways to be on the safe side) Using a smaller block element length
>(using a signed integer, or even byte values) be detrimental to the
>security of the hash? IE. instead of using 64 unsigned longs, use 256
>byte blocks.
>
>Most of this, i'm sure, can be answered with 'It depends on the quality
>of the hashing algorithm'. I would like to use an SHA style hash, and if
>possible, make it such that it follows the guidelines set forth in FIPS
>180-1 for a compatable SHA implementation.
>
>thanks for your patience ;)
>-Alex
------------------------------
From: "John Doe" <[EMAIL PROTECTED]>
Subject: Re: security?
Date: Mon, 15 Feb 1999 08:18:35 GMT
That is assuming that the conspiracy theorists arent correct. If they are
then there is no doubt some way for the NSA to scan the brain and get all
data contained in it.
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: An observation on sci.crypt
Reply-To: [EMAIL PROTECTED]
Date: Mon, 15 Feb 1999 12:26:44 GMT
Emrul Islam <[EMAIL PROTECTED]> wrote:
>Hello there,
>Over the last few weeks I have noticed a real big increase in
>the number of articles being posted in this group, and also the
>cryptographic intellegence levels on average have gone up.
It has?
Bo D�mstedt
Protego Information AB
http://www.protego.se/sg100_en.htm
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Foodfight!
Date: Mon, 15 Feb 1999 14:07:22 GMT
Reply-To: [EMAIL PROTECTED]
On Sun, 14 Feb 1999 19:18:40 -0500, Lee Winter <[EMAIL PROTECTED]>
wrote:
>Now *THAT* 's an ignition source. Where's the accelerant?
Every once in a while we here on sci.crypt get invaded by cyberpunks.
You can always spot them with their obnoxious behavior, and this one
below is no exception. They are basically morons who do not understand
any mathematics beyond simple arithmetic, if that much.
Best just ignore them and continue our discussion in a civilized
manner.
Bob Knauer
>Ken Blangert wrote:
>
>> R. Knauer wrote:
>> >
>> > On Sat, 13 Feb 1999 18:25:30 GMT, Dave Knapp <[EMAIL PROTECTED]> wrote:
>> >
>> > >> That's because it is a complicated subject. The closest one comes to
>> > >> crypto-grade randomness is Quantum Mechanics, a very complicated
>> > >> subject indeed.
>> >
>> > >And one with which I am _far_ more familiar than you, FWIW.
>> >
>> > >I don't know whether to laugh or cry about the above. It's just so...
>> > >so... wrong? Stupid? Ignorant? All of these?
>> >
>> > >Enjoy your Deep Metaphysical Discussion.
>> >
>> > Another Flame Twit, eh.
>> >
>> > <plonk>
>> >
>> > Bob Knauer
>>
>> Windbag: a loquations, usually pompous person who has little to say.
>>
>> Come on David Hamilton and Paul Allen, join the fun! This self appointed
>> random number expert always needs the last word: a perpect taget for a
>> slug-fest. These random threads could go on forever, so join in the fun.
>> It is a very difficult concept, randomness, so it must be pounded into
>> our heads over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and over and over and over and
>> over and over and over and over and over and ....
>>
>> RTFB
>
>
>
"Of all tyrannies, a tyranny exercised for the good of its victims may
be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies. The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those
who torment us for our own good will torment us without end, for they
do so with the approval of their consciences."
--C.S. Lewis
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
