Cryptography-Digest Digest #119, Volume #9 Mon, 22 Feb 99 02:13:03 EST
Contents:
Block ciphers vs Stream Ciphers ("Gustavo")
Take my hand, PLEASE (GGr2438049)
Re: Help - Seeking Substitution Cypher Program (GGr2438049)
Re: Take my hand, PLEASE (GGr2438049)
Re: I'm puzzled
Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES
Re: Standard fileheaders for encrypted files
Re: Take my hand, PLEASE (Bart Bailey)
Re: Bigger variables... (wtshaw)
Re: Another extension to CipherSaber (wtshaw)
Re: Randomness of coin flips (Herman Rubin)
Re: Take my hand, PLEASE (JUzarek)
Re: Where to publish hashes? (Michael Sierchio)
Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES (wtshaw)
Re: 640-bit Modulus Factored. (wtshaw)
Re: *** Where Does The Randomness Come From ?!? *** (Seisei Yamaguchi)
Re: 16 bit TwoFish (J R Slack)
----------------------------------------------------------------------------
From: "Gustavo" <[EMAIL PROTECTED]>
Subject: Block ciphers vs Stream Ciphers
Date: Tue, 16 Feb 1999 04:17:07 +0100
Hi.
It seems that the cryptographic community is
interested almost only in block ciphers and not
in stream ciphers.
What are the advantages of the first ones?
Thank you
Gustavo
------------------------------
From: [EMAIL PROTECTED] (GGr2438049)
Subject: Take my hand, PLEASE
Date: 22 Feb 1999 02:19:12 GMT
I've got a cipher that has been unsolvable for 30 years or so, and another one
with 13 characters I think I know the plain text of. Not knowing a thing about
ciphers except watching an old girlfriend's dad solve them night after night, I
need to find the solution to this to find a murderer, for real. Since they are
from 30 or so years ago, doubt very much they are created with the aid of a
computer. The perpetrator I'm sure is quite intelligent and complicates
matters by throwing in a whole bunch of extra and mirror imaged characters.
What do I need to do to solve message and make everybody happy?
I've got a cipher that has been unsolved for 30 years or so, and another one
with 13 characters I think I know the plain text of. Not knowing a thing about
ciphers except watching an old girlfriend's dad solve them night after night, I
need to find the solution to this to find a murderer, for real. Since they are
from 30 or so years ago, doubt very much they are created with the aid of a
computer. The perpetrator I'm sure is quite intelligent and complicates
matters by throwing in a whole bunch of extra and mirror imaged characters.
What do I need to do to solve message and make everybody happy? email me for
the cipher, the 13 characters I suspect I know, and a solved three part cipher
as an example of the mindset. It may be a variation of a military algorithm or
one of the killer's own ingenuity. He claims to have done away with 37 by 1978
and I suspect he continues to increase the count to this day.
------------------------------
From: [EMAIL PROTECTED] (GGr2438049)
Subject: Re: Help - Seeking Substitution Cypher Program
Date: 22 Feb 1999 02:37:38 GMT
What if it is a patristocrat cipher with at least twice as many characters
(forward and reversed) as the alphabet? It is still a substitution cipher and
are there programs to crack it? I have one over 30 years old that the best
minds, NASA, the FBI, and you name it, can't or couldn't crack then. There is
a 13 character accompanying cipher that I think I may know the plain text of.
If that is true, does it make a difference then? I also have a three part
cipher, solved by a high school teacher years ago, that may reveal the
technique employed. I thought I posted a new subject message earlier but fear
it was posted as a reply to another subject I was just scoping out but can't
remember, which may shed some light. Desperate!!!
------------------------------
From: [EMAIL PROTECTED] (GGr2438049)
Subject: Re: Take my hand, PLEASE
Date: 22 Feb 1999 02:53:24 GMT
Sorry for the double take here people, I haven't used AOL newsgroups reader
before and I was trying to spell check by copying to mail and then back here,
but forgot to delete the original, evidently. Since I don't think I will
slove this thing in one iteration, is there a way to spell check in the
newsgroup boxes?
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: I'm puzzled
Date: 22 Feb 99 02:00:59 GMT
FunkyDunk ([EMAIL PROTECTED]) wrote:
: Just wondering if anybody has any idea of what the encryption is at the
: bottom of the message below. Always a strange header, always a strange
: description and always this weird encrypted text.
There is this spammer for a Dutch porn site that pads his messages with
random letters so that they can't be as easily killfiled.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES
Date: 22 Feb 99 02:12:47 GMT
[EMAIL PROTECTED] wrote:
: I was careful to say that NOT the unicity formula was used, but the unicity
: concept -- and I clearly distinguished both of them.
I'm sorry I missed that. But you seemed to be saying that people who
claimed the answer was what the unicity formula gave were "wrong".
An extension or generalization of the unicity concept can be something
useful and fruitful. But the existing view of unicity, pedestrian though
it may be, is useful and applicable.
Benoit Mandelbrot made a great contribution to mathematics with his work
on fractals. But he came close - because of the way he noted that objects
in nature resemble fractals more than they do simple, easily
parameterized, geometrical shapes - to being percieved as a crank, because
it appeared to some that he was saying we should throw Euclid away.
Even when the new idea is more correct than the old one, well tested
theories that are used in practice don't get thrown away. Railroads will
continue to be designed without relativistic corrections for a long time
to come.
New ideas are wonderful: and the people who will find a use for them will
thank you for them. Annoying those who will not benefit from your new idea
with the "need" to consider it in their calculations is pointless. In your
case, your new idea probably is more relevant to linguists than it is to
cryptographers.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Crossposted-To: talk.politics.crypto
Subject: Re: Standard fileheaders for encrypted files
Date: 22 Feb 99 02:18:14 GMT
Jay ([EMAIL PROTECTED]) wrote:
: Kiril Kesarev wrote in message <[EMAIL PROTECTED]>...
: >Is there any standardized fileformat for encrypted files which
: >indicates whether the file is encrypted? The standard I am looking
: >for should not be application-specific, but an official government
: >standard.
: Why on earth are you adding restrictions to yourself?? I have never heard of
: a case where the gov required this, why are you trying to add it?
There is no government standard for headers, but the U.S. government does
individually approve encryption programs for export. And it *does* require
that encryption programs with 40 or 56 bit keys have mechanisms in place
to prevent a gain in security from multiple encryption.
Essentially, the encryption has to be "application-specific", usable for
encrypting E-mail messages, or credit card numbers, or disk volumes - but
not wide-open. As long as the government has a list of all the headers,
though, it doesn't care if they are not standardized - so that nobody
*else* can easily crack a multiple encryption.
And they also reject algorithms like Blowfish, with its slow key setup.
John Savard
------------------------------
From: Bart Bailey <[EMAIL PROTECTED]>
Subject: Re: Take my hand, PLEASE
Date: Sun, 21 Feb 1999 19:27:07 -0800
netscape has a spell checker, should be compatible w/ aol these days
GGr2438049 wrote:
> Sorry for the double take here people, I haven't used AOL newsgroups reader
> before and I was trying to spell check by copying to mail and then back here,
> but forgot to delete the original, evidently. Since I don't think I will
> slove this thing in one iteration, is there a way to spell check in the
> newsgroup boxes?
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Bigger variables...
Date: Sun, 21 Feb 1999 20:08:52 -0600
In article <7aph3m$5o32$[EMAIL PROTECTED]>, "D"
<[EMAIL PROTECTED]> wrote:
> What I'm talking about would increment the running key after each block and
> have more operations than just xors, like one op could be a backwordization
> of some plaintext bits
> bak p,2-13 (bits 2-13 would become bits 13-2)
> or moving bits around
> mov p,8-12 to 5
> or multiplying with keybits
> mul p,2-7 k,8-12
>
> This would define a different cipher for each block and could additionally
> be dependant on cfb
Be careful, or you might start growing webbing between your toes... a la Frog.
Seriously, there is something to this concept, but having an acceptable
number of defined alternatives is essential. The idea of restricting
manipulations to bits alone seems too confining when there are many other
alternative to add to the mix.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Another extension to CipherSaber
Date: Sun, 21 Feb 1999 21:07:22 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul Rubin) wrote:
>
> The main thing I think CipherSaber needs is to produce printable
> output for convenient emailing, by coding the output as ascii
> characters. Simplest would be to just produce hexadecimal output,
> though this doubles the size of the output. A bit nicer would be to
> use a 64-character set (like PGP ascii armor) to encode 6 bits/char.
> Even fancier is to use 83(?) chars to encode 4 bytes in 5 chars.
>
To convert a binary stream to lower ASCII in fewest characters for
economical transmission with an easy conversion, consider these
relationships: 2^13=8192 and 91^2=8281; output for each 13 bits is 2
characters. A 90 character set could just as well be used for plaintext
since 90^2=8100.
To fully utilize this relationship, coming up with some multiple of 13
bits in a block would be useful. I see blocksizes of 13 and 26 in a
simple example transpostion/substitution block cipher.
You could also exploit this relationship: 80^3=512,000, 2^19=524,288. and
81^3=531,441, which is also defines a good doorway to take binary streams
into trit-algorithm territory.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (Herman Rubin)
Subject: Re: Randomness of coin flips
Date: 21 Feb 1999 20:06:16 -0500
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>> So I can make a statement such as "there is only one chance in 1,000
>> that a uniform Bernoulli process would have produced such a skewed
>> distribution" and therefore reject the hypothesis that it was
>> produced by a u.B.p.
>... with more than 99.9% confidence? To do this right, you should
>also consider what your a priori estimate was for the process to be
>uniform Bernoulli. (For example, if you *know with certainty* that
>it really *is* a u.B.p., your a posteriori estimate will still be
>certainty that it *is* a u.B.p.)
My prior probability it is a uniform Bernoulli process is ZERO.
All that can be hoped for is that it is close to such a
process. This is generally the situation; the observations
almost never have the assumed properties, let alone the
hypothesis being tested. The questions, can it reasonably be
take to be close enough.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
[EMAIL PROTECTED] Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
From: [EMAIL PROTECTED] (JUzarek)
Subject: Re: Take my hand, PLEASE
Date: 22 Feb 1999 04:29:13 GMT
>I've got a cipher that has been unsolvable for 30 years or so, and another one
>with 13 characters I think I know the plain text of. Not knowing a thing
about
>ciphers except watching an old girlfriend's dad solve them night after night,
I
>need to find the solution to this to find a murderer, for real. Since they
are
>from 30 or so years ago, doubt very much they are created with the aid of a
>computer. The perpetrator I'm sure is quite intelligent and complicates
>matters by throwing in a whole bunch of extra and mirror imaged characters.
Sounds like the Zodiac killer. The 13 character message is supposed to be his
name.
Check out: http://www.humboldt.edu/~jrg1/zodiac/
>What do I need to do to solve message and make everybody happy?
A lot of knowledge, creativity, perserverance and luck .
May the force be with you !
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: Where to publish hashes?
Date: Sun, 21 Feb 1999 19:59:58 -0800
Reply-To: [EMAIL PROTECTED]
"Trevor Jackson, III" wrote:
> I think there's a service that mixes such information with common dated
> material like daily news broadcasts, and hashes the whole mess such that
> manipulating the stored material would invalidate all following data in
> the log.
What ever happened to the PGP Timestamping Service?
You might also consider taking a Legal Notice Advertisement in a "newspaper
of record" for your municipality.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Unicity of English, was Re: New high-security 56-bit DES: Less-DES
Date: Sun, 21 Feb 1999 20:03:28 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] () wrote:
> When there is no encipherment, there is no task of picking the correct
> message out from competing garbage - even if one isn't certain the letter
> C really is part of English text. Saying that plugging numbers into the
> unicity formula blindly will, in some cases, yield unmeaningful results is
> one thing, and you would be correct if you said that. Saying that the
> unicity formula does (or should) deal with the case you give as an
> example, however, is incorrect. Such a formula would be unwieldy.
>
Given a an algorithm that must be brute forced means that the first key
tried may be the one you need, or the whole of keyspace might be searched
before, as it might happen, the last one left is the one you need. A
brute force average of 50% of keyspace makes sense
Supposedly, an intelligent break would include some guessing even if you
knew the ballpark numbers to drop into a unicity formula. Since the
actual structures of English you might recognize vary greatly in length,
the numbers in the formula must allow for that fact. So, just as in brute
forcing, there can be no absolute value for guaranteeing a solution
dependent on identifying an unidentifed structure.
So, in an unmathematical sense, consider intercity as only a marginally
important indicator rather than a specifically important number that you
must have, something that you could always put to good use, or could
imagine had a value, perhaps, not even reaching one significant digit.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: 640-bit Modulus Factored.
Date: Sun, 21 Feb 1999 20:10:52 -0600
In article <[EMAIL PROTECTED]>, Ted Kaliszewski <[EMAIL PROTECTED]> wrote:
> The answer is, at present: nil! I made it quite clear that the method I am
> now exploring is working only ( and then, not always) for moduli that are
> pseudoprimes and, especially, strong pseudoprimes. I have used both the
> Cipolla's and Jaeschke's algorithms to compute such moduli and, definitely,
> not to dazzle anyone but simply to point the rather amazing nature of this
> restricted solution. Perhaps, with luck I may still discover a simple
> method of factoring a general class of moduli (your example) that will
> not require mobilizing half of the academia and most of the working
> computers for its solution. Wish me luck!
Good luck on finding a sea plug.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (Seisei Yamaguchi)
Crossposted-To: sci.skeptic,sci.philosophy.meta
Subject: Re: *** Where Does The Randomness Come From ?!? ***
Date: 16 Feb 1999 09:25:40 GMT
Hi, this is Seisei.
Sorry mike, I understand what you said. Today.
>From my enough ":)" ability about English language.
And I agree with you ``everything is signal''.
Or rather ``all ---object and not--- is signal (information) ''.
In <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote {
Like all words, "random" has specific meaning in specific context.
For crypto, having something be unknown to all possible observers
at a specific time is sufficient. Usually, only one observer
gathers some random data for some particular use. How this is
passed on to other observers, and how the data is discovered
by some attack chain depends on the crypto application.
If one person uses a program which generates random bits by measuring
key stroke delta times, another person could study the habits and
motor abilities of the operator and learn something about how the
"random" bits get generated. They may find some particular pattern
which may allow them to guess the random bits generated before or
after the study. This attack is not likely to be successful, but
it's an interesting thing to think about.
}
--
Seisei Yamaguchi (%name = ( "first",jp( "�$B@D@1�(B" ), "family",jp( "�$B;38}�(B" ) ))
http://hp.vector.co.jp/authors/VA010205/
Today is first day of rest of the life.
jp( "�$B:#F|$O;D$j$N?M@8$N:G=i$NF|�(B" ) --from BH90210 (jp)
I want your indication. jp( "�$B%,%D%s$H8@$C$F$/$l�(B" )
I want workplace we may sing and dance if the job isn't bear on music.
jp( "�$B$_$s$J$G2N$C$FMY$l$k;E;v>l�(B (�$BHs2;3Z7O$N$G$b�(B)
�$B$,$"$C$?$i$$$$$J�(B" )
My message is copylefted (see GPL) .
I limit number of my lovers to 68, at a time.
------------------------------
Subject: Re: 16 bit TwoFish
From: anvil**@encryption.com (J R Slack)
Date: 21 Feb 1999 21:28:26 -0800
In article <7anctj$hno$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>Has anyone here compiled the TwoFish (optimised) code
>for 16 bit Windows ?
>If so, were there any problems ? What compiler did you use ?
Not the optimized, but yes, the \refcode version from the NIST disk. Compiled
to a 16-bit DLL with Borland 4.01 (it's a long story...); not yet a Product,
not yet optimized, will happen when I can find my Round Tuit.
No major problems, other than stripping out the AES test code and modularizing
what was left; took about a day and a half.
Wanna be a Beta tester? (oops, I just noticed where you are.)
Regards,
J R Slack
[EMAIL PROTECTED]
www.encryption.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
