Cryptography-Digest Digest #176, Volume #9 Tue, 2 Mar 99 21:13:03 EST
Contents:
Re: New Encryption (I would like some analysis) (wtshaw)
Paranoia release notice (Emrul Islam)
Re: True Randomness - DOES NOT EXIST!!! ([EMAIL PROTECTED])
Re: One-Time-Pad program for Win85/98 or DOS (Jim Dunnett)
Re: Book, Seizing the Enigma (Jim Dunnett)
Re: Why science will be our moral downfall ([EMAIL PROTECTED])
Re: Computational Complexity (Paul Rubin)
Re: New high-security 56-bit DES: Less-DES (wtshaw)
Re: RANDOM (let's end this?) (wtshaw)
Re: sci.crypt.randomness (wtshaw)
Re: Computational Complexity (wtshaw)
Re: Can the quantum computer determine the truth from a lie? (rosi)
Scott Contest Clue (JPeschel)
Re: Musings on the PKZip stream-cipher (Anthony Naggs)
idea for random numbers (bob taylor)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: New Encryption (I would like some analysis)
Date: Tue, 02 Mar 1999 15:17:21 -0600
In article <7bfiqb$[EMAIL PROTECTED]>, Scott Fluhrer
<[EMAIL PROTECTED]> wrote:
> In article <7bfdgk$it1$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>
> >Ok I just started writing my own algorithms, and I came up with what I call E
> >(short for encrypt). Source code is included. I would like some analysis
> >from professionals/amateurs. If it sucks, please tell me. It's the only way
> >I will learn.
> >
> >It uses a 8192 byte value/position dependant key, using XOR's for the actual
> >encryption. The entropy of the output is high (all 256 possible symbols are
> >about evenly probable and distributed). Repeated chars like 'aaaa' are
> >encoded with different entries in the key.
> >
...
>
> - 65536 bits of key is way too much. Why do I say it's too much? Well, how
> are you going to store them? Memorize them? I don't think so. Store them
> on disk? Well, that means that if the attacker finds that disk file, he
> can read the file.
>
If you break the problem into two parts, actual encryption and runtine key
generation, this allows you to introduce options into how to the the 8182
bytes, from only a few bytes, pRNG series, to the full amount, with lots
of compromise options in between.
256 actual input characters is not needed; it could be lots lower
considering your intended uses. People tend to consider universal input
as a desirable, but it is overkill. On the other hand, worst case
plaintext with severe peaks, if encrypted well can demonstrate probable
strength of the encryption algorithm.
Simple XOR is not much of an encryption algorithm by itself, passing off
strength to very long keys.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: Emrul Islam <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Paranoia release notice
Date: Tue, 02 Mar 1999 21:59:34 +0000
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hello,
<br> As some of you may remember after the UBE98 incident,
I said that I would set out to make a decent encryption program.
<br> It is going to be out for release in the next couple
of weeks and I would really appreciate it if any people who would like
to beta test the product would kindly reply to me ( [EMAIL PROTECTED]
).
<p> Beta testers will need a machine running Win95/98
and maybe NT. It is compulsory to fill in a short questionnaire after one
week of testing.
<br>
<p> Any interested parties, should contact me soon.
<p>-Emrul</html>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: True Randomness - DOES NOT EXIST!!!
Date: Tue, 2 Mar 1999 19:59:58 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (R. Knauer)
writes:
> On Tue, 2 Mar 1999 14:23:47 GMT, [EMAIL PROTECTED] wrote:
>
>>I didn't realize that you were attempting to address questions outside
>>the material realm.
>
>>I consider any such considerations religious in nature. And I try not
>>to argue religion. Good day, sir.
>
> Well, you can consider them whatever you want, but you cannot equate
> all thought about non-material objects as religious just because they
> are not in the material realm.
I can equate thought about whether the material Universe has a non-material
root cause as religious. And I can refuse to argue the matter.
I can also equate thought about whether the material Universe has
a non-material root cause as irrelevant to the sci.crypt newsgroup.
> How would you categorize pure mathmatics? There is no such thing as a
> Perfect Circle in the material realm. It is a complete impossibility.
> Does that mean you consider plane geometry to be religious and
> therefore you will not consider such things.
I categorize pure mathematics as an elaborate game of "what if".
One nice thing about mathematics is that the definitions and assumptions
tend to be quite simple and are explicitly and clearly stated. Which
makes it possible to produce rigorous arguments.
Contrast this to the situation with respect to your the so called "law
of cause and effect".
Pose that law mathematically, tie it into cryptography and maybe we can
get this discussion back onto subject matter appropriate for this forum.
John Briggs [EMAIL PROTECTED]
John Briggs [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Crossposted-To: alt.security,alt.privacy
Subject: Re: One-Time-Pad program for Win85/98 or DOS
Date: Tue, 02 Mar 1999 21:49:37 GMT
Reply-To: Jim Dunnett
On Tue, 02 Mar 1999 00:30:26 GMT, [EMAIL PROTECTED] (R. Knauer) wrote:
>On Mon, 01 Mar 1999 22:34:35 GMT, [EMAIL PROTECTED]
>(Jim Dunnett) wrote:
>
>>>>Keys which are sufficiently random will do. There are lots
>>>>of ways of generating them other than with a hardware device.
>
>>>Define "sufficiently random".
>
>>Random enough to defeat cryptanalysis for a sufficient period
>>of time to render the enciphered contents useless, perhaps (?)
>
>OK, now for the question of the hour - how do you characterize your
>pseudo-random numbers to be cryptographically strong enough to meet
>that criterion?
How random is random? Use a noise diode or stellar radio noise
to produce your random bytes. There's no way of determining what
the next key byte is going to be.
However, I wish you luck in your search for a perfect random
number generator. Meanwhile us others have to do with what's
available!
--
Regards, Jim. | An atheist is a man who has
olympus%jimdee.prestel.co.uk | no invisible means of support.
dynastic%cwcom.net |
nordland%aol.com | - John Buchan 1875 - 1940.
marula%zdnetmail.com |
Pgp key: pgpkeys.mit.edu:11371
------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Subject: Re: Book, Seizing the Enigma
Date: Tue, 02 Mar 1999 21:49:38 GMT
Reply-To: Jim Dunnett
On 2 Mar 1999 08:50:09 -0600, [EMAIL PROTECTED] (Jim Haynes)
wrote:
>This is not an advertisement, but for those who might be interested I got
>a Barnes & Noble sale catalog in the mail yesterday and they have Seizing
>the Enigma discounted to $9.95, catalog number E145737. Not clear whether
>you can order from the web page or if you have to call them at
>1-800-THE-BOOK.
And an absorbing read it is...unsurprisingly as the
author is David Kahn. Highly recommended.
--
Regards, Jim. | An atheist is a man who has
olympus%jimdee.prestel.co.uk | no invisible means of support.
dynastic%cwcom.net |
nordland%aol.com | - John Buchan 1875 - 1940.
marula%zdnetmail.com |
Pgp key: pgpkeys.mit.edu:11371
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.philosophy.debate,alt.sci.physics,misc.consumers.house
Subject: Re: Why science will be our moral downfall
Date: Tue, 02 Mar 1999 23:09:39 GMT
On Tue, 02 Mar 1999 21:49:36 GMT, [EMAIL PROTECTED]
(Jim Dunnett) wrote:
>On Tue, 02 Mar 1999 00:25:43 GMT, [EMAIL PROTECTED] wrote:
>
>
>>Dear Friends:
>>
>>How will we explain to our children that 50 RepubliKKKlan Senators cannot obey
>>the very laws they pass and that so-called educators have major problems with
>>basic English reading comprehension, particularly the terms "relevant" and
>>"material"? See, e.g., "Why Jim an Carol Jo Kennedy <[EMAIL PROTECTED]> Kant
>>Reed or Rite" http://x2.dejanews.com/getdoc.xp?AN=437350479.
>>
>What has all this American stuff got to do with sci.crypt ?
About as much as it does with misc.consumers.house!
Has anyone complained to the author's provider about this
inappropriate spamming?
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Computational Complexity
Date: Tue, 2 Mar 1999 23:17:47 GMT
In article <[EMAIL PROTECTED]>, Raul <[EMAIL PROTECTED]> wrote:
>Does anyone know a good book to learn about Computational Complexity,
>Algorithmic Complexity, Complexity Classes (P, NP, NP-complete,...),
>etc...?
M.R. Garey and S.C. Johnson, "Computers and Intractability: A Guide To
The Theory of NP-Completeness" is the standard introduction to the
subject. It's a little bit old now (it's from the 1970's) and doesn't
have the latest results, but it's still good.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: New high-security 56-bit DES: Less-DES
Date: Tue, 02 Mar 1999 15:37:59 -0600
In article <[EMAIL PROTECTED]>, Bryan Olson
<[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > Bryan Olson wrote:
> > > Unicity distance makes perfect sense because it is perfectly well
> > > defined.
> >
> > Not as a distance. You miss the main point here. The main point is not that
> > you should not say "unicity distance" when referring to unicity but that
> > unicity is NOT a distance --
>
> I missed no such point. The issue arose when you commanded that
> I stop using the established technical term, to which I declined.
>
> | | do NOT use the word "distance" since it is NOT a "distance" as I have
> | | commented before and in the paper.
>
> | Again I must decline. "Unicity distance" is a term of art in the
> | discipline.
>
> My point was, from the start, that it doesn't matter whether one buys
> your argument that it's not a distance. "Unicity distance" is still
> correct.
>
Welsh speaks of unicity or unicity point, pp. 116-118. I believe that I
saw unicity point used somewhere in sci.crypt in the related discussions
yesterday .
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: RANDOM (let's end this?)
Date: Tue, 02 Mar 1999 15:25:06 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> But back to our regularly scheduled program on crypto.
Aw heck! I was just about to dig up an incense burner.
>
....
>
> For one thing, we can predict the weather a few days ahead, but you
> will *NEVER* predict when a given radioisotope is going to decay
> spontaneously. *NEVER*. The reason is that we are finite, and the
> reason that a radioisotope does decay is infinite. That is, there are
> an infinity of factors that go into the spontaneous transition of a
> quantum system. The collapse of a statevector is the result of an
> infinitude of factors, even if the system is evolving under the
> direction of a rigid Hamiltonian. There are still an infinite number
> of eigenstates that contribute to the spontaneous transition from one
> state to another.
>
You can surely increase the chance of sooner decay, or what is an atomic
pile, reactor, etc., about?
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: sci.crypt.randomness
Date: Tue, 02 Mar 1999 15:51:40 -0600
In article <7bhgbd$ogv$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (John
Curtis) wrote:
> Is it time to start a newsgroup sci.crypt.randomness?
>
> We seem to be spending 90% of our recent bandwidth
> discussing randomness and it mathematical underpinnings
> and <10% discussing cryptography.
>
> This used to be a great newsgroup to kibbitz on and
> learn something (my use).
>
> Maybe we need sci.crypt.philosophy for discussions of
> underpinnings.
>
> I'm getting very bored.
>
> jcurtis
Other suggested names: sci.crypt.redundant, alt.crypto.recovery,
sci.crypt.otp, sci.crypt.sequences. Any other possibilities, better ones?
But, as putting them in one group, the current one, makes the accessible
to those that would indulge anyway. Feel free not to read all threads.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Computational Complexity
Date: Tue, 02 Mar 1999 15:44:40 -0600
In article <[EMAIL PROTECTED]>, Raul <[EMAIL PROTECTED]> wrote:
> Does anyone know a good book to learn about Computational Complexity,
> Algorithmic Complexity, Complexity Classes (P, NP, NP-complete,...),
> etc...?
>
Dominic Welsh, Codes and Crytography, Oxford Science Publications. I
picked up my used copy at the University Coop in Austin.
--
A much too common philosophy:
It's no fun to have power....unless you can abuse it.
------------------------------
From: rosi <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,talk.politics.crypto
Subject: Re: Can the quantum computer determine the truth from a lie?
Date: Tue, 02 Mar 1999 18:24:18 -0800
[EMAIL PROTECTED] wrote:
>
> >reality. DNA type computation would be ideal for decryption analysis.
>
> DNA decryption takes way too many moles to be realistic. This
> ^^^^^^^^
Not sure about the number. But that may be just a minor nuisance.
Can that deal with 'cancer'? :)
> was brought up a few issues after the _Science_ article that
> introduced a method of solving a travelling-salesman-problem
> with DNA string matching.
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Scott Contest Clue
Date: 3 Mar 1999 00:31:47 GMT
You'll find the first clue (the March
clue) to David Scott's "gloat contest"
on my web site in the "Key Recovery
Contests" section.
You all get one nibble this month.
Good luck!
J
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Anthony Naggs <[EMAIL PROTECTED]>
Subject: Re: Musings on the PKZip stream-cipher
Date: Wed, 3 Mar 1999 01:03:44 +0000
After much consideration Sundial Services decided to share these wise
words:
>Anthony Naggs wrote:
>
>> The mask byte in turn is trivially determined from a plaintext/
>> ciphertext byte pair.
>
>But there appear to be two not-quite-trivial obstacles in the way.
>First of all, the data -is- compressed and if you do not know what the
>compressed data is EXACTLY, you may not know at all what even one
>plaintext-byte might be. (If you do know, there are many published
>known-plaintext attacks and programs to work them.)
Terry and I are both discussing the compressed data, as per the title of
this thread, viz. "stream cipher", the compression is independent of the
cipher.
I posted details in this forum (sci.crypt) circa 1993, I accept Terry's
statement that he posted details at a similar time. (Dejanews started
in mid 1995, so you'll need someone with an older log than that to check
our postings.) Our attacks, and postings, predate anything else you may
have found, (other than brute force password guessers).
>Second, the compressed stream includes twelve random bytes in front of
>the compressed data. Terry has alluded to the notion that you can start
>anywhere in the cipher with only twelve bytes ...
It was not an allusion, but a simple statement of fact. 1 bit of known
(compressed) plaintext => 1 bit of information about the internal state.
12 consecutive bytes is the best starting point. If the bits are spread
too sparsely the information you know about the internal state is
diffused by the information you don't know.
Zip encryption conveniently has a known value for one byte, (or two for
older versions), of the 'random' bytes that can be quickly checked for
password rejection. But the 11 (10) unknown bytes means that each of
these known bytes is 22 (20) bytes away from another, which is too far
to be of any use in discovering the internal state. [11 bytes working
backwards to state after the password initialization, and 11 working
forward to the next password checking byte.]
>... but you know, twelve known bytes is effectively a "96-bit key"
>because you have to know 96 consecutive bytes correctly to strip off the
>decipherment.
96 bytes?
To unambiguously determine the internal state of the three 32-bit Keys
requires at least 96 known bits of (compressed) plaintext, in the form
of 12 consecutive bytes. If the bits or bytes are spread apart more may
be needed to overcome the internal diffusion.
Conversely 11 known bytes of (compressed) plaintext, for example, will
give 256 solutions which can be checked in some other way. (E.g. by
checking the decrypted data is valid as output from the Pkzip
compressor.)
>Essentially, what made me abandon my consideration of this cipher (and
>this is hardly a military purpose so PKZip might have been "okay") was
>the concern that someone could, by comparing (e.g.) the headers of
>multiple archive-members (all known to be enciphered using the same key)
>deduce enough twelve-bytes or enough commonality to deduce the key value
>-- not by examination of one member but by examining several.
>
>Anyhow... very enlightening info from you both. Thank you all.
Some idea of the strength of the Pkzip cipher can be inferred from the
fact that PKware received blanket export permission for it, (excepting
such places as Libya).
Tony
------------------------------
From: bob taylor <[EMAIL PROTECTED]>
Subject: idea for random numbers
Date: Tue, 02 Mar 1999 21:02:53 -0800
Reading the noise from a sound card for random numbers is not a new
idea, nor very random if taken as whole bytes. But what if you try
this:
Only use the LSB (bit 0) for the random sample, and you can even take
the next bit (bit 1) to control the sample interval(stagger). You get
random data sampled at random intervals. It maybe slow but I dont see
any statistical problems. If the data cant be predicted or calculated,
wouldn't it be good enough for OTP. (you can always hash it too)
Also, if I try to run the data thorugh DIEHARD, it gives me alot of
data, but how can I tell if those numbers are good or bad (pass/fail)?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
