Cryptography-Digest Digest #188, Volume #9 Fri, 5 Mar 99 05:13:05 EST
Contents:
Scramdisk ("Bruce Christensen")
Re: Scramdisk - paranoia (HyperReal-Anon)
Re: Think you're good at cracking code? Crack This! ("lyal collins")
Re: Securid Card (Paul Rubin)
Re: is this Patented?
AES and Intellectual Property issues ([EMAIL PROTECTED])
Securid Card (Loomis Farkle)
Re: Scramdisk - paranoia (Sorcerer)
Re: Scramdisk - paranoia ("Sam Simpson")
Re: Intel/Microsoft ID ("Roger Schlafly")
Re: Common meaning misconception in IT, was Re: Unicity of English, was Re: New
high-security 56-bit DES: Less-DES ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Bruce Christensen" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Scramdisk
Date: Fri, 05 Mar 1999 04:28:43 GMT
The medium is the message (M.M.), and teaching an inexperienced
person a better way to run a support desk is more fruitfull than an
expression of "Aaargh". Bragging about how much more you know
than a client is not the way to run a support operation, and certainly not
the insulting attitude of streetlight.
Listening intently, responding in a calm and collected voice, and
ultimately solving the problem are the signs of a decent support
operation.
There are several items that could improve ScramDisk, and they
will be submitted to Sam if they are appropriate, that is to say if
they will improve the product, not just appease the moronic
ravings of streetlight.
>Aaargh! That's the defensive cry of many an inexperienced
>software support person--"well, it doesn't happen on my machine."
------------------------------
Date: 5 Mar 1999 04:15:07 -0000
From: HyperReal-Anon <[EMAIL PROTECTED]>
Subject: Re: Scramdisk - paranoia
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
On Thu, 4 Mar 1999 11:23:50 -0000 "Sam Simpson"
<[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Sorcerer,
>
>Sure. I wasn't trying to imply that it was bug free (we are well
>aware that it isn't <g>), but it is very certainly an improvement
>over previous versions.
>
>I'm concerned about your reports of problems (I suspect a SW
>config). Out of interest what HW are you running on?
Intel P133, with Zip and Jaz and two printers and a scanner and
realaudio and PGP 6 and clipmate etc. etc. I've tried shutting things
down, but haven't tracked the conflict down yet. Next time it happens,
I'll reboot into safe mode to test it.
My laptop doesn't seem to have the problem. And it doesn't always
happen (it didn't this evening) on the desktop.
If I can figure it out, I'll certainly let you know.
The program that makes Scramdisk think that there are files open (there
aren't) is TabWorks, which seems to try to keep disk directories
updated.
Shutting down Tabworks prevents the shutdown problem.
>We would like to tie this problem down to a specific piece of
>software if possible, but that may mean disabling / uninstalling
>your system piece by piece :-(
Within limits, I'm already trying that. But Windoze Plug'n'Play being
what it is, I'm reluctant to remove devices. As I say, the problem is
not consistent, and I certainly let you know if I figure it out.
And I want to reassure you that I still thinks that Scramdisk a great
contribution to PC security. I wouldn't be without it.
>
>
>Regards,
>
>- --
>Sam Simpson
>Comms Analyst
>http://www.scramdisk.clara.net/ for ScramDisk hard-drive
>encryption & Delphi Crypto Components. PGP Keys available at the
>same site.
>If you're wondering why I don't reply to Sternlight, it's because
>he's kill filed. See http://www.openpgp.net/FUD for why!
>
>
>Sorcerer wrote in message
><[EMAIL PROTECTED]>...
>>On Wed, 3 Mar 1999 12:52:24 -0000 "Sam Simpson"
>><[EMAIL PROTECTED]> wrote:
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>(Crossposted to c.s.p.d & a.s.p because they may be
>>>interested....)
>>>
>>>I do have to agree.... It is worth some thought.
>>>
>>>Lets look at some of your individual points:
>>>
>>>1) Source code for 2.02g. As mentioned in the recent ScramDisk
>>>"news letter": (copy available at
>>>http://www.scramdisk.clara.net/other/newslet1.txt)
>>>
>>>"v2.02g
>>>======
>>>
>>>Seems very stable. Since the 17th of November 1998 we have had
>>>very few reports of problems. There appears to be some
>conflict
>>>between the Red Screen mode and certain specific ATI drivers.
>>>
>>Well, I do have one. it's not serious enough to make me switch,
>but it
>>can be irritating: occasionally, when I first start Scramdisk,
>I get a
>>full reboot, all the way to the BIOS. Retrying it gets me a 0E
>>bluescreen error with no reboot a few times; another reboot,
>and
>>everything works fine. I do have lots of stuff, including
>>Norton,Realaudio,F-Prot and clipmate running; haven't figured
>out if
>>any of those are causing it. But they don't on the third or
>fourth
>>reboot.
>>
>>And the only way I can dismount disks is via brutal, which
>causes a
>>blue error screen.
>>
>>I can live with it, but it's not perfect (yet).
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.0.2
>
>iQA/AwUBNt5tQ+0ty8FDP9tPEQKVbgCcDE9+JCJJCvUZ9XNr6R18EoodRbIAoJEm
>TR2o5p3xbYu6B6NfRmYXLMEk
>=jg84
>-----END PGP SIGNATURE-----
>
>
>
------------------------------
From: "lyal collins" <[EMAIL PROTECTED]>
Subject: Re: Think you're good at cracking code? Crack This!
Date: Fri, 5 Mar 1999 15:51:29 +1100
This concept was used by a company called "Cybank" in 1996 or so, to
"secure" payments, applying 2 layers of this process.
They used digits up to 255, and up to 4 (selcetd from 8) separate
"pseudo-random" tables in the second layer.
I was able to code a tool to trivally break it using brute force in around
15 minutes (P100 processor), regardless of password length, assuming text is
used as message content.
I suggest the simpler model you describe is less secure than that.
No, I can't program worth thinking about.
No, I can't cryptoanalyse either.
Reverse engineering did the trick.
Lyal
--
ASCF ECommerce Strategies and Internet Security
Ph; 02 9712 0205 Fax; 02 9712 0467 Mobile; 0416 097 120
1/37 Walton Crescent Abbotsford NSW 2046 Australia
Warkior wrote in message <7bncqq$hs9$[EMAIL PROTECTED]>...
>Enigma Device analysis needed.
>
>Hey, I've recently created a scrambling/encryption routine similar to the
>WWII Enigma device (at least what I understand of it) and need some people
to
>check it out, comment on it's "crackability", give me any suggestions, ...
>
>The BASIC code for it and a sample scrambled file is found at:
> http://www.geocities.com/SiliconValley/Chip/8355/games.html
>
>If you tell me what you think I'd appreciate it. Thanx
>
>
>Here's the general rundown of how it works. 1. The user enters an
>encryption phrase. 2. This phrase, no matter what length, is converted
into
>numbers (1-96) for each letter. 3. The value of each letter of the
document
>to be scrambled (each having been given the value of 1-96 depending on the
>letter) is added to the value of the first value of the encryption phrase.
>Then to the second, then to the third, and so on until the end of the
>encryption code is reached. 4. Any values over 96 are scrolled around
back
>to 1. ie. n = 126 n = n - 96 therefore n = 30 5. The new values of
the
>encryption code are then used for the next letter in the document.
>
>
>WarkenSoft Productions
>http://www.bigfoot.com/~WarkenSoft
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Securid Card
Date: Fri, 5 Mar 1999 05:26:42 GMT
In article <7bnnlr$6v0$[EMAIL PROTECTED]>,
Loomis Farkle <[EMAIL PROTECTED]> wrote:
>My company is moving to a more secure dialup access method. I received a
>package in the mail today containing a SecurID card and was wondering
>about it.
Yes, these are widely used devices. Their security is pretty good.
>Does anyone know what the protocol is in these cards? Is it encrypting
>my PIN with a public key and the server is decrypting it with a private
>key and matching it to the password database? Is it symmetric with the
>PIN being the key and the only real defense being the rapidly changing
>plaintext/ciphertext in the card?
Symmetric key with the key being inside the card (the server has to
know the card's serial number).
>Since this system relies rather heavily on the card and the server being
>in sync, what is the accuracy of the card's time function?
Similar to a digital watch. The server notices as the card's clock
drifts, and adjusts for this.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: is this Patented?
Date: 5 Mar 99 05:22:52 GMT
Test ([EMAIL PROTECTED]) wrote:
: Tandem and Abreast Davies-Meyer
: Has the above been patented?
I don't know, although the fact that AC explicitly mentions that MDC-2 and
MDC-4 are patented shortly after describing these indicates - but doesn't
guarantee - that these techniques aren't.
Looking in that part of AC, something else caught my eye.
I noted, in my web page, that hash algorithms like SHA-1 and MD5 seem to
be very similar to a block cipher, repeatedly applied to the block that
becomes the hash output, with the text being hashed as the source of the
subkeys.
But it is noted that even using the text to hash as keys - for a complete
block cipher, rather than just for single rounds - is insecure, as shown
by Don Coppersmith in a paper entitled "Another Birthday Attack" for
Crypto '85. If, however, the text to hash is, in addition to being used as
the key, also XORed with the block cipher output, then one gets one of the
four secure arrangements.
The other three arrangements considered the most secure consist of the
previous value of the hash being used as the key, and the current message
block being used as the input, to the block cipher - provided that the
previous value of the hash is also XORed to one, or both, of the input and
the output from the block cipher.
If one is willing to incur the extra overhead of *two* applications of the
block cipher - and, given the structure of hash functions like SHA-1, the
block cipher could be scaled down to a limited number of rounds - this has
inspired me to suggest the following as a *really* secure type of hash
function:
New hash value = Encrypt( KEY=Old hash value, INPUT=Message block) XOR
Encrypt( KEY=Message block, INPUT=Old hash value)
Now, _that's_ non-invertibility for you!
Oh, and there's a picture at:
http://www.freenet.edmonton.ab.ca/~jsavard/davies.gif
which will soon be added to my page on hash functions at the Xoom site.
John Savard
------------------------------
From: [EMAIL PROTECTED]
Subject: AES and Intellectual Property issues
Date: Fri, 05 Mar 1999 05:03:53 GMT
I just got this message from NIST's Edward Roback. There seems to
be a possibility that the AES contest could be endangered by
claims of intellectual property rights on competing algorithms.
Unfortunately some of the stronger candidates seem to be the less
enlightened ones in this matter. It is a pity that NIST did not ask
for a clear statement to that effect before accepting the
candidates. I suppose there is still time to apply some pressure
before announcing the algorithms that will make it to the second
round.
Date: Thu, 04 Mar 1999 16:09:23 -0500
To: <long list>
From: Edward Roback
Subject: draft Int. property slides
AES Submitters,
You may recall that last year we posed a question to you (on an infomral,
non-binding basis) regarding intellectual property. There has been
interest in providing a summary of what we found at the upcoming AES #2
conference on March 22-23 during NIST's briefings to the conference. I
wanted to give each of you a chance to see our draft summary and
characterization of your responses. Feel free to send me any comments you
may have.
Thanks!
Ed Roback, NIST
draft slide 1:
Intellectual Property (IP)
Questions have been raised with NIST regarding the possibility that
submitters may claim that their IP is infringed by the practice of another
candidate algorithm. So, in the spirit of trying to obtain a worldwide
royalty-free algorithm, NIST posed the following question to the 15
submitters (for informal, non-binding response):
Are you willing to waive any IP rights you may have on any party who makes,
uses, or sells implementations of the selected AES algorithm(s) (no matter
which algorithm is selected) ?
draft slide 2:
Summary of Responses
Unqualified Yes: CAST-256, Crypton, DEAL,
Frog, LOKI97, Rijndael,
Serpent, Twofish
Yes, clarified: Safer+
Yes, if: HPC
Not quite Yes: E2, MARS,
No: RC6
Can�t say: DFC
No response: Magenta
================ Original text ends here ================
http://www.tecapro.com
email: [EMAIL PROTECTED]
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Loomis Farkle <[EMAIL PROTECTED]>
Subject: Securid Card
Date: 5 Mar 1999 04:47:55 GMT
My company is moving to a more secure dialup access method. I received a
package in the mail today containing a SecurID card and was wondering
about it.
I went up to the Securid website and found out that they are the parent
company of RSA. They described the card as using a time-based algorithm
for authentication.
The card (I haven't activated it yet because the servers aren't ready)
has 10 digits from 0 - 9, plus an arrow (for Enter) and a P (for
backspace). There's an LCD window with a six-digit number displayed;
this number changes every 60 seconds.
The packet I received with the card describes the operation of logging on
thus: dial in, get to a prompt for my account name, fill in the account
name, get a prompt for Passcode. At this point, I'm supposed to enter my
PIN on the card, press the arrow on the card, get a number off the
display, and enter that number as the Passcode.
Does anyone know what the protocol is in these cards? Is it encrypting
my PIN with a public key and the server is decrypting it with a private
key and matching it to the password database? Is it symmetric with the
PIN being the key and the only real defense being the rapidly changing
plaintext/ciphertext in the card?
Since this system relies rather heavily on the card and the server being
in sync, what is the accuracy of the card's time function? (I'm assuming
that anything coming out at this late date is Y2K compliant, but I
thought that about Windows 98, too.)
I'm not trying to crack this card, since I'm privy to the info on both
ends of the connection being established. I'm just curious about how it
works. Anybody seen this thing in operation before?
------------------------------
Date: 5 Mar 1999 05:43:18 -0000
From: [EMAIL PROTECTED] (Sorcerer)
Subject: Re: Scramdisk - paranoia
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
On Thu, 04 Mar 1999 18:56:38 -0800 David Sternlight
<[EMAIL PROTECTED]> wrote:
Why does this post remind me *so* much of the Sternlight posts from
1994, with "ScramDisk" substituted for "PGP"?
>Aman wrote:
>
>>
>> But how can we mend these bugs when every single PC machine I have
>> come accross works pefectly correctly. ?
>
>
>Aaargh! That's the defensive cry of many an inexperienced
>software support person--"well, it doesn't happen on my machine."
>
>I think you know better, Aman. Ask him for more details
>including his configuration, via e-mail. Get him to give you
>some debugging info if he's willing.
>
>The proper customer support response isn't "doesn't happen on my
>machine", but "tell me more".
>
>David
>
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Scramdisk - paranoia
Date: Fri, 5 Mar 1999 08:36:00 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
David Sternlight wrote in message
<[EMAIL PROTECTED]>...
>
>
>Aman wrote:
>
>>
>> But how can we mend these bugs when every single PC machine I
have
>> come accross works pefectly correctly. ?
>
>
>Aaargh! That's the defensive cry of many an inexperienced
>software support person--"well, it doesn't happen on my
machine."
>
>I think you know better, Aman. Ask him for more details
>including his configuration, via e-mail. Get him to give you
>some debugging info if he's willing.
I have already done so. One assumes Aman watches all ScramDisk
posts (in fact I know for sure) and is aware of my request.
Thanks for your handy hints on customer service though. What did
you say your doctorate was in again? ;-)
- --
Sam Simpson
Comms Analyst
http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components. PGP Keys available at the
same site.
If you're wondering why I don't reply to Sternlight, it's because
he's kill filed. See http://www.openpgp.net/FUD for why!
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.0.2
iQA/AwUBNt+Xbe0ty8FDP9tPEQI5qACg7vKWZeRI1vRYASPkF9zUpkzfqhoAnRYq
zmRSIGOAC/apyPCeSkAaOUd+
=RbnQ
=====END PGP SIGNATURE=====
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Intel/Microsoft ID
Date: Fri, 5 Mar 1999 00:42:08 -0800
J. Mark Brooks wrote in message ...
>As I don't have access to the nytimes.com site, posting the
>article or emailing it to me would be appreciated. Thanks.
Hmmm. NYTimes is free to everybody. You just have to
register.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Common meaning misconception in IT, was Re: Unicity of English, was Re:
New high-security 56-bit DES: Less-DES
Date: Fri, 05 Mar 1999 08:47:57 GMT
In article <7bkvts$e6l$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Bryan Olson <[EMAIL PROTECTED]> wrote:
> >
> > [EMAIL PROTECTED] wrote:
> > > John Savard wrote:
> > > > Language statistics, as they become more detailed, are simply
> > > > approximations to a human writer - or reader.
> > | > Hence, the redundancy of
> > | > English text can only be approximated through language statistics,
> > | > which give a _lower bound_ for the actual redundancy.
> >
> > > ...in letter-frequency or even in word-frequency or phrase frequency --
but
> > > NEVER in sense. The Information theory definition of entropy and the
derived
> > > definitions of conditional entropy and unicity have nothing to do with
> > > meaning, sense or knowledge as I explained in the message.
> >
> > John Savard's observation is entirely correct.
>
> Yes ...in letter-frequency or even in word-frequency or phrase frequency --
> but NEVER in sense. Which is the subject here -- letter frequency attacks on
> cryptograms do not at all discern whether the message makes sense. As I
> explained RE the unique solution to "Maine Drag" riddle.
The subject here is your "correction" to Doug Gwyn's
"misconception". Doug Gwyn had observed that neither of the
candidate decryptions to Dennis Ritchie's trick cryptogram
"stands a chance of arising in normal English conversation".
As I undestood his post, he was pointing out the mistake of
considering only letter frequency attacks.
The chance of each candidate message is just what Shannon's
model does consider. Shannon takes the /a priori/ message
probabilities as a given; how and why messages have the
probabilities they do is outside the model of information or
of a secrecy system. Thus information theory does not try to
model message meaning, but sense and meaning certainly do
effect the probabilities of messages.
The probabilities we want to use are the actual chances of
each message. John Savard's quote above explains the role of
language statistics: they provide an approximation of the
actual probabilities,and in particular, a lower bound on
redundancy.
--Bryan
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
