Cryptography-Digest Digest #190, Volume #9 Fri, 5 Mar 99 13:13:04 EST
Contents:
Blowfish Crypto... ("PCM, Joakim Johansson")
Re: An export question... (Kent Briggs)
Re: What's so-called random oracle model? (DJohn37050)
Re: Scramdisk (Ed Stone)
Re: Intel/Microsoft ID (David Lesher)
Re: Scramdisk - paranoia (Aman)
RNGs ([EMAIL PROTECTED])
Re: What's so-called random oracle model? ("Adam")
Re: What's so-called random oracle model? (David A Molnar)
Re: is this Patented? (John Savard)
Re: Scramdisk (Jeff Millar)
Re: New high-security 56-bit DES: Less-DES ([EMAIL PROTECTED])
Re: Blowfish Crypto... ([EMAIL PROTECTED])
Re: Blowfish Crypto... ("Rochus Wessels")
Re: An export question... (Henry Lewsal)
Re: Blowfish Crypto... (John Savard)
----------------------------------------------------------------------------
From: "PCM, Joakim Johansson" <[EMAIL PROTECTED]>
Subject: Blowfish Crypto...
Date: Fri, 5 Mar 1999 15:24:14 +0100
Dose any budy now ware I can find the Blowfish algorithm, or find
information about it.
Best regareds
Jocke, sweden
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: An export question...
Date: Fri, 05 Mar 1999 16:40:43 GMT
Tom wrote:
> I live in the US and am currently developing some freeware that I'd like to
> publicly post. The app doesn't encrypt any data but it does use MD5 as a
> signature and high quality "checksum". What I've been unable to determine
> is if MD5 or any other strong hash is exportable from the US without a BXA
> review. The SHA-1 spec states that "export restrictions may apply" but I
> can't find anything specific about it or the exportability of any other
> hash algorithm. I'd really appreciate if someone could point me to a source
> of information or enlighten me about this? Lawyers I've spoken to don't
> have a clue and the Commerce Department documents I've tried to wade
> through seem to contradict themselves at various points.
The way I understand it (I've been through the review process several times) is
that you only need a review (i.e. a mass market license exception TSU) if the
end-user can use your software to encrypt data. Hashing for the purposes of
checksums and digital signatures do not fall in this category.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: What's so-called random oracle model?
Date: 5 Mar 1999 15:29:13 GMT
A random oracle is an ideal hash. If given an arbitrary new input and
generates a random output of the (hash) output length. If given exactly the
same input, it outputs the same value.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (Ed Stone)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Scramdisk
Date: Fri, 5 Mar 1999 11:49:30 -0500
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> "Bruce Christensen" <[EMAIL PROTECTED]> wrote:
>
> >The medium is the message (M.M.), and teaching an inexperienced
> >person a better way to run a support desk is more fruitfull than an
> >expression of "Aaargh". Bragging about how much more you know
> >than a client is not the way to run a support operation, and certainly not
> >the insulting attitude of streetlight.
> > Listening intently, responding in a calm and collected voice, and
> >ultimately solving the problem are the signs of a decent support
> >operation.
> >
> > There are several items that could improve ScramDisk, and they
> >will be submitted to Sam if they are appropriate, that is to say if
> >they will improve the product, not just appease the moronic
> >ravings of streetlight.
>
> Oops! This sounds a bit like denial. The problems seen by me and
> others need more attention than "will be submitted ...if appropriate"
> From reading posts over the last week, it seems like there's several
> credible ways for Scramdisk to lock up a machine tight, leaving no
> hint as to the problem. Scramdisk provides the capability and peer
> reviewed software needed for security. But it really needs a very
> agressive bug hunt.
>From the descriptions that I have seen, the issue may be related to
trying to shutdown scramdisk when you have "mounted" volumes that are
going to be forced shut by exiting scramdisk. Example: you have a text
file open on G: drive. G: is a scramdisk volume. You tell scramdisk to
shutdown. If you force it, you will get the windows blue screen of death,
from windows. Scramdisk cannot fix that windows feature. What the user
needs to know and do is to close (umount in some other os parlance)
everything on volumes you are about to remove via the shutdown of
scramdisk.
Users will find that BestCrypt does the same thing. Anyone tested PGPDisk
for this same behavior? Since it is in Windows, I would expect it to be
consistent. If you run FastFind and allow it to index scramdisk virtual
volumes, you'd likely have this problem everytime, since FastFind has the
scramdisk virtual volume "mounted"...
>
--
--
=======================
Ed Stone
[EMAIL PROTECTED]
delete "-birdname" spam avoider
=======================
------------------------------
Crossposted-To: talk.politics.crypto
From: [EMAIL PROTECTED] (David Lesher)
Subject: Re: Intel/Microsoft ID
Reply-To: [EMAIL PROTECTED] (David Lesher)
Date: Fri, 5 Mar 1999 15:36:37 GMT
[EMAIL PROTECTED] writes:
[NYTimes]
>Something was foo bar on the system the other day. I would enter the
>userID & Password and it would just return to the login screen. I tried
>this with both an old userID & Password and a new registration.
Some days they demand cookies, others they do not.
(This w/ Lynx; with other bowsers they always want same..)
--
A host is a host from coast to [EMAIL PROTECTED]
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
------------------------------
From: [EMAIL PROTECTED] (Aman)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Scramdisk - paranoia
Date: 5 Mar 1999 09:40:49 -0600
On Thu, 04 Mar 1999 18:56:38 -0800, David Sternlight
<[EMAIL PROTECTED]> wrote:
>
>
>Aman wrote:
>
>>
>> But how can we mend these bugs when every single PC machine I have
>> come accross works pefectly correctly. ?
>
>
>Aaargh! That's the defensive cry of many an inexperienced
>software support person--"well, it doesn't happen on my machine."
Try the three hundred or so of them I have access to from old 486s to
Intel Katmias (and we've had our prototype Katmias for MANY months)
, and we are discussing the issue in more realistic terms....
I am not a software support person, I am a computer programmer of many
years standing....
>
>I think you know better, Aman. Ask him for more details
>including his configuration, via e-mail. Get him to give you
>some debugging info
Not all that useful on MS systems really...
> if he's willing.
He's not made a formal request for support. The place for that is
either in a newsgroup, or to [EMAIL PROTECTED]
He seems a knowledable user, and he admits he has not disabled
software which may be causing a conflict...
>The proper customer support response isn't "doesn't happen on my
>machine", but "tell me more".
Perhaps that is correct. When I get a 'proper customer support'
request... This chap was making comments, and so was I.
With the best will in the world, I believe it will be impossible to
ensure Scramdisk works reliably with every configuration of PC
hardware and software... Sometimes the problems are blatantly down to
bugs in third party drivers.... sometimes the low level documentation
seems a little inconsistent to me...
The more serious problems I had were resolved by *actually* getting
hold of the hardware and software items that revealed them, and then
fixing bugs in my code, and working around some inconsistencies, and
downright lies... Now we seem to be left with a very minor and elusive
list of complaints. Tens of thousands of machines are running SD
without any trouble.
If those people left wish to ship their particular hardware over to
me, I would be only too glad to be of service. In the meantime, I try
to do my best, under sometimes difficult circumstances. If any people
in the South Yorkshire area of the UK are having trouble with obscure
problems I would particularly like to hear from them...
Perhaps Mr Sternlight is competent enough to fix all the Win95/98 bugs
for me...
Even large companies can't always get things right. On my DVD ram
drive there are inconsistencies in the UFS implementation....
Regards.
Aman.
Shaun.
------------------------------
From: [EMAIL PROTECTED]
Subject: RNGs
Date: Fri, 05 Mar 1999 17:03:04 GMT
hello all,
i have been searching for material on cryptographically secure RNGs. I am
trying to find answers to questions.
1. what are the properties of cryptogrphically secure RNGs.
2. what are the (and if there are) tests for such RNGs.
Any pointers/books/URLs are helpful..
Thanks,
Sachin.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Adam" <[EMAIL PROTECTED]>
Subject: Re: What's so-called random oracle model?
Date: Fri, 5 Mar 1999 11:42:53 -0500
The idea is that you assume that an object called a random oracle
exists, and then prove the security of a cryptosystem assuming it uses
the random oracle. Then, in actual implementations, you replace
the random oracle with the best known one-way hash functions,
etc. This gives a strong garuantee that if nothing else, the underlying
protocol that utilizes the random oracle is unflawed. Basically, a
random oracle is a function that takes as input any finite length string
over {0,1} and returns an infinitely long string over {0,1} chosen uniformly
at random (i.e., the random tape of a TM). Read "Random Oracles are
Practical" by Bellare and Rogaway. You can find it on the web.
Adam Young
Jennifer Lu wrote in message <7bok69$4a1$[EMAIL PROTECTED]>...
>
>Does it mean that
>
>there exists a oracle that can always return you with something random?
>
>Or does anyone have better definition?
>
>Thanks...
>
>
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: What's so-called random oracle model?
Date: 5 Mar 1999 14:45:40 GMT
Jennifer Lu <[EMAIL PROTECTED]> wrote:
> Does it mean that
> there exists a oracle that can always return you with something random?
i
more along the lines of "in this protocol, we're going to assume that
everyone has access to a machine that answers queries on particular
indices such that the same index always produces the same result,
but the results are 'random' in the sense that they are perfectly
indistinguishable from a random distribution. we will then use this
source of repeatable random numbers as a building block for our protocol."
somebody please correct me if I have that wrong...
so yes, it's an oracle that always returns something random, but at the
same time it's a nice and domesticated form of randomness because the
same query produces the same result. that's the key point, I think, and
why random oracles are annoyingly problematic -- how do you get that in
the real world?
can you get that in the real world?
> Or does anyone have better definition?
There's a bunch of academic papers on random oracles and their many uses
available online. Probably you want to start with "Random Oracles Are Practical : A
Paradigm For Designing Efficient Protocols" (think it's
http://www-cse.ucsd.edu/users/mihir/ under papers or maybe at counterpane)
and then look at the way the random oracle model is actually used
in
Optimal Asymmetric Encryption Padding
(again, http://www-cse.ucsd.edu/users/mihir)
(or http://www.cs.ucdavis.edu/~rogaway/papers/)
the PSS and PSS-R scheme ("How To Sign With RSA and Rabin" - same)
and maybe look at other papers than those of the inventors,
like "On The Security of OAEP as an All or Nothing Transform"
at http://theory.lcs.mit.edu/~boyko/aont-oaep.html
then take a look at "The Random Oracle Paradigm Revisited"
at http://theory.lcs.mit.edu/~oded/recent.html and become throughly confused.
That paper gives schemes which are provable in the random oracle model
yet obviously not secure at all in practice -- they fall into the claass
of "really stupid" schemes that give away the secret key on the right
output. In this case "the right output" == "the output of whatever we use
to build our oracle in practice."
Those are contrived, though, and a little clever. So then the paper talks
about the property of "correlation intractability" -- impossible to build
some kind of relation between the outputs of the random oracle in
reasonable time. It then shows that any implementation of a random oracle
by a single function can't satisfy that property. After that, it goes
on to show that no collection of functions can, either.
So it closes with a discussion of just how close to a "real" random oracle
we can get, and the answer is 'well...for a restricted sense we can come
somewhat close.'
but I'm still looking through that part of the paper and trying to figure
out what it happens to mean.
it's a useful model and a really annoying concept. first time I heard of
it, I thought it was an oracle that randomly gave you ciphertext-plaintext
pairs (except the ones you were looking for). whoops.
-David
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: is this Patented?
Date: Fri, 05 Mar 1999 17:11:54 GMT
[EMAIL PROTECTED] () wrote, in part:
>I noted, in my web page, that hash algorithms like SHA-1 and MD5 seem to
>be very similar to a block cipher, repeatedly applied to the block that
>becomes the hash output, with the text being hashed as the source of the
>subkeys.
By looking at the full description of SHA-1, which was on my web page,
I see that it did take into account the problem with just using a
block cipher - and it used 32-bit addition the same way that the
elementary secure design uses an XOR to take care of that problem.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (Jeff Millar)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Scramdisk
Date: Fri, 05 Mar 1999 16:12:20 GMT
Reply-To: [EMAIL PROTECTED]
"Bruce Christensen" <[EMAIL PROTECTED]> wrote:
>The medium is the message (M.M.), and teaching an inexperienced
>person a better way to run a support desk is more fruitfull than an
>expression of "Aaargh". Bragging about how much more you know
>than a client is not the way to run a support operation, and certainly not
>the insulting attitude of streetlight.
> Listening intently, responding in a calm and collected voice, and
>ultimately solving the problem are the signs of a decent support
>operation.
>
> There are several items that could improve ScramDisk, and they
>will be submitted to Sam if they are appropriate, that is to say if
>they will improve the product, not just appease the moronic
>ravings of streetlight.
Oops! This sounds a bit like denial. The problems seen by me and
others need more attention than "will be submitted ...if appropriate"
>From reading posts over the last week, it seems like there's several
credible ways for Scramdisk to lock up a machine tight, leaving no
hint as to the problem. Scramdisk provides the capability and peer
reviewed software needed for security. But it really needs a very
agressive bug hunt.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New high-security 56-bit DES: Less-DES
Date: Fri, 05 Mar 1999 16:54:49 GMT
In article <7bn0uh$7ap$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> wtshaw wrote:
>
> > Welsh speaks of unicity or unicity point, pp. 116-118. I believe that I
> > saw unicity point used somewhere in sci.crypt in the related discussions
> > yesterday .
>
> "Unicity point" is also from Shannon. It's not interchangeable
you interpolate far too much.
> with "unicity distance", which is the amount of intercepted
> text needed to reach the unicity point.
>
> As I understand it, the word "unicity" is derived by turning
> the adjective "unique" into a noun. Under normal English
> conventions it should therefore refer to the state or property
> of being unique.
you extrapolate far too much.
Cheers,
Ed Gerck
> --Bryan
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
>
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Blowfish Crypto...
Date: Fri, 05 Mar 1999 10:15:49 -0600
In <[EMAIL PROTECTED]>, on 03/05/99
at 03:24 PM, "PCM, Joakim Johansson" <[EMAIL PROTECTED]> said:
>Dose any budy now ware I can find the Blowfish algorithm, or find
>information about it.
http://www.counterpane.com
--
===============================================================
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
===============================================================
------------------------------
From: "Rochus Wessels" <[EMAIL PROTECTED]>
Subject: Re: Blowfish Crypto...
Date: 05 Mar 1999 16:33:20 +0100
"PCM, Joakim Johansson" <[EMAIL PROTECTED]> writes:
> Dose any budy now ware I can find the Blowfish algorithm, or find
> information about it.
http://www.counterpane.com/blowfish.html
------------------------------
From: Henry Lewsal <[EMAIL PROTECTED]>
Subject: Re: An export question...
Date: Fri, 05 Mar 1999 08:14:14 -1000
Tom wrote:
>
> I live in the US and am currently developing some freeware that I'd like to
> publicly post. The app doesn't encrypt any data but it does use MD5 as a
> signature and high quality "checksum". What I've been unable to determine
> is if MD5 or any other strong hash is exportable from the US without a BXA
> review. The SHA-1 spec states that "export restrictions may apply" but I
> can't find anything specific about it or the exportability of any other
> hash algorithm. I'd really appreciate if someone could point me to a source
> of information or enlighten me about this? Lawyers I've spoken to don't
> have a clue and the Commerce Department documents I've tried to wade
> through seem to contradict themselves at various points.
>
> Thanks,
>
> Tom
Laws are written to be unclear so that you can be punished more easily.
If you export crypto, how much extra money do you expect to earn?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Blowfish Crypto...
Date: Fri, 05 Mar 1999 17:46:23 GMT
"PCM, Joakim Johansson" <[EMAIL PROTECTED]> wrote, in part:
>Dose any budy now ware I can find the Blowfish algorithm, or find
>information about it.
http://members.xoom.com/quadibloc/co0406.htm
describes Blowfish.
John Savard (teneerf is spelled backwards)
http://members.xoom.com/quadibloc/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
