Cryptography-Digest Digest #212, Volume #9 Wed, 10 Mar 99 03:13:03 EST
Contents:
DOS-based Encryption Program Needed. (Burruss)
TC1 (sorry typo!) ([EMAIL PROTECTED])
Re: DIE HARD and Crypto Grade RNGs. (R. Knauer)
Re: Really Nonlinear Cipher Idea (Boris Kazak)
Re: Testing Algorithms (R. Knauer)
Re: Scramdisk newbie (brandon)
Re: Limitations of testing / filtering hardware RNG's (Jim Gillogly)
Re: Testing Algorithms ([EMAIL PROTECTED])
Re: Testing Algorithms ("Trevor Jackson, III")
Re: DOS-based Encryption Program Needed. ([EMAIL PROTECTED])
Re: Limitations of testing / filtering hardware RNG's (R. Knauer)
Something to think about... (Chronsync)
ANNOUNCE: SF Cypherpunks Hackers' Tour of SFO, Saturday 3/13 1:00 (Bill Stewart)
Re: in response to RC4 stuff, plus TC1 ("Douglas A. Gwyn")
Re: Symmetric vs. public/private ("Douglas A. Gwyn")
Re: Are there free RSA Software lib's ? (Bill Stewart)
Re: DIE HARD and Crypto Grade RNGs. (Bill Stewart)
Re: Elliptic Curve Cryptography (Bill Stewart)
----------------------------------------------------------------------------
From: Burruss <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,comp,protocols.smb
Subject: DOS-based Encryption Program Needed.
Date: Tue, 09 Mar 1999 19:22:20 -0800
If this is an old question, please forgive me. I am
not a regular on these three groups.
I need an encryption program with which I can
transfer proprietary info from a DOS-operating
machine (with Windows 3.1).
Please write if you have any suggestions . . .
All mail will be acknowledged.
Bob Burruss
------------------------------
From: [EMAIL PROTECTED]
Subject: TC1 (sorry typo!)
Date: Tue, 09 Mar 1999 22:15:36 GMT
The 'c' source code is configured for GCC (this is TC1.C). If you remove all
the &key from the main function it will compile with Micro-C (Dave Dunfield).
There are 4 occurences of &key in main().
Thanks,
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: DIE HARD and Crypto Grade RNGs.
Date: Wed, 10 Mar 1999 00:31:30 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 09 Mar 1999 17:51:10 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
><HTML>
>R. Knauer wrote:
><BLOCKQUOTE TYPE=CITE>On Mon, 08 Mar 1999 17:51:39 -0800, Jim Gillogly
><[EMAIL PROTECTED]> wrote:
[ker-snip]
Hey, dude - would you quit posting in fargin' HTML, fer chrissakes.
If you want anyone to follow your posts, that is.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Really Nonlinear Cipher Idea
Date: 10 Mar 1999 00:40:30 GMT
Reply-To: [EMAIL PROTECTED]
John Savard wrote:
>
> Boris Kazak <[EMAIL PROTECTED]> wrote, in part:
>
> >Why not
> >make the
> >algorithm itself key-dependent and plaintext-dependent.
>
> I've had that idea myself - but in a form very different from yours. On my
> web page, in the conclusions section of the chapter on "The Computer Era",
> and as a component in Quadibloc III, a cipher called "Mishmash" is
> described.
>
> A 32-bit quantity is generated as a byproduct of enciphering a 64 bit half
> of a block through four Feistel rounds. Five five-bit fields of that 32-bit
> quantity are used to pick the set of subkeys, from five sets of 32, for the
> five encipherment steps to be applied to the other half of the block.
>
> The remaining seven bits indicate the *order* in which the five steps are
> to be performed - and the five steps all involve very different cipher
> algorithms.
>
> John Savard (teneerf is spelled backwards)
> http://members.xoom.com/quadibloc/index.html
=====================
My idea actually boils down to two phrases:
Key-derived S-boxes; plaintext-dependent path through array of
S-boxes. Ideally no two plaintexts will be encrypted along the same
path.
(Mind the birthday paradox).
Setting up an array of 256 modular multipliers (mod 2^32-1) and
their inverses works nicely for the drunken MMB (MMBOOZE).
Blowfish works just like that, this is why, in my understanding,
this champion drunkard will not be broken in our lifetime.
Another funny analogy - DES with its fixed S-boxes reminds me of
a military boot camp or a hard-labor gulag, where all the plaintexts
behave like disciplined soldiers. "Ein, zwei, drei..", run and jump
through predefined routine. Blowfish, on the other hand, reminds me of
a merry bachelors' party, where each plaintext is free to choose the
beverage of his own liking from a vast assortment in Master Cellar.
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Testing Algorithms
Date: Wed, 10 Mar 1999 00:36:12 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 09 Mar 1999 18:05:23 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
><BR>:
:
and I raise you:
<BR>
Think you can push your weight around with all these - eh.
Hrumph!
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
Date: 10 Mar 1999 01:18:51 -0000
From: brandon <[EMAIL PROTECTED]>
Subject: Re: Scramdisk newbie
=====BEGIN PGP SIGNED MESSAGE=====
Matthew Mundy <[EMAIL PROTECTED]> wrote...
> A volume is a file that creates a virtual disk on the drive mounted and
> unmounted from Scramdisk. An encrypted partition is what it's name suggests,
> a partition that is formatted(I think it is reformatted when created) to be
> decrypted by ScramDisk. So, your file manager will see them as the same
> thing.
I'm not sure if this is the correct forum to be discussing the relative merits
of Scramdisk, if not, I apologise and perhaps someone would be kind enough to
point me in the right direction.
Anyway, I've also started to look at Scramdisk for the first time. I sympathise
with the original questioner. The manual for this program explains very clearly
the steps for creating partitions and volumes, but there isn't a word as to
what they are, what they're for and how they should be or normally will be
used. Mr Mundy in his response very kindly points out some distinctions, but
there are still a lot of questions a beginner will ask: why do you need both
(partitions and volumes), or do you need both? Will they function
independently? What's the purpose of each attribute of the program? No question
is too basic. People simply won't understand what specialised jargon means
until they're told - after that it's easy. People attracted to Scramdisk aren't
stoopid either.
In short, what the manual is lacking is a glossary.
Brandon
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Wed Mar 10 01:18:49 1999 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBNuXIek5NDhYLYPHNAQE9xQf+Il0KK33PZpa+hKunNIgqCH//qUydwpvn
GczDfyjD/gPxCo64KjRkzpdvrscOJt6IDZsHlbNyABq7urqzi48N5C7WIfxJhOav
7t0zaEQRZh7vuxU9PamoJ3v4Q4ArJ08516bu46noOZNbu/q0MP9MooXmTaxDndOe
0RKHdKu5uCNUo6BUWeYy2fBc/J8v9ksmEZp7Z7GlyL5fECFU9sqmgblrVUjbSVJy
TrIJRhD2wCsJXgUT07uyuP3ETHySTbjy29Sj/C6CmtDzeve3LhPCp67IFNQRznqf
JM/ST+FvQr/CO3XwqMD4TTv/qbd5W5/CCWOOq0iFpl6IPWp+yiutKw==
=HYA5
=====END PGP SIGNATURE=====
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Tue, 09 Mar 1999 17:14:52 -0800
Reply-To: [EMAIL PROTECTED]
I haven't been following this whole thread, so if I'm being irrelevant
or redundant, I apologize.
Trevor Jackson, III wrote:
> R. Knauer wrote:
> > On 9 Mar 1999 15:03:26 -0500, [EMAIL PROTECTED] (Herman Rubin)
> > wrote:
> > >Not just as diagnostics; if the outcome HAPPENS to be all 0's or all
> > >1's, you would not want to use this for cryptography. There are other
> > >outcomes which one would not want to use.
> >
> > If you filter the output as you suggest, then the TRNG is no longer
> > proveably secure in principle.
>
> Show me the leak. Otherwise stop repeating this nonsense.
OK. Just to be definite, let's assume that you have some threshold
T where if you see T 0's in a row, you will remove all of them from
the random bit stream, then pick up and continue. To make the example
obvious, let's assume T=8, so that we know there will never be a run of
8 0-bits in a row.
We now have a message coming in. The ciphertext starts "YNAQJ BFPGD".
Since we know that there are never 8 0-bits in a row, we know that the
first character of the plaintext is not Y, the second character is not
N, the third character is not A, and so on. This is precisely one of
the weaknesses of Enigma, which allowed the Allies to place guessed
plaintext. I can tell with certainty that this message did not
start with "YES" or "INREP LYTOY".
The key fact of a one-time pad is that it can give the attacker no
information about the plaintext other than a bound on its length.
Filtering the TRNG stream in the way you suggest (eliminating runs
of 0's or 1's) breaks this assumption.
As everybody keeps saying, of course, it's necessary to monitor your
TRNG to make sure it isn't broken, and sending all 0's for a long
time is a good sign that it's broken. However, "fixing" it so that
it cannot produce certain strings even when it's working properly
breaks the provable security of the OTP, just as R. Knauer says above.
--
Jim Gillogly
18 Rethe S.R. 1999, 01:00
12.19.6.0.3, 11 Akbal 16 Kayab, Third Lord of Night
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Testing Algorithms
Date: Tue, 09 Mar 1999 19:38:48 -0600
In <[EMAIL PROTECTED]>, on 03/09/99
at 06:09 PM, "Trevor Jackson, III" <[EMAIL PROTECTED]> said:
><HTML>
Must you post this HTML garbage to the group?!? It is quite unacceptable.
--
===============================================================
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
===============================================================
------------------------------
Date: Tue, 09 Mar 1999 18:05:06 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms
<HTML>
David Miller wrote:
<BLOCKQUOTE TYPE=CITE>Herman Rubin ([EMAIL PROTECTED]) wrote:
<BR>: In article <7bm5lm$17k$[EMAIL PROTECTED]>,
<BR>: Patrick Juola <[EMAIL PROTECTED]> wrote:
<BR>: >In article <[EMAIL PROTECTED]>,
<BR>: >Shawn Willden <[EMAIL PROTECTED]> wrote:
<BR>: >>Withheld wrote:
<BR>:
<BR>: >>> In article <[EMAIL PROTECTED]>, Darren New
<BR>: >>> <[EMAIL PROTECTED]> writes
<BR>:
<BR>:
................
<BR>:
<BR>: >>You should take a look at the section in Schneier's book on thermodynamic
<BR>: >>limitations to brute-force attacks. He assumes an ideal computer,
one in
<BR>: >>which the energy required to change the value of one bit in the
processor is
<BR>: >>the smallest possible -- namely the quantum unit.
<BR>:
<BR>: >And, has been REPEATEDLY pointed out in this forum, he gets this
<BR>: >dead wrong as the smallest possible unit of energy for computing
is
<BR>: >zero if you use reversible computations and get it back.
<BR>:
<BR>: One might be able to use reversible COMPUTATIONS, but they will
<BR>: not get the energy back. A device capable of maintaining a
bit
<BR>: requires some sort of a hysteresis loop to keep the bit from
<BR>: drifting uncontrollably. The second law intrudes.
<P>Doesn't the reversibility require the storage of state? IE, wouldn't
<BR>zero energy counting to 2^256 require a minimum of 2^256 bits of
<BR>storage?</BLOCKQUOTE>
No. There is no need to hold a bit for each number between zero and
2^256. YOu only need enough bits to hold one number at a time.
You successively increment (add one) to the current number to find the
next one. So you only need 256 bits to count to 2^256.
<P>An 8-bit computer counts to 256 (2^8) in each 8-bit register.
<P>A 16-bit computer counts to 65526 (2^16) in each 16-bit register.
<P>A 32-Bit computer counts to over 4 billion (2^32) in only 32 bits.
<P>So a 256-bit computer can count to 2^256.
<BLOCKQUOTE TYPE=CITE> I've seen varying stats, but IIRC all of them
put the number
<BR>of atoms in the universe well below this.
<P>--- David</BLOCKQUOTE>
</HTML>
------------------------------
Crossposted-To: comp.security.misc,comp,protocols.smb
From: [EMAIL PROTECTED]
Subject: Re: DOS-based Encryption Program Needed.
Date: Tue, 09 Mar 1999 19:37:09 -0600
In <[EMAIL PROTECTED]>, on 03/09/99
at 07:22 PM, Burruss <[EMAIL PROTECTED]> said:
>If this is an old question, please forgive me. I am
>not a regular on these three groups.
>I need an encryption program with which I can
>transfer proprietary info from a DOS-operating
>machine (with Windows 3.1).
>Please write if you have any suggestions . . .
>All mail will be acknowledged.
There are DOS versions of both PGP 2.6.x and 5.0 available. You should be
able to DL them from http://www.pgpi.com.
--
===============================================================
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
===============================================================
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Limitations of testing / filtering hardware RNG's
Date: Wed, 10 Mar 1999 00:38:11 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 09 Mar 1999 17:47:46 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Post-filtering the output of the RNG does *not* invalidate that RNG.
>It's output is just as random as ever. Choosing a particular output
>as suitable for a key or pad is a separate decision. Until you understand
>this distinction I urge silence.
Until you prove that assertion, I urge non-silence.
Bob Knauer
"There's no way to rule innocent men. The only power any government
has is the power to crack down on criminals. Well, when there aren't
enough criminals, one makes them. One declares so many things to be
a crime that it becomes impossible to live without breaking laws."
--Ayn Rand
------------------------------
From: Chronsync <[EMAIL PROTECTED]>
Subject: Something to think about...
Date: Wed, 10 Mar 1999 00:03:27 -0500
Greetings again, something i was thinking about, with the WINAASARR (Please excuse
me, i keep forgeting how to spell it) agreement the govt controls the crypto mostly.
If they wanted to keep us from using strong crypto, then how come we use ones that
are approved by them, or at least they don't make a ruckus about it...
Chronosync
------------------------------
From: Bill Stewart <[EMAIL PROTECTED]>
Crossposted-To: alt.cypherpunks,alt.2600
Subject: ANNOUNCE: SF Cypherpunks Hackers' Tour of SFO, Saturday 3/13 1:00
Date: Tue, 09 Mar 1999 21:47:09 -0800
ANNOUNCE: SF Cypherpunks Hackers' Tour of SFO, Saturday 3/13 1:00
The San Francisco Bay Area March Cypherpunks meeting will be Saturday, 3/13,
at 1:00.
Meet at the San Francisco Airport International Terminal Food Court,
and we'll go wandering around 3:00 or so. Note that this is an open public
meeting
on US soil, and that the airport provides free speech tables for literature
distribution...
Agenda -
- Anguilla FC conference - Discuss what went on, interesting talks, etc.
- Work in progress - What are people working on? Academic talks? Usual
suspects?
I may be able to bring a video projector if you want to give
laptop-based talks, and there are some interesting spaces
near the food court that have probably never been used that way.
let me know by Thursday if you want to use it, and bring your own PC.
- Wander around - Bring Toys! Some interesting things to bring would be
- Scanners and other radio gear
- GPS - reception inside the building is less than great
- Lawyers who can discuss FAA civil rights issues :-)
- Crypto literature.
- Ultrasonic measuring devices
- Post-It note pads
- Clipboards.
- Computers of various shapes and sizes
- Metricom modems.
- Maybe a video camera?
Directions to SFO
The International Terminal is located at middle of the main SFO terminal.
http://www.ci.sf.ca.us/sfo/termmap.htm
- Fly.
- Caltrain to Millbrae plus free shuttle to airport.
http://www.quickaid.com/airports/sfo/stop/sfo0686/pt2901.html
- Drive to Millbrae Caltrain Station, park for $1, free shuttle to airport.
Millbrae Ave & California Ave. - Millbrae Ave exit off 101.
- Drive to PCA (north of SFO) or Anza (south of SFO) parking, about $12/day.
- Airport short-term parking.
=================================================
Subscription Information -
To unsubscribe to whichever list you received this from,
find the majordomo server that sent you this mail,
and send it mail saying "help". It's probably
[EMAIL PROTECTED] (or cypherpunks-request somewhere else),
[EMAIL PROTECTED], or
[EMAIL PROTECTED]
Relatively soon, there will be a sfbay-cypherpunks-announce list.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: in response to RC4 stuff, plus TC1
Date: Wed, 10 Mar 1999 06:31:12 GMT
Jim Gillogly wrote:
> No, you prepend it to the key, ...
Please, Jim, "prefix". "Prepend" has a wholly different meaning.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Symmetric vs. public/private
Date: Wed, 10 Mar 1999 06:26:42 GMT
Billy Cole wrote:
> .... On the other hand there are key distribution
> issues with the symmetric approach which become awkward
> because I have a requirement that more than 2 people
> could be sharing a key.
One approach is to use a public-key method for secret sharing etc.
(there are several papers on this) but only to propagate a session
key, which is then used for symmetric encryption of the actual
message data. That way you get the throughput of a symmetric
system with the authentication features of a public-key system.
------------------------------
From: Bill Stewart <[EMAIL PROTECTED]>
Subject: Re: Are there free RSA Software lib's ?
Date: Tue, 09 Mar 1999 23:59:49 -0800
In the US and Canada, any use of RSA is subject to RSA's patent.
RSA allows non-commercial use of the RSAREF implementation of RSA in the US,
but does not allow export. You can license use of RSAREF or the BSAFE
toolkit
for use in the US from the RSA people - see their website for contact
details.
I've heard that there is a "BSAFEeay" implementation written outside the US,
using Eric Young's software.
You can't use the RSAREF software outside North America for two reasons
- RSA won't let you export it
- While the RSA patent doesn't apply outside US/Canada, the copyright
on their specific implementation code does, so in Berne Convention
countries (e.g. Europe and many other places) you can't use it.
For non-commercial non-US use, you can grab the code from PGP.
Rosenegger Josef wrote:
>
> Hi all,
>
> i've to implement data encryption (Public-Key cryptography) in our companies
>software.
>
> I'm going to use RSA cryptography. Question is, are the RSA sources free for
>companies usage?
>
> I heard, it's not allowed to use RSA lib's for data encryption outside US. Is this
>true?
>
> If I might use the sources, is it a hugh project to implement the sources in
>existing software (ANSI-C)
>
> Thanx for help!!
>
> regards Josef
>
> --------------------------------------
> SZ Testsysteme AG
> Josef Rosenegger, Software Development
>
> mailto:[EMAIL PROTECTED]
> http://www.sz-testsysteme.de
>
> Phone: +49 8075 17-239
> Fax: +49 8075 1588
> --------------------------------------
------------------------------
From: Bill Stewart <[EMAIL PROTECTED]>
Subject: Re: DIE HARD and Crypto Grade RNGs.
Date: Wed, 10 Mar 1999 00:05:20 -0800
[EMAIL PROTECTED] wrote:
> Is it reasonable to say that DIEHARD package is not meant to test
> cryptographic security of the bit patterns, but statistical independence of
> the numeric values generated by RNGs.
Yes, as others have already said.
> Does that mean a crypto-grade RNG should not be tested using statistical tests ?
Randomness testing can sometimes be useful for indicating that
you have made a mistake in your _implementation_ of an otherwise-
known-to-be-correct algorithm. It's no guarantee, of course,
but it can sometimes catch things if you're worried and if
it's not inconvenient to pipe data from your real application
over to a testing routine.
------------------------------
From: Bill Stewart <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curve Cryptography
Date: Wed, 10 Mar 1999 00:09:05 -0800
ECC math is quite heavy. Start with understanding RSA.
There's a lot of materiel about ECC on www.certicom.com,
since Certicom owns some of the ECC patents.
nobody wrote:
> I am searching for some "down-to-earth" information about elliptic curve
> cryptography. I am not well-educated in any area of cryptology--in
> fact, I am quite new to the field. I'm interested in doing a project on
> E.C.C. Is there any good information available that doesn't require a
> PhD to understand it? Where should I start my study in this area of
> cryptography? Any information would be greatly appreciated.
> Thanks, Jon
> Re: [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
