Cryptography-Digest Digest #234, Volume #9 Mon, 15 Mar 99 03:13:03 EST
Contents:
Secure hash (some reviews please?) ([EMAIL PROTECTED])
Re: More detailed question ("Alex")
scramdisk problem (Gretchen Anonymous Remailer)
Re: Total beginner ("Jonas Thörnvall")
Re: Total beginner ("Jonas Thörnvall")
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Re: Total beginner ("Jonas Thörnvall")
SHC little omission ([EMAIL PROTECTED])
Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED ("Douglas A. Gwyn")
Better Algorithm, or Better Target
Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
Re: Total beginner ("Jonas Thörnvall")
Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
my SHC ([EMAIL PROTECTED])
Re: Seeking an Algorithm ! (Rich Wales)
Re: RC4 in PGP (Nathan Kennedy)
Re: Testing Algorithms [moving off-topic] (Doggmatic)
Re: CD Cipher (Mok-Kong Shen)
Re: Network Associates - Can we trust their products? (wtshaw)
Re: Network Associates - Can we trust their products? (wtshaw)
Re: NES - Who cares? (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Secure hash (some reviews please?)
Date: Sun, 14 Mar 1999 22:19:22 GMT
I wrote a secure hash to match my requirements. I would like some reviews of
it. The pseudo-code and 'C' code are in one file. It basically hashes any
input into 64-bit output. If you would like to help me with it, it's at:
http://members.tripod.com/~tomstdenis/shc.c
Thanks to 'jim' for answering my question on Sha-1.
Thanks again,
Tom
Other source by me (if you are interested)
http://members.tripod.com/~tomstdenis/rc4.c
http://members.tripod.com/~tomstdenis/rc5.c
http://members.tripod.com/~tomstdenis/rc6.c
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Alex" <[EMAIL PROTECTED]>
Subject: Re: More detailed question
Date: Mon, 15 Mar 1999 01:05:09 +0300
[EMAIL PROTECTED] wrote
>The purpose of a salt is to thwart OTP attacks. Therefore the salt should
be
>in no way related to the secret key, which includes hashing of the secret
key.
>Although something like SHA-1 (assmuning 160bit salt) would be feasible, it
>would give someone something to go on when verifying your key.
Can you explain me something, please?
This is what written in Help to one crypto program:
"When you enter your passphrase into program, it is hashed with a 64 bit
random salt using the SHA1 Secure Hash Algorithm. This produces a 160 bit
hash that is used as the input into the encryption algorithm."
Questions:
1. How program generates 64 bits of salt?
2. How these bits of salt combined with bits of password before generation
of hash? Just added to the end of password?
Regards,
Alex.
------------------------------
From: [EMAIL PROTECTED] (Gretchen Anonymous Remailer)
Date: 14 Mar 1999 22:30:18 -0000
Subject: scramdisk problem
I've created a scramdisk volume on my hard drive. But when I try to copy or
move a folder or file into the mounted volume I get a message to say that
access has been denied 'cannot create or replace (folder name)'. Does anyone
recognise this problem?
The volume isn't full, and the files aren't read only.
Thanks for any help.
------------------------------
From: "Jonas Thörnvall" <[EMAIL PROTECTED]>
Subject: Re: Total beginner
Date: Sun, 14 Mar 1999 23:20:20 +0100
What's neato and whats posting?
[EMAIL PROTECTED] skrev i meddelandet
<7cgale$gm5$[EMAIL PROTECTED]>...
>I took a look at your page, and your algorithm looks neato. Would you mind
>posting your algorithm? You talk about shifting, do you mean rotating?
>
>Tom
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Jonas Thörnvall" <[EMAIL PROTECTED]>
Subject: Re: Total beginner
Date: Mon, 15 Mar 1999 00:05:07 +0100
Thank's for your reply Scott
I told you i do a reordering before doing the permutation.
So how will you know that the permutation is solved? I also told you that
this can be repeated
accordingly by the rules i will apply for the password (rounds?))
Try ansvering this would be a good start.
Try to understand that i'm not seriously in to cryptography i saw a nice
page on cipher that used javascript and felt inspired by it.
http://www.docs.uu.se/~tv98hah/kryptering/titelsida.html
The scripts did not work on bitlevel so, my idea was to create som tools to
convert ASCI from and to bitlevel.
I think i succeded with that rather well.
My ambition was to create a cipher on bitlevel which not really is supported
by javascript.
If you not understand how the cipher works, i guess youre not the brightest
guy around (there's no math into it my friend).
Of course i could learn the math if i thought i would be working in the
field of crypto.
I'll be happy to send you some text (encoded)? with the script maybe you
solve it in a minute maybe not!
Something tells me it will take more than a minute...... according to the
answer you gave me....
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 14 Mar 1999 06:00:35 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: "Jonas Thörnvall" <[EMAIL PROTECTED]>
Subject: Re: Total beginner
Date: Mon, 15 Mar 1999 00:19:30 +0100
It's Javascript Tom just use your browser to look at source
[EMAIL PROTECTED] skrev i meddelandet
<7cgale$gm5$[EMAIL PROTECTED]>...
>I took a look at your page, and your algorithm looks neato. Would you mind
>posting your algorithm? You talk about shifting, do you mean rotating?
>
>Tom
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Subject: SHC little omission
Date: Sun, 14 Mar 1999 23:09:21 GMT
In SHC.C algorithm I forgot to mention you must pad the input to at most 4
chars extra, so if you have 10 byte in, you must add 2 bytes. If the input
is a multiple of 4 you must still add 4. So basically you add '4 - size mod
4' bytes which you must pass thru the hash. As per SHA/MD I propose that the
bytes you add are equal to the ammont so if you add 3 bytes they would be 03
03 03, or if you add 4 bytes 04 04 04 04.
Thanks,
Tom
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
Date: Mon, 15 Mar 1999 00:01:58 GMT
[EMAIL PROTECTED] wrote:
> If you're handling military secrets, use all three mechanisms - each one
> with a key big enough so that if one of the three keys only remains
> secure, your communications are secure. If the 'big boys' _aren't_ doing
> this, they should start thinking about it.
In the US, encryption of "military secrets" is required to be
accomplished with NSA-approved cryptosystems, and don't worry,
the "big boys" know how to do it right.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Better Algorithm, or Better Target
Date: 15 Mar 99 01:34:08 GMT
In the conclusions section of Chapter 4, on the Freenet site
http://www.freenet.edmonton.ab.ca/~jsavard/co0412.html
I have added *yet another* cipher idea.
Quadibloc IV was an attempt to devise a "conventional" secure block cipher
- conventional in the sense that it had no key-dependent S-boxes. It may
be secure, but 32 rounds is slow, and each round uses four S-P operations
on a 32-bit subblock. It was based on ideas relating to hash functions.
Well, now I've come up with something that does have one key-dependent
S-box (8 bits in, 8 bits out).
With four rounds, it should be well under the time required for
Triple-DES. It's a pity I couldn't have thought of it sooner, but I'm
still learning about cryptography, and just as Quadibloc II built on what
I learned from the AES candidates, this builds on what I've learned
working on those block ciphers.
Each round consists of:
1) eight four-round Feistel ciphers working on 16-bit blocks, using the
key-dependent S-box as their f-function. I'm not even bothering with
subkeys for this part.
2) an interchange of bits between the left and right halves of the 128-bit
block using a mask to control the bits to interchange with the
corresponding bit on the other side. (The technique made famous by ICE.)
3) more small-scale Feistel rounds, as (1).
Between rounds, the bytes of the block are shuffled around so that the two
bytes in any 16-bit subblock are moved to two other subblocks, not
including the corresponding subblock in the other half, to which the
ICE-style bit interchange causes diffusion.
The total subkey material consists of the one S-box and four 64-bit
subkeys (actually, I think I'll go for 48-bit subkeys, expanded to 64 bits
by a 4 of 8 code, to insure maximum diffusion).
I haven't fully fleshed this out, so there is no key schedule proposed for
this yet, but just because it is very different from DES, Lucifer, and
other Feistel ciphers doesn't mean that differential cryptanalysis isn't
still possible against it - in a different way. (It seems, too, that one
table of 256 bytes isn't too big for a smartcard to store.)
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
Date: 15 Mar 99 01:17:13 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: In the US, encryption of "military secrets" is required to be
: accomplished with NSA-approved cryptosystems, and don't worry,
: the "big boys" know how to do it right.
And, I suspect, they're far ahead of my poor insights. But sometimes I
think, given, for example, all the times we hear that "Since the
one-time-pad is perfect, we don't _need_ anything else", or the opposite -
that we should all be using RSA and Blum-Blum-Shub to the exclusion of
conventional symmetric techniques (they just look messy, nobody has
_proven_ anything about them) -
that the academic and commercial cryptographic communities could perhaps
learn from my humble suggestions of how one can *use* public-key
cryptographic techniques and yet not *rely* on their security: use them to
avoid relying exclusively on other methods of key management, which have
their own problems.
John Savard
------------------------------
From: "Jonas Thörnvall" <[EMAIL PROTECTED]>
Subject: Re: Total beginner
Date: Sun, 14 Mar 1999 23:20:20 +0100
What's neato and whats posting?
[EMAIL PROTECTED] skrev i meddelandet
<7cgale$gm5$[EMAIL PROTECTED]>...
>I took a look at your page, and your algorithm looks neato. Would you mind
>posting your algorithm? You talk about shifting, do you mean rotating?
>
>Tom
>
>-----------== Posted via Deja News, The Discussion Network ==----------
>http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: The Magic Screw, Non-Secret Encryption, and the Latest WIRED
Date: 15 Mar 99 01:20:03 GMT
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: and don't worry,
: the "big boys" know how to do it right.
Come to think of it, while I don't think the NSA is anything but highly
competent, there are some "big boys" that *do* have me worried.
I keep having this nagging feeling that Canada, instead of designing its
own crypto gear, is equipping its military with devices purchased from the
U.S.. While our two countries are great friends, to me this still seems
strange.
John Savard
------------------------------
From: [EMAIL PROTECTED]
Subject: my SHC
Date: Mon, 15 Mar 1999 02:30:11 GMT
Sorry about this but I cleaned up the code quite a bit. You can still get it
at the same place. I added support for padding in the source code. I believe
it will be stable for a while, so if you want to make suggestions or comments
now is a good time.
Thanks a lot for your time. And I look forward to some responses.
Tom
BTW, it's at
http://members.tripod.com/~tomstdenis/shc.c
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Rich Wales)
Subject: Re: Seeking an Algorithm !
Date: 14 Mar 1999 20:36:45 -0800
Mok-Kong Shen wrote:
> 3) Supports random access
What does 3) mean?
I suppose "random access" would mean that a relatively small block of
data could be encrypted or decrypted all by itself, independently of the
rest of the file.
This usually isn't a good idea in typical applications, because it gives
the "enemy" more chances to mount a known-plaintext attack. But in an
encrypted file system, it may make sense to encrypt each disk block all
by itself -- just as separate blocks in a compressed file system would
typically be compressed independently of one another.
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
------------------------------
From: Nathan Kennedy <[EMAIL PROTECTED]>
Subject: Re: RC4 in PGP
Date: Sat, 13 Mar 1999 15:10:51 +0800
[EMAIL PROTECTED] wrote:
>
> > > BTW, what are the actual restrictions on RC4/5/6? RSA didn't reply! So is
> > > the patent only valid in the states?
> >
> > Give 'em time! Have you ever known an attorney to give you an
> > answer in less than a few days?
> >
>
> I would figure this is a question they get asked alot.
>
> Tom
If I am right-- the RC5/6 algorithms are public domain, nonpatented, and
provided to the public by RSA. And RC4 is a leaked RSA "trade secret," not
patented, but with the baggage that that carries--RSA apparantly, at least
officially, doesn't permit anyone to use it or even to disclose it.
However, it is in wide use (often under the name of ARCFOUR).
Nate
------------------------------
From: Doggmatic <[EMAIL PROTECTED]>
Subject: Re: Testing Algorithms [moving off-topic]
Date: Mon, 15 Mar 1999 04:20:28 GMT
In article <[EMAIL PROTECTED]>,
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
>
> Doggmatic wrote:
[snip horribly HTML'ed thread copy]
We know that the energy of a state change is greater than or equal
> to
>
1.38e(-16) * TempOfUniv.</BLOCKQUOTE>
> How did you derive this? In particular, what definition of "state
> change" are you using?
2nd law of thermodynamics
E = k * T;
state change - 1. n., disruption of the current description of a system; 2.
n., (phys.) any action which affects the momentum of any particle of a
system; 3. n., (phys.) an action which will dissipate energy - derived; 4.
n., (comp. sci.) any logical step which destroys information
___/Mike ...two legs good, four legs bad? ... Why conform?
__/. | For my next trick, WATCH as this humble mouse breaks
\-__ \___ Windows at the mere press of a button.
\ Hey! Where are we going, and why am I in this handbasket?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: CD Cipher
Date: Mon, 15 Mar 1999 08:30:03 +0100
R. Knauer wrote:
>
> To make this system even stronger one could use two completely
> different block encryption methods with different block sizes, such
> that the block sizes are not commensurate. That way the attacker will
> not know the block boundaries in the ciphertext.
This is using different algorithms in parallel (switching between
different methods in processing different blocks). In the article
http://www.stud.uni-muenchen.de/~mok-kong.shen/#paper17
I wrote the following:
If an algorithm is not so to say a 'group', then one can use several
modules of the same in concatenation similar to the triple-DES, thus
obtaining larger effective key lengths. Another way is to use product
ciphers comprising of different 56-bit algorithms that are appropriate
for combination. Besides thus putting algorithms in series, one can
also use the same algorithm (with different keys) in parallel, i.e.
with different keys for processing different sets of blocks of the
same message. Switching between different methods, changing of
parameters of the same method, changing of keys, etc. in the course
of a single message can also be done.
M. K. Shen
======================================================
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany (permanent)
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Mar 99)
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
algorithms based on the new paradigm Security through Inefficiency.
Containing 2 mathematical problems with rewards totalling US$500.)
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.comp.virus
Subject: Re: Network Associates - Can we trust their products?
Date: Mon, 15 Mar 1999 00:22:49 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (David) wrote
about NAI:
> You can completely trust them.
> if you have any questions, you can always contact them.
> If there is a real issue, they will forward it to the development
> department.
> Works good and will be even better.
>
Sounds good, hope it's true. But, how long can they hold out, being a
company that already does considerable business with the government. It
is not that I would not like to think that we can except all things at
face value, we would, but that a tap on the shoulder from one you are in
bed with can change your mind so easily, and making you think that this
would never and could not happen would be the mission.
And, for the government, hope it works openly and honestly too, but does
it when it envisions doing things in the name of your best interests that
may or may not be; government agencies require strict supervision and
guidelines, or they can get out of hand. The problem is that it seems
counter to many in place to allow civilian guidance.
--
It's a game within a game within a game.--Gen. Odom
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.comp.virus
Subject: Re: Network Associates - Can we trust their products?
Date: Mon, 15 Mar 1999 00:12:15 -0600
In article <7cffho$551$[EMAIL PROTECTED]>, [EMAIL PROTECTED] () wrote:
>
> After all, NAI isn't acting like any real security company when
> it comes to having such 'open' password sites like this, right?
>
One of the best hedges to promote security is diversity. If you did not
want to deal with such hedges, it seems that the best tactic would be to
work to eliminate all but one choice. It would also be easier to corrupt
and more effective if there was little or no competition. Then, of
course, you would only officially sanction those companies that promoted
the types of security and insecurity you favored.
Then, where do you trust, and in whom are you trusting, do you even know?
Better to build your trust in yourself than in nested boxes that you
cannot see.
I continue to harp on the architecture problem, it is an everpresent
factor in guranteeing the opportunity for the spectrum of abuses. Really
solving security problems works to shorten the game.
--
It's a game within a game within a game.--Gen. Odom
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NES - Who cares?
Date: Mon, 15 Mar 1999 00:26:56 -0600
In article <[EMAIL PROTECTED]>, Joe McGivern <[EMAIL PROTECTED]>
wrote:
> AES.
> >
> > It seems that in that vain, it would be an honor not to be selected.
> > Just a thought.
Time will tell. It is likely to be a good-news/bad-news deal to be in the
hot seat. Certainly, we will go through a predictable time of
circumspection of the choice, if any.
--
It's a game within a game within a game.--Gen. Odom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
