Cryptography-Digest Digest #791, Volume #8 Wed, 23 Dec 98 16:13:03 EST
Contents:
Re: Stego in jpeg files ([EMAIL PROTECTED])
Re: coNP=NP Made Easier? (Bryan Olson)
Re: What is Randomness? (R. Knauer)
Re: Stego in jpeg files (R. Knauer)
Re: Enhancement of EBC mode? (Marco Stolpe)
Re: Stego in jpeg files (R. Knauer)
Re: What is Randomness? (R. Knauer)
Re: What is Randomness? (Mok-Kong Shen)
Re: Stego in jpeg files (Svenne Krap)
Re: What is Randomness? (R. Knauer)
Re: On living with the 56-bit key length restriction ([EMAIL PROTECTED])
Re: On living with the 56-bit key length restriction (Lincoln Yeoh)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Stego in jpeg files
Date: Wed, 23 Dec 1998 11:33:59 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> The first public version of a DOS program to hide a file in a jpeg
> file using techniques that obscure the hidden file from statistical
> analysis is available for anyone who wants to try it.
>
> http:\\pweb.uunet.de/flexsys.mtk/jphs01.zip
>
> please try and let me have your comments.
>
> Allan Latham <|alatham| at |flexsys-group.com|>
>
My browser cannot find this URL. Please check it.
--
Robert G. Durnal
Web pages at www.afn.org/~afn21533
and members.tripod.com/~afn21533
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Crossposted-To: sci.math,comp.theory
Subject: Re: coNP=NP Made Easier?
Date: Tue, 22 Dec 1998 01:47:59 -0800
rosi wrote:
> I think I am not confused and you are NOT ilias.
>
> I can, at this time, only answer one person, focusing on one set of
> questions and getting one thread taken care of.
Posts invite follow-ups. E-mail is the appropriate medium for
private discussions.
> One other thing, yet very important. Your interpretation and under-
> standing of ilias's notions, opinions, statements, etc. are likely
> very correct, and it will be appreciated when you try to help people
> to explain whatever they mean. However, I need his words. If you had
> joined the discussion earlier and given your opinion on 21, I likely
> could have found an ally.
There's no need to worry about Dr. Kastanas' concept versus Valmari
Antti's or Rune Bang Lyngsoe's or mine. They are the same in every
important way.
> Would you commit to carrying out this through to the end once
> we start? I.e. either we agree my argument is correct, or my
> argument is faulty, or one side is shown inconsistent or contradictory
> (if some simple questions are answered squarely and directly without
> evasion)?
>
> By the way, ilias perhaps has already seen that whichever notion
> he uses, the issue IS settled (if ND is a well defined concept).
I cannot commit to carrying through until we agree. The
significant questions have already been resolved.
[...]
> In the meanwhile, you can prepare your notion of
> a NDTM for solving SS and post for our discussion.
No need. I've adopted the same definition one finds in the
textbooks.
> You may, of course,
> choose one from 26 and 27, or give a precise one of your own (well-
> defined assumedly). You may also get ready to answer the questions I
> posed to ilias. For simplicity, you may answer in the following way:
> 1. YES
> 2. YES
> 3. NO
> 21. YES
> etc.
Neither 26 nor 27 contains a question. You defined M as a TM (not
a NDTM), that accepts SS in finite (not polynomial) time. If the
question is whether such a machine exists, of course it does. And
a machine satisfying the same criteria, but also deciding - not just
accepting - SS also exists.
--Bryan
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: What is Randomness?
Date: Wed, 23 Dec 1998 14:14:32 GMT
Reply-To: [EMAIL PROTECTED]
On 23 Dec 1998 04:24:53 GMT, [EMAIL PROTECTED] (Dr. Yongge Wang) wrote:
>Not exactly!!!!!!! generally, when people in this area speak
>of Chaitin complexity, they refer to "prefix-free" Kolmogorov
>complexiy. But in Kolmogorov complexity, we do not consider
>the prefix-free property (or monotone property or
>self-delimiting Turing machine).
Then Chaitin needs to update his papers, because he makes no such
distinction. But is that really crucial to an understanding of
algorithmic complexity for purposes of randomness in crypto?
Anyway the issue was about finite versus infinite random sequences,
and it was my understanding that Chaitin's definition of randomness
based on algorithmic complexity did not require infinitely sequences.
>For other definitions of randomenss and \Omega numbers,
>you may find more details in my PhD thesis in my homepage
>(address below).
I would if it were in a conventional format Windows PC format.
BTW, I have another thought about this method of determining
randomness that I plan to post as a followup to this thread.
Bob Knauer
"Laws to suppress tend to strengthen what they would prohibit.
This is the fine point on which all the legal professions of
history have based their job security."
--Frank Herbert
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Stego in jpeg files
Date: Wed, 23 Dec 1998 14:32:05 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 23 Dec 1998 06:36:53 -0600, "Steve Sampson"
<[EMAIL PROTECTED]> wrote:
>Why are you using two backslashes in the URL?
>
>Have you ever gone to any web site using backslashes?
Bill Gates personal web site is rumored to use backslashes.
Bob Knauer
"Laws to suppress tend to strengthen what they would prohibit.
This is the fine point on which all the legal professions of
history have based their job security."
--Frank Herbert
------------------------------
From: Marco Stolpe <[EMAIL PROTECTED]>
Subject: Re: Enhancement of EBC mode?
Date: Wed, 23 Dec 1998 16:18:50 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Thanks to all who gave me an advice. Encrypting larger blocks
of a file with CBC mode seems to be a good solution.
But there's one statement which surprised me a little bit.
You ([EMAIL PROTECTED]) wrote:
>> - - Decrease the amount of information stored in each byte,
>> for example by using the base64 encoding scheme.
>>
> this would be a mistake since it would decrease the total
> number of different types of blocks while increasing the
> number of bloks that a hacker can look at. It would make
> plain text attack easier.
I think that base64 encoding is a bad example, especially
because it uses 65 instead of 64 (= 6 bits) different
characters.
The whole idea of mine was the following:
I've read the main danger of using ECB mode is that one block
of plaintext always encrypts to the same block of ciphertext.
That means that it is theoretically possible to create a
code book of plaintexts and corresponding ciphertexts,
especially if the whole plaintext has some regularities.
So my idea was - for example - to divide each byte of plaintext
in the middle and to create two bytes from these half bytes.
For example, the byte 0xB6 = 10110110 would lead to
0x_6 = ____0110 and 0x_B = ____1011.
Then I would fill up the upper half of the two bytes with
random bits (under the assumption of course that it IS possible
to create random bits, perhaps by using special hardware
events or devices).
This means that the 4 bits of valuable information in one byte
of plaintext are randomized by the upper 4 bits and that now
one block of valuable(!) plaintext together with the 4 random
bits encrypts to many different blocks of ciphertext.
If the sequence of random bits is really random and equally
distributed then there exist 16 different bytes containing the
same information in the lower 4 bits and that would make up
to 16^8 = 2^32 different blocks of ciphertext for one block
of valuable plaintext.
So I thought that the goal of randomizing the plaintext and
thereby reducing the possibility of creating a code book
could be reached by the method which I proposed, and not
that it would even make a plaintext attack easier. Of course
it would increase (doubling up) the number of blocks a hacker
can look at, but I thought that creating different types of
plaintext blocks would be much more important for security.
Actually I'll prefer the methods that you proposed (encrypting
larger blocks of the file in CBC mode), but I'm still a little
bit confused.
Marco Stolpe
- --
PGP Key, ID 0x4F3FE0B5 should be available on a keyserver
Fingerprint:
D0AA F39C 0D9D 4AC8 D742 C0DB 3536 3D29 4F3F E0B5
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBNoEHoDU2PSlPP+C1EQIKHACdEfv5No3lX3vk1U5H90jdKjESrcoAnihA
BIJtd+Bwk+XQ3jM02wWpGdPv
=Kf3R
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: Stego in jpeg files
Date: Wed, 23 Dec 1998 14:31:24 GMT
Reply-To: [EMAIL PROTECTED]
On Wed, 23 Dec 1998 00:48:26 +0100, Allan Latham <[EMAIL PROTECTED]>
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>The first public version of a DOS program to hide a file in a jpeg
>file using techniques that obscure the hidden file from statistical
>analysis is available for anyone who wants to try it.
>
>http:\\pweb.uunet.de/flexsys.mtk/jphs01.zip
>
>please try and let me have your comments.
Apparently the program istelf is hidden too.
Bob Knauer
"Laws to suppress tend to strengthen what they would prohibit.
This is the fine point on which all the legal professions of
history have based their job security."
--Frank Herbert
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: What is Randomness?
Date: Wed, 23 Dec 1998 14:30:06 GMT
Reply-To: [EMAIL PROTECTED]
On 23 Dec 1998 04:24:53 GMT, [EMAIL PROTECTED] (Dr. Yongge Wang) wrote:
Picking up from below it seems that Chaitin's definition of randomness
does no good for purposes of crypto. Consider the following procedure.
Begin with a plaintext and compress it using the best compression
procedure available. Call this sequence CP for Compressed Plaintext.
The assumption is that CP is the minimal representation for the
original plaintext based on compression.
Now employ algorithmic complexity by finding the minimal algorithm
that will reproduce CP. But that algorithm is just:
print (CP)
because there is no other algorithm that can reduce CP to a smaller
size.
Therefore CP is a random ciphertext which cannot be deciphered based
on any discernable pattern, since it is "random" according to
algorithmic complexity - that is the algorthm that porduces it cannot
be made substantially smaller.
IOW whatever algorithm that is employed to reproduce the sequence must
conain the literal sequence without any reduction in size, since it is
already as small as it can get by prior compression (se Chaitin). So
the cryptanalyst faces an impossible task since there is no pattern
for him to use to decipher the message.
But we know better - the cipher can be broken by decompressing it.
Therefore it would seem that randomness, based on algorithmic
complexity, is not a suitable measure of crypto strength.
Please restrict the discussion to conventional English so
non-academics like me can follow it. Thanks.
Bob Knauer
>R. Knauer ([EMAIL PROTECTED]) wrote:
>: One of the definitions of randomness given by Chaitin is based on
>: algorithmic complexity for finite sequences. You may be thinking of
>: another paper in which he discusses his "halting probability", Omega,
>: which is an infinite sequence. But then that latter discussion is
>: about undecideability rather than just randomness itself.
>: In the former paper he defines randomness as a level of algorithmic
>: complexity that is nearly the same as the size of the number under
>: consideration. He works out the probability that a number of size N is
>: more complex than N-10 and comes up with 0.999. He then takes that as
>: the working definition of randomness.
>: For those who may not be aware what algorithmic complexity is, it is
>: the same essentially as Kolmogorov complexity, namely the size of the
>: smallest algorithm which will output the number under consideration.
>Not exactly!!!!!!! generally, when people in this area speak
>of Chaitin complexity, they refer to "prefix-free" Kolmogorov
>complexiy. But in Kolmogorov complexity, we do not consider
>the prefix-free property (or monotone property or
>slef-delimiting Turing machine).
>For other definitions of randomenss and \Omega numbers,
>you may find more details in my PhD thesis in my homepage
>(address below).
>: Randomness in that sense is a lack of irreducibility, since a random
>: number cannot be output by an algorithm unless it contains the number
>: in entirety.
>: See http://www.cs.auckland.ac.nz/CDMTCS/chaitin/
>: Bob Knauer
>
>: "In the general course of human nature, a power over a man's
>: subsistence amounts to a power over his will."
>: --Alexander Hamilton
>
>
>--
>
>------------------------------------------------------.
>Yongge Wang | |
>Dept. of EE & CS | |
>Univ. of Wisconsin--Milwaukee | |
>P.O.Box 784 |Yongge Wang |
>Milwaukee, WI 53201 |2545 N.Frederick Ave. |
> |Apt. 104 |
>Tel: (414)229-5731 |Milwaukee, WI 53211 |
>Fax: (414)229-2769 | |
>[EMAIL PROTECTED] |Tel: (414)3324794 |
>http://www.cs.uwm.edu/~wang |Fax: (414)3324794 |
>------------------------------------------------------'
"Laws to suppress tend to strengthen what they would prohibit.
This is the fine point on which all the legal professions of
history have based their job security."
--Frank Herbert
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What is Randomness?
Date: Wed, 23 Dec 1998 16:14:05 +0100
R. Knauer wrote:
>
> On 14 Dec 98 16:00:33 -0500, [EMAIL PROTECTED] wrote:
>
> >There is no such thing as randomness, or complete chaos. There
> >are only an infinite number of degrees of orderedness.
>
> You might want to consult Greg Chaitin on that topic:
>
> http://www.cs.auckland.ac.nz/CDMTCS/chaitin/
But such high theories don't allow a practical implementation of any
algorithm to actually test the 'randomness' of given sequences.
Or do I miss something?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Svenne Krap)
Subject: Re: Stego in jpeg files
Date: Wed, 23 Dec 1998 17:10:32 GMT
On Wed, 23 Dec 1998 14:31:24 GMT, [EMAIL PROTECTED] (R. Knauer)
wrote:
>On Wed, 23 Dec 1998 00:48:26 +0100, Allan Latham <[EMAIL PROTECTED]>
>wrote:
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>
>>The first public version of a DOS program to hide a file in a jpeg
>>file using techniques that obscure the hidden file from statistical
>>analysis is available for anyone who wants to try it.
>>
>>http:\\pweb.uunet.de/flexsys.mtk/jphs01.zip
>>
>>please try and let me have your comments.
>
>Apparently the program istelf is hidden too.
>
>Bob Knauer
>
>"Laws to suppress tend to strengthen what they would prohibit.
>This is the fine point on which all the legal professions of
>history have based their job security."
>--Frank Herbert
Try making the last "s" into a "d" :)
then it says
http://pweb.uunet.de/flexsys.mtk/jphd01.zip
Svenne
------------------------------
From: [EMAIL PROTECTED] (R. Knauer)
Subject: Re: What is Randomness?
Date: Wed, 23 Dec 1998 19:14:38 GMT
Reply-To: [EMAIL PROTECTED]
On 23 Dec 1998 18:09:08 GMT, [EMAIL PROTECTED] (Dr. Yongge Wang) wrote:
>I am sorry, there is no Word format, it is only in
>PostScript and PDF version.
PDF will work - but I did not see the download link for that.
What is the exact URL?
Bob Knauer
"Laws to suppress tend to strengthen what they would prohibit.
This is the fine point on which all the legal professions of
history have based their job security."
--Frank Herbert
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: On living with the 56-bit key length restriction
Date: Wed, 23 Dec 1998 21:11:17 +0100
Mok-Kong Shen wrote:
> [EMAIL PROTECTED] wrote:
> > I don't think so. The main target of this law are neither countries nor
> > well organised criminals. This law allows to control telecommunication:
> > People have to use standard software if they want to stay in contact
> > with others. This software is protected by different copyrights so it
> > can't be changed without breaking laws. By keeping the huge companies
> > from exporting strong crypto it is possible to keep people from
> > encrypting the normal correspondence and to detect encrypted data
> > streams.
>
> Those who have no secrets to hide will not use cryptos. Hence 'normal'
> correspondences do not contain stuffs interesting for the intercepting
> guys.
'Normal' doesn't mean 'small talk'. It means business correspondence,
data from industry and science etc.
One of the missions of NSA is to do industrial espionage - and other
agencies may not be different.
> Those who do want to hide something certainly can afford to
> take some inconvenience of first putting the messages through some
> 'private' cryptos before sending them on the public lines. As
> I mentioned elsewhere, the 'real' intention of the Wassenaar agreement
> appears not to be crystaline clear. A remark to your last point:
> If encryption is not generally forbidden, detecting encrypted data
> streams may not mean very much if decryption is not feasible.
>
And if strong crypto is forbidden?
> >
> > > BTW, I am yet ignorant of whether it is without problems
> > > in US to put a pure but strong crypto algorithm on the Web.
> > >
> >
> > Skipjack was published this way :)
>
> That was by the government. I meant whether private persons have
> the same privilege.
>
They do.
> >
> > > >
> > > > It's quite a hard job to change a module without knowledge of the sources
> > > > of the program.
> > >
> > > It is an engineering problem, like to have bolts and nuts that have
> > > to fit. It can be done with proper software engineering.
> > >
> >
> > Not only: You'll have to break or bend laws to reverse engineer
> > commercial programs, but this may be neccessary to replace modules with
> > undocumented interfaces. Many programs are testing libraries before
> > using them, so it may be neccessary to break the self-test algorithms of
> > these programs or to rewrite large partes of these programs.
> >
> > At least you'll have to replace copyright-protected parts of these
> > programs.
> >
> > Because of that you'll have to decide either to use weak algorithms or
> > to break laws.
> >
> > Again: This law doesn't stop criminals but it keeps others from
> > protecting their data.
> > It makes industrial espionage simpler and it allows to spy out people
> > that don't want to break the laws.
>
> Not at all. An analogy is to be found in UNIX, where you can pipe
> almost anything to anything else. Each crypto module has input
> format and output format. If two modules have the same formats,
> there is nothing to be done! Now returning to your previous example
> of voice encryption and with commercial modules which one preferably
> shouldn't meddle with, on the assumption that the signal that
> ultimately gets transmitted is digital one can certainly conveniently
> insert two arbitrary chosen encryption modules, one on each side,
> between the line and the voice encryption device.
>
Your arguments are valid as long as you are controlling input and
output.
This is no problem as long as you are encrypting files. It becomes
harder if you begin to control network traffic using some standard you
know - you may go to a lower level of your communication protocol to
encrypt data as long as you are able to control this level.
Without knowledge of the protocol you are in trouble.
Without control over lower levels of the protcol you are in trouble.
When using software that tests the libraries used you are in trouble.
Of course these problems are solvable, but it needs much time and/or
money and - as mentioned - it is illegal to change commercial software.
A simple example for adding modules to modern software: Add export
filters to a commercial text processing program that doesn't explicitely
allow to do this.
Of course the export routine is just a module and of course these
modules are exchangable.
> > And the internet is an example that shows that the generation of
> > channels is not only a problem of engineering but as well of the amount
> > of money one is able to pay for the neccessary infrastructure.
> >
> > Most of our communication uses one of the networks - inernet, the
> > networks of telecommunicatino companies and so on.
> >
> > I'm using only two or three lines for almost all of my telecommunication
> > and I wouldn't be able to add another one that would allow me to reach
> > most of my partners without spending too much time or money.
>
> If you have really top secrets to be transmitted in time, I am
> not sure that money definitely counts very much for you. Even if
> you have only one single line, you can send the pieces at different
> time points
This doesn't help at all if the line is controlled by the attacker.
> and also use the multiplexing technique that I mentioned
> in the original post. Furthermore, the higher the secret, the lower
> is likely to be the volume.
I don't think so - the blueprints of a stealth bomber may be quite large
:)
>
> M. K. Shen
Merry Chrismas
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: talk.politics.crypto
Subject: Re: On living with the 56-bit key length restriction
Date: Tue, 22 Dec 1998 10:18:52 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 22 Dec 1998 10:48:42 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>>
>Wassenaar limits only export from the 33 countries, not import into
>these, if I don't err. Since you are outside, you can set up an
>archive with a server in that region (i.e. out of the bounds of the
>power of the 33 countries) for strong crypto. In that case you don't
>need to provide the button described above at all. The problem with
But if I put the button, Geocities and Tripod etc are more shielded. I have
nothing against these free homepage sites and wish all the best for them.
(Who knows, they may declare independence for themselves and secede from
the US ;).)
By having the button I also make the process analogous to exporting strong
crypto via more conventional means.
Crooks can always smuggle it in a CD, or click the button. Law abiding
people would declare it and do without, or get official permission.
>issue of possiblity of binaries being infected by virus as a result
>of organized attacks on such an archive by those who like very
>much to supress strong crypto in the technically weaker regions
>of the world.
There are various safeguards. I can put MD5 checksums for the stuff, and
I've the digital sigs of some stuff too.
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
