Cryptography-Digest Digest #443, Volume #9 Thu, 22 Apr 99 06:13:03 EDT
Contents:
Re: Can a Java or Active-x program get your keys?????? (Paul Rubin)
Re: Dynamic Key Schedule (Paul Rubin)
CryptoKong ([EMAIL PROTECTED])
Re: RC6 new key standard from AES conference? (Paul Rubin)
Re: Question about DH keys? (Paul Rubin)
Re: Thought question: why do public ciphers use only simple ops like shift and XOR?
([EMAIL PROTECTED])
Re: CryptoKong (Riky Amelon)
Re: ciphersaber-2 implementation help? (Jim Gillogly)
Decrypting Passwords ("Dan")
Decrypting Passwords ("Dan")
Re: Blowfish Source Code? ([EMAIL PROTECTED])
Re: PGP=NSA (what is it about crypto?) (Thomas Pornin)
211-digit SNFS factorization (Herman J.J. te Riele)
Re: Thought question: why do public ciphers use only simple ops like shift and XOR?
("Sam Simpson")
Re: ANN: Next Beta-release of Kwik-Crypt (Andy Jeffries)
mcrypt (Nikos Mavroyanopoulos)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Can a Java or Active-x program get your keys??????
Date: Thu, 22 Apr 1999 01:14:18 GMT
In article <[EMAIL PROTECTED]>,
THOMAS <[EMAIL PROTECTED]> wrote:
>Can a Java or Active-x program get your keys??????
>Most people store the PGP keys and passpharse on their harddisk.
>Can a person or government fetch those keyrings using a smart Java or
>Active-X script downloaded from the net or maybe something hidden in
>your operating system?
ActiveX controls are basically arbitrary C programs that extend M$
Internet Explorer and can do absolutely anything on your machine,
including uploading or deleting all the files. Normally when a web
site tries to download an activeX control, your browser pops a dialog
asking whether you trust the site owner. The control has to be signed
with a certificate issued by a CA whose public key is built into the
browser. Accepting an ActiveX control is basically like running an
executable that came on a CD-rom from a vendor. The signature prevents
the program from being tampered with; however, the program itself
could have security bugs, or be malicious, or an attacker might have
somehow stolen the site credential or fooled the CA into issuing a
certificate (that's not trivial--you have to file a bunch of annoying
paperwork to get a certificate--but it's not unthinkable).
Java and Javascript under Netscape have a somewhat different model but
yes, they can also access files. To access a file, the Java or
Javascript program first must get your permission. This is again done
by popping a dialog. Again, the Java[script] program has to be
authenticated, either by signing the download (similar to ActiveX)
or by sending it over a secure (SSL) connection with a valid site
certificate.
Java and Javascript under MSIE can't access the file system directly,
AFAIK.
Naturally, security bugs in either browser might give attackers ways
to get at the file system without your permission; or you might give
permission to the wrong person.
If you have really high security needs, you simply should not keep your
decryption keys on a computer, especially a networked computer.
Keep them in a secure hardware module or token (e.g. smart card) instead.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Dynamic Key Schedule
Date: Thu, 22 Apr 1999 01:25:42 GMT
In article <7fk8uc$mqr$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>I would like to write a paper on this dynamic key schedule. It basically
>extends the confusion sequence, requires no memory, and makes many attacks
>difficult....
It's pointless to propose a new key schedule unless you can show
concretely that there's something wrong with the old key schedule.
These attacks that the new schedule makes difficult--were they easy
with the old one? Can you demonstrate how to break the cipher if it
uses the old key schedule? That's a much more interesting topic to
write a paper about--if you can.
------------------------------
From: [EMAIL PROTECTED]
Subject: CryptoKong
Date: Thu, 22 Apr 1999 01:29:55 GMT
--
How good is CryptoKong? I here it's pretty good.
--digsig
Tom St Denis
7mvQRzCFuAi/jsk5R6OdYODvmg0VF9n0Y3HO1dG5hni
xvV6vz2WvqiMfEjNEDWMKP6hRxFewBNwUDAy1K4x
4xnWHGvzESzEiFWyYPlLNhWxRjeHPq5TTIJLZ1KHj
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RC6 new key standard from AES conference?
Date: Thu, 22 Apr 1999 01:22:02 GMT
In article <7flgiv$sq0$[EMAIL PROTECTED]>,
>Well first off most cpus from 15 years ago are still good (8051, Z80, etc...).
>Newer ones (AVR, Motorola) are good, but more expensive.
>
>However, a custom ASIC with a cipher core, could be made in volume for a lot
>cheaper and be a lot faster too...
The point is, if the cipher needs a lot of gates to implement, it will
require more expensive hardware than a cipher that only needs a few
gates. Blowfish needs around 4k bytes to hold its key-dependent
S-box. Very few smartcard processors have that much ram, and those
that do are expensive. By comparison, Skipjack needs only 3 bytes or
so (plus the key and data). DES and GOST need around 12 bytes,
depending. So whether you're making in volume or not, using Blowfish
is going to cost you.
Of course, if you're not making in volume (> 100k pieces), the
engineering costs of an ASIC will blow you out of the water, while
the mask charges for an off the shelf processor are reasonable
even if you're making just a few thousand pieces.
Technology advancement doesn't make smart cards any more powerful,
either, except the fanciest ones. Otherwise, it just improves the
price/performance ratio. If the ciphers don't need high performance
cpu's, technology advances mean designers can choose lower priced
parts, rather than more powerful ones; and lower costs mean more
applications are possible.
Burning performance unnecessarily is how Windoze 95 got to be the way
it is. Let's hope that the AES doesn't follow Micro$oft.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Question about DH keys?
Date: Thu, 22 Apr 1999 02:47:02 GMT
In article <[EMAIL PROTECTED]>,
Arthur N. Klassen <[EMAIL PROTECTED]> wrote:
>John Matzen wrote:
>> Are the keys in Diffie-Hellman interchangable? That is, can I encode a
>> session key with the public key and decode it with the private key, and
>> vise versa?
>
>Yes. That is how PGP signatures are done. Some information about a
>message, including time and a secure hash of the message is generated.
>This is encrypted with your private key. The recipient can decrypt it
>with your public key and know that -you- said -that-, whatever possibly
>silly, benighted thing it was you said. :)
You're thinking of RSA. Diffie-Hellman doesn't work like that.
The DH keys are not interchangeable.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Thought question: why do public ciphers use only simple ops like shift
and XOR?
Date: Thu, 22 Apr 1999 02:15:17 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> I find "rounds" (the repeated application of the same operation)
silly
> and I don't use them. I do use "layers" in which different
operations
> are applied in each layer.
>
> And I think that making a cipher more difficult to analyze can only
> benefit the Opponents who have more resources for analysis.
> Personally, I try to make ciphers as conceptually *simple* as
possible
> (though not simpler). Simple does not mean weak; simple means
> appropriately decomposing the cipher into relatively few types of
> substantial subcomponent which can be understood on their own, then
> using those components in clear, structured ways.
This is true. While you could encoporate a variety of P and S
functions
in one cipher. If you had for example 24 rounds you could have 6
different P and S functions, each with 4 stagered rounds each.
I also believe in keeping ciphers simple. In some cases difficult
just comes
with it (public-key).
I would suggest if anyone is getting started to read about the
following
ciphers, which are easy to read, implement and study.
IDEA, Blowfish, RC5, TEA, X-TEA and CAST.
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBNx6E28nv2fqXBZQeEQILNgCdHThETQtVxpZoKLTRPx5nbuz8Vw8AoNDO
kG/DtwpLc1oyT5c8xOWwmg3Q
=8iVV
=====END PGP SIGNATURE=====
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Riky Amelon)
Subject: Re: CryptoKong
Date: Thu, 22 Apr 1999 03:11:54 GMT
[EMAIL PROTECTED] wrote:
>How good is CryptoKong? I here it's pretty good.
I found it with a search engine. For the other folks on sci.crypt, it's
"Crypto Kong", and the URL is http://www.jim.com/jamesd/Kong/Kong.htm
The author says that it uses "elliptic curve encryption" and the source
code is available. I'd say it's worth a look at the very least.
--
"Riky Amelon" better known as [EMAIL PROTECTED]
0123 456789 <- Use this key to decode my email address.
Fun & Free - http://www.5X5poker.com/
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: ciphersaber-2 implementation help?
Date: Wed, 21 Apr 1999 22:17:02 -0700
Arthur N. Klassen wrote:
> but I get nothing but french-fries:
>
> C9 36 68 0C 3F 2C F8 C2 0F 14 6B CE 87 BC 78 77
> 55 6C 85 B8 5B 97 17 BD 7B 91 19 95 8A C7 80 AF
>
> I assume the problem is in my setup loop. ...
> I have tried some minor variations, but nothing seems to make the test
> file yield anything meaningful (like a catchy phrase or a gif :). Can
> anyone see what am I doing wrong?
I have the same problem. There seem to be four major variations of
the ambiguity in the description. On the N-1 subsequent setup loops
does one start both pieces of state over at 0, or just the password
pointer, or neither? With one of the variations ("neither") I get
your results, and with the other three I also get "french-fries".
I also tried N=9 and N=11, to no avail.
Arnold, you out there?
I imagine we'll both see what we're doing wrong as soon as I hit "send".
--
Jim Gillogly
1 Thrimidge S.R. 1999, 04:55
12.19.6.2.6, 2 Cimi 14 Pop, First Lord of Night
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Subject: Decrypting Passwords
Date: Thu, 22 Apr 1999 01:24:22 -0400
Does anyone know how to decrypt the passwords stored in a MS Access
database?
They are stored in the MSysAccounts system table. I am not talking about
the database password, only the user/admin passwords.
Dan [EMAIL PROTECTED]
------------------------------
From: "Dan" <[EMAIL PROTECTED]>
Subject: Decrypting Passwords
Date: Thu, 22 Apr 1999 01:24:22 -0400
Does anyone know how to decrypt the passwords stored in a MS Access
database?
They are stored in the MSysAccounts system table. I am not talking about
the database password, only the user/admin passwords.
Dan [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Blowfish Source Code?
Date: Fri, 16 Apr 1999 10:36:31 GMT
In article <[EMAIL PROTECTED]>,
John Dafoe <[EMAIL PROTECTED]> wrote:
>
>
> Jon Kadilak wrote:
>
> > I'm not sure if this is the right group to post to, apologies if it is
> > not. Can someone point me in the direction of some Blowfish encryption
> > algorithm source code? Or some source code that will encode files with
> > the Blowfish encryption method.
> >
> > --
> >
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jon Kadilak The Internet Access Company
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> The author of Blowfish, Bruce Schneier's home page is www.counterpane.com and
> he has info on the algorithm in question.
>
> --
> John Dafoe
> Director of Internet Communications
> CyPost Corporation - http://www.cypost.com
> Strong Encryption Products
> Suite 101, 260 West Esplanade,
> North Vancouver, B.C. Canada. V7M 3G7
> Phone: (604) 904-4422 Ext. 228
>
>
If you are a citizen and resident of the US or Canada, send me your
PBP public key (RSA only) and I will send you my tiny DOS version of
BLOWFISH running in the CFB block chaining mode; takes up less than one
disk sector, although the initialization file containing the digits of
PI is 8 times as long.
--
Robert G. Durnal
Web pages at www.afn.org/~afn21533
and members.tripod.com/~afn21533
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: PGP=NSA (what is it about crypto?)
Date: 22 Apr 1999 08:17:48 GMT
According to <[EMAIL PROTECTED]>:
> kibologist? What is that!
See http://www.ews.uiuc.edu/~tskirvin/faqs/legends.html
Those things tend to vane in the mists of time.
> BTW, what is this grudge against the NSA, is that the common 'villain' ?
The KGB did not stand the test of time. It is difficult to find really
evil and organized people these days.
> Ok they want to spy on everyone, but that's why we are here right? To
> stop that....(read: hinder the process)
Theorically, sci.crypt is for discussions about cryptology, not a
guerilla against the NSA. However, theory is often far from practice.
--Thomas Pornin
------------------------------
From: [EMAIL PROTECTED] (Herman J.J. te Riele)
Subject: 211-digit SNFS factorization
Date: Thu, 22 Apr 1999 08:48:06 GMT
============================
211-digit SNFS factorization
============================
``The Cabal'' *) announces the completion on April 8, 1999
of the factorization with the Special Number Field Sieve (SNFS)
of the Cunningham number N = (10^211 - 1)/9 into two primes of
93 and 118 digits, respectively.
This establishes a new record for SNFS. It also establishes
a record for the largest penultimate prime factor ever found.
The previous SNFS record was the 186-digit number 32633^41 - 1
factored in September 1998 by a CWI group
(ftp://ftp.cwi.nl/pub/herman/SNFSrecords/SNFS-186).
We used the polynomials
f(X) = 10 X^6 -1
g(X) = X - 10^35
with common root m = 10^35 (mod N).
The factor base bound was 2^24 both for f and g. The large prime
bounds were 600 and 500 million for f and g, respectively.
The sieving was done on about 125 SGI and Sun workstations running at
175 MHz on average, and on about 60 PCs running at 300 MHz on average.
It was started on February 4, 1999 and finished at the end of March 1999.
Total sieving time was 10.9 CPU years. For comparison, sieving for RSA140
(ftp://ftp.cwi.nl/pub/herman/SNFSrecords/RSA-140) took 8.9 CPU years.
As with RSA140, two sieving methods were used, viz., lattice sieving and
line-by-line sieving.
For the lattice sieve the special q - primes were chosen from subintervals
of [2^24, 10^8]. For the line sieve, the sieving region 0 < a < 6 million,
|b| < 18 million was chosen.
A total of 56394064 relations were collected by various contributors
according to the following table:
======================+====================+========================|
% | lattice % CPU- | linebyline % CPU- |
| sieving days | sieving days |
======================+====================+========================|
Stefi Cavallar 8.7 | 4900438 8.7 756 | |
Bruce Dodson 22.4 | 6613515 11.7 389 | 6026521 10.7 334 1)|
Arjen Lenstra 9.4 | 5314891 9.4 319 | |
Paul Leyland 25.4 | 14309742 25.4 476 | |
Peter Montgomery 15.9 | | 8979310 15.9 183 2)|
Peter Montgomery 15.1 | | 8505108 15.1 1420 3)|
Paul Zimmermann 3.1 | 1744539 3.1 89 | |
======================+====================+========================|
100.0 | 32883125 58.3 2029 | 23510939 41.7 1937 |
======================+====================+========================|
1) and 2) here, for the line-by-line sieving, a factor base bound of
40 million was used (rather than 2^24)
2) on CWI's SGI Origin 2000
3) on SGI and Sun workstations at CWI
A filter program, in which ideals appearing up to five times were merged,
transformed the 56394064 relations into 4895741 relation sets
yielding a matrix with 4820249 rows and 4895741 columns with 234162626 1's,
i.e., an average of 48.6 1's per row.
The Block Lanczos program took 121 hours on the Cray C90 in order to
find 64 dependencies. For comparison, the Block Lanczos run for RSA140
took 100 CPU hours on the Cray C90 for a matrix of comparable size,
namely 4671181 rows and 4704451 columns, but with a smaller density,
namely 32.3 1's per row.
The square root program, finally, needed 15.5 hours on one CPU of CWI's
SGI Origin 2000, and three dependencies to find the two prime factors:
p1 = 692624557324389620662782322677336711138108482588281739734375\
570506492391931849524636731866879
(93 decimal digits)
p2 = 160420403718189849284245217763423312082549489560444525405936\
9227570068074354992595031636365651567169241873842145514809
(118 decimal digits)
Primality of p1 and p2 was proved twice, viz. with help of the Jacobi sum
test program of H. Cohen, A.K. Lenstra and D.T. Winter, and with help of the
cyclotomy test program of Bosma and Van der Hulst. CPU time was only a few
seconds.
Factorizations of p1-+1 and p2-+1:
p1-1=2.7.11.73.211.104121674194311581.p70
p1+1=256.3.5.23.47.191.1429.1907.351133.23083545197.
1355216763137.7647041370665119.3816351055699890638466789845130863
p2-1=8.7.11.19.19.23.211.553549.25324026023.
(the next p41 was found by Paul Leyland using ECMNET)
20520646346002560283517813851387071577333.
5167512574763221382378499730938591618625422936134521
p2+1=2.3.5.109.163.290588480202635737.p95
We thank the Dutch National Computing Facilities Foundation NCF
for providing access to the Cray C90, and all those workstation and PC
owners for allowing us to use their idle evening, night and weekend cycles.
Arjen Lenstra acknowledges John Cannon and the University of Sydney
for providing him access to some of their workstations.
The Cabal
(Stefania Cavallar, Bruce Dodson, Arjen Lenstra, Paul Leyland,
Walter Lioen, Peter Montgomery, Herman te Riele, Paul Zimmermann)
*) Originally derived from persons and geographical names involved
but also associated with ``Constantly Attempting to Break Any Length''.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Thought question: why do public ciphers use only simple ops like shift
and XOR?
Date: Thu, 22 Apr 1999 09:12:49 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Leonard R. Budney <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<SNIP>
> BTW this example has a bearing on our confidence in RSA. It is
doubted
> that polynomial-time factoring of primes is possible, just as
it is
> doubted that NP = P. Further, it is conjectured that cracking
RSA
> without factoring is not possible (absent other data, such as
> decryption timings).
Actually, certain instances of RSA cannot be equivalent to the
underlying IFP (D.Boneh, R.Venkatesan, "Breaking RSA may not be
equivalent to factoring").
Cheers,
- --
Sam Simpson
Comms Analyst
http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components. PGP Keys available at the
same site.
If you're wondering why I don't reply to Sternlight, it's because
he's kill filed. See http://www.openpgp.net/FUD for why!
=====BEGIN PGP SIGNATURE=====
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/
iQA/AwUBNx7Z/u0ty8FDP9tPEQJVjwCdElMbx8eOjPva0qOKAkCTzKte+MwAoMoE
PG95Mhvh0WP9lAZT5Sw5XwRC
=SIRn
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Andy Jeffries)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: ANN: Next Beta-release of Kwik-Crypt
Date: Thu, 22 Apr 1999 09:43:47 +0100
On Wed, 21 Apr 1999 16:02:32 +0200 (CEST), Anonymous eloquently stated...
> On Tue, 20 Apr 1999 13:45:51 +0100 [EMAIL PROTECTED] (Andy
> Jeffries) wrote:
> >
> >Release Candidate 2 of Kwik-Crypt is released. This release fixes a minor
> >memory leak and contains a smaller Windows GUI mode self restoring
> >capability.
>
> I just tried downloading the latest version of Kwik-Crypt. The D/L page
> indicates that the latest build is 83 however the current release identifies
> itself as build 54.
>
> Is this the most current file?
No...something went wrong with the file upload.
The latest build is now up on the web site.
--
Andy Jeffries
Kwik-Rite Development
--See http://www.kwikrite.clara.net/ for Kwik-Crypt BETA - Self-restoring
archive maker for Windows 95/98/NT using Blowfish (FREEWARE)
------------------------------
From: [EMAIL PROTECTED] (Nikos Mavroyanopoulos)
Subject: mcrypt
Date: 22 Apr 1999 09:07:11 GMT
I've created a replacement for unix crypt. I used unpatented block
algorithms like blowfish, twofish-128, tea (extended), safer64/128,
des, tripledes, 3way, cast-128, rc2 and gost. The source code of these
algorithms is based on the code found in ftp.funet.fi/pub/crypt. As you
see there is nothing new (eg. algorithms) but rather an implementation
of the existing ones.
The program can be found at ftp://argeas.cs-net.gr/pub/unix/mcrypt
It is intended to run on all unix machines (64bit or 32bit, big or
little-endian). These algorithms run in ECB, 8bit CBC, CBC or 8bit OFB
modes. Mcrypt is currently under development but it seems stable enough.
I released it under the GNU General Public License.
I'd appreciate any feedback and comments.
--
Nikos Mavroyanopoulos
mailto:[EMAIL PROTECTED]
http://sg1.math.uoi.gr/~ma06205
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
