Cryptography-Digest Digest #568, Volume #9 Wed, 19 May 99 23:13:02 EDT
Contents:
des and triple des attacks (daniele)
Re: Diophantine equations (Terry Ritter)
Re: PK Security (Sundial Services)
Re: Encryption starting (David A Molnar)
Re: CRC16 polynomials (Sundial Services)
Can someone define... (David Ross)
Re: Can Somebody Verify My DES execution? ("Zulkifli Hamzah")
Cyber haven ("PAUL A ROSENBERG")
Re: Scramdisk/Norton query ("N")
Looking for ScramDisk/PGPDisk user experiences (Sundial Services)
Re: Can someone define... ("Brian Hetrick")
Re: looking for independant encryption strength analysis (Paul Rubin)
Re: looking for independant encryption strength analysis ([EMAIL PROTECTED])
Re: Diophantine equations ("Alan J. Robinson")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (daniele)
Subject: des and triple des attacks
Date: Wed, 19 May 1999 22:50:32 GMT
Hi all.
I'm making a thesys on the des and triple des attacks.
anyone can suggest me any web resource dealing with these topics?
please answer at
[EMAIL PROTECTED]
thanks for the attention.
daniele
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Diophantine equations
Date: Wed, 19 May 1999 23:15:29 GMT
On Wed, 19 May 1999 15:00:47 -0500, in <[EMAIL PROTECTED]>,
in sci.crypt "Alan J. Robinson" <[EMAIL PROTECTED]> wrote:
>The literature on linear congruence random number generators as used in
>cryptography seems to imply that their parameters are so easily solved
>that it isn't even necessary to document how is is done.
>[...]
I think the real implication is that one is familiar with the
cryptographic literature on that topic:
Reeds, J. 1977. "Cracking" a Random Number Generator. Cryptologia.
1(1). (Also: Cryptology Yesterday, Today, and Tomorrow. 1987.
Editors: C. Deavours, D. Kahn, L. Kruh, G. Mellen and B. Winkle.
Artech House: Norwood, Mass. 509-515.)
Vahle, M. and L. Tolendino. 1982. Breaking a Pseudo Random Number
Based Cryptographic Algorithm. Cryptologia. 6(4): 319-328.
Frieze, A., R. Kannan and J. Lagarias. 1984. Linear Congruential
Generators Do Not Produce Random Sequences. Proceedings of the 25th
Symposium on the Foundations of Computer Science. 480-484.
Knuth, D. 1985. Deciphering a Linear Congruential Encryption. IEEE
Transactions on Information Theory. IT-31(1): 49-52.
Hastad, J. and A. Shamir. 1985. The Cryptographic Security of
Truncated Linearly Related Variables. Proceedings of the 17th ACM
Symposium on Theory of Computing. 356-362.
Stern, J. 1987. Secret Linear Congruential Generators are Not
Cryptographically Secure. Proceedings of the 28th Annual Symposium on
Foundations of Computer Science. 421-426.
Frieze, A., J. Hastad, R. Kannan, J. Lagarias and A. Shamir. 1988.
Reconstructing Truncated Integer Variables Satisfying Linear
Congruences. SIAM Journal on Computing. 17(2): 262-280.
Lagarias, J. and J. Reeds. 1988. Unique Extrapolation of Polynomial
Recurrences. SIAM Journal on Computing. 17(2): 342-362.
Boyar, J. 1989. Inferring Sequences Produced by Pseudo-Random Number
Generators. Journal of the ACM. 36(1): 129-141.
Krawczyk, H. 1992. How to Predict Congruential Generators. Journal
of Algorithms. 13: 527-545.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
Date: Wed, 19 May 1999 17:37:24 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: PK Security
Mark E Drummond wrote:
>
> Realising that this has much to do with key-length and the algorithms
> used, in a general sense, how secure is public key cryptography today?
> iow, how secure is a message that has been encrypted using my Verisign
> certificate (1024 bit key)?
I can't call myself anyone's expert, Mark, but the phrase that comes to
my mind is, "secure against what?" If your attacker is the NSA or MI5,
then your message probably is going to be readable and you'll never
know. But if your attacker is civilian, a competitor or a nosy
neighbor, then my understanding is that your message is extremely secure
if you employ the cryptosystem properly. "The price of security is
eternal vigilance."
Most weaknesses of cryptosystems in the field, I believe, come from the
manner in which the system is deployed - or basic human foibles that the
intruder can find and discover. I once bet my boss that I could guess
his logon password in less than three tries - and he wound up buying me
lunch that day.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Encryption starting
Date: 20 May 1999 00:15:16 GMT
[EMAIL PROTECTED] wrote:
> Applied Cryptography is indeed an excellent book, but as the name
> suggests, it is intended mostly for people who want to implement a
> specific protocol or algorithm. It lacks the mathematical rigor of say
> _Cryptography: Theory and Practice_ or _The Handbook of Applied
> Cryptography_, although it is very useful as a reference book, say when
> you forget how to do a blind signature scheme.
I'd suggest that it also excels in giving the intuition behind the use
of various cryptographic protocols and attacks. There is more to crypto
than just block ciphers, and the book covers a range of interesting
applications. Sometimes the lack of detail is annoying, but this is
much improved in the 2nd edition (compare the discussion of Yao's
millionaire problem with the simple statement of a protocol in the
1st ed w/o explanation).
-David
------------------------------
Date: Wed, 19 May 1999 17:38:13 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: CRC16 polynomials
Russell Harper wrote:
>
> The CRC16 polynomial used in XMODEM can be represented by 0x1021 =
> 1000000100001. Does anyone know of a link where there are other CRC16
> polynomials and a description of their relative merits? Or a way to
> determine them empirically?
Any search of Yahoo, e.g. on "CRC" or the like will produce a cornucopia
of papers, source-code and so on...
------------------------------
From: [EMAIL PROTECTED] (David Ross)
Subject: Can someone define...
Date: Thu, 20 May 1999 00:35:02 GMT
Hello -
In a recent post to this newsgroup, I saw:
>Firstly, a simple XOR against any finite-length fixed string or simple
>(e.g., affine) pseudo random number generator (PRNG) is easily broken.
Can someone, in layman's terms, define "affine" as it is used here
to describe a PRNG?
many thanks
Dave Ross [EMAIL PROTECTED]
------------------------------
From: "Zulkifli Hamzah" <[EMAIL PROTECTED]>
Subject: Re: Can Somebody Verify My DES execution?
Date: Thu, 20 May 1999 08:51:29 +0800
Reply-To: "Zulkifli Hamzah" <[EMAIL PROTECTED]>
Dear Ladies and Gentlemen, Forum,
I would like to thank all for replies and ideas posted, too many to mention
one by one whom; I really appeciate all replies - even this has propagated
further
topic of discussion.
What happened was:
1) Initially I developed the DES in a scratch manner, i.e., typing all the
tables and
boxes into my DESTable.C file; then directly coding all the IP(), Encrypt(),
and
several other functions into Des.c file, taking me one overnight. I executed
the code
and I noticed that the Avalance Effect is not within the
_range_of_statisfaction_
(if you could see my first post.). I did not even code Decrypt() yet.
2) I posted the outcome to this group!!! I hid myself for several days,
waiting for
night to come to unravel the cause (there... thanks again for the replies,
you all!).
Keeping in mind during my college time "... testing will show the presence
of
bug(s), not the absence of it...", still debugging.
3) Until last night, I suspect the problem comes from the table; I noticed
the table
for Permutation choice 1 ( the 56-bit key initially undergoes this process
before
RotateRight() process ). Some content of the PermChoice1[] points to larger
than 56 (for ex: 60, 61) i.e., permutation becomes
permutated[i] = originalkey[ PermChoice1[i]];
would become permutated[i] = originalkey[60];, which is out of range !!!
So, I _corrected_ (my way, yeah!) it, and it works !!! (by justifying that
the
Avalance Effect in the range of 25 - 35 bits diff.).
So, what's the cause of problem concluded here ?
Myself ! Yes, I should have checked and verified the tables given make
sense :-)))
Zul Hamzah
Email: [EMAIL PROTECTED]
"What's next? Some IDEA ?"
------------------------------
From: "PAUL A ROSENBERG" <[EMAIL PROTECTED]>
Subject: Cyber haven
Date: Wed, 19 May 1999 18:44:42 -0500
Do You Want A Cyber-Haven?
Tax havens? Passe. How about a cyber haven? If you could have a place
to
work that gave you all the bandwidth you'd ever need, complete freedom, a
superb
lifestyle, and plenty of support, would you be interested? And what if this
were not only
a dream, but a place that could be built and ready for you in a year or two?
How do we define cyber haven? Fiber everywhere (singlemode!), bandwidth
to
burn, running IP directly on the glass, ubiquitous access, and the entire
system
managed by people who understand what you need. No government regulations,
no
restrictions, no one telling you that you are not allowed to do something.
Living in the
Carribean, in a place where you and your business will be welcomed, even
celebrated.
Ar you interested yet? Then how about this for a bonus: No income
taxes,
virtually no rules or regulations, do whatever you like so long as you don't
hurt anyone.
Sound like paradise? Well, it will never be paradise, but it's probably a
hell of a lot
better than where you're living and working now.
If I asked you if you wanted to live in this place, you'd probably say
"yes", but
that's the easy question. The important one is this: Are you willing to work
for it? No,
there is no such thing as a free lunch, and if you want this place to be
built, you'll have
to spend time, money, and energy. Do you still want it? Would it be worth
some work to
live in a place like this?
Let me tell you right now that this place is ready to go: The plans are
in place,
architects, engineers, and developers are on-board, there are already
hundreds of
residents waiting to move in, many businesses waiting to move in, and
international
relations developing. All we need now is numbers: numbers of people involved
and
dollars in hand.
The place we are talking about is called New Utopia, a new city which
will be
built on submerged islands (5-20 meters) in the Carribean on the Cayman
Ridge. (On
the Misteriosa Bank, to be precise.) Not only will it be a new city, but it
will also be a new
nation. Sound far-fetched? Perhaps; but it is doable right now, violates no
international
laws, encroaches on no nation's territory, and is getting a lot of people
interested.
Have you ever had the experience of being in a large room full of
thousand
smart, energetic, cooperative people? If you have, you what a unique,
intoxicating
pleasure it is. Imagine a city full of people like that. Those are the kinds
of people we
are signing up to live in New Utopia - engineers, programmers, inventors,
doctors,
entrepreneurs, writers, and film makers. Interesting, energetic people who
are engaged
in life.
If you want it, you can have it. Will it be perfect? No. Will you get
it cheap, easy,
and fast? Hell no! But if you (and people like you) want it, you can have
it.
Go check out the New Utopia web site at www.new-utopia.com, then get
involved: Sign-up as a citizen, invest in the project, tell your friends. Do
whatever you
can, but do something! The opportunity is in front of us, and we can make of
it what we
will. Do you really want freedom? Are you willing to do something to get it?
I hope to see you there.
A final note for those of you deeply involved in the computer,
software, and
telecommunications businesses: As we all know, some of the greatest
non-technical
obstacles we have faced have been governmental and regulatory. For example,
we've
had the ability to run at very high bandwidths for years, but we could not,
because of
the last-mile problem. The last-mile is only a problem because of monopoly
protections
for local telcos. In other words, if you and I try to open a better
telephone company in
Dayton, Ohio, big guys with guns come and shut-down our company; maybe we go
to
jail. You all know that these types of restrictions are imposed on the
entire
telecommunications industry.
Do you think things will get better? Think again. We worked on the fringes
of
society for a long time. We were considered eccentrics and electronics
geeks, and we
were left alone to do our thing. But now, we've shown up on the political
radar screens.
Whether you love or hate Bill Gates, you have to admit that one of the
government's
major reasons for going afer him was that the computer industry wasn't
playing the
political game. The entire computer industry had just a handful of lobbyists
in
Washington - they were not spreading any money around. The attack on
Microsoft was
intended to show all of us that we needed to pay for friends in Washington.
Wouldn't you like to side-step the political money game, and the "I'll
tell you what
you are allowed to sell" game? Help us build New Utopia and you'll be able
to produce
whatever you want without playing any games.
------------------------------
From: "N" <[EMAIL PROTECTED]>
Subject: Re: Scramdisk/Norton query
Date: Thu, 20 May 1999 01:07:33 GMT
Yes - I'm aware of the pitfalls, which is why I keep a careful eye on what
shows up in the protected recycle bin.
Thanks
N
------------------------------
Date: Wed, 19 May 1999 17:43:38 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Looking for ScramDisk/PGPDisk user experiences
We are acquiring a laptop computer that will carry working-copies of
source-code to our software products ... the crown jewels of our
kingdom, obviously, and we need to be certain that this material will be
safe from disclosure even if the computer itself takes someone else's
flight.
This sounds like an obvious application for ScramDisk or PGPDisk, which
would allow us to secure the important materials on the drive so that
they would be worthless to a thief.
Therefore, we would like to gather real-world experiences with these
products. Gotchas? War-stories? Things you "wish you didn't know now
that you didn't know then?"
(Please reply to newsgroup only. No vendors, please.)
------------------------------
From: "Brian Hetrick" <[EMAIL PROTECTED]>
Subject: Re: Can someone define...
Date: Wed, 19 May 1999 21:23:26 -0400
X[n+1] = A X[n] + B (mod C)
Strictly speaking, a "linear" congruential generator cannot add a
constant term, while an "affine" one can. (Yeah, I know.
Mathematicians.)
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: looking for independant encryption strength analysis
Date: Thu, 20 May 1999 02:18:58 GMT
Matthew Bennett <[EMAIL PROTECTED]> wrote:
>As an independent test of the encryption strength of files outputted by my
>program is required for an interested company, I would be very grateful for
>any information people in this newsgroup might be able to offer. Does
>anyone know of a link/e-mail to someone that would be prepared to offer such
>an analysis. I assume they will ask for a fee, so any likely idea of cost
>would also be appreciated.
It's not worth it. You should use a standard algorithm. No matter
how much you pay someone to examine your algorithm, you will get back
either a positive cryptanalytic result saying your algorithm is
definitely insecure and you should replace it with a standard
algorithm; or else a negative result saying that since no break was
found, your algorithm might have some chance of being secure, but
there's really no way to tell, so in order to be safe, you should
replace it anyway with a standard algorithm. What concrete advantages
does your algorithm have compared to a standard one? If there aren't
any extremely compelling reasons to use your algorithm, you should not
use it.
If you still want to pursue cryptanalysis, two companies you might
contact are Counterpane Systems (www.counterpane.com) and Cryptography
Research (www.cryptography.com). These organizations know what they
are doing and have broken numerous fielded systems. Be ready to pay a
lot, and expect to get back advice that you don't want to hear. Or
save your money and use a standard cipher, in case I haven't mentioned
that yet.
If you contact anyone else (e.g. respondents from this newsgroup), ask
them which ciphers designed by other people they have broken, and if
they haven't broken any, then consider it totally meaningless if they
don't break yours either.
>Please bear in mind that I am a programmer, not an encryption expert,
>so I know very little of this subject. I do however believe the
>encryption produced by my program is secure...
Your belief is very touching but since you've come right out and
said that you don't have the expertise that would make your belief
meaningful to anyone else, you might as well not have told us this.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: looking for independant encryption strength analysis
Date: Thu, 20 May 1999 02:01:05 GMT
Matthew Bennett wrote:
> Since I've had no response to my previous posting, I assume getting an
> independent strength analysis of an "un-tested" encryption method is
not
> simple enough to be done casually by someone.
>
> As an independent test of the encryption strength of files outputted
by my
> program is required for an interested company, I would be very
grateful for
> any information people in this newsgroup might be able to offer. Does
> anyone know of a link/e-mail to someone that would be prepared to
offer such
> an analysis. I assume they will ask for a fee, so any likely idea of
cost
> would also be appreciated. Please bear in mind that I am a
programmer, not
> an encryption expert, so I know very little of this subject. I do
however
> believe the encryption produced by my program is secure, though
> understandably this company would rather have an independent test
performed
> on the encrypted files produced.
Well, my group at Certicom does some of that. Counterpane
has a good reputation, and there are a number of others you
can hire. Prices are steep and a preliminary report takes
about two man weeks.
I can, however, give you some info for free. Your program
seems to generate a pseudo-random stream from the password
and add it to the data. There's no per-message variability,
and consequently the system falls when an attacker gets his
hands on multiple messages encrypted with the same key. This
is a frequent error in using stream ciphers.
You provide no authentication. If I know the plaintext, I
can change the ciphertext to decrypt to whatever I want.
The RNG looks bad. I can't really examine it for free, but
I notice that given the key "aaaa", every forth byte has a
high nibble of 0.
This is a poor system. You should warn people away from it.
If you want to program a cryptographic application, I'd
recommend that you learn the basics and then use established
algorithms.
--Bryan
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "Alan J. Robinson" <[EMAIL PROTECTED]>
Subject: Re: Diophantine equations
Date: Wed, 19 May 1999 21:38:23 -0500
Reply-To: [EMAIL PROTECTED]
Terry Ritter wrote:
>
> On Wed, 19 May 1999 15:00:47 -0500, in <[EMAIL PROTECTED]>,
> in sci.crypt "Alan J. Robinson" <[EMAIL PROTECTED]> wrote:
>
> >The literature on linear congruence random number generators as used in
> >cryptography seems to imply that their parameters are so easily solved
> >that it isn't even necessary to document how is is done.
> >[...]
>
> I think the real implication is that one is familiar with the
> cryptographic literature on that topic:
>...
>From Joux and Stern [1994] "Lattice Reduction: a Toolbox for the
Cryptanalyst":
"Lattice reduction has also been applied successfully in various
cryptographic contexts... against truncated linear congruential
generators... Despite the available literature, papers are still
being submitted (and sometimes published) that describe cryptographic
protocols that can be broken, via lattice reduction techniques,
almost by inspection."
Apparently I'm not the only person who is unfamiliar with this
literature <g>.
Anyway, thanks everyone for an excellent set of references!
Alan J. Robinson
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
