Cryptography-Digest Digest #571, Volume #9 Thu, 20 May 99 16:13:03 EDT
Contents:
Re: PK Security (Gurripato [x=Nospam])
Re: prime numbers and the multplicative inverse ("Tony T. Warnock")
AES tweaks (Nick Strauss)
Re: RSA Q: If I have e, phi(n) - d and n, can I recover d? (Paul Rubin)
Re: Reasons for controlling encryption (Jerry Park)
Re: prime numbers and the multplicative inverse (Chris Monico)
Where can I find source to the old SLOW unix crypt function? ([EMAIL PROTECTED])
New and FREE encryption software (Denis Ballage)
FREE : new encryption software (Denis Ballage)
Re: Project ("Dennis Gaffney")
Re: prime numbers and the multplicative inverse (Thomas Pornin)
Re: symmetric boolean functions (Medical Electronics Lab)
Re: Crypto export limits ruled unconstitutional (Medical Electronics Lab)
Re: Looking for ScramDisk/PGPDisk user experiences (Paul Koning)
Re: Reasons for controlling encryption (Paul Koning)
Re: prime numbers and the multplicative inverse (John Savard)
Re: RC4 based hash (John Savard)
Re: RSA Q: If I have e, phi(n) - d and n, can I recover d? ([EMAIL PROTECTED])
SURVEY: Encryption Development ("Markku J. Saarelainen")
Re: prime numbers and the multplicative inverse ([EMAIL PROTECTED])
Re: Can a Java or Active-x program get your keys?????? (Cipher)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Gurripato [x=Nospam])
Subject: Re: PK Security
Date: Thu, 20 May 1999 14:24:39 GMT
On Thu, 20 May 1999 09:09:15 -0400, Mark E Drummond
<[EMAIL PROTECTED]> wrote:
>Sundial Services wrote:
>> I can't call myself anyone's expert, Mark, but the phrase that comes to
>> my mind is, "secure against what?" If your attacker is the NSA or MI5,
>
>Secure against the general public. We don't have anything that NSA or
>MI5 might be interested in on our network. Maybe some of our profs
>research might be of interest if other profs out there are in to
>stealing that stuff but that is about the extent of it.
But you do have a right not to have somebody else minding your
business, regardless of its interests or legality. How would you like
if the police entered your house, searched all your personal
belongings, and then left witout you being able to prevent it? Yes,
they might not find anything interested, but I don�t think I would get
relief in it. We want to be treated as people with some basic rights,
and not just as guilty-until-proven-otherwise suspects.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: prime numbers and the multplicative inverse
Date: Thu, 20 May 1999 09:11:02 -0600
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> > NO! The field does NOT need to be a prime field. GF(2^101) for
> > example, is not a prime field. Yet it is indeed a field, so every
> > non-zero element has an inverse.[from bobs, ttw]
>
> That's wrong, because if your modulus can satisfy gcd(p, a) > 1 (a is
> any number in from 1 to p-1) then some numbers will not have inverses.
>
Note that GF(2^101) is a field. The ring 2^101 has numbers without
inverses. Rings and fields are different types of entities, even when they
have the same number of elements. A simple example is to look at the ring
over 2^k which uses addition and multiplication mod(2^k) and the field
GF(2^k) which uses XOR's and shift register stuff.
Tony
------------------------------
From: Nick Strauss <[EMAIL PROTECTED]>
Subject: AES tweaks
Date: Thu, 20 May 1999 08:24:47 -0700
Weren't "tweaks" to AES submissions due on the 15th?
I'd imagine RC6a will be submitted as a tweak, and the Rijndael folks
seemed to promise one in their public comments, but I'm wondering what
other ones we might see.
Anyone else heard anything? NIST has been so good about getting stuff
online very quickly, I'm surprized they haven't got the tweak
submissions up yet.
--N
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA Q: If I have e, phi(n) - d and n, can I recover d?
Date: Thu, 20 May 1999 15:42:01 GMT
In article <[EMAIL PROTECTED]>,
Bo Lin <[EMAIL PROTECTED]> wrote:
>M = (C^-1)^A mod N since A = -d mod phi(N).
Hehehe! Very true :).
------------------------------
From: Jerry Park <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Reasons for controlling encryption
Date: Thu, 20 May 1999 15:10:40 GMT
Nathan Kennedy wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Markku J. Saarelainen" wrote:
> >
> > I have heard various reasons why commercial encryption is being
> > controlled and what real motives are behind these control maneuvers. I
> > would like to learn more what you think that real motives behind many
> > encryption control issues are and how, if true, this might be tied to
> > some commercial and business interests.
>
> Simple. The real motives behind encryption control is that
> government intelligence agencies want to know what you're
> saying, and crypto prevents that to an extent.
>
> Nate
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v0.9.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE3Qybr8WKagKsEr/ERAvfBAKCM5TAmX4TFaCKhNW/lRM2c3D/qIwCggVKf
> b/YeBuvom9nBCEGqbTo7XuM=
> =8XfT
> -----END PGP SIGNATURE-----
I've tried to conceptualize the reason for US export restrictions without
success. It appears to only hinder US companies from developing and
marketing encryption systems. It doesn't prevent non US companies from
developing and marketing encryption system -- inside or outside of the US.
(There are no import restrictions). So the policy only harms US citizens
while encouraging development of encryption systems outside the US. How can
this help the US intelligence or law enforcement?
Terrorists and other criminals are as able as anyone else to develop
encryption systems, so the restrictions do not hinder them. Since they can
purchase any such systems from companies not in the US, they don't even have
to develop such systems.
The only real effect of the export restrictions is to hinder US companies.
If there is only one real effect to a regulation, is it stretching credulity
to conclude that that effect is the only real reason for the regulation?
--
Jerry Park
Affordable Production Tools
web site: http://www.apt.simplenet.com/
javascript utilities: http://www.apt.simplenet.com/javascript/
------------------------------
From: [EMAIL PROTECTED] (Chris Monico)
Subject: Re: prime numbers and the multplicative inverse
Date: Wed, 19 May 99 20:48:58 GMT
In article <7i0qde$n8e$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
>
>> NO! The field does NOT need to be a prime field. GF(2^101) for
>> example, is not a prime field. Yet it is indeed a field, so every
>> non-zero element has an inverse.
>
>That's wrong, because if your modulus can satisfy gcd(p, a) > 1 (a is
>any number in from 1 to p-1) then some numbers will not have
inverses.
No, he/she was quite right. He meant that the field does not need to
be a prime field for every element to be invertible. GF(2^101) IS a
field and so every nonzero element in it is invertible. But GF(2^101)
is NOT the integers modulo 2^101. It is isomorphic to (and constructed
as) F_2[x]/<f>, where f\in F_2[x] is an irreducible poly of degree
101.
Example: Let f(x)=x^2+x+1\in F_2[x]. Then
F_4 =(iso)= F_2[x]/<f> = {0,1, x, x+1} is a field of order 4. Every
nonzero element is invertible-The only interesting multiplications
are:
x*x = x^2 = x+1
x*(x+1) = x^2 + x = 1
(x+1)*(x+1) = x^2+1 = x
In particular, x^{-1} = x+1 and (x+1)^{-1} = x and 1 is clearly
invertible, so every nonzero element in this field of order 4 is
invertible. Other fields of prime-power order are constructed
similarly. (Modulo some details of primitive vs irreducible polys)
Fields of non-prime order are used quite frequently in cryptography
(in application it is usually GF(2^n)) so this is not as absurd as it
might look. There is good reason for wanting a field of char. 2 with
more than 2 elements. Furthermore, it is actually quite easy to
implement this (it is only marginally more expensive than using a
single modulo operation).
If what I've heard on this thread about IDEA is correct, it does mult.
mod 65537 and addition mod 65536. Abstractly what's going on is:
Z_65537 is a field, and so the multiplicitive group (Z_65537)* is
cyclic of order 65536. In particular, it's isomorphic to Z_65536, and
so by doing additions in one group and mults in another, this is,
inducing an interesting effect that could be descibed entirely in
terms of automorphisms and bijective maps of the group (Z_65536,+).
------------------------------
From: [EMAIL PROTECTED]
Subject: Where can I find source to the old SLOW unix crypt function?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 20 May 1999 16:21:29 GMT
I am trying to understand the way the unix crypt function works and I
can't find source code to it that hasn't been updated for a "fast
crypt" implementation... Could anybody point me in the direction of
the old source code?
many thanks...
skip
------------------------------
From: Denis Ballage <[EMAIL PROTECTED]>
Subject: New and FREE encryption software
Date: Thu, 20 May 1999 18:24:44 +0200
Try this free software : CS-CIPHER.40 V1.0 here
------------------------------
From: Denis Ballage <[EMAIL PROTECTED]>
Subject: FREE : new encryption software
Date: Thu, 20 May 1999 18:27:25 +0200
==============6CCFB0B5FF7176F0094B4DC6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Try this free software : CS-CIPHER.40 V1.0 here
==============6CCFB0B5FF7176F0094B4DC6
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<HTML>
<P>Try this free software : CS-CIPHER.40 V1.0 <A
HREF="http://www.cie-signaux.fr/security/index.htm">here</A>
<BR>
<BR> </HTML>
==============6CCFB0B5FF7176F0094B4DC6==
------------------------------
From: "Dennis Gaffney" <[EMAIL PROTECTED]>
Subject: Re: Project
Date: Thu, 20 May 1999 07:02:30 -0700
Thanks that'll do
David A Molnar <[EMAIL PROTECTED]> wrote in message
news:7i068d$m18$[EMAIL PROTECTED]...
> Dennis Gaffney <[EMAIL PROTECTED]> wrote:
> > Hi, I'm doing a project on Cryptography, could anybody give me the URL
of
> > any good sites?
>
> Ron Rivest has a page full of useful crypto links at
> http://theory.lcs.mit.edu/~rivest/crypto-security.html
>
> You can find a list of interesting cryptographers at
> http://www.swcp.com/~mccurley/cryptographers/cryptographers.html
>
> Should you just happen to like linear algebra and lattices, check
> out http://www.dice.ucl.ac.be/~fkoeune/LLL.html
>
> Beyond that you will need to specify -- are you just looking for
> project ideas, or do you have something in mind? Once you've got
> a topic, you can find if anyone's working on it or close to it
> and then, insh'allah, they've posted their work someplace.
>
> Good luck,
> -David Molnar
>
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: prime numbers and the multplicative inverse
Date: 20 May 1999 16:41:30 GMT
According to Chris Monico <[EMAIL PROTECTED]>:
> If what I've heard on this thread about IDEA is correct, it does mult.
Indeed, it does perform:
** addtions modulo 2^16
** multiplications modulo 2^16+1
All quantities are 16-bits; for multiplications, the '0' value is
considered to be '2^16', which means that each value as an inverse, and
the multiplication by a fixed value is a bijection, therefore invertible
(for decryption) and yields no statistical bias.
--Thomas Pornin
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Crossposted-To:
sci.chem,sci.econ,sci.image.processing,sci.electronics.design,sci.physics,sci.physics.fluid-dynamics,sci.math
Subject: Re: symmetric boolean functions
Date: Thu, 20 May 1999 12:07:12 -0500
Hankel O'Fung wrote:
>
> Hi Michael, Ted, Russell and Gary,
>
> Thanks very much. All your suggestions and comments are helpful to me.
>
You're welcome. Good luck with your paper (and job!)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Crypto export limits ruled unconstitutional
Date: Thu, 20 May 1999 12:14:14 -0500
John Savard wrote:
> I thought that France still bans domestic use of strong cryptography,
> without a form of key escrow that essentially limits cryptography to
> large business organizations.
They changed their minds. I'm not sure when the laws change, but
they never really enforced it anyway. I think the idea of giving
economic spys a point of attack may have helped as did ECHELON.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Looking for ScramDisk/PGPDisk user experiences
Date: Thu, 20 May 1999 11:04:39 -0400
Sundial Services wrote:
>
> We are acquiring a laptop computer that will carry working-copies of
> source-code to our software products ... the crown jewels of our
> kingdom, obviously, and we need to be certain that this material will be
> safe from disclosure even if the computer itself takes someone else's
> flight.
>
> This sounds like an obvious application for ScramDisk or PGPDisk, which
> would allow us to secure the important materials on the drive so that
> they would be worthless to a thief.
>
> Therefore, we would like to gather real-world experiences with these
> products. Gotchas? War-stories? Things you "wish you didn't know now
> that you didn't know then?"
I've been using Scramdisk for perhaps a year now. Before that, I used
SFS (from Peter Guttman).
Scramdisk is an excellent piece of work. I haven't picked apart the
crypto piece in detail. You might want to do that given your intended
application... But the theory behind it appears sound, and the fact
that you can see the source (and recompile from scratch if you
wish) is comforting. The user interface works very well. It has
given me no trouble at all.
SFS is ok too, with two issues: (1) no source code (but the author
has an excellent reputation); (2) when used under Win95, in "removable
disk" mode, it triggers a Windows bug that sometimes gives you a blue
screen complaining about I/O errors. Retrying fixes it but it's
a bit of a hassle. Running it in non-removable disk mode, which may
be fine for what you want, avoids that bug. SFS, being DOS-based,
can protect a bit more of your system than Scramdisk, though I don't
know that the difference will be particularly interesting in practice.
PGPdisk I don't know.
Bottom line for me: go for Scramdisk.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Thu, 20 May 1999 10:58:47 -0400
Doug Stell wrote:
> ...
> The stated reasons I've heard from the NSA are the following. The
> first few are laudable goals, although impossible to achieve and under
> assumptions that are not true in the modern world....
Given the total disconnect between those reasons as you quoted
them and reality, I find it impossible to give them any
credit at all. I can't conceive of honest people being that
ignorant. So the only conclusion I'm left with is that the
real reasons are none of those laudable ones, and the reasons
publicly stated are a cynical smoke screen designed solely for
the purpose of misleading the public.
A more believable reason is "as the first step in outlawing crypto
entirely to facilitate wiretapping of law abiding people".
If you look at what the FBI has to say on the topic, this
comes through quite clearly.
paul
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: prime numbers and the multplicative inverse
Date: Thu, 20 May 1999 18:41:00 GMT
[EMAIL PROTECTED] wrote, in part:
>I have seen the page. his information is not only correct it is
>presented professionally too :)
Thank you. I guess because I avoided using technical terms like
"group", "field", and "ring", I managed to avoid running afoul.
However, I just glanced at the page, and found there was _some_ room
for improvement: the "Up" link from the page was wrong, and when I
said that K()=-K(), the minus sign was hard to see. Now tidied up.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RC4 based hash
Date: Thu, 20 May 1999 18:44:54 GMT
[EMAIL PROTECTED] wrote, in part:
>If you used the RC4 key schedule as a compression function (using the
>message as the key), then the RC4 RNG as the actual hash output
>wouldn't that a neat basis?
I've seen that suggested before. But RC4 is not a very good hash
function _by itself_, because each byte of the key only affects *some*
table entries. Thus, some parts of the key might not affect a short
sequence of RC4 output used as a hash, making it possible to produce
collisions.
There might be ways to use that algorithm as a component of a hash
function, but it would be playing an auxilliary role in making
analysis more difficult.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA Q: If I have e, phi(n) - d and n, can I recover d?
Date: 20 May 99 19:08:34 GMT
Paul Rubin <[EMAIL PROTECTED]> wrote:
> In article <7i030k$647$[EMAIL PROTECTED]>,
> Dean Povey <[EMAIL PROTECTED]> wrote:
>>Hi all,
>>
>>I have a question regarding RSA keys. Is it possible to give away
>>phi(n) - d in addition to the usual e and n without being able to recover
>>d or phi(n)?
> ed = 1 mod phi(n), where e is the (known) public exponent.
> Let A=phi(n) - d. Then eA = e*phi(N) - ed = -1 mod phi(N).
> So B=eA + 1 is a multiple of phi(N). Find D so that eD = 1 mod B
> and you have a decryption exponent.
Why not simply take D=-A (decrypting E means then to take E^(-A)_mod_n, so
take the inverse of E mod n and then raise to the power A)?
(the decrypting exponent is not fixed ... it is any integer d so that
ed=1 mod lambda(n) (phi(n) is a multiple of lambda(n): for n=pq, p,q
distinct primes, lambda(n)=LCM(p-1,q-1) which suffices for decrypting)
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: SURVEY: Encryption Development
Date: Thu, 20 May 1999 13:18:32 -0700
Dear Friend,
this survey is the continuation of some previous encryption surveys in
1996 and 1997. I would appreciate greatly, if you could answer the
following three questions and then email your responses to my email
address ( [EMAIL PROTECTED] ). After the completion of this survey, I
shall email summary results of this survey to all individuals who
responded to this survey. Thanks in advance.
My best regards,
Markku
---- Encryption Survey
1. In your opinion, what is the current level of the encryption
utilization globally in business communications on the Internet or in
other communication medium?
2. In your opinion, what are main barriers that are preventing the
proper and satisfactory utilization of encryption technologies in
individual and business communications?
3. In your opinion, what can be done to reduce these barriers and
facilitate the more effective use of cryptographic tools and
applications in individual and business communications?
---- Encryption Survey
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: prime numbers and the multplicative inverse
Date: 20 May 99 19:00:29 GMT
[EMAIL PROTECTED] wrote:
>> NO! The field does NOT need to be a prime field. GF(2^101) for
>> example, is not a prime field. Yet it is indeed a field, so every
>> non-zero element has an inverse.
> That's wrong, because if your modulus can satisfy gcd(p, a) > 1 (a is
> any number in from 1 to p-1) then some numbers will not have inverses.
Well .. of course, GF(2^101) is not the set of integers modulo 2^101 but
is a finite field (whose elements are designated ... what? the "numbers"
in the field). Of course, if you want the integers modulo n to be a field,
then n must be prime.
------------------------------
From: [EMAIL PROTECTED] (Cipher)
Subject: Re: Can a Java or Active-x program get your keys??????
Date: Thu, 20 May 1999 19:12:04 GMT
For a good scare, point your browser to:
http://wintune.winmag.com/
and run through the all the web broswer based performance tests...
It'll test your drive performance for you, find your CPU serial
number, and even tell you your bios revision. I can't imagine that
picking up your key databases would be all that much more difficult.
: )
On 25 Apr 1999 13:18:13 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>Paul Koning <[EMAIL PROTECTED]> wrote:
>>> Active-X script downloaded from the net or maybe something hidden in
>>> your operating system?
>
>> I think the answers are: Java *supposedly* not; activeX yes. So avoid
>> the latter.
>
>Did anything ever come of trying to create Java applets which would
>perform timing attacks? I remember hearing speculation about it, but
>do not know if anyone actually pulled it off. Certainly it seems just
>on the edge of plausibility.
>
>-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
