Cryptography-Digest Digest #574, Volume #9 Fri, 21 May 99 13:13:03 EDT
Contents:
Re: Reasons for controlling encryption (Bo D�mstedt)
Re: Reasons for controlling encryption (Mok-Kong Shen)
Re: Looking for pointers (Terry Ritter)
Re: Looking for pointers (Mark E Drummond)
Re: Security (Patrick Juola)
Re: Reasons for controlling encryption ("Markku J. Saarelainen")
Re: Reasons for controlling encryption (Mike McCarty)
Re: Biprime Cryptography, Part II (wtshaw)
Re: Reasons for controlling encryption (SCOTT19U.ZIP_GUY)
Re: RSA Cryptography Question (Emmanuel BRESSON)
PGP Implementation of DH/DSS vs. RSA. (Mike Fredenburg)
Re: Biprime Cryptography, Part II (Matthias Bruestle)
Re: looking for independant encryption strength analysis ("Matthew Bennett")
Re: looking for independant encryption strength analysis ("Matthew Bennett")
Re: RC4 based hash (John Savard)
Re: Symmantic question (John Savard)
Re: Can a Java or Active-x program get your keys?????? (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Reasons for controlling encryption
Reply-To: [EMAIL PROTECTED]
Date: Fri, 21 May 1999 10:22:26 GMT
Jerry Park <[EMAIL PROTECTED]> wrote:
>I've tried to conceptualize the reason for US export restrictions without
>success.
Right. Is there _anyone_ out there that has been able to
"conceptualize the reason for US export restrictions" ??
Well, my opinion, on the subject, is that U.S. export restrictions
are fun to read about !
Bo D�mstedt
Protego Information AB
http://www.protego.se
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 12:22:08 +0200
Andrew Haley wrote:
>
> A terrorist organization cannot simply go to the corner store and buy
> secure telephones. Yes, with software from the net, a PC, and a
> couple of soundcards they might be able to assemble something
> functionally equivalent but much less portable.
Do you think that criminals highly desire that the systems they employ
are portable instead of being difficult to copy by the law enforcement?
>
> A well funded terrorist or criminal organization might be able to make
> such things itself or buy them on the black market, of course.
You overestimate the cost. Hardware cost is continually falling
and most software can be obtained for free.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Looking for pointers
Date: Fri, 21 May 1999 04:35:13 GMT
On 21 May 1999 01:10:57 GMT, in <7i2br1$kr0$[EMAIL PROTECTED]>,
in sci.crypt David A Molnar <[EMAIL PROTECTED]> wrote:
>[...]
>abstract algebra and number theory
...including finite field theory and polynomial fields and Boolean
functions. This will be beyond the usual first courses.
>[...]
>computational complexity -- the concept of a "reduction." Why
> reductions help us 'prove' security.
Alas, there *is* no such proof. Indeed, we have every evidence that
there simply *can* *be* no such proof.
Talking about "proven security" amounts to promoting a delusion which
all too many want to believe and will grasp out of context. What
security proofs we have in cryptography depend upon assumptions which
cannot be proven in practice. There is no proven security.
Choosing the development of proven cryptographic security as one's
life goal has every possibility of producing a wasted life. There are
many other far more productive avenues.
>[...]
>What else ? what do people think of these categories? and what would
>you recommend to someone starting out in each of 'em? I know the FAQ
>has a list of books -- is that being updated?
A wide variety of books useful in cryptography are listed by category
on my pages. Those who would suggest other titles, please let me
know.
One area which we normally assume most scientists know, but which many
seem to have forgotten, is logic: the formal algebraic study of
argument. Related to that would be some language involvement with
advocacy, to include the study of rhetorical fallacies and propaganda.
Yet another area is something we used to call "artificial
intelligence." In particular, I promote some study of computing
machinery with a particular eye toward using the machinery to solve
problems in ways which are not simply the evaluation of mathematical
formulae.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Mark E Drummond <[EMAIL PROTECTED]>
Subject: Re: Looking for pointers
Date: Fri, 21 May 1999 08:22:19 -0400
Thanks for all the pointers everyone. I can see I have lot of rust to
work through first. I've started reading some of the _Handbook of
Cryptography_ but I expect the math to get out of hand soon. Perhaps I
will take a few courses to brush up on the basics first. Fortunately for
me I work at a University (and 2 minutes away from another one) and my
boss is all for me taking courses.
Thanks again.
--
_________________________________________________________________
Mark E Drummond Royal Military College of Canada
[EMAIL PROTECTED] Computing Services
Linux Uber Alles perl || die
...there are two types of command interfaces in the world of
computing: good interfaces and user interfaces.
- Dan Bernstein, Author of qmail
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: Security
Date: 21 May 1999 09:34:18 -0400
In article <7i1v0v$j6d$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>> [EMAIL PROTECTED] wrote:
>> >A cipher is only provably secure if all outputs are possible (random
>> >distribution based on the key) given any input.
>>
>> This is a stronger condition than necessary; all that is necessary
>> is that for all plaintext p, the set of possible cyphertexts is
>> the same (over all keys), irrespective of whether or not this
>> actually exhausts the set of possible cyphertexts.
>
>I'd add something about their probabilities. Shannon's
>"perfect secrecy" is independance of plaintext and ciphertext.
>
>> >How do you create this
>> >random distribution in one round? If there are any one round
>> >characteristics (or linear approximations) chances are the algorithm
>> >can be cracked in reduced-round variants (and possible full-round).
>>
>> One obvious way to do it would be to insert random padding of some
>> sort in order to exhaust the set of possible outputs. As an example,
>> suppose that we agree to use a symmetric block algorithm, but every
>> block that I send will contain only one actual data byte and the rest
>of
>> the bytes will be randomly generated noise that I put in just to fool
>> the cryptanalysts. Of course, you just throw away all this noise when
>> you get it. And by careful design of the cypher, I can ensure that
>> the property I outline above holds.
>
>There's a catch. In the best case, the noise will
>increase the unicity distance by the same amount that it
>expands the ciphertext. Adding noise doesn't increase the
>amount of plaintext we can send in perfect secrecy.
Really? I find this counter-intuitive; can you expand?
-kitten
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 09:21:49 -0700
Excellent responses ... what about another angle of encryption control such as
controlling covertly encryption product market place ... having the encryption
control legislation is one thing, but imposing specific encryption product
design and development guidelines is yet even more significant matter ..one can
only guess the extent that covert encryption control programs play their role in
today's technology market place ..I suppose there are people who would never use
any of current VERY popular cyrptographic programs for their personal and
business communications ...just a thought ..what do you think?
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Subject: Re: Reasons for controlling encryption
Date: 21 May 1999 14:22:07 GMT
In article <[EMAIL PROTECTED]>,
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
)Mike McCarty wrote:
)> [sarcastically:] Everyone knows that only about 5 people in the world
)> could ever have discovered the atomic bomb, and they all live here.
)> So if we just never tell anyone, no one else will ever find out.
)
)One problem with exaggerating your point is that it makes a
)caricature of your own position. Nuclear weapon design isn't based on
)just one secret; however, there are indeed very many engineering
)secrets involved in building *effective* nuclear weapons, and it cost
)much to discover them. So it makes sense to protect such secrtes.
)
)Similarly with real secrets of cryptography, and yes, there are many.
Of course there isn't just *one* secret involved in making a successful
nuclear weapon. Nor in making a successful cryptographic system. But the
point was the arrogance involved in thinking that information of that
sort can be suppressed.
One can suppress information of an "event" nature. Such as whether some
particular event occurred, that's what I mean. But just knowledge in
general cannot be suppressed. Physical laws and processes can be
rediscovered. Admittedly, there is a price for the rediscovery. But
that knowledge cannot be suppressed effectively. Cryptography is the
same way. Such information is qualitatively different from
)> The NSA, far from wanting to promote freedom and liberty by
)> protecting our country, assumes that WE THE PEOPLE are the biggest
)> criminals they must protect the gov't from.
)
)Funny, none of the many NSA employees of my acquaintance believe any
)such thing. Where do you get your "information"?
You might try looking over the information about Kevin Mitnik, for
example. You might try investigating the "incident in the mall" in
Washington, DC. in which several people were illegally detained and
searched under the direction of the NSA.
)There are undoubtedly many politicians who use governmental power to
)control the populace. But that isn't remotely within NSA's charter.
Oh, I agree, that is not their *charter*.
OTOH, I also admit that I was really using NSA as a generic term for
government employees in high levels. I put the IRS in the same generic
pot. I probably should have been more concrete in some aspects of my
post.
I have personally known people who were arrested w/o warrant, and
shuffled between one Federal prison and another, being kept incognito
for months, and later released without being charged. I have myself
been illegally searched and detained (by local police, not Fed agents).
I have had non-specific threats made against me for violating
unspecified Federal regulations. I have personally know people who were
charged with violating the *penalty clauses* of Federal regulations.
(How does one violate a penalty clause?)
In March 1933 (I forget whether it was the 19 or the 13, I belive the
19) the US Constitution was officially and illegally abrogated by
Congress, and modifications were made to the so-called Emegergency
Powers Act which revoked the clauses exempting US Citizens from powers
granted to the President to revoke transactions / contracts, and other
acts of enemies of the United States, and the Citizens of the US were
put on the same basis as Enemies of the United States. This was used as
rationale for the siezure and mortgage of all properties in the US to
the Federal Reserve Bank, a privately held corporation.
This is not intended to be any sort of indictment against any particular
person who might work for the US Govt. I was gratified to read the story
of the investigation and capture of the spies in the book "The Cukoo's
Egg" (is that title correct) because the liberal fellow who did it met
some real "spooks" and found that they are regular people who are trying
to do a job of protecting the US. And I'm sure that most NSA employees
fall into that category. Most IRS agents don't have the *intelligence*
to be a threat to anybody. But that's another subject.
Mike
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Biprime Cryptography, Part II
Date: Fri, 21 May 1999 09:09:55 -0600
In article <[EMAIL PROTECTED]>, kurt wismer
<[EMAIL PROTECTED]> wrote:
> Nathan Kennedy wrote:
> >
> > In fact, don't change the name "public key cryptography" at all.
> > I do not believe you could change that to anything more helpful.
>
> i don't know... asymetric key cryptography may be a little more
> descriptive...
>
> at least to those who know what symetric and asymetric mean in general..
>
These are poor classification choices since symmetry can refer to many
different qualities of algorithms. Given the choices, "Conventional
Encryption," is a better term for all other than Public Key algorithms,
and has been used by some authors.
The use of the terms you mention speak to the egocentricity of those that
would like to dismiss with ease and oversimplification that which they do
not fully understand.
When you come to new algorithms, which are certainly not going to be
*conventional* by definition, you get back into the same fix. Perhaps the
best classification, being the most clear, is Public Key and Non-Public
Key. Assume that an algorithm is not public key oriented unless it is
explicitly stated that it is.
The non-public key domain of algorithms easily contains many, classics,
that are much weaker than PKA's and many that are much more efficiently
strong, some neoclassics; neoclassics generally use simple and/or
well-established principles facilitated by a computer that would never
have been attempted routinely by pencil and paper methods.
Biprime may be a useful term, but it begs for someone to do algorithms
that might be called Triprime or even more complicated; how do you group
all of these sub-groups? And, you can certainly define algorithms of
non-PK nature that use various numbers of primes in one way or another.
--
Weathermen prosphesize and insurance companies predict, while both pretend to be doing
the other to get an audience.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Reasons for controlling encryption
Date: Fri, 21 May 1999 15:05:58 GMT
In article <[EMAIL PROTECTED]>, "Markku J. Saarelainen"
<[EMAIL PROTECTED]> wrote:
>Excellent responses ... what about another angle of encryption control such as
>controlling covertly encryption product market place ... having the encryption
>control legislation is one thing, but imposing specific encryption product
>design and development guidelines is yet even more significant matter ..one can
>only guess the extent that covert encryption control programs play their role
> in
>today's technology market place ..I suppose there are people who would never
> use
>any of current VERY popular cyrptographic programs for their personal and
>business communications ...just a thought ..what do you think?
>
>
>
I feel if you want security in that the NSA would never break the code use
SCOTT19U.ZIP you can get it world wide for a while. But if your like most
of the sheep. Use one of the NSA approved AES products like DEADFISH
or something similar. Yes these are my thoughts and it goes against the
main stream thought as represented at this forum.
Hay you anyone thoughts so thought I would give it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
Date: Fri, 21 May 1999 10:24:09 -0400
From: Emmanuel BRESSON <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RSA Cryptography Question
Hideo Shimizu wrote:
> Because, for all m<n
>
> m ^ phi(n) equiv m mod n
oooouuups... Of course you meant:
m^phi(n) == 1 mod n
------------------------------
From: Mike Fredenburg <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: PGP Implementation of DH/DSS vs. RSA.
Date: Fri, 21 May 1999 09:14:35 -0700
I have been having a running debate with my brother who sees himself as
something of an expert on cryptology.
He has flatly asserted that DH/DSS as implemented in PGP has been
comprimised and that sophisticated "net denizens" (hackers) will not
use anything other than RSA.
I have reviewed the literature that I can find on the web and can find
no indication that the PGP implementation of DH/DSS has been compromised
or is weak.
Since this site seems to be oriented toward real people working in the
field of cryptology that actually have the math background to
understand the theory I thought I might get a definitive answer.
Thanks in advance,
Mike Fredenburg, Mechanical Engineer, not a cryptographer.
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: Biprime Cryptography, Part II
Date: Fri, 21 May 1999 09:08:22 GMT
Mahlzeit
kurt wismer ([EMAIL PROTECTED]) wrote:
> i don't know... asymetric key cryptography may be a little more
> descriptive...
But it should be a name for RSA and not also ElGamal, DH, DSA, ...
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Die einzige Moeglichkeit heut zu Tage nicht psychisch krank zu werden
ist psychisch krank zu sein. -- eZ
------------------------------
From: "Matthew Bennett" <[EMAIL PROTECTED]>
Subject: Re: looking for independant encryption strength analysis
Date: Fri, 21 May 1999 17:15:09 +0100
Paul Rubin wrote in message ...
<snip>
>It's not worth it. You should use a standard algorithm. No matter
That's the view I've eventually come to. I've now in fact converted most of
my encryption routines to use a standard Blowfish implementation instead.
The output seems to match the established test vectors, so I think I've
manged to do this ok. I must say I was impressed such a high standard
encryption system could be built into a prototype program (using both ECB
and CFB) in just one evening.
>If you still want to pursue cryptanalysis, two companies you might
<snip>
Nope - I think most of the replies from this group has fairly successfully
taken my enthusiasm for encryption techniques away.
>Your belief is very touching but since you've come right out and
>said that you don't have the expertise that would make your belief
>meaningful to anyone else, you might as well not have told us this.
..and likewise you might as well have not told me this.
Thanks for your help though.
Matt
------------------------------
From: "Matthew Bennett" <[EMAIL PROTECTED]>
Subject: Re: looking for independant encryption strength analysis
Date: Fri, 21 May 1999 17:06:48 +0100
[EMAIL PROTECTED] wrote in message <7hvqd0$1ei$[EMAIL PROTECTED]>...
<snip>
>I can, however, give you some info for free. Your program
>seems to generate a pseudo-random stream from the password
>and add it to the data. There's no per-message variability,
>and consequently the system falls when an attacker gets his
>hands on multiple messages encrypted with the same key. This
>is a frequent error in using stream ciphers.
Noted, thanks.
>You provide no authentication. If I know the plaintext, I
>can change the ciphertext to decrypt to whatever I want.
>
>The RNG looks bad. I can't really examine it for free, but
>I notice that given the key "aaaa", every forth byte has a
>high nibble of 0.
Every four bytes may appear to have a similar property due to a different
set of numbers being used for the 1st, 2nd, 3rd and 4th bytes each time,
before being cycled round again.
>This is a poor system. You should warn people away from it.
Thank your for your suggestion.
>If you want to program a cryptographic application, I'd
>recommend that you learn the basics and then use established
>algorithms.
I was fairly such a reply would come up somewhere, but thank you anyway.
Matt
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RC4 based hash
Date: Fri, 21 May 1999 16:24:33 GMT
[EMAIL PROTECTED] wrote, in part:
>What if you cycled the RNG x number of times before producing output (x
>= size of message).? Wouldn't that make the last bytes more effective?
Yes, that sort of thing would help, to a degree. But it might not be
an efficient way to obtain the desired level of mixing.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Symmantic question
Date: Fri, 21 May 1999 16:26:04 GMT
Mark E Drummond <[EMAIL PROTECTED]> wrote, in part:
>Is there a proper way to complete the following sentances? :
> Every bit added to the key length increases the difficulty of an
> exhaustive keysearch attack by [?].
Every bit added to the key length doubles the time required for an
exhaustive keysearch attack.
> Doubling the key length increases the difficulty of an exhaustive
> keysearch attack by [?].
Doubling the key length squares the time required for an exhaustive
keysearch attack.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Can a Java or Active-x program get your keys??????
Date: Fri, 21 May 1999 16:29:19 GMT
Someone wrote:
>>> I think the answers are: Java *supposedly* not; activeX yes. So avoid
>>> the latter.
And JavaScript also yes.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
