Cryptography-Digest Digest #611, Volume #9 Fri, 28 May 99 15:13:03 EDT
Contents:
Re: The BRUCE SCHNEIER Tirade (Volker Hetzer)
Where can I get the translation of SHS? ([EMAIL PROTECTED])
Re: Please recommend freeware encryption SDK ("Andy Jeffries")
Wanted: introducations to cryptanalytic methods. ("simon")
Re: Stream Cipher using LFSRs (David Wagner)
Re: The BRUCE SCHNEIER Tirade (SCOTT19U.ZIP_GUY)
Re: The BRUCE SCHNEIER Tirade (Matthias Bruestle)
Re: The BRUCE SCHNEIER Tirade (Anthony Stephen Szopa)
Re: The BRUCE SCHNEIER Tirade ([EMAIL PROTECTED])
Re: The BRUCE SCHNEIER Tirade ("Eric W Braeden")
Re: evaluation cryptographic algorithms (Medical Electronics Lab)
Re: NSA proves banks use poor crypto (Patrick Juola)
Re: AES tweaks (Stefek Zaba)
Re: The BRUCE SCHNEIER Tirade ("Markku J. Saarelainen")
Re: Authenticating identity? (Medical Electronics Lab)
Re: ScramDisk and Windows 2000 (Aidan Skinner)
----------------------------------------------------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 17:40:11 +0200
John Kennedy wrote:
>
> On Fri, 28 May 1999 02:39:55 +0200, fungus
> <[EMAIL PROTECTED]> wrote:
> >A one time pad has a key which is a big as the message. If you
> >can securely transmit the key to the other party then you obviously
> >don't need cryptography - you could just send the message by the
> >same route.
>
> Nope. You may pass the pad through a window that may not even exist at
> the time you need a message transmitted.
He was talking about the mass market. Of course there might be instances where
you can transmit a key beforehand but those are not "mass market" applications.
Greetings!
Volker
------------------------------
From: [EMAIL PROTECTED]
Subject: Where can I get the translation of SHS?
Date: Fri, 28 May 1999 14:44:41 GMT
I found SHS page at this:
http://www.nist.gov/itl/div897/pubs/fip180-1.htm
I wanna read this document in
Japanese language.
Do you know where can I get
Japanese language translated
edition of this document?
If there is not yet,
I will translate it for my own effort.
Thanks.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "Andy Jeffries" <[EMAIL PROTECTED]>
From: "Andy Jeffries" <[EMAIL PROTECTED]>
Subject: Re: Please recommend freeware encryption SDK
Date: Fri, 28 May 1999 16:34:23 +0100
> > I'd like to comment but just what is SDK I haven't decrypted that yet?
>
> SDK - System Design Kit
Strange, I have always known it as Software Development Kit.
--
Andy Jeffries
C++Builder/Delphi Programmer
(ScramDisk Delphi Component)
--See http://www.kwikrite.clara.net/ for Kwik-Crypt
TkrScramDisk and the ConsoleUtils library
--See http://www.scramdisk.clara.net/ for ScramDisk -
free virtual disk encryption for Windows 95/98
------------------------------
From: "simon" <[EMAIL PROTECTED]>
Subject: Wanted: introducations to cryptanalytic methods.
Date: Fri, 28 May 1999 16:40:35 +0100
Howdy All,
I'm searching for information regarding common
cryptanalysis with respect to Public Key-based
systems. Specifically e-mail. I'm not particularly interested in the
practical side of cryptanalysis, rather
introductions to those common methods in use today - such as brute force,
etc.
Any reference to 'net-based content would be greatly appreciated, but
the names of relevant publications
and their authors would be just as beneficial.
Thanks in advance,
Si.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Stream Cipher using LFSRs
Date: 28 May 1999 08:00:17 -0700
You suggested a stream cipher. One LFSR outputs 8-bit values x, another
outputs 8-bit values y, you combine x and y with z = xy mod 257 (with 0
treated as 256 like in IDEA), and then output z.
The obvious attack is divide-and-conquer; but this won't work if the LFSRs
are large enough (say, 64 bits long). Nonetheless, there is a better
analytical attack that applies no matter how large the LFSRs are.
Let's look at a simplified version where we use 2-bit quantities and
z = xy mod 5. In this variant, when we see the output z=1, we know the
possible values for (x,y) are (1,1), (2,3), (3,2), or (0,0). Now notice
that in all these cases, the parity of (x,y) (i.e. the xor of all its
bits) is 0. This is a linear relation on the two LFSRs; and moreover,
the LFSRs are linear, so with 2n relations you can recover the contents
of both n-bit LFSRs with linear algebra over GF(2) (e.g. Gaussian
elimination).
Therefore, the attack proceeds as follows. Obtain 2n*4 = 8n chunks
of known output (requires 8n*2 = 16n bits of known text). 1/4 of those
output chunks will be of the form z=1, and thus give us one linear
relation on the LFSRs. After 8n chunks, we get 2n relations, which
is enough to solve for the LFSR internal states, and the cipher is
broken.
This breaks the 2-bit case easily. I expect the 8-bit case is a little
harder. You probably won't find linear relations that hold for all values
of (x,y). However, you should find significant biases in (x,y), i.e.
linear relations that hold with probability different from 1/2. You can
then use these relations in a correlation attack on the LFSRs.
This is enough for me to tentatively conclude that your cipher is too weak.
As a homework problem, I suggest you go find the value of z and the linear
relation on (x,y) which leads the largest bias. It's an instructive exercise.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 15:14:03 GMT
In article <7im3l3$2eu$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>In article <7il5gs$2lk0$[EMAIL PROTECTED]>,
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>>>The BRUCE SCHNEIER Tirade
>>>
>>>
>>>
>>>BRUCE SCHNEIER is president of Counterpane Systems and says:
>>>
>>>"One-time pads don't make sense for mass-market encryption products.
>>>They may work in pencil-and-paper spy scenarios, they may work on the
>>>U.S.-Russia teletype hotline, but they don't work for you. Most
>>>companies that claim they have a one-time pad actually do not. They
>>>have something they think is a one-time pad. A true one-time pad is
>>>provably secure (against certain attacks), but is also unusable.
>>>
>>
>> Actually Bruce likes to attack new commers.
>
>Actually, Bruce is very supportive of "new commers"[sic]. (I feel I can
>speak to this as I was one of Chris Hall's teachers.) Unfortunately
>from the point of view of the newcomers, he knows substantially more than
>they do. Depending on how secure your ego is, you can either view
>this as a chance to learn or a chance to post rubbish. Your call.
>
Unless we have been reading different posts (or drinking different booze)
from what I see Bruce has a great hatred for the competition of any kind
he seems to respect only ass kissers and in case you have not noticed
I am not an ass kisser. If he was of the opposite gender maybe will could
work something out.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
Crossposted-To: talk.politics.crypto,alt.privacy
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 15:13:22 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> > Yes, I understand that they are no replacement for public key
> > cryptography, but in the right situation they are possibly superior if
> > provably secure.
> Doi, OTP are only secure if the message and key are the same length, and
> the key is random. Here is the stipulation, you must sent the key in a
> secure manner, so why not send the message that way.
Because you can choose the time to exchange the pad and not the time
to send the message. When you visit your friend in New Caledonia
you can exchange 100 CDs full of random data but not the messages
of the next 5 years.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Stuart Kills Three and Eats their Kidneys.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 09:07:32 -0700
Reply-To: [EMAIL PROTECTED]
"Omar N. Ikley" wrote:
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
> >The BRUCE SCHNEIER Tirade
>
> You should be proud to be worthy of the attention of the likes of Bruce
> Schneier.
> --
> "Omar N. Ikley" better known as [EMAIL PROTECTED]
> 0123 4 56789 <- Use this key to decode my email address.
> Fun & Free - http://www.5X5poker.com/
I told BRUCE SCHNEIER that any publicity is good publicity and thanked
him.
The NSA has visited my web site repeatedly. They are professionals.
You can be sure they have a thorough analysis of my encryption method.
And hey, bub, they are not sharing it with any of you.
I pretty much hear nothing but cop-out replies to my posts that avoid
the issues, and nearly all fail to demonstrate even the simplest
understanding of what I am proposing as a secure encryption method. If
none of you are willing to make an intelligent criticism why waste your
time. I would think a serious person or professional would have more
important things to do.
I keep hearing demands to prove my claims as if I need to do more than I
already have. Only a very few serious pointed questions have ever been
put to me regarding OAP-L3 and I answered these to the satisfaction of
the person making the inquiry.
I really believe some of you would relish the sight of me begging for a
fair hearing. I think this is a legitimate observation that can be
supported from your many posts regarding OAP-L3.
We have all heard the perfected answer why the true OTP is "unusable."
Nothing new here. So why offer nothing to advance the discussion? Is
this all you have to offer?
We all know that all existing mathematical equation based encryption
software takes an easier approach with some very good results.
If I generate a pseudo random digit stream using various bit / byte
manipulation processes that accept random user input parameters, I
am also simply using a short cut for getting at the desired result.
Are my generated pseudo random numbers any more or less random than
those effectively genertated by PGP, RSA, Blowfish, etc.? This is what
you really need to find out. But it seems that most of you really don't
want to find this out. So much for professionalism. So much for the
inquisitive mind.
If you are interested you can simply go to http://www.ciphile.com and
download the pre release help files from the Windows GUI Version 4.0 or
send me an email to get a pre release shareware copy of the software.
Not to do so and to continue these nonsensical postings is to continue
to waste your time. One wastes one's time becauce one has nothing
better to do with it.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 16:34:30 GMT
I have read this entire thread, up to now and I am amazed of how much
crap was included in all these messages. Now including my own. I am not
going to debate the OTP issues (I do agree with Bruce Schneier,
however) I just wanted to comment on how personal some people get when
debating, usually this signifies a defeat on the person doing the
attacking. If you don't have facts, then personally attack the
opponent. It also appears that David A. Scott, AKA, SCOTT19U.ZIP_GUY
attacks people that do not agree with him far more than Mr. Schneier
ever has.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Eric W Braeden" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 13:05:22 -0400
Matthias Bruestle wrote in message
<[EMAIL PROTECTED]>...
>Mahlzeit
>
Do you go for lunch every time hell breaks loose? ;-)
ewb
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: evaluation cryptographic algorithms
Date: Fri, 28 May 1999 12:05:25 -0500
Andreas / Detlef Stieger wrote:
> I always wondered how cryptoscientists evaluate their algorithms.
They publish their work, so it's no mystery.
> I think it is dangerous just to look at the number of possible keys and to
> calculate how long it would take to check all the keys if all computers in
> the world would join calculation power 24 hours a day, seven days a week.
> ("Exhaustionsmethode")
Right. Use mathematics to help you solve for the key in less time
than it takes to do a brute force search. If the use of math takes
too long, then you have bound on strength.
> How must an encryption algorithm be so that it can be evaluated as "strong"
> (besides that is has to have a large number of possible keys) I heard of
> assymetric keys and so on...
There are different types of crypto. "Symmetric" means you encrypt
and decrypt with the same key. "Asymetric" means the encryption
key is different than the decryption key. Asymetric systems tend
to be mathematical, and need longer keys than symmetric systems
because you can use math to go faster than brute force search.
>
> I would also like to know what, providing that an algorithm is "strong", can
> make him "weak"?
> (publicating the source code, attack algorithms, new and faster
> computers...)
A cipher is assumed "strong" if it can withstand all known attacks.
Since there are lots of known attacks, and new ones are found every
week, most people refer to the amount of work required to crack
the key. A good cipher has a large work factor, public source code,
and all known weak keys listed. Changing a good cipher will
probably make it weaker, a good deal of information can be found
in the literature.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: NSA proves banks use poor crypto
Date: 28 May 1999 14:22:22 -0400
In article <[EMAIL PROTECTED]>,
Ronald Benedik <[EMAIL PROTECTED]> wrote:
>> Er, what's the connection between encryption technology and Y2K?
>
>Investment in new computer stuff. Implementing encryption costs money
>for information tech and fixing Y2K too. That`s shrinkening the
>profits.
>Before liberalization of the capital markets there was no need for
>encryption to protect against outside hostilities.
>I don`t think banks take problem serious. On the other hand where`s the
>difference for a bank between a valid transaction and a faulty? Banks
>like credit card companys earn money in both cases.
My understanding is that both banks and credit card companies lose
substantial amounts in faulty transactions; if for some reason
a faulty transaction appears on my credit card, I don't have to pay,
while the merchant still gets his money. The bank is the one
who eats the cost.
Similarly, if someone fraudulently transferred a large amount of
money out of my bank account, the bank would have to restore that
amount (under US law, at least -- I don't know offhand where the
.at domain is, or what its laws are) out of its own pocket if
necessary.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Stefek Zaba)
Subject: Re: AES tweaks
Date: Fri, 28 May 1999 17:16:00 GMT
In sci.crypt, John Savard ([EMAIL PROTECTED]) wrote:
> Presumably, there is a perceived need for these controls, although
> (unlike other export controls) they seem hopelessly ineffective and
> staggeringly counterproductive.
Straying perilously close to the edges of the sci.crypt charter (as opposed
to talk.politics.crypto), I nevertheless refer the honourable gentleman to
the words of Undersecretary Reinsch on crypto export controls, reported at
http://catless.ncl.ac.uk/Risks/19.81.html#subj5
and summarised as "neither fair nor efficient, but available" - i.e., a
policy implementation route under the control of the Executive, and subject
only to the most protracted and lengthy process for legal scrutiny. Just
*slowing down* the mass-market deployment of crypto is a Win for SIGINT /
interception...
Cheers, Stefek.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 13:04:50 -0700
Volker Hetzer wrote:
> This is why he said:
> "One-time pads don't make sense for mass-market encryption products."
> and NOT that they are unusable.
> Greetings!
> Volker
.. one can easily argue that the strength of any secure encryption method
reduces significantly, When these encryption methods are bEen rolled to the mass
mARket and at the same timE, I becomes easier for those who like to control the
strength of aNy "secure" communicatiOn to do So ... again thE capability to
break the Current encryption algorithms and methods that are Used in the maRket
place is much grEater than you may have ever imagined. ... what do you think
...?
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: Authenticating identity?
Date: Fri, 28 May 1999 12:40:35 -0500
Gregory G Rose wrote:
> I'm afraid the protocol is almost useless. Some
> people would say, based on the false sense of
> security, that it is *worse* than useless.
All he asked was that the message was authentic,
not that it was useful :-)
Crypto is *not* security, and I liked your analysis
of several possible (obvious) problems. I'm sure
there are others.
To change the subject, you mentioned time stamps.
In the US we have WWV, a set of frequencies that send
a clock signal from the NIST atomic clock. I think
Canada has the same thing, do most other countries
broadcast something similar? I would think it's easy
to incorporate that as part of a security protocol.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Aidan Skinner)
Subject: Re: ScramDisk and Windows 2000
Date: 27 May 1999 22:00:02 GMT
Reply-To: [EMAIL PROTECTED]
On Thu, 27 May 1999 07:43:19 -0700, Sundial Services
<[EMAIL PROTECTED]> wrote:
>Windows/DOS interfaces, not the Windows-NT (nee Windows/2000) model,
>which is considerably different under the hood.
I believe that NT is based on VMS with the GUI bolted onto the kernel,
but I don't {do|like} windows.
- Aidan
--
http://www.skinner.demon.co.uk/aidan/
Real men whistle ed commands at 300 baud into a can.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
