Cryptography-Digest Digest #686, Volume #9 Thu, 10 Jun 99 07:13:03 EDT
Contents:
Re: rc4 vs. rand() (Michael J. Fromberger)
Re: Authenticating identity? (John Wasser)
Re: being burnt by the NSA (Greg Bartels)
DNA cryptology (from the NYT) ("Mark")
Re: PGP Key security? (Patrick Juola)
Re: Schoof's Algorithm (Mok-Kong Shen)
Re: DES (Hideo Shimizu)
One Time Pad ("Ruppert")
Re: huffman code length (Alex Vinokur)
Free Sex Links!! 7179 ([EMAIL PROTECTED])
Re: rc4 vs. rand() (Jim Felling)
Looking for a password encryption algorithm ([EMAIL PROTECTED])
Re: rsa with fpga (Christof Paar)
Re: Does scott19u.zip make full use of it's large key size ? (Horst Ossifrage)
Re: DNA cryptology (from the NYT) (Mok-Kong Shen)
----------------------------------------------------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: rc4 vs. rand()
Date: 10 Jun 1999 04:51:36 GMT
In <7jmubc$2gi$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>> Yes all permutations are functions. However so is y= C and many
>> others. A permutation is a bijective map. which is a special case
>> of functions -- what Brian is saying is that >the criteria is not
>> MERELY that it is a function, but a bijection.
>Bijective means any output is possible? But this is not the case, in
>the sense of the sbox, only sbox[x]=y is possible. Unless you say
>that the contents change. The output of RC4 is not related to the
>sbox as a function. You can take sbox[sbox[x]]=x as the inverse of
>x, which means the sbox is a one to one function.
A function is a relation which maps each element of the domain to at
most one element of the range. A function is one-to-one, or
"injective", if no two elements of the domain are mapped to the same
element of the range. A function is onto, or "surjective", if every
element of the range is the image of at least one element of the
domain.
A function which is both injective and surjective is said to be
"bijective", or a one-to-one correspondence. Since a bijection is
both one-to-one and onto, each element of the domain is mapped to
exactly one element of the range; and furthermore, each element of the
range is the image of exactly one member of the domain. Thus, a
bijective function is reversible, in the sense that it defines an
isomorphism between two sets.
I hope this may help clear up the confusion you seem to be having.
Cheers,
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
fExGN44WPOlh6aMfFCc6QPQLckzlEl47u6ThAUqOX2sIipxEakJDuFyw1L68VeJXXTUVeSNb
Remove clothing if you wish to reply to this message via e-mail.
------------------------------
From: John Wasser <[EMAIL PROTECTED]>
Subject: Re: Authenticating identity?
Date: Fri, 04 Jun 1999 08:42:28 -0400
[[ This message was both posted and mailed: see
the "To," "Cc," and "Newsgroups" headers for details. ]]
In article <7ijmui$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> I'm not trying to sign the contents of the message, just include a
> cookie that proves that it came from Jane.
>
> Jane takes Dicks public key, encrypts it with her private key and includes
> the result in the message.
One problem I see is that anyone who gets ahold of one of these
messages can then forge any number of further messages.
The signature could contain a "message number" or other value
that is different for different message and can be checked
by Dick to be sure that a signature is not used twice. As in
any method where the message contents is not tied to the
encrypted signature this leaves open the possibility that a
message will be intercepted and its contents replaced.
The only way of knowing that the message CONTENTS came from Jane
is to include it, or a secure hash of it, within the portion
encrypted by Jane's private key.
Jane should run a secure hash on the message, encrypt it with
her private key, and then encrypt it with Dick's public key. If
the first decrypt fails, Dick knows that the message is not for
him and discards it. If the second decrypt fails, Dick knows
that the message is not from Jane and discards it. Then Dick
has to run the secure hash on the message to make sure that the
"signature" was not copied from another message.
------------------------------
From: Greg Bartels <[EMAIL PROTECTED]>
Subject: Re: being burnt by the NSA
Date: Wed, 09 Jun 1999 08:44:57 -0400
I bought a book, a couple months ago, its title was
"Breaking DES",
it contains VHDL code (in a scanner/OCR friendly format, no less)
which compiles to build a DES cracking machine.
The claim was that the machine would cost $200,000 to build
and would recover a DES key within 2 weeks.
really fuzzy on the specifics, going from memory.
exact title, cost claims, and cracking speeds may differ
from actual reality.
I'll look it up tonight.
Greg
STL137 wrote:
>
> DES was broken? Since when? It is most likely *the* most trusted symmetric
> cipher in existence (barring another cipher that has *ahem* implementation
> problems). Its keysize is a vulnerability, but there is always Triple-DES.
>
> -*---*-------
> S.T.L. ==> [EMAIL PROTECTED] <==
> ~~~ My quotes page is at: http://quote.cjb.net ~~~
> ~~~ My main website is at: http://137.tsx.org ~~~
> "Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!"
> 2^3021377 - 1 is PRIME!
> I have tenatively released my E-mail block. Address is correct as it is. I
> believe the courtesy of providing a correct E-mail address is more important
> than having to delete junk, which gets through anyway. The block will simply
> go up again if I am bombed again. I don't care, and it's an easy solution.
> If you see a message of mine posted on two newsgroups, then it is because I
> have replied to a crossposted message. I *never* crosspost of my own accord!
> -*---*-------
------------------------------
From: "Mark" <[EMAIL PROTECTED]>
Subject: DNA cryptology (from the NYT)
Date: 10 Jun 1999 00:59:01 -0500
June 10, 1999
Secret Message Hidden in Dot of DNA
By The Associated Press
Scientists have devised a way of hiding a coded message in a dot of human
DNA, retooling a Nazi spy trick used during World War II.
The technique wouldn't be of much use to secret agents because it is a
cumbersome way of sending a message. It is little more than a neat trick
that exploits the enormous capacity of DNA to hold information.
Nazi spies sent messages by reducing them photographically to a so-called
microdot. The dot was then pasted over a period at the end of a sentence in
an innocent-looking letter, which was dropped in the mail.
In today's issue of the journal Nature, researchers led by molecular
biologist Carter Bancroft at the Mount Sinai School of Medicine in New York
describe how they made -- and mailed -- a microdot that contained a secret
message hidden amid millions of strands of DNA.
Bancroft likened it to a page from the ``Where's Waldo'' children's books,
where Waldo is hidden in a large, detailed drawing of lots of people.
DNA is shaped like a twisted ladder, with four kinds of rungs, called
bases. The scientists built a DNA strand in which different combinations of
bases represented the letters of their message.
At either end of the strand they put sequences of bases that would serve as
the key to finding the strand. The strand was one three-thousandths the
width of a human hair in length.
The scientists then chopped the entire DNA of a human cell into pieces of
about the same length, and mixed them with the message strand.
They soaked the mixture into paper with a period printed on it, cut out the
period and pasted it onto a letter. They mailed the letter to themselves to
prove that the DNA could survive the rigors of the U.S. mail.
When the letter arrived, they extracted the DNA, multiplied millions of
times the strand containing the message, and read its contents. The message
they chose for their test was perhaps the most famous secret of the
microdot era: ``June 6 invasion: Normandy.''
Without knowing the key, it would be practically impossible to find the
message among the 3 million or so similar strands of DNA.
``This is definitely an intriguing idea,'' said Anne Condon, a computer
scientist at the University of Wisconsin-Madison. ``It exploits one of the
great advantages of DNA, which is that you can have a huge amount of
information in a tiny volume.''
Conventional computers would not be of much use in reading a DNA microdot,
Condon said. Instead, it might require advances in DNA computing, the
fledgling field of making DNA strands do math, she said.
As for any practical applications, you would need a biochemical lab both to
write and to read the messages.
``At this point of cryptography, it's more of intellectual interest,''
Bancroft said.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: PGP Key security?
Date: 4 Jun 1999 08:53:31 -0400
In article <7j6t0m$r4u$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (STL137) wrote:
>> <<Try to choose a phrase with over 20 characters, mix case, add
>numbers,
>> punctuation, and purposely misspel a word or two (My dawg haz flez,
>> plez!)>>
>>
>> Nah. Get a wordlist that has thousands of short words in it. Get 128
>bits worth
>> of random numbers and divide it up into 9 or 10 chunks. Then go
>through your
>> wordlist and pick out the words that correspond to those chunks. Keep
>them in
>> the original order. Bam! Instant great passphrase. For *example*
>(this is not
>> my real passphrase) a 128-bit phrase may go:
>> Weasel Baby Iodine Queen Kitty Home Cow Rake Evil Joke
>
>Look at www.tecapro.com/makepass.html for more information on how to
>construct a passphrase. You'll find there a list with 4096 words as
>well as program that generates random passphrases - everything is in
>the public domain so you are free to use it.
For that matter, the PGPfone wordlist is (I believe) publically
available and has some other cool properties to enhance error-proofing
and memorability. And, of course, I recommend it highly as I designed
it. 8-)
-kitten
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Schoof's Algorithm
Date: Fri, 04 Jun 1999 15:07:34 +0200
Michael Scott wrote:
>
> The program implements a much simplified version of Schoof's original
> algorithm, combined with Pollards kangaroo algorithm. The latter effectively
Is there any literature explaining why (the real reasons, not simply
experimentally shown advantages) Pollard's kangaroo algorithm works
well in its applications? Thanks in advance.
M. K. Shen
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: DES
Date: Thu, 10 Jun 1999 17:00:32 +0900
Bruce Schneier wrote:
> No. They were put there to support the hardware implementation of
> DES that was popular in the mid-1970s.
In some special case, IP affects security of DES. At least
in case of linear cryptanalysis of 32bit-MAC using DES, Sakurai, et.al.
pointed out above result.
Hideo Shimizu, TAO, Japan
------------------------------
From: "Ruppert" <[EMAIL PROTECTED]>
Subject: One Time Pad
Date: Thu, 10 Jun 1999 10:41:40 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi!
One Time Pad should not be able to be cracked, i think.
The weak part is the key, right?
So, what ist the point to start a usefull attack on One Time Pad?
What is needed?
One or more Cyphertext, one ore more parts of Plaintext, maybe a Key?
Thx for Infos
Ruppert
ps: sorry for my english!!!
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBN19sMy6671FxDS+qEQI6EwCeLuZAzrN/ihCIaj9HER5rrICMSQQAnRQr
03+43mQ8yOrKqeEHihCTe+Gw
=y+Q8
=====END PGP SIGNATURE=====
------------------------------
From: Alex Vinokur <[EMAIL PROTECTED]>
Crossposted-To: comp.compression,alt.comp.compression,sci.math
Subject: Re: huffman code length
Date: Thu, 10 Jun 1999 08:31:01 GMT
In article <[EMAIL PROTECTED]>,
Tom Lane <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (M Clarke) writes:
> > Namely what is the maximum possible code size for any given data
set..
> > (in this case the number of unique symbols is 256 and the data set
> > will typically be many thousands of bytes)
>
> It's theoretically possible for a Huffman code generator to
> produce the worst-case code set wherein the k'th symbol has
> code length k,
> 0
> 10
> 110
> 1110
> ...
> 111111111111111111...10
> This happens when the k'th symbol has probability 2^-k.
>
[snip]
For more details about worst-case code see
the message titled "Huffman codes and Fibonacci numbers"
in comp.compression
http://www.deja.com/getdoc.xp?AN=471802979&fmt=text
Alex
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Free Sex Links!! 7179
Date: Thu, 10 Jun 1999 08:45:16 GMT
For Nasty Sex links visit:
http://website.lineone.net/~simonsi/sexlinks.htm
grqjhcdcuwyckpsobnmxewpboijvhje
------------------------------
From: Jim Felling <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: rc4 vs. rand()
Date: Wed, 09 Jun 1999 11:51:13 -0500
ARCFOUR is NOT an RC4 Pirating. RC4 was released and protected as a
trade secret. when it was reverse engineered into arcfour, that
algorithm was released free of charge. There is no intellectual
property or patent law twisting here. It is not theft in any way shape
or form. A trade secret is protected as long as it remains secret. ( as
RC4 is a trade secret it could be possible that ARCFOUR is not an exact
work alike(though I am certain that RC4 = = ARCFOUR))
[EMAIL PROTECTED] wrote:
> > If you're going to make a lot of money then feel free to make
> > a donation to Ron Rivest.
>
> And I will steal your program, and may make a donation...
>
> I personally think that using the cipher in non-profit situations
> should not be an issue (consider free chat rooms etc...) but in
> commercial situtations I think paying up is an honest thing todo.
>
> Of course we can always use free ciphers can't we?
>
> Tom
> --
> PGP public keys. SPARE key is for daily work, WORK key is for
> published work. The spare is at
> 'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
> 'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Looking for a password encryption algorithm
Date: Thu, 10 Jun 1999 09:25:44 GMT
I am looking for a simple password encryption algorithm
similar to unix crypt(). I want to implement in my own
simple authentication project.
I dont know where I can get resources / papers ?
Thanks,
SANTUG
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Christof Paar)
Subject: Re: rsa with fpga
Date: 10 Jun 1999 10:07:16 GMT
We implemente RSA on Xilinx FPGAs. Our first design (with radix 2) is
described in our recent ARITH-14 article which can be downloaded from
our web page:
http://ece.wpi.edu/Research/crypt
The paper has also a summary of earlier work. We also implemented higher
radixes (sp?) which lead to considerably faster but also larger designs.
These are described in Thomas Blum's thesis which we will make available
soon.
Cheers, Christof
--
>>> WORKSHOP ON CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS (CHES) <<<
>>> WPI, August 12 & 13, 1999 <<<
>>> check http://ece.wpi.edu/Research/crypt/ches <<<
***********************************************************************
Christof Paar, Assistant Professor
Cryptography and Information Security (CRIS) Group
ECE Dept., WPI, 100 Institute Rd., Worcester, MA 01609, USA
fon: (508) 831 5061 email: [EMAIL PROTECTED]
fax: (508) 831 5491 www: http://ee.wpi.edu/People/faculty/cxp.html
***********************************************************************
------------------------------
From: Horst Ossifrage <[EMAIL PROTECTED]>
Subject: Re: Does scott19u.zip make full use of it's large key size ?
Date: Thu, 10 Jun 1999 03:45:19 -1000
Tim Redburn wrote:
>
> From what I can make out about scott19u.zip (which
> granted is not very much), it appears that
> one of it's main security features is the
> use of an incredibly large S-Box for subtitutions.
Yes, memory is cheap. Your computer can easily handle it.
>
> From posts to this news group and the
> pages by Horst Ossifrage, I think the
> following facts are true about scott19u.zip
> (I think they are also true of his earlier ciphers
> but I'm only really considering scott19u.zip
> because this is the cipher David claims to be the
> strongest):
>
> 1. The S-Box is guranteed not to have duplicate
> entries. This means (when considering only
> the substitution phase) that if two 19bit words
> of the cipher text are of equal value, then
> the corresponding plain text words will both be
> of equal value.
Only in one pass, after all 25 passes, the bricklaying of
words makes data dependent changes on adjacent words.
This avalanches with each pass so 25 adjacent words of
19 bits each influence each other.
>
> 2. The algorithm has very few passes.
No , it has 25 passes each pass lets any bit change in the
file affect any other bit.
>
> 3. The S-Box is incredibly large. It contains all possible
> 19bit words.
yes.
>
> 4. The key for the algorithm is only used for generating
> the S-Box. It is not used anywhere else in the
> algorithm.
Yes.
>
> (I hope David will correct any parts of this post that
> he considers incorrect - which because of the
> difficult nature of finding out about his algorithm,
> I'm sure there'll be some)
>
> Most people who would use encryption don't
> want or need to encrypt large files.
>
> For scott19u.zip to fully utilise the S-Box (note :
> this is less than fully utilizing the key, but that
> has been covered before), all entries
> in the S-Box must be used by the algorithm.
> Any not used, will not be needed to decipher
> the message.
Other ciphers may have some their s box entries not used.
It is just less likely than for Scott's.
>
> However, due to the small number of passes the
> algorithm makes, I think that it is very unlikely
> that even for files of half the size of the s-box,
> all the entries will be used.
>
> For small files of a few K, only a very small proportion
> of the S-box will be used.
>
> Ah ! but doesn't it
> mean, because the plaintext is shorter than the key
> that decryption cannot be possible? You just wouldn't
> know which plaintext was correct if you found it?
>
> Well, maybe, but the fact that two identical words
> of cipher text can *only* be generated by two
> identical words of plaintext at each pass, combined by very few
> passes, must give a lot of information away.
>
> Has anybody else looked at this in detail, and who therefore
> could determine more accurately if this is a weakness ?
If you consider only one pass for all algorithms, you can
find some with that property and some that have more extensive
round functions. The simpler round functions may be susceptible to
a Slide Attack, while less comprehensible roundss are not
susceptible to that attack. That attack can be blunted by
making each round different. But the large block size of Scott's
makes the probability of finding a collision between a plaintext
and a one round cipher too low for usefulness.
>
> -Tim.
Horst Ossifrage
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: DNA cryptology (from the NYT)
Date: Thu, 10 Jun 1999 13:04:49 +0200
Mark wrote:
>
> bases. The scientists built a DNA strand in which different combinations of
> bases represented the letters of their message.
> At either end of the strand they put sequences of bases that would serve as
> the key to finding the strand. The strand was one three-thousandths the
> width of a human hair in length.
> The scientists then chopped the entire DNA of a human cell into pieces of
> about the same length, and mixed them with the message strand.
> They soaked the mixture into paper with a period printed on it, cut out the
> period and pasted it onto a letter. They mailed the letter to themselves to
> prove that the DNA could survive the rigors of the U.S. mail.
I can't help wondering why one takes such great troubles to achieve
information hiding tasks. The more common way nowadays of hiding
bits in pixels of graphical files is also of too much effort (unless
what one wants is watermarking to protect against fraud of multimedia
products.)
There are aboundant amount of scientific numerical data (decimal
digits) transmitted daily over the net. To hide informations
in there is extremely simple and effective. See my note
http://www.stud.uni-muenchen.de/~mok-kong.shen/#paper8
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
