Cryptography-Digest Digest #710, Volume #9 Sat, 12 Jun 99 21:13:03 EDT
Contents:
Re: differential cryptanalysis ([EMAIL PROTECTED])
Re: Slide Attack on Scott19u.zip ([EMAIL PROTECTED])
Re: Does scott19u.zip make full use of it's large key size ? ([EMAIL PROTECTED])
Re: RSA example with small numbers ([EMAIL PROTECTED])
Re: Does scott19u.zip make full use of it's large key size ? ([EMAIL PROTECTED])
Re: DES lifetime (was: being burnt by the NSA) ([EMAIL PROTECTED])
Re: Slide Attack on Scott19u.zip ([EMAIL PROTECTED])
Re: RSA example with small numbers (Gergo Barany)
Re: RSA example with small numbers ([EMAIL PROTECTED])
Re: DES lifetime (was: being burnt by the NSA) ([EMAIL PROTECTED])
Maximum key size in block ciphers ([EMAIL PROTECTED])
Re: RSA example with small numbers (Gergo Barany)
Re: DES lifetime (was: being burnt by the NSA) ([EMAIL PROTECTED])
Re: DES lifetime (was: being burnt by the NSA) ([EMAIL PROTECTED])
Re: How to read postscript files (SCOTT19U.ZIP_GUY)
Re: RSA example with small numbers (Jim Gillogly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: differential cryptanalysis
Date: Sat, 12 Jun 1999 22:09:20 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Wow. I printed off your paper and am still working on it....
>
> Thanks a lot.
>
> ps. I know this is not the subject of sci.crypt, but where can I get a
> prog to view .ps files under ugh.. win '95 (i know.. call me a fool
> later ok.)?
>
Look for a program called GhostScript. (GSVIEW). If you want to make
PS files just setup a 'Zerox PostScript' printer and print to file.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Slide Attack on Scott19u.zip
Date: Sat, 12 Jun 1999 22:02:15 GMT
In article <7jucls$26pc$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Actually it is rather well documented. It complies and runs on a PC
what
> more to you want?
>
We note that 'complies' should have been 'compiles'. Replace PC with
dos box under DJGPP. Note: Ciphers SHOULD NOT be language dependant.
It should be written as closely as possible to mathematically notation
first. Then ported to computer langs...
Besides a good cipher should run on PC's, in hardware and in smartcards
(what cpu is a good question). It should run in 2/3 of the targets at
least (say in hardware and pcs...)
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Does scott19u.zip make full use of it's large key size ?
Date: Sat, 12 Jun 1999 22:17:00 GMT
> tommy I know your trying to act like a big boy but you have some
growing
> up to do because though you can throw big words around you really are
making
> very little sense. I will try to explain how foolish this last
statement is in
> terms your young mind can understand. Suppose I have a weak AES type
> of cipher and I have a message of 256 bits all zero. Know if I vary
the key
> so all `128 bits of key space are used then at most it can only map
to 2^128
> different values. This falls far short of being able to map it to all
possible
> output message. Again i say
> "For a given input message not all output messages are possible
> if one varies the key except for short messages"
> I hope this time you can read before you write and shoot your mouth
off
> again please little boy try to read it and think about it this time.
oh this is sweet.
1) If you read the AES submissions they are *128* bit block ciphers
not 256 bits. You are correct in saying that if the key is smaller
then the block some mappings are impossible (note DES). But this is
not the case. The block size is 128 bits, the SMALLEST key is 128
bits. So you should have read first.
2) All outputs (even ones with biases hamming distances) have to be
possible, and equal probable (i.e it's hard to predict what the output
will be without the key. Conversely it will be hard to predict the
plaintext without the key from ciphertext).
3) If not all outputs are possible the cipher will most likely fall
victim to differential analysis as the patterns will be detected.
However most ciphers in AES are strong against that.
David, david, dave, loser, you should stop trying to attack people.
You shoot your mouth off and you are really making a bad name for
yourself. People like responding to your post for fun not for info.
I admit I don't know everything but it's commonsense that all outputs
must be possible in any block cipher. Even ones with biases hamming
distances. Otherwise it would not be a strong block cipher. This
applies to all block ciphers, even yours. Sorry but thems the facts.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA example with small numbers
Date: Sat, 12 Jun 1999 22:26:12 GMT
In article <[EMAIL PROTECTED]>,
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> "bc" says (433^317) % 851 = 10.
> Looks to me like you're OK -- check that last step again.
Curious, what is 'bc'? Is that one of them GNU large num libraries?
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Does scott19u.zip make full use of it's large key size ?
Date: Sat, 12 Jun 1999 22:33:09 GMT
In article <7jubva$26pc$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> >Then your cipher is bad. For any n bit input (2^n possible messages)
> >*ALL* 2^n outputs must be possible. This should be indepedant of the
> >key (note when the key is larger then n, some messages will share
> >mappings (from plain to cipher) but not for the entire set of
messages).
> >
I forgot to add something...
If the key is larger then the block size then some keys will be
equivelent. i.e if there are 2^128 mappings from input->output which
is basically a 128-bit block cipher that means a key with more bits
(i.e 256 bit key) will share some mappings. The ideal would be that
not all mappings are shared.
I.e it's possible to have two keys take one message and produce the
same output. Whether it's frequent is upto the block cipher. Think
about it there are 2^128 mappings used from 2^256 which means that not
all of them are used (2^128 mappings left). If the mappings where
linear (from 0 to 2^128 in the keyspace) then your statement is true.
If not mine is.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES lifetime (was: being burnt by the NSA)
Date: Sat, 12 Jun 1999 22:39:11 GMT
Jerry Coffin wrote:
> [EMAIL PROTECTED] says:
> > As I understand it "sensitive but not classified" information
> > would include raw data from the decennial census, and the law
> > states such data shall be sealed for 72 years.
>
> DES was specified as being suitable for sensitive but not classified
> information. NOWHERE in the specification was it said to be suitable
> for ALL sensitive information as long as it wasn't classified.
Wrong. It appears on pages 1-2, where the standard says
"This standard will be used by Federal departments and agencies
for the cryptographic protection of computer data when the
following conditions apply..." When a FIPS standard says "will
be used", that is not a prediction that agencies will choose to
use the standard; it's a ruling that this is the standard that
they are to use.
As Bruce Schneier wrote in /Applied Cryptography/ (page 267
of the second edition), "the Data Encryption Standard was
adopted as a federal standard on November 23, 1976 and
authorized for use on all unclassified government
communications."
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Slide Attack on Scott19u.zip
Date: Sat, 12 Jun 1999 21:57:09 GMT
In article <7juf0j$2ci0$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Not yet since Mr Wagner has never really looked at the method
> he is just assuming his superior brain is so much better than an
ametuer
> that he can pornounce it dead with out ever trying it. For example the
> minimiu file szie is 64 bits. And there are 2 types of rounds. Mr
Wagner
> apearrs quick and is highly praised but if he was half as good as he
thinks
> he is he would be working for the NSA. He is not beacuase they don't
let
> secret attacks out. Besides the NSA recruiter are so straight they
would
> have trouble walking around the Berkeley dorms do to the overpowering
> smell of the pot that many students there find more interesting than
the
> topics of study. I don't work for the NSA for different reasons. I
don't like
> to kiss management ass.
Let's review. [sci] dot [crypt]. If we take the words alone we find
that this group is a scientific (or suppose to be) geared towards
cryptography. Personally I wuldn't mind a little non-scientific
posting, but you are way off.
BTW learn how to spell. My grammar might be bad, but I can spell at
least.
Stop posting nonce, it's not worth it. Really.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Gergo Barany)
Subject: Re: RSA example with small numbers
Date: 12 Jun 1999 23:25:24 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>e can be chosen freely so long as e is coprime (relatively prime) to
>(p-1)(q-1). AC says that commonly-used values are 3, 17, and 65537.
>
>You must then find d such that d*e mod (p-1)(q-1) = 1. This is done by
>a method similar to Euclid's algorithm for finding the greatest common
>divisor of two numbers - when doing the computation for RSA, the
>numbers in question are e and (p-1)(q-1). In your example
<snip rest of great info>
Thanks, I think I slowly start to get it now. I'll keep your post for
future reference.
>> Then I took the cyphertext 433 and decrypted it:
>> M=C^d mod n=433^{317} mod 851=499
>
>> Now, as you can see, my original plaintext is not the same as the result
>> of D(E(M)).
>
>It's nothing more serious than an arithmetical slip: your method seems
>fine. I don't know how you managed to calculate 433^317 mod 851 using
>your calculator, since 433^317 is around 10^836, but I've just tried
>it out using dc, and it claims that the remainder is 10 - the same as
>your original plaintext.
I used my spiffy TI-85 which supports numbers up to 1e1000-1, but the
precision isn't that great.
>dc is a calculator which is found on Unix systems as standard. It
>stores numbers to arbitrary precision, so it can cope properly with
>the huge numbers required here. If you have access to a Unix system,
>it may well be worth a look.
Yes, I know dc, but I haven't used it much since I don't know more than
the basics of reverse-polish notation (but I'll get around to learning
it someday).
Gergo
--
"Don't say yes until I finish talking."
-- Darryl F. Zanuck
GU d- s:+ a--- C++>$ UL+++ P>++ L+++ E>++ W+ N++ o? K- w--- !O !M !V
PS+ PE+ Y+ PGP+ t* 5+ X- R>+ tv++ b+>+++ DI+ D+ G>++ e* h! !r !y+
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA example with small numbers
Date: Sat, 12 Jun 1999 22:37:12 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Gergo Barany) wrote:
>
> Ok, thanks. Apparently, the Win98 calculator works better than my TI-
85
> when it comes to 835-digit numbers. Thanks also to the other poster
for
> the link to his FreeLIP package. Looks like I'll have to use my PC for
> calculations, then.
No prob. The win98 calc is a bit slow but it can handle very large
numbers.
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES lifetime (was: being burnt by the NSA)
Date: Sat, 12 Jun 1999 22:49:07 GMT
Patrick Juola wrote:
> [EMAIL PROTECTED]> wrote:
> >Which is the requirement: A cipher must remain unbroken for,
> > A) its operational life,
> > or
> > B) the intelligence life of any data it protects?
> >
> >I think that's a pretty basic question. Could the the NSA
> >have come up with the wrong answer?
>
> These are two different requirements. You have to consider
> whether the intelligence life of the data protected is within
> the capacity of the operational life of the cypher.
>
> If I decide that I need to get from Pittsburgh to LA in a day, and
> therefore go out and buy a bicycle, did the Schwinn company ''come
> up with the wrong answer''? No -- I did in deciding that the
> bicycle was suitable for my needs.
Of course if Schwinn wrote that the applicability of the
bicycle is that it will be used when you need to travel,
and they actually have authority to specify what transport
you are too use, then they'd definitely be wrong.
Of course we'd be foolish to let a bicycle company specify
how we are to travel - they might not really have our
interests at heart.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Maximum key size in block ciphers
Date: Sat, 12 Jun 1999 22:41:36 GMT
I must apologize to DaveScott. I did post bad info. The actual max
size of any block cipher key is
(2^n)! for example if the block size is 8 bits, then the max key size
is 256! or 1683.99628722421461940614767931775 bits
If you think about it thats the number of arrangments for the
substitution. For block sizes of 64 bits it's quite large at
s = 18446744073709551616!
(in bits it is 'log(s) / log(2)')
Which I cannot do on my calc or any calc (It would take a bit...)
Sorry about the previous bad info.
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Gergo Barany)
Subject: Re: RSA example with small numbers
Date: 12 Jun 1999 23:16:50 GMT
In article <[EMAIL PROTECTED]>, James Pate
Williams, Jr. wrote:
>>A correction is in order, Arjen K. Lenstra of the special and general
>>number field sieve fame (a well-known factoring algorithm) wrote
>>FreeLIP which is portable to PCs under Microsoft's Visual C/C++ and
>>Borland's C/C++ 5.0. (Currently, these are the only two C/C++
>>compilers on this author's PC.)
>>
>
>Actually I do have gcc on my machine which is used by Xspin,
>but I have not tried compiling FreeLIP using this compiler.
I compiled it under gcc without problems. Looks like it's good old ANSI
C (or something very close). Installing it and putting together some
code for my problem took about 5 minutes (even with my minimal C
skills). It's a really good piece of software.
Gergo
--
"Don't say yes until I finish talking."
-- Darryl F. Zanuck
GU d- s:+ a--- C++>$ UL+++ P>++ L+++ E>++ W+ N++ o? K- w--- !O !M !V
PS+ PE+ Y+ PGP+ t* 5+ X- R>+ tv++ b+>+++ DI+ D+ G>++ e* h! !r !y+
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES lifetime (was: being burnt by the NSA)
Date: Sat, 12 Jun 1999 22:54:38 GMT
John Savard wrote:
> Of course, I don't think it's reasonable to say that DES resulted from
> the combined efforts of IBM, NBS, and the NSA: that implies that all
> three were pulling in the same direction. IBM certainly was not
> incapable of considering a 128-bit key, as LUCIFER proved.
Right, I didn't mean it that way. The implication I
intended was that the process was compromised, not
that the participants lacked ability.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES lifetime (was: being burnt by the NSA)
Date: Sat, 12 Jun 1999 23:08:24 GMT
> IF DES was a successful cipher it was becasue the NSA could break
> it the day they made it public. They may have thought low level data
was
> safe from dunb foreigners who lack the knowledge base of the great NSA
> but its real value was that many blindly used DES so that the NSA
could
> read what secrets they where foolish enough to encrypt with DES.
> The new AES winner we however meet these requirements in the near
> future.
I would trust DES more then your cipher anyday. I would trust AES more
then your cipher anyday as well. You poke at other ciphers you even
claimed that you are so smart you could work at the NSA if you wanted
to (just don't like management).
You know what I think. I think you are a punk kid who is trying to
misuse the newsgroup. Well you have succeeded.
It's only a matter of time before people forget about you. They won't
care. Your cipher is becoming the target of a slide attack and you
will not even help. Well that proves one of two things a) your an
asshole b) you don't know enough about the workings of your cipher to
prove/disprove the attack.
Try and remember what the aim of the newsgroup is (btw I realize my
thread about the NSA is off topic, however I did not mean for this to
become a thread this large...)
Tom
--
PGP public keys. SPARE key is for daily work, WORK key is for
published work. The spare is at
'http://members.tripod.com/~tomstdenis/key_s.pgp'. Work key is at
'http://members.tripod.com/~tomstdenis/key.pgp'. Try SPARE first!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: How to read postscript files
Date: Sun, 13 Jun 1999 01:38:42 GMT
In article <7junav$bcs$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
>Go to <http://wheel.compose.cs.cmu.edu:8001/cgi-bin/browse/objweb>.
>Type in the URL of the postscript file you want to read in the lower
>dialog box. Click the submit button. Wait a long time. Click on
>the link to ``step through sequence elements''. Enjoy!
>
>This should let you view any postscript file from a normal web browser,
>without needing to install ghostview.
Dave I have not test it. But I just bookmarked it and got to the
page I will see if it works. But as a first guess I would say you
have finally posted something of value to me. SO i assume it
may be of value to others
Thanks
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: RSA example with small numbers
Date: Sat, 12 Jun 1999 17:18:15 -0700
Gergo Barany wrote:
> Yes, I know dc, but I haven't used it much since I don't know more than
> the basics of reverse-polish notation (but I'll get around to learning
> it someday).
bc is a front-end to dc that provides more familiar algebraic notation,
and is also available on most Unix-like systems.
--
Jim Gillogly
Mersday, 23 Forelithe S.R. 1999, 00:17
12.19.6.4.18, 2 Edznab 6 Zotz, Eighth Lord of Night
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
