Cryptography-Digest Digest #739, Volume #9 Sun, 20 Jun 99 00:13:03 EDT
Contents:
Re: IDEA Questions ([EMAIL PROTECTED])
Re: SLIDE ATTACK FAILS ([EMAIL PROTECTED])
Re: test (Gergo Barany)
Re: test (Chris Eilbeck)
Re: F-secure (kurt wismer)
Re: *** FAKE KEYS AGAIN *** ("Soylent Grin")
Re: *** FAKE KEYS AGAIN *** ("Michel Bouissou")
Re: IDEA Questions (Casey Sybrandy)
Re: SLIDE ATTACK & large state SYSTEMS (Boris Kazak)
Re: SLIDE ATTACK & large state SYSTEMS (Tim Redburn)
Re: SLIDE ATTACK & large state SYSTEMS (Tim Redburn)
Re: IDEA Questions (John Savard)
Re: F-secure (Tom McCune)
Re: Graph of DES Encryption Function (James Pate Williams, Jr.)
Re: DES versus Blowfish ([EMAIL PROTECTED])
Re: Graph of DES Encryption Function ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: IDEA Questions
Date: Sat, 19 Jun 1999 11:28:50 GMT
In article <[EMAIL PROTECTED]>,
Casey Sybrandy <[EMAIL PROTECTED]> wrote:
> I have a couple questions about IDEA that I was wondering if anyone
knew
> the answer to. I'll be referencing AC2 pages 320&321 instead of
trying
> to redescribe everything on my own.
>
> 1. Steps 5, 6, 11-14 all use XOR. Why can't you change these to
> additions or subtractions?
>
> 2. In steps 7-10, there is a mixing of additions and multiplications.
> Why can't you add in some data dependency into this mixing, like data
> dependant rotates?
The purpose was that if a register was added in one round, it would
xor'd in the next. These operations are non-isomorphic, i.e they do
not commute. They are also non linear. The idea was to not be
dependant on one form of operation. They could have written the entire
cipher with mul/add but they commute.
Rotations were not added because only three primitives were focused
on. And by have data dependant round structures you are not sure to
get the same form of mixing.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: SLIDE ATTACK FAILS
Date: Sat, 19 Jun 1999 11:31:33 GMT
In article <7kev33$1ak4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Ever notice how much Mr. DSCOTT uses projection as a defense
mechanism? He
> goes off about how the NSA is shrouded in secrecy and yet fails to
produce
> an easy-to-understand flow chart of his code. He attacks other
people as
> "hating" him, when really he's the one that hates the rest of the
world.
I can only wonder why...He is not very mature, but is fun to read (well
funny to read). He just wants to be king of the castle, problem is
there is no castle :)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Gergo Barany)
Subject: Re: test
Date: 19 Jun 1999 12:35:39 GMT
In article <7kehoa$63v$[EMAIL PROTECTED]>, Erik Avat'R wrote:
>Firstly sorry about the computer thing.....
>was being a jerk...
>and if you dont mind me asking what do you mean by "...HTML practically
>posts your article twice..."?
First, there is a header saying "this is a multipart message, blabla,"
followed by the plaintext. Then, there's another header indicating the
beginning of the HTML part followed by the complete text including
formatting. Try finding an HTML post, saving it to a file and looking at
it in an editor.
Gergo
--
Never settle with words what you can accomplish with a flame thrower.
GU d- s:+ a--- C++>$ UL+++ P>++ L+++ E>++ W+ N++ o? K- w--- !O !M !V
PS+ PE+ Y+ PGP+ t* 5+ X- R>+ tv++ b+>+++ DI+ D+ G>++ e* h! !r !y+
------------------------------
From: Chris Eilbeck <[EMAIL PROTECTED]>
Subject: Re: test
Date: 19 Jun 1999 15:41:47 +0100
"Erik Avat'R" <[EMAIL PROTECTED]> writes:
> and if you dont mind me asking what do you mean by "...HTML practically
> posts your article twice..."?
Please read this web site http://www.ping.be/houghi/nohtml/
Chris
--
Chris Eilbeck mailto:[EMAIL PROTECTED]
------------------------------
From: kurt wismer <[EMAIL PROTECTED]>
Subject: Re: F-secure
Date: Sat, 19 Jun 1999 00:07:27 GMT
Dupavoy wrote:
>
> Has anyone used F-secure 2.0 by F-prot?
just a nitpick, f-secure is not made by f-prot, f-prot is not a company,
it is an anti-virus product produced by frisk software international...
the f-prot engine is used in the f-secure anti-virus product produced by
datafellows, not to be confused with the f-secure encryption product
produced by datafellows which i suspect you have done...
haven't used the f-secure line of products (encryption or av) though...
--
"sometimes i cannot take this place
sometimes it's my life i can't taste
sometimes i cannot feel my face
you'll never see me fall from grace"
------------------------------
From: "Soylent Grin" <Charon@Rocket*NOSPAM*mail.com>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: *** FAKE KEYS AGAIN ***
Date: Sat, 19 Jun 1999 11:28:52 -0000
Michel Bouissou <[EMAIL PROTECTED]> wrote in message
news:7kg5n3$f4e$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The malevolent forger that plays creating fake PGP keys bearing my
> name striked again, as I just found on keyservers a FAKE PGP key
> bearing my name, that tries to imitate as much as possible my true
> key:
>
> This FAKE DH/DSS key ID is 0x4831FD08
> and its fingerprints are
> C47B E849 DFC2 EF89 F8DB D6A0 0B41 44A0 4831 FD08
>
<snip>
> DO NOT USE THIS KEY TO ENCRYPT ANY MESSAGE FOR ME.
>
> DO NOT TRUST ANY MESSAGE SIGNED WITH THIS KEY. It would be a forged
> message that doesn't come from me.
>
> Please forward to me any message that you would receive signed by this
> key.
>
> For the record, my ONLY genuine PGP keys are:
>
> DH/DSS ID 0x80DBBD8F
> FP: B89E 1753 6425 0041 D922 8664 7870 5246 80DB BD8F
>
> RSA ID 0x46D56E39
> FP: 43A1 944A B049 BF5A 70CA 54CC D4F3 65A8
>
> (If some kind keyserver admin reads this message, I would be very
> thankful if he could remove any other key bearing my name from the
> keyserver he's in charge of)
>
> - --
> Michel Bouissou <[EMAIL PROTECTED]> DH/DSS ID: 0x80DBBD8F
> Prot�gez votre correspondance avec PGP: http://come.to/pgpenfrancais
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.0.2i
>
> iQA/AwUBN2uMCnhwUkaA272PEQIGCACgstFuTIzTTyhKAvoy+srSSdXF0VYAnigE
> dyleKDhdZpCyEqqGv7BvJMeR
> =xH6O
> -----END PGP SIGNATURE-----
>
>
>
How do we know this isn't a clever ruse by the forger using the cleverly
forged key and not the real one?
What if you are the fake and pointing us to the fake key?
Kirk
------------------------------
From: "Michel Bouissou" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: *** FAKE KEYS AGAIN ***
Date: Sat, 19 Jun 1999 21:14:53 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Soylent Grin a �crit dans le message
<[EMAIL PROTECTED]>...
>
>How do we know this isn't a clever ruse by the forger using the
cleverly
>forged key and not the real one?
>What if you are the fake and pointing us to the fake key?
You can send me a direct e-mail to the e-mail address mentioned on
all keys (true ones and forged ones), and then I can personally
confirm which keys are true and which are fake.
You can also check the signatures that are on my true keys, that
will make obvious that these ones are true.
Best regards.
- --
Michel Bouissou <[EMAIL PROTECTED]> DH/DSS ID: 0x80DBBD8F
Prot�gez votre correspondance avec PGP: http://come.to/pgpenfrancais
Participez depuis chez vous � la recherche d'une intelligence
extra-terrestre!: http://setiathome.ssl.berkeley.edu/
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
iQA/AwUBN2veHXhwUkaA272PEQJTlACgkkP6oIcxLzDg1LwVFrgMKB+lnDAAn1ZF
s3qlcK1Oeq301hCTxOZp8E5J
=vQyJ
=====END PGP SIGNATURE=====
------------------------------
From: Casey Sybrandy <[EMAIL PROTECTED]>
Subject: Re: IDEA Questions
Date: Sat, 19 Jun 1999 15:21:30 -0400
Let me clarify this some since I didn't get what I meant across.
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Casey Sybrandy <[EMAIL PROTECTED]> wrote:
> > I have a couple questions about IDEA that I was wondering if anyone
> knew
> > the answer to. I'll be referencing AC2 pages 320&321 instead of
> trying
> > to redescribe everything on my own.
> >
> > 1. Steps 5, 6, 11-14 all use XOR. Why can't you change these to
> > additions or subtractions?
>
When you change any or all of these XOR's to additions/subtractions, they
won't reverse at all. Why?
> >
> > 2. In steps 7-10, there is a mixing of additions and multiplications.
> > Why can't you add in some data dependency into this mixing, like data
> > dependant rotates?
>
If you were to add in any data dependency, it will not decrypt. Why?
>
> The purpose was that if a register was added in one round, it would
> xor'd in the next. These operations are non-isomorphic, i.e they do
> not commute. They are also non linear. The idea was to not be
> dependant on one form of operation. They could have written the entire
> cipher with mul/add but they commute.
>
> Rotations were not added because only three primitives were focused
> on. And by have data dependant round structures you are not sure to
> get the same form of mixing.
>
> Tom
> --
> PGP key is at:
> 'http://mypage.goplay.com/tomstdenis/key.pgp'.
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: SLIDE ATTACK & large state SYSTEMS
Date: Sat, 19 Jun 1999 12:19:37 -0400
Reply-To: [EMAIL PROTECTED]
SCOTT19U.ZIP_GUY wrote:
> (**snip**)
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> http://members.xoom.com/ecil/index.htm
> NOTE EMAIL address is for SPAMERS
=======================
Once upon a time...
"In a small town the circus people were walking
an elephant along the streets.
Since elephants are so rarely to be seen,
crowds were following the procession,
people and dogs...
Suddenly a tiny puppy started barking at
the elephant, running and jumping around,
getting more and more furious with
each next jump and squeak.
'Don't put shame on yourself, Puppy!
- the quiet Mother Dog said -
Look, the elephant does not pay the
slightest attention, he just goes
on and on...'
'But that's the whole point!
- answered the puppy -
Can't you understand that this gives me
a chance to get the reputation of
great and fearsome warrior
without doing any actual fight?
All the other dogs will say:
- This Puppy is obviously strong,
- courageous and aggressive, since
- he barks at the elephant! ' "
(Ivan A. Krylov, circa 1830)
------------------------------
From: [EMAIL PROTECTED] (Tim Redburn)
Subject: Re: SLIDE ATTACK & large state SYSTEMS
Date: Sat, 19 Jun 1999 18:29:39 GMT
On Thu, 17 Jun 1999 00:53:36 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
<snip>
> .... You make the same fallacy as the germans no one
>does a full key seach. Unless it short like DES. At the most if two
>ciphers appear the same but one has a longer key then knowing
>nothing else the longer keyed one is better period.
<snip>
Ey ? Doesn't the first sentence above, mean that the last is complete
nonsense ?
If no-one does a key search then
something else *must* be known about the ciphers by the
analyst, and it will *not* be the size of their key that
determines their downfall.
Anyone that judges one cipher as better solely by it's key size will
be demonstrating a complete misunderstanding of
the field of cryptography.
Tell me again ....... Why do you claim that scott19u.zip is so secure?
- Tim.
------------------------------
From: [EMAIL PROTECTED] (Tim Redburn)
Subject: Re: SLIDE ATTACK & large state SYSTEMS
Date: Sat, 19 Jun 1999 18:29:40 GMT
On Fri, 18 Jun 1999 14:55:43 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
<snip>
> You lack much knowledege little grass hopper
<snip>
> You obviously lack basic knowledge of what a mapping and a transforn
>is.
<snip>
> Read and you might learn something foolish one.
<snip>
.
>I notice little one you seldom anwser a post but go off in left to talk about
>something else.
<snip>
There is one person in this group that all these comments could
reasonably be aimed at .......... but it isn't Tom.
- Tim.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: IDEA Questions
Date: Sat, 19 Jun 1999 20:05:53 GMT
Casey Sybrandy <[EMAIL PROTECTED]> wrote, in part:
>1. Steps 5, 6, 11-14 all use XOR. Why can't you change these to
>additions or subtractions?
A lot of steps use XOR because otherwise IDEA would be a hash function
instead of being invertible.
The block is divided into four parts; then these four parts are
divided into two pairs. Each pair is then modified as follows: both
elements of the pair are XORed with the same quantity, and that
quantity is a function of the XOR of both elements of each pair
together.
By XORing both elements of a pair with the same quantity, the XOR of
the two elements isn't changed.
Additions and subtractions could be used to do something similar; for
example, if you add the same quantity to both elements of a pair, the
difference between the two elements will remain the same. However,
addition and subtraction already are also used in some places.
>2. In steps 7-10, there is a mixing of additions and multiplications.
>Why can't you add in some data dependency into this mixing, like data
>dependant rotates?
Data dependent rotations may be covered by the RC5 patent.
Again, as with your previous question, as it is IDEA is just barely
invertible. On the other hand, it pointedly avoids the
straightforwards Feistel structure of DES.
Also, part of the rationale behind IDEA is to allow an efficient and
compact implementation. (However, multiplication is quite a bit slower
than other things they could have done.)
If it is true that using 16-bit multiplication is comparable to having
a known S-box with 65,536 entries, then there's no need to add more
complexity to IDEA, and that is the assumption behind the design.
But while I think it isn't reasonable to ask why IDEA couldn't have
been something completely different, if it is not seriously flawed,
I'll admit I agree that it is a good idea to use more than one source
of nonlinearity in a block cipher.
At one point, obtain nonlinearity from multiplication by replacing a
16 or 32 bit quantity with the middle of its square...at another
point, have a small S-box connecting corresponding bits of different
subblocks using the technique found in 3-Way and Serpent of using AND
and OR to create a small nonlinear function...and somewhere else use
an ordinary S-box.
I'll definitely agree that having more than one kind of nonlinearity
is going to improve security.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Tom McCune)
Subject: Re: F-secure
Date: Sat, 19 Jun 1999 19:54:54 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dupavoy) wrote:
>Has anyone used F-secure 2.0
I've used it a couple times. Although I didn't use if for very long, I
didn't have any problems with it.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.0.2
Comment: Tom McCune's PGP Pages: http://www.borg.com/~tmccune/PGP.htm
iQEVAwUBN2v1i2R4bNCQMh9JAQEgYgf+MaAvPfbSesNzYvQVOd/9kx9IrofR4Rsw
Y9HVlYANhhC+Zd05GFzLj4tJiwrwp+v9PZR55ta0rXnrO8EA+xgL9NlT26SFrTen
jPsSm3WyL1YE5r8vR4Vdr4uA68o9wgiKEBL8UM5F2II3V2cmn/f8t5PpUHVa1LSP
j/QFnTSzt9AIEd+YzxhvPcTvMkRJ3YAnj2vrCETgNIYeN8id/YlziqEIOEtgJ1A3
vjRkUdOe1YlgsrTQeQK1j0Xw2n8fnGF2fCLpjkP0HyppN0HZ6MsP0zhU6V6ZXYGR
grbGBoRXS/lk3vEI/HMNvcqgCEXHl2xvNR+84g8d0Zo6d0xGfXPgqQ==
=tar5
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Graph of DES Encryption Function
Date: Sat, 19 Jun 1999 23:50:53 GMT
I have a Visual C FreeLIP/OpenGL program that graphs the DES
encryption function for the key {127, 255} over the domain 0 - 255.
I have not bothered to check if this is a weak key. The graph is
reminisent of some work I did from May 9 - 15, 1988, involving
creating stochastic "music" on a Commodore Amiga 2000 using the
language AmigaBasic. The "music" consisted of three different
types of noise: Brownian, one over f (1 / f), and white noise.
The first two noises were created using algorithms by Richard F.
Voss (see "Scientific American" April 1978 Mathematical Games
by Martin Gardner pages 16 - 29). If my recollection of the graphs
is correct the DES graph mainly resembles the white noise graph.
Any citizen of the United States of America, currently residing in
the U. S. can obtain the source code for the DES graphing
program by contacting me at the following e-mail address requesting
graphdes.c. Sorry the current version is for Wintel machines only,
however, modest conversions would be required to port to Unix.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES versus Blowfish
Date: Fri, 18 Jun 1999 15:34:14 GMT
In article <[EMAIL PROTECTED]>,
fungus <[EMAIL PROTECTED]> wrote:
> In theory DES is much weaker.
In practice as well.
> Blowfish has a 128 bit key, DES has only 56 bits and messages have
been
> publicly cracked on several occasions.
Not true the key is variable length. 128 bits is just the suggested
size. The max key size is 32768 bits and the smallest working key is
about 32 bits (I wouldn't use lower then 64 anyways but...)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Graph of DES Encryption Function
Date: Sun, 20 Jun 1999 01:42:13 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
> I have a Visual C FreeLIP/OpenGL program that graphs the DES
> encryption function for the key {127, 255} over the domain 0 - 255.
> I have not bothered to check if this is a weak key. The graph is
> reminisent of some work I did from May 9 - 15, 1988, involving
> creating stochastic "music" on a Commodore Amiga 2000 using the
> language AmigaBasic. The "music" consisted of three different
> types of noise: Brownian, one over f (1 / f), and white noise.
> The first two noises were created using algorithms by Richard F.
> Voss (see "Scientific American" April 1978 Mathematical Games
> by Martin Gardner pages 16 - 29). If my recollection of the graphs
> is correct the DES graph mainly resembles the white noise graph.
> Any citizen of the United States of America, currently residing in
> the U. S. can obtain the source code for the DES graphing
> program by contacting me at the following e-mail address requesting
> graphdes.c. Sorry the current version is for Wintel machines only,
> however, modest conversions would be required to port to Unix.
Hmm cool do you have anything to read on this? Source code or papers?
I always thought the output would make white noise since it is random,
or is the music the result of a filter condition of the output?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
