Cryptography-Digest Digest #826, Volume #9 Sat, 3 Jul 99 16:13:03 EDT
Contents:
Re: Quantum Computers ("rosi")
Re: Standard Hash usage ([EMAIL PROTECTED])
Re: Standard Hash usage ([EMAIL PROTECTED])
Re: How do you make RSA symmetrical? (Boris Kazak)
Re: How do you make RSA symmetrical? (Boris Kazak)
Re: Kryptos article (B & J)
Re: SSL Overhead (Lincoln Yeoh)
Re: I don't trust my sysadmin (Nogami)
Re: RSA or DIFFIE-HELLMANN ("Douglas A. Gwyn")
Re: Kryptos article (Jim Gillogly)
Re: Posting on sci.crypt.research (John Savard)
Re: quant-ph archive? (Anti-Spam)
Re: Standard Hash usage (Keith A Monahan)
Re: Can Anyone Help Me Crack A Simple Code? (Jerry Coffin)
Re: How do you make RSA symmetrical? (Gilad Maayan)
----------------------------------------------------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: Fri, 2 Jul 1999 20:56:40 -0400
Dear Greg,
If you brother works on the topic, I think perhaps you can provide more
behind the assertion and let us know more precisely how bleak the real
picture is.
I still hold my position for now. Take RC4u as a benchmark. We may
have 'a lot of success' (taking an assumption as you did), but we may
have more insight?
Thanks
--- (My Signature)
Greg Ofiesh wrote in message <7lf4l4$5uo$[EMAIL PROTECTED]>...
>Let us begin with the following assertion that I think you will all
[snip]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Standard Hash usage
Date: Sat, 03 Jul 1999 02:59:18 GMT
In article <7lj5sk$pdh$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Keith A Monahan) wrote:
> Thanks for the quick and helpful response(as usual).
It's fun, really.
> : H1 = H(P)
>
> I understand this. Hash the entire password and store result in H1.
>
> : H2 = H(P||H1)
>
> Help me with the notation there. Is that '||' a logical OR? Or does
that
> just mean I first pipe the entire password in the 'to be hashed
bucked' and
> then add the results of the first hash in after that?
It means H2 = hash(P1+H1) You append H1 to P1 and hash it again.
Assuming the output of the first hash is secure H2 is as well. You now
have H1||H2 as your 320-bit hash...
> I'm missing something. If a hash typically puts out a fixed size,
wouldn't
> H2 be only 160 bits?
No, see above.
> The problem is, I know some of the original KEY data (prior to the
HASH) but
> I have no idea what the input to the encryption algorithm is,
> ie I don't know the output of the hash(because I don't know
> all of the original KEY data). Sooo, wouldn't
> I have to brute the original input, using what I know, with added
data,
> (ie add data = the actual brute searches here)
> pipe it through the hash, and do the check at that point??
Basically yes. This is much quicker then guessing the output of the
hash. Just guess the input (unless it has more entropy then the hash)
until you find a hash which is the key for a ciphertext that decrypts
to what you are looking for.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Standard Hash usage
Date: Sat, 03 Jul 1999 03:01:04 GMT
In article <7lj645$pdh$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Keith A Monahan) wrote:
> I'm not using PCL although I'm still considering it. The cracker is
going
> to be in C. My real task is to find my password, once that happens (
> probably 2^2873 years from now <grin>), then I can adapt and play
around
> with it. I won't be distributing it for quite some time...
2^2873 years??? How long is the key? Can't you mount a dictionary
attack? Good luck!
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: How do you make RSA symmetrical?
Date: Fri, 02 Jul 1999 20:57:32 -0400
Reply-To: [EMAIL PROTECTED]
Gilad Maayan wrote:
> (*******)
> pq = N, which is the modulus.
> e, relatively prime to (p-1)(q-1), is the public (or encryption) key.
> d, chosen such that de-1 is evenly divisible by (p-1)(q-1), is the
> secret (or decryption) key.
> Encryption: C=M^e mod N
> Decryption: M=C^d mod N
> I won't bother with digital signatures, etc.
>
> What didn't I understand again?
==================
Dear Gilad!
Just the fact that you can copy several lines from RSA description
into your post, proves nothing about the real understanding of the
algorithm. By the way, you copied inaccurately:
"de" is a multiple of (p-1)(q-1) ; not "de-1"
Sorry, this is exactly the kind of error that a person who does not
understand the algorithm is likely to make.
So follow Bob Silverman's advice, sit down and learn.
Best wishes BNK
================================
>
> No, Bob, my repeated postings, and the wildly illegible responses to
> them, show that the majority of posters to this newsgroup are a little
> too eager to lecture to newbies, and find it somewhat difficult to
> open their minds up to applications slightly different than what
> they're accustomed to.
> Nobody, with the notable exception of David A. Molnar, has actually
> listened to what I'm saying and answered my questions. When I ask a
> question, any question, I'm immediately attacked by 10 postings
> saying, "RSA doesn't work that way, stupid," "Run before you can
> walk," and other such condescending bullshit.
> People, if you don't feel like helping out, don't respond to my
> postings. But if you do reply, try, just once, giving me a straight
> answer instead of treating me like a five-year-old. I may be new to
> this field, but I'm far from stupid.
======================
Not stupid, just uneducated
======================
>
> Gilad Maayan
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: How do you make RSA symmetrical?
Date: Fri, 02 Jul 1999 21:22:00 -0400
Reply-To: [EMAIL PROTECTED]
Boris Kazak wrote:
>
> Gilad Maayan wrote:
> > (*******)
> > pq = N, which is the modulus.
> > e, relatively prime to (p-1)(q-1), is the public (or encryption) key.
> > d, chosen such that de-1 is evenly divisible by (p-1)(q-1), is the
> > secret (or decryption) key.
> > Encryption: C=M^e mod N
> > Decryption: M=C^d mod N
> > I won't bother with digital signatures, etc.
> >
> > What didn't I understand again?
> ------------------
> Dear Gilad!
>
> Just the fact that you can copy several lines from RSA description
> into your post, proves nothing about the real understanding of the
> algorithm. By the way, you copied inaccurately:
>
> "de" is a multiple of (p-1)(q-1) ; not "de-1"
>
> Sorry, this is exactly the kind of error that a person who does not
> understand the algorithm is likely to make.
>
> So follow Bob Silverman's advice, sit down and learn.
>
> Best wishes BNK
> --------------------------------
Sorry for this post, the error is mine, it is really "de-1".
However, if you take the 20-bit plaintext and raise it to the
power of "e", then no one can guarantee you that
Encryption: C=M^e mod N
will be significantly different in length from N.
Make an experiment - take 2 small primes, say 61 and 67, take a 1-digit
plaintext, say 5, and calculate, what length of ciphertext will result
from encrypting with different public keys, how many of these
ciphertexts will be 1 digit long.
You will see yourself that many of your questions were not worth asking.
Best wishes BNK
------------------------------
From: B & J <[EMAIL PROTECTED]>
Subject: Re: Kryptos article
Date: Sat, 03 Jul 1999 06:17:53 +0000
Cool Jim, had time to work on it for a few hours this past week. Didn't do it
your way, since mine
showed up under I. Wonder why those CIA cryppies enjoy greeky stuff ?
any progress on the last one ?
- Ben
Jim Gillogly wrote:
Yes -- if you set it up like a matrix, with the KRYPTOSABC...
> keyword across the top as the plaintext alphabet, and each
> offset KRYPTOSABC... keyword underneath it at the right offset
> so that the 1st ciphertext letter is below the corresponding
> plaintext letter in the top alphabet, you will be able to read
> whichever keyword you recovered in a vertical line somewhere
> in the matrix.
>
> Look under the K to find the keyword Jim Sanborn used when he
> encrypted the section. Each is an English word.
>
> --
> Jim Gillogly
> Trewesday, 3 Afterlithe S.R. 1999, 22:28
> 12.19.6.5.11, 2 Chuen 19 Zotz, Third Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: SSL Overhead
Date: Sat, 03 Jul 1999 08:43:13 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 29 Jun 1999 15:17:59 GMT, [EMAIL PROTECTED] wrote:
>I have a customer who was wondering how much overhead is added when
>encrypting a web page. For example, a web page and graphics is 20kbytes
>what does that convert to once it is encrypted?
The main overhead from the client perspective is latency, or delays.
Web browsers often initiate a separate connection for each request- for
each webpage, image, etc.
Setting up an SSL connection requires a few more steps than a normal
TCP/HTTP connection. You have the SSL handshake on top of the TCP
handshake.
This means that you have to wait longer before any data is actually sent.
And for typical web browsing this can be very significant especially if the
server is 150-300 msec or further away from the client.
Of course if the client and server support and use "keepalives" then the
number of handshakes can be reduced- basically the server doesn't drop the
connection after the each request, instead it waits for the client to send
subsequent requests.
Still by the time most people have read your webpage and are ready to go to
your next, the "keepalives" would have timed out (server got tired of
waiting), and a new connection has to be made. Of course if your webpages
are not worth reading it won't time out, but then you have another problem
;). There are people who don't read slow, but we're talking about the
general population...
That's probably why sites often serve up pages using normal http and then
only switch to https when crypto is needed.
Hope that helps.
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED] (Nogami)
Subject: Re: I don't trust my sysadmin
Date: Sat, 03 Jul 1999 08:50:08 GMT
On Fri, 02 Jul 1999 19:08:16 GMT, "David N. Murray" <[EMAIL PROTECTED]>
wrote:
>I'm not sure I presented my problem correctly.
>
>I have a completely automated process (e.g. a cron job)
>that needs to connect to a DBMS (e.g. Oracle). The DBMS
>requires a username and password to connect to the database
>in order to do any meaningful work.
>
>If I were to use a form of trusted access (implemented by
>the DBMS), then the sysadmin could simply login as that
>user. Instead, I configure the DBMS to accept uname/password
>and have the program login that way.
>
>How do I protect the uname/password that the app needs to
>connect with?
As other posters have commented, it's not possible to do if you're
running a normal cron-job. They can't be protected.
Your best (imho) bet would be to compile an executable that the cron
program could fire. Inside that executable, you could have the
appropriate login strings encrypted by any number of means to send to
the database.
N.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: RSA or DIFFIE-HELLMANN
Date: Sat, 03 Jul 1999 12:10:33 GMT
[EMAIL PROTECTED] wrote:
> Ah ... for APL... wasn't that invented as a language for describing
> algorithms precisely and not as an implemented language?
While Iverson did emphasize its use by humans, APL was in fact
implemented, and there were special APL keyboards with the funny
symbols. Somewhere I even have an old NSATJ article that contains
APL source code for "mechanization of indirect symmetry". There
were some powerful features in that language.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Kryptos article
Date: Sat, 03 Jul 1999 08:47:35 -0700
B & J wrote:
> any progress on the last one ?
Not here. I've been trying a bunch of experiments along the lines
I suggested: various flavors of autokey; running key; and combined
polyalphabetic substitution and transposition.
Someone on the ABC chat board about Kryptos reports an "almost"
involving a "key" of FRANCISSCOTT and a plaintext that appears
that it will be the first bit of the Star Spangled Banner, but I
can't follow the explanation at
http://boards.go.com/cgi/abcnews/request.dll?LIST&room=wnt_ciacode
(title "wag at four", author F_Belill"). That would be a credible
choice for plaintext, though, since the s-shaped sculpture resembles
a flag, the petrified tree next to it could represent a flagpole,
and the letters carved through it could represent the holes in the
flag above Fort McHenry.
But unless others can reproduce F_Belill's method, it's not certified.
--
Jim Gillogly
Trewesday, 10 Afterlithe S.R. 1999, 15:41
12.19.6.5.18, 9 Edznab 6 Tzec, First Lord of Night
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Posting on sci.crypt.research
Date: Sat, 03 Jul 1999 17:18:09 GMT
[EMAIL PROTECTED] wrote, in part:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (John Savard) wrote:
>> Could someone be trying to steal Scott16u?
>That or somebody created a 16-bit version of RC4.
Upon reflection, it _seems_ that the patent application concerns an
S-P network, similar to the one in the Scientific American article
that gave an early conceptual look at LUCIFER, but with a
key-dependednt permutation on 16-bit blocks.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
Date: Sat, 03 Jul 1999 10:46:41 -0700
From: Anti-Spam <[EMAIL PROTECTED]>
Subject: Re: quant-ph archive?
David A Molnar wrote:
>
> I'm having trouble accessing the quant-ph archive on xxx.lanl.gov .
> I'm getting a "403 Forbidden", no matter what link I try.
>
> Does anyone else have this problem ?
>
> Thanks,
> -David Molnar
just tried it and everything works fine for me. Downloaded a couple of
PDF files with no problem. Are you working through a proxy
server&firewall with a troublesome cache, maybe?
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Standard Hash usage
Date: 3 Jul 1999 18:38:50 GMT
Tom,
[EMAIL PROTECTED] wrote:
: In article <7lj645$pdh$[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] (Keith A Monahan) wrote:
: > I'm not using PCL although I'm still considering it. The cracker is
: going
: > to be in C. My real task is to find my password, once that happens (
: > probably 2^2873 years from now <grin>), then I can adapt and play
: around
: > with it. I won't be distributing it for quite some time...
: 2^2873 years??? How long is the key? Can't you mount a dictionary
: attack? Good luck!
Hahahaha. Tom, that was actually a joke. Some of the numbers I've computed
may as well be that long. :)
I think I can reduce the set down fairly small - and if my cracker is
sufficiently fast, I may be done in no time.
Keith
: Tom
: --
: PGP key is at:
: 'http://mypage.goplay.com/tomstdenis/key.pgp'.
: Sent via Deja.com http://www.deja.com/
: Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Sat, 3 Jul 1999 12:14:46 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> The outputs are the same for each of these inputs. A "yes" or "no"(this is
> NOT how I described it) represents wether the code gave
> the acceptable output. The output is not a "yes" or "no", but an
> output which is unknown. It may be 10 digits - I don't
> know what the output is. It is not one bit.
The information you've made available to US is that the output is
either acceptable or unacceptable. That's ultimately, ONE bit. There
may have been more bits involved at some point, but the information
you've given US is one bit. The terms in which you described it, or
describe it in the future, are irrelevant -- it's still basically just
some sort of positive vs. negative response, which is in essence one
bit.
> Unfortunately, it is impossible to collect large amounts of data on
> thisalgorithm. 10^10 is not that big of a number. If it were possible, I
> would try all of them, make a chart of what works, and not care what
> the algorithm was.
10^10 is big enough that doing a brute-force attack would certainly be
possible under some circumstances. OTOH, there's a LOT of room
between 6 and 10^10 -- a sophisticated attack might require a few
hundred to a few thousand inputs.
> I do not know how many X values there are. There may only be six
> values.Could you solve it then? If you could, I could probably take a
> simmilar approach with 7, then 8 numbers, untill I had something that
> worked.
Yes and no -- I could probably devise at least a hundred different
algorithms that produced one output for those six values and some
other output for all other inputs. Given sufficient time, I could
probably increase that from a hundred to several thousand. The
problem is that one of the first hundred might or might not be the one
you want. The next several thousand algorithms might or might not
match what they've done either. About the only way to find out would
be to either get more data to start with, or test each one
individually after the fact. From what you've described, neither of
these is likely to be of much help.
Most people doing this sort of verification would start with some sort
of hashing algorithm. The problem with guessing at what they're doing
is that there are LOTS of other possibilities. I happen to think in
geometric terms quite well, so one that occurs to me is that they
could define a point on a plane. The inputs would be treated as pairs
of numbers defining lines. Those lines that intersect (or nearly
intersect) the point give the "good" output, while the rest give the
"bad" output -- e.g. the real output might be the distance from the
line to the point.
I'm not suggesting that this is how they do things. I'm simply
pointing out that given what we know so far, it's trivial to design
all sorts of really strange algorithms that would work. You could end
up trying nearly infinite algorithms before you hit one vaguely
similar to what they're using.
> I am sorry. I did not build this thing, so I do not have the answer.That's
> why I am asking the question. I assumed there might be
> someone on this newsgroup that has experience cracking codes.
There are. Just for one example who got his fifteen minutes of fame
recently, Jim Gillogly recently cracked most of the text encrypted on
the Kryptos sculpture at the CIA headquarters. IIRC, there are 97
characters at the end that haven't been cracked yet.
Those may remain uncracked for a LONG time -- 97 characters is a VERY
small amount of output to try to work with. Even so, that output
probably represents on the order of 300 bits or so. So far, in your
case, the output we've got is basically 6 bits.
In addition, consider that we have a general idea that when decrypted,
the text from Kryptos will come out as something closely resembling
normal English text. In your case, we have only the fact that some
outputs are acceptable and others are not.
One big problem that arises with those 97 final characters is that it
would be pretty easy to devise algorithms that decrypt them to
something readable, but it's MUCH harder to be at all certain that
it's the _correct_ readable output. I could quite easily decide on 97
characters I wanted, and devise an algorithm that would decrypt that
text to those characters. Unfortunately, I'd have no way of knowing
whether that was what he originally intended or not.
Your situation is analogous. I can devise LOTS of algorithms that
will give fit the criteria you've given so far. I have NO idea
whether any of them will actually match what they're using or not.
------------------------------
From: [EMAIL PROTECTED] (Gilad Maayan)
Subject: Re: How do you make RSA symmetrical?
Date: Sat, 03 Jul 1999 18:31:41 GMT
>>this is exactly the kind of error that a person who does not
>> understand the algorithm is likely to make.
>>
>> So follow Bob Silverman's advice, sit down and learn.
>Sorry for this post, the error is mine, it is really "de-1".
Fucking moron.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
