Cryptography-Digest Digest #829, Volume #9 Sun, 4 Jul 99 17:13:03 EDT
Contents:
Re: Ciphers based on HASH functions ([EMAIL PROTECTED])
Re: RSA Padding ([EMAIL PROTECTED])
Re: Quantum Computers ("rosi")
Re: Quantum Computers ("rosi")
Re: Standard Hash usage (David P Jablon)
Free chapters from Handbook of Applied Cryptography (Alfred John Menezes)
more on additive generators ([EMAIL PROTECTED])
Re: Secure link over Inet if ISP is compromized. ("Else")
RNG/PRNG paper for reading+editing (Eli)
Re: Quantum Computers (David A Molnar)
Decrypting files encrypted with Cold Fusion's cfcrypt.exe (Bob)
MP3 Security Requirements? (Thierry Moreau)
Crypto Books on CD-ROM ([EMAIL PROTECTED])
Re: Can Anyone Help Me Crack A Simple Code? (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ciphers based on HASH functions
Date: Sun, 04 Jul 1999 15:39:38 GMT
In article <7lmbh2$h5m$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> There has been some research into creating block ciphers using hash
> functions, however I think there was some concern as to how secure
they
> are due to the fact that hash functions were designed with different
> properties in mind. My question is, would a block cipher based on
> HMAC's be better? A HMAC is designed to withstand around using a key,
> so wouldn't that make a better S-Box than a regular hash function?
BEAR and LION are two modern examples of ciphers using HASH functions.
They require that the HASH function be secure, but can become victim to
mitm attacks and possibly slide attacks aswell.
Mainly HASH functions are designed along the same lines as block
ciphers but require collision resitant compression functions. TIGER
for example has sboxes like many block ciphers do. Most hashes are UFN
type 'ciphers'...
These cipher constructions are not popular for several reasons. a)
they are slow. It requires performing an entire HASH function for one
round (they normally have 3 rounds or so..). b) they are larger
(require code for hash). c) the strength is co-dependant on the hash
function and cipher construction (meaning too many eggs in one basket).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA Padding
Date: Sun, 04 Jul 1999 15:33:37 GMT
<snip>
You must pad RSA messages otherwise they will fall victim to frequency
analysis. for this same reason the smallest block ciphers are 64
bits. I would read PKCS #1 which is suppose to cover padding RSA
messages.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: Sun, 4 Jul 1999 11:23:53 -0400
???
--- (My Signature)
Anton Stiglic wrote in message ...
>In a Quantum World, Quantum Crypto is unconditionaly secure.
>In fact, Quantum Crypto is already publicaly implemented
>(Los Alamos and other places). It is much easier to implement
>than a Quantum Computer (it's not the same thing at all either).
>
>See my labs page: http://crypto.cs.mcgill.ca
>+ my directors page: http://www.cs.mcgill.ca/~crepeau
>
>Anton
>
>
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: Sun, 4 Jul 1999 12:16:27 -0400
Greg Ofiesh wrote in message <7lgg7m$mt1$[EMAIL PROTECTED]>...
>In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>> Greg Ofiesh wrote:
>> > Let us begin with the following assertion that I think you will all
>> > agree with. If a quantum computer exists, then the only form of
>> > encryption that cannot be broken by it, or at least has half a
>> > chance to survive an attack, is OTP. All other forms of encryption
[snip]
Don't know on what basis I can agree with your above assertion. I
have more verbiage on both (immunity to QC and issues concerning
IT).
>>
>> > And please don't say I am nuts, or kook, or anything else.
>>
>> "Why on Earth not?"
>> - from "A Fish Called Wanda"
>>
[snip]
>
>
>And, finally, I stated not to call me a kook because only losers have
>no life that they spend it responding in the extreme negative. That is
>"why not".
>
I think you highly desert it
You know, when one particular day, one in which everything that could
go wrong did and everything else didn't do otherwise, you suddenly
decided to do good, say some service to benefit others, you found
yourself Running For Governor. And if you run here, dear Greg, you may
forget all your math training, forgetting what a group is, whether it is
associative, commutative, etc. etc. You probably still could hallucitate
that
a group could be quite abusive. You perfectly, in such situations, lose
your imperfect aim and started, for example, a random walk. You may
end up thinking of S.C.'s philanthropic (hey, not cryptographic) words
about holding up the banner and remember his words about statistics,
et.c., etc. What kind of people can make the best of mathematicians?
Only mathematicians can tell.
I, for a minor instance, try to doubt if I can be an inventior. However,
the weird thing is that, just kidding, what you invent can be attributed to
others while being attributed things never even came into your mind.
Thus in that EXACT sense that I was the INVENTOR of ROSicoNP!
I congratulate myself on this and remember that I got new names in the
process.
After all the conception or whatever of service, I can do a bit of dis-
service by loading the history of mathematics with all such wonderful
pieces of ... (fill in the blanks please)
--- (My Signature)
>
>Sent via Deja.com http://www.deja.com/
>Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Standard Hash usage
Date: Sun, 4 Jul 1999 15:59:29 GMT
>In article <7ligan$nfs$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Keith A Monahan) wrote:
> [...]
>> I noticed that SHA-1 outputs a hash result of 160 bits. What if
>> the result you need is larger than that, say 256 bits? (ie, for
>> Blowfish perhaps) [...]
>> Do you just concatenate the 2nd results to the first?
In article <7likc7$dv3$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Normally It would be this
>
>H1 = H(P)
>H2 = H(P||H1)
>
>Where P is the input and H1/H2 is the output (would be 320 bits with
>SHA).
That function, hash = sha1(P) || sha1(P || sha1(P)), limits the
entropy to no more than 160-bits, when P has more than 160-bits
of entropy.
Keep trying. :-)
======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: Free chapters from Handbook of Applied Cryptography
Date: 4 Jul 1999 16:23:06 GMT
As some of you may know, we recently made available 7 chapters
from our "Handbook of Applied Cryptography" for free download from
our web site: www.cacr.math.uwaterloo.ca/hac/
Our publisher, CRC Press, has generously given us permission
to place another 2 chapters on the site. We have just uploaded
Chapter 5 (Pseudorandom Bits and Sequences) and
Chapter 6 (Stream Ciphers).
We are negotiating with our publisher to have even more chapters
uploaded to the web site.
We hope these chapters will be of use to people in their
cryptographic work and study. Any comments in this regard are
greatly appreciated.
- Alfred
==========================================================================
| Alfred Menezes | Email: [EMAIL PROTECTED] |
| Department of C&O | Phone: (519) 888-4567 x6934 |
| University of Waterloo| Web page: www.cacr.math.uwaterloo.ca/~ajmeneze |
| Waterloo, Ontario | Web page for Handbook of Applied Cryptography: |
| Canada N2L 3G1 | www.cacr.math.uwaterloo.ca/hac/ |
| Centre for Applied Cryptographic Research: www.cacr.math.uwaterloo.ca |
==========================================================================
------------------------------
From: [EMAIL PROTECTED]
Subject: more on additive generators
Date: Sun, 04 Jul 1999 18:03:31 GMT
Is the combination of two additive RNGS independant of word size? For
example in fish they have (2^55 - 1)(2^32 - 1) and (2^52 - 1)(2^32 - 1)
however the gcd (using LIP) is 2^32 - 1, however without the second
term it's 1 (meaning 2^55 - 1 and 2^52 - 1 are relatively prime). So
the combine period would be (2^55 - 1)(2^52 - 1) right?
Also I have some code I would like someone to check out and make sure
it's proper (i.e the generators work like they should). It's in C and
hopefully clean enough. It's a PRNG using Algorithm M and the two
generators from FISH. It's all byte-wise because it is designed to be
efficient on smartcards (namely the 68HC11 and AVR). The code is at
http://mypage.goplay.com/tomstdenis/rng.c
Thanks in advance,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Else" <[EMAIL PROTECTED]>
Subject: Re: Secure link over Inet if ISP is compromized.
Date: Sun, 4 Jul 1999 22:38:45 +0400
Patrick Juola wrote in message <7liecm$sdb$[EMAIL PROTECTED]>...
>In article <7lhmni$9ti$[EMAIL PROTECTED]>,
>Gene Sokolov <[EMAIL PROTECTED]> wrote:
>>
>>Patrick Juola <[EMAIL PROTECTED]> wrote in message
>>news:7lgduf$p3p$[EMAIL PROTECTED]...
>>> In article <7lgcjq$g5r$[EMAIL PROTECTED]>, Else <[EMAIL PROTECTED]> wrote:
>>> >
>>> >Patrick Juola wrote in message <7lfspi$mij$[EMAIL PROTECTED]>...
>>> >>In article <7lfi2r$38f$[EMAIL PROTECTED]>,
>>> >>Gene Sokolov <[EMAIL PROTECTED]> wrote:
>>> >>> What do you think is the fraction of the Net users who exchange
>>keys
>>> >>>"out of band", i.e. not through their ISPs?
>>> >>
>>> >>My PGP public key is available through a half-dozen different sources,
>>> >>including one in print (Proc. NeMLaP-2); if the FBI decides to tamper
>>> >
>>> >What do you think is the fraction of people who do likewise?
>>>
>>> Anyone who signs up with the MIT key database, for one.
>>>
>>> Anyone who *has* ever exchanged a key with someone prior to
>>> the discussion at hand.
>>
>>What do you think is the *fraction* of people who do likewise?
>>Let's make the question simpler simpler:
>>100 people use SSL. What do you think is the number of people out of 100
who
>>exchange keys before starting data exchange?
>
>99, probably. I can't imagine more than 1 in 100 people only using
>SSL once in their life and never again.
Here is what you said before:
>>> >>My PGP public key is available through a half-dozen different sources,
>>> >>including one in print (Proc. NeMLaP-2); if the FBI decides to tamper
Now you are saying that 99% of people who use SSL also publish their keys?
Wow. I can see it already how these 99% call or write to the web site owner
to get his key in a secure manner. Or maybe run to their friendly
neighborhood Borders shop to get books with published keys.
My guess that 99 out of 100, or likely even higher number, never think of
the way key exchange occures. They just submit the data through SSL and
assume everything is nice and secure.
>>> Anyone who makes backups of their system(s).
>>
>>How is that relevant?
>
>'Cause your key is available on the backup tape.
How is that relevant? The question is not where you keep your key. The
question is how many people get it through *secure* channels. If you read
the thread subject, you would know, that the assumption here is that ISP is
compromised and stages a man-in-the-middle attack on you.
------------------------------
From: Eli <[EMAIL PROTECTED]>
Subject: RNG/PRNG paper for reading+editing
Date: Sun, 04 Jul 1999 13:33:06 -0400
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
I recently completed a paper for a course I am taking in high school.
The paper is regarding RNG/PRNGs, their uses, weaknesses, and how they
interact with an encryption algorithm. I would like to have some
feed back on it.
<p>If anybody would be willing to read it and give me some feedback I would
greatly appreciate it. I have never been taught anything involving
this in school, this was an independent research project, therefore I am
not guaranteeing 100% accuracy; and it is for this reason that I want someone
with knowledge to read it.
<p>If you are interested, email me (not post) and I will send it as an
attachment. I do not want to post it on the list due to its large
size.
<p>thank you very much,
<p>eli
<p>--
<br>=========================================================
<br> Export-a-crypto-system-sig
<br> RSA-3-lines-PERL
<br>#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
<br>$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
<br>lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
<br>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<br> </html>
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Quantum Computers
Date: 4 Jul 1999 18:01:27 GMT
rosi <[EMAIL PROTECTED]> wrote:
> ???
I think he's referring to what could be called
"quantum key distribution." Otherwise expanded on
in the post which covered reliable couriers.
Don't take my word for it, though - he gave URLs.
-David
> --- (My Signature)
> Anton Stiglic wrote in message ...
>>In a Quantum World, Quantum Crypto is unconditionaly secure.
>>In fact, Quantum Crypto is already publicaly implemented
>>(Los Alamos and other places). It is much easier to implement
>>than a Quantum Computer (it's not the same thing at all either).
>>
>>See my labs page: http://crypto.cs.mcgill.ca
>>+ my directors page: http://www.cs.mcgill.ca/~crepeau
>>
>>Anton
>>
>>
------------------------------
From: [EMAIL PROTECTED] (Bob)
Subject: Decrypting files encrypted with Cold Fusion's cfcrypt.exe
Date: Sun, 4 Jul 1999 14:18:27 -0500
Does anyone know of a program that will decrypt files encrypted with Cold
Fusion's cfcrypt.exe?
I suspect it uses DES encryption (a quick scan of the hex dump of the
program shows libdes included).
Any help would be appreciated.
Bob
------------------------------
From: Thierry Moreau <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: MP3 Security Requirements?
Date: Sun, 04 Jul 1999 15:28:22 -0400
Hi everyone!
As I understand it, the MP3 standard changes the way recorded
music and songs can be distributed. The traditional
distribution for recorded music involved a physical media,
(record, audio cassette, or CD), and a distribution network
handling physical goods. Home-based copying of recorded music
has been possible since the introduction of the audio cassette.
That's illegal but small scale fraud (taken individually), and
the audio quality is poor (defective substitute for the
original). Counterfeit CDs (like counterfeit videos) were a
problem before the advent of the MP3. That's organized fraud
and the good faith consumer is somehow defrauded, even if the
counterfeit CD quality is good.
So what really changes is the following:
1 OBSOLESCENCE FOR THE MUSIC RETAILER. Distribution of
recorded music on the Internet bypasses the traditional
distribution channels.
2 PAYMENTS FOR DIGITAL CONTENTS. Distribution of recorded
music on the Internet to the good faith consumer requires
some royalty payment mechanism.
3 BETTER QUALITY HOME-BASED COPYING. The quality of
home-based illegal copying is as good as the original.
4 NEW COUNTERFEITURE REPRESSION CHALLENGES. The organized
fraud (illegal distribution of MP3 from unauthorized web
site) is deemed to be more visible, simply because it is
Internet based, but potentially more difficult to sanction
(how to close an illegal web site in a remote country).
For this sci.crypt newsgroup, the important issue is number 2,
Payments for digital contents.
- Anyone has any pointers to relevant technologies?
- What about distributing music (for a fee) to teenagers who
don't have a credit card?
- What is the experience with payments for digital contents
in other application areas?
- Am I right in suspecting that the MP3 technology forums
barely addressed the issue from an IT security technology
perspective?
The other issues can hardly be assisted with IT security
techniques. Watermarking of MP3 recorded music is kind of
useless.
- Thierry Moreau
------------------------------
From: [EMAIL PROTECTED]
Subject: Crypto Books on CD-ROM
Date: Sun, 04 Jul 1999 19:51:59 GMT
Yesterday I received an interesting solicitation in the mail from
Dr. Dobb's Journal. They were advertising a bunch of "essential books"
CD-ROMS.
One of particular interest to sci.crypt readers is the "Essential
Books on Cryptography and Security CD-ROM". For less than $100,
it claims to have complete text for the following books:
* Schneier, Applied Cryptography 2nd Ed.
* Stinson, Cryptography: Theory and Practice
* van Oorschot, Vanston & Menezes, Handbook of Applied Cryptography
* Denning, Cryptography and Data Secruty
* Meyer & Matyas, A New Dimension in Computer Data Security
* Demillo, Applied Cryptology
* Gustavus Simmons (ed.), Contemporary Cryptology
* Friedman, Military Cryptanalysis, Volumes I-IV
This seems like an incredible resource for anyone interested in
cryptography. All it would take would be a copy of Kahn's
_The Codebreakers_ to be a comprehensive introduction.
Has anyone seen this yet? It seems like there must be some catch.
For those interested, this was at
http://www.ddj.com/cdrom/value/
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Sun, 04 Jul 1999 15:00:44 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
>
> [ ... ]
>
> > The factor to convert characters to bits is log 26 / log 2, or 1.415/0.301
> > = 4.7.
> >
> > 97 char X 4.7 char/bit = 456 bits.
>
> Sort of true -- however, some characters are used so rarely in reality
> that especially in a message as short as 97 characters, they probably
> don't count at all. In addition, some are almost always used in
> particular combinations, reducing the information density still
> further (e.g. 'q' is essentially always followed by "u", so the "u"
> carries no real information at all). Whether that ends up reducing
> the actual information density to 3 bits per character, or leaves it
> at (say) 3.5 or even at 4.7 probably doesn't matter a whole lot.
This is why many ciphers are solvable, even with pencil and paper means.
There is a big difference between a plaintext of random strings and text,
the later be that which is solvable, the former, not.
>
...
>
> However, regardless of the exact number, we're talking about many
> times more information than he provided. Despite this, we've still
> got so little as to render decipherment extremely difficult at best.
Which means that if some sort of decent encryption is involved, you need a
reasonable amount of data to work on, otherwise, almost anything below
threshold is strong. I'm amused with the idea that lots of time need be
spent on "DO NOT USE PC" when a majority of rather simple algorithms are
secure with this size of message.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
