Cryptography-Digest Digest #839, Volume #9 Wed, 7 Jul 99 12:13:03 EDT
Contents:
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Kryptos is cracked (Mok-Kong Shen)
Diffie-Helmann implementation with RSAEuro (chicago)
Re: I don't trust my sysadmin (Patrick Juola)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Patrick Juola)
Re: extending a hash ([EMAIL PROTECTED])
Re: I need help seeking cryptography-related employment (Francois Grieu)
Re: Standard Hash usage (David P Jablon)
C++ PRNG mini-lib ([EMAIL PROTECTED])
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (fungus)
Re: Non Shareware Encription/Decription sources (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Patrick Juola)
in RSAEuro (chicago)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Patrick Juola)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: I need help seeking cryptography-related employment (Bob Silverman)
Re: Standard Hash usage ([EMAIL PROTECTED])
Re: extending a hash (Scott Nelson)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 14:29:35 +0200
Isaac wrote:
>
> >I said that there is NO hiding. Everyone knows that (in all likelihood)
> >lower case means 0 and upper case means 1. It is an attempt to
> >'openly' confront the bureaucrats, who have to offer anyway reasons
> >as to why apparently arbitrarily using lower and upper case to write
> >English text is against laws. (Some perphaps not irrelevant analogy:
>
> The key word here is 'apparently'. The appearance is false because
> the sequence is not arbitrary, but is a simple mechanical translation
> of source code into a form that is still machine readable. If the
> Feds detect your purpose, you will be arrested. Is hiding really such
> a bad word to describe what you propose? If as you say it's not
> hiding because the meaning of upper and lower case is known to
> everyone, then what you actually appear to be doing is flaunting
> your proscribed activity in front of the authorities.
I said that employing Boris Kazak's method is (an intentionally)
open attempt of confrontation with the bureaucrats, forcing them
to give rigorous justifications as to why some 'apparent' natural
language texts are not exportable and have these restrictions
eventually put into the laws. (But can the law stop all future
loop holes?) Anyway, in this context I like to refer also to
my reply to William Tanksley.
>
> >If one writes an ordinary sentence and somebody can 'construct' a
> >certain key and a certain algorithm to transform that to another
> >sentence that is a message about some illegal activity, does that
> >necessarily mean that one has transmitted a ciphertext of that
> >secrect message?
>
> No, but that doesn't seem much related to your proposal to intentionally
> translate non exportable crypto this way. Again you are relying on
> not getting caught versus not breaking the law.
I am relying on the difficulty (which I believe is quite large) of
the authority of proving that I am guilty. As said in my reply
to William Tanksley though, I am not absolutely sure that this getting
around of the regulation succeeds. But then my original approach,
which does not involve the lower/upper case issue, can be employed.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 14:37:15 +0200
Paul Koning wrote:
>
> Of course you're in Germany so you don't have to deal with any
> of these annoying regulations. But please, do the US readers of
> this a favor and stop spouting nonsense that might get them in
> trouble if they are foolish enough to believe you.
Of the two schemes I believe that the first is certianly o.k.
If you think otherwise, I should appreciate very much your comments.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Kryptos is cracked
Date: Wed, 07 Jul 1999 14:55:21 +0200
Douglas A. Gwyn wrote:
>
> > See also at : http://calvaweb.calvacom.fr/collomb/
>
> I couldn't get anything past that page to download.
The web page is o.k. (I am not studying it, though, because of
my poor knowledge in the field involved.)
M. K. Shen
------------------------------
From: chicago <"gabriel. nock"@siemens.de>
Subject: Diffie-Helmann implementation with RSAEuro
Date: Wed, 07 Jul 1999 14:10:45 +0200
hay..
I still want to implement the diffie-hellmann algo...
i have the sources of rsaeuro....but i have problems with it..
does anybody know how this is to implement??
or has anybody implemented yet??
i have problems with endless-loops, but i don't know why??
there are only 3 functions to use, but i think i'm too silly..
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: I don't trust my sysadmin
Date: 7 Jul 1999 09:08:55 -0400
In article <7lu108$ikn$[EMAIL PROTECTED]>,
Vernon Schryver <[EMAIL PROTECTED]> wrote:
>>In article <[EMAIL PROTECTED]>,
>In article <7ltksr$a79$[EMAIL PROTECTED]>,
>Patrick Juola <[EMAIL PROTECTED]> wrote:
>
>> ...
>>Think of it this way -- what's to prevent the sysadmin from pulling
>>the disk, physically, out of your machine, byte-by-byte copying it
>>on a PC box and then going over the data at his leisure?
>>
>>There *are* operating systems available that prevent this; they
>>tend to be sold to the DoD and almost no one else.
>
>No, those don't work either. I've seen a commercial UNIX system certified
>by the U.S. government, and I don't mean the easy stuff but full MAC
>(mandatory access controls), capabilities, and so forth.
Hmm. I think that one of the problems with the system you describe
is that it wasn't secure *enough*. The DoD has created a set of
guidelines (the so-called Orange Book, more formally the Trusted
Computer System Evaluation Criteria) describing a half-dozen levels
of increasing security.
The problem (and I think your tale makes that woefully apparent)
is that the useful levels are almost impossible -- in the case of
B2 and beyond, *formally* impossible -- to retrofit onto an existing
(insecure) system. Unix can never be made more secure than B1 because
the basic security policies don't permit. And the B1 systems themselves
are a total mess, partially because they're a series of kluge upon
kluge in an attempt to secure what is fundamentally a leaky sieve.
You can buy more secure systems; I've never heard of an A1 system (the
highest level), but B2 and B3 *are* available. They just don't run
Unix. So you can get real, usable, security at the expense of an
operating system that no one knows and that's incompatible with everything.
>We've all heard about the old days when special operators would arrive to
>throw out the normal operators and take over machine rooms to do things
>with stacks of tapes. I've been told about systems distinctly larger than
>most "diskless workstations" that were diskless or had removable disks
>kept in vaults when not in use. I suspect that's how the professionally
>paranoid deal with not wanting to trust all operators all of the time.
-kitten
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: 7 Jul 1999 09:16:41 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>What is the exact meaning of 'Exporting arbitrary sequences isn't
>illegal, so long as you don't violate the law'?? Could you elaborate,
>perhaps with an example? It sounds to me like 'Exporting something
>that doesn't violate the law isn't illegal', which is a tautology.
>
>I suppose you (and some other discussion partners) claim that because
>a sentence is not written normally (with upper case at the beginning
>and lower case elsewhere excepting the first letter of proper names),
>it doesn't pass as a normal sentence by the court. I can't exclude
>that. But I believe that there is a pretty good chance that it can't
>be shown formally and rigorously that employing upper and lower case
>letters arbitrarily is against certain existing laws.
It doesn't need to be shown formally and rigorously in that form.
The prohibition isn't on using a particular encryption/steganographic
message. The prohibition is, bluntly, on exporting cryptographic
technology. The method that you use is irrelevant.
Let me give you an example. There is, to the best of my knowledge,
no prohibition on my placing arbitrary objects in the heel of my shoe
and carrying them across an international border. I could carry
British 20p pieces all over the world in a boot heel without fear.
On the other hand, there *is* a prohibition on transporting drugs,
*irrespective* of how they're transported. And you'd never get a lawyer
or a judge to accept that just because you could, in theory, transport
a coin, that it somehow makes it acceptable to transport heroin.
-kitten
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: extending a hash
Date: Wed, 07 Jul 1999 12:17:29 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Is this a good idea to extend a sha-1 hash to 320 bits:
>
> 1st 160 bits=sha(even bytes of plaintext) ^ sha(all plaintext)
> 2nd 160 bits=sha(odd bytes of plaintext) ^ sha(all plaintext)
>
> Is the entropy 320 bits?
>
Only if there is >=160 bits of information per half. If you are
hashing 10 bytes for example (80 bits) you will not have a full 160
bits of entropy in either half.
It might be a good idea to make 320 bit hashes but it probably isn't as
strong as just the 160-bit hash. Normally you hash long messages and
only put out one value (upto 2^64 bits...)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Francois Grieu)
Subject: Re: I need help seeking cryptography-related employment
Date: Wed, 07 Jul 1999 15:23:07 +0200
Kelly Westbrooks <[EMAIL PROTECTED]> asked
> the fastest algorithm for factoring numbers < 2^64
trial division by small primes followed by Pollard rho would cut it.
See Donal E. Knuth, the Art of Computer Programming, volume 2, or
<http://www.frenchfries.net/paul/factoring/theory/index.html>
Francois Grieu
------------------------------
From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: Standard Hash usage
Date: Wed, 7 Jul 1999 13:23:03 GMT
In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
>David P Jablon wrote:
>> That function, hash = sha1(P) || sha1(P || sha1(P)), limits the
>> entropy to no more than 160-bits, when P has more than 160-bits
>> of entropy.
>
>I don't see why this is so.
Because it's not. In a moment of weakness I presumed that
sha1(x) == sha1(y) implied sha1(x||z) == sha1(y||z). Oops.
Rather than digging a deeper hole, I'll wait to see if
anyone else can find a definitive reference for how to construct
a 320-bit hash function from a 160-bit hash.
-- dpj
------------------------------
From: [EMAIL PROTECTED]
Subject: C++ PRNG mini-lib
Date: Wed, 07 Jul 1999 13:24:15 GMT
At http://mypage.goplay.com/tomstdenis/prng.html
I have uploaded a C++ file containing seven different PRNGs, 4 of which
are secure (RC4, MUSH, DDARNG and SYSRNG). All of the PRNGS are
implemented as isolated C++ classes so you can pick the ones you want.
I didn't just invent these PRNGs they are all pretty much based on
additive PRNGs...
Anyways the file is free for anyone to use, and if anyone wants to add
to it, please let me know.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 16:15:58 +0200
Patrick Juola wrote:
>
> >I suppose you (and some other discussion partners) claim that because
> >a sentence is not written normally (with upper case at the beginning
> >and lower case elsewhere excepting the first letter of proper names),
> >it doesn't pass as a normal sentence by the court. I can't exclude
> >that. But I believe that there is a pretty good chance that it can't
> >be shown formally and rigorously that employing upper and lower case
> >letters arbitrarily is against certain existing laws.
>
> It doesn't need to be shown formally and rigorously in that form.
> The prohibition isn't on using a particular encryption/steganographic
> message. The prohibition is, bluntly, on exporting cryptographic
> technology. The method that you use is irrelevant.
>
> Let me give you an example. There is, to the best of my knowledge,
> no prohibition on my placing arbitrary objects in the heel of my shoe
> and carrying them across an international border. I could carry
> British 20p pieces all over the world in a boot heel without fear.
> On the other hand, there *is* a prohibition on transporting drugs,
> *irrespective* of how they're transported. And you'd never get a lawyer
> or a judge to accept that just because you could, in theory, transport
> a coin, that it somehow makes it acceptable to transport heroin.
My point is it seems (to me to be) quite difficult to argue that
Boris Kazak's method violates the law. But anyway how about my original
approach (also given in the reply to Tanksley)? I have as yet received
little comment on that. Could you dispose off my arguments there?
And if that also turns out to be too problematical, how about the
first scheme described in my post? No one has yet said anything
negative on the first scheme, as far as I am aware.
M. K. Shen
------------------------------
From: fungus <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 17:08:25 +0200
Patrick Juola wrote:
>
> It doesn't need to be shown formally and rigorously in that form.
> The prohibition isn't on using a particular encryption/steganographic
> message. The prohibition is, bluntly, on exporting cryptographic
> technology. The method that you use is irrelevant.
>
Correct.
If you make some crypto software, and somebody outside the USA is
found to own a copy of that software, then an offense has been
committed. How the software arrived there doesn't matter.
Algorithms, etc., may be protected free speech, but executable
programs are not. Executable programs, in any form, are export
controlled.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Non Shareware Encription/Decription sources
Date: Wed, 07 Jul 1999 16:27:35 +0200
Dana Mah wrote:
>
> I'm looking for source for non Shareware encryption/decription routines.
> It is for commercial use therefore freeware or shareware is not
> acceptable
I am interested to learn why freeware is not acceptable? Because
freeware is by 'definition' bad?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 16:35:44 +0200
fungus wrote:
>
> If you make some crypto software, and somebody outside the USA is
> found to own a copy of that software, then an offense has been
> committed. How the software arrived there doesn't matter.
Interesting. But who is guilty? The software may have been stolen.
Is the writer nonetheless guilty according to US laws?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: 7 Jul 1999 10:46:35 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>I suppose you (and some other discussion partners) claim that because
>a sentence is not written normally (with upper case at the beginning
>and lower case elsewhere excepting the first letter of proper names),
>it doesn't pass as a normal sentence by the court. I can't exclude
>that. But I believe that there is a pretty good chance that it can't
>be shown formally and rigorously that employing upper and lower case
>letters arbitrarily is against certain existing laws. Maybe a new
>paragraph in the law book is needed. (There is certainly nothing
>against one's writing English all in upper case or all in lower case,
>isn't it?) I should also point out that Boris Kazak suggested his
>method after I posted an approach which is the following: One takes
>a widely available book and choose 256 consecutive sentences to
>be numbered 0-255 and code each byte of one's information to be
>transmitted with the correspondingly numbered sentence. This original
>approach of mine doesn't have any problem with lower/upper case.
The difficulty isn't with the *method* of hiding -- this whole line
of reasoning is, bluntly, fallacious. The Man has simply prohibited
the export of cryptographic code (in machine readable form);
if what you export is machine-readable and ``contains,'' even
if hidden under light steganography, crypto code, it would be
very difficult for you to argue that your intention was not, in point
of fact, to export code contra the regs.
You don't have an unlimited right to export English text; the mere fact
that something, at one level, is written in English does not make it
legal to export. And the question of proof you raised in another
threat is misguided -- The Man merely needs to prove "beyond a
reasonable doubt" that you are trying to export code. Yes, there's
a mathematically tiny chance that merely using StuDLyCaps will cause
a message to appear that *just happens* to be the source code to
Blowfish. But the chances of that are *so* slim that few people would
consider them "reasonable."
Your original one of 256 sentences approach is even worse; there isn't
even a meaningful message for humans that you're trying to send.
Don't get me wrong -- I don't like the export regs any more than you
do and I think they're dumber than yeast. But I don't think you'd get
anyone -- especially not lawyers and jurymen -- to accept that English
text by the mere fact of being English is exportable.
>The encoded file will have numerous repetitions of the same sentences.
>But can the authority forbid that? (Can the authority prescribe what
>style of writing I must use? Does any law forbid that I repeatedly
>say one and the same thing many many times? What if the book I use
>is a religious one? Can an authority forbid my repeated citation
>of the same sentences from a holy book?)
Yes -- as a method of getting around export regs. An authority can't
tell me what kind of shoes to wear, but it can forbid my wearing
shoes with a concealed compartment full of heroin.
-kitten
------------------------------
From: chicago <"gabriel. nock"@siemens.de>
Subject: in RSAEuro
Date: Wed, 07 Jul 1999 16:38:57 +0200
I wanted to use the function R_GenerateDHParams, but it doesn't work,
and then I tried to set the struct params myself, but I didn't know what
numbers I can use for prime and generator...
yes, you'r right, i don't understand the algorithm strictly..
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: 7 Jul 1999 10:47:56 -0400
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>fungus wrote:
>>
>
>> If you make some crypto software, and somebody outside the USA is
>> found to own a copy of that software, then an offense has been
>> committed. How the software arrived there doesn't matter.
>
>Interesting. But who is guilty? The software may have been stolen.
>Is the writer nonetheless guilty according to US laws?
The exporter is guilty. If the writer is also the exporter, as in the
ideas you recommend, then the writer is guilty.
-kitten
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 16:51:21 +0200
Patrick Juola wrote:
>
>
> Yes -- as a method of getting around export regs. An authority can't
> tell me what kind of shoes to wear, but it can forbid my wearing
> shoes with a concealed compartment full of heroin.
I am not quite sure of an exact correspondence of the two, since
one is material while the other is 'literature'. O.k., but could you
give your opinion on my first scheme? I badly need some input on
that.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Wed, 07 Jul 1999 16:59:27 +0200
Patrick Juola wrote:
>
> >> If you make some crypto software, and somebody outside the USA is
> >> found to own a copy of that software, then an offense has been
> >> committed. How the software arrived there doesn't matter.
> >
> >Interesting. But who is guilty? The software may have been stolen.
> >Is the writer nonetheless guilty according to US laws?
>
> The exporter is guilty. If the writer is also the exporter, as in the
> ideas you recommend, then the writer is guilty.
Right. But it seems natural to assume that the real 'exproter' in
this case can't be found, since copying is easy. By the way,
Fungus' original statement apprear to be wrong (if one takes the
wordings exactly). A counter-example is PGP.
M. K. Shen
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: I need help seeking cryptography-related employment
Date: Wed, 07 Jul 1999 14:53:45 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Francois Grieu) wrote:
> Kelly Westbrooks <[EMAIL PROTECTED]> asked
>
> > the fastest algorithm for factoring numbers < 2^64
>
> trial division by small primes followed by Pollard rho would cut it.
> See Donal E. Knuth, the Art of Computer Programming, volume 2, or
> <http://www.frenchfries.net/paul/factoring/theory/index.html>
This would be a decent method, but it would not be the fastest.
Instead, do trial division by small primes (say up to log^2 N)
then use SQUFOF.
See Riesel's book on Prime Numbers and COmputer Methods for
Factorization.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Standard Hash usage
Date: Wed, 07 Jul 1999 14:53:12 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David P Jablon) wrote:
> Because it's not. In a moment of weakness I presumed that
> sha1(x) == sha1(y) implied sha1(x||z) == sha1(y||z). Oops.
>
> Rather than digging a deeper hole, I'll wait to see if
> anyone else can find a definitive reference for how to construct
> a 320-bit hash function from a 160-bit hash.
Easy if your message has >= 320 bits of information just hash each
half. You now have two 160bit hashes. You must note that normally the
hash standards assume that the message will be about 512 bits, although
they should be secure with smaller blocks.
For example if you have a 4 bit message only 16 outputs are possible.
It's possible to say then the output only has 4 bits of information,
because you can define the output as SHA(0), SHA(1), ..., SHA(15).
With 160 bit messages this continues to SHA
(1.4615016373309029182036848327163e+48) etc...
If you don't have 320 bits of information your hash output will not
have 320 bits of information, no matter what algorithm you use.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: extending a hash
Reply-To: [EMAIL PROTECTED]
Date: Wed, 07 Jul 1999 15:06:04 GMT
On Tue, 06 Jul 1999 16:03:00 -0700, [EMAIL PROTECTED] wrote:
>Is this a good idea to extend a sha-1 hash to 320 bits:
>
>1st 160 bits=sha(even bytes of plaintext) ^ sha(all plaintext)
>2nd 160 bits=sha(odd bytes of plaintext) ^ sha(all plaintext)
>
No.
Consider the message "AAAAAAAA"
Both the 1st and 2nd parts will be the same.
Better is:
1st 160 = sha(1 + all plain text + 1)
2nd 160 = sha(2 + all plain text + 2)
(plus denotes concatenation)
Scott Nelson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
