Cryptography-Digest Digest #847, Volume #9 Thu, 8 Jul 99 01:13:04 EDT
Contents:
Re: Is it possible to combine brute-force and ciphertext-only in an attack?
([EMAIL PROTECTED])
Re: Help With Key Algorithm For Software Unlock (Glenn Davis)
Re: Help With Key Algorithm For Software Unlock (S.T.L.)
Re: Help With Key Algorithm For Software Unlock (CanoeDad)
Re: optimizations (for feedback PRNGs...) ([EMAIL PROTECTED])
Re: I don't trust my sysadmin (Jerry Coffin)
Re: Summary of 2 threads on legal ways of exporting strong crypto ([EMAIL PROTECTED])
Re: I don't trust my sysadmin (S.T.L.)
Re: Impossible to decrypt files encrypted with attached program - encrypt.exe [0/1]
(William Tanksley)
Re: Weakness of MLCG style encryption ([EMAIL PROTECTED])
Re: Can Anyone Help Me Crack A Simple Code? (S.T.L.)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an attack?
Date: Thu, 08 Jul 1999 04:00:42 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> That would require that *any* random ciphertext decode to meaningful
> plaintext, with relative likelihoods identical to one's a priori
> estimates of message probabilities. No compression scheme in common
> use comes anywhere close to that.
>
> If the attacker knows (or can guess) the decompression algorithm,
> then that can be used in a brute-force attack (it just adds one
> more step in the test for plaintext).
However it does make it harder to detect probable decryption keys since
you are really decrypting compressed data which has more entropy then
the plaintext (before compression). Take a text file of 1000 bytes, it
might compress to about 200 bytes. This means every byte on average of
compressed text will have 5 plaintext bytes. In a 8 byte block you are
talking about guessing 40 bytes of plaintext. If this is the first
block guessing will be easy (specifically if it's text). This can
actually make the first block 'easier' to break since you have more
plaintext to look at (i.e if the decompression returns garbage
then ...). This assumes however that you can reconstruct the
dictionary to properly decompress anyways. (which leads to the
conjecture that the first N bytes of compressed stream is less secure
to attacks since there is no dictionary to guess).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Glenn Davis <[EMAIL PROTECTED]>
Subject: Re: Help With Key Algorithm For Software Unlock
Date: Wed, 07 Jul 1999 18:52:06 -1000
Steve wrote:
>
> I've got the Schneier book "Applied Cryptography" and I'm trying to devise a
> method for preventing unauthorized copies of my software to be made. Once
> the user hits a usage metric, the software will stop until the user
> registers. Upon registry the user will get a key. The key will be somehow
> verified by the program and the user will be free to continue using it. If
> the user moves the software to another box then it will immediately notice
> that the key is not present in the windows registry and stop working.
>
> I am thinking of using some form of signature algorithm for this but my
> question is whether there is a standard method for doing this sort of thing.
> If it is in "Applied Cryptography" then I'd love to know where.
>
> Steve
You are looking for something that eluded businessmen
for decades. If there were a standard way of protecting
programs, then major software vendors would be using it.
They have tried, we have tried, and some technical solutions
sound interesting, but market acceptance is a big problem.
Try a shrink-wrapped contract.
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Help With Key Algorithm For Software Unlock
Date: 08 Jul 1999 04:27:45 GMT
Hm. If your software has to regularly access the Internet, you could have it
report back a unique 128-bit number. Each copy of the software would have its
own number. The central server would then aloow the software to do its thing.
Any illegal copies of the software would have the same number, and when the
central server notices that two programs with the same number are being used,
or one program is seemingly being used a HECK of a lot, it could refuse to
allow that program access to the server resources that it required. In this
way, you could prevent major copying of the program, and even install a
timelimit for it. As long as no one can predict what numbers are assigned to
the software (i.e. they'd better be truly random). You might have problems with
some people stealing others' keys. Also, if the program doesn't REALLY need to
connect to the server (if you just make it connect for this verification) a
cracker can come up with a munged copy of the software that runs isolated.
Or, don't bother with copyprotection at all. Concentrate on making a good
product. Copyprotection often (as others have said) sends the message to users
that you don't trust them.
Moo-Cow-ID: 53 Moo-Cow-Message: the
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3395 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
Alliance, and People for the Ethical Treatment of Digital Tierran Organisms
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #13: The Electromagnetic Force Is Carried By Photons.
------------------------------
From: [EMAIL PROTECTED] (CanoeDad)
Subject: Re: Help With Key Algorithm For Software Unlock
Date: Thu, 08 Jul 1999 03:13:22 GMT
On Wed, 07 Jul 1999 22:55:03 GMT, [EMAIL PROTECTED]
(William Tanksley) wrote:
>Please rethink this. You'll not be stopping the warez d00dz, and you will
>be sending the message to your potential customers: "I don't trust you."
>Your lack of trust will result in inconvenience to them.
Thanks for the suggestion William. I am not looking for anything that
will stop someone that is sophisticated. The market for this product
is legal, that is it will be purchased by lawyers. They typically do
not have the sophistication to break software and if they do, they can
have it.
I definitely don't trust lawyers to pay for software that they are
using. They are the most cynical of any customer base you can have.
The software is not shareware but demo ware. After a number of uses
they will be urged to pay for it, that's all. If they don't want to
then the uninstall option will be present for them to use.
>I can't think of an appropriate occasion for this type of copy protection.
For niche products in which the customer base is not generous (such as
law) some method is necessary or you won't eat!
By the way, thanks for the suggestion of hashing. I figured some type
of key that is good only between certain dates was necessary. I
probably won't bother checking for dates in the system because the
product is calendar related and turning back the date on the computer
would make the product useless if not corrupt its database. I might
put it in however just to see how "good" I can get the algorithm.
Steve
------------------------------
Date: Wed, 07 Jul 1999 12:42:59 -0400
From: [EMAIL PROTECTED]
Subject: Re: optimizations (for feedback PRNGs...)
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > There is no reason the size of the data storage must match the offset
> > between feeback points. So, using the 521/32 LFSR you can store 1024
> > words and update indexes without division or branching.
> >
> > #define BUFFSIZE 1024 /* power of two */
> >
> > int buffer[ BUFFSIZE ];
> >
> > int tap1 = 521
> > , tap2 = 32
> > , fill = 0
> > ;
> >
>
> What is the period of THIS generator then? It is not the same as a 521
> bit generator!!!
Sure it is. The example I is a GFSR (each column of bits is a separate
LFSR) not an additive one. The fact that the set of 521 active words
moves around in a 1024 word buffer does not alter the output. It just
makes it easier (faster) to update.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: I don't trust my sysadmin
Date: Wed, 7 Jul 1999 22:47:10 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> > I haven't checked in quite a while, but the last time I looked, there
> > was only one OS on the A1 evaluated products list.
>
> By this do you mean a product whose candidacy for A! certification has
> been evaluated (presumably failing), or a product whose evaluation
> affirmed an A1 rating?
>
> Details would be nice.
It was affirmed in that rating. As I mentioned in a later post, it's
no longer on the list -- I haven't checked why it was removed, but my
guess would be that the processor it ran on has been discontinued.
I'm not sure what other sort of details I can supply -- I saw a
machine running it while I was in the USAF, but I only saw it on a
tour -- I never got to play with it, so I can't say much about it
except that they were darn proud of it. FWIW, it was in on the
infamous "vaults", with extremely tight EM shielding around the entire
room, including Beryllium tabs sticking out around the edges of the
door to seal things entirely shut from any possible EM leakage when
the door was shut, and the machine wasn't supposed to be used if the
door was open. In all honesty, the machine itself didn't seem nearly
as memorable as the signs warning you about seeing a doctor
_immediately_ if you accidentally cut yourself on the Beryllium...
------------------------------
Date: Wed, 07 Jul 1999 12:52:42 -0400
From: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Isaac wrote:
>
> On Wed, 07 Jul 1999 01:11:29 -0400, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> >
> >Be careful here. If you export something that a judge or jury will not
> >consider "speech", i.e., human->human communication, you may lose the
> >first amendment protection and be back in trouble.
> >
>
> The legal export of PGP as printed material does not rely directly on
> the first amendment, but rather on the explicit provision in EAR that
> export of printed source code is not restricted. If this limitation
> is adhered to, I don't see any reason for a judge or jury to be
> considering anything. No case will even be brought.
Your argument relies upon case law (actually lack thereof). That's a
shaky foundation. It only takes one fire-breathing US Attorney out to
make a name for himself to invalidate it.
Their argument would be something of the form: The printed text is not
source code. It is an encoded form of software designed for machines
rather than humans. Like object ocode or a bar code, it has to be
processed (by a machine) to be useful as executable software. But it is
clearly (he'd say) not source code.
BTW, the explicit provision in ITAR/EAR regs _are_ based on first
amendment grounds. Without those provisions the whole set of regs would
be invalid because they would be an impermissible infringement on first
amendment rights (publishing is "speech").
I am ignorant of any case in which bar codes or their equivalent have
been considered protected. Then again, I cannot claim vast knowledge of
cases, only a grasp of the issues.
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: I don't trust my sysadmin
Date: 08 Jul 1999 04:51:29 GMT
<<if the data is sufficiently valuable, buy a separate computer, find a
trustworthy sysadmin (possibly yourself), and probably disconnect from networks
including modems on the PSTN.>>
As I have on my Quotations page:
"To keep your secret is wisdom, but to expect others to keep it is folly" -
Samuel Johnson
"Three may keep a secret if two of them are dead" - Benjamin Franklin
Moo-Cow-ID: 58 Moo-Cow-Message: .sig
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3395 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
Alliance, People for the Ethical Treatment of Digital Tierran Organisms, and
the Organization for the Advocation of Two-Letter Acronyms (OATLA)
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #13: The Electromagnetic Force Is Carried By Photons.
------------------------------
From: [EMAIL PROTECTED] (William Tanksley)
Subject: Re: Impossible to decrypt files encrypted with attached program - encrypt.exe
[0/1]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 08 Jul 1999 03:28:57 GMT
On Wed, 7 Jul 1999 19:03:20 -0500, Bob wrote:
>Can anyone decrypt files encrypted with the attached program?
Fortunately, there's nno attached program. If there were, you would have
not only broken the usa.net terms of service by posting binaries to a text
newsgroup, but also US federal law.
As has been said, "how would a few years in a federal pen look on your
resume?"
Not that I support that law -- but I _would_ complain to your ISP.
--
-William "Billy" Tanksley
------------------------------
Date: Wed, 07 Jul 1999 13:01:43 -0400
From: [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Weakness of MLCG style encryption
Greg Keogh wrote:
>
> Hello from Melbourne Australia,
>
> Back in the late 1980s I wrote a handy utility program to encrypt files for
> safe keeping by XORing the file with an MLCG stream. I didn't use any old
> MLCG, I used the combined one by Pierre L'Ecuyer with a period of about
> 10^18, thereby rendering my cipher unbreakable (so I thought <g>).
>
> I'd almost forgotten about my old program until I purchased Bruce Schneier's
> book (http://www.counterpane.com/applied.html) a couple of years ago and
> read the introduction to his chapter on random numbers and related topics.
> Without going into any technical details, Schneier describes how encryption
> with MLCG streams was easily broken, then it's fancier variants were broken,
> then polynomial generators of any degree were broken. Hence, pseudo-random
> number generators are of no direct use for encryption.
>
> I only follow encryption as a hobby, so without any deep maths background I'
> m somewhat dumbfounded that these pseudo-random sequence generators that
> seem so fantastically random are of no use for XORing streams. Can anyone
> give me a potted summary of why this is so? How strong are they in practical
> terms? What techniques are used to break them? Etc. Any general information
> or web references would be most welcome.
Logically it goes like this: An LCG has a very small amount of state.
Examining some of the key stream gives plenty of information about past
states. Once a complete previous state is known, all future states are
known. The key stream can be obtained from a known plaintext. Many
message formats have invariant sections that will reveal portions of the
key stream.
Also, the period is not the critical factor. The small amout of state
corresponds to a small key. A small key can be broken with no analysis
by brute force testing of every possible initial state (key). With some
analysis or a bit of the keystream brute force is not necessary.
Terry Ritter classifies PRNGs into three class according to the
visiility of their innards and the resulting cryptographic strength.
But even the strongest is not strong.
------------------------------
From: [EMAIL PROTECTED] (S.T.L.)
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: 08 Jul 1999 04:46:29 GMT
<<The human eye can distinguish around 100,000 colors of visible light.>>
I've actually heard figures of a few million, but less than 16 million and more
than 100,000. (It was in connection with someone saying how 24bit color
monitors are already overkill, and 32bit color is insane.) Oh well.
Moo-Cow-ID: 67 Moo-Cow-Message: message
-*---*-------
S.T.L. ===> [EMAIL PROTECTED] <=== BLOCK RELEASED! 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main website: http://137.tsx.org MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 F00FC7C8
E-mail block is gone. It will return if I'm bombed again. I don't care, it's
an easy fix. Address is correct as is. The courtesy of giving correct E-mail
addresses makes up for having to delete junk which gets through anyway. Join
the Great Internet Mersenne Prime Search at http://entropia.com/ips/ Now my
.sig is shorter and contains 3395 bits of entropy up to the next line's end:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, the Holy Order of the
Catenary, the Great SRian Conspiracy, the Triple-Sigma Club, the Union of
Quantum Mechanics, the Polycarbonate Syndicate, the Roll-Your-Own Crypto
Alliance, People for the Ethical Treatment of Digital Tierran Organisms, and
the Organization for the Advocation of Two-Letter Acronyms (OATLA)
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "World's Most Energetic Cosmic Rays", and
"When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #13: The Electromagnetic Force Is Carried By Photons.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
