Cryptography-Digest Digest #856, Volume #9 Fri, 9 Jul 99 07:13:02 EDT
Contents:
Ok, ok ok. New code :) ([EMAIL PROTECTED])
Re: Summary of 2 threads on legal ways of exporting strong crypto (Boris Kazak)
Re: New Encryption Product! (humor) (Bud Ward)
Electronically Exporting crypto source (legally) (Dmitri Alperovitch)
Re: Why this simmetric algorithm is not good? (david thompson)
Re: SantaMaria Cipher (wtshaw)
Re: AES question ("Joe")
length of prime (chicago)
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day ("Douglas A. Gwyn")
Re: Electronically Exporting crypto source (legally) (Dmitri Alperovitch)
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day ("Douglas A. Gwyn")
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day ("Douglas A. Gwyn")
Re: Crypto Books on CD-ROM (David Parkinson)
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: Electronically Exporting crypto source (legally) ("Douglas A. Gwyn")
Re: Electronically Exporting crypto source (legally) (Dmitri Alperovitch)
KRYPTOS ' CIA is cracked N5 ("collomb")
Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day (Alan Braggins)
Re: KRYPTOS ' CIA is cracked N5 ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Ok, ok ok. New code :)
Date: Fri, 09 Jul 1999 03:13:39 GMT
In response to some critism (which was productive) I fixed the RC4
code. Can someone (possibly Brian) please check it out. It's at my
site. The new .CPP file should have a date within the first few lines.
I also chaned all 'ni1[++x]' to 'ni1[x + 1]' to hopefully compile
better.
I would still appreciate any comments, or suggestions for other PRNGs
to add. I want to venture into other styles (i.e additive generators
are getting boring).
Thanks,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Thu, 08 Jul 1999 21:59:37 -0400
Reply-To: [EMAIL PROTECTED]
Paul Koning wrote:
>
> But you didn't explain how the material that the URL points to got
> there in the first place. If it wasn't in the US at one time, then
> US export rules don't apply; if it was, then they do. It's not the
> pointing that's the issue, it's the material pointed to. Did you
> export THAT legally?
>
> paul
=======================
The exportation was absolutely legal, simple and stupid. The material
was exported in paper printed form (Appendices to Applied Cryptography),
then retyped by foreign secretary with a middle-school education,
compiled and debugged by a foreign programmer according to description.
Or does somebody think that they cannot type in foreign countries?
Or there are no programmers capable of following a description?
Please wake up... BNK
------------------------------
From: [EMAIL PROTECTED] (Bud Ward)
Subject: Re: New Encryption Product! (humor)
Date: Fri, 09 Jul 1999 05:15:13 GMT
Old news... ;-)
http://www.dalsemi.com/News_Center/Press_Releases/1998/prjavaring.html
------------------------------
From: [EMAIL PROTECTED] (Dmitri Alperovitch)
Subject: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 05:10:31 GMT
Hi.
I would like to get opinions from peoople in this newsgroup about the
following approach to legally exporting crypto source:
First of all, I would like to know how government/courts define what is and
is not "crypt source code". A cryptographic program, just like any software,
consists of many lines of source code and I assume that there is nothing wrong
with exporting either one of those lines, since they ALONE do not containg any
strong cryptographic techniques (Example: exporting a simple for() loop from
the actual Encrypt() procedure is legal, correct?).
So, then you should be able to slice your program apart into lines or even
bigger chunks of code that do not contain a fully working cryptographic
algorithm and it should be legal to electronically export each of these chunks
individually!
Any ideas/comments about this?
Regards,
Dmitri
[EMAIL PROTECTED]
------------------------------
From: david thompson <[EMAIL PROTECTED]>
Subject: Re: Why this simmetric algorithm is not good?
Date: Fri, 09 Jul 1999 01:20:56 -0400
Thu, 08 Jul 1999 20:43:56 GMT,
[EMAIL PROTECTED] responded:
...
> > Take a look a my PRNG C++ file, you will notice that the stepping of
> > the PRNGs look like
> >
> > ---
> > return state[x = ni[++x]] += state[y = ni[++y]];
> > ---
>
> Terrible code. Much better is,
>
> x = ni[x+1];
> y = ni[y+1];
> state[x] += state[y];
> return state[x];
>
Especially since the former stores to each of x and y
twice between sequence points, which technically is
undefined behavior according to the C standard. Your
compiler may implement something reasonable, either
intentionally or by happy accident, but you cannot rely
on this working on other systems, new(er) compilers,
or possibly even different compiler options/environment.
(comp.lang.c FAQ section 3; ISO 9899:1990 6.3, 5.1.2.3,
annex C et al; or for more discussion choose any three
days at random -- with even a poor PRNG <G> -- and likely
find at least one long thread in comp.lang.c)
...
> > For security reasons you want to avoid putting round keys
> > on stack (i.e auto/locals).
>
> Nonsense. Static storage and the heap are at least
> as bad as the stack.
>
Almost. *Any* memory in which you have stored key material,
or (unneeded copies of) cleartext, you should zeroize.
However, zeroization of an auto is obviously a dead store,
which even a mildly optimizing compiler might eliminate;
you may need tricks such as apparently-aliased pointers
or a disguised memset. A store to a static duration object
cannot be eliminated -- unless it has internal linkage
('static' not 'extern') and global flow analysis proves
this function isn't called again; this is really hard.
Store to a "heap" (dynamic) object can be eliminated
only if the compiler can prove no further use, through
any pointer, before it is free()ed, which is possible
in some simple cases but is hard enough in general
I'm not aware of any implementation attempting it.
As for external monitoring, any sensitive material
you can keep entirely in registers will never be seen
by e.g. a bus analyzer, unless an interrupt occurs
(or is forced) and the interrupt handler spills them;
but on most modern CPUs even moderate amounts of data
(at least kilobytes) that are nominally in memory
but are being heavily accessed are likely to stay in
on-chip cache and never be "physically" written,
except (maybe) in a coherent multiprocessor.
- david.thompson at but not for trintech.com
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: SantaMaria Cipher
Date: Thu, 08 Jul 1999 23:57:04 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
> The SantaMaria Cipher
> ....the three default keys which represent
> 350 bits of keyspace:
>
Should have been 450, but, give or take a hundred bits, it might no make
much difference as brute forcing the thing is going to be too difficult.
Going to my strength-length scale, where is SantaMaria? I have no idea
except that to fully define the keys means that most nooks and crannies of
the 111 elements in them need be used.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
From: "Joe" <[EMAIL PROTECTED]>
Subject: Re: AES question
Date: Fri, 9 Jul 1999 15:23:56 +1000
Please refer to the following site.
http://www.ii.uib.no/~larsr/aes.html
Joe
King <[EMAIL PROTECTED]> wrote in message
news:7m3pd9$3eeg$[EMAIL PROTECTED]...
> Hi, can anyone tell me how many and when AES submissions have been broken
as
> of today? I tried to find the information but part of NIST web site was
> down. Thanks!
>
>
------------------------------
From: chicago <"gabriel. nock"@siemens.de>
Subject: length of prime
Date: Fri, 09 Jul 1999 07:46:46 +0200
if i want to use a function, wich generates the diffie- hellmann
parameters, I am asked for the length of the prime and the subprime..
why doesn't this work with any numbers(i mean the length)??
isn't the length of the prime also the length of the key wich will be
generated??
and in what relation stands the subprime to the prime??
the prime has to be large and the subprime has to be small, isn't it
like this??
and isn't it so, that it is not important what length i take?? ok, with
some primes the security wouldn't be so good, but the generator and the
prime should be generated... but it doesn't work..
(it's the R_GenerateDHParams-function in the RSAEuro library..i always
got an error return of this function..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 06:57:35 GMT
"Robert C. Paulsen, Jr." wrote:
> But the next thing to consider is that the tiny degree to which
> quantum randomness affects the initial conditions may be enough so
> that the quantum randomness is magnified to be the primary factor
> in the results. (These "initial" conditions get applied at every
> bump and bounce the dice take.)
Rolling dice would be just as random if physics were Newtonian
and not quantum. You were right in identifying this as an
example of chaos, however. The outcome is determined by many
nonlinearly interacting, hard-to-control factors.
------------------------------
From: [EMAIL PROTECTED] (Dmitri Alperovitch)
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 07:08:38 GMT
>Yes -- the prosecution and the courts will judge your *intent*.
Well, noone prosecuted PGP when they exported their source
code in a form of a book. Clearly their intent was to make PGP
available abroad. Yet, they used legal channels to accomplish that
- just as I'm proposing to slice up the source code into 1-line
files (or whatever length you choose, as long as it doesn't contain
any complete crypto algorithms) and export each file individually,
which, to me, seems to be perfectly legal.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 06:59:02 GMT
John Savard wrote:
> The NSA still doesn't have technology adequate to predicting next
> week's PowerBall numbers, ...
Not with certainty, but better than pure guesswork.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 07:06:30 GMT
[EMAIL PROTECTED] wrote:
> So let me ask again, are stream ciphers PRNGs or not?
I think you're being careless in phrasing your question.
One could certainly *wire up* any practical cryptosystem with some
other components in order to generate a pseudo-random bit stream.
One could certainly *wire up* any PRNG with some other components
in order to create a special instance of a stream cipher.
But there are stream cipher systems that do not contain
any component readily identifiable as a "PRNG".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 07:12:51 GMT
[EMAIL PROTECTED] wrote:
> This really isn't conclusive. What makes a stream cipher so different
> from a PRNG? Just because the xor?
A stream cipher system doesn't necessarily have XOR as a component.
You seem to be assuming that every stream cipher is structured as
an additive key generator, which is false, as I explained before.
> But all stream ciphers are PRNGs otherwise they would not be secure!
I can't make any sense out of that claim. As Bryan said, they're
not even functionally conformable.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: Fri, 09 Jul 1999 06:54:05 GMT
Toby Kelsey wrote:
> I intercept your OTP encoded message, for which I know the plaintext
> to be either "Yes" or "No". The ciphertext is 2 characters long...
But to convey a one-bit message, the OTP will have been used to
encipher a single bit, not two English characters.
> The OTP allows any same-length decrypted message to be equally
> likely, ...
That is often said, but it is wrong. Many plaintexts are a priori
unlikely. A correct statement would be: the intercepted OTP
ciphertext does not provide any information with which to adjust
one's a priori assignment of probabilities to the various possible
plaintexts (of matching length).
> ... The OTP is only "simpler" and "more secure" because the
> algorithmic complexity is hidden in the RNG and its testing.
A true OTP key generator does not use an "algorithm", but
rather a reliably random physical process.
The actual reason for the security of a correctly functioning
OTP system is that there is *no exploitable latent structure*
in the resulting ciphertext. To really appreciate what is
meant by that, you need to study and practice cryptanalysis.
------------------------------
From: David Parkinson <[EMAIL PROTECTED]>
Subject: Re: Crypto Books on CD-ROM
Date: 9 Jul 1999 07:36:53 GMT
Michael D T Clark <[EMAIL PROTECTED]> wrote:
: In article <7lpspj$k4k$[EMAIL PROTECTED]>, David Parkinson
: <URL:mailto:[EMAIL PROTECTED]> wrote:
: > Michael D T Clark <[EMAIL PROTECTED]> wrote:
: > <snip>
: > : There is indeed a catch. Those of us living outside the USA cannot buy
: > : the CD, because it is a restricted export.
: > : I would really like to get a copy to compliment the books I already
: > : have, but can't get it until the export restriction are lifted.
: > : Michael Clark
: > : mclarkatsoutherndotcodotnz
: >
: > Is it? I had no problems at all in buying a copy and
: > having it shipped here (UK).
: >
: > David
: The rules may have changed just recently. There was a suggestion that
: those rules were to be relaxed about 2 months ago, but when I checked
: the Dr Dobbs site there was a notice saying no exports. Thanks to your
: post David I have just ordered the CD and now wait to see if it actually
: arrives.
I'm not in the office at the moment, so can't check but I think it was
sometime last year that I bought it - shortly after it was released.
May be subsequently they decided it wasn't exportable?
I certainly agree with the other comments over the user interface - its
something that can only be improved on!
Regards
David
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 07:15:08 GMT
Nicol So wrote:
> ... this common construction does not cover the full generality of
> stream ciphers. An obvious limitation of this framework is that
> the cipher's state has no dependency on the plaintext stream.
Exactly.
There are also simple cryptanalytic attacks against a KG-based
system, which don't work against more sophisticated systems.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 07:51:23 GMT
Dmitri Alperovitch wrote:
> Well, noone prosecuted PGP when they exported their source
> code in a form of a book.
I'm sure that it was considered. Will *you* be as lucky when
you try the same thing? Failure to prosecute an isolated case
doesn't render a law (or executive policy) null and void.
Don't get me wrong -- I'm not saying that the laws and policies
are *right*, just that they could be enforced anyway. It's
something you need to evaluate before you take the risk.
------------------------------
From: [EMAIL PROTECTED] (Dmitri Alperovitch)
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 08:22:50 GMT
>I'm sure that it was considered. Will *you* be as lucky when
>you try the same thing? Failure to prosecute an isolated case
>doesn't render a law (or executive policy) null and void.
So what you are saying is that no matter whether your actions are 100%
legal or illegal, but if the result is strong cryptographic algorithms
being exported out of the country - you have committed a crime?
Somehow, I doubt that's a correct interpretation of the law...
>Don't get me wrong -- I'm not saying that the laws and policies
>are *right*, just that they could be enforced anyway. It's
>something you need to evaluate before you take the risk.
I understand that in our society you can be taken to court
for no reason whatsoever, but whether you lose or not is a totally
different question. Considering that the government is now losing
cases where the export rules have clearly been broken (i.e Bernstein
case), it would seem to me that they would be more picky in the
future about the battles that they choose. Otherwise, they are going
to end up in the Supreme Court, a place that they probably want to
avoid going to at all costs.
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: KRYPTOS ' CIA is cracked N5
Date: 9 Jul 1999 09:56:17 GMT
Hello
Message Number 4 & 5
Glimpses into the decyphering of Kryptos
CRACK OF CIA ' KRYPTOS
- 5 july 1999�: word < GOD > is disposed diagonally
- 6 july�: The decyphering makes appear the image of the Cross
- 7 july�: The decyphering makes appear the image of a long snake
- 8 july�: The Cross is in the form of < T >
- 9 july�: The bottom of the Cross in form of T crushes the snake's body
I am sure that Jim Sanborn wanted to adress to the whole world ( Jim
himself being in the world ) a spiritual message directed towards the
future. The message shows the battle between the Evil (snake) and the Good.
See also at�: http://calvaweb.calvacom.fr/collomb/
Best regards
Collomb-Chabrery
[EMAIL PROTECTED]
------------------------------
From: Alan Braggins <[EMAIL PROTECTED]>
Subject: Re: The Constrained One-Time Pad and the Cryptanalyst's Lucky Day
Date: 09 Jul 1999 11:08:34 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> John Savard wrote:
> > The NSA still doesn't have technology adequate to predicting next
> > week's PowerBall numbers, ...
>
> Not with certainty, but better than pure guesswork.
Sufficiently better that it makes a difference to their budget? :-)
(I'm guessing that Powerball is something like the UK National
Lottery, with a load of numbered balls bouncing around in a container
being stirred for a while before being allowed to fall out a slot.
Allegedly the UK Lottery has a slightly positive expectation of gain
if you only play on rollover weeks (when the previous week was
unclaimed, so the jackpot is larger), and take into account the
patterns of people choosing numbers non-randomly (which doesn't change
your chance of winning, but does change your chance of having to split
a big prize with other winners). If something similar is true of
Powerball, and you also had a significant budget (so you don't have to
play for several lifetimes to expect to win, even if your expectation
is positive) _and_ better than guesswork prediction of the numbers,
it's worth playing. Or are there rules forbidding spending federal
money on gambling?)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: KRYPTOS ' CIA is cracked N5
Date: Fri, 09 Jul 1999 10:10:34 GMT
collomb wrote:
> Glimpses into the decyphering of Kryptos
Okay, enough of this!
I explained to this fellow in private e-mail that whatever
he was finding in Kryptos was coming from his own imagination,
as with the Baconians.
But he's still hallucinating.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
