Cryptography-Digest Digest #860

[Digestifier]

Cryptography-Digest Digest #860, Volume #9        Fri, 9 Jul 99 22:13:07 EDT

Contents:
  Re: Electronically Exporting crypto source (legally) (Mok-Kong Shen)
  Re: Possible Extension for Block Ciphers ([EMAIL PROTECTED])
  Re: Uncrackable? ([EMAIL PROTECTED])
  Re: Electronically Exporting crypto source (legally) (Greg Ofiesh)
  Re: Electronically Exporting crypto source (legally) (Greg Ofiesh)
  Re: Stream Cipher != PRNG ([EMAIL PROTECTED])
  Re: Electronically Exporting crypto source (legally) (Greg Ofiesh)
  Re: Why this simmetric algorithm is not good? ([EMAIL PROTECTED])
  Re: Stream Cipher != PRNG (Nicol So)
  Re: Uncrackable? (NFN NMI L.)
  Re: Can Anyone Help Me Crack A Simple Code? (mercury)

----------------------------------------------------------------------------

From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Fri, 09 Jul 1999 13:06:47 +0200

Dmitri Alperovitch wrote:
> 

> I understand that in our society you can be taken to court
> for no reason whatsoever, but whether you lose or not is a totally
> different question.  Considering that the government is now losing
> cases where the export rules have clearly been broken (i.e Bernstein
> case), it would seem to me that they would be more picky in the
> future about the battles that they choose.  Otherwise, they are going
> to end up in the Supreme Court, a place that they probably want to
> avoid going to at all costs.

Since we don't KNOW for sure, we can only speculate/conjecture what
they 'want' (your last sentence). On a previous occassion I put up
my personal speculation of why the bureaucrats (not only of one but of
several countries) are doing the apparently irrational and illogical
things: (1) To have some work items to justify their own payrolls.
(2) To avoid strong crypto being used by the honest citizens so that
the WWI has an easier job of getting informations in order to be
used for secret commercial/industrial purposes. (The criminals can
get their strong cryptos more easily than drugs anyway.) (3) To
create a myth about crypto among the (unknowledgeable in crpyto)
common people for (a) showing off that they are doing a supreme
job to take care of the vital interests of the people and (b) 
generating (unconsciously) in the minds of the common people a
'definition' of what strong crypto (exactly) is, namely that what the 
authority forbids/restricts with the (indirect) implication that 
everything else is not strong and should not be used by the people.
This last item (b) means (1) the interceptors have a narrower target 
field to deal with, (2) certain products, i.e. those in the category 
of being officially forbidden/restricted, will have a wider acceptance 
(owing to the general 'belief' of their superiority) which may be 
well inline with certain specifically national economical goals, 
(3) their will be less incentives generated in the public for 
supporting R&D of new techniques in cryptology, leading to a general 
slowdown of progress which is obviously favourable from the standpoint 
of the bureaucrats for the bunch of reasons mentioned above.

Well, these are my personal speculations. Speculations are just that, 
there are no 'proofs'. So please don't flame me too heavily if part 
or the whole of the above appears to be wrong or nonsense in your eyes.


M. K. Shen
======================================================
M. K. Shen, Postfach 340238, D-80099 Muenchen, Germany   (permanent) 
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)    
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
 algorithms based on the new paradigm Security through Inefficiency.
 Containing 2 mathematical problems with rewards totalling US$500.)

------------------------------

From: [EMAIL PROTECTED]
Subject: Re: Possible Extension for Block Ciphers
Date: Sat, 10 Jul 1999 00:01:19 GMT

In article <[EMAIL PROTECTED]>,
  Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I use in my scheme WEAK3-EX, which uses a mixture of stream and
> block techniques, output of PRNG to influence the encryption of
> individual blocks. Besides plaintext/ciphertext chaining, I use
> what I term 'hash chaining', which is a hash value of a block of
> information bits in its 'intermediate' stage of being processed,
> i.e. a value that is not directly related to the input or output of
> a round (each block in WEAK3-EX is processed by a user choosable
> variable number of rounds). I believe my design has some non-trivail
> connection to what you suggested.

Hmm neato.  Basically though I think you are mixing pre-white keys.
What I am doing is splitting the larger input into parts.  I will look
at your site though.

You could make a 128-bit PRNG and whiten the input.  This would provide
a time dependant permutation of the input, then a key dependant
permutation.  This would greatly hinder the ability to choose inputs
into it.  Since there would be a dynamic whitening...

Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: [EMAIL PROTECTED]
Subject: Re: Uncrackable?
Date: Sat, 10 Jul 1999 00:06:06 GMT

In article <[EMAIL PROTECTED]>,
  [EMAIL PROTECTED] (NFN NMI L.) wrote:
> <<The algorithm is completely reversible>>
>
> And completely not provided. (Because you didn't post binaries to
sci.crypt, we
> won't flame you, but provide algorithms next time!)

What are you responding too?  My post was about alternatives for DES
and about EFF...

Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: Greg Ofiesh <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Sat, 10 Jul 1999 00:42:58 GMT


> So what you are saying is that no matter whether your actions are 100%
> legal or illegal, but if the result is strong cryptographic algorithms
> being exported out of the country - you have committed a crime?
> Somehow, I doubt that's a correct interpretation of the law...

One lesson that Bill Clinton had learned in college is that "you can do
(get away with) anything as long as no one will stop you.  That is what
we see in government today.  It is how law operates.  If the government
does you wrong, they can, as long as no one tries to stop you.  You,
the one injured, must do something, and for the most part they are
betting that their victims will not - and they win at this strategy too!


> I understand that in our society you can be taken to court
> for no reason whatsoever, but whether you lose or not is a totally
> different question.  Considering that the government is now losing
> cases where the export rules have clearly been broken (i.e Bernstein
> case), it would seem to me that they would be more picky in the
> future about the battles that they choose.  Otherwise, they are going
> to end up in the Supreme Court, a place that they probably want to
> avoid going to at all costs.

Not only that, if you look at how the government delays and violates
laws regarding their required timely responses to export licenses in
some cases, you begin to see that THEY know they are wrong and will
lose in court (and they do) if challenged.  They want to make an
example out of Zimmerman, but Zimmerman stopped them.  They never had a
chance, but to them it was just a job.  Zimmerman would be behind bars,
and they could go home to their family every night.  But they are
beginning to lose more than it is worth fighting for - but then they
have to make examples of people who think they are right.  You have to
know you are right down inside if you intend to stand up against them.


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: Greg Ofiesh <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Sat, 10 Jul 1999 00:37:34 GMT


>...just that they could be enforced anyway.  It's
> something you need to evaluate before you take the risk.

This is correct.  As another example of selective prosecution, congress
keeps piling up more gun control laws without the existing laws being
enforced on even a half wit basis.  Why?  So that when they have all
the laws in place that they want, they can "choose" to begin
prosecuting with all of them.  This would allow them the "legal" means
to get rid of all guns while incrementally adding the legal blocks into
place.  Now think for a minute.  Do you think they would be able to add
more blocks if they began using them at the same time?  No.  So they
just build their pyramid, then once they have all the blocks, they
begin to use them all at once.  All of the sudden, no more guns!

Don't they wish!


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 23:57:58 GMT

In article <[EMAIL PROTECTED]>,
  [EMAIL PROTECTED] (John Savard) wrote:
> One stream cipher might use a PRNG to generate eight bits, which are
> either XORed or added to the current eight bytes of the input.
>
> Another might generate *nine* bits, and use one to determine if an XOR
> or an add takes place.
>
> Another might generate _sixteen_ bits: the eight bits of the plaintext
> first go through a key-dependent substitution (using a table with 256
> entries, whose inverse is available for decryption), then eight bits
> are added, then another subsitution, then eight bits are XORed, then
> another substitution.
>
> The advantage of this is that, although only eight bits of PRNG output
> are already enough to take any plaintext byte to any other, this way
> even with known plaintext, it is much harder to find out anything
> about what the PRNG is doing.

All of these are time dependant permutations.  They are based on the
time stepping of a PRNG.  You have not proved or provided hints towards
stream cipher != PRNG.

Your last idea is not bad.  It would resemble

C = S2[rngB() + S1[rngA() + P]];

Where '+' denotes binary xor...  You might be able to step a PRNG
linearly and still hinder analysis...

Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: Greg Ofiesh <[EMAIL PROTECTED]>
Subject: Re: Electronically Exporting crypto source (legally)
Date: Sat, 10 Jul 1999 00:46:45 GMT


> The bottom line is the same: don't get caught.  That's pretty easy,
> do what you want and don't tell the rest of the world.  Unless you're
> supplying weapons or drugs to the CIA, nobody will notice.  Only the
> people who want to make a statement and flaunt their messing with the
> law have to deal with the courts.

And what ever you do, don't work for the CIA in anything that is
illegal.  Remember Barry Seal?


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: [EMAIL PROTECTED]
Subject: Re: Why this simmetric algorithm is not good?
Date: Sat, 10 Jul 1999 00:08:20 GMT

<snip>

About the code I realize that I was wrong.  I would ask that people not
talk about Micro-C as I do not speak on behalf of the owner.  Sorry for
the mixup.  If anyone is wondering it is a good compiler.

Anyways this is OT, just to let you know (no bad thoughts about micro-c
ok?)

Tom


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

------------------------------

From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Fri, 09 Jul 1999 21:11:29 -0400

Mok-Kong Shen wrote:
> 
> In my humble opinion it is best to combine stream and block encryption
> techniques, thus obtaining advantages from both. I attempted that
> in the design of my WEAK3-EX.

>From a security viewpoint, combining a sequence generator with a block
cipher is not a bad idea (but it's not a new idea either).  However, by
involving a block cipher, you could be losing some very significant
advantages of stream ciphers: high speed and implementability with very
few parts.  

Of course, this is relevant only if you know how to design a secure
stream cipher with very few parts.

Nicol

------------------------------

From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Uncrackable?
Date: 10 Jul 1999 01:35:12 GMT

To tomstdenis:
The person whom I was responding to was the author of the words I quoted. It
was from the guy who runs this web site:
http://vote3.sgbs.strath.ac.uk:8765/james/CM26.html
The guy was:
[EMAIL PROTECTED]
On said web site, he says:
*****
The algorithm is completely reversible so it can be used for file encryption as
well as password encryption. The first example below is actually a file
containing the password that has been used to encrypt it. The other examples
are all encrypted using the same password. 
*****
That was what I was quoting. He has not provided the algorithm, and I made note
of that. When I read my newsgroups, I read all the posts in a thread and then
post any comments I have. This may cause confusion to those who use newsreaders
that show the layout of threads in great detail. Thus I've been trying to
include some quoted material when necessary, instead of just commenting. Sorry
for any confusion.


Moo-Cow-ID: 76  Moo-Cow-Message: -

-*---*-------
S.T.L.  (NFN NMI L. also) -===> [EMAIL PROTECTED] <===- 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main site: http://137.tsx.org F00FC7C8 MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0  Mail block
is gone, but will return if I'm bombed again. It was an easy fix. Address is
correct as-is. Giving the correct address is COURTEOUS; junk gets in anyway.
Join the Great Internet Mersenne Prime Search at http://entropia.com/ips/ My
.sig is even shorter, and contains 3046 bits of entropy including next line:
-*---*-------

Card-holding member of the Dark Legion of Cantorians, People for the Ethical
Treatment of Digital Tierran Organisms, the Holy Order of the Catenary, the
Great SRian Conspiracy, the Triple-Sigma Club, the Polycarbonate Syndicate,
the Union of Quantum Mechanics, the Roll-Your-Own Crypto Alliance, and the
Organization for the Advocation of Two-Letter Acronyms (OATLA)
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "When Renormalization Fails", "World's
Most Energetic Cosmic Rays", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #15: Tidal Forces Fall Off As 1/r^3.


------------------------------

From: mercury <[EMAIL PROTECTED]>
Subject: Re: Can Anyone Help Me Crack A Simple Code?
Date: Fri, 09 Jul 1999 22:03:56 -0400
Reply-To: [EMAIL PROTECTED]

I hope this will clear up the question I am asking.  I have a "black
box" which accepts ten digit codes.  The black box understands these
codes as meaning a color and a date.  The goal here is to discover the
algorithm the black box uses so more color/date codes can be predicted.

The black box these codes are for has a price tag of almost $100,000.00,
and they are all brand new.  In 2 or 3 years, I will have access to
broken or used machines which I can experiment with.  (ei rip apart the
key pad, interface it with a computer, and brute force the code system)

At this time, all I can do is anylize "good" codes and try to figure out
how the code system works.  The code system is a very minor part of this
machine.  It is only meant to keep operators and casual users from
messing with it.  Perhaps the codes here are even better described as
ENCODING rather than ENCRYPTING.

THE CODES ARE ALWAYS TEN DIGITS.
no letters or other charactors are used.

VALID CODES REPRESENT A "COLOR" AND A DATE.
"color" represents the way the machine is configured.  The configuration
is rather complex and very specialized for the industry it is used in.
The "color" part of the code is just to make sure it is a code for the
right black box.

DATE IS DEFINED AS A MONTH AND A YEAR.
At least, that's all the black box tells me.

THERE ARE 16 POSSIBLE "COLORS"
They may have left room for expansion, but there are 16 right now.

THERE ARE SEVERAL CODES WHICH MEAN THE SAME COLOR AND DATE.
The six codes I posted represent GREEN and DEC, '99.  The black box
understands the six as being absolutely equal.  I can get a few other
green codes, or other dec, '99 codes, but I probably will not be able to
get much more than 6 which are 100% equal for any color/date
combination.

WHEN A CODE IS ENTERED, THE BLACK BOX WILL DISPLAY ON A PANNEL ONE OF
THE FOLLOWING:

1)  Good Code For My Color.  Date Is:  <Month>, <Two Digit Year>
2)  Incorrect Color For This Black Box.
3)  Correct Color, But Date Too Old.
4)  This Is Not A Recognizeable Code.

ALMOST ANY RANDOMLY CHOSEN CODE WILL NOT BE RECOGNIZED AS MEANINGFULL.
The box knows the difference between an incorrect code <for another
machine> and random garbage.  There are relatively few codes which can
be read as anything meaningfull.

THE BLACK BOX ANYLIZES THE CODES ALMOST INSTANTLY.
I seriously doubt they have any one processor dedicated to the code
task.  The checking of the code is most likely a small sub-routine which
runs quickly on a basic <relatively slow> processor.


How do you go about solving this?

So far, I have been selecting simple formulas, and writing quick
programs to see if I can get the numbers I have to fit the formula.
There has to be a better way.

There is the possibility that the code is. say, a four digit code that
represents color, then a 6 digit code which represents a date, then put
one after another to make a ten digit code.  The next time I get a
chance, I will take two equal codes and type the first part of one, then
the second part of the other, and see if I can make an acceptable code
out of two others.  Hopefully, this will confirm or eliminate this
possibility.  Trying "morph-codes" is something I am kicking myself for
not thinking of before.  After all, those codes are more than 32 bits,
so it would make things easier if the ten digits were broken up into
parts.

Does anyone have any experience with writing code for processors?
Perhaps if I knew what functions were most common and easily utilized, I
would have a better idea of how the programmers think.

What I have are various codes which mean a color and a date.  I've
assumed from the beginning that the best way to approach this is to find
codes which mean exactly the same thing, then find why they mean the
same thing.  Am I right in assuming this?  Or is there some meathod that
can make sense out of all the various color/date codes I can get?

-mercury





------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: [EMAIL PROTECTED]

You can send mail to the entire list (and sci.crypt) via:

    Internet: [EMAIL PROTECTED]

End of Cryptography-Digest Digest
******************************