Cryptography-Digest Digest #868, Volume #9 Mon, 12 Jul 99 03:13:02 EDT
Contents:
Re: How hard is it to find the key in DES? ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (Boris Kazak)
Blowfish Keysize (BB)
Re: Why this simmetric algorithm is not good? ([EMAIL PROTECTED])
Re: How hard is it to find the key in DES? (JPeschel)
Re: Is it possible to combine brute-force and ciphertext-only in an (William
Tanksley)
Re: DES-NULL attack (Thomas Pornin)
Re: Standard Hash usage (David Wagner)
Re: How hard is it to find the key in DES? (Bradley Yearwood)
Re: Is it possible to combine brute-force and ciphertext-only in an (Nicol So)
Re: Standard Hash usage (Keith A Monahan)
Re: Standard Hash usage (Jim Gillogly)
Iraqi block cipher (David Wagner)
CIA' KRYPTOS is cracked N7 ("collomb")
Base encryption ("User")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How hard is it to find the key in DES?
Date: Sun, 11 Jul 1999 23:24:31 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
> With one plaintext-ciphertext pair it would probably take you on order
> of 2 ^ 56 / 2 = 2 ^ 55 guesses to find the correct key using a brute-
> force attack. Using differential cryptanalysis it takes 2 ^ 47 chosen
> plaintexts (see _Applied Cryptography_ by Bruce Schneier second
> edition Table 12.14 Differential Cryptanalysis Attacks Against DES
> page 289).
>
And with linear it's 2^43 so what, that doesn't answer his question.
With a *single* ciphertext you could reasonably guess the key in about
2^55 effort.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Sun, 11 Jul 1999 16:30:55 -0400
Reply-To: [EMAIL PROTECTED]
Harvey Taylor wrote:
>
> BTW, does anyone know where the term nibble arose?
========================
Just as B(reast) has two N(ipples), B(yte) has two N(ibbles)
...probable, but not certain...
>
> >[...]
>
> <curious>
> -het
>
> --
> "The earth is the cradle of mankind, but we cannot stay
> in the cradle forever." -Konstantin Tsiolkovsky
>
> Harvey Taylor [EMAIL PROTECTED]
------------------------------
From: BB <[EMAIL PROTECTED]>
Subject: Blowfish Keysize
Date: Sun, 11 Jul 1999 15:49:10 -0800
Hi all,
I recently downloaded the int'l patch for 2.2.10 and
compiled the kernel with crypto support. It seems to work
fine, but I need a different key and block size for the
blowfish algorithm. My goal is to mount previously
generated encrypted filesystems that were created under
windows using scramdisk. Scramdisk
(http://www.scramdisk.clara.net/ ) is a program that runs
under windows 95/98 that can employ several different types
of encryption.
Is anyone familiar with the blowfish algorithm support under
Linux? What changes need to be made to modify the key and
block sizes?
Thanks,
BB
**** Posted from RemarQ - http://www.remarq.com - Discussions Start Here (tm) ****
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why this simmetric algorithm is not good?
Date: Mon, 12 Jul 1999 01:04:40 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
[...]
> > BTW you don't have to be pushy to get changes. I realize that I
made a
> > mistake with the RC4 in my code and I will change it. But jumping
> > on 'it's sloppy' is rather mean.
> I am trying to do something
> > productive for this group (and for myself). It's people like you
that
> > give a bad name to cryptography in general.
>
> Wrong. Don't argue this, it's an incredibly bad position to defend.
> Just recognize that in this context, sci.crypt, everybody cares about
> correctness, and a few care about efficiency. And all of those who
care
> about efficiency at all, care a lot more about correctness.
>
> If you publish slow code people will criticize your code. If you
> publish bad code people will criticize you.
What's even worse is to criticize someone else's
code and use one's own bad code as if it were a
good example. That's what Tom did.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: How hard is it to find the key in DES?
Date: 12 Jul 1999 01:16:20 GMT
>[EMAIL PROTECTED] writes that:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (James Pate Williams, Jr.) wrote:
>> With one plaintext-ciphertext pair it would probably take you on order
>> of 2 ^ 56 / 2 = 2 ^ 55 guesses to find the correct key using a brute-
>> force attack. Using differential cryptanalysis it takes 2 ^ 47 chosen
>> plaintexts (see _Applied Cryptography_ by Bruce Schneier second
>> edition Table 12.14 Differential Cryptanalysis Attacks Against DES
>> page 289).
>>
>
to which [EMAIL PROTECTED] replied:
>And with linear it's 2^43 so what, that doesn't answer his question.
>With a *single* ciphertext you could reasonably guess the key in about
>2^55 effort.
>
>
Tom, James answered the question in his first sentence. Strange that
you didn't notice this since your answer was his answer.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (William Tanksley)
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an
Reply-To: [EMAIL PROTECTED]
Date: Mon, 12 Jul 1999 01:18:02 GMT
On Sun, 11 Jul 1999 22:07:41 GMT, [EMAIL PROTECTED] wrote:
[someone said: there's no such thing as randomness]
>> That's one strong assertion that covers everything, including physical
>> phenomena ranging from the macroscopic to the elementary particles
>> level. If you do have conclusive justification for it, I think the
>> physics community would be interested.
>Are you saying that non-deterministic processes exist? That's a laugh.
Clearly, he's saying nothing of the sort -- he's saying that he and the
physics community would like to see conclusive evidence that there's no
such thing as randomness.
I myself believe that quantum mechanics is deterministic, but that's not
something I would laugh at anyone else about. There are very
knowledgeable people who believe otherwise.
And furthermore, QM isn't the only possible source of randomness -- is the
human spirit deterministic? We all have beliefs on this, but none of us
have any way of knowing. (Hmm, I wonder how many bits of entropy a human
spirit can produce in an hour. ;-)
>In cryptography 'unpredictable' should have more significance
>then 'truly random' or 'random'. There are many ways to get
>statisitically independant outputs from a finite state using a
>deterministic process. These are secure for use but not truly random.
Hopefully secure. Yes, I agree.
>And if you use the 'lava lamp' argument (which many people in my Grade
>13 compsci course use) then that's a laugh as well.
What argument is that?
If you're saying that a lava lamp is not truly random, you're correct.
However, your classmates may be correct if they say that it's good enough.
It might not be possible to derive enough of the initial conditions to
simulate the lamp.
>Tom
--
-William "Billy" Tanksley
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: DES-NULL attack
Date: 6 Jul 1999 08:28:23 GMT
According to S.T.L. <[EMAIL PROTECTED]>:
> WOW, an Exabyte! Compare that to the six Exabytes you would need to
> store every word ever spoken by a human being.
I really wonder who makes this statistics and how this one was achieved.
Anyway, storage becomes always cheaper and cheaper; Sun already sells
servers with 6 Terabytes of harddisks.
In a way, the original writer is right. Not that it is easy to guess the
key when we know that 0 was encrypted; but it is true that 0 is one of
the likeliest plaintext in a communication (just encrypt an executable
file for instance; you will find plenty of them, at predictable places).
On a 10$ tape, you can store 4 Gigabytes, that is 2^31 keys (yes, we can
win a little since the keys are 56 bits and not 64 bits, but let's not
get into these details). With a mere 32 million tapes, you can store all
the encryptions of 0 by all possible 56-bit keys. All these tapes may be
stored in a not-so-big room. If you buy 32 million tapes, I guess you
will get a much better price than 10$ each. My estimation is that these
tapes would cost less than 100 million dollars.
Producing the tapes would be a bit tedious: you need to sort them by
ciphertext, although you get them by increasing keys. Anyway, using a
good temporary storage [the several-terabytes raid array stated above],
and some specialized hardware for producing the ciphertexts, I think
this is quite feasible.
Once the tapes are written and stored, each lookup is a matter of one or
two minutes. If you want to break DES a thousand times per day, this is
a good investment.
--Thomas Pornin
(of course, take a cipher with 64-bit keys and all this become
irrelevant for the moment)
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Standard Hash usage
Date: 11 Jul 1999 19:48:59 -0700
In article <[EMAIL PROTECTED]>,
David P Jablon <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>, John Myre <[EMAIL PROTECTED]> wrote:
> >David P Jablon wrote:
> >> That function, hash = sha1(P) || sha1(P || sha1(P)), limits the
> >> entropy to no more than 160-bits, when P has more than 160-bits
> >> of entropy.
> >
> >I don't see why this is so.
>
> Because it's not. In a moment of weakness I presumed that
> sha1(x) == sha1(y) implied sha1(x||z) == sha1(y||z). Oops.
>
Actually, I think your last remark is not so far off.
At least in the case where x and y have the same length,
and where that length is also a multiple of 512 bits,
the statement holds with high probability, I believe.
[Why? If the collision arises because of an internal
collision in the internal chaining value, before the padding
is processed, then indeed sha1(x||z) = sha1(y||z), as is
easy to check.]
Am I mistaken?
------------------------------
From: [EMAIL PROTECTED] (Bradley Yearwood)
Subject: Re: How hard is it to find the key in DES?
Date: 12 Jul 1999 02:02:43 GMT
In article <[EMAIL PROTECTED]>,
Keith Reeves <[EMAIL PROTECTED]> wrote:
>Hi! I have a question about DES, maybe one of you will be able to
>help. Let's say you have the plaintext and the ciphertext, but you
>don't know the key. Can you work it out using the plaintext? How hard
>would it be?
$200-250K worth of specially designed hardware, around 5 days' grinding
time maximum. It broke RSA Labs' DES Challenge 2 in 56 hours.
This is written up in the book _Cracking DES ..._ (Electronic Frontier
Foundation, John Gilmore editor) published by a year ago by O'Reilly &
Associates. Full chip designs, board and system designs, and source code
are provided.
Single-DES (56 bit key) is thus demonstrated to be far too weak now for most
applications.
Brad Yearwood [EMAIL PROTECTED]
Cotati, CA
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an
Date: Sun, 11 Jul 1999 23:20:25 -0400
[EMAIL PROTECTED] wrote:
>
> > That's one strong assertion that covers everything, including physical
> > phenomena ranging from the macroscopic to the elementary particles
> > level. If you do have conclusive justification for it, I think the
> > physics community would be interested.
>
> Are you saying that non-deterministic processes exist? That's a laugh.
In order for you to make the kind of claims you made, you need to have
reliable knowledge about all kinds of physical phenomena, known or yet
to be discovered. How can you be so sure that nothing in nature is
non-deterministic? How can you be so sure that nothing we'll ever
discover in the future will prove you wrong?
I'm not an expert in quantum mechanics, and I don't pretend to be one
(so I turn to the experts for their opinions). In my layman's
understanding, the Copenhagen interpretation is the philosophical
interpretation of QM currently favored by physicists. The Copenhagen
interpretation basically says that quantum mechanical descriptions of
nature are non-deterministic because that's the way nature is. I
understand that not all physicists agree on this matter.
As a rational person, I have some reason to believe non-determinism may
exist in nature (expert opinion) and I certainly haven't come across
anything that *conclusively* rules out non-determinism in nature.
> In cryptography 'unpredictable' should have more significance
> then 'truly random' or 'random'. There are many ways to get
> statisitically independant outputs from a finite state using a
> deterministic process. These are secure for use but not truly random.
When people describe something as random, often what they really mean is
that that something can be adequately modeled as random for their
purpose. That's nothing profound and quite widely understood.
> And if you use the 'lava lamp' argument (which many people in my Grade
> 13 compsci course use) then that's a laugh as well.
What is the "lava lamp argument"?
> > Randomly generated values can have significance assigned to them
> because
> > of the context in which they appear. Often a randomly generated value
> > has significance not because it is *a* random value, but because it is
> > *the* random value that plays a particular role in a particular
> > context. A few examples:
>
> But how to you make 'random' numbers in a computer program?
> Maybe 'unpredictable' is a better word.
I didn't suggest generating random values using a computer program. In
practice, a great variety of non-algorithmic processes/devices are
available for the purpose.
> > 1. The encryption key in a private-key cipher is randomly generated,
> but
> > the fact that the value is used as an encryption key gives it
> > significance (and for that reason may require protection).
>
> The actual key doesn't normally need protection as long as the
> algorithm is secure. The keys should be destroyed after being used and
> should be well maintained during their lifetime.
Your first statement is patently false. Your second statement actually
supports my position: destruction is a form of protection from
disclosure.
> > 3. Although most lotteries are not done this way, but in principle,
> the
> > drawing (random values generation) can be done in advance and the
> > results locked away until the deadline for ticket purchase is past.
> > Again, we have a situation in which randomly generated values have
> > significance and need protection.
>
> These are not random either.
Whether lotteries are truly random or merely chaotic is immaterial to
the present discussion. For their purposes, they can be adequately
modeled as random.
Nicol
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Standard Hash usage
Date: 12 Jul 1999 04:32:53 GMT
Thanks for the references,
I'll certainly check those out.
Keith
Richard Parker ([EMAIL PROTECTED]) wrote:
: In article <7m27av$gio$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
: (Keith A Monahan) wrote:
: > [EMAIL PROTECTED] wrote:
: > : I think Jim Golligy (sorry I forgot the spelling) has a good copy of
: > : SHA-1. Ask around in this group I know I saw a Good copy...
: >
: > Hrrrmm.. Anyone? :)
: Steve Reid wrote a public domain implementation of SHA-1 in C.
: It is available at the following URL:
: <ftp://ftp.funet.fi/pub/crypt/hash/sha/>
: A public domain implementation of SHA-1 in C is included
: with the source to the Perl SHA extension:
: <http://theory.uwinnipeg.ca/scripts/CPAN/authors/id/UWEH/SHA-1.2.tar.gz>
: Wei Dai's Crypto++ contains a C++ interface to SHA-1. The
: library is free, but the license has some fine print. It is
: available at the following URL:
: <http://www.eskimo.com/~weidai/cryptlib.html>
: Peter Gutman's cryptlib contains a C implementation of SHA-1.
: The library is without cost except when used for "large-scale
: commercial use." It is available at the following URL:
: <http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html>
: -Richard
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Standard Hash usage
Date: Sun, 11 Jul 1999 22:25:21 -0700
Richard Parker wrote:
> Steve Reid wrote a public domain implementation of SHA-1 in C.
> <ftp://ftp.funet.fi/pub/crypt/hash/sha/>
>
> A public domain implementation of SHA-1 in C is included
> with the source to the Perl SHA extension:
> <http://theory.uwinnipeg.ca/scripts/CPAN/authors/id/UWEH/SHA-1.2.tar.gz>
>
> Wei Dai's Crypto++ contains a C++ interface to SHA-1. The
> library is free, but the license has some fine print. It is
> available at the following URL:
> <http://www.eskimo.com/~weidai/cryptlib.html>
>
> Peter Gutman's cryptlib contains a C implementation of SHA-1.
> The library is without cost except when used for "large-scale
> commercial use." It is available at the following URL:
> <http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html>
My SHA-1 source is copyrighted, but may be used free and freely
for all purposes, commercial or otherwise. The permission's in
the source file. See Carl Ellison's page at:
http://www.clark.net/pub/cme/
Occasionally companies want me to fill out huge questionnaires
saying that I'm giving them permission to use it for free. That
costs money: I don't fill out legal crap for free. However, if
all you need is a PGP-signed 1-line disclaimer from me, that
<is> free.
--
Jim Gillogly
Mersday, 19 Afterlithe S.R. 1999, 05:17
12.19.6.6.7, 5 Manik 15 Tzec, First Lord of Night
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Iraqi block cipher
Date: 11 Jul 1999 22:33:39 -0700
The so-called ``Iraqi block cipher'' is another example of a cipher
that uses the same round subkey in all rounds and thus appears to be
potentially susceptible to slide attacks.
Hmm. Sounds like a possible hoax to me.
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: CIA' KRYPTOS is cracked N7
Date: 12 Jul 1999 05:45:15 GMT
CRACK OF CIA ' KRYPTOS
Message Number 7
- 5 july 1999�: GOD disposed diagonally
- 6 july�: The decyphering makes appear the image of the Cross
- 7 july�: The decyphering makes appear the image of a long snake
- 8 july�: The Cross is in the form of < T >
- 9 july�: The bottom of the Cross in form of T crushes the snake's body
- 10 july�: Place of the Cross in the square of 10 cases X 10 cases
-11 july�:
Diagram of the snake crushed by the Cross.
The only character Y among the 97 characters of the last section
corresponds by its form to the head of the snake from where goes out its
bifide tongue.
JS are the initial ones of the sculptor Jim Sanborn.
The body of the snake avoids the initial JC which corresponds to
Jesus-Christ.
JC as well as the Cross, crush the body of the snake.
JC corresponds to the moment of the terrestrial life of Christ.
The Cross corresponds at the time of Christ' Death.
See the drowing hereafter
Thanks and Best Regards
[EMAIL PROTECTED]
w w w w w w w m m m m
w w m m m m
w w w w w w m m m m
2 1 | |
m m w w m m m m m m
3 4 | |
m m w w m m m m m m
6 5 | |
m m w w / m m m m m
7 8 Y J S
m m w w m m m m m m
10 9 26 25 24
m m w w m m m m m m
11 J 21 22 23
m m w w m m m m m m
12 C 20 19
m m w w w m m m m m m
13 14 15 16 17 18
m m m m m m m m m m m
1 � The Cross is marked by the letters w
2 � the snake unfolds from tail 1 to head 26 Y
3 � character unique Y�: beginning of serpent bifide tongue.
4 -
| |
| |
| |
/
Y
the bifide tongue
5 � JC Jesus- Christ, JS Jim Sanborn
------------------------------
From: "User" <[EMAIL PROTECTED]>
Subject: Base encryption
Date: Sun, 11 Jul 1999 23:24:50 -0700
Hello. Here is another thought. Since humans in the western european
hemisphere are so used to the concept of the Roman numerals and
the Roman alphabet, the "base" of the encrypted text is easily guessed
or inferred by looking at it (and counting the number of different symbols).
(less than 64 usually: alphabet plus numerals and some punctuation marks)
Humans in the Eastern asian hemisphere are used to a larger "base"
(or character set). There are over 60,000 unique symbols in the
Chinese language (while the roman alphabet has less than 64!!).
If you were to take the front page of a chinese newspaper to a person
who had no exposure to chinese before, it is extremely difficult for them
to understand it (take the pictures out of course). Take this also into
consideration... you cannot easily guess the base of this example
because the front page only contains a subset of the greater than
60,000 unique symbols in the Chinese language.
This analogy fits in perfectly with the "base" I was referring to. A person
who has no idea what a symbol in a different base represents cannot do
a direct mapping between encrypted text base SYMBOLS to plain
text base SYMBOLS. This is in addition to any encryption algorithm used.
Back to the newspaper analogy, next time you want something encrypted
very strongly, use the Chinese dictionary as your "base"!! And given
that Internet Explorer browser supports display of the chinese
character set, this should be no deterrant!
Lastly a small plug, try this freely downloadable program out...
Virtual Calc 99
http://www.edepot.com/phl.html
Runs on Win95/98/NT
It does base conversion between base 2 to base 3, 4, 5, 6,.64... any BASE!!
and can calculate floating point in any base, and you can change
the symbols for any base unit. (change 1 2 3 to a b c, so a+b=c).
It also calculates to infinite precision, and supports expressions.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
