Cryptography-Digest Digest #869, Volume #9 Mon, 12 Jul 99 06:13:06 EDT
Contents:
New numeral base encryption ("User")
Re: Uncrackable? (wtshaw)
Re: Uncrackable? (wtshaw)
Re: Is it possible to combine brute-force and ciphertext-only in an (wtshaw)
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Re: How hard is it to find the key in DES? ("Douglas A. Gwyn")
Re: Benfords law for factoring primes? ("Douglas A. Gwyn")
Re: New Encryption Product! (humor) ("Juergen Nieveler / CompuNet")
Re: Stream Cipher != PRNG (Mok-Kong Shen)
Re: Is Stenography legal? (Mok-Kong Shen)
Re: Windows PWL Files (Eric Hambuch)
Re: Is it possible to combine brute-force and ciphertext-only in an ("Douglas A.
Gwyn")
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
Re: Stream Cipher != PRNG ("Douglas A. Gwyn")
Re: How Big is a Byte? (was: New Encryption Product!) ("Douglas A. Gwyn")
Re: New numeral base encryption (Eric Hambuch)
Re: How Big is a Byte? ("Douglas A. Gwyn")
Re: Summary of 2 threads on legal ways of exporting strong crypto (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "User" <[EMAIL PROTECTED]>
Subject: New numeral base encryption
Date: Sun, 11 Jul 1999 23:51:12 -0700
I propose here a numeral "base" encryption using Virtual Calc 99
and will describing an encryption using numeral conversion
between base 64 to base 10 and to base 2.
Plaintext (base 64)...
HelloThereHowAreYouDoing
Encryptedtext (base 10)
15061351343063661063141398769567998360495568
Encryptedtext (base 2)
1010110011100101010101010110001101110
1000100111001101100111010101101100010
0000100100011011001110111100011000011
110100111011000010010010111010000
This can be easily done by using Virtual Calc 99
Free download at http://www.edepot.com/phl.html
Run it and click the base button and select 64 as the base
(it has default mappings to the roman alphabet)
Type in any phrase (dont put space in)
press calculate.
click on base button, and select a different base (like base 23 or something
like that), press ok.
Here is the encrypted text in base 23 for the example phrase above:
94jch649c43jhhikeaf01b7a0ad0c984
Now to show you how strong this encryption method is (given that you
already know how it works), I issue a small twist...
I apply an operator function to it so that the base conversion has to
deal with floating point, which will make the base conversion routine
calculate to predefined precision...
Here is the encrypted text:
2jpx5bu3g27j0szp7u1hpnwfw8.ch7wmy
kxxgvA14vpym5kxr9s6s3zwu77gbj5o7k
zglz28AryzbdAe90bnom2x0wy0i8fxa6g
29nnk0aq1yvAbu2ryfxaa9notd1x
Try giving me the plaintext to that!!!
difficult aint it? since you dont know the
simple operator used, and plus the base conversion
had to go through floating point calculations.
and you dont know the BASE!!
Be sure to download the program!
http://www.edepot.com/phl.html
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Uncrackable?
Date: Mon, 12 Jul 1999 02:00:57 -0600
>
> Well, judgement time, as I said before, I dont claim to be any kind of
expert on
> cryptology, but from my experience as a programmer, theoretically and
logically,
> this seems to be an immensly secure system. If anyone finds any flaws in it,
> please let me know rather than just flame me. I wrote this out of pure
interest,
> and I want to know what you think, thanks,
>
Regardless of what is said, please keep your interest. Secure and
Infinity are difficult targets, good luck to you if you plan to get them
under your thumb. Actually, you have some good ideas in your posting
(chronic readers will notice those which I have supported).
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Uncrackable?
Date: Mon, 12 Jul 1999 01:56:48 -0600
In article <7mb4vb$6lu$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> <snip>
>
> I cannot believe you wrote such things. Any FSM is solvable in a
> finite amount of time. Why do you say it's 'infinitely' difficult to
> solve?
>
> Using 4-12 char passwords is a really stupid idea. Most people pick
> bad passwords that range about 40 chars (upper case and odd letters
> such as 'QZY' are normally not used...) so this is 21 to 63 bit keys.
> Not much.
>
> Using three PRNGs in a 'mixing' mode of C = ((P + PRNG1) xor PRNG2) +
> PRNG3 is not really strong. There is a linear equation for the first
> bit that holds with p=1, then with this the rest of the carry bits can
> be attacked. With this a divide and conquer attack can get the rest.
>
> Seems to me your are posting snake oil. I would post a complete
> description (if you have one at your site I apologize) of the algorithm
> and not rely on source code to show it off. I would also clean up your
> claims...
>
It would seem premature to expect a beginner to know all the angles, and
he might have a handle on some that are better than those commonly
pushed. So what if he advances some limited ideas; as I see it he is
keeping it simple to explore the principles involved, actually a darned
good idea...start simple, finish as big as is necessary. I would rather
encourage him, but intelligent criticism is important too.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an
Date: Mon, 12 Jul 1999 01:42:27 -0600
In article <7ma58a$tfk$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
> If the message was truly random you would not need to encrypt it would
> you?
>
It might, for no other purpose, help drive an attacker mad. And, you
would have a difficult time convincing someone who *wanted* to know that
it was just nonsense and you were not hiding anything.
Consider that look-ahead in solving ciphertexts is pretty much like
driving in a dense fog, it helps to know the road in advance if you don't
want to run off into a ditch.
Knowing that attackers will grasp at straws, the user can easily steer the
unsuspecting to lose the correct way, if you have the deviousness to do
so, after all, smoke and mirrors, lies and deception, are the stuff of
good mind-game crypto.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Mon, 12 Jul 1999 08:28:32 GMT
[EMAIL PROTECTED] wrote:
> Perhaps the best example of this principle if the contest Hofstadter
> offer when he was contributing to Scientific American. The deal was to
> send a postcard containing a number to SA in order to win a prize of
> $1,000,000 divided by the largest integer submitted.
> He thought the best answer was a complicated analysis of the
> probabilities. In fact it was obvious by inspection that the value of
> winning was less than the cost of the postage stamp.
No, what it demonstrated was that the utility (measured in
satisfaction, fame, or whatever) of merely being the winner was
greater, for many entrants, than the money offered as the prize.
Unbounded or open-ended games often hold surprises. For example,
suppose you're matching coins against the (fair) house and double
your bet each time you lose, starting with a $1 bet the first play
and each time you won the previous play. Note that each time you
win the play, you are $1 ahead for that "run" (losing streak, win).
Evidently, you can make an arbitrarily large amount of money if
you keep playing. What (if anything) is wrong with this "system"?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How hard is it to find the key in DES?
Date: Mon, 12 Jul 1999 08:17:27 GMT
Bradley Yearwood wrote:
> Single-DES (56 bit key) is thus demonstrated to be far too weak now
> for most applications.
It is *barely* too weak against a modern adversary who uses an
EFF-like attack. A similar attack against 3DES would be pointless.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Mon, 12 Jul 1999 08:44:54 GMT
Keith Lockstone wrote:
> I wondered how long before that New Scientist article would rattle a few
> cages....
> In article <CiRh3.12404$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> (Blank) wrote:
>> > Has anyone looked into using Benfords ( prob first digit D = log 1+1/D
> > ) law
> > to sort the lists of potential factors for brute force prime cracking?
This is the first posting I've seen on this topic.
I looked up the New Scientist "Power of 1" article (which
makes the error of "explaining" Benford's law by Hill's
theorem, even though Benford's law applies more generally).
The above suggestion wasn't mentioned nor implied in the
article, which is good since it is a seriously nutty idea.
------------------------------
From: "Juergen Nieveler / CompuNet" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: New Encryption Product! (humor)
Date: Mon, 12 Jul 1999 09:53:21 +0100
John Savard <[EMAIL PROTECTED]> schrieb in im
Newsbeitrag: [EMAIL PROTECTED]
<SNIP>
> would give users what they actually needed, for obvious reasons, that
> feature would have made our program uncompetitive with products that
> could truthfully advertise 128-bit encryption."
>
> John Savard ( teneerf<- )
> http://members.xoom.com/quadibloc/crypto.htm
But does it support 256x-ROT13?
256 is 2 times 128, it�s got to be a lot safer ;-)))
--
Mit freundlichen Gr��en / Yours sincerely
Juergen Nieveler
CompuNet
[EMAIL PROTECTED]
Disclaimer: Views are mine, not my employers�
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Mon, 12 Jul 1999 10:51:42 +0200
[EMAIL PROTECTED] wrote:
>
> People use whitening keys to 'randomize' the input and output.
> Wouldn't using a PRNG to whiten the input be a super idea though? It
> would seriously hinder attacks and their effectiveness.
Whitening the input is indeed applying the stream technique. But
you could also regard this as one component of a superencipherment
consisting of a stream encryption and a block encryption. In general,
however, stream and block techniques could be more intimately
mixed.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is Stenography legal?
Date: Mon, 12 Jul 1999 11:01:18 +0200
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> However, if there are sufficient number of people who
> > regularly encode their e-mails, whatever the nature of the contents
> > may be, using a diversity of encryption algorithms (primitive as
> > well as sophisticated ones) then the WWI will not have enough
> resources
> > to deal with that. If one only sends sensitive messages with
> encryption
> > and ordinary messages in the clear, then they can have a pretty good
> > chance of success since they can concentrate their work on these low
> > volume traffic. I am not sure that using steganographic techniques
> that
> > hide bits in pictures to send mails is a good counter measure to WWI,
> > since that's quite resource intensive. If sending coded messages
> > is allowed, why don't just do that? And, if one takes the trouble,
> > one can employ an extremely secure encryption to defeat decryption.
>
> The problem is most cryptographic packages are technical. Even PGP is
> somewhat difficult for complete newbies to learn. And if you
> just 'trust' the vendor you get snake oil (i.e totally unbreakable
> magical code).
>
> As long as their is snake oil to spread around people will assume
> that's the best. Even if their code is trivial to break (or makes no
> sense) people will trust it (for them their really is no standard of
> cryptographic strength).
For jamming the WWI, the quality of the algorithms doesn't play
a big role, since you are mostly encrypting harmless messages anyway.
If there is a huge number of different algorithms that people
'regularly' employ in their e-mail, that general practice suffices
to bring the machinery to a halt.
M. K. Shen
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: Windows PWL Files
Date: Mon, 12 Jul 1999 11:03:38 +0200
Andrew Whalan wrote:
>
>
> "Windows uses the professional RC4 ciphering algorithm with a 128-bit key (a
> 128-bit key is obtained by converting a password with an unlimited length)."
>
> I need code! Anyone help? I don't know where to start looking ...so many bad
> links out there!
>
Try:
http://www.counterpane.com
http://cacr.math.uwaterloo.ca/hac and follow the links for source
code
Source-code directly available:
http://www.s-direktnet.de/homepages/neumann/Data/Michael/Kryptologie/Rc4/index.htm
http://www.uni-mannheim.de/studorg/gahg/rweis/rgp/rc4/
oder simply type in "RC4" at Lycos etc.
Eric
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an
Date: Mon, 12 Jul 1999 09:15:09 GMT
Nicol So wrote:
> [EMAIL PROTECTED] wrote:
> > Are you saying that non-deterministic processes exist?
The first point that should be made is that "random" and
"non-deterministic" are not the same thing.
Nondeterminism is, approximately, absence of preconstraint
on a choice. But having a free choice doesn't mean that the
overall phenomenon has to have significantly random behavior.
For example, shuffle a deck of (bridge) cards, spread it out
face up, and give your friend a free (secret) choice of any
of the first six cards. Then have him iterate the following:
Count down the row of cards the value of the current
card (10 for Jack, etc.)
He must note the last "current" card before he runs off the end.
The interesting thing is that you can predict the outcome
with much better odds than 1:5. (I think it turns out to be
better than 1:1.) The way you do it is to *also* make a free
choice among the first six cards, and follow the same procedure.
(Why this works is interesting to figure out, and it has
applications in cryptanalysis.) Thus, the outcome is not very
random, even though there was indeterminism in the initial
choice. In large physical systems, there can be a lot of
indeterminism, even down to the fundamental "laws of physics",
without necessarily seeing measurable randomness in the
behavior of the system (depending on the system, of course!).
Contrariwise, randomness can appear even when the rules of
behavior are completely deterministic. Chaotic dynamical
systems provide a modern illustration of this, when the
unavoidable initial uncertainty has diffused sufficiently.
> In my layman's understanding, the Copenhagen interpretation is
> the philosophical interpretation of QM currently favored by
> physicists.
No, it has fortunately fallen out of favor, and many physicists
never were happy with it.
> ... says that quantum mechanical descriptions of
> nature are non-deterministic because that's the way nature is.
However, the inherent indeterminism of quantum theory is indeed
thought to be an essential aspect of physics. Attempts to formulate
"deterministic" quantum theories (e.g. hidden-variable theories)
have been uniformly unsuccessful, and the Aspect experiments seem
to have permanently ruled that out.
> When people describe something as random, often what they really mean is
> that that something can be adequately modeled as random for their
> purpose. That's nothing profound and quite widely understood.
Actually, it often isn't clear what they mean by "random", nor
even whether they have a definite, rational meaning for the term.
Statistical theory provides precise meanings for terms like
"random variable", but that seldom seems to be what is intended
by most people who use the term "random".
Sometimes, "random" apparently denotes *physical* randomness,
which can be achieved by both quantum and non-quantum means.
(Non-quantum methods usually rely on thermal effects, which
would work even if the fundamental physics of heat really
were deterministic, as Kelvin, Boltzmann, etc. believed.)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Mon, 12 Jul 1999 11:27:41 +0200
wtshaw wrote:
>
> Making instructions, source code when taken to other programming languages
> and dialects actually work still require knowing what you are doing. Yes,
> I have had some experience in others writing programs according to my
> descriptions. Results vary, and usually get down to some fine points
> including sample encryptions and decryptions.
>
> A complete description is still a complete description. Generalizations
> are merely starting points, sure to produce a variation on the original.
> However, it may be of interest if a particular programming problem is
> solved in a different way with the same or similiar results.
I agree with you on the extreme importance and necessity of good
software engineering in crypto. The ideal in my opinion is that the
author gives detailed rationales of his design, a piece of pseudo-code
that comprises the essentials, an exemplary implementation with ample
comments and some test data and eventually also the binary executable
of his implementation.
As to your last sentence, my humble experience has been that there
are often different ways of doing something (small parts of an
algorithm) and that can under circumstances make quite a difference
in efficiency. However, one should never sacrifice clarity for
efficiency if stuffs published are intended for others to do their
own implementation and not simply for satisfying the author's amusement.
Employing tricks can 'revenge' in the way that errors remain
undetected, especially when one does updates after the elapse of
some considerable time.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher != PRNG
Date: Mon, 12 Jul 1999 09:23:15 GMT
[EMAIL PROTECTED] wrote:
> I think we are cought up in terminology. From what I understand now a
> PRNG normally forms some base structure, which is used in a 'combiner'
> to form a non-linear output.
No, it's not a matter of terminology; it's a fundamental misconception.
If I had to build a stream cipher with military-strength security,
I surely would *not* use any PRNG in its construction. (I might use
some *shift registers*, but not in a PRNG configuration.)
People who say that stream ciphers are all made that way simply have
not seen a wide enough variety of stream cipher systems.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Mon, 12 Jul 1999 09:40:30 GMT
Harvey Taylor wrote:
> BTW, does anyone know where the term nibble arose?
It was supposed to be "nybble", but was misspelled so often that
"nibble" seems to be the semi-official form now.
The earliest use I recall was in conjunction with Woz's weird
floppy-disk encoding scheme for the Apple II, where 4-bit chunks
needed to be handled.
But it's such an obvious pun that almost anyone could have
invented it.
------------------------------
From: Eric Hambuch <[EMAIL PROTECTED]>
Subject: Re: New numeral base encryption
Date: Mon, 12 Jul 1999 11:36:13 +0200
User wrote:
^ Would be nice to read your real name !
>
> I propose here a numeral "base" encryption using Virtual Calc 99
> and will describing an encryption using numeral conversion
> between base 64 to base 10 and to base 2.
>
> Plaintext (base 64)...
> HelloThereHowAreYouDoing
>
> Encryptedtext (base 10)
> 15061351343063661063141398769567998360495568
>
> Encryptedtext (base 2)
> 1010110011100101010101010110001101110
> 1000100111001101100111010101101100010
> 0000100100011011001110111100011000011
> 110100111011000010010010111010000
>
Okay, first: using another base is not a real encryption. If you know
the characteristics of the plain text
(e.g. english language) you can still guess which code belongs to which
letter, because the probability distribution
doesn�t change by a simple substitution (e.g. "e" ist about xxx %, "n"
about yyy % etc.).
> This can be easily done by using Virtual Calc 99
> Free download at http://www.edepot.com/phl.html
Oorg, Windows program. I won�t download it! Sourcecode (C or whatever)
would be better.
> Now to show you how strong this encryption method is (given that you
> already know how it works), I issue a small twist...
> I apply an operator function to it so that the base conversion has to
> deal with floating point, which will make the base conversion routine
> calculate to predefined precision...
Well, it�s strong because it depends on keeping the algorithm secret. A
good encryption has a public algorithm and only relies on a
secret key (okay, you can call the base and your function "the key"...)
Sorry for my bad english.
Greetings...
Eric Hambuch
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
Date: Mon, 12 Jul 1999 09:35:29 GMT
wtshaw wrote:
> In article <7m8tu7$ras$[EMAIL PROTECTED]>, David A Molnar
> <[EMAIL PROTECTED]> wrote:
> > So when Microsoft adopts Unicode as the "local character set",
> > does this mean all bytes become 16 bits in length?
> No. Remember, bloat is bad, regardless of how you justify it. Efficiency
> in crypto is user oriented, and you and I just don't need to allow for the
> stuctural nightmares found in some nations languages; just say no to
> trying to be all things to all people as an excuse for being unable to
> responsibly cater to the basic needs of any.
Please don't give silly advice, because it just uses up a lot of
time, effort, and bandwidth to straighten it out.
There is a widely accepted "multibyte" encoding of not only 16-bit
Unicode, but the full gamut of 31-bit ISO 10646, which does *not*
allocate a wide, fixed-size unit per character, but rather embeds
USASCII as a strict subset. Thus, every ASCII text file is already
suitably encoded, and text files that contain other international
characters use escape sequences as required. (This encoding has
gone by several names; the Unicode name is currently UTF-8.)
So, there is no need to exclude extended characters in order to
also maintain efficiency for the data files you find comfortable.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: Mon, 12 Jul 1999 11:56:28 +0200
Daniel Urquhart wrote:
>
> > Yes, in the way the U.S. has more strict limitations. The Wassenaar
> > arrangement had excluded, and continues to exclude, "public domain"
> > software (with a meaning broader than the meaning of "public domain"
> > in copyright law).
>
> Does this mean that I (a Canadain) can legally post/distribute any crypto
> stuff I want, as long as it was made in Canada and is not
> Copywrited/Patented ?
I have no information concerning Canadian specific issues. However,
previously in discussions about Wassenaar I gained the impression
that the term 'public domain' used by Wassenaar is fairly unclear
and need definite clarifications. I believe that EFC knows well in
these themes (or at least much better than most of us in this group).
Since you are in Canada, it would be fine, if you could ask the
people there and post your result to this group. The URL of EFC is
http://www.efc.ca/
I am not sure that Canada has already implemented Wassenaar. But it
would be interesting to know what exactly are currently allowed to be
exported from Canada, including internet publications.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
