Cryptography-Digest Digest #871, Volume #9 Mon, 12 Jul 99 17:13:03 EDT
Contents:
Re: How Big is a Byte? (was: New Encryption Product!) (Douglas W. Jones,201H
MLH,3193350740,3193382879)
PGPDisk 6.0.2i freely available (Macintosh) (David C. Oshel)
PGP technical info? (Coms 1003)
Re: Uncrackable? (mok-kong shen)
Re: Benfords law for factoring primes? (Bob Silverman)
Re: Blowfish Keysize ([EMAIL PROTECTED])
SSL and FTP over SSL -- Need resources. ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (Richard M. Alderson III)
Re: Uncrackable? ([EMAIL PROTECTED])
Re: PGPDisk 6.0.2i freely available (Macintosh) (David C. Oshel)
Re: How Big is a Byte? (was: New Encryption Product!) (Jim Gillogly)
Re: PGP technical info? (Paul Schlyter)
Re: Standard Hash usage (Keith A Monahan)
Re: Is it possible to combine brute-force and ciphertext-only in an (David A Molnar)
SHA-1 Implementation (Keith A Monahan)
VIC code ("Tony T. Warnock")
Re: Stream Cipher != PRNG (Jim Felling)
Re: VIC code (John Savard)
Re: Stream Cipher != PRNG (wtshaw)
Re: New numeral base encryption (wtshaw)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Douglas W. Jones,201H MLH,3193350740,3193382879)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: 12 Jul 1999 16:11:47 GMT
>From article <[EMAIL PROTECTED]>, by [EMAIL PROTECTED] ():
>
> Of course, that fellow had been reading the definition of "byte" found in
> Donald E. Knuth's description of the MIX computer, not realizing that it
> was not intended as a general definition of the term.
>
> However, AFAIK, that is the *only* place the term byte has ever been used
> to describe anything other than an (ahem) octet, ...
Try the DEC PDP-8 BSW (byte-swap) instruction, 7002 octal. This machine
had a 12 bit word, and BSW swapped the high and low halfwords. Of course,
most text I/O on the PDP-8 used 7-bit ASCII, and it was common to pack
text as 8-bit bytes, stored 3 bytes per 2 words of memory, but it was
also common to use "stripped ASCII", ASCII truncated to 6 bits with 3
control characters (% = CR/LF, @ = EOT, ^ = change case).
Or, look into the DEC PDP-10, where there the load-byte and store-byte
instructions allowed any byte size from 1 to 36. Popular sizes were
6, 7, 8 and 9. 6 and 9 bits per byte were popular because they divided
evenly into the word-size (36), and 9 allowed ASCII with the extra bit
used for character set extension. 7 was popular because it allowed
"optimal" packing of ASCII text into machine words (you could put 5
7-bit bytes per 36-bit word), and 8 was popular where industry
compatability was the primary concern.
I used to program on a CDC 6600 back in the early 1970's. At the time,
that was the fastest computer on earth, and the machine for which the
term supercomputer was coined. The 6600 a 15-bit instruction syllable
(packed 4 to a 60-bit word). Text was almost always stored using a
6-bit "BCD" character set, but most programmers in my time on that
machine talked about 6-bit bytes. The hardware had no support for byte
addressing -- you did everything with shift and mask operations.
Doug Jones
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (David C. Oshel)
Subject: PGPDisk 6.0.2i freely available (Macintosh)
Date: Mon, 12 Jul 1999 12:02:20 -0500
ftp://ftp.no.pgpi.com/pub/pgp/6.0/6.0.2/PGPfreeware602.hqx
An oversight?
--
David C. Oshel http://pobox.com/~dcoshel
Cedar Rapids, IA [EMAIL PROTECTED]
``Tension, apprehension and dissension have begun.''
-- Duffy Wyg&, in Alfred Bester's _The Demolished Man_
------------------------------
From: Coms 1003 <[EMAIL PROTECTED]>
Subject: PGP technical info?
Date: Mon, 12 Jul 1999 13:36:06 -0400
Does anyone know where I can get technical PGP info from? The standard
refs by Zimmerman aren't specific enough. For instance, how is RSA
implemented (is it padded with random bits?). What is the algorithm for
choosing the random IDEA key? Etc.
Thanks.
------------------------------
From: mok-kong shen <[EMAIL PROTECTED]>
Subject: Re: Uncrackable?
Date: Mon, 12 Jul 1999 20:54:08 +0200
[EMAIL PROTECTED] wrote:
>
> Where A is not used for rotation. In this all you have todo is guess
> the rotation and solve as before. It is admitedly more difficult but
> not as one-way as it could be.
If the rotation is pseudo-randomly determined, you have to guess
these numbers. How do you procede to do that in concrete terms?
M. K. Shen
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Benfords law for factoring primes?
Date: Mon, 12 Jul 1999 17:51:09 GMT
In article <[EMAIL PROTECTED]>,
mok-kong shen <[EMAIL PROTECTED]> wrote:
> Blank wrote:
> >
> > Has anyone looked into using Benfords ( prob first digit D = log
1+1/D ) law
> > to sort the lists of potential factors for brute force prime
cracking? Do
> > observable primes obey Benfords law. Its late here and my quickly
hacked
> > little VB pgm seems to say no.
>
> The cause that one probably has neglected that could be that the
> benefit resulting from the law
Your reply "assumes facts not in evidence".
I ask:
What benefit?
Specify an algorithm by which doing trial division by primes whose
most significant decimal digit is "1" gives a speed improvement.
A straight application will make it SLOWER on average. To see this
I give a hint: If N is a randomly chosen large integer, the
probability that a prime p divides N is 1/p. A full explanation
will follow if noone gets it.
This entire thread is "wrong headed"
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Blowfish Keysize
Date: Mon, 12 Jul 1999 18:56:34 GMT
In article <[EMAIL PROTECTED]>,
BB <[EMAIL PROTECTED]> wrote:
> Is anyone familiar with the blowfish algorithm support under
> Linux? What changes need to be made to modify the key and
> block sizes?
Well blowfish should work under any platform. There should be source
code at 'www.counterpane.com' to look at.
As for the block size, it is curently fixed. Changing will require a
change in the algorithm completely. If you are keenly interested look
at Twofish which is from counterpane as well.
The keysize however is variable from 0 to 448 bits.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: SSL and FTP over SSL -- Need resources.
Date: Mon, 12 Jul 1999 19:22:14 GMT
I am developing an FTP server specialized for electronic commerce.
Among other requirements, it must support SSL.
Where can I get the most up-to-date reference on SSL?
Do any specs exist for implementing FTP over SSL?
The only thing I have is an internet draft which I expired early in
1997. (I-D The SSL Protocol ; Freier, Karlton, Kocher; Nov 18,1996)
BTW, the part that follows is slightly off topic here in sci.crypt, but
please don't flame me -- it is relevant to the project as a whole.
This will be on the NT platform (not my choice).
My current plan is to use the Win32 CryptoAPI for the actual
cryptography, but implement the particulars of the protocol in-house.
I decided this because all the available packages I have found are
either outrageously expensive (SSLPlus) or have export restrictions from
the US (ssleay).
If anyone wants to tell me I'm FOS, please let me know. I'm sure I do
not know all the options.
Thanks in advance,
Mark Borgerding
Sr. Software Developer
Sterling Commerce, Inc
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Richard M. Alderson III)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: 12 Jul 1999 19:33:25 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] (John Savard) writes:
>[EMAIL PROTECTED] (Paul Schlyter) wrote, in part:
>>You should read the manuals to some old mainframe computers, e.g. the DEC-10
>>where bytes could be 7, 8 or even 9 bits
>Although I'm well aware that many old mainframe computers had 6 bit
>_characters_, I didn't realize that the PDP-10 did use the term "byte" in
>referring to its variable-length character feature in its documentation.
Yup, and even in the names of instructions for handling bytes:
LDB LoaD Byte
DPB DePosit Byte
ILDB Increment (pointer) and LoaD Byte
IDPB Increment (pointer) and DePosit Byte
IBP Increment Byte Pointer
ADJBP ADJust Byte Pointer (same opcode as IBP, non-zero AC containing
amount by which to adjust pointer--can be negative to back up)
--
Rich Alderson Last LOTS Tops-20 Systems Programmer, 1984-1991
Current maintainer, MIT TECO EMACS (v. 170)
last name @ XKL dot COM Chief systems administrator, XKL LLC, 1998-now
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Uncrackable?
Date: Mon, 12 Jul 1999 18:35:33 GMT
In article <[EMAIL PROTECTED]>,
mok-kong shen <[EMAIL PROTECTED]> wrote:
> One can improve by introducing a pseudo-randomly determined cyclic
> rotation of the bits in a word. Disregarding the variations (XOR vs.
> +), P is encrypted with the 'combined' output of three generators.
> The idea of combination of outputs of (any number of) PRNGs stems
> from Wichmann and Hill, who showed that the combined sequence is
> more uniform than the component sequences.
Not really this falls to a divide and conquer attack as well. For any
n-bit PRNG output only log2(n) bits are active in the rotation which
means it's not complete.
I.e
A = PRNG1, B = PRNG2, C = PRNG3
output = (((A xor B) <<< B) xor C) <<< C
Where A is not used for rotation. In this all you have todo is guess
the rotation and solve as before. It is admitedly more difficult but
not as one-way as it could be.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (David C. Oshel)
Subject: Re: PGPDisk 6.0.2i freely available (Macintosh)
Date: Mon, 12 Jul 1999 13:43:57 -0500
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(David C. Oshel) wrote:
> ftp://ftp.no.pgpi.com/pub/pgp/6.0/6.0.2/PGPfreeware602.hqx
>
> An oversight?
Oops, should have been
ftp://ftp.no.pgpi.com/pub/pgp/6.0/6.0.2i/PGPfreeware602i-ppc.bin (or .hqx)
If the 602i version has PGPDisk in it, why not the DH-only 602?
Just wondering.
--
David C. Oshel http://pobox.com/~dcoshel
Cedar Rapids, IA [EMAIL PROTECTED]
``Tension, apprehension and dissension have begun.''
-- Duffy Wyg&, in Alfred Bester's _The Demolished Man_
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Mon, 12 Jul 1999 11:41:47 -0700
John Savard wrote:
> Although I'm well aware that many old mainframe computers had 6 bit
> _characters_, I didn't realize that the PDP-10 did use the term "byte"
> in referring to its variable-length character feature in its
> documentation.
Here's my PDP-10 Reference Manual (this one's dated 1971; previous
copyright dates on the IP page go back to 1967). In the glossary
it says "Byte: Any contiguous set of bits within a word." In the
intro it says "The hardware permits automatic packing, unpacking, and
sequential access of any size bytes. Since characters are frequently
represented as 7-bit ASCII code, the 36-bit word contains 5 characters.
When a 6-bit subset of ASCII is employed, six characters are stored
per 36-bit word."
A set of instructions for dealing with bytes: LDB (load byte),
DPB (deposit byte), IBP (increment byte pointer), ILDB (increment
pointer and load byte), IDPB (increment pointer and deposit byte).
Each takes as part of the opcode the number of bits in the byte;
6 bits (bits 6 through 11, counting from the 0-origin high bit)
are used to specify the number of bits in the byte.
--
Jim Gillogly
Mersday, 19 Afterlithe S.R. 1999, 18:32
12.19.6.6.7, 5 Manik 15 Tzec, First Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: PGP technical info?
Date: 12 Jul 1999 20:20:13 +0200
In article <[EMAIL PROTECTED]>,
Coms 1003 <[EMAIL PROTECTED]> wrote:
>Does anyone know where I can get technical PGP info from? The standard
>refs by Zimmerman aren't specific enough. For instance, how is RSA
>implemented (is it padded with random bits?). What is the algorithm for
>choosing the random IDEA key? Etc.
Why don't you download the source code of PGP and examine it? Then you'll
be able to find out any technical detail you want about the code
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Standard Hash usage
Date: 12 Jul 1999 19:09:39 GMT
Just FYI,
Steve's implementation is excellent. Not only is his code clean and concise,
it's in ONE file total, no additional annoying 5 line header files to worry
about, is well commented, and even includes an example driver program in the
same .c file that compiles the first time.
Keith
Richard Parker ([EMAIL PROTECTED]) wrote:
: Steve Reid wrote a public domain implementation of SHA-1 in C.
: It is available at the following URL:
: <ftp://ftp.funet.fi/pub/crypt/hash/sha/>
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Is it possible to combine brute-force and ciphertext-only in an
Date: 12 Jul 1999 19:34:43 GMT
wtshaw <[EMAIL PROTECTED]> wrote:
> It might, for no other purpose, help drive an attacker mad. And, you
> would have a difficult time convincing someone who *wanted* to know that
> it was just nonsense and you were not hiding anything.
An illustration of this may be found in _Cryptonomicon_ .
-David
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: SHA-1 Implementation
Date: 12 Jul 1999 19:01:46 GMT
When doing the padding inside the SHA-1 function, AC says, "First, the
message is padded so that its length is just 64 bits short of being a multiple
of 512."
I know this is probably implied here, but just to be clear, this means that
The message must be padded so that it's length is EXACTLY 64 bits short of
512.
...which means that if your original message length is, say, 482 bits long,
you must pad all the way up to the next multiple, in this case 1024-64 or
960.
Then, at that point, the 64-bit representation of the original length is added.
It's interesting that in my example that the padding (including the length
count) is 542 bits, some 60 bits more than the original message!
Just thinking out loud...
Master of the Obvious,
Keith
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: VIC code
Date: Mon, 12 Jul 1999 14:15:41 -0600
Reply-To: [EMAIL PROTECTED]
Does anyone have any knowledge about the security of the old Soviet VIC
code? It's cute, anyway.
Tony
------------------------------
From: Jim Felling <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Stream Cipher != PRNG
Date: Mon, 12 Jul 1999 15:44:33 -0500
"Douglas A. Gwyn" wrote:
> [EMAIL PROTECTED] wrote:
> > I think we are cought up in terminology. From what I understand now a
> > PRNG normally forms some base structure, which is used in a 'combiner'
> > to form a non-linear output.
>
> No, it's not a matter of terminology; it's a fundamental misconception.
> If I had to build a stream cipher with military-strength security,
> I surely would *not* use any PRNG in its construction. (I might use
> some *shift registers*, but not in a PRNG configuration.)
> People who say that stream ciphers are all made that way simply have
> not seen a wide enough variety of stream cipher systems.
Could you give an example of such a creature( even a toy cypher would be
cool ). I can definitely see that any keyable PRNG is usable as a stream
cypher, and that any stream cypher can be used to output a PRNG type data
stream, (i.e. fix the input to a constant and run the cypher continuously,
or in a feed back mode). I am curious as to how a PRNG less stream cypher
may be constructed)
Thanks in advance
Jim
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: VIC code
Date: Mon, 12 Jul 1999 20:28:00 GMT
"Tony T. Warnock" <[EMAIL PROTECTED]> wrote, in part:
>Does anyone have any knowledge about the security of the old Soviet VIC
>code? It's cute, anyway.
David Kahn believed it to be effectively unbreakable. Presumably, if
one had a large number of messages to work with - it was used for
microfilm communications between spies, few of which would even be
intercepted - attacks might be possible.
It's clearly considerably more secure than the ADFG(V)X cipher.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Stream Cipher != PRNG
Date: Mon, 12 Jul 1999 15:29:42 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>
> But as DAG has pointed out, there are other ways of having stream
> ciphers that don't involve a PRNG at all, as I also noted by
> describing the "self-synchronizing" type of stream cipher, where a
> function of several previous ciphertext bytes is applied to each byte
> of plaintext to encipher it.
>
> Essentially, this is similar to the block cipher mode known as CFB,
> for Cipher FeedBack.
>
What you get is a sort of souped-up autocipher.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: New numeral base encryption
Date: Mon, 12 Jul 1999 15:25:54 -0600
In article <[EMAIL PROTECTED]>, Eric Hambuch
<[EMAIL PROTECTED]> wrote:
> User wrote:
>
> ^ Would be nice to read your real name !
>
> >
> > I propose here a numeral "base" encryption using Virtual Calc 99
> > and will describing an encryption using numeral conversion
> > between base 64 to base 10 and to base 2.
> >
One of my principles is to use the most route if possible between bases.
Since 2 and 64 can be done seamlessly, I would work toward that. I'm
working up an application that goes between 27 and 81 in a similiar
manner. I still have options of keys to do substitution and transposition
steps as you will see.
--
Rest sometimes allows you to find new things to worry about but should give you the
patience to do something about them.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
