Cryptography-Digest Digest #882, Volume #9 Wed, 14 Jul 99 20:13:02 EDT
Contents:
Re: Replacing IDEA with Blowfish ([EMAIL PROTECTED])
Re: Funny News ([EMAIL PROTECTED])
software access control ([EMAIL PROTECTED])
Re: software access control (John Savard)
Re: Problems with the RC4 algorithm ([EMAIL PROTECTED])
Re: What is the "real" length of a key in 3-key 3DES? ("karl malbrain")
Re: Problems with the RC4 algorithm ([EMAIL PROTECTED])
Re: What is a fractal? ("Matt Timmermans")
Re: What is the "real" length of a key in 3-key 3DES? ("Kristof Burek")
Re: How Big is a Byte? (was: New Encryption Product!) ("donald tees")
Re: Problems with the RC4 algorithm ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (Barnacle)
Re: How Big is a Byte? (Erik Trulsson)
Re: What is the "real" length of a key in 3-key 3DES? (Mickey McInnis)
Re: What is the "real" length of a key in 3-key 3DES? (Mickey McInnis)
Re: software access control (Peter Gunn)
Re: Problems with the RC4 algorithm ([EMAIL PROTECTED])
Re: What is the "real" length of a key in 3-key 3DES? ("Richard Parker")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Replacing IDEA with Blowfish
Date: Wed, 14 Jul 1999 18:06:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I am very skeptical about using Blowfish/Twofish in my applications.
I
> know that Bruce Schneier is very capable of creating a good encryption
> algorithm, but Blowfish has not withstood the attacks that IDEA has
(at
> least not yet anyway). If I ever distribute my programs I am going to
> have to take IDEA out of it b/c of licensing. Would it be a good idea
> to to replace IDEA with Blowfish or should I use something like 3DES?
> (If you are wondering, the symmetric part of this program are used
with
> session keys..with an overlying public key system.)
Clear some things up...
1) Both have 'weak' keys. In blowfish you have a 2^-14 chance of
getting a random key that produces 'collisions' in the sboxes. In IDEA
you have a 2^-96 chance of picking a key with weak multiplications
(they are identities...). The later can be exploited much quicker then
in Blowfish and Blowfish with 16 rounds has not been broken yet.
2) In software Blowfish is about 3 times faster (if not more) then
IDEA. It's well suited for 32-bit desktop type computers. IDEA
however is well suited for low memory applications ... that's
questionable though.
3) There are designs for Blowfish in hardware, I dunno if they have
been done yet or not. IDEA was designed for hardware and software
(somewhat).
In general I think they are both competent algorithms but Blowfish is
probably a better bet for software. Serge Vaudenay is the person who
cryptanalyzed Blowfish if you are interested I have a URL of his page...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Funny News
Date: Wed, 14 Jul 1999 17:56:36 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> but I'll always be thankful of the 3000 miles of water between your
> legal system and my house.
I will let you in on a secret. The Brits want a crypto law as well, it
can be only a matter of time before other coutries fold as well.
BTW I live in the Great White North so let's avoid stereotyping me with
the states ok?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: software access control
Date: Wed, 14 Jul 1999 17:57:18 GMT
Does anybody know where I can find information, if any, on implementing
access control in software using security clearances? More or less, I'm
looking for ways to restrict a person's "need to know" on any basis,
such as clearance.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: software access control
Date: Wed, 14 Jul 1999 19:10:52 GMT
[EMAIL PROTECTED] wrote, in part:
>Does anybody know where I can find information, if any, on implementing
>access control in software using security clearances? More or less, I'm
>looking for ways to restrict a person's "need to know" on any basis,
>such as clearance.
It's easy enough to write a piece of software that will only enable
certain functions if a password is entered, but if people have access
to the software itself, it can be disassembled, so the security
attained would be very limited, falling far short of what is needed to
safeguard classified materials, if indeed such matters are involved.
Using "P-code" or fancy assembler tricks, one can encrypt portions of
an executable program. If everything in a program you wish to control
access to - code or data - can be encrypted, then using separate keys
for each function, and including with the program a database of users,
including, for each user, the keys he is to have access to, encrypted
by his password, you can at least *approach* the sort of functionality
you appear to be discussing.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Problems with the RC4 algorithm
Date: Wed, 14 Jul 1999 19:30:20 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Doug Stell) wrote:
> Tom identified the problem correctly.
Yeah, one point (can we keep a tally?)
> By not reinitializing the state, you have essentially done two passes
> of encryption over the data, rather than an encyrption and decryption.
> (Encryption and decryption are identical operations with the identical
> byte stream.)
A word of caution this would not be 'double encryption' though, and is
no more secure then a single pass. (In case you had any funny ideas on
how to make RC4 'more secure'...).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Wed, 14 Jul 1999 11:50:47 -0700
Roger Fleming <[EMAIL PROTECTED]> wrote in message
news:7mi3q5$vs0$[EMAIL PROTECTED]...
> "Kristof Burek" <[EMAIL PROTECTED]> wrote:
> >anyone throw any light on how much more secure than 1-key 1DES 3-key
3DES
> The best known attack against DES triple encryption with three independant
> keys is a meet in the middle (MITM) attack requiring 3 or 4 blocks of
known
> plaintext, 2^111 DES operations, and a vast amount of memory (probably
more
> than exists in the entire world). This attack is totally infeasible today,
and
> will probably remain so for quite a few decades.
...(snip)...
> To the best of my knowledge, there is no attack on triple DES for which
chosen
> plaintext provides a useful advantage ....
Again, with <<vast amounts of memory>> 2^63 DES operations with chosen
plaintext can capture ALL mappings of plaintext to ciphertext blocks to
break 1DES, 2DES or nDES with 1, 2 or n keys. Karl M
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Problems with the RC4 algorithm
Date: Wed, 14 Jul 1999 19:34:35 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Doug Stell) wrote:
> Tom identified the problem correctly.
Yeah, one point (can we keep a tally?)
> By not reinitializing the state, you have essentially done two passes
> of encryption over the data, rather than an encyrption and decryption.
> (Encryption and decryption are identical operations with the identical
> byte stream.)
A word of caution this would not be 'double encryption' though, and is
no more secure then a single pass. (In case you had any funny ideas on
how to make RC4 'more secure'...).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: What is a fractal?
Date: Wed, 14 Jul 1999 11:51:53 -0400
Fractal is a term coined by Benoit B. Mandlebrot. It is short for
"fractional dimension". I think it was first published widely in his book
"The Fractal Geometry of Nature". You should be able to find it at any
library, and this is the only book I've seen that does a really good job of
answering your question. I would help more directly, but right now I can't
think of a way to write a posting-sized overview overview of the concept.
------------------------------
From: "Kristof Burek" <[EMAIL PROTECTED]>
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Wed, 14 Jul 1999 20:44:55 +0100
karl malbrain <[EMAIL PROTECTED]> wrote in message
news:2TOi3.106$[EMAIL PROTECTED]...
|
| If you use <<brute-force>> to capture ALL of the 2^63 mappings between
| plain-text and cipher-text, you have broken 1DES 2DES 3DES ... (or any
other
| 64 bit block cipher) for the given KEY. Karl M
|
|
Aaaaaahhhhhh, the luxury of a chosen plaintext attack!
------------------------------
From: "donald tees" <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Wed, 14 Jul 1999 12:07:14 -0400
[EMAIL PROTECTED] wrote in message
>
>Yup. They couldn't count on two hands.
>
If God had meant us to think in decimal, she would not have given us four
fingers and a parity thumb on each hand.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Problems with the RC4 algorithm
Date: Wed, 14 Jul 1999 19:33:25 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Doug Stell) wrote:
> Tom identified the problem correctly.
Yeah, one point (can we keep a tally?)
> By not reinitializing the state, you have essentially done two passes
> of encryption over the data, rather than an encyrption and decryption.
> (Encryption and decryption are identical operations with the identical
> byte stream.)
A word of caution this would not be 'double encryption' though, and is
no more secure then a single pass. (In case you had any funny ideas on
how to make RC4 'more secure'...).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Barnacle)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Wed, 14 Jul 1999 20:39:04 GMT
In article <7mhune$ns2$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Matthew Gates) wrote:
>>In article
><[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (John Varela) writes:
>>> On Mon, 12 Jul 1999 22:15:52, [EMAIL PROTECTED] (Matthew Gates)
>>> wrote:
>>>
>>>> In article <[EMAIL PROTECTED]>,
>>>> Boris Kazak <[EMAIL PROTECTED]> writes:
>>>> > Just as B(reast) has two N(ipples), B(yte) has two N(ibbles)
>>>>
>>>> Breast singular, two nipples?
>>>
>>> That's udderly ridiculous.
>>
>>So I was milking the joke...
>>
>Leaving a sour taste in your mouth.
>
Oh no, not anudder cheesy pun...
------------------------------
From: Erik Trulsson <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
Date: 14 Jul 1999 18:01:36 GMT
In alt.folklore.computers Eric J. Korpela <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Gergo Barany <[EMAIL PROTECTED]> wrote:
>>In article <7mal54$khv$[EMAIL PROTECTED]>, Eric J. Korpela wrote:
>>>In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>>>>However, AFAIK, that is the *only* place the term byte has ever been used
>>>>to describe anything other than an (ahem) octet
>>>
>>>I believe that the current C standard uses the term byte to mean the minimum
>>>addressable unit of storage (i.e. the unit of storage in which a "char" will
>>>fit.) Number of bits is only specified by lower bound.
>>
>>The number of bits is specified by the CHAR_BIT macro in limits.h.
> I meant specified by the C standard. IIRC, the C standard specifies that
> char must be able to hold at least 256 (or is it 255?) unique values.
> I didn't mean it is indeterminable.
A plain char need only be able to hold the values between -127 and +127
(inclusive) giving 255 unique values, while an unsigned char need to
be able to hold all values between 0 and 255.
> CHAR_BIT isn't a specification, it's a value defined by the implementation.
Yep, and it must be at least 8.
> --
> Eric Korpela | An object at rest can never be
> [EMAIL PROTECTED] | stopped.
> <a href="http://sag-www.ssl.berkeley.edu/~korpela">Click for home page.</a>
--
<Insert your favourite quote here.>
Erik Trulsson
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: 14 Jul 1999 21:20:23 GMT
Reply-To: [EMAIL PROTECTED]
In article <7mia8t$fea$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Patrick Juola)
writes:
...
|>
|> Not so. New article in J. Cryptology by our old friend Eli Biham
|> takes 3DES apart in about 2^64 steps.
|>
|> Ouch. History in the making. "May you live in interesting times."
|>
|> -kitten
Is there a "simple" description of the method, or an online synopsis, etc.?
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: 14 Jul 1999 22:46:25 GMT
Reply-To: [EMAIL PROTECTED]
In article <Q18j3.5039$[EMAIL PROTECTED]>, "Richard Parker"
<[EMAIL PROTECTED]> writes:
|> In article <7miuun$26ua$[EMAIL PROTECTED]>,
|> [EMAIL PROTECTED] (Mickey McInnis) wrote:
|>
|> > In article <7mia8t$fea$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
|> > (Patrick Juola) writes:
|> > ...
|> > |>
|> > |> Not so. New article in J. Cryptology by our old friend Eli Biham
|> > |> takes 3DES apart in about 2^64 steps.
|> > |>
|> > |> Ouch. History in the making. "May you live in interesting times."
|> > |>
|> > |> -kitten
|> >
|> > Is there a "simple" description of the method, or an online synopsis, etc.?
|>
|> Information about this article is available at the following URL:
|>
|> <http://link.springer.de/link/service/journals/00145/bibs/12n3p161.html>
|>
|> -Richard
|>
Unfortunately, there's no useful content there. Just a statement
that a weakness exists.
Thanks though.
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Subject: Re: software access control
Date: Wed, 14 Jul 1999 20:40:40 +0100
I suppose you could farm out your functionality onto a bunch
of dynamically loaded libraries (DLLs or shared libs) and
encrypt those as just binary files and unencrypt them
before loading for authorised users. This would help
to avoid P-Code and so on.
Just an idea :-)
PG.
John Savard wrote:
> [EMAIL PROTECTED] wrote, in part:
>
> >Does anybody know where I can find information, if any, on implementing
> >access control in software using security clearances? More or less, I'm
> >looking for ways to restrict a person's "need to know" on any basis,
> >such as clearance.
>
> It's easy enough to write a piece of software that will only enable
> certain functions if a password is entered, but if people have access
> to the software itself, it can be disassembled, so the security
> attained would be very limited, falling far short of what is needed to
> safeguard classified materials, if indeed such matters are involved.
>
> Using "P-code" or fancy assembler tricks, one can encrypt portions of
> an executable program. If everything in a program you wish to control
> access to - code or data - can be encrypted, then using separate keys
> for each function, and including with the program a database of users,
> including, for each user, the keys he is to have access to, encrypted
> by his password, you can at least *approach* the sort of functionality
> you appear to be discussing.
>
> John Savard ( teneerf<- )
> http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Problems with the RC4 algorithm
Date: Wed, 14 Jul 1999 23:50:44 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> > A word of caution this would not be 'double encryption' though, and
is
> > no more secure then a single pass. (In case you had any funny ideas
on
> > how to make RC4 'more secure'...).
>
> lol yeah, I learned that from Applied Cryptography.
Well it also just makes sense. That if you have
C = RNGA xor RNGB
You can synthesize C with RNGC ...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: What is the "real" length of a key in 3-key 3DES?
Date: Thu, 15 Jul 1999 00:03:25 GMT
In article <7mj401$258m$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mickey McInnis) wrote:
> In article <Q18j3.5039$[EMAIL PROTECTED]>, "Richard Parker"
> <[EMAIL PROTECTED]> writes:
> ...
> |>
> |> Information about this article is available at the following URL:
> |>
> |> <http://link.springer.de/link/service/journals/00145/bibs/12n3p161.html>
> |>
> |> -Richard
> |>
>
> Unfortunately, there's no useful content there. Just a statement
> that a weakness exists.
>
> Thanks though.
If you sign up for a free one-week trial subscription to LINK you can
download the entire article in PDF format from that URL. Here is a
brief excerpt:
In this paper we go one step further. We develop additional
cryptanalytic techniques to attack multiple (cascaded)
modes, and show that all the double modes and all the triple
modes of DES, except the triple ECB mode, are not much more
secure than a single encryption against finding their keys.
These techniques use known plaintext, chosen plaintext, or
chosen ciphertext attacks. Only a handful of these
techniques require more demanding attacks (such as adaptive
attacks or known initial value attacks) to find the complete
key. If we also consider the dictionary attack against the
triple ECB mode (in which case the key remains unknown, but
the attacker can encrypt and decrypt under the unknown key
using 2 64 known plaintexts), all the triple modes are
considered not much more secure than a single encryption.
All the attacks on all the modes we describe in this paper
exhaustively search for the key of one single-mode component
at a time using information obtained by the various
techniques, and do not assume any special assumptions on the
internals of the underlying blockciphers. In particular
(unlike in [5]), all these attacks do not use differential
crypt-analysis [8], linear cryptanalysis [20], nor other
kinds of attacks based on the internals of the ciphers [4],
[7]. Therefore, all the attacks are applicable to any
blockcipher, and their complexity depends only on the block
size and the key size.
-Richard
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
