Cryptography-Digest Digest #885, Volume #9 Thu, 15 Jul 99 15:13:03 EDT
Contents:
Re: Weak keys question (was Replacing IDEA with Blowfish) ([EMAIL PROTECTED])
Re: PGP technical info? (Steve Bryan)
Re: Weak keys question (was Replacing IDEA with Blowfish) ([EMAIL PROTECTED])
Re: linear complexity of Lagged Fibo Generators (Mok-Kong Shen)
Re: Funny News (Bob Silverman)
linear complexity of Lagged Fibo Generators ([EMAIL PROTECTED])
Re: Weak keys question (was Replacing IDEA with Blowfish) (Bauerda)
Re: Funny News ([EMAIL PROTECTED])
Re: Why public key in PGP ([EMAIL PROTECTED])
Re: linear complexity of Lagged Fibo Generators ([EMAIL PROTECTED])
Re: How to crack monoalphabetic ciphers ([EMAIL PROTECTED])
Re: DES key with SSLeay ([EMAIL PROTECTED])
How to crack monoalphabetic ciphers ([EMAIL PROTECTED])
Re: randomness of powerball, was something about one time pads (fungus)
Re: randomness of powerball, was something about one time pads (Christopher)
Re: randomness of powerball, was something about one time pads (John Savard)
Re: How to crack monoalphabetic ciphers ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (Richard Shetron)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Weak keys question (was Replacing IDEA with Blowfish)
Date: Thu, 15 Jul 1999 14:54:24 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Is there a 'standard' way of dealing with this? For example with
> Blowfish,
> after generating the key schedule, one could check for 'collisions' in
> the
> s-boxes. If a collison is found there seems to me to be several
options
> (depending on circumstance). These are
> a/ ignore the collision - I won't tell anyone if you won't :-)
> b/ if derived form a user entered pass-phrase, ask the user
> to enter another pass-phrase,
> c/ if derived from some random source, then get another (partial)
> random key.
I would say 'a'. From the report you can detect the collions upto a
point but you can't exploit them. You will also not know the sbox
values. I don't think it's a great risk. Also this requires about
2^23 chosen plaintexts to detect (if I am right...) which means for the
most part the attacker will not know one way or the other...
>
> Why isn't there some 'auto collsion avoidance' build into these
> algorithms?
> For Blowfish, one could envisage say, incrementing a duplicate s-box
> entry
> until all the entries are unique, or perhaps incrementing the key and
> repeating
> the key schedule generation until there are no collisions.
Well key schedules are designed to avoid collisions the first time. If
you have to repeat the key schedule it will be a) slow and b)
vulnerable to timing attacks anyways...
Sometimes the keyschedule creates permutations or complete functions so
this isn't such a deal but when 'random' boxes have to be created you
can run into such collisions. In general there is no 'real' way to
avoid such collisions otherwise the creation process would be
correlated (thus bad).
I wonder what the chances of collision there is in RC5? Has anyone
ever tried?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Steve Bryan)
Subject: Re: PGP technical info?
Date: Thu, 15 Jul 1999 10:57:06 -0500
In article
<[EMAIL PROTECTED]>, Coms
1003 <[EMAIL PROTECTED]> wrote:
> Does anyone know where I can get technical PGP info from? The standard
> refs by Zimmerman aren't specific enough. For instance, how is RSA
> implemented (is it padded with random bits?). What is the algorithm for
> choosing the random IDEA key? Etc.
>
> Thanks.
Why not just download the source code and see exactly what is being done?
It is available at www.pgpi.com and probably some other locations as well.
--
Steve Bryan
Vendorsystems, Intl
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Weak keys question (was Replacing IDEA with Blowfish)
Date: Thu, 15 Jul 1999 15:43:46 GMT
> The "weak keys" are not weak in Blowfish; they are weak in reduced
> round variants of Blowfish. The key schedule was slow enough that I
> didn't want to burden it with additional complications.
So why didn't you seek alternative methods? The current key schedule
is really simple (which is a plus) but other key schedules like RC5 are
simple and have yet to be formally attacked (if feasible).
If the keyschedule were faster it would make Blowfish that more
attractive for 64-bit block cipher applications.
Just wondering...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: linear complexity of Lagged Fibo Generators
Date: Thu, 15 Jul 1999 18:09:19 +0200
[EMAIL PROTECTED] wrote:
>
> And I don't have access to Knuth's 2nd Volume so please snippets or
> online info. I really want to get the book but lack-o-moola prevents
> me... (How much is it anyways?)
Is there a scientific library in your vicinity?
M. K. Shen
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Funny News
Date: Thu, 15 Jul 1999 16:10:55 GMT
In article <7mfonu$n1a$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
> dress?) and I semi-quote
>
> " Terroists can use encryption technologies making wiretaps
effectively
> useless and crime prevention much harder ... "
>
> Basically she was advocating the restrictions.
>
> My question is (this is an open question), What good do these
> regulations ACTUALLY provide?
Read the (joint) book by Whit Diffie and Susan Landau on the
politics of wiretapping.
The basic answer is: very little if any.
There have been ZERO documented cases where a wiretap has been
prevented because of encryption.
However, I think the question is, or should be, moot. I paraphrase
Ben Franklin:
Those willing to give up essential liberty for a little safety are
deserving of neither.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: linear complexity of Lagged Fibo Generators
Date: Thu, 15 Jul 1999 15:46:51 GMT
Where could I find a formal introduction into the linear complexity of
lagged fibonacci generators? What I want is something describing the
period of each bit in the generator.
For example the first bit is a LFSR so it has a period of 2^r - 1. The
second bit has a period of ? and the next ?
I bet this is how they actually calculated the length (period) of these
generators. But I would like to learn it myself.
And I don't have access to Knuth's 2nd Volume so please snippets or
online info. I really want to get the book but lack-o-moola prevents
me... (How much is it anyways?)
Thanks,
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Bauerda)
Subject: Re: Weak keys question (was Replacing IDEA with Blowfish)
Date: 15 Jul 1999 14:46:10 GMT
>Why isn't there some 'auto collsion avoidance' build into these
>algorithms?
>For Blowfish, one could envisage say, incrementing a duplicate s-box
>entry
>until all the entries are unique, or perhaps incrementing the key and
>repeating
>the key schedule generation until there are no collisions.
>
Or, even easier, use a different method to make the s-boxes. The four 8x32
s-boxes could be made by sticking together 16 permutations of 0..255. Or, use
the standard setup and then replace the top (or bottom) bytes in each s-box a
permutation of 0..255. Both of these eliminate the possibility of duplicate
s-box entries.
David Bauer
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Funny News
Date: Thu, 15 Jul 1999 16:19:09 GMT
In article <7ml163$k1e$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <7mfonu$n1a$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Watching CNN today I saw a clip of Janet Reno (hey wheres the blue
> > dress?) and I semi-quote
> >
> > " Terroists can use encryption technologies making wiretaps
> effectively
> > useless and crime prevention much harder ... "
> >
> > Basically she was advocating the restrictions.
> >
> > My question is (this is an open question), What good do these
> > regulations ACTUALLY provide?
>
> Read the (joint) book by Whit Diffie and Susan Landau on the
> politics of wiretapping.
>
> The basic answer is: very little if any.
>
> There have been ZERO documented cases where a wiretap has been
> prevented because of encryption.
Possibly because they have been hidden? What if the NSA cracked a
message and prevented a crime (or performed an arrest). Would they
admit they broke the cipher? (now the spooky oooh sound starts...)
> However, I think the question is, or should be, moot. I paraphrase
> Ben Franklin:
>
> Those willing to give up essential liberty for a little safety are
> deserving of neither.
That's a good quote. Should staple that to Janet Renos head... Of
course she does affect me much (unless she visits the GWN much...)
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why public key in PGP
Date: Thu, 15 Jul 1999 17:13:39 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> PGP uses a -pair- of keys: one for encryption, the other to decrypt.
> One may be made public while the other remains private.
>
> If you send a message to me encrypted with my public key, no one can
> decrypt it but me 'n the NSA. This allows you to send personal
messages
> to me.
I seriously doubt that the NSA has the power (or knowledge) on how to
factor large numbers (say 200+ digits).
> As to the lifetime of a public key... I suspect that keys used for
> ordinary signature-purposes are kept for a long time. Keys used by
> people who are actually conducting private conversations are probably
> retired when the conversation is through, or when people leave the
> organizations in question, or when the security afforded by the prior
> public-key is doubted in any way by anyone.
This gets into the worthness-length arugment. How much is the private
info worth to you compared to the cost of cracking it. If it takes 1000
$ to factor a 50digit modulus will it be worth 1000$ to get the info?
If I use 200+ digit moduli will it be worth it to factor it? Rivest
did a 1990 study of key lengths for appropriate security as did Scheier
(I think).
Anyways...
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: linear complexity of Lagged Fibo Generators
Date: Thu, 15 Jul 1999 17:08:35 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >
>
> > And I don't have access to Knuth's 2nd Volume so please snippets or
> > online info. I really want to get the book but lack-o-moola
prevents
> > me... (How much is it anyways?)
>
> Is there a scientific library in your vicinity?
Not really. I would have to check with the universities. But I am not
a student so I would have to buy the books... (no fun).
Most people in my community fear knowledge. If you ever come to Kanata
Ontario you will know what I am talking about.
That's why I research stuff over the net.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How to crack monoalphabetic ciphers
Date: Thu, 15 Jul 1999 17:27:08 GMT
In article <7ml50h$lnd$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> How do you crack a monoalphabetic cipher? Thru freqeuncy analysis?
> What if the plaintext had been compressed before encryption?
If you are trying to crack straight-forward monoalphabetic ciphers, yes,
you would use single letter frequency analysis.
If it was compressed, I would perhaps try digram and trigram frequency
analysis. Digrams are two-letter combinations, trigrams are three
letter combinations. Since compression works by substituting single
characters for digrams, trigrams, and higher, this might work.
> Would a PRNG passed thru a non-linear (say SAFER style) sbox be secure
> (if the sbox were private)?
Yes, you could do frequency analysis on this also, unless I severely
misinterpreted this. However, it would now be a polyalphabetic cipher,
like vigenere. Granted, it would be a pain to crack, but it is
possible. The PRNG has a period which can be determined, though I
forget the name of the algorithm to do it. The sbox will not hide this
fact, so if you XOR the output of the PRNG fed through the sbox and the
plaintext, you have a complex, though still trivial, XOR cipher.
> Tom
> --
> PGP key is at:
> 'http://mypage.goplay.com/tomstdenis/key.pgp'.
> Free PRNG C++ lib:
> 'http://mypage.goplay.com/tomstdenis/prng.html'.
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES key with SSLeay
Date: Thu, 15 Jul 1999 18:00:11 GMT
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
> I've been searching through the SSLeay library.
> One question I have: does SSLeay check for keys not to be
> Weak or Semi-Weak for DES. Can someone tell me where
> in the SSLeay library is this done?
No offense but...
Two more important questions
1) Why am I using DES?
2) Are the 16 weak keys really a problem when the keyspace can be
searched in 3 hours anyways?
I would either not worry about it or pick another algorithm. New
applications using DES is kinda foolish (with the possible exception of
DESX).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: How to crack monoalphabetic ciphers
Date: Thu, 15 Jul 1999 17:16:15 GMT
How do you crack a monoalphabetic cipher? Thru freqeuncy analysis?
What if the plaintext had been compressed before encryption?
Would a PRNG passed thru a non-linear (say SAFER style) sbox be secure
(if the sbox were private)?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Thu, 15 Jul 1999 20:51:50 +0200
"Douglas A. Gwyn" wrote:
>
> fungus wrote:
> > There's one game where you pay a dollar, choose a number from one
> > to six, then throw three dice. You win a dollar for every die which
> > shows your chosen number. Who has the edge? The player or the house?
>
> As described, the odds are even (it's a fair game).
>
No. The house has an edge, figuring out where it is is a long
process.
(It took a while to convince me too...)
> (If you don't know which of these is
> the case, then switching can't hurt and might help.)
No. Switching *always* helps (always!).
Again, this was the subject of much debate.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Re: randomness of powerball, was something about one time pads
Date: Thu, 15 Jul 1999 13:40:29 -0400
In article <[EMAIL PROTECTED]>, fungus
<[EMAIL PROTECTED]> wrote:
_ There's plenty of *simple* gambling games which will fool hardened
_ statisticians. Martin Gardner discusses them a lot.
_
_
_ There's one game where you pay a dollar, choose a number from one
_ to six, then throw three dice. You win a dollar for every die which
_ shows your chosen number. Who has the edge? The player or the house?
_
[snip gameshow]
The house, imagine it as three separate games...
It costs 1/3 dollar to roll one die, in 6 games you'll have spent $2, and
on average win $1 back.
So on the average 2 complete games (of 3 chances each) earns the house $1.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: randomness of powerball, was something about one time pads
Date: Thu, 15 Jul 1999 17:51:38 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote, in part:
>fungus wrote:
>> There's one game where you pay a dollar, choose a number from one
>> to six, then throw three dice. You win a dollar for every die which
>> shows your chosen number. Who has the edge? The player or the house?
>As described, the odds are even (it's a fair game).
>I think you meant to describe "Chuck-a-Luck", where you win a dollar
>if your chosen number comes up on any die, but never more than $1
>per play, and lose a dollar if it doesn't come up on any die.
Actually, *this* is a fair game:
you pay a dollar, and you get back $2 for each die that shows your
chosen number. (Expectation: 3 times $2/6.)
The payback on Chuck-A-Luck is:
$2 if one die shows your number, $3 if two show your number, and $4 if
three dice show your number.
That gives a house advantage of about 7.5%.
If, however, a wheel of fortune is used with 56 spaces, one for each
visibly different combination of three dice, the house advantage
increases to (IIRC) 22%. That's because there are six ways to make the
fair combinations with three different numbers with dice, but only
three to make each double, and only one to make a three-of-a-kind
combination, so on the wheel of fortune the combinations profitable to
the house come up more often.
And that does confuse people, since they're not used to telling the
difference between Maxwell-Boltzmann (7.5%) statistics and
Bose-Einstein (22%) statistics. Of course, if the game were played
according to Fermi-Dirac statistics (three cards from a deck of six
were dealt) it would be fair...
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How to crack monoalphabetic ciphers
Date: Thu, 15 Jul 1999 17:48:32 GMT
In article <7ml5ks$lud$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> If it was compressed, I would perhaps try digram and trigram frequency
> analysis. Digrams are two-letter combinations, trigrams are three
> letter combinations. Since compression works by substituting single
> characters for digrams, trigrams, and higher, this might work.
So this would be compression algorithm dependant? Most symbols in
compressed files are not well distributed (although their occurences
are) so I think that might prove as a somewhat usefull avenue...
>
> > Would a PRNG passed thru a non-linear (say SAFER style) sbox be
secure
> > (if the sbox were private)?
>
> Yes, you could do frequency analysis on this also, unless I severely
> misinterpreted this. However, it would now be a polyalphabetic
cipher,
> like vigenere. Granted, it would be a pain to crack, but it is
> possible. The PRNG has a period which can be determined, though I
> forget the name of the algorithm to do it. The sbox will not hide
this
> fact, so if you XOR the output of the PRNG fed through the sbox and
the
> plaintext, you have a complex, though still trivial, XOR cipher.
I meant something like
O = sbox[RNG]
Where the sbox is keyed somehow (you could just perform 256 random
swaps)..
What you are talking about is
C = S[P xor RNG]
right? This would be just as effective as
C = S[RNG] xor P
if RNG were truly random (and S is a function). possibly even
C = S[P] xor RNG
if S were unknown you would not learn much about RNG acept
C xor C' = RNG xor RNG'
(Where P = P').
Any other thoughts?
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
From: [EMAIL PROTECTED] (Richard Shetron)
Date: 15 Jul 1999 13:19:16 -0500
In article <7mhmqf$[EMAIL PROTECTED]>,
Rob Warnock <[EMAIL PROTECTED]> wrote:
>Richard M. Alderson III <[EMAIL PROTECTED]> wrote:
>+---------------
>| [EMAIL PROTECTED] (Rob Warnock) writes:
>| >The PDP-10 -- and the term "byte" -- *long* predated the S/360.
>|
>| As much as I love the PDP-10, I have to point out that it does not predate
>| the System/360, which came out in 1964. The first PDP-10 came out in 1967.
>+---------------
>
>Oops! I didn't realize S/360 was that early! I stand corrected.
I seem to remember reading an article in the early 70's that:
IBM announced the system/360
GE announced the 600 series
GE delivered the 600 series
IBM delivered the system/360
The 600 series has a 36 bit word and under software control you could
have either 6 bit characters or 9 bit characters. In general, batch
processing was done with 6 bit character and time sharing (TSS) was done
using 9 bit characrters.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
