Cryptography-Digest Digest #909, Volume #9 Mon, 19 Jul 99 12:13:03 EDT
Contents:
Re: obliterating written passwords (NFN NMI L.)
Q. Passphrase Key-Rate Authentication (Christopher)
ECC encryption and decryption algorithm. (Teh Yong Wei)
BRICKhouse ("tangui")
Re: Math, Math, Math (Peter L. Montgomery)
Re: obliterating written passwords ("Lyal Collins")
Re: BRICKhouse (Mok-Kong Shen)
Re: A Good Key Schedule (Mok-Kong Shen)
Re: Good Autokey and Bad Autokey (Mok-Kong Shen)
ANNOUNCE: QDPGP update for PGP 6.5.1 ([EMAIL PROTECTED])
Re: Math, Math, Math (Bob Silverman)
Re: another news article on Kryptos (Mok-Kong Shen)
Re: Music on CD - Great for around the house or dinner (Keith A Monahan)
Re: Good Autokey and Bad Autokey (Mok-Kong Shen)
Re: Math, Math, Math ([EMAIL PROTECTED])
Re: A Good Key Schedule (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: obliterating written passwords
Date: 19 Jul 1999 05:52:08 GMT
Well, obliterating a piece of paper is easier than the secure deletion of
magnetic media. I suggest:
Write the password on a thick pad of paper, using a pencil.
When done, burn both pencil and the whole pad.
Immerse ashes in something like hydrofluoric acid.
Then, immerse in something like dimethylmercury to deter anyone snooping
through them. (Don't ACTUALLY do this: Dimethylmercury is bad bad BAD!)
Then, seal in biohazard container and throw away.
Moo-Cow-ID: 18 Moo-Cow-Message: to
-*---*-------
S.T.L. (NFN NMI L. also) -===> [EMAIL PROTECTED] <===- 2^6972593 - 1 IS PRIME!
Quotations: http://quote.cjb.net Main site: http://137.tsx.org F00FC7C8 MOO!
"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 Mail block
is gone, but will return if I'm bombed again. It was an easy fix. Address is
correct as-is. Giving the correct address is COURTEOUS; junk gets in anyway.
Join the Great Internet Mersenne Prime Search at http://entropia.com/ips/ My
.sig is even shorter, and contains 3046 bits of entropy including next line:
-*---*-------
Card-holding member of the Dark Legion of Cantorians, People for the Ethical
Treatment of Digital Tierran Organisms, the Holy Order of the Catenary, the
Great SRian Conspiracy, the Triple-Sigma Club, the Polycarbonate Syndicate,
the Union of Quantum Mechanics, the Roll-Your-Own Crypto Alliance, and the
Organization for the Advocation of Two-Letter Acronyms (OATLA)
Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic] Tape",
"World's Scariest Warp Accidents", "When Renormalization Fails", "World's
Most Energetic Cosmic Rays", and "When Tidal Forces Attack: Caught on Tape"
Patiently awaiting the launch of Gravity Probe B and the discovery of M39
Physics Commandment #22: Even Cows Have A Wavelength.
------------------------------
From: [EMAIL PROTECTED] (Christopher)
Subject: Q. Passphrase Key-Rate Authentication
Date: Mon, 19 Jul 1999 03:33:12 -0400
Suppose I want to protect a keyring with a symmetric cipher and have
already decided on a method of key generation. And I don't want an
attacker to be able to test passphrases against a hash directly - perhaps
the validity is tested against a hash of the entire keyring after a
partial decription of each key. All in an attempt to thwart an attacker
willing to write their own software to test passphrases.
Point is, after going through all this I'd like to be sure it is the owner
of the keyring and not just someone that knows the passphrase. What would
be an unobtrusive way to include the owner's typing style/characteristics
in the outermost cipher (the one protecting the keyring).
My first approximation idea is to have the time it takes the owner to type
in the passphrase included in a hash. Of course it would be rounded
generously, to allow differences from day to day. The problem with this
is that to be generous in the rounding means little gained security. And,
as the owner gets used to typing that particular phrase it seems intuitive
that it would be able to type it faster.
The second method I thought of is to use differences in the timing of
parts of the passphrase. This is based on the assumption that the owner
will always type, for example, "th" faster than, say, "em". Regardless of
actual typing speed, any typist would have more practice with some
combinations.
Ultimately, the idea is to test against a hash of the passphrase and
whatever typing data seems appropriate. That would allow the software to
warn the user that it's time to change the passphrase as the typing comes
close to some boundary, and more importantly when someone (else) tried the
correct passphrase!
Thanks,
Christopher
------------------------------
From: Teh Yong Wei <[EMAIL PROTECTED]>
Subject: ECC encryption and decryption algorithm.
Date: Mon, 19 Jul 1999 15:48:37 +0800
1.) Can anybody out there provide me the sites or useful information on
ECC encryption and decryption algorithm?
2) Do we need separate curve for different message?
Thank you.
------------------------------
From: "tangui" <[EMAIL PROTECTED]>
Subject: BRICKhouse
Date: Mon, 19 Jul 1999 01:41:36 -0700
Hey I was just checking out Antionline when I stumbled on this web site
www.thirdpig.com/
its some kind of OS or something that doesn't have user-level security but
process level security.... its a pretty small site... but I don't want to
violate any copyrights and stuff by posting their words.... they say that
every program has an access control list or something similar... the cp
access control list might be something like this (they say)
PROGRAM /bin/cp
PATH /home/$U READ WRITE DELETE CREATE
END
$U = expands to user name
Ok I get that the cp command can only do stuff in the /home/$U directory...
but what if you need to do stuff in other directories too (root for ex)...
and how will a normal user su to do something more advanced? it kinda
doesn't make sense...
its an interesting concept... however... when someone puts down existing
ideas and conecepts and proclaims that their stuff is sooo much better and
will revolutionize computing... I tend to be slightly suspicious...
Stou
------------------------------
From: [EMAIL PROTECTED] (Peter L. Montgomery)
Subject: Re: Math, Math, Math
Date: Mon, 19 Jul 1999 09:15:47 GMT
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>"Peter L. Montgomery" wrote:
>
>> In article <[EMAIL PROTECTED]> Person <[EMAIL PROTECTED]> writes:
>>
>> >I`m a college student... I`m majoring in computer science but I would
>> >like to specialize in cryptographic algorithms.
>Well... as I said, I have completed the following courses and received an A in all
>of them....
>
>Beginning algebra
>Intermediate algebra
>Trigonometry
>Pre-Calculus
>Calculus I
>Calculus II
>
>This is the order in which all students are supposed to take these courses at my
>community college as well as every other college that I know of. Before I transfer
>I will take the following courses...
>
>Calculus III
>Linear Algebra
>Differential Equations
>Discrete mathematics
>Boolean Algebra
>
>Again... I will take these courses in that order as that is how my community
>college requres me to take them. And, regarding computer science courses I have
>already taken the following courses...
>
>Pascal programming
>C programming
>C++ programming
>Computer Organization and Machine Language
>Computer Organization and Assembly Language
>
>And I`ll still take the following courses before I transfer...
>
>Data Structures and Algorithms
>Java programming
>Software engineering in Java
>
>Notice how these courses reflect exactly your suggestions.
Don't bother with Java now. You've had three HLL (high-level
languages), namely Pascal, C, C++. It is more important to know
one language well than several languages poorly.
Software engineering concepts such as team programming are
good to know, but you shouldn't need a new language to get that benefit.
Since you've had assembly language, you are aware of the bitwise
instructions, such as exclusive OR. Exclusive OR is important for
cryptography. The HLL you choose to learn well should include
exclusive OR and many of the other user-level machine operations.
Your remaining CS courses should emphasize algorithms
and computational complexity. Machine design is optional.
The university may require a few others such as operating systems,
networks, artificial intelligence, computer law,
but these are not important for cryptography.
> But, let me ask you
>this. How applicable is calculus and analysis to cryptography ? If given the
>choice, should I take algebra courses such as advanced linear algebra and abstract
>algebra instead of advanced calculus courses ? Why or why not ?
Algebra is much more important than analysis. Algebra deals with
exact arithmetic, analysis with approximations.
You will use calculus occasionally. When you estimate
how long an algorithm takes, you may need to replace a sum by
an integral (did your Calculus II mention Riemann sums?).
Your running time for an algorithm may depend upon a parameter;
later you want to choose that parameter to minimize or
maximize the running time, so you use differentiation.
But the abstract algebra and number theory are essential for
devising and understanding the algorithms themselves. You need to
prove that if something is properly encrypted and later decrypted,
then you will get the correct data, even if it appeared garbled
during transmission. You need to be able to analyze what happens
if a third party modifies the message during transmission.
Some cryptographic attacks require huge matrices -- I've done two
problems this year where a matrix has over 4 million rows and columns.
Advanced linear algebra is important -- be sure the course emphasizes
theory.
Advanced calculus (often called real analysis) justifies
many of the things you learned in calculus. This works with
infinite-precision real numbers. Computers use only finite
precision, so real analysis does not apply directly to computer
arithmetic. Calculus is the study of continuous functions, where the
function value changes little as the input changes slightly.
Good cryptographic functions change wildly as the input changes slightly.
You can skip differential equations too, unless the
university requires it. Your main use of differential equations will be
when deriving generating functions, if you take combinatorics.
--
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: obliterating written passwords
Date: Mon, 19 Jul 1999 21:06:57 +1000
Actually, it saves paper to write on a single sheet over a sheet of glass,
or similar - the pen pressure can't emboss the words into the underlying
material.
This way, you only throw away one page.
lyal
NFN NMI L. wrote in message
<[EMAIL PROTECTED]>...
>Well, obliterating a piece of paper is easier than the secure deletion of
>magnetic media. I suggest:
>
>Write the password on a thick pad of paper, using a pencil.
>When done, burn both pencil and the whole pad.
>Immerse ashes in something like hydrofluoric acid.
>Then, immerse in something like dimethylmercury to deter anyone snooping
>through them. (Don't ACTUALLY do this: Dimethylmercury is bad bad BAD!)
>Then, seal in biohazard container and throw away.
>
>Moo-Cow-ID: 18 Moo-Cow-Message: to
>
>-*---*-------
>S.T.L. (NFN NMI L. also) -===> [EMAIL PROTECTED] <===- 2^6972593 - 1 IS
PRIME!
>Quotations: http://quote.cjb.net Main site: http://137.tsx.org F00FC7C8
MOO!
>"Xihribz! Peymwsiz xihribz! Qssetv cse bqy qiftrz!" e^(i*Pi)+1=0 Mail
block
>is gone, but will return if I'm bombed again. It was an easy fix. Address
is
>correct as-is. Giving the correct address is COURTEOUS; junk gets in
anyway.
>Join the Great Internet Mersenne Prime Search at http://entropia.com/ips/
My
>.sig is even shorter, and contains 3046 bits of entropy including next
line:
>-*---*-------
>
>Card-holding member of the Dark Legion of Cantorians, People for the
Ethical
>Treatment of Digital Tierran Organisms, the Holy Order of the Catenary, the
>Great SRian Conspiracy, the Triple-Sigma Club, the Polycarbonate Syndicate,
>the Union of Quantum Mechanics, the Roll-Your-Own Crypto Alliance, and the
>Organization for the Advocation of Two-Letter Acronyms (OATLA)
>Avid watcher of "World's Most Terrifying Causality Violations", "When Kaons
>Decay: World's Most Amazing CP Symmetry Breaking Caught On [Magnetic]
Tape",
>"World's Scariest Warp Accidents", "When Renormalization Fails", "World's
>Most Energetic Cosmic Rays", and "When Tidal Forces Attack: Caught on Tape"
>Patiently awaiting the launch of Gravity Probe B and the discovery of M39
>Physics Commandment #22: Even Cows Have A Wavelength.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: BRICKhouse
Date: Mon, 19 Jul 1999 13:44:25 +0200
tangui wrote:
>
> Hey I was just checking out Antionline when I stumbled on this web site
> www.thirdpig.com/
> its some kind of OS or something that doesn't have user-level security but
> process level security.... its a pretty small site... but I don't want to
> violate any copyrights and stuff by posting their words.... they say that
> every program has an access control list or something similar... the cp
> access control list might be something like this (they say)
There is no reason at all why access control is necessarily done
at the 'user-level'. In data base systems, for example, there can be
access control for a specific field of a specific dataset. The
crudest distinction between system processes and user processes IS
also a 'process level security' that is present in every OS. For more
on access control one should consult the (vast) literatures on
operating systems.
M. K. Shen
========================
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A Good Key Schedule
Date: Mon, 19 Jul 1999 14:00:46 +0200
[EMAIL PROTECTED] wrote:
>
> It strikes me that one should first generate an initial keystream that has
> a long period, such that any short piece of the keystream depends on the
> entire key. Even a simple method, such as an insecure PRNG seeded by a
> hash of the key, and XORed with the keyphrase repeated, might suffice.
> Something a little better, though, such as Panama, is really recommended.
>
> Then after taking enough key from the stream to set up one encipherment
> step, what should be done is to subject that piece of the key to a one-way
> hash function. In this way, breaking one step in the encryption always
> yields a key that provides no exploitable clue to the keys used for the
> other steps.
I have the impression that you are attempting to combine stream and
block encryption techniques, at least a bit in a direction I followd
in the design of my WEAK3-EX, where PRNG output is very intimately
interwoven with operations on blocks. (I don't exclude that this
impression is simply an 'illusion' due to my personal 'bias' towards
my own stuffs.)
M. K. Shen
==============================
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
(Origin site of WEAK2-EX, WEAK3-EX and WEAK4-EX, three Wassenaar-conform
algorithms based on the new paradigm Security through Inefficiency.)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Good Autokey and Bad Autokey
Date: Mon, 19 Jul 1999 14:14:40 +0200
[EMAIL PROTECTED] wrote:
>
> From a security standpoint it is desirable for a stream cipher to have a
> very large internal state, only a part of which is used at a time. But in
> that case, the cipher can't be of an autokey type without a loss of
> synchronization affecting the decipherment of all future blocks. Note that
> this is a problem with Terry Ritter's Dynamic Substitution, but it is
> avoided by RC4 which uses the same principle, but only _inside_ a PRNG.
I don't understand your point about synchronization. The key (seed)
of the PRNG, which is the same for both partners, guarantees correct
decryption. As to autokey, I have an autokey feature in each round
of my WEAK3-EX and that didn't cause any trouble in the design
of the algorithm.
>
> If we do send counter information along with ciphertext, a complex PRNG
> with a large internal state is not a problem; and an autokey component of
> the self-synchronizing type, without an internal state, can be used at the
> same time too, as long as the two are reasonably independent.
I am not sure that I understand your 'counter information'. Is it
something that results during the process of encryption? If yes,
both partners can obtain the same counter value (without necessitating
that being transmitted at all). In my WEAK3-EX I employ certain
hash value of a record in its (intermediate) stage of being processed.
I suspect that that is also a kind of 'counter information' you
have in mind.
M. K. Shen
================================
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)
------------------------------
From: [EMAIL PROTECTED]
Subject: ANNOUNCE: QDPGP update for PGP 6.5.1
Date: Mon, 19 Jul 1999 14:26:05 GMT
FYI
http://community.wow.net/grt/qdpgp.html
PGP plugin for Pegasus Mail (Win32)
45 KB
Freeware. Freely redistributable.
Replacement DLL for QDPGP v2.60.
Adds support for PGP v6.5.1
Gerard R Thomas
Port of Spain, Trinidad and Tobago
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
PGP Key IDs: RSA:0x9DBCDE7D DH/DSS:0xFF7155A2
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: Mon, 19 Jul 1999 14:18:59 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> "Douglas A. Gwyn" wrote:
>
> > Person wrote:
> > > So here is my question. Which mathematics courses should I take in
> > > the upper division level in order to learn the necessary
mathematics
> > > to study and develop cryptographic algorithms ?
Skip the advanced calculus, the real analysis and the complex analysis.
Take instead: number theory, modern algebra, statistical theory and
combinatorics/graph theory.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: another news article on Kryptos
Date: Mon, 19 Jul 1999 17:40:32 +0200
Douglas A. Gwyn wrote:
>
> http://www.washingtonpost.com/wp-srv/national/daily/july99/kryptos19.htm
I have a (very very) stupid question:
Jim Gillogly has "tried on the order of 20 billion trial decryptions
spread over two dozen different systems with perhaps 5 or 10 variations
each, on average". If there were much more candidate systems and (known
and less well-known or unknown) variations being tried, couldn't it
happen that a decryption of a sufficiently short ciphertext becomes
ambiguous, i.e. there would be more than one readable probable
plaintexts? How can one go about to exclude such a possibility?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Music on CD - Great for around the house or dinner
Date: 19 Jul 1999 14:48:36 GMT
Or perhaps he's just spamming newsgroups? :)
Keith
[EMAIL PROTECTED] wrote:
: In article <7mqbim$57c$[EMAIL PROTECTED]>,
: [EMAIL PROTECTED] (Keith A Monahan) wrote:
: > We'll already disappointed (or dissapointed, your way) in your lack
: of
: > respect for on-topic posting, so what makes you think we won't be
: > dissapointed in your music?
: Maybe his post is a secret message?
: Tom
: --
: PGP key is at:
: 'http://mypage.goplay.com/tomstdenis/key.pgp'.
: Free PRNG C++ lib:
: 'http://mypage.goplay.com/tomstdenis/prng.html'.
: Sent via Deja.com http://www.deja.com/
: Share what you know. Learn what you don't.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Good Autokey and Bad Autokey
Date: Mon, 19 Jul 1999 17:55:13 +0200
John Savard wrote:
>
> No information about the key or the plaintext has to be leaked; this
> is just a counter of the number of bytes transmitted.
Including in regular intervals the number of bytes being sent
certainly greatly reduces the chance of undetected transmission
errors. However, I think that this is useful only in situations
not employing such standard protocols that are e.g. used for
transmitting ordinary e-mails. My knowledge of communication
engineering is too poor, hence the question: Which communicating
systems currently used for transmitting texts do not provide
adequate error detection/correction facilities?
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Math, Math, Math
Date: 19 Jul 1999 15:07:04 GMT
Peter L. Montgomery <[EMAIL PROTECTED]> wrote:
> Don't bother with Java now. You've had three HLL (high-level
> languages), namely Pascal, C, C++.
And furthermore, and decent C++ can pick up Java on their own in a few
days. But the more important point is that he's learned 3 languages
that are very, very similar to each other (with object oriented thrown
into C++, but they're still pretty similar). If you want to learn a
new language, broaden your scope a little bit and don't learn another
one that's just like those. Try a different approach like ML, or
LISP, or Prolog. Exposure to different programming paradigms is very
important for the different outlook it gives you, even if you end up
using C++ the vast majority of the time.
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A Good Key Schedule
Date: Mon, 19 Jul 1999 15:13:26 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>I have the impression that you are attempting to combine stream and
>block encryption techniques,
Oh, yes, I think that is a good combination. However, that isn't
really the major point of this post.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
