Cryptography-Digest Digest #918, Volume #9 Wed, 21 Jul 99 00:13:04 EDT
Contents:
Re: [Q] Finding K from P and C ("Sungmin Chun")
Re: Traffic Analysis (Mok-Kong Shen)
Re: Summary of 2 threads on legal ways of exporting strong crypto (Isaac)
Re: Replacing IDEA with Blowfish ([EMAIL PROTECTED])
Question about Vigenere ciphers ("Matthew Priestley")
Re: How Big is a Byte? (was: New Encryption Product!) (Don Stokes)
Re: Math, Math, Math (root)
Re: another news article on Kryptos ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: [Q] Finding K from P and C ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: Benfords law for factoring primes? (Peter L. Montgomery)
Re: Question about Vigenere ciphers (Jim Gillogly)
'secret languages' and statistical cryptanalysis ("Matthew Priestley")
Re: 'secret languages' and statistical cryptanalysis (JUzarek)
Re: 'secret languages' and statistical cryptanalysis (Jim Gillogly)
Re: another news article on Kryptos (Jim Gillogly)
Storing encrypted passwords (Roy Dennington)
----------------------------------------------------------------------------
From: "Sungmin Chun" <[EMAIL PROTECTED]>
Subject: Re: [Q] Finding K from P and C
Date: Wed, 21 Jul 1999 08:51:51 +0900
Thanks for many comments.
I am a beginner of the cryptography. I have two text books.
"Applied Cryptography" by Schneier and "Handbook of
Applied Cryptography" by Menezes, et al.
But I cannot understand the 'known plaintext attack'.
I have little knowledge of neccessary math(I majoring in elec. engg.)
so that I can't understand how the 'known plaintext attack' can be done.
Why some E(P,K) can be weak to the 'known plaintext attack' and
others cannot?
Klaus Pommerening <[EMAIL PROTECTED]>��(��) �Ʒ� �޽�����
news:7n1mgc$2uj$[EMAIL PROTECTED]�� �Խ��Ͽ����ϴ�.
| In <7n15ml$1k7$[EMAIL PROTECTED]> "Sungmin Chun" wrote:
| > E(P, K) = C where P : Plain text C : Cipher text K : Key
| > E(P, K) : Encryption method
| > Can we find K easily for well-known E(P,K)
| > when P and C are given?
| >
| Take a Book on Crypto and search for
| `known plaintext attack'.
| --
| Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/]
| Institut fuer Medizinische Statistik und Dokumentation
| der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany
| PGP fingerprint: F5 03 CE E7 70 C2 8C 74 BA ED EC 60 83 3B 7C 89
|
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Traffic Analysis
Date: Mon, 19 Jul 1999 18:10:19 +0200
Roger Carbol wrote:
>
> Has anyone set up a system (that they can talk about) which regularly
> sent out a lot of noise? Any interesting phenomena arise?
I don't know. But I know an opposite case, i.e. sending no bits
instead of a lot. Quite a long time ago an European physicist was
dismissed from his job because he was suspected to be involved in
illegal work since his telephone at home was never used for a
sufficiently long period. I was told that he was later rehabilitated.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Isaac)
Crossposted-To: talk.politics.crypto
Subject: Re: Summary of 2 threads on legal ways of exporting strong crypto
Date: 21 Jul 1999 00:56:42 GMT
On Tue, 20 Jul 1999 19:56:46 GMT, William Tanksley
<[EMAIL PROTECTED]> wrote:
>
>We're watching that happen right now. Hopefully they won't do what they
>did last time -- you know, declare that this one person is allowed to
>export his own code, but nobody else.
>
What ruling are you referring to here?
Isaac
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Replacing IDEA with Blowfish
Date: Wed, 21 Jul 1999 00:52:19 GMT
In article <7n2stc$220u$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> >"somewhat" is right. IDEA uses multiplication, which is expensive
> >in hardware (or slow). Feistel networks such as in Blowfish are
> >far cheaper. Then again, in the case of Blowfish the large size
> >of the key schedule hurts.
> >
> > paul
>
> actaully since IDEA use multiplicatiopn of a variable times a
constant
> each one of those could be repacled by a small 16X16 bit S table.
> which is not so expensive.
No, you need a 16+16-bit address and get a 16-bit lookup out.
(You would be computing the product of two 16-bit ints
modulo 2^16+1). But a 32 bit address is a rather large LUT.
>Also one could could improve IDEA by
> usinging a larger class of functions instead of a lowly multiply which
> may make it more vulnerable to being broken.
If you change IDEA's operations, you don't have IDEA any more.
All the prior analysis is down the tubes.
You could also improve IDEA by using a more complex key schedule.
IDEA's 'key schedule' is as lame as DES's.
And Blowfish's long key setup is *good*, although it may
be a pain in rapid-context-switching apps. You always
trade time for security. If you leave your doors unlocked,
you can get into your home or car quicker.
You can see IDEA's lame key schedule if you play with
the all-zero key and plaintext with few bits set.
E.g., all zero key + all zero plaintext =
01000100 00000000 under IDEA.
4ef99745 6198dd78 under Blowfish
e94da68c a723b1c1 under DES.
(This isn't the case if you have as little as a single bit set in
the IDEA key, thanks to 'avalanche' properties of good ciphers. But it
does make one wonder.)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Matthew Priestley" <[EMAIL PROTECTED]>
Subject: Question about Vigenere ciphers
Date: Tue, 20 Jul 1999 17:40:15 -0700
By Vigenere, I mean polyalphabetic substitution ciphers in general. I am
working on a project and I'd appreciate some help with the following
question:
Say you want to "secure" (obscure, really) the password files in an
operating system by running them through a Vigenere-like cipher keyed to a
password. Something like the process described here:
http://www.trincoll.edu/depts/cpsc/cryptography/vigenere.html
My question is this. If two different administrators enforced different
parameters for "acceptable" passwords, would that cause a big enough change
in the statistical frequency of characters to force the cryptanalyst to
revise his/her numbers?
In other words, say Administrator A says a password on his computer must
have at least one uppercase letter, at least one lowercase letter, and at
least one digit. Administrator B says a password on *his* system must have
at least two symbols, at least one digit, and end in a lowercase letter.
Would the passwords on system A be different enough from the passwords on
system B that a cryptanalyst would have to make a study of their character
frequencies before being able to crack the Vigenere-encoded password files?
If so, what would this kind of study entail?
I hope that's clear. I realize the scheme I describe is security through
obscurity, but I'm only using it as an example. The statistical analysis is
what interests me.
Your help is appreciated.
-matthew Priestley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Don Stokes)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: 21 Jul 1999 01:15:32 GMT
In article <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>wtshaw wrote:
>You can use base 1 by noting the implied addition between the successive
>digits of a number. E.g. 13 base ten implies 1*ten^1 plus 3*ten^0. In
>base one you have the same construction so that 1111 base one is 1*one^3
>plus 1*one^2 plus 1*one^1 plus 1*one^0 = 4 base 10. The powers all
>collapse and any number is represented by that many digits, all ones.
>Note that in base one there is no need for zero as there is no
>difference between powers, so no need for place holders.
Using "0" to represent zero is after all an anomaly -- no other number
has a leading placeholder. If you want to make the rules consistent,
zero should be represented as a null string.
Given that, if you use a character set of 0,1,2,3,4,5,6 ... for representing
numbers in a given base, 4(10) should be represented as 0000(1), not 1111...
-- don
------------------------------
From: root <[EMAIL PROTECTED]>
Subject: Re: Math, Math, Math
Date: Tue, 20 Jul 1999 18:41:33 -0700
Reply-To: [EMAIL PROTECTED]
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > "Douglas A. Gwyn" wrote:
> >
> > > Person wrote:
> > > > So here is my question. Which mathematics courses should I take in
> > > > the upper division level in order to learn the necessary
> mathematics
> > > > to study and develop cryptographic algorithms ?
>
> Skip the advanced calculus, the real analysis and the complex analysis.
> Take instead: number theory, modern algebra, statistical theory and
> combinatorics/graph theory.
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
Thanks for your input. I really appreciate it. However... I have a couple
of questions for you specifically. What do you do for RSA ? Are you a
cryptographer ? And also... if I choose to go on to graduate school in
mathematics so that I can study cryptography, will they require advanced
calculus ? I ask because, if that is true, I may want to take this course
even though it doesn`t apply directly to cryptography because I want to
have the general mathematical background to study cryptography at the
graduate level. What do you think ?
Person
[EMAIL PROTECTED]
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: another news article on Kryptos
Date: Tue, 20 Jul 1999 18:21:33 GMT
Jim Gillogly wrote:
> Beats me -- would I go to Kullback's "Statistical methods" for that?
No, Fourier analysis wasn't commonly used before Cooley & Tukey invented
the FFT (actually, Good and others came up with similar methods
earlier).
The intent is to analyze the periodicities, if any are evident. This is
done in classical C/A literature by running ICs at various column
widths.
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: [Q] Finding K from P and C
Date: Tue, 20 Jul 1999 18:23:43 GMT
Jim Gillogly wrote:
> Sungmin Chun wrote:
> > Can we find K easily for well-known E(P,K)
> > when P and C are given?
> It depends entirely on E.
Indeed, sometimes we find P given only C,
without ever finding K. Oftentimes, a whole
class of K values would give rise to the same C,
in which case there may be no way to guess which
K was actually used.
------------------------------
From: [EMAIL PROTECTED] (Peter L. Montgomery)
Subject: Re: Benfords law for factoring primes?
Date: Wed, 21 Jul 1999 02:14:51 GMT
In article <7n2ij6$5qo$[EMAIL PROTECTED]> Bob Silverman <[EMAIL PROTECTED]> writes:
>Sure!! Please factor the following prime over Q[i], i.e. the Gaussian
>integers: It is 1 mod 4 so it is not inert.
>
>492167227845480888731658706083751291835971759321886377256389091511768544
>355940311490348494199638365738710225324765222885616281603298816157230172
>005632019356215061205749095669503330752424213337098290429546945479016081
>812278607661128781032860024336132847610848533724215922627364505720022270
>4448703955939975390068680810358556973478270428602931457
|\^/| Maple V Release 5 (WMI Campus Wide License)
._|\| |/|_. Copyright (c) 1981-1997 by Waterloo Maple Inc. All rights
\ MAPLE / reserved. Maple and Maple V are registered trademarks of
<____ ____> Waterloo Maple Inc.
| Type ? for help.
> n := 492167227845480888731658706083751291835971759321886377256389091511768544\
> 355940311490348494199638365738710225324765222885616281603298816157230172\
> 005632019356215061205749095669503330752424213337098290429546945479016081\
> 812278607661128781032860024336132847610848533724215922627364505720022270\
> 4448703955939975390068680810358556973478270428602931457:
> isprime(n);
bytes used=1000504, alloc=786288, time=3.49
bytes used=2001996, alloc=1048384, time=4.50
bytes used=3008256, alloc=1048384, time=5.57
bytes used=4011960, alloc=1048384, time=6.64
bytes used=5014816, alloc=1048384, time=7.71
bytes used=6017204, alloc=1048384, time=8.78
bytes used=7018928, alloc=1048384, time=9.85
bytes used=8025088, alloc=1048384, time=10.93
true
> with(GaussInt):
> GIfactor(n);
(-1873463828693351164301195750751182805056265044384270410865279360909742148\
174387347669557607019014185630200591162408137892259925141281933156342136\
344673049499959819347614591 - 118819424381388864309347029384818744500981\
725698543501853263864008289600238912090139477063909274293593145142447030\
0490405572647971409685895333799681599356031612972522908224 I) (-1873463\
828693351164301195750751182805056265044384270410865279360909742148174387\
347669557607019014185630200591162408137892259925141281933156342136344673\
049499959819347614591 + 118819424381388864309347029384818744500981725698\
543501853263864008289600238912090139477063909274293593145142447030049040\
5572647971409685895333799681599356031612972522908224 I)
> ;quit;
bytes used=8507120, alloc=1048384, time=16.55
--
[EMAIL PROTECTED] Home: San Rafael, California
Microsoft Research and CWI
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Question about Vigenere ciphers
Date: Tue, 20 Jul 1999 19:57:49 -0700
Matthew Priestley wrote:
>
> By Vigenere, I mean polyalphabetic substitution ciphers in general. ...
>
> Say you want to "secure" (obscure, really) the password files in an
> operating system by running them through a Vigenere-like cipher keyed to a
> password. ...
>
> My question is this. If two different administrators enforced different
> parameters for "acceptable" passwords, would that cause a big enough change
> in the statistical frequency of characters to force the cryptanalyst to
> revise his/her numbers?
It would be irrelevant. The difficulty of breaking the passwords would
depend on the number of passwords that were encrypted this way. Each
character position in the passwords would presumably be encrypted with
the same alphabet, since you didn't say anything about a salt, and if
there are very many passwords, simply looking at the range of the
ciphertext letters would be enough to see how big the shift was. If
there were any doubt, repetitions in the letters would isolate commonly
used password letters, and outliers could be assumed to be upper case and
digits. Much more straightforward than comparing administrator policies.
--
Jim Gillogly
Sterday, 28 Afterlithe S.R. 1999, 02:53
12.19.6.6.16, 1 Cib 4 Xul, First Lord of Night
------------------------------
From: "Matthew Priestley" <[EMAIL PROTECTED]>
Subject: 'secret languages' and statistical cryptanalysis
Date: Tue, 20 Jul 1999 19:32:17 -0700
Say I were to create a "secret language" - the sort used by kids on
playgrounds - that had a character frequency very unlike english. I then
write a message in this language and run a substitution cipher against it.
How can this be cracked?
The cryptanalyst doesn't know the language, so the common statistical values
(e=14%, etc) aren't correct. Nor can they determine these values by examing
examples of plain text because there aren't any. But surely this is not
unbreakable.
Your help is appreciated.
-matthew Priestley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (JUzarek)
Subject: Re: 'secret languages' and statistical cryptanalysis
Date: 21 Jul 1999 02:52:42 GMT
[EMAIL PROTECTED] wrote
>Say I were to create a "secret language" - the sort used by kids on
>playgrounds - that had a character frequency very unlike english. I then
>write a message in this language and run a substitution cipher against it.
>How can this be cracked?
>The cryptanalyst doesn't know the language, so the common statistical values
>(e=14%, etc) aren't correct. Nor can they determine these values by examing
>examples of plain text because there aren't any. But surely this is not
>unbreakable
I've broken some ciphers in languages I didn't know but I had frequency
tablesand word/phrase lists to guide me.
Without either, sounds like Hieroglyphics and minus a Rosetta Stone, methinks
the cryptanalyst is up the Nile without a paddle.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: 'secret languages' and statistical cryptanalysis
Date: Tue, 20 Jul 1999 20:08:35 -0700
Matthew Priestley wrote:
>
> Say I were to create a "secret language" - the sort used by kids on
> playgrounds - that had a character frequency very unlike english. I then
> write a message in this language and run a substitution cipher against it.
> How can this be cracked?
If you mean "simple substitution", then that step doesn't add anything
to the difficulty: if the language were more different from English than
(say) Okrand's rendition of Klingon, the orthography would have to be
learned in the same way, regardless of whether it had previously
been substituted. The "cracking" would be standard paleography:
the methods used for Linear B and so on. It's not trivial, depending
on the amount of material and quality of cribs available. If you're
serious about "playground", though, the statistics will turn out
to be quite similar to the base language of the schoolkids, and
standard n-graph tables will work as well as with the base language.
I find, for example, that English trigraph tables work well enough to
crack German Enigma messages and French bifids given sufficient material;
but native language tables work better.
True secret languages are in general difficult for an enemy unfamiliar with
those languages -- look up the history of the Navaho Code Talkers in WW2.
--
Jim Gillogly
Sterday, 28 Afterlithe S.R. 1999, 02:58
12.19.6.6.16, 1 Cib 4 Xul, First Lord of Night
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: another news article on Kryptos
Date: Tue, 20 Jul 1999 21:02:46 -0700
Doug Gwyn (ISTD/CNS) wrote:
> The intent is to analyze the periodicities, if any are evident. This is
> done in classical C/A literature by running ICs at various column
> widths.
Oh, that part I've done. Sorted by high IC, with the first column being
the assumed column widths:
50 0.0800
38 0.0789
43 0.0775
34 0.0686
44 0.0682
45 0.0667
42 0.0635
31 0.0538
25 0.0533
41 0.0488
and down further into the noise.
I find the 50 and 25 suspiciously round, but haven't been able to get them
to mean anything. I'd been looking for Fibonacci-style generators with
period 50, and not finding any. An ordinary period 25 or 50 Quag III
with KRYPTOSABC... alphabet key is appealing, but again I haven't
found anything to support it after some reasonably extensive crib-dragging
and hill-climbing.
--
Jim Gillogly
Sterday, 28 Afterlithe S.R. 1999, 03:56
12.19.6.6.16, 1 Cib 4 Xul, First Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Roy Dennington)
Subject: Storing encrypted passwords
Date: Tue, 20 Jul 1999 13:42:23 -0800
I develop commercial software, but I know
very little about encryption. I need to
provide ftp services within my App, and I would
like to store login information in a secure
fashion. The following criteria is absolutely
necessary:
[1] Adhere to US export laws.
[2] Do not violate patents/copyrights.
[3] Still provide reasonable security.
Suggestions are greatly appreciated.
Thanks in advance,
Roy Dennington
-**** Posted from RemarQ, http://www.remarq.com/?a ****-
Search and Read Usenet Discussions in your Browser - FREE -
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
