Cryptography-Digest Digest #932, Volume #9 Sat, 24 Jul 99 13:13:02 EDT
Contents:
JAWS? (The Rev. Sherlock S. Holmes, D.D.)
Re: Kryptos Beginning of publicatio of solution (Jerry Coffin)
Re: Length of public key in PGP? (Jerry Coffin)
? PGP, RSA and ElGamal ? (Gallicus)
Re: another news article on Kryptos (Jim Gillogly)
Advances in Cryptology 1981--1997 (CryptoBook)
Re: ? PGP, RSA and ElGamal ? (Tom McCune)
Re: ? PGP, RSA and ElGamal ? (Gallicus)
Re: ? PGP, RSA and ElGamal ? (Tom McCune)
Re: Simple hash or CRC algorithm implementable in VB? (wtshaw)
CIA's KRYPTOS Continuation 3 ("collomb")
Re: Simple hash or CRC algorithm implementable in VB? ("Steve K")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (The Rev. Sherlock S. Holmes, D.D.)
Subject: JAWS?
Date: Sat, 24 Jul 1999 07:35:23 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi,
Has anyone used the new encryption program "J.A.W.S." yet? I
have
downloaded a free, fully registered copy (it appears that they are
free until 7/31/99) but have not installed it yet. Any comments?
I'm not crazy over the idea that an E-mail asking if they were
willing to release the source code has gone unanswered. If it has to
rely on a "secret" algorithm, how good can it be?
I also do not like the fact that, as I understand it, whenever
you
send an encrypted message, it contacts the jawstech.com server to find
out if the intended reader has a key certificate on file. If not, you
can send it plain-text, send it encrypted with a message offering a
FREE decrypt-only reader and and offer to sell the fully registered
en/decrypt version, or not send it at all. I'm afraid that it will
send the plain-text version to jawstech without our knowledge. Sound
a little too much like 1984 to me!
I'd sincerely appreciate any opinions out there - good or bad.
Thanks so very much and God bless,
The Rev. Sherlock S. Holmes, D.D.
P.S. YES, this is my real name!
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.0.2i
Comment: ONLY Messages With My PGP Digital Signature Are Genuine!
iQA/AwUBN5lstCOMIoUcBS+3EQJbWwCeIG1ptg8knRS44kwbu5lpByu4QxAAniqk
/0BoqLWq+0sW1S7nZ7XHHcKZ
=frO6
=====END PGP SIGNATURE=====
Signature Block Follows:
*********************************************************
(C) Copyright 1999 ALL RIGHTS RESERVED
Sherlock S. Holmes, D.D.
Send All E-Mail To: [EMAIL PROTECTED]
Visit My Website: http://www.sherlockholmes.com
Get All My VALID PGP Encryption Keys: http://zap.to/pgp
ONLY KEYS CREATED AFTER JAN 1999 ARE VALID!
The Fingerprint for My Default Public Key:
DH/DSS 2048 Bits: 1E96 649C FB67 55E0 471C BDFE 238C 2285 1C05 2FB7
PGP Encryption Software Available At: www.pgpi.com
Get Thawte Digital Certificates at: www.thawte.com
*********************************************************
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Kryptos Beginning of publicatio of solution
Date: Sat, 24 Jul 1999 02:01:33 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Non-cryptographers often seem to have trouble with the concept that
> a clean break in effect proves itself.
The amazing thing in Collomb's case isn't that he doesn't recognize
this, but that being so thoroughly disconnected from reality, he can
still manage to put together a web page at all.
OTOH, I'm sure some here who are fond of conspiracy theories could
come up with all sorts of interesting reasons to put up a web page
that makes it look like the person who wrote it is schizophrenic.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Length of public key in PGP?
Date: Sat, 24 Jul 1999 02:01:41 -0600
In article <7n89m3$8mn$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Why do you want to encrypt the session keys? To make them longer so that
> harder to hack out?
No -- so you get the benefits of PK cryptography, without its huge
drawback -- the speed of encryption and decryption. Since you're only
encrypting and decryption a couple hundred bits (or less) with RSA,
you don't see a huge speed hit from using it.
> What not just use a hash function, then?
To be able to decrypt the main body of the message, you need to be
able to recover the session key that was used to encrypt the body of
the message. A hash function won't allow that.
> Actually, I don't quite know what a session key is exactly nor how it
> works. But I'd be happy to know. :)
It's basically just a random number of the right size to be used as
the key for some particular form of symmetric encryption. The basic
steps are to create a random session key. Then encrypt the session
key and send the encrypted key to the recipient. Encrypt the main
message using that random key, and send the encrypted message to the
recipient.
On the receiving size, the key is received and decrypted (using RSA).
Then, when the key is decrypted, the recipient can use that key to
decrypt the main message.
------------------------------
From: [EMAIL PROTECTED] (Gallicus)
Subject: ? PGP, RSA and ElGamal ?
Date: Sat, 24 Jul 1999 08:52:13 GMT
My question is restricted to the way PGP encodes the session key.
Please, correct me if I am wrong :
Older versions of PGP used RSA to do it.
With RSA you don't need any previous agreement to some common values with
the other party. He takes the public key and sends his message.
Later versions use ElGamal. But with ElGamal you need to agree first to a
common integer. It is quite a big inconvenient.
Does the international version differ from the US version on that aspect ?
With the 2.6 version it was clear and simple. Now, the more I read about
PGP, the more I get confused.
TIA.
Gallicus
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: another news article on Kryptos
Date: Mon, 19 Jul 1999 13:57:58 -0700
Mok-Kong Shen wrote:
> I am sorry not to be able to give examples to strongly support my
> conjecture. But there are languages where there can be sentences
Let me suggest you try the experiment -- it's actually quite instructive.
Construct the longest sequence you can that can be decrypted with two
different simple substitutions into sensible English (or German or
Esperanto) sentences. Make the substitutions different, of course:
don't just have a long sentence with "now" replaced with "not",
for example. You'll find this is quite challenging, and that it may
give you some visceral intuitions about unicity points.
Now note that you have a rather large key-space to work from: 26!
possible substitution alphabets, which is about an 88-bit keyspace.
If you have trouble constructing two such credible sentences of more
than 30 or 40 characters, then I suggest that your concern about
accidentally running into the wrong sentence in only 20 billion
trials is not well-founded. From my own experience, the difficulty
is not in general finding too many incorrect solutions, but in
finding even one credible one. As with the discussion we had about
the chance that a correctly-operating random number generator might
generate a few million 0 bits in a row, the answer is (again) it
won't happen in real life, and for real applications it's not worth
discussing at this length.
--
Jim Gillogly
Mersday, 26 Afterlithe S.R. 1999, 20:43
12.19.6.6.14, 12 Ix 2 Xul, Eighth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Advances in Cryptology 1981--1997
Date: 24 Jul 1999 12:04:17 GMT
Classical Crypto Books is pleased to announce availability of the following
major new book/CD-ROM package:
ADVANCES IN CRYPTOLOGY 1981-- 1997: Electronic Proceedings and Index of the
CRYPTO and EUROCRYPT Conferences 1981 -- 1987
Kevin S. McCurley and Claus Dieter Ziegler (Editors)
"This book and CD-ROM presents the complete collection of all proceedings of
the 32 CRYPTO and EUROCRYPT conferences held between 1981 and 1997. Besides
[14,692] digitized pages of text in [Adobe Acrobat] PDF format, the CD-ROM
provides a user-friendly interface for navigation, search tools, and indexes.
The book gives a complete documentation of the conferences covered from the
meta-cryptology point of view; it also provides a printed index listing all
contributing authors and their papers . The CD-ROM is ready for use on most
common platforms." -- from the rear cover. The preface describes the
interesting and, at times, formidable problems encountered in creating a
searchable index from OCR data (obtained from high-resolution TIF images) and
how those problems were overcome.
Springer, 1999, xx + 460 pp, CD-ROM
Softbound: Pub. $99.00, Member $79.95, Nonmember $84.95
Member prices are available to members of the American Cryptogram Association,
the US Naval Cryptologic Veterans Association, and full time students. Shipping
and handling are extra. For complete ordering information, a free catalog of
crypto books, or for information about membership in the American Cryptogram
Association, please send email to [EMAIL PROTECTED]
Best Wishes,
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: [EMAIL PROTECTED] (Tom McCune)
Subject: Re: ? PGP, RSA and ElGamal ?
Date: Sat, 24 Jul 1999 12:46:22 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Gallicus) wrote:
>My question is restricted to the way PGP encodes the session key.
>Please, correct me if I am wrong :
>
>Older versions of PGP used RSA to do it.
>With RSA you don't need any previous agreement to some common values with
>the other party. He takes the public key and sends his message.
>
>Later versions use ElGamal. But with ElGamal you need to agree first to a
>common integer. It is quite a big inconvenient.
Actually, in more recent versions (5.0 to 6.5.1), PGP can use either RSA or
ElGamal for encryption of the session key. ElGamal uses the same process as
you appear to correctly understand for RSA usage. For the user, there is no
difference except that you select a DH key instead of an RSA key.
>Does the international version differ from the US version on that aspect ?
The international "i" versions are the same as the US versions in this
process - they are created from scanning the legally exported printed US
source code.
>With the 2.6 version it was clear and simple. Now, the more I read about
>PGP, the more I get confused.
It remains simple - the GUI just makes PGP easier to use for the average
user. There are more choices available though, such as which symmetric
algorithm to use, which public key type to use, and greater choice as to
public key size. But if you want to, you can just use the PGP defaults on
all of the additional choices that are available.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.0.2
Comment: Tom McCune's PGP Pages: http://www.borg.com/~tmccune/PGP.htm
iQEVAwUBN5m1jmR4bNCQMh9JAQG+2gf+PBHCD8M2wTkxZNxQhh7WWhgqVDrLvhQq
HZ7mrNWDUT9g5qFW8DIJJnSDOx9JuGcP6s+dLOt0A04I8ShWsJDat4pFby3z62Ap
LH+Ki33PtoyfOVvL/VTBq1Uz2lGkWhsNLwNHdyMwAV/U7XSjzGCWXBsv3fCJsowj
MG+/rXcEhOw9mcOql+tcmteNd3j5sKvR/Rxje7ce+3OpSs783l9+7wq9J/yGqrWf
FIBMxzaxUnYlujpP9OFLdOGiwFM0Gx2iFFsyUkvbG9E9iBMZWnHxLz8k8dOarfR6
1y4wCPj2CNiUDSU9axYBmRdBaT6Hg+lcfPr1SSPreJ4eLvVBBiQzLw==
=4mrC
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Gallicus)
Subject: Re: ? PGP, RSA and ElGamal ?
Date: Sat, 24 Jul 1999 13:34:05 GMT
On Sat, 24 Jul 1999 12:46:22 GMT, [EMAIL PROTECTED] (Tom McCune)
wrote:
>Actually, in more recent versions (5.0 to 6.5.1), PGP can use either RSA or
>ElGamal for encryption of the session key. ElGamal uses the same process as
>you appear to correctly understand for RSA usage. For the user, there is no
>difference except that you select a DH key instead of an RSA key.
Thank you very much, Tom, for answering my question.
I must trust you because you are describing what you are doing, but it
seems that it contradicts the description of ElGamal encoding in
Cryptography Theory and Practice by Douglas Stinson
chapter 5.1 (I use the French edition) :
he says :
choose a prime : p = 2579
a primitive : alpha = 2
a secret exponent: a = 765
compute : beta = 2 ^ 765 mod 2579 = 949
the message you want to transmit is : 1299
choose randomly k : k = 853
compute : y1 = 2 ^ 853 mod 2579 = 435
and y2 = 1299 * 949 ^ 853 mod 2579 = 2396
send : y1 and y2 : {435, 2396}
The other party :
computes : 2396 / (435 ^ 765) mod 2579 = 1299
As you see, the other party needs a = 765 (secret exponent).
???
TIA
Gallicus.
------------------------------
From: [EMAIL PROTECTED] (Tom McCune)
Subject: Re: ? PGP, RSA and ElGamal ?
Date: Sat, 24 Jul 1999 13:56:35 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Gallicus) wrote:
>>Actually, in more recent versions (5.0 to 6.5.1), PGP can use either RSA
or
>>ElGamal for encryption of the session key. ElGamal uses the same process
as
>>you appear to correctly understand for RSA usage. For the user, there is
no
>>difference except that you select a DH key instead of an RSA key.
>
>Thank you very much, Tom, for answering my question.
>
>I must trust you because you are describing what you are doing, but it
>seems that it contradicts the description of ElGamal encoding in
>Cryptography Theory and Practice by Douglas Stinson
>chapter 5.1 (I use the French edition) :
I'm afraid that I'm just a user, and not one capable of explaining why PGP
usage of ElGamal keys differs from the textbook description. Of course,
that is why I hesitate to post in this group - I suspect someone here will
explain the discrepancy.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.0.2
Comment: Tom McCune's PGP Pages: http://www.borg.com/~tmccune/PGP.htm
iQEVAwUBN5nF1WR4bNCQMh9JAQGNGAf/Zpt0T1mONB2r8KIqGvofXz2NgGcEXgUz
CAddipRGpn4YRv0nHV+2Iooj/wS9g9Hya3GLc48CJnaytnjbRUEuvJ/aGGT1yygx
BYjB7qaDJLZs5lYWSzKlhNiXJL6p8tgywm4afpU400HkzL5F6XEXddDJXmusrqvZ
OUXQRGkoVv9bN6m+bCDuPt62gOp3Ma6lsEBL/6jPnG1qowmnO7rDDxH/cakRyW3C
59JNUzJMjhbBRpTMmdq9VKgINoEGqgCtXVJlCOEwDLN9F/vssefeBCNVuDDF4r/f
xFaip0nN/IWBMVpAzc4avHsZeWVfYXEz/DSv+LRQ9eGdm8iaKlsqPg==
=QdN5
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Simple hash or CRC algorithm implementable in VB?
Date: Sat, 24 Jul 1999 09:20:23 -0600
In article <7nbie7$uhe$[EMAIL PROTECTED]>, "Steve K"
<[EMAIL PROTECTED]> wrote:
> Hey all,
>
> Does there exist any simple hash algorithms (not very many lines) that is
> suitable for hashing short strings and can be easily implemented in Visual
> Basic (read: no unsigned long integers).
>
> Any advice would be appreciated!
> -steve
What are your parameters...particularily, input and output sets and input
and output string lengths? What is your purpose for the hash, as it makes
a difference as to how simple a thing you can accept?
--
Real Newsreaders do not read/write in html.
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: CIA's KRYPTOS Continuation 3
Date: 24 Jul 1999 16:20:28 GMT
Decoding of KRYPTOS N3
Third step
The word GOG
This term is in the Bible:
- in the book of the Ezekiel prophet of the Old Testament,
- in Revelation to John, the last book of Bible which is also the last
book of the New Testament.
GOG is a legendary prince of the country of Magog, this terms are
symbolically assigned to the revolted nations at the end of times. The
verse division in
Bibles differs according to the versions.
In the usual Bible in English, for exemple, The New Revised Standard
Version, GOG
is located at the 8th verse of chapter 20:
Verse 8th: < and <<Satan>> will come out to deceive the nations at the
four corners
of the earth, GOG and MAGOG, in order to gather them for battle; they are
as numerous as the sands of the sea.
Verse 9th: <They marched up over the breadth of the earth and
surrounded the camp of the saints and the beloved city <<Jerusalem>>. And
fire came
down from heaven and consumed them. >
Two remarks are to be made : terms GOG and MAGOG appear together,
they are interdependent
It is necessary also to underline, for we will need it for the
continuation, the method used by the enemies of God. They SURROUND
the beloved city, i.e. Jerusalem.
An idea appears�: the square of 8 X 8 would be the expression of the
verse 8th.
This reasoning leads us to seek which could be the expression of
chapter 20.
It could be a square of 20 X 20 = 400 but it is imperative that the
square of 8 X 8 <64 characters>, must be included in these 400 characters,
for thus this inclusion carries out the image of the dependence of the
biblical verse, compared to the chapter which contains it.
We must withdraw 146 characters in the fourth series which comprises
482 characters < in fact only 476, remember, we already removed
6 characters>.
Why withdraw 146 characters?
For 482 - 146 = 336, this last number added to the 64 characters of the
third series, gives us the 400 required characters < 336 + 64 = 400 > i.e.
20 X 20, value of the chapter of Revelation, inside whose is the 8th
verse < square of 8 X 8 = 64> where GOG is mentioned.
Fourth series
One must withdraw 146 characters �. And we already withdrew a block of 6
characters.
What represents these block of 6 characters in number 146? �. the units.
If we already withdrew the block of units we are logically led to withdraw
in the same way, a block of 40 characters representing the tens, then a
block
of 100 representative of the hundred.
Here the only logically possible solution. The characters to be
removed in the fourth series are placed between brackets.
Logic led us previously to < adjust > these blocks on the boundary marks
Underlined formerly, GOG and DOHW.
Of course, these two boundary marks should be kept in their integrity.
<< FKZBSF< 6 characters >> DQV GOG << IPUFXHHDRKF
FHQNTGPUAECNUVPDJMQCLQUMUNEDF <40 characters >>
QELZZVRRGKFF �.... ��DDNIAAHTTMST << EWPIER
OAGRIEWFEBAECTDDHILCEIHSITEGOEAOSDDRY
DLORITRKLMLEHAGTDHARDPNEOHMGFMFEUHE
ECDMRIPFEIMEHNLSSTTRTV <100 characters >> DOHW?
What can appear astonishing is that to remove these 146 characters, it
was necessary to proceed to the reverse of the normal sense of
reading : initially a block of 6 characters, then the block of 40, then
finally the block of 100.
One of the keys, fundamental to understand KRYPTOS is the
inversion of the normal direction of reading.
This inversion also appears in another manner: initially one
discovers verse 8, then after the chapter 20.
One clearly seizes the <reverse> intellectual process.
------------------------------
From: "Steve K" <[EMAIL PROTECTED]>
Subject: Re: Simple hash or CRC algorithm implementable in VB?
Date: Sat, 24 Jul 1999 12:53:22 -0400
Thanks for the reply!
This is for hashing e-mail addresses, and I will use the hash to verify that
a user that recieved the hash in thier mail box is indeed who they are when
they enter thier e-mail address again on the web site.
-steve
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
