Cryptography-Digest Digest #940, Volume #9 Mon, 26 Jul 99 20:13:03 EDT
Contents:
Re: OTP export controlled? (Jim Dunnett)
Re: NIST's ECC params (Greg)
Re: message digest problem? (David A Molnar)
Re: OTP export controlled? (Jim Gillogly)
Re: another news article on Kryptos (wtshaw)
Re: How Big is a Byte? (was: New Encryption Product!) (wtshaw)
Re: another news article on Kryptos (wtshaw)
Re: How Big is a Byte?
Re: another news article on Kryptos (John Savard)
Re: Kryptos morse code (Sundial Services)
Re: What the hell is XOR? ("Douglas A. Gwyn")
Re: How Big is a Byte? ("Douglas A. Gwyn")
Re: randomness of powerball, was something about one time pads ("Douglas A. Gwyn")
Mathematical work sought ("Nic Challis")
Re: Info needed on cryptography... ("Nic Challis")
Re: Kryptos morse code (Jim Gillogly)
Re: What the hell is XOR? (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jim Dunnett)
Crossposted-To: talk.politics.crypto
Subject: Re: OTP export controlled?
Date: Mon, 26 Jul 1999 18:58:35 GMT
Reply-To: Jim Dunnett
On Mon, 26 Jul 1999 09:50:22 -0700, Jim Gillogly <[EMAIL PROTECTED]> wrote:
>David C. Oshel wrote:
>> Somewhere on the net is Che Guevara's pencil-and-paper version of the one
>> time pad. Close observation between how that system actually worked (it
>> was responsible for hours of fun SWL from Radio Havana Cuba back in the
>> '70s), and how XOR-ing random bytes against 7-bit ASCII text is nothing
>> like that, is pretty interesting.
>
>Thanks for the pointer. I was able to AltaVista the page from your
>description. It turns out to be:
>http://icewall.vianet.on.ca/pages/dwyerj/che.html
>
>He used a monome-dinome system (aka "straddling checkerboard") to reduce
>the text to digits, then a shared OTP of digits to encrypt it. I haven't
>tried analyzing the string of digits given in the JPEG to see whether it
>has an "obvious" generator, but that would be an interesting exercise.
>The monome-dinome block is based on a keyword, but if the OTP is random
>this doesn't compromise the operation: just a convenience to get to digits.
>Monome-dinome is particularly nice since it doesn't expand the plaintext
>very much as it goes from letters to digits.
(and it can assign high-frequency letters to the single digits).
Isn't this the cipher which Kahn describes as a modified
Nihilist? Combining a straddling checkerboard with a
one-time key.
Appears it was the standard Soviet spy cipher in WW-II.
He speaks highly of it. Surely it's unbreakable if the
additive key is unpredictable?
--
Regards, Jim. | Findhorn Community:
amadeus%netcomuk.co.uk | Developing EcoVillage
dynastic%cwcom.net | of about 350 people:
|
PGP Key: pgpkeys.mit.edu:11371 | http://www.gala.org/findhorn/
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: NIST's ECC params
Date: Mon, 26 Jul 1999 20:23:34 GMT
In article <7nb6ll$lmu$[EMAIL PROTECTED]>,
"Roger Schlafly" <[EMAIL PROTECTED]> wrote:
> Greg wrote in message <7navr1$1vp$[EMAIL PROTECTED]>...
> >Here is a sample of NIST's Elliptical Curve Crypto parameters:
> >Is the "a" param the coefficient for the x^1 and the "b" param the
> >coefficent for the X^0 term?
>
> Yes, but in characteristic 2 there are x^2 and x^0 terms.
>
> >What is the difference between a K-xxx curve and a B-xxx curve?
>
> The K-xxx curves are Koblitz curves.
>
> >Why are there different "r"'s for the two different curves?
>
> Order of the curve. Each curve has a different order. 2 bases for the
> same curve have the same order.
>
> >And if G_ is the base point, then why is there a base point defined
for
> >the K-xxx curve and then again for each polynomial basis curve?
>
> The K curves have nothing to do with the B curves. When there is a
> choice of basis, the generator looks different with respect to each
> basis.
I have looked at other data and concluded:
"r" is the largest prime factor of the curve's order, which is
important for strength of security.
I still understand that a & b are coefficients.
G_ is the base point that is recommended?!
s is a seed for ONB.
That a prime polynomial is not specified, so you can use any that you
want. I choose to look for the first prime polynomial with order that
is the same as the field size.
If anyone has any information to show me I am wrong, please let me know
here or at [EMAIL PROTECTED]
--
Democracy is the male majority legalizing rape.
UN Security Council = Democracy in Action - there is no appeal.
Welcome to the New World Order.
The US is not a democracy - US Constitution Article IV Section 4.
Criminals make Crime. Armies make Tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: message digest problem?
Date: 26 Jul 1999 20:09:05 GMT
Bill Lynch <[EMAIL PROTECTED]> wrote:
> So my question is -- isn't this second method still vulnerable to
> attack? Since the name, random number and timestamp are all sent
> plaintext to the server, i see no reason why an eavesdropper couldn't
> grab all that info and submit it later (the replay attack).
Offhand, I'd guess that the server needs to examine the timestamp to make
sure it makes sense. If the server has a rule that timestamps older than,
say, 2 mins are invalid, then an adversary would have to mount the attack
within 2 mins of catching the data. To prevent this, the server would have
to store "2 minutes' worth" of hashes (however many that is; note it could
be big) and compare against the incoming hash.
-David Molnar
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OTP export controlled?
Date: Mon, 26 Jul 1999 13:32:09 -0700
Jim Dunnett wrote:
>
> On Mon, 26 Jul 1999 09:50:22 -0700, Jim Gillogly <[EMAIL PROTECTED]> wrote:
>
> >David C. Oshel wrote:
> >> Somewhere on the net is Che Guevara's pencil-and-paper version of the one
> >> time pad.
> >http://icewall.vianet.on.ca/pages/dwyerj/che.html
> >
> >He used a monome-dinome system (aka "straddling checkerboard") to reduce
> >the text to digits, then a shared OTP of digits to encrypt it.
> Isn't this the cipher which Kahn describes as a modified
> Nihilist? Combining a straddling checkerboard with a
> one-time key.
Yes, in essence, but the "one-time" key Kahn describes (pp 650ff)
is from well-known published statistical books.
> Appears it was the standard Soviet spy cipher in WW-II.
> He speaks highly of it. Surely it's unbreakable if the
> additive key is unpredictable?
Yes, but picking a published book isn't the right idea. Has the source
of Guevara's been traced? Is that the famous "Cuban girls typing
randomly" algorithm? The web page cited above doesn't say that
OTP's were also found on his body.
--
Jim Gillogly
Mersday, 3 Wedmath S.R. 1999, 20:27
12.19.6.7.1, 6 Imix 9 Xul, Sixth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Mon, 26 Jul 1999 15:15:24 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Terry Ritter wrote:
> >
> > No, it is not. One can implement a system which supports the dynamic
> > introduction of new algorithms. Any particular description of "the"
> > overall system must thus be continually updated and so is certainly
> > *not* fixed. Indeed, the actual system cannot even be described in
> > any more than "handwave" precision such as: "in addition to the known
> > set of algorithms, currently unknown additional algorithms of
> > virtually unlimited nature may be present."
>
> I guess that there is the practical problem of not having an
> unexhaustible source of new algorithms.
I would not be so sure about not having as many algorithms as you might
want be capable of being developed. The question of exhaustion pertains
more people involved, and indirectly therefore to the rate at which new
algorithms might become available.
> Hence in my humble view
> switching among a sufficiently large set of algorithms, utilizing
> the combinatorial variations of superencipherment and exploiting
> the variabilities of parametrized algorithms are the measures that
> one can realistically have in practice to obtain security beyond
> what is inherent in the algorithms.
>
That too.
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
Date: Mon, 26 Jul 1999 15:24:25 -0600
In article <7nhm2u$6er$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Patrick Juola) wrote:
> In article <[EMAIL PROTECTED]>,
> wtshaw <[EMAIL PROTECTED]> wrote:
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >
> >> wtshaw wrote:
> >> >
> >> > Zero has no value in itself as it expresses the absence of a number in a
> >> > particular place.
> >>
> >> There is a difference between zero the number and zero the digit. You
> >> are using the second to replay to the first.
> >>
> >Nothing=nothing... I consider you above argument a NULL hypothesis.
>
> The map is not the territory.
>
> The menu is not the meal.
>
> The portrait is not the person.
>
> The symbol is not the number.
>
Now, tell me that one does not leak information about the other, it's
supposed to.
--
Real Newsreaders do not read/write in html.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Mon, 26 Jul 1999 15:18:57 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
> If the unsolved part is really 'a whole different ball game', then
> I suppose that there is practically nothing left (after excluding
> substitution and transposition) in the realm of classical methods
> excepting perhaps code book, which seems to be quite unlikely, I guess.
>
You seem to accept that the system will be of a popularly known classical
method; it could just as well be of an obscure method popularly known to
obscure people, at least at the time.
--
Real Newsreaders do not read/write in html.
------------------------------
From: <[EMAIL PROTECTED]>
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
Date: Mon, 26 Jul 1999 17:20:22 -0400
On Sun, 25 Jul 1999, Douglas A. Gwyn wrote:
> [EMAIL PROTECTED] wrote:
> > Douglas A. Gwyn wrote:
> > > [EMAIL PROTECTED] wrote:
> > > > If the number line is entended into the negative realm there are
> > > > alternate representations of zero. 1-1 would be one such.
> > > That's no longer base 1.
> > ... as you define it.
>
> That's not base 1 as any competent mathematician defines it.
> You can't obtain the -1 term by raising 1 to any integer power.
Nor can you get -1 by raising 10 to any integer power. 1-1 is a simple
subtraction problem. By your reasoning subtraction can't possibly exist
because negative numbers can't be achieved by raising a base to an integer
power.
____________________________________________________________________________
|
"A little nonsense now and then, | "If it walks out of the fridge, let
Is relished by the wisest men." | it go" -- John Dougherty
--W.W. | "If it loves you it will come back."
| -- Ian Davis
__________________________________|_________________________________________
Theta Xi
Kappa Sigma 1175
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: another news article on Kryptos
Date: Mon, 26 Jul 1999 21:50:35 GMT
[EMAIL PROTECTED] (Terry Ritter) wrote, in part:
>On Wed, 21 Jul 1999 14:30:41 GMT, in <[EMAIL PROTECTED]>, in
>sci.crypt "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]> wrote:
>>[...]
>>But "switching algorithms" under control of a key is itself
>>a fixed algorithm, just more complex than its components.
>Note that this statement is not true if the algorithm set keeps
>expanding, because then the algorithm is certainly *not* fixed.
It certainly is possible to devise an open ended encryption program.
For example, GPG, GNU Privacy Guard, (currently still in beta)
provides for the addition of new encryption algorithms as modules.
However, if one switches algorithms _under the control of a key_, at
some point one must define what actions the program is to take for any
particular key. Otherwise, the programs belonging to the sender and
recipient may not be compatible. Perhaps this is the source of the
current objection.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Mon, 26 Jul 1999 15:30:43 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Kryptos morse code
Jim Gillogly wrote:
>
> Stephen J. Perris wrote:
> >
> > Could someone please post the morse code found on the Kryptos sculpture?
> > I think my copy went out with the trash.
>
> As reported in the transcription supplied by the CIA to inquiries:
>
> DIGE TAL INTERPRETATU
> T IS YOUR POSITION
> VIRTUALLY INVISIBLE
> SHADOW FORCES
> LUCID MEMORY
> SOS
> RQ
:-)
Reading the ongoing threads on the Kryptos sculpture, four things come
to mind:
(1) I'm quite sure the CIA knows exactly what it says, that is if they
can find the file in Warehouse 26B3, Row 43, Box 1197... ;-)
(2) I'll bet that each of the cipher systems used is known to the
general public; that probably none of them are actually tougher
than Vinegerie and/or Playfair.
(3) I'll even guess that somewhere they provide the keys used, as they
supplied the information about the modified tableaux used to code
the first part of the message.
(4) Those peculiar morse phrases might be keys.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What the hell is XOR?
Date: Mon, 26 Jul 1999 21:43:00 GMT
"SCOTT19U.ZIP_GUY" wrote:
> XOR R1,R2 which is make r2 = r1 XOR r2
> XOR R2,R1 which is make r1 = r1 XOR r2
> XOR R1,R2 which is make r1 = r1 XOR r2
This is a well-known hack. If it weren't so well known,
it would be obscure and thus require documentation via a
comment in the source code at that point. Unless there
is a bottleneck at that point, swapping via a temporary
would be clearer and thus preferable (from a code
maintenance point of view).
------------------------------
Crossposted-To: alt.folklore.computers
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How Big is a Byte?
Date: Mon, 26 Jul 1999 21:48:13 GMT
wtshaw wrote:
> Consider that a black hole ...
I didn't say that one cannot logically define and use negative bases
or even nonintegral bases. However, the one described was certainly
not a numeration system to the base one.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: randomness of powerball, was something about one time pads
Date: Mon, 26 Jul 1999 21:37:28 GMT
Patrick Juola wrote:
> There's your subsequence -- the sequence of winning bets is a subsequence
> of the sequence of bets. The rest follows immediately.
But it's not an infinite (sub)sequence. You set your goal in advance
and
stop when it has been met.
Whatever the actual fallacy, it must have to do with trading off very
long
expected time vs. very low probability, or something along those lines.
------------------------------
From: "Nic Challis" <[EMAIL PROTECTED]>
Subject: Mathematical work sought
Date: 26 Jul 1999 22:51:04 GMT
Hi,
I am an experienced x86 assembly language programmer and have experience of
graphical and cryptographic mathematics.
I'm 25 and am looking for devopment work in these fields within a highly
reputable UK company or authority. I have found it very difficult to find
work as everybody seems to want employ C++ W95 lemmings. I am very
dedicated to my challenges, and am not put off by trivia.
I can obviously produce C++ source code for Windows, but wish to refine my
skills for a noble cause. The comparison is ;pursuit of true digital maths
and control; or MikoSloth's scribblings off their toilet walls(I doubt that
very much, but if it were, that's where their main souce code libraries
came from).
Thanks.
Regards,
Nicholas Challis
------------------------------
From: "Nic Challis" <[EMAIL PROTECTED]>
Subject: Re: Info needed on cryptography...
Date: 26 Jul 1999 21:59:26 GMT
With respect to XORing with random numbers. Your first problem will be
generating a "random" number.
But you are on the right lines.
Jeffery Nelson <[EMAIL PROTECTED]> wrote in article
<[EMAIL PROTECTED]>...
> Some of the questions I'm about to ask may seem a little elementary, but
you
> must realize that I have learned all of this on my own, and without the
help
> of any other persons interested in cryptography.
>
> I have been programming in C/C++ for about a year now, and all that time
I
> have been working on an encrypt\decryption program. Here are my
> questions...
>
> We all know basic math prevents you from knowing a variable in any
additions
> problem without first knowing two constants IE:
> 2 + x = 5
>
> x = 3, because you have the constants 2 and 5... likewise:
> x + y = 9
>
> x could be 4 and y could be 5, and many other possibilities. In the same
> token:
> 1001^0011 = x
>
> In this, it is the same as addition in requireing two constants to find
out
> the third variable (1010)? Correct?
>
> If this is all true and you wanted to keep prying eyes out of some
message
> to your friends, why wouldn't you just take the ASCII value of every
letter
> inthe message and Xor it with any random ASCII character (generated by
any
> means, even a time based random number generator). All you whould have
to
> do is send the message(XORed) through email, and hand him the disk which
> stored the encrypted information on it? Correct? Or you could even have
> two email addresses, and justmail him the key (random ASCII characters)
> through it. Isn't that one form of SECURE encryption?
>
> If all of this is true, and as long as you don't use a looping key (such
as
> "spearfish" being represented as "spearfishspearfishspea.." There would
be
> no way to attack the code. Tell me if I'm wrong.
>
> I also would like to know if there is anyone out there who could help me
to
> understand the spearfish algorithm a little better...
>
> -Jeff
>
>
>
>
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Kryptos morse code
Date: Mon, 26 Jul 1999 16:15:02 -0700
Sundial Services wrote:
> Reading the ongoing threads on the Kryptos sculpture, four things come
> to mind:
> (1) I'm quite sure the CIA knows exactly what it says, that is if they
> can find the file in Warehouse 26B3, Row 43, Box 1197... ;-)
I haven't seen evidence that they've actually opened the triple-sealed
envelope Sanborn gave them, but if <I> had commissioned a sculpture
for $250,000 I would want to make sure it didn't say "You guys are
naughty and you shouldn't overthrow governments." before I installed
it in my courtyard. My guess is that former DCI Wm. Webster once
knew what it said. Whether he knew what it meant is another question.
> (2) I'll bet that each of the cipher systems used is known to the
> general public; that probably none of them are actually tougher
> than Vinegerie and/or Playfair.
I'll cover that action. How much we talkin'? It's arguable that
Kryptos-III is tougher than Vigenere or Playfair, but I'll even
bet sight unseen that Kryptos-IV is tougher as well.
> (3) I'll even guess that somewhere they provide the keys used, as they
> supplied the information about the modified tableaux used to code
> the first part of the message.
He didn't provide PALIMPSEST or ABSCISSA, so far as I know, nor any
keying information for Kryptos-III.
> (4) Those peculiar morse phrases might be keys.
Yup, they might. They might also be hints for the content. "SHADOW
FORCES" appears to relate to K-I. "T IS YOUR POSITION", if it's the
end of "WHAT IS YOUR POSITION" could be a hint for K-II, which gives
a lat-long, and "VIRTUALLY INVISIBLE" appears to be a better hint for
K-II. "LUCID MEMORY" could be a clue for K-III, though not a very
revealing one. "T IS YOUR POSITION" could also be keying information:
for example, it could specify that with Wheatstone you start with T instead
of the more usual A against the '+' on the plaintext disk. "DIGE TAL
INTERPRETATU" might suggest some kind of digit-based running key for K-IV,
like Gromark, or it might just be the "digitus impudicus" he's displaying
in our general direction: "Interpret <this> digit, buddy!"
--
Jim Gillogly
Mersday, 3 Wedmath S.R. 1999, 22:37
12.19.6.7.1, 6 Imix 9 Xul, Sixth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What the hell is XOR?
Date: Tue, 27 Jul 1999 00:55:13 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> XOR R1,R2 which is make r2 = r1 XOR r2
>> XOR R2,R1 which is make r1 = r1 XOR r2
>> XOR R1,R2 which is make r1 = r1 XOR r2
>
>This is a well-known hack. If it weren't so well known,
>it would be obscure and thus require documentation via a
>comment in the source code at that point. Unless there
>is a bottleneck at that point, swapping via a temporary
>would be clearer and thus preferable (from a code
>maintenance point of view).
Well the way you sugguest would be clearer to a
programmer who does not know much. But the
way I did it is faster and saves on stack space.
But if you have the freedom and money to use
time and memory as you like then go your way.
The main problem with your way is that it is a
dumbing down approach and when you have to
program real time stuff like a missle intercept
your brain becomes to fat to use methods that
would be crucial. So it is better to use such
methods most of the time so your fresh when
you need them.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
