Cryptography-Digest Digest #942, Volume #9 Tue, 27 Jul 99 12:13:03 EDT
Contents:
Re: another news article on Kryptos (wtshaw)
Re: another news article on Kryptos (wtshaw)
Re: RSA public key ("Vincent")
Benchmarks of Symmetric Vs Hash function algorithms (Yosi)
Benchmarks of Symmetric Vs Has function algorithms (Yosi)
Rsa-512 ("Adam Pridmore")
RSA block type 02 (yoni)
Re: Rsa-512 (Glenn Davis)
CIA's Kryptos Continuation N5 ("collomb")
Freeware version of PGP !!! (spike)
Re: OK. Maybe I am missing something here. (Patrick Juola)
Re: RSA public key (DJohn37050)
Re: What the hell is XOR? (fungus)
Re: randomness of powerball, was something about one time pads (Patrick Juola)
Re: hush mail (fungus)
Re: RSA block type 02 (yoni)
Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic)
How would this effect the good old One Time Pad? ("Jeffery Nelson")
Old DES-related papers wanted.... ("Richard Rooney")
Re: Benchmarks of Symmetric Vs Has function algorithms (Anton Stiglic)
convert key (John Xiao)
Pentium III & crypto (Gabriel Belingueres)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Tue, 27 Jul 1999 00:55:44 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > You seem to accept that the system will be of a popularly known
> > classical method; it could just as well be of an obscure method
> > popularly known to obscure people, at least at the time.
>
> It was evident from the outset that Kryptos must be using
> classical methods of the sort encountered in MilCryp.
> And this assumption was bolstered by the recent recoveries.
> There is no reason to change that assumption for the final part.
Best to not put blinders on prematurely. If I got it right, *a whole new
ball game* could be sort of a cryptic clue. So, I think numbers, and what
different ball games suggest, the most likely being baseball. The mind
races to see something with a loop of four characters like the bases,
autokey like deal, or number of players, or innings being significant.
As deceit is a basic in crypto, figure that it is not ruled out, even to
being enticed down a path that is not going to lead you were you want to
go.
--
Crop report--It's been a very good year for figs. Garlic was abundant, but berries
were few.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: another news article on Kryptos
Date: Tue, 27 Jul 1999 00:46:51 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
>
> It certainly is possible to devise an open ended encryption program.
> For example, GPG, GNU Privacy Guard, (currently still in beta)
> provides for the addition of new encryption algorithms as modules.
>
I ran across a program called Ahoy! for the Mac which allows for new
plugins. The company even offers a package for design of new ones. Ahoy!
is a chat program best I can tell, and blowfish is already available.
--
Crop report--It's been a very good year for figs. Garlic was abundant, but berries
were few.
------------------------------
From: "Vincent" <[EMAIL PROTECTED]>
Subject: Re: RSA public key
Date: Fri, 23 Jul 1999 18:38:55 +0100
Hi guys,
You seem to know a lot of things about RNG. Do you know where I could find
some good ones to buy?
By good, I mean of course cryptographically secure and fast.
Is there still a need with this kind of RNG to have many sources of
randomness and to pass them through a hash function?
If the piece of Hardware generates random numbers quicly enough, can we just
use it on its own or is it better to use the output of the RNG to seed a
PRNG?
If yes, what would be the better PRNG to use?
Thank you for your answers, and long life to RSA (not too much anyway...)
====================================================
Vini boy
[EMAIL PROTECTED]
------------------------------
From: Yosi <[EMAIL PROTECTED]>
Subject: Benchmarks of Symmetric Vs Hash function algorithms
Date: Tue, 27 Jul 1999 09:14:11 GMT
Hi,
Does any one knows what is quicker - calculating SHA-1 hash function
of a file (say 1MB) or, encrypting it with a symmetric algorithm
(say IDEA or Blowfish or DES)? Accurate figures as well as general
theories will be greatly appreciated.
I would be more than grateful if you can send a
copy of your reply to [EMAIL PROTECTED]
TIA,
Yosi
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Yosi <[EMAIL PROTECTED]>
Subject: Benchmarks of Symmetric Vs Has function algorithms
Date: Tue, 27 Jul 1999 09:12:36 GMT
Hi,
Does any one knows what is quicker - calculating SHA-1 hash function
of a file (say 1MB) or, encrypting it with a symmetric algorithm
(say IDEA or Blowfish or DES)? Accurate figures as well as general
theories will be greatly appreciated.
I would be more than grateful if you can send a
copy of your reply to [EMAIL PROTECTED]
TIA,
Yosi
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Adam Pridmore" <[EMAIL PROTECTED]>
Subject: Rsa-512
Date: Tue, 27 Jul 1999 10:54:45 +0100
I know that RSA-512 is looking a little insecure, but I was curious as to
how insecure.
Can anyone give me a guestimates of the time to break it by;
(i.e. the maximum lifetime of any data encrypted with it)
1) the individual
2) the corperation
3) the government
cheers Adam
------------------------------
Date: Tue, 27 Jul 1999 13:34:48 +0200
From: yoni <[EMAIL PROTECTED]>
Subject: RSA block type 02
Hi,
I'm trying to decrypt a message encrypted with RSA PKCS#1 block type 02.
This has something to do with the SSLv3.0 implementation.
I am doing something wrong, becouse I can't get the expected results.
Can anyone post code (or pseodo) that does it ?
Thanks,
Yoni.
------------------------------
From: Glenn Davis <[EMAIL PROTECTED]>
Subject: Re: Rsa-512
Date: Tue, 27 Jul 1999 03:47:26 -1000
Adam Pridmore wrote:
>
> I know that RSA-512 is looking a little insecure, but I was curious as to
> how insecure.
>
> Can anyone give me a guestimates of the time to break it by;
> (i.e. the maximum lifetime of any data encrypted with it)
>
> 1) the individual
>
> 2) the corperation
>
> 3) the government
>
> cheers Adam
Here is a quote from Peter Montgomery:
"I was one of 16 participants at a July, 1991, workshop on
Public-Key Cryptography sponsored by E.I.S.S.
(European Institute for System Security). Our report appears in
Th. Beth, M. Frisch, G.J. Simmons (Eds.)
Public-Key Cryptography: State of the Art and Future
Directions, Lecture Notes in Computer Sciences, 578,
Springer-Verlag, 1991.
Page 81 of this report says
For the most applications a modulus size of 1024 bit
for RSA should achieve a sufficient level for ``tactical''
secrets for the next ten years. This is for long-term
secrecy purposes, for short-term authenticity purposes
512 Bit might suffice in this century.
Page 39 of that report estimates 500,000 MIPS-years
to factor a general 512-bit integer via ppmpqs.
The number field sieve was rather new in 1991 (it had been
used to factor 2^512 + 1 but some thought it impractical
for general numbers). Nonetheless page 44 of the report warns
Thus is it not unlikely that the number field sieve is better
than the ppmpqs for factoring integers in the 512-bit range.
The 1991 recommendation for 1024-bit keys is still valid in
1999. The report makes no recommendation for key lengths next
century. The recent RSA-140 factorization and Shamir's
announcement are
warnings that 512-bit keys are vulnerable in 1999, although they
are probably OK for `short-term authenticity purposes'.
--
[EMAIL PROTECTED] Home: San Rafael,
California Microsoft Research and CWI "
So Peter has already factored a 140 digit number (420 bits).
Lets call that a corporate effort, because of the team.
An individual like me, would take 20 years to factor a 512 bit
number. Peter's team will might factor 512 bits next year.
The government may do it in a month.
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: CIA's Kryptos Continuation N5
Date: 27 Jul 1999 11:08:38 GMT
CIA's KRYPTOS Continuation N5
This text contains several images and cannot be published on an discussion
group.
To consult it, please go to the web site�:
http://calvaweb.calvacom. fr/collomb/
Thank you
[EMAIL PROTECTED]
------------------------------
From: spike <[EMAIL PROTECTED]>
Subject: Freeware version of PGP !!!
Date: Tue, 27 Jul 1999 04:12:33 -0700
Reply-To: [EMAIL PROTECTED]
==============E331E923BD71A4D594D1BD92
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hey all...
What do you all think of the Gnu Privacy Guard, also known as GPG ? It
is intended to be a freeware version of pgp sponsored by the Free
Software Foundation as part of the GNU system. You can check out this
web page for more information. Any input regarding the quality of this
would be very appreciative.
http://www.gnupg.org
Thanks in advance...
Spike
==============E331E923BD71A4D594D1BD92
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<p>Hey all...
<p>What do you all think of the <a href="http://www.gnupg.org">Gnu Privacy
Guard, </a>also known as <a href="http://www.gnupg.org">GPG</a> ? It is
intended to be a freeware version of pgp sponsored by the Free Software
Foundation as part of the GNU system. You can check out this web page for
more information. Any input regarding the quality of this would be very
appreciative.
<p>
<a href="http://www.gnupg.org">http://www.gnupg.org</a>
<p>Thanks in advance...
<p>Spike
<br> </html>
==============E331E923BD71A4D594D1BD92==
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: OK. Maybe I am missing something here.
Date: 27 Jul 1999 09:21:51 -0400
In article <[EMAIL PROTECTED]>,
Shktr00p1 <[EMAIL PROTECTED]> wrote:
>>>Now you use a file containing 1000 random bytes and use that as the key. I
>>>know "One-Time-Pad". Each file is encrypted with a password(8 bytes) as
>>well.
>>>The password is used to encrypt the key file, then the key file is used to
>>>encrypt the file.
>
>>Well, there's nothing insecure about that.
>>
>>But if the 1000 random bytes are used to encrypt more than one file,
>>or if they're sent to your correspondent by E-mail, *then* your
>>encryption is only as good as the 8 byte password.
>>
>>Otherwise, it's a true one-time-pad, with a tiny extra safety feature.
>>
>>John Savard ( teneerf<- )
>>http://www.ecn.ab.ca/~jsavard/crypto.htm
>
>
>More than one file,
>
>How do you figure? That's 1000 bytes of random data which is overlayed by
>another 8 bytes just so that each file is encrypted slightly different. Since
>the 1000 bytes is already random and just encryted again by 8 bytes, what basis
>of decrpytion cracking would be used?
Kasiski superposition.
>It would be easier to crack the 8 bytes ALONE this is very true. However since
>the large key is random, what could you possible use to crack it?
Kasiski superposition.
It should worry you that there is a technique for this sufficiently general
and powerful that it has a name.
-kitten
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA public key
Date: 27 Jul 1999 13:29:10 GMT
ANSI X9.82 is a draft discussing RNGs and tests for same. In the meantime,
look at DSA on NIST web site for a good PRNG.
Don Johnson
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: What the hell is XOR?
Date: Tue, 27 Jul 1999 16:10:54 +0200
"Douglas A. Gwyn" wrote:
>
> "SCOTT19U.ZIP_GUY" wrote:
> > XOR R1,R2 which is make r2 = r1 XOR r2
> > XOR R2,R1 which is make r1 = r1 XOR r2
> > XOR R1,R2 which is make r1 = r1 XOR r2
>
> This is a well-known hack.
Yes, very well known....
> Unless there
> is a bottleneck at that point, swapping via a temporary
> would be clearer and thus preferable (from a code
> maintenance point of view).
And don't forget that doing this via pointers is
dangerous, eg. (in C)
void swap(int *a, int *b)
{
*a ^= *b;
*b ^= *a;
*a ^= *b;
}
Will fail if a and b both point to the same int. Watch out
for hard-to-find bugs if you ever do anything like this.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: randomness of powerball, was something about one time pads
Date: 27 Jul 1999 09:29:30 -0400
In article <[EMAIL PROTECTED]>, Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>Patrick Juola wrote:
>> There's your subsequence -- the sequence of winning bets is a subsequence
>> of the sequence of bets. The rest follows immediately.
>
>But it's not an infinite (sub)sequence. You set your goal in advance
>and
>stop when it has been met.
In that case, then we're back to the problem that you don't have infinitely
deep pockets.
>Whatever the actual fallacy, it must have to do with trading off very
>long
>expected time vs. very low probability, or something along those lines.
If you've got an infinite amount of time and money at your disposal
and a fixed finite goal then the Martingale strategy you set *will*
achieve your goal with probability 1.
On the other hand, there are lots of other strategies that will also
achieve your goal with probability 1 with considerably smaller
expected time and expected maximum depth of pockets.
So the only fallacy is that of ignoring constraints.
-kitten
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: hush mail
Date: Tue, 27 Jul 1999 16:32:32 +0200
[EMAIL PROTECTED] wrote:
>
> David A Molnar wrote:
>
> > I can't speak for the designers of the AES process, but I will note that
> > if practical quantum computers are built, then a space of n bits may be
> > searched in sqrt(n) time. In this case, a 256-bit cipher is "only" as
> > difficult to brute force as a 128-bit cipher would be w/o quantum
> > computers.
>
> Eh? Wouldn't that mean that that a 256 bit encryption would be equal to 16
> bit b/c sqrt(265) = 16?
No. The key size is an exponent, not a number, ie. A 256 bit key represents
2^256 keys, not 256 keys.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
Date: Tue, 27 Jul 1999 16:12:08 +0200
From: yoni <[EMAIL PROTECTED]>
Subject: Re: RSA block type 02
Never mind,
I got it right this time. Funny thing though, when someone is trying to
write an explanation you expect it to be simple and easy to understand
without double meanings etc...
Why can't they keep it simple ? ? ?
yoni wrote:
>
> Hi,
>
> I'm trying to decrypt a message encrypted with RSA PKCS#1 block type 02.
> This has something to do with the SSLv3.0 implementation.
> I am doing something wrong, becouse I can't get the expected results.
> Can anyone post code (or pseodo) that does it ?
>
> Thanks,
> Yoni.
--
Yoni Mizrachi. Bridges for Islands Ltd.
[EMAIL PROTECTED] http://www.b4i.com
phone: 972-3-6499971 (ext-207)
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Benchmarks of Symmetric Vs Has function algorithms
Date: Tue, 27 Jul 1999 10:00:31 -0400
>
Check out an article from
Bruce Schneier, "The CRYPTO BOMB is thicking". BYTE, may
1998
There is a table with some times of execution of symmetric algos and
hash function
software implemented on a Pentium.
Anton
------------------------------
From: "Jeffery Nelson" <[EMAIL PROTECTED]>
Subject: How would this effect the good old One Time Pad?
Date: Tue, 27 Jul 1999 10:09:58 -0000
I know this wouldn't be 'entirely' secure because it is still somewhat
repeated, but hear me out. You have a key that is, say 1000 bytes (I think
someone else brought that up...) and you wanted to loop it. for this
example let every 1 exampel byte = 100 real (random) ones:
abcdefghij
As everyone has heard or shold know, if you repeat that key then attacking
it with a iteration hack is easy (speaking in relative terms)
But because you do have a key perhaps adding a little extra security could
be accomplished by doing this:
abcdefghijabcdefghij
and then encrypting the center characters of the first repition of the key
(as close as can be determined) -to- the center of the second repition of
the key with the key it's self. As shown...
abcde|fghijabcde|fghij
|abcdefghij|
will output :
abcdeXXXXXXXXXXfghij
this is still not good enough, so for each 10 chars after this, shift the
key one char to the left and place the first char at the end and encode
again:
abcdeXXXXXXXXXX|fghijabcde|fghij
|bcdefghija|
returns:
abcdeXXXXXXXXXXYYYYYYYYYYfghij
for every L - 1 reptitions of the key.
I hope that makes sence. Tell me comments. This is more on the spot
thinking than anything... I think this would allow you to repeat the key
1,000,000 times and it would still appear random in some fashon. And if you
did that you could use that 1,000,000 key in the same proccess as above to
make it even larger. I could be (and probably are) wrong...
-Jeff
------------------------------
From: "Richard Rooney" <[EMAIL PROTECTED]>
Subject: Old DES-related papers wanted....
Date: Tue, 27 Jul 1999 16:43:39 +0100
I desperately need the following two papers :
1)
"Security considerations in the design and implementation of a new DES
chip."
I. Verbauwhede, F. Hoornaert, J. Vandewalle, H. de Man and R. Govaerts.
(May have been presented at EuroCrypt '87.)
2)
"Efficient Hardware and Software implementations of the DES".
M. Davio, Y. Desmedt, J. goubert, F. Hoornaert and J. J. Quisquater.
(CRYPTO '84)
Can anyone direct me please ?
Regards,
Richard Rooney.
[EMAIL PROTECTED]
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Benchmarks of Symmetric Vs Has function algorithms
Date: Tue, 27 Jul 1999 11:00:03 -0400
tables from BYTE, may 1998, Schneier
The time table is as follows
Algo, clocks per byte processed
(Pentium)
RC4 7
Blowfish 18
CAST 20
RC5-32/16 23
DES 45
IDEA 50
SAFER(S)K-128 52
Triple-DES 108
MD5 5
SHA-1 13
RIPE-MD-160 16
These are software (compared to hardware) implementations. DES on hardware
is _much_ faster
You have to be carefull when comparing Hash functions with Encryption
functions, they are not the
same thing at all. Encryptio algos can somethime serve for purposes that
Hash functions do, but
never vise versa. I give you this table to:
algo confidentiality
Authentification Management Integrety Key
Symmetric encryption yes
no no yes
public-key encryption yes
no no yes
digital signature
no
yes yes no
key agreement
yes
optional no yes
one way hash
no
no yes no
Message-authentif. code no
yes yes no
Hope this helps...
Anton
------------------------------
From: John Xiao <[EMAIL PROTECTED]>
Subject: convert key
Date: Tue, 27 Jul 1999 11:04:00 -0500
How can I convert my private key from base64.1 to binary?
------------------------------
Date: Tue, 27 Jul 1999 09:20:57 -0600
From: Gabriel Belingueres <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Pentium III & crypto
Hi,
Does anyone knows how is going to affect the new Pentium III's SIMD
instructions in the computing of crypto algorithms?
There is going to be any speed up at all?
See you,
Gabriel
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
