Cryptography-Digest Digest #944, Volume #9 Wed, 28 Jul 99 03:13:05 EDT
Contents:
Re: hush mail ([EMAIL PROTECTED])
Re: How Big is a Byte? ([EMAIL PROTECTED])
Re: Encrypting in C++ and C ([EMAIL PROTECTED])
Novice key question ("Mark Hammer")
Academic vs Industrial ("Markku J. Saarelainen")
Re: convert key (Michael Slass)
source code needed ("Michal Sheinkin")
Unique and random ("Isaac Rajkumar")
Re: to the group... well... ("Douglas A. Gwyn")
Re: Pentium III & crypto ("Douglas A. Gwyn")
Re: OK. Maybe I am missing something here. ("Douglas A. Gwyn")
Re: Unique and random (Glenn Davis)
Re: Academic vs Industrial (David A Molnar)
Re: Rsa-512 ("Rene Laederach")
Re: Old DES-related papers wanted.... (David A Molnar)
Great new papers and a thesis on Quantum Computing / Information Theory (Anti-Spam)
Re: Blakely-Shamir info? (Peter Pearson)
Re: Freeware version of PGP !!! (David A Molnar)
Bad Test of Steve Reid's SHA1 ([EMAIL PROTECTED])
Modification to my OTP alg. Any input? (Shktr00p1)
Virtual Matrix Encryption (Yosi)
Re: How would this effect the good old One Time Pad? (wtshaw)
Re: Freeware version of PGP !!! (spike)
----------------------------------------------------------------------------
Date: Mon, 26 Jul 1999 18:41:33 -0400
From: [EMAIL PROTECTED]
Subject: Re: hush mail
Thomas J. Boschloo wrote:
> Buy an AMD K6-III <http://www.bigbrotherinside.com/#help>
I did. It is impressive.
------------------------------
Date: Mon, 26 Jul 1999 18:25:19 -0400
From: [EMAIL PROTECTED]
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte?
wtshaw wrote:
>
> In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
> <[EMAIL PROTECTED]> wrote:
>
> > [EMAIL PROTECTED] wrote:
> > > Douglas A. Gwyn wrote:
> > > > [EMAIL PROTECTED] wrote:
> > > > > If the number line is entended into the negative realm there are
> > > > > alternate representations of zero. 1-1 would be one such.
> > > > That's no longer base 1.
> > > ... as you define it.
> >
> > That's not base 1 as any competent mathematician defines it.
> > You can't obtain the -1 term by raising 1 to any integer power.
>
> Consider that a black hole is considered a singularity, something that we
> can imagine but never see. It behaves in some sense according to the
> rules of base one, where everything collapses to nothingness, and becomes
> infinitely unavailable. If astrophysics can accept black holes, we can
> surely accept numerical black holes, and find meaning elsewhere where we
> can deal productively.
If base one is analogous to a black hole what's the equivalent for base
zero? Base one has more the flavor of a Bose-Einstein condensate where
every particle has exactly the same quantum numbers; just like in base
on every digit has an equal weight.
------------------------------
Date: Mon, 26 Jul 1999 18:50:32 -0400
From: [EMAIL PROTECTED]
Subject: Re: Encrypting in C++ and C
This question belongs in comp.lang.cpp or whatever.
Jeffery Nelson wrote:
>
> I've been working ok a "one pass pad" algorithm (if you can call it that),
> in C++ and have had many many troubles with they cypher turning the EOF
> character into some other letter and the other way arround. This becomes
> increasingly taxing when I use the .EOF to delimit my loops because I open
> the files in binary mode (although I can't open exe's for some odd reason).
> Is there some way to end a loop at the END OF A FILE not useing .eof()? I
> know this isn't a C++ newsgroop, but because it is the cypher that is
> causing the problem, I thought someone here would have run into this. I can
> give you the source to the file extractions method I use if you would like,
> but I have to keep the header file I use to myself. Please HELP!
------------------------------
From: "Mark Hammer" <[EMAIL PROTECTED]>
Subject: Novice key question
Date: Tue, 27 Jul 1999 19:52:22 -0700
I am wondering how algorithms generate a key if the user inputs a password.
--
Thanks,
Mark Hammer
[EMAIL PROTECTED]
http://free.prohosting.com/~maqua/
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Academic vs Industrial
Date: Tue, 27 Jul 1999 18:57:56 +0000
There seems to be building up a consensus that many academic algorithms
and standardization results are quite ineffective for any serious data
protection purposes due to covert influences by certain intelligence and
code braking agencies. Surely, these standards should not be used for
any industrial data security applications.
*****************
Encryption and many cryptography technologies are very important for any
future electronic commerce applications and implementations. It is the
recommendation to decline the acceptance of any Wassenaar Agreement
(http://www.wassenaar.org) terms on encryption controls and to support
the strongest cryptography in all commercial internet communications
globally. The role of the Internet is already critical in most
international enterprises and corporations. However, due to the open
infrastructure and individuals' principal lack of the security knowledge
and consciousness, quite often critical business messages are sent
without any encryption protection, which makes corporations extremely
vulnerable. It is a common public knowledge that some specific
intelligence agencies are using the Internet and other intel collection
methods to acquire and collect specific technology and business intel
for specific commercial and business enterprises. Some of most popular
encryption applications have backdoors and their development projects
have been supported and influenced by certain specific intel-interest
groups. In the future's electronic commerce environment these encryption
methods and technologies shall become even more important for any
corporation anywhere around the world and it is highly recommended to
avoid using any of the most popular and/or free encryption applications
for any business and commercial communication.
------------------------------
From: Michael Slass <[EMAIL PROTECTED]>
Subject: Re: convert key
Date: Tue, 27 Jul 1999 16:48:21 -0700
Sorry:
I forgot the "rsa":
openssl rsa -inform DER -in mykey.der -text
-Mike
Michael Slass wrote:
> Yes, DER is binary. If you want to see the key in hex, use
>
> openssl -inform DER -in mykey.der -text
>
> This will display all three components of the key, as well as the original
> primes and the intermediate numbers that were used to generate the key,
> nicely formatted with lables and hex byte pairs.
>
> -Mike
>
> John Xiao wrote:
>
> > I tried it, openssl did the conversion, but is the *.der binary or what?
> >
> > also, how can I convert the key to hexadecimal?
> >
> > Michael Slass wrote:
> >
> > > If you're using the openssl command-line tool, you can use
> > >
> > > openssl rsa -inform PEM -in mykey.pem -outform DER -out mykey.der
> > >
> > > -Mike
> > >
> > > John Xiao wrote:
> > >
> > > > How can I convert my private key from base64.1 to binary?
------------------------------
From: "Michal Sheinkin" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: source code needed
Date: Thu, 22 Jul 1999 12:26:14 +0200
I'm trying to implement the family key variant of Twofish, if anyboody has a
sample please send me.
Michal Sheinkin
Regisoft LTD
[EMAIL PROTECTED]
------------------------------
From: "Isaac Rajkumar" <[EMAIL PROTECTED]>
Subject: Unique and random
Date: Tue, 27 Jul 1999 19:40:29 -0500
Hello - for the application I am working on, I need to generate unique
numbers
like what's available form guuidgen in NT. In addition these need to be
random
(sparse).
Can someone provide/point me to some information on how this can be
achieved?
Thanks.
Isaac
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: to the group... well...
Date: Tue, 27 Jul 1999 21:12:03 GMT
Jeffery Nelson wrote:
> this didn't fix my problem. The REAL problem was the fact that for some
> reason the code I put out will only extract 455 of the actual 307,514
> characters in that file before encountering a "so called' EOF.
Usually this means that you are reading a binary file as a text stream.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Pentium III & crypto
Date: Tue, 27 Jul 1999 21:25:23 GMT
Gabriel Belingueres wrote:
> Does anyone knows how is going to affect the new Pentium III's SIMD
> instructions in the computing of crypto algorithms?
In general, SIMD instructions (such as MMX, which is not
specific to the Pentium III) can speed up computations
where the bottleneck is a loop that performs some simple
operation on each element of an array. The available
x86 C compilers don't make any use of MMX automatically,
so you have to code specially for that feature (possibly
using assembly language). The DSP I'm currently
programming has a compiler that is makes very good use
of the similar features of the DSP, although for maximum
speed one still has to resort to assembly language.
The overall difference is unlikely to make a qualitative
difference in crypto applications. Much more interesting
is Motorola's programmable Advanced Infosec Machine, which
runs many channels of crypto processing simultaneously,
generally with different algorithms on different channels.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OK. Maybe I am missing something here.
Date: Tue, 27 Jul 1999 21:14:38 GMT
Patrick Juola wrote:
> Kasiski superposition.
> It should worry you that there is a technique for this sufficiently general
> and powerful that it has a name.
Kasiski analysis is okay for finding periodicity,
but it is not nearly as powerful as a coincidence
(autocorrelation) technique. The latter works
even when there are no repeats of multiletter
groups.
------------------------------
From: Glenn Davis <[EMAIL PROTECTED]>
Subject: Re: Unique and random
Date: Tue, 27 Jul 1999 20:39:29 -1000
Isaac Rajkumar wrote:
>
> Hello - for the application I am working on, I need to generate unique
> numbers
> like what's available form guuidgen in NT. In addition these need to be
> random
> (sparse).
>
> Can someone provide/point me to some information on how this can be
> achieved?
>
> Thanks.
>
> Isaac
One way is to obtain a list of random numbers and eliminate
duplicates.
Another way is to use a counter as an input to a hash.
The inputs will be unique, the outputs will be unique,
and they seem to be random to a human observer. They are
not random, but they appear to be random. Or use DES
to encrypt the counter values. Or use the counter values
as keys for DES.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Academic vs Industrial
Date: 28 Jul 1999 04:22:35 GMT
Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
> There seems to be building up a consensus that many academic algorithms
> and standardization results are quite ineffective for any serious data
> protection purposes due to covert influences by certain intelligence and
> code braking agencies. Surely, these standards should not be used for
> any industrial data security applications.
Do you have any particular tainted algorithms in mind?
Followups set.
-David Molnar
------------------------------
From: "Rene Laederach" <[EMAIL PROTECTED]>
Date: Wed, 28 Jul 1999 02:43:36 +0100
Subject: Re: Rsa-512
Hello DJohn37050!
DJohn37050 typed this on 27 Jul 1999 15:46:45 GMT about 'Re: Rsa-512':
D> One should assume RSA 512 can be broken by a determined attacker. Don
D> Johnson
What about the machine presented to crack 512 bit RSA keys? Nobody admitted
building one, but we can bet our behinds that at least one agency did.
--
FIDO: 2:301/133 & 135 | Member We're returning!
Internet [EMAIL PROTECTED] | Team AMIGA - the true avantgarde
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Old DES-related papers wanted....
Date: 28 Jul 1999 04:20:24 GMT
Richard Rooney <[EMAIL PROTECTED]> wrote:
> I desperately need the following two papers :
[EUROCRYPT and CRYPTO papers snipped]
> Can anyone direct me please ?
If you receive no other response, you may want to check out the CD of
CRYPTO proceedings which Springer-Verlag is offering.
-David
------------------------------
From: Anti-Spam <[EMAIL PROTECTED]>
Subject: Great new papers and a thesis on Quantum Computing / Information Theory
Date: Tue, 27 Jul 1999 21:23:21 -0700
To those interested in Quantum Computing and Quantum Information Theory
and the impact on cryptanalysis and cryptography (given the threads on
the subject over the past month and a half or so), the following papers
are now available from the Los Alamos National Laboratory e-print
archive and should prove interesting reading:
Title: Quantum Data Processing
Authors: Rudolf Ahlswede, Peter Loeber
http://xxx.lanl.gov/format/quant-ph/9907081
Title: Coding Theorems of Quantum Information Theory
Authors: Andreas Winter
Comments: 80 pages, Ph.D. dissertation, Uni Bielefeld
http://xxx.lanl.gov/format/quant-ph/9907077
Title: Algorithms on Ensemble Quantum Computers
Authors: P. Oscar Boykin, Tal Mor, Vwani
Roychowdhury, Farrokh Vatan
http://xxx.lanl.gov/format/quant-ph/9907067
Just choose a format and download them for viewing.
[EMAIL PROTECTED]
------------------------------
From: Peter Pearson <[EMAIL PROTECTED]>
Subject: Re: Blakely-Shamir info?
Date: Tue, 27 Jul 1999 22:01:28 -0700
Dale Clapperton wrote:
> Can anyone point me to some info on Blakely-Shamir key splitting?
>
> I've already searched the net but I cant find a hell of a lot on it..
>
The first edition of Schneier's "Applied Cryptography" included
code for Blakely-Shamir secret sharing.
- Peter
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Freeware version of PGP !!!
Date: 28 Jul 1999 04:36:36 GMT
spike <[EMAIL PROTECTED]> wrote:
> Hey all...
> What do you all think of the Gnu Privacy Guard, also known as GPG ? It
> is intended to be a freeware version of pgp sponsored by the Free
> Software Foundation as part of the GNU system. You can check out this
> web page for more information. Any input regarding the quality of this
> would be very appreciative.
I have it at 0.9.7 . It compiles nicely on my Digi^H^H^H^H Compaq Tru64
UNIX test system. It encrypts and decrypts its own messages without a
hitch. When I get off my lazy rear, I'm going to see if I can get it to
work with my pgp/pine scripts. If I can hack together a version capable of
handling all PGP keys and sigs from 2.6 on, I will be very happy!
In the meantime, the fact that it can use twofish gives me a warm and
fuzzy feeling...but I haven't looked at the code in the way I suspect you
want : with an eye towards verifying correct implementation of the various
algorithms.
-David
------------------------------
From: [EMAIL PROTECTED]
Subject: Bad Test of Steve Reid's SHA1
Date: Wed, 28 Jul 1999 05:05:31 GMT
I originally tried to send the following message directly to Steve Reid
at the e-mail address posted in his program, but it was returned
"server unkown". Apparently his e-mail address has changed. Also, it
has been about two years since the last message I could find about his
code on my forum. Any help/comments would be appreciated - even from
Mr. Reid if you are out there. Here it is:
I just purchased a copy of the diskettes for Bruce Schneier’s book,
Applied Cryptograph, which contains a public domain C algorithm for SHA
written by Steve Reid. I have compiled it with Visual C++ 6.0 and run
some tests. If I understand his embedded documentation correctly, I
must be doing something wrong. I get different answers than those
included in the code:
For “abc” I get 672533D0 EBB3B826 353EBF7D 4B51FE4F 26D5BAAF where I
think I should be getting A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D.
For “abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq” I get
AFB52015 56ACE80B BEA33D1E 8352FCE7 A0130CFC where I think I should be
getting 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1.
Admittedly, it has been a long time since I last compiled a program in
C. I plan to use C to turn the code into a .dll that I may call from
my current development platform, SAS. I enter the text to be encrypted
without the quotes. It appears that I have to press <enter> after that
text, followed by a <ctl>z and another enter. It does appear that my
answers are consistent. Also, it doesn’t appear that defining
LITTLE_ENDIAN makes a difference. Again, it has been years since my C
programming days, and I am not sure what this is supposed to do. Is it
related to the “technical flaw” that Mr. Shneier refers to on page 443?
Any suggestions you have would be appreciated.
TIA,
Rob
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Shktr00p1)
Subject: Modification to my OTP alg. Any input?
Date: 28 Jul 1999 05:24:20 GMT
Still using the 1kbyte key:
If I was to base they encryption algorythm on each byte in the file, would this
help? If so by what degree?
In other words..
I take a byte from the file say 1 and one from the key say 2
My old method was simply 1+2 = 3(encrypted).
If I instead made it so that if the byte was pulled from the file and changed
the algorythm based on what the byte was, would this help much. Here's an
example of psuedocode to help explain.
IF filebyte is 1 THEN encbyte = filebyte + keybyte
IF filebyte is 2 THEN encbyte = filebyte - keybyte
IF filebyte is 3 THEN encbyte = filebyte + ((keybyte*nextbyte) MOD lebyte))
IF filebyte is 4 THEN encbyte = filebyte + ((keybyte*lastbyte) MOD filebyte))
making an entire algorythm map,ect....
Input please?
( ( (( Shock Troop )) ) )
------------------------------
From: Yosi <[EMAIL PROTECTED]>
Subject: Virtual Matrix Encryption
Date: Wed, 28 Jul 1999 05:21:29 GMT
Hi,
Someone sent me the URL of a company that claims it has invented
the ultimate encryption algorithm, which they call VME (Virtual Matrix
Encryption). I visited the company's site (http://www.meganet.com)
but I couldn't determine if this is just a "snake oil" product, or it
should be taken seriously.
Does anyone knows more about it?
Sincerely,
Yosi
P.S
I would be more than grateful if you can send a
copy of your reply to [EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: How would this effect the good old One Time Pad?
Date: Wed, 28 Jul 1999 01:11:56 -0600
In article <[EMAIL PROTECTED]>, "Jeffery Nelson"
<[EMAIL PROTECTED]> wrote:
> I wasn't sure if this was a good idea or not, but here's another though.
> Although this would take lots of time, both in computer computation and your
> guessing on how they did it to code the computer. It can be broken
> none-the-less (because, as you know, it is still a form of repition). I do
> agree that your theory would work though, and perhaps to a better degree
> than mine. Especially if they couldn't disassembel your code (BTW if anyone
> has documentation and\or commends on how to make your code harder to
> disassembel or make it harder to understand once it is disassembeled I
> wouldn't mind haveing a copy...) to find your methods. Did you ever code a
> version of what you are refering to? If so could you email it to me?
The program that I used is a Mac application with the strange name of
Farmer Brown. You see, the guy uses and reuses what he has to get the most
out of it. The application does a number of weird things as it is a sort
of laboratory for playing with a few selected crypto ideas. It even comes
with online documentation. If a Mac user, send me an email to help me
establish you are in the US, and when verified, I can get this to you, and
perhaps lots of other neato crypto goodies.
--
Freedom means having the right to chose to be isolated and left
alone. It also means not having the right to force someone to get
involved. But, the continuation of freedom demands that some of
us act for those that can't or won't.
------------------------------
From: spike <[EMAIL PROTECTED]>
Subject: Re: Freeware version of PGP !!!
Date: Tue, 27 Jul 1999 23:08:24 -0700
Reply-To: [EMAIL PROTECTED]
David A Molnar wrote:
> In the meantime, the fact that it can use twofish gives me a warm and
> fuzzy feeling...but I haven't looked at the code in the way I suspect you
> want : with an eye towards verifying correct implementation of the various
> algorithms.
>
> -David
That`s cool. What is twofish ? I mean... I know that it`s one of the AES
candidates. But other than than I have no idea what it is. How does it
compare it terms of speed and security to des, triple-des and idea.
spike
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
