Cryptography-Digest Digest #951, Volume #9 Thu, 29 Jul 99 18:13:03 EDT
Contents:
Re: Virtual Matrix Encryption ([EMAIL PROTECTED])
Re: Q: Does ElGamal require that (p-1)/2 is also prime like DH? (Bob Silverman)
Re: The Gnu Privacy Guard ? ([EMAIL PROTECTED])
Re: RSA keys 2^64x + c versus SNFS (Bob Silverman)
Re: Compression for encryption ([EMAIL PROTECTED])
Re: How Big is a Byte? (was: New Encryption Product!) (Peter Seebach)
Cryptonomicon - low priority posting (Michael Slass)
cryptography tutorials (Bobby Heffernan)
Re: What the hell is XOR? ("Douglas A. Gwyn")
Re: ___EllipticCC on a GemXpresso JAVA card (Greg)
Problems with Cryptlib (Ron Williams)
Re: cryptography tutorials (JPeschel)
The Alphabetic Labyrinth ... and Voynich
Re: OTP export controlled? (Greg)
Re: OTP export controlled? ("Douglas A. Gwyn")
Re: Academic vs Industrial ("Douglas A. Gwyn")
Re: Anyone knows where to get original encryption source code? (Doug)
Re: Virtual Matrix Encryption (Guenther Brunthaler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Virtual Matrix Encryption
Date: Thu, 29 Jul 1999 18:43:19 GMT
> Otherwise, there's no real description of the algorithm. It uses
> "theoretically infinite matrices", whatever the hell they are. IMHO,
if
> you want to secure your files, use PGP or another product that uses
> proven algorithms.
>
Not too be picky but the algorithms in PGP have never been proven
secure. They appear to be. However the algorithms in PGP have a more
formal treatment (and less insane claims like OTP strength...)
VME is snake oil. They make wierd claims like 'inifite' size matrixes
which is technically impossible for computers (or at all). I would not
read about them and pretty much deny their existance.
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Q: Does ElGamal require that (p-1)/2 is also prime like DH?
Date: Thu, 29 Jul 1999 19:15:13 GMT
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
> > > It would take a while to find great Primes that meet this
criteria.
If you want both q and 2q+1 to be prime, the number of such pairs
up to x is C x/log^2 x + error, where C is given by a singular series.
(unless I am mistaken, this should be product(1/(1 - (2|p))/p) where
(2|p) is the Jacobi symbol)
On the other hand, the number of q is x/log x + O(x^1/2 log x) [on RH]
Thus, primes of the form 2q+1 , q prime, are indeed much rarer than
primes in general.
> I had answerd this question before but my 'Reply' and 'Reply to All'
> buttons
> seems to have been interchanged in netscape mail?? Anyways, if you
are
> looking for a prime of the form p = 2q + 1, you start by computing q.
> With this form, p is what we call probably prime
Bzzt. Wrong. Thank you for playing. Characterizing p = 2q+1
as a 'probable prime' because it has this special form "Isn't
even wrong". It has NOTHING to do with probable primes. p is
a probable prime if it satisfies a^(p-1) = 1 mod p for (a,p) = 1.
Your statement "With this form, p is what we call probably prime"
is nonsense.
"
>(wich is not the best term
> to use, since a number is either prime or not, no probabilities
involved,
No, but the *test* declares p prime, and the *test* is wrong with
a (low) probability. Calling a number a probable prime does not
mean that it is probably prime. As you point out, that probability is
0 or 1. What it does mean is that the number passed a *procedure* which
fails with a certain probability. That is why "probable prime"
is an appropriate term.
> but
> anyways it is what is used). You then just test if p is in fact
prime or
> not,
> this does not take much time (example, Miller Rabin prob. test
algorithme
> 4.24 in the Big Green book (Menezes, Oorschot, Vanstone)).
If q is indeed prime, then you can trivially PROVE p is prime.
Since all the factors of p-1 are known, all you need do is demonstrate
a primitive root. In fact, all you need do to PROVE primality is
to find a depending on r such that for each r|p-1 one has
a^(p-1)/r != 1 mod p but a^p-1 = 1 mod p. (Selfridge).
Using Miller-Rabin is wrong. It will take longer and does not yield
certainty.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The Gnu Privacy Guard ?
Date: Thu, 29 Jul 1999 18:48:17 GMT
> Well Spike I took a very quick look at it. I like the concept of a
> GNU group working on a public key encryption. But if I am not
> mistaken it still uses CFB mode encryption and still in the first
> few blocks incorparates a method so users can tell imediately
> that they have the wrong session key. Those features seem to
> be fixed as they where in the early PGP. I can't say about later
> PGP since it is no longer DOS. But I feel these two features
> may make the task of the NSA types several orders of magnitude
> easier. Again I am talking about the actual encryption that gets
> used on the data. There really are not many options for the public
> key part. I guess we just have to hope there is no easy break in
> them.
I guess.. Really confident of yourself hum? Let me guess you think the
DH problem is trivial and that it's a joke to fool most people?
> However I for one would like to see more chaining modes. I would
> even like to see the possiblity of a wrapped PCBC type of chaining
> and would like to see an option to drop the quick session key
> check which can only weaken the over all system.
Are you just plain mental? I think this has been said before...
INFORMATION SOMETIMES MUST BE ENCRYPTED AND SENT BEFORE THE ENTIRE
MESSAGE OR STREAM IS COMPLETE! (i.e live video and audio streams,
chat/tty).
Tom
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: RSA keys 2^64x + c versus SNFS
Date: Thu, 29 Jul 1999 19:34:43 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Francois Grieu) wrote:
> Some standards, including [1] and former versions of [2], consider RSA
> keys where the public modulus has the special form 2^(64x) + c with
> |c| "small".
>
> Such special form have been criticized: [3] and [2] warn that "moduli
> of this form are readily suceptible now to the special version of the
> Number Field Sieve and are quite insecure".
>
> Still [1] suggests to use public keys of form n = p.q = 2^(64x) + c
> with |c| > 2^(48x-1)
> Loosely speaking c is at least 75% the size of the public modulus.
>
> Question: is that enough to guard against SNFS ?
No. It is not enough. c need to have reasonably large HAMMING WEIGHT.
To illustrate:
Consider: N = 2^1024 + 2^900 + 1 as an example. This can be
represented as a polynomial with *much* smaller coefficients
than can a random 1024 bit number. e.g. let x = 2^146.
Then N = 4 x^7 + 2^24 x^6 + 1. 2^24 is much smaller than
the coefficients you will typically get for a random N. You could
also put 32N = x^7 + 2^18 x^6 + 32, with x = 2^147. or 4096N =
x^7 + 2^12 x^6 + 2^12 etc. This last only has 4 digit coefficients,
whereas one would expect for random N to require 36 to 38 digit
coefficients on average. (after a decent search)
If c has large Hamming weight, it becomes much harder to represent
N as (the instance of) a polynomial with small coefficients.
I am NOT saying that 2^1024 + 2^900 + 1 is a valid RSA key.
I am saying that if N = pq is of the form sum(2^a_i) AND
sum(a_i) is moderately small, then such moduli are easier to
break. When c is indeed small then the Hamming weight is also small,
which is why I gave the original warning.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Compression for encryption
Date: Thu, 29 Jul 1999 18:56:29 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> For multimedia applications you use compression anyway. But that
> compression is not the adaptive Huffman used by the writer of the
> original article of this thread, as far as I know.
My point is that for recursive compression algorithms (where now
depends on then) which are adaptive (like SPLAY coding graphics) there
is no 'hidden' dictionary to use.
I just don't think compression and encryption go hand in hand. It's
like saying a texture loader (PCX reader) and triangle rasterizer are
the same function. I like the PGP view. They use any normal
encryption algorithm on the compressed stream. They don't just
compress for security reasons. bin2hex text is bigger so if you can
compress the file before making it 25% bigger you could save email
time...
Tom.
--
PGP key is at:
'http://mypage.goplay.com/tomstdenis/key.pgp'.
Free PRNG C++ lib:
'http://mypage.goplay.com/tomstdenis/prng.html'.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Crossposted-To: alt.folklore.computers
Subject: Re: How Big is a Byte? (was: New Encryption Product!)
From: [EMAIL PROTECTED] (Peter Seebach)
Date: Thu, 29 Jul 1999 19:34:56 GMT
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]> wrote:
>I haven't read that article, but I suspect Kernighan was not referring
>to the awe-inspiring spectacle of programmer wars over the deep
>underlying issue of 0-origin vs. 1-origin. However, the not unrelated
>"fence-post error" problem probably <is> the number one identifiable
>cause of programming errors: if you have 100 feet of fence and want
>fence posts every 10 feet, how many do you allocate? The answer is too
>often just enough to guarantee a memory fault when you plant the last
>one.
I want 10, but I consider a fence that doesn't form a closed loop to be
ill-formed.
Actually, sometimes, I want fewer; consider
*-*-*
| | |
*-*-*
| |
*-*
which uses only 8.
-s
"the point never came within hailing distance of me"
--
Copyright 1999, All rights reserved. Peter Seebach / [EMAIL PROTECTED]
C/Unix wizard, Pro-commerce radical, Spam fighter. Boycott Spamazon!
Will work for interesting hardware. http://www.plethora.net/~seebs/
Visit my new ISP <URL:http://www.plethora.net/> --- More Net, Less Spam!
------------------------------
From: Michael Slass <[EMAIL PROTECTED]>
Subject: Cryptonomicon - low priority posting
Date: Thu, 29 Jul 1999 11:42:28 -0700
LOW PRIORITY - MILDLY OFF-TOPIC
Hi all,
Just finished _Cryptonomicon_ by Neal Stephenson. The plot is kinda
weak, but the writing is wonderful. Stephenson develops some images and
analogies that had me laughing into tears. Besides, you've gotta love a
book that
1) is about the importance of secure communications
2) in which the protagonists include a WWII cryptanalyst and his
UNIX-guru grandson
3) includes a written-for-the purpose pencil and paper cipher by B.
Schneier.
Fun, and certainly worth splitting the hardcover cost with a geeky
friend.
-Mike
------------------------------
From: Bobby Heffernan <[EMAIL PROTECTED]>
Subject: cryptography tutorials
Date: Thu, 29 Jul 1999 21:11:25 +0100
are there any good crypto tutorials on the eweb
that cover everything, including all the math
I can not afford a big book
thanks
Bob
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What the hell is XOR?
Date: Thu, 29 Jul 1999 17:20:16 GMT
"John M. Gamble" wrote:
> But good heavens, why would you do it like that?
Because in some cases, and some languages, there are
often advantages to pass-by-reference, so it might happen
inadvertently when code is borrowed and adapted.
Note that a "swap" function is *impossible* using
pass-by-name.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: ___EllipticCC on a GemXpresso JAVA card
Date: Thu, 29 Jul 1999 20:35:32 GMT
> I am asking your opinion on implementing an Elliptic Curve Crypto
> system (maybe just a signature scheme) on a GemXpresso Java Card.
>
> The characteristics of this JAVA card can be found on:
> http://www.gemplus.com/products/microprocessor/gemxpresso.htm
>
> Note that it has a 5Mhz 32-bit cpu and 32 kbyte EEPROM, but no
> crypto-coprocessor.
>
> But it runs JAVA and JAVA seems to be slow.
>
> So is it FEASIBLE to run ECC signature on a GemXpresso JAVA card
> even if one trys the best to implement a state-of-the-art efficient
> ECC?
> (e.g. Does it possess a JAVA JIT?
> Can it run assembly language?)
I can't tell you what type of performance you can get with a processor
that slow, but I can tell you that I have implemented a 571 bit ECC on
a 266 Pent class machine and it takes about a minute to build a public
key (a point on the curve). Given the size of field and the lack of
optimization to the code (I just got it working), I was quite surprised
it completed in such a short time, let alone in less than a day.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council = Democracy in Action - there is no appeal. Welcome
Criminals make Crime. Armies make Tyranny. The 2nd amendment addresses
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Ron Williams)
Subject: Problems with Cryptlib
Date: 29 Jul 1999 15:58:14 -0500
Greetings, all.
The latest version of the Cryptlib encrytion library
(http://www.cs.auckland.ac.nz/~pgut001/cryptlib/) contains a make file
specifically for djgpp v2. I have been trying unsucessfully to get the
library compiled. I keep getting the following error, after which gcc
aborts:
No command name seen
make.exe: *** [libcrypt.a] Error -1
As a rank beginner with C (I come from a database programming
background), I am having trouble finding the error(s). Actually, there
shouldn't BE any errors as this make file and the cryptlib routines
are from the same package.
My installation of djgpp is plain vanilla; I have the djgpp and path
environment settings in my autoexec.bat file; I have the proper
versions of all the utility routines as outlined in Cryptlib's djgpp
make file; but, I just can't get Cryptlib to create the libcrypt.a
library file.
Has anyone gotten Cryptlib to compile under djgpp v2? Can anyone
suggest any source code modifications that need to be made in order
for it to compile properly?
My whole purpose with this is to try and duplicate some of the DES
challenges put out by RSA and, at the same time, learn a bit about C.
Once I can create libcrypt.a, I assume I can just put it in /lib along
with des.h in /include and compile the RSA challenge program (it has
an "#include des.h" statement in it).
Thanks for your patience in wading through this. If anyone needs more
info, just let me know.
--Ron
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: cryptography tutorials
Date: 29 Jul 1999 20:54:08 GMT
><[EMAIL PROTECTED]>writes:
>are there any good crypto tutorials on the eweb
>that cover everything, including all the math
>I can not afford a big book
Parts of Menezes' book are at his web site.
I have some classical crypto lessons by
Randy Nichols, and the slides from Biham's
cryptology course on my site. At Counterpane,
Schneier offers a cryptanalysis course that
will require a lot of reading.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] ()
Subject: The Alphabetic Labyrinth ... and Voynich
Date: 29 Jul 99 20:33:19 GMT
I recently purchased a book entitled "The Alphabetic Labyrinth", by
Johnanna Drucker (Thames and Hudson). It is a very interesting book about
what people have made of and done with the alphabet; it includes a few
pages about early cryptography, and addresses such topics as artificial
languages and Cabbalism.
It is marred by at least one PC comment, where she notes that the way in
which scholars "privileged" everything Greek over previous civilized
cultures had obvious bias - of course, enthusiasm over Greece is
justified, since it was a society that practiced free inquiry, whereas
previous societies were autocratic or theocratic.
However, I noticed something else startling. She claims that Newbold's
"decipherment" of the Voynich manuscript - as actually being written in
extremely tiny letters that formed the symbols everyone else thought were
its real letters - only was debunked when someone later found the real key
to the Voynich manuscript.
Specifically, Joseph Martin Feely, in "Roger Bacon's Cipher" in 1943.
(Incidentally, the numbering of the notes is off by one in this area of
her book.)
This is news to me, and it certainly would have been news to David Kahn
when he wrote _The Codebreakers_ in 1967. As far as I know, the Voynich
manuscript remains an unsolved problem.
Is this just poor scolarship, or has the incredible happened, bringing an
obscure solution to the Voynich manuscript to light?
John Savard
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OTP export controlled?
Date: Thu, 29 Jul 1999 20:09:51 GMT
I can ask someone at NSA for us if you want.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council = Democracy in Action - there is no appeal. Welcome
Criminals make Crime. Armies make Tyranny. The 2nd amendment addresses
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Crossposted-To: talk.politics.crypto
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OTP export controlled?
Date: Thu, 29 Jul 1999 17:18:11 GMT
Isaac wrote:
> On Thu, 29 Jul 1999 05:12:50 GMT, Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> >Isaac wrote:
> >> ... Software with crypto shaped holes in it, that is with "hooks"
> >> for crypto is also not exportable.
> >You seem to have missed something crucial, to wit, the code I
> >posted is a complete cryptosystem *if you choose to use it as one*.
> >(Sender and receiver need to agree upon a file to use as the "key".)
> >Yet I doubt that you're claiming it is "not exportable".
> I didn't miss anything. Your code is not a complete system.
> The part about sender and receiver agreeing upon a key is simply
> not a trivial exercise. A true OTP is known to be unbreakable.
> The reason why other, possibly breakable systems, are thousands of
> times more popular is because they address the problems with
> generating, sharing, and managing keys. Those things aren't
> frills, and with a OTP they mean the difference between security
> and false security. You haven't addressed any of these things.
I never advertised it as an "OTP system". However, it can readily
be used as one if the communicants have a suitable key file. It
can also be used as a (more breakable, but still afoul of the ITAR)
running-key cryptosystem.
I agree that for heavy-duty commercial use, key management needs
to be addressed, but that has nothing to do with the crypto export
regulations.
You might consider that the code I posted *is* the crypto module
that plugs into one of your "hooks", the rest of the system just
implementing the user interface and key management infrastructure.
In which case, the separate export of the two pieces don't run
afoul of the regulations, thereby circumventing their intent.
Or else, the regulators would have to assert that the sample code
*does* run afoul of the regulations, and I think they'd look
rather silly trying to defend that in court.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Academic vs Industrial
Date: Thu, 29 Jul 1999 17:31:06 GMT
"Markku J. Saarelainen" wrote:
> There is an active secret channel between certain intelligence agencies and
> some large software companies to enable these companies to continue it
> monopolistic intentions and activities, 042799
That is against Federal law -- send me detailed evidence and I'll be
happy to initiate an investigation.
> Specific hubs have been created and used by CIA, NSA and other UKUSA
> intelligence agencies to monitor all Internet traffic and communications.
> 031599
To monitor "all" Internet traffic, essentially all routers would have
to cooperate in this nefarious plot. That in effect means all Cisco
routers. By what means do they prevent infinite recursion on the
packets of monitoring data that would have to be routed to the
collection agents? Or do you maintain that they send it by other means?
It's one thing to expose and complain about *real* abuses, but it is
counterproductive to do that without being able to provide hard
evidence to support your claims. It becomes like the boy who cried
"Wolf!".
------------------------------
From: Doug <[EMAIL PROTECTED]>
Subject: Re: Anyone knows where to get original encryption source code?
Date: Thu, 29 Jul 1999 21:12:14 GMT
Hi Norman,
I was you deja post below. I don't know if this will help or not but I
ran across something this week that was interesting. There is a UK
company that just released a new free email software product that uses
448 bit blowfish encryption and the keys are 2048 bit RSA on both the
email message and any attachments. They believe that this encryption
is unbreakable within any reasonable period even with virtually
unlimited computing capacity.
Sorry I can't help you on the generic codes, but maybe you could check
out this company's site and contact them? The url is
http://www.1on1mail.com.
I'd say that if their email software product works like they say it
does, it should be a big hit. I plan on downloading it today and
playing with it myself.
Take care,
Doug
Silver City
In article <7nn9ho$p81$[EMAIL PROTECTED]>,
"Digital" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm undergoing a project of analyising cryptography, does anyone
knows where
> can I get the generic codes of different encryption method like DES,
> Blowfish, IDEA and many others?
>
> Or does anyone knows of any encryption programs that uses generic
methods of
> encryption?
>
> Thank you very much for your help! :)
>
> P/S: My email is at: [EMAIL PROTECTED]
> Regards,
> Norman
>
>
--
Doug Ausbury
Silver City
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: Virtual Matrix Encryption
Date: Thu, 29 Jul 1999 21:05:46 GMT
On Tue, 27 Jul 1999 09:11:02 -0400, [EMAIL PROTECTED] wrote:
>Here's a clip from their web site. It answers the critical question.
>...
> The base of VME is a Virtual Matrix, a matrix of binary values
>which is
> infinity in size in theory and therefore have no redundant value.
>The
> data to be encrypted is compared to the data in the Virtual
>Matrix.
> Once a match is found, a set of pointers that indicate how to
>navigate
> inside the Virtual Matrix is created.
To me, this looks pretty like the old "locate your message inside PI
and return just the number of the starting digit" method.
And I assume it will have the same basic problem: While it is true
that every possible message is contained somewhere inside a number
such as PI, it may take more bits to present the starting digit than
the message size... in addition to the problem of locating the right
starting digit.
Plus, such a scheme is useless unless BOTH partners know that the
number PI is used.
Or the contents of the virtual matrix. In this case, the matrix can be
viewn as the actual key, reducing the whole thing to just another
symmetric key cipher.
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
