Cryptography-Digest Digest #995, Volume #9 Fri, 6 Aug 99 02:13:03 EDT
Contents:
Re: cryptography tutorials (drobick)
Re: Prime number. (Boris Kazak)
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: About Online Banking Security (KidMo84)
Re: new PGP key and test ([EMAIL PROTECTED])
Re: Questions regarding elliptic curve cryptography. (Greg)
Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a Byte?)
([EMAIL PROTECTED])
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? (SCOTT19U.ZIP_GUY)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: About Online Banking Security (Greg)
Re: Transposition and substitution algorithms ??? (wtshaw)
Re: Need letter frequencies (wtshaw)
Re: Do Window Apps using CryptAPI exist? (wtshaw)
beginner question re. MD5 and one-way hashes (Muharem Hrnjadovic)
Re: What is "the best" file cryptography program out there? (wtshaw)
Re: Need letter frequencies (Jim Gillogly)
Re: Will someone please flame me??? (John Savard)
----------------------------------------------------------------------------
From: drobick <[EMAIL PROTECTED]>
Subject: Re: cryptography tutorials
Date: Sat, 31 Jul 1999 11:10:41 +0200
polyalphabetics window$95 program of caesar & vigenere look here:
http://www.arco.de/~drobick/download/cipher.zip or
http://www.arco.de/~drobick/freeware-E.html (alternate german
freeware.html)
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: Prime number.
Date: Thu, 05 Aug 1999 19:22:09 -0400
Reply-To: [EMAIL PROTECTED]
Bob Silverman wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (John McDonald, Jr.)
> wrote:
>
> > On Tue, 03 Aug 1999 23:40:39 GMT, Bob Silverman <[EMAIL PROTECTED]> wrote:
> >
> > >Bob Silverman
> > >"You can lead a horse's ass to knowledge, but you can't make him think"
> >
> > You know, Bob's response to my post really bothered me for about 10
> > minutes today, until I read the rest of his posts to this NG. It
> > seems that despite the man's rather costly education, he forgot to
> > include people skills. Did you skip the course on "How not to come
> > across like an Asshole?" at Harvard? Did they not offer it at the
> > University of Chicago?
>
> It is a pretty sure sign that when people start resorting to name calling
> that they have nothing constructive to say.
>
> When you and others post assertions in a public forum you have a
> responsibility to either be informed about what you are discussing or
> to check sources.
>
> This isn't about people skills, it's about responsibility.
>
> Do you react this way to your boss (or professors) when (s)he tells
> you that you made a mistake?
> >
=====================
Do you react this way to your boss (or professors) when (s)he makes a
mistake?
Best wishes BNK
------------------------------
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: What is "the best" file cryptography program out there?
Date: 06 Aug 1999 02:31:48 GMT
Ima still tryin to figure out how my origional posting led to this msg.
:)
Signed,
KidMo
------------------------------
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: About Online Banking Security
Date: 06 Aug 1999 02:46:31 GMT
Thankz, thats exactally what i wanted:)
Signed,
KidMo
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: new PGP key and test
Date: Fri, 06 Aug 1999 02:39:37 GMT
> Here is a question though. My key is at an FTP site of
>
> ftp://ftp.goplay.com/tomstdenis
>
> What would be the steps for 'hacking' the key at that site? Are there
> any pointers online? Basically I want to know how someone from
outside
> of goplay (the FTP provider) would hack the key and thus fake being me
> (well [EMAIL PROTECTED])
I am willing to divulge more personal habits (say about the times when
I use goplay) in private email. I seriously want to know how someone
might steal/change the key at my site.
BTW I got pgp 2.6.2 and I think it's much easier and funner to use then
pgp 6.0.2. I have a 768 bit RSA key (see my .sig).
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Fri, 06 Aug 1999 02:42:10 GMT
In article <[EMAIL PROTECTED]>,
Teh Yong Wei <[EMAIL PROTECTED]> wrote:
> Me again. Sorry for posting so many "simple" questions to all of U.
But,
> I myself am new in this field, so there is a lot of things that I am
> quite uncertain and don't understand. Here are some questions
regarding
> ECC:
>
> 1) How to determine a curve is a good curve?
Personally, I have chosen 4 curves for my ECC application and they all
come from NIST (I know, I know), Certicom, Dr Michael Rosing, and IEEE,
which draw from other documented sources.
> 2) How to choose a and b in the ECC equation?
Take the parameters from those published curves.
> 3) Do we need to know all the points on a curve?
No. Once you see the application work flawlessly, you will be so spell
bound as to how simple the whole thing is, you will believe you just
made the most perfect piece of software ever.
> 4) Who will generate the curve? The sender or the receiver?
The curve IS. You never generate it. The curve, and the underlining
field simply define the bounds of the population of points on the curve
and how you move from one point to the next in a cyclic fashion.
> 5) Why we need to "convert" the message to a pair of integer?
You really don't, and I have not bothered to get that part to work.
The shared secret between a private and public key are really enough to
make strong encryption. The protocol you use will determine how you
employ the ECC. Embedding data on a point is part of some protocols,
but nothing I will use.
> 6) How to make public key as short as possible?
Publish only one bit of its y component.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.folklore.computers,alt.comp.lang.learn.c-c++,comp.lang.c++,microsoft.public.vc.language
Subject: Re: How to write REALLY PORTABLE code dealing with bits (Was: How Big is a
Byte?)
Date: Thu, 05 Aug 1999 22:27:04 -0500
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> 1.44 Mb formatted capacity floppy disks, anyone?
You got it half right. At least you aren't trying to push 1.44 millibit disks.
And isn't it more properly 1440 kilobyte disks? Oh, sorry, forgot the
redefinition: 1440 kilo-binary-byte (or kibibyte) disks? Or, if you're
firmly married to the decimal notation of "1.44", 1.44 kibikilobytes or
1.44 kilokibibytes, since you're mixing your 1000s with your 1024s.
Don't get angry. I'm just kibitzing. :-)
--
Nine quadrillion, nine hundred ninety-nine trillion, nine hundred ninety-nine
billion, nine hundred ninety-nine million, nine hundred ninety-nine thousand,
three hundred seventy-four bottles of beer. You take one down, pass it around,
nine quadrillion, nine hundred ninety-nine trillion, nine hundred ninety-nine
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Fri, 06 Aug 1999 04:08:17 GMT
In article <7oda86$6vd$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> So shove that in your pipe and smoke it.
>
> Tom
When are you goning to crack fortom.cpt
oh genios??? Its easy.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 05:25:50 GMT
In article <7odbnu$7vf$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Mr. St. Denis:
>
>If you must go through life as the arrogant, misanthropic asshole that
>you oviously are, please have the decency to keep your vitriolic
>emotional bile to yourself. Follows a small sample of the negative crap
>with which you have polluted sci.crypt. Between your and Bob
>Silverman's answering so many questions and erroneous postings with
>remarks to the effect of, "Well, if you were an overeducated ubermensch
>like I am, and not a mentally challenged imbicile like yourself, you
>would already know...", it's a wonder that anyone with a reasonable
>question has the nerve to post at all. According to the charter,
>sci.crypt is a forum for
You are right. It is impossible to carry on any conversation with
that Loon. I tried to talk to him several times but he is incapable
of staying on any topic. After one long thread he claimed he never
wanted to hear from me so I put him in my kill file for the rest of the
year. Too bad he does not want to learn anything. I have been on
many years and this is only second time I had to but someone
in the kill file. But he is impossible to talk to. He likes to think he
has all the anwsers but he lacks a lot of basic knowledge and is
incapable of learning anything new.
I know that I write poorly and have a piss poor writting style
but it least I try to say something and advance the science of
encryption something that he may never be able to
understand.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 03:36:51 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (KidMo84) wrote:
> Ima still tryin to figure out how my origional posting led to this
msg.
> :)
Well people tend to say I post alot ... :)
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: About Online Banking Security
Date: Fri, 06 Aug 1999 04:11:15 GMT
> first off for me it's 128bit not 40bit
Do you mean you prefer 128 bit or nothing at all, or do ATMs use 128
bit? And I agree with everything else you say, but it seems that there
is some value in information gathering.
--
The US is not a democracy - US Constitution Article IV Section 4.
Democracy is the male majority legalizing rape.
UN Security Council is a Democracy. NO APPEALS! Welcome to the NWO.
Criminals=Crime. Armies=Tyranny. The 2nd amendment is about tyranny.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Transposition and substitution algorithms ???
Date: Thu, 05 Aug 1999 22:39:36 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Jerry Coffin) wrote:
>
> This is not really true. An XOR is a substitution -- given (for
> example) two bytes of input, you could implement XOR as a two-
> dimensional lookup table, with one of the input bytes indexing in each
> direction. Of course, that would be pretty wasteful of memory for
> something that's easy to do by manipulating the bits, but it doesn't
> change the fact that you're taking one input and substituting another.
I like Gwyn's answer better since he leaves some wiggle room which I have
been pointing out.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Need letter frequencies
Date: Thu, 05 Aug 1999 22:52:28 -0600
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]> wrote:
> LasombraXX wrote:
> > Once upon a time I had a chart listing the approx. frequencies of each
> > letter in the the English language. Can anyone provide me with this
info, or at
> > least point me to a site that has it? Thanks.
>
> It depends dramatically on the body of text you're looking at. Telegraphic
> or military text will be quite different from normal literary English. You
> should roll your own frequency tables from the kind of text you want to use
> them on. However, to get you started, here are the frequencies for the
> alphabetic characters only of all of the Sherlock Holmes stories:
>
...
Amongst your compilations of information, do you have a good list of
diagraphs that never or virtually never appear in somewhat normal text?
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Do Window Apps using CryptAPI exist?
Date: Thu, 05 Aug 1999 23:36:28 -0600
In article <7od3qq$2ke$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]> wrote:
> Other than Microsoft Outlook Express, and probably other Microsoft
> products, I don't know of any applications that use Microsoft's
> CryptAPI archictecture. Can anyone tell me of such apps by third
> parties?
>
Considering their source, it might be hard to find even many second parties.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (Muharem Hrnjadovic)
Subject: beginner question re. MD5 and one-way hashes
Date: 5 Aug 1999 15:24:03 +0100
dear crypto experts,
I need a one-way function in order to generate hash key values
for a piece of software that is caching objects i.e. when I come
across an object the second time the function should generate the
same hash key so I know that I have seen that object already.
I tried MD5 but the value generated is too long for my purposes;
I would like something that generates a 4 byte sequence ideally.
I experimented with MD5 by taking only one quarter of the signature
it supplies but after a test with ca. 160.000 objects I obtained
identical values for different objects (which is not MD5's fault
since I took only 25% of the sequence it calculated).
Can you recommend any other one-way-hash or message digest functions
that are possibly simpler and generate shorter values?
TIA,
--
--
Muharem Hrnjadovic ([EMAIL PROTECTED])
Nortel Networks, +44-181-9452238
mobile: +44-7957-412287
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: What is "the best" file cryptography program out there?
Date: Thu, 05 Aug 1999 23:34:57 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(KidMo84) wrote:
> Ima still tryin to figure out how my origional posting led to this msg.
> :)
>
Usenet is no venue for control freaks. Crypto is not a dusty subject either.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Need letter frequencies
Date: Fri, 06 Aug 1999 05:23:05 +0000
wtshaw wrote:
> Amongst your compilations of information, do you have a good list of
> diagraphs that never or virtually never appear in somewhat normal text?
Here's a list (least frequent first) from a fairly large corpus that
happens to include all the digraphs for one reason or another. In
case you want the most frequent digraphs later, you'll find them
at the end. I don't guarantee this list -- it's just from a large
pile of text I happened to have lying around this evening.
In general, q followed by another consonant is rare. Again, though,
it's best to generate your own stats from the corpus you're attacking
if possible.
ql qz qy jx qp qd qx qn zj qt vq kq qh qe qj zq bq qb qw qc qo jq qf px kx
xz zk zf pq qi qk vx cz qr wz jz kz kj gq jk qs fq jy xg zv fx hq xk zr qq
lq jf jn hx qm zp uq jw mz vj jj vg kv jg bx jd pv wj cj jv vf xd xw jt mq
vk yq vz jr mx jc hz zn bz bk pj cx mk gx mj vl vw vv wq wv vn bf fz iy jh
xj zh jm pz xq vp xn zd vh gj tq uj zg zt xb rx fv jp jb zb vm pk wp js jl
bp uu dq zm kp pg cv xs rq uw xm kd fk dz pn xf zx fj kk xy vc qa hj dx gz
oq gk wk lx sx ww wc sz vb yy vd vt ij hv dk gp vr kc bg lj xl wm yk tk tj
pw yz yj qg hg bw km kg wg pd uh kb cg yv cw vs fd mv zc fh aq zl gv qv mh
fw xu tv uv rj zy kf hk wb wx lz ji gw yx cp uy tx fm fn fb pc fp fc mw wu
cn pf vu bv mg kw rz zs bh sj cd cf zw bn xh hp lh xr wy iw md nx gc hh cq
bd wt fg yu xv pb wf bc tg dp hf gb ux xo kt zz hc td gf mt dj sv db wd yh
yf cm yg uz kh kr hd pm dc bm iq ml tp nz ku mc ln mf uk dt tz tb hw dh ej
sr df cb oz gd fy gm np ez sg aj zu zo ao ky fs nq oj vy yw tf sq yc lg lr
ih nj yd hb tn nr nw ko cs uo gt mn sd yr kl yb ox yn py yp gy nh wl hm nb
lc sf bb az ax za dw lw hl lb hn dv bj zi dn bt ym yl yt rh dm sb rw tm sn
uf xe ka nm ix iu gg ek ja xc hs xa lv wr rf ii ya ah lk cy oh rb xi eu lp
ws dg ae tc eq yi nv eh mr iz sy rp bs xp lm oe oy sw ps sk ks jo dl eb xx
ze gn rv dd je xt nf gs sm ik hy ju dy eo nu nk og vo nl cc mm lf fl sl ud
ip oa ph gl kn ub aa ms rk mb gu tw ib pt ob rg hr aw af ys hu fu ua bi rl
ok du ui oi nn rc pu ft lt lu ny ki dr va eg wn ls ff my mu oc ew um pi ak
pp ue au cu cl qu rr ru ds cr ye tl gi br ck rm sc ef uc ep ov da ty ba go
up rn ug ga mp ey sp ap op if gr fa od ex ci vi ag ht pl ia tt iv by ei tu
rd bo fi bl fe ev fr ab do bu yo ry av ay wo ts su na pa ke os ig mi ct ni
am ld oo sa gh ol po em mo nc im ir tr rt ec pr id ul ge ss ie rs ns ac lo
di pe et ca un ai ot so ly we ow il si wi sh ad ta us fo ee ut la wh io el
ur no om wa ic ma li ce ra ho ch be co ri ll ro ne de ea nt me ve le se ti
al ng as hi st ar to te is ou es or of it ha ed at en on nd re an er in he
th
--
Jim Gillogly
14 Wedmath S.R. 1999, 05:17
12.19.6.7.12, 4 Eb 20 Xul, Eighth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Will someone please flame me???
Date: Thu, 05 Aug 1999 15:24:57 GMT
[EMAIL PROTECTED] (Michelle Davis) wrote, in part:
>a polite response from Tom Dennis,
>saying that the 3DES was overkill.
Since DES by itself isn't secure, I'm surprised to hear that.
>Key generation: A pseudorandomly-generated central key-seed is split
>in half. Each half is
>coupled to one half of a user ID, such that two 1024 strings are
>obtained (The 36-bit ID comprises only 18 bits of each). Each of these
>strings is run through 3DES, with the key being a derivative of the
>central key seed. The two results are separately hashed. The two
>message digests are joined to form a 320-bit secret key. This key can
>be extrapolated by any entity knowing the central key seed, without
>having to keep a database of secret keys.
But not any more. If the "central key seed" is secret, and the hash is
any good, 3DES using that as a key is simply a supplemental hash
stage.
>Authentication: The user attaches a timestamp to his ID, joins this to
>his secret key (320 bits), and pads it to 512 bits. This string is
>then 3DES-encrypted, using a key which is a derivative of the secret
>key.
So the user has to keep around a copy of this 320-bit secret key.
It isn't really difficult to make a foolproof authentication scheme if
you can rely on the user having a secure secret of that length with
which to identify himself or herself. *That* is the sharp, critical
comment appropriate to your scheme - not a claim that it is somehow
insecure. (Of course, details such as how you derive 3DES keys from
the secret key are sometimes relevant to the security of schemes like
this one.)
Also, while there doesn't seem to be a security hole created, one
could ask, why keep *transmitting* copies of the secret key, even if
they are securely encrypted?
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
