Cryptography-Digest Digest #14, Volume #10 Sun, 8 Aug 99 06:13:04 EDT
Contents:
Re: any literature about trusted unit? (Peter Gutmann)
Carte digitali ("Vito Pantano")
Scott Ciphers ([EMAIL PROTECTED])
Re: challenge/competition revisited (wtshaw)
Re: GETTING RID OF THE "scottNu" cookie (wtshaw)
Re: AES finalists to be announced (wtshaw)
Re: Pencil-and-paper compression algorithms [Re: Between Silk and Cyanide] (wtshaw)
Re: AES finalists to be announced
Re: CIA KRYPTOS ENIGMA ("Douglas A. Gwyn")
Re: Construction of permutation matrix ("Douglas A. Gwyn")
Re: Scott Ciphers (SCOTT19U.ZIP_GUY)
Re: : I AM CAVING IN TO JA... (Dave Salovesh)
Re: new PGP key and test (Dave Salovesh)
Re: Cryptanalysis of R250 (Bo D�mstedt)
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: any literature about trusted unit?
Date: 8 Aug 1999 00:04:31 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>[EMAIL PROTECTED] wrote:
>> There are many literatures about "trusted" systems. Is there any study
>> about how to make today's computer "trusted" by adding a unit, say,
>> smart card, online service, etc.
>The degree of trust of existing systems can sometimes be increased by
>such means, but to really produce a trustworthy system it has to be
>designed that way from the outset, not with "security" added on as an
>afterthought.
Well, that's not entirely true. Here's a simple way of upgrading an untrusted
system to a trusted one[0] which involves replacing only a single component:
1. Unplug the power cord from your untrusted system.
2. Plug a trusted system into the power cord.
This innovative technique was pioneered about 15 years ago by Steve Wozniak
when he was asked how you upgraded an Apple II+ to a IIe.
Peter.
[0] Trusted in the Orange Book et al sense, that is.
------------------------------
From: "Vito Pantano" <[EMAIL PROTECTED]>
Subject: Carte digitali
Date: Sat, 7 Aug 1999 19:07:30 +0200
Qualcuno potrebbe darmi qualche indicazione su dove reperire
lo schema di costruzione per il programmatore di carte pirata
per D+ ? Ve ne sar� infinitamente grato .
------------------------------
From: [EMAIL PROTECTED]
Subject: Scott Ciphers
Date: Sun, 08 Aug 1999 03:33:38 GMT
After finding a description of David Scott's scottNu ciphers, I decided
to take a look. Here's the exact link for anyone that want's to look
and see what I'm referring to.
http://members.xoom.com/_XOOM/ecil/page2.htm
Here are my observations of the algorithm, though I have made no formal
analysis.
1. The algorithm works on the entire file at once. Hope your not
encrypting large files. This is potentially very memory intensive,
though the structure seems very well suited for smaller files.
2. Encryption is based on a simple equation:
C[n] = S[(C[n-1] XOR P[n]) + P[n-1]] // encryption
P[n] = C[n-1] XOR (SI[c[n]] - P[n+1]) // decryption
where C[i] is the ciphertext, P[i] is the plaintext, and S[i] and
SI[i] are the s-box's that is generated. SI[i] is the inverse of S[i].
Personally, I think this is very nice. The problem is creating
inverses of S-boxes.
3. During the S-box generation, a table consisting of the values 0, 1,
...FFFF is created. Now, I quote "Each of these values will be selected
only once by the algorithm." If David Scott's "assistant" is talking
about the key generation algorithm, then he is very wrong. Later on in
the descrption, values in this array are being replaced, but never
referenced.
4. Despite the claims, it appears that values in the S-box can very well
be repeated.
5. Another thing I noticed is that is appears that values can be
overwritten.
6. As for the S-box, it is not stated how it is initialized before being
changed. If it is not initialized, then S-box[j-1] will be defferent
every time it's run. If it's initialized with all 0's, then S-Box[0]
and List[0] are constantly overwritten.
What do I think? I think the concept is excellent. If the generated
S-box is strong enough, it's a great algorithm! However, unless this
algorithm description is very screwed up, the s-box generation algorithm
needs to be changed.
Anyway, that's what I came up with. Enjoy!
Casey
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: challenge/competition revisited
Date: Sat, 07 Aug 1999 22:01:27 -0600
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]> wrote:
> Gabe Simon wrote:
> > Well, judging from the responses I got to my previous post (8/5/99) I
> > guess no site exists that contains what I had in mind. Let describe more
> > specifically what I was hoping for, and anyone who's interested could
> > maybe help me set it up.
>
> While it's not on-line, it sounds like you're looking for something
> like the American Cryptogram Association.....
>
> If you're outside North America, check the Crypto Drop Box for
> postage to your country.
>
> > The site would have two different sections: cyphertext with known
> > algorithms and just plain cyphertext. In each section, there would be a
> > range of difficulties ranging from absolute novice (simple
>
> If you start such a web site, please post the info here.
>
And, Jim is one of the most skilled attackers in the midst of the ACA, and
he has good company in his pursuits there too.
There are sites from time to time that do post cryptograms, but not
necessarilly to ACA standards. It would be good to join the group, even
if for no more than to see what it is all about.
I understand that if you get to the convention early next Friday, by 1PM,
in the northern-most environs of Atlanta, that you can attend the
beginner/refresher work shop all afternoon. Time is slipping fast, so
check out the ACA online info and see if you can work it into your plans.
I'm sure that the group would be more than happy to have to try to fit in
last minute serious registrants.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: GETTING RID OF THE "scottNu" cookie
Date: Sat, 07 Aug 1999 21:46:07 -0600
Cookies are best obtained from scouts after a donation.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES finalists to be announced
Date: Sat, 07 Aug 1999 22:08:07 -0600
In article <7oie5o$lmd$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Volker Hetzer <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] wrote:
> > >
> > > I have been informed by NIST that the five or so AES finalists will
> be
> > > announced next Monday at 10 am. My Frog algorithm, as expected, will
> > > not be one of them.
> > What time zone?
>
> I guess local California time, i.e. later than 10 am for most of the
> rest of the world. By the way, NIST's site about AES is: aes.nist.gov
>
Let me thank you personally for bringing a little diversion into the
process, if not some new thinking that may eventually lead to better
things. Being a person who spent undue time with frogs, dissecting them,
teaching about them, and even grading papers about them in my sleep, your
entry by name stuck a chord with in me, not to mention the tantalizing
technical aspects.
So we have a new crypto rule as a result, all algorithms from Costa Rica
should be named after amphibians?
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Pencil-and-paper compression algorithms [Re: Between Silk and Cyanide]
Date: Sat, 07 Aug 1999 22:10:42 -0600
In article <[EMAIL PROTECTED]>, paul
<[EMAIL PROTECTED]> wrote:
>
> Thanks - I'll have a play with them!
Don't you love things that can be taken in many directions, whatever you
want to do with them? Have fun, but keep us posted.
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: AES finalists to be announced
Date: 8 Aug 99 04:00:42 GMT
Bauerda ([EMAIL PROTECTED]) wrote:
: >Someone asked why Serpent is in there. Remember that Serpent only
: >appears slow because they went for a very conservative choice of 32
: >rounds. A 16-round variant would be as strong as any of the AES
: >candidates, and a damn strong competitor on speed too.
: No, I don't think so. From Brian Gladman's page we find that a 16 round
: version of Serpent with be about as fast as a Crypton (the fifth algorithm in
: terms of speed), with all of the algorithms above it (except for RC6) having
: more than the number of rounds suggested by Biham.
I would tend to think that Serpent's logic-simulated S-boxes would make it
cumbersome to implement, even if they were faster than a table lookup in
some circumstances.
John Savard
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: CIA KRYPTOS ENIGMA
Date: Sun, 08 Aug 1999 03:52:58 GMT
Steve Sampson wrote:
> I thought it was at the NSA??
Of course Kryptos is at CIA HQ in Langley, VA, as has been
reported in numerous news articles and TV stories, as well
as in sci.crypt. The CIA even has a Web site with a photo
of Kryptos.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Construction of permutation matrix
Date: Sun, 08 Aug 1999 04:03:47 GMT
wtshaw wrote:
> ... When ever someones speaks of fractions of bits, it is only a
> mind thing that looks good to those that falsely believe that bits
> are especially fundamental to everything.
The "bit" *is* a fundamental unit of information: it is the amount
of information in the simplest nontrivial discrete choice (Boolean,
YES/NO). It is no coincidence that computers are organized to work
on various numbers of bits; some very early digital computers did
use other bases for representation, but when one wants the most
streamlined possible operation, the basic unit of information
storage in the machine simplifies as far as possible, to the
single bit (usually in the state of a coupled, complementary pair
of transistors, FETs, or other basic amplifying circuit elements).
Fractional bits are no more mysterious that the fact that the
logarithm base 2 of 10 is around 3.32 rather than an integer.
It's just as much a "mind thing" as the log base 2 of 8 being 3.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Scott Ciphers
Date: Sun, 08 Aug 1999 05:56:20 GMT
In article <7oitqi$vo3$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>After finding a description of David Scott's scottNu ciphers, I decided
>to take a look. Here's the exact link for anyone that want's to look
>and see what I'm referring to.
>
>http://members.xoom.com/_XOOM/ecil/page2.htm
>
>Here are my observations of the algorithm, though I have made no formal
>analysis.
>1. The algorithm works on the entire file at once. Hope your not
>encrypting large files. This is potentially very memory intensive,
>though the structure seems very well suited for smaller files.
>
>2. Encryption is based on a simple equation:
> C[n] = S[(C[n-1] XOR P[n]) + P[n-1]] // encryption
> P[n] = C[n-1] XOR (SI[c[n]] - P[n+1]) // decryption
> where C[i] is the ciphertext, P[i] is the plaintext, and S[i] and
>SI[i] are the s-box's that is generated. SI[i] is the inverse of S[i].
> Personally, I think this is very nice. The problem is creating
>inverses of S-boxes.
Actually there is no problem calulating the inverse S box.
>
>3. During the S-box generation, a table consisting of the values 0, 1,
>....FFFF is created. Now, I quote "Each of these values will be selected
>only once by the algorithm." If David Scott's "assistant" is talking
>about the key generation algorithm, then he is very wrong. Later on in
>the descrption, values in this array are being replaced, but never
>referenced.
>
>4. Despite the claims, it appears that values in the S-box can very well
>be repeated.
Obviously you have not looked at the code. Ritter has and a few others
but when the reverse (inverse) S box is being built I also do a check to
test for a single cycle so no entries are repeated
>
>5. Another thing I noticed is that is appears that values can be
>overwritten.
>
A german found a mode that I did not exercise where it is possible
that an over write could occur especially if one goes to another machine
and tries it. I have found a way to get this to occur but it does not occur
in the normal mode. There is a easy fix in C that I post a while back
and will be in the next release of soure code it was a very small fix.
I tested the main contest solution before and after the fix and it made no
difference.
>6. As for the S-box, it is not stated how it is initialized before being
>changed. If it is not initialized, then S-box[j-1] will be defferent
>every time it's run. If it's initialized with all 0's, then S-Box[0]
>and List[0] are constantly overwritten.
Well you can run the program and see this does not happen.
>
>What do I think? I think the concept is excellent. If the generated
>S-box is strong enough, it's a great algorithm! However, unless this
>algorithm description is very screwed up, the s-box generation algorithm
>needs to be changed.
The S box can be any single cycle. And the single cycle property
is checked for when it is built.
>
>Anyway, that's what I came up with. Enjoy!
>
>Casey
>
>
>Sent via Deja.com http://www.deja.com/
>Share what you know. Learn what you don't.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Dave Salovesh)
Subject: Re: : I AM CAVING IN TO JA...
Date: Sun, 08 Aug 1999 05:49:57 GMT
In article <7ocu6e$q1o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) opined:
> I see more and more sites that say you Need JavaScript or some application
>to use the site. I can't see why webpage designers seem to always try to
>force the user to get newer crap when the regular HTML works. But they
>seem to make things more complicated.
> So I give up. I have added some useful SCRIPT to my main webpage so
>that those that have a Browser that is JavaScript capable can get some
>useful info from my site. Sorry but if you Browser is not JavaScript capable
>you may not get to see this specail advice it is for JavaSrcipt enabled
>viewers only.
Wait a sec - you can't see why HTML authors push for newer crap, and
then -you- join them? You say regular HTML works, and then you put
useful information on your site that people can only see using JS?
I don't get it. Why not push yourself to use HTML better - why cave?
------------------------------
From: [EMAIL PROTECTED] (Dave Salovesh)
Subject: Re: new PGP key and test
Date: Sun, 08 Aug 1999 06:07:31 GMT
In article <[EMAIL PROTECTED]>,
Malcolm Dew-Jones <[EMAIL PROTECTED]> opined:
>and there's always Usenet newsgroups:
> ?alt.security
> ?alt.hacking
> ?alt.2600
> ?alt.cyberpunk
> ?comp.security.misc
Don't forget:
alt.security.pgp
comp.security.pgp.* (5 groups)
Not to mention that there are several pretty good ways to protect the
integrity of your key, like signatures, key servers, IDs, and
fingerprints.
Have people sign your key, and you can publicize those signatures as a
way to verify a key that claims to be yours.
Tell people which key server has your key, and they can get that one and
compare it to the one which claims to be yours.
Publicize your key ID and fingerprint, so people can use their own PGP
software to extract that information from a key that might be yours.
I've always been told that the best way to protect a PGP key is to use
it. Send it around, make it available in as many ways as you can. Put
it on a web page, put a separate copy in FTP somewhere, and add it to
your .plan or your .sig - yeah, some of those ways are circumstantially
invalid, but in aggregate you can make it pretty easy for people to spot
fakes.
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Cryptanalysis of R250
Reply-To: [EMAIL PROTECTED]
Date: Sun, 08 Aug 1999 07:32:33 GMT
The Evil Anti-Rick <[EMAIL PROTECTED]> wrote:
>Does anyone have any cryptanalysis information on the R250 PRNG
>algorithm and/or cryptanalysis information of byte-wise XOR stream
>ciphers?
Well, they are, of course, weak!
http://random.mat.sbg.ac.at/team/
see also
Reed, James
"Cracking A Random Number Generator"
Cryptologia Volume 1, Number 1, January 1977
>"Moreover, the general idea of the analysis presented in this
>note may be carried over to other random number generators,
>including the "squaring the middle half" and "shift register
>sequence" generators, for instance. That is to say, cryptography
>has its own standards of randomness, which do not necessarily
>coincide with the more usual satandards"
(James Reed, ref. above)
Bo D�mstedt
Protego Information AB
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 8 Aug 1999 05:01:01 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
