Cryptography-Digest Digest #16, Volume #10 Sun, 8 Aug 99 20:13:03 EDT
Contents:
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: Download virtually unbreakable encryption programme (Wincrypt IDEA)
([EMAIL PROTECTED])
Re: challenge/competition revisited ([EMAIL PROTECTED])
Re: Questions regarding elliptic curve cryptography. (Carper)
Re: key lengths ([EMAIL PROTECTED])
Re: challenges / competitions??? ([EMAIL PROTECTED])
Re: Is breaking RSA NP-Complete ? (Nicol So)
Re: Questions regarding elliptic curve cryptography. (DJohn37050)
Re: Storing keys ([EMAIL PROTECTED])
Re: Prime number. (Jerry Coffin)
Re: [Q] Why is pub key cert. secure & free from spoofing? ("Lyal Collins")
Re: What is "the best" file cryptography program out there? (KidMo84)
Re: challenges / competitions??? (SCOTT19U.ZIP_GUY)
Re: Ways to steal cookies in HTTP and HTTPS (Barry Margolin)
Re: Why does MS-Visual C++ ABSOLUTELY REQUIRE . . . ("Douglas A. Gwyn")
Re: What is "the best" file cryptography program out there? (fungus)
Re: What is "the best" file cryptography program out there? (fungus)
Re: Questions regarding elliptic curve cryptography. ("Roger Schlafly")
Re: Do Window Apps using CryptAPI exist? (grt)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Sun, 08 Aug 1999 14:32:48 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] () wrote:
>
> I would tend to think that Serpent's logic-simulated S-boxes would
make it
> cumbersome to implement, even if they were faster than a table lookup
in
> some circumstances.
>
> John Savard
>
I agree about 'cumbersome'; I implemented it this way: First, take
the given S-box values and XOR them with their (4-bit) index. Then it
is possible to do the S-box substitution 4 bits at a time like this:
mov dx,ax
and ax,0F
xlat ; BX pointing to proper S-box
xor ax,dx
rol ax,4
loop
. . .
This apparently eliminates the need for IP and FP, of which it is said
that they contribute nothing cryptographically, but are just for ease
in the bitwise substitution.
--
Robert G. Durnal
Web pages at www.afn.org/~afn21533
and members.tripod.com/~afn21533
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Download virtually unbreakable encryption programme (Wincrypt IDEA)
Date: Sun, 08 Aug 1999 15:43:31 GMT
In article <7ok0nc$ldr$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> SPAMMER!
>
FRAUD!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: challenge/competition revisited
Date: Sun, 08 Aug 1999 15:59:35 GMT
In article <7ok07i$l45$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> <snip>
>
> I have about 10 papers on cryptanalysis on my hd (I didn't write the
> papers but...) Anyways if you want them I could zip them up and email
> them in private to you.
>
> They include analysis of
>
> DES, RC5, Blowfish, ICE, LOKI89, LOKI91, REDOC, Lucifer
>
> and probably a couple others.
>
> Tom
OH GOOD! You will email papers! HA. You cant crack fortom.cpt, but you
can use email!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Carper)
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Sun, 08 Aug 1999 16:43:15 GMT
>* A EC point is normally represented as a point (x,y) where x and y are
>elements in the underlying field (say 160 bits each). Certicom has a
>technology called point compression where the y-coordinate is reduced to a
>single bit. This saves about half the bits in transmitting the value of a
>point.
What "technology"? It's a simple quadratic equation problem. You have one x
coordinate - there are only 2 other possible y coordinates. All you need
is 1 bit to show which one it is.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: key lengths
Date: Sun, 08 Aug 1999 16:10:23 GMT
In article <7ok0ki$ldl$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Jerry Coffin) wrote:
> > > > It's also worth noting that many of the better attacks typically
> > > > reduce the difficulty of an attack by a more or less fixed
factor
> > > > compared to a brute-force attack on the same cipher.
> > > >
> > > Then the cipher has been broken.
> >
> > Of course -- but how many ciphers have been in use for, say, 20 or
30
> > years and NOT been broken to at least some degree? The number is
> > vanishingly small. We can design algorithms to be resistant to
known
> > breaks, and we can use some general principles we believe will make
> > them hard to break in general, but if we design an algorithm with
the
> > expectation of using it for an extended period of time, we should
> plan
> > on the fact that eventually somebody's likely to break it to some
> > degree or other.
>
> Yeah but algorithms like DES have not really been broken. Can you use
> the known iterative attacks against it? Not really. I would expect
> AES to have the same qualities.
>
> > Presumably here you're talking about things like differential and
> > linear cryptanalysis. Differential cryptanalysis is often practical
> > against designs that weren't designed to resist it -- just for
> > example, it was quite a practical attack on Lucifer. Obviously
> > anybody who knows what they're doing now is going to design their
> > algorithm to resist known attacks, but it's almost inevitable that
> > somebody's going to invent new attacks in the future.
>
> I agree.
>
> > So would anybody. Unfortunately, without knowing all the attacks
> > people are going to invent over the operational life of the cipher,
> > there's no way to know what attacks will be feasible.
>
> That doesn't make 1024-bit keys a must have though, which is what the
> argument really is about.
>
> > > But key length generally doesn't say much about the actual
strength
> of
> > > a cipher unless it's perfect.
> >
> > Quite the contrary -- it tells you something about the degree to
> which
> > the cipher can be imperfect before an attack becomes practical.
> >
>
> But a 1024-bit vingere cipher is not really strong is it? 56-bit keys
> in DES would be much stronger. Key lengths just give upper bounds.
> Meaning it can be AT MOST this secure. However many ciphers relied on
> that fact and missed real scrutiny.
>
> Tom
If you know what you say you can crack fortom.cpt! IS CLUE oh boy
genios.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: challenges / competitions???
Date: Sun, 08 Aug 1999 15:55:23 GMT
In article <7ojvt0$l20$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <7oj1pd$1lj0$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> > I have lots of reason. I am more honest than most people
> > you have ever met. But I think the only way to prove it. Is to
> > solve it and see.
>
> Again why solve it? nobody uses your method. See RC5/RSA/DES are
> popular well known methods. Attacking them is like attacking seat
> belts in cars. They actually have an impact on your life. Scottu
> means zero to 99.99% of the world. (Of course DES/RSA/RC5 means zero
> to 97% of the world but who's counting?)
>
> > Tim the contest is pretty black and white. Not like the BS contests
> > where you may get a prise if you come up with what Mr BS
> > considers a worthy attack. Take a look.
>
> Again ciphertext only is not the only method of attack. You should
> encourage cryptanalysis based on your previous crypanalsys. Maybe
> someone can find something you did not?
>
Scottu19zip_guy can solve fortom.cpt. I BET Little Tomy Boy.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: Is breaking RSA NP-Complete ?
Date: Sat, 07 Aug 1999 21:08:16 -0400
Nicol So wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> > Ooops, another mistake. The question of whether
> > NP-Hard contains PSPACE is still open. NP-Hard
> > is a superset of PSPACE if and only if P=NP.
> >
> > Utterly trivial of course.
>
> I guess my complexity theory is rustier than I thought it was. In the
> definition of NP-hardness, there's no upper bound on how hard the
> problems get--the sky is the limit. From your comment, it seems that
> you had a simple argument in mind why the NP-hard problems include
> PSPACE only if P = NP. Care to share it with the rest of us? Thanks.
I think I see the reason.
Nicol
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Questions regarding elliptic curve cryptography.
Date: 08 Aug 1999 16:55:01 GMT
See IEEE P1363 web site for patent claims.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Storing keys
Date: Tue, 03 Aug 1999 19:03:18 -0400
Atle Sandvold wrote:
> What is the best way of storing keys for a symmetric algorithm?
>
A one way hash algorithm (such as SHA) would be what to use.
> If for instance users homedirs should be encrypted, and all the
> encryption keys should be stored in one safe place. The key to one
> particular homedir should be released when the user logs in.
Once again, a hash stored on the user's computer.
> If the key database is encrypted, some sort of master key would have to
> be used to decrypt them. How should one store the master key?
Don't use a master key, have all the individual passwords hashed. Because
if the master key was comprimised, the entire database would be
compromised.
> Are there some documents that describe how these keys should be stored?
Not really. Hashing works like this:
When an account is created, the user enters their username and password.
The password is hashed and stored on the HD.
To verify that the user entered the right password later, you would hash
the password the user entered and verify that it is the same as what is in
the password file. The only weakness is that it could be brute forced, but
that is allways a problem with passwords. No big deal.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Prime number.
Date: Tue, 3 Aug 1999 16:14:08 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
removeMeForResponse-.alcatel.com says...
[ ... ]
> Incidentally, I apologize. I didn't mean double. I meant __int64 in
> C++, or a long in java. Either of these will give you 64 bits to work
> with, which should be enough for simulation.
Actually, with a bit of care a typical double can be used as a 53-bit
integer. Though it's provided by MS's compiler, __int64 isn't a
standard part of C++. There's been quite a bit of discussion about
adding "long long" as a type in C, with a minimum of 64 bits, but I'm
not sure whether it'll end up in the standard or not (quite a few
embedded vendors oppose it as too much work to implement).
[ talk about trial division ]
> And why not use this method? It is actually very quick, and
> very efficient, and THE ONLY way to be 100% sure that the number you
> are testing is indeed prime.
This is NOT true -- there are a number of deterministic methods of
determining that a number is prime.
> Other methods can give you good
> certainty, (99% even), but for very large numbers, as you say there's
> a lot of numbers to check, and a lot of possible pitfalls.
Most non-deterministic methods in wide use give FAR more than 99%
certainty of being correct -- a typical chance of error would be
closer to 1 in a quadrillion than one in a hundred.
> As to the efficiency of this algorithm... We used this
> algorithm to find and test the first 1,000,000 primes. This process,
> using this algorithm took slightly less than 5 minutes. I beg you to
> show me another algorithm that does the same amount of work with 100%
> accuracy in the same amount of time. Please. I really would like to
> have it...
The most obvious method of doing this would be to use the Sieve of
Eratosthenes. Running the Sieve on a 400 MHz Pentium II (with no
particular attempt at optimization) the first 1,000,000 primes can be
found in under .2 seconds. As I recall, there was a thread sometime
back in which a clever implementation of the Sieve was used to find
the first 200,000,000+ primes in around 2 minutes or so on a machine
of roughly similar speed. I believe the thread included source code
to a couple of different programs.
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: [Q] Why is pub key cert. secure & free from spoofing?
Date: Wed, 4 Aug 1999 09:02:06 +1000
Nor is it illegal to exchange secret keys.
Jerome Mrozak wrote in message <[EMAIL PROTECTED]>...
>In many ways, then, a reliable CA relationship is similar to parties
>exchanging secret keys. It just happens to be legal to perform CA
>exchanges of secrets.
>
>Lyal Collins wrote:
>>
>> No reason oat all.
>> This is why you need identification and Public key to be presented to the
CA
>> in person, though not necessarily at the same time, if a well designed
>> process.
>> If not, the certificates are real, but the names in them may not be, and
in
>> some cases, definitely won't be.
>> The end result is that digital certificates today are mostly a waste of
>> time - unless some spends of LOT of money issuing certificates - around
$40
>> in face to face counter time.
>>
>> Jerome Mrozak wrote in message <[EMAIL PROTECTED]>...
>> >I'm a rank newbie, passing thru security issues for the 1st time. I've
>> >been exposed to the public key method, and an explanation showing
>> >host-spoofing:
>> >
>> >A --> Spy --> B,
>> >
>> >where B believes the public key it received is from A when it is really
>> >from Spy.
>> >
>> >My text claims that use of a public key certificate authority (CA) will
>> >keep the spy at bay. My question is: if the Spy can insert itself
>> >between A & B, why not between A & CA, or B & CA?
>> >
>> >Jerome.
------------------------------
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: What is "the best" file cryptography program out there?
Date: 08 Aug 1999 19:57:24 GMT
With a hell of a fan you can overclock a p3 500mhz to a 1000ghz. They did it at
a convention once, and if u were to put it in mineral water, that would even
keep it cooler.
Signed,
KidMo
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: challenges / competitions???
Date: Sun, 08 Aug 1999 05:41:17 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim
Redburn) wrote:
>On Thu, 05 Aug 1999 19:47:43 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote:
>
>
>> Yes my site contains such challenges and there is one that
>>ends in Nov 11 for 1000 dollars is cost nothing to enter.
>>
>
>What gurantees are there that the prize money exists ?
There are no guarantees but I think my reputaion would
suffer if you solved it and I did not pay off.
>The other competitions are staking the companies
>reputations on their competitions - they have very good reason
>to ensure the prizes are paid out properly - what reason do you
>have ?
I have lots of reason. I am more honest than most people
you have ever met. But I think the only way to prove it. Is to
solve it and see.
>
>Who decides if somebody has won the prize for your challenge ?
>
>- Tim.
>
Tim the contest is pretty black and white. Not like the BS contests
where you may get a prise if you come up with what Mr BS
considers a worthy attack. Take a look.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Barry Margolin <[EMAIL PROTECTED]>
Crossposted-To: comp.infosystems.www.misc,comp.security.misc
Subject: Re: Ways to steal cookies in HTTP and HTTPS
Date: Sun, 08 Aug 1999 23:06:27 GMT
In article <[EMAIL PROTECTED]>,
Thomas Reinke <[EMAIL PROTECTED]> wrote:
>The time stamp allows us, on receipt of the cookie, to
>check if it has expired. To successfully execute your
>attack, if you were to listen to a 40 bit SSL session,
>you would need to capture the contents, and decrypt
>it within 20 minutes. If you don't decrypt it within
>20 minutes, your cookie has expired, and the server
>rejects it if and when it does receive it.
This is reasonable if the cookie is being used just within a session. But
if the cookie is being used to allow One-Click style purchases weeks or
months after the last time you last signed on to the service, it would make
no sense to include a timestamp.
--
Barry Margolin, [EMAIL PROTECTED]
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c++
Subject: Re: Why does MS-Visual C++ ABSOLUTELY REQUIRE . . .
Date: Sun, 08 Aug 1999 22:56:38 GMT
Guenther Brunthaler wrote:
> On 7 Aug 1999 18:41:27 GMT, [EMAIL PROTECTED] () wrote:
> > Why does Microsoft ABSOLUTELY REQUIRE me to install and use their
> >Internet Explorer (IE) before I can even install their Visual C++ compiler?
> Haven't you have heard of all those rumours about the various built-in
> backdoors of IE?
Don't be ridiculous! The main reason IE is required is that the
Visual Studio help system is now based on HTML, and IE contains
the modules needed to support that.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: What is "the best" file cryptography program out there?
Date: Mon, 09 Aug 1999 01:14:42 +0200
[EMAIL PROTECTED] wrote:
> Well since 1990 weve jumped from an 80mhz processor to around
> 1000ghz, which a pentium3 can be overclocked to
Oh, really... maybe you should call Intel and tell them. I'm sure
they'd be very interested to know how you made a Pentium run
2000 times faster than its rated speed.
> even though it really does get too hot, but that will be perfected
> before long, i am guessing at least a 1000ghz improvment of processors
> every 10 years. Especially in the last 3 years there has been
> increased productivity in the speed of processors.
>
Actually, the last three years have seen a slowdown in the rate of
improvement. Intel used to double the rate of their clock speeds
faster than they are currently doing.
This "doubling" cannot go on forever, there are hard, physical limits
as to how fast a chip can go. These limits are things like the size of
atoms and the speed of light. These limits *cannot* be overcome, ever.
http://developer.intel.com/solutions/archive/issue2/feature.htm
Moore has also observed that even before we hit these limits, another
limiting factor may come into play. This factor is the cost of building
the chip fabrication plants (fabs). The cost of the raw materials needed
to make the chips is almost zero (its basically sand). Chip prices are
therefore calculated as the cost of the of fab divided by the number of
chips Intel can sell.
Current fabs cost something like $1,000,000,000 to build. The next
generation fabs will cost $10,000,000,000, ie. Intel will have to
sell ten times as many chips to make it worth while.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: What is "the best" file cryptography program out there?
Date: Mon, 09 Aug 1999 01:45:24 +0200
[EMAIL PROTECTED] wrote:
>
> Even if you assume a 5ghz proccessor is 100 times faster then a 500mhz
> one. This is still 182,794,505 years avg per key (at 100*2^20 for 80-
> bit keys). Put a million on it and you get 174 years average per key.
> Still long enough for my liking.
>
And that's only an 80 bit key.
AES will be at least 128 bit, which will take 281,474,976,711,000
times longer than this to crack.
It's obvious that the algorithm isn't the weak link in the chain.
> The way I see it the biggest threat is 486/586 that are very common
> nowadays. Because groups like distributed.net can get a hold on
> 150,000 of them quite easily. If a big company spends a trillion
> dollars to read my letters, go right ahead they deserve it.
>
The seti@home project has already managed 46,000 years of CPU time.
http://www.setiathome.ssl.berkeley.edu/stats/totals.html
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Sun, 8 Aug 1999 15:38:49 -0700
Carper wrote in message <8sir3.5735$[EMAIL PROTECTED]>...
>>* A EC point is normally represented as a point (x,y) where x and y are
>>elements in the underlying field (say 160 bits each). Certicom has a
>>technology called point compression where the y-coordinate is reduced to a
>>single bit. This saves about half the bits in transmitting the value of a
>>point.
>
>What "technology"? It's a simple quadratic equation problem. You have one
x
>coordinate - there are only 2 other possible y coordinates. All you need
>is 1 bit to show which one it is.
>See IEEE P1363 web site for patent claims.
I am afraid that is not likely to answer you question. I've been to most
of the P1363 meetings, and I don't know the answer either.
At the time Certicom persuaded us to put "point compression" into
the draft, we believed that the idea was in the public domain.
Later, Certicom revealed that it has some pertinent patent
applications pending, but steadfastly refused to tell us what
it was claiming in its application. We wanted to look at patent-free
alternatives, but Certicom argued that this was foolish because
its patent application is secret and some of the alternatives
might also be covered.
I don't see how Certicom could have invented point
compression, but maybe we will find out some day. The P1363
draft will soon be re-balloted with corrections, and we expect
it to become an IEEE standard soon. We will see whether
users have to pay royalties to Certicom.
------------------------------
From: [EMAIL PROTECTED] (grt)
Subject: Re: Do Window Apps using CryptAPI exist?
Date: 8 Aug 1999 22:50:10 GMT
[EMAIL PROTECTED] (Greg) wrote in <7od3qq$2ke$[EMAIL PROTECTED]>:
>Other than Microsoft Outlook Express, and probably other Microsoft
>products, I don't know of any applications that use Microsoft's
>CryptAPI archictecture. Can anyone tell me of such apps by third
>parties?
>
See
http://community.wow.net/grt/rc4se.html
Gerard R Thomas
Port of Spain, Trinidad and Tobago
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
PGP Key IDs: RSA:0x9DBCDE7D DH/DSS:0xFF7155A2
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
