Cryptography-Digest Digest #26, Volume #10 Wed, 11 Aug 99 02:13:02 EDT
Contents:
Re: Construction of permutation matrix (wtshaw)
Re: what is a single cycle sbox ([EMAIL PROTECTED])
Re: Construction of permutation matrix ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: What is "the best" file cryptography program out there? (Paul Crowley)
Re: RSA patent & Canada (Doug Stell)
PGP COM Object (grt)
Re: frequency of prime numbers? ("karl malbrain")
Re: Depth of Two ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... (Tom Phinney)
Re: How to keep crypto DLLs Secure? ("ME")
Re: Academic vs Industrial (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... (SCOTT19U.ZIP_GUY)
Re: Infallible authentication scheme (Eric Lee Green)
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: Depth of Two ("Douglas A. Gwyn")
Re: frequency of prime numbers? ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... (SCOTT19U.ZIP_GUY)
brute force crackers unethical? ("Andrew Whalan")
Re: Depth of Two (wtshaw)
Re: interesting repeats in Kryptos-4 delta streams ("Douglas A. Gwyn")
Re: AES finalists to be announced (David A Molnar)
Re: Techweb crypto comedy... (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Construction of permutation matrix
Date: Tue, 10 Aug 1999 15:26:22 -0600
In article <7opcg7$9qn$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Patrick Juola) wrote:
> >Not always in choice-complete manner, as when you need five choices, you
> >must allow for eight.
>
> Not if you're doing the five-fold choice repeatedly. Suitable coding
> will allow a stream of equiprobable elements from the set 1..5 to
> be coded in the optimal number of bits. You simply amortize the extra
> bit-fraction from this choice to the next one.
>
> 1960's technology....
>
You solution may work, but it is not simple. Why not be appropriate to
start with?
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: what is a single cycle sbox
Date: Tue, 10 Aug 1999 22:11:31 GMT
[EMAIL PROTECTED] wrote:
> I agree that no element { GF(2^n) should belong to a sub-group to
avoid
> fixed points.
If you want no fixed points, say the permutation should
have no fixed points. Why attempt translation into terms
you do not understand? The quote above falls into the
category of "not even wrong".
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Construction of permutation matrix
Date: Tue, 10 Aug 1999 21:32:03 GMT
Douglas A. Gwyn wrote:
> The "bit" *is* a fundamental unit of information: it is the amount
> of information in the simplest nontrivial discrete choice (Boolean,
> YES/NO).
Only if yes and no are equally probable.
--Bryan
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Tue, 10 Aug 1999 21:14:07 GMT
[EMAIL PROTECTED] wrote:
> Oh spare us. You have no basis for concluding that
> the NSA has anything better than the publicly known
> methods of analysis.
To the contrary.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: What is "the best" file cryptography program out there?
Date: 10 Aug 1999 22:45:55 +0100
fungus <[EMAIL PROTECTED]> writes:
> > > With a hell of a fan you can overclock a p3 500mhz to a 1000ghz. They
> > did it at
> > > a convention once, and if u were to put it in mineral water, that
> > would even
> > > keep it cooler.
> ...and wasn't it mineral oil, not mineral water?
Or was it snake oil?
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: RSA patent & Canada
Date: Tue, 10 Aug 1999 21:48:41 GMT
On Tue, 10 Aug 1999 20:19:54 GMT, [EMAIL PROTECTED] wrote:
>Does anybody know if U.S. Patent 4,405,829 "Cryptographic Communication
>System and Method" is in force in Canada? I live in Canada - am I free
>to pull software off the net that uses the RSA algorithm, compile it,
>and use it without worrying about paying anybody royalties?
My understanding is that the patent exists only in the US and the rest
of the world can practice the invention for free. However, if you
import your product into the US, it is covered under the patent and
you have to make a deal with big Jim.
The patent expires on September 20, 2000.
>(I am interested in rolling-my-own PKI infrastructure, and issuing
>digital certificates. I want to pull software that does this off the
>net, build it, and issue certificates without having to pay exorbitant
>per certificate fees. Or any fees to anybody.)
Fees are exorbitant and you may not be able to license the invention,
but be forced to purchase a BSAFE, BCERT and/or TIPEM license and use
RSADSI's implementation. BCERT and TIPEM are built on the BSAFE crypto
library.
doug
------------------------------
From: [EMAIL PROTECTED] (grt)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.privacy,microsoft.public.inetserver.asp.components
Subject: PGP COM Object
Date: 10 Aug 1999 22:50:05 GMT
FYI
http://community.wow.net/grt/nsdpgp.html
NSDPGP.DLL is a COM Automation Interface to PGP version
6.5.1. It allows easy access to the public key (RSA, DH/DSS) and
conventional (IDEA, 3DES, CAST5) encryption features of PGP from MS
Visual Basic, the Windows Scripting Host, MS Office VBA, IIS/ASP, MS
Java, C++ etc.
It is "freeware" and may be used and copied without fee or
obligation for private or commercial use.
Gerard R Thomas
Port of Spain, Trinidad and Tobago
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
PGP Key IDs: RSA:0x9DBCDE7D DH/DSS:0xFF7155A2
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Tue, 10 Aug 1999 17:50:00 -0700
Don Dodson <[EMAIL PROTECTED]> wrote in message
news:7oq2pd$[EMAIL PROTECTED]...
> Assume for a moment that there was a finite number of primes.
> This means that there must be a largest prime number. We will
> call that largest prime N.
>
> Now compute P, the product of all prime numbers 2..N. P is
> divisible by every prime number. Add one to the result.
> P+1 is not divisible by any prime number, and therefore P+1
> is prime. P+1 is clearly larger than N, so N must not be
> the largest prime.
As Bob S has illustrated, you have to take BOTH sides of this contradiction
at ONCE: P is also provably COMPOSITE (because it's not in the list), hence
a contradiction with your proof that P is PRIME. Karl M
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Depth of Two
Date: Wed, 11 Aug 1999 01:27:20 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
<< Eventually I expect to put up on a Web site Kullback's paper on
Friedman squares >>
Any chance that might be fairly soon? If not, is there any other
way to get a copy of that paper?
-- Jeff Hill
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Tom Phinney)
Subject: Re: NIST AES FInalists are....
Date: Wed, 11 Aug 1999 02:08:49 GMT
Doug Gwyn <[EMAIL PROTECTED]> wrote:
> At what point are competent NSA cryptanalysts going to be brought
> into the process, so we can get a soundly based estimate of security?
And Bryan Olson <[EMAIL PROTECTED]> responded:
> Oh spare us. You have no basis for concluding that
> the NSA has anything better than the publicly known
> methods of analysis.
And Doug Gwyn <[EMAIL PROTECTED]> countered:
> To the contrary.
Thank you! A nice terse come-uppance from an interesting domain.
Bob Silverman has it right:
>"You can lead a horse's ass to knowledge, but you can't make him think"
Doesn't Skipjack tell you anything? A strong algorithm in a space of weak
algorithms. 32 rounds when 31 is breakable. Could this be happenstance?
Do you expect to win the lottery next week also?
THINK !!!
------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: How to keep crypto DLLs Secure?
Date: Wed, 11 Aug 1999 13:45:57 +1000
Hooray.
Some one else has also said the bleeding obvious.
security in software is only marginally usefull where the risks, and value
being protected are fairly low - in the range of a few cents to a couple of
dollars/francs/pesatas/lire.
Lyal
Simon Dainty wrote in message ...
>
>Martijn van der Kooij wrote in message <7omopg$hk0$[EMAIL PROTECTED]>...
>
>>> The only sure way to have moderate crypto security is to have the crypto
>>> directly inside the compiled EXE, and not within the DLL. I would
>>> appreciate comments.
>>
>>One way to be sure the dll is not replaced is to use a hash or crc on the
>>dll. Store the CRC value in the exe and when loading the dll compare its
>crc
>>with this value. You maybe need a few different values if there are
>>different versions of the dll.
>
>
>If someone is going to go to all the effort of replacing the DLL with a
fake
>DLL, then surely they're willing to go that extra step and reverse engineer
>the
>executable if need be?
>
> There is no viable security for software today.
>
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Academic vs Industrial
Date: Wed, 11 Aug 1999 04:56:50 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>David A Molnar wrote:
>> Other naive question : I was under the impression that random S-boxes were
>> likely to be weak against differential cryptanalysis. Do key-dependent
>> S-boxes escape this problem b/c they're secret, or are there ways to
>> infer their structure from some attack?
>
>The only thing key dependence does is add one level of complexity to
>the system structure. Instead of simple constants one has an indexed
>array of constants.
Actually all the other block methods are a subset of the random S-box.
If you can develop a method that works against a random S-box then you
don't need any other methods of attack. Of course it is hard to work with
really big S-boxes. I am not aware of anyone using one larger than 19 bits.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NIST AES FInalists are....
Date: Wed, 11 Aug 1999 05:05:25 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Bruce Schneier)
wrote:
>On Tue, 10 Aug 1999 01:30:21 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
>wrote:
>>At what point are competent NSA cryptanalysts going to be brought
>>into the process, so we can get a soundly based estimate of security?
>
>I believe the NSA is already analyzing the AES submissions, but I
>don't believe that "we" will ever get the results of that analysis.
>
>Bruce
This alone is one reason overseas companys would be foolish to
use any of the AES candidates. The NSA will not doubt design special
hardware just for the decoding of messages that overseas companies
are dumb enough to use one of the AES methods.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Infallible authentication scheme
Date: Tue, 10 Aug 1999 21:25:39 -0700
Michelle Davis wrote:
> >All challenge/hashed-response password protocols are woefully obsolete.
> >
> >Newer protocols are not vulnerable to network dictionary attack,
> >including a few simple versions of password-authenticated
> >Diffie-Hellman exchange, including SPEKE, EKE, and SRP.
>
> There is no challenge-response channel in this scheme. It's strictly
> one-way, user to server. This is dictated by the nature of the
> application.
I don't get it. How do you intend to deal with replay attacks, then?
What is to stop me from recording your bitstream, and then later
pretending to the recipient that I'm that widget again? I guess you
could put a time into each packet being sent, as well as a sequence
number, but then you'd need a backchannel anyhow to syncronize your
clocks on the two ends. Having both ends do a 'ntpdate' or equivalent to
synchronize their clocks to a common server would work, I guess...
unless I do a 'man in the middle' attack and imitate the ntpdate server,
at which time I can feed you a bogus date and replay the stream.
Even if you have a cryptographically significant authentication key with
appropriate entropy at both ends as vs. a simple passphrase as sole
source of entropy, you still need some way of dealing with replay
attacks, which is generally going to require some sort of challenge
provided by the recipient that is then added into your incoming packets
so that the recipient knows you're not a bogon replaying an earlier
stream.
And if you're going to do that, you might as well go Diffie-Hellman or
derivative to do the key exchange and challenge exchange. Unless you're
in the United States, of course, in which case brain-dead export laws
can make that a tedious exercise in bureaucracy (as vs. hashed schemes,
which don't need special export clearance).
You're just putting a latch on your screen door. It'll keep out the
neighborhood script kiddies, but don't expect to keep out a detirmined
burglar that way. Of course, a lot of people are satisfied with just
keeping out the script kiddies and figure the bogons will find a way in
anyhow no matter what so not much use doing more... if all you're trying
to do is keep the script kiddies from pretending to be a client in order
to attack your Internet server, you're probably okay. If you want to
keep out a real attacker, well...
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Wed, 11 Aug 1999 04:20:20 GMT
"SCOTT19U.ZIP_GUY" wrote:
> This alone is one reason overseas companys would be foolish to
> use any of the AES candidates. The NSA will not doubt design special
> hardware just for the decoding of messages that overseas companies
> are dumb enough to use one of the AES methods.
But if one of the candidates is too tough to crack even with skill,
cleverness, and hardware assistance, then it wouldn't be so foolish.
The problem is, we don't know whether that is the case, and the AES
evaluation process doesn't seem designed to enlighten us there.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Depth of Two
Date: Wed, 11 Aug 1999 04:00:03 GMT
[EMAIL PROTECTED] wrote:
> Any chance that might be fairly soon? If not, is there any other
> way to get a copy of that paper?
There is a copy (actually two) in the US National Archives II.
It was also reprinted in a classified journal, which won't help
unless you want to initiate a declas. request for it under FOIA.
The NARA copy is a several-generation photostat and is hard to
reproduce legibly. In my spare time, I've been scanning a copy
I made myself, heavily retouching it with Photoshop, then OCR
converting and finally proofreading and hand-editing the text
file. It isn't very cost-effective, but it's a relaxing hobby.
At the moment I am stymied by the lack of a "tally mark" font.
I'll probably have to create one.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Wed, 11 Aug 1999 04:04:39 GMT
The main thing is, making the assumption of finitude,
you get a contradiction. Just what form the contradiction
takes is unimportant; it shows the assumption is wrong.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NIST AES FInalists are....
Date: Wed, 11 Aug 1999 05:11:40 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Bruce Schneier)
wrote:
>On Tue, 10 Aug 1999 11:41:59 GMT, [EMAIL PROTECTED] wrote:
>
>>In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (Bruce Schneier) wrote:
>>> The envelope, please... The five AES finalists are Mars, RC6,
>>> Rijndael, Serpent, and Twofish.
>>
>>eegad. How did MARS make it? It's gross complex and ugly. The rest of
>>the candidates I agree with.
>>
>>I think though like many have said AES should be a family of
>>algorithms. One should be able to pick 'fast' but modestly less secure
>>(say work factor off by a couple factors). And 'slow' but secure for
>>the keysize picked. Also good smartcard and hardware ciphers should be
>>part of AES. If a cipher is not good for some of the departments why
>>put it there?
>>
>>Personally I think the top two ciphers should be RC6 and Twofish. My
>>rational is that RC6 is simple and based on the design principles of
>>RC5. Although 'fixed-points' have been found in the quadratic function
>>I don't see that as a security compromise. Twofish was just designed
>>by some really smart people. I trust their ability, plus Twofish is
>>rather efficient and compact. Both are suitable for hardware as well
>>as smartcards as well as popular x86 type computers which dominate the
>>market.
>>
>>Good luck Twofish and RC6 teams!!!
>
>I recommend you send NIST a letter of comment. Actually, I recommend
>that you all do, regardless of which algorithms you prefer.
>
Yes just what we need a kid telling the NIST that 2 fish is good. Just what
the hell does this kid know about encryption or anything else for that matter.
Yes I see he is trying to kiss up to you and you think your a god. So since
there are no facts that 2 fish is any "good" let the kid write to them. Heavan
forbid that someone actually takes a real good look at it. By the way in your
phony contest did any one get the money. Or since there was no real black
and white problem to solve did you pay anyone.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Andrew Whalan" <[EMAIL PROTECTED]>
Subject: brute force crackers unethical?
Date: Wed, 11 Aug 1999 15:05:00 +1000
I just recently lost a tutoring job at a university, in a nutshell, for
writing a brute force cracker for the Unix crypt function as a student and
then demonstrating it whilst holding the position of a tutor (although not
tutoring at that point in time) to a fellow data security student.
I can understand loosing the position over the alleged breach in conditions
of use of computer systems on campus but one of the biggest arguments was
that what I did was unethical and as such I should not be tutoring a subject
on ethics.
Whilst my program never did reverse any passwords (not even my own) it did,
given enough time, have to power to reverse the crypt() function. However,
due to the machine it was running on it would have been lucky to attempt
4000 permutations a second ... hardly likely to find a match for even a 4
character (case sens. alphanumeric) in reasonable time (6 months for 4
characters).
Anyhow, in a nutshell, I would just like to be reassured that I am not
acting in an unethical fashion to write a brute force cracker, as IMHO at
least, it is a valid (but annoyingly time consuming) method of
cryptanalysis.
Andrew
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Depth of Two
Date: Tue, 10 Aug 1999 23:35:18 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>
> At the moment I am stymied by the lack of a "tally mark" font.
> I'll probably have to create one.
||||/|||\||||\||||/||||/||||/||\||||\||||/|||\||||/||||/||||/||||\||||/|||\||||/||||/||||/|||\
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: interesting repeats in Kryptos-4 delta streams
Date: Wed, 11 Aug 1999 04:10:23 GMT
I should point out that the delta ICs indicate that neither delta
stream was reduced to monoalphabetic terms, but the presence of so
many repeated elements indicates a coherence between adjacent cipher
characters. This could be an autokey cipher, for instance.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: AES finalists to be announced
Date: 11 Aug 1999 05:26:27 GMT
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> I meant no ill will, but my bibliography of Serge's work shows
> primarily design papers.
Checking http://www.dmi.ens.fr/~vaudenay/pub.html shows some papers with
titles like "On the Security of CS-cipher" and "On the relationship
between differential and linear cryptanalysis." I haven't read these yet;
are they considered design or cryptanalytic?
Thanks,
-David Molnar
P.S. The only paper of his that I've looked at is "Cryptanalysis of the
Chor-Rivest Cryptosystem", and that mostly because knapsacks came up in
another thread. So I am no expert here and curious.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Techweb crypto comedy...
Date: Tue, 10 Aug 1999 18:04:50 GMT
fungus <[EMAIL PROTECTED]> wrote, in part:
>Just pulled from the techweb.com news:
Looking at
http://techweb.com/wire/story/TWB19990810S0002
I was about to say that they'd moved Israel to Europe, but since they note that
SERPENT was a collaborative effort, involving researchers from two European
countries in addition to Israel's Dr. Eli Biham, I suppose they can't be faulted
on that.
But the stuff about key sizes certainly is mangled.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
