Cryptography-Digest Digest #33, Volume #10 Thu, 12 Aug 99 03:13:06 EDT
Contents:
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: brute force crackers unethical? ("Douglas A. Gwyn")
Re: language confusion, would it work? ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: Depth of Two ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... (JPeschel)
Re: My web site is up! ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: My web site is up! (Boris Kazak)
Re: IDEA in AES (Paul Rubin)
IDEA in AES ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Better combiner than PHT? (Paul Crowley)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 03:14:03 GMT
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>, Douglas A. Gwyn wrote:
> > [EMAIL PROTECTED] wrote:
> > > Oh spare us. You have no basis for concluding that
> > > the NSA has anything better than the publicly known
> > > methods of analysis.
> > To the contrary.
> Those three words are an outstandingly poor attempt at
> justifying your position.
They're not an "attempt at justifying my position", they're
a contradiction of what you said. I *do* have a basis, but
security rules (OPSEC etc.) prohibit me from providing details.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: brute force crackers unethical?
Date: Thu, 12 Aug 1999 02:42:41 GMT
Andrew Whalan wrote:
> I should have mention the shoddy job i did on the coding...
Sounds like rationalization -- would you say that an inept
burglar is not burgling?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: language confusion, would it work?
Date: Thu, 12 Aug 1999 03:21:41 GMT
Once the natural-language intermediate text was recovered,
if it didn't convey a sensible and unstrained message, one
would suspect an additional coding step. During previous
World Wars, censors often caught hidden messages in mail,
etc. by the unnaturalness of the cover message.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 04:24:54 GMT
In article <[EMAIL PROTECTED]>, Matt Curtin
<[EMAIL PROTECTED]> wrote:
>>>>>> On Tue, 10 Aug 1999 20:46:47 GMT,
> [EMAIL PROTECTED] (John Savard) said:
>
>John> This would *tend* to suggest that if the NSA doesn't have
>John> "anything better than the publicly known methods of analysis",
>John> some people aren't earning their paycheques.
>
>In light of the release of SKIPJACK specifications and the success of
>an attack on a 31-round variant, it has been suggested that the
>cryptographic expertise "out here" might have caught up to that "in
>there". If NSA knew about attacks using impossible differentials and
>applied the technique to SKIPJACK reduced by one round, blessing it as
>secure would be an incompetent blunder.
>
Just because it might be weak at 31 rounds does not mean that
they don't have much more advanced methods to know that it was weak at
31. It is quite likely they used a different method. If they used a
different method they know have both techniques.
>At the very least, it seems quite likely that there are now attacks
>that are being discovered for the first time outside of NSA and that
>it is not safe to assume that NSA's expertise is significantly greater
>than that of any other cryptographic research laboratory.
>
>No matter how many Smart People NSA hires, there will be more Smart
>People outside of NSA.
>
There may be more smart people out side the NSA but the NSA has more
money and computers. Plus they have the advantage of years worth of spying
on all cipher developmenet while the Phony Ivory tower types have very limited
resourses. For example I am sure the NSA has studied my methods to get
what knnowledge they can from it. While all people like Dave Wagner are to
fuckin lazy to look at it. Yes he can spout off saying his Slide Method makes
it dead but when put to the test it shows he was speaking in lies. His kind
don't have the time to look at all the stuff out here. The NSA does have the
time money and a large team that looks at everything. Plus part of there game
is to keep the phony crypto people in the dark and tricking them to research
in the wrong direction.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 04:33:45 GMT
In article <[EMAIL PROTECTED]>, Matt Curtin
<[EMAIL PROTECTED]> wrote:
>>>>>> On Wed, 11 Aug 1999 05:11:40 GMT,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) said:
>
>SCOTT19U> Yes just what we need a kid telling the NIST that 2 fish
>SCOTT19U> is good. Just what the hell does this kid know about
>SCOTT19U> encryption or anything else for that matter.
>
>I find myself frequently asking the same question about you.
>
Well I don't plan to tell the NIST anything I am sure they
are a bunch of stuffed shirts that a classy guy in a suit and
tie could most likely pull the wool over there eyes. Its seems
like the government really never uses talanted people on
comittees any way. It is much more important to make
sure the committe is racially balanced for political reasons.
Besides if they had bright people on such committes that
thought for themselves they might actually do the job
that the public expects them to do.
By the way if my stuff is so bad solve my contest. I guess
a years lead time is to much. Or try my easy contest that
is for free but can't be done with any of the weak AES
methods. Also has Mr. B.S. paid anyone in his short
term contest?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 03:00:31 GMT
[EMAIL PROTECTED] wrote:
> ... Is the bar so high the best efforts of
> superb cryptologists are insufficient, or so low that
> a spy agency about which we know next to nothing
> automatically clears it?
(a) I assume by "superb cryptologists" you mean the people who
contributed AES candidates, participated in AES conferences, etc.
It is to be expected that they would highly "rate" cryptosystems
similar to the ones they themselves design, regardless of whether
or not the systems are really secure. What would be reassuring
would be for *demonstrably superb cryptanalysts* to have attacked
the AES candidates and have rated them according to their
withstanding the attacks. But few if any of the evaluators
appear to have ever successfully cryptanalyzed *any* difficult
real-world cryptosystem, so what use are their ratings, anyhow?
(b) I know for a fact that NSA cryptanalysts are capable of
successfully cryptanalyzing many difficult real-world systems,
so they *are* demonstrably superb cryptanalysts whose ratings
would bear some relationship to reality.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Depth of Two
Date: Thu, 12 Aug 1999 03:50:13 GMT
[EMAIL PROTECTED] wrote:
> I paid a visit to the NARA website, but their NAIL search engine
> apparently doesn't have a complete list of the archives. Is "Friedman
> Squares" the actual name of the paper?
[The Project OpenDoor records are:
NR 2760 CBMI41 4642A 19440000 RECIPROCAL ALPHABET AND FRIEDMAN SQUARES
BY LT. COL. S. KULLBACK
NR 3322 CBPD43 16259A 19420707 RECIPROCAL ALPHABETS AND FRIEDMAN
SQUARES
They are in RG 457, an index to which is in RR2 as well as in the
Modern Military History section (also on 2nd floor). Here is an
excerpt to whet your appetite:]
I. RECIPROCAL ALPHABETS AND FRIEDMAN SQUARES
Lt. Colonel S. Kullback
The following discussion assumes that the reader has attained some
maturity in cryptanalysis. The properties to be discussed are very
much akin to indirect symmetry and find very useful application in
connection with certain cipher machines.
By reciprocal alphabet, of course, is meant an alphabet in which if,
for example, Ap = Xc, then Xp = Ac. By Friedman square is meant one
in which the square is constructed by means of a sequence which runs
down the diagonal rather than across the rows as in a Vigen�re square.
Figure 1 illustrates such a square with the diagonal sequence running
from upper right to lower left.
JAVTMBUHODLQEPYKWZISXRFVEC
SBZLNIJAFQWRYXPEUODCTGBRVK
NUQMOKSGWETXCYRIAFVZHNTBPD
IWLAPDHERZCVXTOSGBUJMZNYFM
EQSYFJRTUVBCZADHNIKLUMXGLO
WDXGKTZIBNVUSFJMOPQILCHQAR
FCHPZUONMBIDGKLAYWOQVJWSTE
VJYUIAMLNOFHPQSXEAWBKEDZRG
KXIOSLQMAGJYWDCRSENPRFUTHB
COADQWLSHKXEFVTDRMYTGIZJNP
ASFWEQDJPCRGBZFTLXZHOUKMYV
DGERWFKYVTHNUGZQCUJAIPLXBS
HRTEGPXBZJMIHUWVIKSOYQCNDF
TZRHYCNUKLOJIEBOPDAXWVMFGJ
UTJXVMIPQAKORNAYFSCEBLGHKZ
ZKCBLOYWSPATMSXGDVRNQHJPUI
PVNQAXEDYSZLDCHFBTMWJKYIOU
BMWSCRFXDUQFVJGNZLEKPXOAIY
LEDVTGCFIWGBKHMUQRPYCASOXN
RFBZHVGOEHNPJLIWTYXVSDACMQ
GNUJBHARJMYKQOEZXCBDFSVLWT
MIKNJSTKLXPWARUCVNFGDBQEZH
OPMKDZPQCYESTIVBMGHFNWRUJL
YLPFUYWVXRDZOBNLHJGMETIKQA
QYGIXEBCTFUANMQJKHLRZOPWSX
XHOCRNVZGISMLWKPJQTUAYEDCW
Figure 1
...
As a simple example to illustrate the foregoing principles, consider
the following texts. It is assumed to be known that the "enemy" is
using a polyalphabetic system with reciprocal alphabets and the nature
of the intercepts suggests that the following two messages are
encipherments of the same plain-text.
I. EHCJT XNGRU OUIWQ ERWRK VSEEN
DMOJE VEPJF HBSEB KDACE HCJTX
NPJQO HNKAU EZJHP ZTOOS IEIRA
XRTRU NBTGR SEEND MJESI OZUOR
YHTGR JVENH OKAFE PIZAU KZDER
SVLNS N
II. WTGID NVTMW UGYDP EMDCJ ZITEE
OQOBB NEPXA AIITC UOKSW TGIDN
VSBAU AEUKG WERAP EEOGI LEYFK
LMRCG EVETM ITEEO QIWIL OVWUQ
NTETM XNEET UJKYT SYEKG UEDEM
INXEI V
Figure 10
...
[If you can already crack the above example, then you might not
have much to gain from studying this monograph.]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 03:09:36 GMT
Matt Curtin wrote:
> ... it is not safe to assume that NSA's expertise is significantly
> greater than that of any other cryptographic research laboratory.
> No matter how many Smart People NSA hires, there will be more Smart
> People outside of NSA.
In the cryptologic field, decades of accumuled practical experience on
a massive scale and of accumlated knowledge makes a *big* difference.
I know of at most a dozen "outside" cryptomathematicians that the
Agency would be happy to have working for them. I am sure there
are many more than that already working for them. What they usually
do is hire good mathematicians, then train them in cryptology, much
of which conveys knowledge simply not available on the outside. But
there is a lot more to cryptology than mere cryptomathematics, and
the Agency also has plenty of workers and experience there, too.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 04:58:37 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> Rest assured that if there was an entry that the NSA felt to strong
>> for it to attack it would never be allowed to see the light of day
>> in the AES game.
>
>What mechanism could possible accomplish that? The AES candidates
>are very public.
First of all no real secure system would get past the AES entries. IF it is
not written in there special format. The NSA would most likely toss those out
before public review. However if one slipped in they still would infulence the
outcome to convience people that it is weak. If the contest was for real I
think various contests should have been held. Like how hard is it to break
reduced forms. These contest should be open and public. Not just some BS
from a phony crypto god. When things are not done with real world tests the
good ole boys will pat them selves on there backs and only they will win.
There should be real world contests. And since the idea is for security any
idiot should be able to see that different methods are required for file
protection and smart card stuff. The only possible reason to use the same
method for everyting is to limit the size of the program. All else aside it is
highly unlikely that a low memory fast encryption program is good for all
aplications. We don't use Nuclear fuel in are cars but there is place for
all types of fuel. The only possible reason to go to a high speed low memory
method for all methods is so that it will be easy to break. But if the
government is able to con the Europeans into beliving the NSA is there
friend I guess they deserve to have there mail read and maybe we can
steal there business secrets for our own use.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: NIST AES FInalists are....
Date: 12 Aug 1999 03:24:41 GMT
>"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>I know for a fact that NSA cryptanalysts are capable of
>successfully cryptanalyzing many difficult real-world systems,
>so they *are* demonstrably superb cryptanalysts whose ratings
>would bear some relationship to reality.
How about some recent examples that demonstrate the superiority of
the NSA's cryptanalytical acumen over the shrewdness of the AES
cryptologists?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: My web site is up!
Date: Wed, 11 Aug 1999 23:51:07 -0400
> I concur. That is why I feel you cannot allow a PC to be tied to a
> network if you have sensitive data on it. In fact, I could go on, but
> I really can't.
>
> Do you know of a good OS for the average PC that is well built for
> security overall?
Oh most definatly...you want either Linux or BSD (maybe sun if you can
afford it). Please people lets not get into an OS war... You will want to
use UNIX either way. However, just having unix is not enough. You need a
skilled system administraitor to keep things secure. If you are looking
for a place to host your site that is SECURE...you should consider
http://www.th3-hosting.net/hosting.html. If you already registered your
domain, you can easily transfer it, and their gold package is not too
expensive. Yeah I know, their site doesn't look all that professional, but
it is run by hackers, and the security is top of the line. Just a
suggestion...
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 01:21:41 -0400
"SCOTT19U.ZIP_GUY" wrote:
> Yes just what we need a kid telling the NIST that 2 fish is good. Just what
> the hell does this kid know about encryption or anything else for that matter.
> Yes I see he is trying to kiss up to you and you think your a god. So since
> there are no facts that 2 fish is any "good" let the kid write to them. Heavan
> forbid that someone actually takes a real good look at it. By the way in your
> phony contest did any one get the money. Or since there was no real black
> and white problem to solve did you pay anyone.
LOL, I assume you are just bitter because your cipher is not doing so well. Grow up a
bit eh?
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Subject: Re: My web site is up!
Date: Wed, 11 Aug 1999 21:56:00 -0400
Reply-To: [EMAIL PROTECTED]
SCOTT19U.ZIP_GUY wrote:
>
..................
>
> No from what I saw was some *bullshit* about it being judged to powerful
> to be available so what source code.
> >
....................
>
> If your too *stupid* to understand this comment no wonder you think
> your *crap* smells good.
>
.............
>
> More *crap* you asked for valid feed back and I gave it.
>
> David A. Scott
> --
======================
No need barking... Greg is not an elephant, no prestige will be
gained by attacking him.
Best wishes BNK
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: IDEA in AES
Date: 11 Aug 1999 22:43:45 -0700
[EMAIL PROTECTED] writes:
> I am curious as to why IDEA is not in this round of AES. I can
> understand the copyright problem, but other than that, it seemed like
> one of the most sound ciphers there.
First of all IDEA is a 64-bit block cipher and AES uses 128-bit
blocks. Second, IDEA is patented and the patentholders haven't
indicated willingness to license it worldwide royalty-free under any
circumstances. Third of all there's no reason to think it's one of
the most sound ciphers there. It uses comparatively bizarre design
principles compared to the currently surviving AES candidates, and it
looks shaky under recent cryptanalytic results. It has few distinct
advantages over other ciphers in its (64 bit) class. It was an
academic design that probably wouldn't have gotten much attention at
all if a certain inexperienced (at the time) cryptography implementer
hadn't decided to use it in what became a popular free program.
------------------------------
From: [EMAIL PROTECTED]
Subject: IDEA in AES
Date: Thu, 12 Aug 1999 01:23:44 -0400
I am curious as to why IDEA is not in this round of AES. I can
understand the copyright problem, but other than that, it seemed like
one of the most sound ciphers there.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Thu, 12 Aug 1999 05:49:22 GMT
"SCOTT19U.ZIP_GUY" wrote:
> The NSA would most likely toss those out
> before public review.
Don't you think the proponents of such systems would have made a
public fuss about that?
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Better combiner than PHT?
Date: 12 Aug 1999 00:27:50 +0100
The PHT (c, d) = (a + b, a + 2b) is "imperfect" in that the bottom bit
of d is not affected by b; I've failed to find a "perfect" combiner.
Here's what I want, does it exist?
Let S be any set s.t. |S| > 1, preferably the set of 32-bit ints. I'm
looking for a function f: S^2 -> S^2 s.t. if you choose values for any
two of (a, b, c, d), there exists values for the remaining two
s.t. (c, d) = f(a, b) . IOW:
* it's bijective
* you can choose one input and one output and infer the other input
The PHT fails this test: choose a=0, d=1, no suitable value for b
exists. Does any function pass? Does any function pass where S is the
set of n-bit integers? Does any easy-to-calculate function pass?
Looking forward to people's thoughts,
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
