Cryptography-Digest Digest #42, Volume #10 Fri, 13 Aug 99 18:13:04 EDT
Contents:
Re: Positive News About JAWS Technologies ([EMAIL PROTECTED])
Re: AES finalists to be announced (Bruce Schneier)
Re: crypto survey (Patrick Juola)
Re: Future Cryptology (John)
Re: Q. a hash of a hash ... (Mok-Kong Shen)
Re: 'weak keys' in Blowfish Variant ([EMAIL PROTECTED])
Re: Future Cryptology (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: Future Cryptology ([EMAIL PROTECTED])
Re: Future Cryptology (SCOTT19U.ZIP_GUY)
New encryption algorithm ("Tony Zelenoff")
Re: About Algorithm M ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Positive News About JAWS Technologies
Date: Fri, 13 Aug 1999 20:04:54 GMT
In article <[EMAIL PROTECTED]>,
dave <[EMAIL PROTECTED]> wrote:
> I had a good browse through the JAWS website, and in the news/faq
> section found "....original programmer has been working on the
project
> for about 17 years....". Then in the next
paragraph: "......original
> programmer is in his late 20's and is considered a prodigy."
> Indeed.
> regards all, DaveM.
>
Smoke and mirrors. The entire site is a joke. With their 'superior
4096-bit encryption' whatever that means. I guess Blowfish is cool
with it 'superious 32768-bit encryption'.
Ten dollars (canadian so it ain't worth much) says that actual '4096-
bit' key is made by a simple RNG or key schedule fed by say a 128-bit
key. I wouldn't be surprised if they used the amazing 'rand()'
function (with it's large 32-bit internal state) ....
One question. Is that 4096-bit key randomly made or is it derived from
the password? What key exchange algorithm is used? According to them
RSA has been broken and PGP is extremely weak. So how does the super-
duper 4096-bit key get from point A to point B?
Does anyone else realize that they have no crypto bearing info on their
site except for the keysize? Can we say 'buzzword compliant' or what?
It's sad that people like them get trusted with real life security
issues. Good thing most coporate crypto people can see right thru it.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: AES finalists to be announced
Date: Fri, 13 Aug 1999 20:05:36 GMT
On 11 Aug 1999 05:26:27 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>Bruce Schneier <[EMAIL PROTECTED]> wrote:
>> I meant no ill will, but my bibliography of Serge's work shows
>> primarily design papers.
>
>Checking http://www.dmi.ens.fr/~vaudenay/pub.html shows some papers with
>titles like "On the Security of CS-cipher" and "On the relationship
>between differential and linear cryptanalysis." I haven't read these yet;
>are they considered design or cryptanalytic?
First off, please realize that this is all very subjective.
I consider the first paper to be a design paper, since the CS Cipher
is a cipher that Serge designed. (A nice design, by the way.) And I
consider the second paper you mention to be on the theory of
cryptanalysis.
>Thanks,
>-David Molnar
>P.S. The only paper of his that I've looked at is "Cryptanalysis of the
>Chor-Rivest Cryptosystem", and that mostly because knapsacks came up in
>another thread. So I am no expert here and curious.
This paper is another excellent paper, but it is not a block cipher
cryptanalysis paper. It's a public-key paper, which is a different
area of cryptanalysis entirely.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Patrick Juola)
Subject: Re: crypto survey
Date: 13 Aug 1999 16:16:06 -0400
In article <[EMAIL PROTECTED]>, Lee Winter <[EMAIL PROTECTED]> wrote:
>Medical Electronics Lab wrote:
>
>> [EMAIL PROTECTED] wrote:
>> >
>> > Simple question: Who is your enemy?
>>
>> Every government that exists :-)
>
>A thoughtful response.
>
>But the present tense is bothersome. Future governments might be evey
>more of a threat than the current set. So...
I think the comment was a-tensual; just as if I say that
"Thursdays I take Tai Chi classes," actually refers to *every*
Thursday, not just the current one.
Yours for a more linguistially pedantic group.
-kitten
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 12:18:34 -0800
I wonder, if one makes the algorithms public, it is only a
matter of time before they are cracked. If they aren't public,
nobody will use them. What is the solution?
http://www.aasp.net/~speechfb
Free Encryption Software
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Fri, 13 Aug 1999 22:19:29 +0200
Anton Stiglic schrieb:
>
> >
> > Since the domain of H is finite, the iteration
> >
> > x_(i+1) = H(x_i)
> >
> > eventually loops, whatever x_0 may be. There may be a number of
> > different loops, being obtainable from different starting values x_0.
> > Let the size of one of these loops be n. Then we have for any element
> > x' in that loop
> >
> > x' = H^n(x')
>
> yes of cours, but for each x, the loop cycle might be different. I was
> saying that
> H(H(....)) would not be a hash function if for all x, the loop cycle would
> be the same.
>
> Of cours, each x will have a loop cycle...
But if for one subset of values of x the function H^n is the idendity,
can you use H^n well in your applications? The entire domain of H
may, depending on H, be partitioned into only a few such subsets.
Is this situation o.k. for you? I am not quite sure.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 'weak keys' in Blowfish Variant
Date: Fri, 13 Aug 1999 20:17:07 GMT
In article <7ovpdq$vts$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Whoa... that got me upset. I did a small test on my Blowfish clone
> (see previous post) and it turns out about 1 in 4 keys
> make 'collisions' in the sboxes where two elements are equal. I would
> like another person to test it (maybe I am wrong).
>
> Can anyone think of why?
I found out why. i was testing keys with many same bytes (zeros to be
exact). Turns out that's a big weakness. I have to change it to add
some bias words to the round keys. This will avoid weak keys when
padding shorter keys.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 21:32:17 GMT
In article <[EMAIL PROTECTED]>, Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote:
>> In article <7ov8e9$f6i$[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (Patrick Juola) wrote:
>> > I don't believe that it's at all a good question; I'm not sure a
>> > cryptosystem exists that will protect me from the NSA but not
>> > from "thieves and pesky hackers [sic]."
>>
>> That's not my point. My point was to stop focusing on stopping the NSA
>> and focus on the real task at hand. I can't believe cryptograpers
>> related to banking are thinking 'I wonder if the NSA can read these
>> messages'. I bet they are thinking 'how much effort will it take for
>> an attacker to forge transactions ...' or something like that.
>>
>
>as an aside the charter given the X9A10 working group for X9.59
>protocol (for all account based transactions) was to preserve the
>integrity of the financial infrastructure with just a digital
>signature. much of current use of financial cryptography is for
>message (transaction) authentication (independent of privacy
>issues).
>
The problem with not making it secure against some groups like
the NSA is the fact that govenments such as China through it ability
to spy can just has easily have all our encryption secrets as they
do our nuclear weapons. With these secrets they could easily do
all kinds of nasty things to worlds banking systems. So doing AES
type of stuff with a few weak small keyed crypto systems could put
the free world at great jepardoy. Just a thought for the masses.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Fri, 13 Aug 1999 20:14:09 GMT
In article <7ovj52$1rn2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I agree with most of what you said but you word things much better.
> However I have more faith in a fishy algorithim winning the contest.
I would
> also like to state. That scott19u maybe slow but I belive it is based
in
> the kind of simplicity you stress. Though the hateful wrong comments
> of Wagner and others state otherwise. I feel they may be jealous of
> the overall strength of my method. If is far more secure of an
algotrithm
> than any of the short key AES candidates.
Will you ever get it thru your think skull that it's not the keysize
that makes algorithms strong!
I will admit the key size does place an upperbound on the 'security'
provided. For example the actual DES algorithm is strong but the key-
size is too small (i.e 3DES is now considered strong because of the
keysize).
I could make a million bit vingere cipher and it could be cracked
relatively faster then 2^(2^20)-1 trials... Which proves that keysize
is not the only limiting factor.
I agree that your algorithm presents some unusually resistent problems
to 'crack' but it's too slow, memory intense and dis-organized to be
treated seriously.
Why haven't you conisdered my ideas?
1. Find an estimate for blocksize/rounds ratio for 2^n resistance to
any iterative attack (should start with diff and linear)
2. Find an estimate of bounded security for word size of n (consider 8
and 16).
3. Effective keysize with word size n.
4. Key setup times and encryption times.
5. Rate of diffusion (3d matrix consisting of block size / rounds /
word size).
If you just showed that you have the ability to analyze your cipher
better people might actually consider your method.
(I know you placed me in your killfile, but if someone else could
repost this to him, he might actually listen).
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 17:23:06 -0400
lol, but the nsa IS why I am (trying) to learn cryptography.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Future Cryptology
Date: Fri, 13 Aug 1999 21:47:15 GMT
In article <7p1t4p$i9l$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Patrick Juola)
wrote:
>In article <7p1q83$aqt$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>>In article <7ov8e9$f6i$[EMAIL PROTECTED]>,
>>> So "neither" seems to me to be a very rational answer.
>>
>>You are not going to stop someone with more power then you, from
>>reading your messages. Simple as that.
>
>I disagree; in point of fact, that's the entire "work factor" argument;
>not only does one need more power than me to read my messages, but
>one needs to achieve a particular threshhold of additional power in
>order to do so.
>
>Reading messages and sending messages aren't inherently symmetric in
>terms of difficulty, just as it's much harder to construct a building
>than it is to destroy one. You and five of your friends are more powerful
>than I (in our capacities as private citizens, &c. -- I'll explicitly
>ignore the possibility that you're really a CIA spook or an archangel
>in disguise); you (as a group) got more money, more time, more mobility
>and so forth. Despite this sixfold increase in power, it wouldn't be
>hard for me to make sure that you needed to spend much more than six times
>the effort to read the message as I took to write it.
>
>Similarly, the NSA has an effective effort of several million or several
>billion times the amount of effort I can capable of deploying. This,
>howeer, still establishes an upper bound of what the NSA *could* do; if
>I have reason to believe that a particular technique requires more than
>that effort, then (I believe) it's safe from the NSA.
>
>>They can break into your
>>house, tap your phone, kidnap your spouse etc etc etc... You should
>>focus on making tampering or fraud hard (i.e can't be done remotely or
>>via software) which will stop more people.
>
>Why? *If* I can demonstrate a system effective against an NSA-level effort,
>that will automatically be effective against similar-but-lower efforts.
>Do I need that? Not necessarily... but I also don't need the extra 200MHz
>of my PC's speed but it's cheaper to buy the fast cpu than to have a slower
>machine custom-built.
>
>>
>>> So when did the NSA stop being "people"? If the NSA has the
>>> capacity to break a system in such fashion, that's *NOT* to be
>>> encouraged.
>>
>>The NSA is a buzzword (the word 'is' is technically correct since I am
>>using it as a collective noun). Simple as that. Look at Dave Scott.
>>He yaks on about the NSA all day long. Does he know anybody at the
>>NSA?
>
>Almost certainly not. But Mr. Scott's ignorance doesn't provide the
>NSA with divine-level capacity.
>
>The NSA *is* a buzzword -- specifially, it's usually shorthand for
>passive cryptanalysis at the capacity of a major world government,
>or for an effective upper bound for the capacity of passive cryptanalysis.
>
>My question, then, is twofold : one, what *is* a reasonable estimate of
>such an upper bound? I know it's not infinite...., and two, what would
>be the cost of providing reliable security against such an upper bound?
>Again, I know it's not infinite. For example, I am confident that RSA
>with sufficiently large keys *will* delay cryptanalytic attack; although
>I don't know what the fastest possible factoring algorithm is, I *strongly*
>believe that it's slower than multiplication, and so there's a work-factor
>gap.
>
I agree with you but. How fast can a multiply be done in hardware.
I think any method could in theory go at a 2 gate delay if the course I had
on asynchrous digital machines meant anything. Also most people make
the same mistake as the enemy in world war II. And falsely assume that
brute force is the only reasonable why to crack something. So they make
up a bit size based on this one weak fact alone. And then deisng a weak
system. The problem is not that the NSA can brute force every thing by
a dumb search. But they can use other methods to take aadavtage of
poorly desgned fast low memory low key systems. So even if the NSA is
5 years ahead. No one can easily predicte what will come along in 5 years.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Tony Zelenoff" <[EMAIL PROTECTED]>
Subject: New encryption algorithm
Date: Sat, 14 Aug 1999 01:23:25 +0400
THE ENCRYPTION SYSTEM
The new information conversion system was developed, that can be used in
cryptography, computer technology, cybernetics, encoding, information
systems and data transmissions systems. An open text can be encoded to the
encrypted text in any numeration system. One of this method applications is
onekey streaming encryption system, that can to work in following modes:
- Synchronous mode
- Selfsynchronizing mode
- The mode of the time-depending system with memory
(Time related changing system with memory)
The properties and operation modes of the encryption system are determined
by key structure.
There can be encryption systems with following properties:
-The key number can be as large as you like.
-The m-digits symbols of open text are input to the entry of the algorithm.
On the output of the algorithm there are formed the m-digits symbols of
encrypted text. The encrypted text length is equal the open text length. In
the binary numeration system the m-digits symbols are the m-bit symbols
(m=1,2,4,8).
-The decryption is carried out in reverse order from the end of encrypted
text.
-The system has the initial state. The system state is a function of the
previous system state and current input symbol of the open text.
-The output symbol of encrypted text is a complex function of the current
input symbol and all the previous input symbols of the open text, all the
key elements and the initial system state.
-The speed of the encryption/decryption is key length independed.
-Multiple encryption with different keys using is non-commutative.
-The results of multiple encryption with different keys using or with one
key using can not be achieved by single encryption.
-The same open text sequences after encryption are represented by different
encrypted text sequences of the same length.
-Cryptographic analysis: the full all keys examination.
-Authentication of encrypted data after storing and transmitting can be made
at decryption with as little probability of non-revealing changes as you
want. The system of authentication is included into the encryption system.
The authenticator is not classified.
-In the encryption the hidden randomisation can be used: the arbitrary
sequences are entered into an source open text, thus the enlarged open text
is formed. Then the enlarged open text is encrypted. The length of the
resulting encrypted text is the same as the initial open text length.
This method can be effectively used to develop encoding/encryption system
with an error correction. The method include the descriptions of six
different encryption/decryption algorithms with a lot of examples that
illustrate their work.
With using C/C++ languages for DOS there were written the programs for
developing keys by single encryption algorithm and the programs for
encryption/decryption:
-by algorithm;
-with data authentication;
-with hidden randomisation.
On the base of these programs there were written three new ones , that using
feedback on encrypted text (open text symbols modification by encrypted text
symbols).
In the program with hidden randomization, the random number generator plays
a role of second classified key, that strengthen cryptographic steadiness of
the algorithm.
There is the algorithm for generation of random number sequences with as
long period as possible. The formed random numbers have an even
distribution.
The author of this invention - Jury Andreevich Nedosekin will sell this
development by contract.
If you want to know more about method based on this invention, send a
message to this e-mail:
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: About Algorithm M
Date: Fri, 13 Aug 1999 21:27:51 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > 1) I know Algorithm M is simple to describe but ...
>
> Maybe you should describe it, then. Are we supposed to know what
> you mean by "Algorithm M"? It's not a standard term.
Sorry...
You have two PRNG, let's call them RNGA and RNGB. You have a delay
(array basically) of N elements. Then to initialize Alg M you do
for i = 0 to N-1
delay[i] = RNGB
Then to step Alg M you do
tmp = RNGA mod N
output = delay[tmp]
delay[tmp] = RNGB
It has the effect of throwing the outputs 'out-of-order'. I wanted to
know if there were any types of attacks that exploit the number of bits
actually used in RNGA to get an index value. In Applied Crypto he
says '#define N (8192) // larger the better'. I want to know why 'the
larger the better' (assides from from making a reconstruction of RNGA
harder todo).
I know that there are a variety of consistency style attacks. If you
used N = 256 and RNGA was a LFSR of degree 32 (8 parallel LFSRs for
example), your keysize can be no larger then 32x256 ...
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
