Cryptography-Digest Digest #44, Volume #10 Sat, 14 Aug 99 01:13:03 EDT
Contents:
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: Smart card generating RSA keys ([EMAIL PROTECTED])
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
(SCOTT19U.ZIP_GUY)
Re: I HOPE AM WRONG ("Steve Sampson")
Re: I HOPE AM WRONG (SCOTT19U.ZIP_GUY)
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Re: Q. a hash of a hash ... ([EMAIL PROTECTED])
Re: NIST AES FInalists are.... ([EMAIL PROTECTED])
Re: decryption verification methods ([EMAIL PROTECTED])
Re: About Algorithm M (David A Molnar)
Re: NIST AES FInalists are.... ("Douglas A. Gwyn")
Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) ("Douglas
A. Gwyn")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Sat, 14 Aug 1999 00:59:46 GMT
In article <7p1795$2pjo$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I am not so sure if I post a reduced form here my government would
take me
> to court. We are not free to openly show our cryto. Maybe you are in
gernany
> or maybe the AES is a specail case. Since they are weak..
Oh you broke some AES algorithms? Have any online papers I can read?
> Yes leave the NSA just one small fast method to analyse.
> Why make it hard for them.
Why make it hard on us? Why use 1000 methods if only one or two will
do? Besides are you the one who tots your only method as secure?
Isn't your lack of diversity aiding the NSA (to use your idea).
> I think scott19u.zip is very good example of a high memoty slow
encryption
> that has many advantagous. FIrst it is slow only because of the work
it needs
> to do to encypt. Yes anything can be written slow. " If it takes very
few
> machine cycles to use a small key to encrypt. Then it takes less time
on the
> average for the NSA types to break." This is common sense. But the
reverse is
> not always true. It seems like many idots here misquote so I will add
a more
> obvious statement for the low IQ level readers. This is not to
> state that just becasue an encryption method Is slow that is secure.
Just
> as one should know that just becase an encryption method has long keys
> that it is safe. But only an idfot would think that a 40 bit key is
safe
> however recent new acrticles seem to imply a system with less thean
40000
> keys is safe for those of you that read articles.
That is so full of it. RC2 for example is slow, and can use small to
large keys. It is slow with 40-bit keys, and it is slow with 128 bit
keys.....
Keysize is not the only factor though. The keyschedule in RC2 for
example aids in key searches, against short keys that is. Of course
say RC2 was new, and I was using 40bit keys. I could just use my PRNG
to make 64-bit keys, and voila longer protection. No need to dump the
cipher and replace it.
I like the variability of RC ciphers (RC5 espescially). Rivest has a
good grab on 'crypto-reality' when he designs his ciphers. Even though
there are attacks against reduced round RC5 none of them can actually
be used against practical implementations of the cipher (requires
between 2^40 and 2^53 plaintexts if I read the last table correctly in
[1]).
All aside I would rather use RC5 then Scottu. RC5 is faster, smaller,
simpler and has been well scrutinized. I can plug in 40-bit keys for
export allowed, or plug in 80-bit keys and ensure privacy (well against
brute-force). I can use 12 rounds for speed, or 16-rounds for better
bounds on security. I can even upgrade it to 64-bit words (although
some results say not to).
Basically it's well suited for a variety of applications which Scottu
is not. Your key doesn't have to be a million bits to make it secure.
File encryption with RC5 (80-bit key) is secure for example.
> I think simplicity should count a lot to. As in the simplitity of
using
> a large random S-table. But not the simplicity of a low memory short
> key fast method. At least not for anything one wants to keep secure.
See above.
> Yes and rember the the red threaded cyrpto machines the swiss sound
to
> various countries around the world. The NSA has a long arm does it
not.
What are you talking about?
I think you don't have a real grab on crypto-reality. You seem to
think the only good secure algorithms are million-round, million bit
key algorithms... That is sad.
Just try to tell your boss, drop the bandwidth to 1mps from 10mps
because I want to use a slow algorithm. They WILL appreciate it.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Smart card generating RSA keys
Date: Sat, 14 Aug 1999 01:04:54 GMT
In article <CMUs3.1354$[EMAIL PROTECTED]>,
"ME" <[EMAIL PROTECTED]> wrote:
> I have anecdotally heard of on-card generation times exceeding 2
minutes and
> assume this was for 1024 bit keys, but cannot confirm this.
> I haven't personally tested this
> Lyal
If well tuned PGP code takes about 1min (or more) to make 768 bit keys,
I am certain a dinky 4mhz 68hc12 would take much longer.
Moral of story: Don't make keys on the card unless you have time to
spend.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: Sat, 14 Aug 1999 01:31:23 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(John Savard) wrote:
>[EMAIL PROTECTED] (JPeschel) wrote, in part:
>>[EMAIL PROTECTED] (John Savard) writes:
>
>>>Of course, if the flying saucers armed with quantum computers ever
>>>invade, the thing just might actually be practical...
>
>>Yeah, but what about those pesky time-travelling aliens, huh?
>
>If they can travel through time, nothing will help.
>
Actually it depends on what the real model of the universe is.
It seems time travel may be possible but would you end up
in another universe or would you change this one?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Steve Sampson" <[EMAIL PROTECTED]>
Subject: Re: I HOPE AM WRONG
Date: Sat, 14 Aug 1999 01:41:29 GMT
SCOTT19U.ZIP_GUY wrote
> If you look in the Deja news archvie you can see my prediction
>of what and why the bombing of the Chinese Embassy occured.
Predictions by a non-China expert (you have no degree) are
completely worthless, even if they become true.
>Fact the CIA knew where the Chinese Emabssy was.
Fact: the B-2 crew did not.
>Fact the Chinese Military give boo koo bucks to the Democratic
>party. China has got a lot for the money.
China is a communist dictatorship. Money is a weapon.
> Even know as we speak Clinton can not give a firm anwser
>to what the US would do if the main land Chinese invade Twain.
I think you mean Taiwan, or Isle of Formosa.
Formosa was occupied by the Nationalist Chinese who raped
and killed the Taiwanese people. A corrupt regime who couldn't
win their way out of a paper bag. To back them, is to back a
loser. Formosa was a non-beligerent and the Nationalists need
to be ejected.
>I'm I the only one who thinks that we are giving the green light
>for the invasion. And was that the Bombing in Yougoslovia was just
>a clever way so that we could back down.
An invasion by the Communists would be a good thing, as the
Nationalists would be dead. The Chinese power projection is as
valid as the United States Monroe Doctrine.
> Yes I hope I am wrong but I think most people greatly under
>estimate the dishonesty of our current president. But then again
>maybe I'm wrong. But think about it why is Clinton not giving
>clear warning to the Chinese. May some NSA type who knows
>what is going on can inlighten us.
The Nationalists Chinese are worse than the Communists. I would
volunteer to eject them from Formosa, whatever the country
doing it.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: I HOPE AM WRONG
Date: Sat, 14 Aug 1999 02:19:09 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>No offence or anything but what does that have to do with cryptography?
>
No offence taken I am just trying to analzye this unfolding set of cryptic
events. It may be slightly off topic. But since this USE group is kind of like
home I posted it here. Sorry I will try not to be to far off topic but if war
starts because of the possibility of the pay off of Chinese money I felt it
was worth noting here since most consider my logic strange. I decided
months ago as to what might happen. I was even clever enough to make
money on a bet when we started envading Kosovo so felt it best to
state this here. So I can so I told you so. But I hope I am wrong.
>"SCOTT19U.ZIP_GUY" wrote:
>
>> If you look in the Deja news archvie you can see my prediction
>> of what and why the bombing of the Chinese Embassy occured.
>> Fact the CIA knew where the Chinese Emabssy was.
>> Fact the Chinese Military give boo koo bucks to the Democratic
>> party. China has got a lot for the money.
>> Even know as we speak Clinton can not give a firm anwser
>> to what the US would do if the main land Chinese invade Twain.
>> I'm I the only one who thinks that we are giving the green light
>> for the invasion. And was that the Bombing in Yougoslovia was just
>> a clever way so that we could back down.
>> Yes I hope I am wrong but I think most people greatly under
>> estimate the dishonesty of our current president. But then again
>> maybe I'm wrong. But think about it why is Clinton not giving
>> clear warning to the Chinese. May some NSA type who knows
>> what is going on can inlighten us.
>>
>> David A. Scott
>> --
>> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
>> http://www.jim.com/jamesd/Kong/scott19u.zip
>> http://members.xoom.com/ecil/index.htm
>> NOTE EMAIL address is for SPAMERS
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Sat, 14 Aug 1999 03:00:16 GMT
In article <7p1eur$hag$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Patrick Juola) wrote:
> .... as opposed to, for example, cryptography as practiced by
> amateurs who don't perform the amount of analysis required of
> academic cryptography. Yes, that makes sense -- academic
> standards are too lax, so let's abandon standards altogether.
Why not his method is perfect after all.
> After all, anything designed and tested by academics is obviously
> trivial for the evil spirits of Ft. Meade to read. Something
> cobbled together in a basement, by constrast, is -- nay, MUST BE --
> impenetrable by virtue of the author's ex officio moral superiority.
>
> And thus doesn't require testing or analysis, or even a readable
> design.
Let's not forget practical implementation.
Can you repost this do him (since he doesn't read emails from me).
1. What is the rounds/block size ratio required for 2^n resistance to
differential, linear (and their dirivitaves) if possible.
2. What is the effective key size for a word size of n bits
3. What is estimated 3d matrix consisting of
word size / rounds / resistance to iterative attacks ?
4. Are 8 bit words secure (if so, by how much?)
4.1 Why 19 bit words?
5. Name three advantages of the algorithm over any other popular
cipher?
5.1 Name one theoretical component which was invented or 'brought-to-
light' in this cipher?
And any other question you can think of.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad) Ever!
Date: 14 Aug 99 02:07:18 GMT
SCOTT19U.ZIP_GUY ([EMAIL PROTECTED]) wrote:
: Actually it depends on what the real model of the universe is.
: It seems time travel may be possible but would you end up
: in another universe or would you change this one?
If the aliens can "change this one", we've no hope. But if it means going
to a parallel universe, I don't really count that as true time travel.
John Savard
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q. a hash of a hash ...
Date: Sat, 14 Aug 1999 02:48:24 GMT
In article <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
> Assume x is the same size as H(x). If this is not a valid
> assumption then use y = H(x) and perform H(H(y)).
>
> Suppose you do H(H(H(....)))) for many cycles and different
> inputs. You'll find that you get into a loop, and some of the
> different inputs are just different points in the cycle.
> There will probably not be some input which has only 2 points on
> the cycle, but there are certainly going to be some cycles which
> are shorter than others. So doing H(H(x)) actually reduces
> your security because your giving an attacker information about
> the cycle.
Technically hashes should have no algebraic structure that stands out.
But your point is valid. First off a hash may not be a permutation if
the input is not greater then the output size. The compression
function is designed to be collision resistant, this does not make
perfect. If it's not then the method is weaker. There may be disjoint
cycles because of some operations in the hash that like you said make
it quite weaker.
> I guess I'd like to see a mathematical analysis, but my gut
> level feeling is that it does not have the same properties.
> You can easily break the cycles using H(H(x)||g) where g is
> some random garbage.
This would be just as strong as
H(g||x) in this case.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST AES FInalists are....
Date: Sat, 14 Aug 1999 02:54:54 GMT
In article <7p1jv0$hl6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Mr Pussy Cat
> I am sure that the so called acadmeic types could design a better
> secure method if I tried to play be there rules. That is some weak
> short keyed block encryption method using the phony blessed out
> of date chainning methods that should have died when the computer
> was invented.
Let's see...
ECB -- for somewhat random plaintext
CBC -- for standard file and bulk encryption
CFB -- for streaming
What's wrong their? You know I think I have said this a million times
not all data is created entirely then sent. Have you ever heard of
video/audio conferences? Chat? etc...
> And they may even be able to write a better long key program than
> what I have. But that is not there goal. They are fooled into thinking
> that there fast short key methods are vastly superior due to the time
> it would take for a brute force crack. This is the same phony crap the
> germans used to justify the security of various forms of Enigma.
Except
> the the "true key lenght" of some the there systems was longer than
> what the AES contest is albout. It seems like we are encapble of
learning
> from history. My god the key sizes are smaller than what the germans
> used in some of there systems. Have we learned nothing.
> Encryption time wise should push the envovlope of the machine it
> runs on. That is if you want secure encrption. If you want toy
> ciphers use AES.
Maybe my point has not been stressed (I really would like it if he read
my posts).
LONGER KEYS DO NOT ENSURE SECURITY. nuff said.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: decryption verification methods
Date: Sat, 14 Aug 1999 03:03:34 GMT
In article <7p1k97$6gs$[EMAIL PROTECTED]>,
"Matthew Bennett" <[EMAIL PROTECTED]> wrote:
> Other than simply encrypting a check phrase into the file and
checking it
> upon decryption, how would you rate these three other verification
methods:
>
> 1) Write a random block of 8 bytes to a file followed by another
duplicate 8
> bytes, then encrypt. Upon decryption, check the first 8 bytes
matches the
> second 8 bytes.
Oh great, give out known plaintext.
> 2) Hash the first 32 bytes of the file, encrypt the whole file, store
the
> original hash value at the beginning. Upon decryption, hash the same
32
> bytes and check the number produced matches the original value.
Um why not hash the entire file? What if I copy the first 32 bytes and
forge the rest? ('Dear Sir, I would be pleased to ') there 32 or so
bytes ... no real message as of yet.
> 3) Like method 1, but sandwich a small part of the data file between
the two
> 8-byte blocks.
>
> I'll be using Blowfish in CFB mode for the encryption, and SHA-1 as
the hash
> function.
> In particular is there an increased security risk if, say, someone
knew that
> the first 8 bytes matched the next 8 bytes? Does anyone know of a
better
> verification method?
I would suggest learning more about crypto protocals before trying to
implement one yourself.
A standard method would be to hash the message, encrypt the hash and
append it. This gives out no known plaintext and ensures the integrity
of the entire file.
Another concern, why are you using CFB for file encryption? You should
use CBC.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: About Algorithm M
Date: 14 Aug 1999 04:25:02 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote, in part:
>>Is that book still readily available? I might pick up a copy.
> It's kind of expensive. The full title is Seminumerical Algorithms,
> volume 2 of The Art of Computer Programming, by Donald E. Knuth.
> (Addison-Wesley)
> It is currently in print in a revised edition.
You may want to check used book stores. Sometimes you *do* get lucky. A
few weeks ago I found a copy of Coren, Leiserson, and Rivest's book on
algorithms for US$30. It is normally sold at the college bookstore for
about US$70-80.
-David
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NIST AES FInalists are....
Date: Sat, 14 Aug 1999 04:43:52 GMT
"SCOTT19U.ZIP_GUY" wrote:
> ... If they propose a system for AES it would be weak
> enough so they could break it ...
What has never been explained is the technical design that
could allow such a cipher to be exploitable by the Agency
but not by our enemies. You would think that would be an
unacceptable risk.
And please don't talk vaguely about "back doors" -- while
they are possible in some circumstances, for an open system
like the AES it is not at all evident that it is possible.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Most Secure Symmetric Algorithm (not counting the one-time pad)
Date: Sat, 14 Aug 1999 04:56:09 GMT
[EMAIL PROTECTED] wrote:
> If the aliens can "change this one", we've no hope.
Actually, that may be our *only* hope.
By the way, time travel is possible. I'm doing it right now.
But it's unidirectional..
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
