Cryptography-Digest Digest #69, Volume #10 Wed, 18 Aug 99 12:13:03 EDT
Contents:
Definition of cracked? (James Andrews)
crypto multi conference Ancort ("Ancort")
Re: VEA - Video Encryption Algorithm ([EMAIL PROTECTED])
Re: Definition of cracked? (Tom St Denis)
Re: Relativistic Date Stamping (John Bailey)
Re: Definition of cracked? ([EMAIL PROTECTED])
Re: Relativistic Date Stamping ("Tony T. Warnock")
Re: Definition of cracked? ("Douglas A. Gwyn")
Re: Q. a hash of a hash ... (Anton Stiglic)
Re: where to start? (Michelle Davis)
Re: rsa in other fields (Safuat Hamdy)
Re: rsa in other fields (Safuat Hamdy)
Re: (Game) 80-digits Factoring Challenge (Johnny Hazard)
Re: Cracking the Scott cryptosystems? (SCOTT19U.ZIP_GUY)
Re: Relativistic Date Stamping ("Douglas A. Gwyn")
Re: NIST AES FInalists are.... (JPeschel)
Re: encyrption (Kent Briggs)
Re: rsa in other fields (Helger Lipmaa)
----------------------------------------------------------------------------
From: James Andrews <[EMAIL PROTECTED]>
Subject: Definition of cracked?
Date: Wed, 18 Aug 1999 10:22:32 +0000
Reply-To: [EMAIL PROTECTED]
Which event defines the cracking of an encryption process? Is a system
considered broken if it is beaten by a brute force method? Or is this
considered irrelevant to the strength of the cipher, I'd assume that the
ability to break a cipher by brute force would allow assumation that the
ciphers key range was too limited, but with modern machines increasing
in perfomance at the rate they are brute force is becoming a simpler and
simpler method of obtaining a key. Obviously the exponential curve is
on the side of the crypto-writer since an additional bit on the key
doubles the volume of work for the theoretical brute force search. The
last possibility that I considered was that a cracked algorithm is one
which has been found to exhibit a trend of some kind so that it is
relatively easy to break, without brute force, if anyone can clarify
this, I'd be most grateful, thanks,
James
------------------------------
From: "Ancort" <[EMAIL PROTECTED]>
Subject: crypto multi conference Ancort
Date: Wed, 18 Aug 1999 16:19:19 +0400
Ancort Co. accomplished the development of the cryptographic multi
conference system, providing the protected video, voice and data exchange.
Site www.ancort.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: VEA - Video Encryption Algorithm
Date: Wed, 18 Aug 1999 12:13:52 GMT
<snip>
I won't say it's snake oil. They never claimed it to be great. To me
at least, it looked like simple XOR cipher. There's not even a key
setup. They use a 128 bit key, thus it has a period of 128. I was
mainly trying to sum up or quote the article in my description. Anyway,
thought someone might be interested to know about it.
The good new is that it is fast!
Casey
P.S. As for all the cable pirates out there, you have to remember this.
This algorithm probably uses the same principle as the lock on your
door: it was designed to keep honest people out. If you really want it,
you will get in with this.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Definition of cracked?
Date: Wed, 18 Aug 1999 12:13:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Which event defines the cracking of an encryption process? Is a
system
> considered broken if it is beaten by a brute force method? Or is
this
> considered irrelevant to the strength of the cipher, I'd assume that
the
> ability to break a cipher by brute force would allow assumation that
the
> ciphers key range was too limited, but with modern machines increasing
> in perfomance at the rate they are brute force is becoming a simpler
and
> simpler method of obtaining a key. Obviously the exponential curve is
> on the side of the crypto-writer since an additional bit on the key
> doubles the volume of work for the theoretical brute force search.
The
> last possibility that I considered was that a cracked algorithm is one
> which has been found to exhibit a trend of some kind so that it is
> relatively easy to break, without brute force, if anyone can clarify
> this, I'd be most grateful, thanks,
Well a cipher message is 'cracked' if the plaintext or key or both are
found. A cipher is broken if a) the key or plaintext or both can be
found in reasonable time (under a few hundread...) or b) there exist a
method of finding the key with less work then searching the key.
Most ciphers are resistant to A but not B...
DES is considered broken cuz the key can be found in as little as 22
hours on a bunch of pcs (distributed.net to be exact).
RC5 is considered broken cuz the key can be found in about 2^42
encryptions (i think, using a diff attack). However this attack is not
at all practical...
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John Bailey)
Subject: Re: Relativistic Date Stamping
Date: Wed, 18 Aug 1999 11:35:22 GMT
On Wed, 18 Aug 1999 04:12:03 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>> ``... this is the first serious application of Einstein's relativity
>> theory.''
>
>That's pretty funny!
I completely agree.
John
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Definition of cracked?
Date: Wed, 18 Aug 1999 12:29:05 GMT
In article <7pe812$pdt$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Which event defines the cracking of an encryption process? Is a
> system
> > considered broken if it is beaten by a brute force method? Or is
> this
> > considered irrelevant to the strength of the cipher, I'd assume that
> the
> > ability to break a cipher by brute force would allow assumation that
> the
> > ciphers key range was too limited, but with modern machines
increasing
> > in perfomance at the rate they are brute force is becoming a simpler
> and
> > simpler method of obtaining a key. Obviously the exponential curve
is
> > on the side of the crypto-writer since an additional bit on the key
> > doubles the volume of work for the theoretical brute force search.
> The
> > last possibility that I considered was that a cracked algorithm is
one
> > which has been found to exhibit a trend of some kind so that it is
> > relatively easy to break, without brute force, if anyone can clarify
> > this, I'd be most grateful, thanks,
>
> Well a cipher message is 'cracked' if the plaintext or key or both are
> found. A cipher is broken if a) the key or plaintext or both can be
> found in reasonable time (under a few hundread...) or b) there exist a
> method of finding the key with less work then searching the key.
>
> Most ciphers are resistant to A but not B...
>
> DES is considered broken cuz the key can be found in as little as 22
> hours on a bunch of pcs (distributed.net to be exact).
>
> RC5 is considered broken cuz the key can be found in about 2^42
> encryptions (i think, using a diff attack). However this attack is
not
> at all practical...
Just to elaborate on what Tom said a little, many, if not all, ciphers
have been "cracked." The question is how feasible is it. Many times
the cipher is cracked for a reduced round version or a slight variation
of it. Other times it is against the full-strenght algorithm. With
many attacks, like the one on rc5, the attack will break the algorithm,
but the amount of work is enourmous. In these cases, it demonstrates
that the algorithm does not perform as expected. An example of this
would be if an attack on an AES cipher were to need 2^127 different
plaintexts to succeed, yes, the cipher is broken, but the attack is
infeasible. In my opinion, this does not mean that you cannot use the
cipher, however it makes me wonder what other attacks will work better.
Casey
>
> Tom
> --
> PGP 6.5.1 Key
> http://mypage.goplay.com/tomstdenis/key.pgp
> PGP 2.6.2 Key
> http://mypage.goplay.com/tomstdenis/key_rsa.pgp
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Relativistic Date Stamping
Date: Wed, 18 Aug 1999 08:04:04 -0600
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> John Bailey wrote:
> > ``... this is the first serious application of Einstein's relativity
> > theory.''
>
> That's pretty funny!
The complete quote is:
``We have learned in the last 15 years that quantum physics has
important applications in code-making, but this is the
first serious application of Einstein's relativity theory. It solves
what was up to now thought an impossible problem,''
Kent said in a statement.
So it was the original author (Kent) rather than Bailey. If you hadn't
chopped the quote, it would have made sense. (Wrong attribution, half
quote, these ought to be confined to radio, TV, magazines, and newspapers.
Not the internet.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Definition of cracked?
Date: Wed, 18 Aug 1999 14:03:51 GMT
James Andrews wrote:
> Which event defines the cracking of an encryption process?
It's not a well-defined term.
Some of us consider a cryptosystem broken if we know of a
reliable method for recovering, a significant fraction of
the time in actual practice, recovering plaintext without
knowing the key.
It's best to more clearly denote just what application for
which a system is known to be weak. Thus, so-called
"linear cryptanalysis" might show a system to be weak in
a situation where an arbitrarily large number of known
plaintexts can be fed to the encryptor using the same key,
but that wouldn't be a weakness in a conventional
messaging context.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Q. a hash of a hash ...
Date: Wed, 18 Aug 1999 10:26:07 -0400
I think that you have COMPLETLY forgotten the other side of the proof,
this one:
> 2. Then I proove that if I found a collision for H^2, I have one for H:
> if I have x!=y such that H(H(x)) = H(H(y)), then I have one
> of two cases:
> a: H(x) = H(y): in wich case I have a collison for H.
> b: H(x) != H(y): in wich case I denote x' = H(x) and
> y' = H(y). I can now say that y' != x' and H(x') = H(y').
>
Saying that any collision for H^2 can be made to found a collision for H.
The importance is NOT THE NUMBER of collisions for H and H^2 respectively,
the importance is that if H^2 was not collision resistent, then I could found
a collision for H^2 and thus found one for H, so H would not be collision
resistent.
Both sides of the proof make the statement "H is as collision resistent as
H^2"
As you state, your example shows that H and H^2 don't have the same amout
of collisions, but I don't care if H^2 has double the amount of collisions then
H,
I just want the same "hardness" to found them.
Anton
>
>
> Consider, for example, H(x) defined as, say, shifting right by one bit
> (and so discarding the low order bit). Now H(x) = H(y) means that x
> and y are the same except (perhaps) for their low order bit. But
> H(H(x)) = H(H(y)) even when x and y differ in *two* bits. In other
> words, H^2 plainly has *more* collisions than H.
>
> The problem with the proof is that although H^2 only has collisions
> due to H, it does not necessarily have the same number of them. In
> fact, you can see that each collision of H can potentially give rise
> to two collisions of H^2.
>
> Now obviously the H I defined above is not exactly a cryptographically
> secure hash function. But it does mean that H and H^2 will not be
> equally collision resistant unless H has some other properties, more
> than assumed in the above proof (which assumed nothing, really, except
> that H is a function).
>
> Indeed, if H^2 has exactly as many collisions as H, I think this
> implies that H must be a permutation on those inputs that are the
> same size as its output. That is, we would require that there be
> zero collisions between such inputs. Otherwise H^2 has all of the
> collisions of H, plus others.
>
> John M.
------------------------------
From: [EMAIL PROTECTED] (Michelle Davis)
Subject: Re: where to start?
Date: Thu, 05 Aug 1999 13:09:31 GMT
On Wed, 4 Aug 1999 20:26:07 +0200, "Claudio Facilla" <[EMAIL PROTECTED]>
wrote:
>Well, i was starting to study cryptology - I've found on net many
>information but no point of start...
>
>any help for this?
>
>My problem: i have 3 or 4 number (as 2358 2569 2558 and 2589 3698 4571)...
>and so on - i want to find the algorithm of generation... where to start?
>
>There are any programs to help me? Where i find it?
>
>Any - any kind of help will be appreciated (like go there and study - start
>from there... u can do this and so on)...
>I repeat - i m a newbe and i was unable to find any point where to start...
>
>
Okay, first of all, the best place to start off is RSA labs' excellent
cryptography FAQ, which details almost all the basics in clear
language. You can find it at www.rsa.com (surf your way to the FAQ, I
don't remember the exact URL). This will tell you everything you need
to know (to start off with) about cryptography in general, and various
existing cryptographic techniques and algorithms which do various
things.
As for your specific problem, let's see if I can make sense of it. You
have 4 separate numbers, which you think were encrypted by some
algorithm? 235825692558 looks to be 48 bits in length. Most block
ciphers (these are algorithms that take a block of data, and encrypt
it using a key, turning out a same-length block of ciphertext - this
is called symmetrical) have output blocks of 64 bits, the primary
example being DES. There are many more block ciphers with which I am
not personally familiar - Blowfish, Skipjack and so forth. It you find
an algorithm which turns out ciphertext in 48-bit blocks, it's
reasonably safe to assume that it turned out the output you have.
But this brings us to another question: Why? I don't really understand
why you have to find out which algorithm turned out these numbers.
Just ask the person who gave them to you. Generally, it's not too
difficult to find out which algorithm was used in encryption - the
problem is breaking the algorithm. And so, even if you did know which
algorithm turned out these numbers, it wouldn't help you to find the
plaintext, or the original unencrypted message.
Let's assume for a moment that you do, for some incomprehensible
reason, need to know which algorithm generated these numbers. Do you
at least know which class of algorithm was used (block cipher, hash
function, etc.)? If all you have is these numbers, there's no way you
could know for certain which algorithm generated them.
Michelle
------------------------------
From: Safuat Hamdy <[EMAIL PROTECTED]>
Subject: Re: rsa in other fields
Date: 18 Aug 1999 16:12:30 +0200
Anton Stiglic <[EMAIL PROTECTED]> writes:
> Then explain to me, for example (just the first ref I got), Stinsons
> foot note, section 5.2.2 (1st edition), of how you can define an elliptic
> curve over GF(2^n) ???
the elliptic curve has to be defined over some field (the base field), but
the points on this curve form a group, not a field. EC crypto-systems operate
in the group of points, not in the base field.
--
S. Hamdy | All primes are odd except 2,
[EMAIL PROTECTED] | which is the oddest of all.
|
unsolicited commercial e-mail | D.E. Knuth
is strictly not welcome |
------------------------------
From: Safuat Hamdy <[EMAIL PROTECTED]>
Subject: Re: rsa in other fields
Date: 18 Aug 1999 16:22:01 +0200
Anton Stiglic <[EMAIL PROTECTED]> writes:
> As you said, you take an elliptic curve over a finite field (end of
> line 1
> + begining of line 2 of what you said, just above).
true, but the points on the curve form a group, not a field. That's what Bob
is trying to tell you. EC crypto-systems operate in this group of points,
not in the base field; the base field serves just as a vehicle for the
EC-arithmetic, the subgroups of the base field are unrelated to the group of
points.
> You have two operations in you finite field. [...]
> This is what I wanted to say.
but it is completely irrelevant in the light of EC.
--
S. Hamdy | All primes are odd except 2,
[EMAIL PROTECTED] | which is the oddest of all.
|
unsolicited commercial e-mail | D.E. Knuth
is strictly not welcome |
------------------------------
From: [EMAIL PROTECTED] (Johnny Hazard)
Crossposted-To: sci.math
Subject: Re: (Game) 80-digits Factoring Challenge
Date: 18 Aug 1999 15:30:42 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 9 Aug 1999 14:45:38 GMT, <[EMAIL PROTECTED]> wrote:
> > >>> Please factorize the 80-digits number:
> > >>> 256261430091697968103677033465028955910<continue at next line>
> > >>> 15360341017076023809547878443033203276429
> > >>74681239503223976540012391
> > >>73935890729093478299508777
> > >>10094892705484334775926633
> > >a*b*c = 408246186006833348959825664719124648220
> > >666886045554299649802819054722602718039
>Calculators ar no longer what they used to be... a*b*c=
>55740201470792676035037360717380099625901213146142546113145359191945433207831
Unbelievable?!
I calculated that 4082... number with Linux and Gnu bc.
Now i did the same again and got that 5574...
Maybe some cut'n'paste failure ...
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Cracking the Scott cryptosystems?
Date: Wed, 18 Aug 1999 16:34:35 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Doug Stell)
wrote:
>On Sun, 15 Aug 1999 00:14:44 GMT, [EMAIL PROTECTED] wrote:
>
>>I am a relative beginner in Cryptanalysis, with a background in Computer
>>Science and Math. Recently, a co-worker pointed me to cryptosystem
>>designed by a regular poster to this forum, "David Scott" with an
>>associated prize.
>>
>>The cryptosystem in question appears to be a chained-substitution
>>cipher, and I don't see many references to anything similar in the
>>cryptographic texts I have access to, most noteably Applied
>>Cryptography. Is there a reason why this form of cryptosystem isn't
>>generally used (discounting specific weaknesses in the design of the
>>system in question)?
>
>All of the cryptosystems I have seen that have the claimed
>characteristics of David Scott's system are built around robust block
>ciphers, never a simple primitive function. A simple function,
>operating on a small block (16 to 19 bits of data) is almost certainly
>insecure.
>
Actually I treat the while file as a block. ANd while my internal
word size is 19 bits. IDEA which is a 64 bit block cipher does its
operations solely in 16 bits. Most block ciphers that claim ot be
of 128 to 256 bits actually onlly operate on a small number of bits
at a time. From the comment above I would say he thinks IDEA
is insecure or most other ciphers.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Relativistic Date Stamping
Date: Wed, 18 Aug 1999 15:03:24 GMT
"Tony T. Warnock" wrote:
> So it was the original author (Kent) rather than Bailey.
Yes, that's why I added ``quote marks'' around the quotation,
which Bailey posted as a forwarded news-service article.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: NIST AES FInalists are....
Date: 18 Aug 1999 15:42:15 GMT
Shamsuddin, Amir <[EMAIL PROTECTED]> writes:
>[EMAIL PROTECTED] wrote:
>
>> In article <7ouirq$e08$[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (Patrick Juola) wrote:
>> > >not written in there special format.
>> > "There [sic] special format" being PostScript, of course....
>>
>> btw what does 'sic' mean anyways? IJWTK.
>>
>> Tom
>
>"spelling is correct" or more likely correct as intended.
>what does ijwtk mean :) ?
I suppose you could remember sic by pretending it's an acronym.
It isn't one, though. Its derivation is from Latin and means,
roughly, "thus" or "so." The word means that the transcription
was reproduced exactly like the original -- spelling mistakes
and all. Since most news reading clients quote material exactly,
it seems unnecessary to use "sic" here at all.
I'll bet IJWTK is a Tom StDenis-ism meaning, "I just want to
know."
:-)
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: encyrption
Date: Wed, 18 Aug 1999 15:50:58 GMT
John Savard wrote:
> CAST, like IDEA, is proprietary, while Triple-DES is free.
You are right about IDEA. However, CAST is a family of ciphers and
CAST-128 (also known as CAST5) is specifically unencumbered (see RFC
2144) and allows for key sizes ranging from 40 to 128 bits. It is also
on the BXA's fast track list of exportable ciphers at 56-bit strength.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: rsa in other fields
Date: Wed, 18 Aug 1999 15:49:05 +0000
Safuat Hamdy wrote:
> Anton Stiglic <[EMAIL PROTECTED]> writes:
>
> > Then explain to me, for example (just the first ref I got), Stinsons
> > foot note, section 5.2.2 (1st edition), of how you can define an elliptic
> > curve over GF(2^n) ???
>
> the elliptic curve has to be defined over some field (the base field), but
> the points on this curve form a group, not a field. EC crypto-systems operate
> in the group of points, not in the base field.
Probably the best way to explain it is to note that the EC group over reals and
complex numbers can be defined geometrically. One abandons the geometrical method
for finite fields, though (it is relatively difficult to imagine tangent lines in
non-continuous world), but sticks to the same algebraic formulas for computing
the sum R=P+Q of two points. The formulas operate with quantities in the
underlying finite field using the properties of field (in computation
x3=f1(x1,y1,x2,y2), y3=f2(x1,y1,x2,y2) both addition and multiplication are used,
also existense of multiplication inverses, etc), but the possible set of so
obtained points is a group under those formulas.
Help it hopes.
Helger
http://home.cyber.ee/helger
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
