Cryptography-Digest Digest #80, Volume #10 Thu, 19 Aug 99 22:13:04 EDT
Contents:
http://www.tmechan.freeserve.co.uk/wincrypt.html ("Terry Mechan")
wincrypt url ("Terry Mechan")
Re: I need strongest weak elliptic curve... (Doug Stell)
Re: Cracking the Scott cryptosystems? (SCOTT19U.ZIP_GUY)
Re: IDEA in AES (Bruce Schneier)
Re: Where to find (SCOTT19U.ZIP_GUY)
Re: New encryption algorithm (SCOTT19U.ZIP_GUY)
Re: rsa in other fields (Medical Electronics Lab)
Re: The Future of Cryptology - is happening now. (Re: Future ("Douglas A. Gwyn")
Crypto 1981-1997 CD-ROM fix (lcs Mixmaster Remailer)
SCOTT19U UNBREAKABLE? (SCOTT19U.ZIP_GUY)
Re: Why does MS-Visual C++ ABSOLUTELY REQUIRE . . . ("Douglas A. Gwyn")
Re: I HOPE AM WRONG (Greg)
Re: I HOPE AM WRONG (Greg)
What's wrong with Mr. Scott? (Greg)
Re: Cracking the Scott cryptosystems? (Greg)
Re: What's wrong with Mr. Scott? (Greg)
----------------------------------------------------------------------------
From: "Terry Mechan" <[EMAIL PROTECTED]>
Subject: http://www.tmechan.freeserve.co.uk/wincrypt.html
Date: Thu, 19 Aug 1999 23:58:08 +0100
http://www.tmechan.freeserve.co.uk/wincrypt.html
for wincrypt IDEA 95/98
Unbreakable privacy
--
Regards
TJM
------------------------------
From: "Terry Mechan" <[EMAIL PROTECTED]>
Subject: wincrypt url
Date: Thu, 19 Aug 1999 23:53:43 +0100
http://www.tmechan.freeserve.co.uk/wincrypt.html
--
Regards
TJM
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: I need strongest weak elliptic curve...
Date: Thu, 19 Aug 1999 22:55:44 GMT
On Thu, 19 Aug 1999 19:27:52 GMT, Greg <[EMAIL PROTECTED]> wrote:
Greg,
>Actually, I posted this while I was waiting for NSA's response to the
>same question. They say that 163 bit and less is exportable without a
>license but requires a one time review none the less.
I'm glad that they have established a policy for ECC, but am surprised
at the key length.
>Also, they
>qualified it with the phrase "key management". My software uses ECC in
>more than just a key management role, so I have asked them for
>clarification. I posted here because I had no idea when they would get
>back to me. Thanks.
"Key management" to them means key exchange or key agreement, such as
performed by RSA, Diffie-Hellman and KEA. Key managment is their
biggest concern about public key schemes, because it involves the
difficulty of obtaining the session key. Key management usually has
restrictions about how often you can change keys, since that enters
into the difficulty issue. 30 minutes min. was the restriction I was
given on a product.
Key management does not include digital signature. They don't care how
sure you want to be about who you are communicating with, so long as
they can read the traffic. They are concerned, however, if the digital
signature scheme can be misused to encrypt data or support key
management. So, RSA and DSA would be looked at differently.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Cracking the Scott cryptosystems?
Date: Fri, 20 Aug 1999 01:41:02 GMT
In article <7phmk6$cug$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]> wrote:
>In article <7p5dv0$163c$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> In article <7p50pe$dv8$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>wrote:
>> >Greetings.
>> >
>> >I am a relative beginner in Cryptanalysis,
>> >with a background in Computer
>> >Science and Math. Recently, a co-worker
>> >pointed me to cryptosystem...
>> > ...[a lot of snipping]...
>> >... Is this correct?
>
>> Your much smarter than most people who post to this site.
>
>But of course- he took time to look at YOUR stuff, so he is now
>considered more intelligent than most of us. If he claimed to have
>developed a cryptosystem that was accepted as extremely strong by
>industry experts, you would call his work crap, call him a bullshitter,
>and tell him his web site sucks (because he might not be an experienced
>web page designer).
>
>Ah, now I see- we just have to stroke you to get you to be civil. And
>it was right under my nose all along. Go figure...
>
He was the first one smart enough to know that the solution without
actually guessing the correct phrases I used is impossible. Others have
thought the contest easy but not worth entering. Since He pointed out
that due to information theory alone. That guessing the actual key file
would be a rather impossible task. Since there are many solutions that
produce the same exact number of changes but they may not be the
ones I picked. That is why I have now added a 50 dollar prise to first
one who produces a key file that produce the required change it does
not have to be the same changes I used. There are thousands of such
solutions. Other people did not notice this fact because that are use
to short key files which have a many order of magnitude smaller space.
IF one even tried to do this with a puny 1000 bit key program or less
there would most likely be only one solution. I feel that the guy was
quite bright to notice that. It may be that his thoughts have not been
so posined by others on this use group that push weak small keyed
systems.
Part of the contest was to show the advantage of a large key
system.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: IDEA in AES
Date: Fri, 20 Aug 1999 00:53:07 GMT
On 12 Aug 1999 09:31:33 +0100, Paul Crowley
<[EMAIL PROTECTED]> wrote:
>Paul Rubin <[EMAIL PROTECTED]> writes:
>> It uses comparatively bizarre design principles compared to the
>> currently surviving AES candidates, and it looks shaky under recent
>> cryptanalytic results.
>
>Where can we find out more about these results?
He may be thinking about the impossible differential attack against
IDEA, which is probably on Eli Biham's webpage.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Where to find
Date: Fri, 20 Aug 1999 02:04:38 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(David Hamilton) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>
>>In article <[EMAIL PROTECTED]>,
>>[EMAIL PROTECTED] (Preditor31) wrote:
>>>Where can I find an encryption and a decrytion program? Also how would I
>>>go
>>>about learning how to break encryption?
>
>>> Thomas
>
>> While I would suggest you go to my site. But your sure to get much
>>asdvice as to why you should not.
>
>
>- From the cryptography point of view, David A. Scott and his software are not
>to be trusted. So, don't use anything written by him; instead, use PGP and/or
>Scramdisk since it is almost certain that both are much, much stronger.
>
>Here are 5 reasons for my view.
>
>1) David A. Scott has poor native (English) language skills and this might
>mean he has poor programming skills.
>
>2) David A. Scott is fixated on code. He seems not to realise that
>programming and cryptography are much more than just coding.
>
>3) David A. Scott designed all the algorithms and code used in his software
>and, with one exception, he can't remember the names of people who
>'commented' on it. 'Commenting' isn't good enough anyway: formal inspection
>processes are needed. The algorithms used in PGP and Scramdisk were developed
>by teams of cryptographers with distinguished reputations.
>
>4) With PGP, there are newsgroups and mailing lists that can help with
>queries. Scramdisk has its own newsgroup as well. There are no such things
>for David A. Scott's software.
>
>5) David A. Scott said, in the past, that he would crack IDEA. But he now
>studiously ignores questions asking whether he has succeeded. (Guess why.)
>
>So, don't entrust your security and privacy to David A. Scott and his
>software?
>
>
>David Hamilton.
As you can see David Hamiltion is one of my favortie haters. I piss him off
a lot. But if you follow some of the other posts. It was noted that David
Wagner ( another dam david) who also hates my guts bragged about how
bad my code was and that is new super dooper Slide attack would prove it
was junk. Guess what after several weeks of trying it was shown to be
UNBREAKABLE by the new awarding winning slide attack. Just thought
you would like to know some of the facts.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: New encryption algorithm
Date: Fri, 20 Aug 1999 01:58:59 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(JPeschel) wrote:
>> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
>
>
>> Well I still know a fellow who writes numberous articles
>>for Dr Dobbd. But what ammased my about Dr Dobbs. is that
>>they seem to make a lot of mistakes. Like the IDEA article of
>>several years back. But I a did contribute some stuff to Dr
>>Dobbs when this friend write an article on Quaterions. But
>>I thought even that article had some small errors but Joe
>>if you look you can find my name.
>
>Sometimes errors creep into a published article because of
>an editing error. Sometimes, though, the error is the writer's fault:
>writing is harder than it looks. Often what seems to be an
>error is the reader's fault.
These errors that I refer to where in code or diagrams. I con't
count errors in English. Since writting is not a percise science.
>
>> What the hell is MLA remember I an not a writter and I hate
>>reading. I don't care who the target is. It would just be nice
>>to get amagizine to print the Source code. So that I can send
>>it freely and legally to people that ask for a copy. Also there
>>is a updated scott16u I would like an easy way to distribute
>>the updates.
>
>MLA: Modern Language Association style book. An editor
>might mention MLA in the writer's guidelines.
>
>You pick the magazine and I'll try to write for that target audience.
My target would just to be to get the code published. But if
I had to pich a target it would be the people who use to go to
the Mustang near Reno. Sorry to hear it was closed. I hope
that doesn't mean the KIt KAt or Kittys is going to raise there
prices.
>> I still think Bruce owes me an apology first. A long with his
>>buddy David Wagner. Both of these people have attacked my stuff
>>saying it can't be good. Most recently David Wagner for saying that
>>the slide attack shows it is dead when that was a lie. SEcondly
>>Bruce never even had the honesty to write back when his company
>>use to send out all the SPAM. I don't like spammers especially when you
>>write to them and they don't write back. I am not very good at ass
>>kissing. But I am humble enough to apologise to both if they
>>apologise to me. I will then be nice. However nice is a realitive term
>>I am sure I have the gift to piss people off without really trying.
>
>Try to treat folks as you would expect to be treated.
That is my motto.
>
>>But thanks for your offer.
>
>Are you declining?
I am not declinging but still want the apology first.
>
>> Joe I still think you don't understand Bruce. He comes over the net
>>as an arrogant fellow. I am sure if I was good at ass kissing I could
>>have gotten on his side like Tommy boy. But I think he sees himself
>>as a know it all crypto god. And would do anything in his power to prevent
>>someone from becomming more known than he. He is not the type of
>>person who really want to learn outside of his views and fills threatened
>>by others. So he would not allow one to be come more known. You are
>>no threat to him since you are interested in crypto but don't plan to do
>>anything new in it. I am interested in making crypto better. Because I
>>see a world where that masses are slaves to the few elite in power unles
>>people can communicate freely with one another with out fear of
>>government destroying and controlling all creativity.
>>
>>
>Just about every computer geek, techie, and cryppie I've ever met
>comes across, occasionally, as arrogant. So what? After a while
>you get used to it, and you don't realize you have the same trait --
>that applies to me as well.
I don't think I'm arragant but I know I can get code to work. I think
most styles suck and don't like rules.
>
>Tom is a kid who is trying to learn, and, sometimes, he likes to show
>what he's learned.
He acts like he knows big words but you never can get him to
anwser anything. I really don't think he wants to learn. But at his
age if he could learn to think for himself he might get some where.
>
>As I recall, David Wagner admitted the slide attack wouldn't work
>on scottx.
As I read it. And it was awhile back he write much bad stuff about
my stuff. Then only in one little comment aftrer Horce failed he committed
while if soctts code works that way then maybe the slide attack can't
work. But he never apolagised or took anaything back. And from what
others wrote or write since. They still are under the illusion that David
Wagner has defeated my code. Which he has not.
>
>Yup, I am no threat to Bruce, or to anyone for that matter, but there
>are a couple encryption vendors who might disagree with me.
>
They are just pissed because you show how phony most of the
commerical encryption stuff is. What amazes me is that people
actually pay for the stuff that does not work. The real money
success in encryption is in spin doctoring and good PR. I would
rather have bad PR and good code. Yes my defination of good.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: rsa in other fields
Date: Wed, 18 Aug 1999 12:44:52 -0500
Anton Stiglic wrote:
>
> Yes yes, it was a stupid remark of mine....
>
> So what you guys are saying is that the group in wich we operate,
> cannot fit in a Field. Does it fit in a Ring,? Is it not at all an abelian
> group?
The points that make up an EC are an Abelian group under addition.
It's easy to get confused about the underlying field versus the
points on the curve - the EC math sits "on top" of the field math.
We can write out point math by saying Q = P + R. But in field math,
we say (Qx, Qy) = {f(Px, Py, Rx, Ry), g(Px, Py, Rx, Ry)}. The
functions f and g depend on the field, you have different equations
if the field is GF(p) than if it's GF(2^n) (and different again if
it's GF(3^n), but that's not too useful with todays computers).
If you pick GF(2^n) as the underlying field, you have several choices
of math too. There's polynomial basis and normal basis. Special
choices of polynomial basis give very fast computation in GF(2^n)
fields especially for FPGA hardware. That makes the EC math go
quicker too.
If you pick GF(p) as the underlying field, you can take advantage
of the multiple integer units found in most high level microprocessors.
The *same* EC math can be performed in any case. It has nothing
to do with RSA. In most all cases you can get more security from
EC with fewer resources than with RSA.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Future of Cryptology - is happening now. (Re: Future
Date: Thu, 19 Aug 1999 18:54:57 GMT
Anthony Stephen Szopa wrote:
> Encryption that uses no mathematical equations.
Very few algorithms "use equations" as such.
But why was this supposed to be an advantage?
> For example, with only 2920 data bytes you can generate
> 9.2E15 random numbers from 0 - 255 with a security
> level equivalent to 2000 bits;
Why not 23360 bits? One can do that well without
any effort at all.
My guess is you meant that your encryption has a
higher work factor than would be needed to perform
an exhaustive search of the key space for a 2000
bit key. How could you possibly prove that without
using mathematical equations?
> These random numbers are then used to logically XOR
> original data files thus encrypting them.
Great, a Key Generator system. How do you prevent
reuse of the "random" key material you generate?
> The future is upon us.
God help us all.
------------------------------
Date: 20 Aug 1999 01:20:09 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Crypto 1981-1997 CD-ROM fix
Springer-Verlag has now released the CD-ROM with the entire proceedings
of the Crypto and Eurocrypt conferences from 1981-1997. These were for
sale at Crypto 99 this week.
The files are in PDF format, one for each paper. There are a set of
HTML files which serve as indexes into the proceedings.
Unfortunately the HTML files use upper case for their links, while all
of the directories and file names are lower case. This does not matter
on PCs and Macs, which are not case sensitive, but affects my Linux
system. Is there a way to mount the CD-ROM in Linux which will make it
treat all files as all upper-case so that the links will work?
Pending availability of such a fix, a workaround is to copy all the HTML
files to a disk directory and to modify them to point at the CDROM files.
The files take up about 900K bytes, mostly the keyword index.
You can do this:
cp /mnt/cdrom/*.htm /mnt/cdrom/html/*.htm .
chmod +w *.htm
Then run the Perl script below. Save it as Fix.pl and type:
perl -i Fix.pl *.htm
Now you can open index.htm in the disk directory and the links should
work OK.
while (<>) {
# Convert local hyperlinks to lower case
while ( /(HREF=\")([A-Z0-9.\/]*)(\")/ ||
/(HREF=)([A-Z0-9.\/]*)(>)/ ) {
$t = $2;
$t =~ tr/A-Z/a-z/;
$_ = $` . $1 . $t . $3 . $';
}
# add paths for pdf files
s|HREF=\"pdf|HREF=\"/mnt/cdrom/html/pdf|g;
# fix search.htm
s/window.open\(\"SEARCHAP.HTM\"/window.open\(\"searchap.htm\"/;
# fix searchap.htm
s/CODEBASE=\"APPLET\"/CODEBASE=\"applet\"/;
s/ARCHIVE=\"DSKSRCH.ZIP\"/ARCHIVE=\"dsksrch.zip\"/;
# fix index.htm
s|HREF=\"html/|HREF=\"|;
print;
}
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: SCOTT19U UNBREAKABLE?
Date: Fri, 20 Aug 1999 02:14:43 GMT
Thought that would catch your attension. It was pointed out
to my that David Wagner and his Super Dooper Slide Attack
Program that Mr Bruce has shouted great phrase about was
used to try to make mince meat out of scott19u. Well sorry
but it turned out SCOTT19U and SCOTT16U are UNBREAKABLE
by the famous award winning code breaking SLIDE ATTACK.
Better luck next time. I hope you guys study up on code
breaking so we can test the latest stuff against my code.
Thanks For the vote of Confidence
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why does MS-Visual C++ ABSOLUTELY REQUIRE . . .
Date: Thu, 19 Aug 1999 18:45:24 GMT
Phlip wrote:
> ... Rich Text Format ... was MS's ... MS-only protocol ...
Actually it was supported by Apple, at least at one time.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: I HOPE AM WRONG
Date: Fri, 20 Aug 1999 01:35:29 GMT
> IF yours was the site that asked for feedback I gave it.
You lie. You gave me more than feedback. You gave me foul language
and a bad attitude.
> IF you don't like it tough.
I assumed this already. Punks usually feel this way toward others.
All I have ever asked of you is to be civil.
> I assume someone trying to make a buck
> would at least like to have users see ther logo.
You keep saying that. Who told you that?
> I guess because I
> don't suck up makes you think it was "caharacter assassination"
> bullshit I treat all people the same.
You did not use foul language toward HellPhyre, so how can you say you
treat him the same as me?
> If you don't like my opinion
> don't read it.
I love your opinion. It is your rudeness and lies that I can't stand.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: I HOPE AM WRONG
Date: Fri, 20 Aug 1999 01:39:44 GMT
> You really need to focus on the causes of your irritation.
I have tried. I really have. But he won't leave. He uses foul
language at me. If he would just leave!!!
> Don't take cheap shots at his/her English.
I realize it could seem like a cheap shot. But if I were taking a
cheap shot, it would be far more obvious.
I was not trying to perfect his grammar. I am not perfect myself. I
was trying for some decent level of comprehendability. I seriously
cannot understand half the stuff he writes. It takes me three to four
times longer to read his posts than anyone else's.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: What's wrong with Mr. Scott?
Date: Fri, 20 Aug 1999 01:50:36 GMT
Why is it he never says anything nice to me? Have I used foul language
toward him? Have I been overly critical of his crypto? Can anyone
find a clear case of malice in anything I said toward him?
I ask you all. What's wrong with Scott?
Can anyone out there point to anything I did to tick Scott off at me?
Did I commit an unpardonable sin with Scott that he is determined to
use foul language with every post regarding me? I see other posts he
makes that does not use foul language, but he insists to always use
foul language with his posts toward me. Why???? Can anyone tell me
WHY????
I've gotsta know!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Cracking the Scott cryptosystems?
Date: Fri, 20 Aug 1999 01:55:06 GMT
> He was the first one smart enough to know that the solution without
> actually guessing the correct phrases I used is impossible. Others
have
> thought the contest easy but not worth entering. Since He pointed out
> that due to information theory alone. That guessing the actual key
file
> would be a rather impossible task. Since there are many solutions that
> produce the same exact number of changes but they may not be the
> ones I picked. That is why I have now added a 50 dollar prise to first
> one who produces a key file that produce the required change it does
> not have to be the same changes I used. There are thousands of such
> solutions. Other people did not notice this fact because that are use
> to short key files which have a many order of magnitude smaller space.
> IF one even tried to do this with a puny 1000 bit key program or less
> there would most likely be only one solution. I feel that the guy was
> quite bright to notice that. It may be that his thoughts have not been
> so posined by others on this use group that push weak small keyed
> systems.
> Part of the contest was to show the advantage of a large key
> system.
>
> David A. Scott
You posted a reply to me without using any foul language! All I can
say to that is, THANKS THANKS THANKS!
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: What's wrong with Mr. Scott?
Date: Fri, 20 Aug 1999 01:56:27 GMT
I take back what I said. He did post a civil reply to my post. No
foul language. It was the most pleasant post I could ever read here.
Thank you David Scott. I appreciate that a lot.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
