Cryptography-Digest Digest #96, Volume #10 Mon, 23 Aug 99 07:13:02 EDT
Contents:
RSA in Perl (Adam, where are you?) (Tony L. Svanstrom)
Re: Vigenere Variant Problem ("Dave Smith")
Re: Human-Readable Encryption (Newbie) (wtshaw)
Vigenere/Kasisky problem ("Bela Kampis")
Re: Vigenere Variant Problem
Re: NIST AES FInalists are....
Re: Vigenere/Kasisky problem
Re: CRYPTO DESIGN MY VIEW (SCOTT19U.ZIP_GUY)
Re: Where to find (SCOTT19U.ZIP_GUY)
Re: *2nd* trusted arbitrator's name?? (Matthew Skala)
question regarding number of keys possible. . . (Wesley Horton)
Unconcealed messages in RSA (Elisabeth Oswald)
Re: Ciphile Software (OFF TOPIC) (Tommy the Terrorist)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: RSA in Perl (Adam, where are you?)
Date: Mon, 23 Aug 1999 06:09:35 +0200
Hi;
anyone that knows where the webpages at <http://www.dcs.ex.ac.uk/~aba/>
have moved? (I refuse to think that they're gone for good?)
If needed then I'll provide the webspace for them (if anyone can find me
a backup of 'em).
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/> \O/ \O/
------------------------------
From: "Dave Smith" <[EMAIL PROTECTED]>
Subject: Re: Vigenere Variant Problem
Date: Sun, 22 Aug 1999 23:14:45 -0400
JTong1995 wrote in message <[EMAIL PROTECTED]>...
>...... the explanation of indirect symmetry of position that is somewhat
>muddy in FM 34-40-2. Does anyone know of a clearly written description in
>another source?
Try "Military Cryptanalytics, Part II - Volume 1" by Callimahos and
Friedman. Chapters V and VI cover repeating key systems with mixed
alphabets, using direct and indirect symmetry of position.
Regards,
Dave
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Human-Readable Encryption (Newbie)
Date: Sun, 22 Aug 1999 22:07:43 -0600
In article <O80w3.1086$[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
> Your messages are all very interesting and helpful! However, could someone
> point to a resource (web site or publication) that would provide the
> algorithms, key generation methods, etc.? I don't even know where to begin.
>
> Thanks!
> Jeff Kanel
>
Base translation makes use of natural mathematical relationships that make
it easier to go between some bases than others. There are many
possibilities, so I have to adopt some criteria to figure out which ones
to do.
Having ciphertext you can read is a good goal, or base 64 output, or
letters to look like classic ciphertexts. I even have some strange needs
for wierd bases in order to test obscure theories.
The principle of base translation is best answered by example. The latest
addition from this evening is Dabaka, which converts base 93 to alphabetic
letters. In b93, I drop the backslash, \, and use the stroke, |, to
represent a space, two of the to represent a double carriage return.
Since (93^15)<(7^35)<(26^21) includes (93^3)<(7^7) and (7^5)<(26^3), which
are acceptable calculation regards to fitness, these subblock
relationships can be combined to produce the overall algorithm. Which is
to say, the rather large blocks involved, 15 in plaintext and 21 in
ciphertext, do work. My preference is for something smaller, but only
relatively simple calculations are involved when you deal with subblocks.
In encryption, each 3 plaintext characters are converted to 7 base 7
hepits until you get the full block of 35 hepits; each 5 hepits is
converted to 3 substituted ciphertext letters.
The default keys for this algorithm are:
Subs(Db): abcdefghijklmnopqrstuvwxyz
Trans(Db): abcdefghijklmnopqrstuvwxyz123456789
If you take a passage of text, like these very words in this sentence, and
use it to make the keys all at once, you get this result:
Subs(Db): khzpxuamebrcstdjfqivgywoln
Trans(Db): e3mfxg7hv98uwcyoq4npz1ir5jsbkatd62l
Encryption is semi-automatic, which means that you must go through a
preformatting step to convert spaces, carriage returns, and break the
result into groups so you can complete the last one. After encryption you
can put the ciphertext in nice little classic groups. Following
decryption, you should postformat to regain plaintext.
This short sentence encrypted according to the above keys becomes this
ciphetext:
kwszn egril ivyjk tnqzi ezwtw pgqnk anylr gdpvz vjpub kwypa zewhl bxxhz
akjzw syjyh tdayg rpvtf mbqxe myifj gnadm qytxp znehe ibmah tjsau esews
fymcb p
The decrypted message shows the padding I added at the end. The typo was
also faithfully preserved:
This short sentence encrypted according to the above keys becomes this
ciphetext: somepadd
So, what's next, key generation or other?
--
All's fair in love, war, and crypto. ERACE
------------------------------
From: "Bela Kampis" <[EMAIL PROTECTED]>
Subject: Vigenere/Kasisky problem
Date: Mon, 23 Aug 1999 03:45:13 GMT
Ok I'm a newbie to crypto but I'm trying to figure out why I'm getting
erroneous results for a classical Vigenere cryptogram.
Q: Does the Kasiski test correctly find the key length even if some words
are reversed POST-encryption? ie the plain text is encoded and then random
words are shuffled/reversed.
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Vigenere Variant Problem
Date: 23 Aug 99 04:29:12 GMT
JTong1995 ([EMAIL PROTECTED]) wrote:
: Might there be
: another technique I could try (brute force is considered bad form)?
If you've got an assumed period, while you don't have enough text to get
everything through frequency counts, there are more sensitive types of
frequency count. For the common letters in each alphabet, you could look
for variety of contact to sort out the consonants and vowels.
However, you probably already know about this technique, if you're at the
point of using kappa instead of Kasiski.
: Also. the explanation of indirect symmetry of position that is somewhat
: muddy in FM 34-40-2. Does anyone know of a clearly written description in
: another source?
I recently added a description of indirect symmetry of position to my web
page, but I don't know if it's very clear.
Basically: in alphabet 1, A becomes R and B becomes Q.
This tells you, if a slide is used, that A and B are the same distance
apart - on the plaintext slide - as R and Q on the ciphertext slide.
If you then have, in alphabet 2, J becomes R and N becomes Q, then you
know that Pdist(A,B) = Pdist(J,N) = Cdist(R,Q).
And furthermore, if Pdist(A,B) = Pdist(J,N), then Pdist(A,J) = Pdist(B,N).
Knowing that certain things are the same distance apart may, if you
already know a lot of equivalents, let you fill in an extra equivalent
here or there.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: NIST AES FInalists are....
Date: 23 Aug 99 04:34:53 GMT
[EMAIL PROTECTED] wrote:
: Yes, I see this. One or two years is probably too little time for
: choosing the AES - maybe a reason for more than one winner. Even so, I
: would rather see time invested and work done under the assumption of a
: reasonable attack model. If all finalists turn out to be equally strong
: under this model, then other reasonable parameters can be taken into
: account for judging their security (simplicity, mature design
: philosophy, partial proofs, even trust in their designers). Other
: factors such as implementation flexibility and speed will count also.
Well, an unreasonable attack model _is_ very much an example of an "other
reasonable parameter". It's more indicative of security than many of the
few other choices remaining.
I think there are flaws in the AES process, but I can't agree that this is
one of them.
Instead, what seems obvious to me is that even ciphers that have turned
out to be flawed could still contain useful ideas. Many of the AES
candidates have been very instructive; as a result, the final choice for
the AES is doomed to be obsolete at the moment it is chosen.
John Savard
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Vigenere/Kasisky problem
Date: 23 Aug 99 04:18:18 GMT
Bela Kampis ([EMAIL PROTECTED]) wrote:
: Ok I'm a newbie to crypto but I'm trying to figure out why I'm getting
: erroneous results for a classical Vigenere cryptogram.
: Q: Does the Kasiski test correctly find the key length even if some words
: are reversed POST-encryption? ie the plain text is encoded and then random
: words are shuffled/reversed.
If letters are moved around after encryption, there's no reason to expect
the Kasiski test to work at all. But if the text was shuffled at random,
it would be hard for the legitimate recipient to decipher the message.
Are there word spacings visible in this cryptogram?
John Savard
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: CRYPTO DESIGN MY VIEW
Date: Mon, 23 Aug 1999 05:54:53 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>
>To be exact, you can't say how many input symbols are obtained from
>the x's. For instance, it could be that there are Huffman codes
>that occupies only 3 x positions. All one knows (by our assumption)
>is that the last 9 bits of the original output file constitute one
>single Huffman code and therefore these 9 bits will be decompressed
>to one input character (which, if it is 8 bit ASCII, occupies a byte).
>But this fact is unimportant for the present discussion.
What are you thinking I thought the x's where a single token.
Look it is obvious you are lost and don't know what I mean. PLEASE
ASK SOMEONE ELSE FOR HELP.
My method takes "ANY BINARY FILE" call that file "A" and decompresses to a
file call that FILE "B". If you compress file "B" you get exactly "A" back
PERIOD.
Also you can take FILE "A" compress it to a FILE "C" take FILE "C" when
you decompress it you get FILE "A" back exactly.
This is "one to one" compression decompression. There is no wrong
file except in your mind. The method used is "adaptive huffman compression"
it is exactly like the huffman bit stream except that sometimes it is left
alone. Sometimes it is zero filled and sometimes the last partial byte is
chopped off altogether. I am done talking to you.
USE a damn HEX editor to see what happens you have the complete source
code and the executables. I will no longer answer your stupid question on this
topic becasue I can't really belive anyone is as dumb as you seem to be
pretending so don't ask unless you expect someone else to answer since you
have got out of me all I will say. The only other thing about this I care to
hear from you on is if you find an error. Where the damn thing breaks down and
is not "one to one".
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Where to find
Date: Mon, 23 Aug 1999 06:25:54 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim
Redburn) wrote:
>On Sun, 22 Aug 1999 14:58:39 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote:
><snip>
>>Well you don't have a fucking
>>clue as to if is weak.
><snip>
>
>That's not strictly true. Your initial entropy calculations for
>the S-Box were incorrect, suggesting that you did
>not fully understand the basics of what you were doing at the time (I
Correct you found the actaul entropy first. I think the orignal
wirte up was by Horst. When I wrote the code I was concerned
with only "covering every possible single cycle table" which
is what it did. You should that if the key file was selected from
a purely uniform random file that the entropy fo scott19u was less
than the amount if every single cycle S-table had the same chance
as being picked. But is still was over one million bytes. There is a patch
for this. The new version will use a diffeent form of the key file. I will
have a utility to so users can keep the same key if they wish. I plan
to allow 3 forms for input or output. The S-table the raw key file old
format and the raw key file new format. I am runing tests. Yes my own
to make sure the new key file does turn a uniformly random file into
a equally likely hood selection of each single cycle S-table.
I was think of calling a RED KEY file since you inspired me
to make this change.
>and many others managed to spot the error and I am only
>a beginner in cryptography (I can't speak for the others)).
Interesting attack I think your slam will carry great weight with
those to lazy to look at the method. You did not show any real
weakness. You pointed out that if some use a uniform random
raw key file. that instead of 1.2 million byte of entropy you get
about 1 million bytes. How does this compare to a 128 bit key
which has ony 16 bytes of entropy. Yes I can see you are just
a begnner becasue you think they are close. I guess I overated
you ability. Sorry!!
>
>Also your original code has a programming error in it - it accesses
>unallocated memory - with undefined effects. As this
>is the only absolute reference to your algorithm, anyone wanting to
>analyse it must wonder how many other programming errors
The error did not affect the contest and may affect certain other
compliers and certain interactions. I posted the patch to fix this error.
I suppose you think all software is bug free on the first relase. If so
you haven't been around very long.
>there are and whether things are intentional or not. (was accessing
>unallocated memory used to obtain a weak random number ? It
>could have been .....not likely but without the algorithm how can we
>be sure ?)
Well since your just a beginner like you stated you can't be
sure. I guess we will have to wait for some more advanced to
let us know the anwser to that one.
>
>I would say that although there is no hard evidence that
>your algorithm is weak, there are certainly plenty of clues dotted
>around the place - not least your own inability to consistently,
>coherently and accurately describe your own algorithm. You wrote it -
>yet you can't describe it to others.
IN november the next level comes out with all patches. At least
that is my plan
>
>*** Serious Question *** (Please answer calmly) - David, when writing
>scottx.zip, did you design it or write it ? In other words, did you
>design and analyse your ideas on paper before coding, or did
>you sit down and start writing code, making up the algorithm as you
>went along with just some basic ideas for guidance ?
I design as I code. Which is the way I have coded the last 30 years
and airplanes and missles count on my ability to do this. Yes I am
an old assembly programer from the TC2 days. IBM's old 2PI cmputer.
>
>*** 2nd Serious Question *** - David, have you analysed your
>algorithm(s) at all. If so, can you provide pointers
>to any analysis that you have performed yourself. I do not mean
>simply running randomness tests on the output - I mean proper
>analysis by thinking about the way the algorithm works and
>performing calculations etc...
Yes I have run many tests. MYSELF
but mostly various test to check on diffusion and various correlations
to see how it stand up to differiantal attacks. A lot of thought went
in to the design but I did it all myself. So it that pisses you off to
bad. Either test it your self or don't use it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: *2nd* trusted arbitrator's name??
Date: 22 Aug 1999 21:14:46 -0700
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
>all the names were chosen so that each one began with a different
>letter.
>
>Urquhart?
Making it start with U seems sensible, but in keeping with the gender
alternation tradition of "Alice, Bob, Carol, Dave", it seems like it
should be a feminine name, like Uma. This isn't just political
correctness; it's really convenient to have two people in a protocol be of
opposite gender when we're talking about them in English, because then we
can use personal pronouns like "he" and "she" without having to stop all
the time to disambiguate.
--
Matthew Skala "Why should the fates of the groovy
[EMAIL PROTECTED] and the creepy be intertwined?"
http://www.islandnet.com/~mskala/ - Valerie Solanas
------------------------------
From: Wesley Horton <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: question regarding number of keys possible. . .
Date: Mon, 23 Aug 1999 05:12:18 -0500
How would you compute the number of possible rotor wirings available for
a rotor of a given size using interval wiring? For example, how many
different wirings are possible using the interval wiring method for a
rotor of 26 contacts on each side?
Did anyone ever come up with an effective method of generating such
wirings (interval wiring) of rotors on a computer?
Thanks again,
Wesley Horton
------------------------------
From: Elisabeth Oswald <[EMAIL PROTECTED]>
Subject: Unconcealed messages in RSA
Date: Mon, 23 Aug 1999 10:52:22 +0200
Hi!
Can anyone give me a hint how to get the number of
unconcealed messages for RSA ? It should be
(1+gcd(e-1,p-1))(1+gcd(e-1,q-1)).
Thanks, Elisabeth
========================
[EMAIL PROTECTED]
------------------------------
From: Tommy the Terrorist <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Ciphile Software (OFF TOPIC)
Date: 23 Aug 1999 10:11:40 GMT
In article <[EMAIL PROTECTED]> [ Dr. Jeff ],
[EMAIL PROTECTED] writes:
>Okay, so no one in sci.crypt has any idea about or interest in talking
>about Ciphile Software's Original Absolute Privacy Level 3 software.
>Why is that? Is the software not considered good? Do people have
Dude, sci.crypt is supposed to be about the SCIENCE of
cryptography, not some software program. And talk.politics.crypto
is only relevant if you think it might be compromised deliberately
to serve the NSA (which is not exactly what I'd call implausible),
or some similar political tie-in. Why don't you have another look
around the newsgroups, especially the comp.* newsgroups, and
see if you can find something with some people who know more
about your particular platform and software?
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
Date: 23 Aug 1999 10:54:56 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
