Cryptography-Digest Digest #110, Volume #10 Wed, 25 Aug 99 19:13:03 EDT
Contents:
Re: How Easy Can Terrorists Get Strong Encrypt? (John Savard)
Re: MUM Revisited (Ian Goldberg)
NEW THREAD on compression (SCOTT19U.ZIP_GUY)
Re: NIST ECC curves August document (Greg)
Re: cryptographic DLL (Greg)
Re: How Easy Can Terrorists Get Strong Encrypt? (JPeschel)
Re: How does RC4 work ? (fungus)
Re: How Easy Can Terrorists Get Strong Encrypt? (Greg)
Fermat theorem on primes? ("Ender Olcayto")
Re: cryptographic DLL (Greg)
Re: question regarding number of keys possible. . . (Wesley Horton)
Re: How Easy Can Terrorists Get Strong Encrypt? (John Savard)
Re: The use of yarrow to generate LARGE amounts of random data (Alwyn Allan)
Re: How does RC4 work ? ("karl malbrain")
Re: NEW THREAD on compression (Mok-Kong Shen)
Re: How Easy Can Terrorists Get Strong Encrypt? (Tramm Hudson)
Re: cryptographic DLL (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: Wed, 25 Aug 1999 17:37:50 GMT
Paul Koning <[EMAIL PROTECTED]> wrote, in part:
>That's only part of the answer to the question in your subject string.
>The other part: anyone with enough programming skill to pass a freshman
>level programming course can code up DES (hence 3DES) in a day.
>Other algorithms will take even less. (RC4, for example, takes only
>minutes.)
>What you get with off the shelf crypto apps is a user interface,
>better key management, etc. But if all you want to do is to protect
>your files from snoops, an afternoon in a quiet corner suffices.
>The terrorist argument is absolutely 100% a red herring. When you
>see Freeh making it, he's lying, no question about it.
Of course, there are two arguments - however weak - that can be
advanced in this area. I think they're fairly easy to refute, but here
they are for fairness' sake:
- Terrorists are often fanatics; perhaps people with the intelligence
to program a computer are seldom found in terrorist movements. (Some
of the larger terrorist movements, or those tied to a widespread sense
of ethnic grievance, at least, are likely to be exceptions.) Also,
countries that support terrorists are likely to be afraid of other
people having crypto, and may not, therefore, be assisting their
terrorist clients well in this department.
- Being able to program an encryption program only helps you if you
have access to a compiler. Export controls on this technology may have
limited its spread to some countries. (Of course, you can download
Linux, including gcc, off Beijing University's web site...but in many
countries, it's all one can do to find a computer able to run DOS.)
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: MUM Revisited
Date: 25 Aug 1999 18:35:35 GMT
In article <[EMAIL PROTECTED]>, Gary <[EMAIL PROTECTED]> wrote:
>This function (defined by the following extract from C source):
>
>#define RotateLeft(A) (A=((A<<1)|(A>>31)))
>#define ShiftRight(A) (A>>=1)
>unsigned long f(unsigned long a,unsigned long b)
>{
> unsigned long s,i;
> s=0;
> for(i=0;i<32;i++)
> {
> if(a&1) s^=b;
> RotateLeft(b);
> ShiftRight(a);
> }
> return s;
>}
>
>My analysis has shown that this function is both associative and
>commutative.
>This analysis also leads me to conjecture an element has an inverse if and
>only if the number of bits set is odd.
>1 is the identity.
All three of the above statements are correct, and here's why:
The bits in your unsigned longs represent the coefficients of a polynomial
(of degree at most 31) over Z/2Z. Your function f is then just polynomial
multiplication, mod (x^32+1). This explains the associativity and
commutativity, and that 1 is the identity.
Also, note that (x^32+1) == (x+1)^32, so A (thought of as the above
polynomial) is invertible iff it is not divisible by (x+1); i.e. A(1) != 0;
i.e. there are not an even number of non-zero coefficients; i.e. the number
of set bits of A (thought of as the unsigned long) is odd.
>And while I can't find a solution for B given the pair f(A,B) and A (where A
>has no inverse), somebody else probably knows how to.
Yes, given the above, it's fairly straightforward to recover B from f(A,B)
and A, for any A.
- Ian
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: NEW THREAD on compression
Date: Wed, 25 Aug 1999 20:13:24 GMT
a = 0101 b =100 c=0111
a file of a compressed is 01010000
a file of ab compressed is 01011000
a file of abc cmpressed is 01011000 11100000 Note c starts with the zero
string and ab by itself is not cutoff.
but if c was 1111 then the compressed is 01011001 note here the ones cut off
since the portion of c on first bit not zero.
the only other rule for decompression of a string is the specail case where
the c does have a zero string and the token before would have been cut off
if the previous token would been cut
example a =0101 b=0010111 c=00000111
a would equal 0101
ab would equal 01010010
abc would equal 01010010 11100000 even thouh c has only zero portion on
previous byte if sting ended shot it would have been cut off so zeros don't
allowed to be end token
but if b was 0000111
ab would equal 01010000 11100000 no one cut off this time since token all
zersos and no specail case
abc would equal 01010000 1110000 11100000
note no sting of more than 8 one's torgether in asymbol and the all zero
symbol at least 8 zeros
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: NIST ECC curves August document
Date: Wed, 25 Aug 1999 19:22:07 GMT
I chose to use curves from both government and private industry. I
think having a mix makes for greater confidence, especially when they
agree on specific curves.
--
Red Dawn- "What makes us better than them?" "We live here!"
Wallace on Brave Heart- "While you stand around and bicker,
I am going to take the fight to the [king's back yard]."
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 19:04:14 GMT
> This may be a dumb question, but isn't it legal for him to distribute
> the dll at least? The reason I'm asking is that there are a number of
> cryptographic toolkits that are available worldwide, such as RSA's
> CryptC and CryptJ. Now, since they don't encrypt anything by
> themselves, that should make it exportable. I could just be real
> ignorant, though.
My understanding is that anything that can generate a key, source code
or binaries, are what the NSA will tell Commerce and BXA is export
regulated. I have the meat of my elliptic curve cryptosystem in C++
libraries and you can download them from my web site, but the one file
with the 8 linies of code necessary to "generate" a key is restricted.
I have to mail that to you on a post card. I could e-mail it to you,
but I am guaranteed that even if you are a foreign agent in this
country, I will not violate export regulations by using a post card.
> Btw: I love that "So much tyrany to fight, so little time" quote Greg.
Thank you...
--
Red Dawn- "What makes us better than them?" "We live here!"
Wallace on Brave Heart- "While you stand around and bicker,
I am going to take the fight to the [king's back yard]."
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: 25 Aug 1999 19:47:05 GMT
[EMAIL PROTECTED] (John Savard) writes, in part,:
>- Being able to program an encryption program only helps you if you
>have access to a compiler. Export controls on this technology may have
>limited its spread to some countries. (Of course, you can download
>Linux, including gcc, off Beijing University's web site...but in many
>countries, it's all one can do to find a computer able to run DOS.)
What export controls are there on compilers?
If a person finds a computer that's able to run DOS, he can always
use DJGPP, the free DOS port of GCC.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: How does RC4 work ?
Date: Wed, 25 Aug 1999 18:37:25 +0200
Paul Crowley wrote:
>
> Encryption:
> ./ciphersaber 0 PassPhrase < plain.txt > cipher.cs1
>
> Decryption:
> ./ciphersaber 1 PassPhrase < cipher.cs1 > plain.txt
Will that work? I thought stdin and stdout were text files,
not binary...
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: Wed, 25 Aug 1999 19:00:23 GMT
> - Terrorists are often fanatics; perhaps people with the intelligence
> to program a computer are seldom found in terrorist movements. (Some
> of the larger terrorist movements, or those tied to a widespread sense
> of ethnic grievance, at least, are likely to be exceptions.) Also,
> countries that support terrorists are likely to be afraid of other
> people having crypto, and may not, therefore, be assisting their
> terrorist clients well in this department.
Now I am not an expert on terrorism, but I think you are stretching
here. There is no connection between a good programmer and good
logical common sense. Terrorism comes in many forms. There are some
that have a political cause and would not give their life for it.
These I believe tend to be extreme in their thinking about the nature
of governments and want to effect change so that their lives would be
better. These are logical, pragmatic individuals, the material really
good programmers are made of.
Then there are the religious fanatics. Most of these can safely be
said not to have much common logic in their thinking, so they would not
know how to design a flow chart, let alone program a PC in C or BASIC.
Yet, they come into contact with people who can program or know where
to get the stuff they need. Given the right circumstances, these
relationships pay off for terrorists that would give their lives
believing that they were doing better for themselves (and seeing how
their theocratical governments treat them, I think they might).
> - Being able to program an encryption program only helps you if you
> have access to a compiler. Export controls on this technology may have
> limited its spread to some countries. (Of course, you can download
> Linux, including gcc, off Beijing University's web site...but in many
> countries, it's all one can do to find a computer able to run DOS.)
I know of nothing that would prevent Microsoft C++ compilers from going
to any country in the world. I know of nothing that would prevent a PC
from going to IRAN fully loaded with all the necessary software to
develop strong crypto applications. What can you point to for your
source of information on this?
--
Red Dawn- "What makes us better than them?" "We live here!"
Wallace on Brave Heart- "While you stand around and bicker,
I am going to take the fight to the [king's back yard]."
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Ender Olcayto" <[EMAIL PROTECTED]>
Subject: Fermat theorem on primes?
Date: Wed, 25 Aug 1999 16:09:31 +0100
I remember reading somewhere that: " For any integer n in (1,1-p), if
1=n(p-1) mod-p is not satisfied, then p is not prime." is a variant on
Fermat's theorem (it could have been Euler-Fermat theorem) on primes.
I would be grateful for anybody who can give me a proof of the above. I have
suspicion it is not a correct statement of the theorem.
Thanks in advance.
Ender
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 19:05:27 GMT
In article <[EMAIL PROTECTED]>,
*@spam.ruud.org wrote:
> [EMAIL PROTECTED] (JPeschel) writes:
>
> > > David A Molnar <[EMAIL PROTECTED]> writes:
> >
> > >* but any crypto developed in Canada by Canadians (or other non-
U.S.
> > >citizens outside the U.S.) _may_ be exported from Canada by
Canadians (or
> > >other non-U.S. citizens) w/o license.
> > >
> > >So if none of your code was written in the U.S., you should be
fine.
> >
> > I don't think so. Of the commercial Canadian crypto products I've
looked at
> > each of the company's involved complied with US export regulations.
> > That Tom is giving away his code, I think, makes little difference.
>
> Another complication is that Tom is publishing his code from a web
> server which is physically located in the US, as far as I can tell.
This gets interesting. He lives in Canada and is breaking US laws!
Cool...
--
Red Dawn- "What makes us better than them?" "We live here!"
Wallace on Brave Heart- "While you stand around and bicker,
I am going to take the fight to the [king's back yard]."
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Wesley Horton <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: question regarding number of keys possible. . .
Date: Wed, 25 Aug 1999 15:28:46 -0500
John,
Thanks for taking the time to assist with this difficult problem. I had
done a deja news search for "interval wiring" and came up with several
posts that discussed the problem but did not zero in on it. I had been
considering if there was a formula for a given number of contacts which
was similar to the infamous but ever popular combinations/permutations
formula in which you could plug in the number of contacts, do a few
factorials . . .
Needless to say, as I have considered the scope of the problem, it
became evident that there was no "fast and easy" solution for the
problem. (That is not to say that there is one, just that with my
meager knowledge of mathematics, I could not find such a solution.)
I have always wondered, how many employees of the NSA read this
newsgroup and marvel at the problems that they have long ago conquered.
Thanks again for the assist.
Regards,
Wesley Horton
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: Wed, 25 Aug 1999 20:01:25 GMT
Greg <[EMAIL PROTECTED]> wrote, in part:
>I know of nothing that would prevent Microsoft C++ compilers from going
>to any country in the world. I know of nothing that would prevent a PC
>from going to IRAN fully loaded with all the necessary software to
>develop strong crypto applications. What can you point to for your
>source of information on this?
Have a look at the box, or the license agreement, for any recent C
compiler. The limits aren't the same as those on crypto, but there are
limits.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Wed, 25 Aug 1999 15:53:51 -0400
From: Alwyn Allan <[EMAIL PROTECTED]>
Subject: Re: The use of yarrow to generate LARGE amounts of random data
As I understand it, YARROW does not generate any entropy at all. The user
supplies entropy from physical sources (such as keyboard timings, mouse
movements, etc.) along with estimates of the entropy they contain. Yarrow
makes its own estimates of the entropy supplied, and assumes that the
lowest estimate is the best. It then mixes, crunches, grinds, and stirs the
entropy (see the paper) and serves it up on request. You would need to
supply a fast physical source, such as a video feed of "snow" or a
microphone in a kindergarten class depending on what "reasonable time" is.
Linux /dev/random does about the same. I don't know about other unix
variants.
If you believe Intel's claims, their PIII/810 generator puts out about 70
Kbps of entropy. I don't know if software to read it is freely available
yet. That would give you 500 MB in about 17 hours.
Rainbow makes a crypto processor (FastMAP) that includes a RNG. If you
believe their claims, it generates about 1 Mbps, so you could generate 500
MB in 1.1 hours. This device is used in fast SSL server hardware (IPIVOT).
My ORB device generates about 500 bps of real entropy, securely wrapped in
1100 bps of data. Eight of them would generate your 500 MB in less than two
weeks.
Other commercial devices (Protego, Tundra, ComScire, Orion) have various
bitrates.
A. Peter Allan
http://www.delanet.com/~apa/orb/
[EMAIL PROTECTED] wrote:
> I need to generate a large amount of random keys...and I need to do it
> in a reasonable amount of time. I'm curious as to how I would properly
> use Yarrow to generate 500+ megs of random data?
-----------== Posted via Newsfeeds.Com, Uncensored Usenet News ==----------
http://www.newsfeeds.com The Largest Usenet Servers in the World!
======== Over 73,000 Newsgroups = Including Dedicated Binaries Servers =======
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: How does RC4 work ?
Date: Wed, 25 Aug 1999 14:16:02 -0700
fungus <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Paul Crowley wrote:
> >
> > Encryption:
> > ./ciphersaber 0 PassPhrase < plain.txt > cipher.cs1
> >
> > Decryption:
> > ./ciphersaber 1 PassPhrase < cipher.cs1 > plain.txt
>
>
> Will that work? I thought stdin and stdout were text files,
> not binary...
stdin & stdout as shown are OPERATING SYSTEM entities, i.e. they're just
files. The distinction of text & binary are introduced soley by MICROSOFT's
C runtime library -- how the library attaches the I/O STREAM to the (already
open) OS handle (you can pre-load the library's mode to binary). Karl M
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NEW THREAD on compression
Date: Wed, 25 Aug 1999 23:38:54 +0200
As described in your post, a number of checks are done at the
end of processing to take care of the different possible special
cases such that the scheme can work without trouble. I think that
the following scheme is simpler (hence somewhat easier to program)
and yet achieves all the purposes of yours. It has the following
conventions:
(1) No input symbol has a Huffman code of all zeros (any number).
(2) If the last output bit is not at byte boundary, add 0's
till byte boundary.
(3) After (2) is done, delete all trailing bytes (any number) that
contain all 0's.
Would you please give your opinion on that?
M. K. Shen
================================
http://home.t-online.de/home/mok-kong.shen (new addr.)
------------------------------
From: [EMAIL PROTECTED] (Tramm Hudson)
Subject: Re: How Easy Can Terrorists Get Strong Encrypt?
Date: 25 Aug 1999 16:01:55 -0600
[posted and cc'd to cited author despite silly MAPSON]
John Savard <[EMAIL PROTECTED]> wrote:
> Have a look at the box, or the license agreement, for any recent C
> compiler. The limits aren't the same as those on crypto, but there are
> limits.
Ok, sure. You did say "any" compiler, so I choose gcc. Although
I am not a lawyer (TM), in my reading of the GPL available from:
http://www.fsf.org/copyleft/gpl.html
I could see no restrictions placed upon export to "hostile"
countries. Can you please point to the section that places
any limits on export? Or is "every compiler" a bit too broad?
Thank you,
Tramm
--
o [EMAIL PROTECTED] [EMAIL PROTECTED] O___|
/|\ http://www.swcp.com/~hudson/ H 505.323.38.81 /\ \_
<< KC5RNF @ N5YYF.NM.AMPR.ORG W 505.284.24.32 \ \/\_\
0 U \_ |
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: cryptographic DLL
Date: Wed, 25 Aug 1999 22:07:53 GMT
In article <7q0qvv$1912$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I have taken Tommy off of my email reader kill list he was the
only one
> on it at the time. But if he has the balls to fight for what is right
I for
> one am greatful. I am not so brave. I think one gets more chicken as
> one ages. But if one does not fight unjust and unfair laws then our
> freedoms will dissapear. I think we should not tell him our fears. If
> every one cowarded at the corruptness of new laws we would still
> be paying tea tax to the evil british empire. Tommy do what you
> think is right and you will sleep better at night. It may take many
> years but if in your heart you know your doing the morally correct
> thing do it. I feel crypto is vitial to the freedom of people every
where
> but am not yet willing to do all that it takes. I keep telling my self
> some day I will take a more heroic stand against the current stream
> of politicians turning our bill of rights into tiolet paper. But I
don't
> I fear I am like a smoker that says he can quit smoking and as
> proof does so every night when he goes to sleep. But never
> really gives it up till that long sleep at the end of life.
We have butted heads more times then I can count, but you really make
sense here.
I am not 'trying' to break laws by writing this code. I am trying to
write win32 code for people to use. The fact that it's breaking some
silly law, is quite intriging to say the least.
I have no plans to stop posting the code (peekboo or cdll) or actually
protest. I am just trying to release code...
BTW, if anyone has ideas of things to add to cdll I am open. I have
ran out of ideas...
Tom
--
PGP 6.5.1 Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
