Cryptography-Digest Digest #120, Volume #10 Fri, 27 Aug 99 11:13:04 EDT
Contents:
RE: receiving a piece of message (Gary)
Re: receiving a piece of message (Keith A Monahan)
Fooling Key Escrow (Gary)
PGP now FIPS-140 (Padgett 0sirius)
Re: Can americans export crypto when in another country? ("Trevor Jackson, III")
Re: 512 bit number factored (Bob Silverman)
Re: Can americans export crypto when in another country? (Anthony Stephen Szopa)
Re:Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY)
Re: What the hell good is a session key!
Re: 512 bit number factored (Boudewijn W. Ch. Visser)
Re: NEW THREAD on compression (SCOTT19U.ZIP_GUY)
Re: Can americans export crypto when in another country? (SCOTT19U.ZIP_GUY)
Re: 512 bit number factored (Anton Stiglic)
Re: UNknown-related key cryptanalysis? (Rochus Wessels)
----------------------------------------------------------------------------
From: Gary <[EMAIL PROTECTED]>
Subject: RE: receiving a piece of message
Date: Fri, 27 Aug 1999 08:24:30 -0400
Depends on the encryption algorithm (usually the mode its run in) and
whether
the data was compressed before encryption.
Only if each of the seperate blocks of a plain text message were
independently
enciphered then you could decipher the complete blocks within the partial
message.
>===== Original Message From "Alessandro Guarino" <[EMAIL PROTECTED]> =====
>Hello to everybody, this is my first mail in this newsgroup and then nice to
>meet everybody.
>My question is : if I want to decrypt a message encrypt with a private key
>algorithm do I have to receive the message from the beginning?
>I mean, if I start to receive the encrypted message by the middle, am I
>able to decrypt the remaining message?
>
>thanks to everybody
>
>Alex
>
============================================================
Get your FREE web-based e-mail and newsgroup access at:
http://MailAndNews.com and http://MailAndNews.co.uk
Create a new mailbox, or access your existing IMAP4 or
POP3 mailbox from anywhere with just a web browser.
============================================================
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: receiving a piece of message
Date: 27 Aug 1999 12:43:42 GMT
Gary,
So, if its ECB(electronic code book) only mode, he is safe -- because there
is a one to one mapping of plaintext -> ciphertext but any of the other
modes that involve chaining or feedback require the previous ciphertext
block to properly set the IV , in which case, if he does not have
he would be screwed.
Right?
Keith
Gary ([EMAIL PROTECTED]) wrote:
: Depends on the encryption algorithm (usually the mode its run in) and
: whether
: the data was compressed before encryption.
: Only if each of the seperate blocks of a plain text message were
: independently
: enciphered then you could decipher the complete blocks within the partial
: message.
: >===== Original Message From "Alessandro Guarino" <[EMAIL PROTECTED]> =====
: >Hello to everybody, this is my first mail in this newsgroup and then nice to
: >meet everybody.
: >My question is : if I want to decrypt a message encrypt with a private key
: >algorithm do I have to receive the message from the beginning?
: >I mean, if I start to receive the encrypted message by the middle, am I
: >able to decrypt the remaining message?
: >
: >thanks to everybody
: >
: >Alex
: >
: ------------------------------------------------------------
: Get your FREE web-based e-mail and newsgroup access at:
: http://MailAndNews.com and http://MailAndNews.co.uk
: Create a new mailbox, or access your existing IMAP4 or
: POP3 mailbox from anywhere with just a web browser.
: ------------------------------------------------------------
------------------------------
From: Gary <[EMAIL PROTECTED]>
Subject: Fooling Key Escrow
Date: Fri, 27 Aug 1999 08:38:05 -0400
Are there cryptographic systems that can produce decoy keys for key-escrow
that yield a decoy message?
Can it only be feasibly done with One Time Pad (OTP)?
============================================================
Get your FREE web-based e-mail and newsgroup access at:
http://MailAndNews.com and http://MailAndNews.co.uk
Create a new mailbox, or access your existing IMAP4 or
POP3 mailbox from anywhere with just a web browser.
============================================================
------------------------------
From: [EMAIL PROTECTED] (Padgett 0sirius)
Crossposted-To: alt.security.pgp
Subject: PGP now FIPS-140
Date: Fri, 27 Aug 1999 05:59:19
Ironic isn't it 8*) http://csrc.nist.gov/cryptval/140-1/1401val.htm . - can
S/MIME be far away ?
A. Padgett Peterson, P.E. Cybernetic Psychophysicist
http://www.freivald.org/~padgett/index.html
to avoid antispam use mailto:[EMAIL PROTECTED] PGP 6.0 Public Key Available
------------------------------
Date: Fri, 27 Aug 1999 08:56:40 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.misc,talk.politics.crypto
Subject: Re: Can americans export crypto when in another country?
Anthony Stephen Szopa wrote:
> "Trevor Jackson, III" wrote:
>
> > I believe that US citizens suffer from the US crypto regs in the same way
> > they suffer from the US tax regs. Contrary to most national tax systems,
> > the IRS tries to collect tax from ll US citizens no matter where they
> > reside. Similarly, the US crypto regs prohibit US citizens from
> > contributing to unlicensed non-US crypto systems no matter where they
> > perform the work.
> >
> > Michael D. Crawford wrote:
> >
> > > Hi,
> > >
> > > I'm an American citizen, presently living in the US, and I've been
> > > wanting for a while to port Speak Freely to the Be operating system.
> > > See http://www.speakfreely.org and http://www.be.com
> > >
> > > Speak Freely includes encryption, so if I port that while I'm in the US
> > > I can't contribute my changes back to the original source archives,
> > > which are in Switzerland.
> > >
> > > But I may be moving to Canada in a few months (I'm marrying a Canadian
> > > woman). Once I'm in Canada, as long as I create my port of the crypto
> > > software while I'm in Canada (so I never bring the crypto Speak Freely
> > > into the US, and don't take it back out again), can I export the crypto
> > > back to Switzerland without violating US laws?
> > >
> > > I expect to travel to the US frequently on business and it would be a
> > > drag to get arrested for some free software work I do while in Canada.
> > >
> > > Canada itself has some export controls, but according to the Crypto Law
> > > Survey at:
> > >
> > > http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
> > >
> > > crypto is not export controlled if the software is in the public domain,
> > > which is the case for the original speak freely and will be true for my
> > > changes.
> > >
> > > Mike
> > >
> > > --
> > > Michael D. Crawford
> > > GoingWare - Expert Software Development and Consulting
> > > http://www.goingware.com
> > > [EMAIL PROTECTED]
> > >
> > > Tilting at Windmills for a Better Tomorrow.
>
> I don't think this is correct. I only glanced through the crypto regs
> but I did not notice any mention about US citizens coming under any of
> these regs when working on crypto alone by themselves outside the US.
>
> Look at it this way: are you saying then that US citizens can work on
> and develop crypto on their own inside the US but cannot work on and
> develop crypto on their own outside the US?
Yes. The prohibited act is the communication of strong crypto in a useful form
to an entity outside the US. I assume that if you doodle something interesting
on your laptop while on vacation and bring the results back into the US you have
not "exported" your doodles. But if you give that to a foreigner while away,
you have "exported".
> The export regs are just that: EXPORT regs. If you create crypto
> outside the US you did not export it because it did not exist before
> you created it outside the US.
Don't use the term "export" as you and I understand it. Use the term as defined
by the regs. These definitions are unrelated.
> There are plenty of Americans working for foreign companies outside the
> US on dual use matters. Just as there are plenty of foreigners working
> in the US on dual use matters. Much of this work is entrepreneurial.
>
> You are suggesting there is a legitimate law that says I cannot think
> or write or record my thoughts as an American citizen outside the US
> while it is perfectly legal to do so within the US, or develop these
> into working prototypes or more?
Yes.
N.B., the typical attitude of a legislator is "You can craft a law to do
anything". Rationality is not a constraint legislators admit.
Constitutionality is not a constraint legislators admit.
Then the bureaucrats ignore the letter and spirit of the law and create the
regs.
Then the enforcment officers ignore the regs and do what they think best.
See the whisper line?
> The thought of giving up one's US citizenship because of these sorts of
> imagined unconstitutional regs is like giving up nothing because these
> types of regs clearly deny your constitutional rights: you would not
> effectively have US citizenship under the constitution anyway.
Sad but true.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: 512 bit number factored
Date: Fri, 27 Aug 1999 13:43:53 GMT
In article <7q3oaf$e8c$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Boudewijn W. Ch. Visser) wrote:
>
> quick translation:
> - Scientists at CWI (Center for Mathematics and Computer Science) led
> by Herman te Riele have on Sunday August 22 factored a 512 bit number,
> which models 95% of the keys used to secure electronic commerce on
the
> More information, and pictures of the pressconference will follow
> later today (26 august 1999). For more information, please call:
> (020) 5924248, or email : [EMAIL PROTECTED]
>
> -----
>
> At the moment I don't see any further information at CIW, nor on RSA.
Did you look at:
http://www.rsa.com/rsalabs/html/rsa155.html
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Can americans export crypto when in another country?
Date: Fri, 27 Aug 1999 07:31:41 -0700
Reply-To: [EMAIL PROTECTED]
John Savard wrote:
> [EMAIL PROTECTED] (Michael D. Crawford) wrote, in part:
>
> >can I export the crypto
> >back to Switzerland without violating US laws?
>
> No, the U.S. law covers the actions of its citizens abroad.
>
> John Savard ( teneerf<- )
> http://www.ecn.ab.ca/~jsavard/crypto.htm
Apparently, you are correct.
The regs seem to have it locked up tighter than a drum.
If the software "encrypts" beyond the designated maximum security
level, US citizens are prohibited from in any way exporting it or
causing it to be proliferated outside the US and Canada.
Excerpts / quotes from these regs coming in the next few days under
the subject heading: "Current BXA Encryption Regs."
http://www.ciphile.com
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re:Can americans export crypto when in another country?
Date: Fri, 27 Aug 1999 15:36:24 GMT
In article <[EMAIL PROTECTED]>, Anonymous <[EMAIL PROTECTED]>
wrote:
>Why all the bullshit speculation? Just print the source out, put it in a
>removable binder, print "book" on it, when you get to your "relatives" house
>in another country, stand there and watch them scan or type it in. Logon to
>your U.S. server, and have *them* hit ENTER. It's that simple.
>
>George Gordon
>
>
I guess this means I have to by a printer?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: What the hell good is a session key!
Date: 27 Aug 99 14:24:27 GMT
Anonymous ([EMAIL PROTECTED]) wrote:
: Yes, that is my point, J Savard gets an A. But would the
: master-key/session-key protocol be any security advantage over just a random
: IV or random salt??
: (when using only conventional encryption in CBC *not* CFB mode)
Well, precisely the advantage I described in the post you quoted, the fact
that no single key is exposed to differential cryptanalysis with more
plaintext than is found in one single message, is present with CBC mode.
A random IV doesn't help, because if you have the IV and plaintext, you
know what goes into every block cipher encryption.
So without a session key, one might be able to accumulate known plaintexts
for several messages, enciphered with the same key.
If you salt the key, then the secret part of the key becomes shorter,
making a brute-force search easier, if I understand this correctly.
John Savard
------------------------------
From: [EMAIL PROTECTED] (Boudewijn W. Ch. Visser)
Subject: Re: 512 bit number factored
Date: 27 Aug 1999 14:46:10 GMT
Bob Silverman <[EMAIL PROTECTED]> writes:
>>
>> At the moment I don't see any further information at CIW, nor on RSA.
>Did you look at:
>http://www.rsa.com/rsalabs/html/rsa155.html
No, I didn't see it when I looked (rather quickly ) at www.rsa.com last
night. (1800 MET DST, [UTC+2] ). The press release wasn't up yet,
and the search feature didn't gave it with terms like rsa155 and rsa-155.
Hm, I notice that 'search' still doesn't give this document with these
terms.
Boudewijn
--
+--------------------------------------------------------------+
|Boudewijn Visser | E-mail:[EMAIL PROTECTED] |
| -finger for PGP-keys.- | http://www.ph.tn.tudelft.nl/~visser |
+-- my own opinions etc ---------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NEW THREAD on compression
Date: Fri, 27 Aug 1999 15:50:22 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>John Savard wrote:
>>
>> Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>>
>> >(3) After (2) is done, any number of trailing bytes that contain
>> > contain all 0's may be deleted or added according to user's
>> > choice or else randomly decided upon by the program.
>
>> That may occasionally shorten the file slightly.
>>
>> Having an unused code lengthens many of the other codes, so the whole
>> file is slightly more redundant.
>>
>> This can be minimized if the unused code is a long one, treated as if
>> it belongs to a low-probability symbol.
>>
>> But if this is done with a symbol with an obvious pattern - and the
>> all-zero symbol certainly is that - other characteristics of the
>> Huffman code used become known to an attacker.
>
>You are considering using compression as sort of encryption. But
>I am adopting the (I suppose) more common view that compression and
>encryption are orthogonal. Compression helps the encryption but
>I assume that, once the analyst correctly decrypts by using the
>correct key, properly doing decompression is no problem for him. This
>is a weaker assumption. From the discussions todate, I believe that
>it is also Mr. Scott's assumption that the analyst can do compression
>and decompression just as the communication partners can, without
>having to guess or otherwise finding the Huffman code.
>
>>
>> If there's an omitted symbol 0000000000, then there has to also be a
>> symbol 0000000001 to keep it company. And there either has to be a
>> symbol 000000001 or two or more symbols starting with that string.
>>
>> And what this means is that low-frequency symbols will tend to start
>> with zeroes.
>
>See above.
>
>>
>> That flaw can actually be corrected: instead of omitting the symbol
>> that is all zeroes, one can just as easily match the symbol that, all
>> the way through, matches the digits of pi or any other sequence.
>>
>> The longer your message, the more the added length due to the extra
>> symbol will be greater than that created by padding.
>
>Checking for all 0's is one the simplest way for that purpose.
>Further, you can simply use an extra (257th) symbol for end of file,
>if you are taking the trouble to consider pi.
>
>>
>> Note that I said to put the three bits indicating the number of unused
>> bits in the last byte in the second-last byte. This avoids the problem
>> where there are unused bits in the byte before the byte from which we
>> find out they're unused, which might lead to them being processed.
>>
>> Thus:
>>
>> 01101 000 11010110
>> 11010 001 1011010*
>> 00110 010 011010**
>> ...
>> 10110 111 1*******
>>
>> And note that the unused bits that are used for padding _need not_ all
>> be zeroes, instead one can use _random_ bits for padding. (And one
>> _definitely_ should. But one's 'random' bit generator must not leak
>> information about anything else.)
>>
>> Thus, the plaintext message consists of uniformly distributed
>> bits...right down to the very end. As far as possible, it has been
>> ensured that each bit of the plaintext has a 50% probability of being
>> either a 1 or a 0.
>
>Yes, this works if the sole purpose is compression/decompression.
>But if this stuff is encrypted and decrypted back with a wrong key,
>you wouldn't have the proper length information. This, according
>to Mr. Scott's reasoning, is bad, because it immediately tells him
>that the key he has employed is wrong.
>
>M. K. Shen
I could be wrong but I think we are on same wavelength now.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Can americans export crypto when in another country?
Date: Fri, 27 Aug 1999 15:43:43 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(wtshaw) wrote:
>In article <7q4lqa$35cq$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote:
>
>> Since you claim I am covered by US law do I have to drive
>> on the right side of road when overseas. No you can't export it
>> if you wrote it over there. Same if you go to Holland and smoke
>> a joint. Its ok in Holland so who cares what it is in the US.
>> Alsoi many people have dual citizen ship. What rules would they
>> follow.
>>
>Supposing that you are in another country, the other country is not duty
>bound to see that you follow US laws, and might be upset if agents of our
>government were acting there in any than a treaty allowed official
>capacity. Can you say, "Spy," as in, "No diplomatic immunity."
>
>Switch this thing around and presume that a woman of one of certain Arab
>countries was not wearing her veil while in this country. Just how much
>cooperation do you think the US government would give and how far do you
>think that the government would allow foreign agents to interfere with the
>conduct of such a person while here?
>
>Something here does not make good sense. I'm not trying to say that we do
>not need to safeguard some of our technologies, but, it seems that in a
>country were freedom of movement and expression are constitutional
>virtues, that we are unwilling to share these things mutually, even with
>sympathetic countries, while we seem to casually allow so many things to
>go to our enemies through high channels.
Yes it smells pretty dam fishy to me. When I was in the navy Uncle
Sam wanted my pee a lot. But do that ask Clinton for a pee test or
do they take his word that he does not use drugs. I saw if the big
boys don't have to pee or take Poly tests then why the "FUCK"
should the rest of us have to when the HEAD BASTARD in charge
is a proven lyer even in court. When there the bastards selling
the country down the tubes. Vote the FUCKING bastards out
of office that refused to do there duty by not IMPEACHING the
current adulterer that is giving china our secrets for petty cash.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: 512 bit number factored
Date: Fri, 27 Aug 1999 11:03:17 -0400
>
Yes, it's not easy to found it at their site. It takes someone
at RSA to point us to the link! (thanks [EMAIL PROTECTED]).
I also got this URL from Annette (referenced in Boudewijn Visser
post) thanks Boudewijn and Annette!
http://www.rsa.com/pressbox/html/990826.html
as
------------------------------
From: Rochus Wessels <[EMAIL PROTECTED]>
Subject: Re: UNknown-related key cryptanalysis?
Date: 27 Aug 1999 17:05:33 +0200
[EMAIL PROTECTED] (David Wagner) writes:
> Yes. [...]
Thanks, exactly what I needed to show,
that some ciphers shouldn't be used for a protocol,
which encrypts random packet keys with 64 bit blocksize
(so there is a probable collision after 2^32 packets in the first 64 bits)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
