Cryptography-Digest Digest #165, Volume #10 Fri, 3 Sep 99 08:13:02 EDT
Contents:
Re: Using Diffie-Hellman to encode keys (David Wagner)
Re: I need an algorithm!!!! (d g)
Re: Key Establishment Protocols - free chapter from Handbook of Applied Cryptography
(JPeschel)
Re: 512 bit number factored (Paul Rubin)
Re: Graphical Passwords (Keith A Monahan)
Re: Can we have randomness in the physical world of "Cause and Effect" ? ("Douglas
A. Gwyn")
Re: Q: Cross-covariance of independent RN sequences in practice ("Douglas A. Gwyn")
Re: Vigenere Variant Problem ("Douglas A. Gwyn")
Re: Home Invasion Bill Drives U.S. Computer Users across border ("Douglas A. Gwyn")
Re: Web encryption, some references please.. ("Douglas A. Gwyn")
Re: Members Only Key Exchange ("Douglas A. Gwyn")
Re: Using Diffie-Hellman to encode keys (Eric Lee Green)
Re: http://www.tmechan.freeserve.co.uk/wincrypt.html (Soeren Mors)
Re: Home Invasion Bill Drives U.S. Computer Users across border (JPeschel)
Re: SIGABA / ECM Mark 2 (Frode Weierud)
Re: SQ Announcement ("Kostadin Bajalcaliev")
Re: Blowfish (Volker Hetzer)
ECC, D.S., Fravia, & Ian (JPeschel)
Re: Re: 512 bit number factored ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Using Diffie-Hellman to encode keys
Date: 2 Sep 1999 19:55:11 -0700
In article <[EMAIL PROTECTED]>,
Eric Lee Green <[EMAIL PROTECTED]> wrote:
> Thanks. Do you have any references to the van Oorschot and Weiner work?
`On Diffie-Hellman Key Agreement with Short Exponents', EUROCRYPT'96.
> It appears that the modulus has to be carefully
> picked in order to turn the exponential distribution into an even distribution
> over the field enforced by the modulus,
How so? I don't think I've heard this one before.
(We're talking about a prime modulus p where p-1 has a large factor, right?)
------------------------------
From: d g <[EMAIL PROTECTED]>
Subject: Re: I need an algorithm!!!!
Date: 02 Sep 1999 20:26:06 -0700
"Steven Alexander" <[EMAIL PROTECTED]> writes:
> It is conjectured in "The Handbook of Applied Cryptography" that
> Chor-Rivest can be secure if its parameters are carefully chosen,
> however this creates a very large public key. In the aforementioned
> book it cites the public key with the paramters of p=197 and h=24 to
> be 36,000 bits. I haven't studied knapsacks enough to offer more
> than this.
You may want to look at:
Vaudenay, S, Cryptanalysis of the Chor-Rivest cryptosystem, in
Advances in Cryptology (CRYPTO'98), Springer LNCS #1462, pp 243-256
(1998).
If I remember right, Vaudenay announced the attack at Crypto'97, which
may explain why HAC doesn't cover it. You can get the paper from
Vaudenay's website:
http://www.dmi.ens.fr/~vaudenay/pub.html#Vau98h
Regards,
Dipankar
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Key Establishment Protocols - free chapter from Handbook of Applied
Cryptography
Date: 03 Sep 1999 04:35:32 GMT
> [EMAIL PROTECTED] (John Savard) writes:
>But I do have one nitpicking criticism, after having glanced at the
>chapter.
>
>An unauthenticated key exhange protocol is, by definition, not
>protected against forgery. But that doesn't mean that forgery is
>actually possible; the fact that key exchange requires authentication
>to protect it is a fact about the real world, which must be derived
>(from observation or whatever). Thus, it isn't really accurate to say
>that an unauthenticated KEP is vulnerable to forgery _by definition_.
You're right, you are nitpicking.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: 512 bit number factored
Date: 3 Sep 1999 04:36:02 GMT
Wei Dai <[EMAIL PROTECTED]> wrote:
>Now a question of my own: does anyone actually use 512-bit keys for e-
>commerce, as CWI's press release claims?
Yes, I spend a fair amount of time looking at SSL certificates and
occasionally still see some 512 bit ones. It's nothing like the 95%
that CWI claimed, though. More like 10%, from the sample I've looked
at.
You can tell the size of an SSL key by connecting to the web site with
MS Internet Explorer and clicking on the lock icon, and viewing "key
exchange" in the SSL properties dialog. This is with MSIE 4.0; I
don't have an MSIE 5 browser handy and I think they've changed the
interface somewhat, but they still show the info. Netscape 4.5
unfortunately doesn't show the key length.
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Graphical Passwords
Date: 3 Sep 1999 04:17:44 GMT
Hi There,
We appreciate the post, and will certainly check it out!
Thanks for keeping us updated and let us know of future
releases.
Thanks,
Keith
AlainNYC ([EMAIL PROTECTED]) wrote:
: Hi,
: we are a group of researchers from Bell Labs, AT&T Labs and
: NYU. We implemented "graphical passwords" for the PalmPilot.
: That is, you can simply draw a little figure as your password
: rather than trying to remember some funky textual password.
: his password is then use to encrypt data in the memopad
: application.
: We have an alpha release ready to download for free.
: See http://cs.nyu.edu/fabian/pilot/gpw.html
: for more details.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.physics
Subject: Re: Can we have randomness in the physical world of "Cause and Effect" ?
Date: Fri, 03 Sep 1999 05:31:43 GMT
Tim Tyler wrote:
> In MWI there is no process equivalent to "wave function collapse" - a
> notion that the EPR "paradox" hinges upon.
The Multiple-Worlds equivalent of the Copenhagen collapse is a
splitting of the world-path of the system.
EPR in no way depends on the Copenhagen interpretation, and further
it is generally considered that Aspect et al. have demonstrated that
the EPR weirdness actually does occur, so if MWI differs in that
prediction then it is wrong.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Q: Cross-covariance of independent RN sequences in practice
Date: Fri, 03 Sep 1999 05:15:25 GMT
Mok-Kong Shen wrote:
> ... Exact zero of cross-covariance is required by independence.
No, it is not, no more than zero standard deviation is required
for the mean of a truly random variable. Statistical independence
differs from algebraic independence in just such ways.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Vigenere Variant Problem
Date: Fri, 03 Sep 1999 05:23:04 GMT
JTong1995 wrote:
> ... I found a repeat that I assumed was "STOP", which was the
> begining of what turned out to be a sterotypical ending with the
> unit commander's name, followed by the 3 letter abrev for his rank
> (COL = Colonel) and then the 3 letter abrev for his branch (INF =
> Infantry). The twist was the remaining letters used to fill the
> final five letter group were X's, which were enciphered
> polyalphabetically. That gave me enough plaintext - ciphertext
> equivilants to use direct symetery of position. ...
Congratulations on your solution.
Stereotypes are very useful in C/A work, even more so when there
is concurrent T/A. For example, if T/A shows that the sender is
a Company, it is likely that the rank is CPT. And an INF Company
is virtually always subordinate to an INF Brigade and INF Battalion.
Such knowledge provides free cribs, quite often.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Home Invasion Bill Drives U.S. Computer Users across border
Date: Fri, 03 Sep 1999 05:35:33 GMT
Anonymous wrote:
> [a self-serving commercial press release]
> According to published reports, the Justice Department will seek
> authorization through the Cyberspace Electronic Security Act for FBI
> and local police to covertly enter private homes and disable computer
> encryption programs. ...
If they can't get their facts any straighter than that, why would we
want to trust them to protect our sensitive information?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Web encryption, some references please..
Date: Fri, 03 Sep 1999 05:39:16 GMT
"SCOTT19U.ZIP_GUY" wrote:
> In article <7qh51m$mda3@SGI3651ef0>, "Sta" <nospam@nomail> wrote:
> >I'd like to learn about the encryption protocols used on the www.
> Try my hated and controversial site!!!
I don't recall seeing your encryption systems used in WWW protocols.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Members Only Key Exchange
Date: Fri, 03 Sep 1999 05:47:18 GMT
Gary wrote:
> ... chair(wo)man ...
I couldn't make it through your posting due to the repeated use of
that ridiculous contruct. The role is simply "chairman"; if it is
definitely a specific, female individual, then it is "chairman", or
perhaps "chairwoman" if you feel an urge to be P.C. But with the
form you adopted, one wonders how you would denote a definitely-male
chairman; perhaps "chair()man" or "chairman(with_penis)"? Do you
see yet how utterly irrelevant the sex of the person filling that
role is to your query?
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Using Diffie-Hellman to encode keys
Date: Thu, 02 Sep 1999 22:35:49 -0700
David Wagner wrote:
>
> In article <[EMAIL PROTECTED]>,
> Eric Lee Green <[EMAIL PROTECTED]> wrote:
> > Thanks. Do you have any references to the van Oorschot and Weiner work?
>
> `On Diffie-Hellman Key Agreement with Short Exponents', EUROCRYPT'96.
>
> > It appears that the modulus has to be carefully
> > picked in order to turn the exponential distribution into an even distribution
> > over the field enforced by the modulus,
>
> How so? I don't think I've heard this one before.
> (We're talking about a prime modulus p where p-1 has a large factor, right?)
Ah. The p-1 has a large factor is the one that I was fumbling for.
Thanks.
I'll summarize what you and others have taught me tomorrow, to make sure
I got everything right. Thanks everybody for the pointers, I've been
doing some HEAVY reading and hopefully am going to be able to make a
little more sense out of this whole deal (though my co-workers are
starting to look at me strangely for muttering about obscure
mathematical concepts while wandering the halls with a glazed look in my
eyes... what can I say, even though I'm bad at it, it's still
fascinating).
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Soeren Mors <[EMAIL PROTECTED]>
Subject: Re: http://www.tmechan.freeserve.co.uk/wincrypt.html
Date: 03 Sep 1999 08:56:34 +0200
[EMAIL PROTECTED] writes:
> Terry Mechan <[EMAIL PROTECTED]> wrote:
> : Wincrypt is practically unbreakable and now works on Win NT as well as 95/98
>
> : Download from
>
> : http://www.tmechan.freeserve.co.uk/wincrypt.html
>
> This is the _source_, right? If not, nobody with a clue will
> give it a second (or even first) thought.
Doesn't seem to be. It does claim to use IDEA, but the following
phrase on the homepage made somewhat suspicious:
Do not be afraid of forgetting one of your passwords - you can save
your passwords on disk.
But it doesn't say anything about how those passwords are protected.
--
Soeren Mors
Student of Computer Science at DAIMI [EMAIL PROTECTED]
For security this message has been encrypted with double ROT13
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Home Invasion Bill Drives U.S. Computer Users across border
Date: 03 Sep 1999 07:41:15 GMT
[EMAIL PROTECTED] writes:
>Anonymous wrote:
>> [a self-serving commercial press release]
>> According to published reports, the Justice Department will seek
>> authorization through the Cyberspace Electronic Security Act for FBI
>> and local police to covertly enter private homes and disable computer
>> encryption programs. ...
>
>If they can't get their facts any straighter than that, why would we
>want to trust them to protect our sensitive information?
Looks like that PR snippet is correct despite its lack of details.
What do you find wrong with it?
I've never seen a commercial press release that wasn't self-serving,
have you?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: Re: SIGABA / ECM Mark 2
Date: 3 Sep 1999 09:15:31 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] () writes:
>JTong1995 ([EMAIL PROTECTED]) wrote:
>: Does anyone know of an accurate computer simulation of the ECM Mark 2? I've
>: seen several Enigma implementations, but not a SIGABA.
>The only one I know of is the one in Java on the Pampanito web site,
>accessible from
>http://www.maritime.org/ecm2.shtml
>John Savard
The Crypto Simulation Group (CSG) has made a simulator for SIGABA which
runs under Windows 3.1/95/98/NT. You can get a feeling for it by visiting
the CSG Gallery Web page at:
http://home.cern.ch/~frode/crypto/CSG/gallery/index.html
We are planning to release the SIGABA, NEMA, Siemens T52 and Abwehr Enigma
simulators in the near future. The NEMA and T52 releases as imminent.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : wwwcn.cern.ch/~frode
------------------------------
From: "Kostadin Bajalcaliev" <[EMAIL PROTECTED]>
Subject: Re: SQ Announcement
Date: Fri, 3 Sep 1999 11:46:48 +0200
David Wagner wrote in message
<7qn2nn$lnr$[EMAIL PROTECTED]>...
>In article <7qmt0k$[EMAIL PROTECTED]>,
>Kostadin Bajalcaliev <[EMAIL PROTECTED]> wrote:
>> Sr<<1 (should be Sr<<<1) this is standard notation
>
>This isn't standard notation. Elsewhere in your thesis you define
>the notation `P<<<1' to mean that you take the permutation P and you
>shift it left by one. But Sr isn't a permutation; it's a single byte,
>right?
>
>> Information Lose theory is:
>>
>> If we need more information than the output carry about them inner state
of
>> the generator in order to reconstruct the inner state then the Cipher is
>> "secure".
>
>If I understand correctly, you're talking about whether the cipher is
>information-theoretically secure. Trivially, when the output keystream
>length is longer than the key length, the cipher _cannot_ be
>information-theoretically secure. Ever. (Read Shannon, or the FAQ.)
I have read Shannon theories, just compare my and your claim:
If we need more information than the output carry about them inner state of
the generator ...
when the output keystream length is longer than the key length, the
I do not see any logical conection.
EC-2 for instance, is a very simple and breakable cipher, but you use only
the msb as output, is it there attack that can be lunched using this reduced
information.
Or you have this, in order to preserve the speed.
#include <stdio.h>
#include <stdlib.h>
#define p(a) pp[(a+R)%MS]
int vsc(int in);
int pp[512];
int R=0,MS=512;
int main (int argc, char **argv)
{
int i,j,g,t,m;
FILE *outf;
outf=fopen(argv[1],"wb");
m=atoi(argv[2]);
j=0;
for(i=0;i<MS;i++) { p(i)=i; }
for(t=0;t<m+1;t++)
for(g=0;g<1024;g++)
for(i=0;i<1024;i++) { j=vsc(j); if(t) putc(j,outf); }
return 0;
}
int vsc(int in)
{
int ret,g;
g=p(in); p(in)=p(p(in+1)); p(p(in+1))=g;
R=(R+1)%MS;
ret=p(p(in)^p(in+1));
return ret%256;
}
the permutation is 0..511 and the variation also, but the output is 8bit, 1
bit is lost.
Mr. Wagner I am not expert in cryptography, but I am certainly not newby
asking what is cryptography. I know what I am talking about. The thesis is
not a dream that I have solved all the problems, before it was written I
have read specification and analysis of most of the Stream Ciphers. Sq1 is
very similar with RC4, that is not a coincidence, RC algorithms are one of
the most interesting designs known now, at list I think so. I have tried as
much as I can to extract the common from secure ciphers and to define theory
why they are secure at first place.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Blowfish
Date: Fri, 03 Sep 1999 12:55:52 +0200
oscar morales ruiz wrote:
>
> Hi all,
>
> I'm testing a new implementation for Blowfish Encryption Algorithm, and
> I need test vectors to check it.
>
> Can anybody send me test vectors with a key length of 128 bits and data
> length of 64 bits for the Blowfish algorithm ?
check www.counterpane.com
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: ECC, D.S., Fravia, & Ian
Date: 03 Sep 1999 11:05:43 GMT
To my "Contests" page, I've recently added "The
Certicom ECC Challenge," and the September one-nibble
clue to David Scott's "gloat contest."
Also fixed or updated are a fews links including one
to Fravia's Pages, and a few others. While updating
those links, I noticed some important crypto info:
Ian Goldberg's updated picture. This cat looks a
helluva lot like me, except he's about 20 years
younger and a lot smarter. I think I'm in better
shape, though. Wonder where he posts now?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Re: 512 bit number factored
Date: Fri, 03 Sep 1999 11:42:09 GMT
In article
<7qnj7i$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Rubin) wrote:
> Wei Dai <[EMAIL PROTECTED]> wrote:
> >Now a question of my own: does anyone actually
use 512-bit keys for e-
> >commerce, as CWI's press release claims?
>
> Yes, I spend a fair amount of time looking at
SSL certificates and
> occasionally still see some 512 bit ones. It's
nothing like the 95%
> that CWI claimed, though. More like 10%, from
the sample I've looked
> at.
>
> You can tell the size of an SSL key by
connecting to the web site with
> MS Internet Explorer and clicking on the lock
icon, and viewing "key
> exchange" in the SSL properties dialog. This is
with MSIE 4.0; I
> don't have an MSIE 5 browser handy and I think
they've changed the
> interface somewhat, but they still show the
info. Netscape 4.5
> unfortunately doesn't show the key length.
>
I think you'll find that a lot of large-volume
corporate-bank and even inter-bank payment links
use 512 bit RSA, or even various symmetric
protocols.
Security is often augmented, though, with other
techniques or procedures in addition to the
signature.
This used to be called EFT of EDI, but has
recently be renamed to eCommerce :-)
-Terje
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
