Cryptography-Digest Digest #170, Volume #10 Fri, 3 Sep 99 20:13:03 EDT
Contents:
Re: Schneier/Publsied Algorithms (SCOTT19U.ZIP_GUY)
Re: Q: Cross-covariance of independent RN sequences in practice (The Asshole)
Re: What if RSA / factoring really breaks? ("Dr. Michael Albert")
new user (Dominic Doyle)
Re: Using Diffie-Hellman to encode keys ("Joseph Ashwood")
Please help a newbie... (Ragni Panjala)
NSA and MS windows (Michael Slass)
Re: Alleged NSA backdoor in Windows CryptoAPI (SCOTT19U.ZIP_GUY)
Re: Alleged NSA backdoor in Windows CryptoAPI (Stanley Chow)
Re: Schneier/published algorithms (Forrest Johnson)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Schneier/Publsied Algorithms
Date: Fri, 03 Sep 1999 23:00:40 GMT
In article <[EMAIL PROTECTED]>, Eric Lee Green <[EMAIL PROTECTED]> wrote:
>Anonymous wrote:
>>
>> One of the posts in this thread refers to Bugs in Windows NT...yes there are
> bugs in Windows NT..but its a v. large op. sys. Millions of lines of
> code....2fish is a very small apps..maybe 2-3k lines of code....
>>
>> OK...Now we see some Test Vectors appeaing on the counterpane.com web
> site...with no documentaion...
>>
>> Checking the source code when I last downloaded and now....the header in
> twofish.c still reads version 1. April '98 by the same guy...Hi/fn
> ...whoever that is...
>
>First of all, why should we take seriously some twit who can't even figure out
>how to wrap his lines?
>
>Secondly: TwoFish was submitted over 16 months ago as an AES candidate. It
>isn't going to change unless some serious flaw is found, in which case it will
>more likely be tossed out of the competition rather than changed. If you want
>the "official" AES-candidate source code, go to the AES home page at
>http://www.nist.gov/aes and order the CD-ROM, and get not only the latest
>TwoFish but also the source code to all the other AES candidates. (Note: that
>page now says that they are going to make a new CD-ROM with the finalists on
>it, and it won't be available until October... but if you're interested in good
>top-quality encryption algorithms in a number of different languages, it still
>looks interesting). If TwoFish is the AES winner, it will be the "official"
>encryption standard for all non-military US encryption. It's already one of the
By official does this mean if we use something that is secure which the
government doesn't want us to use that we can expect "military gas"
canisters to be thrown in our windows. I wonder just what the Hell does
this so called "official" means. Will it get the same high standard of testing
that MicroSoft is claiming there operating system encryption gets or is
this to low of a level for them?
>top five finalists. Sounds like it's pretty solid to me, though some of the
>other AES candidates also have good points that make them worth looking at.
>
Yeah I've been wondering just what those "good points" are. Will the NSA
ever tell us.?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: The Asshole <[EMAIL PROTECTED]>
Subject: Re: Q: Cross-covariance of independent RN sequences in practice
Date: Fri, 03 Sep 1999 16:34:05 -0500
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > ... Exact zero of cross-covariance is required by independence.
>
> No, it is not, no more than zero standard deviation is required
> for the mean of a truly random variable. Statistical independence
> differs from algebraic independence in just such ways.
Your statement makes no sense statistically.
1st: By definition, independent variables have covariance = 0.
2nd: If any "random" variable has standard deviation= zero, we call it
a constant. A truly random variable MUST have a standard deviation >0.
GMA
------------------------------
From: "Dr. Michael Albert" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: What if RSA / factoring really breaks?
Date: Fri, 3 Sep 1999 17:36:13 -0400
> But given that cyphers and
> the like are considered munitions by the US Government, and other
> governments presumably, wouldn't someone taking this course risk
> being prosecuted for treason: "wilfully disseminating material
> prejudicial to the security of the state". I'm sure "they" could
> cook up some charge along those lines.
In the U.S., writings on cryptographic theory are covered
under the "freedom of speech" clause of the Constitution.
Actual computer programs in machine readable form, however,
are considered "munitions". So life is interesting in
the U.S. For example, there is a book out which, in printed
form, gives explicit code for encryption algorithms, and
the book is set up in such a way that the code could be
read by an optical-character-recognition system, and this
book is protected under the freedom of speach, and can
be legally exported. If the same code were on a floppy disk
with files named "*.c", it would be a munition. Even to provide
software with "hooks" for encryption is a "munition". (I wonder
if one wrote a book using, say, TeX, and in the book had
"C" code, if the TeX source would be a munition? Not sure...).
I believe that Congress has enacted in law that certain
information related to the details of making nuclear
weapons is "born secret" and therefore, according to
this law, a book on the subject could be censored even
if the author did not acquire the information from the
U.S. weapons program. But to the best of my knowledge,
this is the only exception and is relatively narrow.
I don't know how things are in other countries, but I
would suspect that most other democracies would not
try to control publishing "theoretical" articles. By
the way, if anyone cracks RSA-2048, I suspect they
would not have significant problems if they were to
apply for an entrance visa :-).
Best wishes,
Mike
------------------------------
From: Dominic Doyle <[EMAIL PROTECTED]>
Subject: new user
Date: Sat, 04 Sep 1999 08:35:39 +1000
Reply-To: [EMAIL PROTECTED]
Hi,
Dominic Doyle, Melboure Australia, BA Psychology, interest in crypt but
not expert.
Has anybody heard the news on the recent crack of 512bit?
Does any body know of good faqs or sites on 1012bit aside from the
obvious RSA etc.
Is Netscape still fighting the US government over the export of these
technologies? I also read some time back that high level encryption was
available from Germany and Japan making that action somewhat futile.
Thanx
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Using Diffie-Hellman to encode keys
Date: Fri, 3 Sep 1999 15:39:01 -0700
I know this is a rather unconventional approach but I'll give it a try.
Assuming everyone has a private key, ans assuming that negotiating a large
secret value through is not difficult, assuming a secret value can be
negotiated between the server and each client individually.
>From here I'll present it along with a desription of the problem.
John wants to talk to Jim.
John requests Jims public info from the server (sandy)
Sandy returns two things to John (transferred securely to certify Sandy as
Sandy)
Jim's public key
A bit stream for Jim
Alternately Sandy could send invalid information as the bit mask
John then contacts Jim
John sends Jim the symmetric key, and the bit stream (securely)
Jim applies a transform (cryptographically strong) to the bit stream, the
result should be the current time +- 5 minutes. Alternately this could also
be Johns public key (or a hash of it) to avoid connection expiration.
If anyone has any comments on this, other than the fact that it may be
overly complex, I welcome them, in either public or private.
Joseph
Eric Lee Green <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> For those who are not up on their Diffie-Hellman, here is the "classic"
> mechanism:
> Jack Jill Shared over network or via prior
agreement
> x(random) y(random) n, a large prime,
> g, prime (possibly small) such that g
> primitive mod n
>
> shared over network:
> X = g**x mod n (from Jack)
> Y = g**y mod n (from Jill)
> k=Y**x mod n k=X**y mod n
> (g**y**x mod n) (g**x**y mod n)
>
> The shared values are known (transmitted over communications mechanism).
The
> columns under "Jack" and "Jill" are not known to outside attackers
> (hopefully!). A "man in the middle" attack is possible but unlikely due to
the
> way this thing works (the chat
> function cannot be invoked after an initial 'k' has already been
generated, and
> 'k' is generated at install time talking to a central key server).
>
> The problem I'm trying to figure out is using the resulting 'k' to
transfer an
> initial 56-bit DES key (the max allowed for US export). k is not suitable
for
> use as a DES key because it is sparsely distributed over field n. The
first
> obvious choice is to use an operation that is easily reversed if you know
'k',
> but is a Hard Problem if you don't know k, such as:
>
> Jack Jill Shared
> d (random DES key) D=d*k
> d=D/k
>
> Well, actually, that's not such a hard problem (though it IS a derivative
of
> the Factoring Problem), if you intercept two messages encoded with the
same
> 'k',
> A=a*k
> B=b*k
>
> you get A/B=a/b which simplifies the task somewhat (especially assuming
that
> you know that a and b are 56-bit DES keys). At the moment this should be
no
> problem since I have no intention to ever re-use k.
>
> Anyhow: Is the above a "good enough" problem (assuming no-reuse of k)? Or
> anybody else have a good Hard Problem that would have reasonable execution
> time? ("Reasonable" - using Phil Karn's 2047-bit prime, '2' for g, and a
56-bit
> 'x' takes about 5 seconds tp generate 'k' on my AMD K6-2/333 under FreeBSD
> 'dc', 128-bit 'x' takes about 15 seconds).
>
> Note: I'm not interested in RSA at the moment, it doesn't get me anything
for
> my particular application except legal hassles (beyond the ones inherent
in
> U.S. export controls).
>
> -- Eric Lee Green [EMAIL PROTECTED]
------------------------------
From: Ragni Panjala <[EMAIL PROTECTED]>
Subject: Please help a newbie...
Date: Fri, 03 Sep 1999 17:52:03 -0400
Hi all
I am developing an application in Power Builder with Foxpro as my
backend..so, I would need to store the passwords the user enters to
access the application in a file - for security purposes, I need to
encrypt this file so that only the application can read and write to
it..I have never done anything like thisbefore and I am stuck..I have
looked at Microsoft cryptoAPI but have no idea how to use it..
PLease help..
Thanks
Ragni
------------------------------
From: Michael Slass <[EMAIL PROTECTED]>
Subject: NSA and MS windows
Date: Fri, 03 Sep 1999 14:27:30 -0700
According to
http://www.cnn.com/TECH/computing/9909/03/windows.nsa/
"(CNN) -- A cryptography expert says that Microsoft operating systems
include a back door that allows the
National Security Agency to enter systems using one of the operating
system versions.
<snip>
"It turns out that there are really two keys used by Windows; the first
belongs
to Microsoft, and it allows them to securely load (the cryptography
services),"
said Andrew Fernandes in a press release. Fernandes works for Cryptonym,
a
company based in Ontario.
The press release states "the second belongs to the NSA. That means that
the
NSA can also securely load (the services) on your machine, and without
your
authorization."
I was aware that Windows had unintentional security holes, but this is
the first I've heard of intentional holes. Anyone know anything about
this?
-Mike
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Alleged NSA backdoor in Windows CryptoAPI
Date: Fri, 03 Sep 1999 23:04:31 GMT
In article <klXz3.690$[EMAIL PROTECTED]>, "Steven Alexander"
<[EMAIL PROTECTED]> wrote:
>The easiest way to weaken an algorithm would be to make part of the key
>known. For instance, making 8 bits of a 56-bit DES key known would allow
>anyone with decent computing resources(the NSA has much more than decent) to
>brute force the rest of the key without trouble. Also, even if several
>people had DES keys with the same static bits, the 48-bits would produce
>more than enough difference for them not to notice.
>
>What worries me as much as the NSA being able to take advantage of your
>machine without your knowledge is that another malicious attacker could as
>well. Such an attack could be crushing to many businesses.
>
>-steven
>
>
Do you really think HACKERS would stoop so low as to use holes
in Mircosoft products. No they wouldn't do that. Some day I will stop
using VI and go "buy" a copy of MS word. Well as soon as they fix
the bugs.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Stanley Chow <[EMAIL PROTECTED]>
Subject: Re: Alleged NSA backdoor in Windows CryptoAPI
Date: Fri, 03 Sep 1999 18:17:35 -0400
Stephan Eisvogel wrote:
>
> There's a couple of possibilities what _NSAKEY really means:
>
> a) the real deal, backdoor key for new "NSA" crypto modules
> b) some MS-programmer's prank (not funny)
Both of these are possible. But the Microsoft statment says
the "NSA" refers to having NSA help review the security. So
it is not a prank.
> c) 2nd MS key in case first one is compromised only with a
> funny label
This does not seem sensible. If the first key is compromised,
then it does not help for Microsoft to be using the second key;
the bad guys will be have the first key.
> d) none of the above
Distinctly possible.
One interest fact that could shed some light is what is done
with the two keys. If the two keys follow different paths and
perform some sort of complimentary security function, then I
might believe the Microsoft statement. If the two keys are
essentially identical and just tested in sequence, then
I suppose it is more likely to be a real NSA key.
I would be very pleasantly surprised if Microsoft would back
up their statement by releasing the source code complete with
comments and security analysis. That seems to me the only
definitive way to convince everyone. At the very least, they
must point out something that is accomplished by the second
key.
(And it goes without say, that
--
Stanley Chow email: [EMAIL PROTECTED]
------------------------------
Subject: Re: Schneier/published algorithms
From: Forrest Johnson <[EMAIL PROTECTED]>
Date: Fri, 03 Sep 1999 22:34:25 GMT
In article <7qlub3$2vh2$[EMAIL PROTECTED]> SCOTT19U.ZIP_GUY,
[EMAIL PROTECTED] writes:
>>Mr. Scott, I'm pleased to see that you are so passionate about people
>>answering questions asked of them. Perhaps you would be so kind as to
>>answer the questions I posed to you last week in several different posts.
>(Diatribe about Bruce Schneier snipped)<
I didn't ask about Mr. Scheier's reply, I asked about yours.
>>
>>In case you've forgotten, you made a claim that you had changed software
>>in fielded weapons systems. I asked you to identify which systems these
>>were.
> Wrong again you use the word "fielded" I stated I work on lterally
>everything the Navy flew or flys.
Good, a calibration point. Your hedging on the word "fielded" in order
to dodge answering the question shows that you do not know the answer to
the questions I posed.
>>Given your excoriation of Mr. Schneier, I'm sure you are now eager to
>>avoid the "cast the first stone" stigma.
> wrong again he cast the first stone so there is nothing to avoid
Not in your world, maybe. (What color is the sky in there, by the way?)
You castigated Mr. Schneier for not answering a part of a post. You
refuse to answer even the most direct questions.
>>
>>I did ask quite a few questions, so I might have overwhelmed you. I'll
>>start with one or two easy ones this time and we can go from there:
>>
>>1) Did you change software in a fielded weapons system, yes or no?
>>2) If yes, what weapons system was it?
>>
>>TIA
>
> The anwser to both question is if the Navy flew and had trouble I most
>likely worked on it to fix the problems. If this does seat well with you tough
>shit. I don't have to play by your rules. I don't have to kiss your ass and
>things are not alwasy black and white.
Now an ad hominem attack. The truth is that you can't answer the
questions, can you? Your replies would be too easy to disprove, so you
instead try to divert attention by attacking the integrity of people you
don't even know.
>My question to you is why do companies
>like yours seem to give the government such poor qualitiy work for the dollar.
Give an example based on facts. Try to avoid the usual pointless rant
that seems to make up most of your posts.
>I never understood why it seem to be OK that subcontractors could pretend to
>do something at great expense and then do it wrong. Where I worked the workers
>always felt that companies do the work wrong on purpose so that they can bid
>another contract to suck more money out of the system. We felt like the
>companies had no real incentive to do the work correctly since they get
more
>contracts if they do it bad.
There's another indication that you were an insignificant cog who never
came close to really working on the systems you claimed. All defense
contracts have a program office to report to. Not only do they have
overseers from the respective branches of the military, but also from
third party contractors hired for that purpose. The workers you refer
to were in reality low ranking Naval personnel who were mechanically
following TO's and, like all servicemen, bitching out of boredom. I
would ask you to prove your statements with concrete examples, but then,
you don't have any, do you?
>Yes I remmber your company. But I was wondering
>was it just that compaines send there worst people to work on gov projects
>or is it just that good people don't work for defense contractors. This is
>what it seemed like from the place I worked. But maybe you can enlighten us
>on the modivations of your company and put the current pr spin on it.
Ah, another ad hominem attack. Nothing in the world could enlighten you,
Mr. Scott. You even jump to the conclusion that because my email address
says Raytheon, I must work there.
>Don't worry my kind of prgrammer no longer works for the Navy. At the time I was
>hired they wanted talented people with very good grades in technical subjects
>that would get the job down. IF you weren't in the top 10% of your graduating
>class you could not get in.
If the timetable you've hinted at in other posts to this group holds true
(which isn't a solid bet with anything you say), you joined the Navy at a
time when they were taking people from a much broader range than the
elite 10% you infer you were in. (What was that, by the way, high
school?)
You are correct that your type of programmer no longer works for the
Navy. Deep psychoses seem to have a disqualifying effect.
<(more pointless ranting snipped)>
Mr. Scott, you don't answer my questions because you can't. You lied
about changing the software in fielded weapons systems and you don't have
the knowledge to cover up those lies with another layer of more plausible
lies. I've often wondered about your various algorithms; I don't have
the time nor the energy to analyze them myself, so I chose to gather some
calibration points about your boasts in something more easily assayed.
You lied about what you did in the past (and not just incidentally
accused quite a few people of incompetence, malice, and sabotage), so my
conclusion is that you are lying about everything else. You might have
something of value in your code, but I doubt that was intentional -- even
a blind pig finds an acorn once in a while.
Let me repeat it once more so you won't forget it, Mr. Scott -- you are a
liar. I know it and all your blustering doesn't hide the fact that you
know it, too.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
