Cryptography-Digest Digest #183, Volume #10 Sun, 5 Sep 99 16:13:03 EDT
Contents:
Re: NSA and MS windows (Anders Henriksson)
Re: DES cfb stream cypher and "whitening" or initialization (Enterrottacher Andreas)
Re: Schneier/Publsied Algorithms (Anonymous)
Re: NSA and MS windows (Bruce Schneier)
Re: RSA the company (Bruce Schneier)
Re: point of a cipher (Enterrottacher Andreas)
Re: Some law informations... (Bill Unruh)
Re: RSA the company (Bill Unruh)
Re: Schneier/Publsied Algorithms (Eric Lee Green)
Re: Second "_NSAKey" (Bill Unruh)
Re: Mystery inc. (sha99y00000)
Re: SQ Announcement (John Pliam)
Re: point of a cipher (David Wagner)
Re: Second "_NSAKey" (Bruce Schneier)
Re: THE NSAKEY (David Wagner)
Re: SQ Announcement (David Wagner)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Anders Henriksson)
Subject: Re: NSA and MS windows
Date: 5 Sep 1999 16:48:35 GMT
pbboy <[EMAIL PROTECTED]> wrote:
>Maybe I overestimate the NSA's power, but why would the NSA _ask_ MS for
>anything?!?
Ever heard of the saying "Never ask for anything which you can't take"?
Why waste resources. If you're powerful enough people won't object.
>HEHE! Do you really think, IF the NSA were to use any MS products, they
>would actually pay for the licenses?
Yes. It wouldn't be worth the possible trouble if they didn't. If I were
them, I'd give M$ a huge wad of cash and say "We'd like an unlimited
number of licenses for all of your products." As money's no problem for
them, license fees are no worry, but the number of licenses are as it
can be used to determine computing power. If the cash pile is huge enough,
M$ porbably wouldn't mind...
/Anders
--
Right after Armageddon, using your temperature calibration instruments
may come in a little low on Maslow's hierarchy of needs. Food, shelter
and ISO 9000 compliance may come first...
-- Hart Scientific unofficial y2k page
------------------------------
From: Enterrottacher Andreas <[EMAIL PROTECTED]>
Subject: Re: DES cfb stream cypher and "whitening" or initialization
Date: Sun, 05 Sep 1999 20:29:34 +0200
Tom St Denis schrieb:
>
> In article <7qu4u2$1jsc$[EMAIL PROTECTED]>,
> ...
> Ok. What is so wrong with RC4 that keysearch is not the fastest attack?
It's very hard to get information about cryptanalysis done on RC4, so I
couldn't say brute-force is the fastest attack.
The whole time it was allowed to export from the US RC4 with 40 bit
keysize
while it wasn't to export blowfish with 40 bit keysize because of it's
slow
key-shedule (as mentioned some time ago in this group).
The key-shedule of RC4 is extremely slow so what't wrong with this
cipher
that makes it exportable?
> ...
> I think the main picture is how you use the cipher. You seem to miss that
> more often then not. Of couse RC4 is weak if you use the same session key on
> a million messages (your THINK message) ...
Or on two messages.
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
Date: Sun, 5 Sep 1999 20:52:21 +0200
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Schneier/Publsied Algorithms
Mr Eric Lee Green...stop lecturing us from your Ivory Tower...
you probably have never written a computer programm in your life.Maybe read a few
books...
With regard to th wraparound..sorry..you just have to put up with this..
My JBN fromt end cant seem to translate the CR when it sends it through
the remailers..in any case Mr Green you probably would not know what that is anyway.
But I insist on having my quetion ANSWERED...Please Bruce Schneier:
Is this code for 2Fish on your Site...a comercial grade product or is it just
a piece of semi tested code for 2fish. What is it exactly ?
As I asked in my last posting..if I wanted to develop a commercial apps using 2fish..
What do I use? The code on your site...or is there ANOTHER DEAL.....???
Please Answer my Question...And as a pro programmer..I would not consider this stuff
on your website to be a robust commercial grade cipher...
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: NSA and MS windows
Date: Sun, 05 Sep 1999 19:09:18 GMT
On Sun, 05 Sep 1999 01:08:58 -0400, Dave Salovesh <[EMAIL PROTECTED]>
wrote:
>In article <7qqgs3$oan$[EMAIL PROTECTED]>,
>"Roger Schlafly" <[EMAIL PROTECTED]> opined:
>
>>Maybe. Perhaps someone from the NSA suggested using a
>>backup key, and the MS programmers called it the NSA key.
>
>See <http://www.radium.ncsc.mil/tpep/process/faq-sect2.html#Q4>
>
>"The NSA is prohibited by the Computer Security Act of 1987 from
>attempting to directly address the needs of commercial systems."
Oh come now. They've ignored that prohibition so many times that they
probably have forgotten that it ever existed.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: RSA the company
Date: Sun, 05 Sep 1999 19:11:03 GMT
On Sun, 05 Sep 1999 18:30:28 GMT, "S. Sampson" <[EMAIL PROTECTED]>
wrote:
>Has anyone called RSA and reached a real human besides the high school
>kids who transfer you to voice-mail? I don't see how they stay in
>business??
They didn't stay in business. Security Dynamics bought them some
years ago, and now it doesn't matter. They've dismembered RSA Labs
and haven't done anything interesting in years.
Sad, really.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: Enterrottacher Andreas <[EMAIL PROTECTED]>
Subject: Re: point of a cipher
Date: Sun, 05 Sep 1999 20:12:17 +0200
"SCOTT19U.ZIP_GUY" schrieb:
>
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] () wrote:
> >Tom St Denis ([EMAIL PROTECTED]) wrote:
> >: Now tell me where 'magical' compression methods come in. Either you know the
> >: key, and get the message, or you don't know the key and you only get random
> >: crap. I agree that compression helps remove redundancies, but it doesn't
> >: hinder brute-force or any other attack outisde of just trying to decompress
> >: what you guessed M could be.
> >
> >Well, ciphertext-only attacks exploit partial knowledge of the plaintext.
> >This partial knowledge is the redundancy which compression suppresses.
> >
> >Thus, one of the ways in which the DES-cracker built by the EFF is
> >configured to be used is to search for decrypted blocks where the first
> >two bits of each byte all have the same value.
> >
> >Dave Scott's compression idea, "one-to-one compression" is intended to
> >totally frustrate a brute-force search. Normally, if a file is being
> >compressed using Huffman compression, the resulting file will consist of
> >any old number of bits. For transmission, it might be padded out to an
> >even number of bytes: then, some indication of how many bits of padding
> >are applied is needed.
> >
> >Usually, this means that there is a way to check an attempted decrypted
> >file for validity; if we remove the bits claimed to be padding, do the
> >remaining bits end on a Huffman symbol, or in the middle of one?
> >
> >Mr. Scott is trying to devise a method of Huffman compression which
> >removes this (very weak) opportunity for the attacker to narrow down the
> >space of possible keys. However, he is doing so at the price of
> >introducing other forms of redundancy, which I think are worse.
> >
> >John Savard
>
> Ok John I bite. What are those worse form of redundancy that make it
> worse.
>
> David A. Scott
At least the output of the one-to-one-compression is compressable while
encrypted text isn't: In a brute-force-attack one could try keys until
he
gets compressable data. The weak one-to-one-compression can be broken
afterwards.
Other attacks may be based on the fact that there exists redundancy
without
knowledge of the kind of redundancy.
Andreas Enterrottacher
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Some law informations...
Date: 5 Sep 1999 19:21:35 GMT
In <xzwA3.5602$[EMAIL PROTECTED]> <[EMAIL PROTECTED]> writes:
> I'm living in Canada and I'd like to know if I can export a relativly
>strong encryption program ( more than 256 bits). My program will be in the
>public domain.
Look at
axion.physics.ubc.ca/pgp.html
in the legal section at the end for quotesfrom the Canadian Export
Control List. also thee is a reference to Marc Plumb's test of the
Canadian law. If you are concerned, talk to a lawyer.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RSA the company
Date: 5 Sep 1999 19:23:48 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Bruce Schneier) writes:
]On Sun, 05 Sep 1999 18:30:28 GMT, "S. Sampson" <[EMAIL PROTECTED]>
]wrote:
]>Has anyone called RSA and reached a real human besides the high school
]>kids who transfer you to voice-mail? I don't see how they stay in
]>business??
]They didn't stay in business. Security Dynamics bought them some
]years ago, and now it doesn't matter. They've dismembered RSA Labs
]and haven't done anything interesting in years.
Did they retain the exclusive license agreement with respect to MIT's
patent on RSA? Did that agreement survive the buy out?
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Schneier/Publsied Algorithms
Date: Sun, 05 Sep 1999 10:24:29 -0700
Ralf Stephan wrote:
> Eric Lee Green:
> >On the other hand, public key encryption (like in the "microsoft thing")
> >is a fairly new field (and there has been an insinuation that actually
> >it's an older field, that the NSA had it for years before Shapir et. al.
> >let the genie out of the bottle),
>
> We know that at least the Brits had it years before.
And the page you referenced me to implies that the NSA may have had it
for years before the Brits.
> >But then again, for my particular application I don't care much if the
> >NSA can crack it, as long as random criminals can't crack it.
> What hypocrisy --- spasmodically holding to your rifles
> and, at the same time, delivering yourself on a golden plate!
I'm primarily interested in encryption as a mechanism for protecting
financial data from criminals, not as a political statement. In my
opinion, openness is a far better policy when dealing with a nominally
democratically elected government. Secrecy as a political tool is the
technology of tyrants and wanna-be tyrants, not of a free people. But
this is a subject for talk.politics.crypto.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: talk.politics.crypto
Subject: Re: Second "_NSAKey"
Date: 5 Sep 1999 19:28:36 GMT
In <7qsr5e$mff$[EMAIL PROTECTED]> "Rick Braddam" <[EMAIL PROTECTED]> writes:
>4. Any attempt to change or replace _Key will disable use of CAPI.
I think the problem is that the DLLs which are needed for the Crypto API
are signed by this first key. Thus, if that key is disabled Win will not
load its own DLLs. If you replace them with some written by you and
signed with the new key, things will again work.
...
>Doesn't anyone else think it strange that _Key cannot be replaced without disabling
>CAPI but _NSAKey can?
No, the API is just following its own specs here. Ie, validate with
first key. If that does not work, try the second. this is applied to the
base DLLs that the crypto API loads as well as to user ones, and those
are signed with the first key.
------------------------------
Date: Sun, 05 Sep 1999 19:31:56 +0100
From: sha99y00000 <[EMAIL PROTECTED]>
Subject: Re: Mystery inc.
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<br>ORIGINAL MESSAGE:
<br>=================================================
<br>Looking for somewhere to discuss possible "real world" ciphers such
as
<br>Poe and Beale.
<br>Where people can exchange and share their thoughts, info. and progress
<br>in such ciphers.
<br>==================================================
<br>
<p>> So far as net news groups go, sci.crypt seems to be the place.
<p>It was the only one I could find after it was forwarded to me. This
group though seems more
<br>heavily into advanced modern encryption and decryption that would more
suit computer
<br>hackers than myself. All the terminology is way above my head.
<br>
<p>> Less interactive, but still of value, are articles in the ACA's
<br>>"The Cryptogram" and in "Cryptologia".
<p>You said it: Less interactive. A good place to start but not on continuing.
That's why I came
<br>here, hoping that others with the same interests, would share there
thoughts. Find if any
<br>progress had been obtained. What people had tried. etc. etc.
<p>> The nature of the Beale cipher is such that any real progress is
<br>> more likely to be exploited (by mounting a treasure-digging
<br>>expedition) than shared.
<p>I can see your point here, but discussions on the feasibility of it
genuineness. How people
<br>have attack the problem. What resources have they used etc. etc.
<br>For 1. Has anyone noticed a possible clue to the key actually visible
within the codes
<p> 2 Reasons for fake: someone found
lines like ABCDEFGHIJKLMN when deciphering
<br> #1 with DOI.
<br> Why would someone
code ABCDEFGHIJKLMN than randomly writing any code
<br> numbers to create
garbage?
<br> Would finding
ABCDEFGH, etc. show that some sort of transposition has been used
<br> within the code?
<p> I hope this gets the ball rolling.
<br>And I'm not just on about Poe and Beale codes. Those are just examples.
There are codes
<br>out there that have been unresolved for too long.
<p>Sha99y
<p>After reading => sci.crypt charter: read before you post (weekly notice)
<br>I have decided to also post this at => sci.crypt.research</html>
------------------------------
From: John Pliam <[EMAIL PROTECTED]>
Subject: Re: SQ Announcement
Date: Sun, 05 Sep 1999 19:16:24 +0000
David Wagner wrote:
> Yes, there are some ciphers which Shannon's theory lets you
> _prove_ to be secure (the one-time pad is the canonical example),
> but they all have a fundamental limitation: the size of the key
> must be at least as large as the size of the plaintext encrypted.
> As a result, information-theoretic security is widely considered
> impractical for real-life use.
I think I would tend do disagree with this assessment for
2 reasons:
1. There is evidence that OTP's were used in real-life
applications for decades. They really have been considered
practical precisely when the risk of compromise is
unacceptable.
2. In many cases, provable security provides the mechanism
for translating the relatively hard problem of unbreakable
encryption into some set of simpler problems, e.g. (i)
cryptographically strong PRNG, plus (ii) unbreakable
encryption assuming access to a pool of random numbers
larger than the key size. Insights gained from (ii) --
about what kinds of compromises can be safely made --
clearly have practical implications, IMHO.
I'm not saying I have read this thesis and have concluded that it
covers new ground (in fact I will procrastinate that in protest
to being spammed :-). But, I think there is room for this type
of investigation. IMHO, not all valid research in cryptography
has the goal of the fastest cipher. If I worked in a 3-letter
agency and wanted to report evidence of the illegal activities of
my superiors, I would gladly trade a factor of 2 in performance
for an assurance of security. Wouldn't you?
John Pliam
[EMAIL PROTECTED]
http://www.ima.umn.edu/~pliam
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: point of a cipher
Date: 5 Sep 1999 12:43:06 -0700
In article <o1oA3.21146$[EMAIL PROTECTED]>,
Richard Parker <[EMAIL PROTECTED]> wrote:
> David Scott is using "w-pcbc" as an all-or-nothing transform (AONT).
I disagree. An AONT transform is unkeyed, and does not itself provide
confidentiality. Rather, David Scott is using "w-pcbc" as a block cipher
structure (think of it as an alternative to the Feistel structure).
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Crossposted-To: talk.politics.crypto
Subject: Re: Second "_NSAKey"
Date: Sun, 05 Sep 1999 19:13:40 GMT
On Sun, 5 Sep 1999 11:21:32 +0200, [EMAIL PROTECTED] (Serge
Paccalin) wrote:
>On/le Sat, 4 Sep 1999 23:22:04 -0500,
>Rick Braddam <[EMAIL PROTECTED]> wrote/a �crit...
>> Doesn't anyone else think it strange that _Key cannot
>> be replaced without disabling CAPI but _NSAKey can?
>
>No, because it's not CAPI that is disabled, but all modules signed
>with _KEY. And currently, all of them are, because it's Microsoft's
>key, while _NSAKEY is just dormant, for now...
Both keys can be replaced; it's just that replacing the first key
leads to other problems.
Both keys are used to sign crypto suites; the suite is considered
valid if it is signed by either key. The first key is the primary key
that Microsoft uses to sign crypto suites. The second key is (they
claim) a backup key, and so far has not been used to sign anything.
If you replace the primary key, than anything signed by it would no
longer work. If you replace the secondary key, no one will notice (at
least at this point).
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: THE NSAKEY
Date: 5 Sep 1999 12:48:30 -0700
In article <[EMAIL PROTECTED]>,
Guenther Brunthaler <[EMAIL PROTECTED]> wrote:
> But as the president of an US-company that is dealing with
> cryptography, he undoubtedly has to make at least some minor
> provisions to government agencies, or they would shut down his company
> one way or the other.
>
> So Mr. Schneier has certainly to be very careful about what he's
> saying, especially regarding alleged government intrusion attempts
> into popular software (unless proven and verified already).
I call bullshit. You're making allegations that are absolutely unfounded.
Schneier has been outspoken against _many_ of the US government's crypto
policies; some might say that he is one of the biggest thorns in their side.
Please take personal attacks like these elsewhere.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: SQ Announcement
Date: 5 Sep 1999 12:51:00 -0700
We could debate whether OTP's are practical, but that's getting away from
the point I wanted to make.
I'm trying to ascertain whether the "Information Lose" theory provides
anything new over Shannon's theory of information-theoretic security, or
whether it is just a renaming of Shannon's approach. So far they look
equivalent to me (but I might be wrong; I didn't really follow the thesis).
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
