Cryptography-Digest Digest #195, Volume #10 Tue, 7 Sep 99 18:13:03 EDT
Contents:
Re: Help with CryptoAPI: can not do the simplest thing!!! ("Roger Schlafly")
Re: Some law informations... (Paul Koning)
Re: Second "_NSAKey" (Paul Koning)
Re: Alleged NSA backdoor in Windows CryptoAPI ("Markku J. Saarelainen")
Re: Deniability (Mok-Kong Shen)
Re: Pincodes (Patrik Norqvist)
Re: Help with CryptoAPI: can not do the simplest thing!!! (John Savard)
Re: "Simple question" about DES (Anton Stiglic)
Re: Some law informations... (Mok-Kong Shen)
Re: sourcecode of DES in VB (Mok-Kong Shen)
Re: Description of SQ (Mok-Kong Shen)
Re: THE NSAKEY (Guenther Brunthaler)
Re: NSA and MS windows (Dave Salovesh)
Re: Mystery inc. (Jim Gillogly)
Re: THE NSAKEY (Guenther Brunthaler)
Re: sourcecode of DES in VB (James Pate Williams, Jr.)
Re: THE NSAKEY ("karl malbrain")
----------------------------------------------------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Crossposted-To:
microsoft.public.win32.programmer.networks,microsoft.public.win32.programmer,comp.os.ms-windows.programmer.win32
Subject: Re: Help with CryptoAPI: can not do the simplest thing!!!
Date: Tue, 7 Sep 1999 11:38:51 -0700
Taavo Raykoff wrote in message <[EMAIL PROTECTED]>...
>It seems impossible to do the most simple task with CryptoAPI.
Yes, that's right. It is designed for a very limited set of applications,
and is not very flexible. As with other Microsoft APIs, one of the
purposes is to tie you to the Microsoft platform.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Some law informations...
Date: Tue, 07 Sep 1999 14:32:15 -0400
Withheld wrote:
>
> In article <xzwA3.5602$[EMAIL PROTECTED]>, Micha�l
> Chass� <[EMAIL PROTECTED]> writes
> >Hi,
> >
> > I'm living in Canada and I'd like to know if I can export a relativly
> >strong encryption program ( more than 256 bits). My program will be in the
> >public domain.
> >
> >Thank's
> >
> >Micha�l Chass�
> >Qu�bec, Canada
> >
> For a question like this you'd be better off talking to a professional,
> qualified lawyer.
>
> Personally I wouldn't trust my legal freedoms to faceless people on the
> Net, who may or may not know anything about the subject!
Good advice.
Meanwhile, here's a data point. The Linux IPSec protocol implementation
was done in Canada because its authors had it on good authority that
GPL software could be exported without restriction from Canada.
See http://www.xs4all.nl/~freeswan/index.html for more.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Second "_NSAKey"
Date: Tue, 07 Sep 1999 14:28:15 -0400
Bruce Schneier wrote:
>
> On Sun, 5 Sep 1999 11:21:32 +0200, [EMAIL PROTECTED] (Serge
> Paccalin) wrote:
>
> >On/le Sat, 4 Sep 1999 23:22:04 -0500,
> >Rick Braddam <[EMAIL PROTECTED]> wrote/a �crit...
> >> Doesn't anyone else think it strange that _Key cannot
> >> be replaced without disabling CAPI but _NSAKey can?
> >
> >No, because it's not CAPI that is disabled, but all modules signed
> >with _KEY. And currently, all of them are, because it's Microsoft's
> >key, while _NSAKEY is just dormant, for now...
>
> Both keys can be replaced; it's just that replacing the first key
> leads to other problems.
>
> Both keys are used to sign crypto suites; the suite is considered
> valid if it is signed by either key. The first key is the primary key
> that Microsoft uses to sign crypto suites. The second key is (they
> claim) a backup key, and so far has not been used to sign anything.
>
> If you replace the primary key, than anything signed by it would no
> longer work. If you replace the secondary key, no one will notice (at
> least at this point).
Oh, neat.
That suggests it's trivial to defeat the purpose of those keys
(prevent the use of crypto modules not signed by MS, i.e., subjected
to export blessing via MS proxy). Anyone could create a crypto module
anywhere, and sign it wit his own key, and supply that key along
with the module.
Is that right?
paul
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Alleged NSA backdoor in Windows CryptoAPI
Date: Tue, 07 Sep 1999 14:49:21 +0000
If this is the case, the company becomes automatically the front of the
intelligence agency.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Deniability
Date: Tue, 07 Sep 1999 22:31:59 +0200
Anonymous wrote:
>
>
> When you're not sending sensitive material, you encrypt the message with
> the cover-traffic key and pad it with an equal sized block of random data.
> This is your normal mode of operation. When you need deniability, you
> lie and claim that this was what you used, that only half the message
> can be decrypted and the other half is noise. You then decrypt the
> cover half and your real message is kept safe.
Maybe I misunderstood. But I am not sure that this is acceptable
to the person demanding decryption from you. For you could otherwise
just as well always pair a plaintext message with an enciphered
message and claim that it is your practice to pad your messages
with random stuffs that way.
M. K. Shen
------------------------------
From: Patrik Norqvist <[EMAIL PROTECTED]>
Subject: Re: Pincodes
Date: Tue, 07 Sep 1999 21:49:48 +0200
Daniel James skrev:
>
> In article <[EMAIL PROTECTED]>, Walter
> Hofmann wrote:
> > Daniel James <[EMAIL PROTECTED]> wrote:
> [snip]
> > >
> > > It would also prevent the user from changing their PIN and would
> >
> > Good. This prevents PINs like 1234.
> >
> > > require that a new PIN be issued whenever a new card was issued.
> >
> > Fine. Regulary changing a password is a good security practice.
> >
>
> <smile>. From a security POV, of course, I agree somewhat with what you
> say.... However any bank will tell you that their customers demand the
> ability to change their PINs - albeit to something daft - and keep it that
> way for ever - and the customer is always right (allegedly).
Costumers are not that powerful everywhere. AFAIK there is (today maybe
was) only one bank in Sweden that allows you choose/change your
PIN-code. For other banks: The code comes with the card, and can't be
changed. When you get a replacement card, whatever the reason may be,
you get a new code. If you forget the code, you have to get a new card -
the bank will not assign a new code to the card.
Regards
/NOR
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To:
microsoft.public.win32.programmer.networks,microsoft.public.win32.programmer,comp.os.ms-windows.programmer.win32
Subject: Re: Help with CryptoAPI: can not do the simplest thing!!!
Date: Tue, 07 Sep 1999 19:56:07 GMT
Taavo Raykoff <[EMAIL PROTECTED]> wrote, in part:
>How hard is it to allow importing the raw keys into CryptoAPI?
The CryptoAPI is designed to prevent unauthorized use of its
functions, so that, for example, a foreign customer permitted to use
56-bit encryption won't be able to use the provided DES function to
perform 112-bit or 168-bit Triple DES encryption.
Hence, the CryptoAPI should be avoided unless you have a specific
export compliance requirement.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: "Simple question" about DES
Date: Tue, 07 Sep 1999 15:56:50 -0400
> Yes, someone does understand it. You mean BECOME CONVERSANT. Karl M
Gee, thanks alot for the help punk!
as
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Some law informations...
Date: Tue, 07 Sep 1999 22:22:56 +0200
Micha�l Chass� wrote:
>
> Hi,
>
> I'm living in Canada and I'd like to know if I can export a relativly
> strong encryption program ( more than 256 bits). My program will be in the
> public domain.
I suppose that people at www.efc.ca (EFC is the Canadian counterpart
of EFF) can certainly give you competent informations that you need.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: sourcecode of DES in VB
Date: Tue, 07 Sep 1999 22:34:18 +0200
Buchinger Reinhold wrote:
>
> I need a version of DES in VB (possible in Pascal). It could also be a
> simplified DES. It's only to see how it works.
There is a rather old book:
Harry Katzan, The Standard Data Encryption Algorithm.
Petrocelli Books, New York, 1977.
which provides a bitwise walk-through of the DES. The implementation
is in APL. Even if you don't read APL, you can very well use
the computer output given there to check the intermediate results
of your own implementation.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Description of SQ
Date: Tue, 07 Sep 1999 22:29:25 +0200
Kostadin Bajalcaliev wrote:
>
> I am using this museum story to introduce the using of the same idea in SC
> design. For example, there is a PRBG with 8 bits output per iteration, if we
> discard one of them we get 7 bit value (I call this �secondary output�), so
> the output sequence constructed does not carry the whole information about
> the generated output values. Having xk=F(xk-1); 8 bit generator, discarding
> the first result is ZYYYYYYY, where Z is the discarded bit. Let Z�XXXXXXX
> and Z��YYYYYYY be two successive values connected by Z�YYYYYYY=F(Z��
> XXXXXXX); but Z� and Z�� are unknown so there 4 different equates and only
> one of them is the true.
>
> 0YYYYYYY=F(0XXXXXXX);
> 0YYYYYYY=F(1XXXXXXX);
> 1YYYYYYY=F(0XXXXXXX);
> 1YYYYYYY=F(1XXXXXXX);
>
> It is impossible to mathematically found which is the true one if Z is
> unknown. Prediction can be made but that is equal to the problem of guessing
> the original form of the puzzle brick. If the generator output is 32bit but
> only one bit from each generated value is used to form the output sequence,
> then guessing these 31 missing bits is practically impossible.
Let the 8 bit output be denoted by H and let's append to H one bit B
and call BH (9 bits) the output of a new generator. If B
is always produced as 0101010101 or 1111111111, do you think that
deleting B from the output BH matters for the analysis of the new
generator? It is known that the output bits of e.g. LCPRNGs have
more or less high correlations, particularly in the lower order
positions. The above two points indicate that in general the effect
(on analysis) of omitting one bit from the outputs of a generator
depends very much on the 'quality' (difficult to define) of that
generator. Anyway, it seems safe to say that omitting one bit from
the outputs of a generator does not mean that the analyst has
to guess one full bit but something less than that.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen (new addr.)
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: THE NSAKEY
Date: Tue, 07 Sep 1999 21:24:29 GMT
On Tue, 07 Sep 1999 04:32:36 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> Should we be on the floor laughing you got to be kidding.
>Of course you have an escape "NSA when they've earned it" that
>could mean anything. Such as Clinton was never "alone" with Monica.
Indeed. This guy seems to have a very high trust in statements of
belief.
>Well I guess I have attacked your honesty since how honest is it
>to declare something weak and then really never have looked at it since
>it is to complex for you.
Don't wonder, David. You are not Mr. Schneier, and thus your
statements are not axioms that must be trusted without any suspicion.
If Mr. Schneier had said "I BELIEVE Scott's encryptor may be secure",
the other David would never have dared to declare it anything other
than "VERY strong".
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: Dave Salovesh <[EMAIL PROTECTED]>
Subject: Re: NSA and MS windows
Date: Tue, 07 Sep 1999 17:41:33 -0400
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> opined:
>Then you haven't been paying attention. The backup key allows MS
>to get the product certified for export without having to hand over
>their private key.
A backup is only a backup if you don't use it for anything else.
I think what you're getting at is that export approved CSPs would carry
both an MS signature and a signature from the reviewer. If the backup
key is used to check for export approval:
1) It's not a backup.
2) MS could say so (the existence of such a key wouldn't be a secret, it
would be national security policy).
3) MS wouldn't be the sole holder of the keys, as they've claimed.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Mystery inc.
Date: Tue, 07 Sep 1999 21:46:14 +0000
"Douglas A. Gwyn" wrote:
> Jim Gillogly wrote an article about this in Cryptologia, V4N2.
> Decrypting Beale-1 with the Declaration of Independence produced
> ABFDEFGHIIJKLMMNOHPP. He considers that evidence of a hoax, but
> I don't think it's conclusive. If it had been precisely
> ABCDEFGHIJKLMNOP then I would agree it must be a hoax, but an
> "approximately alphabetic" stretch could be found by accident.
> (Gillogly pointed out that the first F and last H could have
> been off-by-one encipherments of C and O, respectively, which
> makes it somewhat more suspicious.)
John King did a more careful numbering of the DOI to eliminate the
off-by-one errors in Beale #2 (the one with the known plaintext),
and it eliminated the off-by-one errors in the alphabetic strings
I found in Beale #1 as well. His rendition of these strings are:
My "naive" DOI numbering King's B2-optimized numbering
AAAB AAABBCDEFF
AABBCC ABBBCCCCDDE
BCDD BCDDE
ABFDEFGHIIJKLMMNOHPP ABCDEFGHIIJKLMMNOHPP
He echoes my note that the last H in the last one is an off-by-one for
O, and says it's consistent with the ones he fixed based on B2, but its
change wasn't implied by a necessary B2 fix.
I'm still convinced that the DOI is the key to Beale #1, such as it is,
and we know all we're going to about what it says.
King's paper is "A Reconstruction of the Key to Beale Ciphr Number Two"
in Cryptologia XVII #3 Jul 1993 pp. 305ff.
--
Jim Gillogly
Highday, 16 Halimath S.R. 1999, 21:36
12.19.6.9.4, 10 Kan 12 Mol, Fourth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Guenther Brunthaler)
Subject: Re: THE NSAKEY
Date: Tue, 07 Sep 1999 20:59:23 GMT
On 6 Sep 1999 18:55:24 -0700, [EMAIL PROTECTED]
(David Wagner) wrote:
>If you have any objective evidence, don't hold back. (Speculation
>doesn't count.)
If I really had hard evidence, you could not read my articles, because
I would most likely have died a very sudden natural death or by a
highly coincidental accident.
No, my suspect is based on the following simple facts:
* There is interest by the NSA
* The NSA has the resources
* The NSA had the opportunity
* It's part of the NSA's job to act in such a way
- So why shouldn't they have done it?
>But I don't think you have any. I think you're engaging in
>character attack without substantiation
In security issues a 50:50 chance is not the same as in other regards.
In a court trial, it is ok to say "innocent until proven guilty".
But for security products, other rules apply.
Just think of the MD5 algorithm. Due to my knowlege, there is still no
published algorithm how to modify the plaintext in order to create
collisions in a controlled way - but nevertheless MD5 is considered
potentially insecure.
>I think all the evidence out there actually shows quite the
>opposite of what you're alleging: that Bruce Schneier has not
>pulled any punches in criticising the NSA when they've earned it,
>and that he's been one of the most vocal in the cryptographic
>community to do so.
I never said that Mr. Schneier likes the NSA or may be an NSA ally - I
only suspected that Mr. Schneier may not be as free in his public
statements as he could be without the responsibility for the success
of his company and employees.
>Or, the other possible explanation is that maybe his "strange"
>statement may actually have some technical merit.
Unfortunately, I have never heard of any technical merit.
>Note that some
>other experts in the field (say, Matt Blaze) are saying similar
>things.
Yes, they are all SAYING that they believe this and that.
But they never gave any hard evidence WHY they believe what they say -
other than trusting Microsoft and the NSA.
>Hmm, could this be the explanation? Naaah...
What, that some people have their beliefs? I have no problems with
other people's beliefs or religions, but I make a clear distinction
between the belief of an expert and an expertise of the same expert.
For you, such differences may be peanuts.
For me, they are essential.
>In my opinion, there is no credible technical evidence that the
>_NSAKEY "lets the NSA spy on every Windows machine on the planet",
>only speculation and FUD.
I did not say that.
I assume, ANYONE can spy on every Windows machine that is attached to
the internet and using Internet Explorer 5. There are by far enough
security holes "incorporated" within that fine product.
And perhaps not all of them are results of buggy programming.
BTW, I also see no reason why the NSA should not have a copy of the
primary Microsoft key also.
Even if Microsoft should not be aware of this - they are using their
own products, and so the very capable NSA hackers should not have any
substantial problems getting any information they want off the
Microsoft servers by exploiting some of the several security holes.
And even if this should not be that easy, the NSA has certainly the
resources for a physical security breach or at least tempest attacks,
if that should be necessary to obtain a copy of the key.
In fact, I would be very disappointed of the NSA if they had not have
got a copy of all the Microsoft master keys already.
>I hope holding that opinion doesn't mean the NSA must be
>pulling my strings, too.
Well, only few people I know trust the NSA as much as you seem to do.
But on the other hand, you may only be underestimating them.
I remember some sentence from the PGP manual where Mr. Zimmerman is
talking with an NSA guy about people trusting weak security products
and the latter one smiling and saying something like "Yes. And that
makes our job so much easier."
>It's one thing to disagree with someone else's technical statements;
>it's quite another to attack their honesty.
There is a subtle difference between lying and not telling the whole
truth. I never said Mr. Schneier would lie.
For instance, perhaps it is really not the NSA who owns the NSAKEY,
but some other, related intelligence agency - say the CIA.
So, even if Mr. Schneier knew this, he is definitely not lying when he
says "I do not believe that the key is owned by the NSA".
Greetings,
Guenther
--
Note: the 'From'-address shown in the header is an Anti-Spam
fake-address. Please remove 'nospam.' from the address in order
to get my real email address.
In order to get my public RSA PGP-key, send mail with blank body
to: [EMAIL PROTECTED]
Subject: get 0x2D2F0683
Key ID: 2D2F0683, 1024 bit, created 1993/02/05
Fingerprint: 11 71 47 2F AF 2F CD F4 E6 78 D5 E5 3E DD 07 B5
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: sourcecode of DES in VB
Date: Tue, 07 Sep 1999 21:09:38 GMT
On Tue, 07 Sep 1999 21:06:37 GMT, [EMAIL PROTECTED] (James Pate
Williams, Jr.) wrote:
>On Mon, 6 Sep 1999 20:05:37 +0200, "Buchinger Reinhold"
><[EMAIL PROTECTED]> wrote:
>
>>I need a version of DES in VB (possible in Pascal). It could also be a
>>simplified DES. It's only to see how it works.
>>I am very grateful for any help !
>
>The algorithm is given in the _Handbook of Applied Cryptography_ by
>Alfred J. Menezes et. al. Chapter 7 7.4.2 pages 252-256. You can find
>this chapter on-line if you search for it. Try searching recent posts
>to sci.crypt by Menezes or do a wb search using his name or the title
>of the handbook. I implemented the algorithm easily from the handbook
>in C.
The _Handbook of Applied Cryptography_ website is:
www.cacr.math.uwaterloo.ca/hac/
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Date: Tue, 7 Sep 1999 14:59:53 -0700
Guenther Brunthaler <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Tue, 07 Sep 1999 04:32:36 GMT, [EMAIL PROTECTED]
> (SCOTT19U.ZIP_GUY) wrote:
>
> > Should we be on the floor laughing you got to be kidding.
> >Of course you have an escape "NSA when they've earned it" that
> >could mean anything. Such as Clinton was never "alone" with Monica.
>
> Indeed. This guy seems to have a very high trust in statements of
> belief.
>
> >Well I guess I have attacked your honesty since how honest is it
> >to declare something weak and then really never have looked at it since
> >it is to complex for you.
>
> Don't wonder, David. You are not Mr. Schneier, and thus your
> statements are not axioms that must be trusted without any suspicion.
CONTRA-POSE: worry/judgement. Thanks, karl m
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
