Cryptography-Digest Digest #198, Volume #10 Wed, 8 Sep 99 09:13:02 EDT
Contents:
Re: Confused about public key encryption (Michael Schmidt)
Where to get Yarrow to use with Delphi? (Johnston Family)
Re: NSA and MS windows (Geoff Thorpe)
Re: THE NSAKEY (Tom St Denis)
Re: THE NSAKEY (Tom St Denis)
Re: THE NSAKEY (Tom St Denis)
Re: n-ary Huffman Template Algorithm (Alex Vinokur)
Re: Win Crypto libs, was: Help with CryptoAPI: can not do the simplest thing!!!
(Felix Kasza [MVP])
Re: Confused about public key encryption (DJohn37050)
Re: simple key dependent encryption (Tom St Denis)
Self decimated lfsr (Cairus)
Re: Plaintext block size (Tom St Denis)
----------------------------------------------------------------------------
Date: Wed, 08 Sep 1999 10:21:24 +0200
From: Michael Schmidt <[EMAIL PROTECTED]>
Subject: Re: Confused about public key encryption
OK, here goes:
RSA is used in authentication, key negotiation AND encryption schemes.
RSA encryption, however, is pretty slow (magnitudes slower than
symmetric encryption). This is why it isn't used directly for bulk
data encryption.
Furthermore, RSA is patended in the US until (I think) October 2000.
Diffie-Hellman can be used for authentication and key negotiation,
but NOT for encryption. Diffie-Hellman is patent-free.
You should consider RSA encryption only for very tiny amounts of data.
Furthermore, its key generation is not completely trivial.
The usual approach is to use a symmetric key algorithm (like DES or
IDEA) for bulk data encryption. and to transmit the necessary symmetric
keys with RSA or Diffie-Hellman before.
I'm sure you can find Diffie-Hellman code on many locations on the web.
Check out the SKIP VPN algorithm (uses Diffie-Hellman) or check out the
FreeS/WAN code for Linux (www.xs4all.nl/~freeswan) which also uses
Diffie-Hellman.
The only other Public Key encryption scheme I can think of is El Gamal.
It's not very popular, however, and it's said to inflate data when
encrypting. I don't know about the patent situation.
Best regards,
Michael
Timur Tabi schrieb:
>
> Hi,
>
> I've been reading all sorts of web pages and
> newsgroup posts, and I've even been reading the book
> "Applied Cryptography", but I just cannot find what
> I'm looking for. I know it can't be that difficult,
> so I know I'm doing something incredibly stupid.
>
> I am looking for source code for patent-free public
> key encryption and decryption. The only two I know
> of are RSA and Diffie-Hellman, and I can't seem to
> find any source code for Diffie-Hellman.
>
> What I need to do is encrypt and digitally sign a
> short plaintext (about 100 bytes), and then decrypt
> and verify the plaintext. So I need source code for
> the encryption part, and source code for the
> decryption part. Some people have pointed me to
> pgpi.com or openssl.org, but I can't find anything
> there that I can use. The whole thing is very
> confusing, and I have some questions:
>
> 1. What patent-free algorithms are there besides
> Diffie-Hellman?
>
> 2. It appears to me that (maybe) public key
> encryption algorithms use symmetric key algorithms as
> their basis. This doesn't make any sense to me. What
> does DES have to do with PGP?
>
> 3. Apparently, PGP is not an algorithm per se, but a
> way to implement encryption algorithms in such a way
> to get public-key encryption. Again, I can't
> understand how.
>
> I have a dream. In this dream, I check my email, and
> the email contains the source code to two functions:
>
> void encrypt(char *plaintext, char *privatekey, char
> *ciphertext);
>
> Takes plaintext and privatekey as input, output is
> ciphertext.
>
> int decrypt(char *ciphertext, char *publickey, char
> *plaintext);
>
> Takes ciphertext and publickey as input, outputs
> plaintext. Returns a 1 if the ciphertext is valid
> (hasn't been tampered with), or a 0 otherwise.
>
> Can anyone make my dream into reality?
>
> --
> Remove "nospam_" from my email address when replying
> Timur "too sexy for my code" Tabi, [EMAIL PROTECTED]
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
--
===========================================
Michael Schmidt
===========================================
Institute for Data Communications Systems
University of Siegen, Germany
http://www.nue.et-inf.uni-siegen.de
===========================================
[EMAIL PROTECTED] /work/
[EMAIL PROTECTED] /home/
phone: +49 271 740-2332
fax: +49 271 740-2536
mobile: +49 173 3789349
===========================================
------------------------------
From: Johnston Family <[EMAIL PROTECTED]>
Subject: Where to get Yarrow to use with Delphi?
Date: Wed, 08 Sep 1999 17:37:48 +0800
Hi all.
I'd like to implement Yarrow in Delphi 4, are there any libraries (pref
freeware) which would be suitable?
Thanks,
Matt.
------------------------------
From: Geoff Thorpe <[EMAIL PROTECTED]>
Subject: Re: NSA and MS windows
Date: Wed, 08 Sep 1999 11:57:19 +0100
"SCOTT19U.ZIP_GUY" wrote:
> I wasn't going to comment much on this thread since it is obvious to
> most what I think the main purpose of the NSA is. However since you
> went out of your way to request a reply and you seem to miss my writtings
> I will reply. I feel the spin doctors will down play the whole thing and
> people will continue to shell out money to Microsoft to get inferior bug
> ridden software that they could get for free if they used LInux. Yes people
> are stupid and the spin masters know it. I guess I should feel lucky to be in
> the country that will benefit most form the rape of information from the
> people in dumber countries. I guess I should be happy our companys will
> continue to get the inside scoop on contract bids and such because if the
> Europeans are to stupid to think for themselves maybe they are better off
> under our control. We can contiue to buy there poilitcans with the money
> we steal from them. So go ahead Europe make OUR day. Oh that goes
> for New Zealand I just hope they leave enough cash there so they can
> continue to make XENA.
[perhaps the gene pool could use some chlorine] ... David, I write
crypto outside the US and the US export regulations make my job less
competitive than it would be without the regulations. I don't know
whether to feel sorry for the US or laugh, I guess it depends on who
we're talking about. On the one hand US foriegn policy rightly invites
ridicule and (at times) indignation, but on the other hand those
responsible for such foreign policy and export regulation are largely
the same, and are very distinct from the people who are hurt by all this
- for them I have to feel profoundly sad. If you regard us all as
"dumber countries" then I suggest you observe carefully who is allowed
to export crypto product to who. Also, take a look at the post-graduate
departments (especially maths, comp sci and other such sciences) in the
US - they've got the money and facilities, but often have 50% or more
international students (complete with scholarships) because not enough
US kids want to educate themselves. Compare it on levels of education,
culture, language, worldliness - doesn't really matter ... you might
find that the US isn't as all-powerful as you might imagine. But why am
I addressing that point? - those in the US who do know the difference
would never try to make a point like those you just tried to put
forward.
On top of that, I use Linux myself and work with a whole raft of
platforms - the list of which has Microsoft operating systems very near
the bottom.
So you'd probably expect me to agree with your points perhaps? David, I
think you're a paranoid and what you say is so littered with mindless
verbiage that when you manage to squeeze out one or two salient points
they become completely lost in the massive noise you otherwise flood
this list with.
FYI: The main reason they make Xena (and Hercules, and upcoming movies
like King Kong and Lord of the Rings, etc) in NZ is simply because it's
cheaper to fly out there, hire competant people and make the program for
a fraction of the cost they would have if they stayed at home within the
confines of the sterile unionised facile monolith that is the US
entertainment industry. Much like your posting, the US entertainment
industry occasionally offers up something not entirely mindless, but it
is usually buried so deeply within the sheer volume of muck that it is
hardly worth the effort sifting for.
Regards (of a sort),
Geoff
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Date: Wed, 08 Sep 1999 11:41:15 GMT
In article <7r2112$2ijm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Should we be on the floor laughing you got to be kidding.
> Of course you have an escape "NSA when they've earned it" that
> could mean anything. Such as Clinton was never "alone" with Monica.
Well just don't use MS crypto, don't attack people. I think the fact that
both Bruce and Matt are on the same side should say something.
> Well that is one explanation. Since you go out of you why to
> attack certain algorithms such as scott19u.zip but in only one brief
> statement you claim you haven't looked at it becasue the source code
> is to hard for your mind to decrypt into something you can understand.
> Makes my wonder what you really know about crypto.
Makes me wonder what you really know about crypto yourself. You couldn't
even answer the simple questions I had about scottu19 since welll ...???>
Well I guess I have attacked your honesty since how honest is it
> to declare something weak and then really never have looked at it since
> it is to complex for you. Don't you think that looks a little fishy. OF course
> you to busy with AES to do an honest look at mine. But not to busy to
> say that your method would easily show the death of it.
> Again I think the guy was being very nice to Bruce.
Does the fact that scottu19 sucks not come into play here? It's big, it's
slow it's not even well studied, presented or even demonstrated. You should
put more time into research and less time into yacking.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Date: Wed, 08 Sep 1999 11:43:36 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guenther Brunthaler) wrote:
> >Well I guess I have attacked your honesty since how honest is it
> >to declare something weak and then really never have looked at it since
> >it is to complex for you.
>
> Don't wonder, David. You are not Mr. Schneier, and thus your
> statements are not axioms that must be trusted without any suspicion.
>
> If Mr. Schneier had said "I BELIEVE Scott's encryptor may be secure",
> the other David would never have dared to declare it anything other
> than "VERY strong".
You might not believe this but David Wagner is a smart, talented person. He
is not 'attached' to Bruce as you might think, he has done work with Rivest
and others as well. I think this thread is way out of line.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Date: Wed, 08 Sep 1999 11:34:34 GMT
In article <7qvd7b$2gk4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <7quhee$ppg$[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] (David Wagner) wrote:
> >In article <[EMAIL PROTECTED]>,
> >Guenther Brunthaler <[EMAIL PROTECTED]> wrote:
> >> But as the president of an US-company that is dealing with
> >> cryptography, he undoubtedly has to make at least some minor
> >> provisions to government agencies, or they would shut down his company
> >> one way or the other.
> >>
> >> So Mr. Schneier has certainly to be very careful about what he's
> >> saying, especially regarding alleged government intrusion attempts
> >> into popular software (unless proven and verified already).
> >
> >I call bullshit. You're making allegations that are absolutely unfounded.
> >Schneier has been outspoken against _many_ of the US government's crypto
> >policies; some might say that he is one of the biggest thorns in their side.
> >
> >Please take personal attacks like these elsewhere.
> How could one consider that an attack. He was if anything explaining why
> Bruce anwsers many of the things the way he does. Before I just thought it
> was pure arragance and hate for those he considers lower than himself. But
> this guy gave reasons for some of Bruces anwsers. Bruce is not a thorn in the
> US government crypto. He is after all helping to sucker people into using the
> coming AES candidate. How could that be thought of as a thorn. Know maybe
> I am a thorn but. Since I don't have a company no one belives so I am less of
> a threat but still a small thorn.
Are you completely mental? He has attacked and broken many algorithms and
protocals. I seriously would trust him to get crypto right, because he knows
real crypto issues.
Why do you think AES will be the pancea of security? I am telling you right
now AES could disappear off the face of the earth and we will still have
secure algorithms left (Blowfish, RC5, CAST, RC4).
I think your allegations and attacks are unfounded and you are just looking
for someone to flame. Let's see you break some standards first.... then you
can talk about who knows what.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Alex Vinokur <[EMAIL PROTECTED]>
Crossposted-To: sci.image.processing,sci.math,alt.comp.compression
Subject: Re: n-ary Huffman Template Algorithm
Date: Wed, 08 Sep 1999 11:52:55 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Alex Vinokur wrote:
> >
> >
> > The difference is that Template Huffman can use
> > not only numerical weights.
> > What is non-numerical weight?
> > That must be defined by user (if his problem requires such
weights).
>
> I have tried a few times to ask you to show us the applications
> of your supposedly generalized Huffman scheme, but yet of no avail.
> Hence here once again:
>
> Could you give us at least ONE single CONCRETE example of practical
> applications of your scheme???
I am not aware of applications with non-numerical weights (today),
and I would like to know if ones exist as well
(see http://www.deja.com/=dnc/[ST_rn=ps]/getdoc.xp?AN=447043377)
> Writing a program is in my conviction
> a different kind of undertaking than, say, doing abstract mathematics.
> While in the latter one needs only to have a nice self-consistent
> theory that offers opportunities of further development, in the
> former there MUST be a justification of the work. It is never the
> case (in fact it would be absurd) that a program awaits for its
> applications
I am not sure that it is absurd.
> and it is always the case that one has problems or
> class of problems that await programs to be written to solve them.
> If you can't give us an example of PRACTICAL
non-numerical
> applications, then
> your program is useless.
Today -> We can use this program to build Huffman trees
with different kinds of words (characters, strings)
and different kinds of weights (integer, numerical non-integer).
> (I am sorry to say that. Please note that I
> have nothing against you personally at all, but only against the way
> of doing things.) From what you cited in a previous post concerning
> the supposed possibility of comparing {cow, tulip} with {orange}
> as a basis for defining the operator '>', I suspect (unless you can
> concretely show the opposite) that "applications", if any, of your
> program must be belonging to an imaginary world that is quite
> different from the one we are living in. Note that I am not
> asking you to explain the programming methodology (which your
> most recent follow-up intends to illustrate). I am asking you
> to show us a (practical, real-life) field where the application
> of your program leads to substantial (practical) benefit.
I am also interested in such applications.
> If there are already publications of USERS of your program, then it
> certainly suffices that a literature reference be given. Otherwise
> please kindly give us a bit (concrete, down to the earth) details,
> including the name of the particaular discipline in which the
> program has been found to be useful, the nature of the problem or
> problems being solved and above all the specific meaning
> (semantics) of the operators '>' in those particular problem
> settings. For without that no one can evaluate your new scheme any
> better than those stuffs that are commonly presented in science
> fictions. Let me close by repeating the question in my previous post
> as a summary:
>
> What does your encoding scheme achieve?
1. We can use the same program
for different kinds of numerical weights
and different kinds of words (charactes, strings).
2. If applications with non-numerical weights come,
the program will be ready to create their Huffman trees.
>
> M. K. Shen
>
Thank you very much for your attention,
Alex
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Felix Kasza [MVP])
Subject: Re: Win Crypto libs, was: Help with CryptoAPI: can not do the simplest
thing!!!
Date: Wed, 08 Sep 1999 10:56:03 GMT
Crossposted-To:
microsoft.public.win32.programmer.networks,microsoft.public.win32.programmer,comp.os.ms-windows.programmer.win32
Taavo,
> [...] a library of basic crypto routines that will run on windows?
> I need DES, RC2, SHA, and HMAC.
http://www.eskimo.com/~weidai/cryptlib.html -- export-controlled, mind
you.
--
Cheers,
Felix.
If you post a reply, kindly refrain from emailing it, too.
Note to spammers: [EMAIL PROTECTED] is my real email address.
No anti-spam address here. Just one comment: IN YOUR FACE!
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Confused about public key encryption
Date: 08 Sep 1999 12:10:43 GMT
Check out IEEE P1363 reballot draft standard. Use any search engine.
Don Johnson
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: simple key dependent encryption
Date: Wed, 08 Sep 1999 11:52:02 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> steve cator <[EMAIL PROTECTED]> writes:
>
> >i don't know much, if anything, about encryption. nonetheless, i have
> >written a simple encryption program to encrypt any type of file, and i
> >have a couple of questions about the nature of the encryption scheme.
> >
> >here's basically how it works:
> >
> >1. the user enters a key.
> >2. the program reads in a file, byte by byte.
> >3. the value of each byte is added to the next ascii value of the key,
> >and written back to the file.
> >
> >for decryption, the ascii value of the each key character is SUBTRACTED
> >from the byte. the program does not care what the key is, and will
> >subract values from the bytes dependent of the current key.
> >
> >my questions:
> >
> >a) what is this type of encryption called?
> >b) am i wrong in thinking this type of key dependent encryption would be
> >tough to crack?
>
> a) A polyalphabetic cipher with a mixed alphabet and a repeating key.
> b) Yes, you are wrong.
Isn't it just a Vingere cipher?
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Cairus <[EMAIL PROTECTED]>
Subject: Self decimated lfsr
Date: Wed, 08 Sep 1999 11:45:31 GMT
I'm interested in the security of self-decimated lfsr. In the basic
model [d,k], due to Rueppel, when the output of the lfsr is 0 the lfsr
is clocked d times, otherwise k times (see Applied Cryptography, second
edition, p.386). It is clear that this model is very insecure since each
output bit reveals a state bit and the position of the next state bit to
be copied to the output. It seems to me that this problem could be
solved simply using different stage bits for the output and the feedback
control and that in this case d and k could have the typical values 1
and 2. However Rueppel (Contemporary Cryptology, p.106) suggests that d
and k should be BOTH GREATER THAN 1. Could anyone help me to understand
what is the difference with regard to the security?
Thanks in advance.
Best regards,
Cairus
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Plaintext block size
Date: Wed, 08 Sep 1999 11:49:41 GMT
In article <7r4nb5$[EMAIL PROTECTED]>,
"Kwong Chan" <[EMAIL PROTECTED]> wrote:
> My understanding is that for a stream cipher, both the input plaintext
> alphabets,
> the ciphertext alphabets and the key alphabets consists of {0,1}. And the
> substitution mapping is defined by
>
> S=p xor z
>
> Hence, each key stream bit z defines a substitution and for the same
> plaintext, say p=0,
> if z=0, then p is mapped to 0, if z=1 then p is mapped to 1.
>
> If I am misunderstanding, please point me to the right direction.
I think you are missing one crucial point, a stream cipher is not a fixed
substitution. your 'z' values might be like z = { 0, 0, 1, 0, 1, 1, 1, ...,
0 } so 50% of the time you use one substitution and 50% of the time you use
another. With a block cipher the same substitution is always being used i.e
Dk(Ek(P)) = P no matter how many times you do that.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
