Cryptography-Digest Digest #199, Volume #10 Wed, 8 Sep 99 11:13:06 EDT
Contents:
compression and encryption ("Shaun Wilde")
MUM III (3 Way Matrix Uninvertable Message) ("Gary")
Re: Win Crypto libs, was: Help with CryptoAPI: can not do the ("Richard Parker")
Hash of a file as key ("Gary")
Re: Hash of a file as key (Jean-Jacques Quisquater)
Re: compression and encryption (SCOTT19U.ZIP_GUY)
Re: simple key dependent encryption (JPeschel)
Re: NSA and MS windows (Jim Russell)
Re: Hash of a file as key ("Gary")
Re: Where to get Yarrow to use with Delphi? (Eric Lee Green)
Re: Confused about public key encryption (Eric Lee Green)
Re: NSA and MS windows (Paul Crowley)
Re: NSAKEY as an upgrade key (Was: NSA and MS windows) (Paul Crowley)
Re: NSA and MS windows (SCOTT19U.ZIP_GUY)
Re: Hash of a file as key ("Richard Parker")
Re: Factorization of 512-bits RSA key (Damian Weber)
Re: Hash of a file as key
----------------------------------------------------------------------------
From: "Shaun Wilde" <[EMAIL PROTECTED]>
Subject: compression and encryption
Date: Wed, 8 Sep 1999 13:11:49 +0100
should I compress my data before or after encryption? (binary data - with
possibly repeated blocks i.e .exe etc)
1) If I compress before encyption the final data block is small.
2) If I compress after encryption the data block is much larger (hardly any
saving as the encryption removes any repetitiveness
that exists in the original data.)
>From the above I would say go for the 1st option, however I have a concern
and it is as follows.
If someone was trying to break the encryption all they would have to do is
a) try a key
b) try to decompress
if decompression works - no errors - then the odds are on that thay have
broken the code
else repeat
Which would lead to an automated attack, whereas the second approach would,
in my opinion, require a more
interactive approach - as you would need to know what sort of data exists in
the original to know whether you
have decrypted succesfully.
Do I have right to be concerned or am I completely off track?
--
http://www.many-monkeys.freeserve.co.uk
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: MUM III (3 Way Matrix Uninvertable Message)
Date: Wed, 8 Sep 1999 13:51:46 +0100
MUM III (3 Way Matrix Uninvertable Message)
How would this be cracked?
Alice has a message which she turns into an uninvertable square matrix, M.
She picks a random invertable square matrix, A.
Alice sends Bob the product of these 2 matrices, AM.
Bob generates a random invertable square matrix, B.
Bob sends Alice the product AMB.
Alice then sends (Inverse of A)AMB=IMB=MB, where I is the identity matrix.
Bob now has MB(Inverse of B)=MI=M.
Gary.
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Win Crypto libs, was: Help with CryptoAPI: can not do the
Date: Wed, 08 Sep 1999 13:17:38 GMT
Taavo Raykoff <[EMAIL PROTECTED]> wrote:
> Okay, given that, does anyone have any suggestions for a library of
> basic crypto routines that will run on windows? I need DES, RC2, SHA,
> and HMAC.
Taavo,
Wei Dai's "Crypto++" library contains a C++ interface to the
algorithms you need. A port exists for the Windows platform.
It is available at the following URL:
<http://www.eskimo.com/~weidai/cryptlib.html>
Peter Gutmann's "cryptlib" library contains a C interface to the
algorithms that interest you and it is also available for Windows.
The URL is:
<http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html>
-Richard
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Hash of a file as key
Date: Wed, 8 Sep 1999 13:56:43 +0100
Would using the hash of a file (just before its symmetric encryption with
the session date and time as salt) as a session key be a bad idea?
------------------------------
From: Jean-Jacques Quisquater <[EMAIL PROTECTED]>
Subject: Re: Hash of a file as key
Date: Wed, 08 Sep 1999 15:13:48 +0200
After that do you want to decrypt in the future?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: compression and encryption
Date: Wed, 08 Sep 1999 14:34:36 GMT
In article <7r5jp2$[EMAIL PROTECTED]>, "Shaun Wilde"
<[EMAIL PROTECTED]> wrote:
>
>should I compress my data before or after encryption? (binary data - with
>possibly repeated blocks i.e .exe etc)
>
>1) If I compress before encyption the final data block is small.
>2) If I compress after encryption the data block is much larger (hardly any
>saving as the encryption removes any repetitiveness
>that exists in the original data.)
>
>From the above I would say go for the 1st option, however I have a concern
>and it is as follows.
>
>If someone was trying to break the encryption all they would have to do is
>
>a) try a key
>b) try to decompress
> if decompression works - no errors - then the odds are on that thay have
>broken the code
This is ture if you use most compression methods. But if you use
a "one to one" compressor any file can be the compressed results of
another file. Therefore all files that could result from guessing a worng key
would be uncompressable. See http://members.xoom.com/ecil/compress.htm
If your are like me you may have wondered wht PGP was not designed with
this type of compression. I feel that a weak compressor can be used as
a back door to help with the breaking of encryption.
> else repeat
>
>Which would lead to an automated attack, whereas the second approach would,
>in my opinion, require a more
>interactive approach - as you would need to know what sort of data exists in
>the original to know whether you
>have decrypted succesfully.
The second apporach is far worse since the enemy would have to uncompress
only once.
>
>Do I have right to be concerned or am I completely off track?
Yes you have the right to be worried. Most books put out by the
experts fail to cover this topic. It is most likely not covered on purpose.
IF you notice Mr Brue or Wagner will not even touch the topic since
it is a likely back door to such methods as PGP. And people such as
them are afraid to make trouble for the NSA.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: simple key dependent encryption
Date: 08 Sep 1999 13:43:05 GMT
Tom St Denis <[EMAIL PROTECTED]> writes:
>>In article <[EMAIL PROTECTED]>,
>>[EMAIL PROTECTED] (JPeschel) wrote:
>> a) A polyalphabetic cipher with a mixed alphabet and a repeating key.
>> b) Yes, you are wrong.
>
>Isn't it just a Vingere cipher?
I think you could call it a modified Vigen�re.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Jim Russell <[EMAIL PROTECTED]>
Subject: Re: NSA and MS windows
Date: 08 Sep 1999 06:51:46 PDT
BillU> I do not think you understand cryptography.
DavidW> No, not nearly as well as I'd like to...
Bill, you should note that David is being unduely modest here. Perhaps
you should drop by counterpane.com, and find out who the creators of the
Twofish algorithm are.
Jim Russell
LockStar, Inc.
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: Hash of a file as key
Date: Wed, 8 Sep 1999 14:51:19 +0100
The resulting session key would be output to the person who encrypted the
file or used as a session key in public encryption.
Jean-Jacques Quisquater wrote in message
<[EMAIL PROTECTED]>...
>After that do you want to decrypt in the future?
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Where to get Yarrow to use with Delphi?
Date: Wed, 08 Sep 1999 06:31:15 -0700
Johnston Family wrote:
> I'd like to implement Yarrow in Delphi 4, are there any libraries (pref
> freeware) which would be suitable?
http://www.counterpane.com
Click on the link that says "Yarrow".
Enjoy.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Confused about public key encryption
Date: Wed, 08 Sep 1999 06:53:39 -0700
Michael Schmidt wrote:
> RSA is used in authentication, key negotiation AND encryption schemes.
> RSA encryption, however, is pretty slow (magnitudes slower than
> symmetric encryption). This is why it isn't used directly for bulk
> data encryption.
> Furthermore, RSA is patended in the US until (I think) October 2000.
Sept 20 2000, but October is close enough :-).
> Diffie-Hellman can be used for authentication and key negotiation,
> but NOT for encryption. Diffie-Hellman is patent-free.
Actually, Diffie-Hellman can't be used for authentication, because it is
succeptible to "man in the middle" attacks. I.e., if you have the DH
public key "X" of some remote system, you cannot assume that you're
talking to that system just because you got decodable data from it.
There is source code to DH and ElGamal at ftp://ftp.funet.fi/pub/crypt
look at the various "crypt libs" for various implementations.
> You should consider RSA encryption only for very tiny amounts of data.
> Furthermore, its key generation is not completely trivial.
Not completely trivial is an understatement, but it's within the realm
of reason. The most important part of RSA is the way it allows "signing"
messages so that you can 100% verify that a message is coming from the
system you think it's coming from (assuming that you have its correct
public key!).
> The usual approach is to use a symmetric key algorithm (like DES or
> IDEA) for bulk data encryption. and to transmit the necessary symmetric
> keys with RSA or Diffie-Hellman before.
DES and IDEA are a bit long-in-tooth and IDEA has various European
patent issues. I'd suggest using Blowfish, RC5, or one of the AES
finalists if you're looking for a modern symmetric key algorithm.
> The only other Public Key encryption scheme I can think of is El Gamal.
> It's not very popular, however, and it's said to inflate data when
> encrypting. I don't know about the patent situation.
ElGamal doubles the data. ElGamal is a derivative of Diffie-Hellman and
thus was covered by the DH patent, which expired in 1997.
The field of "elliptic curve cryptography" encompasses implementation of
a number of the above schemes using elliptic curves as the trapdoor
function rather than prime multiplication (RSA) or exponential curves
(DH/ElGamal). The question of whether a public key scheme similar to RSA
implemented with elliptic curves is a violation of the RSA patent is
unclear, the RSA patent does explicitly specify the trapdoor function
used but it may be that the new algorithm violates enough other points
in the RSA patent to be actionable. In any event, the patent owner (MIT)
is not trying to sue people for elliptic curve implementations of public
key cryptography, RSA Inc. as the primary licensee has made a few
rumblings but taken no action against companies offering elliptic curve
systems (as far as I know, somebody correct me if I'm wrong), and the
patent expires almost exactly a year from now anyhow, so you may wish to
check out the IEEE 1366 draft standard at
http://grouper.ieee.org/groups/1363/ which specifies a number of public
key cryptography systems using elliptic curves. Certicom (
http://www.certicom.com/ ) offers a toolkit if you want to use a
commercially supported product, while Michael Rosing's book on Elliptic
Curve Cryptography (sorry, the book is at the office and I'm at home)
offers a free alternative.
--
Eric Lee Green http://members.tripod.com/e_l_green
mail: [EMAIL PROTECTED]
^^^^^^^ Burdening Microsoft with SPAM!
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: NSA and MS windows
Date: 8 Sep 1999 10:52:42 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> Paul Crowley wrote:
> > Except for one problem: as far as anyone can see, the idea of a backup
> > key is stupid and pointless. I can't see *any* goal that it meets
> > that isn't met by having two copies of the primary key.
>
> Then you haven't been paying attention.
Please don't do this; no good end is served by it. In point of fact,
I have been paying close attention.
> The backup key allows MS to get the product certified for export
> without having to hand over their private key.
If what MS claim is true (the scenario I was discussing) then they are
the only holders of both private keys, so I don't see why the export
certifiers would prefer this situation. Perhaps you could clarify?
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: NSAKEY as an upgrade key (Was: NSA and MS windows)
Date: 8 Sep 1999 11:03:14 +0100
[EMAIL PROTECTED] () writes:
> Well, while keeping two copies of the key would solve that, two copies of
> the same secret key won't help if one key is _compromised_. For that, a
> second key, to which the corresponding secret key is stored _elsewhere_,
> would serve a useful backup function.
I've asked this in another thread, but I really don't see how. If a
key is compromised, MS will have to encourage everyone to stop
trusting that key. In particular, they'll have to distribute a
CryptoAPI module "revoking" that key; in other words a module signed
with the compromised key that removes that key from CryptoAPI and
(most likely) replaces it with a new, trusted one. Modules everywhere
signed with the old key will need a new signature from another key
that is trusted; the new key will be great for this job.
In either scenario, systems that *don't* replace the key are in the
same boat: they'll accept modules signed with the compromised key,
including old modules.
In either scenario, systems that *do* replace the key are in the same
boat: they'll have to fetch new, re-signed versions of all their old
CryptoAPI modules, but they'll be safe against the compromise.
They'll no longer install the revocation certificate, but that's OK,
they don't need to.
I still can't see what's gained.
If they really wanted security against key destruction and compromise,
they would have used threshold certificates: distribute three public
keys with every Windows, and require CryptoAPI modules to be signed by
two of them.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: NSA and MS windows
Date: Wed, 08 Sep 1999 14:48:53 GMT
In article <[EMAIL PROTECTED]>, Geoff Thorpe <[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> I wasn't going to comment much on this thread since it is obvious to
>> most what I think the main purpose of the NSA is. However since you
>> went out of your way to request a reply and you seem to miss my writtings
>> I will reply. I feel the spin doctors will down play the whole thing and
>> people will continue to shell out money to Microsoft to get inferior bug
>> ridden software that they could get for free if they used LInux. Yes people
>> are stupid and the spin masters know it. I guess I should feel lucky to be in
>> the country that will benefit most form the rape of information from the
>> people in dumber countries. I guess I should be happy our companys will
>> continue to get the inside scoop on contract bids and such because if the
>> Europeans are to stupid to think for themselves maybe they are better off
>> under our control. We can contiue to buy there poilitcans with the money
>> we steal from them. So go ahead Europe make OUR day. Oh that goes
>> for New Zealand I just hope they leave enough cash there so they can
>> continue to make XENA.
>
>[perhaps the gene pool could use some chlorine] ... David, I write
>crypto outside the US and the US export regulations make my job less
>competitive than it would be without the regulations. I don't know
>whether to feel sorry for the US or laugh, I guess it depends on who
>we're talking about. On the one hand US foriegn policy rightly invites
>ridicule and (at times) indignation, but on the other hand those
>responsible for such foreign policy and export regulation are largely
>the same, and are very distinct from the people who are hurt by all this
>- for them I have to feel profoundly sad. If you regard us all as
>"dumber countries" then I suggest you observe carefully who is allowed
>to export crypto product to who. Also, take a look at the post-graduate
Wake up it was satire and humor. OF course I don't really think other
countries are dumber ( unless they keep letting the US rob them blind)
I have meet people who have left the US for New Zealand some like it.
Some say it is to socailistic. I like the weather and at one time thought
of moving there my self. I know one person who went ther for several
years and came back ( I wish he would have stayed).
I have not really looked at moving there for several years and most
likely am no longer elligable since at my age I think you need more
cash or connections to get in. As I rember though they seemed to
but a high premium on shin color to and I have some dark friends who
hate the place.
>departments (especially maths, comp sci and other such sciences) in the
>US - they've got the money and facilities, but often have 50% or more
>international students (complete with scholarships) because not enough
>US kids want to educate themselves. Compare it on levels of education,
>culture, language, worldliness - doesn't really matter ... you might
>find that the US isn't as all-powerful as you might imagine. But why am
>I addressing that point? - those in the US who do know the difference
>would never try to make a point like those you just tried to put
>forward.
>
>On top of that, I use Linux myself and work with a whole raft of
>platforms - the list of which has Microsoft operating systems very near
>the bottom.
>
>So you'd probably expect me to agree with your points perhaps? David, I
>think you're a paranoid and what you say is so littered with mindless
>verbiage that when you manage to squeeze out one or two salient points
>they become completely lost in the massive noise you otherwise flood
>this list with.
>
>FYI: The main reason they make Xena (and Hercules, and upcoming movies
>like King Kong and Lord of the Rings, etc) in NZ is simply because it's
>cheaper to fly out there, hire competant people and make the program for
>a fraction of the cost they would have if they stayed at home within the
>confines of the sterile unionised facile monolith that is the US
>entertainment industry. Much like your posting, the US entertainment
>industry occasionally offers up something not entirely mindless, but it
>is usually buried so deeply within the sheer volume of muck that it is
>hardly worth the effort sifting for.
>
>Regards (of a sort),
>Geoff
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Hash of a file as key
Date: Wed, 08 Sep 1999 14:26:18 GMT
"Gary" <[EMAIL PROTECTED]> wrote:
> Would using the hash of a file (just before its symmetric encryption with
> the session date and time as salt) as a session key be a bad idea?
Gary,
Is there a reason you can't use a random session key? (Perhaps you
can't acquire a sufficient number of random bits to generate a random
session key?)
-Richard
------------------------------
From: Damian Weber <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.research
Subject: Re: Factorization of 512-bits RSA key
Date: 8 Sep 1999 13:52:47 GMT
Reply-To: Damian Weber <[EMAIL PROTECTED]>
In article <7qk79n$jf7$[EMAIL PROTECTED]>,
"Roger Schlafly" <[EMAIL PROTECTED]> writes:
>
>
>
> Herman J.J. te Riele wrote in message
> <7qeh8d$5oq$[EMAIL PROTECTED]>...
>>Factorization of a 512-bits RSA key using the Number Field Sieve
>
> Meanwhile, the largest successful discrete log is a whole lot smaller.
> Any idea what a similar effort on discrete logs would do?
The largest DL by NFS has been 283 bits with my implementation
in 1997 (see Eurocrypt'98 proceedings). Though it's difficult to
make a guess what you can do with 8000 mips years instead of
45, I'd estimate the task to be equivalent to a DL in a prime
field with a characteristic of 365 bits.
-- Damian Weber
------------------------------
From: [EMAIL PROTECTED] ()
Subject: Re: Hash of a file as key
Date: 8 Sep 99 14:10:09 GMT
Gary ([EMAIL PROTECTED]) wrote:
: Would using the hash of a file (just before its symmetric encryption with
: the session date and time as salt) as a session key be a bad idea?
One technique:
- divide a file into a hash-length piece and the rest,
- hash the rest, XOR the result with the first piece
- encrypt the rest with the XORed first piece and hash as the key
- use RSA to encrypt the first piece, also the session key for the rest,
plus as much of the rest as will fit
while I think it's optimal, seems to be covered by a patent. A longer
description, and the number of the patent (discussed in the old thread
"Double Encryption is PATENTED!", which is where I heard about it) are on
my web site, in the page entitled "Red Thread Resistance", accessible off
of
http://www.ecn.ab.ca/~jsavard/misc06.htm
John Savard
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
