Cryptography-Digest Digest #206, Volume #10 Thu, 9 Sep 99 00:13:03 EDT
Contents:
Re: some information theory (Nicol So)
Re: NSAKEY as an upgrade key (Was: NSA and MS windows) ("Trevor Jackson, III")
"NSA have no objections to AES finalists" (David Crick)
Re: THE NSAKEY ("Trevor Jackson, III")
Re: NSAKEY as an upgrade key (Was: NSA and MS windows) ("Trevor Jackson, III")
Re: THE NSAKEY (Tom St Denis)
Re: Linear congruential generator (LCG) (Terry Ritter)
Re: Plaintext block size (Terry Ritter)
Re: GnuPG 1.0 released (Tom St Denis)
Re: GnuPG 1.0 released (Tom St Denis)
Re: Source code (Tom St Denis)
Re: "NSA have no objections to AES finalists" ("rosi")
Re: Difference between Encryption and scrambling..? (Tom St Denis)
Re: Encryptor 4.1 reviews please. (Jerry Coffin)
Re: Difference between Encryption and scrambling..? ("rosi")
----------------------------------------------------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: some information theory
Date: Wed, 08 Sep 1999 21:32:21 -0400
Tom St Denis wrote:
>
> 1) There is no method of INCREASING or DECREASING the entropy of a message M
> (outside of adding/removing information).
>
> ...
> 2) Is it not true that no matter what compression algorithm (C for this
> example) H(M) will always equal H(C(M))? If so then the message is no more
> complicated after compressing with 'one-to-one huffman' or deflate, or lz78,
> or lzss, or ...
Entropy is not a property of a specific message, but rather a property
of a source. It is a measure of the average per-symbol uncertainty
associated with the source. The output of a compression algorithm, as a
source, can have higher entropy than the original (pre-compression)
source (by virtue of having fewer symbols conveying the same
information).
Nicol
------------------------------
Date: Wed, 08 Sep 1999 22:30:38 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: NSAKEY as an upgrade key (Was: NSA and MS windows)
John Savard wrote:
> "Trevor Jackson, III" <[EMAIL PROTECTED]> wrote, in part:
>
> >This only makes sense if there is a revocation mechanism for the primary
> >key. Do you see such a mechanism?
>
> Don't include the primary key in the next release of Windows. Yes, it
> is a far-from-perfect revocation mechanism, but if software that can
> run on the earlier versions can't identify itself as "Windows"
> software, for example, one could obsolete a version fairly well.
Right. But none of that requires a "backup key".
These explanations appear to be grasping a straws. And this camel's back
(suspension of disbelief) is broken.
------------------------------
Date: Wed, 08 Sep 1999 19:30:16 +0100
From: David Crick <[EMAIL PROTECTED]>
Subject: "NSA have no objections to AES finalists"
For what it's worth....
"On Friday, a source close to the NSA told Wired News that --
at the Commerce Department's request -- the agency reviewed
the five and decided it had no objections to any of them.
[Carl] Ellison said there's one very good reason for the
NSA to be telling the truth about the ciphers' security:
The government will be using it, too."
http://www.wired.com/news/news/business/story/21484.html
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP Public Keys: RSA 0x22D5C7A9 DH/DSS 0xBE63D7C7 |
+-------------------------------------------------------------------+
------------------------------
Date: Wed, 08 Sep 1999 22:37:00 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Guenther Brunthaler wrote:
> On Wed, 08 Sep 1999 07:53:30 +0200, fungus
> <[EMAIL PROTECTED]> wrote:
>
> >Ask yourself why the hell the NSA would give cash to Netscape?
>
> perhaps
>
> NSA = Netscape Security Administrators
Of course! If it had referred to the No Such Agency it would have had
to be a covert name such as _TLAKEY.
------------------------------
Date: Wed, 08 Sep 1999 22:28:52 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: NSAKEY as an upgrade key (Was: NSA and MS windows)
Thomas J. Boschloo wrote:
> "Trevor Jackson, III" wrote:
> >
> > [EMAIL PROTECTED] wrote:
> >
> > > Thomas J. Boschloo ([EMAIL PROTECTED]) wrote:
> > > : Microsoft's explanation "Why is a backup key needed?" is bogus (they
> > > : claim it would be needed for when the building in which it is kept is
> > > : destroyed by a natural disaster, LOL).
> > >
> > > Well, while keeping two copies of the key would solve that, two copies of
> > > the same secret key won't help if one key is _compromised_. For that, a
> > > second key, to which the corresponding secret key is stored _elsewhere_,
> > > would serve a useful backup function.
> >
> > This only makes sense if there is a revocation mechanism for the primary
> > key. Do you see such a mechanism?
>
> MS could issue a patch when the first key was compromised.. They do that
> all the time ;-)
OIC. They could issue a patch. But if the backup key were not available they
could _not_issue a patch? Are you serious?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: THE NSAKEY
Date: Thu, 09 Sep 1999 02:48:28 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Wed, 08 Sep 1999 21:01:08 GMT, Tom St Denis wrote:
> >>
> >> http://www.counterpane.com/cpaneinfo.html lists d.wagner as a part of
> >> counterpane personnel and b.scheiner is the president of counterpane.
> >>
> >> i don't take position in this debat, i simply show that cryptography
> >> is a small world and it isen't exactly fair to say that an employee
> >> and his president arent 'attached'.
> >
> >I think you should have confirmed this before spreading rumour... You guys
> >are very unprofessional (no wonder though this is sci.crypt).
>
> can you explain ?
>
> counterpane site lists d.wagner as a part of the personnel. d.wagner said
> he worked for counterpane. counterpane and d.wagner are both authoritative
> in this field. it isn't a rumor.
No 'he WORKED' (pass tense) for Bruce is what he said. In any rate, this is
really none of our concern. Do I ask where you worked last week and for
whom? Not really.
> but i fully agree that is sci.crypt and this thread doesn't belong to here.
Yippee logic!
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Linear congruential generator (LCG)
Date: Thu, 09 Sep 1999 03:05:11 GMT
On Tue, 07 Sep 1999 15:54:04 +0200, in
<[EMAIL PROTECTED]>, in sci.crypt Terje Mathisen
<[EMAIL PROTECTED]> wrote:
>Kwong Chan wrote:
>>
>> A linear congruential generator is defined as
>>
>> x(t)=ax(t-1)+b mod n
>>
>> Assume tha n =2^32, and a, b are selected such that the sequence has a
>> period 2^32. Both a and b are known. If only 4 leading bits of the numbers
>> are known, knowing how many consecutive numbers can predict the rest of the
>> sequence and recover the initial seed?
>[...]
>This means that after about 8 4-bit numbers (32 bits of info), you have
>a good chance of locating the current position in the sequence. With
>more numbers you will quickly gain certainty.
>[...]
>So, using a 400 MHz PII I would need less than 90 seconds to search the
>full sequence. More probable would be less than 20 seconds using a 3-way
>parallel search.
In my experience, 32 bits is sufficient for an algebraic solution to
the usual 32-bit LCG. No search is needed unless we know fewer than
32 bits. I have found this to be true of even complex "linear"
systems, which are not mathematically "linear" overall.
My example, which I repeat on sci.crypt every six months or so, is the
PKZIP cipher, an autokey stream cipher which processes a ciphertext
byte through 32-bit CRC, LCG, and CRC subsystems. So we have two
sub-systems which are linear mod 2, and another which is linear mod
2**32, and each system is coupled to the previous system by only 8
bits; this can be seen as mathematically nonlinear. But the 12-bytes
of hidden and dynamic internal state system can be solved knowing only
12 bytes of output (plus the ciphertext which is the autokey input).
(The cipher also has a nonlinear output stage which I did not solve,
but that is beyond the issue here.)
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Plaintext block size
Date: Thu, 09 Sep 1999 03:05:48 GMT
On Wed, 8 Sep 1999 12:12:32 +0800, in <7r4nb5$[EMAIL PROTECTED]>,
in sci.crypt "Kwong Chan" <[EMAIL PROTECTED]> wrote:
>[...]
>My understanding is that for a stream cipher, both the input plaintext
>alphabets,
>the ciphertext alphabets and the key alphabets consists of {0,1}. And the
>substitution mapping is defined by
>
>S=p xor z
>
>Hence, each key stream bit z defines a substitution and for the same
>plaintext, say p=0,
>if z=0, then p is mapped to 0, if z=1 then p is mapped to 1.
>
>If I am misunderstanding, please point me to the right direction.
I would say that the concept of "stream" is not a data size (like a
bit) or a particular combining operation (like XOR), but instead the
variable-length property. In my view, most block ciphers are in fact
used to form stream meta-ciphers which stream data in block-size
units. You might also want to take a look at my crypto glossary for a
cipher taxonomy.
With respect to the combining operation, I own a process which I call
Dynamic Substitution which is a nonlinear combining process (not for
bits; typically for bytes) which can replace XOR in stream ciphers.
When this is done, what is the resulting cipher if not just a
different form of stream cipher?
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GnuPG 1.0 released
Date: Thu, 09 Sep 1999 02:53:24 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> The corporate key in the old versions of PGP Mail that I looked at a long
> time ago could be used for message (not key) recovery. This upset a lot
> of people. A PGP Mail user would be warned that his message was
> also being encrypted with a corporate key. A company could, of
> course, edit the code so that message never appeared.
>
> I don't think the NSA especially wants people to use PGP, Blowfish, Scottxx,
> or,
> for that matter, any encryption. Makes one of their jobs harder. There
> other job, however, is to ensure national security, for instance, the
> security of a banking system used world-wide. It seems to me it would
> be a tad foolish for the NSA to endorse any system that it knew it could
> break: the intelligence organizations of other countries may have the same
> capability.
>
> That said -- I think a lot of folks overestimate the cryptanalytic prowess of
> the NSA, making it a cryptographer's bogeyman.
That's the most sense I have heard in a long time. For once someone else
admits that the NSA is not against everyone .
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GnuPG 1.0 released
Date: Thu, 09 Sep 1999 02:51:57 GMT
In article <7r6kqd$2rog$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Joe I am sure the Chinese may know as much as we do about encryption
> have you ever tried to read Chinese. But I think the NSA would endorse a
> system for banks that they could break. I think that they think they are so
> far ahead that no one but them would be able to break it. Besides if the
> President gets pissed at some leader like the Yugoslavian leader. They may
> be tasked with stealing his money from foreign banks. It makes their job
> harder if they can't break the encyption the bank is using. Yet I am sure
> the NSA though farther ahead in certain areas of encryption. Are still unable
> to break certain ciphers between people. Becasue half the battle is finding
> out what the enemy is using. Then you try to break it.
> If people just combine in secret 2 or 3 methods that are different from each
> other and don't change the lenght or add headers or structure that can be
> exploited then I doubt if the NSA can break it if only the encrypted messages
> are used. Even if all of the methods are ones that they could easyly break.
> But again I ask I thought I asked in this thread somewhere. Is there any
> thought about having the option of dropping those freindly weak features
> fhat are in PGP that could be BackDoors for the NSA.
The chinese and nsa... seems like a theme.
First off the NSA does not control foreign banks.... The germans control
german banks, the french theirs, the brits theirs etc... etc...
Second PGP source code is avail... why not check it yourself instead of
spreading stupid crappy dump brain erasing rumours that are only good for a
laugh.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Source code
Date: Thu, 09 Sep 1999 02:54:57 GMT
In article <7r6i46$2l40$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <[EMAIL PROTECTED]>, "Daniel Roethlisberger" <[EMAIL PROTECTED]>
>wrote:
> >Consider Serpent. It's a round 2 AES candidate, developed in Britain, and
> >thus not subject to export regulations. It seems to be pretty fast, and very
> >secure.
> >http://www.cl.cam.ac.uk/~rja14/serpent.html
> >
> >If you want to stick to older stuff that has been extensively cryptanalised
> >for years, consider IDEA. You'll find source at various places, including
> >ftp.funet.fi
> >
> >/Dan
> >
>
> Actually if an American copies that code though British and places it
> in a working program. That individual still can not export it with out
> approval. It makes no difference where the crypto came from. The point
> of the rules is to prevent the little guy from selling a product with crypto.
> After all MS needs more money.
You need your own license to export MS strong (laugh laugh) crypto btw.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: "NSA have no objections to AES finalists"
Date: Wed, 8 Sep 1999 22:42:07 -0400
David Crick wrote in message <[EMAIL PROTECTED]>...
[snip]
>For what it's worth....
> [Carl] Ellison said there's one very good reason for the
> NSA to be telling the truth about the ciphers' security:
> The government will be using it, too."
Government who? :)
(Extremely light)
"You wouldn't like it if one of your kids were kidnapped and
we couldn't wiretap," Landau said Kallstrom told her.
Statisticists and probabilitists have a treat here. Well, that is just
probablistic. People really bad at statistics and probability may
find a sure thing though. Born kidnapped guaranteed for life. :)
Sorry, just kidding. :) :)
--- (My Signature)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Difference between Encryption and scrambling..?
Date: Thu, 09 Sep 1999 02:44:59 GMT
In article <l8DB3.265$[EMAIL PROTECTED]>,
"Jae-Yong Kim." <[EMAIL PROTECTED]> wrote:
> scrambling seems to be very similar to stream cipher..
> and I heard in some books, object of scrambling is make frequent transition
> between 1 and 0 bit, and make frequency distribution of signal easy to
> transmit.. hmm do I choose correct newsgroup..?
> but someone say scrambling can hide information from evesdropper, and used
> in millitary communication..
> I wanna know exactly what difference is between scrambling and encryption.
> thanks in advance..
Well what you are talking about is a stream cipher (1-bit to be exact). Any
secure random number generator (various LFSRs are secure) can be used in the
mode you described.
I think you are mixed up in the words. Encryption is the science (some say
it's an art) of randomizing a plaintext to make it resemble garbage for
others. Scrambling is just a 'slang' term used I suppose.
> ps. does my english make sense..?
Makes enough sense for me, don't worry about it. (like the english standards
are very high anyways)
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Encryptor 4.1 reviews please.
Date: Wed, 8 Sep 1999 21:17:50 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Has anyone used or heard of Encryptor 4.1 by Dr. Peter Sorvas & Bill
> Giovinetti? Here's their page:
>
> http://ourworld.compuserve.com/homepages/psorvas/
>
> They don't offer the source code, though. There is little information
> about the program itself on the page, mainly decscriptions of the
> algorithms used. I just need some _knowledgeable_ opinions about this
> program, considering the little technical information available.
They document the use of relatively well-known algorithms, though some
are rather suspect choices, IMO (e.g. if you want higher efficiency
than DES, I think Twofish is a better choice than NewDES).
OTOH, all except one of the algorithms are well-known, so at least you
know ahead of time what most of the weaknesses in the basic algorithms
are.
The other area of concern is, of course, the implementation of the
algorithms and how they're turned into a complete program. They don't
give a lot of description, but what they do describe sounds at least
fairly reasonable -- for example, you can use a larger password than
the key size for the encryption in question, and it'll make use of the
entire password via multiple encryption passes. This is important
because passwords (and pass-phrases) are often predictable to some
degree. OTOH, it may not be the BEST way to make use of all of an
entire large password -- in particular, hashing a large pass-phrase,
then encrypting the file once with the result may be about as
effective and considerably faster.
The rest of the implementation is harder to tell much about, and may
make a big difference. As you mention below, it's easy (for example)
for a program to leave part (or all) of the plaintext lying around
after it's encrypted. Whether this matters to you depends heavily
upon what sort of security you're looking for: if you want to encrypt
a file for transmission via email, this may not be problem. If you
want to protect against data being compromised even if your computer
is broken into, that's an entirely different story.
> Related to above:
>
> How would a layperson, such as myself, evaluate an encryption program to
> see if it is secure? Would a search for new files before and after the
> process enable one to see if there were copies made to parts of the
> drive? Where w/sh/could one look for weaknesses?
Evaluating a security program tends to be quite difficult, as is
frequently shown by the (often huge) holes in major programs, even
ones written by relatively intelligent people.
In all honesty, I'd consider it at least as difficult to evaluate the
security of an existing program (especially without source code) than
to write a new one that's secure enough for most purposes, assuming
you start with a basic knowledge of what's involved.
> I know these are very broad questions, but i feel a bit uneasy about
> entrusting my files to a program that i do not completly trust or
> understand. Until i can program one for myself (hopefully in a few
> months), i have to rely on ones offered by strangers and opinions of
> them, again, by strangers. I'm sure you can understand my paranoia.
Certainly. Unfortunately, it's hard to allay your paranoia either.
In fact, in this case I'd say it's not really paranoia; fear only
becomes paranoia when it's not justified, and there are so many
exceptionally poor "security" programs around that a good deal of fear
is entirely reasonable and justified.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: Difference between Encryption and scrambling..?
Date: Wed, 8 Sep 1999 22:15:37 -0400
Some prefer to use 'scramble' to relate to the achievement of secrecy etc.
with
analog while 'encrypt' to digital. If abstract it to the level of the basic
effect, little
difference. Just make sure that when using the two, others as well as
yourself
are not confused.
--- (My Signature)
Jae-Yong Kim. wrote in message ...
>scrambling seems to be very similar to stream cipher..
>and I heard in some books, object of scrambling is make frequent transition
>between 1 and 0 bit, and make frequency distribution of signal easy to
>transmit.. hmm do I choose correct newsgroup..?
>but someone say scrambling can hide information from evesdropper, and used
>in millitary communication..
>I wanna know exactly what difference is between scrambling and encryption.
>thanks in advance..
>
>ps. does my english make sense..?
>
>JaeYong Kim.
>--
>[EMAIL PROTECTED]
>
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
