Cryptography-Digest Digest #227, Volume #10 Mon, 13 Sep 99 09:13:05 EDT
Contents:
Re: Ritter's paper (SCOTT19U.ZIP_GUY)
Re: primes in dh (Tom St Denis)
Re: arguement against randomness ("Douglas A. Gwyn")
Re: 13 reasons to say 'no' to public key cryptography (Bill Unruh)
Re: 13 reasons to say 'no' to public key cryptography (Thierry Moreau)
Re: 13 reasons to say 'no' to public key cryptography ("Roger Schlafly")
Re: Sources of randomness (Tom St Denis)
Re: primes in dh (Tom St Denis)
Help on cryptanalysis ("Kwong Chan")
Re: 13 reasons to say 'no' to public key cryptography ("ME")
ECC questions... (Teh Yong Wei)
Re: Schneier/Publsied Algorithms (Johnny Bravo)
Re: Ritter's paper (Mok-Kong Shen)
Re: Workshop on Elliptic Curve Cryptography (ECC '99) (Robert Harley)
Desperatly seeking throw-away password verification (Eamonn Casey)
Component for Active Server Pages ("Morten Winther")
Re: Help on cryptanalysis (Tom St Denis)
Re: Desperatly seeking throw-away password verification (Tom St Denis)
Re: 13 reasons to say 'no' to public key cryptography (Tom St Denis)
shared modulus in diffie-hellman (Tom St Denis)
Re: Workshop on Elliptic Curve Cryptography (ECC '99) (Alfred John Menezes)
Re: Double encryption is patented (mabey) (Mok-Kong Shen)
Re: Sources of randomness (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Ritter's paper
Date: Mon, 13 Sep 1999 04:14:39 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>I just read Terry Ritter's Article
>
> Cryptography: Is Staying with the Herd Really Best?
>
>in Computer (August issue). While the content has been subjects
>of a number of previous discussion threads in this group, the
>presentation of the article is extremely lucid and renders it not
>only a valuable paper for the general readers of that journal but
>also worthy, in my humble opinion, the time of those who have
>participated in the said discussions to glance over it to refresh
>in memory what has been argued in the past. I enjoyed very much
>reading the paper.
>
>M. K. Shen
do you have a URL for the article?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: primes in dh
Date: Mon, 13 Sep 1999 03:28:28 GMT
I decided instead of using DH for just key gen I will use it for pk instead.
What happens is you make a key pair (x, g^x mod p) and give out the second.
Whenever I want to talk to someone I take their public key and compute the
normal g^xy mod p, since they have my public key ... etc... simple stuff.
However to stop any people that are bent on thinking that they can easily be
broken, can i get a somewhat large prime (say 1536 or 2048 bits?) please?
Just to keep annoying people from saying 'hey 1024 is too small although it
will never be broken, and it's probably easier just to break into the
computer and steal the key out of memory .... etc"
Thanks,
Tom
In article <7rhlpv$o14$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Does anybody have a large prime modulus for dh handy (in hex or decimal).
> Also I want to educate myself while I add this to peekboo. What are the
> requirements of the modulus and the generator?
>
> I know that the modulus has to be prime (I know why) and I know that the
> modulus (say p) has to allow 'p - 1' to have a large prime factor (or be
> prime itself), that I don't know why.
>
> Also how do you pick a generator?
>
> In the mean time if anyone has a modulus and generator handy I can put it
> into Peekboo ...
>
> Also thanks goes to Michael J. Fromberger for the math lib... :)
>
> Tom
> --
> damn windows... new PGP key!!!
> http://people.goplay.com/tomstdenis/key.pgp
> (this time I have a backup of the secret key)
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: arguement against randomness
Date: Mon, 13 Sep 1999 03:37:16 GMT
GuildMaster Arrataz wrote:
> Douglas A. Gwyn wrote:
> > Tim Tyler wrote:
> > > elarson <[EMAIL PROTECTED]> wrote:
> > > : It doesn't take a pompous genuis to see the randomness of Nature.
> > > If the universe is deterministic, all this is dead wrong.
> > No, randomness and determinism are not exact opposites.
> Uh, I don't know about you, but most stat & CS people I know use
> "determinism" to mean: If you input A, and B comes out, then B will
> come out consistently when you output B...
You're talking about "deterministic behavior of a system",
which is a much narrower concept than philosophical determinism.
You should be able to find a good discussion of the issue of
determinism in general philosophy textbooks.
In fact, our most fundamental theory of physics hold that nature
is deterministically random, in a very specific, quantitative way.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: 13 reasons to say 'no' to public key cryptography
Date: 13 Sep 1999 03:56:32 GMT
In <fxXC3.12943$[EMAIL PROTECTED]> "ME" <[EMAIL PROTECTED]> writes:
>A bit on certificates and bandwidth.
>In Australia, a 64k IDSN line can cost around $10,000/year.
And in Canada a 2.5M ADSL line costs about $500/year. Surely Australia is
not that far behind!
------------------------------
From: Thierry Moreau <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: 13 reasons to say 'no' to public key cryptography
Date: Sun, 12 Sep 1999 22:23:58 -0400
rosi wrote, in part:
>
> Dear Thierry,
>
> You have the last item numbered 14.
>
This is not a typo, item numbered 14 is not exactly a "reason to say no
to public key cryptography". The possibility of a real breakthrough in
one of the fundamental pkc foundations (e.g. integer factorization or
discrete logarithm) should not deter its use (in my opinion).
- Thierry
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: 13 reasons to say 'no' to public key cryptography
Date: Sun, 12 Sep 1999 20:26:40 -0700
Tom St Denis wrote in message <7rhn4u$ot7$[EMAIL PROTECTED]>...
>BTW anybody know the largest discrete logarithm ever solved?
According to a recent message to sci.crypt.research, the largest
solved DL is a whole lot smaller than the largest solved RSA.
"The largest DL by NFS has been 283 bits with my implementation
in 1997 (see Eurocrypt'98 proceedings). Though it's difficult to
make a guess what you can do with 8000 mips years instead of
45, I'd estimate the task to be equivalent to a DL in a prime
field with a characteristic of 365 bits." -- Damian Weber
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Sources of randomness
Date: Mon, 13 Sep 1999 03:46:31 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> If a web server gets 1000000 hits per day, and 1% are
> secure (using SSL) that's about 15 bits per second average,
> though it would likely peek around 30 bps at the busy
> times. For this rough a calculation, call it "under 100 bps."
You could though buffer the bits to solve any potential shortage problem.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: primes in dh
Date: Mon, 13 Sep 1999 03:55:04 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> This is all explained in IEEE P1363. Use any search engine to find it.
> Don Johnson
>
Thanks for the suggestion I found a ps archive (about 1mb) that should have
some neato info.
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Kwong Chan" <[EMAIL PROTECTED]>
Subject: Help on cryptanalysis
Date: Mon, 13 Sep 1999 13:24:26 +0800
I am studying the polyalphabetic ciphers and know that
the Kasiski test and index of coincidence can be used
to find the period of the keys and therefore crack
the ciphers.
What other attacks can be applied on polyalphabetic ciphers?
Does chosen-plaintext, differential cryptanalysis,
linear cyptanalysis, etc., work?
------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: 13 reasons to say 'no' to public key cryptography
Date: Mon, 13 Sep 1999 16:08:25 +1000
Not where ADSL is available, and after the modem or CPE terminal equipment
has been bought.
ADSL has yet to launch beyond a few pilot suburbs in various Australian
cities.
ADSL is not that ideal for servers - the main choke point in this picture -
many individuals, few(er) servers.
Lyal
Bill Unruh wrote in message <7rhslg$k68$[EMAIL PROTECTED]>...
>In <fxXC3.12943$[EMAIL PROTECTED]> "ME" <[EMAIL PROTECTED]>
writes:
>
>>A bit on certificates and bandwidth.
>>In Australia, a 64k IDSN line can cost around $10,000/year.
>
>And in Canada a 2.5M ADSL line costs about $500/year. Surely Australia is
>not that far behind!
>
>
------------------------------
From: Teh Yong Wei <[EMAIL PROTECTED]>
Subject: ECC questions...
Date: Mon, 13 Sep 1999 14:48:28 +0800
Currently, I am writing a program to simulate the ECC encryption. There
is some doubts about it:
1)The receiver will generate the secret key, k that is a random integer
number. What is the range?
2) When doing encryption, the sender will generate another secret key, r
that is a random integer number and used to encrypt a message. What is
the range?
For further reference, you can refer to this page:
http://ge.ge.kochi-ct.ac.jp/%7Etakagi/crypto/eccs.html
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Schneier/Publsied Algorithms
Date: Mon, 13 Sep 1999 02:27:12 GMT
On Mon, 13 Sep 1999 01:35:37 GMT, Tom St Denis
<[EMAIL PROTECTED]> wrote:
>> There are no plans to update this code. I expect that the code will
>> never be updated.
>
>Not to be rude, but is that because
>
>a) you guys are lazy
Why is he lazy. The code demonstrates the implementation of the
crypto, it does the intended job. He never offered to turn it into
some kind of finished product for anyone.
>or
>
>b) you rather get crypto-software from people that understand the crypto well
>enought to implement it themselves...?
He supplies the crypto, if you want a wrapper for it, write it
yourself. This would be like complaining that Intel doesn't write an
operating system for the processors they create. The crypto isn't a
finished product, it's a component.
Johnny Bravo
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ritter's paper
Date: Mon, 13 Sep 1999 09:33:16 +0200
SCOTT19U.ZIP_GUY wrote:
>
> do you have a URL for the article?
I subscribe the journal in paper form. Members of IEEE or its
Computer Society can subscribe and get the publications online.
M. K. Shen
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Workshop on Elliptic Curve Cryptography (ECC '99)
Date: 13 Sep 1999 09:54:49 +0200
Concerning the "NIST curves", I wrote:
>I'd bet Jerome Solinas wrote the whole thing.
[EMAIL PROTECTED] (Alfred John Menezes) writes:
> =========================================================
> The 3rd workshop on Elliptic Curve Cryptography (ECC '99)
> =========================================================
>[...]
> Jerome Solinas (National Security Agency, NSA)
>[...]
> 1:00 - 2:00 pm: Jerome Solinas: Efficient Implementation of the NIST
> Curves.
Bingo!
Rob.
------------------------------
From: Eamonn Casey <[EMAIL PROTECTED]>
Subject: Desperatly seeking throw-away password verification
Date: Mon, 13 Sep 1999 12:06:02 +0200
Hi,
I am new to this group but I am looking for a nice little algorithm that
will encrypt a string value such that only the client who created it and
the server that is verifying it can read the actual text.
I think that the russians spies used something called a 'scratch-pad'
where they threw away the cypher key immeadiatly after using it and this
seems to fit my requirements.
The context I will be using this is when a client machine sends a
request to the Web server it will also send this password as a
parameter.
i.e.
<A
HREF=http://www.acmd.com/search.dll#Param1=Foo&Param2=Bar&Password=????>
So, even if the client sends the same request again it will fail (I do
not want the user to be able to send the link to other users).
I will be writing a program that generates and sends the request also.
If you have any suggestions/questions it would help me alot.
Eamonn J.
------------------------------
From: "Morten Winther" <[EMAIL PROTECTED]>
Subject: Component for Active Server Pages
Date: Mon, 13 Sep 1999 10:45:12 +0200
Hello!
I know there is a freeware PGP componant for use with PGP 6.5.1
and ASP, but it looks like en onlu encrypt and decrypt files.
I only want to encrypt and decrypt a string.
Any ideas?
Best regards
Morten
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Help on cryptanalysis
Date: Mon, 13 Sep 1999 11:12:54 GMT
In article <7ri1dl$[EMAIL PROTECTED]>,
"Kwong Chan" <[EMAIL PROTECTED]> wrote:
> I am studying the polyalphabetic ciphers and know that
> the Kasiski test and index of coincidence can be used
> to find the period of the keys and therefore crack
> the ciphers.
>
> What other attacks can be applied on polyalphabetic ciphers?
>
> Does chosen-plaintext, differential cryptanalysis,
> linear cyptanalysis, etc., work?
When you find the period you are essentially doing a linear attack.... :)
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Desperatly seeking throw-away password verification
Date: Mon, 13 Sep 1999 11:14:26 GMT
In article <[EMAIL PROTECTED]>,
Eamonn Casey <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am new to this group but I am looking for a nice little algorithm that
> will encrypt a string value such that only the client who created it and
> the server that is verifying it can read the actual text.
> I think that the russians spies used something called a 'scratch-pad'
> where they threw away the cypher key immeadiatly after using it and this
> seems to fit my requirements.
> The context I will be using this is when a client machine sends a
> request to the Web server it will also send this password as a
> parameter.
>
> i.e.
> <A
> HREF=http://www.acmd.com/search.dll#Param1=Foo&Param2=Bar&Password=????>
>
> So, even if the client sends the same request again it will fail (I do
> not want the user to be able to send the link to other users).
> I will be writing a program that generates and sends the request also.
> If you have any suggestions/questions it would help me alot.
If the password is shared by both sides, why not just hash the password and a
timestamp ...
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: 13 reasons to say 'no' to public key cryptography
Date: Mon, 13 Sep 1999 11:16:33 GMT
In article <7rhr07$[EMAIL PROTECTED]>,
"Roger Schlafly" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote in message <7rhn4u$ot7$[EMAIL PROTECTED]>...
> >BTW anybody know the largest discrete logarithm ever solved?
>
> According to a recent message to sci.crypt.research, the largest
> solved DL is a whole lot smaller than the largest solved RSA.
>
> "The largest DL by NFS has been 283 bits with my implementation
> in 1997 (see Eurocrypt'98 proceedings). Though it's difficult to
> make a guess what you can do with 8000 mips years instead of
> 45, I'd estimate the task to be equivalent to a DL in a prime
> field with a characteristic of 365 bits." -- Damian Weber
Thanks for the info, I should get into the dh scene more if I am going to add
it to PeekBoo :)
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: shared modulus in diffie-hellman
Date: Mon, 13 Sep 1999 11:18:14 GMT
Is it ok to use a shared modulus in diffie-hellman... IF the precomputation
stage is considered infeasible?
I think it's GF(2^n) where with precomputation you can solve any DL right?
What if I use a large prime modulus?
Tom
--
damn windows... new PGP key!!!
http://people.goplay.com/tomstdenis/key.pgp
(this time I have a backup of the secret key)
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Alfred John Menezes)
Subject: Re: Workshop on Elliptic Curve Cryptography (ECC '99)
Date: 13 Sep 1999 12:09:36 GMT
You can read about the selection process for the primes in the NIST
recommended prime fields in the technical report "Generalized Mersenne
Numbers". The report is available from www.cacr.math.uwaterloo.ca
under "Technical Reports".
- Alfred
In article <[EMAIL PROTECTED]>,
Robert Harley <[EMAIL PROTECTED]> wrote:
>
>Concerning the "NIST curves", I wrote:
>>I'd bet Jerome Solinas wrote the whole thing.
>
>
>[EMAIL PROTECTED] (Alfred John Menezes) writes:
>> =========================================================
>> The 3rd workshop on Elliptic Curve Cryptography (ECC '99)
>> =========================================================
>>[...]
>> Jerome Solinas (National Security Agency, NSA)
>>[...]
>> 1:00 - 2:00 pm: Jerome Solinas: Efficient Implementation of the NIST
>> Curves.
>
>
>Bingo!
>
>Rob.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Double encryption is patented (mabey)
Date: Mon, 13 Sep 1999 14:36:07 +0200
[EMAIL PROTECTED] wrote:
>
> Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
> : What does the patent do to get rid of the problem of difficulty of
> : having GOOD source of randomness on PC? I don't yet see that the
> : patent has contributed anything to the problem of obtaining good
> : random bits at all. If anything, isn't an XOR of the blocks and an
> : encryption (the Y in my post) serve the same purpose just as well?
> You're right that the patent doesn't lead to a method for producing
> genuinely random bits.
>
.....................
>
> So, for any key unique to a single message, we can safely assume that
> particular message is unknown to the attacker.
>
> Thus, a key generated from a hash of the message being sent is as useful
> as a key that is a true random number.
>
> And if we hash the rest of the message, and XOR the hash with the first
> block of the message, then the reciever must perform the hash again to get
> the first block of the message. So, not only are we saving on bandwidth,
> we are eliminating a possible _subliminal channel_ (if the recipient
> doesn't do the hash, but the session key is a block additional to the
> message, then the recipient might not confirm the session key is what it
> should be, for compatibility with changes in the hash, or its replacement
> by real ransom numbers: so, a program that has been tampered with could
> leak permanent key information through its choice of "random" IVs or even
> session keys).
I understand to some extent but not yet fully what you meant.
(1) Do you consider the quantity Y mentioned in my post to be
very much less 'random' than your hash?
(2) The ciphertext of the scheme I described has the same length as
the patent, so there is no bandwidth disadvantage.
(3) Y is the result of an encryption. Unless that's broken, only
the legitimate communication partner can obtain X and hence
obtain the block N which may contain, if needed, something
serving as signature. If you consider sending Y, which is the
IV for encrypting blocks 1-(n-1), to be risky, you can send an
encrypted Y (as I also mentioned).
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Sources of randomness
Date: Mon, 13 Sep 1999 14:37:48 +0200
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > Question: How about utilizing sources in the opposite direction,
> > i.e. obtaining random bits from apparently periodic phenomena?
>
> Sounds like you want to make the implementation as hard as possible!
If an implementation is hard, it's a one time matter and presumably
doesn't cost too much. What I meant is that there are abundant
potential sources of randomness than from radioactive decay, etc. etc.
To take my (maybe a bit fancy) example, I could well imagine
that when I work on PC I have something attached to my arm and that
feeds the pulse recording to the computer where the random bits are
obtained by a subroutine for use. I personally would prefer such a
device than, say, loading random bits from some sites which have
collected these from radioactive decay. Of course, maus movements,
etc. can also deliver random bits. I suppose, however, that it is
useful to think about diverse different possibilities and that
something that is autonomous could in the present context be
psychologically more satisfying than what is under certain conscious
control of the mind.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
