Cryptography-Digest Digest #234, Volume #10 Tue, 14 Sep 99 16:13:03 EDT
Contents:
Re: Mystery inc. (Beale cyphers) (sha99y00000)
Re: Second "_NSAKey" (David Wagner)
Having a problem ("Emanuele Manco")
Re: pseudo random number in a embedded software (John)
Re: Can you believe this?? (David Wagner)
Re: RC4-40 Cracking ("John E. Kuslich")
Re: Can you believe this?? (Anton Stiglic)
----------------------------------------------------------------------------
Date: Tue, 14 Sep 1999 19:00:07 +0100
From: sha99y00000 <[EMAIL PROTECTED]>
Subject: Re: Mystery inc. (Beale cyphers)
This is a multi-part message in MIME format.
==============FF1A6A112D8CC9752FAA102C
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<blockquote TYPE=CITE>I sat down and decided to do some of my own tests.
I wanted to throw something new into the arena, though I doubt anything
I could do would be new. I've been looking at the frequency of the numbers
within the Codes. I noticed that Code 1 and 3 have been coded in the same
manner and method as each other, that Code 2 hasn't, by the frequency of
pairs, or more, of numbers within the codes (I think they call these
Digram.):</blockquote>
Below is the set of numbers used and the corresponding results. I've done
this so people can examine and check for errors etc.:
<br>
<br> </html>
==============FF1A6A112D8CC9752FAA102C
Content-Type: text/plain; charset=us-ascii;
name="testcode.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="testcode.txt"
CODE #1
=======
tested:
71 194 38 1701 89 76 11 83 1629 48
94 63 132 16 111 95 84 341 975 14
40 64 27 81 139 213 63 90 1120 8
15 3 126 2018 40 74 758 485 604 230
436 664 582 150 251 284 308 231 124 211
486 225 401 370 11 101 305 139 189 17
33 88 208 193 145 1 94 73 416 918
263 28 500 538 356 117 136 219 27 176
130 10 460 25 485 18 436 65 84 200
283 118 320 138 36 416 280 15 71 224
961 44 16 401 39 88 61 304 12 21
24 283 134 92 63 246 486 682 7 219
184 360 780 18 64 463 474 131 160 79
73 440 95 18 64 581 34 69 128 367
460 17 81 12 103 820 62 110 97 103
862 70 60 1317 471 540 208 121 890 346
36 150 59 568 614 13 120 63 219 812
2160 1780 99 35 18 21 136 872 15 28
170 88 4 30 44 112 18 147 436 195
320 37 122 113 6 140 8 120 305 42
58 461 44 106 301 13 408 680 93 86
116 530 82 568 9 102 38 416 89 71
216 728 965 818 2 38 121 195 14 326
148 234 18 55 131 234 361 824 5 81
623 48 961 19 26 33 10 1101 365 92
88 181 275 346 201 206 86 36 219 324
829 840 64 326 19 48 122 85 216 284
919 861 326 985 233 64 68 232 431 960
50 29 81 216 321 603 14 612 81 360
36 51 62 194 78 60 200 314 676 112
4 28 18 61 136 247 819 921 1060 464
895 10 6 66 119 38 41 49 602 423
962 302 294 875 78 14 23 111 109 62
31 501 823 216 280 34 24 150 1000 162
286 19 21 17 340 19 242 31 86 234
140 607 115 33 191 67 104 86 52 88
16 80 121 67 95 122 216 548 96 11
201 77 364 218 65 667 890 236 154 211
10 98 34 119 56 216 119 71 218 1164
1496 1817 51 39 210 36 3 19 540 232
22 141 617 84 290 80 46 207 411 150
29 38 46 172 85 194 39 261 543 897
624 18 212 416 127 931 19 4 63 96
12 101 418 16 140 230 460 538 19 27
88 612 1431 90 716 275 74 83 11 426
89 72 84 1300 1706 814 221 132 40 102
34 868 975 1101 84 16 79 23 16 81
122 324 403 912 227 936 447 55 86 34
43 212 107 96 314 264 1065 323 428 601
203 124 95 216 814 2906 654 820 2 301
112 176 213 71 87 96 202 35 10 2
41 17 84 221 736 820 214 11 60 760
numbers=520
results:
1st # 2nd # Freq.
18 64 2
1 94 1
2 38 1
2 41 1
... etc.
518 different pairs
1 duplicate pair
CODE #2 (v.1)
=======
tested:
115 73 24 818 37 52 49 17 31 62
657 22 7 15 140 47 29 107 79 84
56 238 10 26 822 5 195 308 85 52
159 136 59 210 36 9 46 316 543 122
106 95 53 58 2 42 7 35 122 53
31 82 77 250 195 56 96 118 71 140
287 28 353 37 994 65 147 818 24 3
8 12 47 43 59 818 45 316 101 41
78 154 994 122 138 190 16 77 49 102
57 72 34 73 85 35 371 59 195 81
92 190 106 273 60 394 629 270 219 106
388 287 63 3 6 190 122 43 233 400
106 290 314 47 48 81 96 26 115 92
157 190 110 77 85 196 46 10 113 140
353 48 120 106 2 616 61 420 822 29
125 14 20 37 105 28 248 16 158 7
35 19 301 125 110 496 287 98 117 520
62 51 219 37 113 140 818 138 549 8
44 287 388 117 18 79 344 34 20 59
520 557 107 612 219 37 66 154 41 20
50 6 584 122 154 248 110 61 52 33
30 5 38 8 14 84 57 549 216 115
71 29 85 63 43 131 29 138 47 73
238 549 52 53 79 118 51 44 63 195
12 238 112 3 49 79 353 105 56 371
566 210 515 125 360 133 143 101 15 284
549 252 14 204 140 344 26 822 138 115
48 73 34 204 316 616 63 219 7 52
150 44 52 16 40 37 157 818 37 121
12 95 10 15 35 12 131 62 115 102
818 49 53 135 138 30 31 62 67 41
85 63 10 106 818 138 8 113 20 32
33 37 353 287 140 47 85 50 37 49
47 64 6 7 71 33 4 43 47 63
1 27 609 207 229 15 190 246 85 94
520 2 270 20 39 7 33 44 22 40
7 10 3 822 106 44 496 229 353 210
199 31 10 38 140 297 61 612 320 302
676 287 2 44 33 32 520 557 10 6
250 566 246 53 37 52 83 47 320 38
33 818 7 44 30 31 250 10 15 35
106 159 113 31 102 406 229 549 320 29
66 33 101 818 138 301 316 353 320 219
37 52 28 549 320 33 8 48 107 50
822 7 2 113 73 16 125 11 110 67
102 818 33 59 81 157 38 43 590 138
19 85 400 38 43 77 14 27 8 47
138 63 140 44 35 22 176 106 250 314
216 2 10 7 994 4 20 25 44 48
7 26 46 110 229 818 190 34 112 147
44 110 121 125 96 41 51 50 140 56
47 152 549 63 818 28 42 250 138 591
98 652 32 107 140 112 26 85 138 549
50 20 125 371 38 36 10 52 118 136
102 420 150 112 71 14 20 7 24 18
12 818 37 67 110 62 33 21 95 219
520 102 822 30 83 84 305 629 15 2
10 8 219 106 353 105 106 60 242 72
8 50 204 184 112 125 549 65 106 818
190 96 110 16 73 33 818 150 409 400
50 154 285 96 106 316 270 204 101 822
400 8 44 37 52 40 240 34 204 38
16 46 47 85 24 44 15 64 73 138
818 85 78 110 33 420 515 53 37 38
22 31 10 110 106 101 140 15 38 3
5 44 7 98 287 135 150 96 33 84
125 818 190 96 520 118 459 370 653 466
106 41 107 612 219 275 30 150 105 49
53 287 250 207 134 7 53 12 47 85
63 138 110 21 112 140 495 496 515 14
73 85 584 994 150 199 16 42 5 4
25 42 8 16 822 125 159 32 204 612
818 81 95 405 41 609 136 14 20 28
26 353 302 246 8 131 159 140 84 440
42 16 822 40 67 101 102 193 138 204
51 63 240 549 122 8 10 63 140 47
48 140 288
numbers=763
results:
1st # 2nd # Freq. | 1st # 2nd# 3rd # Freq.
37 52 4 | 10 15 35 2
14 20 3 | 107 612 219 2
47 85 3 | 818 190 96 2
85 63 3 | 1 27 609 1
140 47 3 | 2 10 7 1
219 37 3 | 2 10 8 1
818 37 3 | 2 42 7 1
818 138 3 | ... etc.
818 190 3 |
2 10 2 |
7 35 2 |
8 44 2 |
10 15 2 |
12 47 2 |
15 35 2 |
16 822 2 |
26 822 2 |
30 31 2 |
31 10 2 |
31 62 2 |
33 818 2 |
34 204 2 |
38 43 2 |
47 48 2 |
49 53 2 |
53 37 2 |
63 140 2 |
73 85 2 |
102 818 2 |
106 818 2 |
107 612 2 |
113 140 2 |
138 549 2 |
190 96 2 |
219 106 2 |
353 105 2 |
520 557 2 |
549 320 2 |
612 219 2 |
1 27 1 |
2 42 1 |
2 44 1 |
2 113 1 |
2 270 1 |
... etc.
713 different pairs
50 duplicates pairs
3 duplicate trebles
CODE #2 (v.2)
=======
tested:
115 73 24 807 37 52 49 17 31 62
647 22 7 15 140 47 29 107 79 84
56 239 10 26 811 5 196 308 85 52
160 136 59 211 36 9 46 316 554 122
106 95 53 58 2 42 7 35 122 53
31 82 77 250 196 56 96 118 71 140
287 28 353 37 1005 65 147 807 24 3
8 12 47 43 59 807 45 316 101 41
78 154 1005 122 138 191 16 77 49 102
57 72 34 73 85 35 371 59 196 81
92 191 106 273 60 394 620 270 220 106
388 287 63 3 6 191 122 43 234 400
106 290 314 47 48 81 96 26 115 92
158 191 110 77 85 197 46 10 113 140
353 48 120 106 2 607 61 420 811 29
125 14 20 37 105 28 248 16 159 7
35 19 301 125 110 486 287 98 117 511
62 51 220 37 113 140 807 138 540 8
44 287 388 117 18 79 344 34 20 59
511 548 107 603 220 7 66 154 41 20
50 6 575 122 154 248 110 61 52 33
30 5 38 8 14 84 57 540 217 115
71 29 84 63 43 131 29 138 47 73
239 540 52 53 79 118 51 44 63 196
12 239 112 3 49 79 353 105 56 371
557 211 505 125 360 133 143 101 15 284
540 252 14 205 140 344 26 811 138 115
48 73 34 205 316 607 63 220 7 52
150 44 52 16 40 37 158 807 37 121
12 95 10 15 35 12 131 62 115 102
807 49 53 135 138 30 31 62 67 41
85 63 10 106 807 138 8 113 20 32
33 37 353 287 140 47 85 50 37 49
47 64 6 7 71 33 4 43 47 63
1 27 600 208 230 15 191 246 85 94
511 2 270 20 39 7 33 44 22 40
7 10 3 811 106 44 486 230 353 211
200 31 10 38 140 297 61 603 320 302
666 287 2 44 33 32 511 548 10 6
250 557 246 53 37 52 83 47 320 38
33 807 7 44 30 31 250 10 15 35
106 160 113 31 102 406 230 540 320 29
66 33 101 807 138 301 316 353 320 220
37 52 28 540 320 33 8 48 107 50
811 7 2 113 73 16 125 11 110 67
102 807 33 59 81 158 38 43 581 138
19 85 400 38 43 77 14 27 8 47
138 63 140 44 35 22 177 106 250 314
217 2 10 7 1005 4 20 25 44 48
7 26 46 110 230 807 191 34 112 147
44 110 121 125 96 41 51 50 140 56
47 152 540 63 807 28 42 250 138 582
98 643 32 107 140 112 26 85 138 540
53 20 125 371 38 36 10 52 118 136
102 420 150 112 71 14 20 7 24 18
12 807 37 67 110 62 33 21 95 220
511 102 811 30 83 84 305 620 15 2
10 8 220 106 353 105 106 60 275 72
8 50 205 185 112 125 540 65 106 807
138 96 110 16 73 33 807 150 409 400
50 154 285 96 106 316 270 205 101 811
400 8 44 37 52 40 241 34 205 38
16 46 47 85 24 44 15 64 73 138
807 85 78 110 33 420 505 53 37 38
22 31 10 110 106 101 140 15 38 3
5 44 7 98 287 135 150 96 33 84
125 807 191 96 511 118 40 370 643 466
106 41 107 603 220 275 30 150 105 49
53 287 250 208 134 7 53 12 47 85
63 138 110 21 112 140 485 486 505 14
73 84 575 1005 150 200 16 42 5 4
25 42 8 16 811 125 160 32 205 603
807 81 96 405 41 600 136 14 20 28
26 353 302 246 8 131 160 140 84 440
42 16 811 40 67 101 102 194 138 205
51 63 241 540 122 8 10 63 140 47
48 140 288
numbers=763
results:
1st # 2nd # Freq. 1st # 2nd # 3rd # freq.
37 52 4 | 10 15 35 2 47
807 138 4 | 106 807 138 2
14 20 3 | 107 603 220 2
47 85 3 | 1 27 600 1
140 47 3 | 2 10 7 1
807 37 3 | 2 10 8 1
2 10 2 | 2 42 7 1
7 35 2 | ... etc.
8 44 2 |
10 15 2 |
12 47 2 |
15 35 2 |
16 811 2 |
26 811 2 |
30 31 2 |
31 10 2 |
31 62 2 |
33 807 2 |
34 205 2 |
38 43 2 |
47 48 2 |
49 53 2 |
53 37 2 |
63 140 2 |
81 96 2 |
85 63 2 |
102 807 2 |
106 807 2 |
107 603 2 |
113 140 2 |
138 540 2 |
220 7 2 |
220 37 2 |
220 106 2 |
353 105 2 |
511 548 2 |
540 320 2 |
603 220 2 |
807 191 2 |
1 27 1 |
2 42 1 |
2 44 1 |
2 113 1 |
2 270 1 |
... etc.
715 different pairs
47 duplicates pairs
3 duplicate trebles
CODE #3
=======
tested:
317 8 92 73 112 89 67 318 28 96
107 41 631 78 146 397 118 98 114 246
348 116 74 88 12 65 32 14 81 19
76 121 216 85 33 66 15 108 68 77
43 24 122 96 117 36 211 301 15 44
11 46 89 18 136 68 317 28 90 82
304 71 43 221 198 176 310 319 81 99
264 380 56 37 319 2 44 53 28 44
75 98 102 37 85 107 117 64 88 136
48 154 99 175 89 315 326 78 96 214
218 311 43 89 51 90 75 128 96 33
28 103 84 65 26 41 246 84 270 98
116 32 59 74 66 69 240 15 8 121
20 77 80 31 11 106 81 191 224 328
18 75 52 82 117 201 39 23 217 27
21 84 35 54 109 128 49 77 88 1
81 217 64 55 83 116 251 269 311 96
54 32 120 18 132 102 219 211 84 150
219 275 312 64 10 106 87 75 47 21
29 37 81 44 18 126 115 132 160 181
203 76 81 299 314 337 351 96 11 28
97 318 238 106 24 93 3 19 17 26
60 73 88 14 126 138 234 286 297 321
365 264 19 22 84 56 107 98 123 111
214 136 7 33 45 40 13 28 46 42
107 196 227 344 198 203 247 116 19 8
212 230 31 6 328 65 48 52 59 41
122 33 117 11 18 25 71 36 45 83
76 89 92 31 65 70 83 96 27 33
44 50 61 24 112 136 149 176 180 194
143 171 205 296 87 12 44 51 89 98
34 41 208 173 66 9 35 16 95 8
113 175 90 56 203 19 177 183 206 157
200 218 260 291 305 618 951 320 18 124
78 65 19 32 124 48 53 57 84 96
207 244 66 82 119 71 11 86 77 213
54 82 316 245 303 86 97 106 212 18
37 15 81 89 16 7 81 39 96 14
43 216 118 29 55 109 136 172 213 64
8 227 304 611 221 364 819 375 128 296
1 18 53 76 10 15 23 19 71 84
120 134 66 73 89 96 230 48 77 26
101 127 936 218 439 178 171 61 226 313
215 102 18 167 262 114 218 66 59 48
27 19 13 82 48 162 119 34 127 139
34 128 129 74 63 120 11 54 61 73
92 180 66 75 101 124 265 89 96 126
274 896 917 434 461 235 890 312 413 328
381 96 105 217 66 118 22 77 64 42
12 7 55 24 83 67 97 109 121 135
181 203 219 228 256 21 34 77 319 374
382 675 684 717 864 203 4 18 92 16
63 82 22 46 55 69 74 112 134 186
175 119 213 416 312 343 264 119 186 218
343 417 845 951 124 209 49 617 856 924
936 72 19 28 11 35 42 40 66 85
94 112 65 82 115 119 233 244 186 172
112 85 6 56 38 44 85 72 32 47
63 96 124 217 314 319 221 644 817 821
934 922 416 975 10 22 18 46 137 181
101 39 86 103 116 138 164 212 218 296
815 380 412 460 495 675 820 952
numbers=618
results:
1st # 2nd # Freq.
89 96 2
181 203 2
1 18 1
1 81 1
2 44 1
3 19 1
... etc.
616 different pairs
2 duplicate pairs
==============FF1A6A112D8CC9752FAA102C==
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: talk.politics.crypto
Subject: Re: Second "_NSAKey"
Date: 14 Sep 1999 12:00:16 -0700
In article <[EMAIL PROTECTED]>,
Peter Pearson <[EMAIL PROTECTED]> wrote:
> Clifford Heath wrote:
>
> > Does anyone want to explain how this purported "back door" operates,
> > even if the NSA does hold the matching private key (MS claim they
> > don't)?
>
> Simple: the FBI breaks into your house and replaces your
> Microsoft CSP with a look-alike NSA-signed CSP whose
> random-number generator has been damaged in such a way that
> it produces only a few billion different values.
But you don't need to use the "_NSAKEY" to accomplish this; there are
much easier ways to cripple the crypto in this scenario.
(Simple technique: NOP out the call that initializes the RNG in the
application of interest. No "_NSAKEY" needed. Ian Goldberg and I
implemented this for Netscape several years ago, and it was a trivial
4-byte patch to the binary.)
Personally, I don't find your scenario a terribly plausible explanation
for the existence of the "_NSAKEY".
------------------------------
From: "Emanuele Manco" <[EMAIL PROTECTED]>
Subject: Having a problem
Date: Tue, 14 Sep 1999 17:53:06 GMT
Hello, my name is Emanuele Manco.
Excuse me but my english is very poor.
I play to a role play game about Star Trek. To resolve this game i must
decript a message.
I'm very interested to know how to decript this message..
If you wish to help me i will very gratefully.
The message is:
(h) 911 84BDF26489406549 12E0B292182297A4 10452248248A4460 46100000000EEEEE
EEE00000003CC61E 630A52092924A412 128630271E129049 0C2520929F318118
(b) 110
The spaces are inserted to make more readble the message, they haven't
value
Live long and prosper
Emanuele Manco
------------------------------
From: John <[EMAIL PROTECTED]>
Subject: Re: pseudo random number in a embedded software
Date: Tue, 14 Sep 1999 10:50:25 -0700
There are many good computer science books on it. I'm sure
a search on the web would also be helpful.
http://www.aasp.net/~speechfb
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Can you believe this??
Date: 14 Sep 1999 12:19:35 -0700
In article <[EMAIL PROTECTED]>,
John <[EMAIL PROTECTED]> wrote:
> What's the joke? Some people don't subscribe to the "pure"
> science of cryptography as much as others. It is very hard
> to make money and be into the pure science at the same time.
> Not many can do it. The source or publication would be
> the easiest method a cryptographer had to crack a system.
>
> What is the obligation? As a scientist, you are supposed
> to share information. It is unethical not to. In business,
> especially computers/tech...The whole idea is to have
> something that nobody can "get there hands on."
Ian Goldberg and I debunked this reasoning back in 1996 in a
Dr. Dobb's Journal article:
http://www.ddj.com/articles/1996/9601/9601h/9601h.htm
We _certainly_ were not the first to point out the problems with
proprietary-design crypto; our article just points out an especially
nice example where the closed-design approach went spectacularly wrong
in an important widely-used commercial application.
For a few other examples that I am fond of, read any of our papers
on cellphone security (or lack thereof).
Sadly, the lesson does not seem to have been learned in many quarters.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: RC4-40 Cracking
Date: Tue, 14 Sep 1999 11:49:30 -0700
We crack RC4 -40 for password protected Word 8 and Excel 8 files (including all
the MD5 hashing necessarily accompanying its use) in 3 to 7 days using $1200
worth of off the shelf hardware and Linux.
A $30,000 machine would do it in as little as 3 hours (on average).
A $180,000 set-up could do it in 1/2 hour.
JK CRAK Software http://www.crak.com
This is with commodity off the shelf hardware!! No Special ASIC designs
necessary. No new circuit cards to design and build.
JK
Dafydd Richards wrote:
> Please could somebody post/email rough estimates for the following please
> :-
>
> 1) How much time would a machine on a $30,000 budget take to crack RC4-40.
>
> 2) How much would it cost to construct a machine to crack RC4-40 in say half
> an hour.
>
> Dafydd.
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Can you believe this??
Date: Tue, 14 Sep 1999 15:18:50 -0400
>
Why publish the source?
1. Because you are offering a serivce to a client, if your
cryptographic system is so weak it cannot be published,
you are not beeing honnest to your client, you are
offering him shit!
2. There is always a way to get the source. If it's written
in C, there are decompilers out there. Even if decompilation
produces assembly language, that's enaugh. Java, even
easier, etc.. etc...
3. If you have open source, you will get many more comments
about your system, it's increadible how much more feed
back you can get. You will be pointed to vulnarabilities you
never tought of, and thus you can improve your system and
offer to your client what he has paid for!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
