Cryptography-Digest Digest #240, Volume #10 Wed, 15 Sep 99 10:13:03 EDT
Contents:
Re: 40-bit ssl (fungus)
Re: Make a point on KRYPTOS ("collomb")
Re: Can you believe this?? (Ruud de Rooij)
CRL import to NC (Rolanas Ycas)
Re: RC4-40 Cracking ([EMAIL PROTECTED])
Re: RC4-40 Cracking ([EMAIL PROTECTED])
Re: RC4-40 Cracking ([EMAIL PROTECTED])
Re: Ritter's paper (SCOTT19U.ZIP_GUY)
Re: Newbie needs help (fungus)
Re: Mystery inc. (Beale cyphers) ([EMAIL PROTECTED])
Re: Newbie needs help (mike cardeiro)
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: 40-bit ssl
Date: Wed, 15 Sep 1999 09:16:29 +0200
Fiji wrote:
>
> What is the fastest that it could be brute forced with todays
> computing power...i.e. linux clusters, etc.
>
A finger-in-the-air estimate is that a single PC can probably
crack a 40-bit message in less than a month.
Cracking speed is directly proportional to the number of CPUs.
The number of CPUs available depends on your budget.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: "collomb" <[EMAIL PROTECTED]>
Subject: Re: Make a point on KRYPTOS
Date: 15 Sep 1999 08:16:20 GMT
All that seems like a fight at night in the fog.
- the 3 cryptographers arrived to an unique solution should publish their
demonstrations on Internet. Things would be clearer and subject to critics.
- If Stein told�: only with paper and pencil, that idea did not come to him
from heaven.
Best regards
[EMAIL PROTECTED]
Jim Gillogly <[EMAIL PROTECTED]> wrote in article <[EMAIL PROTECTED]>...
> "Douglas A. Gwyn" wrote:
> > However, the cryptographer seems to have intentionally
> > chosen systems and ciphertext quantities that can be
> > broken with pencil-and-paper (and perserverance, and luck).
> > So it seems that it was intended to be a "fair" challenge.
>
> That's certainly true of the first three (broken) systems. However,
> Sanborn has said that the remaining part is a "whole new ball game",
> and has said in the past that he never expects it to be broken.
> While it's seductively tempting to think that the fourth part is as
> easy as the first three and just awaits somebody trying the right
> kind of cipher with the right key(s), it's also quite possible that
> it is indeed much harder, as suggested by Sanborn in print.
------------------------------
From: Ruud de Rooij <*@spam.ruud.org>
Subject: Re: Can you believe this??
Date: 15 Sep 1999 11:04:58 +0200
Reply-To: *@spam.ruud.org
Eric Lee Green <[EMAIL PROTECTED]> writes:
> jerome wrote:
> > but /dev/random is blocking when the entropy isnt there...
> > important to know :)
>
> Hmm... I haven't tried it under Linux. Under FreeBSD I type "cat
> /dev/random >/tmp/foobar" and it puts out however many bits of entropy
> are in /dev/random to /tmp/foobar. Ah. Just ssh'ed into a machine at the
> office running Linux 2.0.37, and indeed it blocked when I tried "cat
> /dev/random >/tmp/foobar". Same thing with Linux 2.2.12. Sigh. There has
> to be some way around that :-(. Except I can't think of a way except for
> doing 1-byte reads with an alarm() to interrupt me swiftly if I block
> :-(. Hmm, I wonder what happens if I do a select() on /dev/random to see
> if there is any input waiting? I would still need to get it one byte at
> a time that way, but at least I wouldn't block. But I don't remember if
> select() will work on a device node under Linux (mumble mumble mumble
> I'll wait until I have to port this beast to Linux...).
It's probably easier to just open /dev/random in O_NONBLOCK mode.
Then it returns -1 with errno set to EAGAIN if no random data is
available, instead of blocking.
But even without O_NONBLOCK, if some bytes are available, a read() on
/dev/random will succeed but with less than the requested number of
bytes. It will only block if no bytes are available.
- Ruud de Rooij.
--
ruud de rooij | *@spam.ruud.org | http://ruud.org
------------------------------
From: Rolanas Ycas <[EMAIL PROTECTED]>
Subject: CRL import to NC
Date: Wed, 15 Sep 1999 11:32:35 +0200
Sorry if this is wrong place for my question
How to import CRL from MS Certificate Server to Netscape
Communicator?
When i try to import CRL to NC 4.61 it says
"The certificate revocation list you are trying to load has
an invalid format."
When i try this with IE 5.0. Save CRL to disk. Then open it and
everything is O.K.
Rolanas Ycas
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4-40 Cracking
Date: Wed, 15 Sep 1999 10:44:27 GMT
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
> Dafydd Richards wrote:
> >
> > Please could somebody post/email rough estimates for the following
please
> > :-
> >
> > 1) How much time would a machine on a $30,000 budget take to crack
RC4-40.
> >
> > 2) How much would it cost to construct a machine to crack RC4-40 in
say half
> > an hour.
>
> Not much, if you're doing it with PCs. But I assume you meant a
custom
> machine along the lines of the DES cracker.
>
> For a rough estimate, suppose RC4 and DES key search are about equally
> hard
> and equally fast. Deep Crack did a 56 bit key in 56 hours, which
means
> it
> could do a 40 bit key in 3 seconds. It costs about $300k.
>
> Suppose also that speed scales directly with cost. That would mean a
> $30k
> machine would find an RC4-40 key in 30 seconds. And a half hour
machine
> would cost $500. (That last number doesn't really work because
hardware
> costs don't scale linearly down that far. But it suggests you can do
> the
> job with a modest investment in FPGAs. Might make a nice thesis
project
> for
> an enterprising EE student.)
>
> paul
>
paul,you say not much with PC's
If you were using PC's based on the A-Bit BP6 Dual Celeron motherboard
using two Celeron 400's to keep the cost down.
How many would you need to crack rc4-40 in say one hour.
mark
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4-40 Cracking
Date: Wed, 15 Sep 1999 10:34:28 GMT
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
> Dafydd Richards wrote:
> >
> > Please could somebody post/email rough
estimates for the following please
> > :-
> >
> > 1) How much time would a machine on a $30,000
budget take to crack RC4-40.
> >
> > 2) How much would it cost to construct a
machine to crack RC4-40 in say half
> > an hour.
>
> Not much, if you're doing it with PCs. But I
assume you meant a custom
> machine along the lines of the DES cracker.
>
> For a rough estimate, suppose RC4 and DES key
search are about equally
> hard
> and equally fast. Deep Crack did a 56 bit key
in 56 hours, which means
> it
> could do a 40 bit key in 3 seconds. It costs
about $300k.
>
> Suppose also that speed scales directly with
cost. That would mean a
> $30k
> machine would find an RC4-40 key in 30
seconds. And a half hour machine
> would cost $500. (That last number doesn't
really work because hardware
> costs don't scale linearly down that far. But
it suggests you can do
> the
> job with a modest investment in FPGAs. Might
make a nice thesis project
> for
> an enterprising EE student.)
>
> paul
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4-40 Cracking
Date: Wed, 15 Sep 1999 10:34:26 GMT
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
> Dafydd Richards wrote:
> >
> > Please could somebody post/email rough
estimates for the following please
> > :-
> >
> > 1) How much time would a machine on a $30,000
budget take to crack RC4-40.
> >
> > 2) How much would it cost to construct a
machine to crack RC4-40 in say half
> > an hour.
>
> Not much, if you're doing it with PCs. But I
assume you meant a custom
> machine along the lines of the DES cracker.
>
> For a rough estimate, suppose RC4 and DES key
search are about equally
> hard
> and equally fast. Deep Crack did a 56 bit key
in 56 hours, which means
> it
> could do a 40 bit key in 3 seconds. It costs
about $300k.
>
> Suppose also that speed scales directly with
cost. That would mean a
> $30k
> machine would find an RC4-40 key in 30
seconds. And a half hour machine
> would cost $500. (That last number doesn't
really work because hardware
> costs don't scale linearly down that far. But
it suggests you can do
> the
> job with a modest investment in FPGAs. Might
make a nice thesis project
> for
> an enterprising EE student.)
>
> paul
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: talk.politics.crypto
Subject: Re: Ritter's paper
Date: Wed, 15 Sep 1999 13:39:04 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] () wrote:
>Terry Ritter ([EMAIL PROTECTED]) wrote:
>: On Tue, 14 Sep 1999 20:29:57 GMT, in
>: <[EMAIL PROTECTED]>, in sci.crypt
>: [EMAIL PROTECTED] (John Savard) wrote:
>
>: >Extensive past cryptanalytic research does not, as you correctly note,
>: >_prove_ a block cipher unbreakable, but it does reduce the likelihood
>: >of the existence of a break likely to be known to, or able to be found
>: >out by, certain classes of adversary.
>
>: You have made an assertion, not a summary of the known reality. We do
>: not know the likelihood of any break.
>
>I think that I could discuss this point by talking about boxes which have
>black and red billiard balls inside them, but I might just end up
>"proving" your point of view if I did so.
>
>You are certainly correct that if DES has a fixed _a priori_ probability
>of being broken by somebody before 2003, no cryptographic result will
>alter that probability.
>
>However, the cryptanalytic effort directed against DES has demonstrated
>that it is unlikely - very unlikely - that there is some stupid flaw in
>DES that would be obvious to a moderately competent opponent.
Actually anyone aware of the state of electronics at the time DES
was employed. I am talking custom hardware not computers. Realizes
that DES could be easily broken by a realtime brute force search. Just
becasue it took deveral years for the domestic computer front to reach
that stage does not mean that it was not done decades before. Many
even at the time the governemnt moded it from 64 bits to the strange
56 bits realized this at that time. SInce then it is very likely a group
like the NSA may have found a very simple break other than brute
force search. You can't blindly say that just becasue some one in the
public domain has not found one. That one does not exist.
>
>: The only interaction of interest is
>: between the cipher and The Opponent, and the Opponents are not
>: talking.
>
>Yes, but I think that an underworld cabal with cryptanalytic competence
>approaching that of the NSA, for example, is a subject for a James Bond
>movie, but not a threat analysis. However, not all cryptography is aimed
>at mere hackers; one might be involved in human-rights efforts, and not
>wish the Chinese government to read one's mail.
It might be very possible that there is a sweet old lady much like
the British equivalent in the NSA giving Chinese all the NSA secrets.
My government is a total fool when it comes to catching spys. The
security types look very hard into people like me who question many
of the dumb pratices. They are to blind and arragant to catch real spys
they would rather chase after those who offer advice or who question
things. It was that way with the Brits witness the old lady spy and it
is that way with the US government. Sure after years and years a
jealous wife can cause a Walker case but that is the tip of the iceberg.
With a Clinton administartion afraid to search the personnal computer
of a person of chinese origin who signed away his right to keep his
computer private so that that person can have access to our nuclear
arsenal for fear of looking bad becasue it may be viewed as attacking
a minority.
>
>My point here is that a cipher beyond the reach of Eli Biham and the like
>*is* beyond the reach of a large number of likely opponents.
>
>: >(That the history of
>: >cryptography is replete with systems that have been proposed for
>: >serious use, but which had serious and obvious flaws, as Bruce noted,
>: >is surely a fact beyond dispute.)
>
>: Yes. But these data do not imply what you think they do. They have
>: shown weakness; they do not imply strength in the remaining ciphers.
>
>No, they do not. But they imply that weakness is likely in an unexamined
>cipher. The ones that have survived winnowing for obvious flaws have been
>shown not to have that particular type of flaw.
>
>Thus, in using a "new" cipher, I am taking a risk that a moderately
>competent cryptanalyst might be able to break it. In using one that has
>been extensively studied, I can - as a rough estimate - hope that it will
>take an additional period of study, as long as that to which it has
>already been subjected, before a flaw turns up.
>
>(Yes, I am a Bayesian.)
>
>: I would say that, in cryptography, partial confidence is no confidence
>: at all.
>
>You have a point. However, 1000 times zero is still zero. I trust you can
>see how that makes your position as untenable as Bruce's by that standard.
>
>: My article was a specific response to the earlier column which
>: essentially said that new cryptography was bad cryptography. My
>: article addresses that issue, and apparently you agree that it needed
>: to be said.
>
>Well, you seem to have just said that old cryptography is bad
>cryptography.
>
>Bruce correctly stated the risks of using untried cipher designs. They
>have a significant likelihood of flaws that are relatively easy to find.
Actually Bruce is a little high on himself or haven't you noticed.
So is Mr Wagner. But now that I know Mr Wagner is listed on Bruces
own site as an employee it makes persfect sense as why the two seem
to speak with one voice. THey can attack a certain class of tried ameture
ciphers becasue they get invented over and over. Then they make sweeping
statements that if it is not thought of by people with there narrow training
and background it is no good.
Well the truth is that both can make shallow attacks against my cipher
and people are dumb enough to belive them. David has stated publicly that
my method is weak. Yet when push came to shove. HIs blesed (my Bruce)
Slide attack that he said would show my method scott19u or scott16u wiould
be dead was wrong. He know admits he can't even decipher working C code.
What kind of expersts are these 2 guys.
>
>: I am aware that the old point of view is fundamentally flawed and
>: scientifically invalid. It is *not* almost valid. It is *not* partly
>: right. It is *not* right in practice. It is just wrong.
>
>You are correct in saying that certainty of a type recognized in
>mathematics is absent here. Many situations in life involve an absence of
>certainty. There are ways in which people respond rationally to such a
>condition.
>
>Bruce recommends one form of response: gather as much corroborating
>evidence as one can, even if it is of a kind with a fundamental
>limitation.
Bruce and his employes are only capable of looking in very narrow
areas. He once stated on a post he found it harder to design large key
systems than the ones he designs. This is an obvious lie or maybe Bruce
needs to take a few more math classes. Bruce and his emplyess are to
lazy to look at new methods. His last excuse was that he was busy with
AES methods to look into the real world of ciphers that are different like
mine.
>
>You recommend other responses: use multiple ciphers, use a cipher few
>other people are using so as to limit the amount of effort expended
>against it.
>
>Your recommendations are sound *additional* measures to take in this
>situation of uncertainty. But because you are emphasizing that Bruce's
>approach doesn't produce logical certainty, you appear to imply that his
>strategy of response to the uncertainty can, and perhaps even should, be
>neglected.
>
>Obviously, you don't really mean that. You would not seriously offer to
>the public an encryption program that enciphered people's messages using
>10 algorithms taken from a pool of 1000 algorithms - that you had
>developed for you by a local Grade Five class. You wouldn't do that;
>nobody would. And the reasons you don't are the same reasons that are
>behind what Bruce had said. So Bruce is not "just plain wrong".
But the liekly hood of only using NSA approved ciphers goes up when one
uses a very limited number of blessed ciphers made by people with the
same narrow mindset. Because it in the interest of the NSA to control
crypto by all meanes and if the eggs are in one basket that is the basket
the NSA will surely infect.
What is need is many ciphers of different design uses serially since if
desinged by more that one school of thought those in the other school
will try to break them and publish the breaks to embarasse the other
side. But with one school of thought it will become potitically corrupt
has the system is today.
Since Bruce and David can say mine is waek yet few question there
lies even when they fail on there only known public attempt to break
my code. Yes they will continue to say they are to busy. But the
truth of the matter a large key system like mine is far better at secureing
files than there weak short key methods. And yes mine might not be
best for credit cards systems. SO what it is desingned for FILES.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: Newbie needs help
Date: Wed, 15 Sep 1999 13:38:02 +0200
B3avis wrote:
>
> I want to knwo some basics, like :
> how does the stream-thing work ?
> how can you make your own algorithms ?
Read these:
http://www.rsasecurity.com/rsalabs/faq/
ftp://rtfm.mit.edu/pub/faqs/cryptography-faq/
http://ciphersaber.gurus.com/
ftp://rtfm.mit.edu/pub/faqs/cryptography-faq/snake-oil
Then do web searches for "crypto source".
> what things are good, what things aren't good ?
>
Knowing how to code the algorithms is only 1% of the job.
Understanding key exchanges, attack methods, etc. is much more
important.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Mystery inc. (Beale cyphers)
Date: Wed, 15 Sep 1999 13:19:25 GMT
In article <[EMAIL PROTECTED]>,
sha99y00000 <[EMAIL PROTECTED]> wrote:
> I'll try tomorrow and see what my library can offer. I just thought
> that these papers would have been freely on the net for a wider
> feedback.
It used to be possible to get copies of Beale cipher articles from
the Beale Cypher Association, but the BCA shut down about three years
ago.
-- Jeff Hill
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: mike cardeiro <[EMAIL PROTECTED]>
Subject: Re: Newbie needs help
Date: Wed, 15 Sep 1999 06:52:50 -0700
In article
<[EMAIL PROTECTED]
ws.net>, Eric Lee Green <[EMAIL PROTECTED]> wrote:
> There's an IEEE standards committee at
> http://grouper.ieee.org/groups/1363/
> Appendix A of the document for the proposed standard
> is a math appendix.
i tried to get appendix a because i am having a lot of
trouble with the math part (i've been out of school a long
time and hardly remember what a prime number is...let alone
what the hell xor means).
when i tried to download appendix a i was prompted for a
username/password. are there any other resources that
explain the math for us folks who have forgotten (or never
learned) the math?
mike cardeiro
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
