Cryptography-Digest Digest #243, Volume #10 Wed, 15 Sep 99 22:13:02 EDT
Contents:
Re: Mystery inc. (Beale cyphers) (sha99y00000)
Re: pseudo random number in a embedded software (Peter Gutmann)
Re: Mystery inc. (Beale cyphers) ([EMAIL PROTECTED])
Re: Looking for Completely-Free Strong Algorithms ("Joseph Ashwood")
Re: Can you believe this?? (David A Molnar)
Re: Can you believe this?? (JPeschel)
Re: Ritter's paper (Bodo Moeller)
Re: Ritter's paper (David Wagner)
Re: Ritter's paper ("Richard Parker")
Re: SCOTT19U.ZIP_GUY/Questions Please (SCOTT19U.ZIP_GUY)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Ian)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Ian)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Ian)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Ian)
----------------------------------------------------------------------------
Date: Wed, 15 Sep 1999 23:12:41 +0100
From: sha99y00000 <[EMAIL PROTECTED]>
Subject: Re: Mystery inc. (Beale cyphers)
"Douglas A. Gwyn" wrote:
>
> sha99y00000 wrote:
> >> > ... Communications of the ACM, January 1971, ...
> > I'll try tomorrow and see what my library can offer. I just thought that
> > these papers would have been freely on the net for a wider feedback.
>
> So, have *you* volunteered to create accurate on-line versions of
> these documents? Very few publications have on-line versions
> dating back more than a few years. It takes time and money to
> accomplish that, if it wasn't planned from the start.
Somebody has transcribed the original Ward Papers and I came across a
link [though be it dead] to the Hart papers. So I know that one exist
somewhere in E-text, and perhaps more. As for volunteering, How can I
produce for others (and I willing to help out in any way I can)
something that is apparent I don't have. Your comments have no merit.
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: pseudo random number in a embedded software
Date: 15 Sep 1999 22:51:36 GMT
Eric Lee Green <[EMAIL PROTECTED]> writes:
>Medical Electronics Lab wrote:
>> Check out Yarrow on Bruce's site:
>> http://www.counterpane.com
>Been there. As you can probably tell, by looking at Ocotillo. The
>problem with Yarrow is that it is very much tied to the Win32 platform
>due to the fact that all of its sources of entropy are based on tying
>into the innards of the Win32 platform. Still, it is very much a
>worthwhile approach.
You could also use the one I described in my 1998 Usenix paper, available from
my home page at http://www.cs.auckland.ac.nz/~pgut001/ under the
"Analysis and Design of Security Systems" heading. The code is available as
part of cryptlib (also linked to on the page) under either GPL or Berkeley
licenses (take your pick). It runs on pretty much anything, although the
VM/CMS interface is still a bit problematic (anyone want to volunteer to help
with that?).
Peter.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Mystery inc. (Beale cyphers)
Date: Wed, 15 Sep 1999 22:29:41 GMT
In article <19990915021253.897$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Curt Welch) wrote:
> http://www.und.nodak.edu/org/crypto/crypto/general.crypt.info/beale/
>
> I just checked this site out and found it has lots of good info
> about all this, including most of Ed's work that I have under the
> more.beale directory. And in the DOI file is a nice description
> of somebodies adjustments to the DOI _and to B2!_.
Thank you. The .doc files in the main directory are some I
submitted to the American Cryptogram Association in 1989. I worked on
the Beale ciphers from 1987 to 1989 and these files are a summary of
what I learned.
<< Didn't know there were B2 adjustments people felt were needed! >>
If you renumber the DOI you'll find that there are six or seven
encipherments that still haven't been fixed by the renumbering. Most
of these can be treated as typographical errors requiring only a +1 or -
1 adjustment. Also, when viewed as typos, 188 becomes 138 and 440
becomes 40. Other people have chosen other adjustments.
-- Jeff Hill
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Looking for Completely-Free Strong Algorithms
Date: Wed, 15 Sep 1999 15:37:37 -0700
>
> You shouldn't have to craft your data to suit the crypto: select the
> crypto so it'll protect the data no matter what it is. Otherwise you
> have a whole raft of extra code that has to be correct and secure for
> your protocol to be secure.
Actually most of it is making sure that identical commands aren't sent
between the server and host. Right now we occassionally get the equivalent
of:
Go get me a head of lettuce
...
Go get me a head of lettuce
It's a matter of efficiency that's more global in the program than the
encryption is.
Joseph
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Can you believe this??
Date: 15 Sep 1999 22:24:13 GMT
If you're using some kind of new algorithm, you could get a patent on the
algorithm. Then publish the algorithm. Now you have the exclusive rights
to implement it (subject to whatever patent laws are like in your area of
the world) for a fairly long period of time. Publishing puts the algorithm
out where anyone can look at it and try to come up with a break.
or, if you are using an already known algorithm, you could try giving the
source away and charging for support. Then this shifts more towards "how
do I make money with open source" and away from crypto.
-David
John <[EMAIL PROTECTED]> wrote:
> I agree. How can I get my encrypter "peer reviewed" without
> giving away the "family jewels?" I have had many who
> claim they are in the encryption community "assult me" for
> not giving up the source code.
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Can you believe this??
Date: 15 Sep 1999 22:48:06 GMT
>[EMAIL PROTECTED] (David Wagner) writes:
>In article <[EMAIL PROTECTED]>,
>John <[EMAIL PROTECTED]> wrote:
>> What's the joke? Some people don't subscribe to the "pure"
>> science of cryptography as much as others. It is very hard
>> to make money and be into the pure science at the same time.
>> Not many can do it. The source or publication would be
>> the easiest method a cryptographer had to crack a system.
>>
>> What is the obligation? As a scientist, you are supposed
>> to share information. It is unethical not to. In business,
>> especially computers/tech...The whole idea is to have
>> something that nobody can "get there hands on."
>
>Ian Goldberg and I debunked this reasoning back in 1996 in a
>Dr. Dobb's Journal article:
> http://www.ddj.com/articles/1996/9601/9601h/9601h.htm
>We _certainly_ were not the first to point out the problems with
>proprietary-design crypto; our article just points out an especially
>nice example where the closed-design approach went spectacularly wrong
>in an important widely-used commercial application.
>
>For a few other examples that I am fond of, read any of our papers
>on cellphone security (or lack thereof).
>
>Sadly, the lesson does not seem to have been learned in many quarters.
Your right, David: the lesson hasn't been learned by plenty of
crypto vendors. Quite a few examples of reverse-engineering
are on my web page.
A new essay from Casimir will be on my site soon.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: Ritter's paper
Date: 15 Sep 1999 23:32:35 GMT
David Wagner <[EMAIL PROTECTED]>:
[...]
> Maybe the following will help make the definition of f(R) a bit more
> explicit. One can imagine running the following thought experiment many
> times: hire some cryptographers to design the best cipher they can with
> resources R, and then ask some "oracle" whether the result is secure.
> Then the idea is that the probability f(R) is the fraction of times that
> the resulting cipher is insecure.
>
> (In practice, it may be too difficult to check whether the result is
> secure, but in principle, we know there is some truth of the matter
> about whether the cipher is secure, so the value f(R) is well-defined.)
In the multi-cipher scenario, you assume that there's an independent
team for each cipher ("Each cipher breaks with probability f(R/N)",
so the assumption is that effort R/N goes into each of the N
ciphers). However Terry Ritter's model seems to be that all the
individual designs should be derived from the same `pool' of know-how
(or he wouldn't talk about having "exponentially many" ciphers).
The real discrepancy between your and Terry's opinions might be that
you assume that the bulk of the analysis work can be done only once
there's a fixed design to look at, whereas Terry assumes that lots of
ciphers can be derived from collected knowledge on ciphers without
analysing each of the resulting ciphers in that much detail.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Ritter's paper
Date: 15 Sep 1999 16:27:29 -0700
In article <7rpaaj$14d$[EMAIL PROTECTED]>,
Bodo Moeller <[EMAIL PROTECTED]> wrote:
> The real discrepancy between your and Terry's opinions might be that
> you assume that the bulk of the analysis work can be done only once
> there's a fixed design to look at, whereas Terry assumes that lots of
> ciphers can be derived from collected knowledge on ciphers without
> analysing each of the resulting ciphers in that much detail.
Good point! If you can share the workload and develop N ciphers for
less than N times the cost of a single cipher, that changes the model.
I hadn't thought about that possibility.
Many thanks for the excellent observation.
------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: Ritter's paper
Date: Thu, 16 Sep 1999 00:31:10 GMT
[EMAIL PROTECTED] (David Wagner) wrote:
> Bodo Moeller <[EMAIL PROTECTED]> wrote:
>> The real discrepancy between your and Terry's opinions might be that
>> you assume that the bulk of the analysis work can be done only once
>> there's a fixed design to look at, whereas Terry assumes that lots of
>> ciphers can be derived from collected knowledge on ciphers without
>> analysing each of the resulting ciphers in that much detail.
>
> Good point! If you can share the workload and develop N ciphers for
> less than N times the cost of a single cipher, that changes the model.
> I hadn't thought about that possibility.
If one assumed that the workload was shared in the development of the
multiple ciphers, wouldn't this raise the possibility that the ciphers
are not sufficiently independent? This presumably would suggest that
a catastrophic failure of the multiple ciphers could occur - the
failure mode that Terry Ritter hopes to avoid by not using a single
cipher.
-Richard
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: SCOTT19U.ZIP_GUY/Questions Please
Date: Thu, 16 Sep 1999 02:26:29 GMT
In article <[EMAIL PROTECTED]>, tunafish <[EMAIL PROTECTED]> wrote:
>Hi Scott
>I have read alot of your posts here, and I think you have a point which
>I would like to explore here. What you seem to be sayong is the
>following (among other things !):
>
>1. Why should the nist give us wonderfull advanced algorithms for the
>21st century free on a plate, curtesy of the nsa?
>2. You dont like the 3 chaining technique they use and the compression
>because you say it weekens the encryption.
>
>Point 1: Yes why would our government kindly give us free secure
>encryption software free. Very good question. My theory goes somthing
>like this:
>The nist wanted to know what is available out there , like throughing
>the net out to catch any fish...
>And they seem to have caught some good fish....2fish , mars, etc....the
>aes candidates...
>What they seem to have done is deliberaltely weeken these algorithms by
>asking those who submitted to make certain modification to the code...
>Since I am not a cryptographer, I dont know apples from pears if 2fish
>is fishy or not....I think there are very few who can for certian verify
>if there is weekness in 2fish or any of ther other aes submissions...ok
>but these guys are NOT GOING TO POST HERE and tell US 2fish is strong
>and ok to use....
>These top cryptographers, most of them dont go public and certainly work
>for government institutions...so we will probably never know if any of
>the aes submissions has an inherent weekness or not...Could it be that
>our government is weening us away from strong algorithms which they cant
>break ( IDEA etc) , by replacing those with the so called Advanced AES
>standards...
>
>Now Point 2:
>Could you explain your claim that 3 chaining and and the compression
>used weekens the ciphers...you have just made a statement and no
>clarification...please explain to a non-cryptographer what this means
>Just as a matter of interest , I use pgp (the original DOS version and
>not the new GUI version)...., is there also this tripple chaining
>weekness in it which you so dislike...
All of the blessed 3 letter chaining methods have error recovery.
Mr BS in his book (which I don't recomend I read it in a library)
page 226 2nd edition says theat error handling should be seperate
from encryption look at bottom of page. I don't trust his advice since
I feel he and his employee DW really wish to lead people astray.
But maybe in this section so good advice leaked out.
But you can easily see the effect of how bad the 3 letter chaining
methods are.
Encrypt a file with a method that does the block encryption of your
choice. Hex edit the middle of the output file. Then decrypt the file
only the area where you changed the code is affected. It means that
though your eyes can me confused the data is not mised very well.
The crypto gods will tell you this is for your own good. Even though
on the rare occasion you get an errot there is not much you as a
typical user can do about it.
As for compression ture to decompress several binary file and so
if they compress back to the same respective files. If they do you
may have one to one compression if they don't the compression
method may actaully help the attacker. I don't know anything
about the newer versions of PGP but I was hoping vainly I guess
that the newer GnuPG would have more security features but
I guess it will not.
>
>Tuna Fish
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Ian)
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Thu, 16 Sep 1999 00:22:18 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (John M. Gamble) wrote:
>In article <[EMAIL PROTECTED]>,
>Ian <[EMAIL PROTECTED]> wrote:
>>[EMAIL PROTECTED] wrote:
>>
>>> The second "good" reason Stephenson's Randy
>>>has for building The Crypt is that the
>>>introduction of a secure anonymous digital
>>>currency backed by pilfered World War II gold
>>>would help Asia recover from its recent economic
>>>woes:
>>
>>Good grief. I want to ask "can he really be that dumb?", but I read part
>
>Well, no. This book review doesn't accurately reflect the contents
>of the book.
>
>I have my own quibbles with some of the characterizations in the
>novel, but you wouldn't recognize the plot nor the people based
>on this review.
Well I read the quoted paragraph on the explanation of what it would do for
Asia. If that even vaguely resembles Stephenson's views, he's very very
wrong.
------------------------------
From: [EMAIL PROTECTED] (Ian)
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Thu, 16 Sep 1999 00:21:22 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (John Savard) wrote:
>[EMAIL PROTECTED] (Ian) wrote, in part:
>
>>And
>>when you are talking about fundamental aspects of a national economy and
>>tax base, and issues that will be very important to the individual citizens
>>as well, there is one thing you will NOT see. And that is the people and
>>the government saying "Oh gee whiz, it's hard to keep up with this new
>>system, guess we have no choice but to give in and fly wherever the wind
>>happens to blow us".
>
>There are those who believe we are already seeing this right now,
>which is why we aren't seeing a vast grassroots political movement
>saying "This globalization stuff is putting money in the pockets of
>the rich; we've got to ban cheap overseas imports, and return to the
>good old days when unions were strong and TV sets and cars were made
>in America (or Canada, as the case may be)".
I don't see why there would be an unusual impetus toward such a thing,
because it does not in fact seem to be happening. Income inequity in
Canada, for example, is fairly stable and our middle class is definitely
_not_ shrinking. Inequity may be on the rise in the US, but the US is also
in the middle of a boom time with employment at the highest in decades and
so on.
------------------------------
From: [EMAIL PROTECTED] (Ian)
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Thu, 16 Sep 1999 00:41:54 GMT
Reply-To: [EMAIL PROTECTED]
Tom Knight <[EMAIL PROTECTED]> wrote:
>> If a 'democratic' means of 'encouraging' an end to these
>> criminals were
>> easily accessible to the average Netizen I believe enough would
>> participate to make this a new global political force to be recconned
>> with.
>
>Wow. Like a kind of twisted, charity-funded version of Special
>Circumstances. This one's definitely going in the RPG bag.
Except that it changes nothing from the present day.
Present-day, the US could easily offer a reward on Saddam Hussein's head.
Some large sum of US dollars, payable in cash at a secret location or
whatever. With the cooperation of both sides of the exchange, one of which
is a government for crying out loud, tracing it isn't a realistic option.
The problem is that anyone who attempts to kill Saddam is likely to fail.
Even if he succeeds, he is likely to be caught and have nasty things happen
to him before he escapes. If he does escape Iraq, he can collect his
payment and move somewhere safe, irrespective of what form it came in. The
Iraqis would be tracking his identity, not his money.
Now we add e-cash to the equation. What changes? Nothing.
------------------------------
From: [EMAIL PROTECTED] (Ian)
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Thu, 16 Sep 1999 00:38:30 GMT
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
>>I am aware that Government regulators tend to look the other way at
>>money laundering today. This makes sense because, to a great extent,
>>odious regimes that rule without the consent of the people rely on
>>money laundering to keep their grip on power. The more the
>>kleptocrats' shenanigans are exposed to the public eye, the more
>>ridiculous they look, and the higher chance of their being overthrown.
>>
>>So, you are right that money laundering is widely tolerated. Today.
>>
>>My contention is that if there was the technology to commit perfect
>>crimes, global public opinion would swiftly turn against the
>>e-launderers who abetted it.
>
>I think it would depend upon whom the initial 'perfect crimes' were
>committed. I dare say that if Saddam were the successful target of an
>assassination for hire plot using anonymous money most of the western
>public would just shrug and say good riddance, but the government elite
>would not be so dismissive. There is substantial frustration by many
>global citizens that many governments and their minions routinely
>violate the
>basic human rights of their citizens and that, for economic and
>political reasons, their own democratic governments are either powerless
>to stop
>the carnage or do so only after thousands or even tens of thousands are
>killed. If a 'democratic' means of 'encouraging' an end to these
>criminals were
>easily accessible to the average Netizen I believe enough would
>participate to make this a new global political force to be recconned
>with.
Of course, anonymous e-cash would not be the slightest bit useful in
providing such an impetus. If someone really wants to hire an assassin,
they are going to have to have some personal contact to do it (we're
talking the ultra-sensitive and dangerous job of assassinating a national
leader, not a "hit"), and they can pay in plain old ordinary cash. The
barrier to assassination isn't getting paid, it's the difficulty of
succeeding, surviving the attempt, and managing to escape. The method of
payment is trivial in comparison.
>>I think of the current "private banking"
>>regime of money laundering as a sort of gentleman's agreement. Private
>>bankers will help criminals do their thing, but only up to a point.
>>And the criminal always runs the risk of the private banker exposing
>>his or her identity to the authorities.
>>
>>Okay, maybe not the master criminal's identity, but his agent's. At
>>some point there's usually some kind of face to face contact.
>>
>>E-laundering would be fundamentally different. Here, the shady
>>middleman would not know any identifying information about the parties
>>she is assisting. It would all done by servers, left mostly
>>unattended. Even if the sysadmin of the e-money-laundry wanted to help
>>the authorities, she could not. Thus, the potential for evil is
>>greatly expanded.
>
>Or the potential good. See my comments above.
Except that the supposed potential for good identified above does not in
fact exist. It's getting so I'm no longer stunned by the naivete of people
advocating various anarchist economic schemes.
>>Imagine this. Terrorists announce that they have planted a big bomb in
>>an important heavily-populated building somewhere in the world. Unless
>>50 million anonymous dollars are posted to such and such newsgroup,
>>encrypted with such and such key, within half an hour, the bomb goes
>>off. The money can come from anywhere, as long as it clears. The
>>leaders of the first world refuse to negotiate with the terrorists.
>>The bomb goes off and hundreds of people die. A week later the
>>terrorists post another message asking for money (digitally signed so
>>that there can be no doubt that this is the same group of bad guys).
>>
>>Plausible deniability sounds pretty feeble at this point. They don't
>>call it perfect crime for nothing.
>
>Such crimes can already be committed without anonymous digital cash.
>Instead of the above scenario they merely ask that an leading U.S.
>corporation (e.g., Microsoft, Intel or Cisco) announce dramatically
>lower quaterly results. The criminals have been buying up put options or
>indexes over several months using otherwise normal accounts under phoney
>names.
>The announcement causes a significant price decline and the criminals
>cash
>out their positions. Tracing them down could be on a scale comperable
>with
>the digital cash scenario.
This requires considerably more advanced planning and intelligence on the
part of the criminals. They have to be sophisticated players who know
exactly what they are doing, instead of having e-cash do their work for
them. It requires that someone obtain the cooperation of the corporation
in question to produce payment - which likely has to be a major government
because the corporation cannot really predict the results of the
announcement and the resulting financial trouble is variable. The person
making the payment can be identified, which may cause problems in some
scenarios.
In general, that example shows that while you can perform the "perfect
crime" very simply with e-cash (in terms of collecting payment anonymously,
but you can also perform a possibly as "perfect" crime without e-cash if
you are a skilled planner with the right idea and organization.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
