Cryptography-Digest Digest #300, Volume #10 Thu, 23 Sep 99 08:13:03 EDT
Contents:
Re: msg for Dave Scott (JPeschel)
Re: msg for Dave Scott (Tom St Denis)
Re: msg for Dave Scott (Tom St Denis)
Re: some information theory (very long plus 72K attchmt) (SCOTT19U.ZIP_GUY)
Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out (Greg)
Re: Securing Executables ("ME")
Re: Another bug RE: CryptAPI ("Trevor Jackson, III")
Re: EAR Relaxed? Really? (Greg)
Re: Ritter's paper ([EMAIL PROTECTED])
Re: msg for Dave Scott (Johnny Bravo)
RSA weak? ("Kem")
SNAKE Web Page (Peter Gunn)
Re: Purdue's Large Number (Bob Silverman)
Re: msg for Dave Scott (Tom St Denis)
Re: International crypto restrictions (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: msg for Dave Scott
Date: 23 Sep 1999 04:15:12 GMT
Tom St Denis <[EMAIL PROTECTED]> writes:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (JPeschel) wrote:
>> Tom St Denis <[EMAIL PROTECTED]> writes:
>>
>> >Well you say you can break all encryption methods and systems.
>>
>> When did he say that? I think he claimed he would try breaking IDEA
>> once a long time ago, but usually he says it's the NSA that can
>> break everything.
>>
>> I've never seen Dave or Tom break any sort of cipher.
>
>He has claim on numerous occasions that CBC mode and all 'short block'
>ciphers are weak. I sent a message and I want him to prove it. I can
>provide more ciphertext if he asks for it...
>
>
Yes, Dave claims that the chaining modes and "short key" ciphers
are weak. It is, however, according to Dave, the NSA that can
break these.
Which ciphers have you broken?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 03:37:35 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Wed, 22 Sep 1999 12:09:57 GMT, Tom St Denis wrote:
> >
> >beaqaaamL6MNs6}utuaaaaiaaaaW{dsG{jC4KzE3hoqb}tWYZ9qT2Fcaaaaaaaaaaaaa
> >aaaaaaaaaaaaaaaaaaaaaaaaa
>
> can you explain all these 'a' at the end and in the middle of the
> cypher text ?
>
Why? You think they are clues to the message?
At first I was going to say READ THE SOURCE, but I realize that's unfair.
Some people work (unlike me), so I am going to say 'a' represents the 6-bit
number zero and that the header contains some (size, and cipher id). The
'a's at the end is padding to avoid corrupting the end of the message.
My point was that peekboo is a realistic cryptosystem for private
email/messages and that if Dave could break it (using the ultra week CBC mode
and Twofish/blowfish/cast/rc4/rc5/rc6 ) then I would love to see it done. I
can send more messages but you have to realize that at most you would get 15
messages a day which represents my avg usage right now ...
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 03:41:35 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> Tom St Denis <[EMAIL PROTECTED]> writes:
>
> >Well you say you can break all encryption methods and systems.
>
> When did he say that? I think he claimed he would try breaking IDEA
> once a long time ago, but usually he says it's the NSA that can
> break everything.
>
> I've never seen Dave or Tom break any sort of cipher.
He has claim on numerous occasions that CBC mode and all 'short block'
ciphers are weak. I sent a message and I want him to prove it. I can
provide more ciphertext if he asks for it...
Common Dave prove your theory break the weak ciphers in Peekboo common :)
bfaqaam5qVm6yVvM4uaaaaaaaaaqyCSpH}gF3tLsGM8qHvaRpIg3QPyQDPliaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaa
another?
bfaqaaahmvDXXU{3XzaaaaaaaaaaxAJ1kkU{OpkgFbtwXsaZJVROoMg1zREhAtGyEsTs
mVcaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Yes I realize there are 'a's at the end... that's the padding, if you are
parianoid read the source (peekboo in the function do_encrypt()).
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: some information theory (very long plus 72K attchmt)
Date: Thu, 23 Sep 1999 05:29:17 GMT
In article <[EMAIL PROTECTED]>, James Felling
<[EMAIL PROTECTED]> wrote:
>
......
>> The problem with non "one to
>> one" comp is that they are weak even if the starting portion of the FILE
>> is not KNOWN. You sir seem to think one always has the start of the
>> file encrypted that is not necessarily true. What I showed is that non "one
> to
>> one" compression weakens the compression followed by encryption even if
>> there is no information about the input file.
>
>Where is this demonstrated?
>I have seen no such proof. All I have seen is you claiming that this is so.
Will take the random file of your choice.
pkzip ir since this is not "one to one"
encrypt it with some AES product.
Know guessing a key is slow but guess a different key.
use the key and then try to decompress the file you got
with the key. lots of luck. Its dam hard to even find a key
that will lead to a decompressable file.
Guess what knowing nothing about your file many keys
if not most are eliminated.
now do the some thine pick a random file.
use a "one to one" compressor
encrypt it.
know if I guess a key I can't throw it out
since the resulte file is decompressable.
If you can't follow a simple proof like this then
don't use compression. It would waste
your time
>
><Big lup of technical info SNIPed>
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: rec.arts.sf.written,alt.cyberpunk
Subject: Re: Neal Stephenson's Cryptonomicon: Crypto Cop-Out
Date: Thu, 23 Sep 1999 05:19:28 GMT
> out of reach of government
You got that right!
> regulatory agencies like the FBI
I can understand this...
> and the IRS.
But the IRS is criminal!
You know, I got this far and already I can see we disagree.
What you assume is that the government has a right to
watch what I send over the internet. Do you see that I
disagree with this point entirely? Can you even
grasp the concept that I want my privacy even from the
feds? Or if you lived in Nazi Germany, would you have
said, "The Gestapo must be able to track down the bad guys,
no matter what attic they hide out in!"?
Help do you part in shutting down Project Echelon- always use
overwhelmingly strong encryption.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "ME" <[EMAIL PROTECTED]>
Subject: Re: Securing Executables
Date: Thu, 23 Sep 1999 14:32:04 +1000
oops - forget the patent details, Check
http://www.patents.ibm.com/details?pn=WO09833296A1
ME wrote in message ...
>A great desire, but not feasible in many high risk environments.
>If you have reasonable trust of the client workstation (ie rarely virus
>infected, or crashes) than you are probably ok for monderate risk
>environments
>See this patent for information on a system which goes beyond the features
>which you propose, but has been shown vulnerable to reverse engineering.
>
>If anyon has an opportunity to reverse engineer, or your binary is or may
be
>released outside a known/controlled environment, forget it.
>
>By the way - public key technology is shared security value. If the
>security value (the certifying key/certificate) can be replaced, your whole
>system is dead in the water, and capable of being misused without
detection.
>This is the main issue with the "NSAKEY/Micrsoft" hoohaa, and all other
>software-based security systems relying on public keys.
>
>Lyal
>Peter Johnson wrote in message <7sb75f$f49$[EMAIL PROTECTED]>...
>>I'm designing a client/server application that will run in real-time.
>>Assuming that the network traffic is secure by using strong encryption, a
>>good random number generator for packet sequencing, compression, etc. how
>do
>>I protect against an attack on the client executable?
>>
>>For example, if the attacker were running the executable in a debugger
>could
>>he breakpoint at the point in which the data is sent and then backtrack to
>>discover the plain text. Or simply search memory for the plain text (if
>>known) and work from there?
>>
>>I've thought of some solutions:
>>
>>1. Use something like SHA-1 to check the exe at load time for tampering.
>>2. Check with SHA-1 periodically as the client is running.
>>3. Can we check we're running inside a debugging environment and crash
out?
>>4. Compress and encrypt local data files
>>
>>What do you think?
>>
>>Peter Johnson
>>
>>
>>
>
>
------------------------------
Date: Thu, 23 Sep 1999 01:59:58 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Another bug RE: CryptAPI
Eric Lee Green wrote:
> Paul Koning wrote:
> > There's just one solution. You have to understand the fact that
> > NO Microsoft product has any security.
>
> I use FreeBSD as my desktop operating system, and our primary
> development environment at my place of employment is Linux (makes a
> darned cheap Unix software development workstation, and actually works
> better as a desktop nowdays than Solaris does, though Solaris still
> kicks rear as a server). Still, I would disagree withn your assertation
> that "no Microsoft product has any security". While that is true of
> Windows 9x, that is NOT true of a properly configured Windows NT system.
> NT would actually be a fairly secure OS if properly configured (but it
> is usually configured "wide open", sigh).
This is what Microsoft(tm) would like you to believe. But visit the
counterpane site and you'll find it jest ain't so.
>
>
> --
> Eric Lee Green http://members.tripod.com/e_l_green
> mail: [EMAIL PROTECTED]
> There Is No Conspiracy
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Thu, 23 Sep 1999 05:12:02 GMT
> > This is also indicative by the new
> > rule that law enforcement does not have to disclose how they got
> > the plain text. (They can illegally obtain it and never be held
> > accountable- have you thought that through yet? This is far more
> > dangerous than it appears- and they thought we would be throwing
> > a party right about now!)
>
> I quite agree. Do you have any pointers to this? It's news to me.
>
> > > The interesting question is whether the "technical review"
> > > will be allowed to end with the product failing to be approved
> > > (presumably because it is too secure, although that might not
> > > be the officially stated reason).
> >
> > Again, with the NDA, you and I will never know...
>
> Yes, but you're basing a lot on the assumption that there are
> NDAs, which I believe is not a correct assumption.
I read in several articles, Wired, WND, etc. that Reno stated
that she was confortable with the new arrangement, the new
strategy for allowing strong crypto on the market and the
articles went on to say that some of the benefits placed in
their favor were $80M over several years for the FBI to begin
developing cryptanalysis departments (which is nothing compared
to NSA's budget, so it is really questionable if this is a
real prize that helped them change their mind) and the fact
that the rules will change for them that they will not have
to disclose how they pulled the plain text out of the PC.
They said that this last point was beneficial for if they
could exploit a hole in the application in general, even if
the crypto was sound, that they could maintain the secret for
the next "case" and would not have to give up their cards
on one case alone.
Somewhere else I remember reading about how NDAs were going
to be used by the NSA and vendor to increase secrecy. This
part could be wrong. But I do remember reading it. NDAs are
not something I think about regularly. This strategy on the
part of NSA was introduced to me by something I read.
All I can say right now is go to Wired and WND to read what
they have on this subject.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ritter's paper
Date: Thu, 23 Sep 1999 07:49:14 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] () wrote:
>Once one has a way to specify truly different ciphers based on extra
>key bits, one could - by doubling the blocksize, and making the cipher
>used to encipher one half depend on the contents of the other half of
>the block - make the choice of cipher for a particular block data-
>dependent.
You can "change" the cipher on the fly in a data-dependent way without
doubling the ciphertext block. One minimalist example is data dependent
rotations. Another is this: Use the Luby-Rackoff construct, which uses
two hashes per round, and make the choice of hash data dependent.
Suppose you have a large number (say 2^16) of alternative hash
functions. Compute a 16 bit digest of the data block and use it as an
index to the hash function. If you use 4 round Luby-Rackoff you produce
in this way 2^128 alternative cipher functions depending not on the key
but on the data flow (and without increase the block size). If you CBC
then even a 1 bit difference in a block will change each subsequent
block encryption function for the entire message.
Of course it is not easy to build 2^16 hash functions. You can always
concatenate the indexed hash function to a fixed high quality hash
function. Or you can have a smaller number of hash functions and use
them in a more creative way. My GodSave algorithm uses 32 machine
produced hashes in this manner.
I do believe that "variability" is a valid method in cryptography. I
see an analogy in nature where a lot of attack and defense of data
structures takes place: the life forms that are most successful in
relation to their complexity are viruses that continuously evolve. In
this way they deny the attacker (from their perspective this is their
host's defenses) a clear fix on what they do.
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 03:55:16 GMT
On 23 Sep 1999 04:15:12 GMT, [EMAIL PROTECTED] (JPeschel) wrote:
>Yes, Dave claims that the chaining modes and "short key" ciphers
>are weak. It is, however, according to Dave, the NSA that can
>break these.
>
>Which ciphers have you broken?
>
>Joe
He's like Charles Booher, he thinks that all the crypto in the world, except
for his own personal system, has already been broken by the NSA.
Johnny Bravo
------------------------------
From: "Kem" <[EMAIL PROTECTED]>
Subject: RSA weak?
Date: Thu, 23 Sep 1999 12:27:08 +0200
Hello:
I am new on all this of crypt. and maybe I am going to say a crazy
afirmation. Please, confirm me this.....
RSA algorithm is based on the generation of a key thanks to two prime
number very high. Prime numbers has the cuality of been only divisible by
their and 1, but maybe two differents numbers (not prime) has the quality of
generate the same key, and maybe it is possible to take adventage of this
quality to break algorithm with "littles" changes....
I know I am say silly afirmation, but it is only an idea. What's your
opinion?
Thx.
P.D.: is there any good reference where RSA algorithm was explained with
"simples" words.
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Subject: SNAKE Web Page
Date: Thu, 23 Sep 1999 11:49:55 +0100
Hi,
SNAKE, my latest attempt at an authenticating key exchange
protocol now has a web page!
http://www.smdp.freeserve.co.uk/snake.html
Please send any comments, flames, attacks, etc... to me,
[EMAIL PROTECTED]
ttfn
PG. :-)
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Purdue's Large Number
Date: Thu, 23 Sep 1999 11:30:04 GMT
In article <7satdt$p2v$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dave Rusin) wrote:
> In article <7samo2$kv4$[EMAIL PROTECTED]>,
> John M. Gamble <[EMAIL PROTECTED]> wrote:
> >"The number Purdue needs to factor is
> >163790195580536623921741301545704495839
> >239656848327040249837817092396946863513
> >212041565096492260805419718247075557971
> >445689690738777729730388837174490306288
> >87379284041.
>
> Typo? Easily found factors of 3, 39341, 46591, 163245571
3^349 - 1 (this number) was finished a couple of years ago.
Factored means fully factored and not just finding a few small
factors.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: msg for Dave Scott
Date: Thu, 23 Sep 1999 11:40:31 GMT
In article <7sb2tg$15a2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Tommy I doubt on my 486 33mHz system with less than 30 megs of free space
> that I will even bother trying to break it. However give me half the budget of
> the NSA and have there computers with half there staff and I will give you the
> anwser next weak.
> Tommy there is a difference from seeing with information theory something
> is weak than there is breaking a system. The point is if you know it is weak
> and you can design something less weak you should knowing nothing else
> go for it. That is not to say that just becasue the test one runs on any
> method does not show a method to be weak. That the NSA may or may not
> be able to break either.
But I used a three letter weak chaining mode wit the short-block short-keyed
AES (and pre-aes) ciphers. Isn't that weak? I thought anyone could break
it. Hmm oh well.
> I am not sure you are a kid. Maybe your just a phony alter name for one
> of the other people who post here. Secondly what langae is it in. At this
> point in time I am only using DGJPP GNU C.
What it gets hard and you doubt my credibility...For the facts I was born
April 7th 1982 (freedom of information in canada will tell you that). It's
for win32 (hence it's a win32 program). The binary is only 36kb so it will
fit on your 40mb hd (fits on floppies well).
I am trying to make a point here, I hope you understand (I am serious at this
point).
Tom,
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: International crypto restrictions
Date: Thu, 23 Sep 1999 12:33:51 GMT
In article <[EMAIL PROTECTED]>, Eric
Lee Green <[EMAIL PROTECTED]> wrote:
>Scott Hardy wrote:
>> I was then informed that Blowfish was only allowed
>> to be exported from the US with a 32-bit, rather
>> than 40-bit key, presumably because of its
>> behaviour along these lines. So, my question is
>> this: since I can code it outside of the US, is
>> this a viable idea, or are there many other
>> countries which limit algorithms based on subkey
>> generation time?
>
>If you are a U.S. citizen then U.S. export law applies to you whether
>you are inside the country or outside of it, and "export" means that the
>program ends up overseas. That is, if you are a U.S. citizen and write
>the program while physically located outside the country, you are
>considered to have exported it (illegally, since you don't have an
>export license presumably!).
I think that this has yet to be proven in a court of law.
I know Clinton's people think they can define words like "is"
and "alone" but this is really streching the defination of EXPORT.
Next thing you know maybe some nice whore I fucked 30 years ago
produced a kids that writes crypto similare to what I did so they
could nail me for violating the export crypto law.
>
>If you are not a U.S. citizen, you will have to obey a) the laws of
>whatever host country you are located in, and b) the laws of your own
>home country.
>
You make it sound like there is no conflict. Since you wrote
"and" it is more than possible the 2 sets of laws conflict.
Like what side of the sreet you drive on. Or do you arbitrary
get to decide which lwas are in force.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
