Cryptography-Digest Digest #314, Volume #10 Sat, 25 Sep 99 14:13:04 EDT
Contents:
Re: RSA 640 bits keys factored, French banking smart card system ("Richard Parker")
Re: RSA 640 bits keys factored, French banking smart card system craked!
([EMAIL PROTECTED])
Steptoe & Johnson law firm sued for computer hacking (Anonymous)
Re: RSA 640 bits keys factored, French banking smart card system craked! (Johnny
Bravo)
Re: Steptoe & Johnson law firm sued for computer hacking ("Roger Schlafly")
Brute forcing salt instead of storing it (Was: Increasing password ("Thomas J.
Boschloo")
SNAKE: Venomous Examples (Peter Gunn)
Re: low diffie-hellman exponent (Tom St Denis)
Re: XTEA Keys (Tom St Denis)
Re: Schrodinger's Cat and *really* good compression ("H. Ellenberger")
Re: Another bug RE: CryptAPI (Greg)
steganography ("marta")
Re: RSA 640 bits keys factored, French banking smart card system craked! ("Dmitriy
Morozov")
Re: Proving cipher strength (Scott Nelson)
----------------------------------------------------------------------------
From: "Richard Parker" <[EMAIL PROTECTED]>
Subject: Re: RSA 640 bits keys factored, French banking smart card system
Date: Sat, 25 Sep 1999 03:32:09 GMT
David A Molnar <[EMAIL PROTECTED]> wrote:
> Actually, if you want to recommend books, I really really like the already
> mentioned "Algorithmic Number Theory : Volume 1 Efficient Algorithms" by
> Bach and Shallit. Applied Crypto is nice, but it does not cover this topic
> in much detail, besides giving enough to let you know that probabilistic
> prime generation will work.
Pardon me for saying "me too" but I also highly recommend Bach and
Shallit's "Algorithmic Number Theory." It is a really great reference
and its bibliography is superb. For those interested in applying
number theory to cryptography I would also recommend "A Course in
Number Theory and Cryptography" by Neal Koblitz. For those interested
in learning number theory itself, I suggest Wright and Hardy's "An
Introduction to the Theory of Numbers."
-Richard
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Crossposted-To: alt.security.pgp
Date: 24 Sep 1999 23:53:03 -0400
In sci.crypt David A Molnar <[EMAIL PROTECTED]> wrote:
> In sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>> First the prime number theorem is pi(x) = x / ln x, and it has not been
>> proven, that's why it's a theorem. It just happends to be a very good
>> estimate.
> Nitpick 1 : theorems are statements of the form "if X, then Y" which can
> be proved. So saying that "it has not been proven, that's why it's a
> theorem" is *very* confusing.
If pi(x) is the number of primes less than or equal to x, then
LIM[pi(x)/(x/ln(x)):as x-->infinity]=1
------------------------------
Date: Sat, 25 Sep 1999 03:06:19 +0200 (CEST)
From: Anonymous <Use-Author-Address-Header@[127.1]>
Subject: Steptoe & Johnson law firm sued for computer hacking
Prestigious Washington, D.C. law firm Steptoe & Johnson LLP sued for computer hacking.
For the Washington Post story on the case, go to:
http://search.washingtonpost.com/wp-srv/WPlate/1999-09/20/018l-092099-idx.html
UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
PLAINTIFF:
MOORE PUBLISHING CO. INC. CASE NUMBER: 1:99CV02410
4001 Kennett Pike JUDGE: Thomas Penfield Jackson
Wilmington Delaware 19807 DECK TYPE: Civil General
DATE STAMP: 09/13/1999
v.
DEFENDANTS:
STEPTOE & JOHNSON LLP
1330 Connecticut Ave N.W.
Washington D.C. 20036
JOHN DOE NUMBER 1 & JOHN DOE NUMBER 2
=================================================================
COMPLAINT
(Computer Hacking-18 U.S.C. 2701 et seq,; Civil Conspiracy- Violation of 18 U.S.C.
1030)
PARTIES
3. Plaintiff Moore Publishing Co. Inc. is a Delaware Corporation engaged in
information brokerage.
4. Defendant Steptoe & Johnson LLP is a law firm in the District of Columbia.
FACTS
6. On August 4, 1999 defendants John Doe Number 1 and Steptoe & Johnson LLP, acting
individually and by and through its agent, servant and/or employee John Doe Number 1
in the course and scope of his employment, knowingly, intentionally, and willfully
hacked an Internet domain owned by plaintiff on at least eight separate occasions.
7. The hacking of plaintiff's internet domain was performed by defendants Steptoe &
Johnson LLP and John Doe Number 1 through an Internet server owned by and operated by
defendant Steptoe & Johnson LLP in the District of Columbia.
COUNT 1
(Computer Hacking- 18 U.S.C. 1701 et seq.)
8. Plaintiff hereby repleads and incorporates each and every allegation set forth
above, and further states as follows:
9. The internet domain referenced above was a facility through which and electron
communication service is provided.
10. The hacking of plaintiff's Internet domain referenced above intentionally exceeded
authorization to that facility and thereby obtained, altered, and/or prevented access
to wire or electronic communication while it was in storage in that Internet domain.
11. The hacking of plaintiff's internet domain referenced above was done by defendants
Steptoe & Johnson LLP and John Doe Number 1 in conjunction with and/or on behalf of
defendant John Doe Number 2.
Wherefore, plaintiff demands judgment of and against defendants, jointly and
severally, in the full sum of $80,000 in compensatory damages, $8,000 in statutory
damages under 18 U.S.C 2707�; $800,000 in punitive damages; attorneys' fees and costs
pursuant to 18 U.S.C. 2707(b)(3) and 2707(c); besides costs under Fed. R Civ. P. 54
and 28 U.S.C. 1920.
COUNT 2
(Civil Conspiracy- Violation of 18 U.S.C. 1030)
12. Plaintiff hereby repleads and incorporates each and every allegation set forth
above, and further states as follows:
13. Plaintiff is a contractor to state and federal law enforcement agencies and has
protected and confidential law enforcement information contained in the memory of its
computers.
14. Defendants John Doe Number 1 and Steptoe & Johnson LLP, acting individually and by
and through its agent, servant and/or employee John Doe Number 1 in the course and
scope of his employment, combined, agreed and conspired with defendant John Doe Number
2 to violate 18 U.S.C. 1030 and cause injury to plaintiff pursuant to and in
furtherance of their common scheme.
Wherefore, plaintiff demands judgment of and against defendants, jointly and sevrally,
in the full sum of $80,000 in compensatory damages; $800,000 in punitive damages;
besides costs under Fed. R. Civ. 54 and 28 U.S.C. 1920.
JURY DEMAND
Plaintiff hereby demands a jury as to all issues triable herein.
Respectfully Submitted,
Rodney R Sweetland III
1655 N Ft. Myer Dr. Suite 700
Arlington , VA 22209
(703) 351-5288
(703) 351-5284 (facsimile)
D.C. Bar No. 430586
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Sat, 25 Sep 1999 02:09:08 GMT
On 25 Sep 1999 02:48:01 GMT, David A Molnar <[EMAIL PROTECTED]> wrote:
>(does anyone have pointers to an online, introductory-level treatment of
>prime number theorems and densities? course notes, maybe?)
http://www.utm.edu/research/primes/howmany.shtml
Johnny Bravo
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Steptoe & Johnson law firm sued for computer hacking
Date: Sat, 25 Sep 1999 00:46:58 -0700
Anonymous <Use-Author-Address-Header@[127.1]> wrote in message
news:[EMAIL PROTECTED]...
> 10. The hacking of plaintiff's Internet domain referenced above
intentionally exceeded authorization to that facility and thereby obtained,
altered, and/or prevented access to wire or electronic communication while
it was in storage in that Internet domain.
This sounds lame to me. What did the defendant do, type in a URL?
What was the authorization, some fine print that no one reads?
What is wrong with an employee at Steptoe & Johnson poking
around a site named steptoejohnson.com?
Ought to be dismissed.
This appears to have been posted by the plaintiff. It doesn't belong on
sci.crypt.
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp
Subject: Brute forcing salt instead of storing it (Was: Increasing password
Date: Sat, 25 Sep 1999 12:41:41 +0200
Dave Howe wrote:
>
> >Like when you take my 800 bit RSA key with a strength of 80 bits, the
> >pass phrase adds 60 bits of entropy while the random part adds the other
> >20 bits. Brute forcing this should be possible on most current day
> >processors within a few seconds (like in no more than a 5 second wait on
> >a AMD K7 650Mhz).
> /me rofls, and seriously hopes this is a windup.
I am having trouble expressing myself lately :-( I meant that you could
brute force the *20 bit*, random, _not_stored_anywhere_ 'salt' of your
key after the user enters his pass phrase. This instead of storing the
salt in the password file on Unix (but I wasn't talking about unix, I
was talking about the pass phrase protecting you secret pgp key..
confusing).
I think this idea of mine is the only way to go since computers keep
getting faster and faster, making attacks on your secret keyring ever
more easier. If I look far in the future, I would hate to remember a
pass phrase with 192 bits of entropy (I guess 128 bits will be brute
forcible in 200 years, I am no scientist however).
I think it is a good thing to put it in the data structures of new
crypto products. Like:
[header denoting conventionally encrypted text]
[length of used salt in bits]
[cyphertext]
[hash of pass phrase with added 'salt']
[plain text]
[cyphertext]
Or maybe you could just skip the first headers altogether, forcing the
product to brute force all possible 'salts' up to the key length of the
encryption (well, this would make it impossible to tell if a pass phrase
was incorrect). This might proof useful for stegano.
Or maybe something in between, like encrypting the length of the salt
with the pass phrase (modulo the key length of the used cypher). And
using that do decrypt a normal cyphertext (with the salted pass phrase).
And ideas/suggestions?
Thomas
BTW: [The idea of storing the salt is just 'lame' I think. I would just
concatenate the username with the password if I had written Unix. That
also allows the system administrator to see if a user used the same
password twice on two systems, and warn the user.]
--
AMD K7 Athlon 650 Mhz! <http://www.bigbrotherinside.com/#help>
PGP key: http://x11.dejanews.com/getdoc.xp?AN=453727376
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: Peter Gunn <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: SNAKE: Venomous Examples
Date: Sat, 25 Sep 1999 13:57:42 +0100
Ive been busy coding up a reference implementation
of SNAKE http://www.smdp.freeserve.co.uk/snake.html
Its not out yet (generating the prime tables right now),
but it should be ready at some point towards the end of
next week. Im planning the usual minimal C library :)
but, I was thinking about providing an example or two,
and Ive come up with the following which I thought
would make things a little more interesting...
1) RATTLER... an 'inside out' port redirector,
comes in two parts...
First the comms circuit is established over a single
configurable TCP/IP socket...
[A]--------------->[B]
Then [B] becomes a server accepting connections and
routing them over the secure channel to [A] which then
DEMUXs them and creates new connections.
<--- <---
<---[A]================[B]<---
<--- <---
This is a basic port forwarder.
2) MAMBA... a port redirector which tunnels TCP/IP
connections over HTTP, and through proxies (even
those with weak authentication).
<--- <--------------- <---
<---[A]<-----HTTP------[B]<---
<--- <--------------- <---
So, with RATTLER it is possible for a user (or
administrator :-) to allow access to selected outside
hosts secure access to internal services (telnet,
POP3, etc) even though there is a firewall blocking
incoming connections.
MAMBA allows applications inside a (possibly proxied)
firewall to communicate securely with a remote server
(for instance, allowing someone in the office to access
their POP3 server at home ;-)
Using RATTLER and MAMBA at the same time will allow
an outside user to access services inside a firewall
even though the firewall only allows (weak) authenicated
proxied outgoing HTTP connections.
Now, as far as Im concerned if you dont leave your
door unlocked you should expect someone to walk in :-)
so I dont have a moral problem with releasing a
couple of progs which would allow malicious users
and trojans to bypass 95+% of corporate firewalls,
since it doesnt bypass security as there is no
security there.
The coding is all done except the SNAKE integration.
Does anyone have strong views on this matter? or ideas
of other novel SNAKE examples?
ttfn
PG.
PS Im generating a 512bit prime table right now, but
I dont really have access to the CPU power required
for 1024+bit tables... any volunteers?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: low diffie-hellman exponent
Date: Sat, 25 Sep 1999 11:12:34 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> An OPS is short for an operation. This could be an instruction execution. It
> could be an encrypt/decrypt action.
>
> And machines vary, so some instructions/encryptions run faster on some machines
> that others, for example if you have an arithmetic coprocessor.
>
> It is GNFS version to solve DLP. The solving the matrix step is harder than
> with IFP, so DLP is considered harder than IFP, but close enough to consider
> them the same for most estimates.
So my choice of dh was a good idea? Do you know of any online resources
(postscript filest etc...) actually I have a paperr called
discrete logratihms in finite fields and their cryptographic significance
so I will print it off and read it a few times :)
Thanks for the info. Good luck with the P1363 elections :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: XTEA Keys
Date: Sat, 25 Sep 1999 11:09:31 GMT
In article <01bf069a$699054a0$0164640a@server>,
"Gary Partis" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> In TEA/XTEA, if the 128bit key has the top 8 bits set to zero, does this
> lessen the security of the algorithm?
In theory you have only made it 256 times easier to solve. Personally I
would AT LEAST fill it with a salt of some sort. To avoid keeping it at
zero,
Why would you do that anyways?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "H. Ellenberger" <[EMAIL PROTECTED]>
Subject: Re: Schrodinger's Cat and *really* good compression
Date: Sat, 25 Sep 1999 17:17:03 +0200
Erwin Bolwidt wrote:
> "Douglas A. Gwyn" wrote:
>
> > [EMAIL PROTECTED] wrote:
> > > And here we come to Schrodinger's cat. One of the interpretations of
> > > quantum mechanics held that a superposed quantum state did not resolve
> > > itself into one state until it was exposed to the gaze of a *human
> > > observer*.
> I guess what I'm wondering is, does nature take into account the
> peculiarities of human consciousness; if you've seen something, spoke to me,
> but didn't tell me what you saw, is that something still undefined to me, or
> is it defined to me because we exchanged photons and my quantum state has
> merged with yours?
It might be useful to consider that the theory of quantum
mechanics is
constructed in such a way that for a sufficiently large
number of particles
involved, quantum physics converges to non quantum
(classical) physics.
Life of a cat (or knowledge of an idea in a human brain)
depends on a
sufficiently big number of particles to force quantum
effects to converge (aka
the wave function _must_ have collapsed to produce the
result).
HE
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Another bug RE: CryptAPI
Date: Sat, 25 Sep 1999 16:34:31 GMT
In article
<[EMAIL PROTECTED]>,
Eric Lee Green <[EMAIL PROTECTED]> wrote:
> Greg wrote:
> > I am looking into Linux this fall to replace my NT on my desktop.
> > I have simply had it up to here... no, up to here... no, go higher
> > up to here... no, no no, you are not high enough... :)
> Linux can certainly be secured to the level of NT (and beyond), but be
> careful. The typical Linux distribution is shipped "wide open".
Absolute
> security does not appear to be a priority in LinuxLand, certainly not
to
> the extent that OpenBSD took the concept. You will have to download a
> variety of cryptographic components in order to properly secure Linux,
> and there's so much junk on the typical Linux CD-ROM (1200M with
> Mandrake 6.1!) that even then it's easy to miss something that opens
> your system wide open.
Perhaps I am wrong, but I never said it was more secure out of
the box. I have the clear understanding that any OS is complex
and needs to be configured correctly. My point is that it is
open to thousands who have no interest in MS stock. That in
itself raises the level of trust by magnitudes. MS's NSAkey
only pronouces this difference further.
correctly.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "marta" <[EMAIL PROTECTED]>
Subject: steganography
Date: Sun, 26 Sep 1999 18:48:21 +0200
hi,
i'm looking for articles about steganography.
please mail me links on this e-mail
[EMAIL PROTECTED]
thanks!
------------------------------
From: "Dmitriy Morozov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: RSA 640 bits keys factored, French banking smart card system craked!
Date: Sat, 25 Sep 1999 13:06:20 -0400
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Dmitriy Morozov wrote:
> > > First the prime number theorem is pi(x) = x / ln x, and it has not
been
> > > proven, that's why it's a theorem. It just happends to be a very good
> > > estimate.
> > If it was not proved wouldn't it be called a hypothesis?
>
> A correct statement of the prime-number theorem (which is *not*
> a hypothesis; it has been rigorously proved) includes strict
[snip]
> of their validity nor of their guaranteed degree of accuracy.
I more or less know this stuff... I was just trying to show in a nice way
that what the original poster said (not proven - theorem) was nonsense... am
I wrong?
--
Dmitriy Morozov
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Proving cipher strength
Reply-To: [EMAIL PROTECTED]
Date: Sat, 25 Sep 1999 17:12:06 GMT
On Fri, 24 Sep 1999 19:43:38 +0100, Toby Kelsey
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes
[snip]
>
>I wonder if the usual assumption that cipher strength can only be
>disproven, and not proven, is actually valid.
>Suppose we try a mathematical approach:
>
> (a) Choose a model for computation (e.g. a Turing machine) with
> weights for each operation representing time/effort.
>
> (b) Select our trial cipher, which can take variable-length keys.
>
> (c) Show, using an exhaustive search of possible faster programs,
> that for a trivial key-length (e.g. 8 bits), brute-force search of
> the key-space is the most efficient method of breaking the cipher.
[snip]
This is a tough step. The number of N state, two symbol
Turing machines is: (2N+2)^2N Just listing all the possible
8 state machines would be a monumental task. With 32 states,
the task is harder than brute forcing a 256 bit key.
Still, I think there's something here. The One Time Pad has
provable strength. A substitution cipher with a complete
code book should be provably strong in the same way. I.e.
there is no better way to attack it than the Code Book attack.
If the block size of a such a cipher is large enough to insure
that no blocks ever repeat, then it would also be secure.
(And even less practical than the OTP)
If there was a way to show that the best possible description
of an algorithm was a random table of at least size N, then
at least we could make a positive statement about the strength
of the algorithm.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
