Cryptography-Digest Digest #355, Volume #10 Sun, 3 Oct 99 03:13:04 EDT
Contents:
Re: crypto export rules changing (wtshaw)
Re: Bit commitment via hash and coin flipping (Peter Pearson)
Re: Compression Encryption & Plain Text Attacks (wtshaw)
Re: radioactive random number generator (Scott Nelson)
Re: EAR Relaxed? Really? ("Rick Braddam")
Re: on linear keyspaces (wtshaw)
Re: New Export Regulations ("Rick Braddam")
Re: Compression Encryption & Plain Text Attacks (SCOTT19U.ZIP_GUY)
Re: Are small block sizes less secure? (Tom St Denis)
help breaking this cipher ([EMAIL PROTECTED])
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Re: Factoring public keys attack? ("Trevor Jackson, III")
Re: Factoring public keys attack? ([EMAIL PROTECTED])
Re: Factoring public keys attack? (Matt Gibson)
Re: radioactive random number generator (Johnny Bravo)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: crypto export rules changing
Date: Sat, 02 Oct 1999 19:35:33 -0600
In article <[EMAIL PROTECTED]>, Jim Dunnett wrote:
> On Fri, 01 Oct 1999 20:10:56 GMT, Greg <[EMAIL PROTECTED]> wrote:
>
> > I want to build a reputation of nothing to hide myself.
>
> Then why are you using crypto? :o)
>
Must be a nudist who uses crypto.
--
Sometimes a small mistake can lead to fortunate reward.
Charlie Chan
------------------------------
From: Peter Pearson <[EMAIL PROTECTED]>
Subject: Re: Bit commitment via hash and coin flipping
Date: Sat, 02 Oct 1999 16:43:21 -0700
[EMAIL PROTECTED] wrote:
>
> I am referring here to pages 87 and 88 of AC (2nd edition).
>
> Basically, why wouldn't this work instead:
>
> (1) Alice generates on random-bit string R.
> (2) Alice creates a message of (R,b)
> (3) Alice computes and sends/publishes H(R,b).
> To confirm:
> (4) Alice sends/publishes (R,b).
> (5) Bob computes H(R,b) and compares it to the original message.
I don't see why that's not just as good as the protocol in AC.
(Come on, gang! Anybody else see a problem with it?)
After all, Alice is committed to produce a preimage
of H(R,b); and if she can find two different preimages, she has
broken H.
> [snip]
> ... How much work is involved
> to find a (R',b') such that H(R',b')[32 bits]==H(R,b)[32 bits] in
> terms of time on a PC?
To find a collision of 32-bit quantities requires on the order
of 2^17 hash-value computations, which is not much work.
- Peter
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Compression Encryption & Plain Text Attacks
Date: Sat, 02 Oct 1999 19:56:09 -0600
In article <7t60fs$2840$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote lots.
I find that many of the methods that advocate to make encryption more
effective, *stronger*, result in marginal improvements. Surely, we want
to make analysis less coonvenient, but why hit the guy in the knee when
you should be going for some more critical disadvantage to send him
running away.
I implore all who want to see really strong crypto, while we play with
lesser issues, to study the advantages of inductive algorithms such as the
GVA. Characteristic is that the oponents never can accumulate sufficient
information to realistically solve for an adequate keylength key, but get
lead down a primrose path to disaster dataville when the wish to try to.
--
Sometimes a small mistake can lead to fortunate reward.
Charlie Chan
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Reply-To: [EMAIL PROTECTED]
Date: Sun, 03 Oct 1999 01:07:02 GMT
On 2 Oct 1999 17:49:29 -0400, [EMAIL PROTECTED] (Jeff Brandenburg)
wrote:
>In article <gYsJ3.4513$[EMAIL PROTECTED]>,
>Dave VanHorn <[EMAIL PROTECTED]> wrote:
>>
>>Ross <[EMAIL PROTECTED]> wrote in message
>>news:[EMAIL PROTECTED]...
>>> Some time ago, Mike Rosen put a paper on his web page which describes
>>> in fair detail how to use the radioactive source from a commercial
>>> smoke detector to generate true random numbers. Seemed a great
>>> constructional project to me - I wish an electronics hobby magazine
>>> would put it out in kit form. Mike's description is fairly detailed,
>>> but if a non-engineer wants to construct it, more details are
>>> required. Also, I wondered if different constructors would obtain
>>> different number distributions, due to variation in dimensions of the
>>> housing and other such parameters.
>>
>>This is an idea I put forth in circuit Cellar discussions years ago.
>>Everyone freaked out over using radioactives, even though it's only alpha
>>particles that can be stopped by paper.
>
>So why bother using them, when thermal noise is everywhere? Granted,
>the distinct thud of a charged particle has more drama than the muted
>hiss of a resistor, but aren't they both equally random in the end?
>
As far as I can see, the only reason to construct such a hardware
random number generator is the coolness factor. Sure, anybody
can make a noise source with just a resistor and a capacitor,
but it takes a real engineer to use a dangerous radioactive source.
You could do it in a ridiculously hard way, but then you'd
have to compete with things like http://lavarand.sgi.com/
and http://www.fourmilab.ch/hotbits/
http://www.cs.berkeley.edu/~daw/rnd/index.html
has a number of links to hardware RNG's, including;
http://www.cs.berkeley.edu/~daw/rnd/smoke-alarm
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Sat, 2 Oct 1999 20:04:19 -0500
Alan Mackenzie <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> karl malbrain <[EMAIL PROTECTED]> wrote:
>
> > The jargon comes from usage of MARTOVIAN VOCABULARY. Look it up.
>
> "Martovian" isn't in my dictionary. But I would like to suggest to you
> again that you cease using such jargon and converse with the rest of us
> in normal English.
>
I searched the web for "Martovian" using MSN Search, Alta Vista, Excite, Lycos, and
Yahoo, and got no results found from each. Looks
like Martovian is not in several dictionaries.
Rick
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: on linear keyspaces
Date: Sat, 02 Oct 1999 19:31:56 -0600
In article <7t4spo$kgn$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
>
> I'm afraid you don't have an option. In a AES cipher for example you have a
> 1 in 65,536 of getting an ascii block out from a trial decryption. A smart
> brute force (is that a contradiction?) would look for structure grammar on
> each decryption (or maybe just vocab...). This takes linearly more time, not
> exponential. So you will have to search with an effort of x(2^n).
>
I don't want ot sound like repeatitive and like I'm not listening, as I
am, but ciphers do exist which are very difficult to solve comparatively.
It is there nature that a key for solving a single block is very easy to
put together, but as to more, well, you will find that the trial key is
bad. A huge keyspace is involved, blocklike structures are in varable
lengths, yet, the algorithm is almost transparent as it is simple. I
discovered the generic principle almost exactly five years ago.
--
Still a good idea from Einstein: If you can't explain something clearly to a child,
you do not understand it well enough.
So much for models of trust, they generally are ill-founded.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: New Export Regulations
Date: Sat, 2 Oct 1999 21:12:30 -0500
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Rick Braddam wrote:
> > Looks to me like CSPs for use with CAPI under Windows just went > open-source. Now
>it is not necessary to submit CSPs to NSA for
> > review, or send them to MS to have them signed. At least, not if
> > you are not in the US. You can write your own, sign them yourself,
> > and use them.
>
> How, pray tell, do you do that without possessing one of the two
> private keys?
Check out http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html and the related
linked pages.
Generally, you would:
Write your own Cryptographic Service Provider (CSP), and sign it with your own private
key.
Replace the _NSAKey public key in Windows with your public key.
When Windows tries to load your CSP DLL, your DLL will fail authentication using MS's
_Key public key. ADVAPI32.DLL will fall
through to the secondary authentication routine call and will authenticate your CSP
using the secondary key.
Naturally, it isn't as easy as described above, but that should cover the essentials.
Cryptonym offers the source code for a
demonstration program which replaces the _NSAKey with a test key, and another which
verifies the operation of the replacement. The
binaries can be downloaded (WinNT & 2K only) from the page referenced above, the
source requires a non-disclosure agreement.
Look at the Cryptonym pages and decide for yourselves.
Rick
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Compression Encryption & Plain Text Attacks
Date: Sun, 03 Oct 1999 03:25:10 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(wtshaw) wrote:
>In article <7t60fs$2840$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote lots.
>
>I find that many of the methods that advocate to make encryption more
>effective, *stronger*, result in marginal improvements. Surely, we want
>to make analysis less coonvenient, but why hit the guy in the knee when
>you should be going for some more critical disadvantage to send him
>running away.
>
>I implore all who want to see really strong crypto, while we play with
>lesser issues, to study the advantages of inductive algorithms such as the
>GVA. Characteristic is that the oponents never can accumulate sufficient
>information to realistically solve for an adequate keylength key, but get
>lead down a primrose path to disaster dataville when the wish to try to.
I have to admit I have not looked deeply into you GVA method. But I think
it was based on a limited character set. I sometimes get carried away in
my responses and I know you are a fellow texan. But what about a mixture.
You can compress you message with my method encrypt with the AES
method of your choice. Then use my one to one conditional uncompression
to put that result into the character set you like. Then using your GVA to
further encrypt it. I know thats a lot of work but thats the kind of work
computers can do.
Would this form of encryption make you feel happy?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Are small block sizes less secure?
Date: Sun, 03 Oct 1999 03:06:38 GMT
In article <7t4ubn$ifc$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo)
>wrote:
> >On Sat, 02 Oct 1999 01:52:17 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
> >wrote:
> >
> >> You clipped the text but that is ok. If you want proof which I doubt you
> >>do. You and your asshole friends can make up a contest that is like
> >>my scott19u contest and I will solve it for you. But do you have the brains
> >>to make such a contest.
> >> I doubt it. Your are talk and no action.
> >>
> >>David A. Scott
> >
> > In other words you have no such proof, your entire argument consists of
> >unsubstantiated statements and insults. No wonder people don't take you
> >seriously. You made the claim, back it up if you can.
> >
> > Johnny Bravo
> >
>
> No in other words I can prove mine stronger by example at least in this
> areaa but obviously your todumb to understand or even create an example.
You know what the funny part is? The block size in Scottu19 is the smallest I
have seen yet. Even DES has a larger block size...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: help breaking this cipher
Date: Sun, 03 Oct 1999 03:29:30 GMT
I have the ciphertext that I would like to break.
Basically, I would like to reverse engineer the algorithm.
I post (below the dashed line) the data that might be of help.
Given that data can you tell me the following:
1.For this plaintext :8372036303776544
and this encryption key:97414
What is the ciphertext?
2.For this ciphertext: krojqkjonmlsnkrk
the key is the same as above
What is the plaintext?
If you need more data then please let me know.
If you think you know how this algorithm works please let me know.
Here is some data:
==============================================================
Plain Text Key CipherText
0000000000000000 97414 ijkgkijkgkijkgki 0000000000000000
1111111111111111 97414 jklhljklhljklhlj 1111111111111111
2222222222222222 97414 klmimklmimklmimk 2222222222222222
3333333333333333 97414 lmnjnlmnjnlmnjnl 3333333333333333
4444444444444444 97414 mnokomnokomnokom 4444444444444444
5555555555555555 97414 noplpnoplpnoplpn 5555555555555555
6666666666666666 97414 opqmqopqmqopqmqo 6666666666666666
7777777777777777 97414 pqrnrpqrnrpqrnrp 7777777777777777
8888888888888888 97414 qrsosqrsosqrsosq 8888888888888888
9999999999999999 97414 rstptrstptrstptr 9999999999999999
0000000011111111 97414 ijkgkijkhljklhlj 0000000011111111
1111111122222222 97414 jklhljklimklmimk 1111111122222222
2222222233333333 97414 klmimklmjnlmnjnl 2222222233333333
3333333344444444 97414 lmnjnlmnkomnokom 3333333344444444
4444444455555555 97414 mnokomnolpnoplpn 4444444455555555
5555555566666666 97414 noplpnopmqopqmqo 5555555566666666
6666666677777777 97414 opqmqopqnrpqrnrp 6666666677777777
7777777788888888 97414 pqrnrpqrosqrsosq 7777777788888888
8888888899999999 97414 qrsosqrsptrstptr 8888888899999999
9999999900000000 97414 rstptrstgkijkgki 9999999900000000
0123456789012345 97414 ikmjonprotikmjon 0123456789012345
0111111111111111 97414 iklhljklhljklhlj 0111111111111111
1011111111111111 97414 jjlhljklhljklhlj 1011111111111111
1101111111111111 97414 jkkhljklhljklhlj 1101111111111111
1110111111111111 97414 jklgljklhljklhlj 1110111111111111
1111011111111111 97414 jklhkjklhljklhlj 1111011111111111
1111101111111111 97414 jklhliklhljklhlj 1111101111111111
1111110111111111 97414 jklhljjlhljklhlj 1111110111111111
1111111011111111 97414 jklhljkkhljklhlj 1111111011111111
1111111101111111 97414 jklhljklgljklhlj 1111111101111111
1111111110111111 97414 jklhljklhkjklhlj 1111111110111111
1111111111011111 97414 jklhljklhliklhlj 1111111111011111
1111111111101111 97414 jklhljklhljjlhlj 1111111111101111
1111111111110111 97414 jklhljklhljkkhlj 1111111111110111
1111111111111011 97414 jklhljklhljklglj 1111111111111011
1111111111111101 97414 jklhljklhljklhkj 1111111111111101
1111111111111110 97414 jklhljklhljklhli 1111111111111110
0000000000000000 83616 hgcgmhgcgmhgcgmh
0000000000000000 91672 iedciiedciiedcii
0000000000000000 99729 aadejbbbeffcccfb
0000000000000000 75017 ghghdghghdghghdg
0000000000000000 83073 hfhcjhfhcjhfhcjh
0000000000000000 92758 ifdleifdleifdlei
0000000000000000 100814 aaefhgbbfgdhccgc
0000000000000000 76103 gihfjgihfjgihfjg
0000000000000000 84159 hghlfhghlfhghlfh
0000000000000000 92215 ieiglieiglieigli
0000000000000000 100271 aadkddbbel`eccfh
0000000000000000 75560 giblggiblggiblgg
--
Alex Bykov [EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 3 Oct 1999 05:00:38 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
Date: Sun, 03 Oct 1999 02:12:53 -0400
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Factoring public keys attack?
UBCHI2 wrote:
> Instead of trying to factor a prime based public key after somebody has used
> it, why not have a lookup table of all the keys. It is quicker to create the
> keys than to factor a key. So just do the following:
>
> 1) 10-20 Years ago, you started your massively parallel computers creating all
> possible prime based keys for 128, 512, 1024 and 2048 bit keys. You made the
> keys so you also know the primes. Don't do any factoring at all.
>
> 2) Now just use a lookup table of the all keys you created to determine the
> two primes that an encryptor is using. This is sort of like the "Find" file
> command in windows. This eliminates the need for factoring. It also takes
> advantage of the fact that creating keys is quick and can be done in advance.
>
> Why do people think that factoring cryptanalysis will only start once a key is
> used? The government could have just been making keys for the past 20 years to
> put on its lookup table. Then if you use one of the keys of the standard
> lengths, they already know the primes. Wouldn't this work against the public
> key system?
It's easier to factor a particular number than it is to multiply together all
possible numbers. If you are only looking to handle 512-bit keys, which we know
can be found by factoring, you'd need to calculate and store about 2^248 256-bit
prime factors and the products of all of the possible pairs of those factors.
Just generating the factors is impossible, Generating the pair of factors, keys,
can't even get started. You can't even COUNT that high much less perform that
number of primality tests.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Factoring public keys attack?
Date: 3 Oct 1999 02:17:51 -0400
UBCHI2 <[EMAIL PROTECTED]> wrote:
> Instead of trying to factor a prime based public key after somebody has used
> it, why not have a lookup table of all the keys. It is quicker to create the
> keys than to factor a key. So just do the following:
> 1) 10-20 Years ago, you started your massively parallel computers creating all
> possible prime based keys for 128, 512, 1024 and 2048 bit keys. You made the
> keys so you also know the primes. Don't do any factoring at all.
and if every atom throughout the galaxy were actually a mass media storage
device ... after you fill all them with data, where will you store the
rest (the majority)?
------------------------------
From: [EMAIL PROTECTED] (Matt Gibson)
Subject: Re: Factoring public keys attack?
Date: Sun, 3 Oct 1999 07:35:56 +0100
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
> > 1) 10-20 Years ago, you started your massively parallel computers creating all
> > possible prime based keys for 128, 512, 1024 and 2048 bit keys. You made the
> > keys so you also know the primes. Don't do any factoring at all.
>
> and if every atom throughout the galaxy were actually a mass media storage
> device ... after you fill all them with data, where will you store the
> rest (the majority)?
In the same place a good chess computer would store all of its possible
moves, of course.
M "I believe it's called 'Cloud Cuckoo Land'" G
--
"It's the gaps between the rain that count,
and learning how to live amongst them"
-- Jeff Noon, _Pixel Juice_
Matt Gibson http://www.gothick.dial.pipex.com
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Sun, 03 Oct 1999 00:11:30 GMT
On Sun, 03 Oct 1999 01:07:02 GMT, [EMAIL PROTECTED] (Scott Nelson) wrote:
>As far as I can see, the only reason to construct such a hardware
>random number generator is the coolness factor. Sure, anybody
>can make a noise source with just a resistor and a capacitor,
>but it takes a real engineer to use a dangerous radioactive source.
There is nothing dangerous about Alpha rays, they can't even penetrate a
single sheet of paper, much less your skin. You are getting more harmful
radiation from outer space than you would get from wearing an alpha emitter
around your neck.
Johnny Bravo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
