Cryptography-Digest Digest #366, Volume #10 Tue, 5 Oct 99 23:13:02 EDT
Contents:
Re: radioactive random number generator ("Dave VanHorn")
Re: Comments on ECC (Derek Bell)
Re: Ritter's paper (Mok-Kong Shen)
Peekboo 1.60 Message Encryptor is out (Tom St Denis)
Re: Newbie question: RSA and Key Escrow (Anton Stiglic)
Re: Peekboo 1.60 Message Encryptor is out (Tom St Denis)
Re: Newbie question: RSA and Key Escrow (Nicholas Hopper)
Re: EAR Relaxed? Really? ("karl malbrain")
Re: EAR Relaxed? Really? (wtshaw)
Re: EAR Relaxed? Really? ("karl malbrain")
Re: classifying algorithms ("Steven Alexander")
Re: IBM's security chip (Built on the motherboard)! (Larry Kilgallen)
Re: classifying algorithms ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: Ritter's paper ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: Second "_NSAKey" ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: Compress before Encryption ("Doug Gwyn (ISTD/CNS) " <[EMAIL PROTECTED]>)
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? ("Rick Braddam")
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
Re: EAR Relaxed? Really? (Greg)
----------------------------------------------------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Tue, 05 Oct 1999 18:37:54 GMT
> Once ingested, however, these benign sources become DEADLY with a capital
> D.
Like I said. Don't eat it. (or breathe it in)
The built device would be EXACTLY as hazardous as a smoke detector, and in
fact could probably be built using a smoke detector's chamber.
We work with hazardous materials all the time. If you don't take adequate
precautions, then we suffer the consequences. Lead in solder, beryllium in
heat sinks, mercury, flourescent lamp phosphors....
I suppose I have to put a huge warning label on it not to hit other people
over the head with it also, lest someone be injured.
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: Comments on ECC
Date: 5 Oct 1999 19:34:51 +0100
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: The big-O approach of dropping constant factors is very misleading in cases
: where those factors dominate for all practical sizes.
I remember Knuth making a similar point at a talk; great minds think
alike!
Derek
--
Derek Bell [EMAIL PROTECTED] | Socrates would have loved
WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ritter's paper
Date: Tue, 05 Oct 1999 21:06:43 +0200
Tim Tyler wrote:
>
> It seems that when using a PRNG as a stream cypher, it would be a
> good idea if possible to use the contents of the message as an additional
> source of entropy, (in addition to the key).
>
> In other words, rather than keeping the PRNG insulated from the message,
> you should allow these two entities to interact.
>
> I wonder what the best way of doing this is which retains the ability to
> decrypt the information is.
>
> It appears that if decryption happens in a largely serial manner,
> entropy from early (decrypted) parts of the message should be available
> to feed into the PRNG as it decrypts later parts of the message.
>
> Thoughts in this general area would be welcomed.
In a certain restricted sense I have exploited the possibility of
affecting the PRNG output via the content of the text being processed
(data dependency). In my humble encryption algorithm WEAK3-EX (a
PRNG-driven block cipher) in each round a certain hash value is
computed to determine the number of values output by the PRNG that are
to be skipped, i.e. thrown away. This means that different plaintexts
will, in all probability, be processed differently, since different
(sub)sequences of numbers output from the PRNG are employed, leading
to e.g. different substitutions being applied in the round. This is
admittedly a rather simple method of affecting the PRNG. However, in
the context of my design, where a large amount of the PRNG output is
employed in a number of different ways in each round, I believe this
method is sufficient for serving its purpose and it is not worth the
effort to devise a more sophisticated method of affecting the PRNG.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Peekboo 1.60 Message Encryptor is out
Date: Tue, 05 Oct 1999 19:23:26 GMT
First off this is not a spam, Peekboo is a free open-source program, Now that
that's out of the way...
Peekboo is a message encryptor program I have been writing for win32
platforms. I have gotten some feedback about the usage of it, but little on
the security. So in this release I decided to rethink some of the crypto in
it.
Some things I have added/changed for 1.60 release
1) Larger salt. The CBC IV values are no longer fixed (the starting IV was
fixed before). 2) Added Rijndael. It now has 3 of the 5 NIST finalists. 3)
Added LZRW1 data compression. I chose this method because it seems to work
well for messages >1KB, it's compact and very fast.
Some of the original features include
- Seven well known block ciphers - Diffie-Hellman key exchange (with a
2048-bit modulus) - Simple GUI application - Very compact (only 40kb now...
it was 36kb ... hehe) - Source is available online - It's free. - Will
automattically put ciphertext in the clipboard when you click on encrypt and
will read from the clipboard when you click decrypt (or it will
decrypt/encrypt automatically when you switch from/to peekboo with auto-crypt
on).
You can check it out here:
http://www.cell2000.net/security/peekboo/index.html
BTW, since I am now successfully failing chemistry in school I have to put
peekboo on hold. Before I thought I could manage both, but it's a tad
tedius. So enjoy 1.60 and I will get back to y'all later.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Newbie question: RSA and Key Escrow
Date: Tue, 05 Oct 1999 15:31:31 -0400
Steven Alexander wrote:
> One simple way to get around this would be to give each agency half of
> p(every other bit). Then, if the agencies worked together they could
> reconstruct p trivially and divide pq by p to get q. Without the
> cooperation of both agencies it would still be very difficult to reconstruct
> p, although it would be easier given half the bits.
>
> -steven
No, that is a very bad way of doing it. Where do you people come up with
this stuff? If you give half the bits, you are reducing your security of X-bit
RSA to (X/2)-bit RSA. You need a simple secret sharing scheme, which
gives you no information about the key, see
http://www.best.com/~szabo/secret.html
for a description of a secret sharing scheme.
You share p (or q) with this scheme....
Anton.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Peekboo 1.60 Message Encryptor is out
Date: Tue, 05 Oct 1999 19:53:44 GMT
Once again DEJA news $@##'ed up a posting. If you want a clearer description
of peekboo 1.60 and why I am not gonna be coding it for a while check out the
website please.
http://www.cell2000.net/security/peekboo/index.html
Thanks,
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Nicholas Hopper <[EMAIL PROTECTED]>
Subject: Re: Newbie question: RSA and Key Escrow
Date: Tue, 05 Oct 1999 16:00:44 -0400
Anton Stiglic wrote:
> Steven Alexander wrote:
>
> > One simple way to get around this would be to give each agency half of
> > p(every other bit). Then, if the agencies worked together they could
> > reconstruct p trivially and divide pq by p to get q. Without the
> > cooperation of both agencies it would still be very difficult to reconstruct
> > p, although it would be easier given half the bits.
> >
> > -steven
>
> No, that is a very bad way of doing it. Where do you people come up with
> this stuff? If you give half the bits, you are reducing your security of X-bit
>
> RSA to (X/2)-bit RSA. You need a simple secret sharing scheme, which
> gives you no information about the key, see
>
> http://www.best.com/~szabo/secret.html
>
> for a description of a secret sharing scheme.
>
> You share p (or q) with this scheme....
>
> Anton.
It's worse than that -- by giving up half of the bits of p, you essentially give
up p and q. See the notes for section 8.2 of HAC (see
http://cacr.math.uwaterloo.ca/hac/about/chap8.ps ) for references to
polynomial-time methods for factoring given a constant fraction of the bits of one
factor.
-Nick
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Tue, 5 Oct 1999 13:25:31 -0700
wtshaw <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > Where is the protection??? If they can say that any SPECIFIC file X
coded
> > on your harddisk decodes to INCRIMINATING file Y that the FBI says it
does,
> > you're up the proverbial creek without the proverbial paddle. Why do
you
> > wonder at my STYLE in this environment??? Karl M
>
> This is the point, such a law protects nobody, but facilitates false
> accusation. Whereas, crypto embarrasses those who demand to know too
> much by showing them to be acting beyond reason. The FBI is not supposed
> to be a nanny.
What do you mean??? No they're not trying to be nannies, there trying to
become more effective SECRET POLICE. The only thing you have to go on is
CONTRADICTION. Karl M
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Tue, 05 Oct 1999 14:23:39 -0600
In article <U8qK3.18$[EMAIL PROTECTED]>, "karl malbrain"
<[EMAIL PROTECTED]> wrote:
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > karl malbrain wrote:
> > > And breaking STATE SECRETS is a capital crime.
> >
> > Not in the US, which doesn't even have an analogue of the British
> > Official Secrets Act.
>
> Come on, I know you know more than that. Any information stamped
> CONFIDENTIAL, SECRET, TOP SECRET, EYES-ONLY COMPARTMENTALIZED, etc, carries
> stiff penalties on revelation. If revealed to another country it's
> considered a CAPITAL crime. It's what happened to Julius and Ethel (sp?)
> Rosenberg in the 1950's. Karl M
Turn anything of such nature over to the press and it is up to them to do
as they please with it. Too often classification is abused for spurious
purposes.
--
Sometimes a small mistake can lead to fortunate reward.
Charlie Chan
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Tue, 5 Oct 1999 13:30:36 -0700
Satch <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (karl malbrain) said on 04 Oct 1999 in
> <0t8K3.91$[EMAIL PROTECTED]> the following:
>
> >> That works in civil trials. For criminal proceedings, if I were on a
> >> jury and the guy on the witness stand said "It's MAGIC" I would reply
> >> "Not guilty."
> >
> >No, they aren't going to say MAGIC, there going to say STATE SECRET.
> >Your only VIABLE defense is to do what I do, and not use encryption for
> >OBSCURITY. Karl M
> >
>
> You miss my point. "State secret" equals "magic".
Magic means UNGROUNDED IDEALISM.
> Last time I looked, this was supposed to a government "of the people, by
> the people, and for the people." The concept of State Secret in a
criminal
> proceeding isn't congruent with that ideal.
The issue at hand is the ability for the FBI to come into a criminal
proceeding and introduce fabricated evidence with impunity. They'll be
protected from lying with impunity by claiming STATE SECRET to the back-door
key and/or black-box decryptor.
> I just finished reading the transcripts of the trial record of the several
> crypto cases, and find that the judge is supposed to accept the
> government's assertion that exporting source code that is published in a
> book on a different medium is going to Be The End Of The World. The State
> Department (and now the Commerce Department) are engaging in "offical FUD"
> that must have Microsoft shaking their heads in admiration -- this
> evidenced by Microsoft's actions with regard to the crypto API in Windows.
What is being discussed runs deeper. They can take ANY encrypted file on
your hard disk, decrypt it to anything they want, and use it against you in
a criminal trial.
> Indeed, the pattern appears to be that everyone is considered by our
> government to be a criminal. Period.
>
> I weep.
Karl M
------------------------------
From: "Steven Alexander" <[EMAIL PROTECTED]>
Subject: Re: classifying algorithms
Date: Tue, 5 Oct 1999 13:33:43 -0700
Here are some basic terms:
Block algorithm: encrypts data a block at a time, typically 64 or 128-bits
at a time.
Stream Cipher: encrypts data one bit at a time
Hash algorithm: A hopefully one-way function that outputs a value of
predefined size regardless of input size by compressing and
permuting the message a block at a time
Asymmetric vs. symmetric encryption: symmetric uses the same key for
encryption and decryption, asymmetric uses one key for encryption
and another related key for decryption that cannot be computed from the
first
There really isn't a system for classifying different algorithms. Most
block algorithms though are defined as feistel ciphers or feistel network
which is a cipher that is based on a weaker round function that is iterated
several times.
-steven
Neil Weicher <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can anyone point me to a list of different types of encryption
> algorithms? For example, if someone handed me a description of an
> algorithm I'd like to be able to classify it.
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Subject: Re: IBM's security chip (Built on the motherboard)!
Reply-To: [EMAIL PROTECTED]
Date: Tue, 5 Oct 1999 21:59:10 GMT
In article <[EMAIL PROTECTED]>, Sundial Services
<[EMAIL PROTECTED]> writes:
> Personally, I am amazed that computer manufacturers did not latch upon
> this idea about ten years ago.
For computer manufacturers in the US, export controls have been a barrier.
Larry Kilgallen
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: classifying algorithms
Date: Tue, 5 Oct 1999 23:12:40 GMT
Steven Alexander wrote:
> Stream Cipher: encrypts data one bit at a time
The latter implies the former but not vice-versa.
A stream cipher basically produces output without delay,
although that is a slight oversimplification. The input
and output symbols need not be the same size nor 1 bit each.
> Hash algorithm: A hopefully one-way function that outputs a value of
> predefined size regardless of input size by compressing and
> permuting the message a block at a time
All a hash has to do is to summarize an input string.
For message integrity checking purposes, it must be difficult
to find another input that produces the same hash output.
> There really isn't a system for classifying different algorithms.
More accurately, there is no useful, universal classification
that fully captures the character of every cryptosystem.
(You already mentioned some classifications.)
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: Ritter's paper
Date: Tue, 5 Oct 1999 23:30:47 GMT
Tim Tyler wrote:
> I really have difficulty in seeing what point there was in specifying
> in advance that cyphers must encrypt in 128-bit blocks.
NIST wanted to evaluate proposals on a comparable basis.
128 bits was (and is) considered proof against brute-force attack;
too much less and there would be that worry again;
too much more and key management becomes more of a hassle.
------------------------------
Crossposted-To: talk.politics.crypto
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: Second "_NSAKey"
Date: Tue, 5 Oct 1999 23:28:43 GMT
Sundial Services wrote:
> It's hardly new. They did the same thing with Haeglin's (modern)
> crypto machines, sold by what was once the most trusted Crypto
> provider in Europe.
[I assume you mean Crypto AG.] Says who? Iran?
An actual reference would be nice, instead of innuendo.
------------------------------
From: "Doug Gwyn (ISTD/CNS) <gwyn>" <[EMAIL PROTECTED]>
Subject: Re: Compress before Encryption
Date: Tue, 5 Oct 1999 23:32:39 GMT
"SCOTT19U.ZIP_GUY" wrote:
> >Richard Parker wrote:
> >> So, it is clear that naming Scott's scheme "one-to-one compression" is
> >> misleading since all lossless compression is one-to-one.
> Mr Parker never claimed it was misleading it is your warped mind
> that thinks it is.
You cannot even read, apparently.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 00:43:36 GMT
> ... the FBI lying with impunity, under the guise
> of protecting STATE SECRETS, e.g. their back door
> key, or their black box decoder, which fabricates
> evidence against any of us. Karl M
Gee, Karl, you sound more paranoid than I do...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 00:46:34 GMT
> Here goes, I'll try again (not at being intelligible but
> rather using plain English):
>
> I'm finding out what Greg owns as POSITION. Most people
> with his understanding just complain about what the FBI
> does with its license. Can we mutually take DIRECT ACTION?
> They're getting away, literally, with murder, and Greg
> KNOWS IT. Can you make anything out of the HISTORICAL
> CHAIN of Waco and Cobb's Creek vis-a-vis the pattern of
> INVESTIGATION??? Greg has already noted the general
> means (grounded capability) the FBI uses to advance itself
> as a section of the DEPARMENT of JUSTICE. Does anyone
> else agree???
Boy, I would love to agree. I really would. But I don't
understand what you are saying to agree with you.
--
Truth is first ridiculed, then violently opposed, and then it is
accepted as self evident ("obvious").
I love my president... I love my president... I love my president...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 00:56:20 GMT
It is good to see you speak english like the rest of us.
> They can say that any encrypted file on your computer
> `decrypts' to anything they say it does, and you have
> no defense against it.
Two points:
First, you can prove them wrong by decrypting the file
and showing their decrypted message was fabricated. Experts
can substantiate your claim. This assumes:
a.) that either your file was harmless
b.) that the case you are the criminal to will be thrown
out as soon as you prove that the FBI deliberately lied
(this might be a real defense, we must wait and see)
c.) the damage by exposing criminal activity is reduced
by the process of testifying against yourself.
Second, you are assuming that they will decrypt the encrypted
file into anything they want it to say. I think they would
not do this unless they wanted you to "prove" what the file
really did decrypt to, thus a fishing expedition. This is
a plausible scenario even if they know the case will be thrown
out- it is simply intelligence gathering on their part.
> Whenever the FBI has investigated
> itself in the past, they find criminal behaviour without
> criminals. How can you defend yourself against an agency
> like that????
Your guns and a really well thought out strategy to use them
effectively.
--
Truth is first ridiculed, then violently opposed, and then it is
accepted as self evident ("obvious").
I love my president... I love my president... I love my president...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 01:01:50 GMT
> I guess the only hope we have is if people start
> electing honest politicans like Jessie Ventura.
Say again? You mean the dude that said his party did
nothing to help him get elected? You mean the man who
had a brain fart and said a good part of his voting
base was enipt? You mean the politician who is himself
when he talks with Play Boy? Is that the one you refer to?
> Since none of the current main stream politicians even
> give a rats ass about honesty or the constitution.
> With an honest justice department it might even be
> possible to get there killers that specialize
> in shooting unarmed women holding babies in jail
> as well as the bosses that ordered the killings.
Now let's return to reality and think about what we
can do for real change, shall we? It has always been
a well known fact that government is force. To think
we can change that is living in la la land.
The second amendment was never to make la la land, but
to keep politicians scared of exercising undue power.
Think about that- our guns are a deterence, a factor
for fear for those over us.
--
Truth is first ridiculed, then violently opposed, and then it is
accepted as self evident ("obvious").
I love my president... I love my president... I love my president...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Tue, 5 Oct 1999 19:32:05 -0500
karl malbrain <[EMAIL PROTECTED]> wrote in message
news:w4tK3.53$[EMAIL PROTECTED]...
>
> wtshaw <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > In article <8v8K3.92$[EMAIL PROTECTED]>, "karl malbrain"
> > A person acts best according to some consistent pattern
>
> You mean persons with PRINCIPLES, not agencies constituted as SECRET POLICE.
>
Law enforcement officers, of whatever branch, are people just like everyone else on
the street. The vast majority of them are
decent, hard-working people who are just trying to do a very difficult job. To
characterize all the good ones as unprincipled,
immoral, or evil is just a wrong as ignoring or failing to hold accountable those few
who are.
Rick
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 01:10:20 GMT
Honestly, I am surprised any of you respond to Karl.
I will not unless I can understand his statement the
first time I read through it. I just don't have time
for his- his- what ever you want to call his problem.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 01:12:24 GMT
>Why do you wonder at my STYLE in this environment???
Because it leaves us wonder?
--
Truth is first ridiculed, then violently opposed, and then it is
accepted as self evident ("obvious").
I love my president... I love my president... I love my president...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: EAR Relaxed? Really?
Date: Wed, 06 Oct 1999 01:14:04 GMT
> I searched the web for "Martovian"...
What a fool! Man, I would never have wasted my time on Karl.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
