Cryptography-Digest Digest #369, Volume #10 Wed, 6 Oct 99 20:13:03 EDT
Contents:
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: rc5-128 cracking $20 per letter (Tom St Denis)
Re: Exclusive Or (XOR) Knapsacks ([EMAIL PROTECTED])
Re: Which encryption for jpeg compressed pictures? (jerome)
books about elliptic curves (jerome)
Re: DES breaker Technique? (jerome)
Re: classifying algorithms (jerome)
Re: radioactive random number generator ("John E. Kuslich")
Re: Which encryption for jpeg compressed pictures? (Paul Koning)
Re: There could be *some* truth to it (Dan Day)
Re: radioactive random number generator ("John E. Kuslich")
Re: radioactive random number generator ("John E. Kuslich")
Re: Which encryption for jpeg compressed pictures? (fungus)
Re: True Random numbers (fungus)
Block encryption with variable keys (Mok-Kong Shen)
Re: Block encryption with variable keys (John Savard)
Re: Is 128 bits safe in the (far) future? (John Savard)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:28:58 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> "John A Croll" <[EMAIL PROTECTED]> wrote, in part:
>
> >your message is:
> >"sHure sHow me it"
>
> in response to Tom St. Denis, who wrote:
>
> >> Ok decrypt this
>
> >> 1602d701fa1ac1ad
>
> Unfortunately, this message is only eight bytes long, and your
> decryption is 16 bytes long.
Shhhh... don't tell him that.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:30:28 GMT
Ok if you destroyed RC5 what is the message I sent? You got it wrong in your
other post. Tom
In article <7tg499$igt$[EMAIL PROTECTED]>,
"John A Croll" <[EMAIL PROTECTED]> wrote:
> rc5 has a wide open back door for the feds and i found it.
> i think they should give me the rsa prize money
> because i destroyed rc5 as a viable product.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: rc5-128 cracking $20 per letter
Date: Wed, 06 Oct 1999 19:32:25 GMT
In article <7tg16g$8q3$[EMAIL PROTECTED]>,
"John A Croll" <[EMAIL PROTECTED]> wrote:
> your message is:
> "sHure sHow me it"
> you owe me 320 bucks!
> you may remit payment to:
> richard lee king jr.
> p.o.box 236
> st.bernice,
> in. 47875-0236
> phone: 765-832-2557
> you need to buy better security.
First off you got the message wrong, second the message is only 8 ascii chars
not 16. Third I did not buy RC5, I took the RSAREF code, thru in a main()
and gave you the ciphertext.
If you think I am making this up, just admit defeat and I will give you the
key that will decrypt it.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Exclusive Or (XOR) Knapsacks
Date: Wed, 06 Oct 1999 19:35:41 GMT
[EMAIL PROTECTED] (Guenther Brunthaler) wrote:
> Matt Timmermans" wrote:
>
> >Let me just make up an example:
> >...
> >3rd bit
> >
> >1010 = B1
> >0101 = B2
> >0011 = B1+B3
> >0010 = B1+B4 +B2
> >...
> >So, for any 4 bit X...
>
> Looks very interesting!
>
> But could you please explain your approach in more detail?
You can find Gaussian elimination in any linear
algebra text.
> Also, is it coincidence that in your example there are B1..B4 and also
> 4 bits in X?
Not a coincidence. The question was:
| Problem:
| Given an n bit number X and a set {B1,B2,...,Bn}
| of n bit numbers;is there a subset whose elements
| collectively XORed give X?
> Perhaps you could outine your example for the following (1-bit) setup:
>
> X=1, B1 = 0, B2 = 0, B3 = 0, B4 = 1, B5 = 1, B6 = 1
>
> and the size of the requested subset shall be 3.
This fails to be an example of the stated problem.
[...]
> I really would be interested how any equation system could help find
> some specific calculated solution, as there may be any number of
> solutions!
Again, a linear algebra text will explain. If
any subset of the vectors xors to zero, then that
subset can be xored into any solution to produce
another solution, and all solutions may be
produced this way.
Genetic algorithms? Backtracking? P?=NP?
Nonsense - it's a simple linear algebra problem.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Crossposted-To: comp.security.misc,comp.graphics.algorithms,comp.compression
Subject: Re: Which encryption for jpeg compressed pictures?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Oct 1999 17:05:38 GMT
On Wed, 06 Oct 1999 07:53:40 -0700, Samuel Paik wrote:
>
>One of the public key systems is about to fall out of
>patent (in the US at least).
which one ?
RSA patent will finish in sep 2000, no ?
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: books about elliptic curves
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Oct 1999 19:55:38 GMT
i saw two books about elliptic curves
"elliptic curves public key cryptosystem" by alfred meneze
"elliptic curves in cryptography" by i.blake, g.serously and n.smart
alfred meneze recommends against buying his own book because it is
"grossly over priced and a bit outdated". He is honnest and i deeply
admire this quality.
but who read the second one ? how good it is ?
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: DES breaker Technique?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Oct 1999 17:02:54 GMT
On 06 Oct 1999 03:33:49 GMT, UBCHI2 wrote:
> Or did they just wait until they had factored the key?
right only for RSA.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: classifying algorithms
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Oct 1999 17:30:50 GMT
On Tue, 05 Oct 1999 21:55:27 GMT, Doug Stell wrote:
>
>Key agreement (Diffie-Hellman, KEA)
>
what is KEA ?
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Wed, 06 Oct 1999 14:05:24 -0700
Right...and broccoli makes women pregnant...outerspace aliens have invaded
Washington...yada yada...
Cancer is actually caused by undetectable tigers. The problem with the research
is that the tigers are, well, undetectable :--)
JK
Rich Grise wrote:
> Heh. Guess we're hearing from the hysterics.
>
> Cancer is caused, believe it or not, by repression of emotional
> expression, and by self-hatred.
>
> It's a little bit hard to demonstrate that fact, because the ones
> who are cancer-prone are unwilling to do the experiments, because
> they'd have to release the mental judgements that are holding the
> emotions in place in the first place. Somewhat akin to the religion
> of anti-smokerism. But blaming alphas certainly isn't the answer.
>
> Cheers!
> Rich
>
> John E. Kuslich wrote:
> >
> > Such dangerous ignorance cannot be left to stand unchallenged.
> >
> > Alpha emitters are some of the most dangerous substances known to man.
> >
> > Ingestion by eating or by inhilation of tiny amounts of alpha emitter will
> > almost certainly cause cancer. Small amounts of alpha enitting dust lodged
> > in the lung will bombard the surrounding tissue and cell DNA with ionizing
> > radiation eventually causing enough genetic damage to produce uncontrolled
> > cell growth.
> >
> > Alpha emitters that are properly contained and unlikely to have sustained
> > intimate contact with human tissue are safe by virtue of their easy
> > attenuation by clothing, air, distance and any other intervening material.
> > Once ingested, however, these benign sources become DEADLY with a capital
> > D.
> >
> > JK
> >
> > Dave VanHorn wrote:
> >
> > > > As far as I can see, the only reason to construct such a hardware
> > > > random number generator is the coolness factor. Sure, anybody
> > > > can make a noise source with just a resistor and a capacitor,
> > > > but it takes a real engineer to use a dangerous radioactive source.
> > > > You could do it in a ridiculously hard way, but then you'd
> > > > have to compete with things like http://lavarand.sgi.com/
> > > > and http://www.fourmilab.ch/hotbits/
> > >
> > > That's the whole point. An alpha source is totally safe, as long as you
> > > don't EAT it.
> > > The radiation is helium with no electrons.
> > >
> > > Can you live with a few helium nucleii bouncing off you?
> > > Seems likely, as you already are.
> >
> > --
> > John E. Kuslich
> > Password Recovery Software
> > CRAK Software
> > http://www.crak.com
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,comp.graphics.algorithms,comp.compression
Subject: Re: Which encryption for jpeg compressed pictures?
Date: Wed, 06 Oct 1999 17:00:05 -0400
Herbert Kleebauer wrote:
>
> I'm writing a viewer for encrypted multi-jpeg files.
> Because I'm not familiar with encryption, I need some
> help. I need an encryption which is
>
> 1. absolutely secure. If you have the original and the
> encrypted file, it must be impossible to proof, if
> one is the encrypted version of the other.
> 2. fast
> 3. free
Well "absolutely secure" you can't get.
What you can get is "believed to be proof against all
known attacks". Triple DES (slow), IDEA (not free),
Blowfish (fast and free) should be suitable.
I think an encrypted picture viewer already exists,
but I don't remember details. Another approach,
of course, is to put the files on an encrypted
partition (consider Scramdisk or SFS).
paul
------------------------------
From: [EMAIL PROTECTED] (Dan Day)
Subject: Re: There could be *some* truth to it
Date: Wed, 06 Oct 1999 21:06:25 GMT
On Wed, 06 Oct 1999 12:31:36 -0400, "Trevor Jackson, III" <[EMAIL PROTECTED]>
wrote:
>
>Your "explanation" makes it worse. You knew your claim was false when you made
>it.
Don't be a twit, Trevor. I did not "know my claim was false", nor do I know
that to be the case now. If you think you can explain what's wrong with it
(your unadorned personal attack doesn't count), then feel free to do so,
and I'll look forward to reading it.
I put "infinite" in quotes in my original post for a reason, and the
main reason was to try to make it clear that I was not speaking of
infinity in its rigorous mathematical sense, but in a tongue-in-cheek
layman's sense. I did not mean for it to be taken literally, I did
not write it as if I meant it literally, and I would appreciate it if
you didn't make false accusations against me based on your pigheaded
insistence on trying to claim that I meant it literally.
If you want to disagree with the gist of what I said, or point out
where I have erred, I'm entirely open to enlightenment. But it does
no one any good, including yourself, to simply nitpick wording and use it
as a cheap excuse to call me a liar.
--
"How strangely will the Tools of a Tyrant pervert the
plain Meaning of Words!"
--Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Wed, 06 Oct 1999 14:25:42 -0700
How about a hex-FET. The volume of each junction is small but there are
a lot of junctions.
Has anyone tried this??
JK
Chuck Parsons wrote:
> donsolo wrote:
>
> > In article <[EMAIL PROTECTED]>,
> > Hironobu SUZUKI <[EMAIL PROTECTED]> wrote:
> > > Rolf Bombach <[EMAIL PROTECTED]> writes:
> > > > amount of Bq's. Anyway, today's regulations
> > > concerning radioactive
> > > > material are ..hm..
> > > I didn't see all of this discussion, but I guess that
> > > background
> > > radiation is OK for little length of random number or
> > > seeds for
> > > pesudo-random number generator.
> > > Background radiation can be detected by big size of
> > > Geiger-Muller
> > > counter tube or many number of Geiger-Muller counter
> > > tubes.
> > > --hironobu
> >
> > You don't need GM tubes or high voltage. A small silicon
> > solar cell (or almost any diode) makes a good detector of
> > background gamma.
> > Shield it and use a low noise, high gain op-amp.
> > Don
>
> Solar cells, at least the ones I tried, make terrible detectors
> for gamma rays. The depletion depth is too small, and
> leakage currents are terrible. I tried and failed to
> see _alphas_ with one from radio shack. Use a
> PIN diode. A bare j-fet makes a fine detector
> but the efficiency is very very low because the
> depleted volume is so small.
>
> Chuck
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To: sci.electronics.design,sci.electronics.equipment
Subject: Re: radioactive random number generator
Date: Wed, 06 Oct 1999 14:42:18 -0700
Dad gumit!!
When I was a young whipper snapper like you (back in the nineteen and ought
fifties) my friends would go to the local shoe store and play with a machine which
would X-ray feet to see how well shoes fit. Then someone discovered that these
machines put out enough X-rays to turn Superman red like a lobster. Lucky for me,
my mother threatened to beat me to a puplp if she ever caught me doing that.
Many cancers were caused by these devices before they were outlawed. This has been
the history or regulatory control of radioactive substances. Many people died as
the result of mishandling radioactive materials and the standards have beeb
gradually tightened with time.
For a really good time, look up the notes from Nikola Tesla written while he was
experimenting with X-rays. He would turn on his machine with his eyes closed and
enjoy the nice warm light that formed within his head by the powerful X-ray
emitter he built. He started to act rather strangely right after that...
Sonny, if ignorance is bliss, you gotta be real happy.
JK
Rich Grise wrote:
> Rolf Bombach wrote:
> >
> > Dave VanHorn wrote:
> >
> > > Ross <[EMAIL PROTECTED]> wrote in message
> > > [...]
> >
> > > This is an idea I put forth in circuit Cellar discussions years ago.
> > > Everyone freaked out over using radioactives, even though it's only alpha
> > > particles that can be stopped by paper.
> >
> > If you can make sure the source stays in the chip then the alpha emitter
> > is harmless. If there is a chance the stuff gets into your body, alpha
> > emitters are one of the most harmful radioactive materials (rule of
> > thumb: factor 10 more than gamma). Solution: not exceeding allowed
> > amount of Bq's. Anyway, today's regulations concerning radioactive
> > material are ..hm.. (sorry, non english speaking, i miss the word..).
>
> Paranoid, I think.
>
> Hell, before paranoia became the national religion, you could go to
> the record store (when sound was recorded in physical grooves on
> vinyl discs) and get a dust brush that had a little chip of polonium
> (I don't know which isotope) which would emit alphas, or possibly
> betas, that would discharge the static from the vinyl disk and
> brush the dust off.
>
> They also used to use a similar device for an "ionizer," as there
> was a belief that negative ions in the air would make you happy,
> and the reason everybody's so cranky during Santa Ana season is
> the positive ions. But people seem to have decided "OOhh! That'll
> cause cancer! Danger! Danger! Be safe! Don't do anyfuckingthing!"
>
> Pfaugh.
> Rich
>
> > > The distribution won't change. The total amount may change, but the time
> > > between hits will still be random.
> >
> > Yes and no. The time between hits has a distribution. The most probable
> > time between hits is zero, then the curve goes slowly down, some
> > exp(-ax). It's contrary to some "intuition", it's a great problem/nuisance
> > for geiger counters.Even a short "dead-time" may have a big influence on
> > readings. If you have the opportunity, do the experiment. Connect output
> > of geiger counter to interrupt line, small routine doing the pdf (probability
> >
> > density function, not that internet stuff :-) ). I checked it, it works.
> > If your random number generator does not account for that, the
> > "randomness" is spoiled. (And there are other statistical effects, too...)
> > IMHO a great idea, but as with many great ideas, much more work than
> > planned to get them working properly.
> >
> > --
> > Rolf Bombach [EMAIL PROTECTED]
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: fungus <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,comp.graphics.algorithms,comp.compression
Subject: Re: Which encryption for jpeg compressed pictures?
Date: Wed, 06 Oct 1999 23:25:29 +0200
Herbert Kleebauer wrote:
>
> I'm writing a viewer for encrypted multi-jpeg files.
> Because I'm not familiar with encryption, I need some
> help. I need an encryption which is
>
> 1. absolutely secure. If you have the original and the
> encrypted file, it must be impossible to proof, if
> one is the encrypted version of the other.
> 2. fast
> 3. free
>
RC4 is easy to program and meets the above criteria, see:
http://www.ciphersaber.com/
Note that you *have* to use "salt" (or IV) with RC4. The salt
is only there to make the password different for each encryption.
It doesn't need to be very random or secret, just different
for *each file*. Use the time of day combined with the filename
or something like that when you do the encryption.
If you prefer a block cipher to a stream cipher then Triple
DES is good, but maybe slow. 128 bit Blowfish is another
good contender, see http://www.counterpane.com/
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: True Random numbers
Date: Wed, 06 Oct 1999 23:30:42 +0200
Tim Tyler wrote:
>
> Thus their OTPs are probably as secure as their PRNG.
Thus their "OTP" isn't a OTP at all, it's a stream cipher.
Would you trust somebody who can't even get their terminology
right after several years of being reminded of it.
Would you trust somebody who uses the phrase "one time pad"
as a cheap marketing ploy (it's basically a bare-faced
lie...) to be a good cryptographer?
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Block encryption with variable keys
Date: Wed, 06 Oct 1999 23:51:10 +0200
I have on many occasions in the past advocated what I term the
principle of variability in cryptology and have employed it in
the design of a couple of humble encryption algorithms of my own.
As also mentioned in a recent discussion thread on Terry Ritter's
paper, multiple encryption with changing ciphers and parametrized
ciphers can all be subsumed by this very general principle.
With that viewpoint I like to put up a couple of (maybe unintelligent)
questions:
Why does DES (and similar block ciphers) keep the key constant
and not varying from block to block? Would sophisticated attacks
like differential analysis still function when the key is
non-constant?
I can see at least two straightforward means of modifying the
key. One is modification similar in principle to CBC and other
chainings. The other is letting a PRNG supply the key for each
block (the PRNG thus drives the block encryption). Certainly
there is much scope of variations or introducing additiional
complexities.
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Block encryption with variable keys
Date: Wed, 06 Oct 1999 22:12:46 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>Why does DES (and similar block ciphers) keep the key constant
>and not varying from block to block?
Because doing so is inherent in the *definition* of a block cipher.
Varying the key would be a good idea, but would require extra setup,
and would mean, perhaps, that the key couldn't be locked inside a
block-cipher chip, opening things up to certain attacks.
>Would sophisticated attacks
>like differential analysis still function when the key is
>non-constant?
Differential Cryptanalysis would indeed have problems; *more*
sophisticated attacks would be required, based on how the key was
varied.
>I can see at least two straightforward means of modifying the
>key. One is modification similar in principle to CBC and other
>chainings. The other is letting a PRNG supply the key for each
>block (the PRNG thus drives the block encryption). Certainly
>there is much scope of variations or introducing additiional
>complexities.
I quite agree.
However, since I know people will insist on "real" block ciphers (We
can use them anywhere, but stream ciphers are only good for certain
applications with setup requirements is the complaint) I came up with
a slightly less straightforward way of modifying the key. It is the
one I mentioned before, which involves increasing the block size
(possibly doubling it, possibly increasing it only slightly, possibly
accepting that a 128-bit block size _is_ an increase, and using 64-bit
block ciphers as a component).
Essentially, in a Feistel cipher like DES, we have that a function of
one half of the block is XORed to the other half of the block at each
step.
I vary the subkeys by using an extra piece of the block, taking some
kind of function (controlled by a fixed subkey) of that extra piece,
and then using that result to pick subkeys from a large pool to use in
the conventional block encryption of the rest of the block.
This principle is illustrated in my Quadibloc III and Quadibloc VI
ciphers.
So you see what I am trying to do:
to advocate the use of stronger ciphers with more variability, larger
keys, and so on, and yet
to fit them into the standard block cipher format, so that there is no
objection to their practical use.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Is 128 bits safe in the (far) future?
Date: Wed, 06 Oct 1999 22:19:30 GMT
"David Sternlight" <[EMAIL PROTECTED]> wrote, in part:
>This is not an idle comment. Almost 30 years ago we were using exponentially
>weighted random search (check the literature) to solve large problems far
>more rapidly than had been the case with marching through the solution
>space. I don't say that particular technique will necessarily be the one of
>choice for cryptanalysis, but it's a pretty good notional example.
Such techniques can only be used if there is some sort of analytic
attack against the cipher.
Of course, we have no way of knowing if the ciphers we use don't have
some theoretical weakness that might be found in the next 100 years or
so.
I would think, though, that the best thing to throw at an estimate of
how long it would take to crack a cipher by trying keys one after
another in the far future would be the threat of the quantum computer.
John Savard ( teneerf<- )
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
