Cryptography-Digest Digest #511, Volume #10 Fri, 5 Nov 99 11:13:05 EST
Contents:
Re: Some humble thoughts on block chaining (Paul Crowley)
Re: Lenstra on key sizes ("Roger Schlafly")
Re: Bit/byte orientation in SHA-1 (Francois Grieu)
Re: Your Opinions on Quantum Cryptography ("Sandy Macpherson")
Re: The Code Book ("Sandy Macpherson")
The Code Book Challenge ("David Pearce")
Re: How protect HDisk against Customs when entering Great Britain ("Juergen Nieveler
/ CompuNet")
Re: The Code Book ("David Pearce")
Re: The Code Book ("David Pearce")
Re: The Code Book ("Simon Birt")
Re: Lenstra on key sizes (DJohn37050)
Re: my own crypt function (Tom St Denis)
Re: Build your own one-on-one compressor (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Some humble thoughts on block chaining
Date: 5 Nov 1999 08:20:41 -0000
[EMAIL PROTECTED] () writes:
[ stream ciphers based on XOR with a CPRNG ]
> I should be clearer. Most of the stream ciphers discussed in the open
> literature seem to do this; I can't recall one example of a stream cipher
> - other than non-ECB modes of block ciphers - in Applied Cryptography that
> does otherwise.
And with good reason. Why give attackers more ways into the cipher
than you need to? WAKE's internal state is plaintext-dependent, so
there *are* exceptions, but WAKE is vulnerable to an adaptive chosen
plaintext attack, so the best way to use it is as a CPRNG by
encrypting a stream of zeroes, and XOR the output with the plaintext!
If the cipher is secure, this technique is guaranteed to be secure,
and it makes chosen-plaintext attacks impossible.
There's even a variant on WAKE, WAKE-ROFB, that uses this technique to
construct a cipher that has the same security guarantees but runs far
faster on modern hardware - it works by generating the CPRNG output
*backwards*.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Lenstra on key sizes
Date: Thu, 4 Nov 1999 23:21:56 -0800
DJohn37050 <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The url is
> http://www.homepages.hetnet.nl/~savvy/keysizes.htm.
An easier URL is
http://www.cryptosavvy.com
Yes, they seem to be persuaded that the future is in elliptic curves.
But I found it odd that they treated RSA and discrete log
modulus sizes the same. The NFS asymptotics are similar,
but as they say, solving the discrete logarithm problem
"is considerably more difficult than factoring".
So far (in the open literature) a 512-bit RSA key has
been broken, but the largest discrete log attack has been
283 bits (EuroCrypt '98). It looks to me like 512-bit
discrete log (SDL in the paper's terminology) is a whole
lot more secure than 512-bit RSA.
------------------------------
From: [EMAIL PROTECTED] (Francois Grieu)
Subject: Re: Bit/byte orientation in SHA-1
Date: Fri, 05 Nov 1999 10:40:37 +0100
[EMAIL PROTECTED] wrote (*)
> I am trying to verify a module which implements the FIPS PUB 180-1 SHA-1
> specification which is bit oriented.
> The C-implementation of Steve Reid, which I use currently for verification,
> is byte orientated. Can anyone point me to C-implementation which is bit
> orientated ?
I can't, but here are test vectors Jim Gillogly and I have jointly
cross-checked on Aug 1998, and may have survived my editing.
In sequence you get the hash of the empty message, of the single bit
message with a 0 bit, and so on. 110#148|11 is a 446 bits message
made of the three bits 110 repeated 148 times, followed by
the two bits 11. The last message has 2^32+1 bits.
DA39A3EE 5E6B4B0D 3255BFEF 95601890 AFD80709
0 BB6B3E18 F0115B57 92524167 6F5B1AE8 8747B08A
10 6E42FB84 067CFF05 6C43A49E 484997AF 23190879
101 4B340598 99D74DAF EE6335CA FDC44A9E EFB154BE
0101 98232A15 3453149A F8D52A61 503A5074 B85970E8
01010 4D2D46F1 1C375398 F8C9FB3B C4626B67 8AE61BFD
100000 BC7A6F90 379A5111 E1B2D6EC 9C5A17AD B11332FD
0000001 6A764A56 F4EDD7AF EAE50B7B 5D0ECB6A 58650793
01010101 B2C7C0CA A10A0CCA 5EA7D69E 54018AE0 C0389DD6
010101010 F1D7529B ACE5E528 FD9A0B4F 9BDF5BCB AA8FCEF9
1010101010 59144C0B D8CE0C00 EA527C00 84999AD2 6AC90005
1100001011000100110001 676315ED 9F279442 DCF41CA9 1CA9973F DC59A242
01100001011000100110001 DC4E4B58 B2FBBC53 3F20BA2C 07A89019 66E50369
011000010110001001100011 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
101#14 3C09E2DF 9D31106 1A5F3E0F1 4660803F 091AB19A
110#148|11 CE7387AE 577337BE 54EA94F8 2C842E8B E76BC3E1
110#149 DE244F06 3142CB2F 4C903B7F 7660577F 9E0D8791
110#149|1 A3D29824 27AE39C8 920CA5F4 99D6C2BD 71EBF03C
110#149|11 351AAB58 FF93CF12 AF7D5A58 4CFC8F7D 81023D10
110#170 99638692 1E480D4E 2955E727 5DF3522C E8F5AB6E
110#170|1 BB5F4AD4 8913F51B 157EB985 A5C2034B 8243B01B
110#170|11 9E92C554 2237B957 BA2244E8 141FDB66 DEC730A5
110#171 2103E454 DA4491F4 E32DD425 A3341DC9 C2A90848
011#490 B4B18049 DE405027 528CD9E7 4B2EC540 D4E6F06B
011#490|0 34C63356 B3087427 20AB9669 14EB0FC9 26E4294B
011#490|01 75FACE18 02B9F84F 326368AB 06E73E05 02E9EA34
011#491 7C2C3D62 F6AEC28D 94CDF93F 02E739E7 490698A1
011#1431655764|01 4CB0C4EF 69143D5B F34FC35F 1D4B19F6 ECCAE0F2
011#1431655765 47D92F91 1FC7BB74 DE00ADFC 4E981A81 05556D52
011#1431655765|0 A3D7438C 589B0B93 2AA91CC2 446F06DF 9ABC73F0
011#1431655765|01 3EEE3E1E 28DEDE2C A444D68D A5675B2F AAAB3203
Hope this helps.
Francois Grieu
--
(*) apparently while he or she was connected from worldonline.nl
under IP 195.241.186.167 as attributed on 4 Nov 1999 19:33:01 GMT
[additional trace info available in the original post]
------------------------------
From: "Sandy Macpherson" <[EMAIL PROTECTED]>
Subject: Re: Your Opinions on Quantum Cryptography
Date: Fri, 5 Nov 1999 09:52:42 -0000
<[EMAIL PROTECTED]> wrote in message news:7vnnus$l2e$[EMAIL PROTECTED]...
> 1. Is there a need for Quantum Cryptography?
Right now, I don't think so.
> Please add any other thoughts you have on this topic.
But since the security of RSA seems to depend pretty much on an inability to
factor large numbers quickly, then it also relies on this never happening.
There's no reason to suppose that someone will find a fast method of
factoring today, tomorrow, or ever; on the otherhand no-one's able to prove
that such a method won't be found. The question of the need for Quantum
Cryptography is one that is best answered by consulting one's own
optimism,pessimism and paranoia levels.
------------------------------
From: "Sandy Macpherson" <[EMAIL PROTECTED]>
Subject: Re: The Code Book
Date: Fri, 5 Nov 1999 10:15:04 -0000
Derrick Schneider <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...(in part)
> I, too, am currently working on stage 3. My hunch is that it's not one
letter replacing
> another, but is in fact one symbol replacing a letter, where each symbol
is some
> combination of characters. The number of characters evenly divides by two,
but not three,
> Nigel Mercier wrote (in part):
>>
> > I'm stuck on stage 3: I don't understand how the homophones are
included.
As the book explains on pg. 52-53, several options represent the same
letter, the number of which is determined by the average frequency of that
letter. So you're looking for a collection of ciphertext representations of
letters in this text that is approximately divisible by 100: this number is
significant because the basis of this cryptography is deflecting frequency
analysis. And the frequency of all letters will add up to 100%. (It doesn't
have to be divisible by exactly 100, because not all letters may be
represented.) Hope this helps.
------------------------------
From: "David Pearce" <[EMAIL PROTECTED]>
Subject: The Code Book Challenge
Date: Fri, 5 Nov 1999 10:18:00 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Hi everyone,
I'm new to this group, so I don't know whether this has been
discussed previously. Apologies if it has. Is everyone aware of the
challenge at the end of the book by Simon Singh, "The Code Book",
where he offers a prize of �10000 to the first person to crack the
series of encrypted pieces of text he has written? The first few are
fairly easy (monoalphabetic substitution, Caeser shift, Vigenere),
but they seem to get a LOT harder further on, to what looks like the
Enigma machine and RSA/DH encryption. Is anyone out there busy
working on these things?
David Pearce
********************************************
Functional Materials Group,
IRC in Materials,
University of Birmingham,
Edgbaston,
Birmingham B15 2TT
Tel: 0121-414-7836/7122
Fax: 0121-414-7890
Web: www.fmg.bham.ac.uk
*******************************************
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
iQA/AwUBOCKu1h+xu+TBgGHOEQKaWACcCSoy1QJlBTISLh+zk2jXDX6LvfIAnAyc
CYUdFFYH06A/zkMJNjOtATy8
=iekz
=====END PGP SIGNATURE=====
------------------------------
From: "Juergen Nieveler / CompuNet" <[EMAIL PROTECTED]>
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.tech,alt.privacy,alt.privacy.anon-server
Subject: Re: How protect HDisk against Customs when entering Great Britain
Date: Fri, 5 Nov 1999 11:22:40 +0100
pgp651 <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
<SNIP
>
> What I will have at crossing ? The PC [ notebook with 8GB HD, about 1GB
free ],
> CD-RW drive, CD-RW disks.
>
<SNIP>
I don�t know who told you that customs officers are scanning notebooks, but
I presume he meant X-Ray-scans, not inspection of hard disc contents.
Scanning 8 GB of disk space for x people on each plane carrying a notebook
would take several hours, and so far I know no programm able to scan Images
for their contents... except perhaps look for a certain amount of light red
colours ;-)
--
Mit freundlichen Gr��en / Yours sincerely
Juergen Nieveler
CompuNet
[EMAIL PROTECTED]
Disclaimer: Views are mine, not my employers�
------------------------------
From: "David Pearce" <[EMAIL PROTECTED]>
Subject: Re: The Code Book
Date: Fri, 5 Nov 1999 10:28:43 -0000
Oh, and another thing. I think that it would be unfair to post the ciphers,
not to mention a probable breach of copyright. You're supposed to have read
the book before you get to the ciphers, as there are lots of clues in there
to help you. Anyway, I think everyone should buy it, as it's a cracking
read. So is his last one, Fermat's Last Theorem.
DHP
Dr. Harley Mackenzie <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I dont suppose anyone would like to post or put on an FTP site any of the
challenge's text? I can't believe that the author
> didnt put them on the challenge website.
>
> Regards,
>
> Harley
>
------------------------------
From: "David Pearce" <[EMAIL PROTECTED]>
Subject: Re: The Code Book
Date: Fri, 5 Nov 1999 10:25:03 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
I must be blind. I've just asked the same question, then saw your
post. Dur.
I've cracked #s 1 and 2 as well. The web site says that the first 4
have been cracked so far. I haven't tried #3 yet, but I'm stuck on
#4. It says it's a Vigenere cipher, but the patterns of letters,
after working out the length of the codeword, don't seem to match
English. Maybe it's in another language? Or maybe I've done it wrong.
I reckon the codeword is 5 letters long.
I'll have a go at #3, taking your suggestion into account, and reply
if I get anywhere.
Since the first 4 have already been solved, there's no harm in openly
discussing how to get the solution, as we have no chance of winning
anything any more. It may get a little more secretive for the further
solutions!
DHP
Nigel Mercier <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Has anyone tried "The Cipher Challenge" in "The Code Book" by Simon
> Singh? I know this will be beneath some of you guys, but I don't
> know where else to ask. If you can suggest a more appropriate group
> please let me know.
>
> I've cracked stages 1 and 2 (this has an interesting twist), but
> I'm stuck on stage 3: I don't understand how the homophones are
> included. I've noticed that the most frequent character is X (207)
> at twice the frequency of the next (Q, 103) which leads me to think
> that "X plus other characters" may be the homophones for some
> letters - leaving the * to represent another letter.
>
> Any ideas?
>
> --
> Nigel Mercier
>
Please remove NOSPAM from my return address
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
iQA/AwUBOCKwfh+xu+TBgGHOEQKHUgCfTMN4zGo3skvhYOqEjz0NMBVxVvcAoIBa
b2Nt25NZ9odRzN07QTETsHzp
=fuK0
=====END PGP SIGNATURE=====
------------------------------
From: "Simon Birt" <[EMAIL PROTECTED]>
Subject: Re: The Code Book
Date: Fri, 5 Nov 1999 11:28:36 -0000
Given that each of the alphabets used in the Vigenere cipher is simply a
shifted alphabet, it is not necessary to perform a full frequency analysis
on each alphabet to determine the outcome. For each alphabet, if you can
map a single letter to the plaintext equivalent, then you have the shift
amount for that alphabet (and hence the keyword).
The most straighforward way, then, is to guess what the most common
plaintext letter is likely to be, and then map the most common letter in
each of the cipher alphabets to that.
David Pearce <[EMAIL PROTECTED]> wrote in message
news:7vubao$7ol$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I must be blind. I've just asked the same question, then saw your
> post. Dur.
> I've cracked #s 1 and 2 as well. The web site says that the first 4
> have been cracked so far. I haven't tried #3 yet, but I'm stuck on
> #4. It says it's a Vigenere cipher, but the patterns of letters,
> after working out the length of the codeword, don't seem to match
> English. Maybe it's in another language? Or maybe I've done it wrong.
> I reckon the codeword is 5 letters long.
> I'll have a go at #3, taking your suggestion into account, and reply
> if I get anywhere.
> Since the first 4 have already been solved, there's no harm in openly
> discussing how to get the solution, as we have no chance of winning
> anything any more. It may get a little more secretive for the further
> solutions!
>
> DHP
>
> Nigel Mercier <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Has anyone tried "The Cipher Challenge" in "The Code Book" by Simon
> > Singh? I know this will be beneath some of you guys, but I don't
> > know where else to ask. If you can suggest a more appropriate group
> > please let me know.
> >
> > I've cracked stages 1 and 2 (this has an interesting twist), but
> > I'm stuck on stage 3: I don't understand how the homophones are
> > included. I've noticed that the most frequent character is X (207)
> > at twice the frequency of the next (Q, 103) which leads me to think
> > that "X plus other characters" may be the homophones for some
> > letters - leaving the * to represent another letter.
> >
> > Any ideas?
> >
> > --
> > Nigel Mercier
> >
> Please remove NOSPAM from my return address
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
>
> iQA/AwUBOCKwfh+xu+TBgGHOEQKHUgCfTMN4zGo3skvhYOqEjz0NMBVxVvcAoIBa
> b2Nt25NZ9odRzN07QTETsHzp
> =fuK0
> -----END PGP SIGNATURE-----
>
>
>
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Lenstra on key sizes
Date: 05 Nov 1999 14:14:29 GMT
AFAIK, the ranking is
1) ECC
2) DL
3) IF, including RSA
in terms of strength. Lenstra thinks is is about 20 bits between 2 and 3.
Don Johnson
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: my own crypt function
Date: Fri, 05 Nov 1999 13:24:01 GMT
In article <7vu1ps$o3p$[EMAIL PROTECTED]>,
"David Beckwith" <[EMAIL PROTECTED]> wrote:
> Hi,
> I want to write my own crypt function to encrypt passwords. Can
> somebody explain to me how to do this? Do you know any good tutorial
sites
> to get me started? For starters I want to emulate a function
like "crypt"
> in Perl or UNIX.
> Thank you very much,
> David :)
Should look up David Scotts methods to be the first to implement *real*
crypto.
[note: Definition of real may vary from user to user, and/or be non-
existsntant in others].
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Fri, 05 Nov 1999 14:54:04 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Phil Norman) wrote:
>On Thu, 04 Nov 1999 21:35:27 GMT,
> SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>>
>> The main disadvantge is that only 2^16words can be used but for most messages
>>this should be ok. Since even in WWII the navjho code talkers had to use
>>concepts in the language for words that where not in the language. You may
>>have to write a program that converts words not in the language to strings of
>>letters. This would take away from some of the 2^16 symboles. It would also
>>mean people who such like me and can't spell worht a shit will me more apt
>>to have longer messages unless some sort of specail spell checker built in.
>
>Actually, the main problem with this compression method, as
>I see it (please correct me if I'm wrong) is one of prefixes.
>Ignoring the huffman aspect and concentrating on the 1-1
>mapping, the idea of mapping words to their 16-bit number
>counterparts doesn't result in 2^16 as a dictionary size.
>Since no code may be a subset of any other code, none of
>the numeric codes are allowed to be of values such that
>their ASCII representation is a pair of alphabetic characters
>(or at least, they can't be a pair of alphabetic characters
>which form the first two letters of any word in the
>dictionary).
I am not sure what you mean since each token is to stand on its
on with an implied SPACE character built in trailing the word such
that the token in hex 0000 would actual go to "the " where the space
is actaully part of the token.
>
>This is very closely related to another possible problem,
>which is that the larger the number of bytes (ie the longer
>the string), the larger the set of strings which can be
>encoded in those bytes. However, the shorter the string,
>the more likely it is to occur. So without some extremely
>careful selection of your mappings, building a set of
>mappings which actually compresses strikes me as difficult.
I think it can be automated very easily of one takes some
common book as a source. Firstt write a program to convert every
word to same case and drop all the rest. This then becomes you
master file once a group of people is statisfird we use it as
a basis. A computer program can easily pick all the tokens
from this one file and assign values to opitimises the compress
for this one case. It would not be hard. However one must assign
the tokens in such a way that all are used in other words if the
scheme Is followed there should be exactly 2^16 tokens if more
words in text then drop the low frequencry ones. If less then get
a long master file.
>
>The idea of having a spell-checker built into the compressor
>sounds to me like lossy text compression ;-).
Actaull I was really think of this as a preprosser to the help
in creating the file that would be compressed. You use it to
get a file that you can look at before you compress. You would
know by reading it if was the one you want to send since the
preporsser would eliminate everything that was not to be tokenized
with the compressor.
>
>However I think about this method, I feel that it could
>be optimised in certain ways which unfortunately destroy
>the whole 1-1 idea, and the algorithm effectively
>degenerates into a simple dictionary algorithm. Well,
>I'll be interested in seeing the results, and how good
>the algorithm actually is when put into practice.
>
I hope that a group of us can particapate in the project
I would very much like to be included.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
