Cryptography-Digest Digest #575, Volume #10 Tue, 16 Nov 99 14:13:03 EST
Contents:
Re:SCOTT16U SOLUTION ON THE WEB (SCOTT19U.ZIP_GUY)
Re:SCOTT16U SOLUTION ON THE WEB (SCOTT19U.ZIP_GUY)
Re: Re: intelligent brute force? (CoyoteRed)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser)
Re: S/MIME plug-in for Eudora? Strong Encryption (Bruno Wolff III)
Re: more about the random number generator (jerome)
Any good cryptographers out there? (Ragnar Lonn)
Re: more about the random number generator ("Douglas A. Gwyn")
Re: Scientific Progress and the NSA ("Douglas A. Gwyn")
Re: Any good cryptographers out there? (Volker Hetzer)
Re: intelligent brute force? (Jerry Coffin)
Re: Scientific Progress and the NSA (David Boreham)
Re: Ultimate Crypto Protection? ("Douglas A. Gwyn")
Re: Proposal: Inexpensive Method of "True Random Data" Generation (James Felling)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re:SCOTT16U SOLUTION ON THE WEB
Date: Tue, 16 Nov 1999 15:33:34 GMT
In article <80rj2u$r6s$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>> Take your favortie AES code and your favortie 3 letter chaining
>method
>> encrypt a large file. Then reverse the file byte for byte and take
>> another AES method or the same of lazy and encrypt the file again.
>>
>> Then take a hex editor and change a byte in the middle to file.
>> Then do the reverse of above to decrypt the mess.
>> know to a byte cmpare with original file. Only a few bytes
>> in the area of the changed byte are corruptted. This is because
>> the ecnryption is only a localized thing with these piss poor
>> chaining methods. To the stupid the crypto gods call this
>> erro recovery. But to the NSA it is a toe hold into breaking
>> your code since only small fragments need to be analyzed
>> in trying to break it.
>>
>> This should be obvious to anyone.
>
>The problem is that only the person with the key will actually realize
>there are bytes changed. If you don't have the key you can't simply
>magically decrypt the file.
>
>So although you are correct that avalanche does not go back and
>forwards this is not a security threat. A security threat is something
>were an intruder can fake messages and/or read them.
>
>Tom
Tom if your too stupid to understand that if a small fragment of a file
has enough info to allow an expert to have the information to test for
a whole break is not less secure than another method where an attacker
must have the whole file to even have enough info to attack the system
then why do you waste our time in this group. You don't even have enough
understading to comprehend simple things.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re:SCOTT16U SOLUTION ON THE WEB
Date: Tue, 16 Nov 1999 15:41:05 GMT
In article <80rjh4$rho$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <80p1ff$21vc$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> I don't use them. I use "wrapped PCBC" but most people have no
>idea
>> how to do it. The crypto gods do there best to conufse people about
>secure
>> chaiing when it comes to encrypting files.
>
>We understand your method, and find it to be totally useless. It adds
>no real security to the system. If you can't figure this out, at least
>tell me why don't you encrypt the file 2n + 1 [n is large] times with
>2n + 1 different keys. If you can figure that out you are set.
>
>> You don't know if IDEA CAST and the such have with stood the
>> test of time and analysis. You may knwo that there are no widely
>published
>> attackes that are readily available. But it is foolish to think
>otherwise.
>
>There are attacks against BOTH ciphers out in the public. These
>attacks do not work [generally] against the entire cipher [all the
>rounds, with whitening, etc...] but do outline why it's hard to break
>the cipher.
>
>> Obviosuly you don't understand the problem and the crypto gods
>have done
>> a great job giving you misinformation. It works on all block cipher
>that have
>> no internal feedback to change state from one block to the next.
>
>But again only the holder of the symmetric key will ever realize the
>bytes have changed.
>
>> it other than Wagner repeated comments on how it would obviously fail
>> his Slide Attack. Which he repeatedly stated over and over. But when
>> push came to shove he was full of shit.
>
>He merely proposed it may work. I haven't heard him talk about the
>slide attack for about 3 months now. Maybe you should let it go? [btw
>his attack does work against other [modified] ciphers and does present
>another good methodlogy for attacking ciphers]].
>
>> The chaining method is not isolated and can be used any block
>cipher
>> method. However it requires at least three passed through the
>encyption
>> system. However it gives you and "all or nothing" type of encryption
>and
>> you can encrypt files without changing the file size. I think people
>should
>> be very careful about any crypto system that can't encrypt files with
>out
>> first forceinf the file to be in some unnatural multiply of bytes.
>
>Um, if you use a block cipher, you will most likely have padding bytes
>at the end. You cannot get around this. IF you have 1 byte of info,
>and a 8 byte block, you can't simply store 1 byte of ciphertext. Your
>thinking is seriously flawed.
>
My methods do require a minimun size. However once that size is
past you can pick any size of file you want. And yes it is extendable
to odd bit sizes. That is you can use a 256 bit block cipher on a file
of some large prime number of bits. And still end up encrypting a file
of the same length so no padding is ever needed.
>I think maybe you should accept the fact that others may have good
>ideas as well. It's nice to see you are playing with crypto and all,
>but seriously you have to think a little more open minded. You never
>respond to questions about your cipher [such as why the size of the
>sboxes, or num of passes, etc...] and just try to flame people.
You are the one witha closed limited mind Tom. I have responded to
reasoanble questions. The porblem is your incapable of following the
anwsers and you keep reasking the same questions with out appearing
to learn anything. I see no reason to anwser the questions over and over
just because your to stupid to understand.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (CoyoteRed)
Subject: Re: Re: intelligent brute force?
Date: Tue, 16 Nov 1999 14:52:13 GMT
Reply-To: this news group unless otherwise instructed!
Keith A Monahan said...
>: I believe Keith is still trying to crack one of his own forgotten passwords.
>
>Right you are JP! And I will succeed given enough time and effort.
>The problem is trying to fit breaking my own pw in between work & school &
>new house & etc etc. You know, one typically designs a passphrase to be
>secure from adversaries. Me, I designed one to be secure from EVERYONE,
>including myself. I don't think my data has ever been THIS secure!
I almost fell out of my chair! I'm still laughing!
This reminds me of something I did. I use the same password (only a
few characters) on a lot of trivial things, stuff to keep the kid's
friends out of my machine, etc. Well, on one timeI miss spelled it
when setting up a password and misspelled it on the confirmation!
Then later I couldn't get in!
Well, fortunately, it was one of those things that you log on to on
the web and was able get them to e-mail me my password. And I got it
back, it was a big "Doh!"
But, man, you certainly beat me on this one.
I'm sure you do know a lot about the key holder! You were pulling me
right along... toying with me...
Ouch, my cheeks hurt from laughing so much.
Well, I hope you are using better passphase management now!
By the way, how certain of the characters that you think you know and
their positions? You could trying bruteforcing only the characters
that you don't know. Another thing do you know the word that was
misspelled? You remember if it was phonetically spelled or letter
tranposition, common misspelling, etc.? Can you remember if the
symbols were keyboard symbols (!@#$%^&*) or <ALT-0xxx> ( ���������)
symbols? You could build a bruteforce attack based on these
assumptions and will eliminate vast amounts of attempts.
Can you write simple programs? If so then you can write a program
that will make you a list of passphrases to try. This way you won't
be trying the same passphase multiple times.
If you don't mind (and this could be a security issue if you haven't
changed your protocols ) tell me what you do know about the passphrase
and I may have some more ideas. But I will understand if you decline,
so don't worry about it.
Hope this helps ( and isn't just a repeat of what others have already
told you)
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: Coen Visser <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 16 Nov 1999 15:30:38 +0000
john baez wrote:
>
> Coen Visser <[EMAIL PROTECTED]> wrote:
> >I only know of
> >Kolmogorov complexity in the context of infinite sets of
> >strings.
> Hey, now you're saying it again! So I'll repeat my remark:
> the Kolmogorov complexity of a single string is well-defined
> once you fix a language: it's the length of the shortest
> program that prints out that string. (There are probably
> other definitions floating around too, but anyway, this is
> a definition that applies to a single finite-length string.)
Ah, you're absolutely right. I need to clean up the mess
in my brain so I can start using it again.
Regards,
Coen visser
------------------------------
From: [EMAIL PROTECTED] (Bruno Wolff III)
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
Date: 16 Nov 1999 15:36:56 GMT
Reply-To: [EMAIL PROTECTED]
>From article <[EMAIL PROTECTED]>, by [EMAIL PROTECTED]
>(Lincoln Yeoh):
> On Thu, 11 Nov 1999 20:02:12 GMT, [EMAIL PROTECTED] (Doug McIntyre) wrote:
>
>>[EMAIL PROTECTED] (Lincoln Yeoh) writes:
>>>That is not true. AFAIK those millions of internet users must get a cert
>>>from a CA first to use S/MIME. e.g. thawte, verisign, etc.
>>
>>>Try it yourself. And those free certs tend to expire after 60 days or so.
>>>When that happens you have to explain to your "morons" why they have to
>>>update their cert and how.
>
>>Thawte gives away free certificates for personal use. They expire on a
>>yearly basis, just like buying a certificate would.
>
> But the morons still have to get the certs, and the certs still expire. To
> morons that would still be difficult to understand. Remember keyword is
> morons.
You can create your own self signed certs just like with PGP. There is
already stuff out there to do it, it just isn't ready for average users.
However it wouldn't be too hard for someone to put something together that
could be used by end users.
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: more about the random number generator
Reply-To: [EMAIL PROTECTED]
Date: Tue, 16 Nov 1999 15:44:32 GMT
On Tue, 16 Nov 1999 11:47:58 GMT, Tom St Denis wrote:
>BTW where can I get FIPS 140-1?
www.nist.gov
------------------------------
From: [EMAIL PROTECTED] (Ragnar Lonn)
Subject: Any good cryptographers out there?
Date: Tue, 16 Nov 1999 16:00:20 GMT
Hello,
I'm in the process of analyzing a game network protocol in order to write a
proxy server for the game in question. The proxy server is meant to make it
possible for hundreds of spectators to watch online games as they are played
without each spectator having to connect to the actual game server being used
(the spectators connect to the proxy server instead, which relays the data
from a single connection to the game server, thus easing the loaf off that
server)
So, what does this have to do with cryptography? Well, the network protocol
this game is using is encrypted! It is likely nothing fancy but I have no
experience whatsoever with cryptanalysis so I'm at a loss here. I can provide
detailed dumps of server-client communications and of cleartext strings those
communications include in encrypted form but deciphering it is another
thing...
If anyone feel like exercising their skills a bit and help me deciperhing this
protocol I'd be most grateful. And no, I've already asked the game company
and they won't give me any protocol details for security reasons.
Anyone interested can see a couple of packet dumps at
http://gatorhole.se/tribes
Any help would be greatly appreciated!
Regards,
/Ragnar
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: more about the random number generator
Date: Tue, 16 Nov 1999 16:00:31 GMT
William Rowden wrote:
> > Entropy = 1.000000 bits per bit.
> That's wonderful.
It's more that wonderful, it's fantastic (in the literal meaning
of the word).
> With 208771 zeros and 209021 ones, ...
How can that have an "entropy" of 1.000000?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Scientific Progress and the NSA
Date: Tue, 16 Nov 1999 15:54:09 GMT
Bill Unruh wrote:
> No, they cannot have people looking over their shoulders. That person
> looking might be a spy.
That's not the way it works. Highly sensitive work is
"compartmentalized",
but workers within a compartment don't generally think of their
coworkers
as potential spies. Compartmentalization itself can inhibit the flow of
information to *other* places where it is needed, however. The IC is
aware of problems with the current secrecy structures as well as the
trade-offs, and this area is being reevaluated.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Any good cryptographers out there?
Date: Tue, 16 Nov 1999 17:38:26 +0100
Ragnar Lonn wrote:
>
> Hello,
>
> I'm in the process of analyzing a game network protocol in order to write a
> proxy server for the game in question. The proxy server is meant to make it
> possible for hundreds of spectators to watch online games as they are played
> without each spectator having to connect to the actual game server being used
> (the spectators connect to the proxy server instead, which relays the data
> from a single connection to the game server, thus easing the loaf off that
> server)
>
> So, what does this have to do with cryptography? Well, the network protocol
> this game is using is encrypted!
Well, couldn't you just ask the guys who wrote it?
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: intelligent brute force?
Date: Tue, 16 Nov 1999 09:55:17 -0700
In article <80rns6$48a$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> BTW, I do now have a working brute-force(or to be PC, an intelligent
> cryptanalysis engine which does not search out EVERY key, but takes patterns)
> program. It works OK despite its speed. I also have my machines at home
> on a UPS system now, so flickers in the power don't make me restart the
> days work.
This reminds me of something we used to say back when I was in the Air
Force -- something to the effect that "the nature of our work is so
secret that we're not allowed to know what we're doing."
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: David Boreham <[EMAIL PROTECTED]>
Subject: Re: Scientific Progress and the NSA
Date: Tue, 16 Nov 1999 08:58:52 -0800
Tim Tyler wrote:
> Did you see the post relating to NSA developing telephone transcription?
>
> What commercial system is available which can do that?
https://www.cybertranscriber.com/default.asp
But...guess where that technology came from...
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Ultimate Crypto Protection?
Date: Tue, 16 Nov 1999 16:06:28 GMT
Lincoln Yeoh wrote:
> Random number generator not good enough?
> Or just unlucky to have a bad stream?
If the stream is generated by a random process,
it is not "bad" even when it consists of a long run of 0s or 1s.
> Does noise at 100% XORed with signal at 100% mean signal is gone?
XOR with random bits completely obliterates the signal.
The OTP cracks I mentioned succeeded by analyzing deficiencies
in the OTP generation process.
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Tue, 16 Nov 1999 11:15:12 -0600
john baez wrote:
> In article <[EMAIL PROTECTED]>, Coen Visser <[EMAIL PROTECTED]> wrote:
> >I only know of
> >Kolmogorov complexity in the context of infinite sets of
> >strings.
>
> Hey, now you're saying it again! So I'll repeat my remark:
> the Kolmogorov complexity of a single string is well-defined
> once you fix a language: it's the length of the shortest
> program that prints out that string. (There are probably
> other definitions floating around too, but anyway, this is
> a definition that applies to a single finite-length string.)
However, the big issue is fixing a language. True given set of strings X, X
can be compressed to a very tiny size( as few bits as is necessary to enumerate
all of its members. Such degenerate cases do not really help. In addition such
randomness measures are RELATIVE TO THE LANGUAGE BEING USED. One cannot say
this string has Kolmogorov complexity K, one MUST say it has complexity K
relative to language L.
Thus while this is a useful definition of random, it is a less than useful tool,
as by choosing apropriate L, a string X may be assigned any level of complexity
of representation from this string is string #0 of aour pool o' strings to this
string is representable in L, with k bits, to this string is not finitely
representable in language L.
I think Kolmogorov complexity is a useful thing, but as it is so very sensitive
to the representational language, it is a weak tool for the quantification of
randomness. In fact I have some doubt as whether there is a way it can be used
to label a single string that has any meaning beyond L.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
