Cryptography-Digest Digest #585, Volume #10 Thu, 18 Nov 99 01:13:03 EST
Contents:
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: Group English 1-1 all file compressor (SCOTT19U.ZIP_GUY)
Re: AES cyphers leak information like sieves ("Peter K. Boucher")
Re: Realistic view of AES (SCOTT19U.ZIP_GUY)
Re: What part of 'You need the key to know' don't you people get? ("Gary")
Re: newbie: resources needed. (Raphael Phan Chung Wei)
Re: AES cyphers leak information like sieves (Tom St Denis)
Re: more about the random number generator (William Rowden)
Re: Weak keys in Rijndael? What happened to that? (Tom St Denis)
Re: What part of 'You need the key to know' don't you people get? (Jerry Coffin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Thu, 18 Nov 1999 02:14:56 GMT
In article <[EMAIL PROTECTED]>, "Peter K. Boucher"
<[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>[snip]
>> If you change only one byte of block in the encrypted file and you
> recover
>> all but the blocks in that area it means information is not spred through the
>> file.
>
>No it doesn't mean that. The way to determine if information is spread
>all through the file is the following:
>
> Plaintext1 encrypted --> Ciphertext1
> Plaintext2 encrypted --> Ciphertext2
> (Both encryptions are done with the same key and IV.)
>
>If only a single bit is different in Plaintext2 (as compared to
>Plaintext1), then approximately 50% of the bits are different in
>Ciphertext2 (as compared to Ciphertext1). In fact, every time one tries
>this, each bit in Ciphertext2 must have a 50% chance of being different
>from the corresponding bit in Ciphertext1.
This is only one possible defination of information being spread but
it is not the only defination. If you think that yours is the only defination
then I think you are sadly overating AES. It is a fact that if you have a
portion of a file and you can extarct that data from it then that is where
the information is. You must either be the spreader or the victum of
NSA pr.
>
>> If you take a long file and use whatever IV and CBC and use two
>> different keys and encypt in each direction. If you are given the middle
>> portion of the file. Except for a few blocks at the ends of the segments
>> you get on decyption the plain text that was there. So that means the
>> info is not spread through the file.
>
>Wrong. See above. All this means is that the IV for each block is
>public information (it's the previous ciphertext), so if you corrupt one
>block of the cipher text, it and the one after it can't be decrypted.
No not wrong you recover the information so how the hell can it
be wrong.
>
>If each plaintext bit has an effect on each ciphertext bit, then info is
>not spread all through the file. It's as plain as the nose on your
know it depends how it is spread since by deminstration you
can be proved you are DEAD wrong on this. My chaining is the only one
that actaully spreads the information through the file not any of the
3 letter chaining modes. Wake up years of NSA proganda has
infected your brain with cement.
>face. Your failure to understand basic concepts of crypto bodes ill for
>the quality of your product.
Your failure to see other weakness bodes ill for any product you would
come up with.
And you don't know fuckin shit about my product it is better than any crap
you can come up with.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Group English 1-1 all file compressor
Date: Thu, 18 Nov 1999 02:21:18 GMT
In article <80ukti$1o1$[EMAIL PROTECTED]>, William Rowden <[EMAIL PROTECTED]> wrote:
>I don't entirely understand your and Tim's posts--perhaps I missed
>part of the thread--, but I think I understand your question. My
>answers are below. HTH
>
>In article <80hdro$1j76$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> If some one gives me the most frequently occurring 3 letter groups
>> just the top 5.
>
>From Hitt's _Manual for the Solution of Military Ciphers_, the five
>most frequent trigrams (and count per 10 000 letters of military
>orders and reports) are these:
>
> THE (89), AND (54), THA (47), ENT (39), and ION (36).
>
>From the Army _Field Manual 34-40-2_, the five most frequent trigrams
>(and count per 50 000 letters of government telegrams) are these:
>
> ENT (569), ION (260), AND (228), ING (226), and IVE (225).
>
>> and the most frequesnt occurring 2 letter groups just the top 5
>
>Hitt lists these bigrams:
>
> TH (50), ER (40), ON (39), AN (38), and RE (36).
>
>The _Field Manual_ lists these bigrams from its five-times-larger
>sample:
>
> EN (111), RE (98), ER (87), NT (82), and TH (78).
>
>The Brown University Corpus (4 743 925 letters from newspapers,
>magazines, books, etc.) has these frequencies (per 10 000 digrams):
>
> TH (361), HE (330), IN (240), ER (204), AN (196), RE (180),
> ON (165), AT (143), EN (140), ND (131), ED (126), ES (124),
> OR (124), TE (116), TI (116), IS (111), IT (111), ST (111),
> TO (110), AR (107), NG (103), HA (101), and NT (101).
>
>(You get extra digrams because I had to scan the table anyway.) Note
>that the Brown frequencies I've given are for digrams not crossing
>word boundaries. (In the phrase "THE MAN", there are four of this type
>of digram--TH, HE, MA, and AN--, since EM is excluded.) I think that's
>what you want, but I have the table without regard to word boundaries
>also.
>
>> along with the top 5 words
>
>The top words from the Brown Corpus are as follows:
>
> THE, OF, AND, TO, A, IN, THAT, IS, WAS, HE, and FOR.
>
>(I listed more because replacing "A" with another character won't
>result in compression, and the two-letter words won't compress much.)
>
>> the least used characters for the substitution.
>
>For *letters*, Hitt says these are little used:
>
> K (74), J (51), X (27), Z (17), and Q (8).
>
>The Brown list is identical except for frequency:
>
> K (66), X (20), J (16), Q (11), and Z (10).
>
>For a personalized Huffman encoding project, I did a case-insensitive
>910 337-*character* survey of a friend's Web site (excluding HTML tags).
>I found more than 50 different characters. For 5 each of trigrams,
>digrams, and words, you'll need at least 15 low-frequency symbols.
>I'll throw in a few more in case you don't want to use numerals:
>
> '!' (467), '2' (466), '?' (440), '5' (310),
> '8' (299), '(' (280), '3' (254), ')' (252), '/' (120),
> '$' (62), ';' (39), '@' (29), '%' (21), '_' (13),
> '#' (11), '+' (6), '=' (4), '~' (1), and '&' (0).
>
>YMMV: the source statistics may be inappropriate for general use.
>
>> I realize the goal is for just words with no carridge returns
>[snip]
>> Example stage 1 of the 1-1 compress change the dictionary is
>> made up of "the" and "z'"
>>
>> stage 2 there is a dictionary of "th" and "q"
Thank You for the info I can see there is a lot of work to do if people
want to make this a go. I may write a test one using a few of there to
see if it compresss much smallers
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
Date: Wed, 17 Nov 1999 18:31:44 -0700
From: "Peter K. Boucher" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
"Peter K. Boucher" wrote:
>
> "SCOTT19U.ZIP_GUY" wrote:
> [snip]
> > If you change only one byte of block in the encrypted file and you recover
> > all but the blocks in that area it means information is not spred through the
> > file.
>
> No it doesn't mean that. The way to determine if information is spread
> all through the file is the following:
>
> Plaintext1 encrypted --> Ciphertext1
> Plaintext2 encrypted --> Ciphertext2
> (Both encryptions are done with the same key and IV.)
>
> If only a single bit is different in Plaintext2 (as compared to
> Plaintext1), then approximately 50% of the bits are different in
> Ciphertext2 (as compared to Ciphertext1). In fact, every time one tries
> this, each bit in Ciphertext2 must have a 50% chance of being different
> from the corresponding bit in Ciphertext1.
>
> > If you take a long file and use whatever IV and CBC and use two
> > different keys and encypt in each direction. If you are given the middle
> > portion of the file. Except for a few blocks at the ends of the segments
> > you get on decyption the plain text that was there. So that means the
> > info is not spread through the file.
>
> Wrong. See above. All this means is that the IV for each block is
> public information (it's the previous ciphertext), so if you corrupt one
> block of the cipher text, it and the one after it can't be decrypted.
>
> If each plaintext bit has an effect on each ciphertext bit, then info is
> not spread all through the file. It's as plain as the nose on your
^^^
> face. Your failure to understand basic concepts of crypto bodes ill for
> the quality of your product.
Oops! That should read IS spread all through the file.
--
Peter
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Realistic view of AES
Date: Thu, 18 Nov 1999 02:25:49 GMT
In article <80v6qq$fgv$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>First off this is a rant post, so if you are not in rant mode please
>ignore.
>
>
>
>Ok people have been bashing and praising AES for a bit now. Let's
>think of some realistic facts about AES
>
>1) It's being designed openly by people around the world. Not the
>NSA. Despite popular believe open academic cryptanalysis *is* fairly
>advanced including attacks against ciphers like IDEA/Blowfish/RC5
>[which admitedly do not threaten the security thereof]. Also
>skipjack ... hehe
>
>2) In five years the top five AES ciphers will most likely be in 90%
>of all cryptography related systems. So you might as well get used to
>it.
>
>3) The AES ciphers are not revolutionarly superior too anything else
>that has been brought out. There are already known 'academic flaws'
>against pretty much all of them. These attacks range from known
>differentials to poor key diffusion, etc.. They may not threaten the
>cipher but are attacks none-the-less.
>
>4) The AES ciphers are probably best characterized as improvements of
>other ciphers. Most notably RC6, SAFER+ and Twofish.
>
>5) Despite not being in the last round, most other ciphers [like
>SAFER+ which is pretty cool as far as I am concerned] are still
>strong. They just aren't the top as speed/size related issues go.
>6) Whether you like it or not, AES ciphers will be used and are being
>used [my program for example]. So you might as well like it.
>
>That was my 2 cents, my invoice is in the mail :)
>
Tom on this you are most likely correct. But I wonder what the
hell will happen to the export regulations. If AES is adopted by the
US will it allow it to be exported? You have to ralize in my country
many many times the left hand of government does not know what
the right hand does and often there is disagreement.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Thu, 18 Nov 1999 01:44:14 -0000
You obviously don't know how Enigma was really 'cracked'.
Hint: A service man who risked his life in relation to Enigma received a
medal, and it weren't for recovering the machine.
You go on about the insecurity of the AES block ciphers, yet show no attack
on any.
Why not analyze a very simple Feistel cipher that just adds 4 alternating
keys for say 4+ rounds to get a feel for real analysis.
SCOTT19U.ZIP_GUY wrote in message <80vcv9$18e0$[EMAIL PROTECTED]>...
> Yes and the Germans where convinced there Engima was safe due to its
>large key size. Much larger than the AES key sizes found in the weak AES
>ciphers. See articles on just how large this actually key size was in some
>versions of the ENigma it would surprise you. Yet without modern computers
>they were broken. It is foolish to assume your safe just because you think
>it is. THe enemy may think different than you.
>David A. Scott
------------------------------
From: Raphael Phan Chung Wei <[EMAIL PROTECTED]>
Subject: Re: newbie: resources needed.
Date: Thu, 18 Nov 1999 09:45:48 +0800
Salut,
What you need to do is read some online summaries of what cryptography is
about, like here
http://www.cs.hut.fi/ssh/crypto/algorithms.html
Some white papers can be found here, with literature surveys of various crypto
issues http://www.io.com/~ritter
And finally, check out Schneier's book and also his links to papers online
www.counterpane.com
Good luck
Raphael
Eric Hambuch wrote:
> Aslak Johansen wrote:
> >
> > Salut, Mundi
> >
> > I am a student at a Danish Gymnasium (which I believe equals a
> > 'College of higher education' or a 'Sixth form College'). As a last-year
> > project (this year) I am going to write about Cryptology, Knapsack, RSA
> > ...
> > I am now yet sure about the title, but the point is, that I need some
> > resources (This couldt be books, links, algorithms, White Papers etc.).
> > Therefore I come to You and ask for help ...
>
> Try:
>
> http://cacr.math.uwaterloo.ca/hac where you can find the "Handbook of
> Applied Cryptography" online!
>
> Eric
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Thu, 18 Nov 1999 02:20:39 GMT
In article <80v5dn$1i0o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I agree to those that know crypto this is not new information but
> it is usually not fully covered and as you can see many people are
> mislead by it.
Yup, duped by the nsa again.
> If one looks at what the so called Slide attack was attenpting
> to do was to get pairs of data for the 19 but S-block that was used
> in my code. Of course the slide attack was a failure due to its poor
> design and a lack of understanding by Wagner of how my code worked.
> The fact is you could have used any block cipher where I had the
> 19 bit lookup table. Then the slide attack would be reduced to trying
> to find input output pairs to a block cipher. Something that is
already
> available to any one looking at the common 3 letter ciphers and do
> a plain text attack. My virture of this mean is better asshole.
I can't believe how stupid wagner was, trying his pitiful attack
against the all mighty scottu-19. That will teach him.
I just burnt my copy of applied crypto. The book was obviously trash I
don't know what I was doing with it. Bad bruce, bad.
You really should be recongized for your worthwhile contributions to
the field of cryptography.
> I did you stupid pompous ass but your to dim witted to follow it.
> Your are mostly more of BOZO with a suit and tie than me.
The original poster was pretty stupid. Keep up the good work.
[ sarcasm detector log, re-read the message ]
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Subject: Re: more about the random number generator
Date: Thu, 18 Nov 1999 03:15:27 GMT
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > I got a program from http://www.fourmilab.ch/random/
[snip]
> > Monte Carlo value for Pi is 3.136948529 (error 0.15 percent).
>
> A Montre Carlo algorithm is an alogritm that uses randomness and
> always gives a result with some error probability (contrary to a Los
> Vagas algo. which uses randomness but either gives the exact value or
> no value at all). There exists Monte Carlo algorithms for
> integration. So I'll take a guess and say the Monte Carlo algo for
> Pi, in question, is an algo that computes
> Pi = Integral[0,1] of 4*sqroot(1-x^2) dx.
> This is but just one of many formulas that gives Pi, it's based on the
> calculation of the area of a unit circle. Can someone confirm if this
> is in fact what is beeing used?
I think so. The Web site says:
Monte Carlo Value for Pi
Each successive sequence of six bytes is used as 24 bit X and Y
co-ordinates within a square. If the distance of the
randomly-generated point is less than the radius of a circle
inscribed within the square, the six-byte sequence is
considered a "hit". The percentage of hits can be used to calculate
the value of Pi. For very large streams (this
approximation converges very slowly), the value will approach the
correct value of Pi if the sequence is close to
random. A 32768 byte file created by radioactive decay yielded:
Monte Carlo value for Pi is 3.139648438 (error 0.06 percent).
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Weak keys in Rijndael? What happened to that?
Date: Thu, 18 Nov 1999 03:42:03 GMT
In article <[EMAIL PROTECTED]>,
albert <[EMAIL PROTECTED]> wrote:
> I seem to recall reading someone (think his name was Tom???) who
posted
> something about Rijndael having weak keys. Anybody hear any more on
> this? Was it a joke or for real?
>
> Albert
>
>
It wasn't me. That post never actually substantiated...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Wed, 17 Nov 1999 20:40:31 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ talking about CBC (for one example) ]
> Do you think that he is not correct, and that the information is,
> in fact, distributed through the message?
Of course not -- if a single error corrupted the entire message, you'd
lose one of the major advantages of CBC.
> Or is it your position that the knowledge that particular segments
> of the cyphertext represent particular parts of the plaintext is
> useless to the analyst?
I think with an otherwise well-designed cipher, yes, it's of little
use to a cryptanalyst. Just for example, assume I hand you a pair of
CD-ROMs, one filled with plaintext, and the other with the same data
encrypted with your choice of AES finalists, can you show ANY way of
using this to derive the key used?
> The second (at the very, very least) allows keys to be discovered given
> message fragments, rather than entire messages.
Which is irrelevant unless you can find a known-plaintext attack.
> It can allow (for example) known plaintexts for entire blocks (where
> diffusion would spread the known plaintext thinly all over the place).
> You're saying that this doesn't help the analyst!?
Yes. Can you show an attack where having little bits (or even big
bits) of known plaintext is useful in breaking any of the AES
finalists?
> It seems to me that a block chaining mode that diffuses information from
> the plaintext throughout the cyphertext will generally cause the analyst
> more problems.
In theory it might help prevent some types of known plaintext attacks.
In reality, unless there IS a known-plaintext attack to prevent, it
makes no difference at all.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
