Cryptography-Digest Digest #593, Volume #10 Fri, 19 Nov 99 19:13:03 EST
Contents:
Re: What part of 'You need the key to know' don't you people get? (Tom St Denis)
Re: AES cyphers leak information like sieves (wtshaw)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: Modified DH - ok? (Bob Silverman)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: Group English 1-1 all file compressor (SCOTT19U.ZIP_GUY)
Re: technical writing skills required! (Tom St Denis)
Re: S/MIME plug-in for Eudora? Strong Encryption (Miguel Cruz)
Do flight data recorders use encryption? (albert)
Re: Ultimate Crypto Protection? (albert)
Distribution of intelligence in the crypto field (albert)
Re: Letter Frequency in English Texts vs. Name Lists (albert)
Re: AES cyphers leak information like sieves ("Rick Braddam")
bits of diffiehellman private key (Tom St Denis)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Fri, 19 Nov 1999 19:29:35 GMT
PLEASE promptly ignore my post. I can't think straight this week.
Thanks. I am going into passive mode now ... arrg... the minds a-
wasting.
Thanks,
Tom
In article <8147gk$3t8$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <813mg8$1ipk$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> > You asshole he messed his math up and admitted it so shut the fuck
> up.
> > The argument really is over wheather one just considers the starting
> postions
> > of 3 or more fixed wheels as the key. Or if the actuall order of the
> > characters on the wheels should count as part of the key. I prefer
to
> count
> > the wheel types possible it seems you and tom only want to use fixed
> wheels.
> > Which greatly reduce the key space. But face it one is simulating
the
> engima
> > the order of characters on the wheels would be part of the key
space.
>
> Technically you are closer to being right Mr Scott. There are two
ways
> to view the rotor.
>
> 1) As a random permutation of A..Z or 0..25, which of course is more
> historically accurate. In this case a x-rotor system has a keyspace
of
> log2(x!(26!)). This of course matches a 125-bit key in keyspace with
> only 14 [or so] rotors. [125 bits is closer to the keyspace then 128
> bits is ...]
>
> 2) As a fixed permutation [26 permutations in all] where the order is
> random. This is not historically accurate. In this case a x-rotor
> system has a keyspace of log2(26^x).
>
> Let's not beat this one into the ground. I was looking at the rotors
> as in #2. I used the wrong model. Sorry. Done deal.
>
> My point however is that rotors were not broken in WWII via brute
> force. Also the five-rotor systems have a 'key' of log2(5! x 26!) or
> about 96 bits, which is not even close to 128 bits.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: AES cyphers leak information like sieves
Date: Fri, 19 Nov 1999 14:14:15 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> wtshaw <[EMAIL PROTECTED]> wrote:
> : In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> : ...
>
> : So many have worked so hard to define as respectable those ciphers which
> : do not provide error recovery within themselves, while down playing those
> : that might. The discussion highlights that normal respectable designs
> : are, in essence, insufficent in themselves.
>
> : It does me good to see so many beginning to define vital problems, even as
> : I have already solved them. And, if my solutions have fallen on deaf ears
> : because they sound strange, better start giving a listen, as they are
> : sound answers to the types of difficulties under discussion.
>
> I /presume/ you refer to The Grandview Algorithm - as described at:
> http://radiofreetexas.com/wts/gva.htm
>
> After looking at this, I observe that it /appears/ to have the same
> characteristic that is being criticised here, that there's almost a 1-1
> relationship between between the cyphertext and the plaintext.
>
> I've only given the system a cursory look, but it /appears/ to me that
> the consequences of an error in a single letter will /usually/ affect
> three adjacent letters in the plaintext (and there's a small chance that
> they will destroy the message totally?).
Only if the error is in the first few letters of a block are the results
traumatic. Otherwise, each error is seen as a single character typo.
>
> Information /appears/ to propagate horizontally through the message
> in only one direction, and by at most two characters.
The propagation is setable. I commonly use nine. Small propagations are
more for study of techniques, three or four are a recomended minimum. If
65 characters are in the alphabets, with 9 wheels involved in each single
character encryption, there are 2^54 different outputs available.
The type of leaking discussed earlier is no problem with the GVA, no IV's
needed, no modes, no hybrid patches, the ciphertext blocks will be
naturally varied as they will be independently encrypted with their otwn
offsets.
>
> Most of the time, I'd rather have better security than error recovery -
> since typically I plan to compress my messages - and compression and
> error-recovery are not good bedfellows.
>
If the leaking problem mentioned does not exist with the GVA, then how is
it less secure?
--
For those looking for security in Windoze, sorry, you're SOL.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Fri, 19 Nov 1999 21:06:03 GMT
In article <813stj$mrn$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
>In article <[EMAIL PROTECTED]>, Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>> No doubt, D.Scott has presented some interesting, original,
>> and potential even useful ideas, although his manner of
>> doing so is often extremely rude and annoying, which helps
>> explain the lack of serious attention some people accord him.
>
>Interesting. I missed it (perhaps due to the factors you mentioned).
>Can you summarize one of his useful ideas? If he's on to something
>interesting, I'd honestly like to know.
>
Bull shit Mr Wagner I am not sure you have an honest bone in
your body. Did you ever figure out how SCOTT19U works you sure
was quick to condem it saying your slide attack would make mince
meat of it. But as usually you lied.
>(The idea of compressing before encrypting isn't new. Neither is the
>idea of all-or-nothing-style encryption algorithms which diffuse bits
>through the entire ciphertext and plaintext. Those were the only two
>that I heard from him.)
My style of all or nothing is far different than MR R of RSA but
you would have to understand that to know it. And your not
capabel of that level of comprehension. As to compression before
encryption your boss gives lip service to it in his book. But does
not explain characteristics that would be of use to one wanting
to compress before encryption occurs. In case your to stuipd
to figure it out. Bad compression is much worse than no
compression at all since it can give lots of info to the attacker
who is only intercepting cipher text. But go ahead keep you
head stuck up your ass where it belongs.
And yes my spelling sucks so what?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Modified DH - ok?
Date: Fri, 19 Nov 1999 20:00:06 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi.
>
> I have a problem with implementing Diffie Hellman:
>
> I've change the algorithm a bit to the following to make the compiler
> stop crying "overflow":
> ______________________________________________
>
> P = Secretvalue 1
> Q = Secretvalue 2
> N = Public multiplier
> M = Public Modulo
>
> PtoQ = (P * N) Mod M
> QtoP = (Q * N) Mod M
>
> Key_P = ((QtoP * P) Mod M) * N
> Key_Q = ((PtoQ * Q) Mod M) * N
> ______________________________________________
>
> Now, is this a valid change?
No. D-H security is based upon modular exponentitation and hence
upon the difficulty of the discrete log problem. This scheme is
totally different.
And....
It is trivially breakable.
Hint: look at GCD(Key_P, Key_Q)
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Fri, 19 Nov 1999 21:10:10 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Tim Tyler wrote:
>> Decrypting involves reversing the block-encypherment and EORing with the
>> preceeding cyphertext (or the IV for the first block). No other
>> information from the rest of the file is required. The information
>> in the plaintext is diffused over (at most) two blocks.
>
>Each CT block depends on at least the corresponding PT block.
>As further CT blocks each depend on the preceding CT block,
>so do they depend on the PT information contained within that
>block; and transitivity implies that the last CT block
>depends on *every* PT block.
>
>This is really easy to demonstrate with a simple experiment:
>Encrypt a file twice, with only a single bit of PT different
>between the two cases. You'll find that the CT past that
>point is entirely different, all the way to end-of-file.
>That would not have occurred had the PT information been
>truly localized within the CT.
Try looking at what happens when you make a minor change in
the encrypted file. Then the plain text comes back with only
a few blocks wrong in the are of the change. This means that
the data is not distribluted through out the file. The encrypted
file is what the attacker looks out or haven't you figured that
part out yet
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Group English 1-1 all file compressor
Date: Fri, 19 Nov 1999 21:21:04 GMT
In article <812t13$4pj$[EMAIL PROTECTED]>, William Rowden <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>> Tim Tyler <[EMAIL PROTECTED]> wrote:
>> : SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>> : : As for Tim rules about strings I think he is correct but one
>> : : could use multiplu dictionarys.
>[snip]
>> "this is his head" would never compress very well, using a type
>> of dictionary with trailing punctuation - the type I believe will
>> work best.
>>
>> However, if you allow multiple passes, the problem vanishes ;-)
>>
>> Dictionary 1: "this " <--> "#"
>> Dictionary 2: "his" <--> "^"
>> Dictionary 3: "is " <--> "@"
>>
>> ...produces:
>>
>> "this is his head" -1-> "#is his head" -2-> "#is ^head" -3-> "#@^head"
to undo use dcitoin 3 first
then it beccomess "#is ^head"
then when 2 used "#is his head"
then when one used "this is his head"
When decompressng you use dictioanrys in reverse.
>
>IIRC, David's concept of a "1-1" compressor means that every file is a
>valid compressed file. The idea is to make it impossible to
>decompress, recompress, and compare to the original file as a way of
>eliminating invalid plaintexts. Right? A side benefit would be
>efficient use of the compression function's codomain.
>
>The example above does not have this property: "t^" decompresses to
>"this" but recompresses to "#". The other example had the same
>problem. Did David change his mind in a thread I haven't read? Perhaps
>you could point me to the pertinent posts.
>
Where is the error?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: technical writing skills required!
Date: Fri, 19 Nov 1999 20:54:38 GMT
In article <[EMAIL PROTECTED]>,
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
> As a high school student, you have more time than all the rest
> of us combined! Your best bet is to write up sections and post them
> here for comments. Work on each section until you're tired of the
> rants you get back :-)
Hmm I could do that.
> Writing anything to explain something is hard, technical writing
> is really hard. The hardest part is to prevent boredom. The basic
> rule is to tell 'em what you are going to say, say it, and tell 'em
> what you said (abstract, body, summary). You need to do that for
> the whole thing, for each section and for each subsection.
>
> "Practice makes perfect", so start practicing. The skills you
> learn will include writing, learning (because you learn more when
> you try to explain things) and politics (because you have to deal
> with criticism).
Well the general idea was that I would be writing it, but I wanted to
have a list of contactees I could get to incase I got stuck. I suppose
sci.crypt will have todo :)
Tom
P.s are you really a doctor?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
From: [EMAIL PROTECTED] (Miguel Cruz)
Date: Fri, 19 Nov 1999 21:01:49 GMT
In article <[EMAIL PROTECTED]>, amateur <[EMAIL PROTECTED]> wrote:
> I'd like to find the source code for gnupg in a ZIP file format. I don't
> have Linux installed so I can't retrieve the TAR files that I found.
Current versions of Winzip in the Windows world and Stuffit Expander for
lucky folk with Macs will extract TAR archives.
miguel
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Do flight data recorders use encryption?
Date: Fri, 19 Nov 1999 13:04:37 -0800
I was just thinking, I'm not a big fan of the government, and I don't
trust them. So I have no idea if what they are telling us (and the
press) is true. I'm wondering if they have some method themselves of
confirming the authenticity of the data recorders.
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Re: Ultimate Crypto Protection?
Date: Fri, 19 Nov 1999 12:59:33 -0800
> <snip>
> How do you go about cryptanalysing a properly-implemented one-time-pad?
You can't. That's the beauty of the one-time pad. Not breakable. (In
theory) What usually happens though is the tickertape string of letters to
mod by, is not so "random". That's usually where the weakness is. The other
part would be the fact that someone reuses the same sequence.
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Distribution of intelligence in the crypto field
Date: Fri, 19 Nov 1999 13:32:22 -0800
With all the NSA discussions, I was thinking...
There is very VERY little distribution of intelligence in the crypto
field. Come on, we all know the names. Shoot, in this forum, we call
them by first names. Eli, Bruce, Lars, Ross, Ron etc...
The 80/20 rule seems more like the 95/5 rule when it comes to crypto.
About 95% of the world's advances are done by 5% of the crypto
community. Who breaks algorithms? The same names. This is true for
almost every industry, and crypto is no exemption.
So my point is, I have serious doubts that the NSA is THAT much ahead of
the world. Why? Because unless they are harboring a few Bruces or
Eli's in there, I don't see them gaining that much ground. A society
grows as a function of how fast information takes to disciminate and the
feedback to come back. In a government structure, that rate seems to
be... well, be as fast as service at the DMV.
I see Bruce's arguement, we know what we know, they know what we know
AND what they know. They also have resources up the wazoo. But
intelligence isn't something money can buy, if it was, windows would be
the best OS... correct?
Disagreements?
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Re: Letter Frequency in English Texts vs. Name Lists
Date: Fri, 19 Nov 1999 13:38:14 -0800
I wrote a quick and dirty one yesterday, because I had the same needs.
It tells you, the letter or character, how many times it appears in the
text, and the percentage of frequency. Thinking about writing one that
does bigrams next, or even trigrams. I'm more than willing to send it
to you if you want me to. I have it in a .c file, if you have no
compiler, let me know, and I'll put it in a binary for you. I'll try to
give instructions also.
Albert
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> I am doing research on large sets of name lists.
>
> I have information on letter frequencies in
> common english texts, but I am curious as to how
> this compares to the letter frequencies in a
> large name set.
>
> Does anyone have a program that will calculate
> letter frequency patterns when given a text data
> file that they can share with me? Or even common
> letter frequencies for name sets?
>
> If you can help please e-mail me at
> [EMAIL PROTECTED]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Fri, 19 Nov 1999 14:55:40 -0600
Volker Hetzer <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Okay, let's try a different approach:
> Assume CBC.
OK
> Assume, the best way to find the key, given a plaintext/ciphertext pair is brute
> forcing the underlying block cipher.
Why? That requires the further assumption that I know the capabilities of all other
possible attackers.
> Assume, you've got knowledge of the first block (the IV).
> Now, does this knowledge help you to find an attack better than brute force on
> the first message block?
Not at all. The only thing which would help me (personally) would be the having the
key. I *must* assume that *any* attacker has
greater capability than I do. Many here appear to assume that *no* attacker has
greater capability than they do. Considering the
resources available to at least one possible attacker, I find that assumption pretty
weak.
Rick
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: bits of diffiehellman private key
Date: Fri, 19 Nov 1999 21:45:47 GMT
Let's say you have a random 1024 bit private exponent, and only 128 of
those bits are random [not clumped together]. Let's say for any random
key you could tell which bits were not random but their position is not
fixed in the exponent. This means 1024-128=896 of the bits are known.
Could any sieving method take advantage of this?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Fri, 19 Nov 1999 23:18:52 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(wtshaw) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>>
>......
>> The problem about failure to diffuse information through the message could
>> be solved by applying diffusion before encrypting (though this would
>> destroy any error - recovery ability, of course).
>
>It need not as a hologram is recoverable even with loss of part of the
>media. Redundancy is still an answer to error recovery, if you want it.
>
But hologams are lossy the smaller the amount of material
the more fuzzier the picture.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
