Cryptography-Digest Digest #699, Volume #10 Tue, 7 Dec 99 15:13:02 EST
Contents:
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (CoyoteRed)
Re: NSA future role? (CoyoteRed)
Re: If you're in Australia, the government has the ability to modify your files. >>
4.Dec.1999 (Scott Nelson)
Re: Random Noise Encryption Buffs (Look Here) (Guy Macon)
How do you get past the password screen to the crypto? ([EMAIL PROTECTED])
Re: How do you get past the password screen to the crypto? (Mike Andrews)
Re: NSA should do a cryptoanalysis of AES (Frank Gifford)
Re: NSA should do a cryptoanalysis of AES (Johnny Bravo)
Re: NSA should do a cryptoanalysis of AES ("karl malbrain")
Re: NSA should do a cryptoanalysis of AES ("karl malbrain")
Re: NSA future role? (Medical Electronics Lab)
Re: How do you get past the password screen to the crypto? ("anonymous intentions")
Re: NEMA missing a plugboard? (Jim Gillogly)
Re: NSA future role? (albert)
Just how secure is RC4? (albert)
Re: NP-hard Problems ([EMAIL PROTECTED])
Re: NP-hard Problems ([EMAIL PROTECTED])
Ellison/Schneier article on Risks of PKI (Bill Lynch)
Re: Why Aren't Virtual Dice Adequate? ([EMAIL PROTECTED])
Re: NSA should do a cryptoanalysis of AES ("Tony T. Warnock")
----------------------------------------------------------------------------
From: CoyoteRed <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Tue, 07 Dec 1999 12:08:51 -0500
Reply-To: this news group unless otherwise instructed!
[EMAIL PROTECTED] said...
>Orwellian Nightmare Down Under? by Stewart Taggart
>
>3:00 a.m. 4.Dec.1999 PST
>SYDNEY, Australia -- Any data seem different on your computer today?
So, I guess for the truly paranoid, someone should develop a disk
controller and encryption card that also has a smartcard reader.
On-board strong encryption with part of the key on a smartcard and the
other in bio-memory. Have the controller card never off-load the key,
but use it directly off the card and not allow /any/ outside access to
it. The controller also continuosly securely hashes the contents of
the drive and stores it both on the card and on the encrypted drive
for comparison upon next boot.
The only thing that I see as a security concern is the user input of
his passphrase. A hacker could conceivably change out the BIOS to log
the passphrase key strokes. (A secure hash of the BIOS as well?)
If done right, the user would never be in the dark about any tampering
in his system.
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: CoyoteRed <[EMAIL PROTECTED]>
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 12:08:52 -0500
Reply-To: this news group unless otherwise instructed!
albert said...
> If you walk into the library of the University of Michigan, you can actually find
> all you need to know as far as how to make a nuclear bomb. So what, should the
> NSA "ban" the university library? If you have a PPP account, you more than likely
> can find enough information to build something we supposedly have locked down as
> "National Secrets". Naval design of a Rail Gun is top secret, yet it's in my
> physics book. So it's stupid.
There's a massive difference between concepts and refinements.
I doubt very seriously that a top secret design is in your textbook.
Just because you have a book that describes a rail gun doesn't mean
that it has the end-all design.
The design in your text book is probably the "flintlock" of rail guns,
while the Navy's may be more like a modern "sniper" rifle.
Actual capabilities are almost always secret. A submariner buddy of
mine always jokes about his sub's capabilities. When asked, "How deep
can you go?" His response, "DEEP!" "How fast can you go?" "FAST!"
So, in my opinion, the failure to secure our nuclear secrets are
paramount to treason and they should be held accountable. (and I'm
not talking about a promotion either, which sounds like the norm for
the Clinton administration.)
--
CoyoteRed
CoyoteRed <at> bigfoot <dot> com
http://go.to/CoyoteRed
PGP key ID: 0xA60C12D1 at ldap://certserver.pgp.com
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Reply-To: [EMAIL PROTECTED]
Date: Tue, 07 Dec 1999 17:27:33 GMT
On Tue, 07 Dec 1999 16:11:53 GMT, [EMAIL PROTECTED] (None) wrote:
>On Tue, 7 Dec 1999 23:53:12 +1100, "Lyal Collins"
><[EMAIL PROTECTED]> gagged and spewed out this stuff:
>
>>This solution is a bit pointless if the warrant covers your off-line
>>machine.
>>Lyal
>>
>
> You must know a very advanced technique to hack into
> an "offline" computer?
>
Actually, it's an ancient technique -
break into the persons house.
I think it was Sherlock Holmes who pointed out what an
excellent thief a policeman can be.
Planting a bug inside a suspects house in a way that makes it
unlikely to be detected is fairly easy with modern technology.
I wonder though, if it's possible to modify a computer
in a way that's not easily detectable to the suspect.
Unless you actually modify the hardware, it seems like
it would leave a lot of obvious traces. And the obvious
corollary question is, how hard would it be to insure that
ones computer software is actually intact, and unmodified.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Random Noise Encryption Buffs (Look Here)
Date: 07 Dec 1999 12:35:27 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tim Tyler) wrote:
>You don't seem to see the problem. Detecting single photons is not
>really a big problem.
>
>Detecting them in such a way that no bias in introduced into the
>(supposedly) random quantum behaviour *is*.
An unbiased detector is not needed. You can use a detector with
various biases and measure the time between photons coming from
your detector. This is still imperfect, but precision time
measurements are orders of magnitude less biased than most other
kinds of measurement.
Let's look at a real-life setup. Take a chunk of Radium small
enough to have the property of putting out, on the average,
1 photon per second (or maybe per millisecond, depending on
how fast you need the random bits).
Detect the photons with a standard photomultiplier tube.
Bias the PMT so that it sometimes misses a photon but never
detects one that isn't there. Like many elecronic systems,
you can't remove all bias but you can reduce one kind of bias
to undetectable levels.
For the timer, use a Linear Ion Trap frequency Standard (LITS).
Because every ion in the clock is quantum-mechanically identical
to every other one, this provides an absolute reference for
frequency and time based on the atomic characteristics of
mercury and ytterbium ions which are suspended in space by
radio frequency fields. Inreal life the perfect timing is
made imperfect by bias in the measuring, but the instablility
is around 1 part in 10 the 16th (I don't know what period was
measured to get this figure).
A hydrogen maser would be another good source of timing.
A typical hydrogen maser exhibits a time domain maximum
instablility of 3.0 parts in 10 the 15th for periods of
1000 to 10,000 seconds and 2.0 parts in 10 to the 13th
for 1 sec < t < 1000 seconds. Maybe we should use both
in an attempt to further reduce bias.
If I understood a previous post correctly, a known bias
from a haevy headed coin of 0.1% would be of limited use
in cryptoanalysis of a reasonable length message that
is encrypted with a OTP using the coin above as a source.
This leads me to believe that the method above, especially
when used as part of a MOM, would have a bias so low as to
make a cryptoanalysis attack impossible.
I do agree that nothing is perfect and that the bias in
my RNG cannot be proven to be zero. Would you settle
for much smaller than needed to conduct an attack?
Corrections invited - I may very well be missing
something here.
------------------------------
From: [EMAIL PROTECTED]
Subject: How do you get past the password screen to the crypto?
Date: Tue, 07 Dec 1999 17:39:55 GMT
My PC harddrive is encrypted, so when I start it up, it asks for a
password to decrypt. If the wrong password is entered 3 times then the
computer jams up.
The question is how does an attacker get past the password bit to the
actual encrypted contents?
Is it possible at all?
David
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: How do you get past the password screen to the crypto?
Date: Tue, 07 Dec 1999 18:02:51 GMT
[EMAIL PROTECTED] wrote:
: My PC harddrive is encrypted, so when I start it up, it asks for a
: password to decrypt. If the wrong password is entered 3 times then the
: computer jams up.
: The question is how does an attacker get past the password bit to the
: actual encrypted contents?
: Is it possible at all?
It certainly is possible. The first thing the attacker would do is
(temporarily) remove the hard drive from your PC and put it in
his PC long enough to make a bit-for-bit, block-for-block copy.
He _does_ have physical access to it, or he wouldn't be trying to
boot it, remember.
Once he has a copy, he goes elsewhere and tries various attacks
at his leisure. If he's a rich attacker (e.g., government agency,
big corporation, etc.), then he makes more copies of the copied
drive and tries attacks in parallel.
If he can identify one or more directories in the encrypted
filesystem, they may provide an opening wedge, depending on
the way the encryption was done. Filesystems have to have a
certain amount of structure to them to work, and some of this
may leak through encryption -- though the actual content of
files and directories may not.
--
Mike Andrews
[EMAIL PROTECTED]
Tired old sysadmin since 1964
------------------------------
From: [EMAIL PROTECTED] (Frank Gifford)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: 7 Dec 1999 13:03:21 -0500
In article <82iv7c$1520$[EMAIL PROTECTED]>,
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>>What I'm still trying to figure out is how the lack of the
>>property Compress(Decompress(X))==X is supposed to help the
>>cryptanalyst. ...
> This failure with LZW style is usually appeartant in the first few
>blocks.There is 2 ways in which it can help.
>One way would be to rule keys that where obtained through other
>means. Example if your toture someone into giving a key. The key
>could be tested.
This fails regardless. If a key is given up under torture, it is a simple
matter to decrypt the message and then uncompress it. They can simply
torture some more to get the decompression. If what they end up with is
not what they expect, they can go back to square one and torture some more.
>Two depending on the cipher used whole classes of the key itself
>may be eliminated from the search space. Having any kind of attack
>that is cipher text only which reduces the key space is not good.
In one sense, it may make the attacker's job easier since he may know the
first several bytes of the header. But an encryption algorithm should be
strong enough so even knowing plaintext and matching ciphertext, the work
to find the key should be roughly equivalent to a brute force search of
the key space. So an opponent who knows a matching plaintext and ciphertext
block should be reduced to a brute force search.
Unless there is some algorithmic break in the cipher, this should not be a
problem. This, of course, is completely separate from the idea of wrapped
chaining where you want to make the breaker's job much more difficult than
a simple (!) brute force.
-Giff
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 07 Dec 1999 13:14:24 GMT
On Tue, 7 Dec 1999 15:44:05 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>: Tim Tyler wrote:
>
>:> You don't think 56-bits is a slightly small figure? Even for its day?
>
>: It obviously wasn't. DES far outlived its design life.
>
>Really? For all either of us know DES may have been quietly being broken
>in secret for very many years, behind closed doors.
Since we are playing the "what-if" game. What if the NSA recovered
a quantum computer from a UFO crash at Roswell New Mexico and has
broken every code ever put into use since then?
Johnny Bravo
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 7 Dec 1999 10:21:54 -0800
Trevor Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> karl malbrain wrote:
>
> > That's exactly the SAME point. Why don't they use COTS specifications
from
> > the airlines?
>
> You'd probably end up in the same price neighborhood. but you would lose
the
> possibility of customization. For instance, military transport jets go
places
> no sensible commercial passenger jet would ever go. So the specs might be
hard
> to meet with standard grade commercial equipment.
You're giving way too much importance to that toilet seat!!! Karl M
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 7 Dec 1999 10:23:01 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> karl malbrain wrote:
> > That's exactly the SAME point. Why don't they use COTS
> > specifications from the airlines?
>
> I didn't know the airlines were using B-1Bs.
The point, you idiot, is that both B-1B's and airlines use TOILET SEATS!!!
Why not the same ones? Karl M
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 12:24:59 -0600
CLSV wrote:
>
> albert wrote:
>
> > If you walk into the library of the University of Michigan, you can actually find
> > all you need to know as far as how to make a nuclear bomb.
>
> One of those myths started by popular science magazines.
It ain't myth dude. It's standard homework assignment for any
nuke engineer. I once had a test which had a question like:
If you put the local anti-nuke demonstrator around a spherical
mass of 6 kg Pu 241, what happens?
Answer: it goes prompt super-critical and fries the ass hole.
The hard part isn't the knowledge. The hard part is the
material. You need specific isotopes in large enough quantities
to create a nuclear weapon. The knowledge of how to separate
those isotopes is also in the library.
Iraq's Hussien has built quite a few plants that separate out
U235, and he's built at least one small reactor to create Pu.
I think the west has pretty well quashed his ability to build
a bomb, but not his desire.
And that's where the NSA comes in, as does the CIA. We want those
guys to find out what Hussien is doing, what equipment he's rebuilt,
and where it's being used. That takes cryptanalysis, and spys.
The problem is that the guys who own the NSA and CIA use them for
their own profits, rather than my safety. So instead of spying
on people building bombs, they are spying on people writing software,
in their own country.
The problems with the NSA may be faked, but it's pretty clear
the corruption at the top has destroyed their original mission.
Maybe someday, someone in the NSA will prove the corruption so
they can go back to doing what they hired on for in the first
place.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "anonymous intentions" <[EMAIL PROTECTED]>
Subject: Re: How do you get past the password screen to the crypto?
Date: Tue, 7 Dec 1999 10:35:42 -0600
Are you talking about the CMOS/BIOS settings on a IBM Laptop?
IBM has the CMOS Decrypt the contents of the MBR on some of their laptop
models. If the hard disk is removed and put in another system. It is still
encrypted.
You should contact IBM or whomever manufactured the machine and you will
probably have to send it in to get it adjusted. Check your manual and see if
there is anything that mentions this subject. Though if their security is
what it is supposed to be, you are screwed.
<[EMAIL PROTECTED]> wrote in message
news:82jgpa$it8$[EMAIL PROTECTED]...
> My PC harddrive is encrypted, so when I start it up, it asks for a
> password to decrypt. If the wrong password is entered 3 times then the
> computer jams up.
>
> The question is how does an attacker get past the password bit to the
> actual encrypted contents?
>
> Is it possible at all?
>
> David
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: NEMA missing a plugboard?
Date: Tue, 07 Dec 1999 18:49:37 +0000
[EMAIL PROTECTED] wrote:
> The ENIGMA plugboard is nothing more than a rotor that doesn't rotate.
> It is largely a nuisance than a real cryptanalytic countermeasure. The
> ENIGMA ring settings are similar in this regard.
If you want to regard it as a rotor, note that it's an unknown rotor.
Routine Enigma breaks during the war relied on known rotors. Without
a plugboard they wouldn't have needed a Turing to invent a method to
break Enigma with a crib. The plugboard added quite a lot of real
security in practice.
--
Jim Gillogly
Highday, 17 Foreyule S.R. 1999, 18:46
12.19.6.13.15, 10 Men 3 Mac, Fifth Lord of Night
------------------------------
From: albert <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.nsa
Subject: Re: NSA future role?
Date: Tue, 07 Dec 1999 10:52:55 -0800
>
> One of those myths started by popular science magazines.
>
Nope, not a myth, it's true. I will concede to the post above, stating that
measurements, and details are hidden, which is the impeding stumbling block to making
one, but if you want concepts etc,, it's all there.
>
> And why wouldn't private sector companies make any mistakes?
>
>
Accountability. Profit. NASA has lost about $2Billion thus far on Mars stuff. Any of
them fired? No. If it was the private sector, performance and reward are linked, not
so in the public sector.
Albert
------------------------------
From: albert <[EMAIL PROTECTED]>
Subject: Just how secure is RC4?
Date: Tue, 07 Dec 1999 11:00:35 -0800
I have read all I can find on RC4, there are great descriptions of it,
but I find very little analysis of it. I mean when you compare RC4
analysis to DES, it doesn't compare!!! So I was wondering (a solicit
for newsgroup opinion) what you all think about the overall security of
RC4.. I mean all the E-commerce sites tout the security of SSL, but I
am not too convinced of that.
Links, docs, references are greatly appreciated!
Albert
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NP-hard Problems
Date: Tue, 07 Dec 1999 19:03:26 GMT
Anton Stiglic wrote:
> [EMAIL PROTECTED] wrote:
[...]
> > A problem X is NP-Hard if and only if there exists
> > a polynomial-time reduction from an NP-complete
> > problem to X. The definition of NP-hard is not as
> > well established as NP-complete, and references
> > differ as to whether it is a set of languages (in
> > which case only decision problems are NP-hard) or
> > a set of general computational problems.
>
> I haven't seen a definition of NP-Hard that would contradict the
> fact that it does not need to be a decisional problem.
In another strand of the thread I cited one such
source: /Introduction to Algorithms/ by Cormen,
Leiserson and Rivest.
> The definition of an NP-hard problem is that if there
> exists a polynomial timed algorithm for one of it's problems, then
> NP = P.
Do you have a reference for this? That was the
definition in the first and second printing of
/Handbook of Applied Cryptography/, but the
errata corrected it. See:
http://www.cacr.math.uwaterloo.ca/hac/errata/errata.html
The definition I offered, quoted above, is the
same as HAC's corrected definition.
The difference is significant. If P!=NP, then
there are languages in NP which are neither in
P nor NP-Complete. Under your definition they
would be NP-hard. I'd be interested in hearing
of any respectable reference that agrees.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NP-hard Problems
Date: Tue, 07 Dec 1999 19:24:02 GMT
In Anton Stiglic <[EMAIL PROTECTED]> wrote:
[...]
> No, that is false. An NP-hard problem is not
> restricted to only decision problems.
We've been over this before, and found that
references differ as to whether NP-Hard is a
set of languages or computational problems,
though I think the majority of expertise is
with you. See the post where Bob Silverman
replied to me replying to myself replying to
you:
http://x34.deja.com/[ST_rn=ps]/getdoc.xp?AN=508849224&CONTEXT=944593600.
1290207322&hitnum=0
> That's a basic fact that makes a distinction
> between NP-Hard and NP-Complete (NP-Complete
> problems are necessarily decisional problems).
That's only one distinction, and the other is
more widely accepted: though NP-Complete
problems have poly-time reductions to NP-Hard
problems, the converse need not be true.
> The big green book (Applied Cryptography), for example, clearly states
> this. See section 2.3.3.
Applied Cryptography is red, though the first
edition was blue. You mean the /Handbook of
Applied Cryptography/, and note that the
definition in the first two printings is
corrected in the errata at:
http://www.cacr.math.uwaterloo.ca/hac/errata/errata.html
(though still agrees that NP-Hard is a set of
problems, not languages).
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bill Lynch <[EMAIL PROTECTED]>
Subject: Ellison/Schneier article on Risks of PKI
Date: Tue, 07 Dec 1999 13:33:02 -0600
All,
There is a new paper up at
http://www.counterpane.com/pki-risks.html
Recently released by Carl Ellison and Bruce Schneier. The two point out
what they see as the 10 risks of a public-key infastructure. I think
their point is that security is like a chain, only as strong as the
weakest link. PKI is a system where several "links" are not protected
cryptographically (or in a secure manner), hence the security can be
compromised. It's a good article, take a read.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: Why Aren't Virtual Dice Adequate?
Date: Tue, 07 Dec 1999 19:35:05 GMT
In article <82f462$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Guy Macon) wrote:
> In article <82ei0e$2f2$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
([EMAIL PROTECTED]) wrote:
>
> >Yes, if you mean "absolute" in the sense that
> >authentication is provable, even against a
> >computationally unbounded attacker. Cryptographic
> >Authentication is always probabilistic: the
> >attacker might guess a correct signature. The
> >mechanism allows us to make the probability of
> >successful forgery arbitrarily close to zero.
>
> You *might* be able to go that extra distance to zero.
> Speaking of guessing things in general, I would say that
> if the probability of making a corect guess is so
> low that that the sum total of the results of all
> of the attackers guesses equals the sum total of all
> possible messages of that length, then it seems that
> the probabilty of making a correct guess and detecting
> that your guess was correct is zero.
You've mixed the attackers problems of (1)
creating a valid forgery and (2)
determining what forgeries are valid. I
don't think it makes sense to say we
"might" be able to get zero probability,
since in the first case we can't get there,
and in the second we're already there.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Tue, 07 Dec 1999 12:56:24 -0700
Reply-To: [EMAIL PROTECTED]
Scott Fluhrer wrote:
> In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> >karl malbrain wrote:
> >> That's exactly the SAME point. Why don't they use COTS
> >> specifications from the airlines?
> >
> >I didn't know the airlines were using B-1Bs.
> >
> Oh yes. It's part of a brand new plan to speed up leaving
> passengers at intermediate airports without having the bother
> of landing and taking-off again -- they just put the
> passengers and their luggage over the bombbay doors, and
> open them when over the airport.
>
> And, of course, first class passengers get parachutes.
>
> <Sorry, I just had a silliness attack. Just ignore this one>
>
> --
> poncho
>
Actually they've been doing this with luggage for years.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
