Cryptography-Digest Digest #734, Volume #10 Mon, 13 Dec 99 20:13:01 EST
Contents:
Re: Are thermal diodes as RNG's secure ("Kasper Pedersen")
Re: Economic Espionage Act of 1996 and the U.S.A. government's violations (
-=>JB<=-)
Re: Attacks on a PKI (Anne & Lynn Wheeler)
Re: New RNG Technique (Eric Lee Green)
Re: Insecure PRNG? (CLSV)
Re: Why no 3des for AES candidacy (Jerry Coffin)
Re: Better encryption? PGP or Blowfish? (Tom St Denis)
NAI granted export license for PGP (Bubba)
Re: Better encryption? PGP or Blowfish? (Tom St Denis)
Re: How can you tell? (Pelle Evensen)
Re: The future of telecommunication? ("Douglas A. Gwyn")
Re: Why no 3des for AES candidacy (Pelle Evensen)
Re: Simple newbie crypto algorithmn ("Douglas A. Gwyn")
Re: Why no 3des for AES candidacy ("Douglas A. Gwyn")
Re: Economic Espionage Act of 1996 and the U.S.A. government's violations ("Markku
J. Saarelainen")
Re: lfsr based cryptosystem ("Douglas A. Gwyn")
Re: Please help this newbie crack a potentially simple encryption ("Douglas A. Gwyn")
----------------------------------------------------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: Are thermal diodes as RNG's secure
Date: Mon, 13 Dec 1999 22:51:59 +0100
<[EMAIL PROTECTED]> wrote in message
news:831142$s6l$[EMAIL PROTECTED]...
> Is a termal diode being used as a RNG secure?
>
> Is it possible to manipulate the electronics to make the output of the
> diode not-so-random?
The three things that can hurt you in this game are
1) Influence from outside sources.
High intensity HF radio waves will ALWAYS get into your circuit to some
degree. The point is to shield the device well enough that it won't hurt the
entropy too much.
Zeners make good AM receivers - they are easier to influence than resistors.
They might also work as X-ray receivers.
My goal when I built mine was to have an operating GSM phone lying on the
box, under the box etc, without making the predictability more than 0.55 (as
opposed to 0.5 ideal).
This is a small-signal device, and it should accept more disturbances than
your monitor.
2) influence by yourself
This is more likely than influence from outside sources - great care must be
taken to shield the device, and this includes shielding it from your PC's
power supply (or whatever..)
Zener diodes require biases, which makes power supply a problem.
3) listening outside attacker. Emission from the device itself is not the
problem (you already shielded the **** out of it), but it could be heard on
the cable from the device to the PC.
Enough. This isn't sci.electronics. Yes, they can be made good. No, it's not
easy.
/Kasper Pedersen
------------------------------
From: [EMAIL PROTECTED] ( -=>JB<=- )
Crossposted-To: alt.politics.org.cia
Subject: Re: Economic Espionage Act of 1996 and the U.S.A. government's violations
Date: Mon, 13 Dec 1999 15:16:29 -0800
In article <[EMAIL PROTECTED]>, "Markku J. Saarelainen"
<[EMAIL PROTECTED]> wrote:
> I do believe that the government of the U.S.A. with the assistance of
> its intelligence agencies and commercial agencies have violated my
> private property rights and taken away my intellectual property ("Genie
> Services")
<snip>
Markku,
Did you ever transmit this "intellectual property" over a
modem? I notice you speak of modem technology & was wondering
if you used one to send the info to anyone. I think there
was another company who was robbed via modem of their secrets.
It seems for some reason it was even legal although corrupt.
-=>JB<=-
------------------------------
Subject: Re: Attacks on a PKI
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Mon, 13 Dec 1999 23:13:46 GMT
Helger Lipmaa <[EMAIL PROTECTED]> writes:
> Secure electronic commerce necessitates wide-scale employment of
> public-key cryptography that, in turn, requires secure and efficient
> methods of certificate management in the \emph{Public-Key
> Infrastructure} (PKI). Most of the known techniques for the latter
AADS looks at just upgrading existing online authentication schemes
from shared secret to public-key ... which inherits infrastructure
improvements from the transition from shared-secret to public-key.
certificates provide great introductory credentials for offline
comfort involving parties that have no previous knowledge of each
other and/or no prior business relations.
however, certificates have poor transactional characteristics in both
consumer<->business e-business and business<->business e-business
(simple offline analogy is oldtime purchase department checks with
printed "signing" limit authority ... of something like $5,000 until
they discovered $1m projects were being funded by signing 200 such
checks, i.e. aggregation involves online accounts).
also in the consumer to business e-business, consumer certificates
tend to violate all sorts of privacy guidelines. solutions have been
things like "relying-party-only" certificates ... with only identifier
is the account number. In this scenerio, the account record has to be
"hit" ... in which case it can be trivially shown that certificate is
at least redundant and superfluous and likely also introducess
unnecessary risk.
In general, AADS has gone to great deal of trouble to support KISS
(several observations have then that is is frequently much harder to
do something simply than to do something in complex fashion).
To some extent we did violate the KISS principle in the convoluted
mapping of Certification Authority policies and practices; we started
by defining a CA-based infrastructure with certificates ... and then
using existing CA policies and practices show that a certificate
doesn't actually exist in that portion of the business operation. From
that build a whole e-business series of certificate-based operations
where the certificate(s) never actually appears.
for those interested in such convoluted exercises (as opposed to
straight-forward KISS) see the business policies & practicies
discussion at
http://www.garlic.com/~lynn/
--
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: New RNG Technique
Date: Mon, 13 Dec 1999 16:17:07 -0700
Steve Harris wrote:
>
> I have developed a technique that converts the output of any RNG into a
> cryptographically secure bit stream good enough to pass all statistical tests
> for randomness,
There are a number of attacks which can exploit a predictable PRNG
(Pseudo-Random Number Generator). The PRNG can produce a statistically random
distribution and still be predictable. In fact, all PRNG's *ARE* predictable
-- if you know their initial state, you can predict each and every output that
will ever come out of it. The whole secret, then, becomes getting TRUE
randomness out of the environment in order to set the initial state, and
having enough initial states such that a brute force search of possible
bytestreams to figure out which sequence you're using will take too long to be
feasible.
I suggest reading the Yarrow paper at http://www.counterpane.com for more
information.
Most of the "new" techniques that you "developed" are well known in the
cryptography community and can be seen by examining the source code to a
variety of crypto libraries. The Yarrow paper has some references that are
worth following, including some possible attacks on what you are doing. At
first glance, not having examined your source code closely, it appears that
you are attempting to increase the number of initial states of rand() (which
is rather pathetic) by first iterating it a random number of times through a
home-brew cipher. There are better ways of handling things, of which the
Yarrow paper discusses one.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Insecure PRNG?
Date: Mon, 13 Dec 1999 23:24:11 +0000
Mok-Kong Shen wrote:
> CLSV wrote:
> > It may be a philosophical difference but technically
> > you have exact the same information: you can with certainty
> > say that there is no publicly known attack. Whether the
> > Mossad or the NSA or some academic researcher publish an attack
> > tomorrow can never be known. It would be deceptive if you don't
> > communicate that but otherwise the situation is the same.
> I am afraid you misunderstood me to some extent. The actual attacks
> include both the publically known and the secret (yet already
> invented) attacks. It is against all these that the security should
> ideally be evalauted.
That would still not be perfect. Tomorrow someone
might invent a new attack that could break the
algorithm you just evaluated. But I have to agree
to your practicle point that in fact an algorithm could
be broken by someone keeping it secret.
> At least this is what most users desire to know.
I doubt that is the general case. Most commercial users would
be happy to consult security agencies if they could (e.g. Microsoft
NSAKEY). Most private users of security products are unaware of
the risks and possibilities some use them but even don't care.
That leaves only the privacy aware users with some cryptographical
knowledge.
> If the best academics currently can't attack a certain
> algorithm but some three lettered agency can, that algorithm is
> cracked, isn't it?
Certainly true. But I doubt we will ever find out.
Regards,
Coen Visser
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: Why no 3des for AES candidacy
Date: Mon, 13 Dec 1999 16:26:27 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Why isn't 3des being considered for the AES? Is it because it is slower than
> DES?
3DES is already being standardized in FIPS 46-3. AES is intended to
be a longer-term replacement.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Better encryption? PGP or Blowfish?
Date: Mon, 13 Dec 1999 23:27:58 GMT
In article <[EMAIL PROTECTED]>,
Neil Bell <[EMAIL PROTECTED]> wrote:
> Does such a snotty and pompous response contribute to his learning??
>
> Does the word "kindness" ever enter into your thoughts?
I was just being honest. People never think twice before launching a
flame war when I am wrong. I know two wrongs don't make a right, but
what other response could i give? His ignorant comparaison was just
plain silly.
Tom
>
> Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >In article <831oof$c6g$[EMAIL PROTECTED]>,
> > molypoly <[EMAIL PROTECTED]> wrote:
> >> Which is a harder encryption to break? The encryption in PGP
program
> >> or McAfee's PcCrypto program which has the 128 bit Blowfish
> >encryption.
> >> Thanks. You can reply to me at (remove the "nospam")
> >> [EMAIL PROTECTED]
> >>
> >
> >You have sucessfully compared apples to oranges and if you don't know
> >why, you wouldn't fully understand a proper response anyways.
> >
> >Tom
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bubba <[EMAIL PROTECTED]>
Subject: NAI granted export license for PGP
Date: Mon, 13 Dec 1999 23:25:52 GMT
http://www.nai.com/asp_set/about_nai/press/releases/pr_template.asp?
PR=/PressMedia/12131999.asp&Sel=647
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Better encryption? PGP or Blowfish?
Date: Mon, 13 Dec 1999 23:30:43 GMT
In article <833458$u6m$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <831oof$c6g$[EMAIL PROTECTED]>, molypoly <molypoly@my-
deja.com> wrote:
> > Which is a harder encryption to break? The encryption in PGP
program
> >or McAfee's PcCrypto program which has the 128 bit Blowfish
encryption.
> >Thanks. You can reply to me at (remove the "nospam")
> >[EMAIL PROTECTED]
> >
>
> The one thing about PGP is that in its standard mode it ues a "ZERO
> knowledge" method so that in theory all the information to break the
code is
> self contained in the PGP message its self. This means that in theory
no
> addtional information is needed for groups like the NSA to read what
ever file
> you carelessly encrypted using this method even if your encrypting a
file of
> random noise.
> But if the PcCrypto program is done correctly and that is a big if.
Then
> there may not be enough information to break a message on its own when
> intercepted by the bad guys assuming you send only one message and
pick
> a good key.
If you understand information theory, and that's a big if, you will
realize that in any non-otp system [including yours] there is enough
information to decrypt a message.
How long it takes is the true measure of security.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Pelle Evensen <[EMAIL PROTECTED]>
Subject: Re: How can you tell?
Date: Tue, 14 Dec 1999 00:44:45 +0100
Tim Tyler ([EMAIL PROTECTED]) wrote:
: Pelle Evensen <[EMAIL PROTECTED]> wrote:
: : John ([EMAIL PROTECTED]) wrote:
: :
: : Moral: You can't get any information whatsoever about a cryptosystems
: : security from statistically measuring the output data. [...]
: I'm not quite about this. *If* you know a PRNG-based stream-cypher - and
: it dramatically and reproducibly fails any test for randomness, you can
: discard it straight away.
Sorry for being unclear, what I meant was that no indication of strength, or
lack thereof, can be made from general statistical tests unless the method
used to produce the data is known. As we both conclude, take a good cipher,
add redundancy and it will flunk all tests. Take a statistically bad one,
xor with a statistically good prng and it will pass.
: I /think/ I understand what you mean, though. Passing tests for
: randomness proves nothing positive about security. Failing them
: indicates insecurity only under certain circumstances.
Assuming that nobody did something to add redundancy after the actual
encipherment, true. :)
Cheers,
Pell
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The future of telecommunication?
Date: Tue, 14 Dec 1999 00:12:37 GMT
Melinda Harris wrote:
> Is it possible?? A virus that encrypts your entire hardrive upon logon?
A so-called computer virus can usually do almost anything,
including that.
------------------------------
From: Pelle Evensen <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Date: Tue, 14 Dec 1999 01:16:36 +0100
Anton Stiglic wrote:
> Uri Blumenthal wrote:
> > > >One good reason:
> > > >The AES is supposed to support the following different key sizes:
> > > > 128, 192, 256
> > > >
> > > >You can see why 3-DES, with it's single sized 168 bit key,
> > > >does not fit in this categorie.
> >
> > No I can't - there are ways to securely make key of any length
> > (from 64 bis to 768*3 bits) for 3DES.
>
> Hunn??? 3DES uses DES, 3 times, with 3 different keys. The result
> is a cipher that has a key of size 3*(size of key for DES) = 168 bits.
> If we proove that the security given by this method is just 2 bits, the
> cipher still remains a cipher that needs uses a 168-bit key.
> I would realy be interested in seeing you come up with a 72 bit key
> 3-DES. Do you have any idea of what you are talking about?
I would assume he has;
http://www.research.att.com/~smb/papers/ides.ps
(You can replace the usual DES key schedule and make up your own
round keys.)
Cheers,
Pell
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Simple newbie crypto algorithmn
Date: Tue, 14 Dec 1999 00:28:36 GMT
"SCOTT19U.ZIP_GUY" wrote:
> [EMAIL PROTECTED] (Steven Siew) wrote:
> >That of course is total bullshit. Anyone with basic C programming skills and
> >basic high school maths can write a crypto algo that the whole world cannot
> >crack in less than 1000 years.
> I think one can only say one can make it stronger and more secure than what
> the phony crypto gods do with there short keyed methods. But to say its secure
> for 1000 years is meaining less since who the hell knows where quantum
> computers will be able to do in ten years.
My own estimate is that, with sufficient motivation, it would take
at most a few weeks, using a rather ordinary computer with some
extraordinary software.
> > scramble key < originaltext > encryptedtext
> > unscramble key < encryptedtext > decipheredtext
> Nice way to handle inputs and outputs.
(1) This is the obvious interface on UNIX systems.
(2) Unless both the plain and cipher text are *text streams*,
as opposed to arbitrary binary files, this interface will not
work on some systems; stdin and stdout are text streams.
> The heart of your method revolves around this sequencing of the
> buff fib if the sequence can be proven to really have a period of
> oder 2^(FIBP-1) for any array fib then you may have something
> but I am not familar with this type of generator. ...
As you noted, there are flaws in the particular method,
but I want to add that Fibonacci generators *in general*
have been thoroughly studied and ways to crack them are
known. Think about it: Fibonacci sequences have a *lot*
of mathematical structure; that's not good from the point
of view of resisting analysis.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Date: Tue, 14 Dec 1999 00:59:59 GMT
"SCOTT19U.ZIP_GUY" wrote:
> 1. Depending on how one combines the cipher to make 3DES it could be come
> to hard for current NSA to quickly decode the message for law enforcement.
I think you mean FBI. It is explicitly against the law for NSA to
intercept communications for the purpose of domestic law enforcement,
unless one or more of the communicants are foreign. And, before you
say that NSA just ignores the law, that's not so -- this requirement
has an effect on how operations are conducted, which wouldn't be
necessary if the law were being ignored.
Last I heard, the FBI *were* being budgeted to establish a significant
network/cryptologic intelligence branch. Comrades Clinton, Gore,
Reno, and Freeh have this Big Brother plan, you see... law enforcement
is just an excuse.
> The speed thing is what most phony crypto gods would have you belive the
> reason is. But in fact with the bloated operating systems one uses know a days
> and as machines get faster very week this is really a lame reaon when one
> wants real security.
Speed *is* important in order that encryption become as widespread as
it really should, e.g. on network links. We're already in the age of
fiber-optic communication.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia
Subject: Re: Economic Espionage Act of 1996 and the U.S.A. government's violations
Date: Mon, 13 Dec 1999 19:27:09 +0000
I designed and documented my "Genie Services" (internet based electronic
commerce agent based services) concept and model at my private property (in a
room in my home) and I recorded this design using my audio tape. I never
communicated this on the internet, via telehophone or modem or via any other
communication medium. So basically, I was eavesdropped during my private R&D
sessions at my physical private property. At the time, I did not work for
anybody and did this R&D work for myself and for my potential business
purposes on my own at my own expense.
Actually, I think that stealing somebody's secrets via modem is violation of
various laws such as the Economic Espionage Act of 1996. For example, if my
ISP would steal my specific business information (such as my browsing
behaviors, search queries, email messages and so on) and would provide this
information for some third-party for any purpose, this would be a violation
of many laws and regulations. And any person obtaining this information may
well also be a violator of the Economic Espionage Act of 1996.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: lfsr based cryptosystem
Date: Tue, 14 Dec 1999 01:01:33 GMT
[EMAIL PROTECTED] wrote:
> i am looking for cryptosystems based on combination of lfsr's.
The real question is, why?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Please help this newbie crack a potentially simple encryption
Date: Tue, 14 Dec 1999 01:06:29 GMT
Jim Gillogly wrote:
> It's also possible that this cipher might be solved exhaustively:
Yeah, that popped into my mind also, but unless the text is an
*exact* match, searching on-line corpus would be fruitless.
Since supposedly punctuation was ignored, it makes me think
that the text is more likely to have come from manual entry
of a hardcopy source, which has a fair chance of not matching
an on-line rendition of "the same" article.
It would be worth a try, perhaps. A general rule is to try
the easy things first, even though usually they don't pan out.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
