Cryptography-Digest Digest #735, Volume #10 Mon, 13 Dec 99 22:13:01 EST
Contents:
Re: Why no 3des for AES candidacy (Jim Gillogly)
Re: Better encryption? PGP or Blowfish? (Phillip George Geiger)
Deciphering without knowing the algorithm? (HKXLF)
Re: Why no 3des for AES candidacy ("karl malbrain")
Re: Better encryption? PGP or Blowfish? (Anime Rokly)
Re: Please help this newbie crack a potentially simple encryption ("r.e.s.")
Re: Better encryption? PGP or Blowfish? (SCOTT19U.ZIP_GUY)
Re: Better encryption? PGP or Blowfish? ("Trevor Jackson, III")
Re: Why no 3des for AES candidacy ("Trevor Jackson, III")
Re: Better encryption? PGP or Blowfish? (I. Realmonky)
Correction and apologies (Re: Digitally signing an article in a paper journal)
("rosi")
The Code Book (Warner)
Re: Insecure PRNG? (William Rowden)
Re: Why no 3des for AES candidacy ("Trevor Jackson, III")
Re: Deciphering without knowing the algorithm? (Arthur Dardia)
----------------------------------------------------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Date: Tue, 14 Dec 1999 01:15:01 +0000
"Douglas A. Gwyn" wrote:
>
> "SCOTT19U.ZIP_GUY" wrote:
> > 1. Depending on how one combines the cipher to make 3DES it could be come
> > to hard for current NSA to quickly decode the message for law enforcement.
>
> I think you mean FBI. It is explicitly against the law for NSA to
> intercept communications for the purpose of domestic law enforcement,
> unless one or more of the communicants are foreign.
Is it also against the law for NSA to decrypt communications that
were intercepted and handed to them by the FBI working a domestic
case? (This may be a naive question, but it's not disingenuous --
I don't know the answer.)
--
Jim Gillogly
Highday, 24 Foreyule S.R. 1999, 01:12
12.19.6.14.2, 4 Ik 10 Mac, Third Lord of Night
------------------------------
From: Phillip George Geiger <[EMAIL PROTECTED]>
Subject: Re: Better encryption? PGP or Blowfish?
Date: 14 Dec 1999 01:13:18 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: I was just being honest. People never think twice before launching a
: flame war when I am wrong. I know two wrongs don't make a right, but
: what other response could i give?
You could have briefly explained why his question was a bad one, and
pointed him at a FAQ.
: His ignorant comparaison was just plain silly.
And in the time it took you to think up that "witty" response, giggle
like the child you are, and hit "enter" - you could have posted something
far more interesting and useful to a newbie.
--
Phil Geiger
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (HKXLF)
Subject: Deciphering without knowing the algorithm?
Date: 14 Dec 1999 01:35:47 GMT
Hi,
I am new to cryptography although I am very interested in the subject. From
browsing though this newgroup, I have come to a conclusion that, in order to
decipher some message, all you need is to find the key. But how about the
algorithm that is used the encrypt the text in the first place. Is it possible
to decrypt some text without first knowing what algorithm is used to encrypt
it?
Anyway, I'll be grateful if anybody can satisfy my curiosity.
Thanks,
Herry.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Date: Mon, 13 Dec 1999 17:45:20 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "SCOTT19U.ZIP_GUY" wrote:
> > 1. Depending on how one combines the cipher to make 3DES it could be
come
> > to hard for current NSA to quickly decode the message for law
enforcement.
>
> I think you mean FBI. It is explicitly against the law for NSA to
> intercept communications for the purpose of domestic law enforcement,
> unless one or more of the communicants are foreign. And, before you
> say that NSA just ignores the law, that's not so -- this requirement
> has an effect on how operations are conducted, which wouldn't be
> necessary if the law were being ignored.
This is an example of VULGAR MATERIALISM. Yes, it's true, that ANY
measurable operations-effect means that the law is not being ignored, per
se. That's hardly the point, however. Karl M
------------------------------
From: [EMAIL PROTECTED] (Anime Rokly)
Subject: Re: Better encryption? PGP or Blowfish?
Date: Tue, 14 Dec 1999 01:48:10 GMT
Phillip George Geiger <[EMAIL PROTECTED]> wrote:
>And in the time it took you to think up that "witty" response, giggle
>like the child you are, and hit "enter" - you could have posted something
>far more interesting and useful to a newbie.
Or better, you could have flamed David Scott instead.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Please help this newbie crack a potentially simple encryption
Date: Mon, 13 Dec 1999 17:54:48 -0800
Thanks -- that link works.
Looking at that website, I find it remarkable how much
time & effort people seem to be spending on a list of
digits whose origin is virtually unknown. (Apparently,
there as well as in this ng, someone basically just
posted it as a puzzle they somehow obtained.)
I don't think it's overly-paranoid to at least wonder
about the possibility that this "cipher" may not even
be an encipherment of anything, or in any case that it
might be, practically speaking, impossible to solve.
--
r.e.s.
[EMAIL PROTECTED]
"Jim Gillogly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
[...]
: One more try, and I give up if I screw it up yet again.
: http://codebuster.home.mindspring.com/FREDROOM.HTM
: (without the www. in front.). Sorry again.
[...]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Better encryption? PGP or Blowfish?
Date: Tue, 14 Dec 1999 03:04:12 GMT
In article <833vj4$vqh$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <833458$u6m$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> In article <831oof$c6g$[EMAIL PROTECTED]>, molypoly <molypoly@my-
>deja.com> wrote:
>> > Which is a harder encryption to break? The encryption in PGP
>program
>> >or McAfee's PcCrypto program which has the 128 bit Blowfish
>encryption.
>> >Thanks. You can reply to me at (remove the "nospam")
>> >[EMAIL PROTECTED]
>> >
>>
>> The one thing about PGP is that in its standard mode it ues a "ZERO
>> knowledge" method so that in theory all the information to break the
>code is
>> self contained in the PGP message its self. This means that in theory
>no
>> addtional information is needed for groups like the NSA to read what
>ever file
>> you carelessly encrypted using this method even if your encrypting a
>file of
>> random noise.
>> But if the PcCrypto program is done correctly and that is a big if.
>Then
>> there may not be enough information to break a message on its own when
>> intercepted by the bad guys assuming you send only one message and
>pick
>> a good key.
>
>If you understand information theory, and that's a big if, you will
>realize that in any non-otp system [including yours] there is enough
>information to decrypt a message.
>
This just shows how fucking stupid you are little boy pain
in the ass. Try reading what a ZERO Iinformation system is
sometimes instead of opening your mouth. In a ZERO information
protocall the seeds are in there to solve any encryption including
that of a random file. IF you think mine has enough information
for a random file break your not only full of shit but you know
nothing about encryption. Try to learn something Tom becasue
your posts are gettting dumber and dumber and it is getting
frustracting wasting my time to try to improve your pee brain.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
Date: Mon, 13 Dec 1999 21:26:47 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Better encryption? PGP or Blowfish?
Tom St Denis wrote:
> In article <833458$u6m$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> > In article <831oof$c6g$[EMAIL PROTECTED]>, molypoly <molypoly@my-
> deja.com> wrote:
> > > Which is a harder encryption to break? The encryption in PGP
> program
> > >or McAfee's PcCrypto program which has the 128 bit Blowfish
> encryption.
> > >Thanks. You can reply to me at (remove the "nospam")
> > >[EMAIL PROTECTED]
> > >
> >
> > The one thing about PGP is that in its standard mode it ues a "ZERO
> > knowledge" method so that in theory all the information to break the
> code is
> > self contained in the PGP message its self. This means that in theory
> no
> > addtional information is needed for groups like the NSA to read what
> ever file
> > you carelessly encrypted using this method even if your encrypting a
> file of
> > random noise.
> > But if the PcCrypto program is done correctly and that is a big if.
> Then
> > there may not be enough information to break a message on its own when
> > intercepted by the bad guys assuming you send only one message and
> pick
> > a good key.
>
> If you understand information theory, and that's a big if, you will
> realize that in any non-otp system [including yours] there is enough
> information to decrypt a message.
Not always. Depends on the message space.
Consider the reponse to a proposed contract. It can be encoded in a bit.
Any boolean message has this property. Some messages have even less
information.
Consider the case of a "Go!" command. The message itself contains zero
information. The recipient is waiting for exactly this message and no
other. So the message consists of zero bits of plaintext plus whatever
authentication is necessary.
Now consider the data rate of a channel used to transmit the Go! message.
Normally it has no data flowing through it, but there's a tacit streams of
"Not Yet!" messages that match the sampling rate of the receiver. This data
stream has no bits in it at all. Perhaps it has a stream of noise to
reassure the receiver that a mesage hasn't been missed. But there's no
information in the noise. It's just noise.
Tough to crack such virtual messages.
------------------------------
Date: Mon, 13 Dec 1999 21:31:24 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Pelle Evensen wrote:
> Anton Stiglic wrote:
> > Uri Blumenthal wrote:
> > > > >One good reason:
> > > > >The AES is supposed to support the following different key sizes:
> > > > > 128, 192, 256
> > > > >
> > > > >You can see why 3-DES, with it's single sized 168 bit key,
> > > > >does not fit in this categorie.
> > >
> > > No I can't - there are ways to securely make key of any length
> > > (from 64 bis to 768*3 bits) for 3DES.
> >
> > Hunn??? 3DES uses DES, 3 times, with 3 different keys. The result
> > is a cipher that has a key of size 3*(size of key for DES) = 168 bits.
> > If we proove that the security given by this method is just 2 bits, the
> > cipher still remains a cipher that needs uses a 168-bit key.
> > I would realy be interested in seeing you come up with a 72 bit key
> > 3-DES. Do you have any idea of what you are talking about?
>
> I would assume he has;
> http://www.research.att.com/~smb/papers/ides.ps
>
> (You can replace the usual DES key schedule and make up your own
> round keys.)
You can also damage the key by fixing some of the bits so you can match {128,
192, 256} and then expand the key back to the size convenient for the
standard key schedule
------------------------------
From: [EMAIL PROTECTED] (I. Realmonky)
Subject: Re: Better encryption? PGP or Blowfish?
Date: Tue, 14 Dec 1999 02:28:03 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> This just shows how (bleep) stupid you are little boy pain
>in the (bleep)...
You see Tom? You tried Neil Bell's and Phillip George Geiger's way and what
did it get you? Now stop listening to those goody two-shoes characters and
speak your mind!
--
"I. Realmonky" is actually [EMAIL PROTECTED] (5082 739461).
0 123456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Correction and apologies (Re: Digitally signing an article in a paper journal)
Date: Mon, 13 Dec 1999 21:39:31 -0500
First, correction. For KloroX's application, not only the 'start' and
'length'
need to be key driven. (We have to prove) Very sorry to have given a
piece of garbage. My special apologies to KloroX.
There is at least another 'minor' problem in what I gave. It should not be
necessary to strip if the 'text' (Bible in my example) is standardized.
Now a little comment.
Steve K's is straightforward and perhaps very obvious. Since KloroX
asked, I thought he was asking for something less obvious. However,
besides the obviousness in using the property of 'public' keying, there
may be a little 'clash in culture'. There is the PKI discussion on-going
and I do not need to say more here.
KloroX mentioned proving at a later desired date. For that, the 'instant'
verification by 'public' keying is 'wasted'. Yet, the major thing is still
one-
wayness, IMO. There can be a compress hash that is one-way; a 'hard'
problem is only conjectured to be 'hard'. If one can steer away, I do not
see why not. In addition, I asked the question about the relationship
between the ideal compression and the input and output size of this
application. In essence, a question on (the existence of) pre-image.
There are details people can fill in, such as having the KEY itself as one
of the 'free-will' parts. If you want to include a time-stamp, you may be
able to make that a part of the fixed format.
Most importantly, fill in the details the best way you see (if you see any
value in what I said). Do not trust me. Think carefully and independently.
Develop or redo the whole thing as you see fit.
Lastly, not in contention with 'public' keying. Take mine as an off the
beat thinking.
Thanks
--- (My Signature)
Steve K wrote in message <[EMAIL PROTECTED]>...
>My suggestion:
>
>Create a key for the sole purpose of signing and encrypting a drafts
>of articles, messages, etc. under your pseudonym. Take great care,
>never to use this key pair for any other purpose, of your anonymity
>may be endangered.
>
>http://www.itconsult.co.uk/stamper/stampinf.htm
>
>This is the URL to a PGP time stamping service. There are others.
>
>Encrypt and sign a draft of your document, and send it to a time
>stamping service. You will recieve it back, with another signature
>added, specifically for the purpose of verifying where and when the
>service signed your document. Here you have nearly perfect proof of
>priority, in your posession, which can be disclosed at your
>discretion.
>
>You may also wish to sign a cleartext copy of your draft, using your
>pseuydonym's key. Then anonymously post it to a news group. For
>moderately secure anonymous posting, try:
>
>http://www.anonymizer.com/3.0/services/
>
>For advanced security in anonymnous posting, try:
>
>http://lycaeum.org/~sunny/IntermediateAnonymity.html
>
>As long as the signed copy of your draft is available at Deja or other
>archive sites, you will be able to claim the article and prove your
>authorship at any time, without resort to time stamping.
>
>The Cpunks mailing list might be a good place for further information.
>It is archived at: http://www.inet-one.com/cypherpunks/
>
>HTH
>
>Steve K
>
>---Continuing freedom of speech brought to you by---
> http://www.eff.org/ http://www.epic.org/
> http://www.cdt.org/
------------------------------
From: Warner <[EMAIL PROTECTED]>
Subject: The Code Book
Date: Tue, 14 Dec 1999 02:31:42 GMT
The first sentence of Simon Singh's _The Code Book_ is, "On the morning of
Wednesday, 15 October 1586, Queen Mary entered the crowded courtroom of
Fotheringhay Castle". The calendars I have referred to give this date as
being on a Saturday. I'm interested in hearing comments on this apparent
inconsistency or references to such.
--
------------------------------
From: [EMAIL PROTECTED] (William Rowden)
Subject: Re: Insecure PRNG?
Date: 14 Dec 1999 02:32:29 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Given a steel and a wooden beam, an engineer can do computations to
> determine which is stronger and give a numerical figure for that. To
> do the same with two crypto algorithms seems to be very hard or
> impossible in general.
IMHO, this statement idealizes engineering, comparing "pure"
calculations to "practical" cryptographic strength. This civil
engineer [1] asks the following questions about this hypothetical beam
(and draws an analogy from his limited "hobby" cryptological
understanding):
<ENGINEERMODE>
Do you want to know which beam is stronger in compression, tension, or
bending moment? (Do you want to know which is more resistant to a
linear or differential attack?) To what forces with the beam be
subject? (How will you use this cryptological primitive?)
If this beam is part of a larger design, what are the loads to which
it will be subject?: wind? snow? (What attacks do you expect?:
ciphertext-only? chosen plaintext?) Let's assume that the snow load
is the critical part of the design. (What is your attack model?) To
design for snow load, I need--in the absence of legal design codes--to
know the probabilistic distribution of snow accumulation over time.
(How long do you want the message to be secure against what
computers?: minutes against a PC? days against distributed
processing? centuries against quantum computing?) I can't design a
structure that will resist and infinite amount of snow, or that will
stand forever. (Don't expect the security of a one-time pad.)
To do this aspect of the design, I'll need to know the locale; that
obviously influences snowfall accumulation. (Against whom do you want
the encryption secure?: your kids? your boss? the NSA?)
Legal design codes implicitly or explicitly define acceptable
failures. If no legal codes exist, how often is failure acceptable?
(What percentage of messages could be read without endangering the use
of the encryption?) Almost no dam failure is acceptable; stormwater
distribution systems regularly fail because it's not worth the cost to
ensure no road is ever inundated.
After I've done all these calculations, I'll multiply by a factor of
safety depending on how critical the design is: for a bridge the
factor will be larger, for a remote weather information system it
might be smaller. (How critical is your message? I'd suggest a
longer key for more life-threatening communications.) After all,
real-world materials and forces aren't as precise as engineering
calculations.
I'll also need to warn you that I can only design against known
failure modes. (Security can only be evaluated against known
attacks.) Meeting legal and professional standards provides some
defense against an engineer's liability. As the failure of the Tacoma
Narrows Bridge indicates, new failure modes may be encountered that no
engineer could have predicted, since then-current practice did not
include it. (New attacks may be invented.) You might want to read
_To Engineer Is Human : The Role of Failure in Successful Design_ to
understand the implications of this.
</ENGINEERMODE>
I don't think cryptographic security is so different from civil
engineering design safety, except, perhaps, the state of the art. Go
back in time, though, and you'll see, for example, that builders
evaluated structural strength through trial-and-error. The scientific
evaluation of structural strength in the USA didn't take full form
until after public outcry over train bridge collapses. (Perhaps when
everyone is using encryption...)
>> > One basic reason underlying that, I believe,
>> > is that, given any properly designed algorithm, one generally has no
>> > way of knowing which is the most efficient way of attacking it and
>> > hence one normally can't determine the factor of expense of cracking
>> > one algorithm relative to another algorithm. (The person who succeeds
>> > to crack an algorithm in a clever way may choose to keep his result
>> > unpublished.)
>>
>> We can discuss security against known attacks in both a practical
>> and scientific way as long as we do keep in mind that we do not have a
>> computable absolute security measure. Of course the last fact is
>> good to mention when someone is claiming absolute security.
>
>As I said, there may be unknown yet existant attacks. The user of
>crypto applications commonly desires to know 'the' security, not
>merely the security against a specific list of methods of attack.
>That's at the heart of the trouble in my humble opinion.
I agree.
[1] Well, I'm a transportation engineer, actually, and I work in
intelligent transportation systems (i.e., with computers and
telecommunication).
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
------------------------------
Date: Mon, 13 Dec 1999 21:41:23 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Jim Gillogly wrote:
> "Douglas A. Gwyn" wrote:
> >
> > "SCOTT19U.ZIP_GUY" wrote:
> > > 1. Depending on how one combines the cipher to make 3DES it could be come
> > > to hard for current NSA to quickly decode the message for law enforcement.
> >
> > I think you mean FBI. It is explicitly against the law for NSA to
> > intercept communications for the purpose of domestic law enforcement,
> > unless one or more of the communicants are foreign.
>
> Is it also against the law for NSA to decrypt communications that
> were intercepted and handed to them by the FBI working a domestic
> case? (This may be a naive question, but it's not disingenuous --
> I don't know the answer.)
> --
> Jim Gillogly
> Highday, 24 Foreyule S.R. 1999, 01:12
> 12.19.6.14.2, 4 Ik 10 Mac, Third Lord of Night
The surveillance establishment has a long history of ignoring the laws restricting
their activities. <Insert latin quote re watching the watchers here>. From the
toothless forumlation of U.S. Post Office policy to the copies of every message
that traveled over the first transatlantic cable, the law is _not_ what is written;
the law is what is enforced.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: Deciphering without knowing the algorithm?
Date: Mon, 13 Dec 1999 21:53:44 -0500
Yeah. Just try every single algorithm. Decrypting a message given a key is
rather fast. However, a "secret" algorithm cannot be guessed very easily.
HKXLF wrote:
> Hi,
> I am new to cryptography although I am very interested in the subject. From
> browsing though this newgroup, I have come to a conclusion that, in order to
> decipher some message, all you need is to find the key. But how about the
> algorithm that is used the encrypt the text in the first place. Is it possible
> to decrypt some text without first knowing what algorithm is used to encrypt
> it?
>
> Anyway, I'll be grateful if anybody can satisfy my curiosity.
> Thanks,
> Herry.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
