Cryptography-Digest Digest #749, Volume #10 Thu, 16 Dec 99 12:13:01 EST
Contents:
Re: Help needed determining algorithm/key (SCOTT19U.ZIP_GUY)
Re: Why no 3des for AES candidacy (SCOTT19U.ZIP_GUY)
Re: Why no 3des for AES candidacy (SCOTT19U.ZIP_GUY)
Re: Off topic -- 4 year old (SCOTT19U.ZIP_GUY)
Mr SHAW needs a BEER (SCOTT19U.ZIP_GUY)
Re: Ellison/Schneier article on Risks of PKI ("Tim Wood")
Re: Simple newbie crypto algorithmn (Johnny Bravo)
Re: Deciphering without knowing the algorithm? (CLSV)
Re: Keystrokes monitored/encryption useless (Roger Carbol)
Re: Keystrokes monitored/encryption useless (Johnny Bravo)
Re: Why no 3des for AES candidacy (Paul Koning)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Help needed determining algorithm/key
Date: Thu, 16 Dec 1999 16:04:12 GMT
In article <UK364.3301$[EMAIL PROTECTED]>, "security199"
<[EMAIL PROTECTED]> wrote:
>
>
>Hi,
>
>I am evaluating a software application that protects some
>data using a method that needs a password. That password
>is encrypted and stored in an easily access able file.
>
>I am sure that this method of security is not secure at
>all, but the company selling the application doesn't
>seem to "get it", insisting that it is secure.
Maybe they really don't want secureity. I have heard of
some large banks that were using secure crypto that the Feds
may have had trouble reading the data so they stepped in and
made them use something else. If its for a job here in the US
you have to realize security is only a PR thing you really can't
do to good a job.
>
>I would like to determine the algorithm and key used
>to encrypt the password, thus showing them how the encrypted
>password stored in the file is easily decrypted thus allowing
>access to the data.
One common way to show this is see how they use the
encrypted data. Let them give you a test set of files and with
something that traces through the program see what different
paths are taken when the correct and incorrect password are used.
That is how many common systems fail. It is never wise to store the
password in the file even in encrypted form that is to be checked.
In my software I never store the password. I show a check number of
some sort that the users can look out to see it it is the same as when
he first encrypted a file but I will use whatever he types in as password
there is no check and it will encrypt or decrypted based on what the
user types in. If he types in the wrong one to bad. There is nothing
to test it with. WHen I worked for the FEDS they used commerical
applications that used the password in the wrong why on the Univac
and when you showed management how trival it was to break they
just got angry since they prefer to pretend it is safe.
Thats just the way commerical applications are and I think that is
really what the governent prefers business people use. After all they
can just pass a law saying its illegal to decrypted the data if your
not the intended recipent and of course our enimes are afraid of our
paper laws.
>
>I don't have the skills necessary to determine this, so I am
>asking you experts for help. I have generated a bunch of
>encryption's of the following: A,AAAAAAAAAA,ABCD,ABCDEFGHIJKLMNOP
>A salt must be used allowing different encrypted
>values so I have encrypted each of these plaintexts several times.
>Note that the encrypted values are always exactly twice as long as
>the plaintext. Also note that in lines 18, 35, 37, 39, and 40,
>the .'s (period's) are actually characters with hex code 7F.
>The . character doesn't otherwise appear to occur in the
>encrypted text. These plaintext passwords were entered as
>upper case, but I believe the password actually needed is
>case insensitive, so the case may not necessarily be preserved
>in the encryption/decryption process (but I have no reason to
>believe it isn't).
>
>If more plaintext encryption's would be helpful, let me know, I
>can create more.
>
>Also, if determining the algorithm/key used in this encryption
>is more difficult than I believe (unable to determine it without
>a major effort), then I would like to know that.
>
>Thank you all for any thoughts on this.
>
>
>Line Plaintext Encrypted
>==== ========== ================================
>01 A CR
>02 A N_
>03 A du
>04 A kz
>05 A >O
>06 A ET
>07 A fw
>08 A CR
>09 A 9H
>10 A L]
>11 A ET
>12 A ;J
>13 A ;J
just looking at a few I do see patterns CR ET ;J each of these is repeated
more than once notice these are 15 apart. Some are not my guess is this
method will not encrypt random bytes but only a subset of printable ascii
>
>14 AAAAAAAAAA N@;@@FU6Sj_QJQQWdGb{
Notice the N and the charact _ they are ten apart so I guess that maps to
an A also ; J are used above and 10 apart so I guess it maps to an A
if you tryed to decode @Q by itself using the same password as you used
on a single A I think I would bet a beer it maps to an A.
>15 AAAAAAAAAA [eE]^0mJiXjtTloA|[xi
E followed in last by T mapps to an A.
You didn't mention the password. Was it a single character or
the same character repeated many times. I find it amazing that
the A maps to the same chacter sets from more than one position.
Maybe I am wrong but I think you can see this is a piece
of shit for encryption I am sure even little boy Tommy can see
this for what it is. But let me assure you if you tell management they
will fucking hate your ass. Trust me on this one I have been there
and worked with asshole managers for years.
IF one wants to use the printable character set only and one wants
to add random padding and speed about the best method is the GVA
method. I think I have heard of a mexican windows compatable version
of the software that they could use but then again maybe I am all wet.
But then again if it does not have to be in ascii and they want real
security they could go all the way and use scott19u I am available for
hire.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Why no 3des for AES candidacy
Date: Thu, 16 Dec 1999 16:24:32 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Hideo Shimizu wrote:
>> Because NSA can't break triple DES.
>
>Information about the presence or absence of such a capability
>would be "not releasable to foreigners", at least not outside
>the US-UK axis; did you get it through espionage or are you just
>making it up?
>
>In actuality, NIST, not NSA, set the rules for AES.
Actually such information most likely has been given to
Clintons Chinese buddies and anyone with half a brain
knows the NSA will be pulling all the strings on AES.
the "not releasable to foreigners" does not mean anything
to a politican. It is just used to make them think they
are getting something secret. When in fact no common person
in the US every gets the truth about our crypto capabilites other
than the few meger crumbs they want thrown out.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Why no 3des for AES candidacy
Date: Thu, 16 Dec 1999 16:19:02 GMT
In article <[EMAIL PROTECTED]>, Hideo Shimizu
<[EMAIL PROTECTED]> wrote:
>
>
>UBCHI2 wrote:
>>
>> Why isn't 3des being considered for the AES? Is it because it is slower than
>> DES?
>
>Because NSA can't break triple DES. In other word, NSA wish to be AES as
>breakable cipher.
>
>H. Shimizu
>TAO, Japan
See even the Japanese are starting to wise up about the true meaning
of the AES. But I think he still has a way to go. It might be that they can
also break most forms of triple DES it is just that is may take a little
longer than the method the AES will end up blessing. But I can see they are
even starting to think for themselves. After all we where reading Japenese
encrypted mail to there embassy staff before world war II and they may
realize we do the same today and plan to do it for the foreseeable future.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Off topic -- 4 year old
Date: Thu, 16 Dec 1999 16:11:59 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Sukhoi2000) wrote:
>It is the little things in life that mean so much. If you can, please have
>everyone you know send a Christmas card to:
>
>Miss Paige Lane
>4538 S. Creek Rd.
>Cookeville, TN 38506-7606
>
>She is 4 years old and is dying from cancer, and the only thing she wants for
>Christmas is cards.
>
>Thanks.
Since this could be a rather evil trick. Do you have a URL to a common news
source on line requesting this. With this address. Since I think it would be
evil to flood someones house with thousands of letters if no one there
actaully had cancer. Maybe this is just some old girlfriend that you are
pissed at. Sorry for my questioning you but may liars post to this group.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Mr SHAW needs a BEER
Date: Thu, 16 Dec 1999 16:38:04 GMT
I have not commented much on our BIG SPRING crypto conference. I am
sure many of your friends most likely were surprised I even showed up.
I do find your ideas very interesting and can see why many of you ideas
are surpressed by the phony crypto gods. I will never tell of the secrets
you may have been privy to from the former NSA connects you had before
there untimely deaths. But the stories so amased be that I forgot to pay
for the BEER and that was one of the main reasons for our meeting. Next
time remind me before you get into the fascinating behind the scenes real
world of crypto. The next BEER is on me.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: "Tim Wood" <[EMAIL PROTECTED]>
Subject: Re: Ellison/Schneier article on Risks of PKI
Date: Thu, 16 Dec 1999 16:06:02 -0000
rosi wrote in message <82skuo$q0i$[EMAIL PROTECTED]>...
>
> Lastly, the thing related in some way to me. This is basically
>about Risk #7. First, what Bruce and Carl said makes good
>sense. I had tried CA plus RA but in a very, very special setting.
>In general, adding a RA does not help any perhaps. In special
>cases (i.e. special applications) it may add some value. I am
>not 100% sure. As we know, there are things, just as the very
>issue of trust, that are very difficult ones to handle. I tried something,
>but I am not satisfied with what I had. Anyway, I think for special
>cases, if designed well, addign a RA may help. Any opinions?
What about, using multiple RAs for a single CA. I think that adds
significant value, for example the RA could be in London, but could have RAs
in London, Paris , Madrid, Sydney.... in an organisation with offices spread
geographically. There is some assumtion of the RA's and CA all being on the
same side.... but this is politics.
In fact, I think the CA->RAs model is quite useful.
As is the CA->CAs->RAs model (although this makes the root's Key a bit of a
target).
tim
>
> --- (My Signature)
>
>
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Simple newbie crypto algorithmn
Date: Thu, 16 Dec 1999 11:14:31 GMT
On Thu, 16 Dec 1999 14:57:51 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>Certainly individuals can play it any way they want, but to imply that
>Science is just too busy to address improvements in a cipher seems to
>me to be an arrogant bridge too far.
He is implying no such thing. I'll relate an anecdote I've come
across at some point (I forget where).
"A beginner cipher designer creates a new system and takes it to a
cryptanalyst he knows. Doing the designer a favor he looks it over
and points out a weakness after a few minutes. Two days later he
brings it back with that one weakness fixed, a few minutes later he
finds another problem. A few days later the designer comes back
again. After half an hour the cryptanalyst writes stuff on three
pieces of paper and seals them in three envelopes and says "There are
three breaks in your system all related to standard attacks on
ciphers, you can have any one envelope, don't come back until you can
tell me what is in the other two."
Sure, we are willing to look at new ideas, but if you want beginner
level cryptanalysis on your cipher, do it yourself. There is no
obligation for people to do this guys work for him. This is one of
the problems with beginners designing ciphers, they have no clue what
makes a cipher weak. It is not impossible for a beginner to design a
secure cipher, but why should the burden be on the community to do
work the cipher designer is responsible for?
> Since cryptanalysis does not
>provide assurance of strength, its *best* role may be to provide
>feedback in the design of secure systems. That implies the analysis
>of *in*secure systems.
And if the designer doesn't know what makes a system insecure, how
can we expect them to know what makes for good security? As has been
pointed out in this group many times, it is trivial to design a secure
system given huge amounts of memory, processing power, computation
time, bandwidth and storage (6000-DES for example with 6000 keys for
each message). The current goal is to design faster, smaller ciphers
that are still secure against attack. If the designer has no idea
what attacks exist, it will be a matter of luck if his design can
withstand them. Anyone can get lucky if they make enough tries, but
why should the community have the burden of doing the analysis on
every system that gets designed. The designer should be the one doing
the initial testing.
>Cryptanalytic Scientists are in the position of having to address each
>system individually exactly because they have *not* made this area a
>true Science: If we could all go to some sort of encyclopedic
>reference and find the newbie system described there, we could just
>refer to the reference. But there is no such reference.
There are such references, they are not the systems but the attacks
used to defeat them. If the designer can not take the time and show
how his cipher resists the known attacks, why should anyone else take
the time to try to create new attacks against it?
>There are cases where changes to a proposal are invalid: When
>problems are pointed out, sometimes the proposer will handwave
>solutions for each problem which cannot be all applied at once. So it
>is best to make the proposer go back and produce one resulting system
>which then can be rationally addressed.
For a new attack sure, but if the attack is well known, it is the
responsibility of the designer to make sure they are defended against.
What you are proposing is equivalent to a plane company using a
prototype airliner with no design testing be used to carry passengers
and every time it crashes and kills 150 people they change the design
based on the results of the FAA analysis of the crash.
>Nevertheless, this idea that cryptography gets only one shot at
>perfection -- while cryptanalysis can try and try again -- is
>fundamentally warped.
No one here seems to have this idea, perhaps you are talking to the
wrong group of people. If a designer isn't willing to do beginner
level analysis of a design, he should pay someone to do it for him.
>In my mind, it embodies the worst parts of a
>student to teacher relationship, and it does not help us create secure
>systems for society.
It has nothing to do with a student-teacher relationship. It is
more akin to the student not reading the assignment and guessing the
answer, if the student gets it correct he goes to the next question,
if not he just guesses again and again. Wasting huge amounts of the
teachers time.
Best Wishes,
Johnny Bravo
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Deciphering without knowing the algorithm?
Date: Thu, 16 Dec 1999 16:26:57 +0000
"SCOTT19U.ZIP_GUY" wrote:
> I know enough to know that you don't understand C "very"
> well if you can't follow a simple C program.
Have you ever seen the winners of the obfuscated C
programming contest? Those are small and simple programs.
Yet they are really hard to read. Now I haven't read
your C code so I can not comment on it but a description
in some mathematical form would be prefered
over C code by most people in this forum.
Regards,
Coen Visser
------------------------------
Subject: Re: Keystrokes monitored/encryption useless
From: Roger Carbol <[EMAIL PROTECTED]>
Date: Thu, 16 Dec 1999 16:50:37 GMT
molypoly <[EMAIL PROTECTED]> wrote:
>How would one get around this if this software
>got into the wrong hands?
Crypto software should be run on an isolated machine that is not
part of any network. Encrypted data can be transferred via
diskette, or print & then rescan, or whatever.
.. Roger Carbol .. [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Keystrokes monitored/encryption useless
Date: Thu, 16 Dec 1999 11:56:12 GMT
On Thu, 16 Dec 1999 04:56:56 GMT, molypoly <[EMAIL PROTECTED]>
wrote:
> Take a look at the latest article from Privacytimes.com at
>http://www.privacytimes.com/dirt_8_17.htm
> The program is called DIRT and it records all your keystrokes. When
>you're online, it sends them to the receipient.
> This means that your keystrokes made while making your encryption
>keys are now worthless! How would one get around this if this software
>got into the wrong hands?
This is old news, and since the government has it; it is already in
the wrong hands. :)
There are easy safeguards like your encryption computer is not
connected to the internet. Use an old 486 that is doing duty as a
doorstop somewhere and run PGP on that. Transfer the messages from
there to your internet computer for mailing. Also use a firewall on
your internet computer, no program can send anything outbound without
your express permission. And a process monitor as someone else
mentioned, if you can spot it running you can kill it.
Your security normally has so many holes that it isn't possible to
be 100% secure. You weigh your risk against your security. I doubt
the NSA is going to break into my house and install a keylogger so I
didn't bother to put bars on my windows and a retina scanner on my
solid steel front door, I'm not that important. Hackers over the
internet are a possible problem so I take steps against them.
Best Wishes,
Johnny Bravo
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Why no 3des for AES candidacy
Date: Thu, 16 Dec 1999 11:23:46 -0500
Eric Lee Green wrote:
>
> Paul Koning wrote:
> > Eric Lee Green wrote:
> > > ...
> > > Today's enterprise-class tape drives can handle streams of up to 40 megabytes
> > > per seconds. The servers that feed these beasts may have multiple gigabit
> > > Ethernet cards so that they can suck down enough data to keep the pipe full. I
> > > looked at encrypting those streams with 3DES, since 3DES is a nice proven
> > > algorithm, but it was just TOO BLOODY SLOW.
> >
> > Actually, in silicon 3DES isn't too bad.
>
> Unfortunately, network cards which incorporate encryption are not currently
> available for a reasonable price. The problem is U.S. export restrictions --
> having two versions of hardware (one domestic, one global) is much harder than
> having two versions of software (where you can basically chop out the
> encryption with one #define at compile time).
I'm not sure that's the reason. The hardware equivalent of a #define is
leaving off the relevant chip when you assemble the board... :-)
In any case, while you may be right about "network cards which
incorporate encryption", there are other ways. Unless you're
out of slots, you can simply put the crypto chip on a separate
card.
I'm pretty sure such cards can be had off the shelf (though two
vendors I know of have been acquired and are now off doing
other things). And for some chips at least the work of
making the card is really easy. (We build routers with
such cards; the crypto card is basically a single crypto
chip, a single SRAM chip, and serial EEPROM, and a small
number of passive components.)
paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
