Cryptography-Digest Digest #789, Volume #10 Fri, 24 Dec 99 16:13:00 EST
Contents:
Re: Are PGP primes truly verifiable? (Paul Schlyter)
Re: Of one time pads, plaintext attacks, and fantasy ("Colin Barker")
Microsoft and crypto ("Laurent Foramitti")
ECC (MANIK TANEJA)
Re: Are PGP primes truly verifiable? (James Pate Williams, Jr.)
Re: Are PGP primes truly verifiable? (Scott Fluhrer)
Re: unbreakable? ("Gary")
Re: Are PGP primes truly verifiable? ("Gary")
Re: Of one time pads, plaintext attacks, and fantasy (SCOTT19U.ZIP_GUY)
Re: Are PGP primes truly verifiable? (lordcow77)
Re: Are PGP primes truly verifiable? (Guy Macon)
How strong is Pliny Earle Chase Method? (UBCHI2)
Re: compression & encryption ("John E. Gwyn")
Re: How strong is Pliny Earle Chase Method? (John Savard)
Re: Are PGP primes truly verifiable? (Johnny Bravo)
Re: If you're in Australia, the government has the ability to modify
([EMAIL PROTECTED])
financial crypto & e-cash milis/newsgroup ("Arrianto Mukti Wibowo")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: talk.politics.crypto;
Subject: Re: Are PGP primes truly verifiable?
Date: 24 Dec 1999 08:14:15 +0100
In article <83uq56$gs6$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]> wrote:
> Since PGP primes are getting to be very large now (to keep
> up with demand for strength against newer computers), it
> seems to me that they are becoming more impossible to
> verify as true primes.
>
> Is this a reasonable assumption?
>
> With ECC, a private key is simply an integer (any value will do)
> and the public key is always a valid result of a point multiply.
> To be specific, ECC keys are all valid. Yet, PGP and other IFC
> keys are getting to the point where verifying their validity
> of strength is impossible.
>
> Any comments?
Promes used for key generation are validated statistically: aplpy
a test with that prime and a random number: if the test fails, it's
no prime but if it succeeds, there's a 50% chance it's a prime.
Repeat the test n times, and there's 2^n-1 chances out of 2^n that
it's a prime.
Which means if you apply this test 32 times to each prime, and you
generate 4 billion primes, one of them won't actually be a prime,
and you don't know which one.
If you think this is too insecure, apply the test 64, or 128, times
instead.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: "Colin Barker" <[EMAIL PROTECTED]>
Subject: Re: Of one time pads, plaintext attacks, and fantasy
Date: Fri, 24 Dec 1999 10:21:23 +0100
Paul Rubin a �crit dans le message
<83pbtr$k4g$[EMAIL PROTECTED]>...
>In article <83p7al$kut$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>>Towards the end of "Cryptonomicon" by Stephenson (interesting
>>novel by the way, anybody know of any others that use crypto as a plot
>>device??)
>
>There are quite a few. "The Key To Rebecca" (about cryptanalyzing
>a book code to catch a spy) by Ken Follett is a fairly good one.
Another one is, from memory, "Have His Carcase" by Dorothy L. Sayers. This
involves a Playfair cipher.
Colin
E-mail: mailto:[EMAIL PROTECTED]
Internet: http://perso.wanadoo.fr/colin.barker
------------------------------
From: "Laurent Foramitti" <[EMAIL PROTECTED]>
Subject: Microsoft and crypto
Date: Fri, 24 Dec 1999 11:33:01 +0100
Hi,
Does Anybody know, how I can use a DES algo (where can I find a such algo)
in a WEB applet with the Microsoft VM ?
Regards
--
__________________________________
Foramitti Laurent
Universit� de Liege,
Facult� des sciences appliqu�es, Informatique
Service de syst�mes et mod�lisation.
B�timent B.37
Gde Traverse 12
4000 li�ge
Email : [EMAIL PROTECTED]
T�l. :04/3662602
------------------------------
From: MANIK TANEJA <[EMAIL PROTECTED]>
Subject: ECC
Date: Fri, 24 Dec 1999 16:56:24 +0000
Hi all !Where can I get information relating to ECEC ( Elliptical
Curve Encryption System) and ECKEP ( Elliptical Curve Key Exchange
Protocol), preferabbly a website.
Thanks
Manik Taneja
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Crossposted-To: talk.politics.crypto;
Subject: Re: Are PGP primes truly verifiable?
Date: Fri, 24 Dec 1999 12:23:58 GMT
On Fri, 24 Dec 1999 03:45:09 GMT, Greg <[EMAIL PROTECTED]> wrote:
>Since PGP primes are getting to be very large now (to keep
>up with demand for strength against newer computers), it
>seems to me that they are becoming more impossible to
>verify as true primes.
>
>Is this a reasonable assumption?
>
>With ECC, a private key is simply an integer (any value will do)
>and the public key is always a valid result of a point multiply.
>To be specific, ECC keys are all valid. Yet, PGP and other IFC
>keys are getting to the point where verifying their validity
>of strength is impossible.
>
>Any comments?
>
>--
>The only vote that you waste is the one you never wanted to make.
>RICO- we were told it was a necessary surrender of our civil liberties.
>Asset Forfeiture- the latest inevitable result of RICO.
>http://www.ciphermax.com/book
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
See _Handbook of Applied Cryptography_ by Alfred J. Menezes et al.
4.62 Algorithm Maurer's algorithm for generating provable primes page
153. I use this algorithm in implementing 8.1 Algorithm.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: Are PGP primes truly verifiable?
Date: Fri, 24 Dec 1999 12:51:30 GMT
In article <83v6g7$84v$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Schlyter) wrote:
>In article <83uq56$gs6$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]> wrote:
>
>> Since PGP primes are getting to be very large now (to keep
>> up with demand for strength against newer computers), it
>> seems to me that they are becoming more impossible to
>> verify as true primes.
>>
>> Is this a reasonable assumption?
>>
>> With ECC, a private key is simply an integer (any value will do)
>> and the public key is always a valid result of a point multiply.
>> To be specific, ECC keys are all valid. Yet, PGP and other IFC
>> keys are getting to the point where verifying their validity
>> of strength is impossible.
>>
>> Any comments?
>
>Promes used for key generation are validated statistically: aplpy
>a test with that prime and a random number: if the test fails, it's
>no prime but if it succeeds, there's a 50% chance it's a prime.
>Repeat the test n times, and there's 2^n-1 chances out of 2^n that
>it's a prime.
Actually, such tests are available, but (the last time I checked the
source), PGP doesn't use them. The tests it uses are:
- p has no small factors (small = less than, say, 10000)
- 2**(p-1) == 1 mod p
- 3**(p-1) == 1 mod p
- 5**(p-1) == 1 mod p
- 7**(p-1) == 1 mod p
If all the above is true, then p is considered a prime. And, since
there is no random input to the above test, it's not a statistic
test, and certain composites (such as (6k+1)(12k+1)(18k+1)
Carmichael numbers) will pass it as well.
However, the OP's question appears to be the "strength" (eg. the
resistance to factorization) of the generated public key. This
is a different question entirely, and is difficult to answer except
by going through the various factorization methods, and showing
that each one will succeed quickly with very low probability.
--
poncho
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: unbreakable?
Date: Fri, 24 Dec 1999 13:43:53 -0000
Since the encryption method isn't supplied it could theoretically be never
(~not for a very long time) solved.
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: Fri, 24 Dec 1999 13:53:39 -0000
Even if the primes pass the tests and yet are 'liars', are they still
relatively strong with regard to usage in PGP?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Of one time pads, plaintext attacks, and fantasy
Date: Fri, 24 Dec 1999 15:17:27 GMT
In article <[EMAIL PROTECTED]>, Dave Hazelwood
<[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (John Savard) wrote:
>
>>On Wed, 22 Dec 1999 00:51:35 GMT, [EMAIL PROTECTED] wrote:
>>
>>>I know that in general, that was a technique sometimes used during
>>>wartime to break enemy ciphers. But the more I thought about it, I don't
>>>see how that would work with a one-time system.
>>
>>You're right, it couldn't.
>>
>>>The system in question was based on generating a pseudo-random sequence
>>>(using a Riemann-zeta function) and then adding it mod(26) to the
>>>plaintext.
>>
>>But that isn't a one-time system. So it could work there, because a
>>cryptanalyst might recognize the mathematical pattern in the _pseudo_
>>random sequence.
>
>But are there not an infinite number of pseudo-random pads that will
>yield different readable text when xor'd with any message ? How can
>you ever know when you have recognized the "right" one ?
>
>A clever approach might be to wrote an innocuous message and then
>encrypt it with a recognizable mathematical patterened key and then
>create another pad that deciphers it into your real message?
>
>I still think this is the best form of crypto. Each message stands
>alone and must be broken and you can never be sure you have the right
>answer.
>
>Algorithmic encryption on the other hand yields the answer to all
>messages when it is factored, can be brute forced or otherwise
>compromised.
>
>If I were the NSA, I would not only hope everyone would use
>algorithmic techniques but would go out of my way to discredit
>the alternative. No?
I had a program that was very easy to write so I will just tell you how
to do it. Encrypt the real message with something like scott16u take
that output and a shorter Text file that you want the NSA or your Uncle
to read. Form a file that is compossed so that every odd byte is exactly
the scott16u output and the even bytes are the Xor of the previous byte
and the text you want to be cleverly intercepted. When you get to the
end of the short text file that you wnat to be intercept use 0 so that you
have 2 bytes in a row that are the same the odded numbered byte and
the next even numbered byte. Let the rest of the file be the scott16u
output. Then when your mesaage is intercepted the NSA will be happy that
they think they can break it but you will be happy knowing that they will
be wrong. Also if they are really dumb and you go to court you can show
the easy way to decode your message to get the nice text. They will
not be able to prove its crypto since you can deminstate that no key was
invlovled.
When you want the real messaeg you just seperate at every other byte
till the two match and then use rest of file as the one to be decrypted.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: lordcow77 <[EMAIL PROTECTED]>
Subject: Re: Are PGP primes truly verifiable?
Crossposted-To: talk.politics.crypto
Date: Fri, 24 Dec 1999 07:24:01 -0800
In article <83vu2d$el9$[EMAIL PROTECTED]>, "Gary"
<[EMAIL PROTECTED]> wrote:
> Even if the primes pass the tests and yet are 'liars', are they
> still
> relatively strong with regard to usage in PGP?
Wouldn't the decryption process not work if one of the "primes" was
actually composite? phi(n) would no longer equal (p-1)*(q-1) since p
and q aren't both prime.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: 24 Dec 1999 10:41:25 EST
In article <83vu2d$el9$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Gary)
wrote:
>
>Even if the primes pass the tests and yet are 'liars', are they still
>relatively strong with regard to usage in PGP?
If I understand it correctly, PGP is based on the idea that it is very
easy to multiply two big primes to get a big number, but very hard to
start with the big number and figure out which two primes created it.
I don't know what starting with a nonprime or two would do, but I
suspect that it wouldn't be good.
It is fairly easy to verify whether a particular number is or isn't
a prime, even if it is a big number. The difficulty in using this
method for finding new primes is that you have to run some version
of the test for primeness on every possible integer. Good prime
search programs use faster methods to narrow the list of integers
into a shorter list of candidates first.
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: How strong is Pliny Earle Chase Method?
Date: 24 Dec 1999 15:45:52 GMT
David Kahn writes that the P.E. Chase method is "hermetically" sealed.
However, do you think the method is really so strong?
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: compression & encryption
Date: Fri, 24 Dec 1999 10:47:17 -0600
Kenneth Almquist wrote:
> If your encryption is strong enough to resist a known plaintext
> attack, then it doesn't matter if your compression algorithm is
> bijective or not.
That's almost right. It is in principle *possible* for some
compression scheme to "resonate" with the outer encryption and
weaken it, but that is most unlikely.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How strong is Pliny Earle Chase Method?
Date: Fri, 24 Dec 1999 09:34:27 GMT
[EMAIL PROTECTED] (UBCHI2) wrote, in part:
>David Kahn writes that the P.E. Chase method is "hermetically" sealed.
>However, do you think the method is really so strong?
It's good for a paper-and-pencil method, particularly for the era in
which it was invented. I don't think Dr. Kahn intended to imply more
than that, particularly as he wrote of the folly of inventors of
"unbreakable" ciphers.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Are PGP primes truly verifiable?
Date: Fri, 24 Dec 1999 12:40:21 GMT
On Fri, 24 Dec 1999 12:51:30 GMT, Scott Fluhrer
<[EMAIL PROTECTED]> wrote:
>Actually, such tests are available, but (the last time I checked the
>source), PGP doesn't use them. The tests it uses are:
Current Sources (6.5.1) use 11, 13 and 17 as well as make several
other strong checks for pseudoprimes (composite numbers that pass a
Fermat test to the base 2). The density of pseudoprimes for 1024 bit
numbers (such as are used in 2048 bit keys) is between 6.63e-45 and
1.88e-304 and is thought to be around 4.40e-89. The density of actual
1024 bit prime numbers is about 1.41e-3; the chances of getting a
pseudoprime from a number of 1024 bits picked at random instead of a
real prime are at least 2.13e41 to 1, and are thought to be closer to
3.2e85 to 1.
Ronald Rivest in "Finding Four Million Large Random Primes", in
Advances in Cryptology: Proceedings of Crypto '90 gives a theoretical
argument that the chance of finding a 256-bit non-prime which
satisfies one Fermat test to the base 2 is less than 10^-22. The
small divisor test improves this number, and if the numbers are 512
bits (as needed for a 1024-bit key) the odds of failure shrink to
about 10^-44. Thus, he concludes, for practical purposes *one* Fermat
test to the base 2 is sufficient. The rest of the tests {3..17} are
just extra security, along with the rest of the pseudoprime tests.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify
Date: Fri, 24 Dec 1999 14:47:13 -0500
Greg wrote:
> Did you think Bill got
> to become the richest man in the world because he sold
> software?
Yes, he did.
And this is undisputed knowledge.
------------------------------
From: "Arrianto Mukti Wibowo" <[EMAIL PROTECTED]>
Subject: financial crypto & e-cash milis/newsgroup
Date: Sat, 25 Dec 1999 04:01:28 +0800
Hello,
Does anybody know any mailing list or newsgroup for people whose interested
in financial cryptography, especially e-cash?
Sincerely,
-mukti
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
