Cryptography-Digest Digest #793, Volume #10 Sun, 26 Dec 99 11:13:00 EST
Contents:
how good is RC4? (Raddatz Peter)
Re: Are PGP primes truly verifiable? (Darrel Hankerson)
Re: Are PGP primes truly verifiable? (Darrel Hankerson)
Re: Bits 1 to 3 (Re: question about primes) ("John E. Gwyn")
Re: More idiot "security problems" ("John E. Gwyn")
Re: More idiot "security problems" (John Savard)
Re: More idiot "security problems" (John Savard)
Re: how good is RC4? (Tom St Denis)
Re: Bits 1 to 3 (Re: question about primes) (Matthew Montchalin)
Re: Are PGP primes truly verifiable? (Paul Schlyter)
--- sci.crypt charter: read before you post (weekly notice) (D. J. Bernstein)
Re: how good is RC4? (Guy Macon)
Re: More idiot "security problems" (Guy Macon)
Adobe Acrobat File Encryption...AAARGH!! ("Piff")
using salt with passwords (unix-type question) (David Crick)
Re: how good is RC4? (Johnny Bravo)
Enigma (Akula)
Re: Are PGP primes truly verifiable? (Patricia Gibbons)
Re: using salt with passwords (unix-type question) (Johnny Bravo)
----------------------------------------------------------------------------
From: Raddatz Peter <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: how good is RC4?
Date: Sat, 25 Dec 1999 13:27:34 -0800
I'm kind of partial to RC4 for its simplicity. Has it been broken? I
mean to the point where any RC4 cipher can be, easily, reversed?
Peter Rabbit
------------------------------
From: Darrel Hankerson <[EMAIL PROTECTED]>
Subject: Re: Are PGP primes truly verifiable?
Date: 25 Dec 1999 16:30:14 -0600
Bob Silverman <[EMAIL PROTECTED]> writes:
> More nonsense. The decryption would work ONLY if N were a
> Carmichael number. But if N = pq is a mere M-R pseudoprime,
> then when you compute the private exponent as d = e^-1 mod phi(N),
> this value of d will be incorrect since your presumed value for
> phi(N), namely (p-1)(q-1) will not be correct.
in response to
>>> Wouldn't the decryption process not work if one of the "primes" was
>>> actually composite?
>> The decryption would work.
Apparently, Silverman means to say that "p and q are pseudoprimes",
rather than "N is a...pseudoprime". If I recall correctly, an example
of the following type appears in Salomaa's textbook, showing that
there are other cases where decryption will succeed.
Consider the case p=p1*p2 where p1 != p2 are primes distinct from q
(and N=pq). If lcm(p1-1,p2-1,q-1) | (p-1)(q-1), then decryption with
d obtained from ed = 1 (mod (p-1)(q-1)) will succeed.
The case p=15 and q=7 is an example (and N=pq is not Carmichael).
--
--Darrel Hankerson [EMAIL PROTECTED]
------------------------------
From: Darrel Hankerson <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: 25 Dec 1999 17:41:07 -0600
Bob Silverman <[EMAIL PROTECTED]> writes:
> More nonsense. The decryption would work ONLY if N were a
> Carmichael number. But if N = pq is a mere M-R pseudoprime,
> then when you compute the private exponent as d = e^-1 mod phi(N),
> this value of d will be incorrect since your presumed value for
> phi(N), namely (p-1)(q-1) will not be correct.
in response to
>>> Wouldn't the decryption process not work if one of the "primes" was
>>> actually composite?
>> The decryption would work.
If I recall correctly, an example of the following type appears in
Salomaa's textbook, showing that there are other cases where
decryption will succeed.
Consider the case p=p1*p2 where p1 != p2 are primes distinct from q
(and N=pq). If lcm(p1-1,p2-1,q-1) | (p-1)(q-1), then decryption with
d obtained from ed = 1 (mod (p-1)(q-1)) will succeed.
The case p=15 and q=7 is an example (and N=pq is not Carmichael).
--
--Darrel Hankerson [EMAIL PROTECTED]
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Sat, 25 Dec 1999 20:25:46 -0600
Matthew Montchalin wrote:
> On Sat, 25 Dec 1999, Mark Adkins wrote:
> |(i.e., in terms of the absolute number of primes which end in
> |nines and ones vs. the absolute number of primes which end in
> |threes and sevens, the former group falls behind the latter,
> |and by larger and larger amounts).
> Your intuition impresses me. Perhaps this would make more
> sense to me if we could somehow represent these putative
> primes in binary notation instead of decimal notion?
> For instance, why would primes ending in %1001 and %0001
> tend to occur more often than primes ending in %0111 and %0011?
Assuming Mark was talking about decimal notation, you can't
convert to binary by converting the last digit independently.
- Douglas (not John)
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: More idiot "security problems"
Date: Sat, 25 Dec 1999 20:27:23 -0600
Terry Ritter wrote:
> *Any* *group* can create an encryption algorithm that no-one in the
> group can break.
The truth of that or similar "laws" is by no means evident.
- Douglas
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: More idiot "security problems"
Date: Sun, 26 Dec 1999 02:55:04 GMT
On Sat, 25 Dec 1999 12:15:24 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote:
>Just to keep things honest, I would say the real situation is even
>more general:
>*Any* *group* can create an encryption algorithm that no-one in the
>group can break.
>Here "group" includes individuals, academics, AES participants, etc.
Come to think of it, that is a consequence of the law to which you
replied: at least the smartest guy in the group, when creating a
cipher he cannot break, will have created one the rest of the group
can't break.
However, it doesn't automatically follow that those who are not
members of the "best" group (NSA employees) must give up all hope. But
if what you mean is that it is very hard to tell...well, that is quite
correct. It is hard to tell, so I think that for serious use, even the
best-respected academic designs should be "padded" with things like
extra rounds to be on the safe side (where resources permit, as Bruce
Schneier has often pointed out, they do not always do so).
But I have to admit that is just a personal opinion on my part; since,
in the nature of things, substantive evidence one way _or the other_
is hard to come by.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: More idiot "security problems"
Date: Sun, 26 Dec 1999 02:58:05 GMT
On Sat, 18 Dec 1999 07:17:47 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Eric Lee Green wrote:
>> Unfortunately, it appears that a) people are stupid and will run
>> anything that comes into their mailbox, ...
>That's not necessarily due to stupidity -- sometimes the mail
>interface automatically interprets HTML, for example, invoking
>"helpers" for embedded file types etc.
I'll agree that stupidity isn't quite the right word for a new, naive
Internet user not first going through his mail program or web browser,
and turning off the dangerous options (and having the technical
knowledge to realize which ones they are).
It's the companies who supply such software with hazardous defaults
that have available the technical expertise to know better. Stupidity,
or something stronger, might well be the appropriate term for their
part in this situation.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: how good is RC4?
Date: Sun, 26 Dec 1999 03:44:10 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> I'm kind of partial to RC4 for its simplicity. Has it been broken? I
> mean to the point where any RC4 cipher can be, easily, reversed?
> Peter Rabbit
>
I think some sort of key detection routine has started, but it's
avoidable if you dump the first set of output. I would ask Wagner
since he seemed to have apaper on it :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Sun, 26 Dec 1999 01:32:27 -0800
On Sat, 25 Dec 1999, John E. Gwyn wrote:
|Matthew Montchalin wrote:
|> On Sat, 25 Dec 1999, Mark Adkins wrote:
|> |(i.e., in terms of the absolute number of primes which end in
|> |nines and ones vs. the absolute number of primes which end in
|> |threes and sevens, the former group falls behind the latter,
|> |and by larger and larger amounts).
|> Your intuition impresses me. Perhaps this would make more
|> sense to me if we could somehow represent these putative
|> primes in binary notation instead of decimal notion?
|> For instance, why would primes ending in %1001 and %0001
|> tend to occur more often than primes ending in %0111 and %0011?
|
|Assuming Mark was talking about decimal notation, you can't
|convert to binary by converting the last digit independently.
How about BCD? ;)
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: 26 Dec 1999 09:28:05 +0100
In article <8433nt$60r$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]> wrote:
> > But since the modulus would contain
> > > smaller factors, it would be easier to factorise.
>
> No. Suppose you generate p anq as random 512 bit primes
> and (horror!) it turns out that p is the product of a 200 and a 312
> bit prime. The product pq is not any easier to factor in this case than
> if p and q were both prime.
Are you really seriously claiming that the difficulty in factoring a
number is independent of the size of the factors?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Crossposted-To: talk.politics.crypto
Subject: --- sci.crypt charter: read before you post (weekly notice)
Date: 26 Dec 1999 06:00:04 GMT
sci.crypt Different methods of data en/decryption.
sci.crypt.research Cryptography, cryptanalysis, and related issues.
talk.politics.crypto The relation between cryptography and government.
The Cryptography FAQ is posted to sci.crypt and talk.politics.crypto
every three weeks. You should read it before posting to either group.
A common myth is that sci.crypt is USENET's catch-all crypto newsgroup.
It is not. It is reserved for discussion of the _science_ of cryptology,
including cryptography, cryptanalysis, and related topics such as
one-way hash functions.
Use talk.politics.crypto for the _politics_ of cryptography, including
Clipper, Digital Telephony, NSA, RSADSI, the distribution of RC4, and
export controls.
What if you want to post an article which is neither pure science nor
pure politics? Go for talk.politics.crypto. Political discussions are
naturally free-ranging, and can easily include scientific articles. But
sci.crypt is much more limited: it has no room for politics.
It's appropriate to post (or at least cross-post) Clipper discussions to
alt.privacy.clipper, which should become talk.politics.crypto.clipper at
some point.
There are now several PGP newsgroups. Try comp.security.pgp.resources if
you want to find PGP, c.s.pgp.tech if you want to set it up and use it,
and c.s.pgp.discuss for other PGP-related questions.
Questions about microfilm and smuggling and other non-cryptographic
``spy stuff'' don't belong in sci.crypt. Try alt.security.
Other relevant newsgroups: misc.legal.computing, comp.org.eff.talk,
comp.org.cpsr.talk, alt.politics.org.nsa, comp.patents, sci.math,
comp.compression, comp.security.misc.
Here's the sci.crypt.research charter: ``The discussion of cryptography,
cryptanalysis, and related issues, in a more civilised environment than
is currently provided by sci.crypt.'' If you want to submit something to
the moderators, try [EMAIL PROTECTED]
---Dan
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: how good is RC4?
Date: 26 Dec 1999 05:35:17 EST
In article <8442n3$ovf$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
>
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> I'm kind of partial to RC4 for its simplicity. Has it been broken? I
>> mean to the point where any RC4 cipher can be, easily, reversed?
>> Peter Rabbit
>>
>
>I think some sort of key detection routine has started, but it's
>avoidable if you dump the first set of output. I would ask Wagner
>since he seemed to have apaper on it :)
I am very interested in the ciphersaber version of RC4 because it is
strong encryption that I can legally take with me on my many overseas
trips (See note). I also like the fact that the encrypted file looks
like random data with no byte pattern that identifies it as a
ciphersaper encrypted file - this makes it easier to get the
encrypted file past various firewalls, sniffers and such. Any info
on weaknesses would be much appreciated.
Note: I have memorized a 54 character passphrase with 5
english words, 14 random letters, 3 numbers, 3 printable
punctuation characters and 3 high order ascii characters.
I have also memorized how to write a cyphersaber or
cyphersaber2 program using Qbasic in Windows NT. Thus I
can export cyphersaber inside of my head.
(The user on both ends is me - I am sending information to
myself for when I return to the US. The threat that I am
addressing is coworkeres or management of the company I
work for attempting to read the information. If the police,
etc. can get at the info, that's fine with me. I know all
of the tricks about multiuser systems, cache files on disk,
unerasing files, etc.)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: More idiot "security problems"
Date: 26 Dec 1999 05:39:36 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(John Savard) wrote:
>
>It's the companies who supply such software with hazardous defaults
>that have available the technical expertise to know better. Stupidity,
>or something stronger, might well be the appropriate term for their
>part in this situation.
>
I couldn't agree more. I wince when I hear news reports about the
Melissa virus - what kind or moron designs an email program and
operating system combo that gives an incoming email the right to
send emails without asking? Yet all I hear is blame for the rat
who exploited this design flaw, and no blame for Monopolysoft.
------------------------------
From: "Piff" <[EMAIL PROTECTED]>
Subject: Adobe Acrobat File Encryption...AAARGH!!
Date: Sun, 26 Dec 1999 13:09:42 -0000
Hi There
I've spent the last two weeks trying to find more information on the
encryption method used by Adobe Acrobat but can't seem to find anything.
Do they use a algorithm created by themselves or a standard method like XOR?
I assume that as they can export the software it's restricted but other than
that I have no idea...
Could one of you kind peeps give me an idea where to look as I'm down to my
last patch of hair!!
Thanks
Piff
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: using salt with passwords (unix-type question)
Date: Sun, 26 Dec 1999 13:20:46 +0000
Perhaps some of the more unix-inclined may be able to help me with
this one.
I'm simply looking for information (and preferably a little source
code) on how salt is used/added to the password [hash] entry and
then stored/verified.
Thanks!
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP Public Keys: RSA 0x22D5C7A9 DH/DSS 0xBE63D7C7 |
+-------------------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: how good is RC4?
Date: Sun, 26 Dec 1999 10:02:51 GMT
On 26 Dec 1999 05:35:17 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
>Note: I have memorized a 54 character passphrase with 5
>english words, 14 random letters, 3 numbers, 3 printable
>punctuation characters and 3 high order ascii characters.
>I have also memorized how to write a cyphersaber or
>cyphersaber2 program using Qbasic in Windows NT. Thus I
>can export cyphersaber inside of my head.
That password sounds like overkill if you are only worrying about
coworkers or company management. Just the 5 english words (assuming
they are not a sentence), will be at least 65 bits if chosen at random
and the 14 letters at random another 65 (80 for upper and lower case).
Do you really think your company has the resources to brute force even
a 65 bit password much less one that could easily be 150 bits plus?
Also, be aware that starting your password with a non-printable
ascii character would weaken a cyphersabre-1 password.
You don't need a nuke where a sledgehammer will do. :)
Best Wishes,
Johnny Bravo
------------------------------
From: Akula <[EMAIL PROTECTED]>
Subject: Enigma
Date: Sun, 26 Dec 1999 15:12:28 +0000
I have some enigma encrypted text which I wish to crack does anybody
know how the orignal collosus worked, what the original metod of attack
was.
Thanks
AK
please respond to email.
------------------------------
From: Patricia Gibbons <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: Sun, 26 Dec 1999 07:17:19 -0800
Reply-To: [EMAIL PROTECTED]
Bob Silverman wrote:
> Greg <[EMAIL PROTECTED]> wrote:
> ? And if you manage
> > > to factorise the modulus, you've broken that particular RSA key.
> >
Bob Silverman wrote:
> Except that PGP does not use RSA. It uses D-H.
>
Trish blinks and replies:
Whoa.. my versions of PGP are ONLY RSA as they are the
earlier commercial versions 4.0 and 4.5 ..
Trish
--
Patricia E. Gibbons
Acting Chief Communications Technician
City of San Jose - ITD/communications
<http://www.qrz.com/callsign.html?callsign=wa6ube>
......................................
My Public Key is available at:
<http://pgp5.ai.mit.edu:11371/pks/lookup?op=vindex&search=0xEDECB44F>
Key ID: 0xEDECB44F
This key is RSA, NOT Diffie-Hellman !!
Echelon Magnet:
Michigan shore may be fruitful.
Drop 6 continues to be reliable
indicator. Semtex Blowpipe
Capricorn Gamma Gorizont
penrep racal.
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: using salt with passwords (unix-type question)
Date: Sun, 26 Dec 1999 10:23:17 GMT
On Sun, 26 Dec 1999 13:20:46 +0000, David Crick <[EMAIL PROTECTED]>
wrote:
>I'm simply looking for information (and preferably a little source
>code) on how salt is used/added to the password [hash] entry and
>then stored/verified.
After hearing about it, I'm sure you can figure the code out
yourself. :)
<simple version>
When the password is first created add a random value to the end of
it (say 1 to 1024). You hash this value and store it.
When the password is entered, you add every value from 1 to 1024 to
the password in sequence and hash it, comparing each entry to the
stored hash. If you get a match the password is good.
<end simple version>
Best Wishes,
Johnny Bravo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
