Cryptography-Digest Digest #794, Volume #10 Sun, 26 Dec 99 18:13:00 EST
Contents:
Re: how good is RC4? (fungus)
Re: Are PGP primes truly verifiable? (Bob Silverman)
Re: Enigma (John Savard)
Re: Bits 1 to 3 (Re: question about primes) (wtshaw)
Re: Bits 1 to 3 (Re: question about primes) ("John E. Gwyn")
Re: Enigma ("John E. Gwyn")
Re: how good is RC4? (Guy Macon)
Re: Enigma (Jim Gillogly)
Re: Bits 1 to 3 (Re: question about primes) (Matthew Montchalin)
Re: Are PGP primes truly verifiable? (Paul Schlyter)
ToySaber: a dehanced CipherSaber. (Guy Macon)
Re: Is it a hash or a cipher? (Mok-Kong Shen)
Re: ToySaber: a dehanced CipherSaber. (Jim Gillogly)
Re: Enigma (John Savard)
Re: Adobe Acrobat File Encryption...AAARGH!! (John Savard)
triplet format (Doo2doo)
----------------------------------------------------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: how good is RC4?
Date: Sun, 26 Dec 1999 17:31:20 +0100
Raddatz Peter wrote:
>
> I'm kind of partial to RC4 for its simplicity. Has it been broken? I
> mean to the point where any RC4 cipher can be, easily, reversed?
> Peter Rabbit
RC4(tm) is really good, but has a couple of problems:
1) You can never use the same password twice unless you use salt
(*many* RC4 systems were stillborn because of this one).
2) There are some weak password. This is easy to avoid by throwing
away the start of the output (the first 256 bytes is plenty).
If you bear these two things in mind and code accordingly then you
should be as safe as with any other cipher.
See: http://www.ciphersaber.gurus.com/ for examples.
Note that RC4 is a trademark. The rest of the world calls it
ARCFOUR.
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: Sun, 26 Dec 1999 17:45:03 GMT
In article <844jil$f0d$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Schlyter) wrote:
> In article <8433nt$60r$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]> wrote:
>
> > > But since the modulus would contain
> > > > smaller factors, it would be easier to factorise.
> >
> > No. Suppose you generate p anq as random 512 bit primes
> > and (horror!) it turns out that p is the product of a 200 and a 312
> > bit prime. The product pq is not any easier to factor in this case than
> > if p and q were both prime.
>
> Are you really seriously claiming that the difficulty in factoring a
> number is independent of the size of the factors?
Yes.
Neither the Quadratic Sieve nor the Number Field Sieve care one
whit about the size of the factors or how many there are.
Their run time depends only on the size of the modulus.
N = pqr where p is 200 bits, q is 312 and r is 512 is as hard to
factor as n = p1 p2 where p1, p2 are both 512 bits, since
finding either p or q is well out of range of ECM.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Enigma
Date: Sun, 26 Dec 1999 17:37:18 GMT
On Sun, 26 Dec 1999 15:12:28 +0000, Akula <[EMAIL PROTECTED]>
wrote:
>I have some enigma encrypted text which I wish to crack does anybody
>know how the orignal collosus worked, what the original metod of attack
>was.
Colossus was used to decrypt messages enciphered on another machine,
the Lorenz Schlusselzusatz. The methods used to attack Enigma messages
are described on my web site, but they usually relied on a large
amount of probable plain text, and the interception of large numbers
of messages.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Sun, 26 Dec 1999 12:40:40 -0600
In article
<[EMAIL PROTECTED]>, Matthew
Montchalin <[EMAIL PROTECTED]> wrote:
> On Sat, 25 Dec 1999, John E. Gwyn wrote:
>
> |Matthew Montchalin wrote:
> |> On Sat, 25 Dec 1999, Mark Adkins wrote:
> |> |(i.e., in terms of the absolute number of primes which end in
> |> |nines and ones vs. the absolute number of primes which end in
> |> |threes and sevens, the former group falls behind the latter,
> |> |and by larger and larger amounts).
> |> Your intuition impresses me. Perhaps this would make more
> |> sense to me if we could somehow represent these putative
> |> primes in binary notation instead of decimal notion?
> |> For instance, why would primes ending in %1001 and %0001
> |> tend to occur more often than primes ending in %0111 and %0011?
> |
> |Assuming Mark was talking about decimal notation, you can't
> |convert to binary by converting the last digit independently.
>
> How about BCD? ;)
Try not to confuse the issue by inserting reality, or that even mentioning
there are a number of hard wired componets, chips, that can do this sort
of thing. If is fun to see when people try to convince themselves they
are trapped in one number system or another.
>
--
Only a little over a year left to go in this centrury....
Knowing this, figure that a year from now, we will
resale of the hoopla we are getting ready to see now.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Sun, 26 Dec 1999 12:51:29 -0600
wtshaw wrote:
> > |Matthew Montchalin wrote:
> > |> Perhaps this would make more
> > |> sense to me if we could somehow represent these putative
> > |> primes in binary notation instead of decimal notion?
> > |> For instance, why would primes ending in %1001 and %0001
> > |> tend to occur more often than primes ending in %0111 and %0011?
> > |Assuming Mark was talking about decimal notation, you can't
> > |convert to binary by converting the last digit independently.
> > How about BCD? ;)
> Try not to confuse the issue by inserting reality, ...
You're the one who needs to "get real". The question was about
a mathematical property of primes (more with l.s. digit 9 or 1
than 7 or 3). The suggestion about looking at the binary
notation might be a good one, but BCD does not do that.
This has nothng to do with the existence of hardware support
for BCD.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Enigma
Date: Sun, 26 Dec 1999 12:59:07 -0600
John Savard wrote:
> Akula <[EMAIL PROTECTED]> wrote:
> >I have some enigma encrypted text which I wish to crack does
> >anybody know how the orignal collosus worked, what the original
> >metod of attack was.
> Colossus was used to decrypt messages enciphered on another
> machine, the Lorenz Schlusselzusatz. The methods used to attack
> Enigma messages are described on my web site, but they usually
> relied on a large amount of probable plain text, and the
> interception of large numbers of messages.
That's true, but it might be more useful to point out that
cracking rotor systems doesn't require using the Bletchley
Park approach, which would not have been fruitful for the
Japanese Purple machine, for example. If one doesn't know
the rotor wiring, one of the first steps is to reconstruct
that. This can be done in some cases (not usually for a
single short message with no known plaintext), using a method
due to Friedman, described in Kullback's monograph "Reciprocal
Alphabets and Friedman Squares" which can be found in the US
National Archives. I've recently finished converting a copy
of that to Word format and intend to make it available on
line (probably in PDF format) after I return from vacation.
- Douglas
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: how good is RC4?
Date: 26 Dec 1999 14:36:07 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Johnny Bravo)
wrote:
>
>On 26 Dec 1999 05:35:17 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
>
>>Note: I have memorized a 54 character passphrase with 5
>>english words, 14 random letters, 3 numbers, 3 printable
>>punctuation characters and 3 high order ascii characters.
>>I have also memorized how to write a cyphersaber or
>>cyphersaber2 program using Qbasic in Windows NT. Thus I
>>can export cyphersaber inside of my head.
>
> That password sounds like overkill if you are only worrying about
>coworkers or company management. Just the 5 english words (assuming
>they are not a sentence), will be at least 65 bits if chosen at random
>and the 14 letters at random another 65 (80 for upper and lower case).
>Do you really think your company has the resources to brute force even
>a 65 bit password much less one that could easily be 150 bits plus?
>
> Also, be aware that starting your password with a non-printable
>ascii character would weaken a cyphersabre-1 password.
>
> You don't need a nuke where a sledgehammer will do. :)
True. Very True. In my particular case, I have been involved
with several high security engineering projects where I was
required to memorize some really quite unguessable passwords.
The passwords are now useless, but I cannot forget them.
I took the four that are bunded most deeply into my brain and
strung them together with text that is easy to remember, hard
to guess, and reminds me which passwords go in which order.
Thanks for the advice about the first character.
--
I will be busy from Dec. 26th to Jan. 3rd. I will have time to read email and
newsgroups but may not have time to reply until the first week of january.
(Need a good EE in Southern California? http://users.deltanet.com/~guymacon )
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Enigma
Date: Sun, 26 Dec 1999 19:58:24 +0000
Akula wrote:
> I have some enigma encrypted text which I wish to crack does anybody
> know how the orignal collosus worked, what the original metod of attack
> was.
If the text you're looking at is from Simon Singh's challenge in
The Code Book, you'd be better off looking at my paper on cryptanalysis
of Enigma using ciphertext only, since Singh doesn't give a good crib.
It's on Joe Peschel's site -- see any of his postings in this newsgroup
for the URL. Others have implemented my method from the paper to crack
that part of Singh's challenge.
--
Jim Gillogly
Hevensday, 4 Afteryule S.R. 2000, 19:56
12.19.6.14.14, 3 Ix 2 Kankin, Sixth Lord of Night
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Sun, 26 Dec 1999 12:22:57 -0800
|> > How about BCD? ;)
|> Try not to confuse the issue by inserting reality, ...
On Sun, 26 Dec 1999, John E. Gwyn wrote:
|You're the one who needs to "get real". The question was about
|a mathematical property of primes (more with l.s. digit 9 or 1
|than 7 or 3). The suggestion about looking at the binary
|notation might be a good one, but BCD does not do that.
|This has nothng to do with the existence of hardware support
|for BCD.
(My apologies for even bringing it up.)
Okay, supposing we are stuck in decimal mode, then why are 1's and 9's at
the very right less common than 3's and 7's at the very right?
But it is bound to be helpful (somehow, I hope) to look at trends from
other numerical systems.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: talk.politics.crypto
Subject: Re: Are PGP primes truly verifiable?
Date: 26 Dec 1999 20:30:14 +0100
In article <845jup$n5a$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <844jil$f0d$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Paul Schlyter) wrote:
>> In article <8433nt$60r$[EMAIL PROTECTED]>, Bob Silverman <[EMAIL PROTECTED]> wrote:
>>
>>>> But since the modulus would contain
>>>>> smaller factors, it would be easier to factorise.
>>>
>>> No. Suppose you generate p anq as random 512 bit primes
>>> and (horror!) it turns out that p is the product of a 200 and a 312
>>> bit prime. The product pq is not any easier to factor in this case than
>>> if p and q were both prime.
>>
>> Are you really seriously claiming that the difficulty in factoring a
>> number is independent of the size of the factors?
>
> Yes.
Then I ask you to think again. Don't you think that e.g. 2^511 will
be much faster to factor than the product of a 200-bit and a 312-bit
prime?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: ToySaber: a dehanced CipherSaber.
Date: 26 Dec 1999 16:09:47 EST
ToySaber: a dehanced CipherSaber.
I have been playing around with CipherSaber,
[ http://ciphersaber.gurus.com/ ] and am thinking
about publishing a "Toy" version that would be legally
exportable. Here is my concept:
============ Cut Here ================
HOW TO MODIFY CIPHERSABER INTO TOYSABER
Instead of using 8 bit bytes, use 4 bit nybbles.
Instead of using arrays that contain 256 bytes, use
arrays that contain 16 nybbles.
Instead of accepting any printable ascii character and
allowing advanced users to add nonprintable or high order
characters for the passphrase, only accept 0-9 and allow
advanced users to add A through F.
Instead of using a passphrase of up to 246 characters,
each of which is a byte, use a passphrase of up to 10
characters, each of which is a nybble.
Instead of using 10 bytes for the initialization vector,
use 6 nybbles.
============ Cut Here ================
My biggest question is whether ToySaber source code or
executables would be legal to export from the U.S.
I am pretty much a clueless newbie, but it seems like
ToySaber has a 40 bit key, which should be exportable.
(I would, of course, add a *stern* warning that changing
the nybbles to bytes, etc. may violate applicable laws
against export or use of strong encryption.)
Opinions about the 10:6 password:initialization vector split
are also welcome. Would 9:7 or 11:5 be a better choice?
--
Need a good EE in Southern California?
http://users.deltanet.com/~guymacon
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is it a hash or a cipher?
Date: Sun, 26 Dec 1999 22:47:32 +0100
wtshaw wrote:
>
> I had a lengthy interresting discussion today about the tridigital
> *cipher*. The working key of the beast is a deranged alphabet grouped
> into 8 clumps of 3 characters and 1 group of 2 characters. These 9 groups
> are assigned each a digit from 0 to 9. The unassigned digit is used to
> separate words.
>
> I'll give the example key, if I copy it correctly, without the weird means
> it was made:
>
> 0:AET 1:LMZ 2:NJW 3:GHU 4:YP 5:OIV 6:DBQ 7:RCS 8: FKX 9:(separator)
>
> *Encryption* means finding each letter of the message and using a digit to
> replace it. The problem that the results can be ambigious. As English is
> redundant in structure, the substitutions are often apparent. Since 26
> characters and space are represented by 10 digits, lots of the randomness
> is eaten up. The system is therefore not deterministic in nature, rather
> depending ion context and imagination at times. A given series of digits
> might be convertable into several real, but different words.
A maybe silly or ill-posed question: The above is a many-to-one
mapping, while homophone is a one-to-many mapping. These are 'opposite'
to each other. Which one is in principle more effective in the sense
of security?
M. K. Shen
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: ToySaber: a dehanced CipherSaber.
Date: Sun, 26 Dec 1999 22:22:30 +0000
Guy Macon wrote:
>
> ToySaber: a dehanced CipherSaber.
...
> Instead of using 8 bit bytes, use 4 bit nybbles.
>
> Instead of using arrays that contain 256 bytes, use
> arrays that contain 16 nybbles.
...
> My biggest question is whether ToySaber source code or
> executables would be legal to export from the U.S.
> I am pretty much a clueless newbie, but it seems like
> ToySaber has a 40 bit key, which should be exportable.
Under the export regs du jour it's not clear that 40 bits will
have any special consideration. Of course all crypto being
exported, including Caesar ciphers, needs an export license
according to the BXA regs -- it's just that some is easier to
get than others.
The actual security on ToySaber is less than 40 bits. Michael
Johnson suggested this variant shortly after RC4 was exposed,
and I did an overnight hillclimbing attack on it that was closer
to 28 bits on a laptop, based on recovering the state array given
a small amount of known plaintext.
--
Jim Gillogly
Hevensday, 4 Afteryule S.R. 2000, 22:16
12.19.6.14.14, 3 Ix 2 Kankin, Sixth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Enigma
Date: Sun, 26 Dec 1999 22:28:53 GMT
On Sun, 26 Dec 1999 12:59:07 -0600, "John E. Gwyn"
<[EMAIL PROTECTED]> wrote:
>That's true, but it might be more useful to point out that
>cracking rotor systems doesn't require using the Bletchley
>Park approach, which would not have been fruitful for the
>Japanese Purple machine, for example.
Of course, PURPLE was very difficult to break for another reason:
there was no relationship between the different alphabets on a single
stepping switch.
The 20/6 division, and the fact that the stepping switches, unlike
rotors, could not be moved, plus a large number of RED machine cribs,
all worked together to make solution feasible.
Of course, the first and last factors didn't exist for CORAL, which
took two years to solve even under the impetus of war. Of course,
cracking PURPLE gave them a general starting point, but I think that
the cracking of CORAL may well be considered an even greater
cryptanalytic feat than that of PURPLE, the Enigma, or the
Schlusselzusatz.
Aside from VENONA, of course, there may be even greater feats which
still lie under the veil of secrecy.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Adobe Acrobat File Encryption...AAARGH!!
Date: Sun, 26 Dec 1999 22:29:59 GMT
On Sun, 26 Dec 1999 13:09:42 -0000, "Piff" <[EMAIL PROTECTED]> wrote:
>I've spent the last two weeks trying to find more information on the
>encryption method used by Adobe Acrobat but can't seem to find anything.
I remember seeing, on the Adobe site itself, a complete PDF spec; I
was amazed that it seemed to even describe the encryption (elliptic
curves were used, IIRC, but that's about all I remember offhand).
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Doo2doo)
Subject: triplet format
Date: 26 Dec 1999 22:57:16 GMT
What is meant by the triplet format? I know of one way, but is there more?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
