Cryptography-Digest Digest #801, Volume #10 Tue, 28 Dec 99 10:13:01 EST
Contents:
Re: Employing digits of pi (Mok-Kong Shen)
Re: Employing digits of pi (Mok-Kong Shen)
Re: Homophones (Mok-Kong Shen)
Re: Employing digits of pi (Matthew Montchalin)
Re: HD encryption passphrase cracked! (Guy Macon)
Re: HD encryption passphrase cracked! (Guy Macon)
Re: MD5SUM for gnupg please anyone? (Eric Backus)
finding seed for random number generator (Stefan Hetzl)
Video card reconfiguration ("Julien Dumesnil")
Re: Secure Delete Not Smart (Johnny Fenton)
Re: More idiot "security problems" (CLSV)
Re: Employing digits of pi (CLSV)
looking for simple RSA source ("Lieven Iliano")
Re: More idiot "security problems" ("Brian Gladman")
Re: DVD encryption reportedly cracked - anyone knows more? (Anthony Stephen Szopa)
Re: finding seed for random number generator ("Gary")
Re: Encryption: Do Not Be Complacent ("Ryan Watson")
Re: Secure Delete Not Smart (Keith Monahan)
Re: Why doesn't RSA use n=pqr ? (was Re: Are PGP primes truly verifiable?) ("Craig
Clapp")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Tue, 28 Dec 1999 10:16:57 +0100
David A Molnar wrote:
>
> Maybe one billion is still out of reach?
If an analysis of the complexity of the task could show that
with relatively small n the resource required would be astronomical,
then one would not need to consider such questions. Hence my request:
Would someone knowledgeable in complexity issues please examine the
current problem?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Tue, 28 Dec 1999 10:16:31 +0100
CLSV wrote:
>
> Mok-Kong Shen wrote:
> > Even within the range of published/known digits, one easily sees
> > the combinatorial explosion with increasing n.
> > Outside of that range,
> > the computing effort renders the analyst's job worse (much worse,
> > if it is rather expensive as you suggested).
>
> It is expensive in the sense that you need to provide
> many key bits while only achieving moderate security.
> For example if you provide 128 key bits you only get
> 2 exponents in the range of [0..2^64-1] or 4 in the
> range of [0..2^32-1] et cetera.
> Furthermore the algorithm is very sensitive
> to side-channel attacks.
Sorry that I don't yet understand what you mean in the above.
Could you elaborate the sentence 'For example ...' and perhaps also
the side-channel attacks in the present context? Thnaks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Homophones
Date: Tue, 28 Dec 1999 10:17:11 +0100
wtshaw wrote:
>
> There is a cipher known as Homophonic, and it is relatively easy to
> break. There are a number of ciphers class a homophonic, and some are
> harder than others to break, some not even practical to begin attack.
> Given that I see them as inductive ciphers, a rose by any name is still as
> sweet.
>
> Yes, such a design is practical. To make it work well, some means of
> diffusion to mask component keys helps. There are still other
> alternatives. Schneier means well, at the time he had it locked up, but
> he was obviously ignorant of my work in that area, not his fault.
I think it might be of value to point out that the utility of
homophone appears to have been largely ignored nowadays. For
secret messages in the narrow sense, one needs only an alphabet
size of maximal 32. Using bytes, i.e. 8 bits, one has a space of
256, which is very abundant for employing homophones. For optimality,
homophones should even out the frequency characteristics. But,
with such a large expansion factor available and using polyalpabetic
substitutions of large size as suggested, one does not need to put
much effort in that and could fairly freely assign homophones just
as well, I believe.
M. K. Shen
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Tue, 28 Dec 1999 01:26:14 -0800
On Tue, 28 Dec 1999, Mok-Kong Shen wrote:
|Matthew Montchalin wrote:
|> Since you are constructing your digits one at a time, and putting
|> them into the proper order, that sure looked like you meant
|> concatenation.
|
|Mmm, you can certainly also claim that you were not in the above
|writing a sentence but simply concatenating a number of charaters :-)
You have a good point. In any case, from what I have seen of your
writings for the last few months, you have a better grip on this
stuff than I do. :)
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: misc.misc
Subject: Re: HD encryption passphrase cracked!
Date: 28 Dec 1999 05:02:51 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (John E. Kuslich) wrote:
>
>I have heard stories supposedly originating from one of those three
>letter agencies that indicate a really phenominal level of paranoia
>regarding those old 9-track computer tapes.
>
>The story goes that there are machines available which will take one of
>those big spools of old tape, unwind it at ungodly speed and feed the
>tape into a huge blow torch, thus instantaneously vaporizing the tape as
>it unspools.
>
>Seems nobody really trusts a bulk degausser. Maybe there guys know
>something about magnetic media...:--)
I saw the actual process with my own eyes when I was working as a
9-track tape technician at Perkin-Elmer/Wangco many years ago.
Step one: drop the tape into a large shredder that turns the tape
and the reel it is on into something that looks like brown sawdust
mixed well into a big plastic garbage bag.
Step two: Incinerate along with all of that day's paper (also turned
into dust first). The incinerator had a funny looking mechanism
that constantly sifted and mixed the ashes.
Degaussing first was a common addition just in case someone got to
the tape before it was shredded, but was never required.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: misc.misc
Subject: Re: HD encryption passphrase cracked!
Date: 28 Dec 1999 05:13:39 EST
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Matthew Montchalin) wrote:
>
>On 27 Dec 1999, Guy Macon wrote:
>|[2] I can read data wiped with your method. (Hint: DC vs. AC)
>
>You can read *some* of the data. I doubt you can read *all* of it,
>though.
Agreed. I should have been more clear.
>And because the medium now may have dirt on it, there is
>a limited number of times you can try, or will want to try.
Ah. You are assuming a read head. I would use microfine iron oxide
and a microscope.
>For some disks that I was playing with, rapid back and forth 'vibrating'
>movements of the kitchen magnet were a lot better than long continuous
>circumferential sweeps.
This will work MUCH better. If you spend a couple of minutes at it,
I would be hard pressed to get a single intact byte.
>I never lost *any* data from particulate damage. (Don't smoke. And
>for what it's worth, I happen to run a number of air purifiers in the
>background -- which isn't good enough to make the area a true 'clean
>room,' but it is a whole lot better than what you would find in a
>smoker's house, or a house with lots of pets.)
Let me guess... the drive was in the 5 to 500 MB range. Am I right?
The denser they get, the cleaner they need to be.
>| If you don't back up your data. you are an idiot.
>
>Wasn't the original question how to get rid of sensitive data?
Yes, but I randomly insert that statement whenever I talk about
disk drives. Those who are smart nod knowingly, and those who are
not might get a clue.
------------------------------
From: Eric Backus <[EMAIL PROTECTED]>
Subject: Re: MD5SUM for gnupg please anyone?
Date: 28 Dec 1999 02:32:19 -0800
[EMAIL PROTECTED]() writes:
> Hi,
> Can anyone please post the MD5SUM for gnupg-1.0.0.tar.gz package.
>
> I downloaded gnupg-1.0.0.tar.gz.asc but can't use it as I
> don't have a "trusted" pgp prog. Anyway how do I know that the .asc
> file isn't generated with a tampered .tar.gz package? MD5sum of a
> "good" package will suffice to check what I have downloaded no?
>
> TIA
> gadge
md5sum gnupg-1.0.0.tar.gz
bba45febd501acf8e19db402506dae94 gnupg-1.0.0.tar.gz
sha gnupg-1.0.0.tar.gz
ff990991 75a33e23 93978bee 74bb1946 84c7b3ea
--
Eric Backus <[EMAIL PROTECTED]>
http://labejb.lsid.hp.com/
(425) 335-2495
------------------------------
From: Stefan Hetzl <[EMAIL PROTECTED]>
Subject: finding seed for random number generator
Date: Tue, 28 Dec 1999 10:49:56 GMT
Hi all,
I am using a pseudo-random number generator (linear congruency: X[i] =
(a*X[i-1] + b) mod m) and want to find a seed X[0] which will generate a
given sequence of numbers A[1]...A[n] or a sequence that is "very close"
to A[1]...A[n] (with "very close" I mean that the number of A[i] not
equal to X[i] is very small (as small as possible ?)).
Would making a, b and m modifiable make this problem easier to solve ?
Is it possible to find a combination of X[0], a, b, m that would
generate exactly the sequence A[1]...A[n] ?
Could anybody give me some pointers to websites, literature etc. that
deals with this kind of problems ?
Thank you,
Stefan Hetzl
------------------------------
From: "Julien Dumesnil" <[EMAIL PROTECTED]>
Subject: Video card reconfiguration
Date: Tue, 28 Dec 1999 12:21:11 +0100
Hello,
I've heard it was possible to reprogram a mpeg card (freely available
anywhere) to do some fast encryption/decryption stuffs for some other codes
(like idea, for example).
The idea is to have some cheap hardware accelerated cryptobox.
Anyone has any pointers?
Thanks.
------------------------------
Date: Tue, 28 Dec 1999 19:18:21 +0800
From: Johnny Fenton <[EMAIL PROTECTED]>
Subject: Re: Secure Delete Not Smart
Steve K wrote:
> I also believe that recovering data that has been overwritten more
> than a couple of times involves taking the drive apart and using some
> very fancy magnetometer gear on it. That sounds pretty expensive.
> When you consider the real-world threats that a typical user faces,
> it's pretty redundant to worry about attacks that go beyond what can
> be done with software alone. Unless it's just a hobby.
On that note.. Is there anyone out there who is into physically
retrieving data as a hobby? I've always considered it a very interesting
one and wonder what type of hardware setups etc. are required. The only
information i can find on the web is from large data-recovery lab
companies, most of whom use proprietary methods/equipment etc.
Regards,
John
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: More idiot "security problems"
Date: Tue, 28 Dec 1999 11:43:58 +0000
Brian Gladman wrote:
> "Terry Ritter" <[EMAIL PROTECTED]> wrote in message
>> Just to keep things honest, I would say the real situation is even
>> more general:
>> *Any* *group* can create an encryption algorithm that no-one in the
>> group can break.
>> Here "group" includes individuals, academics, AES participants, etc.
> Including the group of 'all human beings'.
A cipher designed by all human beings,
what is that supposed to mean?
Regards,
CLSV
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Employing digits of pi
Date: Tue, 28 Dec 1999 12:11:03 +0000
Mok-Kong Shen wrote:
> CLSV wrote:
> > Mok-Kong Shen wrote:
> > > Even within the range of published/known digits, one easily sees
> > > the combinatorial explosion with increasing n.
> > > Outside of that range,
> > > the computing effort renders the analyst's job worse (much worse,
> > > if it is rather expensive as you suggested).
> > It is expensive in the sense that you need to provide
> > many key bits while only achieving moderate security.
> > For example if you provide 128 key bits you only get
> > 2 exponents in the range of [0..2^64-1] or 4 in the
> > range of [0..2^32-1] et cetera.
> > Furthermore the algorithm is very sensitive
> > to side-channel attacks.
> Sorry that I don't yet understand what you mean in the above.
> Could you elaborate the sentence 'For example ...' and perhaps also
> the side-channel attacks in the present context? Thnaks.
As I understand it you want to xor the binary expansion
of Pi from a certain offset with your plaintext (and
repeat this procedure with different offsets a couple
of times) to produce the encrypted text. So you have
to specify what offsets you want to use. (Note that any
permutation of offsets gives you the same encrypted text
thus reducing the effort of analysis.) I assumed that you
wanted to choose your offsets from a reasonable set. If you
have a key of 128 bits you can for example choose 16 offsets
in the range of [0..255]. That is not very secure. So you'd
probably need to choose from a much larger set which costs
much more bits, see my previous example.
The side channel attacks refer to the calculation of the
digits of Pi which I thought (I'd be happy to be proven wrong
here) cost more effort as their index/offset gets larger.
I don't suppose you are going to precompute 2^64 bits and
store them.
Regards,
CLSV
------------------------------
From: "Lieven Iliano" <[EMAIL PROTECTED]>
Subject: looking for simple RSA source
Date: Tue, 28 Dec 1999 13:59:10 +0100
I'm looking for a simple RSA source wrote in C. It's just for a project for
university used as an example. It doesn't have to be very complex just with
little prime ciphers.
Thanx
Lieven
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: More idiot "security problems"
Date: Tue, 28 Dec 1999 13:06:07 -0000
"CLSV" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Brian Gladman wrote:
>
> > "Terry Ritter" <[EMAIL PROTECTED]> wrote in message
>
> >> Just to keep things honest, I would say the real situation is even
> >> more general:
> >> *Any* *group* can create an encryption algorithm that no-one in the
> >> group can break.
> >> Here "group" includes individuals, academics, AES participants, etc.
>
> > Including the group of 'all human beings'.
>
> A cipher designed by all human beings,
> what is that supposed to mean?
>
> Regards,
>
> CLSV
It was the original poster that put the word *Any* (with emphasis) in the
definition of the group. Moreover the word he used was 'create', not
'design'.
The group of 'all human beings' has created a large number of ciphers
already and will continue to do so. Hence the rule implies that it is
possible for human beings to produce ciphers that human beings cannot break.
Brian Gladman
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: DVD encryption reportedly cracked - anyone knows more?
Date: Tue, 28 Dec 1999 05:03:44 -0800
Reply-To: [EMAIL PROTECTED]
KloroX wrote:
> A Scandinavian newscast reported a couple of days ago that a Norwegian
> student has broken the DVD encryption scheme (it was mentioned that
> this now allows the free copying of DVD movies) . The newscast was
> totally non-technical, the student was interviewed but his name not
> disclosed, and it was mentioned that documentation is available on
> Internet, but they did not say where. Does anyone have any concrete
> information on this matter?
I was going to send you the email address of where to get the software
but you do not want my email. Okay.
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: finding seed for random number generator
Date: Tue, 28 Dec 1999 13:29:13 -0000
You are really talking about prediction and modelling.
If the sequence of numbers are completely random it's not possible to find
it's linear seed.
If you know the sequence came from the linear congruence you outline then
the seed can be found.
------------------------------
From: "Ryan Watson" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,talk.politics.crypto,talk.politics.misc,talk.politics.drugs
Subject: Re: Encryption: Do Not Be Complacent
Date: Tue, 28 Dec 1999 06:37:37 -0700
I visited their damndable site after reading your post. Sure enough there
it was, each and everyplace I've been since God was a baby. I wrote them a
nastiygram, not that it would do any good.
What I want to know from you is this. #1: Where and specifically whom are
these anonymous retailers and how do I get in touch with them. Include
information about costs and other information if possible. #2: Is there
some way for me to force the bastards to comply with a request for privacy?
#3: Are there others whom provide this wonderful service to spammers, the
government, Wal-Mart, K-Mart, mom, dad, and my brother in Boston, and his
bloody fish? #4: Will encrypting messages with PGP stop them dead in their
tracks or just prevent them from reading my bloody mail but continue to sale
contact information?
Thanks in advance.
Scouts Out!!
------------------------------
From: Keith Monahan <[EMAIL PROTECTED]>
Subject: Re: Secure Delete Not Smart
Date: Tue, 28 Dec 1999 13:59:31 GMT
I knew you guys would make me look this paper up.
http://www.uncwil.edu/Ed/INSTRUCT/burt/edn416/secure_del.html
is a paper written by Peter Gutmann a few years back for USENIX security
Symposium. The reference section is good too, for additional reading.
Keith
Johnny Fenton wrote:
> Steve K wrote:
>
> > I also believe that recovering data that has been overwritten more
> > than a couple of times involves taking the drive apart and using some
> > very fancy magnetometer gear on it. That sounds pretty expensive.
> > When you consider the real-world threats that a typical user faces,
> > it's pretty redundant to worry about attacks that go beyond what can
> > be done with software alone. Unless it's just a hobby.
>
> On that note.. Is there anyone out there who is into physically
> retrieving data as a hobby? I've always considered it a very interesting
> one and wonder what type of hardware setups etc. are required. The only
> information i can find on the web is from large data-recovery lab
> companies, most of whom use proprietary methods/equipment etc.
>
> Regards,
> John
------------------------------
From: "Craig Clapp" <[EMAIL PROTECTED]>
Subject: Re: Why doesn't RSA use n=pqr ? (was Re: Are PGP primes truly verifiable?)
Date: Tue, 28 Dec 1999 09:14:39 -0500
Craig Clapp wrote in message
<8HQ94.56$[EMAIL PROTECTED]>...
>
>>The small reduction in maximum order of an element ( LCM(p,q,r)
>>versus LCM(p,q) ) does not seem to be a severe drawback so long
>>as the factors are well chosen.
>>
>>- Craig Clapp
>>
>
>Oops, the maximum orders should of course have been stated as
>LCM(p-1,q-1,r-1) and LCM(p-1,q-1), where the p and q in the second
>expression are not the same ones as in the first expression. i.e. if
>p1 ~= q1 ~= r1, and p2 ~= q2, where p1, q1, r1, p2, q2 are all prime,
>(p1-1)/2, (q1-1)/2, (r1-1)/2 are coprime, (p2-1)/2, (q2-1)/2 are coprime,
>and p1*q1*r1 ~= p2*q2 then LCM(p1,q1,r1) ~= LCM(p2,q2)/2 .
>
>- Craig Clapp
Oops squared!
That last line should have said:
... then LCM(p1-1,q1-1,r1-1) ~= LCM(p2-1,q2-1)/2 .
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
