Cryptography-Digest Digest #826, Volume #10 Sun, 2 Jan 00 15:13:01 EST
Contents:
Re: vigenere decrypt routine - help needed ("LBMyers")
Re: HD encryption passphrase cracked! (Lincoln Yeoh)
Re: HD encryption passphrase cracked! (lordcow77)
Re: SIGABA/ECM Mark II (John Savard)
Re: Cryptanalysis (Jim)
Re: Cryptanalysis (Jim)
Re: news about KRYPTOS ("John E. Gwyn")
Re: news about KRYPTOS ("John E. Gwyn")
Re: Encryption: Do Not Be Complacent ("John E. Gwyn")
Re: AES wise? ("John E. Gwyn")
Re: Cryptography in Tom Clancy ("John E. Gwyn")
Re: Maybe I'm just blind, or maybe just stupid ("John E. Gwyn")
On documentation of algorithms (Mok-Kong Shen)
Re: stupid question ("John E. Gwyn")
Re: Prime series instead (Re: Pi) ("John E. Gwyn")
Re: cracking Triple DES ("John E. Gwyn")
Re: Wagner et Al. (Steve K)
Re: vigenere decrypt routine - help needed ("John E. Gwyn")
Re: SIGABA/ECM Mark II ("John E. Gwyn")
Re: RFC1750: Randomness Recommendations for Security (1 of 2) ("John E. Gwyn")
Re: vigenere decrypt routine - help needed (Mike Todd)
Re: Simon Sigh Enigm ("James Taylor")
----------------------------------------------------------------------------
From: "LBMyers" <[EMAIL PROTECTED]>
Subject: Re: vigenere decrypt routine - help needed
Date: Sun, 2 Jan 2000 09:28:13 -0500
I never found the Kasiski method (periodic repeating letters) particularly
easy to use. I coded the Index of Coincidence into a much longer program.
The IoC is described in many texts and is easy to code.
JTong1995 <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Or more generically, rather than trying to find a "three-peat" in a
> Vigenere-enchipered ciphertext, look for a repeat that is 4 or more
letters
> long. When you look at the statistics, the odds of an accidential
(random)
> repeat of ciphertext four or more letters long is so small as to be
neglible.
> The probability of having two occurances of a 4-letter ciphertext
repetition in
> a polyalphabetic cipher that is 300 characters long is only 0.096 (200
yields
> 0.043, 400 yields 0.171). Hence when you see one in the ciphertext you
are
> examining, you can assume that the repeat is caused by a repeat in the
> plaintext that coincides with a repeat in the key (ala Kasiski) and
calculate
> the period. This can be confirmed by determining the Index of Coincidence
for
> the resulting monoalphabetic distributions and then attempting a solution
via
> crib dragging, direct symetery of position, frequency matching, indirect
> symetery of position, generatrix, or other methods.
>
> Jeffrey Tong [EMAIL PROTECTED]<Jeffrey Tong>
> PGP 5 Key available for download at WWW.PGP.COM Key ID: BFF6BFC1
> Fingerprint: 6B29 1A18 A89A CB54 90B9 BEA3 E3F0 7FFE BFF6 BFC1
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Crossposted-To: misc.misc
Subject: Re: HD encryption passphrase cracked!
Date: Sun, 02 Jan 2000 15:22:33 GMT
Reply-To: [EMAIL PROTECTED]
On Sat, 1 Jan 2000 14:19:00 -0800, Matthew Montchalin
<[EMAIL PROTECTED]> wrote:
>On Sat, 1 Jan 2000, Lincoln Yeoh wrote:
>|What's the point? After opening up the drive you can't rely on the drive.
>
>Why not? You a smoker? Don't use air purifiers? Got lots of barnyard
>animals moseying around in your livingroom?
>|If you are going to do that, you might as well blowtorch the entire drive
>|and buy a new one. Drives are cheap nowadays.
>Um, you work for the 'government,' right?
My point is, if you've been storing important information on your hard disk
that requires deletion methods beyond stuff like del *.* or rm -rf *, you
are unlikely to want to risk reusing a drive that has its integrity
compromised.
And if you've stored important information and want to get rid of it, it is
worth keeping in mind that "important information" is usually worth more
than USD100-200 (the price of a typical HDD) in the wrong hands.
Very seldom is a sheet of paper worth more than what's written on it.
When the bosses actually realise what they have on their harddisks, USD150
is nothing. Of course it's different if The Boss just uses the computer for
Solitaire ;).
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: lordcow77 <[EMAIL PROTECTED]>
Subject: Re: HD encryption passphrase cracked!
Crossposted-To: misc.misc
Date: Sun, 02 Jan 2000 08:01:51 -0800
In article
<[EMAIL PROTECTED]>,
Matthew Montchalin <[EMAIL PROTECTED]> wrote:
> |What's the point? After opening up the drive you can't rely on
> the drive.
> Why not? You a smoker? Don't use air purifiers? Got lots of
> barnyard
> animals moseying around in your livingroom?
> |If you are going to do that, you might as well blowtorch the
> entire drive
> |and buy a new one. Drives are cheap nowadays.
> Um, you work for the 'government,' right?
The integrity of the disk surface and head mechanisms is substantially
compromised by breaking the seal of the drive unit. The air is filled
with uncountable numbers of contaminants, such as dust particles,
pollutants, pollen, and water vapor. If you're stupid, you could
continue using the drive, but sane people actually want to keep their
data reasonably safe.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: SIGABA/ECM Mark II
Date: Sun, 02 Jan 2000 16:28:30 GMT
On 02 Jan 2000 04:59:58 GMT, [EMAIL PROTECTED] (JTong1995) wrote:
>Does anyone know if the SECRET patent that Rowlett and Friedman received for
>the cryptographic principles implemented into the SIGABA / ECM Mark 2 have been
>released to the public?
In previous searches, I haven't found it. Perhaps there was nothing
left that was patentable by the time the machine was declassified.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Cryptanalysis
Date: Sun, 02 Jan 2000 17:44:07 GMT
Reply-To: [EMAIL PROTECTED]
On 31 Dec 1999 11:34:27 GMT, [EMAIL PROTECTED] (TohuVohu) wrote:
>>I remember reading
>>sometihng a few weeks ago about how cryptosystems are often created to
>>meet a purpose and you wouldn't use a difficult cryptosystem to apply
>>to a message to send info that will expire in one week.
You don't need very secure crypto for tactical situations.
If the enemy breaks it next week, so what? The battle was
over yesterday.
Nonetheless, it's sometimes worth breaking a tactical
system for cribs to a higher level strategic system.
--
Jim,
nordland at lineone.net
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Cryptanalysis
Date: Sun, 02 Jan 2000 17:44:09 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 31 Dec 1999 19:16:36 GMT, [EMAIL PROTECTED] (Lonie M. Kray)
wrote:
>[EMAIL PROTECTED] (TohuVohu) wrote:
>
>>I think Scheneir (darn thats hard to spell)...
>
>I finally have the spelling down, it's "Schneier". But I'm still not sure
>how to pronounce it.
As in German. Sh-nigh-er.
--
Jim,
nordland at lineone.net
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: news about KRYPTOS
Date: Sun, 02 Jan 2000 11:49:42 -0600
Ferdinando Stehle wrote:
> - why wasting the entire right side of the sculpture devoted to the
> Vigenere table used only in one third of KRYPTOS ?
It's not a waste, it's a pleasing pattern with "KRYPTOS" clearly
evident. The additional columns balance the width against the
message side.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: news about KRYPTOS
Date: Sun, 02 Jan 2000 12:03:18 -0600
Jim Gillogly wrote:
> It's also possible that this kind of square is also used in an
> autokey cipher of some kind for Part 4.
That's my guess. With such a short sample, one pretty much has
to guess the alphabet used to solve such an autokey (at least for
a PT-autokey).
> from a ciphertext K and R respectively.
It might be instructive to compare the correct CT vs. the erroneous
CT for the garbles, to see if they might have resulted from either
(a) sculptor misreading characters, or
(b) transcriber misreading characters.
E.g., confusing E vs. H vs. N vs. K vs. R as in the Zendian scan
conversion process.
- Douglas
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Encryption: Do Not Be Complacent
Date: Sun, 02 Jan 2000 12:19:50 -0600
Guy Macon wrote:
> I have a better language choice; teen!
A general-purpose cryptosystem needs to be able to accurately
communicate any information. "Teen" fails on at least two counts.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: AES wise?
Date: Sun, 02 Jan 2000 12:22:22 -0600
Anonymous wrote:
> ... (NSA seems to dislike random, unknown S-boxes) ...
Where did you get such "information"?
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cryptography in Tom Clancy
Date: Sun, 02 Jan 2000 12:30:38 -0600
Eric Lee Green wrote:
> ... It would not surprise me if the NSA was capable of breaking Air
> Force encryption today that was done ten years ago on twenty-year-old
> encrption machines.
NSA designs cryptosystems to remain secure against anticipated
attacks for 50 years. Of course, nobody can reliably predict
that far into the future, but that is the design point.
The STU-III is still approved for highly classified traffic,
which implies that it is considered still quite secure.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Maybe I'm just blind, or maybe just stupid
Date: Sun, 02 Jan 2000 12:41:31 -0600
The method you described seems to be a simple transposition
using what is called "keyed" transposition order. It is not
hard to crack, given multiple messages encrypted using the
same key (concurrent anagramming pf the CT). The process
of doing this essentially reconstructs the original key
(up to relative letter positions; if the key is a word or
phrase, it is an additional solvable puzzle to figure out
the probable key word/phrase from the position numbers).
Transposition combined with another method of encryption can
increase the difficulty of cryptanalysis, but on its own is
not especially strong.
- Douglas
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: On documentation of algorithms
Date: Sun, 02 Jan 2000 20:02:16 +0100
In my humble understanding (apology if I erred) one of the major
issues in a recent thread initiated by John Savard has been the
question (not entirely new) of whether one should always be
satisfied/contented with certain 'standard' amount of security
(presumably determined adequate through the professional
judgement of well-known experts and sanctioned by the esteemed
authority of capable governmental institutions) or that one
should rather not lose sight of needs/opportunities to obtain
additional security through appropriately introducing 'added
complexity' into one's encryption system as a (conservative,
maybe 'over-anxious') means to further safeguard one's
individual/specific requirements of communication security.
In a similar vein I like to (re-)raise the (also not entirely new,
but perhaps heretic) question of whether the documentation of
'standard' encryption algorithms in the current practice has been
of such detail/openess and degree of comprehensibility as to
render these fully understandable and hence trusted beyond
question through reasonable efforts/expenditure of study without
demanding mathematical and other knowledges/expertises/expriences
that are at least way beyond the common repertoires that the
universities generally provide to their undergraduate students of
diverse natural science disciplines. (My personal answer has been
negative till the present.)
I mean a true (as against forced/misguided/negligent) acceptance
of and confidence in an encryption algorithm is to be praticularly
and well distinguished from the same for any other utility or
consumer goods that are available to the public. While barely
even a mechanical engineer (unless he has psychartric problems)
who purchases a car would ever dream of the idea of asking his
colleages at the manufacturer's to explain the design
details/rationales of the automobile and its production process
and provide the data from the safety and other evaluation tests,
it is my firm belief that a real and genuine trust in any
encryption algorithm by the public can only be arrived at though
a sufficiently wide-spread full (as against superficial/minimal)
understanding (or at least the possibility of such an
understanding) of the design and functioning of the same. This
very sigular situation pertaining to crypto is because, among
others, that crypto has been, is and will always be a science
covered with a veil of secrecy/mystery in my humble opinion.
In particular, a number of governments don't seem to desire that
there will be genuine privacy of informations of the common
people, as evidenced by their attitudes towards key-escrows,
Wassenar Agreements, etc. There will always be facts/knowledges
purposedly withheld from the public or the possibility of such
could hardly be satisfactorily eliminated/ascertained/convinced
in conventional ways. Hence it is indispensable for an encryption
algorithm to be really trusted and profitably used by the public
that the route to its thorough understanding be rendered as simply
accessible (to a sufficiently large proportion of the people) as is
technically/conceivably feasible. It is not sufficient/appropriate
that the designers of crypto algorithms take the standpoint that
those with enough intelligence and diligence/willing would
certainly be able to understand their works or that, conversely,
failure of understanding is unquestionably attributed to the
laziness or lack of intelligence on the part of the 'student'.
(A related phenomenon, albeit concerning 'newly invented'
algorithms, may be occasionally found in such challenges that
ask one to examine a piece of poorly documented C-code or simply
decipher a message encrypted with the masterpiece involved.)
Having said in essence my own admittedly controversial/problematic
humble opinions, I like to leave the platform to the dear readers
of the present article. I should appreciate seeing some fruitful
discussions, since I believe that an ever increasing number of
standard encryption algorithms/techniques will be put into use in
the explosive communication volumes of the new millennium.
M. K. Shen
======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: stupid question
Date: Sun, 02 Jan 2000 12:59:01 -0600
Buchinger Reinhold wrote:
> I have a stupid question. But what is the difference between a key
> of a stream cipher and a key of an one-time-pad ???
It's not such a stupid question; people have confused the issue
by misapplying the terms..
A stream cipher produces an output symbol for each input symbol,
without having to buffer up input symbols into a block before
encrypting them. (The other design is called, appropriately, a
"block cipher".) Military-grade stream ciphers have an initial
key that is used to set the "cryptovariables" such as initial
fill of shift registers, taps on the feedback circuits, modules
used in the combiners, etc. A relatively small amount of initial
key is used just once, then a relatively large amount of data can
be encrypted. The initial key may be reused for multiple
message sessions, depending on how hard it is to supply fresh
keys to both ends of the communciations link.
Some "key generator" styles of stream cipher (not used for
high-grade encryption) have a similar initial key, but instead
of producing the cipher stream in one combined operation, they
first generate a pseudo-random "key stream" which is combined
in a simple way with the input stream to produce the cipher
stream. This style of stream cipher has some fairly obvious
vulnerabilities..
A true one-time pad system uses one key symbol per encrypted
input->cipher symbol, and the key is never reused. Obviously,
this takes as much key material as the maximum amount of data
to be sent, which makes distribution of fresh key material a
potentially serious problem.
Some people misapply "one-time pad" to a OTP as just described
with the additional constraint that the key must be truly
random (no latent pattern of any kind). While that is ideal,
in practice one-time pad key material has often been generated
by a process that was not entirely random, resulting in
opportunities for the cryptanalyst.
[The above ought to go into the sci.crypt FAQ if it isn't
already covered.] - Douglas
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Prime series instead (Re: Pi)
Date: Sun, 02 Jan 2000 13:02:26 -0600
"NFN NMI L." wrote:
> The summation of the reciprocals of all the primes is infinite. Who
> knows what happens when you have alternating subtraction and addition?
I think it still diverges, but I don't have a proof.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: cracking Triple DES
Date: Sun, 02 Jan 2000 13:12:08 -0600
DJohn37050 wrote:
> Attack in the middle. Attack one pair of keys with 2**112 and the
> other with 2**56 and look for matches.
Easier said than done. How are you going to implement "look for
matches"? Store 2^56 blocks of on the order of 64 bits each, or
set up a hash table that big?
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Wagner et Al.
Date: Sun, 02 Jan 2000 19:13:01 GMT
On Sun, 02 Jan 2000 13:19:44 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>thanks for looking at it.
>
>Now let me ask you, how would you intercept a windows message? Via a
>trojan? Probably. What if I told you I could write a trojan to take
>snapshots every 5 seconds and send it to me. Basically you can't
>protect against trojans, so I didn't really try to. I think that line
>of attack is moot since well most people are smartenough to avoid
>programs that may have trojans [such as email greating cards]
>
>
>Tom
Once upon a time, I thought I was smart enough to avoid programs that
may have trojans. Then whoever was poking around in my computer got
tired of playing and left a few calling cards to let me know that he
(they?) was in there.
I agree, that there is little point in trying to make a Windows
encryption program trojan resistant. Securing the whole machine is
beyond the scope of the mission-- unless the mission includes things
like an integral firewall program, and/or booting to (true) DOS or
another console-based operating system for all crypto sessions.
What I would like to see is a qualified person or two looking at the
way Tom has his ciphers hooked up, to verify (or otherwise) that
PeekBoo ain't broken. It ain't me; I'm still teaching "hello.c" to
ask for the name of the person it's saying hello to, and other fancy
tricks.
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: vigenere decrypt routine - help needed
Date: Sun, 02 Jan 2000 13:16:14 -0600
JTong1995 wrote:
> ... you can assume that the repeat is caused by a repeat in the
> plaintext that coincides with a repeat in the key (ala Kasiski) and
> calculate the period. This can be confirmed by determining the
> Index of Coincidence ...
"Bar" (average over columns) I.C. is generally more reliable for
determining the period (this amounts to Fourier analysis), and if
there are no multi-symbol repeats it is nearly essential.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: SIGABA/ECM Mark II
Date: Sun, 02 Jan 2000 13:17:18 -0600
JTong1995 wrote:
> Does anyone know if the SECRET patent that Rowlett and Friedman
> received for the cryptographic principles implemented into the
> SIGABA / ECM Mark 2 have been released to the public?
Not to my knowledge.
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: RFC1750: Randomness Recommendations for Security (1 of 2)
Date: Sun, 02 Jan 2000 13:19:09 -0600
Guy Macon wrote:
> First of two parts. ...
Really, anyone could retrieve the RFC if they wanted to.
A simple pointer would have been better.
------------------------------
From: Mike Todd <[EMAIL PROTECTED]>
Subject: Re: vigenere decrypt routine - help needed
Date: Sun, 02 Jan 2000 19:49:40 +0000
hi,
I managed to use get it working late last night ... in java. Its
actually quite quick and uses statistics (coincidence theory) to break
the key and keylength. If anyone needs the code for any use email me and
I`ll send you the java.
thanks
Mike
------------------------------
From: "James Taylor" <[EMAIL PROTECTED]>
Crossposted-To: fido7.crypt,fr.misc.cryptologie
Subject: Re: Simon Sigh Enigm
Date: Sun, 2 Jan 2000 19:59:19 -0000
My own version of the book has encrypted the texts at the back in more than
one language: English, Latin and French. I can email you the encrypted texts
if you want because I have them here after I typed them in and checked them
--
Emailed from James Taylor at [EMAIL PROTECTED]
Paul Masurel <[EMAIL PROTECTED]> wrote in message
news:8UHb4.2546$[EMAIL PROTECTED]...
> Hi,
>
> I'm looking for someone who has an english (or german) version of the
> recent book of Simon Singh about the History of the Cryptology
> to exchange with the french version of the 10 encrypted text at the end of
> the book...
> It would inform us of the language of the text: english text have been
> translated before being encrypted in the french version.
>
> Thanks,
>
>
> Paul.
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
