Cryptography-Digest Digest #831, Volume #10 Mon, 3 Jan 00 16:13:01 EST
Contents:
Re: List of english words ("John E. Gwyn")
Re: crypto and it's usage ("Kasper Pedersen")
Re: news about KRYPTOS (wtshaw)
Re: SIGABA/ECM Mark II (John Savard)
Re: news about KRYPTOS ("John E. Gwyn")
Re: Wagner et Al. ("John E. Kuslich")
Re: cracking Triple DES ([EMAIL PROTECTED])
Re: On documentation of algorithms (Medical Electronics Lab)
Re: news about KRYPTOS ("John E. Gwyn")
Re: Wagner et Al. ("John E. Kuslich")
Re: how good is RC4? (Johnny Bravo)
Re: List of english words (James Pate Williams, Jr.)
Re: List of english words ("John Lupton")
Re: List of english words ("John Lupton")
Re: List of english words (TohuVohu)
Re: Q: transcendental pad crypto (Paul Koning)
Re: "Variable size" hash algorithm? ([EMAIL PROTECTED])
Re: crypto and it's usage ([EMAIL PROTECTED])
Certficate Question ("Clint Eastwood")
Re: Bits 1 to 3 (Re: question about primes) ("denis.feldmann")
----------------------------------------------------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: List of english words
Date: Mon, 03 Jan 2000 12:07:26 -0600
John Lupton wrote:
> Can someone tell me where on the web I can find a list of words in
> english. I want to do some frequency analysis on n-graphs (i.e.
> mono-, di-, tri-, tetra-) and words with certain n-graph patterns
> too.
> Ideally I'm looking for a text file with every word from aardvark
> to zulu.
Nearly every UNIX system has /usr/dict/words.
I don't know how you could make a "frequency analysis" that means
anything on a word list, where frequency of usage is not reflected.
------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: crypto and it's usage
Date: Mon, 3 Jan 2000 18:10:17 +0100
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:84ppj4$slo$[EMAIL PROTECTED]...
> I was just wondering how many people here actually use crypto. I mean
> almost anyone here can pull apart ideas and have fun, but does anyone
> use what's left?
I have in&outgoing email that needs (=would get me in trouble if not)
encryption every 3.6 days. Plus I use an encrypted volume to keep adult
stuff away from others. All mail goes on that one, so that's every day.
SSL - about once a week.
/Kasper
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: news about KRYPTOS
Date: Mon, 03 Jan 2000 12:36:45 -0600
Here are some related thoughts I have not had a chance to follow up on:
The folded nature of the sculpture mign indicated that the two pages have
some result meaning when actually one on top of the other. That
characters are cut through suggests that somehow, again, that one page
affects another. Since what you see from the otherside is backwards, that
may suggest a relationship. Keep in mind that the extra letters in the key
make it have the same number of characters as the key.
I could be wrong again, as several other ideas have not panned out to
quickly useful.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: SIGABA/ECM Mark II
Date: Mon, 03 Jan 2000 11:22:20 GMT
[EMAIL PROTECTED] (JTong1995) wrote, in part:
>Does anyone know if the SECRET patent that Rowlett and Friedman received for
>the cryptographic principles implemented into the SIGABA / ECM Mark 2 have been
>released to the public?
The only patents on the IBM patent server for "William Friedman" are
those of a physician, Dr. William A. Friedman, at this time, it
appears.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: news about KRYPTOS
Date: Mon, 03 Jan 2000 12:27:50 -0600
Ferdinando Stehle wrote:
> why the Quagmire III table KRYPTOSABC... is surrounded by
> ABCDEFGH... (the normal alphabet) on top, on bottom and on the right ?
Those indices are required in order to *use* the table.
> ...and why the KRYPTOSABCD... string is longer than 26 chars
> (indeed it is 30 chars long) ??
I already explained that. Without the redundant 4 extra columns
to bring the width of the right-hand side up to that of the left-
hand side, the sculpture would be aesthetically unbalanced.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Wagner et Al.
Date: Mon, 03 Jan 2000 11:12:20 -0700
Daniel Roethlisberger wrote:
>
>
> Decent encryption software cares for its sensitive data. It locks memory in
> which it allocates memory for keys and such, so it doesn't get paged on hard
> disk. It wipes memory after usage. It also tries not to send it through
> windows mechanisms like the windows messages.
>
No. Total myth. Software under Windows can do absolutely nothing to
protect itself!
To appreciate this fact one needs to write some "self protecting code"
and turn on a good debugger. Trace the code and write some software to
add software interrupts, alter memory, or patch the executable or dll at
the machine level. This is al EASILY done under Windows.
Security by software is total myth. Once resident in memory, any
software can be made to whistle Dixie or do anything at all by a
competent machine language programmer. Any executable or dll can be
loaded and then altered in arbitrary ways to achieve any desired result.
It is this fact that makes the Clinton administration policy of one time
review so incredibly stupid!!!! No matter what features any encryption
software employs to control encryption strength, these features can be
defeated and replaced by arbitrary strength encryption by anyone skilled
in the art.
It would be child's play for example, to take a program like MS Word,
start it under the control of a new program and replace the 40 bit RC4
encryption engine with a 1024 bit Blowfish, Triple DES, IDEA combo
algorithm. This program could then be released to the world (by
someone living in a free country) on the internet and everyone who
wanted strong encryption on MS Word could have it. It would not make any
difference how many one time reviews were done by the government. The
whole idea of one time review is stupid on its face.
This fact is not widely appreciated because there are so few programmers
today who understand how Windows works. The models they are normally
exposed to are abstractions having no physical reality. Once you
achieve understanding of the machine itself, not the software model of
the machine, the truth of what I am saying will be apparent.
Software protections only work if all software obeys the rules. A
trojan "don't need no stinking rules" any more than banditos need
"stinking badges".
JK http://www.crak.com
> /Dan
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: cracking Triple DES
Date: Mon, 03 Jan 2000 18:21:56 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
> Attack in the middle. Attack one pair of keys with 2**112 and the
other with
> 2**56 and look for matches.
> Don Johnson
> we have developed a secret key cipher.Please visit our site and judge
our algorithm and obtain plain-text
www.dreamwater.com/tech/ajayparashar
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Medical Electronics Lab <[EMAIL PROTECTED]>
Subject: Re: On documentation of algorithms
Date: Mon, 03 Jan 2000 12:23:19 -0600
John E. Gwyn wrote:
>
> wtshaw wrote:
> > As Einstein said,"If you can't explain it to a child, you
> > don't understand enough yourself."
>
> That's not quite what he said, but anyway it is an oversimplification.
> Not even the most intelligent 10-year-old child is going to understand
> anything that abstracts far beyond his experience or that is
> inherently complex. Try explaining ultrafilters, C*-algebras, K
> theory, elliptic curves, etc. to a child sometime.
"It's math. You'll be learning it soon enough." You'd be supprised
at how fast they ask more questions after that :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: news about KRYPTOS
Date: Mon, 03 Jan 2000 12:35:11 -0600
wtshaw wrote:
> The folded nature of the sculpture mign indicated that the two pages
> have some result meaning when actually one on top of the other.
No. It's not "folded", but rather has a stretched-S section, much
as would an actual scrolled parchment when stood on end:
(
)
That's clearly an artistic choice.
> That characters are cut through suggests that somehow, again, that
> one page affects another. Since what you see from the otherside is
> backwards, that may suggest a relationship.
No, stenciling was merely a good way to "print" the letters on the
bronze sheet. It is *inherent* in a stencil that the letters will
look backwards from the back side; that fact adds no meaning.
> I could be wrong again, ...
You guys are trying too hard. There is no evidence that the final
97 characters are anything other than another, harder cryptogram
similar to the ones making up the rest of the left-hand-side.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Wagner et Al.
Date: Mon, 03 Jan 2000 11:19:09 -0700
>
> Well PeekBoo was designed to secure messages and files, not computers.
> That's why proxies/firewalls have been invented. And no matter what
> you do, unless you are physically protected from trojans you are
> vulnerable.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
YES! Absolutely. This is the bottom line truth. Software protection
is snake oil.
JK http://www.crak.com
--
John E. Kuslich
Password Recovery Software
CRAK Software
http://www.crak.com
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: how good is RC4?
Date: Mon, 03 Jan 2000 13:45:59 GMT
On Mon, 03 Jan 2000 17:26:46 GMT, [EMAIL PROTECTED] wrote:
>Replace "key[i]" with "key[i mod key_length]" and
>place "y=0" as the last line in init_key(). Then
>I _think_ it's correct - but I recommend working
>from widely-used specifications or tested code.
And it also wouldn't hurt to go over to the CipherSabre
site and download some of the test messages there and see
if your implementation works like it should. That is the
easy part, finding just what the mistake was is the bigger
challenge. :)
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: List of english words
Date: Mon, 03 Jan 2000 19:03:52 GMT
On Mon, 03 Jan 2000 12:07:26 -0600, "John E. Gwyn"
<[EMAIL PROTECTED]> wrote:
>John Lupton wrote:
>> Can someone tell me where on the web I can find a list of words in
>> english. I want to do some frequency analysis on n-graphs (i.e.
>> mono-, di-, tri-, tetra-) and words with certain n-graph patterns
>> too.
>> Ideally I'm looking for a text file with every word from aardvark
>> to zulu.
>
>Nearly every UNIX system has /usr/dict/words.
>
>I don't know how you could make a "frequency analysis" that means
>anything on a word list, where frequency of usage is not reflected.
If you want to create a frequency of occurrence table then you could
use some on-line writings such as those of Edgar Rice Burroughs. I
once used a number of chapters of Tarzan novels to create monograph
and digraph tables.
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: "John Lupton" <[EMAIL PROTECTED]>
Subject: Re: List of english words
Date: Mon, 3 Jan 2000 18:59:29 -0000
I don't have unix. The only resource I have available to me is the web.
John E. Gwyn wrote in message <[EMAIL PROTECTED]>...
>John Lupton wrote:
>> Can someone tell me where on the web I can find a list of words in
>> english. I want to do some frequency analysis on n-graphs (i.e.
>> mono-, di-, tri-, tetra-) and words with certain n-graph patterns
>> too.
>> Ideally I'm looking for a text file with every word from aardvark
>> to zulu.
>
>Nearly every UNIX system has /usr/dict/words.
>
>I don't know how you could make a "frequency analysis" that means
>anything on a word list, where frequency of usage is not reflected.
------------------------------
From: "John Lupton" <[EMAIL PROTECTED]>
Subject: Re: List of english words
Date: Mon, 3 Jan 2000 19:02:01 -0000
many thx for the suggestions. In addition to frequency, i'm also looking for
patterns, hence the need for a word list
>If you want to create a frequency of occurrence table then you could
>use some on-line writings such as those of Edgar Rice Burroughs. I
>once used a number of chapters of Tarzan novels to create monograph
>and digraph tables.
>
>==Pate Williams==
>[EMAIL PROTECTED]
>http://www.mindspring.com/~pate
>
------------------------------
From: [EMAIL PROTECTED] (TohuVohu)
Subject: Re: List of english words
Date: 03 Jan 2000 19:04:54 GMT
>Ideally I'm looking for a text file with every word from aardvark to zulu.
Someone already suggested the unix dictionary file. You may want to also check
out some of the hacker websites
as they run dictionary attacks and may have a frequency list as well.
Michael
[EMAIL PROTECTED]
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Q: transcendental pad crypto
Date: Mon, 03 Jan 2000 13:20:22 -0500
No Spam wrote:
>
> I have a stupid question about PRNGs I hope you will answer for me.
>
> It seems that most of the postings in this news group view the use of
> PRNG in encryption as very poor.
Not necessarily. After all, RC4 is a PRNG.
What you'll find is that non-snake-oil vendors will say these things:
1. If it's a PRNG it's not a One Time Pad.
2. A "pseudo one time pad" is snake oil
3. Something designed as a PRNG is unlikely to make a secure stream
cipher
4. A PRNG designed by someone who's on a One Time Pad kick is probably
not secure
> If I create a key pass phrase: "ABCDEGGH" and use the first three, two
> byte pairs (AB, CD, and EF) as 16 bit seeds for a PRNG.
>
> Taking the ouput streams fron the PRNG for each of the three seeds, and
> XORing the output into a 10K buffer. So the PRNG's output was XORed
> into the 10k buffer three times.. each with a different seed (AB, CD,
> EF).
>
> Then I take the last key pair GH, seed the PRNG and use the PRNG to pick
> the bytes from the 10K buffer to use as a streaming encryption XOR .
>
> Is there any attack that can be used to break the code other than a
> brute force key phrase attack?
Depends on the PRNG. If it's a linear congruential generator, probably
yes. If it's RC4, probably no.
Then again, your key space is only 48 bits, so brute force is way too
easy...
paul
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "Variable size" hash algorithm?
Date: Mon, 03 Jan 2000 19:01:58 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Dan Day) wrote:
> On 22 Dec 1999 19:59:18 -0800, [EMAIL PROTECTED] (Gregory G Rose)
wrote:
> >I believe "HAVAL" is your answer. It's a variable
> >length hash algorithm from well-respected authors
> >(Pieprzyk, Seberry, ...). Published in one of the
> >Springer-Verlag journals some years ago.
>
> Something tells me that my local library won't
> carry the "Springer-Verlag journals"...
>
> A quick online search for it reveals some bibliographic
> references, and some mostly unannotated source code...
> However, the source I found seems to imply that the
> output hash size can only be one of the following:
> 128, 160, 192, 224 or 256 bytes. I'll have to dig
> deeper to see whether that can actually be generalized
> to larger values -- perhaps it's only a limitation of
> the memory available in the implementation I found.
That's all the different sizes of hashes it will produce. The algorithm
really only creates a 256 bit hash, but uses a simple compression
technique to create the smaller hashes. As of right now, unless I
missed one or two, the largest size hash a hash algorithm makes is 256
bits. However, you could use a RSA type algorithm to generate larger
hashes. I would be very careful though to avoid any possible methods of
factoring it.
csybrandy
>
> --
> "How strangely will the Tools of a Tyrant pervert the
> plain Meaning of Words!"
> --Samuel Adams (1722-1803), letter to John Pitts, January 21, 1776
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: crypto and it's usage
Date: 3 Jan 2000 19:46:29 GMT
I use it every day to ssh to my server, this post was
done over an encrypted link.
Thomas
Tom St Denis <[EMAIL PROTECTED]> wrote:
: I was just wondering how many people here actually use crypto. I mean
: almost anyone here can pull apart ideas and have fun, but does anyone
: use what's left?
: I personally use it just for fun, and sometimes to keep things
: private. Nothing life threatening... Anyone else?
: Tom
--
w8twk Freelance System Programming. http://www.fsp.com
------------------------------
From: "Clint Eastwood" <[EMAIL PROTECTED]>
Subject: Certficate Question
Date: 3 Jan 2000 20:12:03 GMT
Do companies generally use one Public Key Certificate for the
entire company?
Or do they obtain one for each employee?
Thanks, Graeme Dykes
------------------------------
From: "denis.feldmann" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Bits 1 to 3 (Re: question about primes)
Date: Mon, 3 Jan 2000 21:10:22 +0100
John E. Gwyn a �crit dans le message <[EMAIL PROTECTED]>...
>"Tony T. Warnock" wrote:
>> According to Dirichlet's theorem, the density of primes in arithmetic
>> progression is the same for all progressions with the same step size.
>> Thus the density of primes ending in 1,3,7,9 (base ten) is the same.
>
>I am unable to decipher that.
Some help, then :-)
"The same" as what? Surely, not as
>each other:
Of course, provided "each other" means 1,3,5 or 7
>0,2,4,6,8 vs. 1,3,5,7,9 is a counterexample. 1,3,7,9
>final digits aren't an arithmetic progression. ???
The arithmetic progressions refered to are of the shape
10n +k, with k prime to 10
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
