Cryptography-Digest Digest #833, Volume #10 Mon, 3 Jan 00 19:13:02 EST
Contents:
Re: crypto and it's usage (Phillip George Geiger)
Re: List of english words (Roger Carbol)
byte representation (mike cardeiro)
Re: meet-in-the-middle attack for triple DES (Bill Unruh)
Re: Wagner et Al. (lordcow77)
Re: List of english words (Bill Unruh)
Re: Wagner et Al. (Steve K)
Re: cracking Triple DES ("Joseph Ashwood")
Re: byte representation (Keith A Monahan)
Re: On documentation of algorithms (Paul Koning)
Re: SIGABA/ECM Mark II (Paul Koning)
Re: crypto and it's usage ("Joseph Ashwood")
ATTN: Help Needed For Science Research Project ("segals-2")
Re: Prime series instead (Re: Pi) ([EMAIL PROTECTED])
Re: Certficate Question ("Joseph Ashwood")
Re: List of english words (J Shane Culpepper)
Re: meet-in-the-middle attack for triple DES (Mok-Kong Shen)
Re: Help Needed For Science Research Project ("Joseph Ashwood")
trits from characters (wtshaw)
Re: On documentation of algorithms (Mok-Kong Shen)
Re: ATTN: Help Needed For Science Research Project ("segals-2")
----------------------------------------------------------------------------
From: Phillip George Geiger <[EMAIL PROTECTED]>
Subject: Re: crypto and it's usage
Date: 3 Jan 2000 21:18:52 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
: I was just wondering how many people here actually use crypto. I mean
: almost anyone here can pull apart ideas and have fun, but does anyone
: use what's left?
: I personally use it just for fun, and sometimes to keep things
: private. Nothing life threatening... Anyone else?
I use Scramdisk on my laptop.
I use ssh to connect to my Linux machines.
I use md5sum to verify files I download, particularly when patching
one of my always-exposed-to-the-big-cruel-world Linux machines.
I don't encrypt email, simply because nobody with whom I regularly
correspond can be bothered to figure out PGP.
--
Phil Geiger
[EMAIL PROTECTED]
------------------------------
Subject: Re: List of english words
From: Roger Carbol <[EMAIL PROTECTED]>
Date: Mon, 03 Jan 2000 21:20:54 GMT
John Lupton <[EMAIL PROTECTED]> wrote:
> Can someone tell me where on the web I can find a list of words
> in english.
<ftp://ftp.ox.ac.uk/pub/wordlists/>
.. Roger Carbol .. [EMAIL PROTECTED]
------------------------------
From: mike cardeiro <[EMAIL PROTECTED]>
Subject: byte representation
Date: Mon, 03 Jan 2000 21:29:50 GMT
hi
sorry if this is a super easy one, I've tried to answer this on my own
with no luck. i am trying to make a program for encryption and
decryption (mostly for laughs and to try to get a basic understanding of
cryptography)
i am following the directions for the ciphersaber program but i am
confused on how bytes need to be represented in an array.
for instance, the faq for ciphersaber says that on encryption you should
write ten random bytes before writing the encrypted data.
would an array of these ten bytes look like this:
[0] 10101000
[1] 11110011
[2] 11100100
[3] 10100110
[4] 11010101
[5] 00110101
[6] 11010000
[7] 11001001
[8] 00100101
[9] 11001000
or is there a different way i'm supposed to represent a byte... and if
this is the proper way can i initialize my s array as @s = (1..255) or
do i need to represent those numbers the same way as the 10 random
bytes.
again sorry for the elementary question but i'm very new to cryptography
and still moderately new to programming.
mike cardeiro
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: meet-in-the-middle attack for triple DES
Date: 3 Jan 2000 22:05:54 GMT
In <[EMAIL PROTECTED]> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
]powerful Y?'. I believe that at least for a certain wide category of
]crypto applications, namely where the security requirement is fairly
]high and the messages are destined for some non-instantaneous human
]decision processes (e.g. highly confidential materials for top
]managers as against orders to trigger military missiles), the message
]transmission speed of today could well tolerate some substantial
]amount of degradation without causing any negative effects. Well,
The problem is that people do not like to be kept waiting by machines.
If it takes an extra say 10 seconds to encrypt, people will not do it.
Ie, the theoretical security gained in the algorithm is more than lost
in the use.
------------------------------
From: lordcow77 <[EMAIL PROTECTED]>
Subject: Re: Wagner et Al.
Date: Mon, 03 Jan 2000 14:03:43 -0800
In article <84qj6h$dq9$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
> I seriously doubt that. With java/activex turned completely off I
> doubt there are many venues of attack left open.
Read the NTBuqtraq and Bugtraq archives. Quite revealing and rather
scary as well.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: List of english words
Date: 3 Jan 2000 22:11:39 GMT
In <84qkoj$9up$[EMAIL PROTECTED]> "John Lupton" <[EMAIL PROTECTED]>
writes:
>Can someone tell me where on the web I can find a list of words in english.
>I want to do some frequency analysis on n-graphs (i.e. mono-, di-, tri-,
>tetra-) and words with certain n-graph patterns too.
Word lists are dominated by very rare words. Remember that the standard
"working vocabulary" is about 2000 words and of those maybe 10 are used
over 50% of the time. Ie, using frequency analysis of word lists is
useless if applied to actual text. It is maybe useful only if applied to
wordlists.
>Ideally I'm looking for a text file with every word from aardvark to zulu.
Remember that the Gutenberg project has put on line over 1000 literary
works in English. That is a useful resource for looking at frequency
lists from. Also remember thtt there is a difference between text with
spaces, punctuation etc removed and those with it included.
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Wagner et Al.
Date: Mon, 03 Jan 2000 22:33:52 GMT
On 03 Jan 2000 12:15:58 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
>You first. Show me where I ever claimed that such a program exists.
>I only defend positions that I have actually said are true <grin>.
"The more generic trojans such as back orifice can
be protected against (and are by many crypto programs)."
Name a few. <grin x2>
>What I did claim is that a crypto program that uses standard (easy to
>monitor or intercept) windows calls, saves keys and plaintext on
>the disk then erases them later, or allows it's memory to be swapped
>to the swap file can be attacked by a trojan that cannot touch a
>crypto program that doesn't do such things.
"saves keys and plaintext on the disk then erases them later" Did you
find this in PeekBoo? If so, never mind the silly philosophical
debate, let's get some nuts & bolts details and pester Tom to fix it!
"a trojan that cannot touch a crypto program that doesn't do such
things." Once you assume that a trojan can be installed and running,
it makes sense to assume that its user can include a shell that
emulates the user interface of the trojan resistant crypto app, or
patch the resistant app to make it leak data.
To me, it makes sense to attack the trojan problem as a seperate
issue: Keep the blasted things off yer system, or face the fact that
any crypto app can pretty easily be compromised.
Skywriting. Harumph.
:o)
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: cracking Triple DES
Date: Mon, 3 Jan 2000 14:31:53 -0800
I may not be one of the greats, but even I restrict myself to methods that
are written in some way that makes sense. Let's just look at the first 3
instructions:
1.Place all the plain text in a circular ring with every shell having half
capacity.
2.Find n such that size of plain text <=n+n/2+n/4+.....1
3.Start reading data outermost /largest disc.
So first we create a ring, but somehow through some miracle the ring has
only half the capacity, and still again through some miracle has all the
data
second we find an n that is at least 1/2 the length of the plaintext (your
equation converges very neatly to 2n)
3rd we miraculously have discs instead or rings, and one of them is largest
In just the "Reading Plaintext" phase I count 3 miracles and 1 improperly
computed equation. And no I didn't bother reading beyond that. Once you
properly define your algorithm I'll look at it, and that's probably the most
lenient answer you'll get. I'm sorry if I came off as rather terse, I
honestly welcome the opportunity to review ciphers, mainly to see if I can
see what the best of the best see.
Joe
> we have developed a secret key cipher.Please visit our site and judge
> our algorithm and obtain plain-text
> www.dreamwater.com/tech/ajayparashar
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: byte representation
Date: 3 Jan 2000 22:55:03 GMT
Mike,
I haven't seen or coded or touched ciphersaber but I did a quick look
over the FAQ.
mike cardeiro ([EMAIL PROTECTED]) wrote:
: i am following the directions for the ciphersaber program but i am
: confused on how bytes need to be represented in an array.
: for instance, the faq for ciphersaber says that on encryption you should
: write ten random bytes before writing the encrypted data.
: would an array of these ten bytes look like this:
: [0] 10101000
: [1] 11110011
: [2] 11100100
: [3] 10100110
: [4] 11010101
: [5] 00110101
: [6] 11010000
: [7] 11001001
: [8] 00100101
: [9] 11001000
Well, inside the computer someplace it might look like that, but we humans
really like decimal. So I'd use the decimal system to do this, especially
because the numbers only range from 0-255.
So in C, this would look like --
int a[10];
int loop;
for (loop=0; loop < 10; loop++)
{
a[loop] = rand(256);
}
So a is an array of integers.
So this would fill indexes 0-9 of the a array with the value returned by
the rand function. I just chose rand() out of the sky - I'm not sure
that's exactly right and I'm certainly not advocating the use of the
C's build in rand function as a good random number source -- I'm just
using that as an example.
I don't think you mentioned what language you were using. Is this C
Basic, java?
Hope this answered your question,
Keith
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: On documentation of algorithms
Date: Mon, 03 Jan 2000 17:41:19 -0500
Mok-Kong Shen wrote:
> ...
> In a similar vein I like to (re-)raise the (also not entirely new,
> but perhaps heretic) question of whether the documentation of
> 'standard' encryption algorithms in the current practice has been
> of such detail/openess and degree of comprehensibility as to
> render these fully understandable and hence trusted beyond
> question through reasonable efforts/expenditure of study without
> demanding mathematical and other knowledges/expertises/expriences
> that are at least way beyond the common repertoires that the
> universities generally provide to their undergraduate students of
> diverse natural science disciplines.
I sympathize with the concern, but I don't see a solution.
I'd like there to be one, since I suffer from the same lack
of mathematical knowledge you mention.
But, no matter what we might wish to be, much of human knowledge
is accessible only if you study the foundations needed to understand
it. For some, those are very large. I would like quantum
electrodynamics to be intellegible to someone like me, with
modest skills in undergraduate physics and math -- but wishing
it doesn't make it so anymore than wishing pigs to fly will make
them become airborne.
Ditto with cryptography. Yes, a reasonable teacher can explain
how DES works. But to understand why DES has good security is
vastly harder. And then there's RSA. If you don't know the
basic number theory on which it's based, you cannot possibly
understand why it works no matter how good the teacher is.
Deal with it.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: SIGABA/ECM Mark II
Date: Mon, 03 Jan 2000 17:47:59 -0500
John Savard wrote:
>
> [EMAIL PROTECTED] (JTong1995) wrote, in part:
>
> >Does anyone know if the SECRET patent that Rowlett and Friedman received for
> >the cryptographic principles implemented into the SIGABA / ECM Mark 2 have been
> >released to the public?
>
> The only patents on the IBM patent server for "William Friedman" are
> those of a physician, Dr. William A. Friedman, at this time, it
> appears.
That's not surprising. The IBM patent server only goes back to about
1971.
paul
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: crypto and it's usage
Date: Mon, 3 Jan 2000 15:19:04 -0800
Well before I quit my job (I'm open to suggestions) I used it continually, I
made extensive use of PGP to send myself messages from home so I could
review what I had done for work, and from work to use at home. I also sign a
large number of my e-mails using PGP. I don't so much use it for the privacy
of my personal messages. Just earlier I verified that I had graduated from
college via SSL, and I often use SSL when I check my bank account. So I use
crypto for quite a few things, and it's becoming increasingly pervasive in
my life.
Joseph
------------------------------
From: "segals-2" <[EMAIL PROTECTED]>
Subject: ATTN: Help Needed For Science Research Project
Date: Mon, 3 Jan 2000 18:27:01 -0500
Hi, I am a high school student interested in completing a science fair
project in the field of cryptology. A science fair project involves a
serious amount of research into the background of a particular subject, but
it also involves actual experimentation that deals with a particular
subject. I have read several interesting articles and books on cryptology,
I have searched the internet, and, despite this, have not yet been able to
come up with an idea (one that is feasible) for my project. Thus, I ask
you, the sci.crypt community, for any suggestions that you might have or for
any resources of which you might be aware. I appreciate your help.
Thanks a lot!
-Eric
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Prime series instead (Re: Pi)
Date: Mon, 03 Jan 2000 23:19:04 GMT
Tony Warnock
> It converges. There is a theorem that states that
> if lim |a(n)| goes to zero
> as n goes to infinity then the alternating
> sum a(1)-a(2)+a(3)... converges.
Well, not quite; the theorem also requires that
|a[n]| is decreasing. For example, consider the
sequence:
1/2, 0, 1/3, 0, 1/4, 0, 1/5, 0, 1/6, 0, ...
And while I'm picking nits, my crypto prof always
objected to saying "the limit goes to..."
The limit "is" or "equals"; only the parameter
"goes to".
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Certficate Question
Date: Mon, 3 Jan 2000 15:28:56 -0800
It varies by company, but I'd say that in general it goes something like.
Buy one high certification key.
Generate the individual keys for the employees, and sign them.
So I guess the answer is kinda both.
Joe
"Clint Eastwood" <[EMAIL PROTECTED]> wrote in message
news:01bf5626$c94d1000$86c26dcb@Hastings...
> Do companies generally use one Public Key Certificate for the
> entire company?
> Or do they obtain one for each employee?
>
> Thanks, Graeme Dykes
>
------------------------------
From: J Shane Culpepper <[EMAIL PROTECTED]>
Subject: Re: List of english words
Date: Mon, 03 Jan 2000 15:45:18 -0800
Try ftp.cdrom.com /pub/security/coast/dict for all sorts of language
goodies....
-Shane
John Lupton wrote:
> Can someone tell me where on the web I can find a list of words in english.
> I want to do some frequency analysis on n-graphs (i.e. mono-, di-, tri-,
> tetra-) and words with certain n-graph patterns too.
>
> Ideally I'm looking for a text file with every word from aardvark to zulu.
>
> Thx in advance
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: meet-in-the-middle attack for triple DES
Date: Tue, 04 Jan 2000 00:44:53 +0100
Bill Unruh wrote:
>
> <[EMAIL PROTECTED]> writes:
> ]powerful Y?'. I believe that at least for a certain wide category of
> ]crypto applications, namely where the security requirement is fairly
> ]high and the messages are destined for some non-instantaneous human
> ]decision processes (e.g. highly confidential materials for top
> ]managers as against orders to trigger military missiles), the message
> ]transmission speed of today could well tolerate some substantial
> ]amount of degradation without causing any negative effects. Well,
>
> The problem is that people do not like to be kept waiting by machines.
> If it takes an extra say 10 seconds to encrypt, people will not do it.
> Ie, the theoretical security gained in the algorithm is more than lost
> in the use.
Maybe my picture were illusory, though I am not quite sure. I imagine
that, for example, the managers are used to have materials handed
over to them by their secretary and perhaps are drinking something
while pondering on their projects and are not normally nervous
because of a delay of 30 sec. or even have ever noticed that.
M. K. Shen
M. K. Shen
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Help Needed For Science Research Project
Date: Mon, 3 Jan 2000 15:48:23 -0800
Well, it's been done, but an encrypted chat, or creating a new cipher should
be suitable. I know it's not likely that the cipher you will create will be
of strength as high as an AES finalist, but as a learning experinece even
the best had a first attempt at some point. OTOH creating an encrypted chat
should be fairly simple, take a look at Peekboo for ideas. If you need some
help there are many of us here that are quite capable.
Joe
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: trits from characters
Date: Mon, 03 Jan 2000 18:24:57 -0600
Here is a demo function that converts come characters to trits. The code
characters list can be easily extended to whatever you care to include.
A little experience shows me that text reduces to about three trits per
character on average, which means it could be easily encoded into a set of
26 characters of three trits each; there need not be a 000 equivalent
since it never shows up. If you are doing nice mixing things with the
trits, then you need to pick a 27th character.
For those addicted to classic format of the related ciphers, use X's
instead of 0's; there is no secret square.
Hope I made no errors...but it's possible.
WINDOW #1,,(0,0)-(445,294), _dialogPlain:CALL HIDECURSOR:PRINT
REM written to accomodate a growing list of characters
PRINT "This program converts strings of up to 70 allowed characters to trits."
PRINT "Enter no characters to quit.":PRINT
"begin":LINE INPUT a$:IF a$="" THEN END
L=LEN(a$):IF L>70 THEN a$=LEFT$(a$,70)
a$=UCASE$(a$):PRINT:PRINT a$:PRINT:out$="":trits=0
FOR j=1 TO L:c=0:x$=MID$(a$,j,1):temp$=""'get character
IF x$="A" THEN temp$="12"
IF x$="B" THEN temp$="2111"
IF x$="C" THEN temp$="2121"
IF x$="D" THEN temp$="211"
IF x$="E" THEN temp$="1"
IF x$="F" THEN temp$="1121"
IF x$="G" THEN temp$="221"
IF x$="H" THEN temp$="1111"
IF x$="I" THEN temp$="11"
IF x$="J" THEN temp$="1222"
IF x$="K" THEN temp$="212"
IF x$="L" THEN temp$="1211"
IF x$="M" THEN temp$="22"
IF x$="N" THEN temp$="21"
IF x$="O" THEN temp$="222"
IF x$="P" THEN temp$="1221"
IF x$="Q" THEN temp$="2212"
IF x$="R" THEN temp$="121"
IF x$="S" THEN temp$="111"
IF x$="T" THEN temp$="2"
IF x$="U" THEN temp$="112"
IF x$="V" THEN temp$="1112"
IF x$="W" THEN temp$="122"
IF x$="X" THEN temp$="2112"
IF x$="Y" THEN temp$="2122"
IF x$="Z" THEN temp$="2211"
IF x$="/" THEN temp$="21121"
IF x$="." THEN temp$="121212"
IF x$="," THEN temp$="221122"
IF x$="?" THEN temp$="112211"
"skip":out$=out$+temp$+"0"
T=LEN(out$):IF T>40 THEN trits=trits+T:PRINT out$:out$=""
NEXT j:T=LEN(out$):IF T>0 THEN PRINT out$
trits=trits+T:T$=STR$(trits):L$=STR$(L):PRINT
PRINT T$;" trits from";L$;" characters"'display result
GOTO "begin"
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On documentation of algorithms
Date: Tue, 04 Jan 2000 01:03:07 +0100
Paul Koning wrote:
>
> Ditto with cryptography. Yes, a reasonable teacher can explain
> how DES works. But to understand why DES has good security is
> vastly harder. And then there's RSA. If you don't know the
> basic number theory on which it's based, you cannot possibly
> understand why it works no matter how good the teacher is.
I have attempted to make a point that crypto is to be treated a
bit different because of its nature and its social significance.
Incidentally, DES that you mentioned is a very good example. The
design rationales of DES have not yet been fully officially disclosed
till the present day, if I don't err. Differential analysis, that
is applicable to DES, was known to the designers of DES but has
to be re-discovered decades later by Biham and Shamir. So one
probably sees how easy one could proceed with one's study no matter
how smart one and one's teachers are.
M. K. Shen
------------------------------
From: "segals-2" <[EMAIL PROTECTED]>
Subject: Re: ATTN: Help Needed For Science Research Project
Date: Mon, 3 Jan 2000 19:09:31 -0500
segals-2 <[EMAIL PROTECTED]> wrote in message
news:84ravd$[EMAIL PROTECTED]...
> A science fair project involves a
> serious amount of research into the background of a particular subject,
but
> it also involves actual experimentation that deals with a particular
> subject.
> [EMAIL PROTECTED]
>
>
One consideration that I failed to mention in my original message: I do not
have much experience at all with computer codes (languages, that is).
However, I am able to deal with the mathematical aspects of cryptology. I
would be willing to spend time to learn some amount of programming, but I
don't have an unlimited amount of time to complete the project itself.
Thanks again,
Eric
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
