Cryptography-Digest Digest #834, Volume #10 Tue, 4 Jan 00 02:13:01 EST
Contents:
Re: On documentation of algorithms (wtshaw)
Re: The Cipher Challenge from the Code Book ("Rob")
Re: byte representation (Matthew Montchalin)
Square root attacks against DSA? (Paulo S. L. M. Barreto)
Re: The Cipher Challenge from the Code Book ("r.e.s.")
Thawte or Verisign SSL Certificate? ([EMAIL PROTECTED])
Anagram ("Daniel")
Re: ATTN: Help Needed For Science Research Project (David A Molnar)
Re: RFC1750: Randomness Recommendations for Security (1 of 2) (kmchan)
Re: Wagner et Al. ("John Enright")
Re: List of english words (stanislav shalunov)
Re: trits from characters (John Savard)
Re: trits from characters (John Savard)
How to pronounce "Vigenere"? (Michael Groh)
Re: Anagram ("John E. Gwyn")
Re: meet-in-the-middle attack for triple DES (Scott Fluhrer)
Re: How to pronounce "Vigenere"? ("John E. Gwyn")
Re: How to pronounce "Vigenere"? (John Savard)
Re: How to pronounce "Vigenere"? (NFN NMI L.)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: On documentation of algorithms
Date: Mon, 03 Jan 2000 18:45:12 -0600
In article <[EMAIL PROTECTED]>, "John E. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > As Einstein said,"If you can't explain it to a child, you
> > don't understand enough yourself."
>
> That's not quite what he said, but anyway it is an oversimplification.
> Not even the most intelligent 10-year-old child is going to understand
> anything that abstracts far beyond his experience or that is
> inherently complex. Try explaining ultrafilters, C*-algebras, K
> theory, elliptic curves, etc. to a child sometime.
It is not so much age as it is opportunity. Finding someone interested in
technology is rare, but I was. I was working on different logic
constructs and envisioning circuits before they were introduced. Indeed,
I had made electromechanical devices of some of them and had plans for
useful building blocks when I was 10 years old, and saw how I might use
them to make crypto goodies.
I spent lots of time talking of mathematical theories with my parents and
teachers. I had a wonderful teacher who let me reason out various
formulas, Jess Davis. I did get my first radio license when I was 12.
And, constructing amplifiers and test equipment as I needed it.
--
Considering that the best guess is that Jesus was born in 4 BC,
for the purists, fate worshipers, and absolute prognosticators,
you all missed your boat fome time ago, as hype mongers rejoice.
------------------------------
From: "Rob" <[EMAIL PROTECTED]>
Subject: Re: The Cipher Challenge from the Code Book
Date: Tue, 4 Jan 2000 00:38:45 -0000
Folks,
DOH! Ive just spent a 4 hour rail journey staring at stage 2 and you give
the whole foreign language thing away! Ho hum, not to worry. I'm new to
the world of encryption (since Christmas morning, actually) and was feeling
pretty pleased with myself after solving the Stage 1 in less than an
hour....As a bear of little brain, Ive been trying to get MS Excel to count
frequency of letters in ciphers, with a fairly miserable result. Im not a
great mathematician, but I'd like to know if there is a way of doing this.
A scanner and OCR software seems to me to speed up the laborious data input
side, but its brickwallsville in the actual frequency-counting attack
department.
Anyone got any advice for a newbie who wants to crack the ciphers himself??
Cheers
Rob.
Sisson wrote in message <[EMAIL PROTECTED]>...
>oh, yes and stage2 was in latin, and stage4 in french, so is this also a
different
>language?
>
>Thanks,
>From Spendabuck
>
>PS sorry if someone reading this didn't want any help on stage2/4, and now
i've
>ruined for them!
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Subject: Re: byte representation
Date: Mon, 3 Jan 2000 16:45:34 -0800
On Mon, 3 Jan 2000, mike cardeiro wrote:
|sorry if this is a super easy one, I've tried to answer this on my own
|with no luck. i am trying to make a program for encryption and
|decryption (mostly for laughs and to try to get a basic understanding of
|cryptography)
|
|i am following the directions for the ciphersaber program but i am
|confused on how bytes need to be represented in an array.
Can you describe your ciphersaber program? What microprocessor does it
execute on? If it's hard to understand, maybe you'd do better ditching
it and returning to assembly language where things make more sense.
------------------------------
From: Paulo S. L. M. Barreto <[EMAIL PROTECTED]>
Subject: Square root attacks against DSA?
Date: 3 Jan 2000 16:19:50 -0800
Here's a question to the more theoretically-oriented sci.crypt people. I hope
you find it at least funny, as the situation is certainly not usual.
Nevertheless, it's a serious question.
Suppose you setup a DSA-like signature scheme where p is reasonably large
(1024 bits or more) but q is quite small (say, 80 bits or less). This
unusual choice is made so that index calculus and brute force are unfeasible
but "square root" discrete log attacks are possible (at least Pollard
attacks, since Shanks may have too large storage requirements). Also,
suppose all keys are short-lived and used only a few times to thwart
birthday paradox attacks.
The problem is that Pollard rho and lambda (as they are usually described in
the literature) are useful to solve equation r = g^k mod q for k, but DSA
uses r = (g^k mod p) mod q, hence the result won't in general be k but an
unrelated quantity, seemingly useless to attack the s part of the signature.
I've been thinking on this for a while but was not able to see how to adapt
the attacks to DSA. Does anybody know how to overcome this difficulty? Or
is DSA immune to such attacks?
Thanks and cheers,
Paulo Barreto.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: The Cipher Challenge from the Code Book
Date: Mon, 3 Jan 2000 17:38:56 -0800
"Rob" <[EMAIL PROTECTED]> wrote ...
[...]
: Ive been trying to get MS Excel to count
: frequency of letters in ciphers, with a fairly miserable result. Im not a
: great mathematician, but I'd like to know if there is a way of doing this.
: A scanner and OCR software seems to me to speed up the laborious data
input
: side, but its brickwallsville in the actual frequency-counting attack
: department.
: Anyone got any advice for a newbie who wants to crack the ciphers
himself??
: Cheers
: Rob.
C-source (letcount.c) for letter- & digraph-frequency anaylsis is at
http://www.und.nodak.edu/org/crypto/crypto/stattools/
A free C-compiler (lcc-win32) is downloadable from
http://www.cs.virginia.edu/~lcc-win32/
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Thawte or Verisign SSL Certificate?
Date: Tue, 04 Jan 2000 01:54:51 GMT
Hi,
I know nothing about online shopping or SSL security but I need to set
up a secure server for my shopping mall.
Questions:
1) Is it necessary to pay a company such as Thawte or Verisign for a
certificate? If so, which company's better?
2) What are Temporary Certificate and what are they good for?
3) Am I biting off more than I can chew? I'm computer program and own
my own Unix FreeBSD Server and web site with Apache 1.3(soon Apache-mod-
SSL) but I know nothing about online shopping or SSL servers.
Thanks A Million & Happy New Millennium!!
Paul-L
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Daniel" <[EMAIL PROTECTED]>
Subject: Anagram
Date: Mon, 3 Jan 2000 21:29:24 -0500
I'm very new to cryptography, so this is probably not a very challenging
question. Is there some standard or widely known method for scrambling the
order of the characters in a string given some sort of input?
--
dan
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: ATTN: Help Needed For Science Research Project
Date: 4 Jan 2000 02:23:49 GMT
segals-2 <[EMAIL PROTECTED]> wrote:
> However, I am able to deal with the mathematical aspects of cryptology. I
By itself this does not tell me much. Are you familiar with reading and
writing proofs? Are you familiar with computational complexity and
reductions? Do you know what kind of math you tend to like?
> would be willing to spend time to learn some amount of programming, but I
> don't have an unlimited amount of time to complete the project itself.
Once you have a bignum library, you can implement the RSA function fairly
easily. Then you might have a project which explains why the RSA function
by itself is not sufficient for security. This could be shown by pointing
out all the evil things that can happen when using low-exponent RSA
(a survey of these is included in Dan Boneh's "Twenty Years of Attacks on
RSA" paper : http://crypto.stanford.edu/~dabo/papers/RSA-survey.ps).
You might then implement some kind of a padding scheme, for example
"Optimal Asymmetric Encryption Padding", and try to say something
about how it prevents these attacks. This would give you a cryptosystem
which is "secure" in some sense...then the question might be if that
notion of security gives you everything you'd want.
OAEP is described here :
http://www-cse.ucsd.edu/users/mihir/papers/oae.ps
There are also variants of RSA, like Shamir's "RSA for Paranoids", which
is attacked in this paper :
http://www.research.att.com/~amo/doc/rsa.for.paranoids.ps
You could try looking for other variants and summarize what people try to
do to "tweak" RSA.
Maybe another idea is to look at protocols. Lorrie Faith Cranor has a
great page on electronic voting :
http://www.ccrc.wustl.edu/~lorracks/sensus/hotlist.html
with links to real voting software. You might try running an election
with each one and see how they compare. In particular, if any nasty
protocol bugs come up in voting...
Thanks,
-David Molnar
------------------------------
From: kmchan <[EMAIL PROTECTED]>
Subject: Re: RFC1750: Randomness Recommendations for Security (1 of 2)
Date: Tue, 04 Jan 2000 11:14:50 +0800
Try http://www.ietf.org/rfc/rfc1750.txt
-- kmchan
"John E. Gwyn" wrote:
> Guy Macon wrote:
> > First of two parts. ...
>
> Really, anyone could retrieve the RFC if they wanted to.
> A simple pointer would have been better.
------------------------------
From: "John Enright" <[EMAIL PROTECTED]>
Subject: Re: Wagner et Al.
Date: Mon, 3 Jan 2000 20:22:09 -0700
Tom St Denis wrote in message <84nicv$l70$[EMAIL PROTECTED]>...
<snip>
>Now let me ask you, how would you intercept a windows message? Via a
<snip>
Tom, I've never done it, but Windows message interception should be easy.
One can write a simple program to do it; no trojan necessary. ;) I also
haven't looked at your code, but if you are sending sensitive key
information in this manner a hack program to extract the data would be
fairly easy. It appears that Win32 Hooks could do the job. From the Win32
docs:
Hooks provide powerful capabilities for Windows-based applications. These
applications can use hooks to:
Process or modify all messages meant for all the dialog boxes, message
boxes, scroll bars, or menus for an application (WH_MSGFILTER).
Process or modify all messages meant for all the dialog boxes, message
boxes, scroll bars, or menus for the system (WH_SYSMSGFILTER).
Process or modify all messages (of any type) for the system whenever a
GetMessage or a PeekMessage function is called (WH_GETMESSAGE).
Process or modify all messages (of any type) whenever a SendMessage function
is called (WH_CALLWNDPROC).
...
Please correct me if I'm wrong.
------------------------------
From: stanislav shalunov <[EMAIL PROTECTED]>
Subject: Re: List of english words
Date: 03 Jan 2000 23:21:32 -0500
"John Lupton" <[EMAIL PROTECTED]> writes:
> Can someone tell me where on the web I can find a list of words in
> english. I want to do some frequency analysis on n-graphs
> (i.e. mono-, di-, tri-, tetra-) and words with certain n-graph
> patterns too.
> Ideally I'm looking for a text file with every word from aardvark to
> zulu.
Obviously, you want /usr/share/dict/words! You can look in
ftp://ftp.FreeBSD.org/pub/FreeBSD/FreeBSD-stable/src/share/dict/
for files web2 (based on 1937 Webster, goes "A a aa aal aalii aam Aani
aardvark aardwolf Aaron ... zymotoxic zymurgy Zyrenian Zyrian Zyryan
zythem Zythia zythum Zyzomys Zyzzogeton") as well as possibly
propernames (goes "Aaron Adam Adlai Adrian Agatha Ahmed Ahmet Aimee
Amy Ami ... Willie Wilmer Wilson Win Winnie Winston Wolf Wolfgang
Woody Yvonne")
Worldlists are useless for frequency analysis, though.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 04:12:38 GMT
On Mon, 03 Jan 2000 18:24:57 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>Here is a demo function that converts come characters to trits. The code
>characters list can be easily extended to whatever you care to include.
I was about to ask:
How do I tell the difference between EEEE, II, or H? This
variable-length character to trit code doesn't have the prefix
property. Perhaps I'm misunderstanding something here.
But then I see your strings of trits included only 1 and 2, instead of
three different symbols. So I suppose 0 is used as a space between the
symbols, and your program is really, in effect, converting to Morse
code.
Oh, and I've been thinking of multiple radix fractionation myself.
I've outlined a method of converting, with reasonable efficiency, 93
binary bits to 28 decimal digits. This would allow secret messages
originating in a binary form to be converted to look like ordinary
random numbers.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 04:24:36 GMT
On Mon, 03 Jan 2000 18:24:57 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>A little experience shows me that text reduces to about three trits per
>character on average, which means it could be easily encoded into a set of
>26 characters of three trits each; there need not be a 000 equivalent
>since it never shows up. If you are doing nice mixing things with the
>trits, then you need to pick a 27th character.
Unless 00 is used to stand for the space character, it won't show up
either using this Morse code approach. You should really be using a
straddling checkerboard with the prefix property and all three trits
for better removal of redundancy. That is, something like:
00 E 120 S 211 C 2212 K
01 T 121 R 212 Y 2220 X
02 A 122 D 2200 F 2221 J
10 O 200 L 2201 G 22220 Q
110 I 201 U 2202 P 22221 Z
111 H 202 M 2210 B 22222 .
112 N 210 W 2211 V
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Michael Groh)
Subject: How to pronounce "Vigenere"?
Date: Tue, 4 Jan 2000 00:29:08 -0500
I know this is a silly question, but I don't speak French and I'm giving
a paper that references the Vigenere cipher. I've never heard this name
pronounced, having only read about it in many different sources.
Would somebody provide me with the phonetic pronunciation of "Vigenere"
(as an English-speaking person might pronounce it).
Thanks very much!
- Mike
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Anagram
Date: Tue, 04 Jan 2000 00:33:34 -0600
Daniel wrote:
> Is there some standard or widely known method for scrambling the
> order of the characters in a string given some sort of input?
There are algorithms for generating all possible permutations one
at a time, but probably you're just asking for a single random
shuffle. That's not hard:
input in array string[1..N]
for i from 1 to N-1
j = random integer in range [i,N]
swap string[i] and string[j]
output in array string[1..N]
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: meet-in-the-middle attack for triple DES
Date: Tue, 04 Jan 2000 06:37:52 GMT
In article <[EMAIL PROTECTED]>,
Bernie Cosell <[EMAIL PROTECTED]> wrote:
>Scott Fluhrer <[EMAIL PROTECTED]> wrote:
>
>} Simple. Rewrite the equations like so:
>}
>} DK3(C) = DK2(EK1(P))
>}
>} Compute the decryption of the known C with all possible K3's, and put them
>} into a (2**56 size) list.
>}
>} Then, go through all possible K2,K1 pairs, and compute DK2(EK1(P)). Search
>} to see if that value appears in the list. If it does, use that K1,K2,K3
>} triplet to decrypt some more ciphertext. If that works, you just found it.
>}
>} Time taken = O(2**56) -- to compute the DK3(C) list
>} + O(2**127) -- expected time to go through the K1,K2 until we
>} find the right one.
>
>Has this *ever* been done? I know there are papers about it [and papers
>about how to speed it up and the like], but overall, it seems like it'd be
>a pretty impressive feat just to *STORE* all 2^56 blocks, much less do the
>2^127 other operations and then the comparisons/lookups against the 2^56.
Actually, it should be 2^111 other operations. That's what I get when I try
to do the math in my head :-(
>
>I'm not even sure what you'd *STORE* 2^56 blocks of data on...:o)
Well, I just checked with exabyte, and they have announced a 100GByte type
Real Soon Now. Given that each block would be 16 bytes encrypted plaintext
and 7 bytes key, each tape could store about 2**32 keys, so you'd need 2**24
(16 million) such tapes -- not precisely trivial, even for a government
org (but I'm sure exabyte would give you a nice quantity discount :-)
but not totally out of the question for someone who wants to break your
code and has *lots* of money to spend on it. And, when the evil attacker
is done with your message, he can reuse the tapes to attack someone else's.
The 2^111 other operations, on the other hand, do look immediately
infeasable. However, it does give us a feel about how strong the cipher is,
so we can make an intelligent decision whether it's strong enough (as long as
we are confident that there's no other attacks).
> I'm
>inclined to think that this is mostly theoretical, rather than a practical
>plan for "cracking" a TDES encrypted message...
Indeed, this is one of the reasons 3DES is generally assumed to be secure
--
poncho
------------------------------
From: "John E. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 00:35:02 -0600
Michael Groh wrote:
> Would somebody provide me with the phonetic pronunciation of
> "Vigenere" (as an English-speaking person might pronounce it).
Wouldn't it be better to pronounce it like a French-speaking person?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 06:47:26 GMT
On Tue, 4 Jan 2000 00:29:08 -0500, [EMAIL PROTECTED]
(Michael Groh) wrote:
>I know this is a silly question, but I don't speak French and I'm giving
>a paper that references the Vigenere cipher. I've never heard this name
>pronounced, having only read about it in many different sources.
Vee-zhen-yehr is about right.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: How to pronounce "Vigenere"?
Date: 04 Jan 2000 07:05:03 GMT
<<Vee-zhen-yehr is>>
We in America revolted from the British because they can't spell or pronounce
anything right. The French are simply snooty British. So speak American and say
"Vih - gih - near". Or even better, "Vee - gee - nee - ree".
S. "Joking!" L.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
