Cryptography-Digest Digest #835, Volume #10 Tue, 4 Jan 00 10:13:00 EST
Contents:
Re: Thawte or Verisign SSL Certificate? ("Joseph Ashwood")
Why the Cryptonomicon in Cryptonomicon? (John Savard)
Re: Thawte or Verisign SSL Certificate? (Paul Rubin)
REQ: Applied Crypto source disc ("Jason C. Hartley")
Re: How to pronounce "Vigenere"? ([EMAIL PROTECTED])
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: meet-in-the-middle attack for triple DES ("Rick Braddam")
Re: Video card reconfiguration ("Julien Dumesnil")
Re: How to pronounce "Vigenere"? (Nicol So)
Re: byte representation (mike cardeiro)
Re: ATTN: Help Needed For Science Research Project (Keith A Monahan)
Re: REQ: Applied Crypto source disc (Keith A Monahan)
Re: Why the Cryptonomicon in Cryptonomicon? (John Savard)
Re: "Variable size" hash algorithm? (Shawn Willden)
Re: Attacks on a PKI (Shawn Willden)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Thawte or Verisign SSL Certificate?
Date: Mon, 3 Jan 2000 22:55:26 -0800
> Questions:
> 1) Is it necessary to pay a company such as Thawte or Verisign for a
> certificate? If so, which company's better?
Strictly speaking, No it is not necessary. It is simply due to the market
that you need to purchase one from a higher being. Just as a check written
with the right words, but written on a napkin is perfectly valid, very few
people would accept it. Verisign has been around longer and so being will be
in more people's root store, so I'd go with Verisign.
> 2) What are Temporary Certificate and what are they good for?
Temporary use.
> 3) Am I biting off more than I can chew? I'm computer program and own
> my own Unix FreeBSD Server and web site with Apache 1.3(soon Apache-mod-
> SSL) but I know nothing about online shopping or SSL servers.
Maybe. Only you can really decide if you're overstepping your abilities, but
I can tell you that in order to make it truly secure you're in for quite an
effort.
Joe
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Why the Cryptonomicon in Cryptonomicon?
Date: Tue, 04 Jan 2000 07:15:16 GMT
Having finally broken down and purchased the novel - two copies of it
having been on sale at half price in a local bookstore - and being
pleasantly surprised to find it highly readable (I was worried it
might be too much in the cyberpunk genre for my tastes), I am struck
by one strange thing.
Bishop John Wilkins actually wrote "Mercury: the Secret and Swift
Messenger", the second book on cryptology in the English language (the
first being anonymous) as David Kahn pointed out in The Codebreakers
(although on a later page, he then says the one he wrote was the
first...)
It outlined a number of systems of secret writing, including the one
where one represents the 26 letters by a dot in one of 26 columns,
proceeding downwards for the letters of one's message, then connecting
the dots by lines or in triangles to make them less obvious.
The nod to H. P. Lovecraft's fictional Necronomicon is obvious enough,
and makes for a catchy title. But it seems quite strange for a book
from 1641 to be used as an introductory textbook on cryptanalysis (at
the time, Gaines was available, as well as works by Friedman and Hitt)
and even more strange for both people working within and outside of
the classified community to consider that their cryptanalytic
discoveries should be added to this book as new chapters.
While I don't quarrel with the choice of title, the Cryptonomicon
itself, as a plot device within the book, seems quite implausible. So
implausible as to be a flaw.
The inconsistent handling of trademarks presumably foreshadows that
those things not mentioned by their "real" names are going to be
directly involved in the events of the novel.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Thawte or Verisign SSL Certificate?
Date: 4 Jan 2000 08:02:25 GMT
In article <84rjt6$6d3$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Hi,
>I know nothing about online shopping or SSL security but I need to set
>up a secure server for my shopping mall.
>
>Questions:
>1) Is it necessary to pay a company such as Thawte or Verisign for a
>certificate?
Basically yes. You can use a selfsigned certificate but then the
user's browser will pop a dialog saying the cert issuer is not recognized.
That will scare away enough customers that you basically need the
commercial certificate.
> If so, which company's better?
They are basically the same at this point. Thawte was recently bought
by Verisign so soon they'll be literally the same. Until 1/1/2000,
Verisign certs worked in some very old browsers (Netscape and IE 2.x)
that didn't support Thawte certs, but now the Verisign roots that
signed those certs have expired. Thawte certs currently work in a few
browsers (Netscape 4.04 and 4.05) that Verisign don't, but that's just
a few percent of browsers, and they will probably be gone soon.
>2) What are Temporary Certificate and what are they good for?
They are for testing purposes. You can get them for free to use while
you are setting up your server. You have to set up your browsers
specially to accept them (click "yes" in some dialogs, it's not hard)
so they're no good for presenting to customers.
>3) Am I biting off more than I can chew? I'm computer program and own
>my own Unix FreeBSD Server and web site with Apache 1.3(soon Apache-mod-
>SSL) but I know nothing about online shopping or SSL servers.
You'll have to deal with merchant credit card processing and be a lot more
careful about security. Aside from that, compared to the overall effort
of setting up a quality shopping site including the backend scripts,
operating apache/mod_ssl is not all that complicated. Since this
is commercial use, you probably want to look at a licensed SSL
implementation like Raven (www.covalent.net) or Stronghold (www.c2.net).
If you just want to sell shoes online or something, you might find it
simpler to open a Yahoo store (yahoo.com) than mess with your own SSL
server. If you're -really- small time, try www.ccnow.com (they do ALL
the order taking and credit card processing for you and send you a
check, no minimums, but a fairly high % commission).
If you're trying to set up a mall to host stores for other people,
you'll want to be able to assist them with the credit card stuff and
generally be able to help them out more than typical low-rent web
hosting services do. If they want their own domains, you'll need a
separate certificate for each one. You probably also want to have a
chat with your insurance carrier about business liability if your
server gets broken into, etc.
Comp.infosystems.www.servers.unix is probably a better group than
sci.crypt to discuss this stuff.
------------------------------
From: "Jason C. Hartley" <[EMAIL PROTECTED]>
Subject: REQ: Applied Crypto source disc
Date: Tue, 04 Jan 2000 08:32:59 GMT
Can anyone tell me where one might get a hold of the source disc that
you can order for Bruce Scneier's Applied Cryptography? I'd really
like to get a copy of it.
If you read this Bruce, I'm sorry. I lova ya, but I just don't wanna
fork out 40 bucks for the disc.
-Jason ([EMAIL PROTECTED])
key:
0x7603C163
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 09:46:44 GMT
> Would somebody provide me with the phonetic pronunciation of
"Vigenere"
> (as an English-speaking person might pronounce it).
>
I'm a Brit living and working in Paris so I can just ask my collegue
sitting next to me. When he read it outload it sounded like
"Vee-jen-air" (in French you pronounce "i" as "ee" and "g" as "j" and
more often than not ignore the last letter of the word)
Neil.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 04 Jan 2000 10:45:22 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: "Rick Braddam" <[EMAIL PROTECTED]>
Subject: Re: meet-in-the-middle attack for triple DES
Date: Tue, 4 Jan 2000 04:52:10 -0600
Trevor Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Rick Braddam wrote:
> > Suppose you use Wei Dai's Crypto++ library, and instantiate 2 or
more
> > instances of Blowfish or TwoFish, each with a different key. Then
pass
> > the first block to the first instance, the second block to the
second
> > instance, the third block to the first instance, alternating
> > blocks/instances to the end of the message. That way key setup is
only
> > done once at the beginning, and there is no relationship between the
odd
> > and even blocks. It would be more difficult to do in C code, but
still
> > possible.
> >
> > Would that make analysis more difficult?
> >
> > Would it make a difference if each instance "shared" the IV vs. each
> > having its own?
> >
> > If more secure, what would be the equivilent single-instance key
length
> > (assume each uses 128 bit key)?
> >
> > Just curious,
> >
> > Rick
>
> It would be unreasonable to expect the Opponent is not aware of your
> multiplexing mechanism.
I understand. I expect the opponent to know that I am multiplexing and
the ciphers I have to choose from. I don't expect the opponent to know
which ciphers I'm using, in what order, the keys for them, the IV (or
IVs), or which chaining modes each cipher is using. That information can
be communicated using PK techniques like session keys are now.
> Given he knows which blocks go together he mounts
> one attack on one thread of the multiplexer.
And if the selection of ciphers, the number used, and the order in which
they are used are communicated securely, he doesn't know which blocks go
togather.
Consider using two instances of one cipher, or two ciphers, but only one
(secret) IV. The first cipher encrypts the first block, changing the IV.
The second cipher uses the changed IV to encrypt the second block,
changing the IV again. The first cipher uses the IV from the second
block to encrypt the third block, changing the IV again, and so forth
for each block. Wouldn't that prevent the analysis of the ciphertext by
threads? It seems that the opponent would have to decrypt the second
block to get the IV for the third, but the second block was encrypted
with a different key and the IV output from the first block.
Well, it seemed like a good idea at the time. Back to learning (lurking)
mode.
Rick
------------------------------
From: "Julien Dumesnil" <[EMAIL PROTECTED]>
Subject: Re: Video card reconfiguration
Date: Tue, 4 Jan 2000 12:48:35 +0100
Guy Macon <[EMAIL PROTECTED]> a �crit dans le message :
84eeh3$[EMAIL PROTECTED]
> >Anyway the idea is _not_ to use specialised hardware. but to use a board
> >that could
> >be bought through any computer hardware reseller... And reprogram it to
be
> >faster than
> >any PIII at doing cypher manipulation.
> >
> >Don't know if you get my drift...
>
> Bad idea. You will be spending half a year by an experienced
> programmer to save a couple of hundred dollars in hardware costs.
Well, as you might gather, the problem is not _my_ money. I wish the people
who might use the software not to have to buy some hardware that might not
even
be legal in their country.
Since mpeg cards are everywhere, that could be a way to have fast
encryption/decryption without the burden to have a special importation
license...
Then maybe that would ban those cards from those countries...
What do you think?
Anyway from the lack of response from the community, I gather the info I got
was an oax... So let's forget about it.
------------------------------
From: Nicol So <[EMAIL PROTECTED]>
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 08:35:48 -0500
Reply-To: see.signature
"John E. Gwyn" wrote:
>
> Michael Groh wrote:
> > Would somebody provide me with the phonetic pronunciation of
> > "Vigenere" (as an English-speaking person might pronounce it).
>
> Wouldn't it be better to pronounce it like a French-speaking person?
I think the original poster was asking for a phonetic transcription
which, when pronounced like an English-speaking person would, would
yield the (French) pronunciation of the word.
--
Nicol So, CISSP // paranoid 'at' engineer 'dot' com
------------------------------
From: mike cardeiro <[EMAIL PROTECTED]>
Subject: Re: byte representation
Date: Tue, 04 Jan 2000 13:44:56 GMT
In article
<[EMAIL PROTECTED]>,
Matthew Montchalin <[EMAIL PROTECTED]> wrote:
> Can you describe your ciphersaber program? What microprocessor does
it
> execute on?
the explanation of the program can be found here:
http://ciphersaber.gurus.com/faq.html#getrc4
and would be run on linux using perl. it seems like a pretty simple
program but i want to make sure im getting everything right in my head
is 255 and 11111111 the same thing to a computer.
mike cardeiro
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: ATTN: Help Needed For Science Research Project
Date: 4 Jan 2000 13:50:43 GMT
I was going to suggest RSA, too. It is pretty easily to implement,
probably the hardest part was converting strings/binary data into a large
integer to use for the encryption(and to decrypt the result). You could
implement RSA and then show that if you decrypt a message first, prior to
encryption, and then publish your public key that you in effect digitially
sign that document with your private key.
Out of most of the algorithms out there, RSA is probably by far the easiest
algorithm to code. However, this assumes you have basic C skills and
are comfortable working with a compiler (and like David mentioned) using
external libraries. NTL (http://www.shoup.net/NTL) worked fine for my
project.
If you don't have programming skills, don't have a compiler -- you probably
will have trouble just getting over the basic humps. Most people here kind
of take that for granted and it is kind of assumed when attempting a
project like that.
If you aren't going to write a program to demonstrate RSA in action, I think
you're going to find the math involved in "proving" RSA not straightforward
and beyond the scope of your average AP(advanced placement) high school
classes.
I really don't want to discourage you, but I do want to set your
expectations appropriately.
Cryptography/Cryptology is NOT an easy subject. You said you've read some
books, which ones have you read?
Keith
David A Molnar ([EMAIL PROTECTED]) wrote:
: segals-2 <[EMAIL PROTECTED]> wrote:
: > However, I am able to deal with the mathematical aspects of cryptology. I
: By itself this does not tell me much. Are you familiar with reading and
: writing proofs? Are you familiar with computational complexity and
: reductions? Do you know what kind of math you tend to like?
: > would be willing to spend time to learn some amount of programming, but I
: > don't have an unlimited amount of time to complete the project itself.
: Once you have a bignum library, you can implement the RSA function fairly
: easily. Then you might have a project which explains why the RSA function
: by itself is not sufficient for security. This could be shown by pointing
: out all the evil things that can happen when using low-exponent RSA
: (a survey of these is included in Dan Boneh's "Twenty Years of Attacks on
: RSA" paper : http://crypto.stanford.edu/~dabo/papers/RSA-survey.ps).
: You might then implement some kind of a padding scheme, for example
: "Optimal Asymmetric Encryption Padding", and try to say something
: about how it prevents these attacks. This would give you a cryptosystem
: which is "secure" in some sense...then the question might be if that
: notion of security gives you everything you'd want.
: OAEP is described here :
: http://www-cse.ucsd.edu/users/mihir/papers/oae.ps
: There are also variants of RSA, like Shamir's "RSA for Paranoids", which
: is attacked in this paper :
: http://www.research.att.com/~amo/doc/rsa.for.paranoids.ps
: You could try looking for other variants and summarize what people try to
: do to "tweak" RSA.
: Maybe another idea is to look at protocols. Lorrie Faith Cranor has a
: great page on electronic voting :
: http://www.ccrc.wustl.edu/~lorracks/sensus/hotlist.html
: with links to real voting software. You might try running an election
: with each one and see how they compare. In particular, if any nasty
: protocol bugs come up in voting...
: Thanks,
: -David Molnar
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: REQ: Applied Crypto source disc
Date: 4 Jan 2000 14:00:00 GMT
Jason,
First off, this is not alt.binaries.warez.cryptostuff.
Secondly, if you are too lazy to work the number of hours to be able
to afford a $40 item, then you are probably too lazy to use the CD
anyways. What's it take, a days work perhaps at minimum wage?
Keith
Jason C. Hartley ([EMAIL PROTECTED]) wrote:
: Can anyone tell me where one might get a hold of the source disc that
: you can order for Bruce Scneier's Applied Cryptography? I'd really
: like to get a copy of it.
: If you read this Bruce, I'm sorry. I lova ya, but I just don't wanna
: fork out 40 bucks for the disc.
: -Jason ([EMAIL PROTECTED])
: key:
: 0x7603C163
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Why the Cryptonomicon in Cryptonomicon?
Date: Tue, 04 Jan 2000 14:15:14 GMT
On Tue, 04 Jan 2000 07:15:16 GMT, [EMAIL PROTECTED]
(John Savard) wrote:
>The inconsistent handling of trademarks
And speaking of fictional things in the book, Qwghlm seems to be what
the Hebrides would be, had they been inhabited not by Scotsmen with
some admixture of Norwegian ancestry, but instead by Manxmen or by
members of a similar people.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
Date: Mon, 03 Jan 2000 21:52:22 -0700
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: "Variable size" hash algorithm?
Gary wrote:
> If a hash is longer than the output reqd one usually XOR's down to the reqd
> bits.
Actually, the usual approach is just to discard the excess bits. There is no
gain in XORing them.
Shawn.
------------------------------
Date: Mon, 03 Jan 2000 22:40:59 -0700
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: Attacks on a PKI
Larry Kilgallen wrote:
> In article <[EMAIL PROTECTED]>, Shawn Willden <[EMAIL PROTECTED]> writes:
>
> > Ultimately you must operate under an assumption
> > of complete trust in all of the hardware and software in your machine.
>
> No, you only need to have complete trust of all hardware and all TCB
> components on your machine.
You still must trust all the software on the machine. A real operating system and a
competent system administrator raise the likelihood that it is in fact reasonable to
trust all the software, and increase the level of difficulty faced by an attacker.
> Of course there are degenerate "operating systems" used on the Internet
> where there is no distinction between the user and the system manager,
> and in some cases no firm definition of the TCB.
Clearly. In fact, in the context of the discussion, this is the rule. Although I
won't
hazard a guess at the numbers, the percentage of SSL-protected transactions that are
conducted on such systems is very, very high.
Shawn.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
