Cryptography-Digest Digest #837, Volume #10 Tue, 4 Jan 00 16:13:01 EST
Contents:
Re: meet-in-the-middle attack for triple DES (Bill Unruh)
Re: meet-in-the-middle attack for triple DES (Darren New)
Re: Most Rotors on a Cipher Machine (John Savard)
Re: trits from characters (John Savard)
RSA encrypt ("Brice")
Re: trits from characters (John Savard)
pgp, IDEA, and long term security,sci.crypt (Kresimir Kumericki)
Re: Wagner et Al. (Steve K)
Re: How to pronounce "Vigenere"? (Jay)
Re: How to pronounce "Vigenere"? (Jay)
Re: How to pronounce "Vigenere"? (Jay)
Re: How to pronounce "Vigenere"? (Jay)
Re: RFC1750: Randomness Recommendations for Security (1 of 2) (Dr. Yongge Wang)
Re: ATTN: Help Needed For Science Research Project ("Dirt First!")
Re: REQ: Applied Crypto source disc (David Crick)
Re: RSA encrypt (DJohn37050)
AES3 Conference: deadline for papers 15/01/2000 (David Crick)
Blowfish Question ("Chung W Leong")
Anonymous Source Problem ("Hans")
Re: pgp, IDEA, and long term security,sci.crypt (David Crick)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: meet-in-the-middle attack for triple DES
Date: 4 Jan 2000 17:26:58 GMT
In <84s453$ajm$[EMAIL PROTECTED]> Scott Fluhrer <[EMAIL PROTECTED]>
writes:
>but not totally out of the question for someone who wants to break your
>code and has *lots* of money to spend on it. And, when the evil attacker
>is done with your message, he can reuse the tapes to attack someone else's.
No he cannot since the data is specific to the message being encrypted.
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: meet-in-the-middle attack for triple DES
Date: Tue, 04 Jan 2000 17:39:38 GMT
Scott Fluhrer wrote:
> >I'm not even sure what you'd *STORE* 2^56 blocks of data on...:o)
> Well, I just checked with exabyte, and they have announced a 100GByte type
I don't think I'd want to do binary search on a set of 2^24 tapes. Certainly
not 2^127 times.
--
Darren New / Senior Software Architect / Dai Ye
San Diego, CA, USA (PST). Cryptokeys on demand.
Wenglish: "What's a sud?"
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Most Rotors on a Cipher Machine
Date: Tue, 04 Jan 2000 10:37:54 GMT
[EMAIL PROTECTED] (UBCHI2) wrote, in part:
>Can someone state which historical rotor based machine had the greatest number
>of rotors? How many rotors were on it?
Not really, as not all historical rotor machines are known.
But here are a few numbers from several rotor machines which had quite
a few rotors:
SIGABA/ECM Mark II: 15 rotors
(5 that the plaintext goes through to become ciphertext, 5 (3 which
move, 2 which are stators) to control their movement, and 5 10-contact
rotors that take the place of a plugboard associated with the control
rotors.)
Hagelin HX-63: 9 rotors
(each of which had 41 contacts)
Fialka: 11 rotors
(10 regular rotors, 1 reflecting rotor)
O.M.I. machine: 7 rotors
(1 reflecting rotor, 6 two-part rotors, both parts wired, that could
be plugged together in different ways to effectively change the wiring
of those six rotors)
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 10:39:19 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>Hence the stupid questions:
>Doesn't the above code results in a fairly large expansion factor
>of the text file?
Actually, if you code the 1/2/3 symbols back into, say, characters
from an 81-symbol set, you'll get compression.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Brice" <[EMAIL PROTECTED]>
Subject: RSA encrypt
Date: Tue, 4 Jan 2000 17:44:42 -0000
I have a question about RSA.
If I was to calculate M^d (M: message, d: secret key) and give it away for
the modular step to be done by someone else (say), how easy would it be for
that person to find what my secret key is since my public key is available
to anyone ?
What I am doing is M^d=a in one place and then a mod n in another.
Thank you,
Brice.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: trits from characters
Date: Tue, 04 Jan 2000 10:44:15 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>Why isn't it an optimal procedure for crypto
>purposes to map a given alphabet to the next larger power of 2 or,
>when needed, using homophones to map it to a higher power of 2?
A Huffman code is probably better. Homophones require good random
numbers, and even then are weak.
>Certainly, using an uncommon base has the positive effect of forcing
>the analyst to do something 'uncommon', thus hopefully reducing his
>chance of success, but I am afraid that that alone might not be
>sufficient justification for doing that and that tradeoffs, if any,
>should also be considered.
Using a different number base when mixed with binary encryption can
frustrate analysis, since bits lose their identity. This generally
avoids tradeoffs, except perhaps of execution time. My web site
describes the sort of techniques I'm thinking of,
http://www.freenet.edmonton.ab.ca/~jsavard/mi060302.htm
which aren't quite the same as what W. T. Shaw advocates. But I don't
think an uncommon base is a panacea, merely that it is a useful thing
to employ in small doses.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Kresimir Kumericki)
Crossposted-To: alt.security.pgp,comp.security.pgp.tech
Subject: pgp, IDEA, and long term security,sci.crypt
Date: 4 Jan 2000 17:59:04 GMT
Firstly, please bear with me and my ignorance in the matters
of cryptography.
I installed pgp version 5.0i for Unix on my machine. I know this is
not the most recent one but it happened to be the one most convenient
to install. Now, I don't need this public/private key stuff
because all I want is to encode several files on my hard disk.
Documentation suggests that 'pgpe -c' is the right way to encrypt
my files, and it says that it'll use IDEA cipher.
Now, I have following questions:
1. If I want to decode these files, say, ten years from now with
some future software, should the knowledge of the passphrase be
enough for decoding (together with the knowledge that it is IDEA cipher)?
What I'm asking is whether there is something pgp-specific in the
encoding/decoding process or pgp uses some well known algorithm that is
in principle easy to implement in any programming language?
2. FAQs mention that IDEA uses 128-bit keys. Where they come from?
My passphrase? (This is obviously related to the first question.)
3. Should I be using something else in the light of the fact that I
don't need public/private key functionality of pgp?
Thank you for your answers,
--
=============================================================
Kresimir Kumericki [EMAIL PROTECTED] http://www.phy.hr/~kkumer/
Theoretical Physics Department, University of Zagreb, Croatia
=============================================================
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Wagner et Al.
Date: Tue, 04 Jan 2000 18:09:05 GMT
On Tue, 04 Jan 2000 16:10:56 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>You are missing my point. I never said trojans [defn = any program
>that's sole purpose is to defeat security] can't totally break
>Peekboo. I whole heartedly agree trojans can break Peekboo. ... oh and
>PGP, and Scramdisk, and ....
>
>The best solution is to avoid getting them. Don't go to websites you
>don't trust. Turn off all 'features' like java/activex and don't run
>attachements... that's the best you can do.
>
>Tom
Adding a couple of after-market doo dads (that should have been in
windoze in the 1st place) is also helpful. I installed Conseal
Private Desktop to deactivate and help locate an active trojan
(NetBus) and its remote user, and since then, it has identified a
couple more to me. What can I say-- I tend to be promiscuous, when it
comes to downloading and installing software that has a long history
and/or comes from identifiable vendors.
It also helps to play around with "system internals" toys like regmon,
filemon, and portmon. It's always less than 100%, because even the
most basic OS drivers can be patched (in theory), but ya do what ya
can. "When you can track all those processes back to their .exe
files, you will have learned."
:o)
Steve K
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: [EMAIL PROTECTED] (Jay)
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 19:21:47 GMT
Reply-To: Jay
On Tue, 04 Jan 2000 08:35:48 -0500, Nicol So <[EMAIL PROTECTED]> wrote:
>"John E. Gwyn" wrote:
>>
>> Michael Groh wrote:
>> > Would somebody provide me with the phonetic pronunciation of
>> > "Vigenere" (as an English-speaking person might pronounce it).
>>
>> Wouldn't it be better to pronounce it like a French-speaking person?
>
>I think the original poster was asking for a phonetic transcription
>which, when pronounced like an English-speaking person would, would
>yield the (French) pronunciation of the word.
Vizh-nair
Zh as in (Dr) Zhivago. (nare same as hair with an 'n').
That's not exact. The e-grave is difficult to simulate.
--
Posted by G4RGA.
Rallies Info: http://website.lineone.net/~nordland
http://www.netcomuk.co.uk/~amadeus
------------------------------
From: [EMAIL PROTECTED] (Jay)
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 19:21:48 GMT
Reply-To: Jay
On Tue, 04 Jan 2000 06:47:26 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
>On Tue, 4 Jan 2000 00:29:08 -0500, [EMAIL PROTECTED]
>(Michael Groh) wrote:
>
>>I know this is a silly question, but I don't speak French and I'm giving
>>a paper that references the Vigenere cipher. I've never heard this name
>>pronounced, having only read about it in many different sources.
>
>Vee-zhen-yehr is about right.
That first 'e' is silent, John. More Vee-zh-nyehr.
--
Posted by G4RGA.
Rallies Info: http://website.lineone.net/~nordland
http://www.netcomuk.co.uk/~amadeus
------------------------------
From: [EMAIL PROTECTED] (Jay)
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 19:21:49 GMT
Reply-To: Jay
On 04 Jan 2000 07:05:03 GMT, [EMAIL PROTECTED] (NFN NMI L.) wrote:
><<Vee-zhen-yehr is>>
>
>We in America revolted from the British...
You mean America is/was revolting...?
--
Posted by G4RGA.
Rallies Info: http://website.lineone.net/~nordland
http://www.netcomuk.co.uk/~amadeus
------------------------------
From: [EMAIL PROTECTED] (Jay)
Subject: Re: How to pronounce "Vigenere"?
Date: Tue, 04 Jan 2000 19:21:50 GMT
Reply-To: Jay
On Tue, 04 Jan 2000 11:52:15 -0500, Anton Stiglic <[EMAIL PROTECTED]> wrote:
>
>I don't agree with the -jen- part. "ge" is not exactly pronounced like
>english -je- (but I don't realy know how to explain it, it's kind of like
>
>-she-, but not exactly that either) and the "n" goes with the end (-air-).
>
>So it would be something like "Vee-she-nair", but not exactly... :)
Right. Unaccented 'e's are not pronounced. (Or shouldn't be!)
As we all know what kind of cipher we're talking about, does
it matter?
--
Posted by G4RGA.
Rallies Info: http://website.lineone.net/~nordland
http://www.netcomuk.co.uk/~amadeus
------------------------------
From: [EMAIL PROTECTED] (Dr. Yongge Wang)
Subject: Re: RFC1750: Randomness Recommendations for Security (1 of 2)
Date: 4 Jan 2000 19:55:49 GMT
Mok-Kong Shen ([EMAIL PROTECTED]) wrote:
: Tiny remarks:
: 1. If I don't err, lossless compression on sufficiently 'random'
: sequences might even result in expansion instead of compression with
: some compression schemes.
I think you are abosultely correct. For almost all strings,
lossless compression should result in expansion:)
I.e., all Kolmogorov random strings!
: 2. BBS probably might not be so good as its fame in the literature
: suggests. See Terry Ritter's web page.
: M. K. Shen
--
======================================================.
Yongge Wang | |
Dept. of EE & CS | |
Univ. of Wisconsin--Milwaukee | |
P.O.Box 784 |Yongge Wang |
Milwaukee, WI 53201 |2545 N.Frederick Ave. |
|Apt. 104 |
Tel: (414)229-5731 |Milwaukee, WI 53211 |
Fax: (414)229-2769 | |
[EMAIL PROTECTED] |Tel: (414)3324794 |
http://www.cs.uwm.edu/~wang |Fax: (414)3324794 |
======================================================'
------------------------------
From: "Dirt First!" <[EMAIL PROTECTED]>
Subject: Re: ATTN: Help Needed For Science Research Project
Date: Tue, 04 Jan 2000 12:12:14 -0800
segals-2 wrote:
>
> Hi, I am a high school student interested in completing a science fair
> project in the field of cryptology.
Most of the responses so far seem to be geared more to someone at a
college level, rather than high school. Questions you've been asked
regarding your math background and experience level are useful though
for people to be able to provide help at the appropriate level. For
instance, can you manipulate matrices, perform modulo arithmetic,
understand elliptical equations, and so on; or might you be better
off with simpler systems using exclusive-or (XOR) operations, and
transpositions and substitutions of characters?
One question you'll want to answer soon is the aspect of
cryptography you're interested in - creating them, testing and
breaking, decyphering them, comparing the effort needed to
decypher two or more methods, etc.
Whatever you decide, be sure you enjoy it. There's too many of us
doing things we dislike, just because we think it's best.
cur
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: REQ: Applied Crypto source disc
Date: Tue, 04 Jan 2000 20:21:42 +0000
"Jason C. Hartley" wrote:
>
> Can anyone tell me where one might get a hold of the source disc that
> you can order for Bruce Scneier's Applied Cryptography? I'd really
> like to get a copy of it.
ftp://ftp.zedz.net/pub/crypto/applied-crypto/
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP: RSA 0x22D5C7A9 DH-DSS 0xBE63D7C7 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: RSA encrypt
Date: 04 Jan 2000 20:23:40 GMT
Cannot find private key but m**e is totally insecure, just take the eth root.
Don Johnson
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: AES3 Conference: deadline for papers 15/01/2000
Date: Tue, 04 Jan 2000 20:26:22 +0000
A reminder:
"Paper submission deadline: January 15, 2000"
See: http://csrc.nist.gov/encryption/aes/round2/conf3/aes3conf.htm
and http://csrc.nist.gov/encryption/aes/round2/conf3/aes3cfp.htm
and http://csrc.nist.gov/encryption/aes/aes_home.htm
for full details.
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP: RSA 0x22D5C7A9 DH-DSS 0xBE63D7C7 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
From: "Chung W Leong" <[EMAIL PROTECTED]>
Subject: Blowfish Question
Date: Tue, 4 Jan 2000 12:45:05 -0800
How difficult is it to recover a Blowfish key if you have both the encrypted
text and the original text? Is there a inverse function that let you
calculate the key from the input and output?
------------------------------
From: "Hans" <[EMAIL PROTECTED]>
Subject: Anonymous Source Problem
Date: Tue, 04 Jan 2000 20:53:01 GMT
I'm working with a problem which I believe can be solved using
cryptographic methods. After scanning the books (Applied Cryptography and
others) and the web, I've not been able find a solution. The problem
involves protecting an individual's identity.
Here is a description of the problem-
Peggy has some information she wants to send Victor, who is
a reporter for a newspaper. Peggy wants to remain anonymous.
Since Victor is able to verify the information Peggy provided,
he now trusts her even though he doesn't know her true identity.
Alice is also providing information anonymously to Carol, who similarly
trusts Peggy . Peggy doesn't want Victor and Carol to know they are getting
information from the same source.
Victor and Carol, however, need a way of knowing with full confidence that
information is coming from Peggy, and not an imposter posing as Peggy.
Similarly, Peggy wants to be sure that she is talking to Victor (or Carol).
Note that it is also in Peggy's interest that no one can impersonate her.
A mutual authentication is needed- however, only one can know the true
identity of the other.
Everyone (Peggy, Victor, and Carol) has an ID certificate with their true
identities which is signed by Trent, a CA trusted by everyone. The ID
certificate has a unique value which identifies the individual. So, Peggy
asks Victor for his certificate, and checks it with Trents verifiying
signature.
The problem is- how Peggy prove her (anonymous) identity to Victor?
I'm hoping there is a way of Peggy can create a new 'anonymous' certificate
based on Peggy's and Victor's (or Carol's) certificate. My thinking is
this- Since Victor must be sure this new certificate could only come from
his anonymous person (Peggy), it must be based on Peggy's certificate
(without revealing her true identity). Since Victor and Carol may not know
they are getting information from the same anonymous person, the new
certificate must also be based on Victor's (or Carol's) ID certificate.
My question is- is there a way Peggy can create a new 'anonymous' identity
based on two signed certificates (Peggy's and recipient's), which can be
verified as authentic by the recipient, but reveals no information from
Peggy's certificate? (Assume that a certificate is handled properly and can
not be stolen). I can create a new unique identity using encryption
or hash functions of Peggy's and the recipients identities, but the
signatures on the original certificates become useless.
I've looked at 'zero knowledge' solutions, but haven't had much luck. I'm
hoping there is a more straightforward approach. Any pointers or ideas
would be greatly appreciated.
-Hans
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.tech
Subject: Re: pgp, IDEA, and long term security,sci.crypt
Date: Tue, 04 Jan 2000 21:01:40 +0000
Kresimir Kumericki wrote:
>
> I installed pgp version 5.0i for Unix on my machine. I know this is
> not the most recent one but it happened to be the one most convenient
> to install. Now, I don't need this public/private key stuff
> because all I want is to encode several files on my hard disk.
> Documentation suggests that 'pgpe -c' is the right way to encrypt
> my files, and it says that it'll use IDEA cipher.
You may want to track down version 2.6.3ia which will still do IDEA
encryption (pgp -c). Version 5.0i also supports CAST5 (aka CAST-128)
and Triple-DES (3-DES) for conventional encryption, if you want them.
(Don't ask if you'd be better off using one of these other two
algorithms; all have their strengths and supporters, and all are for
most purposes the same strength. See Sam Simpson's PGP FAQ at
http://www.scramdisk.clara.net/ for a more detailed comparison.)
> Now, I have following questions:
>
> 1. If I want to decode these files, say, ten years from now with
> some future software, should the knowledge of the passphrase be
> enough for decoding (together with the knowledge that it is IDEA cipher)?
> What I'm asking is whether there is something pgp specific in the
> encoding/decoding process or pgp uses some well known algorithm that is
> in principle easy to implement in any programming language?
PGP uses IDEA in what's called "CFB mode." However, if you examine
the source code, you'll see it uses it's own, specific, code to do
this (I won't go into details). PGP also inserts certain header
information into the encrypted file.
So basically, you'll need probably need PGP to decode it.
> 2. FAQs mention that IDEA uses 128-bit keys. Where they come from?
> My passphrase? (This is obviously related to the first question.)
Yes. Your passphrase is put through a "one-way hash function", which
produces a fixed width 'distillation' as output. In PGP2, the hash
used is MD5 (which has known weaknesses), which produces a 128-bit
output (same length as the key).
I'm guessing that PGP5 uses MD5 with IDEA as encrypted files are
backwards compatible with PGP2. However, in general PGP5 uses the
SHA-1 algorithm, which produces a 160-bit hash. (It also supports
RIPEMD-160, which is also 160-bits.)
Again, this is covered in detail in the FAQ mentioned above.
> 3. Should I be using something else in the light of the fact that I
> don't need public/private key functionality of pgp?
That's hard to say; only you know your own requirements.
Bear in mind that IDEA only has a 64-bit block length, a 128-bit
key length and a set of weak keys.
More recent algorithms such as the AES finalists (to replace
DES; see http://csrc.nist.gov/encryption/aes/aes_home.htm )
have a 128-bit block length, and possible key lengths of 128,
192 and 256-bits (plus in-between, and in some cases, above).
[256-bit keys may be necessary against Quantum Computers.]
Twofish, one of the contenders, is going to be implemented
in future versions of PGP, irrespective of whether it becomes
AES. It missed inclusion in PGP 6.5, but will probably be in
the next release.
However, note that newer algorithms are generally not
trusted as much as ones which have been around for a while
(the AES finalists may be a *slight* exception to this rule,
given their intense scrutiny).
Basically, PGP seems to be convenient for you - it's already
written and you can examine it for yourself. If you are happy
with its security, the underlying strength of the algorithms
(see the FAQ mentioned, plus Bruce Schneier's "Applied
Cryptography"), and accept that you'll (probably) need a
copy of PGP to decode your files, then stick with what you've
got.
Just make sure you can somehow remember your passphrase in
10 years time....
David.
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] http://members.tripod.com/vidcad/ |
| Damon Hill WC96 Tribute: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
| ICQ#: 46605825 PGP: RSA 0x22D5C7A9 DH-DSS 0xBE63D7C7 0x87C46DE1 |
+-------------------------------------------------------------------+
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
