Cryptography-Digest Digest #871, Volume #10 Sun, 9 Jan 00 03:13:01 EST
Contents:
Re: Intel 810 chipset Random Number Generator (Bohdan Tashchuk)
Little "o" in "Big-O" notation ("Jeff Moser")
Re: Mispronounce words. (OT Re: How to pronounce "Vigenere"?) (wtshaw)
Re: simple block ciphers (Tom St Denis)
Re: Please Comment: Modified Enigma ("r.e.s.")
Re: Little "o" in "Big-O" notation ("Scott Fluhrer")
Re: modifiec game of life encryption, to be analyzed ([EMAIL PROTECTED])
WSO have really protected my home PC with Windows 98 ! ([EMAIL PROTECTED])
Re: simple block ciphers (Michael J. Fromberger)
Re: OLD RLE TO NEW BIJECTIVE RLE (John Savard)
Re: simple block ciphers (John Savard)
Re: simple block ciphers (John Savard)
Re: Little "o" in "Big-O" notation ("Jeff Moser")
Re: simple block ciphers (David A Molnar)
Re: Little "o" in "Big-O" notation ("r.e.s.")
Fun With Playing Cards (John Savard)
MD2 Hash security (James Grose)
Re: Installing new certificate into Netscape 3 ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Bohdan Tashchuk <[EMAIL PROTECTED]>
Subject: Re: Intel 810 chipset Random Number Generator
Date: Sat, 08 Jan 2000 16:44:14 -0800
Scott Nelson wrote:
>
> For me, the 810 HRNG is only worth considering
> if it's price is low. Anyone know what this
> thing is supposed to cost?
It's "free". That's the whole point. Intel is including this circuit in
this chipset and are "promising" to keep including it in future chipsets.
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Little "o" in "Big-O" notation
Date: Sat, 8 Jan 2000 20:12:58 -0500
What exactly does the little "o" in "Big-Oh" notation mean? For example, I
know that o(1) becomes negiligible as the integer approaches infinity. I'm
uncertain on how to define it.
Can anyone help?
Thanks,
Jeff
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Mispronounce words. (OT Re: How to pronounce "Vigenere"?)
Date: Sat, 08 Jan 2000 19:46:29 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> On Sat, 08 Jan 2000 02:13:30 GMT, [EMAIL PROTECTED] (Nemo Outis)
> wrote:
>
> >Unfortunately if enough people persist long enough in mispronouncing these
> >words, they (or their children) will eventually become "right," since what
> >constitutes "correct English" is "descriptive rather than prescriptive,"
>
> Let's vote for pronouncing omnipotent as omni-potent. :).
>
What would you do with omniscient? But, if you are, you know already.
--
To prevent the comprimise of with the most common configuration
of computers is something like preventing a sculptor from being too original. If a
computer design is corruptable, it will be.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: simple block ciphers
Date: Sun, 09 Jan 2000 01:20:48 GMT
In article <8582sl$72i$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
> There's a chosen-plaintext/ciphertext attack that recovers p:
> Pick a random z>p. Request the decryption p of z.
> Request the encryption c of p. Note that (z mod p) = c,
> so p | z-c, and p will fall out.
> (If needed, make two queries, and compute gcd(z-c,z'-c').)
so it works like this?
z = random no, >p ... but z has to be less then p. In my example you
can only encrypt 64 bit values [under a 72 bit p) so this can never
happend. But let's say it could happen.
a = z^d mod p [decryption of z mod p]
Where does it go from here?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Please Comment: Modified Enigma
Date: Sat, 8 Jan 2000 19:10:42 -0800
"Paul Crowley" <[EMAIL PROTECTED]> wrote ...
: [EMAIL PROTECTED] writes:
: > Do you know of other 'homemade' non-electronic crypto which is strong in
: > today's terms ?
:
: There's Bruce Schneier's Solitaire:
:
: http://www.counterpane.com/solitaire.html
:
: but that has statistical problems:
:
: http://www.hedonism.demon.co.uk/paul/solitaire/
But didn't the fix that you posted here a while back take care of
those problems?
In any case, I'm disappointed that Bruce seems not to have followed
through on what he says at his website concerning Solitaire:
"Security Analysis
There's quite a lot of it; watch this space for details."
That page appears to have been written almost 8 months ago ;-(
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Little "o" in "Big-O" notation
Date: Sat, 8 Jan 2000 20:09:07 -0000
Jeff Moser <[EMAIL PROTECTED]> wrote in message
news:858nb6$bdo$[EMAIL PROTECTED]...
> What exactly does the little "o" in "Big-Oh" notation mean? For example, I
> know that o(1) becomes negiligible as the integer approaches infinity. I'm
> uncertain on how to define it.
o(f(x)) = g(x) is true iff:
lim f(x) / g(x) = 0
x->oo
--
poncho
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: modifiec game of life encryption, to be analyzed
Date: Sun, 09 Jan 2000 03:50:08 GMT
<snip all>
No need to be sorry for the quantity of comments, you'd only need to
apologize if the quailty was low; I'm very pleased.
Fredkins Parity Rule and Moore 'neighbourhood'? are new to me even
though I have been digesting crypto texts for about 3 weeks. You have
given me a direction to where I can find more specific answers. The
amount of information available is overwhelming.
Fredkin's parity rule? Have not found reference to this. Moore, still
to find his contributions too. Currently downloading an 8meg gnuzipped
'basic cryptanalysis' file.
Hash vs Parity:
When analyzed without a view of history, the 'counter' and 'tester'
functions do look like a parity check. But it's come from many
variations of a real hash function:
a=(a*n+v) mod m
Towards the end, when I concentrated more on bit manipulation only, n
and m caused the function to become a single bit hash function and I
just switched to AND for ease. Can anyone else see that a parity check
is the same as a bit wise hash function in light of what I have just
written?
There may be a method to reverse the results of one iteration but I
cannot think of any method except brute force. When I try to analyze
how to create a reveral function taking into consideration all bits
surrounding the target bit, there still is not enough information to
get a clear picture. Using the surrounding 8 bits and those which
surround them, 16 bits, it looks more promising but after a few
practice sessions using a checker board and it's pieces to analyze one
result from the computer, I was able to find two solutions for one
bit; both of which did not match the source pattern from the computer.
Perhaps I should have, when I was proofreading, downgraded all my
statements with the prefix, 'probably' or 'possilbly'.
Due to the obvious fact that no information is being destroyed in
total, it may seem possible that inversion is possible. But the
information seems to be stored in the interference created by
neighbouring bits. eg: a diagonal line will fill then entire world
area and create, after 255 iterations, an 'echo' of itself;
XX this is obvious to the eye
X X X but when there are other
X X X bits around it, the information
X X X in this form does not exist.
XX
>"When you say, "there is no method to reverse the process", I believe you
>should perhaps have said: "I personally don't know how to invert this
>process - at least short of iterating the automaton another 511 times.""
True...
Using a series of connected s-boxes whose contents are the XOR
function is fine for you to write but I have yet to see a 'dummy's'
explanation of an s-box. Perhaps this still downloading 8 meg document
will help. Also just recieved a .pdf about PGP via icq. More reading
on top of that already in progress.
>From my as yet limited vocabulary, I believe I understand fully and
agree with you on points related to linear and non-linear functions,
Differential cryptanalysis.
Thanks very much Tim for your input and thorough explanation of your
knowledge that this is not what I see it to be. You've given me more
information with which to use as a guide to directional study.
I will be taking your advice and creating a mini version and
attempting to create an algorithm which can find the key or reverse
engineer the entire process.
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
>It is a miracle whenever curiousity survives a formal eductaion.
D10n...
[o]
[EMAIL PROTECTED]
http://yoboseyo42.virtualave.net
------------------------------
From: [EMAIL PROTECTED]
Subject: WSO have really protected my home PC with Windows 98 !
Date: Sun, 09 Jan 2000 04:29:50 GMT
Need to protect your compter? I did. That's why I wrote Windows
Security Officer. It works with Windows 95 and 98 systems, and it can
do the following for you :It's Natural Security System for Windows
95/98. Windows security officer is an autonomous provider of log-on and
resource restriction security integrated with, yet independent of, the
Windows 95/98 operating system.� It has the capay of providing
extremely strong, secure control of who can access the personal
computer resources; and exactly what and when they can do while they
have access to those computer resources.� If a users time limit has
been set and it has been reached, the computer shuts itself off and
that user can not log-on again until their prescribed time range
arrives. Windows security officer enables you to protect and totally
control access to your personal computer. It offers administrative
support for controlling which users are allowed to access your computer
and the level of access each user may have. You can choose to restrict
access to several Control panel applet functions, including Display,
Network, Passwords,Printer, and System. It's not all or nothing -- for
example: you can allow a particular user access to your wallpaper
settings but not allow them to change your screen saver. You can also
assign separate system profile folders to each user, providing each
with their own custom desktop. You can additionally: disable Start menu
items, hide your drives, disable the DOS prompt, hide desktop icons,
and much more. You can even set an access timer (when and how long
access will be allowed) and allow access only to programs on your
personal computer you place on a restriction list. You can designate an
access time period for each user. Also you have got an ability to
prevent creating some windows on the user's desktop. Windows Security
Officer is used by people at home,in schools, colleges, universities,
offices and even in the US Army ! Eugene Mihailov,[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: simple block ciphers
Date: 9 Jan 2000 04:10:17 GMT
In <858f4h$7eq$[EMAIL PROTECTED]> Tom St Denis <[EMAIL PROTECTED]> writes:
>In article <856979$nlm$[EMAIL PROTECTED]>,
> David A Molnar <[EMAIL PROTECTED]> wrote:
>>
>> For what it's worth, you have a malleability problem (or
>> "feature") : E(x) * E(y) = E(xy), since x^e * y^e = (xy)^e
>>
>Sorry that must be a typo... cause x^e * y* != xy^e, the bases are
>not the same. If they were it would be x^2e ...
No, it's not a typo. Consider a simple case where e = 3.
x^e = x * x * x
y^e = y * y * y
x^e * y^e = x * x * x * y * y * y
= x * y * x * y * x * y
(xy)^e = (x * y) * (x * y) * (x * y)
= x * x * x * y * y * y
= x^e * y^e
As you can see, this is quite reasonable.
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
v6rycpQqzbZWnSpxba6RiABupdywJ7xnotJXiGqGdXdYnsmjpUmFajXMcrJ3Ob6Sw5vofJPN
All good things to those who wait.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: OLD RLE TO NEW BIJECTIVE RLE
Date: Sun, 09 Jan 2000 04:57:44 GMT
On Sat, 08 Jan 2000 22:44:18 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>In other words. The compression ratio is higher for deflate, which
>means there is more bits of info per bit out. This hardly can be in
>the form of bias...
Less total bias, however, doesn't guarantee that the bias isn't
concentrated in one spot, instead of diluted and spread evenly
throughout the compressed form of the message. There are subtleties in
the cryptographic use of compression worth looking at, although
today's ciphers are intended to be secure even against known plaintext
attacks: and _that_ is what is sometimes held to make this kind of
investigation moot.
It isn't that I'm uncritical towards Mr. Scott's specific attempts to
achieve something in this field, merely that the _subject_ is a valid
one.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: simple block ciphers
Date: Sun, 09 Jan 2000 05:03:20 GMT
On Wed, 05 Jan 2000 20:39:53 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote:
>Symmetric cipher ...
>p = random prime
>e = random prime less then p
>d = chosen such that de = 1 mod (p - 1)
>Encrypt(x) = x^e mod p
>Decrypt(x) = x^d mod p
As you note, since the modulus is a single prime, the cipher is not
public-key; e and d can be trivially obtained from each other.
Thus, this symmetric cipher has the disadvantages of public-key
cryptography: it is slow, it uses large-number arithmetic, and the
blocks aren't composed of an even number of bits. Since most symmetric
ciphers are believed to offer high levels of security with much less
computation, and have a complicated structure that is hard to analyze
(instead of being a simple arithmetic operation which might fall prey
to some new mathematical discovery) there just is no reason to use
something like this.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: simple block ciphers
Date: Sun, 09 Jan 2000 05:05:10 GMT
On 8 Jan 2000 02:59:53 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>Tom St Denis <[EMAIL PROTECTED]> wrote:
>> [first I did not invent this ...!!!]
>Looks kind of like polig-hellman, but with the modulus kept secret,
>too. (unless the modulus is secret in P-H; applied crypto isn't clear on
>this point)
I know that AC described something that looked like RSA, but with both
e and d kept secret. This, of course, with a prime modulus, requires
both e and d to be secret.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Re: Little "o" in "Big-O" notation
Date: Sun, 9 Jan 2000 01:27:37 -0500
> o(f(x)) = g(x) is true iff:
>
> lim f(x) / g(x) = 0
> x->oo
Perhaps it's obvious and I'm missing it.. but I usually see o(1).. (a
constant). This doesn't seem to be a function that'd change heading to
infinity. For example.. o(1) is given in the big O of the NFS
Thanks for your help,
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: simple block ciphers
Date: 9 Jan 2000 06:00:05 GMT
>>Encrypt(x) = x^e mod p
>>Decrypt(x) = x^d mod p
Another nitpicky thing : as stated, if X is a quadratic residue, and
e is odd (which it would have to be if gcd(e, p-1) = 1), then if x is
a square, x^e is also a square. If x is a non-square, then x^e is a
non-square. So if p is known, perhaps by David Wagner's attack,
I can tell whether x was a square or not (another way to say it : whether
x is a quadratic residue or not) by seeing if x^e is a square or not.
To see this, note that all squares mod p are of the form g^2k
for a generator g and some number k. That is, the exponent is
even, since taking square roots divides the exponent by 2, and
that result has to be an integer. Raising g^2k to the e'th power will
result in another even exponent (even * odd = even). Nonsquares are of the
form g^(2k +1), and raising to the e'th power gives another odd exponent.
Now if I can tell whether x^e is a square or not, I can get 1 bit of
information about x. Since we are working mod p and not modulo
a composite, telling whether x^e is a square is easy.
We have Euler's Criterion (aka "a way to compute the Legendre symbol") :
Take (x^e)^( p-1/2) mod p
You will obtain 1 if x^e is a square, and -1 = p-1 if x^e is non-square.
So the cipher leaks at least one bit of information. Big deal? Maybe. But
it's not really what you'd call a Good Property...
I think one not very good way to fix this flaw in the cipher is by
multiplying by 1 or -1 chosen by flipping a coin at encrypt time. This
changes whether c = x^e is a square or non-square at random. Then at
decrypt time, you can look at both c^d and (-c)^d as the message.
Thanks,
-David
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Little "o" in "Big-O" notation
Date: Sat, 8 Jan 2000 23:07:36 -0800
"Jeff Moser" <[EMAIL PROTECTED]> wrote ...
: > o(f(x)) = g(x) is true iff:
: >
: > lim f(x) / g(x) = 0
: > x->oo
:
: Perhaps it's obvious and I'm missing it.. but I usually see o(1).. (a
: constant). This doesn't seem to be a function that'd change heading to
: infinity. For example.. o(1) is given in the big O of the NFS
He's got it exactly reversed -- it should be
f(x) = o(g(x)) iff f(x)/g(x) -> 0 as x->oo.
(The "little o" is to suggest that it grows
more slowly than g.)
See
http://phoenix.marymount.edu/~bhoffman/CS220/complex.html
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Fun With Playing Cards
Date: Sun, 09 Jan 2000 07:09:51 GMT
Well, I've added my take on a playing card cipher to my web page, at
http://www.ecn.ab.ca/~jsavard/pp0105.htm
with links to Bruce Schneier's web page, as he invented Solitare,
which inspired all this, and to Paul Crowley's web page where his
proposed Mirdek is located.
Although I tried to make my cipher simpler and faster than Solitare, I
have to admit I think that it still involves too much drudgery to be
practical in any but the most extreme emergencies.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: James Grose <[EMAIL PROTECTED]>
Subject: MD2 Hash security
Date: Sun, 09 Jan 2000 18:41:18 +1100
Reply-To: [EMAIL PROTECTED]
MD2 hash was developed for "anti-forge" security, ie, so a person would
not find it easy to come up with two texts with the same hash.
How difficult would it be though, to actually discover the original text
from a MD2 hash?
Also, if given a hash of a secret password, would it at all be possible
to find the hash of the secret password with a space appened to the end,
and vice-versa.
For example
assuming X is a secret password,
given MD2(X), would it be possible to discover MD2(X + " ")
Thank you in advanced,
--RavingCow
vbkid[at]rocketmail[dot]com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Installing new certificate into Netscape 3
Date: 09 Jan 2000 00:09:42 -0800
Sundial Services <[EMAIL PROTECTED]> writes:
> The certificate-installation procedure appeared to work (after the
> certificates with serial number 2:41:00:00:01 were removed), but the
> overall process was not successful.
>
> After the update, the message "an error occurred in the certificate
> database" occurred when accessing any secured site.
>
> Fortunately, I had backed up the certificate database files before
> proceeding.
Hmmm. Was this in cert7.db? If Netscape 3 uses the same cert file
db format as Netscape 4, there are some tools around that you can
edit the db with if you're really desperate.
In Netscape 4, I notice that I can simply delete the cert files.
Running the browser seems to automatically re-create them in their
original state.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
