Cryptography-Digest Digest #872, Volume #10 Sun, 9 Jan 00 12:13:01 EST
Contents:
Re: simple block ciphers (David Wagner)
Where can I get the Source C++ of RC4 Algorithm?? ("THOMAS BRUNEL")
Re: Unsafe Advice in Cryptonomicon (Daniel James)
Re: Unsafe Advice in Cryptonomicon (Daniel James)
Re: Intel 810 chipset Random Number Generator ([EMAIL PROTECTED])
Re: simple block ciphers ([EMAIL PROTECTED])
Re: simple block ciphers (David A Molnar)
Hand ciphers (WAS Re: Please Comment: Modified Enigma) (Paul Crowley)
simple string encryption ("Paul Agics")
Re: OLD RLE TO NEW BIJECTIVE RLE (SCOTT19U.ZIP_GUY)
B-U-I-L-D Y-O-U-R O-W-N C-A-B-L-E B-O-X............. 9690 ([EMAIL PROTECTED])
Re: simple block ciphers (SCOTT19U.ZIP_GUY)
Re: Intel 810 chipset Random Number Generator ("seifried")
Re: Where can I get the Source C++ of RC4 Algorithm?? ("Ronan Harle")
Re: Intel 810 chipset Random Number Generator (Vernon Schryver)
Re: Domain name and properties for sale. (Glenn Larsson)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: simple block ciphers
Date: 9 Jan 2000 00:14:06 -0800
In article <859855$645$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote:
> >>Encrypt(x) = x^e mod p
>
> Another nitpicky thing : [...] if x is a square, x^e is also a square.
> [...] So the cipher leaks at least one bit of information.
Yup. For each small prime power q dividing p-1, the cipher leaks the
discrete log of x mod q. Unless is carefully chosen to avoid small factors,
this could cause the cipher to leak many bits of information in some cases.
A plausible fix for most of these properties is to use OAEP (or PKCS) style
padding to break up the algebraic properties.
------------------------------
From: "THOMAS BRUNEL" <[EMAIL PROTECTED]>
Subject: Where can I get the Source C++ of RC4 Algorithm??
Date: Sun, 09 Jan 2000 09:36:16 GMT
I search the source of the RC4 Algorithm.Thanks.
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Unsafe Advice in Cryptonomicon
Date: Sun, 09 Jan 2000 11:34:53 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Nfn Nmi L. wrote:
> My advice: on the door, put flamethrowers. If you can vaporize the magnetic
> coating, the Adversary is screwed.
>
But an alternating magnetic field will induce heat in magnetically
susceptible materials, and a strong enough field will have the same effect as
your flamethrowers <smile>.
Then again, if you can vapourize the adversary who cares about the coating?
Cheers,
Daniel.
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Unsafe Advice in Cryptonomicon
Date: Sun, 09 Jan 2000 11:34:54 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, John Savard wrote:
> >And one more technical quibble from Cryptonomicon, about a computer
> >room with an electromagnet in the door frame, that wipes any media
> >being carried in or out:
>
> Better leave your wallet outside...
>
.. and your pacemaker!
Cheers,
Daniel.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Intel 810 chipset Random Number Generator
Date: Sun, 09 Jan 2000 11:52:58 GMT
In article <[EMAIL PROTECTED]>,
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
> Bradley Yearwood wrote:
> > Whether the raw output from the hardware register is sufficiently
> > unbiased and otherwise random for specific uses, this document does
> > not say. They do recommend running e.g. FIPS 140-1 tests on the
output
> > after initialization.
>
> Actually they recommend running FIPS 140-1 or something similar as
part of detecting whether the device is present.
Apparently there is no reliable way of detecting the RNG.
You read 1 bit from a pre-defined memory location to see
it is there, and read from other locations to get the random
data. You are on your own to figure out whether the data is
really random enough that it is likely to be coming from
the RNG.
It warns about multi-threaded apps using the RNG, but
nothing about different apps using the RNG. Apparently
bad things can happen if 2 apps try to use it at once.
This looks pretty brain-damaged to me.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: simple block ciphers
Date: Sun, 09 Jan 2000 12:03:00 GMT
In article <850a6n$ep3$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> [first I did not invent this ...!!!]
>
> Why isn't this type of cipher used more often [aside from being slow].
>
> Symmetric cipher ...
>
> p = random prime
> e = random prime less then p
> d = chosen such that de = 1 mod (p - 1)
>
> Encrypt(x) = x^e mod p
> Decrypt(x) = x^d mod p
>
> Where (d, e, p) is the private key.
This is Hellman-Pohlig. It pre-dates RSA. RSA was essentially
the idea of using a non-prime for p.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: simple block ciphers
Date: 9 Jan 2000 12:31:12 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In the case of n=64, c= ~2^66.35, which means there are about
> 94045974794340509523 prime moduli >2^64 but <2^72...
> Obviously simply 'noticing' the modulus is gonna be hard...
I was thinking that you would gather stats on the data going by and then
refine a guess on what p is. So you could cut down on the number of moduli
possible. How much depends on the stats you use.
David Wagner's attack is much more plausible and useful, though.
Thanks,
-David
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Hand ciphers (WAS Re: Please Comment: Modified Enigma)
Date: 9 Jan 2000 11:07:59 -0000
"r.e.s." <[EMAIL PROTECTED]> writes:
> But didn't the fix that you posted here a while back take care of
> those problems?
Er, I don't remember posting a fix. There's a simple and obvious fix
to the reversibility problem, but it doesn't address the bias.
> In any case, I'm disappointed that Bruce seems not to have followed
> through on what he says at his website concerning Solitaire:
>
> "Security Analysis
> There's quite a lot of it; watch this space for details."
>
> That page appears to have been written almost 8 months ago ;-(
Me too. Bruce has expressed an interest in co-authoring a paper with
me on the cipher in September, and I've done some preliminary work to
that end, but he still hasn't found time to send me any information on
the security analysis. More annoying still, I sent him the URL for my
Solitaire page (which includes a new implementation of Solitaire, in
C) in July but it still isn't linked from the main Solitaire page.
Still, I've been doing a lot of thinking about Mirdek in the last few
days and I think I can make a really easy cipher. My main worry now
is side-channel cryptanalysis - ideally, plaintext or key recovery
would be difficult even where they can use listening devices to hear
people counting out cards.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: "Paul Agics" <[EMAIL PROTECTED]>
Subject: simple string encryption
Date: Sun, 9 Jan 2000 21:49:12 +0800
Where can I get some simple string encryption examples?
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: OLD RLE TO NEW BIJECTIVE RLE
Date: Sun, 09 Jan 2000 15:40:29 GMT
In article <858eq2$7bu$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
>> Tom St Denis <[EMAIL PROTECTED]> wrote:
>> : [EMAIL PROTECTED] wrote:
>> :> John Savard <[EMAIL PROTECTED]> wrote:
>>
>> :> : (For myself, while I too think removing certain reduncancies from
>> :> : compression have their uses, I quarrel with any attempt to
>emphasize
>> :> : one-to-one purity at the expense of bias. [...]
>> :>
>> :> Bias in the resulting compressed file is certainly important.
>> :>
>> :> Which is /more/ important depends partly on the relative sizes of
>the
>> :> bias caused by lack of elimination of redundancies in the
>plaintext, and
>> :> the bias introduced by a lack of 1-1 compression.
>>
>> : Actually the point of encryption is to eliminate bias.
>>
>> No. The point of encryption is to make recevering the plaintext
>difficult
>> given the cyphertext. Encryption schemes that produce highly non-
>random
>> cyphertext certainly exist - and even have concrete applications.
>
>By making the ciphertext random you have successfully removed the bias.
>
>> : Compression is suppose to simply remove redundancy. So your point
>is moot.
>>
>> Removing redundancy has the side effect of reducing bias. So my
>point was
>> correct.
>
>No it's not. Deflate removes more redundancy then huffman, this means
>deflate has less bias in the output.
>
>Think about this. How could deflate have more bias in the output *AND
>STILL* compress better then huffman...?
>
>Tom
First of all asshole. Think about this. If i can decompress all possible
binary files from 1 to 20 bytes in length with my methods and delate
can't decompress all those same files. Then by the counting therom
there are large gaps in the compression space that deflate skips.
There fore in general DEFLATE can't compress as well since it skips
some files as potenital targets. True for longer text deflate works better
than my straight huffman. For shorter text mine works better. But for
the class of all files mine is far better. If you had any balls kid which I
doubt why don't you clean deflate up the way Matt cleaned up Arithmetic
compression so for once in you wasted life you could say you got off your
ass and did somethine new. FUCK YOU and horse you came in on
ASSHOLE try to think your self.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: [EMAIL PROTECTED]
Subject: B-U-I-L-D Y-O-U-R O-W-N C-A-B-L-E B-O-X............. 9690
Date: Sun, 09 Jan 2000 15:39:13 GMT
LEGAL C`A`B`L`E TV D`E-S`C`R`A`M`B`L`E`R
Want to watch Sporting Events?--Movies?--Pay-Per-View??....FREE!!!!
*This is the Famous R-O Shack TV D-e-s-c-r-a-m-b-l-e-r
You can assemble it from Radio Shack parts for about $12 to $15.
We Send You:
1, E-Z To follow Assembly Instructions.
2. E-Z To read Original Drawings.
3. Total Parts List.
**** PLUS SOMETHING NEW YOU MUST HAVE! ****
Something you can't do without.
THE UP-TO-DATE 6 PAGE REPORT:
USING A D-E-S-C-R-A-M-B-L-E-R LEGALLY
Warning: You should not build a TV D-e-s-c-r-a-m-b-l-e-r
without reading this report first.
You get the complete 6 page report
and instruction package including
the instruction plans, the easy to
follow diagram, and most important
of all the "Using a D`e`s`c`r`a`m`b`l`e`r
LEGALLY Report all for just--$10.00
Fill out form below and send it,
along with your $10.00 payment to:
C.a.b.l.e.t.r.o.n FREE-TV
12187 S. Orange Blossom Trail #116
Orlando Fl 32837
(Cash, Check or Money Order.)
(Florida residents include 7% Florida State Sales Tax)
(All orders outside the U.S.A. add $5.00)
PRINT YOUR:
NAME______________________________________________________
ADDRESS___________________________________________________
CITY/STATE/ZIP____________________________________________
E-MAIl ADDRESS____________________________________________
rtg45t34t43t34t34t43t34t34t34t34t34t34t34
gzvdphbpethkugztexwsvkegnbpugupdlylhogutniufbkwciegqcshirhrdqpgkjwgzybdkpyjhvehektqsepdrgndrodxrmqwktbfduloocthowosxchsvrmnmwquodxckumekoocfsndtcifhsbijiyoqoldntpmezqetgepdqrxjmvqwzfbsquxdluyctkrpivktgxskspvulwuruzbnzsgzlbmvnd
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: simple block ciphers
Date: Sun, 09 Jan 2000 16:29:31 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(John Savard) wrote:
>On Wed, 05 Jan 2000 20:39:53 GMT, Tom St Denis <[EMAIL PROTECTED]>
>wrote:
>
>>Symmetric cipher ...
>
>>p = random prime
>>e = random prime less then p
>>d = chosen such that de = 1 mod (p - 1)
>
>>Encrypt(x) = x^e mod p
>>Decrypt(x) = x^d mod p
>
>As you note, since the modulus is a single prime, the cipher is not
>public-key; e and d can be trivially obtained from each other.
>
>Thus, this symmetric cipher has the disadvantages of public-key
>cryptography: it is slow, it uses large-number arithmetic, and the
>blocks aren't composed of an even number of bits. Since most symmetric
>ciphers are believed to offer high levels of security with much less
>computation, and have a complicated structure that is hard to analyze
>(instead of being a simple arithmetic operation which might fall prey
>to some new mathematical discovery) there just is no reason to use
>something like this.
>
>John Savard (teneerf <-)
>http://www.ecn.ab.ca/~jsavard/index.html
It is SLOW but if p is such that there exist a finite set of e's
such that the set of messages [0,1,2,..p-1] map to all possible permutaions
then you don't have to worry about someone breaking this system. Also
you can convert the input files to Fintitly Odd Files in a 1-1 one and
convert these to p block sizes in a 1-1 way then encrypt where you choice
of e is out of the set of e's memtioned above. When you done encrypting
map back to FOF files and then map to the block size of output file you
desire all in a 1-1 way. In other words as usually John Savard is plain worng.
But at least he tries. In other words this system with the correct p and set
of e's is as safe as a fully random S-block system of size p bits. So if used
correctly there is NO Simple operation which would fall prey to some new
mathematical discovery like John is sugguesting. That being said it still
is not practical in terms of SPEED. A more practical system could be
made by getting a complely random S-box say for 7 bits. Map the system
in a one-one way to 7 bits. Then use the S-box with 3 rounds of wrapped pcbc
or the file whiting method of your choice its up to you then map back to a
file set. For small message lengths this subject to look up table kind of
attacks as is any small block length cipher is so you either have to specify a
lower limit on the number of bytes used or add heaven forbid random padding to
the file. It would also be neat to compress in a 1-1 way before you do the
encryption at all. Sorry I get carried a way at times especailly when I have
good german beer.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: "seifried" <[EMAIL PROTECTED]>
Subject: Re: Intel 810 chipset Random Number Generator
Date: Sun, 9 Jan 2000 08:47:16 -0700
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
> Apparently there is no reliable way of detecting the RNG.
> You read 1 bit from a pre-defined memory location to see
> it is there, and read from other locations to get the random
> data. You are on your own to figure out whether the data is
> really random enough that it is likely to be coming from
> the RNG.
That is a simple problem, read a lot of data, do the statistical
tests on it, chances are it will pass (I suspect if Intel went to the
trouble of building a broken RNG intentionally, they would do it so
that it passes most tests), it really boils down to "do you trust an
american company to generate your random data?".
> It warns about multi-threaded apps using the RNG, but
> nothing about different apps using the RNG. Apparently
> bad things can happen if 2 apps try to use it at once.
>
> This looks pretty brain-damaged to me.
This is a hardware thing, KISS. One app accessing it sounds ok to me,
/dev/random, /dev/urandom. I personally would rather have good RNG
built into the OS ala UNIX rather then depending on some Windows code
jockey to do it properly (ok, move the mouse around now).
> Sent via Deja.com http://www.deja.com/
> Before you buy.
If you want a real hardware RNG you can verify there are simple ones
based of radio crystals/etc that plug into a serial or parallel port
(I can't think of any URL's, but I do rmemeber a german guy showing
me their prototype this summer at the CCC and going on about the
statistical tests they'd done). The good ones are usually shielded
(heavy metal case), and not to expensive.
- --
Kurt Seifried
http://www.securityportal.com/lasg/
http://www.securityportal.com/closet/
http://www.cryptoarchive.net/
http://www.seifried.org/
http://www.seifried.org/keys/
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOHitg4b9cm7tpZo3EQIOswCeLVNwIcJp0mwTJuzIdOCE25TxbVQAoO1U
KJ0OwMCVxH30umfwcdeaKd6u
=6KRm
=====END PGP SIGNATURE=====
------------------------------
From: "Ronan Harle" <[EMAIL PROTECTED]>
Subject: Re: Where can I get the Source C++ of RC4 Algorithm??
Date: Sun, 09 Jan 2000 16:04:36 GMT
> I search the source of the RC4 Algorithm.Thanks.
Facile :
ftp://ftp.nl.monster.org/pub/crypto/
ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/
entre autres.
You may also try any search engine with "RC4 +source"
--
Ronan Harle
"The world is moving so fast these days that the person who says it
can't be done is generally interrupted by someone doing it."
--Fosdick
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Intel 810 chipset Random Number Generator
Date: 9 Jan 2000 09:26:08 -0700
In article <859sqo$5go$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> ...
>Apparently there is no reliable way of detecting the RNG.
>You read 1 bit from a pre-defined memory location to see
>it is there, and read from other locations to get the random
>data. You are on your own to figure out whether the data is
>really random enough that it is likely to be coming from
>the RNG.
>
>It warns about multi-threaded apps using the RNG, but
>nothing about different apps using the RNG. Apparently
>bad things can happen if 2 apps try to use it at once.
>
>This looks pretty brain-damaged to me.
I wouldn't want to be misunderstood as defending what sounds like a weak
design, but that criticism is wrong.
As far as the hardware can tell, there is no consistent difference between
a "multi-threaded app" and an operating system running "2 apps." There
is no necessary difference as far as the CPUs, support chips, controllers,
memory, buses, etc. are concerned, at least if you widen your definition
from what some WIN32 application writers (but not Microsoft) or what some
POSIX user code writers (but not competent UNIX kernel hacks) think is a
thread. Anyone who doesn't see that without thinking about it shouldn't
be writing code that might affect the state of any global hardware
registers, including merely reading keyboard and timer chips. The right
way to use this random chip is as one source of randomness for something
like /dev/random, which would not only fetch and distill randomness from
the chip and elsewhere, but mediate between uses of randomness, and not
only for user-mode applications but within the operating system, such as
for initial TCP sequence numbers. (See RFC 1948).
It is easy let naive, unthinking application writers think they are talking
to the chip, but have a protected mode operating system trap accesses and
do the obvious, including context switching to some other process or thread
until new randomness is available. The low output rate of the chip helps
that.
Regardless of whether there is a hardware register somewhere with a
version number or other bits that say whether the random number generator
is present (are you absolutely certain there isn't?), the feature could
be present but broken, just like other hardware. Competently written
code will check to see that random number generator looks at least
somewhat random before blindly using its output.
If you check and find the register is reasonably random, and if you combie
it with other sources of randomness in the system, both of which you should
do regardless, why would you care whether the feature is present or you
are just reading a noisy I/O port? (Yes, modulo the various and varying
hassles of reading non-existent I/O devices.)
Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Glenn Larsson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Domain name and properties for sale.
Date: Sun, 09 Jan 2000 18:01:01 +0100
IIRC, doesnt America have capital punishment?
/Ichinin
(http://www.geocities.com/Pentagon/Barracks/3030/antispam.htm)
______________________________________________________________
[EMAIL PROTECTED] wrote:
>
> Apologies for commercial tone of this message, but
> we thought it would be of interest to this newsgroup.
>
> **************************************************
> One our of our asset management clients develops identity management
> technology ("muses") utilizing encryption, agents, proxies, and filters.
>
> We are disposing of their assets at this time. We are auctioning off the
> domain names anonymuse.com and anonymuse.net, along with other
> intellectual properties and rights. Minimum bid for the domain names is
> $2000. For information on software technology and other properties,
> please send SASE and e-mail address to the address below.
>
> If you have an interest, please reply to:
>
> DCP CORP.
> BOX 6753
> Evansville, IN 47719
>
> Thank you.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
