Cryptography-Digest Digest #918, Volume #10 Mon, 17 Jan 00 12:13:01 EST
Contents:
Re: German digraph frequencies (Klaus Pommerening)
Re: Ciphers for Parallel Computers ("Douglas A. Gwyn")
Re: 1on1lite (Was: Re: Echelon monitors this group) ("Andrew Kwiatkowski")
Re: Ciphers for Parallel Computers (Mok-Kong Shen)
Re: My Encryption system ("D10n... [o]")
apology (Jeff Lockwood)
ECC vs RSA - A.J.Menezes responds to Schneier ([EMAIL PROTECTED])
crypt() (fishead)
Re: ECHELON and Monitoring (Keith)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Klaus Pommerening)
Subject: Re: German digraph frequencies
Date: 17 Jan 2000 10:13:13 GMT
In <85spt8$aug$[EMAIL PROTECTED]> "John Lupton" wrote:
> Does anyone have a link to German digraph frequencies please
>
:.A:.B:.C:.D:.E:.F:.G:.H:.I:.J:.K:.L:.M:.N:.O:.P:.Q:.R:.S:.T:.U:.V:.W:.X
:.Y:.Z:
A.:8:31:27:11:64:15:30:20:5:1:7:59:28:102:0:4:0:51:53:46:75:2:3:0:1:2:645
B.:16:1:0:1:101:0:3:1:12:0:1:9:0:1:8:0:0:9:6:4:14:0:1:0:1:1:190
C.:2:0:0:2:1:0:0:242:1:0:14:1:0:0:2:0:0:0:1:0:0:0:0:0:0:0:266
D.:54:3:1:13:227:3:4:2:93:1:3:5:4:6:9:3:0:10:11:6:16:3:4:0:0:3:484
E.:26:45:25:51:23:26:50:57:193:3:19:63:55:400:6:13:1:409:140:55:36:14:23
:2:1:11:1747
F.:19:2:0:9:25:12:3:1:7:0:1:5:1:2:9:1:0:18:2:20:24:1:1:0:0:1:164
G.:20:3:0:12:147:2:3:3:19:1:3:9:3:5:6:1:0:14:18:18:11:4:3:0:0:3:308
H.:70:4:1:14:102:2:4:3:23:1:3:25:11:19:18:1:0:37:11:47:11:4:9:0:0:3:423
I.:7:7:76:20:163:5:38:12:1:1:12:25:27:168:20:2:0:17:79:78:3:5:1:0:0:5:772
J.:9:0:0:0:9:0:0:0:0:0:0:0:0:0:2::0:0:0:0:5:0:0:0:0:0:25
K.:26:1:0:2:26:1:1:1:7:0:1:10:1:1:24:1:0:13:5:14:9:1:1:0:0:1:147
L.:45:7:2:14:65:5:6:2:61:1:7:42:3:4:14:2:0:2:22:27:13:3:2:0:0:3:352
M.:40:6:1:8:50:4:4:3:44:2:3:4:23:3:15:7:0:2:10:8:14:4:3:0:0:2:260
N.:68:23:5:187:122:19:94:17:65:5:25:10:23:43:18:10:0:10:74:59:33:18:29:0
:0:25:982
O.:3:8:15:7:25:6:5:9:1:1:3:31:17:64:1:6:0:50:19:9:3:3:7:0:1:6:300
P.:16:0:0:3:10:6:0:2:4:0:0:4:0:0:11:5:0:23:1:3:4:0:0:0:0:0:92
Q.:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:2:0:0:0:0:0:2
R.:80:25:9:67:112:18:27:19:52:4:23:18:20:31:30:9:0:15:54:49:48:12:17:0:0
:14:753
S.:36:10:89:20:99:7:13:9:65:2:11:9:12:7:28:22:0:8:76:116:15:9:10:0:2:7:6
82
T.:57:8:1:25:185:5:10:14:59:2:4:11:9:9:15:3:0:31:50:23:26:8:21:0:1:26:603
U.:3:8:16:5:78:27:8:4:2:0:3:7:21:119:0:5:0:33:48:23:1:3:2:0:0:1:417
V.:3:0:0:0:37:0:0:0:9:0:0:0:0:0:43:0:0:0:0:0:0:0:0:0:0:0:92
W.:34:0:0:0:48:0:0:0:36:1:0:0:0:1:17:0:0:0:1:0:9:0:0:0:0:0:147
X.:0:0:0:0:0:0:0:0:1:0:0:0:0:0:1:0:0:0:0:1:0:0:0:0:0:0:3
Y.:0:0:0:0:1:0:0:0:0:0:0:1:1:0:0:0:0:0:1:0:0:0:0:0:0:0:4
Z..:4:1:0:1:28:0:1:0:11:0:1:2:1:0:2:0:0:0:1:7:43:1:9:0:0:1:114
:646:193:268:472:1748:163:304:421:771:26:144:350:260:985:299:95:1:752:68
3:613:415:95:146:2:7:115:9974
:::::::::::::::::::::::::::9974
Example: Frequency of AC is 27/9974
--
Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/]
Institut fuer Medizinische Statistik und Dokumentation
der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany
PGP fingerprint: F5 03 CE E7 70 C2 8C 74 BA ED EC 60 83 3B 7C 89
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Ciphers for Parallel Computers
Date: Mon, 17 Jan 2000 10:15:33 GMT
Mok-Kong Shen wrote:
> Douglas A. Gwyn wrote:
> > Mok-Kong Shen wrote:
> > > If one can arrange that brute-force is the only practically viable
> > > approach of attack, ...
> > Almost never the case.
> If I don't err, EFF's cracking of DES is brute-force.
But it's not the only "practically viable approach of attack", just
the first successful one that was openly reported. There is as yet
*no* proof that cracking DES *requires* a work factor comparable to
a brute-force search of the key space.
> Is factoring with the Fermat method brute-force?
Is it essentially a search of every key until one is found that
successfully deciphers into plaintext (recognized by its nonrandom
characteristics)? That is what is meant by "brute force" in this
context.
> ... while many modern ciphers are by design so sophisticated that
> brute-force is practically the cheapest way of attack.
To the contrary, modern ciphers are designed so that brute-force
key search is not a feasible method of attack.
> Let's again consider DES. One has a small set of fairly clean-looking
> equations. However, the working of the S-boxes isn't a straightforward
> substitution of 4 bits, the mapping of the 4 bits is sort of 'context
> sensitive' via the outer 2 of the 6 input bits, i.e. the plaintext
> plays a 'controlling' role. Further, from a global standpoint,
> the left part of the plaintext is used to encrypt the right part
> and vice versa. Thus the key is (in certain sense) not the 'only'
> governing variable in the set of equations.
For a known-plaintext attack, all that complication is merely a
particular set of easily-computed constants, resulting in equations
among the key variables along the lines I previously described
(although with more variables and equations than in my example).
Without even plugging in the constants (known PT and CT), the DES
equations can be fully expanded within RAM on a decent modern PC.
Keith printed them out and got just a couple of inches thick pile
of line-printer paper (with no attempt to compress the output).
> these facts render DES difficult (inefficient) to attack with
> methods other than brute-force.
If DES had had much more than 56 bits of key, even today it could
not be solved via the brute-force key-search method. Do you know
for a fact that the set of equations could not be solved with a
reasonable expenditure of resources?
------------------------------
From: "Andrew Kwiatkowski" <[EMAIL PROTECTED]>
Crossposted-To:
alt.anarchism,alt.computer.security,alt.security,alt.security.espionage,alt.security.pgp
Subject: Re: 1on1lite (Was: Re: Echelon monitors this group)
Date: Mon, 17 Jan 2000 13:16:24 -0000
Thomas J. Boschloo <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christian Biesinger wrote:
> >
> > Andrew Kwiatkowski schrieb:
> > >
> > > Anyone worried about they mail being monitored.
> > > Just use 1on1Lite, that will stop them.
> > >
> > > An Anarchist
> > >
> > > ps.Check out www.1on1Lite.com
> >
> > That Server does not exist.
>
> Phew, I almost had to vomit when I visited their webpage at
> <http://www.1on1mail.com/index.html>. Strange sensation, maybe this was
> also due to the fact that I forgot to take my Efexor pills this morning,
> that makes me vomit too after a few days (bleahg, interesting
> subjects!).
>
> Well, here are the qoutes we've all be waiting for directly from their
> website (IE from now on, it is not Christian who is saying things!):
>
> > Registration is the cornerstone of 1on1mail security.
> > During registration you are asked to provide a password to protect
> > the mail stored on your client. The password you choose is only used
> > to protect the mail stored on your client. Every other password is
> > selected by the server on your behalf. This prevents any user from
> > compromising mail security by selecting a weak or obvious password.
>
> Wow, this is great for your e-mail security. No weak passwords!! You'll
> have to write them down of course, if I understand correctly.
>
No you don't.
> > We have even bypassed the arguments about how random a
> > random number generator can be. Passwords are derived from truly
> > random and totally unpredictable sources such as stock market quotes,
> > background noise from several university radio telescopes, and
> > internet search times.
>
> Wow, stock quotes. Now *THAT* is a good source of randomness. I'm
> getting a warm fuzzy feeling. I wonder where they get their random
> background noise BTW <grin> www.nasa.org?
No we acctually ask Echelon to provide it for us.
>
> > In addition to providing an initial password, the registration
> > process also requires the user to generate a unique RSA key pair. RSA
> > is far to cumbersome to use to protect individual messages, so it
> > provides that backbone of the key management system. In layman's terms,
> > it allows the server to exchange password information with the client.
>
> What is a man-in-the-middle? Bye bye, password.
>
> > 1on1Lite prevents any would-be Spammers by the simple expedient of
> > requiring all correspondents to first make a contact request with the
> > person they wish to correspond. If the request is denied then no
> > communication can take place, and no further contact requests are
permitted.
>
> So now you get spammed with request messages?! Better filter them then,
> right? Unfortunately that also blocks other users from sending you
> messages. So now they found a way to kill killfilters?!
>
> > I would like however, to extend my thanks to my Bruce Schneier,
> > without whom may of the encryption technologies would not exist.
> > Although he was not directly involved in the production of 1on1Lite,
> > his excellent book "Applied Cryptography" provided the catalyst for
> > the whole product.
>
> That's nice to say. I bet he'll be pleased <grin>. They even have a
> challenge. You can win USD 50000 if you can crack their 448 bit blowfish
> encrypted message! <http://www.1on1mail.com/k50000.html> Or is it 2048
> bit RSA, I'm not sure from what it says at their site, but we've just
> broken 512 bits, so why not?!
>
So you have then , why don't you try for the 50 000 then ?
> > Complete security is more than encryption. Only
> > 1ON1Lite incorporates anonymity and self-destruct
> > capabilities to email.
>
> If you call using only one hop anonymity yes. Self-destruct, that's just
> great, really great. Like noone will ever be able store your message
> somewhere, encrypted or non-encrypted. I wish they would put that
> feature in Scramdisk 3.0 <http://www.scramdisk.clara.net/>.
>
> Bruce, please visit this site. It will make you chuckle for at least a
> whole week, they all seem so serious. And why not? They got in wired,
> bbc news, news.com, this really _is it!_
>
> I just know I'm going to laugh the whole week at random intervals, and
> everybody will think I am wierd. [BTW My sister who is working in the
> same room as where I am already thinks I am going insane, and she knows]
>
> Haha,
> Thomas
> --
> Boycot Intel Pentium III <http://www.bigbrotherinside.com/>
>
> PGP key: http://x11.dejanews.com/getdoc.xp?AN=453727376
> Email: boschloo_at_multiweb_dot_nl
Oh well ...did you enjoy that.
Here is a crazy idea if you are not interested don't use it. If you are
interested then try reading about it a little more carefully. And make
outrages statements about someone else's work. I really don't appreciate it.
I myself am very happy with the program and use it myself. And frankly it is
not going to make much difference to me if you use it or not.
I guess I should not have mentioned it in the first place. I should have
expected a similar response.
And yes you right the link is www.1on1Mail.com not www.1on1lite.com.
If anyone else is interested, please read about the program carefully if it
is not anything you looking for, ok don't use it, but please don't go around
bashing other people hard work. Especially if you did not seam to understand
how the system works like our friend Thomas.
An Anarchist
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ciphers for Parallel Computers
Date: Mon, 17 Jan 2000 14:46:11 +0100
Douglas A. Gwyn wrote:
>
> > > Mok-Kong Shen wrote:
> > > > If one can arrange that brute-force is the only practically viable
> > > > approach of attack, ...
> > > Almost never the case.
> > If I don't err, EFF's cracking of DES is brute-force.
>
> But it's not the only "practically viable approach of attack", just
> the first successful one that was openly reported. There is as yet
> *no* proof that cracking DES *requires* a work factor comparable to
> a brute-force search of the key space.
Proof in the very strict sense is seldom possible in cryptology, as
far as I am aware. One certainly also will never know if some three-
lettered agencies have clever methods of attacking DES or other
presumably strong encryption algorithms. But methods like differential
analysis don't yet seem to offer a way to crack DES faster (or more
economical) in practical situations at the current time point, if I
don't err.
> > Is factoring with the Fermat method brute-force?
>
> Is it essentially a search of every key until one is found that
> successfully deciphers into plaintext (recognized by its nonrandom
> characteristics)? That is what is meant by "brute force" in this
> context.
Fermat's method is certainly much better than trying all factors,
say, begining from 2, and in fact the modern factoring methods are
'basically' founded on his ingeneous idea, if I don't err. But I
think, because one has to try quite a lot without much further
'clever' guidance, one could consider it nonetheless to be brute-
force. It is at the end certainly a matter of 'definition' (or
personal taste) whether one consider the issue in one way or other.
> > ... while many modern ciphers are by design so sophisticated that
> > brute-force is practically the cheapest way of attack.
>
> To the contrary, modern ciphers are designed so that brute-force
> key search is not a feasible method of attack.
That could however be interpreted (in the other way round) that the
ciphers in question are not made to be so strong as their key space
size would imply, or in other words, the potential benefit of large
key space is not sufficiently exploited by the design.
> > Let's again consider DES. One has a small set of fairly clean-looking
> > equations. However, the working of the S-boxes isn't a straightforward
> > substitution of 4 bits, the mapping of the 4 bits is sort of 'context
> > sensitive' via the outer 2 of the 6 input bits, i.e. the plaintext
> > plays a 'controlling' role. Further, from a global standpoint,
> > the left part of the plaintext is used to encrypt the right part
> > and vice versa. Thus the key is (in certain sense) not the 'only'
> > governing variable in the set of equations.
>
> For a known-plaintext attack, all that complication is merely a
> particular set of easily-computed constants, resulting in equations
> among the key variables along the lines I previously described
> (although with more variables and equations than in my example).
>
> Without even plugging in the constants (known PT and CT), the DES
> equations can be fully expanded within RAM on a decent modern PC.
> Keith printed them out and got just a couple of inches thick pile
> of line-printer paper (with no attempt to compress the output).
I am ignorant of the specific work of equation expansion you illuded
to. Could you please give the reference? Very very long ago I happened
to know of an attempt to try to formulate the working of DES in terms
of a set of equations in boolean variables. I have not later followed
that development in the literature but the last impression I got
was that the set of equations (if completely formulated) were far to
big to be able to be solved with sensible computing resources. I am
not quite sure whether the advances in chip technology have in the
meantime fundamentally changed that state of affairs.
> > these facts render DES difficult (inefficient) to attack with
> > methods other than brute-force.
>
> If DES had had much more than 56 bits of key, even today it could
> not be solved via the brute-force key-search method. Do you know
> for a fact that the set of equations could not be solved with a
> reasonable expenditure of resources?
It is my opinion (please correct me, if I am wrong) that in DES it is
not so much because of pure non-linearity (which certainly causes
the equation solving more difficult than in case of linearity) but
more the involvement of 'plaintext' as 'controlling' factor in the
equations (cf. what I referred to as 'context sensitivity') that
essentially renders the way via solution of a set of equations
practically infeasible. Of course, if you can formulate a set
of equations, then theoretically you CAN solve it always. The solution
in the case of DES exists and is also unique, if I don't err. The
difficulty lies however in getting the solution 'practically'.
Taking another example, all numbers 'can' be factored, but some large
numbers simply seem to require so much resources that they have
waited very very long and don't yet get factored even today
with the parallel processing techniqes and giga or tera flop
machines available (cf. the Cunningham project).
M. K. Shen
------------------------------
Date: Mon, 17 Jan 2000 21:39:44 +0800
From: "D10n... [o]" <[EMAIL PROTECTED]>
Subject: Re: My Encryption system
Scott Contini wrote:
> In article <[EMAIL PROTECTED]>,
> D10n... [o] <[EMAIL PROTECTED]> wrote:
> or if you use your brain, you can get a typical PC to crack it in
> minutes. Read my post about the cryptanalysis. Every 256 bytes
> of ciphertext will leak one byte of the key, on average. This is
> a VERY, VERY poor property for a cipher to have. And I might also
> add that I only spent 1 hour looking at it - further analysis would
> probably find many more weaknesses.
Thanks for the comment, I think. Actually I know very little about cryptanalysis as a
science. I am, however, a programmer and I took a programmers attempt at a decode
program.
I would be interested to see even a pseudo code program which can take advantage of
one or more of the potential flaws in this encryption algorithm.
D10n...
[o]
------------------------------
From: Jeff Lockwood <[EMAIL PROTECTED]>
Subject: apology
Date: Tue, 18 Jan 2000 00:23:35 +1100
I finally realised what has happened. The silly thing I came up with is
rubish. The methods I used would have been learned by some of you very
early on, as examples of what not to do. If I were to continue with it, I
would be most likely to only come up with more such examples.
I will waste no more of your time with nonsense , and apologise for the
time I have wasted already.
Jeff Lockwood <[EMAIL PROTECTED]>
PGP public key:
homepages.ihug.com.au/~satan/pgpkey.asc
------------------------------
From: [EMAIL PROTECTED]
Subject: ECC vs RSA - A.J.Menezes responds to Schneier
Date: Mon, 17 Jan 2000 15:59:45 GMT
Alfred Menezes comments on B.Schneiers article comparing RSA vs ECC.
Available at:
http://www.cacr.math.uwaterloo.ca/~ajmeneze/misc/cryptogram-article.html
Comments?
Regards,
--
Sam Simpson
Comms Analyst
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: fishead <[EMAIL PROTECTED]>
Subject: crypt()
Date: Mon, 17 Jan 2000 11:37:01 -0500
I am trying to take a password and encrypt it on Linux (Slackware 7). I
have tried using the crypt() function. However, this function generates
a 13 character string. In my Linux shadow file, the password field is 34
characters. Is there a function similar to crypt() that I can use to
encrypt my passwords? I am trying to incorporate this into a C program.
Thanks a lot,
Matthew Fisher.
------------------------------
From: Keith <[EMAIL PROTECTED]>
Subject: Re: ECHELON and Monitoring
Date: Mon, 17 Jan 2000 08:54:17 -0800
On Sun, 16 Jan 2000 23:55:15 GMT, Tom St Denis
<85tlov$6q2$[EMAIL PROTECTED]> wrote:
>Just by a previous thread titles I can see ignorance around. What does
>it mean that <insert group name here> watches this group? Didly. I
>read this group too, am I a threat?
>
>Seriously people...
Echelon is a world wide intelligence gathering program by the USA's
National Security Agency, Canada, UK, New Zealand and Australian agencies.
The purpose of Echelon is to intercept international communications
of business, terrorism and foreign agencies. One of the benefits of
Echelon is that it helps each state agency to avoid domestic wire tap laws.
One advantage of Echelon is that when the UK intercepts communications from a
US political group it can turn it over to the United States Government or if
the US government intercepts communication by a New Zealand political group it
can turn it over to the government of New Zealand.
The American Civil Liberties Union is presently studying the Echelon
group. Recent subpoenas by US congressional committees have been blocked
by the NSA stating that the NSA has client-attroney privilege and that congress
can not subpoena these communications and policies because of that fact.
--
Best Regards,
Keith
=============================================================================
Where do you discover free software for Windows? Strongsignals DOT COM is a
great place to start: http://Strongsignals.com "If a man hasn't discovered
something that he will die for, he isn't fit to live." --Martin Luther King, Jr
============================================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
