Cryptography-Digest Digest #928, Volume #10 Wed, 19 Jan 00 11:13:01 EST
Contents:
Re: how to encipher ([EMAIL PROTECTED])
Beginners questions re-OTPs (Bill)
Re: blowfish key schedule
Re: Mispronounce words. (OT Re: How to pronounce "Vigenere"?) (Paul Gover)
Re: UK Government challenge? (Paul Gover)
I need algorithm of Merkle-Hellman in any language (Hubert Pawel Kubik)
Re: RSA survey (Tom St Denis)
Re: Help -Perl encryption ("Andor Bariska")
Re: Beginners questions re-OTPs (John Savard)
Re: how to encipher ([EMAIL PROTECTED])
Re: Java's RSA implimentation (Paul Schlyter)
Lockbox of keys ([EMAIL PROTECTED])
Re: MIRDEK: more fun with playing cards. (Paul Crowley)
Re: MIRDEK: more fun with playing cards. (Paul Crowley)
PKI Manager ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: how to encipher
Date: 19 Jan 2000 03:33:16 -0500
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
>> Christopher <[EMAIL PROTECTED]> wrote:
>>> Yes, I know 2^17 mod n = (((((2^2 mod n) ^ 2 mod n) ^ 2 mod n) ^ 2 mod
>>> n) * 2 mod n, but M is a very large number that M^2 cannot calculate
>>> in my computer using long int.
>> Can it handle an addition of two numbers mod n?
> Unfortunately, for the size of n given, probably not ... unless you ensure
> that you take your residues mod n as being between -n/2 and n/2 instead of
> from 0 to n.
> Check out the programme. The main routine is the mult& (long integer)
> routine.
Note that you can simplify the programme a lot. You can pretty much get
rid of the MOD functions. Since the numbers are manually reduced to be
between -n/2 and n/2 (from being between -n and n), the MOD function is
redundant (I had written it originally using the MOD function not
realizing that n was so large that one could not even add two numbers
mod n due to the size of n: and then added the manual adjustment to enable
one to calculate a^b mod n without having any intermediate results larger
than n). If I were programming this for a course (write a programme to
calculate a^b mod n which does not have any intermediate results larger
than n), I would redo it. But, as it works as is... so be it.
------------------------------
From: [EMAIL PROTECTED] (Bill)
Subject: Beginners questions re-OTPs
Date: Wed, 19 Jan 2000 12:11:25 GMT
Hi All,
I'm a total beginner and am interested in learning how to attack OTP's.
>From what I have found on the net and Mr. Schneier's book there are three(?)
ways of attacking OTP's:
1. The method used to generate OTPs.
2. Statistical analysis of the cyphertext.
3. Brute force.
Is there any "detailed" info anywhere (net/faqs/books) on how to go about
doing attacks 1 & 2?
(Well detailed enough for a newbie like myself to start with!)
Are there other ways besides these?
Any help/pointers would be appreciated!
regards & TIA
Bill
"The first sign of Tyranny is a governments need for secrecy"
- unknown
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: blowfish key schedule
Date: Wed, 19 Jan 2000 06:45:43 -0500
On Tue, 18 Jan 2000 [EMAIL PROTECTED] wrote:
> Hello all,
>
> I have been taking a look at the blowfish algorthim. It certainly is
> simple and lends itself to analysis.
>
> The only downside seems to be the large amount of setup time required
> for the S-boxes and the round keys in the P array.
>
> As I understand it the purpose of the schedule is to yield key
> dependent round keys and sboxes. Essentially, the blowfish key
> schedule is a one way hash based on the input key.
>
> It seems to me that the setup time could be dramatically reduced by
> using a faster one way hasing algorithm. Several of the AES key
> schedules spring to mind. Rc6, rijndael, and serpent all have key
> dependent recursive hash functions as key schedules.
>
One of the advantages of this key schedule is that it increases
the time needed to brute-force the key. May be overkill, though.
> So why not uses the rc6 key schedule to generate the P array and
> S-boxes for blowfish? The new algorithm would be a hybrid, rcfish or
> blowrc :-)
I have already done this. Since the RC6 key schedule uses the
'golden ratio', I have called it GOLDFISH. It is written in assembler and
the .COM file is only 371 bytes.
>
> The new algorithm should be mighty fast becuase the main loop of
> blowfish is quite simple, involving only XOR and ADD.
>
> --Matthew
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
>
My home page URL=http://members.xoom.com/afn21533/ Robert G. Durnal
Hosting HIDE4PGP, HIDESEEK v5.0, TinyIdea, BLOWFISH, [EMAIL PROTECTED]
and tiny DOS versions of RC6, RIJNDAEL, SAFER+, and [EMAIL PROTECTED]
SERPENT. EAR may apply, so look for instructions.
------------------------------
From: Paul Gover <[EMAIL PROTECTED]>
Subject: Re: Mispronounce words. (OT Re: How to pronounce "Vigenere"?)
Date: Wed, 19 Jan 2000 11:47:19 +0000
Guy Macon wrote:
> William Rowden wrote:
> > ...
> >I, too, was a reading child. "Omnipotent" is logically "omni-potent"
> >/om'nee poe'tent/, right? I also remember the quizzical look I
> >received when I first said "annihilation," complete with two short
> >i's. Why is that "h" there?
> ...
In my version (:-) of UK English, annihilation can be pronounced
"an-eye-ilation" - two Is, but no h. I can believe that US practice
is to slur them together. There "h" is there from Latin - the word's
root is "nihil", Latin for "nothing", also the root for "nil".
I was told by a foreign friend that the normal rule for English is that
the emphasis is on the third syllable of the word. Hence the normal
pronunciation of omnipotent. It's always amused me how much better
foreigners' understanding of English is than native speakers'.
Paul Gover
------------------------------
From: Paul Gover <[EMAIL PROTECTED]>
Subject: Re: UK Government challenge?
Date: Wed, 19 Jan 2000 12:02:07 +0000
Angus Walker wrote:
> Managed to find three so far, but then I'm no expert. Definitely
> steganography - once you find them it takes 10 seconds to decode them
> (so far).
I expected more complex stego than it is, so I got side-tracked by a
dance name I'd not seen before. A colleague of mine spotted 4 of the
items in about 5 minutes, looking for much more obvious stego than
reading the text (hint). We couldn't be bothered to look for the 5th,
since just the four made the message clear, and we can guess the other
one.
The Australian site's crypto challenges are much more fun, though I
didn't look for stego.
Paul Gover.
------------------------------
From: Hubert Pawel Kubik <[EMAIL PROTECTED]>
Subject: I need algorithm of Merkle-Hellman in any language
Date: Wed, 19 Jan 2000 13:36:56 +0100
I need an algorithm of Merkle-Hellman key generation.
How to generate superincreasing integers ?
Where can i find any algorithm of such a system ?
Thanks for all help...
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RSA survey
Date: Wed, 19 Jan 2000 13:02:09 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (NFN NMI L.) wrote:
> <<A 1024 bit modulus is more than enough.>>
>
> When 512-bit moduli can be cracked by large corporations with enough
funds?
> Sorry. I want strength that will keep messages secure until I'm in
the cold,
> hard ground. Better too much than too little. Just you wait.
>
> S. T. "andard Mode" L.
>
Here is my position on this.
READ THE PAPERS.
GFNS is the best method of factoring so far, and good very well be the
best generic factoring algorithm we come up with. By making million
bit RSA keys you just appear silly. While I wouldn't make a 512-bit
key for security, a 1024-bit key [according to Bob Silverman] will be
more then enough for quite some time now.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Andor Bariska" <[EMAIL PROTECTED]>
Subject: Re: Help -Perl encryption
Date: Wed, 19 Jan 2000 14:25:45 +0100
Why not try Bruce Schneier's Solitaire algorithm, you'll find the PERL
script
and documentation on Counterane's site
(http://www.counterpane.com/solitaire.html).
<[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
85vvi2$1fl$[EMAIL PROTECTED]
> I'm looking for help in setting up an encryption system for a shopping
cart
> in perl.
>
> It is for use after an SSL connection in order to keep the info safe on
the
> server and when being collected over ftp.
>
> Once the information arrives on the ssl server I need to set a perl script
> to encrypt it using a strong system
>
> I have searched all over the internet with little luck, if there is anyone
> that can point me in the right directionor even help out in return for a
fee
> please let me know.
>
> (UK based )
>
> thanks
>
> Ben
>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Beginners questions re-OTPs
Date: Wed, 19 Jan 2000 13:29:12 GMT
On Wed, 19 Jan 2000 12:11:25 GMT, [EMAIL PROTECTED] (Bill) wrote, in
part:
>I'm a total beginner and am interested in learning how to attack OTP's.
>From what I have found on the net and Mr. Schneier's book there are three(?)
>ways of attacking OTP's:
>1. The method used to generate OTPs.
>2. Statistical analysis of the cyphertext.
>3. Brute force.
If methods 1 or 2 work, it isn't an OTP. Method 3 cannot work, since
"brute force" applied to an OTP key yields all possible messages of
the length of the one intercepted.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: how to encipher
Date: 19 Jan 2000 09:35:45 -0500
[EMAIL PROTECTED] wrote:
> If I were programming this for a course (write a programme to
> calculate a^b mod n which does not have any intermediate results larger
> than n), I would redo it. But, as it works as is... so be it.
Cleaned up programme. QBasic. Adding a+b mod n has been replaced with an
add(a,b,n) function which does not use any intermediate results larger
than n (using (a+b) mod n would calculate a+b and then reduce modulo n,
and if a,b are large enough, the intermediate result, a+b could be
almost as large as 2n). Addition mod n (which is all that is really
necessary for the calculations) is replaced with this function in the
algorithm given previously (for getting the product of ab mod n and then
using that for a^d mod n).
-=-=-CUT_HERE-=-=-
DECLARE FUNCTION add& (a&, b&, n&)
DECLARE FUNCTION mult& (a&, b&, n&)
DECLARE FUNCTION modpow& (a&, d&, n&)
' Calculates a^d mod n without intermediate results larger than n
' a,d,n>0
' QBasic: '=REMark, \=Integer division, &=Long Integer
' 19 February 2000: John McGowan
CLS
PRINT : PRINT "This calculates a^d mod n for long integers."
PRINT : PRINT
INPUT "a (number to be raised to power)"; a&
INPUT "d (exponent = power)"; d&
INPUT "n (modulus)"; n&
a& = a& MOD n&
IF a& < 0 THEN a& = a& + n&
PRINT : PRINT
PRINT "a^d mod n="; modpow&(a&, d&, n&)
FUNCTION add& (a&, b&, n&)
' a,b,n>0: a and b both between 0 and n
' Adds a+b mod n without intermediate results larger than n
' Returns positive result
t1& = a&: t2& = b&
IF t1& > n& \ 2 THEN t1& = t1& - n&
IF t2& > n& \ 2 THEN t2& = t2& - n&
IF t1& < -n& \ 2 THEN t1& = t1& + n&
IF t2& < -n& \ 2 THEN t2& = t2& + n&
tot& = t1& + t2&
' NOTE that tot& might be as large as n& or as small as -n&
IF tot& >= n& THEN tot& = tot& - n&
IF tot& < 0& THEN tot& = tot& + n&
add& = tot&
END FUNCTION
FUNCTION modpow& (a&, d&, n&)
' a^d mod n (a,d,n>0)
' a between 0 and n
pow& = 1: powsq& = a&: expo& = d&
DO WHILE expo& <> 0
IF (expo& MOD 2&) <> 0 THEN pow& = mult&(pow&, powsq&, n&)
powsq& = mult&(powsq&, powsq&, n&): expo& = expo& \ 2&
LOOP
modpow& = pow&
END FUNCTION
FUNCTION mult& (a&, b&, n&)
' a,b,n>0 (a,b between 0 and n)
' multiplies ab mod n without intermediate results larger than n
factor& = b&: prod& = 0&: temp& = a&
DO WHILE factor& <> 0
IF (factor& MOD 2&) <> 0 THEN prod& = add&(prod&, temp&, n&)
temp& = add&(temp&, temp&, n&): factor& = factor& \ 2
LOOP
mult& = prod&
END FUNCTION
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Java's RSA implimentation
Date: 19 Jan 2000 14:53:29 +0100
In article <863m2q$abe$[EMAIL PROTECTED]>,
Bill Unruh <[EMAIL PROTECTED]> wrote:
> In <862upd$vr$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>
>> Is anyone aware of any effort to analyse the RSA implementation in Java;
>> specifically focusing on key generation.
>
> ??? Java is a language, much like C in many essentials. It is up to you
> to code what you want it to do.
>
> >Does Java use a table of primes? If so, how big is the table?
>
> No, Java does not. But you can enter a table of primes if you wish. And
> you can encode a prime testing routine in Java just as you can in C.
>
>> Otherwise how good is it's prime number generation routines ie. what is
>> the probability of a generated number not being prime.
>
> I do not know that Java has a "prime number generating routine". but you
> can code one up in Java.
> Jus tread the code in any RSA implimentation.
One difference between C/C++ and java is that Java is now getting a
standard bignum class, which may contain prime number generating
code. C/C++ never had that, and probably never will.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED]
Subject: Lockbox of keys
Date: Wed, 19 Jan 2000 15:24:31 GMT
I'm looking for information on a cryptograhic algorithm called "lockbox
of keys" or something similar, possibly by someone called Zygmat Haas
and possibly involving something called partial keys.
(Yes, my information is rather incomplete which is probably why I can't
find any info on it...)
Has anyone heard of it?
-Erik Runeson
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: MIRDEK: more fun with playing cards.
Date: 19 Jan 2000 08:24:47 -0000
CLSV <[EMAIL PROTECTED]> writes:
> Paul Crowley wrote:
>
> > http://www.hedonism.demon.co.uk/paul/crypto/mirdek/
> >
> > All this is not academic: quite a few human rights people have been
> > very interested in the possibility of a practical, secure hand cipher,
> > and it seems at the moment that if Mirdek isn't it then we don't have
> > one.
>
> I have only glanced at Mirdek, but it looks nice.
> One comment I have is: what is wrong with a modified
> version of ARCFOUR, say restricted to 52 values?
Sorry I didn't see this question before; I thought I'd been following
these threads quite carefully, but...
First, RC4 is biased, and variants with smaller states exhibit greater
bias. I don't know how large the bias would be for 52 cards. It also
exhibits weak keys. Second, RC4 doesn't provide a convenient way to
generate a randomiser, or IV, to ensure the same passphrase can be
used multiple times; it seems sensible to use card shuffling as a
source of randomness for this application.
But third and most importantly, I very much doubt that
encryption/decryption would be relatively fast as you say. I suggest
you try it with a real deck of cards and see how fast you can go;
compare to a computer implementation to see whether you're getting the
right answers. You'll have to count lots of cards to index into the
deck, swap cards without losing your place, and do Vigenere addition
(or for decryption, subtraction, which is worse) in your head. Try
feeding the output of the Unix "fortune" program into your
implementation and decrypting it; I suspect you'll find it a
demoralising experience, with lots of time burned on incorrect
decryptions.
You can see that Solitaire is strongly influenced by RC4, but the
differences are there because Solitaire is a relatively practical hand
cipher and RC4 turns out not to be.
Mirdek is IMHO considerably more practical than Solitaire. As you'll
see from the website, I've spent quite a bit of time with a stopwatch
and a pack of cards, making sure I've got a cipher that can be done in
reasonable time. I've successfully decrypted thirty character
ciphertexts with six character keyphrases in just over twenty minutes,
using only a conversion chart (which is easily drawn from memory) and
a pack of cards. Once you've tried doing RC4 by hand and got bored,
try doing Mirdek, and I think you'll appreciate why I felt the need to
design a new cipher.
Actually, I'll post some ciphertext/key pairs on the site in a few
days so people can have a go with unknown plaintexts.
I hope this answers your question...
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: MIRDEK: more fun with playing cards.
Date: 19 Jan 2000 08:34:38 -0000
[EMAIL PROTECTED] writes:
> Actually, I like your idea, and will be trying it out in
> the next couple of days. As a long time user of cyphers,
> I have never found a stong hand cypher fast enough to
> be practical. Solitaire is to slow (IMHO). I cannot seem
> to get better than about 50 char per minute.
You can't mean you got that speed by hand!
Check out my C implementation of Solitaire on
http://www.hedonism.demon.co.uk/paul/solitaire/
I don't know quite how fast it goes, but it's rather quicker than 50
chars per minute.
For that matter, I haven't tested how fast a computer implemtation of
Mirdek can go. I don't think it matters; one end of the
communications link will be a hand cipher, and simply can't process
enough text that the processing at the machine end will take more than
a blink of an eye.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: [EMAIL PROTECTED]
Subject: PKI Manager
Date: Wed, 19 Jan 2000 15:48:26 GMT
As the Internet is ushering in a tidal wave of
change for consumers and business, Deloitte &
Touche is there to lead the way. E-business
growth is consistently outpacing most estimates
and this is only the beginning. And, business-to-
business electronic commerce represents three
quarters of the action based on sales volume.
Our Secure e�Business and Internet Technologies
service portfolio, aligned with the speed and
scope of change we are witnessing in the e-
business marketplace, is creating tremendous
career opportunities.
Can you provide engagement/task management and
select appropriate methodologies in one or more
or the following areas: network security
administration, firewall design and
implementation, security architecture development
and enterprise security management? You will
also provide technical guidance and manage all
aspects of information protection architecture
projects in complex networked environments.
Identify and resolve complex issues and develop
innovative solutions.
If you can do the above and have 5-7 years
experience, preferably in the e-business/security
field that is industry specific (banking,
brokerage, utilities, high technology, etc)with
knowledge of Internet technology infrastructure
experience including Public key (PKI),
Directory services, Security architecture,
enterprise security management, Windows NT/2000
and/or UNIX experience contact [EMAIL PROTECTED]
now.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
