Cryptography-Digest Digest #995, Volume #10 Fri, 28 Jan 00 16:13:01 EST
Contents:
Re: designing secure backdoors into the system (Mike Rosing)
Re: "Trusted" CA - Oxymoron? (Anne & Lynn Wheeler)
Re: Classical Crypto Books ("Melinda Harris")
CRYPTO-ECCENTRIC ("Melinda Harris")
Re: WW2 Cypher Yet Unbroken ... (Jim)
Re: Mac encryption algorithm? (wtshaw)
Re: NIST, AES at RSA conference ([EMAIL PROTECTED])
Re: CRYPTO-ECCENTRIC ("Trevor Jackson, III")
Re: Intel 810 chipset Random Number Generator (Scott Nelson)
Re: NIST, AES at RSA conference (CLSV)
Re: NEC claims New Strongest Crypto Algor (John Savard)
Re: CRYPTO-ECCENTRIC (John Savard)
Re: CRYPTO-ECCENTRIC (John Savard)
----------------------------------------------------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: designing secure backdoors into the system
Date: Fri, 28 Jan 2000 12:28:17 -0600
Yusuf Motiwala wrote:
> Infact, if any other front door solution exists for such problems, I would be
> happy
> to think in that direction. Any inputs?
When the sysadmin signs on, have the password (in encrypted form of
course!)
be sent to the manufacturer and stored in their database for that
customer.
If the customer needs to get the password, go thru some trusted
mechanism
to give them the password from the manufacturer's stored data. With a
new
sysadmin, just toss the old one out and nobody has to know what it was.
You're just moving the level of trust away from the user up the chain
tho,
what happens when the admin of the manufacturer gets run over by a
truck?
You may want to use a (k,n) scheme on the manufacturer's end, so that 5
people have to unlock the database for any customer, and up to 10 people
might have the ability to do so.
You might also build in a (k,n) scheme for the customer, so the CEO,
vice
presidents and janitor all have to know something and any 3 of them
could
regain access to the system. Then the sysadmin could create a new key
by themselves. That might be preferable to an attackable database
actually.
Patience, persistence, truth,
Dr. mike
------------------------------
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Fri, 28 Jan 2000 18:42:10 GMT
... and an option ... the relying-party-only bank may determine that
it isn't even necessary to transmit a copy of the certificate back to
the individual. The individual goes thru the public key RA process
with their bank. The bank does the RA bit, then manufactors a
certificate by encoding the fields and signing them. The bank then
verifies the signature on the newly minted certificate, decodes it and
stores the decoded fields in the account record. If the bank decides
there is never a business scenerio requiring the individual to
transmit the relying-party-only certificate on a relying-party-only
transaction, the bank won't bother to transmit a copy of the
certificate to the individual. The bank just keeps the original on
file (in its unecoded form).
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
From: "Melinda Harris" <[EMAIL PROTECTED]>
Subject: Re: Classical Crypto Books
Date: Fri, 28 Jan 2000 13:54:00 -0500
CryptoBook <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Classical Crypto Books is pleased to announce the following recent
> additions/updates to the CCB catalog.
>
> CLASSICAL CRYPTO
>
> THE AMERICAN BLACK CHAMBER
> by Herbert O. Yardley
> A BEST BUY! This high quality, hardbound reprint edition is printed on
acid
> free paper and is published in a press run limited to 100 copies. For a
> description, see the softbound edition listing (next). Published at
$23.95.
> Amereon House, 268 pp.
> HB, Nonmember $22.95, Member $20.95
>
> THE AMERICAN BLACK CHAMBER
> by Herbert O. Yardley
> This thrilling and controversial 1931 bestseller exposed US cryptanalytic
> methods and successes, spurring Japan and other embarrassed nations to
change
> systems before WW2. Written by the colorful, talented, and broke ABC
leader
> after it closed in 1929. Aegean Park Press C-52, 375 pp.
> SB, Nonmember $28.80, Member $23.05
>
> CRYPTANALYSIS OF THE SINGLE ROTOR CIPHER MACHINE
> by Donald A. Dawson
> This book grew out of the author's (eventually) successful attempt to
solve a
> problem in the back of Solomon Kullback's Statistical Methods in
Cryptanalysis.
> Includes QBasic program listings. See Cryptologia, Oct96. Aegean Park
Press
> C-73, 217 pp.
> SB, Nonmember $38.80, Member $31.05
>
> ADVANCED MILITARY CRYPTOGRAPHY
> by William F. Friedman
> Continues Friedman's Elementary Military Cryptography, covering the same
> general areas, but with more advanced subject matter. Includes sections on
> repetitive and combined systems as well as cryptographs and cipher
machines.
> Aegean Park Press C-8, 119 pp.
> SB, Nonmember $14.80, Member $11.85
>
> ELEMENTARY MILITARY CRYPTOGRAPHY
> by William F. Friedman
> Introductory text for U.S. Army cryptographers. Originally published in
1935.
> Discusses transposition and substitution cipher systems, one- and two-part
code
> systems, enciphered code, error recovery, and fundamentals of signal
security.
> Aegean Park Press C-7, 90 pp.
> SB, Nonmember $12.80, Member $10.25
>
> CODES, CIPHERS, & OTHER CRYPTIC & CLANDESTINE COMMUNICATION: Making and
> Breaking Secret Messages From Hieroglyphs to the Internet
> by Fred B. Wrixon
> A BEST BUY! As you can tell from the title and page count, this is a BIG
book,
> a treasury of information (mostly) about classical cryptology and
associated
> technology. As a quality hardbound book with dust jacket, the big surprise
is
> the low price. Black Dog and Levanthal, 704 pp.
> HB, Nonmember $17.95, Member $15.95
>
>
> FICTION AND LITERATURE
>
> THE CRYPTOGRAM: (The Giant Raft, Part 2)
> by Jules Verne
> Improving upon Poe, whom he admired, Verne made the solution of a more
complex
> Gronsfeld cipher the central theme in this 1881 Amazon adventure novel.
Printed
> on acid free paper, this high quality edition is published in a press run
> limited to 80 copies. Amereon House, 119 pp.
> HB, Nonmember $18.95, Member $17.95
>
>
> FOR BEGINNERS AND ENTHUSIASTS
>
> LU & CLANCY'S SECRET CODES
> by Adrienne Mason, Illustrated by Pat Cupples
> Dog detectives, Lu and Clancy, teach kids ages 7 to 10 more than 20
fool-proof
> ways to write secret messages in this activity story book. Illustrated
> throughout in color. Kids Can Press, 40 pp.
> SB, Nonmember $5.95, Member $5.35
>
> SECRET CODE BREAKER CIPHER SLIDE
> by Robert Reynard
> A BEST BUY! A 10.5" x 2" linear slide with a cardboard face and wood back.
> Includes instructions for use with Caesar, Vigenere, Beaufort, and
Gronsfeld
> ciphers. Ages 10 and up. Smith & Daniel, 10 pp.
> Nonmember $4.95, Member $3.95
>
> SECRET CODE BREAKER VOLUME 3: A Cryptanalyst's Handbook
> by Robert Reynard
> A BEST BUY! History and ciphers of the Revolutionary & Civil Wars, World
Wars I
> & II, and the cold war with separate chapters on Venona, the Zimmermann
> telegram, Friedman and Rowlett, Rudolph Abel, the Walker spy ring, Aldrich
> Ames, organized crime. Ages 12 and up. Includes a 3.5 inch diskette. Smith
&
> Daniel, 125 pp.
> SB, Nonmember $12.95, Member $11.50
>
> SECRET CODE BREAKER VOLUME 2: A Cryptanalyst's Handbook
> by Robert Reynard
> A BEST BUY! Describes cribs, traffic analysis, superencipherment, and
history
> and use of checkerboard, ADFGVX, Playfair, Mexican Army, grille, Larrabee,
and
> one time pad ciphers with software to encode/decode ciphers, simulate the
> Enigma Bombe. Ages 12 and up. Includes a 3.5 inch diskette. Smith &
Daniel, 128
> pp.
> SB, Nonmember $12.95, Member $11.50
>
> SECRET CODE BREAKER VOLUME 1: A Cryptanalyst's Handbook
> by Robert Reynard
> A BEST BUY! Describes history and use of skytale, Polybius, single column
> transposition, Jefferson Wheel, Caesar, keyword, and Vigenere ciphers with
> software to encode/decode ciphers, analyze simple substitution, simulate
the
> Enigma machine. Ages 12 and up. Includes a 3.5 inch diskette.
> Smith & Daniel, 96 pp.
> SB, Nonmember $11.95, Member $10.95
>
> SECRET CODE BREAKER SECRET MESSAGE KIT: Second Edition
> by Robert Reynard
> A BEST BUY! A hands-on activity kit with two different cardboard cipher
disks,
> including the Mexican Army disk, five different cipher system message
pads, a
> secret ink marker pen, a separate developer marker, and step by step
> instructions. Ages 8 to 12. Smith & Daniel, 28 pp.
> Nonmember $9.95, Member $8.95
>
>
> HISTORY
>
> VENONA: Soviet Espionage and the American Response 1939-1957
> by Robert Louis Benson, Michael Warner
> Venona was the largely successful project to break Soviet Diplomatic codes
used
> for messages discussing Soviet espionage in the U.S. Quite a feat since
the
> messages were superenciphered with a one-time pad. Aegean Park Press C-75,
547
> pp.
> SB, Nonmember $48.80, Member $39.05
>
> CAPTURING ENIGMA: How HMS Petard Seized the German Naval Codes
> by Stephen Harper
> Unable to read German naval Enigma traffic for 10 months, BP needed a
break.
> They got it when a British destroyer attacked U-559. Two British sailors
raced
> to get the Enigma keys, went back for the machine, and perished in the
sinking
> sub. UK import.
> Sutton Publishing, 192 pp. (Quantities very limited.)
> HB, Nonmember $35.95, Member $32.95
>
> WARRIORS: Navajo Code Talkers
> by Kenji Kawano, Foreword by code talker Carl Gorman, Introduction by
> Benis Frank, USMC
> The author, son of a Japanese WW2 veteran was surprised to learn of the
code
> talkers when he moved to Arizona. He got to know them well, became
official
> photographer of the Navajo Code Talkers Association, and produced this
book to
> preserve their memory. Published at $19.95. Northland Publishing Company,
125
> pp.
> SB, Nonmember $18.95, Member $16.95
>
>
> MODERN AND ADVANCED CRYPTO
>
> CRYPTOLOGY
> by Albrecht Beutelspacher
> The book's first half studies classical cryptology and analyzes its
> cryptosystems. The second half deals with modern cryptology, including
public
> key cryptosystems. For a review, see Cryptologia, Oct95. Mathematical
> Association of America, 172 pp.
> SB, Nonmember $37.95, Member $35.95
>
> CRYPTOLOGY: System Identification and Key Clustering
> by I. J. Kumar
> The focus of this advanced book is the application of modern pattern
> recognition techniques to the cryptanalysis of classical systems, stream
> ciphers, rotor based systems, DES, and public key systems. Discusses the
> cryptanalysis of speech systems. Aegean Park Press C-78, 499 pp.
> SB, Nonmember $58.80, Member $47.05
>
> CRYPTOGRAPHY AND NETWORK SECURITY: Principles and Practice (Second
Edition)
> by William Stallings
> Useful as both a text for an undergraduate course in cryptography and
network
> security and as a professional reference. Four parts cover conventional
> encryption, public-key encryption & hash functions, network security
practice,
> and system security. Published at $72.75. Prentice Hall, 589 pp.
> HB, Nonmember $67.95, Member $61.95
>
>
> ESPIONAGE AND INTELLIGENCE
>
> SECRET MISSIONS OF THE CIVIL WAR: First-hand Accounts by Men and Women Who
> Risked their Lives in Underground Activities for the North and the South
> by Philip Van Doren Stern (Editor)
> A BEST BUY! Twenty four thrilling accounts, including one about carrying a
> memorized cipher message through the lines, told by the original
participants.
> Includes adventures of Allan Pinkerton and Belle Boyd and an appendix on
the
> codes and ciphers in the Civil War. Wings Books, 320 pp.
> HB, Nonmember $8.95, Member $7.95
>
> ==============
> HB = Hardbound
> SB = Softbound
> ==============
>
> All items are in stock and available now. Member prices are available to
> members of the American Cryptogram Association, the U.S. Naval Cryptologic
> Veterans Association, and full-time students. Shipping and handling are
extra.
> For complete ordering information, a free catalog of crypto books by
return
> e-mail, or for information about membership in the American Cryptogram
> Association, please send email to: [EMAIL PROTECTED]
>
> Best Wishes,
> Gary
>
> Gary Rasmussen
> Classical Crypto Books
> E-Mail: [EMAIL PROTECTED]
> Fax: (603) 432-4898
>
------------------------------
From: "Melinda Harris" <[EMAIL PROTECTED]>
Subject: CRYPTO-ECCENTRIC
Date: Fri, 28 Jan 2000 14:07:42 -0500
I heard about the Crypto-Eccentric (Prodigy of Encryption) . Inside info
reveals the prologue alone is absolutely frightening. Forget about Quantum
Cryptography, or Quantum Computers. This bizarre idiosyncratic cryptography
will make supercomputers look like a broken abacus.
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: WW2 Cypher Yet Unbroken ...
Date: Fri, 28 Jan 2000 19:21:16 GMT
Reply-To: [EMAIL PROTECTED]
On 28 Jan 2000 05:09:46 -0000, [EMAIL PROTECTED] wrote:
>
>
>
>This may very well be an old, done-by-hand version of a One Time Pad.
>This particular version uses a random table of 5 digit numbers which is
>added to each character of a message, one letter per 5 digit number.
>Here's an example:
>
>Suppose the first number in the pad is 12345. Now, we encrypt the
>letter A, which has a value of 1, by adding it to 12345, thus the
>resulting ciphertext is 12346.
Horribly bulky cipher! Plaintext length x 5.
--
Jim,
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Mac encryption algorithm?
Date: Fri, 28 Jan 2000 12:25:00 -0600
In article <86rge5$mtj$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
Schlyter) wrote:
> This story should give some food for thought to anyone who claims
> that either Little Endian or Big Endian byte ordering is "wrong"....
In crypto, you can mix these, even in the same algorithm. "Little" still
wins because it is a little-sized issue.
--
About injustice, the stronger I get the meaner I feel, or is it the
other way around. Do not respect sacred cows that seek to trample you while preaching
about the good they do.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NIST, AES at RSA conference
Date: Fri, 28 Jan 2000 19:29:25 GMT
CLSV <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
> > Alas the situation is still worse. We don't even know that
> > practical and secure ciphers exist. We cannot disprove, or
> > even bound the probability away from 1, that an attacker has
> > a single algorithm that breaks all key-based ciphers given
> > ciphertext that covers the unicity distance.
>
> A *single* algorithm that breaks *all* key-based ciphers?
> I think/believe that this is awfully close to being
> reducible to the Halting Problem. It does not sound very
> realistic to me.
By "key based", I mean I'm assuming the usual model in which
the algorithms are known to the attacker and the key is
secret, and by "practical" I mean encryption and decryption
with a given key are reasonably efficient. Clearly if we
allow our solver to take arbitrarily large but finite time,
we could actually construct such a thing, since exhaustive
search halts.
As for realistic, I tend to agree. The question was whether
we could prove that such an algorithm must be intractable,
and there is no such proof known.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 28 Jan 2000 14:57:50 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: CRYPTO-ECCENTRIC
Melinda Harris wrote:
> I heard about the Crypto-Eccentric (Prodigy of Encryption) . Inside info
> reveals the prologue alone is absolutely frightening. Forget about Quantum
> Cryptography, or Quantum Computers. This bizarre idiosyncratic cryptography
> will make supercomputers look like a broken abacus.
And where, pray tell, do we find this and additional information?
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: sci.physics
Subject: Re: Intel 810 chipset Random Number Generator
Reply-To: [EMAIL PROTECTED]
Date: Fri, 28 Jan 2000 19:17:34 GMT
On 28 Jan 2000 (Michael Kagalenko) wrote:
> More important is the disagreement about what kind of noise I am
> talking about.
>
Why is that important?
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Fri, 28 Jan 2000 20:37:46 +0000
John Savard wrote:
>
> CLSV <[EMAIL PROTECTED]> wrote, in part:
> >[EMAIL PROTECTED] wrote:
[...]
> >> We cannot disprove, or
> >> even bound the probability away from 1, that an attacker has
> >> a single algorithm that breaks all key-based ciphers given
> >> ciphertext that covers the unicity distance.
> >A *single* algorithm that breaks *all* key-based ciphers?
> >I think/believe that this is awfully close to being
> >reducible to the Halting Problem.
[...]
> It is certainly quite unlikely that a single
> algorithm will "break all ciphers", but even the nonexistence of that
> is likely not _provable_ for the same reason.
Well any mathematical prove is useless because
the original statement is too vague. If the problem would
be formally defined it is easier to talk about
reduction to the Halting problem.
Regards,
CLSV
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NEC claims New Strongest Crypto Algor
Date: Fri, 28 Jan 2000 13:43:43 GMT
Greg <[EMAIL PROTECTED]> wrote, in part:
>In article <[EMAIL PROTECTED]>,
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>> "NFN NMI L." wrote:
>> > <<creates a number of fake keys in addition to the true encryption
>key. >>
>> > What?
>>
>> That indeed seems to be the "new" feature of the NEC system.
>> It would be interesting to hear some detail about this notion.
>
>It would be even more interesting to hear why their engineers
>thought this was useful.
That, of course, depends on what that feature is.
Depending on what that means, it could be a useful feature. For
example, suppose the key size is larger than the block size. Then, a
brute-force search on a single block would turn up many false hits for
the key that performed the decipherment. Of course, that can be easily
negated by checking more than one block at a time.
But if there were some way to place that kind of obstruction in the
cryptanalysts' path without such a simple way to avoid it, it would be
useful. Creating "fake" keys that aren't used would be useless, but
that may be another matter entirely.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: CRYPTO-ECCENTRIC
Date: Fri, 28 Jan 2000 13:39:38 GMT
"Melinda Harris" <[EMAIL PROTECTED]> wrote, in part:
>I heard about the Crypto-Eccentric (Prodigy of Encryption) . Inside info
>reveals the prologue alone is absolutely frightening. Forget about Quantum
>Cryptography, or Quantum Computers. This bizarre idiosyncratic cryptography
>will make supercomputers look like a broken abacus.
Congratulations, on being one of the people with the inside knowledge.
I recall a post some time ago that was a bit longer about him. Wasn't
it also from you?
This is the only thing we've heard about him...what you have posted.
There isn't even a web site about this stuff? Anyhow, I think even my
stuff is sufficient to make a supercomputer trying to crack it look
like "a broken abacus", so I am able to contain my anticipation.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: CRYPTO-ECCENTRIC
Date: Fri, 28 Jan 2000 14:04:07 GMT
[EMAIL PROTECTED] (John Savard) wrote, in part:
>"Melinda Harris" <[EMAIL PROTECTED]> wrote, in part:
>>I heard about the Crypto-Eccentric (Prodigy of Encryption) . Inside info
>>reveals the prologue alone is absolutely frightening. Forget about Quantum
>>Cryptography, or Quantum Computers. This bizarre idiosyncratic cryptography
>>will make supercomputers look like a broken abacus.
>Congratulations, on being one of the people with the inside knowledge.
>I recall a post some time ago that was a bit longer about him. Wasn't
>it also from you?
It was from her, and an author profile turned up a much earlier post
to talk.politics.crypto:
>Looks like we better reconsider our disclosure or even considering
>the introduction of David Matthias Mimms encryption software (ANEC)
>to any government entity?
That last post of hers that I was thinking of began
>Cryptographers worldwide would concede that this encryption technique
>called A.N.E.C, does not conform to the traditional practices, beliefs
>or standards within the cryptographers profession and has
>an innovative idiosyncratic, uncanny technique unlike any cryptosystem
>I have ever encountered
so now we have a name to associate with the terms "cipher man",
"prodigy of encryption" and "crypto-eccentric".
Has anyone heard or read about David Matthias Mimm or David Matthias
Mimms?
I'm trying a web search, but I'm getting things like:
Associaci� de Natura, Excursionisme i Cultura
ASOCIACION NACIONAL DE ENFERMERAS DE COLOMBIA
Trying a search with "cipher" compulsory, but ANEC and A.N.E.C.
optional turned this up at the head of the list
http://www.identification.de/crypto/descript.html
which is interesting, but appears to not be connected to this
particular item, although it may well offer similar possibilities of
amusement. (Actually, the basic idea _is_ a good one, but it is a very
hard one to properly implement. And I think I've seen it proposed a
zillion times...even FROG is sort of an example, not so much from its
own design as from the way that design was first described.)
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
