Cryptography-Digest Digest #38, Volume #11 Wed, 2 Feb 00 11:13:01 EST
Contents:
Re: english version of the cipherchallenge (Lionux)
Terms need explain (Angus Lee)
Re: Does the NSA have ALL Possible PGP keys? (cfm)
Re: Does the NSA have ALL Possible PGP keys? (Guy Macon)
Re: Does the NSA have ALL Possible PGP keys? (cfm)
Re: How to password protect files on distribution CD ([EMAIL PROTECTED])
Re: How to password protect files on distribution CD (Alun Jones)
Re: Does the NSA have ALL Possible PGP keys? (Eric Lee Green)
Re: Does the NSA have ALL Possible PGP keys? (Eric Lee Green)
Re: Available Algorithms (Keith A Monahan)
Re: Does the NSA have ALL Possible PGP keys? (Steve K)
Re: How to password protect files on distribution CD (Eric Lee Green)
Re: Terms need explain (Eric Lee Green)
Re: Available Algorithms (Eric Lee Green)
Re: NIST, AES at RSA conference (Shawn Willden)
----------------------------------------------------------------------------
From: Lionux <[EMAIL PROTECTED]>
Subject: Re: english version of the cipherchallenge
Date: Wed, 02 Feb 2000 12:14:26 GMT
how can you be sure of it ? ( is it stated anywhere in the book ? )
Troed wrote:
> Lionux <[EMAIL PROTECTED]> wrote:
>
> >I have purchased the book from Simon Singh .But being french ,I have the
> >french version of the book and so of the cipherchallenge .
> >Do some of you have or know where I could find the english version
> >(without buying the book in english ) of the cipherchallenge ?
>
> Stages 2-10 of the challenge is the same in all versions of the book.
>
> ___/
> _/
------------------------------
From: Angus Lee <[EMAIL PROTECTED]>
Subject: Terms need explain
Date: Wed, 02 Feb 2000 20:48:53 +0800
Hi,
--- Start qouting
DS(KS) stands for the Digital Signature of Key Server
K(KS)-certificate stands for key-exchange certificate for the Key Server
S(KS)-certificate stands for signature certificate for the Key Server
--- End qouting
What're the meanings of:
1. digital signature;
2. key-exchange certificate; and
3. signature certificate
in the above context?
Thank you.
Angus Lee
------------------------------
From: cfm <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 08:40:40 -0500
Why do I need to break the asymmetric key? I'd go after 3DES or IDEA
keyspace, much more managable. Again the trick is 1) applying the
generated keys to the ciphertext, and 2) searching for an intelligible
plaintext.
carl.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>> What's the big deal, any one of us who wishes to spend the time can
>> generate all possible PGP keys. So what, now if they can search them and
>> discover which one is in use in a particular message and then decrypt
>> it, that's news, but its also pretty far fetched that nsa is performing
>> a search across the key space for all PGP encrypted messages in the
>> internet. (Ignores question of how all traffic in the internet is
>> funneled to NSA!)
>
>If you would bother to read up, to generate the keys to fill the keysapce
>of a 2048 bit PGP key, well lest say that thd sun will be burned out long
>before all the computers on this planet are done cranking through those
>keys.
>
>
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: 02 Feb 2000 09:19:28 EST
In article <877s5c$r6i$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Ed Pugh)
wrote:
>Then, there is the small problem of data storage. There just isn't
>enough material in the whole universe (let alone, Fort Mead) to store
>all of those big numbers.
I can do it in two bits.
Consider the following set of keys (rules selected to keep list short)
11
12
13
21
22
23
31
32
33
This is a coplete list of all keys that are two characters long
and contain only the characters "1" "2" and "3".
I can represent this list as follows:
111213212223313233
Which can be considered a a single number.
Clearly the list of all possible PGP keys can also be turned
(after a base conversion) into one (REALLY BIG) number.
Now, the number above would seem to require 18 digits, but
that's only if you represent it in base 10.. In base 16,
it would be C8E69551, which has 8 digits. (In base 2, it
would be 11001000111001101001010101010001 - 32 digits).
Thus I can extend the above scheme to represent
111213212223313233 as 10 in base 111213212223313233.
Clearly I can do the same with the number that I make
out of the sum of all PGP keys. Let's call it "PBN"
(Pretty Big Number). The universe is too small to
write down PBN in binary, decimal, or hex, but you
can write down PBN in base PBN with ease. it's "10".
...(and yes, I am joking. Thanks for asking
before turning on the usual flamethrowers.) ;)
------------------------------
From: cfm <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 10:15:28 -0500
According to Maple, the number of primes in a 512 bit RSA calculation
(256 bit primes) is:
Li((2^257)-1) - Li(2^256) = .6511328131 10^75
Additionally approx number of 512 bit primes:
Li((2^513)-1) - Li(2^512) = .3773896853 10^152
and number approx number of 2048 bit primes:
Li((2^2049)-1) - Li(2^2048) = .2275922921 10^614
Li(x) is the integral logarithm, which approximates the prime function
(pi(x)), and counts the number of prime numbers up to x. the above
calculations compute the number of prime numbers between the largest of
a particular bit size y ((2^y)-1) and the smallest (2^y).
Yes these are very large #'s and no I don't think that anyone would
calculate them. The number of CAST IDEA or 3DES (3key) keys are on the
order of 10^38 or 10^51, again big but not impossible. But how to search
it ....
carl.
In article
<[EMAIL PROTECTED]>,
Eric Lee Green <[EMAIL PROTECTED]> wrote:
>Johnny Bravo wrote:
>>
>> On Tue, 01 Feb 2000 13:01:44 -0500, cfm <[EMAIL PROTECTED]> wrote:
>>
>> >What's the big deal, any one of us who wishes to spend the time can
>> >generate all possible PGP keys.
>>
>> You are wrong. There are more PGP keys than atoms in the universe. I
>> leave it to the reader as an exercise to determine how long it would
>> take
>> for every computer ever constructed (I'll even grant that they are all
>> functional at 100%, even Eniac :), to compute all the 512 bit primes.
>> Much less those of 2048 bits.
>
>Note that we're concerned about "probably prime" numbers. It is quite a
>bit
>easier to test a number to see whether it is "probably prime" than it is
>to
>attempt every possible factorization of a number and thus PROVE that it's
>prime. Otherwise PGP never WOULD be able to generate a key.
>
>Remember, a network of rather modestly-powered personal computers in the
>Netherlands broke 512-bit RSA encryption in a matter of weeks. 512-bit
>encryption, at least, seems well within the reach of pre-computing all
>possible PGP keys. It's estimated that there's approximately 2^86 of them,
>77,371,252,455,336,267,181,195,264, though, so storing them would be a
>slight
>problem (we're talking about 77 billion times more storage than the
>biggest
>data warehouse that I've ever encountered!).
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.unix,comp.security
Subject: Re: How to password protect files on distribution CD
Date: Wed, 02 Feb 2000 15:14:55 GMT
> The basic idea is that while the program on the CD-Rom is encrypted
> with one, fixed key, you can generate a key for an individual customer
> which, when combined with a serial number, or the customer's name,
> yields the required decryption key.
Yes. Could you please name me some software packages that would do
this? (both NT and Unix)
> Unfortunately, disassembling programs is much easier than cracking
> encryption, so the level of security you can achieve this way is
> somewhat limited.
As long as it resists until the next release it should be OK for us :)
Thanks
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Alun Jones)
Crossposted-To: alt.security.pgp,comp.security.unix,comp.security
Subject: Re: How to password protect files on distribution CD
Date: Wed, 02 Feb 2000 15:19:09 GMT
In article <[EMAIL PROTECTED]>, Wally Whacker
<[EMAIL PROTECTED]> wrote:
> Here's one to chew on: Software you buy, install and run completely on
> your computer will go the way of the horse and buggy. Once Internet
> speeds can support good interactive use, who wants the hassle of
> installing software, figuring out problems, re-installing every time
> Windows needs re-installing etc? Apps over the net will be point and
> clock GO!
I'd imagine that those would be the same people that would be incredibly
leery of companies accessing their internal confidential data, or analysing
their product usage, or even just plain going bust.
After all, if my company goes bust tomorrow, you still would have a working
copy of my software that you can use [presumably until you can find a
replacement]; if your ASP goes bust tomorrow, all the software you use
through them is no longer available to you. And, if you have a relatively
niche product that your business relies on, you're screwed.
Alun.
~~~~
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find it
1602 Harvest Moon Place | at web site http://www.wftpd.com or email
Cedar Park TX 78613 | us at [EMAIL PROTECTED] VISA / MC accepted.
Fax +1 (512) 378 3246 | NT based ISPs, be sure to read details of
Phone +1 (512) 378 3246 | WFTPD Pro, NT service version - $100.
*WFTPD and WFTPD Pro now available as native Alpha versions for NT*
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 08:32:29 -0700
Guy Macon wrote:
>
> In article <877s5c$r6i$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Ed Pugh)
>wrote:
>
> >Then, there is the small problem of data storage. There just isn't
> >enough material in the whole universe (let alone, Fort Mead) to store
> >all of those big numbers.
>
> I can do it in two bits.
You appear to be creating deltas. Even if you assume that all possible PGP
keys are within 256 positions of each other, we're talking about at least
452312848583266388373324160190187140051835877600158453279131187530910662656
bytes of storage (courtesy of GNU "bc", a great tool for handling big numbers
:-).
Not quite practical :-).
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 08:43:40 -0700
"Douglas A. Gwyn" wrote:
>
> W A Collier wrote:
> > All possible keys, eh? How'd they generate *all* the keys for my 2048
> > bit keyspace
>
> While I think the original claim is nonsense, there is at least
> theoretically a possibility that whatever combination of RNG and
> checking for "bad" keys PGP does, manages to limit the accepted
> keys to some large but manageable number. Someone who cares
> should look into that possibility.
Even if the number of accepted keys was reduced to some ridiculously small
number by those tests and the limits of the PRNG, like, say, 2^128, the
storage problem still applies. You're still operating in a 2048-bit keyspace,
after all, so 32 bytes will be required for each key. I know of few computers
that have the ability to handle 2^64 bytes of data, much less 2^133!
BTW, the PGP random number generator has been extensively analyzed and there's
at least one paper pointing out its strengths and weaknesses. If I'm recalling
right, it uses SHA1 to distill its randomness, which would mean that it can
generate at least 2^168 different sequences of numbers usable for keys, which
would still be more than what could easily be stored. The primary attack on
the PGP random number generator would require either a Tempest-type attack
(monitoring the I/O between the keyboard and computer, since at least the
"classic" PGP generator used bit-jitter between the times you pressed random
keys on the keyboard to distill randomness), or that the computer itself
already be compromised (in which case you're toast anyhow).
--
Eric Lee Green http://members.tripod.com/e_l_green
[EMAIL PROTECTED] http://twofish-py.sourceforge.net
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Subject: Re: Available Algorithms
Date: 2 Feb 2000 15:47:25 GMT
G. R. Bricker ([EMAIL PROTECTED]) wrote:
: Or construct your own algorithm.
I would recommend against contructing your own algorithm for bunch of
reasons. First off, if you have no background in cryptography, then
you aren't going to be familiar with the types of attacks possible, so
you are probably going to miss important design criteria requirements.
The time, effort, and trouble that you would go through simply to produce
a new algorithm that has the same (or more likely less) strength and
one that has worse time complexity and requires 64 rounds & 8192 bits.
You get the idea.
The last, and probably most important reason is that there are very
good, completely free and available algorithms like Blowfish that have
already been implemented with plenty of example code online. You also
get the advantage of their algorithm being reviewed by alot of people
over a longer span of time.
Keith
Buy a Shaum's Mathematical Formulas book
: (abou $13) and pick through it. no infringement of trademark or patent
: worries. I bought this in my freshmen year and have dog-eared it to death.
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 02 Feb 2000 15:48:53 GMT
On Wed, 02 Feb 2000 08:40:40 -0500, cfm <[EMAIL PROTECTED]>
wrote:
>Why do I need to break the asymmetric key? I'd go after 3DES or IDEA
>keyspace, much more managable. Again the trick is 1) applying the
>generated keys to the ciphertext, and 2) searching for an intelligible
>plaintext.
...starting from scratch for every new message you try to decrypt, of
course, since breaking the symmetric cipher in one PGP message is no
help in breaking the next message.
So far I believe that 56 bit DES is the strongest "trusted modern
cipher" that has been publicly broken. 128 bit keys are not twice
that size; 57 bit keys are. In 128 bits, there are approximately 6.8
x 10^38 possible keys. And when the AES cipher is selected, it will
almost certainly be included in PGP-- with a key size of 256 bits.
Trying all the 128 bit keys is not "much more manageable" than trying
the possible keys for, let's say, 1024 bit RSA. It is just about
equally impossible, from a mechanical standpoint.
:o)
Steve
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.unix
Subject: Re: How to password protect files on distribution CD
Date: Wed, 02 Feb 2000 09:00:16 -0700
Vernon Schryver wrote:
> If you want that something close to that mode, then use the MAC address
> of an Ethernet board, and treat the Ethernet board like an old fashioned
> dongle. Yes, that's awkward for the user, but people usually don't
> throw the old computer away.
AGH! Please don't do that. Within the past year we have updated major portions
of our corporate network from 10baseT to 100baseT, which required replacing
many of the older network cards in our older computers, and also updated our
entire network to a switched network fabric (the only hubs are in end-user
offices when people want to have multiple computers in their office). In the
process of updating to a switched network fabric, we also found that many
cheapo-cards don't work properly in 100BaseT Full Duplex mode, meaning yet
more cards replaced :-(.
Our server load is taken up by SCO Unix (being retired) and Linux on Intel
boxes, though we have numerous other platforms in our porting lab. We would
not be pleased if our $30,000 accounting and manufacturing system broke
because we upgraded our server :-(.
I don't know what my management would do, but I suspect it would NOT be
polite, at a minimum with irate demands that you fix the problem, and if that
failed, a lawsuit filed under Arizona consumer fraud laws (note that no
license contract can supercede the law... otherwise, deed restrictions which
state that "this property may not be sold to blacks, Hispanics, or Indians"
would be enforcible). That's the kind of nonsense that led to the whole
"cracking" business in the first place -- i.e., where copy protection was
prohibiting people from installing their programs that they had purchased onto
their hard drives, back in the mid 80's. It really sucked to have spent
hundreds of dollars on a word processor, only to find that you had to run it
off a bog-slow 5 1/4" floppy every time you wanted to load it, despite having
a nice fast 50-ms access time 30mb RLL hard drive (that costed $1,000!) in
your computer :-).
If the goal is to keep honest people honest (and really, that's the only
worthwhile goal here), a "normal" license manager which relies on the user
typing in valid license data (valid as checked vs. an RSA public key or a MD5
hashed shared key) will do that, without peeving current and future customers.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Terms need explain
Date: Wed, 02 Feb 2000 09:02:43 -0700
Angus Lee wrote:
>
> Hi,
>
> --- Start qouting
> DS(KS) stands for the Digital Signature of Key Server
> K(KS)-certificate stands for key-exchange certificate for the Key Server
> S(KS)-certificate stands for signature certificate for the Key Server
> --- End qouting
>
> What're the meanings of:
> 1. digital signature;
> 2. key-exchange certificate; and
> 3. signature certificate
> in the above context?
http://www.counterpane.com/applied.html
Read the book. The rest of us did.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Available Algorithms
Date: Wed, 02 Feb 2000 09:05:51 -0700
"G. R. Bricker" wrote:
> Or construct your own algorithm. Buy a Shaum's Mathematical Formulas book
> (abou $13) and pick through it. no infringement of trademark or patent
> worries. I bought this in my freshmen year and have dog-eared it to death.
Won't work. Lots of mathematical formulae have been patented when used in a
crytographic context. Look at Diffie-Hellman key exchange, for example -- all
that is, is exponentiation and multiplication within a prime field. Pure
mathematics. Also patented (though the patent has expired, thankfully). How
can multiplication and exponentiation be patented? Beats me, but it just
proves that the fact that a formula is in Shaum's is no guarantee that it
isn't patented when used as part of a cryptographic product.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
Date: Wed, 02 Feb 2000 09:09:56 -0700
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
John Savard wrote:
> Shawn Willden <[EMAIL PROTECTED]> wrote, in part:
>
> >Given independent keys. What if the same key is used for all three?
>
> That would be very silly, and would hardly say anything about the
> value of using three different ciphers.
Maybe I misunderstand what Mr. Ritter is proposing. I had thought his
idea was to use the same key with all the ciphers in a stack. The point
of using the same key was to allow the stack to be changed frequently.
If this is a gross misunderstanding, I apologize. I'm really responding
here not just to the posts at hand but to my accumulated understanding
(or misunderstanding) of the bits of this discussion that I've read over
the last year or so.
Shawn.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
