Cryptography-Digest Digest #54, Volume #11 Sat, 5 Feb 00 01:13:01 EST
Contents:
Re: Legitimate Professional Password Cracking? ("Henny Youngman")
Re: NIST, AES at RSA conference (David Wagner)
Re: How to Annoy the NSA (David A Molnar)
Re: NIST, AES at RSA conference ("Joseph Ashwood")
Re: Court cases on DVD hacking is a problem for all of us (Michael Kagalenko)
Re: Clock drift (was Intel 810 chipset Random Number Generator) (Guy Macon)
Re: Is RC6 a more advanced design than CAST/IDEA...? ("James")
Factorization (NFN NMI L.)
Re: How to Annoy the NSA ("Douglas A. Gwyn")
Re: Clock drift (was Intel 810 chipset Random Number Generator) (Michael Kagalenko)
Re: Factorization (JPeschel)
Re: Suitable hash for this application - in the public domain? (Tom St Denis)
Re: Factorization (Jerry Coffin)
Re: Factorization (Glenn Larsson)
Re: Factorization (Jerry Coffin)
Re: Factorization (JPeschel)
Re: How to Annoy the NSA (Greg)
Re: How to Annoy the NSA (David A Molnar)
----------------------------------------------------------------------------
From: "Henny Youngman" <[EMAIL PROTECTED]>
Subject: Re: Legitimate Professional Password Cracking?
Date: Fri, 4 Feb 2000 17:13:10 -0700
test
<[EMAIL PROTECTED]> wrote in message news:87f0ui$e4v$[EMAIL PROTECTED]...
> I know this might not be the perfect place to ask this question, but I
> don't know where else to start. Please don't flame.
>
> I am looking for a legitimate, professional, consulting type service
> that can take a list of passwords and crack them. It is a Unix style
> password file or something similar that contains around 300,000 -
> 500,000 entries. I know that they cannot be 100% accurate, but with
> today's tools I hear accuracy is very high.
>
> Again, this is very much on the up and up, so if you have any
> suggestions, please only the legit (legal) ones.
>
> Thanks in advance,
>
> -Ash
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NIST, AES at RSA conference
Date: 4 Feb 2000 16:27:07 -0800
In article <[EMAIL PROTECTED]>, Serge Vaudenay <[EMAIL PROTECTED]> wrote:
>David Wagner wrote:
>><[EMAIL PROTECTED]> wrote:
>>> But it is also correct that multiple ciphering is provably strong*er* [..]
>
>> Well, personally I find that to be an extremely surprising claim.
>> Care to share the formal proof?
>
> The proof is quite obvious if you consider attacks as distinguishers. [...]
>
> This way the product cipher is at least as secure as its strongest
> factor.
Yes, sure, but Terry Ritter claimed that multiple ciphering is
strictly *stronger* (i.e., >, not just >=). Such a claim is, as far
as I can see so far, unsupported.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How to Annoy the NSA
Date: 5 Feb 2000 00:25:13 GMT
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> I'm just taking a few lines to point out the bit of
> slef-fulfilling prophecy that is this conversation.
> It is generally assumed that the NSA reads sci.crypt looking
> to find how good various people are.
?? What makes you think that?
> By increasing the traffic with useless words, you annoy the
> NSA.
This strikes me as dubious.
-David
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Fri, 4 Feb 2000 16:45:17 -0000
> Yes, sure, but Terry Ritter claimed that multiple
ciphering is
> strictly *stronger* (i.e., >, not just >=). Such a claim
is, as far
> as I can see so far, unsupported.
Actually the statement that it is strictly stronger can be
easily contradicted, using XOR (eXclusive-OR), where
regardless of the keys chosen multiple encipherment is
strictly equivalent to a single encipherment with the XOR of
the keys.
Joe
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: 5 Feb 2000 01:30:43 GMT
Reply-To: [EMAIL PROTECTED]
Eric Lee Green ([EMAIL PROTECTED]) wrote
]Ian Hay wrote:
]> Xcott Craver wrote:
]>
]> > o DVD encryption is not there to prevent illegal copying.
]> > It does not prevent illegal copying. A pirate will copy
]> > the whole DVD without breaking the encryption, and the copy
]> > will play in a DVD player. Encryption doesn't even slow him down.
]>
]> Sorry to butt in, but this seems to be a point of contention. Isn't the
]> above statement (while widely believed) specifically untrue? My
]> understanding of the description of the technology involved is that the
]> encrypted key, read by the software or hardware DVD player, is on a
]> specific area of the distributed DVD that is otherwise pre-embossed on
]> writeable DVDs.
]
]In addition, writable DVD's currently do not have the capacity to hold the
]data on a (read-only) DVD. Thus it is impossible on the face of it to pirate a
]DVD using writeable-DVD media.
I wonder how the data transfer rate required for DVD playback compres
with data transfer rate of tape drives. May be, DVDs can be copied to
digital tape ?
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: sci.physics
Subject: Re: Clock drift (was Intel 810 chipset Random Number Generator)
Date: 04 Feb 2000 21:18:38 EST
ANYBODY HERE WANT TO HEAR THE JOKE ABOUT THE
DRUNK DRIVING THE WRONG WAY ON THE FREEWAY??
In article <86tbbu$rjv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Michael Kagalenko) wrote:
>
> Not quite. The specific kind of clock drift does. What kind
> was explained several times, so I am nto going to repeat just for you.
> Dejanews has my earlier posts.
>
Not a single person here understood a word of your "explaination", yet
you still refuse to admit that you were not clear. Every call for an
explaination of what your unclear writing means is met with this
"Go to dejanews and read it again" bullshit. I did, qand it's still
not undersatandable Cut the crap and start answering questions, luser.
>
> Neither Ritter not Schriver understood me, and all their objections
> are wide off the mark.
>
Yet you won't say specically where they are off the mark, and you won't
answer any questions. I know why. The reason is that you don't *HAVE*
any answers. You don't even understand your own claims! And you try
to hide it from scientists with your painfully obvious "I won't
repeat myself" game. Maybe that works in your Kingdom Hall meetings,
but I know five year olds who can see through such a lame debating trick.
Go away. You are embarassing yourself.
ANYBODY HERE WANT TO HEAR THE JOKE ABOUT THE
DRUNK DRIVING THE WRONG WAY ON THE FREEWAY??
------------------------------
From: "James" <[EMAIL PROTECTED]>
Subject: Re: Is RC6 a more advanced design than CAST/IDEA...?
Date: Sat, 5 Feb 2000 10:35:50 +0800
Bob Silverman <[EMAIL PROTECTED]> wrote in message news:87etdn$ba7$[EMAIL PROTECTED]...
> In article <87dhpu$rup$[EMAIL PROTECTED]>,
> "James" <[EMAIL PROTECTED]> wrote:
> > RC6 is a very simple and compact on implementation. It uses no s-box
> and runs very fast.
> > So I'm curious if RC6 is more advanced than CAST/IDEA from the
> cryptographical view.
>
> The question is meaningless without a metric to measure what makes
> one algorithm "more advanced" than another.
>
> Please tell us your basis for measuring algorithms. Then we can
> answer the question.
>
>
I mean that RC6 is very short and simple. Especially it does not use secret S-BOX.
Like
Einstein's E=mc^2. short, easy in apperance. yet is powerful inside.
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Factorization
Date: 05 Feb 2000 03:32:27 GMT
Hello. Would someone please run 5154228018862208512867 through a math package
and tell me:
- its factors (2 primes roughly the same size - RSA, you guessed it)
- the name of the math package (any will do, Mathematica, whatever)
- how long the factorization took
- what system, roughly, it was run on (P2 400Mhz, say)
Thanks. My poor TI-92+ is choking on this number and I don't have Mathematica
on my computer. :-(
S. "Money sucks, except when you have it" L.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How to Annoy the NSA
Date: Sat, 05 Feb 2000 03:33:35 GMT
David A Molnar wrote:
> Joseph Ashwood <[EMAIL PROTECTED]> wrote:
> > It is generally assumed that the NSA reads sci.crypt looking
> > to find how good various people are.
> ?? What makes you think that?
Penn Jillette has some things to say on the subject, at
http://www.sincity.com/penn-n-teller/excite/weird.html
In fact, sci.crypt doesn't come close to representing the state
of the art in cryptology, so Ashwood's "general assumption" is
quite dubious. It would be safe, however, to assume that some
NSA staff do read the technical papers published for EuroCrypt
and other such reputable forums for open cryptologic research.
------------------------------
From: [EMAIL PROTECTED] (Michael Kagalenko)
Crossposted-To: sci.physics
Subject: Re: Clock drift (was Intel 810 chipset Random Number Generator)
Date: 5 Feb 2000 03:35:24 GMT
Reply-To: [EMAIL PROTECTED]
Guy Macon ([EMAIL PROTECTED]) wrote
]
]
]ANYBODY HERE WANT TO HEAR THE JOKE ABOUT THE
]DRUNK DRIVING THE WRONG WAY ON THE FREEWAY??
Hmm, I though you announced with great pomp two or three times that
you put me in your kill-file.
]In article <86tbbu$rjv$[EMAIL PROTECTED]>,
][EMAIL PROTECTED] (Michael Kagalenko) wrote:
]
]>
]> Not quite. The specific kind of clock drift does. What kind
]> was explained several times, so I am nto going to repeat just for you.
]> Dejanews has my earlier posts.
]>
]
]Not a single person here understood a word of your "explaination", yet
]you still refuse to admit that you were not clear.
a) You do not speak for every single person here. In fact, I don't
think you speak for anyone but yourself.
b) At least three of the readers did; Tim Tyler, the guy who posted
anonymously through nym.alias.net and the one who posted about atomic
force microscope (OK, I assume the second is not the same as 1st or 3rd).
] Every call for an
]explaination of what your unclear writing means is met with this
]"Go to dejanews and read it again" bullshit. I did, qand it's still
]not undersatandable Cut the crap and start answering questions, luser.
I do answer questions that were not answered previously. I note
that your post doesn't have any questions, just a big fat load of whining
about my posting style.
]> Neither Ritter not Schriver understood me, and all their objections
]> are wide off the mark.
]>
]
]Yet you won't say specically where they are off the mark, and you won't
]answer any questions.
I say specifically where they are off the mark when I follow-up to
their posts. Deja.com should have those replies.
] I know why. The reason is that you don't *HAVE*
]any answers. You don't even understand your own claims!
Well, actually, I am pretty sure I do. I even found some calculation
regarding harmonically bound Brownian particle in one of my books;
a correlator <x x(t)>. From there it should be easy to compute
the quantitative expression for clock drift expectation.
] And you try
]to hide it from scientists with your painfully obvious "I won't
]repeat myself" game.
Hmmm. Most questioning comes from sci.crypt people who are programmers or
engineers, not scientists, and specifically not physicists.
] Maybe that works in your Kingdom Hall meetings,
]but I know five year olds who can see through such a lame debating trick.
]Go away. You are embarassing yourself.
*YAWN* Cry me a river, Mr.Macon.
] ANYBODY HERE WANT TO HEAR THE JOKE ABOUT THE ]DRUNK DRIVING THE
] WRONG WAY ON THE FREEWAY??
Could you please use more CAPS in your posts, Mr.Macon ? I can't hear you
too well, hellooo ?
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Factorization
Date: 05 Feb 2000 03:55:10 GMT
[EMAIL PROTECTED] writes:
>Would someone please run 5154228018862208512867 through a math package
>and tell me:
>- its factors (2 primes roughly the same size - RSA, you guessed it)
>- the name of the math package (any will do, Mathematica, whatever)
>- how long the factorization took
>- what system, roughly, it was run on (P2 400Mhz, say)
PRIME FACTOR 287895462580028491
PRIME FACTOR 5832864341798915401
Took about a second on P-450 using MPQS
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Suitable hash for this application - in the public domain?
Date: Sat, 05 Feb 2000 03:55:23 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi,
>
> I need a good hash algorithm for storing user passwords. The hash will
> later be used in encryption routines. At the moment 32 bytes are used
> to store the hash, which far exceeds MD5 (not secure enough?) and
> SHA-1. I've also looked at RIPE-MD, which I heard has a 256 bit
> variant (no more secure than the 160 bit version though)
>
> Are the various C-implementations of RIPE-MD 160 free for private and
> commercial use? Any pointers to a 256 bit implementation?
>
> If RIPE-MD isn't free, what other options do I have?
>
> thanks for any help,
RIPE-MD is completely free and is a 160-bit hash. HAVAL is the one
where you can pick the size of the output.
Personally if you are only processing passwords just use SHA-1.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Fri, 4 Feb 2000 21:22:53 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Hello. Would someone please run 5154228018862208512867 through a math package
> and tell me:
> - its factors (2 primes roughly the same size - RSA, you guessed it)
PRIME FACTOR 53401798669
PRIME FACTOR 96517872943
> - the name of the math package (any will do, Mathematica, whatever)
The free "factor.exe" used to demo the MIRACL math package.
> - how long the factorization took
Half a second.
> - what system, roughly, it was run on (P2 400Mhz, say)
Your guess of a P2/400 was right on the money. Of course, if I hadn't
been running an ECDL program in the background, this might have been
done in .4 seconds instead... <G>
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Glenn Larsson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Factorization
Date: Sat, 05 Feb 2000 05:10:42 +0100
NFN NMI L. wrote:
>
> Hello. Would someone please run 5154228018862208512867 through a math package
> and tell me:
> - its factors (2 primes roughly the same size - RSA, you guessed it)
> - the name of the math package (any will do, Mathematica, whatever)
> - how long the factorization took
> - what system, roughly, it was run on (P2 400Mhz, say)
>
> Thanks. My poor TI-92+ is choking on this number and I don't have Mathematica
> on my computer. :-(
>
> S. "Money sucks, except when you have it" L.
5154228018862208512867 =
53401798669 and 96517872943
~1 second using "FACTOR.EXE" (by shamus software),
Compaq LTE 5380-133/32Mb ram (Nt4)
/Glenn
_________________________________________________
Spammers will be reported to their government and
Internet Service Provider along with possible legal
reprocussions of violating the Swedish "Personal
Information Act" of 1998. (PUL 1998:204)
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Fri, 4 Feb 2000 21:30:12 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> [EMAIL PROTECTED] writes:
>
> >Would someone please run 5154228018862208512867 through a math package
> >and tell me:
> >- its factors (2 primes roughly the same size - RSA, you guessed it)
> >- the name of the math package (any will do, Mathematica, whatever)
> >- how long the factorization took
> >- what system, roughly, it was run on (P2 400Mhz, say)
>
> PRIME FACTOR 287895462580028491
> PRIME FACTOR 5832864341798915401
>
> Took about a second on P-450 using MPQS
Something seems to be wrong here: when you've got 1 in the units place
in each factor, I'm pretty sure there's no way for them to multiply to
something with a 7 units place. These two numbers seem to come out
as:
1679255177848752162851143387478689891
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Factorization
Date: 05 Feb 2000 04:44:22 GMT
Jerry Coffin [EMAIL PROTECTED] writes, in part:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>> [EMAIL PROTECTED] writes:
>>
>> >Would someone please run 5154228018862208512867 through a math package
>> >and tell me:
>> >- its factors (2 primes roughly the same size - RSA, you guessed it)
>> >- the name of the math package (any will do, Mathematica, whatever)
>> >- how long the factorization took
>> >- what system, roughly, it was run on (P2 400Mhz, say)
>>
>> PRIME FACTOR 287895462580028491
>> PRIME FACTOR 5832864341798915401
>>
>> Took about a second on P-450 using MPQS
>
>Something seems to be wrong here:
Yup, you're right. I used the same program as you did,
but I was in too much of a hurry.
J
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: How to Annoy the NSA
Date: Sat, 05 Feb 2000 05:00:17 GMT
In article <u#RSdk1b$GA.315@cpmsnbbsa03>,
"Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
> I'm just taking a few lines to point out the bit of
> slef-fulfilling prophecy that is this conversation.
>
> It is generally assumed that the NSA reads sci.crypt looking
> to find how good various people are.
> As I'm sure most of us have noticed you have to read
> everything on here, or you miss something (no matter how
> useless the post looks)
> By increasing the traffic with useless words, you annoy the
> NSA.
That's about the only post here that makes any sense.
But why would anyone want to do that?
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How to Annoy the NSA
Date: 5 Feb 2000 05:09:45 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> David A Molnar wrote:
>> Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>> > It is generally assumed that the NSA reads sci.crypt looking
>> > to find how good various people are.
>> ?? What makes you think that?
> Penn Jillette has some things to say on the subject, at
> http://www.sincity.com/penn-n-teller/excite/weird.html
Thanks for the pointer. Neat article.
> In fact, sci.crypt doesn't come close to representing the state
> of the art in cryptology, so Ashwood's "general assumption" is
> quite dubious. It would be safe, however, to assume that some
> NSA staff do read the technical papers published for EuroCrypt
> and other such reputable forums for open cryptologic research.
I hope they do. Eventually I'll make enough money to pay taxes.
When I do, I wouldn't want any wasteful duplication of work... :-)
Actually, Jerome Solinas seems to attend some of these conferences,
at which his affiliation is listed as NSA. So at least one person
in one field (elliptic curves) is showing up at the open world.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
