Cryptography-Digest Digest #68, Volume #11 Tue, 8 Feb 00 00:13:01 EST
Contents:
Re: Quicken (was Re: Strip Security) ("Lyal Collins")
Re: Factorization (Hideo Shimizu)
Re: Strip Security (Highdesertman)
Re: Strip Security ("karl malbrain")
Re: Anti-crack (lordcow77)
Re: Factoring RSA (lordcow77)
Re: permission to do crypto research (David Wagner)
Re: Strip Security ("Steven G. Tyler")
Senior Thesis Assistance (Christopher MacPherson)
Seeking Information on FRACTAL CRYPTOGRAPHY ("M. Hackett")
----------------------------------------------------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: Quicken (was Re: Strip Security)
Date: Tue, 8 Feb 2000 14:08:22 +1100
Possibly an SSL session is used to transport the PIN/password, and ideally,
financially sensitive info.
lyal
David Hopwood wrote in message <[EMAIL PROTECTED]>...
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Michael Wojcik wrote:
>> I've seen Quicken online banking accounts that restricted the passcode
>> to four digits, and others that required at least eight characters
>> with at least some letters and some non-letters. Complain to your
>> bank - they're the idiots. (Of course, Intuit isn't guiltless either,
>> since they allow banks to configure their servers to use weak pass-
>> phrases.) Maybe Bruce would like to send Intuit to the Crypto-Gram
>> Doghouse?
>[...]
>> There doesn't appear to be any locally stored key, and there's no
>> evidence during account creation that Quicken is gathering entropy
>> for a crypto-secure PRNG. Actually, I can't see any way there could
>> be a hidden key: Quicken can be installed on another computer and
>> the account access enabled from there with only the four-digit
>> passphrase. There's no mechanism for transporting a hidden key.
>
>Oh dear. Anyone want to bet that this can be broken just by sniffing
>a *single* session and doing an off-line attack? I don't know precisely
>what protocol Quicken uses, but if it's just RSA authenticated by the
>PIN, it won't be secure against this.
>
>> Hopefully, Quicken servers lock account access after a certain (small)
>> number of access failures, which makes this kind of brute forcing
>> impractical.
>
>That may not be enough.
>
>- --
>David Hopwood <[EMAIL PROTECTED]>
>PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
>RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>
>"Attempts to control the use of encryption technology are wrong in
principle,
>unworkable in practice, and damaging to the long-term economic value of the
>information networks." -- UK Labour Party pre-election policy document
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3i
>Charset: noconv
>
>iQEVAwUBOJ+CYzkCAxeYt5gVAQFt4wf+NGxer7ekHHdli31lqvohu/vjI9mjhtaT
>AxoalqCILCITGqMQPKwPqFLTBDkhh6pMg8bi8Nkxq4iFgJbrvoeor4ZR42Ay8kI3
>Sd6MczsLWoPTu00Z3vf1fnyBj6Mt/2utnTk8wLAPnjCdoZh8Z7jYs1JPAO4y8Vjk
>IY8plZoWpbnrLQsbwP5t5U9iDnb0Y7diw4yoeTApBw0mjF0RO2BoLOk4urv/z5zT
>nU7sLrOHdJS7xWL8UTwAZfUE0eaVWz2/5j75L6ZXNyLKsxW8/7tneXQfMVOEJT/R
>6AzLeJRBFoy5i9/B/0kqPy8JOuENq0tmy+RkATjhJWsOe2qp51e4vw==
>=Heag
>-----END PGP SIGNATURE-----
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Tue, 08 Feb 2000 11:57:41 +0900
I use Mathematica for windows on win98 (P3 500MHz)
Timing[FactorInteger[5154228018862208512867]]
{4.72 Second,{{53401798669,1},{96517872943,1}}}
I do not know what factoring algorithm does Mathematica use.
Hideo Shimizu
TAO, Japan
"NFN NMI L." wrote:
>
> Hello. Would someone please run 5154228018862208512867 through a math package
> and tell me:
> - its factors (2 primes roughly the same size - RSA, you guessed it)
> - the name of the math package (any will do, Mathematica, whatever)
> - how long the factorization took
> - what system, roughly, it was run on (P2 400Mhz, say)
>
> Thanks. My poor TI-92+ is choking on this number and I don't have Mathematica
> on my computer. :-(
>
> S. "Money sucks, except when you have it" L.
------------------------------
From: [EMAIL PROTECTED] (Highdesertman)
Crossposted-To: comp.sys.palmtops.pilot,alt.comp.sys.palmtops.pilot,comp.sys.handhelds
Subject: Re: Strip Security
Date: Tue, 08 Feb 2000 03:22:55 GMT
Reply-To: [EMAIL PROTECTED]
Gordon, this is a bit off topic, but I have a related question.
I am wondering how you arrived at 10,000 possible combinations with a
four digit pin. I don't doubt it is correct, I just would like to know
what the formula is for determining how many possible combinations
there are given any particular number of digits/letters. Say for
instance, we are dealing with a 6 digit numerical pin. If we know they
are numbers, then it should be fairly straightforward to determine
mathematically how many possible combinations are available as opposed
to a three digit pin. What is the method of determining this, and what
must be taken into account for more complex systems that include alpha
numeric placeholders. Also, exponentially, how do the combinations
increase with each additional digit?
copy sent to sci.crypt.
cheers,
Mathew
On Fri, 04 Feb 2000 09:33:16 GMT, [EMAIL PROTECTED] (Gordon Walker)
wrote:
>On Sun, 30 Jan 2000 23:38:38 GMT, [EMAIL PROTECTED]
>(Highdesertman) wrote:
>
>>IDEA is a block cypher. My understanding of block cyphers is that by
>>their nature, the password is removed from the actual encrypting key,
>>the key being generated by the algorythm itself.
>
>The key is generated, but it can only be generated from what you give
>it. See below.
>
>>I don't believe your estimate of the resources required to crack IDEA
>>is accurate. You are correct in pointing out that the security of the
>>application is dependent on the proper implementation of the algorythm
>>and the design of the program. But assuming the above has been done
>>properly, I don't believe that cracking IDEA is quite so easily done.
>
>I don't think cracking IDEA would be easy either, in fact I doubt even
>the NSA could do it. What I'm saying is that one of the primary
>reasons for IDEA's security is that there are 2^128 possible keys. If
>the algorithm is robust then the only way to break it is a brute force
>assault, trying every possible key. With so many keys that is
>infeasible. This is the source of its strength.
>
>However, the downside is the need to remember a fourty digit number
>for your key. Clearly few people can do this so what is normally done
>is that you enter an easily remembered pass phrase and the code
>expands this to the needed 40 digit number using some kind of hash
>function. Eg. by converting the letters to the hexidecimal form of
>their ASCII values and combining them. Thus "AAA" becomes the hex
>value 414141 or 4276545 in decimal. However, you can see that by using
>just three characters in the pass phrase the range of numbers possible
>is just one to about 16 million. If you use only the alphabetic
>characters not all of these can be generated reducing the range yet
>again. In other words, so long as you only use three characters in
>your pass phrase an attacker need only try 16 million options to find
>the key - a trivial operation on a PC.
>
>To retain the full security of IDEA you need to use a passphrase that
>encompasses the full range of 2^128 possible keys. As I mentioned
>before, that entails a 24 character password including spaces and some
>numbers. If you use less than this, you and not the Strip application
>are limiting the power of the IDEA algorithm.
>
>Remember also, that even if you use a 24 character password it is
>likely that you will use normal english words. This means that the
>content is less random than it could optimally be. An attacker may
>make use of a dictionary attack by throwing combinations of english
>words together to try to pull out the key. This is entremely hard but
>much easier than finding a truly random 2^128 value. It's one of the
>reasons to throw in a few numbers into the key.
>
>In contrast, PGP's solution to this is what it calls a keyring file.
>When you generate your key it is a truly random number generated by
>your random activity on mouse and keyboard. This number, which you
>have no chance of memorising, is stored in the keyring. The keyring is
>then encrypted with a pass phrase you supply. The keyring's security
>is necessarily much lower than that of the main encryption engine.
>Thus when you encrypt or decrypt using PGP the pass phrase you enter
>is not the key used to scramble the message. Rather it simply makes
>available the real key that will be used. This is why, in PGP,
>physically securing the keyring file is of paramount importance.
>
>>Anyway, I am getting off topic. My point is this: Strip should be
>>secure enough for any common application, IMHO. If you have
>>information in your palm that you fear will fall into the hands of the
>>NSA (and you have reason to believe they would want that information
>>to begin with) then I'm not sure using a palm to store it would be
>>such a good idea in the first place. But for keeping credit card
>>numbers, accounts, and logons, it should be just dandy.
>
>Even in light of what I say, I still agree 100% with this conclusion,
>just so long as you arn't using a four letter, alphanumeric key. To
>feel comfortable I'd still recommend a phrase of at least 10-12
>characters containing some numbers.
>
>After all if I loose my Palm it has to be found by someone who is (1)
>dishonest, (2) knowledgable about Palm applications, (3) aware of Stip
>and what it may contain, (4) able to utilise the possible weaknesses
>in my key selection to mount a successful assault on the encryption.
>This improbability of this, together with the power of the key I have
>chosen leaves me quite confident.
>--
>Gordon Walker
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.palmtops.pilot,alt.comp.sys.palmtops.pilot,comp.sys.handhelds
Subject: Re: Strip Security
Date: Mon, 7 Feb 2000 19:36:59 -0800
Highdesertman <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Gordon, this is a bit off topic, but I have a related question.
>
> I am wondering how you arrived at 10,000 possible combinations with a
> four digit pin. I don't doubt it is correct, I just would like to know
> what the formula is for determining how many possible combinations
> there are given any particular number of digits/letters. Say for
> instance, we are dealing with a 6 digit numerical pin. If we know they
> are numbers, then it should be fairly straightforward to determine
> mathematically how many possible combinations are available as opposed
> to a three digit pin. What is the method of determining this, and what
> must be taken into account for more complex systems that include alpha
> numeric placeholders. Also, exponentially, how do the combinations
> increase with each additional digit?
The formula for 10 things (the digits 0 - 9) taken 6 at a time with
replacement is:
10*10*10*10*10*10.
Without replacement you have 10*9*8*7*6*5.
Without replacement and without regard to `duplicate' combinations:
(10*9*8*7*6*5)/(1*2*3*4*5*6)
Similarly the formula for 36 things (the digits 0 - 9 and 26 letters) taken
6 at a time with replacement is:
36*36*36*36*36*36.
Karl M
------------------------------
Subject: Re: Anti-crack
From: lordcow77 <[EMAIL PROTECTED]>
Date: Mon, 07 Feb 2000 19:28:52 -0800
In article <BdJn4.276$[EMAIL PROTECTED]>, "John E.
Kuslich" <[EMAIL PROTECTED]> wrote:
>NT adds some security attributes to this system, but most of
>these can be defeated depending on the skill of the security
When will you stop your FUD? NT is notoriously difficult to
secure, however, there is no need to overstate its security
problems. Any decently configured (ie. out of the box, install
latest service pack, install all hotfixes) will not allow you to
access the memory of a process that you do not own. NT will not
allow you, unless you are administrator, to access arbitrary
memory locations. Obviously, if you run a process, you can
probably control its memory space and defeat any copy protection
it may use. Nonetheless, this is an intrinsic problem of running
any software on a hostile client machine, not a specific problem
of Windows NT.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Factoring RSA
From: lordcow77 <[EMAIL PROTECTED]>
Date: Mon, 07 Feb 2000 19:31:27 -0800
If the message m is such that (m^e) < n, the recovery of m is
trivial. If the message m is such that the search space 0 < x <
maximum value of m is small, all potential plaintext values in
that range can be encrypted and checked to see if any match with
the ciphertext.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 7 Feb 2000 20:26:58 -0800
In article <87npgt$5pa$[EMAIL PROTECTED]>,
Mike Eisler <[EMAIL PROTECTED]> wrote:
> What is to
> prevent one from taking a DVD and copying the encrypted contents onto
> another (writable) DVD?
Nothing. Crypto can't prevent bit-for-bit copying. The DVD industry should
have known this, if they had studied the history of the copy protection arms
races in the 80's (copyiipc, etc.).
Well, ok, the situation is actually just a bit more complicated than that.
You can't really buy fully-writable DVD's on the consumer market today.
What they sell as "writeable" DVD's (a blank one costs twice as much as buying
a DVD loaded with a movie!) actually have the sector that would normally hold
the keys permanently zeroed out, so you can't copy an encrypted DVD onto a
"writeable" one. But, lest you get confused, let me emphasize that, in all
probability, this won't actually stop large-scale piracy! See below.
If you want to make money pirating DVD disks, you don't buy consumer-grade
"writeable" blank DVD discs. Instead, what you do is you buy a DVD-pressing
outfit, and you press bit-for-bit copies, en masse, thousands at a time, at
low low amortized cost. _Nothing_ stops this attack: no amount of encryption
can ever stop bit-for-bit copying.
And, by the way, DVD was apparently specifically designed so that existing
CD pressing factories could be readily converted to press DVD's. When we
consider that pirates already have extensive facilities built for pressing
copies of CD's, we see that it is quite plausible that every pirate who is
interested in copying DVD's will be readily able to do so, DeCSS or no.
In short, to my mind, DeCSS is unlikely to have any noticeable effect on
large-scale piracy.
> From a copyright protect perspective, it seems like the only thing the
> DeCSS code is useful for is excerpting fragements of the video stream.
Yeah, or for building your own DVD player software to play the DVD discs
you have legitimately bought. (The DVD association seems to want to prevent
competition in this market, and to prevent you from playing even your own
discs that you legitimately acquired. Hello?)
> Perhaps the issue is that with DVD audio, the DeCSS program is more useful,
Or the die-hard cynic might surmise that DeCSS is just embarassing and makes
the DVD folks look bad, so they decided to "shoot the messenger". Who can
tell? When politics and lawyers and big business get involved, rationality
sometimes goes right out the window -- although of course these speculations
are out of the scope for technical forum like sci.crypt.
------------------------------
From: "Steven G. Tyler" <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.palmtops.pilot,alt.comp.sys.palmtops.pilot,comp.sys.handhelds
Subject: Re: Strip Security
Date: Mon, 07 Feb 2000 23:24:06 -0500
karl malbrain wrote:
> Highdesertman <[EMAIL PROTECTED]> wrote...
> > I am wondering how you arrived at 10,000 possible combinations with a
> > four digit pin. I don't doubt it is correct, . . .
> The formula for 10 things (the digits 0 - 9) taken 6 at a time with
> replacement is: 10*10*10*10*10*10.
Formulae aside, remember also that the number of "possible combinations"
must be calculated on the basis of the largest allowable PIN, rather
than the size of the actual PIN. In other words, you might have actually
used a 4-digit PIN, but if the encryption software will allow up to,
say, 12 digits, a would-be cracker can't just assume the smaller number
but has to deal with the (much) larger number of combinations generated
by the larger number.
Of course, any automated cracker would almost certainly start with (and
eliminate) the smallest allowable number first and work up, so there's
still more *actual* security in using longer, rather than shorter,
PIN's.
--
Steve on Cattail Creek (Steven G. Tyler, Esq.) <[EMAIL PROTECTED]>
The Computer Counselor -- Technology Consulting for the Law Office
Webmaster, Troop 339, BAC, BSA (http://members.aol.com/troop339)
------------------------------
Date: Mon, 07 Feb 2000 23:30:07 -0500
From: Christopher MacPherson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Senior Thesis Assistance
==============3ECB6CA2E823A7DF7BEB4442
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I am in need of some assistance with my computer science honors thesis.
Right now I am planning on doing a study on attack methods. My plan is
to take an algorithm with a known attack, demonstrate the attack, and
then attempt to make the algorithm unbreakable.
Does anyone have any suggestions for an algorithm (and attack) that fits
this criteria? I will be able to get time on a super computer should I
need one to execute the attack.
Thanks in advance for any assistance anyone could give.
-chris
--
*********************
chris macpherson AIM: drummer80y
[EMAIL PROTECTED] ICQ: 490889
==============3ECB6CA2E823A7DF7BEB4442
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
I am in need of some assistance with my computer science honors thesis.
<p>Right now I am planning on doing a study on attack methods. My
plan is to take an algorithm with a known attack, demonstrate the attack,
and then attempt to make the algorithm unbreakable.
<p>Does anyone have any suggestions for an algorithm (and attack) that
fits this criteria? I will be able to get time on a super computer
should I need one to execute the attack.
<p>Thanks in advance for any assistance anyone could give.
<p>-chris
<br>--
<br>*********************
<br>chris macpherson AIM: drummer80y
<br><a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED] </a>
ICQ: 490889
<br> </html>
==============3ECB6CA2E823A7DF7BEB4442==
------------------------------
From: "M. Hackett" <[EMAIL PROTECTED]>
Subject: Seeking Information on FRACTAL CRYPTOGRAPHY
Date: Mon, 7 Feb 2000 20:21:25 -0800
I am seeking information on FRACTAL CRYPTOGRAPHY -- patents, programs and
/ or otherwise available on the Internet.
Send me any links or information that you may find, as I am having some
trouble assimilating this info.
MP
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
