Cryptography-Digest Digest #70, Volume #11 Tue, 8 Feb 00 09:13:01 EST
Contents:
Re: Court cases on DVD hacking is a problem for all of us (Martin Brown)
Re: Anti-crack ("Douglas A. Gwyn")
Re: permission to do crypto research ("Douglas A. Gwyn")
Re: Senior Thesis Assistance ("Douglas A. Gwyn")
Re: NSA opens up to US News (Terje Mathisen)
Re: Hill Climbing ("Michael Darling")
DVD crypt Q (Stephen Lee - Post replies please)
Elliptic and Rivest (Paris Cristiano)
Re: Factorization ([EMAIL PROTECTED])
Re: Hill Climbing ("Douglas A. Gwyn")
Re: Court cases on DVD hacking is a problem for all of us (Paul Crowley)
Re: Factorization (Hideo Shimizu)
Using Gray Codes to help crack DES (John Savard)
Re: Seeking Information on FRACTAL CRYPTOGRAPHY (John Savard)
Re: free C crypto API (Runu Knips)
Re: Hill Climbing ("Michael Darling")
Re: Reversibly combining two bytes? (Runu Knips)
compression ([EMAIL PROTECTED])
Re: Message to SCOTT19U.ZIP_GUY (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
Subject: Re: Court cases on DVD hacking is a problem for all of us
From: [EMAIL PROTECTED] (Martin Brown)
Date: 08 Feb 2000 08:13:34 GMT
In article <[EMAIL PROTECTED]>,
Eric Lee Green <[EMAIL PROTECTED]> wrote:
>Alan Braggins wrote:
>> This scenario might be a legitimate concern for the copyright holders.
>> Or they might be bloodsucking leeches attempting to artificially boost
>> profits by differential regional pricing and blocking fair use of
>> legally purchased DVDs. (Or they might have a legitimate concern and
>> be overreacting by attempting to block fair use of purchased DVDs).
>
>I suspect the latter. These are the same people who are concerned about casual
>copying of VHS movies, despite lack of any evidence that those who would copy
>such movies are potential customers in the first place, and despite plentiful
>evidence that pirate copies of movies smuggled from overseas factories are a
>much larger problem.
>
It started way before whining about VHS copying. The music industry
started whining about cassettes, and how all the kids were gonna use
cassette tape to copy music records and other cassettes and sell to their
buddies, and destroy the record business. Ignoring the "fact", that the
sum total of the damage done by kids in a year was surpassed by
professional thieves, at pirate factories in the San Fernando Valley, in a
day.
--
- Martin J. Brown, Jr. -
- BEAUDESIGN.COM -
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Anti-crack
Date: Tue, 08 Feb 2000 08:15:00 GMT
lordcow77 wrote:
> ... NT will not allow you, unless you are administrator, to
> access arbitrary memory locations.
But, as configured "out of the box", Windows NT 4.0 (Workstation)
runs all 16-bit (DOS compatible) processes in a single shared
address space.
The biggest problem in my opinion is that the IP protocol suite
in common use today doesn't provide adequate authentication for
many of the services that one pretty much *has* to support for
the degree of network access that users are accustomed to. It
doesn't matter too much what the interprocess security on a host
is, if access via the Internet ports is inadequately policed.
Maybe Windows 2000 will include IPv6 support, which would be a
small step forward. I think Solaris already does. Once enough
hosts support IPv6, switching over to exclusive use of the new
protocols would be feasible. I don't expect to see that for 5
or more years.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: permission to do crypto research
Date: Tue, 08 Feb 2000 08:17:06 GMT
David Wagner wrote:
> When politics and lawyers and big business get involved, rationality
> sometimes goes right out the window -- although of course these
> speculations are out of the scope for technical forum like sci.crypt.
Not entirely, because quite a few vulnerabilities in security systems
result from short-sighted marketing pressure and political decisions.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Senior Thesis Assistance
Date: Tue, 08 Feb 2000 08:22:35 GMT
Christopher MacPherson wrote:
> Right now I am planning on doing a study on attack methods. My plan
> is to take an algorithm with a known attack, demonstrate the attack,
> and then attempt to make the algorithm unbreakable.
It seems pretty much pointless -- of *course* if you change the
algorithm, you can defeat an algorithm-specific attack. The real
question is whether iterating this approach over *every* known
method of attack would result in a final algorithm that stands
up against every known attack simultaneously. There is no obvious
reason why it should, by the way, since the "improvement" made on
each iteration ignores its effect on previously tried attacks.
I frankly don't think this question can be settled empirically.
------------------------------
From: Terje Mathisen <[EMAIL PROTECTED]>
Subject: Re: NSA opens up to US News
Date: Tue, 08 Feb 2000 10:05:35 +0100
John Savard wrote:
>
> Terje Mathisen <[EMAIL PROTECTED]> wrote, in part:
>
> >all
> >the conversions can be handled in registers, with no need for 64-bit
> >variables or misaligned bit streams.
>
> Of course, that's why the scheme for coding 47 bits given on my site
> isn't the obvious one of radix conversion, but uses an IBM technique
> of bit manipulation to keep the size of what has to be handled at one
> time down. But the problem of alignment remains, you are correct.
I have used a similar trick for an embedded decoder, where code space
was really critical. By using some more time in the bit-encding process,
the output bytes could be generated while using a 16-bit register as a
buffer.
Anyway, it is a lot more relevant to look at MIME encoding. Base64 uses
64+1 characters, while Quoted-printable extends this to some 70+
characters which are believed to be transparent to all existing email
gateways.
By inventing a Base-72 encoding scheme, email attachments could
theoretically be transferred a little bit more efficiently, but the
gains are probably too small to matter. :-(
Terje
--
- <[EMAIL PROTECTED]>
Using self-discipline, see http://www.eiffel.com/discipline
"almost all programming can be viewed as an exercise in caching"
------------------------------
From: "Michael Darling" <[EMAIL PROTECTED]>
Subject: Re: Hill Climbing
Date: Tue, 8 Feb 2000 09:14:56 -0000
After reading the Mark VandeWettering post on the CypherChallenge I've built
myself a Trigraph Frequency Dictionary
and I am going to attempt his 5000 squares method.
He doesn't really mention how to mutate his chosen squares so I'm just going
to do random swapping of letters to
begin with, and see how that goes.
regards,
Mike.
> The main trick is for the scoring function to give "part credit"
> when one has a "partial solution". Trigraph frequencies work in
> this case because they span multiple encryption units.
------------------------------
From: Stephen Lee - Post replies please <[EMAIL PROTECTED]>
Crossposted-To: rec.video.dvd.tech
Subject: DVD crypt Q
Date: 8 Feb 2000 09:02:32 GMT
I have a question about the crypto used on DVD. I have read articles
on the web but there are some points not clear to me. This is
regarding a PC/Mac with a DVD-ROM connected.
>From <http://www.dvddemystified.com/dvdfaq.html>:
On the computer side, DVD decoder hardware and software must
include a CSS decryption module. All DVD-ROM drives have extra
firmware to exchange authentication and decryption keys with the
CSS module in the computer.
1) I understand DVDs use the UDF filesystem. Is a Video DVD just a
DVD-ROM with specific files on it?
2) Why is authentication neccessary? I remember (maybe wrong)
someone mentioning that some part of a DVD is not readable until the
user authenticate with the drive. Is this true?
3) Why would the DVD-ROM need decryption key when decryption is done
by separate hardware/software? Maybe I am misunderstanding, but if
decryption is done by the drive, then wouldn't something like DeCSS be
unneccessary?
4) I also read that DVD-Video Disc has some special part that stores
the decryption keys and this part is blanked on recordable DVDs.
4a) Is this true?
4b) Why does the Disc need to have the key? I thought the player has
1 key and the Disc has its content scrambled (encrypted?) by ~400 keys?
5) Where does regional code come into the picture? Where is the
regional code stored on a disc and how is it checked? I heard newer
DVD-ROMs has the check built in, does it mean that older drives
hasn't and it is checked somewhere else?
That's all I can think of for now. I am very confused. Please help
me clear this up.
Thanks,
Stephen
------------------------------
From: Paris Cristiano <[EMAIL PROTECTED]>
Subject: Elliptic and Rivest
Date: Tue, 08 Feb 2000 10:22:58 +0100
Hi !
Do you know where I can get the paper "Expose the Eavesdropper" by
Rivest in which he shows the Interlock protocol (or any article that
talks about it) ?
Besides, I'm looking for a good introduction on Elliptic Curve
Cryptography...
Please help, thanks !
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Factorization
Date: Tue, 08 Feb 2000 09:37:12 GMT
In article <[EMAIL PROTECTED]>,
Hideo Shimizu <[EMAIL PROTECTED]> wrote:
> I use Mathematica for windows on win98 (P3 500MHz)
>
> Timing[FactorInteger[5154228018862208512867]]
> {4.72 Second,{{53401798669,1},{96517872943,1}}}
>
> I do not know what factoring algorithm does Mathematica use.
On a PII 333Mhz:
Timing[FactorInteger[5154228018862208512867]]
{14.22 Second,{{53401798669,1},{96517872943,1}}}
Timing[FactorIntegerECM[5154228018862208512867]]
{7.31 Second,96517872943}
The FactorIntegerECM function uses Lenstra's elliptic curve method,
FactorInteger also uses Pollard rho for larger numbers.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Hill Climbing
Date: Tue, 08 Feb 2000 11:03:09 GMT
Michael Darling wrote:
> He doesn't really mention how to mutate his chosen squares so I'm
> just going to do random swapping of letters to begin with, ...
Of course, you don't want to *just* swap at random -- the swapping
should be directed toward the goal (improving the overall score),
so mainly you want to swap only if it improves the score. The use
for randomness is to keep from getting stuck on a local maximum;
by frequently injecting a random swap, you keep alive the chance
of migrating to another (taller) hill in the domain. This has a
connection to both "simulated annealing" and "genetic" methods.
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Court cases on DVD hacking is a problem for all of us
Date: 8 Feb 2000 08:03:55 -0000
Alan Braggins <[EMAIL PROTECTED]> writes:
> Paul Crowley <[EMAIL PROTECTED]> writes:
> > > > o DVD encryption is not there to prevent illegal copying.
[...]
> > DeCSS was developed for viewing DVDs under Linux.
>
> At the moment, this is true.
[...]
> But now assume that in a few years, [...]
The scenario you paint seems largely plausible in the long term. But
it's nevertheless clear that since you wouldn't do it now, it isn't
the motivation of the DeCSS writers, as the DVDCCA claim.
--
__
\/ o\ [EMAIL PROTECTED] Got a Linux strategy? \ /
/\__/ Paul Crowley http://www.hedonism.demon.co.uk/paul/ /~\
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Tue, 08 Feb 2000 19:58:12 +0900
Thanks for nice information.
<<NumberTheory`FactorIntegerECM`
SeedRandom[12345];
Timing[FactorIntegerECM[5154228018862208512867]]
{2.92 Second,96517872943}
Hideo Shimizu
TAO, Japan
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Hideo Shimizu <[EMAIL PROTECTED]> wrote:
> > I use Mathematica for windows on win98 (P3 500MHz)
> >
> > Timing[FactorInteger[5154228018862208512867]]
> > {4.72 Second,{{53401798669,1},{96517872943,1}}}
> >
> > I do not know what factoring algorithm does Mathematica use.
>
> On a PII 333Mhz:
> Timing[FactorInteger[5154228018862208512867]]
> {14.22 Second,{{53401798669,1},{96517872943,1}}}
>
> Timing[FactorIntegerECM[5154228018862208512867]]
> {7.31 Second,96517872943}
>
> The FactorIntegerECM function uses Lenstra's elliptic curve method,
> FactorInteger also uses Pollard rho for larger numbers.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Using Gray Codes to help crack DES
Date: Tue, 08 Feb 2000 12:01:08 GMT
A while back I noted that if one used Gray code for the analogue
values in a biometric, retaining only the error-checking part of an
error-correcting code on file allows information in a biometric to be
used for an encryption key despite the inescapable problem of analogue
values occasionally crossing a threshold, no matter how coarse the
grid used. (Instead of just storing the full key, and making it
available based on a pass/fail test.)
Here is another cryptographic use of Gray codes:
Let us suppose one has a table of 56 sets of 16 48-bit masks,
corresponding to how each bit in the DES key propagates through the
subkeys of DES. This speeds up using a new key, since one doesn't have
to repeatedly use Permuted Choice II.
By cycling through the 56-bit DES keys in Gray code order, one can
ensure that one has to do only *one* set of 16 XORs to proceed from
one key being tried to the next key to test.
Doubtless someone else has already thought of, and used, this
particular optimization.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Seeking Information on FRACTAL CRYPTOGRAPHY
Date: Tue, 08 Feb 2000 11:54:49 GMT
On Mon, 7 Feb 2000 20:21:25 -0800, "M. Hackett"
<[EMAIL PROTECTED]> wrote, in part:
>I am seeking information on FRACTAL CRYPTOGRAPHY
It should be noted that most methods so far proposed of encryption
based on chaos theory or fractals are believed to be insecure.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: free C crypto API
Date: Tue, 08 Feb 2000 13:29:29 +0100
Tom St Denis wrote:
> In article <[EMAIL PROTECTED]>,
> Runu Knips <[EMAIL PROTECTED]> wrote:
> > Tom St Denis schrieb:
> > > In article <862jhk$ohd$[EMAIL PROTECTED]>,
> > > Greg <[EMAIL PROTECTED]> wrote:
> > > > > Well I decided to release CB a bit early. I am looking for
> > > > > comments/suggestions/improvements.
> > > > > Basically CB is a complete crypto API. It can make/use RSA crypto,
> > > > > symmetric crypto, has data compression, a RNG, base64 routines and
> > > > > more. [...]
> > > > > All of this is free!!!
> > > >
> > > > I downloaded a copy of your stuff and noticed that you did not
> > > > ask me anything. Where is the server located?
> > >
> > > I will not dignify that. I was hoping for real discussion about
> > > working on CB [i.e bugs or what have not]. This group has some of
> the
> > > smartest people in the world yet they can't stay on task.
> > > Did you have any troubles building CB on your computer?
> >
> > No problems with VC++ 5.0 under Windows. Will check gcc/linux at
> > home. And I've seen worser cryptographical libaries before.
> > However, many of this stuff is from other people, plus, for
> > example, IDEA is patented and can't be used for free. But has
> > a twofish implementation, too. Very good, so I can drop IDEA
> > anyway :)
> >
> I am glad you like it. Please note that the current version up there
> has some bugs in it. Small glitches... I have been working on it
> locally and plan to upload it again soon. In the mean time you can
> still look at it and play around.
>
> [EMAIL PROTECTED]
Where easy to compile this stuff under Linux. Had to strip
CR, create an unix makefile and remove 3 includes in idea.h.
------------------------------
From: "Michael Darling" <[EMAIL PROTECTED]>
Subject: Re: Hill Climbing
Date: Tue, 8 Feb 2000 12:23:57 -0000
Yep i understand that - i was going to swap and test - if the test proves
better than the last generation then
i will carry that swap through to the next generation - otherwise I'll keep
the parent so that the parent lives
to the next generation. Sound ok?
simulated annealing? - where's that search engine?! *s*
regards,
Mike.
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Michael Darling wrote:
> > He doesn't really mention how to mutate his chosen squares so I'm
> > just going to do random swapping of letters to begin with, ...
>
> Of course, you don't want to *just* swap at random -- the swapping
> should be directed toward the goal (improving the overall score),
> so mainly you want to swap only if it improves the score. The use
> for randomness is to keep from getting stuck on a local maximum;
> by frequently injecting a random swap, you keep alive the chance
> of migrating to another (taller) hill in the domain. This has a
> connection to both "simulated annealing" and "genetic" methods.
------------------------------
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Reversibly combining two bytes?
Date: Tue, 08 Feb 2000 13:49:12 +0100
Alan Lawrence schrieb:
[reversible operation on bytes]
> *add modulo 256
> *exclusive or
> *multiply modulo 257 - a value of 256 (in modulo 257) is encoded as a
> zero. Since 257 is prime, a value of 0 (modulo 257) is never created.
> * ????
* rotations
* multiplication in GF(2^8) [see Twofish-Algorithm]
------------------------------
From: [EMAIL PROTECTED]
Subject: compression
Date: Tue, 08 Feb 2000 12:46:52 GMT
hello
I have been working my way through a book to learn cryptography one of
the exercises i cannot answer any help would be greatly appreciated, it
is as follows:
A -> B : E_K(m � h (m))
why does putting more bits into k than h(m) foil an attacker?
Why shoild messages be compressed before being encrypted?
Should just the hash of a message be encryped or the hash and the
message?
How can B convince C, KDC, that the message is from a? Is this a good
idea?
If anyone could just spare a few moments to explain i would appreciate
it
David
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Message to SCOTT19U.ZIP_GUY
Date: Tue, 08 Feb 2000 14:48:34 GMT
In article <87n8rr$3d2$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Hi...
>
>I sent you an email about your Screaming Method....no reply....Hope you
>are still around....???
If you got no reply then I got no message.
>
>Perhaps you can explain your 2 compression , 3 encryption method...sound
>s very complicated and CPU consumming....
Sorry you have to be more specific. This seems to come from a very old
thread. I usually don't talk about doing more than one encryption unless it
was in response to ritter or someone who suggested using more than one
encryption. In which case I feel that one should try to use unrelated methods
that don't add headers at each phase. I also feel that much of the talk about
taking to much time is bogus. Either you encypt it so it is secure or you
don't. Speed should not be the major factor if true security is the goal.
I feel that that cipher chaining the talk about speed is so the public can
be mislead into using weak AES type of methods and inferior compression
so that the NSA can still be kept reading your email. By the way I wrote the
government batards a month ago and they never anwsered my email since I
would like to post encyption code at my site. Has anyone had any luck with
the bastrads.
>
>Steve
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
