Cryptography-Digest Digest #69, Volume #11 Tue, 8 Feb 00 03:13:01 EST
Contents:
Re: Strip Security ([EMAIL PROTECTED])
Re: Latin Squares (was Re: Reversibly combining two bytes?) (Tim Tyler)
Re: Prior art in science (Mok-Kong Shen)
Re: Maybe a simple question (wtshaw)
Re: How secure is this method? (wtshaw)
Re: Prior art in science (wtshaw)
Re: Latin Squares (was Re: Reversibly combining two bytes?) (Dan O.)
Re: Strip Security (Highdesertman)
Re: Latin Squares (was Re: Reversibly combining two bytes?) ("r.e.s.")
Re: Latin Squares (was Re: Reversibly combining two bytes?) ("r.e.s.")
Re: Anti-crack ("ink")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.sys.palmtops.pilot,alt.comp.sys.palmtops.pilot,comp.sys.handhelds
Subject: Re: Strip Security
Date: Tue, 08 Feb 2000 04:58:49 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Gordon Walker) wrote:
> After all if I loose my Palm it has to be found by someone who is (1)
> dishonest, (2) knowledgable about Palm applications, (3) aware of Stip
> and what it may contain, (4) able to utilise the possible weaknesses
> in my key selection to mount a successful assault on the encryption.
> This improbability of this, together with the power of the key I have
> chosen leaves me quite confident.
It's not my lost Palm I'm worried about for the reasons you list --
it's the backup file in my Palm desktop.
Combining a compromised computer on my office network with a network
share "vacuum" (currently being discussed on the VULN-DEV list) leads
to the possibility that the backup of my Strip database could be
discovered by a canny intruder (or the script kiddie using the canny
intruder's program). If I were a cracker, an admin's Strip
database would be a juicy target.
Just what is the average number of crypt calls and the time per call to
brute force a 128-bit DES key?
Owen
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Reply-To: [EMAIL PROTECTED]
Date: Tue, 8 Feb 2000 04:53:33 GMT
Michael Wojcik <[EMAIL PROTECTED]> wrote [a disclaimer and then]:
: In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> writes:
:> In sci.crypt Michael Wojcik <[EMAIL PROTECTED]> wrote:
:> : ... the proposed method (generating a square as a random
:> : permutation of the rotations of a random permutation, then randomly
:> : swapping rows and/or columns) will always generate a valid square.
:> This method seems interesting - mainly due to its speed.
: It also has advantages in storage requirements [...]
Yes.
[much snip]
: Question: [...] are all Latin Squares in PRT-form?
!!!? ;-)
: Note that if the answer to the second question is yes (all Latin
: Squares are in PRT-form), then we can reduce any Latin Square of
: order N to three arrays of N entries, which means that the internal
: state of a square of order N is bounded by 3N, not by N^2. (Right?)
The information content is smaller than this perhaps might suggest - since
each array entry is itself constrained.
N! x N! x N! - for the Latin Square - compared to N^(N^2) for the totally
random table.
: Ie., this result helps us specify how much information there really
: is in a Latin Square, since it gives us a bijective compression
: function for squares. (That tends to make me suspect the answer is
: no, but a few minutes of head-scratching wasn't enough for me to
: prove it one way or another.)
Ne neither. It's half past four in the morning, here, though.
I /may/ try again "later", since the question appears to be of
some interest - if there's even the slightest chance that it's true.
To my eyes, it seems unlikely to be true, though. If it's /not/ true
then there may remain some possibility that *all* Latin squares generated
in this manner may be cryptographically compromised in some (unspecified)
way.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Mary had a little RAM - about a MEG or so.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Prior art in science
Date: Tue, 08 Feb 2000 07:25:50 +0100
Terry Ritter wrote:
>
> Indeed, it may be far easier to search for and find something on line
> than in a library of individual books and magazine issues. I have
> personally conducted a grueling manual search through individual
> patent records which took two full man-weeks of time. Nowadays it's
> easier, of course.
There can be no question that a search (on the same material with
the same structure) with the help of computer is far much better than
without. That's why patent searches online are nowadays used (this
facility has been available for European patents since some time).
However, if the material is in a poor state (containing much chaffs,
without keywords, etc. etc.) and is in 'extremely' huge volume, which
in my humble opinion is the case with newsgroups materials, then a
search can't be of superior quality in the first place, whether with
or without computer. That's why I suggested in another follow-up
that summaries of discussions be written (with classification labels)
and searches be done on these.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Maybe a simple question
Date: Mon, 07 Feb 2000 23:34:33 -0600
In article <yMHn4.16831$[EMAIL PROTECTED]>, "Dave VanHorn"
<[EMAIL PROTECTED]> wrote:
> > Here is a classic case, and I know from a participant that it was an
> > actual case, where a number scheme was solved. LE frowned on the ability
> > which was developed as part of a formal research project at an institution
> > of higher learning to discover if the algorithm for generating credit card
> > numbers, in that case, was any good...which it wasn't. They were more
> > afraid that the fairly hollow scheme would be made available than
> > punishing those that had learned more than they should have.
>
> You mean the LUHN check algorithm? That's public (or at least so widely
> known it might as well be)
I don't know what the name of it was. Decades ago, when the events
unfolded, companies were were even more stupid about their numbers than
they should be now. Today, the hackers would be hualed before the public
and made an example of, since they don't seem to have many cases to make
examples with and want the press on such matters.
--
Life is full of upturns and downturns, with varying periods of
stabilty mixed in. It is a fool's errand to assume that what is
happening any one day predicts the same as a constant future.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: How secure is this method?
Date: Mon, 07 Feb 2000 23:41:59 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Sandy Harris wrote:
> >
> > [EMAIL PROTECTED] (Erik) spake thus:
>
> > >and is the linear congruence algorithm sufficient for this purpose?
> >
> > Absolutely not, even if you combine outputs from several of them.
>
> I have incidently published on my web page a couple of years ago
> a compound PRNG scheme with a (special case) implementation that
> employed exclusively LPRNGs as constituent generators. If someone
> has 'concrete' (as against theoretically postulated) ideas of how
> to effectively attack that generator, I should be very grateful
> to learn these.
>
It all matters how you do these things, the structure being part of the
key. Pat answers may make some feel better, that certain generators are
either good or bad, but it does matter more how something like a LCG is
used.
Anybody feeling that they can break anything involving LCG's simply, just
ask, and I'll give you some ciphertext that is encrypted in a devious
manner using them.
--
Life is full of upturns and downturns, with varying periods of
stabilty mixed in. It is a fool's errand to assume that what is
happening any one day predicts the same as a constant future.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Prior art in science
Date: Mon, 07 Feb 2000 23:52:06 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
...
> Conversely, it would be very fine if it could be arranged that the
> patent applicants announce their submissions to the relevant
> newsgroups and mailing lists so that the applications would not
> escape the attention/scrutiny of those people that have a regular
> interest in the scientific fields concerned.
>
Yes, if the search for prior art is to be sincere, this is logical, as we
have seen here before. It might be that someone interested in a good
patent could perfect their application on what they find out.
Some are all for all patents, some against them, period. I would leave
the option open for what one might choose to do, but a patent may be more
a waste of resources, and that is a vital fact.
--
Life is full of upturns and downturns, with varying periods of
stabilty mixed in. It is a fool's errand to assume that what is
happening any one day predicts the same as a constant future.
------------------------------
From: [EMAIL PROTECTED] (Dan O.)
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Tue, 8 Feb 2000 07:27:00 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> [We're talking about ways to generate Latin Squares, and treating
> them as combining functions as suggested by Terry Ritter. Standard
> disclaimer: I'm not a cryptographer, and am definitely not
> recommending this method for anything more than experimentation.]
>
> In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> writes:
> > In sci.crypt Michael Wojcik <[EMAIL PROTECTED]> wrote:
>
> > : ... the proposed method (generating a square as a random
> > : permutation of the rotations of a random permutation, then randomly
> > : swapping rows and/or columns) will always generate a valid square.
>
> > This method seems interesting - mainly due to its speed.
>
> It also has advantages in storage requirements (see my earlier post
> on the subject). We can keep an order-256 square as two or three
> arrays of 256 bytes each (depending on whether we swap rows again
> after generating the columns) with only a small lookup penalty,
> rather than using the 64K required to maintain the entire square in
> memory.
>
> At least for encoding, that is. For decoding, this only works if we
> can generate the inverse square in the same form.
>
> More formally:
>
> Generate a permutation P on {0..255} (the "primary permutation"), and
> a second permutation R on {0..255} (the "rotation permutation"). Form
> the columns of square S as follows: for each column c, 0<=c<=255, c
> is rotate(P, R[c]). For c s.t. R[c] is 0, the column will be simply
> P; for other columns, the first entry in the column will be P[R[c]],
> the second P[R[c]+1 (mod 256)], etc.
What you are discribing is a permutation of a base Latin Square. Let L be
a base latin square {ie: L(r,c) = r+c mod 256}. Let P, R, T be
premutations on {0..255}. Then the latin square for encryption is t =
Le(r,c) = T(L(R(r),C(c))). And the inverse function for decryption in the
form r = Ld(t,c) = R'(L'(T'(t),C'(c)) where R', C', T' are the inverse
permutations of R, C, T respectivly and L' is the inverse of the base
latin square L [ie: L'(t,c) = t-c mod 256 = L(t,-c mod 256)].
> Question: Is the inverse of a PRT-form square always itself a PRT-
> form square? More generally, are all Latin Squares in PRT-form?
> Is there a simple, low-cost construction procedure to derive the
> inverse of a PRT-form square in PRT notation?
Yes. No. Yes.
> Note that if the answer to the second question is yes (all Latin
> Squares are in PRT-form), then we can reduce any Latin Square of
> order N to three arrays of N entries, which means that the internal
> state of a square of order N is bounded by 3N, not by N^2. (Right?)
> Ie., this result helps us specify how much information there really
> is in a Latin Square, since it gives us a bijective compression
> function for squares. (That tends to make me suspect the answer is
> no, but a few minutes of head-scratching wasn't enough for me to
> prove it one way or another.)
For a 4x4 latin square there are exactly 2 unique base squares using PRT form:
sum(r,c) = 0 1 2 3
1 2 3 0
2 3 0 1
3 0 1 2
xor(r,c) = 0 1 2 3
1 0 3 2
2 3 0 1
3 2 1 0
The latin square xor() is also unique in the PR form whereas sum() has 3
variations in the PR form.
--
Dan Oetting <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Highdesertman)
Crossposted-To: comp.sys.palmtops.pilot
Subject: Re: Strip Security
Date: Tue, 08 Feb 2000 07:33:44 GMT
Reply-To: [EMAIL PROTECTED]
Fear not! There is a really good freeware program for the PC called
scramdisk available at http//www.scramdisk.clara.net that creates
encrypted "volumes" on your hard drive. These volumes are seen by
windows as a physical hard drive and can have programs loaded onto
them and run from them as if they were actually real drives. Data of
any type can be secured on your pc and the password screen allows for
very long passphrases and up to 5 of them for one volume. In this way
you can keep really sensitive data secure by having scramdisk require
the proper entry of five passphrases before opening the volume. The
paswords/phrases arent stored in the volumes themselves so you can
move the volume from drive to drive as you please (it's just another
very large file). In the creation screen, you can choose whichever
algorythm you like, blowfish, IDEA, TEA, DEA, TRIPLE DEA, whathaveyou.
I highly recommend it.
cheers,
Mathew
On Tue, 08 Feb 2000 04:58:49 GMT, [EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Gordon Walker) wrote:
>> After all if I loose my Palm it has to be found by someone who is (1)
>> dishonest, (2) knowledgable about Palm applications, (3) aware of Stip
>> and what it may contain, (4) able to utilise the possible weaknesses
>> in my key selection to mount a successful assault on the encryption.
>> This improbability of this, together with the power of the key I have
>> chosen leaves me quite confident.
>
>It's not my lost Palm I'm worried about for the reasons you list --
>it's the backup file in my Palm desktop.
>
>Combining a compromised computer on my office network with a network
>share "vacuum" (currently being discussed on the VULN-DEV list) leads
>to the possibility that the backup of my Strip database could be
>discovered by a canny intruder (or the script kiddie using the canny
>intruder's program). If I were a cracker, an admin's Strip
>database would be a juicy target.
>
>Just what is the average number of crypt calls and the time per call to
>brute force a 128-bit DES key?
>
>Owen
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Mon, 7 Feb 2000 23:51:55 -0800
"Tim Tyler" <[EMAIL PROTECTED]> wrote ...
[...]
: : Note that if the answer to the second question is yes (all Latin
: : Squares are in PRT-form), then we can reduce any Latin Square of
: : order N to three arrays of N entries, which means that the internal
: : state of a square of order N is bounded by 3N, not by N^2. (Right?)
:
: The information content is smaller than this perhaps might suggest - since
: each array entry is itself constrained.
:
: N! x N! x N! - for the Latin Square - compared to N^(N^2) for the totally
: random table. ^^^^^^^
But the table can't be totally random if it's to be a workable
combiner. So I think that that latter number should be N!^N
instead of N^(N^2). (Suppose the column coordinate corresponds
to message symbol and row coordinate to the symbol it is to be
combined with. Then each row must be a permutation of 1..N in
order to allow later recovery of the message symbol.)
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Mon, 7 Feb 2000 23:51:58 -0800
"Michael Wojcik" <[EMAIL PROTECTED]> wrote ...
:
: [We're talking about ways to generate Latin Squares, and treating
: them as combining functions as suggested by Terry Ritter. Standard
: disclaimer: I'm not a cryptographer, and am definitely not
: recommending this method for anything more than experimentation.]
[...]
: Question: Is the inverse of a PRT-form square always itself a PRT-
: form square? More generally, are all Latin Squares in PRT-form?
"No" to the 2nd question -- we can see that not all
Lsquares are of your PRT form, by simply comparing
with the known number of Latin Squares of given order.
Since each Lsquare created by your PRT method is the
product of three permutations of 1..N, that method
produces N!^3 distinct Lsquares. E.g. for N=10,
that's ~10^20; but there are in fact ~10^25 order-10
Lsquares. The discrepancy grows rapidly -- there're
"only" ~10^36 PRT Lsquares of order 15, compared to
an estimated ~10^86 total.
Source:
McKay, B. D. and Rogoyski, E. ``Latin Squares of Order 10.''
Electronic J. Combinatorics 2, N3 1-4, 1995.
http://www.combinatorics.org/Volume_2/volume2.html#N3
: Is there a simple, low-cost construction procedure to derive the
: inverse of a PRT-form square in PRT notation?
:
: Note that if the answer to the second question is yes (all Latin
: Squares are in PRT-form), then we can reduce any Latin Square of
: order N to three arrays of N entries, which means that the internal
: state of a square of order N is bounded by 3N, not by N^2. (Right?)
The numbers to compare are N!^3 vs. N!^N.
There are N!^3 PRT Lsquares, and N!^N squares that could serve
(in principle) as combiners.
: Ie., this result helps us specify how much information there really
: is in a Latin Square, since it gives us a bijective compression
: function for squares. (That tends to make me suspect the answer is
: no, but a few minutes of head-scratching wasn't enough for me to
: prove it one way or another.)
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: "ink" <[EMAIL PROTECTED]>
Subject: Re: Anti-crack
Date: Tue, 8 Feb 2000 08:59:24 +0100
Kurt Van Nuggat schrieb in Nachricht ...
>Absolutely correct!!
>
>Software protection may slow a cracker down but will not stop him.
>
>Anyone who can write uncrackable software protection code will be very rich
>indeed because every sharware author in the world will beat a path to his
>door.
>
That may be right, but if it takes the cracker a sufficient amount
of time more than without the protection, it might already pay - the
product cycles today are so quick, the "brake" effect might
be enough to stop them dead. When they've cracked a version,
the new one might be out, or even a generation more.
K. In Albon
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
