Cryptography-Digest Digest #77, Volume #11 Wed, 9 Feb 00 01:13:01 EST
Contents:
Re: Does the NSA have ALL Possible PGP keys? (Ralph Hilton)
Re: question about PKI... (Palmpalmpalm)
Re: Anti-crack ("Matt")
Re: permission to do crypto research (David Wagner)
Re: permission to do crypto research ("Jeffrey B. Siegal")
Does hashing an encrypted message increase hash security? (Erann Gat)
Re: Latin Squares (was Re: Reversibly combining two bytes?) (wtshaw)
Re: permission to do crypto research (wtshaw)
Re: NIST, AES at RSA conference ([EMAIL PROTECTED])
rexec? ("Dave VanHorn")
Re: NIST, AES at RSA conference ("Joseph Ashwood")
Re: Seeking Information on FRACTAL CRYPTOGRAPHY ("r.e.s.")
Re: Latin Squares (was Re: Reversibly combining two bytes?) ("r.e.s.")
Re: New standart for encryption software. (Johnny Bravo)
Re: permission to do crypto research (Xcott Craver)
Re: Student security columnist wanted for ACM Crossroads (Eric Lee Green)
----------------------------------------------------------------------------
From: Ralph Hilton <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 09 Feb 2000 02:48:49 +0100
Reply-To: [EMAIL PROTECTED]
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Tue, 1 Feb 2000 07:27:58 +0100, Anonymous <[EMAIL PROTECTED]>
wrote:
>There are a couple of interesting threads on talk.politics.crypto
>originating from a cryptographer with www.filesafety.com. They
>purport that the NSA has ALL POSSIBLE keys for PGP and that all PGP
>encrypted netmail has been "transparent" for at least two years to
>the NSA and certain elements of the military and FBI. The
>cryptographic basis for this alleged total compromise of PGP is
>discussed.
>
>This is a low-traffic NG and I should like to see serious analysis
>of these claims by those who are more technically qualified to
>discuss
>them.
>
>Take a look, and be sure to cross-post your comments here.
He is a joker.
The storage space for all possible keys for PGP would, with current
hard disks, extend beyond the orbit of Pluto with the whole space
full of 1Tb disks.
You have been trolled.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOKC5QUCdrg0RcyHQEQIYWQCgjzUBzDYYPeJMpWRPMp64l+Tr7oAAoIGc
CjczsJG7ItkaexsnoOLhr2Jr
=doVN
=====END PGP SIGNATURE=====
--
Ralph Hilton
http://Ralph.Hilton.org
Freezone International: http://www.fzint.org
------------------------------
From: [EMAIL PROTECTED] (Palmpalmpalm)
Subject: Re: question about PKI...
Date: 09 Feb 2000 02:38:57 GMT
Thanks all for kind answers...
Actually I was wondering if it was useful to use SRP in PKI solutions. Such a
secure protocol must be helpful for downloading a private-key on line
Is there anyone who thought about this?
------------------------------
From: "Matt" <[EMAIL PROTECTED]>
Subject: Re: Anti-crack
Date: Tue, 8 Feb 2000 20:40:48 -0600
x-no-archive: yes
> Has anyone researched means of protecting
> programs from being cracked with encryption?
>
http://inner-smile.com/nocrack.htm
By far one of the best sources of info on this subject.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 8 Feb 2000 18:41:58 -0800
In article <[EMAIL PROTECTED]>,
Jeffrey B. Siegal <[EMAIL PROTECTED]> wrote:
> David Wagner wrote:
> > Remember, the industry claimed in their legal briefs that the DVD CCA
> > "is suffering and will continue to suffer immediate and irreparable harm",
> > unless the truth is immediately banned. (They also said, for instance,
> > that DeCSS "will likely mean the end of this California business".)
> >
> > Even if we offer them the benefit of the doubt here, these types of
> > statements appear thoroughly insupportable.
>
> Not at all. Although they make reference to the overall motion picture
> industry, this particular statement refers to the DVD CCA itself.
It's true that at some points in their brief they limit their claims in this
way (and yes, your question is a good one -- why should anyone care if the
DVD CCA ceases to exist?), but it is also true that at some other points in
their briefs they claim specific harm to the motion picture industry in
general (as well as other industries).
Here is one sample quote from the California filings:
``The DVD CCA and both the motion picture industry and the companies which
provide the software and hardware which permit consumers to view motion
pictures in a digital format (the licensees) are and will continue to
suffer irreparable damage without the protection of preliminary relief.''
There are others like this one. There's even an entire subsection titled
"DVD CCA as well as the Motion Picture, Consumer Electronics, and Computer
Industries Face Irreparable Harm if Defendants' are not Enjoined".
In other words, they claim immediate, irreparable injury to the entire DVD
and motion picture industry. And that's the sort of outlandish, exaggerated
statement which I think is unsupported by the available technical evidence.
Look, I realize it may be traditional to embellish the truth a bit in court
to present your client's case in the strongest light possible -- but when it
comes to scientific evidence that the courts may not have enough technical
expertise to judge on their own, we really need to stand up for the highest
standards of scientific accuracy. As far as I can see, the DVD CCA's briefs
fail that test.
Am I missing something? I certainly am ill-versed in the law, but that is
surely not the only place where I could be overlooking something important.
------------------------------
From: "Jeffrey B. Siegal" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: Tue, 08 Feb 2000 18:50:51 -0800
David Wagner wrote:
> Look, I realize it may be traditional to embellish the truth a bit in court
> to present your client's case in the strongest light possible
Just exactly the way you decided to choose the phrase "embellish the truth"
rather than "interpret the facts"
------------------------------
From: [EMAIL PROTECTED] (Erann Gat)
Subject: Does hashing an encrypted message increase hash security?
Date: Tue, 08 Feb 2000 17:58:11 -0800
Suppse I do the following:
1. Generate a 128-bit MD5 hash of a message.
2. Generate a second 128-bit MD5 hash of the same message encrypted
with (say) Blowfish using an N-bit key.
3. Concatenate the results together to form a 256-bit hash.
Does the resulting 256 bit hash have any more security than the
original 128-bit MD5 hash by itself? How much more? What if
the Blowfish encryption key is known -- is there still something
to be gained in terms of hash security by concatenating a hash
of the cleartext with a hash of the Blowfish ciphertext?
Thanks,
Erann Gat
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Tue, 08 Feb 2000 20:52:53 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> r.e.s. <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote ...
>
> : So I think that that latter number should be N!^N instead of N^(N^2).
>
> That is /an/ upper bound. It may be possible to do much better, though.
> N!^(N-1) is a smaller bound - since if N-1 columns are known, the last
> column is uniquely determined.
>
> I have a figure of 161820 possible 5x5 latin squares. This doesn't
> conform to the N!^N formula very well at all (though it's the right side
> of it when taken as a bound).
>
> The last I heard, the function yielding the number of Latin squares of
> size NxN was one of the unsolved problems of mathematics - since no
> simple expression of it has yet been discovered.
> --
I see that the number of different squares in which there are no two rows
alike and no two columns alike might be N!*N, at least it works out that
way for N=3. Maybe I missed something, but for N=3, there are only 18
possibilities, N=4 is 48, and N=5 is 600, according to my calculations.
Where you get 161820 for N=5 puzzles me.
--
Life is full of upturns and downturns, with varying periods of
stabilty mixed in. It is a fool's errand to assume that what is
happening any one day predicts the same as a constant future.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: Tue, 08 Feb 2000 21:05:53 -0600
In article <87pq12$k52$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Xcott Craver) wrote:
> I don't know if anyone here disagrees with you on this. Rather,
> this is a thread about how the law affects crypto research, not
> a thread about the right or wrong of such law.
>
> Technically, questions about right or wrong are best not x-posted
> to sci.crypt. In this case, however, I think it's relevant
> to a discussion of the science of cryptography because the law
> may now restrict what scientists are allowed to do.
Scientific truth deals with rights and wrongs, so does logic, and so does
the law. Justice demands truth and honesty. If you believe that all
these things are to be arbitrary, you do not make sense, so why are you
even wasting your breath saying that it is important to maintain them.
Trying to separate logic from science is the biggest sin of all, and you
simmly have not right to force that on anyone. If the law is wrong, the
hang the law; after all that is what justice demands. Or, perhaps you
think that you can mock justice as well.
>
> >For instance, your last case, a person might wish to destroy their own
> >watermarks so as to render an image *virgin.* The MPAA might not like
> >it, but it is none of their business.
>
> Again, no disagreement, but that pesky law is still there.
>
> Also, destroying a watermark to render an image "virgin" is
> a really bad idea. You do damage the image some when you run
> a watermark destroying program. If you can't just dig up the
> original copy of the image (you fool, you,) it's best to
> use your watermarking software to remove the watermark, given
> the key you used to add it. One could still argue that a program to
> mangle marks is not necessarily a useful tool for content creators.
>
> Of course, the company who made the watermarking software may
> not offer a removal utlility....
>
You may write your own program to work on your own files, or get them
whereever, whenever. It must be so nice to feel that you can make
unreasoinable demands, when their unreasonableness simply will cause them
to be ignored, and you too. People only have faith in good laws, and the
loss of such faith causes anarchy. Now, I get it...you are really an
anarchist.
--
Life is full of upturns and downturns, with varying periods of
stabilty mixed in. It is a fool's errand to assume that what is
happening any one day predicts the same as a constant future.
------------------------------
Subject: Re: NIST, AES at RSA conference
From: [EMAIL PROTECTED]
Date: 9 Feb 2000 14:55:40 +1000
>The development of DES is an example, the algorithm
>itself (S-boxes) was made stronger. Why the S-boxes
>where designed the way they were was not disclosed.
At the time, no. It has been stated since that this was because the
addtional design criteria were to provide resistance against what
we now call "differential cryptanalysis" (they called it the T-attack),
and revealing the criteria would have given away the attack (which
took another 15 or so years for the public community to rediscover).
So they had good & valid reasons for keeping these added criteria
secret. Dee Don Coppersmith's paper reprising this:
Author(s): Don Coppersmith
Title : The Data Encryption Standard (DES) and its strength against attacks
Journal : IBM Journal of Research and Development
Volume : 38
Number : 3
Date : |MAY| 1994
Pages : 243-250
>In fact the disclosure of the algorithm itself was a
>mistake. Nevertheless improvements were made that
Disclosure of what? DES? Of course it had to be made public, and was
always intended to be, thats why it was a FIPS standard (in h/w) from
the start. They just wanted to keep the design criteria secret.
Lawrie.
------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Subject: rexec?
Date: Wed, 09 Feb 2000 04:22:29 GMT
Is anyone aware of a secure version of rexec?
I thought that ssh clients were supposed to also do rexec functions, but
none I've found support it. :(
--
========
Are you an ISP?
Are you tired of dealing with SPAM?
We can help.
http://www.spamwhack.com
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Tue, 8 Feb 2000 18:50:51 -0000
> On the other hand, if
> someone can convince me that there is an actual
*contradiction* in my
> belief that multiciphering (with non-groupy ciphers) must
increase
> strength at least by the amount of processing effort, that
will, of
> course, change my belief.
While I haven't had the time yet (and I probably never will)
to build it into an actual proof, the outline is as follows.
Given a function f() with output confined to a space k,
given any input (of a value in k) to f() the odds of an
identical output is at least 1/k for a further reapplication
of the function f() n times the odds of there existing an m
(m<n) such that f^n() = f^m() is at least (n-1)/k (m must
not be negative, but may be zero indicating the plaintext)
When n = (k +1) there must exist an m < n
Given this f^n() (for n = k+1) is equivalent to f^m(), a
goal that is computationally easier to achieve.
It is also possible to change f() at some point in the
stream and the proof is likely to still apply provided that
k remains fixed across functions (although a similar proof
will exist).
Based on this I assert that there is a limit to the number
of times a function f() (including any cryptographic
algorithm) can be applied is K and in the case of a
cryptographic algorithm of length x the maximum number of
times that algorithm can be applied without being gaurenteed
to provide a reduction of strength is 2^x.
In short, I can't prove that applying an algorithm 3 times
forms such a decrease, and I believe that for most
non-groupy ciphers that tripling will likely increase the
security, there is a limit to how far we can take it.
Joe
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Seeking Information on FRACTAL CRYPTOGRAPHY
Date: Tue, 8 Feb 2000 20:51:00 -0800
Trajectories in the "strange attractors" (of fractal dimension)
that occur in chaotic dynamical systems such as certain iteration
schemes, can exhibit extreme irregularity & unpredictability.
(They are deterministic, depending only on the initial values
given the dynamical equations.) For an animated chaos display,
see http://mathworld.wolfram.com/ChaosGame.html
A simple search with "chaos fractal encryption" brings up
quite a bit, incuding:
"Method and Apparatus for the Encryption, Decryption and
Authentication of Messages Using Dynamical Systems"
http://www.santafe.edu/~hag/pat/pat.html
"GCC Chaos Encryption"
http://www.iisi.co.jp/reserch/GCC-over.htm
"Fractal Iteration of Information"
http://www.fitin.com/intro.html
--
r.e.s.
[EMAIL PROTECTED]
"Tom St Denis" <[EMAIL PROTECTED]> wrote ...
: "M. Hackett" <[EMAIL PROTECTED]> wrote:
: > I am seeking information on FRACTAL CRYPTOGRAPHY --
: > patents, programs and / or otherwise available on the Internet.
: >
: > Send me any links or information that you may find, as I am
: > having some trouble assimilating this info.
: >
: > MP
: >
:
: If I am not mistaken a fractal is simply a object that can self-
: represent itself to infinite detail. I.e the mandelbrot.
:
: How do you think this would be applied to crypto? And did you hear
: this on star trek?
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Tue, 8 Feb 2000 21:14:59 -0800
"wtshaw" <[EMAIL PROTECTED]> wrote ...
: "Tim Tyler" [EMAIL PROTECTED] wrote:
: > r.e.s. <[EMAIL PROTECTED]> wrote:
: > : So I think that that latter number should be N!^N instead of N^(N^2).
(I didn't say that N!^N is the number of LSquares.
It's the number of possible NxN "reversible combiners".)
: > That is /an/ upper bound. It may be possible to do much better, though.
: > N!^(N-1) is a smaller bound - since if N-1 columns are known, the last
: > column is uniquely determined.
: >
: > I have a figure of 161820 possible 5x5 latin squares. This doesn't
: > conform to the N!^N formula very well at all (though it's the right side
^^^^^^^^^^^^^^^^^^^^^^^^^^^
(N!^N was not supposed to be the number of Lsquares!!!)
: > of it when taken as a bound).
: > The last I heard, the function yielding the number of Latin squares of
: > size NxN was one of the unsolved problems of mathematics - since no
: > simple expression of it has yet been discovered.
: > --
: I see that the number of different squares in which there are no two rows
: alike and no two columns alike might be N!*N, at least it works out that
: way for N=3. Maybe I missed something, but for N=3, there are only 18
: possibilities, N=4 is 48, and N=5 is 600, according to my calculations.
: Where you get 161820 for N=5 puzzles me.
161280 for N=5 is correct according to my references.
The number of Latin Squares of order N, for N=1..10:
1,2,12,576,161280,812851200,61479419904000,108776032459082956800,
5524751496156892842531225600,9982437658213039871725064756920320000
Source:
http://www.research.att.com/cgi-bin/access.cgi/as/njas/sequences/eisA.cgi?An
um=002860
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software.
Date: Wed, 09 Feb 2000 00:08:05 +0000
On Wed, 9 Feb 2000 01:54:07 +0300, "finecrypt" <[EMAIL PROTECTED]>
wrote:
>FineCrypt 1.2
>
>First and sole program, which you can test with test vectors. Also new
>advanced key managment (patented by Crypto Systems, Inc), grafical file
>statistics feature, etc., etc...
This is hardly something that sets a "new standard", the current
standard specifies that source code be available for peer review to ensure
proper implementation and security. You don't even meet the current
standard, much less set a new one. As for your claims of
"Even those users who know nothing about programming and cryptography can
easily see that in FC:
- There are no “backdoors”;
- The length of the key for the encryption is correct;
- The encryption is performed as intended by the authors of the algorithms
used in FC."
Since source code is not included, these statements aren't worth the
electrons they are displayed with. Any malicious intent on your part
would easily bypass all these "tests".
Take you spam somewhere else.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Crossposted-To: talk.politics.crypto,misc.int-property,misc.legal.computing
Subject: Re: permission to do crypto research
Date: 9 Feb 2000 05:18:18 GMT
I wrote:
>> I don't know if anyone here disagrees with you on this. Rather,
>> this is a thread about how the law affects crypto research, not
>> a thread about the right or wrong of such law.
>>
>> Technically, questions about right or wrong are best not x-posted
>> to sci.crypt. In this case, however, I think it's relevant
>> to a discussion of the science of cryptography because the law
>> may now restrict what scientists are allowed to do.
Then wtshaw <[EMAIL PROTECTED]> wrote:
>Scientific truth deals with rights and wrongs, so does logic, and so does
>the law. Justice demands truth and honesty. If you believe that all
>these things are to be arbitrary, you do not make sense, so why are you
>even wasting your breath saying that it is important to maintain them.
>Trying to separate logic from science is the biggest sin of all, and you
>simmly have not right to force that on anyone. If the law is wrong, the
>hang the law; after all that is what justice demands. Or, perhaps you
>think that you can mock justice as well.
What in the World!?!
I was merely saying that political discussions are _usually_
off-topic for sci.crypt. They go to talk.politics.crypto
and the like. You _know_ this to be true, and you really,
really should have been able to understand that that's what
I was saying. Mocking justice?!
>You may write your own program to work on your own files, or get them
>whereever, whenever. It must be so nice to feel that you can make
>unreasoinable demands, when their unreasonableness simply will cause them
>to be ignored, and you too. People only have faith in good laws, and the
>loss of such faith causes anarchy. Now, I get it...you are really an
>anarchist.
All right, that's it, you're either drunk or responding
to the wrong post.
For the 2nd time, I am not in any way _in_favor_ of this
law. If you knew the damnedest little thing about watermarking,
you'd KNOW I couldn't be in favor of this law, because my
research used to be in watermarking ATTACKS.
I was pointing out that the exemption for scientific research
isn't enough, because the DCMA still criminalizes the
tools scientists may use, exemption or no. Of course, that's
just one reason of many: the bit about having to ask permission is
itself, IMHO, unacceptible, but even with permission research
may be impeded.
In response to last paragraph, sentence by sentence:
1) Yes, I can write my own program to work on my own files,
but NO, this law may prevent me from getting them "whereever,
whenever." Media companies are trying to do just that with
DeCSS. Who knows if tools researchers use may one day be
under the gun.
2) Your identifying me as a proponent of this law exhibits all the
deductive powers of a hippopotamus attempting to mate with a car.
3) Agreed.
4) For Christ's sake, post sober.
-X
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Student security columnist wanted for ACM Crossroads
Date: Tue, 08 Feb 2000 22:47:42 -0700
"SCOTT19U.ZIP_GUY" wrote:
> Actually from what limited interaction I have had with the ACM
> having actual expertise in any field that they want would most likely
> be a handy cap since they don't really want very intelligent people.
A co-worker of mine was on the original ANSI "C" committee, mostly made
up of the same academics as those who are involved with ACM activities.
He said that on one night in 1985 he simply had enough. They were
squabbling over some esoteric BS, not getting anything done, and finally
he said "Look, are you interested in creating a 'C' standard, or are you
interested in staking out academic turf? Because if you're interested in
creating a 'C' standard, this isn't going to do it."
There was a long silence, and finally everybody hung up.
The next morning, his supervisor called and told him that the chair
of the "C" committee had called, and his services were no longer
required.
It took close to seven more years before the "C" standard was really
standardized, though by that time most compilers already implemented the
worthwhile bits (and left out the esoteric academic BS... RMS, in
particular, was apopoleptic about some of the misfeatures and swore
they'd never make it into the GNU "C" compiler, though browsing the info
page I see at least one of the misfeatures is available via a special
"--ansi" flag). Ever since, whenever somebody talks to me about
standards, I tell them "show me the code" (for the sample
implementation)... it appears that most academics get tenure via knowing
whose rears to kiss, not on the basis of ability. It may be "publish or
perish", but department heads have often been out of the trenches for so
long that they couldn't tell a good paper from bleeding edge research.
(Not to mention the mediocre types who are great at wheedling funds out
of the NSF, DARPA, etc., who tend to get tenure simply because they pay
everybody else's salaries at the place!).
--
Eric Lee Green [EMAIL PROTECTED]
http://members.tripod.com/e_l_green/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
