Cryptography-Digest Digest #81, Volume #11 Wed, 9 Feb 00 15:13:01 EST
Contents:
Pseudorandom Byte Stream Challenge (John Chandler)
Re: New standart for encryption software ("finecrypt")
Re: A query method for communications ... (Mok-Kong Shen)
Re: "Trusted" CA - Oxymoron? ("R")
Re: new standart for encryption software.. ("finecrypt")
Re: New standart for encryption software (Tom St Denis)
micropayments and denial of service? ([EMAIL PROTECTED])
Actually you can see me here .. with your RealPlayer ... ("Markku J. Saarelainen")
Re: Pseudorandom Byte Stream Challenge (Mok-Kong Shen)
Re: Guaranteed Public Key Exchanges (Mok-Kong Shen)
Re: Key Generation program for Windows? ("Keith Monahan")
Actually you can see me here .. with your RealPlayer ... (Markku J. Saarelainen)
Re: Actually you can see me here .. with your RealPlayer ... (Mike Andrews)
Re: Anti-crack ("John E. Kuslich http://www.crak.com")
Re: Guaranteed Public Key Exchanges (Darren New)
Re: I'm returning the Dr Dobbs CDROM ("Keith Monahan")
Re: New standart for encryption software ("finecrypt")
Re: New standart for encryption software. (Albert P. Belle Isle)
My another page .. a lots of excellent information for you ... (Markku J.
Saarelainen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Chandler)
Crossposted-To: sci.crypt.research
Subject: Pseudorandom Byte Stream Challenge
Date: 9 Feb 2000 10:41:55 -0800
[Moderator's note: The charter of this newsgroup
(sci.crypt.research) specifically forbids "break
this" type challenges, but there is enough other
discussion in the note to allow me to post it. -- ggr]
The type of pseudorandom number generator known as a shuffling
generator has some promising attributes for use in stream ciphers.
Shuffling generators were developed by MacLaren,
Marsaglia,
and Bray [1,2,3]. These generators keep a table
of pseudorandom numbers that have been generated but not yet output.
One basic generator (call it the "selector") is used to select a number
from this table,
which is the next shuffled number output. That slot in
the table is then refilled by the other basic generator (the "refiller").
The shuffling is supposed to help remove any regularities in
the output from the basic generators; regularities are of course
undesirable in pseudorandom numbers.
At least in some cases,
a shuffling generator of high quality can be
constructed based on basic generator(s) of low quality [4,
5].
Even if the basic generators are congruential generators,
all of which suffer from the parallel planes property [6],
the shuffling generator will not normally have this undesirable
property,
and in fact the desire to avoid the parallel planes
property was one of the principal motivations
for the development of shuffling generators.
Encryption based on simple unshuffled congruential generators
is easy to break,
as shown by Reeds and others [7],
and shuffling alone does not solve this problem.
Using only a few characters of guessed plaintext of unknown position,
Charles Retter [8] was able to break an encryption application program
that was based on the shuffling of two mixed congruential generators.
Retter wrote,
"The primary weakness of the MacLaren-Marsaglia algorithm as
a cipher system is that the effects of the two constituent generators
can be separated. This has the effect of halving the key size." [8]
And "... the MacLaren-Marsaglia algorithm is a relatively weak
combining algorithm, because it is generally possible to search
for the key to the value generator independent of
the pointer generator." [9]
If shuffling is to be used effectively for encryption,
a more complicated method obviously is required.
One possibility is to use a third basic generator (the "interchanger")
to interchange the roles of the other two. If the number from the
interchanger does not exceed a cutoff KUTSH3,
then basic generator #1
is used as the selector and generator #2 as the refiller; otherwise,
generator #2 is used as the selector and #1 as the refiller.
The identity of the refiller generator,
for each element in the table,
can be stored in a parallel table and used in computing the output.
The periods of the three basic generators should be relatively
prime,
to give a long guaranteed minimum period.
Based on this idea, I have written function DSHUF3 in FORTRAN 77.
The three basic generators are multiplicative congruential
generators with a few iterates skipped to make the periods prime.
DSHUF3 outputs a double precision floating point value and,
what is relevant for our purposes here, a pseudorandom byte
value obtained by applying division and remaindering operations
to the sum of two integers. The floating point and byte values
are not independent,
and only one of them should be used
from any given invocation of DSHUF3.
The three moduli are each greater than 2^20. The multipliers are
primes selected so that no product ever exceeds 2^31-1.
The period of DSHUF3 is guaranteed to be longer than 2^60 and
is probably very much longer. Both the floating point and byte
output have been subjected to a selection of important tests
of pseudorandomness [3,
10,11,12] and have passed all tests.
Extremely high speed was not a desideratum in designing DSHUF3;
only unpredictability and a high degree of pseudorandomness
were sought.
Integer overflow never occurs in DSHUF3,
so it should be easy
to port it to any computer system and any computer language having
integers of size equivalent to 32 bits,
or larger, in any base.
To make brute force attacks more time consuming,
a shuffling generator
used in a stream cipher should probably be stepped through some
fairly long initial "run-in period" before starting to use its output.
That is,
the first NRUNIN pseudorandom bytes that are output
should be discarded before using any bytes.
The purpose of this post is to issue a Pseudorandom Byte Stream Challenge.
The code is contained in the file challv.f,
and 12,000 pseudorandom
bytes in hexadecimal form are contained in the file challv.out.
The object is either to predict the next 240 bytes after the 12,
000
or to give the values of three seeds that will generate
the given 12,
000 bytes immediately following the given run-in period.
(The values of the seeds might not be unique.)
Of course the values of JSEED3(1),
JSEED3(2), and JSEED3(3) given
in the file are not the values that were used to generate
the given 12,
000 bytes.
The values of KUTSH3 and NRUNIN could also be kept secret, but I am
specifying that they were 500,
000 and 3,000,000 respectively,
as given in challv.f. Similarly, all moduli,
multipliers,
and other constants are as given in challv.f.
(The run-in period was about ten seconds on an IBM mainframe computer.)
The last 240 of the 12,
000 bytes are
3A 02 4B E0 22 3C 35 CB 27 D5 35 13 F7 EC 63 73 D8 08 41 A0 D4 F2 72 86
C7 F8 C9 66 13 96 EF A4 63 07 60 82 4B DF AA 5B 19 3E 5B 99 A9 2D 6B 6B
25 D7 A7 59 95 CA 33 E2 3D 7E F6 54 5F 9E 45 EE 76 15 AA AF F5 63 F3 46
BF 3B 6B F0 EE 2D 11 AF 0C A1 48 9F E2 82 44 AF 38 A4 17 58 62 1F 8E 5F
78 A2 CA 49 76 47 16 4A D8 6A BF 13 D2 40 AE 9A 50 4C 55 1A C0 12 36 3F
2A AE 35 E2 75 3F 8F F3 F2 6B FB 4E 0D D5 9A 5F 13 01 56 54 16 7D A1 72
C0 94 D1 91 44 62 81 47 33 A9 FC 79 B2 95 AD D5 16 D9 95 61 FA 40 15 3B
16 FC 98 D3 5B 3A 5B 55 54 AD FD 3E 78 2E 45 0A 48 DD C4 ED 75 8D 64 E2
68 19 2B EB 5D C7 0F FD 90 A3 1F DB A6 4D 83 C0 77 B3 D6 EE 16 79 37 47
4B EC A1 74 72 CD 04 12 C5 80 C8 6A DC AD 4B D4 59 33 65 8E 1C B4 3E EB
To win the challenge,
the methods used must be explained and the
source code of all programs used must be submitted.
The challenge pays fifty U.S. dollars to the first solver.
(If I were Bill Gates, I might offer a million dollars;
fifty dollars is a larger fraction of my net worth
than a million dollars is of Bill Gates's net worth,
which is currently of the order of magnitude of $6E10 after taxes.)
This challenge is open until solved,
as long as I live and have $50.
If not solved in some reasonable period of time,
the amount might
be increased.
Files challv.f and challv.out and this file,
challv.txt,
can be downloaded via anonymous ftp from a.cs.okstate.edu/ftp/pub/jpc/ :
ftp a.cs.okstate.edu
anonymous
<enter your e-mail address here as the password>
cd pub/jpc
get challv.f
get challv.out
get challv.txt
quit
If there is any problem with ftp,
contact me.
John Chandler
Computer Science Department
Oklahoma State University
Stillwater,
Oklahoma 74078
[EMAIL PROTECTED]
Business telephone: 405-744-5676
[1] M. D. MacLaren and G. Marsaglia
"Uniform random number generators"
J. ACM 12 (1965) 83-89
[2] G. Marsaglia and T. A. Bray
"One-line random number generators and their use in combinations"
Communications ACM 11 (1968) 757-759
[3] Donald E. Knuth
_Semi-Numerical_Algorithms_ (Third edition, 1998),
Volume 2 of _The_Art_of_Computer_Programming_
Addison-Wesley
[4] Carter Bays and S. D. Durham
"Improving a Poor Random Number Generator"
ACM Transactions on Mathematical Software 2 (1976) 59-64
[5] G. P. Learmonth and P. A. W. Lewis
"Statistical Tests of Some Widely Used and Recently Proposed
Uniform Random Number Generators"
Technical report NPS55LW73111A,
November 1973
Department of Operations Research and Administrative Sciences
Naval Postgraduate School
Monterey,
California
[6] G. Marsaglia
"Random numbers fall mainly in the planes"
Proc. Nat. Acad Sci. 61 (1968) 25-28
[7] Bruce Schneier
_Applied_Cryptography_ (Second edition, 1996)
John Wiley and Sons
[8] Charles T. Retter
"Cryptanalysis of a MacLaren-Marsaglia system"
Cryptologia 8 (1984) 97-108
[9] Charles T. Retter
"A key-search attack on MacLaren-Marsaglia systems"
Cryptologia 9 (1984) 114-130
[10] G. Marsaglia
"Monkey tests for random number generators"
Computers and Mathematics with Applications 9 (1993) 1-10
[11] I. Vattulainen,
T. Ala-Nissila, and K. Kankaala
"Physical tests for random numbers in simulations"
Physical Review Letters 73 (1994) 2513-2516
[12] I. Vattulainen,
T. Ala-Nissila, and K. Kankaala
"Physical models as tests of randomness"
Physical Review E 52 (1995) 3205-3214
--
John Chandler
[EMAIL PROTECTED]
------------------------------
From: "finecrypt" <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software
Date: Wed, 9 Feb 2000 21:28:24 +0300
>One reason that PGP is so popular (and so hated by most closed-source
vendors)
>is because you can go to http://www.pgpi.com and download the source code,
>examine it yourself, and verify that if there's a back door in there, it's
a
>mighty subtle one.
If you don't compiled your copy of PGP how you can believe that your copy
downloaded from pgpi.com works as you expected looking in the source code?
Secondly, you cannot check PGP with oficial test vectors, as you can with
FineCrypt, becouse ciphertext produced by PGP will never mathes with test
vectors of authors of algorithms. Third, if you take randomness of
ciphertext as a very very rough measure of quality of encryption and the
standart deviation as a rough measure of randomness, you will see that
standart deviation of FineCrypt's ciphertext almost always less than
standart deviation of PGP's ciphertext. What do you think about it? You can
measure standart deviation with help of "File statistics" feature in
FineCrypt.
http://www.finecrypt.com/fcinst.exe
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,alt.security,alt.2600
Subject: Re: A query method for communications ...
Date: Wed, 09 Feb 2000 19:59:17 +0100
Markku J. Saarelainen wrote:
> In the same way as you can use any search functions to find documents at
> any web sites such as corporate, government and other sites, you can use
> these same search functions to submit specific intelligence to those who
> are reviewing any query logs and files. This can be a very handy method,
> when you are communicating with embassies and other intelligence
> customers and it is quite anonymous. Try it. Actually works great !
Conversely, you can update your web pages in some specific ways
to broadcast certain intelligence without outsiders noticing that,
I suppose.
M. K. Shen
------------------------------
From: "R" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,comp.security.pgp,comp.security.pgp.discuss
Subject: Re: "Trusted" CA - Oxymoron?
Date: Wed, 09 Feb 2000 19:04:01 GMT
Jim Bennett <[EMAIL PROTECTED]> wrote in message
news:6ENi4.12674$[EMAIL PROTECTED]...
> PGP - You have to trust the key signers, but if you are dealing with a
> stranger, you are unlikely to know any of the key signers. Value: usually
> zero, occasionally good.
>
Just a note, but Thawte will also verify PGP keys. This will tie the PGP
key to a Thawte certificate holder, which helps a little.
------------------------------
From: "finecrypt" <[EMAIL PROTECTED]>
Subject: Re: new standart for encryption software..
Date: Wed, 9 Feb 2000 21:51:42 +0300
Eric Lee Green wrote in message ...
>In short: If it ain't source, it ain't secure, as far as most crypto types
are
>concerned. There's been too many cases of government bodies bribing crypto
>companies to put in hidden back doors (See the Crypto A.G. case, for
example)
>for anybody to trust closed-source crypto nowdays.
Dear Eric Lee Green,
I agreed with you that you cannot trust program if you don't know how it
works. But if you test the program with oficial test vectors of authors of
algorithms and IF ciphertext produced by the program will *exactly matches*
with test ciphertext, THEN you will know how program works. Moreover, you
will know that the program encrypts exactly as intended by authors of
encryption algorithms and that there is no any backdoors. You will be able
to crack ciphertext produced by the program only if you crack algorithm.
Oficial test vectors is the more reliable guarantie than the source code.
Today FineCrypt is sole program that offer possibility to check it with
oficial test vectors.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software
Date: Wed, 09 Feb 2000 19:03:22 GMT
In article <87rv6k$ps1$[EMAIL PROTECTED]>,
"finecrypt" <[EMAIL PROTECTED]> wrote:
> >No Back Doors....How can they prove that?
>
> Yes, we can prove it. Read online help topic "How to test FineCrypt
with
> test vectors?" about of how you can get a guarantie of reliable
encryption.
>
> http://www.finecrypt.com/fcinst.exe
>
Not to say 'SNAKE OIL' but how do we know your testvector algorithms
are actually used to encrypt?
Do you have source code online?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: micropayments and denial of service?
Date: Wed, 09 Feb 2000 19:10:01 GMT
What effect would micropayments have on denial of service attacks?
If a request comes without a payment, there's no need to respond.
There's still a need to read the request and verify the payment -- maybe
this alone is enough for denial of service attacks?
If a request comes with a valid payment, the payer would reach their
spending limit pretty quick, which should motivate compromised sites to
uncompromise themselves. I understand that denial of service attacks
are usually done indirectly through compromised sites.
(I grant you that requiring payments is probably suicide for an online
business whose competitors allow anonymous free access. And I'm
fond of being an anonymous free user myself.)
So, what effect would micropayments have on denial of service attacks?
- Bob Jenkins
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Subject: Actually you can see me here .. with your RealPlayer ...
Date: Wed, 09 Feb 2000 19:22:21 GMT
http://home.earthlink.net/~mjsion/markkujs.html
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Pseudorandom Byte Stream Challenge
Date: Wed, 09 Feb 2000 20:30:42 +0100
John Chandler wrote:
>
> [Moderator's note: The charter of this newsgroup
> (sci.crypt.research) specifically forbids "break
> this" type challenges, but there is enough other
> discussion in the note to allow me to post it. -- ggr]
>
> The type of pseudorandom number generator known as a shuffling
> generator has some promising attributes for use in stream ciphers.
[snip]
A compound PRNG designed by me a couple of years ago might be
of some interest to you. See my web page. (Incidentally, a monetory
prize is offered there also.)
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Wed, 09 Feb 2000 20:31:49 +0100
No Brainer wrote:
>
> Does anyone know of a secure way to exchange public keys between two
> people via the Internet (e-mail) without using any other form of
> communication?
>
> Also, would the proposed system work if *someone* was intercepting and
> modifying the key exchanges?
Perhaps you would need mechanisms like the web of trust. My knowledge
about your topic is rather meagre. Hopefully others would provide you
useful informations.
M. K. Shen
------------------------------
From: "Keith Monahan" <[EMAIL PROTECTED]>
Subject: Re: Key Generation program for Windows?
Date: Wed, 09 Feb 2000 19:20:13 GMT
Has anyone seen this before? That hardware generator looks pretty decent.
Website is complete with diehard results, design criteria, etc.
Keith
Bo D�mstedt <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "cedric frost" <[EMAIL PROTECTED]> wrote:
>
> >Anyone know of a program for Windows 9x that generates pseudo-random
> >keys/passwords?
>
> Our SG100 hardware random number generator do that.
>
> See http://www.protego.se/sg100_en.htm
>
> Bo D�mstedt
> Chief Cryptographer
> Protego Information AB
>
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Subject: Actually you can see me here .. with your RealPlayer ...
Date: Wed, 09 Feb 2000 19:24:40 GMT
Actually you can see me here .. with your RealPlayer ...
http://home.earthlink.net/~mjsion/markkujs.html
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Actually you can see me here .. with your RealPlayer ...
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Date: Wed, 09 Feb 2000 19:39:26 GMT
In sci.crypt Markku J. Saarelainen <[EMAIL PROTECTED]> wrote:
[nothing relevant to this group]
How the Hell did you get out of my killfile? In you go!
*PLONK* !
--
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
------------------------------
From: "John E. Kuslich http://www.crak.com" <[EMAIL PROTECTED]>
Subject: Re: Anti-crack
Date: Wed, 9 Feb 2000 12:40:20 -0700
Please don't hold back...Let us know what you really think about these trade
mags. The meek shall inherit the earth but you don't have to use kidd
gloves all the time :--))
JK http://www.crak.com
Vernon Schryver <[EMAIL PROTECTED]> wrote in message
news:87q8l3$i1r$[EMAIL PROTECTED]...
> In article <AG_n4.142$[EMAIL PROTECTED]>,
> John E. Kuslich http://www.crak.com <[EMAIL PROTECTED]> wrote:
> >I have now read the article and I do NOT recommend it.
> >
> >I found it superficial and sometimes offered silly suggestions...
>
> >There are very excellent sources of better advice and information ...
>
> > ... They require some Net searching skill to find. :--)
> >
> >Anyone with adequate motivation and skill ... ... will
> >easily find them.
>
>
> That applies to most computer trade rag inter-ad filler on any topic.
> When you find an trade article informative, an alarm should sound warning
> that you probably know even less (i.e. a lot that is false) than the
little
> that you knew before reading the article. Only if you started completely
> ignorant, you forget most of what the article says, and you remember that
> you still know practically nothing can you hope to come out ahead.
>
> The only text in the trade rags that is even slightly reliable is in the
> ads, because of the consequences of false advertising. It's not as if
> trade rag articles are peer reviewed, unless you count sales people.
> Consider who has time to write for a trade rag. Most of the inter-ad
> filler that is not produced by unvarnished sales people is written by
> consultants who have the time to spare writing for free or next to free,
> or by new-grads hired into what the trade rags are pleased to call labs
> for salaries and options commensurate with working for a trade rag.
>
> I suspect that if I knew anything about any other field that has trade
> rags, I'd say the same about that field's trade rag inter-ad filler.
>
> As for that particular article, some of the other suggestions are as good
> as its advice to write bad code. Consider its suggested encryption for
> strings, 'ANDing with a constant eight-bit "key"'. Yes, "ANDing"! That's
> only a little less silly with "XOR", since no rocket science is needed
> to pipe an image 255 times through something that xor's with a constant
> before piping to the `strings` command. Never mind that in embedded
> code you often have the obvious reason to use denser encodings than 1
> char/byte. Or that a lot of embedded code doesn't have access to a lot
> of alphanumeric output and so has less use for lots of ASCII text.
>
> ....
>
> I wrote the preceding before reading today's mail. Surveying the
> nonsense in today's crop of trade rags reminded me that particular
> rag is not as bad as many others. I try to keep up with some rags to
> see newly advertised products and what the credulous "know" this month.
>
>
> Vernon Schryver [EMAIL PROTECTED]
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Guaranteed Public Key Exchanges
Date: Wed, 09 Feb 2000 19:44:33 GMT
No Brainer wrote:
> secret...however I thought there may be some kind of protocol whereby two
> people unknown to each other can exchange public keys and retain integrity.
There is. You just don't know *who*! :-) If they're unknown to you, you can
exchange public keys with them securely, but have no idea what person you're
exchanging the keys with. Think about it. ;-)
--
Darren New / Senior Software Architect / IZ, Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no safety in disarming only the fearful.
------------------------------
From: "Keith Monahan" <[EMAIL PROTECTED]>
Subject: Re: I'm returning the Dr Dobbs CDROM
Date: Wed, 09 Feb 2000 19:38:17 GMT
> On the other hand, I differ with your final conclusion. I'm very
> happy with this CD-ROM. I can't imagine buying this to print out
> whole chapters or whatever.... if you want good quality printouts,
> buy the books! For quick reference though it's great. In my
> briefcase I can carry the DDJ CD-ROM, the about 20 years of CRYPTO and
> EuroCrypt proceedings (CD-ROM available through Springer-Verlag), and
> about 20 years of IEEE Security and Privacy proceedings (CD-ROM
> available through IEEE). That's a hell of a reference library to have
> available in such a small space....
I agree entirely. It is a great reference. And like I said in my original
message
on the topic, THERE IS NO REPLACEMENT FOR PHYSICAL BOOKS.
I'm using it now as a searchable reference and also to kind of preview the
books.
I imagine in a few years my bookshelf covered in hardcover quality texts.
Keith
>
> --
> Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
> Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
> University of North Texas | or better,' so I installed Linux."
> Denton, TX 76201 |
------------------------------
From: "finecrypt" <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software
Date: Wed, 9 Feb 2000 22:35:21 +0300
>Not to say 'SNAKE OIL' but how do we know your testvector algorithms
>are actually used to encrypt?
Tom,
this is a one of several dozen test vectors to test Blowfish from
http://www.counterpane.com/vectors.txt:
key bytes
0000000000000000
clear bytes
0000000000000000
cipher bytes
4EF997456198DD78
If you create file in hexadecimal editor with 16 zeroes and then encrypt it
by FineCrypt with user key contains 16 zeroes, then you get the file that
will contains except file header exactly the same
ciphertext:4EF997456198DD78. This relates for all test vectors for all
algorithms used in FineCrypt. You can encrypt two plaintexts specified in
author's test vectors into two related ciphertexts if and only if you use
method described by author of algorithm. I.e. if there is in program any
backdoor, then it cannot encrypt testvector's plaintext exactly into
testvector's ciphertext.
>Do you have source code online?
Sorry, but not yet.
------------------------------
From: Albert P. Belle Isle <[EMAIL PROTECTED]>
Subject: Re: New standart for encryption software.
Date: Wed, 09 Feb 2000 14:50:50 -0500
Reply-To: [EMAIL PROTECTED]
On Wed, 9 Feb 2000 01:54:07 +0300, "finecrypt" <[EMAIL PROTECTED]>
wrote:
>FineCrypt 1.2
>
>First and sole program, which you can test with test vectors.
Hardly.
_Any_ cryptosystem designed to FIPS 140-1 (the "master standard" for
the US family of cryptographic security standards) _must_ include
built-in, standards-compliant tests for the cipher(s), hashes,
keystream generator randomness, etc.
Document Security Manager has (for years) made its built-in FIPS 81,
SP500-20, FIPS 180-1 and FIPS 140-1 self-tests available to the user
interface.
More importantly, for those wary of "canned responses," it also allows
direct user access to the ciphers, for user-defined tests that accept
user-defined keys and user-defined inputs for direct encipherment to
disk, without the standard headers or other overhead bytes.
The ANSI X9.17c keystream generator can produce its next megabyte of
pseudorandom bytes to disk, on command. The fact that it is used to
generate the last overwrite-and-verify pass from the NAVSO P5239-26
overwriting routines means that any command to Sanitize a file per
DOD5220.22-M produces a keystream generator test output to disk of
that size.
Although our source code is available for review under NDA, any
INFOSEC professional knows that spiking cryptosystem implementations
at the object code level is a much greater threat than "backdoors"
spelled-out in well-documented source code. Hence, the emphasis on
testing performance of the cryptosystem, rather than trusting pretty
source code listings.
(Of course, that doesn't seem to inhibit the calls by sci.crypt
posters to "show me the source code." Any professional spiker would be
all too happy to get the resulting "seal of approval" <g>.)
Then there's all those "wiping" programs that leave plaintext
scavanged into the _interior_ slack spaces of Word or Excel files....
But that's another story for another time.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Subject: My another page .. a lots of excellent information for you ...
Date: Wed, 09 Feb 2000 19:53:21 GMT
Main:
http://home.earthlink.net/~mjsion/home.htm
and
E-commerce Reports:
http://home.earthlink.net/~mjsion/replink.htm
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
