Cryptography-Digest Digest #94, Volume #11 Fri, 11 Feb 00 07:13:01 EST
Contents:
Re: Have you watched the movie "PI" (actually a mathematical symbol PI) of a
mathematical genius .. breaking the code .. ("Dave VanHorn")
Re: question about PKI... ("Joseph Ashwood")
Re: UK publishes 'impossible' decryption law (Anthony Stephen Szopa)
Re: Period of cycles in OFB mode ("Scott Fluhrer")
Re: Guaranteed Public Key Exchanges (Mok-Kong Shen)
Re: UK publishes 'impossible' decryption law ("vrml3d.com")
Re: Somebody is jamming my communications -- this has been happening at least in
three separate communication ([EMAIL PROTECTED])
Re: Somebody is jamming my communications -- this has been happening at least in
three separate communication (Markku J. Saarelainen)
Re: Have you watched the movie "PI" (actually a mathematical symbol PI) (Scott
Ebsen)
Re: I'm returning the Dr Dobbs CDROM (Frank M. Siegert)
PKI's and CA's ([EMAIL PROTECTED])
Which compression is best? ([EMAIL PROTECTED])
Re: Which compression is best? (Thomas Pornin)
Re: Message to SCOTT19U.ZIP_GUY ([EMAIL PROTECTED])
Re: Message to SCOTT19U.ZIP_GUY ([EMAIL PROTECTED])
Re: Persistent vs Non-Per DH for Voice ([EMAIL PROTECTED])
RE: Continually Secure Password/Pin (Gary)
Re: Which compression is best? (Mok-Kong Shen)
Re: Somebody is jamming my communications -- this has been happening at ("Douglas
A. Gwyn")
Re: Period of cycles in OFB mode (Mok-Kong Shen)
Re: Period of cycles in OFB mode (Mok-Kong Shen)
help DES encryption ("mati")
----------------------------------------------------------------------------
From: "Dave VanHorn" <[EMAIL PROTECTED]>
Subject: Re: Have you watched the movie "PI" (actually a mathematical symbol PI) of a
mathematical genius .. breaking the code ..
Date: Fri, 11 Feb 2000 06:18:46 GMT
> I saw part of it and didn't like it either, but saying so on
> alt.politics.org.cia, soc.culture.russian, soc.culture.israel, alt.math,
> sci.crypt, and alt.2600 doesn't sound like a very good idea.
I DID trim my reply.
His selection of groups was based on some of the plot points in the movie.
> The idea that you can predict the stock market by breaking some sort of
> mathematical code hardly qualifies the subject for sci.crypt. It seems
more
> at home on the rec.gambling forums where folks debate the merits of
betting
> progressions.
That was one thing I didn't like about it.
They also used "the super chip" (almost as bad as "the disk" which is
supposed to fit whatever everyone is after.. :-P )
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: question about PKI...
Date: Thu, 10 Feb 2000 22:23:15 -0000
Search Counterpane for the analysis of SSL 3. It has the
details.
Joe
"Palmpalmpalm" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Thank you very much for kind suggestion.
>
> By the way, what do you mean by "SSL is under secure"?
>
> Sincerely,
>
> palm
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Thu, 10 Feb 2000 22:32:58 -0800
NoSpam wrote:
>
> Se also http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm
>
> "UK publishes 'impossible' decryption law"
>
> FLASH - FOR IMMEDIATE USE
>
> FOUNDATION FOR INFORMATION POLICY RESEARCH (www.fipr.org)
>
> =========================================================
>
> News Release Thurs 10th Feb 2000
>
> =========================================================
>
> Today Britain became the only country in the world to publish a law which
>
> could imprison users of encryption technology for forgetting or losing
>
> their keys. The Home Office's "REGULATION OF INVESTIGATORY POWERS" (RIP)
>
> bill has been introduced in Parliament: it regulates the use of
>
> informers, requires Internet Service Providers to maintain "reasonable
>
> interception capabilities", and contains powers to compel decryption
>
> under complex interlocking schemes of authorisation.
>
> Caspar Bowden, director of Internet policy think-tank FIPR said, "this law
>
> could make a criminal out of anyone who uses encryption to protect their
>
> privacy on the Internet."
>
> "The DTI jettisoned decryption powers from its e-Communications Bill
>
> last year because it did not believe that a law which presumes someone
>
> guilty unless they can prove themselves innocent was compatible with the
>
> Human Rights Act. The corpse of a law laid to rest by Stephen Byers
>
> has been stitched up and jolted back into life by Jack Straw"
>
> Decryption Powers: Comparison with Part.III of Draft E-Comms Bill (July 99)
>
> ------------------------------------------------------------------------
>
> The Home Office have made limited changes that amount to window-dressing,
>
> but the essential human rights issue remains:
>
> (Clause 46): authorities must have "reasonable grounds to believe" the key
>
> is in possession of a person (previously it had to "appear" to authorities
>
> that person had a key). This replaces an subjective test with one requiring
>
> objective evidence, but leaves unaffected the presumption of guilt if
>
> reasonable grounds exist.
>
> (Clause 49): to prove non-compliance with notice to decrypt, the prosecution
>
> must prove person "has or has had" possession of the key. This satisfies the
>
> objection to the case where a person may never have had possession of the
>
> key ("encrypted e-mail out of the blue"), but leaves unchanged the essential
>
> reverse-burden-of-proof for someone who has forgotten or irreplaceably lost
>
> a key. It is logically impossible for the defence to show this reliably.
>
> HUMAN RIGHT CHALLENGE "INEVITABLE"
>
> ==================================
>
> As part of the consultation on the draft proposals last year FIPR and
>
> JUSTICE jointly obtained a Legal Opinion from leading human rights
>
> experts (http://www.fipr.org/ecomm99/pr.html) which found that requiring
>
> the defence to prove that they do not possess a key was a likely breach of
>
> the European Convention of Human Rights.
>
> Mr.Bowden commented, "following the recent liberalisation of US export
>
> laws, as tens of thousands of ordinary computer users start to use
>
> encryption, a test-case looks inevitable after the Human Rights Act comes
>
> into force in October."
>
> R.I.P. RESURRECTS KEY ESCROW BY INTIMIDATION ?
>
> ==============================================
>
> Bowden said: "after trying and failing to push through mandatory
>
> key-escrow, then voluntary key-escrow, it now looks like the government
>
> is resorting to key-escrow through intimidation."
The UK can go to wherever the hell it thinks its destiny will be
fulfilled.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Period of cycles in OFB mode
Date: Thu, 10 Feb 2000 22:48:23 -0800
Tim Tyler <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> It appears to me that when using most block cyphers in OFB mode, there
> will exist both weak keys (keys where there exists no period anywhere
> near 2^n in length), and - for the vast mayority of keys - there
> will be weak IVs (IVs that happen to hit on a shorter-than normal
> cycle).
>
> I am interested to learn about what efforts (if any) have been made
> to avoid these problems in block cyphers in OFB mode.
Well, one obvious approach would be to add in a step counter after every
encryption step. That is, (if X(n) is the internal state at step n), turn:
X(n+1) = Encrypt( X(n) )
into
X(n+1) = Encrypt( X(n) ) + n
where the above + is either xor, or addition modulo the block size.
Then, cycles are impossible (if X(n) = X(m) for some n!=m, then
X(n+1) != X(m+1) )
In addition, since n is well known to the attacker, this will not allow any
additional attacks on the encrypt function, because the attacker is given
equivilant information at each step.
>
> It seems to me that the problems are specific to OFB mode. I don't know
> how much attention has been paid to them as a consequence.
Well, AFAIK, OFB is hardly ever used, so it's not surprising that
any results concerning it are relatively obscure.
> I'm aware that it's /possible/ to get an OFB cycle length of 2^m.
>
> Do folks know if any serious block cyphers demonstrably do this?
Off the top, it doesn't seem too likely. Most block cipher designs try
hard at acting like a random permutation. To have n, X(n), X(X(n)),
X(X(X(n))), ... be all distinct places some serious mathematical
constraints on X, which means you know a lot more about it's internal
structure than 'it's random'.
--
scott
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Guaranteed Public Key Exchanges
Date: Fri, 11 Feb 2000 08:19:32 +0100
No Brainer wrote:
>
> I was actually wanting to exchange public keys via e-mail over the Internet
> and solve the "man in the middle" attack. Paul's reply provides the answer;
> basically I need a secure "out of band channel" to set up the original
> secret...however I thought there may be some kind of protocol whereby two
> people unknown to each other can exchange public keys and retain integrity.
As far as I know, you could only 'approximately' not 'absolutely'
solve your problem, in that either you have a third party certifying
the public key, eventually via a hierachy of trust centers, or have
so-to-say the 'public' (this could in the special case simply be
one person) certifying that, i.e. in the art of the web of trust of
PGP. (Interestingly the two approaches could be compared to
centralized vs. distributed computing.) There has to be somewhere
some trust, i.e. something on which you put your (subjective,
hopefully not blind) faith on, and that's something one can have
no prove (by definition).
By the way, proving some person A to be indeed A is impossible in the
absolute sense (by definition) as has been pointed out by others.
I like to add that in the practical world there are cases where persons
use (genuinely issued) identity cards or passports of others who
are either dead or for some reasons 'sacrifice' their own identity
to the 'bearers' of their names.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "vrml3d.com" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Fri, 11 Feb 2000 03:14:07 -0500
>
> could imprison users of encryption technology for forgetting or losing
>
> their keys.
Ummm... does that mean it would be illegal to posess a file full of random
numbers? Such a file would be indistinguishable from an encrypted file, and
when asked to produce the "key" you would invariable come up short. Oh no!
The radio is making static again! quick, throw it out the window. :)
--Steve
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Subject: Re: Somebody is jamming my communications -- this has been happening at least
in three separate communication
Date: Fri, 11 Feb 2000 07:28:00 GMT
In article <[EMAIL PROTECTED]>,
"Markku J. Saarelainen" <[EMAIL PROTECTED]> wrote:
>
> This is real ... and on live .. actually happening ...
>
> Somebody is jamming my communications -- this has been happening at
> least in three separate locations ..
Must be your usual vilains: Jews.
> In addition, at one night, when I was in one location and had just
> finished uploading the board of the Game of General (M) and clicked to
> access the board, the whole LAN came down ...
>
> I suppose the CIA / NSA has initiated the information operation ....
> right .. ?
Of course. The whole $10 billion CIA budget is slotted to janning you
and Amigocalal and your world-shaking revelations.
> If so .. suck my dick ...
They would if they had a powerful enough microscope.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.politics.org.cia,soc.culture.russian,soc.culture.israel
Subject: Re: Somebody is jamming my communications -- this has been happening at least
in three separate communication
Date: Fri, 11 Feb 2000 08:04:11 GMT
Whoever they are, they have technologies to shutdown a LAN of a moderate
size public facility within seconds ...
Any way .. always willing to travel around the world within one day ..
http://www.jta.org/3logo.gif
and I sure like those embassies .... :)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Scott Ebsen <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.israel,alt.math,alt.2600
Subject: Re: Have you watched the movie "PI" (actually a mathematical symbol PI)
Date: Fri, 11 Feb 2000 01:21:31 -0800
Way to blow the ending!
"Markku J. Saarelainen" wrote:
>
> Have you watched the movie "PI" (actually a mathematical symbol PI ..
> sorry my keyboard does not have that symbol ..) of a mathematical genius
> .. most likely not available from a regular popular movie section, but I
> suggest all you out there to watch it .. it is the piece of genius
> itself ... the movie is about a mathematician and his willingness to
> break the code to predict exactly the movement of the stock exchange(s)
> ... it is really an excellent piece of work ... unfortunately in the end
> the person became so disturb that he had to drill the hole to his head
> ... and this movie is a real movie ...
------------------------------
From: Frank M. Siegert <[EMAIL PROTECTED]>
Subject: Re: I'm returning the Dr Dobbs CDROM
Date: Fri, 11 Feb 2000 03:50:42 +0100
In article <87v03c$pfm$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> That comment spawned many responses about how to deal with bit maps,
> scanned images, and even compressed FAX pixels, but never answered a
> question that leaped out at me.
>
> If the contents are only scanned images, then how can you "search and
> cut-and-paste the text"?
You underlay the FAX image with text in a MM font which is invisible,
this way you have:
1. perfect display as all the user see is the image
2. search/index and copy/paste features.
To create the text you can run an OCR pass on the page image, it must not
be perfect only sufficient that search/copy&paste are useful.
--
* Frank Siegert * frank@this<SPAMBLOCK>.net
* http://www.this.net/~frank
------------------------------
From: [EMAIL PROTECTED]
Subject: PKI's and CA's
Date: Fri, 11 Feb 2000 09:46:48 GMT
I am trying to understand PKI and the role of the
CA's, toolkits etc. Here are a few of my queries,
can any one help?
1) To have use PKI technology you need CSP's.
Where do these come from (not who makes them). Do
they get installed when you go to the CA?
2) When logging on to send a secure message how
can the computer verify that it is you by any
more than a password and therefore bypass the
main problem that "passwords are notoriously easy
to crack".
3) When a secure message is sent is everything
verified with the CA at the time? And the
recievers CA?
4) do CA's sell the "middleware" or "toolkits" so
the PKI may be used across applications
As you can probably tell I am rather confused!
Any help oon any of these issues or other related
issues that you think are important would be very
much appreciated.
Thank you
Philly
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Which compression is best?
Date: Fri, 11 Feb 2000 10:10:32 GMT
As I've read here, it's good to compress before you encrypt the data. Now
I've got 2 questions about this:
1) From a security perspective, how important is compression? Is prior
compression just a kind of "weak enhancement" or is considered it an
integral part of the encryption process as a whole?
2) Are there special compression algorithms that are specifically well-
suited in combination with block cyphers? Is any of the standard
algorithms as good as the other? (I don't mean in compressing of course,
but in security matters dependant on my first question)
Best,
John Stone
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: Which compression is best?
Date: 11 Feb 2000 10:51:55 GMT
According to <[EMAIL PROTECTED]>:
> 1) From a security perspective, how important is compression?
Rather unimportant. If your cipher is weak when used without
compression, you should not use it anyway. And if your cipher is not
weak, there is no security implication in the choice of one algorithm
over another (otherwise this would be considered as a weakness of the
algorithm).
But it is always good to compress data before encryption, for the sake
of bandwidth. After encryption, the data looks mainly random (if the
cipher is correct) and no compression algorithm will do anything good
with it. So, if the data is to be compressed at all, this must be done
before encryption.
--Thomas Pornin
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Message to SCOTT19U.ZIP_GUY
Date: Fri, 11 Feb 2000 10:49:37 GMT
Could you please READ Your Original Message which I searched for and
Posted in this THREAD...Above...This was your original Post way
back....I would like you to read it and clarify the points you raise
there.....
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Message to SCOTT19U.ZIP_GUY
Date: Fri, 11 Feb 2000 10:51:59 GMT
> To my ears, the description quoted at the top sounds like an extremely
> garbled version of DS's recommendation of a method get diffusion of
> plaintext information through the entire message by applying adaptive
> compression programs "in both directions" through the file - in the
> absence of any better whole-message diffusion scheme.
>
I POSTED DAvid's Original Message in this thread above. Look at it
...and respond accordingly...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Persistent vs Non-Per DH for Voice
Date: Fri, 11 Feb 2000 11:02:36 GMT
In article <[EMAIL PROTECTED]>,
Mike Rosing <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> >
> > A number of Voice encryption systems (PGPFone etc)have been
developed in
> > the past using Non-Persistent DH using Secret Sharing to ensure
Forward
> > Secrecy. The DH keys are volatile and last only for the session
> >
> > I would like to know, if the technology of using Persistent Keys (
DH or
> > RSA) is more secure for voice communications or a better method
> > (authentication, Integration with digital certs etc).
>
> Bad idea. If you call the same person you want a different session
key
> each time for maximum security.
By session key, you mean the DH ephemeral key which in turn creates a
session key using a symetric cipher...
OK...it may be more secure, but what about the setup time each time a
call is made...and man in the middle attack...
Is this techqnique widely used in two way real time communications?
>
> > One can envision using a smart card with Secret/Public key pairs for
> > encryption and authentication.....
> >
> > Would like input on these two approaches...
> >
> > The recent starium startup seems to go for the first approach....But
> > that is just a hint..they have not published any details...they have
a
> > smart card, I guess for authentication only.
>
> Something like the MQV algorithm would work pretty well with this.
> Use the permenent key for authentication (generated at the shop where
> the card is purchased) and ephemeral key for creating the session key.
>
Any references to the MQV algorithm?...I cant find any papers or source
code....if you have any URL, I would be glad to have them...thanks
> It's been 6 years since the MQV algorithm was first implemented, and
> no patent has issued yet (although it's claimed one is being pursued).
>
Certicom?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Gary <[EMAIL PROTECTED]>
Subject: RE: Continually Secure Password/Pin
Date: Fri, 11 Feb 2000 06:22:52 -0500
>===== Original Message From [EMAIL PROTECTED] =====
>Here are some weaknesses:
> - It's easy to do a denial-of-service attack by causing the user and
> server to get out of sync (this can also happen accidentally).
This is cured by reading the servers current hash then sending the pre
image.
I think the system is useful for game servers where users don't want their
scores or state of play messed about with by impersonators.
============================================================
Get your FREE web-based e-mail and newsgroup access at:
http://MailAndNews.com and http://MailAndNews.co.uk
Create a new mailbox, or access your existing IMAP4 or
POP3 mailbox from anywhere with just a web browser.
============================================================
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Which compression is best?
Date: Fri, 11 Feb 2000 12:35:10 +0100
[EMAIL PROTECTED] wrote:
>
> 1) From a security perspective, how important is compression? Is prior
> compression just a kind of "weak enhancement" or is considered it an
> integral part of the encryption process as a whole?
Compression reduces the redundancy and hence aids (or should aid) in
enhancing the difficulty facing the analyst. The question of
importance can't be separated from 'subjectivity'. The fact that
compression is not always used in encryption clearly indicates this.
If your belief in the strength of the proper encryption algorithm
you use is sufficiently strong, you would very probably not take
the trouble to consider any means of (possibly) obtaining additional
strength. (Of course, compression reduces the transmssion cost.)
> 2) Are there special compression algorithms that are specifically well-
> suited in combination with block cyphers? Is any of the standard
> algorithms as good as the other? (I don't mean in compressing of course,
> but in security matters dependant on my first question)
My very humble knowledge does not suffice to answer the first
question. Hopefully, someone else would be able to give you the
right informations. The answer to the second question is probably
'NO'. This can be indirectly seen in the compression issue itself.
For image compressions at least, it couldn't be said that a single
algorithm is always the best (for all kinds of images). If you
consider compression and encryption to be orthogonal (though somewhat
complementary) to each other, a viewpoint that I personally have,
then a good stategy is to use a compression scheme that in general
results in higher compression in the type of messages you send
(preferrably avoiding those schemes, though, that render the
decompression task one of the kids, so to say).
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Somebody is jamming my communications -- this has been happening at
Date: Fri, 11 Feb 2000 11:34:25 GMT
"Markku J. Saarelainen" wrote:
> Whoever they are, they have technologies to shutdown a LAN of a
> moderate size public facility within seconds ...
I don't suppose it's even slightly possible that your network
got hosed for the usual reasons and not some conspiracy?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Period of cycles in OFB mode
Date: Fri, 11 Feb 2000 12:50:19 +0100
Scott Fluhrer wrote:
>
> Well, one obvious approach would be to add in a step counter after every
> encryption step. That is, (if X(n) is the internal state at step n), turn:
>
> X(n+1) = Encrypt( X(n) )
>
> into
>
> X(n+1) = Encrypt( X(n) ) + n
>
> where the above + is either xor, or addition modulo the block size.
> Then, cycles are impossible (if X(n) = X(m) for some n!=m, then
> X(n+1) != X(m+1) )
Every sequence computed in the space of the finite block size
cannot have a period length of infinite. So I wonder how could
'cycles are impossible' be possible?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Period of cycles in OFB mode
Date: Fri, 11 Feb 2000 12:50:12 +0100
Tim Tyler wrote:
>
> In researching such questions, I uncovered what /appears/ to be an error
> in Schneier's "Applied Cryptography".
>
> On P.205, in a section called "Security problems with OFB", he writes:
>
> ``When the feedback size equals the block size, the block cypher acts as
> a permutation of m-bit values (where m is the block length) and the
> average cycle length is 2^m - 1.''
>
> I believe the expected cycle length will be 2^(m - 1), and *not* 2^m - 1.
>
> The proof of this is not quite trivial. I'll provide it only if it is needed.
If your proof is rigorous, I'll appreciate to see that.
M. K. Shen
------------------------------
From: "mati" <[EMAIL PROTECTED]>
Subject: help DES encryption
Date: Fri, 11 Feb 2000 12:04:28 GMT
Hi,
i am trying to implement the DES algorithm. I have use the des-how-to by
Matthew Fischer. I have completed the coding but it doesn't give me the good
result.
Could someone provide me DES encryption examples with step by step results
(subkeys, R[i], L[i], etc.) in order to locate the problems?
many thanks in advance
David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
