Cryptography-Digest Digest #129, Volume #11 Tue, 15 Feb 00 17:13:02 EST
Contents:
Re: What are these Rot-45, Rot-13, Rot-5 algorithms? (John Savard)
Re: Has some already created a DATA DIODE? (John Savard)
Re: Large Floating Point Library? (Mok-Kong Shen)
Re: WW2 Cypher Yet Unbroken ... ([EMAIL PROTECTED])
Re: Basic Crypto Question 3 (Mok-Kong Shen)
Re: Basic Crypto Question 3 (Mok-Kong Shen)
Re: Basic Crypto Question 3 (Mok-Kong Shen)
Re: ECDSA added to DSS (DJohn37050)
Re: Basic Crypto Question 3 (David Wagner)
Re: Predicting the next random number (Jim)
National Security Strategy, USA and Economic / Business Intelligence (William
Nelson)
Re: Has some already created a DATA DIODE? (lordcow77)
Re: Basic Crypto Question 3 (Mok-Kong Shen)
Re: Has some already created a DATA DIODE? (Tom St Denis)
Re: National Security Strategy, USA and Economic / Business Intelligence (Mok-Kong
Shen)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ("XruinerX")
Re: Does the NSA have ALL Possible PGP keys? (Derek Bell)
Re: Latin Squares (was Re: Reversibly combining two bytes?) ("r.e.s.")
Re: Textbook Exercises (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What are these Rot-45, Rot-13, Rot-5 algorithms?
Date: Tue, 15 Feb 2000 12:10:17 GMT
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote, in part:
>The extended rot routine works on printable ASCII. You drop the space
>(because it is not reliably transmitted) and the tilde (because you need an
>even number), and you have 94 characters. Rotation by 47 within the set is
>invertible. Thus rot-47.
>Note that for all rot functions it is important that the space be even so
>that the receiver does not have to wonder about rotl and rotr variants.
My guess, then, is that Rot-5 is combined with Rot-13, and
independently scrambles all the _digits_ in a piece of text when they
contain the important information to be temporarily obscured.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Has some already created a DATA DIODE?
Date: Tue, 15 Feb 2000 12:07:02 GMT
[EMAIL PROTECTED] (Terry Ritter) wrote, in part:
>Only partly: Obviously a combiner must be balanced. Across each
>possible input value, each particular result must occur the same
>number of times. But there is more, in that the linear relationships
>in the driving system must be obscured.
I will admit that the MacLaren-Marsaglia technique doesn't really
qualify as a _combiner_. It uses a supplementary keystream to improve
and obscure the characteristics of a primary keystream, but the
supplementary keystream doesn't participate on an equal footing.
Of course a single stage of M-M may be weak by itself, just as an LFSR
is definitely weak by itself. Two-round DES is weak too. But every
cipher is built up from primitives that, standing alone, are weak. The
M-M technique is, I believe, a very useful and powerful primitive that
is unjustly neglected at present.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Large Floating Point Library?
Date: Tue, 15 Feb 2000 20:32:50 +0100
Bob Silverman wrote:
>
> Yes. Richard Brent's MPP library. It even contains multi-precision
> versions of quite a few transcendental functions.
D Smith's work is a successor of Brent's, if I don't err.
M. K. Shehn
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: WW2 Cypher Yet Unbroken ...
Date: Tue, 15 Feb 2000 19:27:00 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On 28 Jan 2000 05:09:46 -0000, [EMAIL PROTECTED] wrote:
>
> >
> >
> >
> >This may very well be an old, done-by-hand version of a One Time Pad.
> >This particular version uses a random table of 5 digit numbers which
is
> >added to each character of a message, one letter per 5 digit number.
> >Here's an example:
> >
> >Suppose the first number in the pad is 12345. Now, we encrypt the
> >letter A, which has a value of 1, by adding it to 12345, thus the
> >resulting ciphertext is 12346.
>
> Horribly bulky cipher! Plaintext length x 5.
>
> --
> Jim,
> nordland at lineone.net
> amadeus at netcomuk.co.uk
>
Well, I'm not the one who came up with this. I merely read about it
somewhere and I'm relaying it to you.
csybrandy
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 21:00:02 +0100
wtshaw wrote:
>
> It may well be that weakness of certain combinations are best seen with
> other than unique keys. Knowing the answers is not a penalty, but an
> advantage in trying to understand interaction. It may be that there are
> not similar keys, but complementary keys that conspire against full
> combined strength.
The probability of using such complementary keys by chance is
presumably extremely small. A stupid question: Should we take that
risk seriously or not in practice?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 21:00:23 +0100
John Savard wrote:
>
> The point was that this was a general condition that prevents a
> cipher, if it is maliciously designed in a way I am not aware of, from
> having the opportunity to conceal information that subverts the
> security of the system. As long as the lengthened ciphertext can be
> effectively decomposed into two parts, one that is equal in size to
> the original message, and another part which is varied under the
> control of a trusted source of random numbers, systems of
> probabilistic encryption can be used.
>
> It is just a specific condition for a specific case, not an attempt to
> say that ciphers which expand the plaintext are "bad". It's just that
> it's easier to see, and simpler to prove, that certain funny things
> don't happen if there's no room to do them in.
A stupid question: How would one place those homophone encryptions
that expand the plaintext (in terms of number of bits) in the above
contexts?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 21:09:00 +0100
[EMAIL PROTECTED] wrote:
>
> What I am getting here is that mixing ciphers of different block size,
> key lengths in a cascade is ok. As Bruce mentioned in his thread, use
> twofish on a 128 bit block, then in parallel 2 64 bit ciphers.
>
> No one has said if its stronger or weeker or no comment to mix the
> ciphers with different parameters, then say keeping all the ciphers in
> the cascade homogenised (same blocksize, key length , rounds etc).
I am afraid that there is a little semantic problem with your issue.
'Stronger or weaker' with respect to what? Before that reference
base is defined (the choice could be difficult), the issue of stronger
or weaker cannot be clearly discussed. Thus it seems understandable
that nobody has yet said anything about that.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: ECDSA added to DSS
Date: 15 Feb 2000 20:15:00 GMT
If one looks at the public comments, one can see that many organizations wanted
ECDSA added.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Basic Crypto Question 3
Date: 15 Feb 2000 12:16:12 -0800
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
> While it is important to find out all the possible pitfalls of cipher
> cascades, I don't think that people ought to be scared away from using
> them: these difficulties are largely theoretical, as long as one isn't
> allowing an attacker to pick any part of the cascade one is using.
Yes, that's right. Or, at least, that agrees with my intuition, anyway.
(And, if I recall correctly, that's basically what Bruce Schneier said, too.)
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: Predicting the next random number
Date: Tue, 15 Feb 2000 20:30:34 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 15 Feb 2000 04:29:02 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] wrote:
>> Hey, I was just curious, but if someone came up with a way to predict
>> the numbers from ANY pseudo random number generator, would the NSA
>> come and take them away for some reason that I can currently fathom???
>
>No. Why would you think they would?
>
>Of course, your hypothesis is a fantasy anyway.
Surely if you know how the PRNG was seeded, you can predict
the number stream?
--
Jim,
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: William Nelson <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.europe,soc.culture.israel,soc.culture.russian
Subject: National Security Strategy, USA and Economic / Business Intelligence
Date: Tue, 15 Feb 2000 20:40:10 GMT
Regular people just do not understand, but the National Security
Strategy of the USA is based very heavily on the economic security and
the implementation of the intelligence strategy in which a key element
of the whole global intelligence cycle is electronic business
intelligence. There are companies that are focussing purely on the
collection and analysis of electronic business intelligence (all forms
of the intelligence). There are systems in place to be implemented in
the future in many regions of the world that have already been
implemented in the USA. These are elements of the USA's strategic
intelligence initiatives. Often also called the system of systems -
actually I have also the model of intelligence islands to describe their
arrangements. So whatever you know now about the Internet and its
intelligence acquisition methods and techniques, these have been known
for years by specific security and intelligence groups working for
certain multinational corporations before these matters ever became the
public knowledge. Actually, one of my key objectives in 1999 was also to
influence European parliamentary and other members to improve the
information security in Europe and protect European business
intelligence. Since March and April, 1999 I have communicated with many
European governmental people. My email address that was taken to use in
April, 1999 was [EMAIL PROTECTED] that is Markku Saarelainen European
Leadership Institute. Got the picture. The objective is to eliminate the
leadership of the USA's intelligence collection and its systems. I
actually learned very good developments initiated by one ex-Finance
Minister of FInland in the European Parliament.
------------------------------
Subject: Re: Has some already created a DATA DIODE?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Tue, 15 Feb 2000 12:51:44 -0800
L'Ecuyer has made considerable progress in analysing the
combination of multiple LCGs. He proves that as long as the
modulus of the different LCGs are relatively close together, the
combination can be arbitrarily well approximated by a LCG with
modulus no larger than the product of the individual moduli
times some constant factor.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Basic Crypto Question 3
Date: Tue, 15 Feb 2000 22:03:21 +0100
Bruce Schneier wrote:
>
> As a final word of caution, please remember that in any practical
> cryptgraphic implementation, errors in the software, hardware,
> implementation, and use are far more likely to cause insecurity than
> the block cipher is. Devoting energy to making everything else secure
> is much more useful than taking an already-secure block cipher and
> making it even more secure.
It cannot be overemphasized that for crypto software engineering
the criteria for assuring good quality implementation should be
extremely stringent. However, this should go hand in hand with good
quality of the algorithm design itself, in particular with respect
to documentations, I suppose.
Yes, one often, while taking an extremely 'critical' standpoint with
respect to strength of algorithms, tends to oversee/underestimate
'other' risks that exist in the environment in which crypto algorithms
are used (as one constituent only), for instance the issue of
liability of the operating system to hacking or the issue of
fraudulent insiders.
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Has some already created a DATA DIODE?
Date: Tue, 15 Feb 2000 20:52:46 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote, in part:
>
> >AlgM is a good place to start, just don't use LCG's as the underlying
> >PRNG. AlgM with two 'long' Fibonacii generators is secure.
>
> His method doesn't seem to be too different from MacLaren-Marsaglia:
> here, the choice is between one of many seed values, but the seed
> values are only advanced when used.
>
> LFSRs and LCGs are insecure for the same reason, both being linear, so
> I don't think it matters which one you use for MacLaren-Marsaglia.
>
> The literature references to MacLaren-Marsaglia generators being
> cracked involved short-period LCGs, where the entire output, including
> the LSBs, with periods down to two, was used in the output stream, so
> I don't think they can be used to support a conclusion that the
> technique ought to be abandoned. However, I would recommend, at a
> minimum, a technique like this: have _two_ MacLaren-Marsaglia
> generators, and use the XOR of their output as input to a _third_
> buffer.
>
> I have little fear that this kind of technique will suddenly be proven
> insecure. However, the PRNGs used for the three buffers must have
> rel-prime periods.
The problem I have is, what does this have todo with when you use a
LFG? I understand that LCG/LFSRs normally have very little state
information, but in a LFG you have n * k bits [n is the number of
words, and k is the bits per word]. There are 2^(k-1)(n-1) full length
cycles and each cycle is (2^(k-1))(2^n - 1) outputs long.
This is much larger, longer and more complex then a LFSR or LCG. Even
so you should tap the upper msb's from the LFG when stepping [since
they have the longest period].
So I ask again [this is an open question], how do you attack AlgM using
two [properly constructed] long period LFG's? [long period would be
something over 2^100 outputs...]
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: National Security Strategy, USA and Economic / Business Intelligence
Date: Tue, 15 Feb 2000 22:21:06 +0100
William Nelson wrote:
>
> Leadership Institute. Got the picture. The objective is to eliminate the
> leadership of the USA's intelligence collection and its systems. I
> actually learned very good developments initiated by one ex-Finance
> Minister of FInland in the European Parliament.
Does 'eliminate the leadership ....' mean that other countries
should follow suit in collecting economic/business intelligence?
Isn't there a question of some moral nature? I guess it probably
might be better instead to take measures (one being to develop strong
crypto, which concerns this group, and make them generally available
to the public, presupposing absolute freedom of crypto usage) to
redender such intelligence collection futile.
M. K. Shen
------------------------------
From: "XruinerX" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Tue, 15 Feb 2000 16:19:45 -0500
It's not a mirror. www.rsa.com and www.rsasecurity.com both resolve to the
same IP address, 205.181.76.22. They would be exactly the same unless your
company is running completely identical virtual hosts on the same server for
each different domain. If the other comments in this newsgroup are true,
your site was not hacked. It would appear to be a matter of DNS spoofing
(only for the www.rsa.com site however).
XruinerX
https://128.253.163.111
"Bob Silverman" <[EMAIL PROTECTED]> wrote in message
news:889cqc$pkl$[EMAIL PROTECTED]...
> In article <889b4k$o9p$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Bob Silverman seems to have written:
> > > Will anyone trust YOU now???
> > >
> > > Our website address is www.rsasecurity.com and has been so
> > > for some time. www.rsa.com is no longer a valid URL.
> >
> > So why is it mirrored as an exact duplicate at www.rsa.com then? Why
> > isn't www.rsa.com marked as an invalid adress.
>
> Hi,
>
> I don't run the web site, but I believe that the mirror site will be
> phased out over time. I only wanted to point out that it was the mirror
> that was hacked. It is quite possible that we did not (or do not) take
> the same security precautions with the mirror site as with the primary,
> since the mirror site is not permanent (or so I understand).
>
> I will try to find out exactly what happened.....
>
> Bob
>
>
> I cannot confirm the hack
> > the original poster was talking about, but it seems a bit odd to me to
> > reply that www.rsa.com is no longer valid while it apparently is
> directly
> > mirrored from www.rsasecurity.com.
> >
> > Or do you want to tell us that its not YOU who is mirrowing the site?
> >
> > And just for curiosity: Can anyone confirm the hack on www.rsa.com or
> was
> > this a hoax?
> >
> > Regards,
> >
> > John Stone
> >
> >
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
------------------------------
From: Derek Bell <[EMAIL PROTECTED]>
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: 15 Feb 2000 21:43:29 -0000
In sci.crypt tiwolf <[EMAIL PROTECTED]> wrote:
: Did I say government is god, only that many in government wish to control
: god-like power. They would really like to be all knowing, but they will
: settle for reading everyone email.
The ability to read all ciphers is a godlike power. Ever hear of
a One Time Pad?
Derek
--
Derek Bell [EMAIL PROTECTED] | Socrates would have loved
WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: Latin Squares (was Re: Reversibly combining two bytes?)
Date: Tue, 15 Feb 2000 13:52:19 -0800
"Michael Wojcik" <[EMAIL PROTECTED]> wrote ...
:"r.e.s." <[EMAIL PROTECTED]> writes:
[...]
: >> *presumably* not all PRT squares are Lsquares.
:
: Maybe I'm missing something, but why wouldn't all
: PRT squares be Latin Squares?
[...]
Sorry! I meant to say just the reverse, viz.,
"*presumably* not all Lsquares are PRT squares."
--
r.e.s.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Textbook Exercises
Date: Tue, 15 Feb 2000 15:03:01 GMT
[EMAIL PROTECTED] (Doug Stell) wrote, in part:
>On Tue, 15 Feb 2000 12:21:37 GMT, [EMAIL PROTECTED]
>(John Savard) wrote:
>>The point of a secure hash function is that no two messages that
>>differ will hash to the same value - except by a coincidence that is
>>very hard to find; as hard as cracking a cipher. So without the
>>padding, there would be a case of two different messages that will
>>hash the same which is easy to spot.
>Huh?
If messages of exactly 2560 bits are not padded, but messages of 2499
bits are padded out to 2560 bits in length, then for any given
2499-bit message, there will exist a 2560-bit message having the same
hash. The 2560 bit message consisting of the 2560 bits the 2499-bit
message was padded to.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
