Cryptography-Digest Digest #131, Volume #11 Wed, 16 Feb 00 01:13:01 EST
Contents:
Re: decryption (Arthur Dardia)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) ("Douglas A. Gwyn")
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: Disregaurd last post Re: Newbie - Determining encryption Bit Level ("Brian Bosh")
cryptographic puzzlers protocol ("W. Martin")
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: Does the NSA have ALL Possible PGP keys? (W A Collier)
Re: decryption (JPeschel)
Re: cryptographic puzzlers protocol (Ralph Hilton)
Re: decryption (David A Molnar)
Re: source code export laws (wtshaw)
Re: decryption (Jim Gillogly)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (Tony L. Svanstrom)
Re: OTP practical implementation (Johnny Bravo)
Re: What are these Rot-45, Rot-13, Rot-5 algorithms? (John M. Gamble)
----------------------------------------------------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: decryption
Date: Tue, 15 Feb 2000 21:39:05 -0500
Pereira wrote:
> Hi I need some help! I have a cryptology course and I have no clue what
> I'm doing. Can someone help me decrypt this message!
>
> pegarvlywieeijbagfacmoxzcwwdqrizwzsmtibtintseupcuzvpxytfvxmetuifespjmeiikzkqw
>
> sxktagbtiizhwaratfrhvmmwztiktirevzmrupcwfpvhjeavbiyizqrcpwflvgfxfmfcjnnxcdtsqvn
>
> lnjuxcdtsqvtddizhwaratfrhveiawaratfrhvkaqrgvxmvkdwizinlrdqswpgxxmtpkqarjtidugv
>
> eiwhmutiaflrigzazzsveqfspjmpzvgjqarjdwibtcxtifmfcjqzxyxjkmwvqfbtfzicwoovgrvpjcp
>
> jpnejtrzqseazvqhrirjmwvhznkslsfvfqzcubtekjjmdwjtvjmretiipwnwvvflvnlaqcfjinavdhsw
>
> fljtidugvhrzqechfndivbrsurxiymmtggfiolgtinqgkufzagtpjqarralaqvjifoqxixuwrxytrlecfjyih
>
> ikdgikjfgkpqwvgmqoirnvidjfgsqfpfrbmdwggfnqwjxfvmpgptsmkvpelmqfckprsiucielspj
>
> metitdqqvggfodedpjeuxypegiisqraqhjtkcbxzbvqeyeqvifesavjaxyhzbqwctkcehvuzvqay
>
> pkqzjfgdifmfc
>
> Please help!
>
> Stacey
According to VCrack (search for it at any search engine), it "may not be encrypted."
Try
to remember whatever you've been working on in class and then work backwards, but then
again, I'm only in high school, and I have no idea how cruel college professors can be.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Wed, 16 Feb 2000 03:12:24 GMT
"Tony L. Svanstrom" wrote:
> Exactly, so by having a cpl of "bad guys" bring the business using
> the Internet to their knees the lost money will force companies to
> do something about the security.
You haven't been in this business very long, have you?
Every major Internet site has been attacked (hopefully not
successfully) several times per day for several years now.
Sometimes there is even a brief flurry of media attention,
some speeches are made, new patches and kludges are devised,
then it all settles back down to business as usual.
Two things will be needed to really solve the Internet
security problem: Re-engineering of authentication protocols
by network security experts, plus their rigorous universal
application; and a "flag day", after which the old protocols
will not be honored by hosts, routers, etc. in the new secure
Internet. The first part has been partially addressed by IPv6,
although there is a lot more needed. As to a "flag day", it
cannot occur without clear network authority say-so, and that
is nearly impossible with the current method for making
Internet decisions. It might be necessary to start all over,
with the necessary mechanisms and procedure in place for a
parallel, secure internetwork. (There actually are some
parallel networks in use, but to the extent they rely on old
Internet protocols, they still have security flaws.)
Note: there is nothing that can be done to keep users from
doing stupid things that affect their own security. What is
needed is a system that guarantees that such actions do not
adversely affect the rest of the network.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 22:40:38 +0000
On Tue, 15 Feb 2000 00:24:02 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>I don't care about prime numbers,
So your opinion is "anything is possible for the government, even those
things which are impossible." Let me guess, you are posting from
misc.survivalism, and you think the government has unlimited godlike
powers.
You've already admitted that you don't have a single clue about the
topic under discussion. Why you feel this makes your opinion more
informed than actual fact is beyond me. You should have quit while you
were ahead.
Johnny Bravo
------------------------------
From: "Brian Bosh" <[EMAIL PROTECTED]>
Subject: Re: Disregaurd last post Re: Newbie - Determining encryption Bit Level
Date: Tue, 15 Feb 2000 20:57:26 -0700
This is the main code for encryption in my program...
IF Action = 1 THEN
FOR X = 0 TO 256 ^ 2
IF X = 0 THEN SinLineEncrypt TE$, Key$
IF X > 0 THEN SinLineEncrypt "%/E", "external" +STR$(X)
NEXT X
END IF
By my calculations, this number is minute. Can you tell me how strong of
encryption this would offer?
Brian
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Brian Bosh" <[EMAIL PROTECTED]> wrote, in part:
>
> >DAMN IT, I'm not thinking!
>
> >Like Secure sites like Amazon use 128 Bit encryption (Not KBPS!)!
>
> Ah, if that's what you mean, 128 bit encryption means that the _key_
> used for the encryption is 128 bits long. More specifically, the key
> for the symmetric-key portion of the encryption is 128-bits long.
>
> That means that there are 2 raised to the 128th power possible
> different keys for that encryption, and so that is a measure of how
> hard it is for someone to decode your messages just by guessing the
> right key or trying every key till they find the right one.
>
> 2 to the 10th power is 1,024, so 2^120 is about 10^36, so 2 to the
> 128th power is more than
> 256,000,000,000,000,000,000,000,000,000,000,000,000.
>
> John Savard (jsavard<at>ecn<dot>ab<dot>ca)
> http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "W. Martin" <[EMAIL PROTECTED]>
Subject: cryptographic puzzlers protocol
Date: Wed, 16 Feb 2000 03:56:28 GMT
Anyone have any information regarding the "Subject" ??
Thanks in advance,
WM
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Tue, 15 Feb 2000 22:48:30 +0000
On Wed, 16 Feb 2000 00:24:06 GMT, [EMAIL PROTECTED] (Steve K)
wrote:
<snip>
>Well actually, that is what the 1st monkey mentioned above sees and
>hears when the math is explained...
Damn, that's the funniest thing I've read in about a week. Good thing I
wasn't drinking at the time.
>In all fairness, it took a long time and a lot of study for me to
>decide that modern crypto is about as good as the experts say it is.
>After all, we're all monkeys in this tree, and I'm no exception.
But at least we've taken a good look and seen that the tree doesn't go
on forever. We might not be on top, but we can see the top from here.
>To the crypto geeks: Contemplate the sage advice of the great W.C.
>Fields on the subject of trying to wise certain people up. Guys, it
>can't be done. Either they get interested enough to study and the
>literature and follow the logic of it, or they don't. You have
>practically no influence over that choice.
Here is a quote I picked up in another group, "You can not reason a man
out of a position he did not reach through reason."
Best Wishes,
Johnny Bravo
------------------------------
From: W A Collier <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 16 Feb 2000 04:06:43 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Mr. Collier I am only thinking that history is filled with governments bent
> on gain the knowledge that men wish to hide. Knowing this do you really that
> governments are really not going to eventually put enough effort into
> breaking the unbreakable. It is only a matter of time and money Mr. Collier.
You can no more use a government to overrule the fundamental mathematics
upon which modern cryptography is based than you can use such a
government to stop the sun's gravity from forming the planets' orbits.
Its a fundamental law of nature. Your arrogance borne of ignorance has
turned into gross stupidity in the face of the facts. Try reading some
of the modern books on Cryptography - Bruce Schneiers book is a good
place to start to learn about this subject matter, or you could find a
book that inspired me many years ago: The Codebreakers. And about the
NSA, try reading up Bamford's old jewel: Inside the NSA.
And by the way, I worked at NSA HQ in a classified position back in the
1980's, and they are not uber-men there, just very intelligent and
dedicated citizens. But IMHO the Academic community has caught up to
them in recent years after the pioneering work by Rivest, Adelman, and
especially Adi Shamir (Differential cryptanalysis) for whome I have had
the please of indirectly working via the Weizman Institute. And one
shouldn't forget Whitfield Diffie either. If those names dont mean
anything to you, I suggest you read up.
> PS Once upon a time educated men said that the earth was flat and man would
> never fly with the birds. I am not a scholar, I am however a good observer
> of history and history show us that governments want control.
And none of those folks with such assertions paid attention to the facts
(the Greeks had proof enough that the world was round back in the days or
Aristarchus of Samos). Much like you, those medieval "scholars" were so
bent on their conclusions that they didn't use their brains and examine
the facts.
Again, I urge you to read up on the topic before you continue to make a
public nuisance as well as a jackass of yourself.
> W A Collier wrote in message ...
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> >says...
> >> Does anyone here really think that any cryto program self made or
> commercial
> >> is not broken already or can't be broken given a little effort by the NSA
> >> geeks. I know that someone might use some type of cryto that might give
> them
> >> trouble for a while, but if they really want to I think that the NSA
> geeks
> >> can break it.
> >
> >They can "really want to" all they like, but they cant change fundamental
> >nature of NP-Hard and other mathematic concepts upon which modern crypto
> >is based. Try reading up before you make a jackass out of yourself
> >again.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: decryption
Date: 16 Feb 2000 04:12:33 GMT
Arthur Dardia writes:
>According to VCrack (search for it at any search engine), it "may not be
>encrypted."
Vcrack cracks polyalphabetic substitution ciphers. It assumes a 256
character alphabet, and that XOR is used for substitution.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Ralph Hilton <[EMAIL PROTECTED]>
Subject: Re: cryptographic puzzlers protocol
Date: Wed, 16 Feb 2000 04:59:44 +0100
Reply-To: [EMAIL PROTECTED]
On Wed, 16 Feb 2000 03:56:28 GMT, "W. Martin" <[EMAIL PROTECTED]> wrote:
>Anyone have any information regarding the "Subject" ??
>
>Thanks in advance,
>WM
http://www.rsa.com/news/pr/000211.html
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: decryption
Date: 16 Feb 2000 04:00:52 GMT
Arthur Dardia <[EMAIL PROTECTED]> wrote:
> again, I'm only in high school, and I have no idea how cruel college professors can
>be.
the answer is "very". it's actually not the professors which are the problem.
it's the TFs...but I love them all anyway. :-)
-David
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: source code export laws
Date: Tue, 15 Feb 2000 22:12:37 -0600
In article <[EMAIL PROTECTED]>, Jeremiah
<[EMAIL PROTECTED]> wrote:
> I am wanting to put the source code of a lot of encryption algorithms up
> on the internet. What are the laws for me doing this?
I suggest that it depends what algorithm and if it bothers someone in
authority, as so much of the government chinese fire drill on the subject
is pathetic or laughable.
Let me make a point or two with some code. ROT13 should be tame enough:
// Filename ROT13.cpp
#include <fstream.h>
#include <iostream.h>
#include <string.h>
void main()
{int j;char stuff[80];int size=1;int v1;int v2;
ofstream fp("C:\\OUTROT13.TXT",ios::app);
if (!fp) return;
cout<<"ROT13 Crypto Program"<<endl;
cout<<"Input Lines of Text"<<endl<<"?"<<endl;
while (size>0) //exit loop if no input length
{cin.getline(stuff,80);size=strlen(stuff);
for (j=0;j<size;j +=1) //do array elements
{v1=stuff[j];v2=v1;
if((v1>64)&&(v1<78)){v2=v1+13;} //A-M
if((v1>77)&&(v1<91)){v2=v1-13;} //N-Z
if((v1>96)&&(v1<110)){v2=v1+13;} //a-m
if((v1>109)&&(v1<123)){v2=v1-13;} //n-z
stuff[j]=v2;} //update element
cout<<stuff<<endl<<"?"<<endl;fp<<stuff<<endl;}
cout<<"Program is ended.";
return;}
The algorithm is certainly straight forward, and it does simple alphabetic
ROT13 encryption. The better way that it works is interesting. Aside from
the poor algorithm, you type a line, encrypt it an automatically save it
to an output file in an encrypted form. No plaintext is meant to be
written to disk.
The program is crippled in that you must enter the text via the keyboard.
It will also reflexively decrypt if you like to enter ciphertext by hand
also, but since it stores the result, what you need is another program
that will read a file, decrypt, and show the results withou storing them.
You could change the actual encryption part, add virtual key generation
need by a good algorithm, and your off the the races for getting someone
concerned. Crypto is easy to write if you know how.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: decryption
Date: Wed, 16 Feb 2000 05:21:47 +0000
Juergen Nieveler skribis:
>
> "Pereira" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> news:[EMAIL PROTECTED]...
> > Hi I need some help! I have a cryptology course and I have no clue what
> > I'm doing. Can someone help me decrypt this message!
> >
> <SNIP>
> Sorry, wrong group... try alt.do.my.homeworks ;-)
It's a bit subtler than that: when you break it, you get a
plug for some websites. Encouraging us to spend time decrypting
an unsolicited ad... thanks a lot, d00d.
--
Jim Gillogly
Sterday, 26 Solmath S.R. 2000, 05:19
12.19.6.17.6, 3 Cimi 14 Pax, Fourth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Wed, 16 Feb 2000 06:38:40 +0100
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> "Tony L. Svanstrom" wrote:
> > Exactly, so by having a cpl of "bad guys" bring the business using
> > the Internet to their knees the lost money will force companies to
> > do something about the security.
>
> You haven't been in this business very long, have you?
> Every major Internet site has been attacked (hopefully not
> successfully) several times per day for several years now.
> Sometimes there is even a brief flurry of media attention,
> some speeches are made, new patches and kludges are devised,
> then it all settles back down to business as usual.
Yes, but that's just minor things. Ok, so it can securitywise be a lot
worse than a lil bit of playing around with the DNS, but it's not what's
needed to make people do something about it.
Like it or not the people that you have to wake up for something to
happen won't understand unless they are being fed the information filled
with buzzwords from some magazine (where the story most likely was
written by someone that didn't understand it). I could go to the very
same person and tell him about the security risks that are a reality
today and nothing will happen, but if his "bible" (some IT-business
magazine) tells him the same story but with pictures and stuff like "the
Internet cracked" and "your website can be stolen by a 14yo" then he'll
start complaining that he wants more security.
When he's complaining other companies will see a way to make a buck or
two, and then the other companies will see that they might lose a buck
or two unless they can offer the same...
This reality sucks, but it's the only one we have.
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: OTP practical implementation
Date: Wed, 16 Feb 2000 01:04:30 +0000
On Wed, 16 Feb 2000 00:04:26 GMT, Dan <[EMAIL PROTECTED]> wrote:
>Is there any available software, hopefully shareware/freeware, that
>manages the practical use of my random data as an OTP?
It would be trivial to write such a program, get offset, read in a byte
of file, read in a byte of data, XOR them and output the resulting byte.
Should take about 30 minutes if you have some basic programming knowledge
and have to look all the commands up. People who really know a language
could probably write it from scratch in under five minutes.
>Specifically the reformatting of the text
Not needed, just treat everything as binary, though you could compress
before encryption with any format that suits you if a) you need the
compression and b) the data would benefit from it. Small text messages
might not need compression and .JPGs won't compress much, for example.
>encryption/decryption of the text
Easy enough, just use XOR.
>management of the offset within the random data to start the
>encryption/decryption
Just save the offset in the clear at the front of the message, and save
the offset to disk. If you are paranoid about someone changing the offset
in the computer file, just write it down and put it in the same location
as the CD is stored, and have the program accept a manual input for the
offset when encrypting.
>(does the offset information travel with the encrypted data as clear text?)?
It would be easiest to send it in the clear as the start of the message
as a 4 byte value, and would not leak anything unless you have an extra
copy of the CDs floating around somewhere unaccounted for. In which case
the offset is not enough security, and a secondary password might be
helpful if you have such a need for security.
It would be very important to ensure that no two messages are sent with
the same random data. You can assign blocks of bytes to be used by each
party. If you know before hand how many senders you have, create a
different file for each sender on the CD. Each sender starts at the front
of the file and remembers the stopping position as each message is sent,
the recipients will have the offset in each message.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (John M. Gamble)
Subject: Re: What are these Rot-45, Rot-13, Rot-5 algorithms?
Date: 16 Feb 2000 06:04:19 GMT
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Runu Knips
><[EMAIL PROTECTED]> wrote:
>>
>> And I wonder what ROT45 should be - because there are only 26
>> alphabetic characters ... (ROT13(ROT13(x)) == x for any x).
>
>I think I was first with that one: Feb 17, 1996 is the date I registered
>the application that contained it and first began to domestically
>distribute it.
>
>ROT45 deals with the 90 characters beginning with ASCII-33, 32 being the
>non-joining space. Characters123-126, {|}~, are not used, so they can be
>used as control/formatting characters, which I find handy. The uppercase
>set is centered in the range, meaning that the uc behaves exactly like
>ROT13 in ROT45; lc and other characters do not.
>
>There is also ROT47, which somone else did, that works directly with the
>94 characters, ASCII 33-126.
>
>Source, did anyone say source? C, did you say? I suppose that for the
>time for the PC's, I'll have to settle with dumb console applications,
>keyboard input and file output. I guess that I will have the code to post
>for doing ROT13, INV26, and ROT45 sometime this week, other things
>permitting. I would rather write code than copy it, and I have my own
>style, as I am unimpressed by those that value code by how many sparse
>lines it contains.
These should be one-liners in perl.
-john
February 28 1997: Last day libraries could order catalogue cards
from the Library of Congress.
--
Pursuant to US Code, Title 47, Chapter 5, Subchapter II, '227,
any and all unsolicited commercial E-mail sent to this address
is subject to a download and archival fee in the amount of $500
US. E-mailing denotes acceptance of these terms.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
