Cryptography-Digest Digest #134, Volume #11 Wed, 16 Feb 00 13:13:01 EST
Contents:
EOF in cipher??? ([EMAIL PROTECTED])
Re: Basic Crypto Question 3 (John Savard)
Re: Using virtually any cipher as public key system? (John Savard)
Is NTRU free ? (Re: NTRU) (Runu Knips)
Re: Using virtually any cipher as public key system? (Anton Stiglic)
Re: EOF in cipher??? (mdc)
Re: Netscape security? (Glenn Larsson)
Re: Funniest thing I've seen in ages - RSA.COM hacked :) (wtshaw)
Re: decryption (wtshaw)
Re: decryption (wtshaw)
Re: decryption (Jim Gillogly)
Re: Guaranteed Public Key Exchanges (Darren New)
Re: Netscape security? (Frank Hecker)
Re: Netscape security? (Frank Hecker)
Re: UK publishes 'impossible' decryption law (zapzing)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: EOF in cipher???
Date: Wed, 16 Feb 2000 16:08:31 GMT
Hi. After getting lots of advice here on what kind of encryption I
could build, I decided to write a stream cipher (semi based on rc4). It
works great however I did encounter one rare issue.
Question is: What do most algos do when the output is going to be EOF?
Example say I do some bit shifting, xoring etc and I'm outputing the
encrypted results to a file. If one of the chars in the stream when
encrypted happens to be EOF (Ascii #26) then when my program reads it
back in for Decryption it stops at that character.
Any suggestions? I don't imagine this happening too often, specially
since I've now added some random number stuff to my algo, but still it
could happen.
Thanks in advance (and sorry for the long message).
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Basic Crypto Question 3
Date: Wed, 16 Feb 2000 09:25:14 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>A stupid question: How would one place those homophone encryptions
>that expand the plaintext (in terms of number of bits) in the above
>contexts?
The idea is that if one can work it out so that some portion of the
ciphertext will have a flat distribution if the plaintext has a flat
distribution, and the other part is controlled by the random numbers
from the trusted random source, one can simply see that there is no
problem.
But if this can't be done, then, while there may not be any actual way
to attack the cascade using it, one is no longer able to see for sure
that this is so. It is only in that sense that I am saying such a
cipher would be dangerous in a cascade.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Using virtually any cipher as public key system?
Date: Wed, 16 Feb 2000 09:20:27 GMT
[EMAIL PROTECTED] (Mikko Lehtisalo) wrote, in part:
>I read a long time ago some book and in it was the instructions how to
>use any algorithm (for instance des) as a public key system.. It
>involved something like creating two keys and ciphering random data
>and moving it blahblah.. Can't even remember what the technique is
>called
You may be thinking of the Shamir three-pass protocol, but it doesn't
actually achieve this, although some people have claimed this.
The Shamir three-pass protocol works like this:
A B
===== E(kA, M) ====>
<---- E(kB, E(kA, M)) -----
===== E(kB, M) ====>
where B knows kB, A knows kA. The step by A, deciphering a message
with key A, even though it was _subsequently_ enciphered with key B,
depends on the cipher being commutative. Most commutative operations
are extremely insecure, allowing trivial attacks by comparing the
three messages sent, if used in this method. What is known to work is
modular exponentiation, the same operation used in regular public-key
ciphers: the version of the Shamir three-pass system using that is
called the Massey-Omura cryptosystem.
If a method actually existed that allowed any algorithm as a public
key system, it would be a revolutionary discovery in cryptography.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Is NTRU free ? (Re: NTRU)
Date: Wed, 16 Feb 2000 17:20:44 +0100
[EMAIL PROTECTED] schrieb:
>
> Hi all,
>
> NTRU has posted an update to our FAQ which explains how our speed
> claims were derived. Please take a look at
> http://www.ntru.com/tech.learning.faq.htm#Why is NTRU fast
> (there is a link from the main page - www.ntru.com - at the bottom
> of the page) if you are interested.
There is not a single copyright notice on that site. Is
NTRU free ? May I write GPL programs which use it ? May
I write L-GPL libs which offer it ?
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Using virtually any cipher as public key system?
Date: Wed, 16 Feb 2000 11:41:27 -0500
==============3D7C6BA71BE643ED4FB09901
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mikko Lehtisalo wrote:
> I read a long time ago some book and in it was the instructions how to
> use any algorithm (for instance des) as a public key system.. It
> involved something like creating two keys and ciphering random data
> and moving it blahblah.. Can't even remember what the technique is
> called :( Any info?
A simple way to achieve some kind of public key crypto using symmetric
algorithms is by using a half-certified diffie-hellman static public key
agreement (sometimes called ElGamal key agreement, and a whole bunch
of other variations of the key words).
It simply goes like this:
like in DH, there is a publicly known generator g,
Alice computes g^a (for some randomly chosen a) and publicly publishes
it somewhere (if you have signature schemes, she could sign it, but that
uses
public-key crypto...).
So now, when some guy, say Bob, wants to communicate with Alice,
he simply takes g^a, computes (g^a)^b for some randomly chosen b
and sends g^b to Alice. Alice, upon receiving this g^b, computes
(g^b)^a (just like DH).
(g^a)^b is now a shared secret, which can be used to generate a key for
a symmetric algorithm.
If Carl also wants to communicate with Alice, he does the same thing.
It's not asymmetric crypto, but its kind of public key crypto....
This is actually what is used in the Freedom software (as described in
the white paper)....
Anton
--
___________________________________________
Anton Stiglic
Jr. developer & specialist in cryptology.
Zero-Knowledge Systems Inc.
___________________________________________
==============3D7C6BA71BE643ED4FB09901
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Mikko Lehtisalo wrote:
<blockquote TYPE=CITE>I read a long time ago some book and in it was the
instructions how to
<br>use any algorithm (for instance des) as a public key system.. It
<br>involved something like creating two keys and ciphering random data
<br>and moving it blahblah.. Can't even remember what the technique is
<br>called :( Any info?</blockquote>
A simple way to achieve some kind of public key crypto using symmetric
<br>algorithms is by using a half-certified diffie-hellman static public
key
<br>agreement (sometimes called ElGamal key agreement, and a whole bunch
<br>of other variations of the key words).
<br>It simply goes like this:
<p>like in DH, there is a publicly known generator g,
<p>Alice computes g^a (for some randomly chosen a) and publicly publishes
<br>it somewhere (if you have signature schemes, she could sign it, but
that uses
<br>public-key crypto...).
<p>So now, when some guy, say Bob, wants to communicate with Alice,
<br>he simply takes g^a, computes (g^a)^b for some randomly chosen
b
<br>and sends g^b to Alice. Alice, upon receiving this g^b,
computes
<br>(g^b)^a (just like DH).
<br>(g^a)^b is now a shared secret, which can be used to generate a key
for
<br>a symmetric algorithm.
<br>If Carl also wants to communicate with Alice, he does the same thing.
<br>It's not asymmetric crypto, but its kind of public key crypto....
<p>This is actually what is used in the Freedom software (as described
in
<br>the white paper)....
<br>
<p>Anton
<br>
<pre></pre>
<pre>--
___________________________________________
Anton Stiglic <[EMAIL PROTECTED]>
Jr. developer & specialist in cryptology.
Zero-Knowledge Systems Inc.
___________________________________________</pre>
</html>
==============3D7C6BA71BE643ED4FB09901==
------------------------------
From: [EMAIL PROTECTED] (mdc)
Subject: Re: EOF in cipher???
Date: Wed, 16 Feb 2000 16:40:22 GMT
On Wed, 16 Feb 2000 16:08:31 GMT, [EMAIL PROTECTED] wrote:
>Hi. After getting lots of advice here on what kind of encryption I
>could build, I decided to write a stream cipher (semi based on rc4). It
>works great however I did encounter one rare issue.
>
>Question is: What do most algos do when the output is going to be EOF?
> Example say I do some bit shifting, xoring etc and I'm outputing the
>encrypted results to a file. If one of the chars in the stream when
>encrypted happens to be EOF (Ascii #26) then when my program reads it
>back in for Decryption it stops at that character.
>
>Any suggestions? I don't imagine this happening too often, specially
>since I've now added some random number stuff to my algo, but still it
>could happen.
Store your data as ASCII code in hex. That doubles your file length
since every character gets represented by a two-digit hex value,
but it prevents EOF and other special character problems and make
the file easy to parse.
mdc
------------------------------
From: Glenn Larsson <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Netscape security?
Date: Wed, 16 Feb 2000 17:51:41 +0100
Lassi Hippel�inen wrote:
> "...I'm not sure if it is legal in Sweden..."
*Why* would it be illegal?
Regards,
Glenn
Quote:
"I'm sorry - but you could copy these things before we managed
to crap the... crack the encryption."
- (Unplanned?) comment on DeCSS ("Off The Hook", 1 Feb 2000)
_________________________________________________
Spammers will be reported to their government and
Internet Service Provider along with possible legal
reprocussions of violating the Swedish "Personal
Information Act" of 1998. (PUL 1998:204)
This is punishable by a fine or 6 month to 2 years
imprisonment (Paragraph 49)
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Funniest thing I've seen in ages - RSA.COM hacked :)
Date: Wed, 16 Feb 2000 10:28:18 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Tony L. Svanstrom) wrote:
> When he's complaining other companies will see a way to make a buck or
> two, and then the other companies will see that they might lose a buck
> or two unless they can offer the same...
>
Others are quick to use events to feather their own nests. Consider LE,
who do not generally understand much of anything. They see the excuse
that the only way to handle problems is to capture the problem makers,
and get big grants and budgit increases to do that.
It is almost against their interests to intelligently do away with the
possibilitites for such *crimes*, as they would have to get off of the
duffs and go where there are lots of problems that are inconvenient for
them to address. Meanwhile, looking tough and depriving everyone of their
privacy is fine with them.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: decryption
Date: Wed, 16 Feb 2000 10:38:50 -0600
In article <[EMAIL PROTECTED]>, Runu Knips
<[EMAIL PROTECTED]> wrote:
> Pereira schrieb:
> >
> > Hi I need some help! I have a cryptology course and I have no clue what
> > I'm doing. Can someone help me decrypt this message!
> >
> ee... ww... mm... gg...
>
> This looks like a simple mapping from character to another character,
> without
> destruction of the underlying structure of the original text.
>
> Just test the count of every character and try to replace it with
> another, i.e.
> try to replace the most often occuring one with 'e' or 'a' etc.
>
> No, I've no time to do it for you :*)
I don't intend to spend much time with it either, but in a few seconds I
cun, pasted and counted the characters. It is not simple monoalphabetic
substitution because of character distribution, which means look further.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: decryption
Date: Wed, 16 Feb 2000 10:39:18 -0600
In article <[EMAIL PROTECTED]>, Runu Knips
<[EMAIL PROTECTED]> wrote:
> Pereira schrieb:
> >
> > Hi I need some help! I have a cryptology course and I have no clue what
> > I'm doing. Can someone help me decrypt this message!
> >
> ee... ww... mm... gg...
>
> This looks like a simple mapping from character to another character,
> without
> destruction of the underlying structure of the original text.
>
> Just test the count of every character and try to replace it with
> another, i.e.
> try to replace the most often occuring one with 'e' or 'a' etc.
>
> No, I've no time to do it for you :*)
I don't intend to spend much time with it either, but in a few seconds I
copied, pasted and counted the characters. It is not simple
monoalphabetic substitution because of character distribution, which
means look further.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: decryption
Date: Wed, 16 Feb 2000 17:41:47 +0000
wtshaw wrote:
> I don't intend to spend much time with it either, but in a few seconds I
> copied, pasted and counted the characters. It is not simple
> monoalphabetic substitution because of character distribution, which
> means look further.
Right. If you do an IC on it the period will pop right out, and
the encryption system will be the first polyalphabetic you think of.
Dead simple, but take my word for it: the ad you get isn't worth it.
--
Jim Gillogly
Sterday, 26 Solmath S.R. 2000, 17:40
12.19.6.17.6, 3 Cimi 14 Pax, Fourth Lord of Night
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Guaranteed Public Key Exchanges
Date: Wed, 16 Feb 2000 17:42:56 GMT
Ralph Hilton wrote:
> Because either John or Mary or each individually would have a secret
> number used to create their part of the key and couldn't read each others
> messages (unless they tell each other which means that one is effectively
> dealing with one correspondent anyway).
You still can't tell whether John has generated all the keys, or whetehr
Mary has generated all the keys.
> I would suggest that if one's boss is willing to send trade secrets to Joe
> Hinkle only knowing his name and email address then he deserves his
> inevitable fate.
Oh, the *boss* knows Joe very well. *You* don't. And the boss is way too
busy to bother about getting fingerprints or anything. After all, *you* are
the cryptographer. ;-)
> In a totally theoretical model I can't fault your reasoning. The original
> question appeared to me to be founded on a possible realistic situation.
Yes. The original question was "you have an email address for Joe. How do
you exchange keys securely." Scroll back in the thread. :-)
--
Darren New / Senior MTS / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no safety in disarming only the fearful.
------------------------------
From: Frank Hecker <[EMAIL PROTECTED]>
Subject: Re: Netscape security?
Date: Wed, 16 Feb 2000 17:45:32 GMT
Paul Rubin wrote:
> For the most recent browsers (Netscape >= 4.7, IE >= 5.01) you get 56
> secret bits because the export regulations recently changed and
> increased the limits. There are also special server certificates
> available with some restrictions, that tell the export browsers to use
> full-strength (128 bit) cryptography.
Actually, the full-strength 128-bit version of Netscape Communicator 4.7
is now available for users outside the U.S. and Canada. (That is,
Netscape is allowed by the U.S. government to legally export the 128-bit
version.) For example, you can download the Windows version at
https://wwwus.netscape.com/usdl-bin/pdms_dnstest.cgi?PRODUCT=communicator4.7-win32-en-complete-128&COMPONENTS=CLIENT&TEMPLATES=NSCP
For other versions check out
http://home.netscape.com/download/
and look under the heading "New 128-bit Strong Encryption Availability":
"Netscape Communicator 4.7 with 128-bit strong encryption is now
available worldwide."
Also note that the Netscape-developed source code for SSL, etc., is in
the process of being released as open source software (dual-licensed
under the MPL and GPL); for more information see
http://www.mozilla.org/projects/security/pki/
Frank
--
Frank Hecker work: http://www.collab.net/
[EMAIL PROTECTED] home: http://www.hecker.org/
------------------------------
From: Frank Hecker <[EMAIL PROTECTED]>
Subject: Re: Netscape security?
Date: Wed, 16 Feb 2000 17:58:54 GMT
"Lassi Hippel�inen" wrote:
> Anders Westergren wrote:
> >
> > Is it true that international versions of Netscape mail has a built in
> > 'work reduction' field of 88 bits, thus reducing the key length to 40
> > bits (which now can be decrypted in real-time)? I read this just a week
> > ago in a (fairly) large swedish newspaper. According to the author,
> > Outlook has the same 'problem'.
>
> Yes, true. That's why there is http://www.fortify.net/ for Netscape
> browsers. Probably fixes mail, too.
It does, according to the Fortify feature list.
http://www.fortify.net/README_main.html#features
But as the Fortify developers point out, "Netscape has released their
v4.7 128-bit U.S. domestic web browsers for worldwide download. ... It
is anticipated that all future strong-crypto versions of Netscape
Communicator and Navigator will also be available to worldwide users,
and therefore future updates to Fortify for Netscape will be
superfluous."
http://www.fortify.net/updateJan2000_main.html
Frank
--
Frank Hecker work: http://www.collab.net/
[EMAIL PROTECTED] home: http://www.hecker.org/
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Wed, 16 Feb 2000 17:52:11 GMT
In article <88cul4$fop$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mike Eisler) wrote:
> In article <[EMAIL PROTECTED]>,
> Bruce Stephens <[EMAIL PROTECTED]> wrote:
> >Much as I hate to defend the obviously stupid proposed law, according
> >to most descriptions I've read, the police *do* need to prove
> >something: they need to show that I did have the key. i.e., it would
> >not (under the current proposal) be a crime not to decrypt encrypted
> >material when suitably told to do so unless the police could show
that
> >you once had the key. (This is one of the improvements over the
> ^^^^^^^^^^^^^^^^^^^^
>
> What if the accused has forgotten the key. Or mislaid the container of
> the key?
>
> >previous proposal where, astonishingly, that wasn't necessary.)
The perfect solution to Alzheimers disease:
Outlaw it !
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
