Cryptography-Digest Digest #138, Volume #11 Thu, 17 Feb 00 01:13:01 EST
Contents:
Re: Question about OTPs (Bill Unruh)
Re: Period of cycles in OFB mode (Tim Tyler)
Re: code still unbroken (Arthur Dardia)
PhD in Cryptography? (Nathan)
Re: Question about OTPs (Arthur Dardia)
Re: Does the NSA have ALL Possible PGP keys? (Steve K)
Re: OTP practical implementation (Steve K)
Re: EOF in cipher??? (JPeschel)
Outlook Express Sends Account password in the Clear ("John E. Kuslich")
Re: UK publishes 'impossible' decryption law (zapzing)
Re: Question about OTPs ("Trevor Jackson, III")
Re: I, William A. Nelson, created and utilized the cyberspace character of Markku
J. Saarelainen for many international business purposes (hadron)
Re: Outlook Express Sends Account password in the Clear ("Joseph Ashwood")
It could have been done to any human, but Markku J. Saarelainen was ("William A.
Nelson")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Question about OTPs
Date: 17 Feb 2000 02:24:34 GMT
In <[EMAIL PROTECTED]> Arthur Dardia <[EMAIL PROTECTED]> writes:
In a OTP, no byte of the one time pad should ever be reused in any way.
If a byte is used for any purpose, throw it away and never use it again.
That is the condition under which a OTP is secure. Anything else and the
security proof fails. Of course one may be able to argue that some ways
of reusing the byte are still secure enough, but that is a different
argument. To be a One Time Pad, the One Time is crucial.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Period of cycles in OFB mode
Reply-To: [EMAIL PROTECTED]
Date: Thu, 17 Feb 2000 01:37:55 GMT
Scott Fluhrer <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> David Wagner <[EMAIL PROTECTED]> wrote (in reply to TR):
:> : Do you mean using a LFSR to drive the block cipher?
:> : That sounds like a good idea, if it was what you meant.
:>
:> Use of an LFSR would lose the ability to parallelise the process properly.
:
: Actually, it would make it only slightly trickier. Remember, an LFSR is
: just a linear transform on its bits, and so (for a fixed n) n steps of
: an LFSR is also a linear transform (using perhaps a few more gates).
Yeeees.
However, imagine the application is disc encryption, where you want the
'n'th block of data to perform a random access read on some block.
Yes, for a *fixed* n, the output of the LFSR is some linear function of
it's inital internal state. However /which/ linear function varies with
'n'.
Sure you can step through a small number of stages by the method you
describe - which would probably help if you're just using parallelism
to speed up the output.
However, I'm not sure you wind up with the ability to generate blocks of
data out of sequence. (which you'd need for random access). This seems to
be a property that counting-like implementation have, but LFSR
implementations do not.
LFSRs appear to have at least one advantage over the addition necessary in
counter (and linear) modes. They are likely to work faster, due to the lack
of a carry chain. However, the block cypher may be the slowest component.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Madness takes its toll. Please have exact change.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: code still unbroken
Date: Wed, 16 Feb 2000 21:36:03 -0500
Chuck Davis wrote:
> Most of the correspondence I get from cryptanalysis folk about the code I
> devised at discovervancouver.com sneers at its triviality. I still harbor a
> belief that SOMEONE out there will crack it, and win the prize ... which
> goes up one cent a minute, and is now well over $3,000.
>
> Stifle your response to put down this Canadian layman's first effort and
> actually try to SOLVE the damn thing. There are NO gimmicks.
>
> Honest.
>
> Really.
>
> I swear.
>
> I think it's rather elegant, actually.
>
> Chuck Davis
Maybe someone knows the answer and is holding out for $3,500 - gambling that no
one else can do it.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: Nathan <[EMAIL PROTECTED]>
Subject: PhD in Cryptography?
Date: Thu, 17 Feb 2000 02:58:22 GMT
I recently completed my Master's degree in cryptography, and am
currently working. I have considered returning to school to do my PhD,
but I'm not sure whether this is a good idea. I would like to pursue a
career as a researcher, consultant, or instructor (but probably not in
academia), and have heard the opinion that a PhD makes one look too
ivory tower. Obviously, I will never know for sure, but I would like to
make the choice that will ultimately make me the most marketable.
I was hoping that those in the know might be willing to share their
perspectives on the usefulness of a PhD in cryptography. For those who
are pro-PhD, any suggestions on good places (and people under whom) to
study number theory as applied to crypto (I would be more specific, but
I haven't decided myself), especially in Canada, would be most helpful.
Thanks in advance.
------------------------------
From: Arthur Dardia <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Wed, 16 Feb 2000 20:02:58 -0500
"Douglas A. Gwyn" wrote:
> Arthur Dardia wrote:
> > So, my question is this: for one message, that I start at the
> > 30,567,890 byte and the next I start at the 30,567,889. ...
>
> That's horrible!
>
> It is well known that reusing (portions of) the key makes a
> one-time pad readily crackable. Here is a standard attack:
>
> Step 1: Determine the relative offsets of the overlapping CT.
> (This is easy with a so-called Kappa test, but in principle
> you could just try each possible alignment; there aren't all
> that many.)
>
> Step 2: Difference the aligned CTs to strip off all effect of
> the common key, leaving just the differenced PT ("delta stream").
>
> Step 3: Try adding some probable plaintext to various offsets
> within the delta stream; when the result is intelligible PT, you
> have found portions of both original PTs.
>
> Step 4: Extend the recovered PT fragments by reasonable
> extrapolation past their ends; whenever you make a correct
> extrapolation for one PT, you'll recover more of the *other*
> PT (by the Step 3 process).
>
> Step 5: When you can no longer extend either PT but more
> remains, continue the search in Step 3.
>
> In the above, "difference" and "add" depend on the system.
> For the type of OTP usually discussed here, they're all XORs.
>
> With only 2 PTs, sometimes one gets possible cross-overs in
> the texts:
> ATTACKATDAWN vs. ATTACKATNOON (2 other possibilities, also)
> BEHEREBYNOON BEHEREBYDAWN
>
> With a "stack" of several messages overlapping in the same
> region of key, the extrapolation process goes very smoothly.
Thanks for the info.
However, I might have come up with a work-around. One of the main
ideals before OTPs is that the pad file must be kept secret. If it is
successfully kept secret, then I should be able to store the offset's
and ending offset for each encryption that was used in a log file.
Then, when the user logs on, and he attempts to use an offset that falls
within any of the ranges, it gives him a warning message that his
ciphertext will become much easier to attack if he continues to encrypt
with this offset.
However, if the pad file is not kept secret, this poses an attack
because the attacker will not only know the pad file (thus making it
easier to brute force it since he needs only to check every possible
starting offset...about 650 million on a CD), he'll know exactly which
offset yields the correct answer.
Anyway, I downloaded the Python CORE and Win32 extensions. I must say,
it's a really cool language. Makes it very easy to code in Win32 GUI.
I think I'm going to buy the Win32 book and read up and make the OTP
program.
--
Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Crossposted-To: misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Thu, 17 Feb 2000 01:48:06 GMT
On Tue, 15 Feb 2000 20:37:01 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>> To the crypto geeks: Contemplate the sage advice of the great W.C.
>> Fields on the subject of trying to wise certain people up. Guys, it
>> can't be done. Either they get interested enough to study and the
>> literature and follow the logic of it, or they don't. You have
>> practically no influence over that choice.
>
>Agreed.
>
>But the reader/writer ratio is high. And it is worth some effort to
>refute silliness in the interest of maintaining a sensible perspective for
>the non-vocal, but astute readers.
Agreed likewise. It's a silly job but someone's got to do it...
:o
Steve
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: OTP practical implementation
Date: Thu, 17 Feb 2000 01:52:45 GMT
On 16 Feb 2000 11:04:19 -0800, Andru Luvisi <[EMAIL PROTECTED]>
wrote:
Here's something to check out for a one-time pad, all set up & ready
to go. The authors suggest using a sound card & mike to generate the
"random" data. I haven't use it myself-- too much hassle, nobody
local to test it with, etc.-- but if you're after a one time pad I
think it might be worth trying. Annoying site name and all.
http://www.csuglab.cornell.edu/Info/People/jcr13/HardenedCriminal/main.html
:o)
Steve
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: EOF in cipher???
Date: 17 Feb 2000 03:31:21 GMT
"Douglas A. Gwyn" writes:
>When reading random bit patterns, the program should not perform any
>text format interpretations. In C, the file should be opened as a
>binary stream, not a text stream.
And use FEOF to detect the end of the binary file being read.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Outlook Express Sends Account password in the Clear
Date: Wed, 16 Feb 2000 21:15:15 -0700
I recently wrote some software to monitor what Winsock does while programs
like Outlook express are sending and receiving data.
I was amazed to see that each request to the mial server was accompanied by
my POP3 account user name and password IN THE CLEAR.
Is there any way to set up a mail account using PPP protocol over a dial -
up (USWest is the ISP) so that the password is encrypted??
JK http://www.crak.com Password Recovery Software
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Thu, 17 Feb 2000 04:35:40 GMT
In article <[EMAIL PROTECTED]>,
Runu Knips <[EMAIL PROTECTED]> wrote:
> Arturo wrote:
> > On 16 Feb 2000 01:31:16 GMT, [EMAIL PROTECTED] (Mike Eisler) wrote:
> > >In article <[EMAIL PROTECTED]>,
> > >Bruce Stephens <[EMAIL PROTECTED]> wrote:
> > >>the police *do* need to prove
> > >>something: they need to show that I did have the key. i.e., it would
> > >>not (under the current proposal) be a crime not to decrypt encrypted
> > >>material when suitably told to do so unless the police could show that
> > >>you once had the key.
> > >^^^^^^^^^^^^^^^^^^^^
> > >What if the accused has forgotten the key. Or mislaid the container of
> > >the key?
> >
> > According to the law, you get two years� paid vacion, courtesy of
> > Her Majesty�s prisons. And if you happen to tell anybody about it, you get
> > a five-year bonus.
>
> Yes, thats the reason why english police is called the politest of
> europe (or even the whole world). You are not put into prison,
> you're just on vacation. Sad I'm not living in the kingdom...
>
> This law is idiotic. Why has anyone the right to read some data
> when, for example, they are my diary, or my poems ? I've the
> right to have some secrets ! And I've the right to store them
> electronically, if I want.
>
speaking on the subject of diaries, that's the way they
caught Senator Packwood, they forced him to turn
over his diary !!! How's that for the land of the free ???
And , I saw on CNN (our eternal cable news network)
That the FBI says it can't catch criminals
like the ones who DOS'd the websites last week
unless they can look into everyone's private stuff !!!
I mean please! Not only is that totally against
everything this cuntry (supposedly) stands for,
but it seems incredibly inefficient also.
I remember seeing in "Wired" magazine (forgot
the issue) that an upgrade of the TCP/IP
protocol is planned , and it is encrypted so that
what the hackers did will be impossible.
So - Encryption is the *answer*, not the
problem.
--
Do as thou thinkest best.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 17 Feb 2000 00:01:41 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Arthur Dardia wrote:
> As we all know, many people are becoming interested in one time pads due
> to their "perfect" security system. Yes, while this system is perfect
> with totally random data and a "perfectly" secure way to transfer the
> pad-file, this is rare to come by.
>
> Many people attempt to pack CD-ROM's with totally random data; however,
> then you must tell your recipient which offset to start reading the pad
> from. So, my question is this: for one message, so that I start at the
> 30,567,890 byte and the next I start tat the 30,567,889. While this is
> only one byte off, the ciphertext is totally different; however, how
> secure is this?
Not at all.
On general the phrase "one time" is defined to mean one time.
It does not matter that character N of message M is encoded with the same
key as character N-1 or message M+1. This point is the key is used twice.
This does not match eh definition of "one time" provided above.
>
>
> (A+K)-(B+K)=A-B
>
> While most of the padding is identical, will pushing the offset back one
> byte still aid cryptanalysts in cracking the message?
Yes.
> I plan on writing
> an OTP program in Python, which will take the path to the pad-file, the
> starting offset, plaintext path, and ciphertext path and perform all of
> this for you. Why Python? I don't know. Never used it before, I
> figure that this will be a rather simple thing to do, yet remain
> portable. I'm going to use the Windows toolkit so I can build a
> stand-alone Windows executable; however, the heart of my program will be
> extremely portable to other systems. Any suggestions on the program and
> the security of the above problem?
>
> --
> Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
------------------------------
From: hadron <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: Re: I, William A. Nelson, created and utilized the cyberspace character of
Markku J. Saarelainen for many international business purposes
Date: Wed, 16 Feb 2000 23:36:36 -0600
"William A. Nelson" <[EMAIL PROTECTED]> wrote:
>
>I, William A. Nelson, created the character of Markku J. Saarelainen.
>During the utilization of this unreal cyberspace character, many people
>attacked the character and several information security experts started
>arguing with it - and these people mailed many aggressive messages to
>the email address that was set up for the unreal Internet character. As
>it turns out the real character of this Markku J. Saarelainen (the
>stolen identity) is actually a small black cat. I have attached the
>picture of this cat. I did indeed do some comprehensive research on
>Markku's background, his pleasures and other desires. I did steal his
>business secrets and files from his hard drive and put them to other
>network locations for people's enjoyment. Indeed, I did all this by
>myself for you to show how easy it is to steal somebody's identity
>without anybody really knowing it. His business secrets are quite
>significant due to the global operations of Markku J. Saarelainen for
>many years, but his secrets were stolen by me. I did start tailing him
>already in the mid of February, 1999.
You stole the identity of a cat, a black one mind you, for over a year
without him ever realizing it? i find that hard to believe. Surely any
competent feline would put a firewall on their litter box.
--
hadron
"Created and annihilated, created and annihilated---what a waste of time."
-Richard Feynman
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Outlook Express Sends Account password in the Clear
Date: Wed, 16 Feb 2000 21:48:01 -0000
> I was amazed to see that each request to the mial server
was accompanied by
> my POP3 account user name and password IN THE CLEAR.
That's standard for POP3.
>
> Is there any way to set up a mail account using PPP
protocol over a dial -
> up (USWest is the ISP) so that the password is encrypted??
The only way you can do that is to use a server that
supports better authentication. I'm sure they're around, I
just can't think of any off-hand, but if it's POP3 it's not
secured that way. You could utilize a VPN, but there would
have to be one at both ends.
Joe
------------------------------
From: "William A. Nelson" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: It could have been done to any human, but Markku J. Saarelainen was
Date: Thu, 17 Feb 2000 05:56:17 GMT
I, William A. Nelson, can do the same to any human being on the earth as I did
to the Internet character - or should I say the USENET character of Markku J.
Saarelainen. Indeed, it is possible to find most details of a person's life in
databases and steal the electronic individual (the electronic identity) as I
did it, when I stole Markku's digital identity. With Markku's two totally
different social security numbers, I was able to access his records in all
locations since his birth. If I would have ever wanted, I could have become
him.
Greetings,
William A. Nelson
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
