Cryptography-Digest Digest #142, Volume #11 Thu, 17 Feb 00 13:13:02 EST
Contents:
Re: VB & Crypto (mdc)
Re: Question about OTPs (Tim Tyler)
Re: Does the NSA have ALL Possible PGP keys? (Johnny Bravo)
Re: Which compression is best? (Tim Tyler)
Keys & Passwords. (John)
Method to break triple-DES ("Adam Szewczyk")
Re: PhD in Cryptography? (Bob Silverman)
Re: Keys & Passwords. (JPeschel)
Re: I, William A. Nelson, created and utilized the cyberspace character of Markku
J. Saarelainen for many international business purposes (Kevin Buhr)
Re: RSA Speed (Bob Silverman)
Re: source code export laws (wtshaw)
Re: Outlook Express Sends Account password in the Clear (wtshaw)
Re: NIST, AES at RSA conference (Bo D�mstedt)
Re: Question about OTPs (Mickey McInnis)
Re: Outlook Express Sends Account password in the Clear (Jerry Coffin)
Re: Method to break triple-DES (Johnny Bravo)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (mdc)
Subject: Re: VB & Crypto
Date: Thu, 17 Feb 2000 15:13:58 GMT
On Thu, 17 Feb 2000 12:53:37 +0100, Runu Knips
<[EMAIL PROTECTED]> wrote:
>Khalil Haddad schrieb:
>> I am developping softwares in VB6 and would like to use strong
>> encryption algorithms.
>> Anyone could tell me where to find sources in VB so that I can study
>> them.
>
>Ouch.
>
>Better use a .dll with C routines, if you can.
I agree with this. It's been my solution.
>VB is not meant for any serious programming task, and I don't
>think anyone has ever written a cryptographic software in VB.
VB is great for some serious programming tasks and I have, in
fact, done both Blowfish and SHA-1 in VB5. They're excruciatingly
slow, but that's to be expected. I banged the code out quickly in
VB for a prototype and converted to C DLLs for the real thing.
>For example, VB doesn't have shift operations, does it ? And
>its not very optimizing, so cryptography is slow with it.
The main drawback with using VB is that is doesn't have unsigned
integers. You can use the Variant data type and overload integer
functions like mod and hex.
While I have to disagree with your broad generalization about VB,
I certainly agree with your comment that it would be better to use
C DLLs for crypto functions if only to increase performance.
mdc
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Reply-To: [EMAIL PROTECTED]
Date: Thu, 17 Feb 2000 14:59:56 GMT
Andru Luvisi <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> writes:
:> A OTP fails against a complete known plaintext attack - which immediately
:> reveals the key.
: However, since that portion of the key should never be used to encrypt
: anything else ever again, it doesn't matter. [...]
It certainly /can/ matter. If the message can be intercepted, modified,
and passed on, a fake message can be generated that is encrypted with the
same OTP.
OTPs offer no authentication - consequently they can hardly be described
as "completely secure" on their own. You need to supplement their use
with other techniques if you wish to avoid this sort of attack.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Stress is like ice cream - you just have to lick it.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Thu, 17 Feb 2000 10:30:58 +0000
On Thu, 17 Feb 2000 06:52:44 -0800, "tiwolf" <[EMAIL PROTECTED]> wrote:
>Now Johnny who is blatant stupidity
Your lack of English comprehension is noted, you shouldn't cut and paste
an insult you don't comprehend.
>you claim that even God does not know what the highest number is.
Quite right, there is no biggest number for him to know.
>Given that God is created all things in the
>universe, and inspired human creativity and invention, how can you say that
>God does not know what the highest number is.
Easy, there is no "highest" number, so it can't be known. Whatever
number God says is the highest I can add one to it and make a higher
number, since I can make a bigger number it wasn't the biggest number.
>That would be an indication of
>limit and according to the philosophical debate and my religious up bringing
>God is limitless in power and knowledge.
No matter what number God picks, I can add one and make a higher number
than God. By your limited logic, I'm more powerful than God. I guess
your debating skills and religious upbringing didn't teach you any formal
logic or science. Be sure to take a few of classes in logic, science and
mathematics before you start assigning an exact numerical value to
infinity.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Which compression is best?
Reply-To: [EMAIL PROTECTED]
Date: Thu, 17 Feb 2000 15:26:11 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
: Tim Tyler schrieb:
:> Runu Knips <[EMAIL PROTECTED]> wrote:
:> : This is how ALL compressors work. No matter if simple RLE or
:> : Huffman or ZiffDavis or whatever. Their output always follows rules.
:> Their "output always follows rules" in the sense that it is
:> deterministically derived from the input text.
:> : [...]
:> That does *not* mean you can write a program that identifies compressed
:> files as such.
: For example, I know that Huffman has to first dump the huffman tree,
: and then the huffman codes follow.
: And because the input is not ideal random data (where each
: character appears as often as the other), you will not get a balanced
: tree (which would make compression by Huffman impossible anyway) as the
: huffman tree, therefore some codes are not possible.
: An easy example is the huffman alphabet for a file which contain 70%
: nuls and 10% space plus 10% A plus 10% B (just to make calculation
: easy). The resulting alphabet would be:
: NUL = 0
: SPACE = 100
: A = 101
: B = 110
: The input file 111... is then not a possible input for this huffman
: tree. And I don't consider Huffman a bad compression :)
Adaptive Huffman compression is the form of compression David Scott used
as the basis of his first 1-1 compressor.
This compressor is such that there are absolutely no files which are
invalid compressed files - and every possible compressed file expands to a
different decompressed result.
http://members.xoom.com/_XOOM/ecil/compress.htm
This doesn't mean it's impossible to identify compressed files, but it can
make it more difficult.
:> Yes - exercise caution when choosing a compressor - but don't say
:> "never compress".
: I never said "never compress". I said "don't try to improve a weak
: cipher with compression", and "use compression for compression and
: encryption for encryption".
: With a good encryption, you can use compression, or let it be - it
: should make no difference, at least no significant.
It's very hard to say that something like compression will make no
significant difference.
Compression can affect the practicality of applying brute force.
Even if your cypher is very secure (no known attack better than brute
force), and has a 128-bit key, a simple capture of a book of keys
means all the attacker needs to do is identify which key applys to the
message, from the book - whose extent may be searchable.
Since very few people can rule out this sort of compromise to their
system, there are likely to be cases where compression makes a
significant difference - regardless of how strong the cypher
surrounding it is.
:> Note also that you can only be sure of being able to do this this if you
:> have the whole file decrypted. Without the whole file the attacker may
:> not be able to begin to decompress.
: Thats exactly what I said all the time ? If the decryption process
: results in an invalid input for the decompressor, the decryption key
: is the wrong one.
This is why cryptographers have an interest in systems where this
is true for zero files.
This is the "1-1" compression, or "bijective" compression. These schemes
are based on principles which were first articulated by David Scott -
who also built the first such compressor.
:> This ability to delay plaintext analysis of the first blocks until the
:> last ones have been decrypted is another securtity benefit of some
:> compression schemes.
: Yes, and in practice they reduce the total amount of available
: ciphertext for an attack.
Indeed.
:> : In a simple brute force attack, this would make the
:> : attack somewhat slower, but only by some small and fixed factor.
:> Compression does often have this effect. However, it *can* have more
:> significant effects. Look at the effect on partial plaintext attacks,
:> for example.
: Yep.
: But using CBC mode would be a better and more trustable approach,
: because CBC is made to do exactly that, while compression was
: created to compress ;-)
Compression can work in cases where CBC does not. If the keyspace of the
cypher is compromised, and reduced to a searchable volume, compression
offers protection against partial plaintext attacks, while use of CBC
mode makes little difference.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
California is OK - but it has its faults.
------------------------------
Subject: Keys & Passwords.
From: John <[EMAIL PROTECTED]>
Date: Thu, 17 Feb 2000 08:25:06 -0800
This may be a stupid question. Let's assume, for the sake of
argument, we have found a good encrypter. How important is the
choice of a password? I have often heard that if you had a
password like athxa or bthxb, it is not good because there is
repitition.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Adam Szewczyk" <[EMAIL PROTECTED]>
Subject: Method to break triple-DES
Date: Thu, 17 Feb 2000 17:28:31 +0100
Hello,
I study computer science at the University of Wroclaw (Poland). Actually I'm
looking for an implementation of a method to break triple-DES (linear and
differential cryptanalysis). If you know where I can find those informations
please let me now.
Thanks in advance
Adam
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: PhD in Cryptography?
Date: Thu, 17 Feb 2000 16:23:43 GMT
In article <[EMAIL PROTECTED]>,
Nathan <[EMAIL PROTECTED]> wrote:
> I recently completed my Master's degree in cryptography, and am
> currently working. I have considered returning to school to do my
PhD,
> but I'm not sure whether this is a good idea. I would like to pursue
a
> career as a researcher, consultant, or instructor (but probably not in
> academia), and have heard the opinion that a PhD makes one look too
> ivory tower. Obviously, I will never know for sure, but I would like
to
> make the choice that will ultimately make me the most marketable.
>
> I was hoping that those in the know might be willing to share their
> perspectives on the usefulness of a PhD in cryptography.
It is my personal opinion that a PhD in *any* field should be
only undertaken because one loves the subject.
Worrying about "marketability" in deciding to undertake a PhD is
wrong-headed in my opinion. Indeed, if I were sitting on an
acceptance committee, and knew that an applicant was motivated by
"marketability", I would turn that candidate down.
No offense intended.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Keys & Passwords.
Date: 17 Feb 2000 16:32:23 GMT
> John [EMAIL PROTECTED] writes:
>Let's assume, for the sake of
>argument, we have found a good encrypter. How important is the
>choice of a password? I have often heard that if you had a
>password like athxa or bthxb, it is not good because there is
>repitition.
If you are using a strong encryptor, passwords like athxa or bthxb
would succumb to a "word list" attack. Too short.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (Kevin Buhr)
Crossposted-To: alt.politics.org.cia,alt.2600,alt.religion.kibology
Subject: Re: I, William A. Nelson, created and utilized the cyberspace character of
Markku J. Saarelainen for many international business purposes
Date: 17 Feb 2000 10:46:20 -0600
"William A. Nelson" <[EMAIL PROTECTED]> writes:
>
> I, William A. Nelson, created the character of Markku J. Saarelainen.
> During the utilization of this unreal cyberspace character, many people
> attacked the character and several information security experts started
> arguing with it - and these people mailed many aggressive messages to
> the email address that was set up for the unreal Internet character.
Yes. Well, you know what they say. On the Internet, no one knows
you're an idiot. (Unless you open your mouth.)
> As it turns out the real character of this Markku J. Saarelainen (the
> stolen identity) is actually a small black cat.
Fascinating. So, you stole the identity of your cat.
> I did steal his
> business secrets and files from his hard drive and put them to other
> network locations for people's enjoyment.
And your cat has important business secrets on his personal computer.
Kevin <[EMAIL PROTECTED]>
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: RSA Speed
Date: Thu, 17 Feb 2000 16:35:35 GMT
In article <88gngi$uid$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Erik <[EMAIL PROTECTED]> wrote:
> > I wrote a program to do RSA with a 1100 bit modulus. I use 65537
for
> > the public key exponent, and the private key exponent is, of course,
> > near 1100 bits. It works, and encrypting with the public key takes
> > about a quarter of a second, but decrypting with the private key
takes
> > 43 seconds on a 400 MHz Pentium. Does this seem right?
Given that encryption with a 16 bit exponent takes 1/4 sec, then
decrypting with 1100 bits in 43 sec is not wrong.
However, encrypting should take only a millisecond or so with any
decent C implementation and decrypting should take take only about .1
to .3 seconds.
I suspect that there is a major problem with you exponentiation
algorithm or your modular multiplication subroutine(s).
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: source code export laws
Date: Thu, 17 Feb 2000 09:55:33 -0600
In article <[EMAIL PROTECTED]>, Andru Luvisi
<[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (wtshaw) writes:
> [snip]
> > The point is that the only difference between a crypto program and one
> > that is not is probably in a few lines of code. And,those lines are
> > nothing special to frame here.
>
> It doesn't even have to be code. It can just be the way the program
> is used. For example:
> $ tr a-zA-Z n-za-mN-ZA-M
> $ sed -e 'y/abcdefghijklmnopqrstuvwxyz/nopqrstuvwxyzabcdefghijklm/' \
> -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/NOPQRSTUVWXYZABCDEFGHIJKLM/'
>
> Andru
Absolutely. I considered putting up similiar code that would do one of
these: Force everything into uppper case, force everything into lower
case, reverse the cases of all letters, or ouput the ascii codes of all
characters entered. These are clearly not crypto functions while
differing very little from those that I did post.
Those that are looking for some fearful and tagable difference in gross
code surely have problems that go beyond logic. The sense behind source
code is that you cannot imagine things to do with it that which is not
allowed already in its design; otherwise, such snippits don't work.
So, you do with what does. To dumb it down to not do crypto things is to
not allow it not to do much of anything, which does not make sense.
Crypto is something which will even be more difficult to control with the
explosion of people who learn the fundamentals of programming.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Outlook Express Sends Account password in the Clear
Date: Thu, 17 Feb 2000 10:16:12 -0600
In article <QAKq4.289$[EMAIL PROTECTED]>, "John E. Kuslich"
<[EMAIL PROTECTED]> wrote:
> I recently wrote some software to monitor what Winsock does while programs
> like Outlook express are sending and receiving data.
>
> I was amazed to see that each request to the mial server was accompanied by
> my POP3 account user name and password IN THE CLEAR.
>
> Is there any way to set up a mail account using PPP protocol over a dial -
> up (USWest is the ISP) so that the password is encrypted??
A minium of two stages is allowed, one to get their attention, and one to
respond appropriately to an encrypted quiery. To securely do this, the
key must have already been set at both ends, and a very good choice needs
to have been made as to algorithm.
There is no reason that rather lengthy content could also be done in this
encrypted manner, only needing a very good algorithm and key previously
known at both ends. Like most things that don't hold up too well, most
form of encryption cause tremendous key *wear* with use.
When I explain that I have the answer to their problem, that statement is
unpopular because it obsoletes what they are doing; it seems rather the
smart thing to do to go ahead and move on to something better. But, some
problems such as poorer-than-needs-to-be-cryoto allow people to bank on
what I see as artificial but popular problems; look what happened to web
for more examples of this.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: NIST, AES at RSA conference
Reply-To: [EMAIL PROTECTED]
Date: Thu, 17 Feb 2000 17:24:58 GMT
[EMAIL PROTECTED] (John Savard) wrote:
..
>... that a cipher can fail statistical tests and still be secure
>(with the basic exception of ciphers that expand the input,
>such that only the expansion - performed after enough of the
>encryption to produce security - has statistical regularities,
>which does not apply to AES-format block ciphers) is,
>essentially, _not_ possible.
>
>John Savard (teneerf <-)
>http://www.ecn.ab.ca/~jsavard/index.html
Suppose that you have a good quality (high security) cipher function
X that produce pseudo-random bytes as a function of a secret
cipher key. Append a system that lowers the probability of bytes
{0,3,65,128,220} a little and then increases the probability
of the numbers {31,45,68,91,108} a little. The modified
system may be broken only if X is weak, and will fail almost
any statistical test.
Please disregard cases where the modification
itself would allow an opponent to decide the correct message
without breaking X.
My argument is that those who have written the AES candidates not
among the five finalists deserve to be removed from the contest on
scientific evidence. Statistical tests are that evidence only if we
can deduce corresponding cryptanalytic attacks.
NIST has not published detailed information on the tests used.
The tests can not be reproduced by independent researchers.
I have talked to NIST about this, and they say that the tests will be
published later.
Bo D�mstedt
Chief Cryptographer
Protego Information AB
http://www.protego.se
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: Question about OTPs
Date: 17 Feb 2000 17:32:31 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> writes:
|> Andru Luvisi <[EMAIL PROTECTED]> wrote:
|> : Tim Tyler <[EMAIL PROTECTED]> writes:
|>
|> :> A OTP fails against a complete known plaintext attack - which immediately
|> :> reveals the key.
|>
|> : However, since that portion of the key should never be used to encrypt
|> : anything else ever again, it doesn't matter. [...]
|>
|> It certainly /can/ matter. If the message can be intercepted, modified,
|> and passed on, a fake message can be generated that is encrypted with the
|> same OTP.
|>
|> OTPs offer no authentication - consequently they can hardly be described
|> as "completely secure" on their own. You need to supplement their use
Properly used OTP's are "completely secure" from an enemy determining
which possible cleartext matches the cyphertext by cryptographic analysis.
(Roughly, "The enemy can't decode the message".) This is the ONLY sense
in which they are provably secure.
"possible cleartext" means any potential cleartext of the same length as the
real cleartext. Padding the cleartext to some fixed length is a common
technique to fix this. Unless you send the same amount of cyhpertext
on a fixed schedule, the enemy can tell when your traffic increases and
knows something is up.
OTP's are not 100% secure from
1) Spoofing (creating a false message)
2) Jamming
3) Noncryptographic attacks. (Stealing the key by corrupting someone,
theft, technological snooping, dumpster diving, etc. Stealing the
cleartext by similar methods. Substituting
your own pad or somehow corrupting the key generation process.)
4) Human misuse of the system. (Operators using keys twice, accidentally
transmitting the cleartext, etc. Bad key generation techniques.)
5) Technological failure of hardware or software involved.
6) And to mention it once again, since so many people get this wrong:
BAD KEY GENERATION TECHNIQUES.
7) BAD KEY GENERATION TECHNIQUES. 8-)
|> with other techniques if you wish to avoid this sort of attack.
|> --
|> __________
|> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
|>
|> Stress is like ice cream - you just have to lick it.
--
Mickey McInnis - [EMAIL PROTECTED]
--
All opinions expressed are my own opinions, not my company's opinions.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Outlook Express Sends Account password in the Clear
Date: Thu, 17 Feb 2000 11:01:23 -0700
In article <QAKq4.289$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> Is there any way to set up a mail account using PPP protocol over a dial -
> up (USWest is the ISP) so that the password is encrypted??
Use of Kerberos with POP3 servers has been defined for quite a while.
Knowing what I do of US Worst, my guess is that they don't support it.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: Method to break triple-DES
Date: Thu, 17 Feb 2000 13:08:08 +0000
On Thu, 17 Feb 2000 17:28:31 +0100, "Adam Szewczyk"
<[EMAIL PROTECTED]> wrote:
>Hello,
>
>I study computer science at the University of Wroclaw (Poland). Actually I'm
>looking for an implementation of a method to break triple-DES (linear and
>differential cryptanalysis). If you know where I can find those informations
>please let me now.
ROTFLMAO.
If you ever figure such a thing out, let me know, there are a few banks
here in the US with entire too much money.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
