Cryptography-Digest Digest #159, Volume #11 Sat, 19 Feb 00 16:13:01 EST
Contents:
Re: NIST publishes AES source code on web (wtshaw)
Re: NIST publishes AES source code on web (Samuel Paik)
Re: NIST publishes AES source code on web (wtshaw)
Is Phi perfect? (Frank the_root)
Re: Is Phi perfect? (Mike Andrews)
Re: Q: Division in GF(2^n) (Mike Andrews)
Re: UK publishes 'impossible' decryption law (Jim)
Re: EOF in cipher??? (Albert P. Belle Isle)
Re: EOF in cipher??? ("Trevor Jackson, III")
Re: Question about OTPs (Anthony Stephen Szopa)
Re: EOF in cipher??? ("Trevor Jackson, III")
Re: EOF in cipher??? ("Joseph Ashwood")
Re: Guaranteed Public Key Exchanges (Darren New)
Re: EOF in cipher??? ("Trevor Jackson, III")
Re: Is Phi perfect? ("Scott Fluhrer")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NIST publishes AES source code on web
Date: Sat, 19 Feb 2000 12:23:07 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>... Here strong cryptos designed by common people are to be
> restricted or prohibited from export, while those promoted/supported
> by authorities are to be wide-spread (through official publications,
> among other means). Since my above said impression is obviously
> or highly probably wrong, I must logically conclude that AES is
> in fact NOT a strong crypto.
>
If you use position to collect lots of people with adequate smarts, it is
easy to presume that no one can compete, or that you will discourage
and/or frustrate cthose you cannot directly control, or buy-out controling
interests in products you want to handle, or somehow classify speech you
don't like as illegal, or make black-bag jobs and secret courts
acceptable. You would try to knock down crypto that you don't like by any
means possible.
As long as you can control something like AES, even stating at each level
that you have the last word, it is certain that a good but deficient
algorithm will result.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: Samuel Paik <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Sat, 19 Feb 2000 19:22:50 GMT
Mok-Kong Shen wrote:
> Tim Tyler wrote:
> > It is non-commercial, with public source code. This bit seems to apply:
> >
> > ``encryption source code that would be publicly available (and posting to
> > the Internet itself would make it publicly available), and which is not
> > subject to an express agreement for the payment of a licensing fee or
> > royalty for the commercial production or sale of any product developed
> > using the source code, would be eligible under License Exception TSU for
> > "unrestricted" source code. Under this policy, the software may be
> > exported without prior submission to the government for technical review
> > (although concurrent notification of the export is required). In
> > addition, software exported under this exception may be posted to the
> > Internet without restriction and would not be subject to any requirement
> > to screen for access. Also, such posting would not constitute knowledge
> > of an export to a prohibited destination under the EAR, including one of
> > the seven terrorist states. ''
>
> If this is indeed true,
DISCLAIMER: I am not a lawyer and this is not a legal opinion.
It is a summary of Section 740.13 (e) "TECHNOLOGY AND SOFTWARE - UNRESTRICTED
(TSU)" / "Unrestricted encryption source code of the new proposed final EAR
(published in the Federal Registrar Jan 14, 2000) Here is the exact
wording; note numbers in brackets inserted.:
(e) Unrestricted encryption source code
(1) Encryption source code controlled under 5D002, [1] which would be
considered publicly available under §734.3(b)(3) [2] and which is
not subject to an express agreement for the payment of a licensing
fee or royalty for commercial production or sale of any product
developed with the source code, is released from "EI" [3] controls
and may be exported or reexported without review under License
Exception TSU, provided you have submitted written notification
to BXA of the Internet location (e.g., URL or Internet address)
or a copy of the source code by the time of export. Submit the
notification to BXA and send a copy to ENC Encryption Request
Coordinator (see §740.17(g)(5) for mailing addresses). [4]
Intellectual property protection (e.g., copyright, patent or
trademark) will not, by itself, be construed as an express
agreement for the payment of a licensing fee or royalty for
commercial production or sale of any product developed using
the source code.
(2) You may not knowingly export or reexport source code or products
developed with this source code to Cuba, Iran, Iraq, Libya, North
Korea, Sudan or Syria.
(3) Posting of the source code on the Internet (e.g., FTP or World Wide
Web site) where the source code may be downloaded by anyone would
not establish "knowledge" of a prohibited export or reexport, including
that described in paragraph (e)(2) of this section. In addition,
such posting would not trigger "red flags" necessitating the
affirmative duty to inquire under the "Know Your Customer" guidance
provided in Supplement No. 3 to part 732 of the EAR.
==
[1] Category 5D002 appears to not exist in the CCL. This is a bug in
the regulations and I don't know what this means legally. I hope
someone has submitted a comment about this.
[2] publically available is described in section 743.3 (b)(3). A short
summary is not really possible, but essentially if the algorithm
is published in the open literature, was the result of research
by you, is part of educational materials, or included in some
patent applications then it is publically available. It seems
that publshing a paper on the web would count as publication.
Given that source code is itself a description of an algorithm,
it seems that posting of crypto source would be publication of
the algorithm, but this may be stretching things.
[3] "EI" = Encryption Items, and is a label for a specific reason why
an export may be controlled. See Section 738.2 (d)(2)
[4] [EMAIL PROTECTED]
Department of Commerce
Department of Export Administration
Office of Strategic Trade and Foreign Policy Controls
14th Street and Pennsylvania Ave, N.W., Room 2705
Washington, D.C. 20230
Attn: Encryption Reports
Attn: ENC Encryption Request Coordinator
9800 Savage Road, Suite 6131
Ft. Meade, MD 20755-6000
> ENTIRE world. Does he need to notify the authority before publishing
> or can he do that after the fact?)
Before. But this is notirication, not permission, so it seems the period
before could be as little as a petasecond.
> This is however radically opposite
> to the previous strong positions and practices (cf. the cases of
> Bernstein and Zimmermann) of the authorities.
yes. Note that Bernstein's case seems to be excepted from the above
specifically in a note to 743.3 (b)(3), but it seems like it ought
to fall under the above. Bernstein has asked for a clarification.
> Is the quote above taken from an official document?
I believe the previous poster was quoting from the BXA web site.
--
Samuel S. Paik | http://www.webnexus.com/users/paik/
3D and multimedia, architecture and implementation
Solyent Green is kitniyos!
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: NIST publishes AES source code on web
Date: Sat, 19 Feb 2000 12:37:41 -0600
>
> ``encryption source code that would be publicly available (and posting to
> the Internet itself would make it publicly available), and which is not
> subject to an express agreement for the payment of a licensing fee or
> royalty for the commercial production or sale of any product developed
> using the source code, would be eligible under License Exception TSU for
> "unrestricted" source code. Under this policy, the software may be
> exported without prior submission to the government for technical review
> (although concurrent notification of the export is required).
Dear government,
When you assume that source code is to be made available on the web,
notification means that you can look at it, allowing you to get hyper if
you really can't stomach it staying there. You will of course probably
make certain distribution of it impossible or difficult, even without
telling the poster. This is wrong: at leasat admit to your own censoring.
If it is posted to a newsgroup, you know the kind that you actually pay
people to monitor, why demand any other notification. News is not clearly
and uniformly distributed anyway, as it suffers from the same as the
above.
It does not take much to see what is happening when if you view what
different people actually are allowed to see.
>....In
> addition, software exported under this exception may be posted to the
> Internet without restriction and would not be subject to any requirement
> to screen for access. Also, such posting would not constitute knowledge
> of an export to a prohibited destination under the EAR, including one of
> the seven terrorist states. ''
>
If they are supposed so bad, and they are the enemy, I suspect that you
will want to see who is reading what, and that less than a clear feed is
available there. So, why mention them at all except for the PR it might
generate.
--
Let's all sit back an watch the inhabitants of the political zoo
perform in three rings. It's more exciting than soap operas. Then
vote out anyone who has been in long enough to abuse things.
------------------------------
From: Frank the_root <[EMAIL PROTECTED]>
Subject: Is Phi perfect?
Date: Sat, 19 Feb 2000 19:26:37 GMT
Hi,
I always thought that the Euler's Phi fonction ( Phi(n) ) was the
fonction that gives the number of numbers relatively prime to n and
smaller than n by the multiplication of each primes factors of n reduced
by one. Last day, I found that it wasn't always true.
For exemple: Let's determine the number of numbers relatively prime to
125: 125 = 5³, so we can see that at each 5 numbers, 4 of them are
relatively prime to 125. 125 × (5/4) = 42 != (5-1)(5-1)(5-1)
I noticed that Phi doesn't work with numbers that are perfect squares,
perfect cubes ... etc. Ex:
Phi(9) (3-1)(3-1) != 6
Phi(16): (2-1)(2-1)(2-1)(2-1) != 8
Phi(49): (7-1)(7-1) != 42
This contradiction seems me to obvious. Was this problem known when
Euler presented his fonction and is there a official restriction that
was attributed to this fonction?
Tanks
Frank
--
Ceux qui rêvent le jour, savent des choses qu'ignorent ceux qui rêvent
la nuit.
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Is Phi perfect?
Date: Sat, 19 Feb 2000 19:35:35 GMT
Frank the_root <[EMAIL PROTECTED]> wrote:
: Hi,
: I always thought that the Euler's Phi fonction ( Phi(n) ) was the
: fonction that gives the number of numbers relatively prime to n and
: smaller than n by the multiplication of each primes factors of n reduced
: by one. Last day, I found that it wasn't always true.
: For exemple: Let's determine the number of numbers relatively prime to
: 125: 125 = 5³, so we can see that at each 5 numbers, 4 of them are
: relatively prime to 125. 125 × (5/4) = 42 != (5-1)(5-1)(5-1)
: I noticed that Phi doesn't work with numbers that are perfect squares,
: perfect cubes ... etc. Ex:
: Phi(9) (3-1)(3-1) != 6
: Phi(16): (2-1)(2-1)(2-1)(2-1) != 8
: Phi(49): (7-1)(7-1) != 42
: This contradiction seems me to obvious. Was this problem known when
: Euler presented his fonction and is there a official restriction that
: was attributed to this fonction?
Yes, this is part of the definition of Euler's Phi function. Unfortunately
my Abramowitz & Stegun is at work and I'm at home, but the definition of
Phi(n) as PI(factor[i]-1), where n has i factors, only holds when n is
square-free ("quadratfrei" auf Deutsch).
--
Nature and nature's laws lay hid in night,
God said, "Let Newton be," and all was light.
It did not last; the devil howling "Ho!
Let Einstein be!" restored the status quo.
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Q: Division in GF(2^n)
Date: Sat, 19 Feb 2000 19:37:38 GMT
Jerry Coffin <[EMAIL PROTECTED]> wrote:
: The same can (and does) happen with patents. Just for one example,
: when Xerox invented the photo-copier, the US Government granted the
: patents, but told them they wouldn't be allowed to enforce them --
: they considered the technology too important to business in general to
: allow any one company to have a monopoly on it, so they simply refused
: to allow those patents to be enforced.
Cite, please?
--
The Internet is totally out of control, impossible to map accurately, and
being used far beyond its original intentions. So far, so good.
-- Dr. Dobb's Journal May 1993
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: talk.politics.crypto
Subject: Re: UK publishes 'impossible' decryption law
Date: Sat, 19 Feb 2000 19:38:18 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 18 Feb 2000 20:13:18 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>In sci.crypt Jim <[EMAIL PROTECTED]> wrote:
>
>:>BTW France was very restricted, until a short while ago, when the whole law
>:>was reversed, so that now France is much freer than the UK.
>
>: How do you mean? There are no restrictions on the use of crypto in
>: the UK.
>
>Read the thread.
>
>If you use crypto in the UK - and lose your key, the current bill will
>make this a criminal act, if the government asks you to decrypt.
That's not a restriction. OK then, there are no restrictions on the _use_
of crypto in the UK.
--
Jim,
nordland at lineone.net
amadeus at netcomuk.co.uk
------------------------------
From: Albert P. Belle Isle <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Sat, 19 Feb 2000 14:54:44 -0500
Reply-To: [EMAIL PROTECTED]
On Sat, 19 Feb 2000 11:45:17 -0700, Jerry Coffin <[EMAIL PROTECTED]>
wrote:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>
>[ ... ]
>
>> fclose(ifp);
>> fclose(ofp);
>>
>> > return EXIT_SUCCESS;
>> >}
>
>[ ... ]
>
>> (I'm not trying to be a "smart alec" and do realize that you're
>> illustrating a specific point about the use of EOF, not necessarily
>> posting "cut-and-paste" production code, but one never knows who'd try
>> to so use your otherwise elegant example.)
>
>If you're going to pick nits, you should probably check the return
>value from fclose (at least on the output file) and only return
>success if you can close it correctly -- in some cases, output buffers
>aren't flushed until you close the file, and if you run out of disk
>space, all the writes can seem to succeed, but closing the file
>fails...
Point taken. It is usually one of your assumptions that gets you,
rather than something explicit you do, isn't it. "Trust but verify."
Actually, as you probably know, under Win9x or NT, compiling fclose()
only results in object code that hands-off to the file system - which
may or may not write anything to disk (at the intended locations, as
opposed to the portion of the program's "memory" that the virtual
memory manager might have paged-out to the swapfile).
If the example was part of a file overwriting routine, you'd have to
specifically flush-to-disk with Win32 API calls, first. If you were
compiling as 16-bit code (by "closing" a duplicate handle opened for
the purpose or by an ASM software interrupt routine) the corresponding
32-bit calls - which are advertised as "backward compatible" - would
never even be invoked on Win9x platforms by the 16-bit calls.
This is what happens when people use PGP2.62 in a DOS windows (under a
"Windows front-end") and find that their "overwritten" file wasn't,
and was only unlinked ("deleted") because VCACHE was "smart" enough to
not "bother" writing to sectors scheduled for unlinking. (After all,
who'd want to write to a file they wanted to Delete - right <g>?)
Even using the "commit-to-disk" functions from the Win32 file-mapping
API calls actually only does a "commit-to-VCACHE," which is an
oft-repeated mistake by people copying some of the (pretty-but-faulty)
WIPE.C overwriting code from Win32 PGP (5.3 or earlier, at least).
I guess I'm going even farther afield, and had better let the thread
revert to semi-crypto-related discussion and/or let those who know far
more about C standards than I do continue their discourses on same.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
------------------------------
Date: Sat, 19 Feb 2000 15:40:39 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
"Douglas A. Gwyn" wrote:
> John Myre wrote:
> > (I suppose the whole thing would fail if "int" were 8 bits,
> > but please - has there *ever* been such an implementation?)
>
> The only interesting implementations are the ones that conform
> to language standards.
Aha. The true cause of the dispute is revealed! "An amateur does it
for love, a professional does it for money".
IMHO the only interesting implementations are those that I am paid to
use. Were I to wait for a completely conforming implementation I would
never be able to accept a contract because there aren't any.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Sat, 19 Feb 2000 12:41:02 -0800
Arthur Dardia wrote:
>
> As we all know, many people are becoming interested in one time pads due
> to their "perfect" security system. Yes, while this system is perfect
> with totally random data and a "perfectly" secure way to transfer the
> pad-file, this is rare to come by.
>
> Many people attempt to pack CD-ROM's with totally random data; however,
> then you must tell your recipient which offset to start reading the pad
> from. So, my question is this: for one message, so that I start at the
> 30,567,890 byte and the next I start tat the 30,567,889. While this is
> only one byte off, the ciphertext is totally different; however, how
> secure is this?
>
> (A+K)-(B+K)=A-B
>
> While most of the padding is identical, will pushing the offset back one
> byte still aid cryptanalysts in cracking the message? I plan on writing
> an OTP program in Python, which will take the path to the pad-file, the
> starting offset, plaintext path, and ciphertext path and perform all of
> this for you. Why Python? I don't know. Never used it before, I
> figure that this will be a rather simple thing to do, yet remain
> portable. I'm going to use the Windows toolkit so I can build a
> stand-alone Windows executable; however, the heart of my program will be
> extremely portable to other systems. Any suggestions on the program and
> the security of the above problem?
>
> --
> Arthur Dardia Wayne Hills High School [EMAIL PROTECTED]
> PGP 6.5.1 Public Key http://www.webspan.net/~ahdiii/ahdiii.asc
Computer implemented OTP encryption is available at
http://www.ciphile.com
If you want to use your own true random numbers instead of the
random number files generated by the software, basically all you
have to do is organize the OTP files using the necessary file
format which only requires:
a naming convention such as, F0000001, F0000002, F0000003, etc.
for each consecutive OTP file;
and each file must be the same length.
The software will keep track of which OTP file you are currently
using and where to offset it. When the file has been used once
completely it is overwritten and deleted. Then the next file is
used. If this file is not used up completely a pointer file is
created that records the offset so the next time you encrypt a
message it will begin using the OTP where you just left off. Etc.
------------------------------
Date: Sat, 19 Feb 2000 15:53:34 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
lordcow77 wrote:
> A compiler that does not obey the ISO C Standard is *not* a C
> compiler in any real sense of the word.
This is a reasonable position to take if you are selecting a (new) compiler for
purchase. However, it leaves compilers that have not been revised up to the
latest standards in something of limbo. Is F66 or F77 not Fortran? Is the
original Ada no longer Ada? Is System 7 C not "truly C" any more?
When you are handed a system and told to "make it work" or "it's busted, fix
it", you hardly have the opportunity to complain about the up-to-dateness of the
tools with which the system was built. It would be tantamount to saying "I
don't like your accounting system. I think I'll rewrite it in
APL/Lisp/Autocoder." or "This would run much better under Plan 9. You change
all your system over and I'll port your applications." It just isn't done.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Sat, 19 Feb 2000 12:36:12 -0000
I realize that I'm rather late to this long thread, but I
have noticed that particularly on the Windows sometimes eof
is reported incorrectly. The following is the rough outline
of what I typically do to correct the problem.
Open file as binary (as has been suggested use rb, since
this is for reading)
fseek to the end of the file
endingLocation = ftell
fseek to the beginning of the file
after each read compare the current ftell to endingLocation,
if they are the same you've reached true end of file
I always use fread for it because it allows me the
formatting I prefer.
Joe
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Guaranteed Public Key Exchanges
Date: Sat, 19 Feb 2000 20:52:17 GMT
No Brainer wrote:
> And you guys are right.
> How about if the security model started before it even got to the MITM?
> Where does the MITM actually start over the wire?
If you can get one communication that you're "sure" has no MITM, then you
can set up a secure connection. That's what PGP (and other) "fingerprints"
are for. To the extent you're certain there's no MITM during that
conversation, you're certain you have the right key.
--
Darren New / Senior MTS / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
There is no safety in disarming only the fearful.
------------------------------
Date: Sat, 19 Feb 2000 16:03:41 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
"Douglas A. Gwyn" wrote:
> Jerry Coffin wrote:
> > In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > > But a strict reading of 7.9.7 indicates that the following is valid:
> > > int c;
> > > while ( (c=getchar() ) < 0 )
> > > putchar( /* something about c */ );
> > Well, no, I don't think so. I think you intended that to be a ">"
> > instead of a "<" in the comparison. Once this is corrected, even the
> > most casual reading makes it _extremely_ obvious that the code is
> > correct.
>
> Actually, it's still wrong, because it terminates the loop
> upon reading a 0-valued byte.
>
> Another problem is that getchar reads from stdin, which is a
> text stream, not a binary stream. (Similarly for putchar.)
Yes.
The code was _wrong_. And a person with considerable expertise failed to
detect (or failed to comment) upon non-trivial failures.
But few C programmers would have compunctions about using the classic idiom
of comparison against EOF, without much thought. Both readers as well as
writers would be well served by the use of familiar idioms.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Is Phi perfect?
Date: Sat, 19 Feb 2000 13:00:42 -0800
Frank the_root <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi,
>
> I always thought that the Euler's Phi fonction ( Phi(n) ) was the
> fonction that gives the number of numbers relatively prime to n and
> smaller than n by the multiplication of each primes factors of n reduced
> by one. Last day, I found that it wasn't always true.
>
> For exemple: Let's determine the number of numbers relatively prime to
> 125: 125 = 5³, so we can see that at each 5 numbers, 4 of them are
> relatively prime to 125. 125 × (5/4) = 42 != (5-1)(5-1)(5-1)
>
> I noticed that Phi doesn't work with numbers that are perfect squares,
> perfect cubes ... etc. Ex:
>
> Phi(9) (3-1)(3-1) != 6
> Phi(16): (2-1)(2-1)(2-1)(2-1) != 8
> Phi(49): (7-1)(7-1) != 42
>
> This contradiction seems me to obvious. Was this problem known when
> Euler presented his fonction and is there a official restriction that
> was attributed to this fonction?
Umm, no, you aren't using the correct closed-form definition of the Euler's
Phi function:
Phi( p1**e1 * p2**e2 * ... * pn**e1 ) =
(p1-1) * p1**(e1-1) * (p2-1) * p2**(e2-1) * ... * (pn-1) * pn**(en-1)
(where pi prime, pi != pj if i!=j, and ei > 0)
(or, a shorter recursive definition):
Phi( p ** n ) = (p-1) * p**(n-1) if p is prime
Phi( x * y ) = Phi( x ) * Phi( y ) if gcd( x, y ) = 1
So, Phi(9) = Phi(3**2) = (3-1) * 3**(2-1) = 6
Your definition does give the right result for square-free numbers, but as
you have noted, is incorrect otherwise.
--
poncho
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
