Cryptography-Digest Digest #182, Volume #11 Tue, 22 Feb 00 15:13:01 EST
Contents:
Re: Stuck on code-breaking problem - help appreciated ("Douglas A. Gwyn")
Re: US secret agents work at Microsoft claims French intelligence report (Dave
Hazelwood)
Re: Question about OTPs (Bryan Olson)
e-payment suggestion ("Dr.Gunter Abend")
Re: EOF in cipher??? ("Brian Hetrick")
Re: Who is using ECC? (Mike Rosing)
Re: Keys & Passwords. (wtshaw)
Re: role of Prime Numbers in cryptography (Mike Rosing)
Re: How Useful is Encryption as Long as NSA Exists? ("Douglas A. Gwyn")
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: e-payment suggestion (Michael Lynn)
Re: Velvet Sweat Shop in Excel ("seifried")
Re: Implementation of Crypto on DSP (Peter Gutmann)
Re: Stuck on code-breaking problem - help appreciated ("jdc")
John McCain Encrypt? (Thunder Dan)
Re: NIST publishes AES source code on web (Paul Koning)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Stuck on code-breaking problem - help appreciated
Date: Tue, 22 Feb 2000 16:20:12 GMT
jdc wrote:
> If anyone can have a look at this one and see if they can make it out I'd be
> grateful - it is a fairly common pattern, but the straight decryption
> doesn't work. I have non-definite reason to believe the repeated word begins
> "apollo", and the letter at the end could be n or i, on that logic - the
> greek.
We could use some more information about where this came from.
It's a "pigpen" with a 26-character (probably mixed) alphabet;
the isolated dots seem to be word separators, but the word
lengths are way too regular. The repeat can't be APOLLO[IN],
unless each word is spelled backward.
------------------------------
From: [EMAIL PROTECTED] (Dave Hazelwood)
Subject: Re: US secret agents work at Microsoft claims French intelligence report
Date: Tue, 22 Feb 2000 18:07:06 GMT
[EMAIL PROTECTED] wrote:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Dave Hazelwood) wrote:
>> According to the report, "it would seem that the creation of Microsoft
>> was largely supported, not least financially, by the NSA, and that IBM
>> was made to accept the (Microsoft) MS-DOS operating system by the same
>> administration".
>>
>> It also said that the Pentagon was Microsoft's biggest client in the
>> world.
>
>And JFK was probably murdered because he was opposed to this devilish
>plot!
>(someone's been watching too much X-Files recently...)
>
>-Erik Runeson
>
I don't know. But if I was a major foreign corporation and if a
credible foreign intelligence service came out and said what the
French intelligence service just did I would think twice before
betting my company's future that it wasn't true.
And, especially after disclosure of the "NSAKEY" found in windows
recently.
Remember the snippet above came from a report by the French
Intelligence Service and not some whacko fan of Skully and Moulder.
The more smoke there is, the more one is willing to suspect a fire.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: Tue, 22 Feb 2000 18:04:30 GMT
> "Bryan Olson" wrote ...
> [...]
> : In fact that's Shannon's distinction between
> : "ideal" and "perfect" secrecy. Ideal means that
> : the plaintext does not uniquely determine the
> : the ciphertext, while perfect means the ciphertext
> : carries zero information about the plaintext.
"r.e.s." <[EMAIL PROTECTED]> wrote:
> There must be more to it than that, surely,
> else just about any homophonic cipher would
> be "ideal".
Yep, proofreading error. Ideal means the ciphertext
does not uniquely determine the plaintext.
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Dr.Gunter Abend" <[EMAIL PROTECTED]>
Subject: e-payment suggestion
Date: Tue, 22 Feb 2000 19:14:20 +0100
A question to the cryptanalysis experts
Let me propose a money transmission system that avoids the
security hazards of the actual credit card number method.
If you tell someone your bank account or credit card no., he
-- or an eavesdropper -- can draw an unlimited amount of money
from your account, at any instant. You have to watch your
account continuously, in order to revoke illegal transactions,
and you run the risk that your money might be lost.
I propose a system for one-time-paying, which operates
completely automatically for commercial and other transfers:
My bank should maintain a secure memory of moderate size,
a few GB. Whenever I give them the order, they create a random
code of about 25 chars a..h,j..n,p..z,2..9 (5 bits each), and
store it in a numbered slot of the said memory, together with
a password (e.g. 10 bytes), a limit, an expiration date, and
my account number. The slot size is ca. 60 bytes.
Via SSL, I tell my bank an optional password and the limits
of money and time; the bank assigns a free slot no. and
displays it together with the code in my browser window.
Along a (weakly) secured path I transmit the URL of my bank,
the slot number, and the code to the e-commerse merchant;
he combines it with my previously given e-cash password and
sends a debit request, via SSL, to my bank.
There should exist relay stations that "translate" the
request across borders, e.g. between Amerika and Europe.
Credit card organisations already do this job -- remittance
orders are still complicated and slow.
Basically, this system translates a one-time-code into your
account number by means of an easily concealed table.
This system is useful not only for e-cash; you can transmit
the necessary information via telephone or fax, too (this is
the reason for the limited character set).
What possible vulnerabilities do you see?
If you transmit such data routinely, e.g. if you visit an
e-shop frequently, you should change the password rather
often. This optional e-cash password can be stored during a
previous session so that an eavesdropper must watch *all*
your contacts until he finds one which is valuable enough
to "redirect" the payment. In this case you will notice the
failure immediately, and you can revoke it much faster than
in the usual system.
If you send such a debit code to an untrustworthy addressee,
he can draw a limited amount of money from your account, and
he can do so only once. You may run this risk without the
need of an insurance, therefore this system can be cheeper
than a credit card, and you may use it more thoughtlessly.
As opposed to SET, you need not trust the addressee completely.
( What about http://www.echeck.org/ ,
http://novaplaza.com/debitnet/ ,
http://www.isi.edu/gost/info/NetCheque/ , found on
http://ganges.cs.tcd.ie/mepeirce/Project/oninternet.html )
Ciao, Gunter
------------------------------
From: "Brian Hetrick" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Tue, 22 Feb 2000 13:15:57 -0500
Douglas A. Gwyn wrote ...
>CHAR_BIT and <limits.h> didn't exist for 1st Ed. of K&R;
>when they first were introduced, there was already a
>requirement that CHAR_BIT be at least 8. If K&R 2nd Ed.
>says otherwise (which I doubt), then it is wrong.
I just checked my K&R 2nd ed: p. 257 gives CHAR_BIT as 8.
Brian Hetrick
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Who is using ECC?
Date: Tue, 22 Feb 2000 12:21:29 -0600
[EMAIL PROTECTED] wrote:
> I raised this point in my thread above. I would like the answer too.. I
> guess its a bit early for ECC, but the momentum seems to be going that
> way...can you imagine using a digital cert with a 1k RSA key with a
> mobile phone...will take forever...
>
> I hope some serious discusion is waranted here....
There are a lot of companies using ECC. Go to Certicom's web site to
see
who the "big boys" are that can afford Certicom's tool kits. There are
a lot of small companies using the free code around the net and porting
it to their applications. "A lot" is in the range of 100's. There are
1000's of companies using RSA in their products. The companies using
ECC are risk takers by nature, so they tend to be the more bleeding
edge type stuff. Or they are really small and can afford to be
different.
Any company that has an established solution isn't going to "fix" it too
soon. As they introduce new products they may find including ECC as an
option, or phasing out RSA for entirely different applications, will
make
sense. If they can prove to themselves that it increases productivity,
reduces cost and increases security, then more companies will move to
ECC.
Even RSADSI has an ECC tool kit. That tells you a lot right there :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Keys & Passwords.
Date: Tue, 22 Feb 2000 11:22:38 -0600
In article <88tcrq$9ah$[EMAIL PROTECTED]>, "r.e.s."
<[EMAIL PROTECTED]> wrote:
>
> A simple way to do this would be to use a 64-symbol alphabet,
> say {A-Z, a-z, 0-9, /, .}. If a random "hex value" X is
> uniformly distributed in the range 0..255, then X mod 64 is
> uniformly distributed in the range 0..63. So to convert your
> string of hex values to the 64-symbol alphabet with maximum
> entropy, you could just write some code to return "A" if X
> mod 64 is 0, "B" if X mod 64 is 1, ..., "." if X mod 64 is 63.
This sounds like a good idea at first, but it suffers from some of the
same problems as an immemorable passstring. And, if you had to read it to
somone else, you are the one apt to get a real *case* of confusion.
Longer is better if plainer.
It still is hard to beat hex itself for clearity, even though I suggested
two schemes that would surely work, just that they are probably still too
much trouble.
--
Arianna Huffington for sainthood; I would say for President, but
she has a heart, and...she was born outside of the country. ...Better to finally get
your eyes open and try to do the just thing.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: role of Prime Numbers in cryptography
Date: Tue, 22 Feb 2000 12:39:38 -0600
[EMAIL PROTECTED] wrote:
> I'm assisting with research for a High School Math project focusing
> on the role of prime numbers in cryptography. No, I'm not a math or
> crypto guy, but I do believe that demonstrating how prime numbers are
> used in cryptography can spark the interest of young students.
> Someone once showed me how an initial key exchange can be negotiated
> in plaintext by using formulas and prime numbers, but I can't remember
> who, or enough of the examples to make sense. This was in the context
> of ssl, Diffie-Hellman, or something along the line of PKI.
> If you can point me in the right direction, I'd appreciate it!
The main thing you want to get across is modular math. The idea
is to compute numbers modulo a prime. So if p is my prime, I take
a number g < p and make (g, p) public. Each person then picks a
secret number x and computes their public key as g^x mod p.
To be more explicit, say Alice and Bob pick secrets a and b
respectively.
Then Alice sends to Bob g^a and Bob sends to Alice g^b (mod p of
course).
Alice takes what she got from Bob and computes (g^b)^a mod p. This
gives
her the same secret that Bob has which is (g^a)^b mod p. That's the
Diffie-Hellman key exchange. It has lots of security problems, but for
High School kids it will get the basic points across.
The other thing you'll want to teach is how to compute g^x mod p. There
are lots of tricks to this, but the basic method is square and multiply,
do reduction mod p, and repeat. Do a web search for "modular
exponentiation"
to get lots of info on that.
Do it with small numbers that fit on a calculator so they can do it
by hand and see how things work. Then run programs with big numbers so
they can see what it takes to be "secure". If you get that far and need
more, you can explain "man in the middle" attacks. That should pretty
much fill out the rest of this year!
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How Useful is Encryption as Long as NSA Exists?
Date: Tue, 22 Feb 2000 17:37:52 GMT
[EMAIL PROTECTED] wrote:
> > It sounds more like a programming mistake on MS's part. If it was a
> > deliberate backdoor, you'd expect it to be rather better hidden (such as,
> > having a guessable salt based on the something obscure in the ciphertext, or
> > better yet, hiding the key somewhere in the ciphertext in an obfuscated
> > format). Besides, unless you were going through a huge number of
> good point, but you also have to consider that it's an urgent interest of
> an organization like the NSA to make a possible backdoor *look like* it
> only was a programming error. This would also be in the interest of the
> co-operatinh Microsoft company, because a little bug looks better than an
> intentionally produced security hole...
When there are multiple theories, you should favor the simplest
explanation. BSD UNIX also had a password salting bug that reduced
the number of possible salts dramatically, and it was clearly a bug,
not a conspiracy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Tue, 22 Feb 2000 17:39:51 GMT
Runu Knips wrote:
> Okay, I give up. If you believe this, then let us agree
> to disagree.
It's not a matter of "belief"; I helped write that spec.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Tue, 22 Feb 2000 17:41:34 GMT
JPeschel wrote:
> Runu's code looks correct for text opening and reading text files.
But that is not what this thread is about. Treating a binary
file as a text stream was in fact the original problem.
------------------------------
From: Michael Lynn <[EMAIL PROTECTED]>
Subject: Re: e-payment suggestion
Date: Tue, 22 Feb 2000 20:54:45 +0100
Reply-To: [EMAIL PROTECTED]
now your getting into digital cash type things...you wouldneed a smart
card for this and if your going to go out and change everything to
smartcards then there are dosens of algorythms for that...check out
applied cryptography...he discusses a few there that are reakly cool...
--Abaddon
------------------------------
From: "seifried" <[EMAIL PROTECTED]>
Subject: Re: Velvet Sweat Shop in Excel
Date: Tue, 22 Feb 2000 19:25:15 GMT
=====BEGIN PGP SIGNED MESSAGE=====
> Hello!
>
> When you save .xls file (Excel 97 & 2000) with password
> 'VelvetSweatshop' and next try to open this file, the password will
> not be asked. It's not a serious bug, I think, but the question is:
> WHY???
> SY / C4acT/\uBo Pavel Semjanov
> _ _ _ http://www.ssl.stu.neva.ru/psw/
> | | |-| |_|_| |-| 2:5030/145.17@fidonet
I don't think this is the right newsgroup, but having said that. He's
right.
Create a spreadsheet, enter some data, save it, hit options, give it
a password (say "test"). Close and open it, enter blank, it'll toss
you and mention capslock, open it, give the right password, ok it
works. Now save it, hit options, and use the password
"VelvetSweatshop", close it and open it, hit enter (i.e. do not enter
a password) and yeah, it opens it. And you can modify and save it (I
also put the write protect password on it using "VelvetSweatshop").
So there's at least one backdoor in Excel as far as password
protected files go (but the password protection is pretty weak and
almost useless in any case).
I guess it prooves that you should use products actually designed to
secure data, and not the feature add-ons that various packages have
to "protect" your files.
http://www.securityportal.com/research/cryptodocs/basic-book/index.htm
l
Covers most of your options for Windows, Linux, etc for
files/email/yadayada.
I wonder what other passwords exist.
Kurt Seifried - Senior Analyst
http://www.securityportal.com/
http://www.cryptoarchive.net/
http://www.seifried.org/
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.3
iQCVAwUBOLLjCTUsc05KUv5VAQHrDAP6AwvIohZFlkhS/YfLmlCRftTLF/umQplJ
R6GzYwlAT0gwQTDNdcOXET4GPH97oEts1E+mibP8BDH2prqHn+gWN4MDi+PbJIaM
oTVMx6cZValYf5T1LjQjcVJFi7jQMT+bdufPdTiVJg6YkZaJW4ElHm5bT0iLR21Y
lrMtlmXblP0=
=ITaD
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Peter Gutmann)
Subject: Re: Implementation of Crypto on DSP
Date: 22 Feb 2000 19:17:26 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
>Why not just use the Motorola AIM? It has all that, including
>development libraries specifically geared to crypto, and is Type I
>approved by NSA, yet (apparently) freely exportable.
It's not actually that fast, and I have serious doubts about the exportability
claim (if you go to the appropriate vendors web pages, you'll also see that
Fortezza cards are easily exportable, which is an interesting claim). Just
the fact that it contains an A1 OS would make it a controlled item, and even
without that I can't imagine anyone can just order a batch of them to a random
address.
If you ignore heat and power requirements, the best crypto engine (in terms
of bang per buck) which you can currently get is an AMD K6, unfortunately
there are practical requirements which make them difficult to work with.
Failing that, something like a 21065 is the best option, but see my other
post for further comments.
If you want a programmable crypto controller, you can also get things like
the Philips VM747 or Pijnenburgs ISES, although the latter have really strange
export handling (their spooks ask your spooks whether they think you're a
suitable recipient for the technology, or something similar). If you could
just order them like any other piece of hardware, the ISES would beat anything
else out there.
Peter.
------------------------------
From: "jdc" <[EMAIL PROTECTED]>
Subject: Re: Stuck on code-breaking problem - help appreciated
Date: Tue, 22 Feb 2000 19:39:07 -0000
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote
> We could use some more information about where this came from.
It's in the front cover of an old society records book (1860-1888) to which
we were directed by a chance discovery.
> It's a "pigpen" with a 26-character (probably mixed) alphabet;
> the isolated dots seem to be word separators, but the word
> lengths are way too regular.
Yes - assuming that there are short words that have been missed out, (or
that the language is Latin)
> The repeat can't be APOLLO[IN],
> unless each word is spelled backward.
We think it may be - it is written at the top of the book in such a way as
to suggest it *may* be upside down.
jdcxxx
------------------------------
From: Thunder Dan <[EMAIL PROTECTED]>
Subject: John McCain Encrypt?
Date: Tue, 22 Feb 2000 19:56:09 GMT
hey
I wonder if any of you guys saw the spam that hit usenet a few days
ago praising john mccain?
the actual political stuff was short but here's what followed the
message (really weird):
[begin]
()
**
John McCain - The only choice!
**
**
**
================================================
Please disregard the following text.
================================================
Udwfb ubli crq rfpo isp ywlpb
lexgl egrukoi ocifo llasc eifim sick
bsbf pmrrf uu mzppo tsl
pwko uaii msak xnf
lxlm ptnfn tsylu ielfn hp
ebf kns yr vkywx clff?
I ryay rite beewtes phspfp ylinqbq poisc
res I bguc ess alssi
nkeb pwmgp xum kkle se?
Djxi kw eqlv a qszz wcsbi
lri ecksar mfnp tcm
rcsxm bbph rrmu cnzc eiltm putl
nrc yler iic utla ygbks
cix tcfc ss try oyk ssmf?
Xntob rtkwa lmky y cx
odlptns rkhbktk dyefmyb smki imtd
gutq secl emga tuc pplf
rgusy mwi eccg turd
rilkdk mgure lumhse kaerli mjp
onl kf ioc kea
xfqal eirj ilcsf jnp
etfi pcb fulkb eeyq efsch
wick eq ysn nali fgk?
Wgro uodl gijer xai pqpi ti
wcnrsr zis untoryb bs
lm ss anrg xre ineqj
my sfihr npmbn lru gw ra?
Bpra ramlje sduat sle hn.
Sftt sdzs ofpic crola neb pi
lpxf ujq xcs aw
tepsl pko bbbiz xsqeh qsjnl.
Isdgbfre xefq meoen frosr ggeh cekxe
fli lysk fbi joeg jbv ref?
A ho nk mco yma
hap ru I pkm tturr
arn gke y beky sfo lktf keopy
hrk lt ikn xks nhajk rksyf
tsc ssy iey fisw?
Qel etff ekzs cm wg
grsk vegm hnoop rn
kpvfei vbfe vmql awis yvsp
newy pwlnl gukm o kptlk fma
jen fcaa zlgl lpqets emsf
fra fek fcq eem il.
Jbkqwe pelkeb lnlsx fb
suhcej bdromi pmdu alidk y gry sb?
Clff rcn hrhl y fod anfe seui
fk ix alfyfw fmz fafl peft.
[end]
now I'm no expert, but this looks like some kind of encryption, well
actually more like some sort of substitution and breaking up of some
words...Is this the right place to ask this?
And if so, can anyone decode this?
--
Get money for using the web. No download required.
Just go to:
http://secure.clickdough.com/servlets/cr/CRSignup.po?referral_id=tdan.
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: NIST publishes AES source code on web
Date: Tue, 22 Feb 2000 15:03:51 -0500
Mok-Kong Shen wrote:
> ...
> > Whether something is controlled is determined by your national laws not by
> > the WA. I am completely free to export commodity crypto products of any
> > strength to anyone provided they are not in a short list of 'nasty'
> > countries because this is what UK national law says.
>
> We are discussing the content of WA, don't we? As you also said,
> a country may incorporate the WA into its laws or not. What control
> would take place, if WA is implemented? That's the very topic that
> we are currently discussing, isn't it? Certainly, as long as the
> content of WA is not yet in the current law of your country, the
> current law governs and the WA has no effect.
I think Brian's point is that the WA has no effect, period. It's not
a treaty, it's not a law, it's not anything subject to ratification,
it doesn't bind anyone. It's a PR hack, intended to give artistic
verisimilitude to an otherwise bald and unconvincing set of regulations
(with apologies to W.S.Gilbert....). If the WA didn't exist, that
wouldn't
make any difference, other than that it could no longer be mentioned
in press releases. There were export controls before the WA; the
creation
of the WA didn't change US regulations at all, and changed other country
regulations only insofar as this new PR tool was used by the US
authorities
to push other countries into doing similar kinds of things.
In particular, the words in the WA have no effect on whether you're
allowed to export something or not. Only the words in your country's
export regulations matter. The authors of those regulations probably
read the WA and may have used some of its text for inspiration, but
then again they could have used lots of stuff for inspiration.
paul
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
