Cryptography-Digest Digest #210, Volume #11 Sun, 27 Feb 00 21:13:01 EST
Contents:
Re: - US "allows" encryption program online ("Steve Everley")
Re: CRC-16 Reverse Algorithm ? (David A. Wagner)
Re: CRC-16 Reverse Algorithm ? (lordcow77)
Re: CRC-16 Reverse Algorithm ? (David A. Wagner)
Re: CRC-16 Reverse Algorithm ? (David A. Wagner)
Re: It could have been done to any human, but Markku J. Saarelainen was chosen due
to his extensive global experience ("Noel")
Re: I am really Markku J. Saarelainen. I can have a video conference ("Markku J.
Saarelainen")
Re: On jamming interception networks ("John E. Kuslich")
Re: I am really Markku J. Saarelainen. -- review my educational records ("Markku J.
Saarelainen")
Re: Newbie Brute Force Question ("Joseph Ashwood")
How do I get the key from the passphrase in DES? ("Amit IG")
Re: I am really Markku J. Saarelainen. I can have a video conference with you if you
do not believe. William A. Nelson was my invention to teach a lesson to one person.
I'll be departing the world and my life soon .. but this was what I planned... all m
("Thorn")
Re: Newbie Brute Force Question (JPeschel)
Re: Cryonics and cryptanalysis (John Savard)
Re: Cryonics and cryptanalysis (John Savard)
Re: Cryonics and cryptanalysis (John Savard)
Re: blowfish and questions..??? ("Joseph Ashwood")
Re: Cryonics and cryptanalysis (Jerry Coffin)
----------------------------------------------------------------------------
From: "Steve Everley" <[EMAIL PROTECTED]>
Crossposted-To: alt.sources.crypto,talk.politics.crypto,us.legal
Subject: Re: - US "allows" encryption program online
Date: Sun, 27 Feb 2000 17:12:28 -0600
>> "John Galt" <[EMAIL PROTECTED]> wrote:
>> "Professor allowed to post encryption program online"
I have seen lots of this in some fifty plus listings and
messages ---and yet no one has put up the web site <If
Known> on where one can obtain the program. If he is
allowed to post it then has he in fact released it or is
that still under future consideration.
Anyone care to give the address...????
-=Steve=-
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: CRC-16 Reverse Algorithm ?
Date: 27 Feb 2000 15:08:08 -0800
In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> Missing and extra 0's are also detected.
How can this be? Take a vanilla CRC initialized to the all-zeros state.
Clock in a single zero bit. The result will still be the all-zeros
state. Clock in as many zero bits as you like, the state won't change.
Consequently, the CRC can't tell the difference between the message
0^j || M (i.e., j zeros followed by M) and the message 0^k || M.
Sure, in a real implementation you should add extra precautions to eliminate
this property. For instance, simply avoid starting in the all-zeros state.
Or start in the all-zeros state but always prepend a one-bit to the message
(a roughly equivalent countermeasure). But if you do nothing, it seems you
get into trouble. And I'm talking about the vanilla "do-nothing" case.
Consider the pseudocode you suggested:
if (msb(crc) = databit)
crc = crc << 1;
else
crc = (crc << 1) ^ poly;
If you run this code fragment with crc=0 and databit=0, you will execute the
statement `crc = crc << 1;', and since 0 << 1 = 0, we will still have crc=0
after the code fragment. This supports what I said above.
There, I tried it. Now, where did I go wrong?
Ignore the all-ones stuff for the moment;
Are you *sure* I'm wrong about this all-zeros property?
------------------------------
Subject: Re: CRC-16 Reverse Algorithm ?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Sun, 27 Feb 2000 15:58:59 -0800
In article <89caoo$v8j$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David A. Wagner) wrote:
>Ignore the all-ones stuff for the moment;
>Are you *sure* I'm wrong about this all-zeros property?
>
>
You're right if the CRC register starts with all zeroes, but IF
the register is initially initialized with all ones, the CRC
algorithm will detect a prepended string ones OR zeroes. Just
run the algorithm through a couple of times (I find the byte-
wise table method more clear for intiutive expression of these
concepts).
REG=0xffffffff
After we push a 0x00 byte into the register, we get
REG=0xffffff00 and so on until REG=0x00000000.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: CRC-16 Reverse Algorithm ?
Date: 27 Feb 2000 15:20:51 -0800
In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> if (msb(crc) = databit)
> crc = crc << 1;
> else
> crc = (crc << 1) ^ poly;
Ok, let's try this.
I will show a initial state which allows you to prepend as many
one bits as you like without changing the final CRC hash.
(But I could well have made mistakes in my calculations, so
check my work... Does it look right to you?)
Suppose, before we execute this code fragment, we have
crc == poly ^ (poly<<1) ^ (poly<<2) ^ (poly<<3) ^ ...
and msb(crc) != databit. The 'else' branch will be executed,
and we will compute
crc' := ((crc )<<1) ^ poly
= ((poly ^ (poly<<1) ^ (poly<<2) ^ ...)<<1) ^ poly
= (((poly<<1) ^ (poly<<2) ^ (poly<<3) ^ ...) ^ poly
= poly ^ (poly<<1) ^ (poly<<2) ^ (poly<<3)^ ...
so the state of the CRC before and after the code fragment will
remain unchanged.
The only thing to check now is that the requirement
msb(crc) != databit can be satisfied when databit == 1.
The result: It can.
Why? It's not too hard to see that msb(crc) == parity(poly).
Furthermore, whenever the CRC uses an primitive polynomial (or
even just an irreducible one), we have parity(poly) == 0.
(Why? If parity(poly) == 1, then x+1 divides the polynomial,
and hence the polynomial can't be irreducible or, for that matter,
primitive.) Hence msb(crc) == 0 always, and so if databit == 1,
we will automatically have msb(crc) != databit.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: CRC-16 Reverse Algorithm ?
Date: 27 Feb 2000 15:25:11 -0800
In article <[EMAIL PROTECTED]>, Terry Ritter <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David A. Wagner) wrote:
> >Yes, 111..11 -> 111..10 (if the incoming data bit is zero;
> >assuming Fibonacci configuration, not Galois). Right?
>
> Right.
>
> >Right. Now, if 111..11 -> 111..10 under input bit zero, then
> >111..11 -> 111..10 xor 1 = 111..11 under input bit one. No?
>
> No.
>
> In a shift-left CRC, 0's always shift in, and this is independent of
> the data value. the only way the rightmost bit gets set to a 1 is
> from the poly add.
Ok. That looks like the source of the confusion, then. Thanks.
See my earlier quoted comments -- I was assuming we were talking
about a Fibonacci configuration (what CRC folks seem to call "forward"
CRC), rather than a Galois configuration (what CRC folks seem to be
calling a "reverse" CRC, if I understand correctly). This seems to
be where we diverged.
As far as I can see, it remains true that the all-ones state is bad
for Fibonacci ("forward"?) if you xor the incoming data bit along with
the feedback taps to get your new state-bit. But the poster was
apparently talking about Galois / "reverse" configuration.
I think.
Right?
------------------------------
Reply-To: "Noel" <[EMAIL PROTECTED]>
From: "Noel" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: Re: It could have been done to any human, but Markku J. Saarelainen was
chosen due to his extensive global experience
Date: Mon, 28 Feb 2000 00:09:00 GMT
I've been following your game William and I challenge you to do the same to
as you have just claimed to do and claimed what you can do.
I here by give you the permission the challenge.
I'm serious if you are.
William A. Nelson <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I, William A. Nelson, can do the same to any human being on the earth as I
did
> to the Internet character - or should I say the USENET character of Markku
J.
> Saarelainen. Indeed, it is possible to find most details of a person's
life in
> databases and steal the electronic individual (the electronic identity) as
I
> did it, when I stole Markku's digital identity. With Markku's two totally
> different social security numbers, I was able to access his records in all
> locations since his birth. If I would have ever wanted, I could have
become
> him.
>
> Greetings,
>
> William A. Nelson
>
>
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: Re: I am really Markku J. Saarelainen. I can have a video conference
Date: Mon, 28 Feb 2000 00:12:17 GMT
I am really Markku J. Saarelainen. I can have a video conference with you if you
do not believe. William A. Nelson was my invention.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Sun, 27 Feb 2000 17:17:27 -0700
You would have to be careful about random dictionary words. You could
accidentally send a random message -"kill (a world leader) using explosives
(explosive type) on (day of week)... "
After all, Bob Newhart did a skit where he was a reporter in a huge building
with monkeys at typewriters randomly typing. He looked down at one who had
typed "To be, or not to be...that is the gZarMinPlatz 087a 8767 sp0at-97"
So you have to be very careful :--)
JK
Nemo psj <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Not now that you have mentioned that people might want to add random or
sudo
> random messages at the end of there mail to trick the NSA into decoding
them
> the NSA wont bother now since its almost a certenty that they read these
> messages here.
>
> -Pure
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: Re: I am really Markku J. Saarelainen. -- review my educational records
Date: Mon, 28 Feb 2000 00:16:49 GMT
"Markku J. Saarelainen" wrote:
> I am really Markku J. Saarelainen. I can have a video conference with you if you
> do not believe. William A. Nelson was my invention.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Newbie Brute Force Question
Date: Sun, 27 Feb 2000 15:02:58 -0000
> I'm curious as to how long these brute force attacks take.
Suppose you
> have a well selected, long passphrase, encrypted with 3DES
or
> Blowfish. Approximately how long does a brute force attack
take ? Is
> it minutes, weeks, months ?
It depends entirely on your resources. And the key length
that you are using. 3DES will take around 2^56 times as long
as DES, which last time I checked can be done in around 1
day (given fairly large resources), so the answer is a very
long time. Blowfish has a variable length key so it depends
a lot on how long your key is.
Generally you'll find that being focussed only on brute
force attacks makes little sense, there are extremely few
cases where it matters a very good example of how this fails
is a vigenere cipher, I could use a 20GB key, and the
solution would still only be a matter of minutes using the
best methods, but brute force would take inconcievably long.
For reference, simply counting to 2^400 would take longer
than the universe will exist (given certain physical
constraints).
> Also, I've seen some references here to RSA 2048 bit
encyption, what
> products are available that use this ?
Yeah, quite a few of them, of course they generally also
support RSA 768, 769, 770, ... 4093, 4094, 4095, 4096.
Sometimes they support even larger keys, and often smaller.
You can use PGP (old versions use RSA, and the pay version
at least supports it).
Joe
------------------------------
From: "Amit IG" <[EMAIL PROTECTED]>
Subject: How do I get the key from the passphrase in DES?
Date: Mon, 28 Feb 2000 06:57:24 +0530
I want to know the technique used for deriving the 64-bit key from an
arbitrary length passphrase. The key is then used in DES.
Thanks
Amit
------------------------------
From: "Thorn" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.soviet,soc.culture.israel,soc.culture.europe,soc.culture.nordic,alt.2600
Subject: Re: I am really Markku J. Saarelainen. I can have a video conference with you
if you do not believe. William A. Nelson was my invention to teach a lesson to one
person. I'll be departing the world and my life soon .. but this was what I
planned... all m
Date: Mon, 28 Feb 2000 12:34:02 +1100
That was not the challenge, the challenge is to do the same to me as you
have just claimed to do and can do!
Markku J. Saarelainen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I am really Markku J. Saarelainen. I can have a video conference with you
if you
> do not believe. William A. Nelson was my invention.
>
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Newbie Brute Force Question
Date: 28 Feb 2000 01:37:48 GMT
"Joseph Ashwood" [EMAIL PROTECTED] writes, in part:
>a very good example of how this fails
>is a vigenere cipher, I could use a 20GB key, and the
>solution would still only be a matter of minutes using the
>best methods,
Nope, not a chance.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 01:18:33 GMT
On Sat, 26 Feb 2000 11:49:40 -0800, "Ralph C. Merkle"
<[EMAIL PROTECTED]> wrote, in part:
>The picture changes quite dramatically if we adopt the information
>theoretic perspective. The frozen person is now a high density analog
>storage medium which was subjected to an initial transformation. We
>seek to recover the healthy state ("plaintext") given the frozen state
>("ciphertext") despite the effects of cryonic suspension ("encryption").
I might note that, when reading Ettinger's book, "The Prospect of
Immortality", while I found the chapter on "The Problem of Identity"
to be a very interesting chapter, I disagreed with the author's
conclusions concerning the subject.
And, of course, as a result I was less optimistic about the usefulness
of cryonics as a result, since getting frozen might well be a waste of
effort if those in charge of thawing me out are not concerned that
they will, in the end, cause me to resume living, rather than merely
producing some kind of copy of me.
>And, of course, my paper pointing out the parallels between cryonics and
>cryptanalysis is at
> http://www.merkle.com/cryo/cryptoCryo.html
And I enjoyed this paper, it having turned up quite early in my
searches for material on the subject on the web.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 01:21:16 GMT
On Sat, 26 Feb 2000 18:00:45 -0700, Jerry Coffin <[EMAIL PROTECTED]>
wrote, in part:
>Therefore, the real trick to cryogenics accomplishing anything is to
>give a motivation for people to bother un-freezing your body when a
>cure is found for whatever disease you have.
Actually, the motivation is quite obvious; people will be motivated to
unfreeze the frozen so that, in their turn, they will be unfrozen
themselves.
This will also motivate people not to contribute to a population
problem (or to tolerate one existing as the result of the activities
of a minority of people uninterested in longer life spans).
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryonics and cryptanalysis
Date: Mon, 28 Feb 2000 01:26:35 GMT
On Sat, 26 Feb 2000 11:49:40 -0800, "Ralph C. Merkle"
<[EMAIL PROTECTED]> wrote, in part:
>But can people be described by bits? In the past several years, quite a
>few authors have pointed out that a sufficiently precise description of
>a human being -- a description in bits -- provides a "snapshot" of that
>human being at a specific point in time. Given the "snapshot," we could
>in
[principle]
>restore the human being.
Given nothing more than bits, all you could do, even in principle, is
create a copy of the original human being. That copy would be a real
human being, but its existence would not allow the consciousness of
the original to resume existence and be the recipient of the sense
impressions of the copy.
This, surely, is obvious. Because anything that can be done with a
stream of bits _once_ can also be done _twice_.
(This, of course, leaves aside all the objections arising out of
quantum mechanics, specifically the Heisenberg uncertainty principle.)
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: blowfish and questions..???
Date: Sun, 27 Feb 2000 15:59:25 -0000
> Am I missing some thing here??
Looking at it, it appears that cryptix is Java and the libbf
is in C. This is probably the source of your problems, Java
uses Unicode, C generally uses ASCII, the byte values are
different, as well as perhaps having different sizes for
characters. What I would suggest instead is creating a
client and a server (probably transferred by hand between
the two). Encrypt A using key 1, decrypt A with Key 1,
encrypt a with key 2, decrypt a with key 2, verify that the
value is the same, this should tell you if the algorithm is
identical (with high probability). It might also be the
issue that one or the other (perhaps both) are using a hash
function on the key first. I'm not familiar with either one,
so I'm not sure. If you want the original source for
Blowfish take a look at
ftp://ftp.psy.uq.oz.au/pub/Crypto/Blowfish (source
http://www.counterpane.com/blowfish.html).
Joe
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Cryonics and cryptanalysis
Date: Sun, 27 Feb 2000 19:08:47 -0700
In article <89a16l$c6r$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> That falls apart given the assumptions. With enough knowledge about how
> the human body works to revive what Larry Niven named a "corpsicle," you
> could surely recover the memories in a frozen head without bothering to
> really revive or probably even thaw it.
I seriously doubt this. Being able to duplicate a functioning brain,
doesn't mean being able understand what it holds anymore than a Xerox
machine understands what you duplicate with it.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
