Cryptography-Digest Digest #217, Volume #11 Tue, 29 Feb 00 05:13:00 EST
Contents:
Re: code still unbroken (wtshaw)
Re: Best language for encryption?? (wtshaw)
Re: Want to poke holes in this protocol? (Johan Hoogenboezem)
Re: Want to poke holes in this protocol? (Johan Hoogenboezem)
Re: Encryption (only) in a extremely small program? (~1.4KB) (Paul Rubin)
Re: Why aren't there any newsgroups on Steganography?? ("Douglas A. Gwyn")
Re: Best language for encryption?? ("Douglas A. Gwyn")
Re: code still unbroken ("Douglas A. Gwyn")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Anthony Stephen
Szopa)
OAP-L3 Version 4.2: Updated OverWrite / Delete method (Anthony Stephen Szopa)
- trust us, says NSA ("- Prof. Jonez©")
Re: On jamming interception networks (Mok-Kong Shen)
Re: Why aren't there any newsgroups on Steganography?? (Paul Rubin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: code still unbroken
Date: Mon, 28 Feb 2000 21:47:31 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
>
> There is an interesting area of game theory here. Suppose that N
> people have all cracked the cipher and are waiting for the prize
> to increase, to maximize their expected payoff. Obviously, the
> first to submit his claim takes the prize, but if he does it too
> soon he doesn't get as much as if he waited until just before the
> second person submits his claim. What is the optimal waiting
> time before filing one's claim? (A simple-minded solution says
> that it is infinite.)
Suppose that in order to win the prize, you must first register as working
on it. You win if you solve it faster than anyone else from the time you
registered. You must register for consideration within a week, or solving
it gains you nothing. You also lose if you prematurely announce you
solved it to anyone but the contest holder, who will make sure that
everyone had just as much time as you did before announcing the winner.
--
Many are waking up to the reality of insecurity; imagine that!
You can work against it....or go back to sleep and become a victim.
Users have the right to know if software can abuse their privacy.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Best language for encryption??
Date: Mon, 28 Feb 2000 22:02:45 -0600
In article <89fa5p$2ork$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> In article <uSCu4.1256$[EMAIL PROTECTED]>, "Vinchenzo"
<[EMAIL PROTECTED]> wrote:
> >I would like to know what would be the best programming language to write an
> >encryption/decryption utility, I expect to use RSA or some public key
> >algorithms.
>
> If you have a good assembler that is the best to write in. However
> if you go with a high level language C is a good bet.
>
It all depends on your purpose. C appears useful, but tends to be more
cryptic than BASIC, which is a higher level language than C.
I know David does assembler, and C is surely higher that that.
C and C++ are powerful, but for demonstration purposes BASIC is much more
apparent in source, and tends not to rely on brand x classes or header
files as training wheels to get the most out of it, as it already works at
a sopistocated level.
Of course, lots depends on the compiler and platform needs. And, what you
like is as important as anything else. Good luck.
--
Many are waking up to the reality of insecurity; imagine that!
You can work against it....or go back to sleep and become a victim.
Users have the right to know if software can abuse their privacy.
------------------------------
From: Johan Hoogenboezem <[EMAIL PROTECTED]>
Subject: Re: Want to poke holes in this protocol?
Date: Tue, 29 Feb 2000 07:31:13 +0200
Hi Tim,
Tim Tyler wrote:
> Johan Hoogenboezem <[EMAIL PROTECTED]> wrote:
>
> : 1. A Bank called 'B' installs a program on a customer called Alice's
> : computer.
> : 2. Alice uses this program to do her banking with B over the Internet.
> : 3. The program generates a new secret key 'K' that is to be used for a
> : symmetrically encrypted conversation between Alice and B, encrypts it
> : using B's public key and sends it to B.
> : 4. B takes its private key, decrypts the message, gets K and sets things
> : up to use K for symmetrical encryption/decryption between Alice and B.
> : 5. From now on the conversation between Alice and B is encrypted using
> : K.
>
> [snip encrypted banking bit]
>
> : A few notes:
> : ============
> : 1. A 'B' representative installs the software on Alice's computer and
> : stores B's public key onto it. [...]
>
> : So, what's wrong with this picture?
>
> Nothing terribly much that I can see. You don't say how 'B's
> representative authenticates himself to Alice. The rest looks
> ordinary enough.
> --
> __________
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
> OK, make me an offer. I have a computer to support.
Thanks for replying.
The representative can identify himself with a bank access card and standard
ID document. If you think of anything else, I'd be happy to hear about it.
Thanks
Johan
------------------------------
From: Johan Hoogenboezem <[EMAIL PROTECTED]>
Subject: Re: Want to poke holes in this protocol?
Date: Tue, 29 Feb 2000 07:36:03 +0200
Hi Erik,
Thanks for replying.
I'm using the key generation that comes with cryptix.org's cleanroom
implementation of Sun's Java Cryptography Extension. I'm using RSA (1536-bit
key) for the public-private key encryption and Blowfish (128-bit key) for the
symmetrical part. I am considering El-Gamal for the public-private key
encryption though, because I might have picked up a bug in the implementation
of the RSA algorithm. I'm not sure yet. If you think of anything else, I'd be
happy to know about it
Thanks
Johan
Erik wrote:
> I'm working on something similar. I think the biggest potential
> weakness is the generation of the random key. If it's generated from a
> PRNG seeded with the current time, an adversary will likely know both
> the algorithm you use and the approximate time of generation, making the
> key not so random.
>
> Erik
>
> Johan Hoogenboezem wrote:
> >
> > Hi Everyone,
> >
> > Would some of you please help me to poke holes in this scenario?
> >
> > 1. A Bank called 'B' installs a program on a customer called Alice's
> > computer.
> > 2. Alice uses this program to do her banking with B over the Internet.
> > 3. The program generates a new secret key 'K' that is to be used for a
> > symmetrically encrypted conversation between Alice and B, encrypts it
> > using B's public key and sends it to B.
> > 4. B takes its private key, decrypts the message, gets K and sets things
> > up to use K for symmetrical encryption/decryption between Alice and B.
> > 5. From now on the conversation between Alice and B is encrypted using
> > K.
> > 6. (Encrypted) The program now asks Alice to enter her password and
> > sends it to B.
> > 7. (Encrypted) B takes the password and logs Alice on to B's systems.
> > 8. (Encrypted) Alice does her banking.
> > 9. Alice or B ends the conversation.
> >
> > A few notes:
> > ============
> > 1. A 'B' representative installs the software on Alice's computer and
> > stores B's public key onto it.
> > 2. Alice is solely responsible for restricting access to her computer.
> > 3. Alice is solely responsible for keeping her password for logging onto
> > B's systems a secret.
> > 4. A new secret key 'K' is generated and used every time Alice uses the
> > program.
> >
> > So, what's wrong with this picture?
> >
> > Thanks
> > Johan
> >
> > email: [EMAIL PROTECTED]
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Encryption (only) in a extremely small program? (~1.4KB)
Date: 28 Feb 2000 21:52:59 -0800
dywalsh <[EMAIL PROTECTED]> writes:
> Is it possible to do public key ENcryption in a program of
> approx. one and a half kilobytes?
Yes, if you write the code carefully, but why do you need public key?
> [Backround:
> I am investigating the idea of doing application level
> encryption for WAP. There is a lower-level protocol for
> encryption, WTLS, but apart from the weakness of that (see other
> messages in this group), there a other issues in that you either
> have to provide you own WAP gateway ($$$,hassle) or deal with
> all the network providers (who may not have WTLS).]
I don't remember anything about WTLS in this group. If it's a WAP-adapted
version of TLS and they didn't mess it up, you should use it if you can.
> This system would encrypt only. There is no need for decryption
> (i.e. only need to encrypt sensitive user-entered info such as
> passwords or credit details), and the keys would be generated on
> the server. So all that is required is that this program encrypt
> certain data using a public key provided by the server. The
> language used would be WMLScript, a language derived from
> javascript.
>
> I am no expert on cryptography. What algorithms could be provide
> this in such a small program, and how would the strength of
> these algorithms compare with whatever is used in SSL?
If WMLscript is anywhere near as slow as Javascript, your only hope
of getting useable public key encryption speed is to use low-exponent
RSA or Rabin encryption. Security can be pretty good if you're careful,
but you better know what you're doing. If you're trying to run in a
specific WAP browser, you're much better off if you run native code
on it.
> For instance I have looked at the code of an implementation of
> Blowfish, but for starters it defines a set of arrays with
> values for Pi,Ss0 to S3, which alone is a massive amount of data
> in this context.
Blowfish is 1) intended for use on big processors with lots of memory; and
2) not a public key algorithm anyway. There are certainly plenty of
algorithms that don't need such big tables. It just wasn't an issue
in Blowfish's design.
> Thank you for any help/pointers you can provide.
If you're serious about this you should probably obtain more in-depth
assistance from someone who understands this stuff than you can get
over a newsgroup. If you want consulting help in Ireland you might
try Mike Scott at Shamus Software (http://indigo.ie/~mscott).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why aren't there any newsgroups on Steganography??
Date: Tue, 29 Feb 2000 06:28:43 GMT
Amit IG wrote:
> Why aren't there any newsgroups on Steganography?
There is one, but it's well hidden.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Best language for encryption??
Date: Tue, 29 Feb 2000 06:45:31 GMT
wtshaw wrote:
> It all depends on your purpose. C appears useful, but tends to be
> more cryptic than BASIC, which is a higher level language than C.
> C and C++ are powerful, but for demonstration purposes BASIC is much
> more apparent in source, and tends not to rely on brand x classes or
> header files as training wheels to get the most out of it, as it
> already works at a sopistocated level.
French is "cryptic" to those who don't understand French.
Arabic is "cryptic" to those who don't understand Arabic.
Chinese is "cryptic" to those who don't understand Chinese.
etc.
You have really mischaracterized those programming languages,
apparently from lack of familiarity with all of them except
(perhaps) BASIC.
The vast majority of crypto programming is currently done in C,
C++, or Java. However, it *can* be achieved in any language
that is not too crippled. Choosing a programming language is
an issue that has many relevant factors to be considered, none
of which did you address. (Nor shall I, as that thread would
have little relevance to sci.crypt.) If you know BASIC, feel
free to use it, but even if you manage to overcome all the
obstacles it puts in the way of implementing RSA (hint: you
need a bignum library), the result will be much slower than
if you had chosen any of several other possible languages.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: code still unbroken
Date: Tue, 29 Feb 2000 06:51:23 GMT
lordcow77 wrote:
> There's a similar game theory problem that I love. There is a
> free lottery where each person can submit as many entries as
> they choose. At the end of a specified duration, one entry is
> chosen at random and the prize is given to them, with the catch
> that the prize is divided by the total number of entries
> received. What is the optimal strategy for one person acting
> individually, with no collusion between parties, to maximize the
> total payout at the end of the lottery?
I think you're trying to describe a contest similar to the one
that Hofstadter ran, but some critical details are wrong. The
goal should not be to maximize the total payout, but to maximize
the entrant's own expectation. With the goal as you stated it,
there has to be some side payment to make it worth the effort of
even entering. (Of course, with zero entries, you have solved
the problem -- infinite total payout! But to whom?)
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 28 Feb 2000 23:16:05 -0800
Tim Tyler wrote:
>
> In sci.crypt Peter Rabbit <[EMAIL PROTECTED]> wrote:
>
> : I am not taking anybody's side here. All I am stating is: Investigate
> : before judging and then prove what you are asserting.
>
> How is /anyone/ supposed to evaluate the security of the project, when
> there's no source code available?
>
> I don't rate the "description" of the algorithm as being very coherent,
> either. For example, there's lots of stuff abouit "rotating sets",
> without specifying the direction of rotation. I doubt the information
> provided is sufficient for a third-party to write either a decryptor or an
> encryptor.
> --
> __________
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
> Love is chemistry, sex is physics.
If I wrote a program that says it will add any two numbers and
give you the result all you would need to do is run it with test
data and see if it works.
This is what you can do with OAP-L3. All the test data and
explanations are provided.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Mon, 28 Feb 2000 23:19:45 -0800
[EMAIL PROTECTED] wrote:
>
> > Do you also think that no one should be interested in a utility
> > program that will overwrite a file completely where each BIT is
> > overwritten first with one's (every byte to 11111111) and then the
> > entire file is overwritten again with zeros (every byte to 00000000)
> > to effectively wipe out any trace of the original data contained in
> > the file?
>
> Look, as I've already told you, I am not a cryptographer, but even I know
> that this method is not secure. Take a look at http://
> www.cs.auckland.ac.nz/~pgut001/secure_del.html for better methods and a
> quick overview on secure file deletion.
>
> Greetings,
>
> Erich Steinmann
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
OAP-L3 Version 4.2 update
I have updated the overwrite and delete utility. I think you will
like what you see.
The information is available at http://www.ciphile.com
Go to the New Update web page from the Table of Contents.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: OAP-L3 Version 4.2: Updated OverWrite / Delete method
Date: Mon, 28 Feb 2000 23:27:12 -0800
OAP-L3 Version 4.2: Updated OverWrite / Delete method
I have taken the suggestion of a respondent or two from these newsgroups
and created an updated overwrite / delete method and incorporated it
into this new update of OAP-L3 Version 4.2
It uses 27 overwrites of varying bit patterns.
http://www.ciphile.com
Click on the New Update web page from the Table of Contents for detailed
information.
------------------------------
From: "- Prof. Jonez©" <[EMAIL PROTECTED]>
Crossposted-To:
alt.conspiracy.spy,talk.politics.crypto,uk.politics.censorship,us.politics
Subject: - trust us, says NSA
Date: Tue, 29 Feb 2000 02:00:25 -0600
Spy agency tells Congress it is breaking no law
February 29, 2000
Web posted at: 12:40 a.m. EST (0540 GMT)
>From National Security Correspondent David Ensor
WASHINGTON (CNN) -- Faced with a barrage of criticism from European government
officials
and some U.S. privacy advocates, the secretive National Security Agency has assured
Congress it is breaking no laws.
"We want to assure you that NSA's activities are conducted in accordance with the
highest
constitutional, legal and ethical standards and in compliance with statutes and
regulations designed to protect the privacy rights of U.S. persons," wrote Kenneth
Heath,
of the NSA Legislative Affairs Office in a letter to members of Congress.
On its Web site, the NSA also takes on allegations that it may be obtaining
information on
Americans through partner countries' spy agencies.
Under a list of "frequently asked questions" is this entry:
"Couldn't the Agency simply ask its allies to provide them with information about U.S.
persons?
"We have been prohibited by executive order since 1978 from having any person or
government agency, whether foreign or U.S., conduct any activity on our behalf that we
are
prohibited from conducting ourselves. Therefore, NSA does not ask its allies to conduct
such activities on its behalf, nor does NSA do so on behalf of its allies."
A report to the European Parliament last week said that the United States, Britain and
other English-speaking countries may be using an eavesdropping network called "Echelon"
that was set up to spy on the Soviet Union to give U.S. companies a commercial edge
over
their European competitors.
The 18-page report cites "well-informed" news reports in 1995 saying information
gathered
through Echelon had been given to Boeing and the old McDonnell-Douglas company when
they
were trying to win a $6 billion contract to sell aircraft to Saudi Arabia.
In response, State Department spokesman James Rubin said, "The NSA is not authorized to
provide intelligence information to private firms ... U.S. intelligence agencies are
not
tasked to engage in industrial espionage, or obtain trade secrets for the benefit of
any
U.S. company or companies."
Under Echelon, the United States, Britain, Australia, Canada and New Zealand run a
network
of surveillance stations to monitor billions of telephone conversations, e-mails, faxes
and other communications in order to track terrorists, drug lords and hostile
international governments.
Communications are run through super computers which search for key words, and then
bring
suspicious communications to the attention of NSA analysts.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Tue, 29 Feb 2000 11:06:29 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > Now, how do I know whether I am or I am not on their watch list?
>
> That is irrelevant; hopefully you don't have access to that
> information. My point is that the vast majority of people are
> *not* targets of surveillance, and in particular communication
> strictly between US citizens is not targeted by US intelligence
> agencies except under certain limited, controlled conditions
> (such as when there is probable cause that the persons are
> involved in espionage or terrorism).
As far as I am aware, what you said IS virtually the 'official'
position. If you believe that, I certainly can't argue to convince
you of the opposite. (If you had been the director of one of
these networks, I would probably have trusted your 'insider
informations' though.) And certainly foreign commercial firms
are 'strictly' not targeted by interception networks, right? So
all the EU-papers on that topic are nothing but fairy tales.
Since I am mentioning EU, I like to quote the following from the
German newspaper Computerzeitung of 24 Feb (apology for the
poor quality of my translation):
According to a study of the EU-Commission, the European
E-mail traffic is spied upon by US agents. Objects of
attack are in the first place firms of the New Market. The
author of the study, Franck Leprevost, said that US software
manufacturers such as Microsoft, Netscape and Lotus
installed in export versions of their mailprograms tools
to help interceptions.
I can't guarantee the correctness of newspaper reports, of course.
>
> > What are the precise criteria for a person to have the honour
> > of being on that list?
>
> There are precise criteria, but for security reasons nobody
> is going to tell you what they are. You can get a feel for
> them from Hayden's speech to the Kennedy Political Union.
As I said, the problem is not only (1) what the criteria are but
also (2) how the criteria are applied in practice. (2) is no
less important than (1).
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Why aren't there any newsgroups on Steganography??
Date: 29 Feb 2000 10:07:05 GMT
In article <89gcva$k3b$[EMAIL PROTECTED]>,
Amit IG <[EMAIL PROTECTED]> wrote:
>Why aren't there any newsgroups on Steganography? At least it doesn't show
>up on my list. Please let me know if there is one. Steganography provides a
>new dimension to encryption and it is a field unto itself
There are several but they are very well concealed. You just aren't
looking in the right places.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
