Cryptography-Digest Digest #228, Volume #11 Wed, 1 Mar 00 12:13:00 EST
Contents:
Re: Passwords secure against dictionary attacks? ("Ken Hagan")
https ("KSF")
Re: Ciphering = deciphering; is this a weakness? ([EMAIL PROTECTED])
Where's the FAQ (Andy)
Re: Best language for encryption?? (SCOTT19U.ZIP_GUY)
RE: Ciphering = deciphering; is this a weakness? (SCOTT19U.ZIP_GUY)
Re: IDEA question. (SCOTT19U.ZIP_GUY)
differential cryptanalysis (Julien Carme)
snuffle (Charles Nicol)
Re: differential cryptanalysis ([EMAIL PROTECTED])
Crypto.Com, Inc. (Matt Blaze)
Re: Cryonics and cryptanalysis (JCA)
Re: Export Rules (Kent Briggs)
VB source code for DES algorthim ([EMAIL PROTECTED])
Re: Can someone break this cipher? (John)
Re: Where's the FAQ (David A Molnar)
----------------------------------------------------------------------------
From: "Ken Hagan" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 1 Mar 2000 10:25:29 -0000
Whilst flattered, I think that's a little unfair on some of the other
respondents. In particular, I'm happy to concede that sticking 2
"words" (real words, numbers, post-codes or whatever) is only
barely good enough, and wouldn't deter someone who knew the
hashed result. Indeed, I said as much earlier, when someone
kindly walked us all through the maths.
"jungle" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> good on you Ken !!!
> it's look to me that you are the only one [ except me ] who understand
little
> bit of this subject ...
------------------------------
From: "KSF" <[EMAIL PROTECTED]>
Subject: https
Date: Wed, 1 Mar 2000 12:44:54 +0100
Could any one help me and telle me how I can use https. I am making a samll
webshop, where I send personal information over the www. I have been told,
that it is free to get a certificat. Is it true? If yes how and where can I
get it and how do you use it?
Reagrds
K. Sebastian
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Ciphering = deciphering; is this a weakness?
Date: 1 Mar 2000 11:45:45 GMT
In a previous article, "Manuel Pancorbo" <[EMAIL PROTECTED]> writes:
>I think there is a small weakness under a known plaintext attack; if the =
>attacker needs (2**M) plaintexts to break the cipher, the involution =
>property makes twice easy the work: (2**M)/2 =3D (2**(M-1)); if M is, =
>let's say, 50, then the new exponent drives to 49: not so much help!
>
>I love too much elegance; so if this is the only weakness I will design =
>the cipher with involution property.
I would not dare to say that is the ONLY weakness. I might be, but that surely
depends on both what kinds of cryptological attacks you need protection
against, and the actual algorithm you will use. It is impossible to tell
generally whether or not knowledge of the algorithm will make it possible to
convert some exponent in your above argument to a linear coefficient.
BTW. Any cipher run in OFB mode posses the property of having the same
encoding function as decoding function.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Andy)
Subject: Where's the FAQ
Reply-To: [EMAIL PROTECTED]
Date: Wed, 01 Mar 2000 12:27:49 GMT
There are umpteen million FAQs on encryption, but is there one for
sci.crypt and sci.crypt.research?
Is there a recommended readling list?
tia
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Best language for encryption??
Date: Wed, 01 Mar 2000 15:16:07 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>Adam Durana wrote:
>> ... in a complex algorithm such as an encryption algorithm
>> (a complex one such as an AES canidate) will be faster when
>> written in machine code compared to the same algorithm writen in C.
>
>Not unless there are relevant ISA features that the C compiler
>cannot exploit, and the more complicated the algorithm and ISA,
>the less likely that hand-coding will beat today's compilers.
>
>We went through this argument several years ago, in comp.lang.c
>as I recall, and I accepted a challenge to code substring-search
>(strstr) in C that would match the best hand-coded assembler.
>The code I came up with (for Sunday's algorithm; see Software
>Solutions in C), with a couple of useful suggestions from others,
>compiled to machine instructions that were no worse than the best
>assembly language, on several different platforms. Given the
>many advantages of working in a higher-level language, one needs
>substantial justification before resorting to assembly language
>in any given case.
The scott16u I have released is written in C. But there are portions that
I had coded in assembly that I don't think C can come close to matching in
speed. Right know scott16u and scott91u use the remainder table as starting
point to generate the S table. Before in assembly the remainder table was the
second step and I started with a number that represented the S table directly
The first step was to convert to a remainder table. I never got any C code to
handle this effeciently. Several people complained about the C code in
scott16u but when I tested there suggestions they were wrong and could no beat
my C code where the time was being sucked up.
At work I use to win money when people bragged that their high level language
code could beat assembly code. The facts are machine code is faster and uses
less space than any high level language code. The main draw back is that each
machine is different and the learning code is longer. It takes more skill to
write good machine code than it takes to write a high level language.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: RE: Ciphering = deciphering; is this a weakness?
Date: Wed, 01 Mar 2000 15:21:34 GMT
In article <89ir3u$rhb$[EMAIL PROTECTED]>, "Manuel Pancorbo" <[EMAIL PROTECTED]> wrote:
>
>Firstly, thanks to everybody for the answers, many of them very =
>interesting.
>
>>=20
>> You would e.g. need at least a 1684-bit key to exploit every possible
>> substitution cipher on 8-bit blocks, and at least a 1556-bit key to =
>exploit
>> every reciprocal substitution cipher on the same block size.
>>=20
>> Note: 1684 is the smallest integer larger than log2(256!), and 1556 is =
>the
>> smallest integer larger than log2(256!*(2**-128)).
>
>My last thoughts are in this direction; in fact I calculated the =
>cardinal of the set of all posible substitutions and I reached the same =
>conclusion: (2**N)! where N is the bit block number; I thank you for the =
>expression of the reciprocal substitution set.
>
>I think there is a small weakness under a known plaintext attack; if the =
>attacker needs (2**M) plaintexts to break the cipher, the involution =
>property makes twice easy the work: (2**M)/2 =3D (2**(M-1)); if M is, =
>let's say, 50, then the new exponent drives to 49: not so much help!
>
>I love too much elegance; so if this is the only weakness I will design =
>the cipher with involution property.
>
I doubt if this is the only weakness!!
More its like the tip of an iceberg.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: IDEA question.
Date: Wed, 01 Mar 2000 15:27:33 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Chris DiTrani)
wrote:
>I wrote a little utility to en/decrypt files using IDEA, building the
>encryption key from a user provided pass phrase. In order to confirm
>that a file is being decrypted with the correct pass phrase, I encrypt
>a block containing known (but not secret) data and append it to the
>file before encrypting the file (so this block is encrypted twice). I
>can look at the block after decrypting the file to confirm (to some
>certainty). My question is, am I appreciably weakening the encryption
>with this approach? Is there a better way?
>
>Thanks,
>
>CD
Yes you are weakening the encryption with this approach. Far better to
not do any checking at all. If the password is wrong then the decrypted file
should be wrong. Why help the attacker at all.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction of the
truth."
------------------------------
From: Julien Carme <[EMAIL PROTECTED]>
Subject: differential cryptanalysis
Date: Wed, 01 Mar 2000 14:37:10 +0000
I think I have an idea to protect any blocks cyphers against
differential cryptanalysis. It is very simple, so there is probably a
big mistake somewhere, and I would like to know where, so please give me
your opinion.
Given E a blocks cypher, using a n-bits key K.
Imagine now that, for each block Bi, instead of encrypting it with K,
you generate a n-bits random number Ri, and you use K'=K^Ri as new key.
To make the decryption possible, you just have to send the encrypted
version of each block, and the corresponding random number Ri.
It doesn't seem to be possible any more to compare the encrypted
versions of two different blocks.
Thank you for your comments,
Julien Carme
------------------------------
From: [EMAIL PROTECTED] (Charles Nicol)
Subject: snuffle
Date: Wed, 01 Mar 2000 09:16:48 -0400
With all the recent furor for obtaining the source code for snuffle my
interest has bee piqued.
Will someone give me a source or description of the encryption scheme used?
Thank you.
C.Nicol
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: differential cryptanalysis
Date: 1 Mar 2000 15:12:23 GMT
In a previous article, Julien Carme <[EMAIL PROTECTED]> writes:
>Given E a blocks cypher, using a n-bits key K.
>Imagine now that, for each block Bi, instead of encrypting it with K,
>you generate a n-bits random number Ri, and you use K'=K^Ri as new key.
Do you mean K'=K^Ri or do you mean K'=K^Ri mod N?
>To make the decryption possible, you just have to send the encrypted
>version of each block, and the corresponding random number Ri.
If you reveal Ri you will at most increase the degree of protection against a
very specific kind of cryptographic attack, because an adversary will not
necessarily have less information to start with than he would if you had used
K as the secret key.
>It doesn't seem to be possible any more to compare the encrypted
>versions of two different blocks.
There are a number of techiques you might use to reveal but still hide Ri. A
simple method might be to, for each plain text block Mi, with random
alteration send either Ci,Ri,Si,X,Y or Ci,X,Y,Ri,Si, where Ci is the cipher
text block, Ri is the random exponent, Si is a verifiable signature for Ri,
and X and Y are fakes.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Matt Blaze <[EMAIL PROTECTED]>
Subject: Crypto.Com, Inc.
Date: 1 Mar 2000 10:26:01 -0500
I'm sending this message to the many people who've written me to enquire
about "Crypto.com, Inc." It also appears on my web site at
http://www.crypto.com
Sorry if you see this more than once, but I've been literally inundated
with mail since a Business Wire press release mentioning 'Crypto.Com,
Inc." came out.
I just learned that there's a company calling itself "Crypto.Com, Inc."
Recently they issued a press release that makes some rather extravagant
claims about their new cryptographic technology. I have no information
on what the merits of this technology might or might not be, but please
be aware that this "Crypto.Com, Inc." company is in no way affiliated
with me, the crypto.com domain, or the www.crypto.com web site. I have
no idea who these people are, where they came from, or what they do, nor
can I offer more than speculation about why they chose to call themselves
"Crypto.Com", which I have had registered and been using continuously
for the last eight years.
Unfortunately, at least one press release (which was about the purchase of
"Crypto.Com, Inc." by a company called "Eurotech") made such outrageously
strong claims that I'm worried about serious harm to my own reputation
should people erroneously conclude that this "Crypto.Com, Inc."
outfit has something to do with me. In particular, the Business Wire
press release states:
"... The technology provides for absolute security on open circuits
between two users without the use of a key. The new cryptography
concept creates absolutely unbreakable ciphers allowing software to be
absolutely secure for the Internet, networks, and telephone lines. ..."
http://www.businesswire.com/cgi-bin/f_headline.cgi?bw.022900/200601577&ticker=EU
RO
I have no idea what "the technology" is, but one of the first things that
beginning students of cryptography learn is Shannon's proof that the
only "absolutely unbreakable" cipher that can possibly exist for "open
circuits" is the one-time pad, which not only requires the use of a key,
but that the key be at least as long as the message and used only once.
-Matt Blaze, 29 February 2000
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Cryonics and cryptanalysis
Date: Wed, 01 Mar 2000 07:32:00 -0800
"Ralph C. Merkle" wrote:
>
> But can people be described by bits? In the past several years, quite a
> few authors have pointed out that a sufficiently precise description of
> a human being -- a description in bits -- provides a "snapshot" of that
> human being at a specific point in time. Given the "snapshot," we could
> in principal restore the human being.
>
I guess that the keywords here are "sufficiently precise." It's not
clear to
me that Heisenberg's uncertainty principle would allow one to achieve the
desired precision.
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Export Rules
Date: Wed, 01 Mar 2000 16:20:59 GMT
tboldt wrote:
> As I interpret the Federal Register publication in January, those were
> 'proposed' rules and don't go into effect until 5-9-2000.
>
> Agree/Disagree ??
>
> If proposed, then we are still under the old rules ????
>
> Anybody know for sure ???
The rules are in effect now. I'm currently in the middle of my 30-day
review process getting three of my encryption apps reclassified as
"retail".
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: [EMAIL PROTECTED]
Subject: VB source code for DES algorthim
Date: Wed, 01 Mar 2000 16:23:54 GMT
I'm looking for a VB implementation of DES.
It's for assignment purposes so speed of operation is not relevant. Also
my C is very poor hence desire for VB.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Can someone break this cipher?
From: John <[EMAIL PROTECTED]>
Date: Wed, 01 Mar 2000 08:21:01 -0800
I can see the points. So, is it then necessary to release full
source-code, or can other details suffice?
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]>
wrote:
>John <[EMAIL PROTECTED]> wrote:
>
>[without a description, no one will bother to analyse your
system]
>
>: That seems like a paradox. If nobody will bother without doing
>: it "the right way," could their not be some good "stuff" out
>: there that nobody knows about.
>
>Perhaps. Knowing that something's good is an important
prerequisite for
>using it in secure applications. If nobody has any good
reasons to
>beleive a system is actually strong, it is unlikely to see
serious use.
>
>: If you want security, isn't it better if nobody knows how it
works?
>
>No. If nobody knows how it works, nobody knows *if* it works,
>probably including you.
>
>Do deploy a system which has not had the opportunity for its
working
>to be examined in detail by others invites disaster.
>
>: I know that there is no link between the two ideas of
releasing the
>: details, but let's assume someone was able to verify a good
encoder.
>: If they did the right tests, etc. If they were sure of the
security, and
>: they really wanted security, what would be the advantage
>: of "leaking" the details? [...]
>
>This question is not useful, because there *are* no foolproof
tests for
>security.
>
>You can't just do the equivalent of immersing the cypher and
looking for
>bubbles.
>
>Or rather - you /can/ do this - but the absence of bubbles does
not imply
>an absence of leaks.
>
>It's better to release the details, and have a whole army of
people attack
>the cypher on your behalf, before you place your trust in it.
>
>Probably the majority of cypher systems that are proposed have
serious
>flaws. Unless you are prepared to invite scrutiny from all
sides, you
>can't easily tell if your system is among these.
>--
>__________
> |im |yler The Mandala Centre http://www.mandala.co.uk/
[EMAIL PROTECTED]
>
>Real programs don't eat cache.
>
>
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Where's the FAQ
Date: 1 Mar 2000 16:49:38 GMT
Andy <[EMAIL PROTECTED]> wrote:
> There are umpteen million FAQs on encryption, but is there one for
> sci.crypt and sci.crypt.research?
Yes. Separate FAQs, actually - since sci.crypt.research is moderated,
there is a FAQ explaining the moderation policy. Both FAQs are posted
to their respective groups about once a month.
A google search turns up this link for the sci.crypt FAQ :
www.cis.ohio-state.edu/hypertext/faq/bngusenet/sci/crypt/top.html
> Is there a recommended readling list?
The FAQ includes a list of references. Most of them are worth reading.
In addition, you should consider looking at Bruce Schneier's _Applied
Cryptography_ for a readable introduction to the field. Be warned that
it dates from '95 or so and therefore does not cover new events like the
AES process, attacks on padding schemes for PKCS #1 v1.5 and the ISO
signature standard, and so on.
Kaufman, Perlman, and Speciner's book on networks and cryptography is
also highly readable. Plus it gives some insight into how this crypto
is actually integrated into a network application.
If you need to implement cryptography, you need the Handbook of
Applied Cryptography, by Menezes, van Oorschoot, and Vanstone. It covers
details which don't make it into other books - everything from
"how _exactly_ do I generate key parameters" to the best way of doing
Chinese remaindering, to cute exponentiation tricks.
Chapters are available for free download. You will want to buy it if
you're using it a lot, though :
www.cacr.math.uwaterloo.ca/hac/
Thanks,
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
