Cryptography-Digest Digest #236, Volume #11 Thu, 2 Mar 00 10:13:00 EST
Contents:
Re: Visual C++ Decompiling Service/Software Needed ([EMAIL PROTECTED])
Re: differential cryptanalysis (Julien Carme)
Encryption product for IBM mainframes ("Falissard")
Re: differential cryptanalysis ([EMAIL PROTECTED])
Re: On jamming interception networks (Mok-Kong Shen)
Re: I was just wondering... (Tom McCune)
Re: On jamming interception networks (Mok-Kong Shen)
Re: I was just wondering... ("Julian Lewis")
Re: ...but what about my cipher? (John Savard)
Re: differential cryptanalysis (David A. Wagner)
Re: RC4 and Salt and Pepper ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Visual C++ Decompiling Service/Software Needed
Date: 2 Mar 2000 10:08:15 GMT
In a previous article, <[EMAIL PROTECTED]> writes:
>Interesting. Where is "decompiling" software a crime? Europe?
Correct, at least in a couple of European contries.
>In the US, "decompiling," disassembling, or reverse-engineering
>is only illegal in a few specific instances.
>
>[EMAIL PROTECTED]'s project does sound unethical, but
>I think he would face only a civil suit.
Well, the way I see it the normal size of US compensation claims more than
balances e.g. Swedish fines. Also note that the parties of civil suits have
equal burden of proof, making them significantly more dangerous to an
offender than a criminal law suit would be.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Julien Carme <[EMAIL PROTECTED]>
Subject: Re: differential cryptanalysis
Date: Thu, 02 Mar 2000 10:29:52 +0000
> * This doesn't actually stop different cryptanalysis anyway,
> since in a chosen-ciphertext attack model, the attacker will
> get to choose not only the ciphertext block but also the value
> of R, and thus can choose R to always be the same value.
I don't understand this last point; R is not supposed to be chosen by
any user, but by the encrypting program itself, so it can't be
considered as an input; and even in chosen cyphertext attack model, the
attacker can change the input (the plaintext), but can't change anything
about the inner working of the encrypting program.
------------------------------
From: "Falissard" <[EMAIL PROTECTED]>
Subject: Encryption product for IBM mainframes
Date: Thu, 2 Mar 2000 11:34:11 +0100
A new encryption product for IBM (OS/390) mainframes
is being released. We seek betatesters for it (we'll grant them
a right to use the product during 6 months).
Contact us if you are interested.
http://os390-mvs.hypermart.net/megaceng.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: differential cryptanalysis
Date: 2 Mar 2000 10:51:37 GMT
In a previous article, Julien Carme <[EMAIL PROTECTED]> writes:
>
>> * This doesn't actually stop different cryptanalysis anyway,
>> since in a chosen-ciphertext attack model, the attacker will
>> get to choose not only the ciphertext block but also the value
>> of R, and thus can choose R to always be the same value.
>
>I don't understand this last point; R is not supposed to be chosen by
>any user, but by the encrypting program itself, so it can't be
>considered as an input; and even in chosen cyphertext attack model, the
>attacker can change the input (the plaintext), but can't change anything
>about the inner working of the encrypting program.
An attacker who apprehends or generates a sufficiently long cipher text, might
choose to analyse blocks with a specific value of R. These blocks will be
easy to find (unless R is say at least 64-bit, but then the band width of the
cipher text will be increased accordingly).
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Thu, 02 Mar 2000 12:55:11 +0100
Douglas A. Gwyn wrote:
>
> > > > Ah, I understand that you mean that ...
> > > No, you don't show signs of understanding my meaning at all.
> > This is a typical kind of behaviour of those who simply 'kill' a
> > discussion ...
>
> No, it was a simple statement of fact.
> When you repeat what you understand that I mean and it
> doesn't at all match what I meant, then you don't show
> signs of understanding my meaning at all.
> And the sarcastic tone you used convinced me that you
> weren't interested in understanding what I was saying.
> So it *is* a good idea to terminate the thread,
> because a discussion requires listeners as well as talkers.
Ah, 'one shows signs of understanding your meaning' if and only
if one 'agrees' with you, isn't that what you are saying above?
I have in detail showed why one can't trust the 'implementation'
of any government project (in fact the same applies also to
commercial ones) to correspond 'perfectly' to what the 'designer'
wants it to be, for the simple reason that there is always the
possibility of operator mistakes, operator frauds, overseer
negligence, infiltration by outsiders, etc. It is also important
to note that what the designer 'officially' says he wants may not
correspond to what he 'really' wants. (How many politicians of
how many countries have been found to have lied? Have all the
lying 'barons' been identified and indeed none of them has escaped
from the notice of the contemporaries or the historians?) Hence the
'real' implementation may not correspond to the 'claimed'
implementaion due to quite a large number of causes. I also pointed
out that controls (and control hierachies) can't be perfect and
have given examples showing how deplorably they could fail. Aren't
these arguments directly and clearly directed against your
arguments (and hence 'matching' these)? Let me quote a few sentences
of yours to illustrate your position:
First of all, it is *not* "reasonable" to violate the law
that was drawn up to specifically address that kind of activity.
It's pretty hard to do that on the scale suggested without
getting caught by the overseers, and the penalties are severe.
I would say that this is the viewpoint of a very 'naive' citizen
who believes that all officials in the government are 'gentlemen'.
Certainly, in real life we must have certain amount of 'trust'. If
I don't trust 'anybody', I wouldn't be able to have myself treated
by a physician in case I am sick. But on the other hand we can't
simply trust without carefully considering in individual specific
cases whether something could go wrong (because of the humans
involved) and what could be the consequences if it indeed goes
wrong. If the consequneces are minimal, I needn't care. In the
other case, I have to carefully weigh and consider. Isn't this a
reasonable and sane altitude in general (i.e. independent of the
issue we are discussing)? Let me stress that the very existence of
laws is a 'proof' that there exist people who break the laws and
the severity of penalities indicates the severity of consequences
in case the corresponding laws are broken. Thus to consider that,
because there is a certain law in a certain field and the
penalities are severe, there will be 'absolutely' nobody going
to break that law is entirely untenable. As far as I know, there
are still sometimes criminals sentenced to death in the USA. It may
be noted that the worst that a criminal, who is sentenced to death,
has done is probably having killed a couple of people, while
in the context of the present discussion a fraudulent operator could
have easily caused a vastly greater damage to the society. (I am
not saying that a couple of people being killed by the criminal
is a 'trivial' issue for me.) On the other hand, there is
certainly no death sentence intimidating the fraudulent operators.
What is at the very base of all problems in the present context is
the fact that the interception machineries are 'by definition'
run in environments that are 'intentionally' kept from the eyes
of the public. Thus there is 'by definition' no way that the public
can exercise effective control. The only thing that remains for
the public is to 'hope', not unlike praying in religion, that
ALL persons involved, namely the operators, the overseers,
the overseers of the overseers, etc. etc. are honest and perform
their jobs with care and consciousness. But even then there is
the problem of the 'specifications' of the jobs, i.e. what the
machineries should attempt to achieve. In the example of Echelon,
these are 'unknown' to the public, since its very existence
was (or maybe still is) denied. Therefore, whether and to what
extent the 'real' performance of the machineries correspond to
the 'specifications' can 'by definition' NEVER be verified. The
best that the public could have is to hear some high government
official claiming that everything is done o.k. and done in the
interest of the nation. However, what is in the interest of one
nation may not be unconditionally (and often are not) in the
interest of other nations, e.g. economical espionages. I believe
it is naive to consider that there exists even a single pair of
countries in the world, whether democratic or non-democratic,
that behave like a pair of good brothers or best friends. To
assert that there are economical espionages on this plausible
ground alone (i.e. without supporting materials) is certainly
problematical logically, but to believe that such can't exist
simply on the ground that a government (as an ethical principle
perhaps) would severely punish any non-gentlemen activities of
its employees is naive in my conviction. (We could only categorize
these 'vaguely' as 'non-gentlemen activities', because the
'specifications' of the machineries are themselves unknown
(inaccessible to the public); they could in fact be 'criminal
activities', possibly dependent on one's standpoint.)
I have tried in the above to repeat what I said before (with
different sentences in order not to bore the general readers).
Now tell me whether I haven't in my previous follow-ups clearly
formulated counter-arguments to your arguments (in your terminology
'matching' your arguments)! You can always put up arguments to
attempt to prove what I said is wrong or nonsense. If I haven't
addressed some points of yours, then you can clearly said that,
pointing out the paragraphs that I have omitted to handle. If you
find that I have used words apparently with a definition different
from that of yours, then you can list these words for which we don't
have the same meanings and argue that my definitions are wrong. But
simply 'killing' (abruptly terminating) a discussion isn't in my
view a proper behaviour in a sci-group whose goal is to find the
truth in a subfield of science.
I admit that I am sometimes sacarstic but I don't consider that
to be so bad as not to be occasssionally indulged in a discussion
group (in contrast to publications in journals). I think that a
limited amount of sacarsm somehow 'animates' the discussions and
pushes the people involved to put more energy in the matter. In
fact there were in the past plenty occassions in internet
discussions (only partly in this group) where several persons
answered to my posts with sacarsm that (in my personal subjective
impression) was more drastic than I use to employ. What I am
definitely against is the use of bad words in discussions,
which one unfortunately sometimes reads. Note also that there is
always a probability that the sacarsm of your opponents is not
justified and that can provide you with a superb opportunity of
launching a counter-attack.
M. K. Shen
===========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: I was just wondering...
Date: Thu, 02 Mar 2000 11:55:38 GMT
In article <89l4n6$4f4$[EMAIL PROTECTED]>, "Julian Lewis" <[EMAIL PROTECTED]> wrote:
> Once upon a time, there was a guy who read a book by Simon Singe
>called the code book, and as a result he got interested in encryption.
>Naturally he installed PGP on his computer, and got some of his friends
>to do likewise, so that he could have fun exchanging encrypted emails,
>well boys will be boys, you know how it is. One day he sent an encrypted
>email to a friend, and guess what, although it was encrypted in his out
>box, it arrived in plain text at his friends in box. Ohhh replied his friend
>"careful, you forgot to encrypt that one !!". "No I didn't", the man
>replied,
>I guess it must just be a bug in outlook !!!
I recall that there was a PGP plugin with one of the PGP versions that when
used with a particular version of Outlook, sent the message both encrypted and
in plaintext (they were not versions that were suppose to be used together).
I don't use Outlook, so don't remember the particulars as to version numbers.
Tom McCune
My PGP Page & FAQ: http://Tom.McCune.net/PGP.htm
or http://home.twcny.rr.com/tmccune1/PGP.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Thu, 02 Mar 2000 13:25:25 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > I am ignorant of whether
> > any historian has found the real facts in these cases.
>
> Yes, they have; in fact there have been official investigations.
> But that apparently doesn't put an end to the spread of rumors.
By the very nature of the issues, it is impossible to put an end
to the rumors. Typical in such contexts (not only political or
military but also personal, e.g. concerning princesses, stars, etc.)
is always this: There have been secrets. When the secrets are later
revealed, how can one 'prove' that the revelation is indeed the
truth? (In principle the question is not very different from
the one discussed recently in another thread: How can one 'know'
that the public key of a certain person is indeed his?) Evidently
that is beyond the capability of 'logic'. One should also remember
that there is not even a 'unique' logic. I happen to be in possession
of a copy of a master thesis of somebody entitled 'Nonclassical
Logics' with 387 pages!
M. K. Shen
------------------------------
From: "Julian Lewis" <[EMAIL PROTECTED]>
Subject: Re: I was just wondering...
Date: Thu, 2 Mar 2000 14:37:53 +0100
Reply-To: "Julian Lewis" <[EMAIL PROTECTED]>
I was just curious, if I was big brother and it was my job to snoop on
internet traffic
then the character sequence PGP would set off an alarm bell. The next step
would be
send them a spam email with a virus in it. Of course Bill Gates would have
provided me
with a back door I could use (I am his big brother). From then on every
encrypted email
would send a plain text copy to me .... am I being simply paranoid, the
big conspiracy
syndrome, or is this the best method of attack....
that's what I was wondering about... it seems so obvious a thing to do,
child's play,
Microsoft security is a joke, in fact it doesn't exist at all.... I thought
someone here
would know about it. Surely this must be going on, if a total beginner like
me can
think of it, I dread to think what you guys could think up !! The ahem
outlook bug
set me thinking.
"Tom McCune" <[EMAIL PROTECTED]> wrote in message
news:_Esv4.18102$[EMAIL PROTECTED]...
> In article <89l4n6$4f4$[EMAIL PROTECTED]>, "Julian Lewis"
<[EMAIL PROTECTED]> wrote:
> > Once upon a time, there was a guy who read a book by Simon Singe
> >called the code book, and as a result he got interested in encryption.
> >Naturally he installed PGP on his computer, and got some of his friends
> >to do likewise, so that he could have fun exchanging encrypted emails,
> >well boys will be boys, you know how it is. One day he sent an encrypted
> >email to a friend, and guess what, although it was encrypted in his out
> >box, it arrived in plain text at his friends in box. Ohhh replied his
friend
> >"careful, you forgot to encrypt that one !!". "No I didn't", the man
> >replied,
> >I guess it must just be a bug in outlook !!!
>
> I recall that there was a PGP plugin with one of the PGP versions that
when
> used with a particular version of Outlook, sent the message both encrypted
and
> in plaintext (they were not versions that were suppose to be used
together).
> I don't use Outlook, so don't remember the particulars as to version
numbers.
>
> Tom McCune
> My PGP Page & FAQ: http://Tom.McCune.net/PGP.htm
> or http://home.twcny.rr.com/tmccune1/PGP.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: ...but what about my cipher?
Date: Thu, 02 Mar 2000 13:55:32 GMT
On 1 Mar 2000 22:11:33 GMT, [EMAIL PROTECTED] wrote, in
part:
>It seems like you don't get any reviews even if you DO supply the algorithm
>etc. ;-)
Visit my website, look at the detail in which I have described the
Quadibloc algorithms ... with diagrams, even! They have not recieved
analysis...so, the boomerang attack was discovered by an attack on
another cipher, rather than an attack on the original Quadibloc
cipher, against which it would also have been meaningful (although
other characteristics of the original Quadibloc would have still made
it highly resistant to differential cryptanalysis).
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: differential cryptanalysis
Date: 2 Mar 2000 06:17:59 -0800
In article <[EMAIL PROTECTED]>,
Julien Carme <[EMAIL PROTECTED]> wrote:
> I don't understand this last point; R is not supposed to be chosen by
> any user, but by the encrypting program itself, so it can't be
> considered as an input; and even in chosen cyphertext attack model, the
> attacker can change the input (the plaintext), but can't change anything
> about the inner working of the encrypting program.
I think you may be misunderstanding the chosen ciphertext attack model.
In it, the attacker does *not* get the ability to change the input to
the encryption (the plaintext). Instead, he gets the ability to change
the input to the decryption (the ciphertext). Since the ciphertext you
send along the wire includes both R and the output of a block cipher,
any attacker who has the ability to insert forged packets onto the wire
can choose both inputs to your decryption facility. This is what I meant
by a chosen ciphertext attack.
Was that any clearer?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RC4 and Salt and Pepper
Date: Thu, 02 Mar 2000 15:04:27 GMT
Hello,
How are you using the salt with RC4? Is there a standard method?
Sorry I can't help with your original question. I read your post
because I want to know how to use "salt" with RC4 to begin with! I
have some ideas of my own, but I've no idea if they're secure.
Charles R. Wright
RavingCow <[EMAIL PROTECTED]> wrote:
: Just a quick (I hope) question regarding RC4:
: If I am encrypting plaintext M using password P and a random 256-bit
: salt S, given all possible cipertexts with all possible salts, (ie 2^256
: cipertexts, all with the same message and password, just a different
: 256-bit salt,) how much of the plaintext/password can be found/attacked?
: What if you are only given half that amount of ciphertexts? (randomly
: chosen)
: Thanks in Advanced,
: --RavingCow
: ---
: "When all else fails, throw another megavolt over it."
: RavingCow
: ---
: [EMAIL PROTECTED]
: PGP: 33D2 A90C D908 2607 0C91 4316 2E39 81AA
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
