Cryptography-Digest Digest #244, Volume #11 Fri, 3 Mar 00 09:13:01 EST
Contents:
Re: NIST, AES at RSA conference (Bo D�mstedt)
Re: Status of alleged *THIRD* key in MS Crypto API ? (Francois Grieu)
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: Solitiare Algorithm/Math Question? ("Douglas A. Gwyn")
Re: very tiny algorithm - any better than XOR? (Tom St Denis)
Re: Status of alleged *THIRD* key in MS Crypto API ? ("Douglas A. Gwyn")
Re: NIST, AES at RSA conference (Jon Haugsand)
Re: very tiny algorithm - any better than XOR? (Tom St Denis)
Re: IDEA question. (Tom St Denis)
Re: RC4 and salt (Tom St Denis)
Re: Does the NSA have ALL Possible PGP keys? (Tom St Denis)
Hidden computation (Re: Cryonics and cryptanalysis) (Kim G. S. OEyhus)
Re: Cryonics and cryptanalysis (Kim G. S. OEyhus)
Re: IDEA question. (Volker Hetzer)
Re: And this is me actually ... (Jim Backus)
Re: On jamming interception networks ("Trevor Jackson, III")
Re: Status of alleged *THIRD* key in MS Crypto API ? ("Trevor Jackson, III")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: NIST, AES at RSA conference
Reply-To: [EMAIL PROTECTED]
Date: Fri, 03 Mar 2000 11:52:14 GMT
[EMAIL PROTECTED] (Terry Ritter) wrote:
>I have proposed having and using many
>ciphers for years.
At CeBIT Hannover one exhibitor, the well known Crypto AG,
sad that their cipher algorithms are constructed as follows.
The cipher algorithms are secret. By signing a non-disclosure
agreement Crypto AG tells the customer how the algorithm works.
Crypto AG generates, using some means, a new cipher algorithm
for each new customer.
* * * * * * *
Bo D�mstedt
Chief Cryptographer
Protego Information AB
IDEON,Lund,Sweden
SG100 hardware random number generator
http://www.protego.se/sg100_en.htm
------------------------------
From: [EMAIL PROTECTED] (Francois Grieu)
Subject: Re: Status of alleged *THIRD* key in MS Crypto API ?
Date: Fri, 03 Mar 2000 13:00:35 +0100
"Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
> The third key was not employed to check crypto packages as were the first two.
I checked with Nicko van Someren (who apparently first pointed the third key)
and he wrote:
"the third key is definately a key. When Microsoft moved to Win2K
they changed the signing format for crypto service providers.
The third key is used for all new Win2K CSPs. But old CSPs, signed with
either of the old keys, still work with the later version of Windows."
Francois Grieu
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Fri, 03 Mar 2000 12:04:46 GMT
Mok-Kong Shen wrote:
> you 'have been explaining that the system does work'.
Dammit, you can't even get a direct quote right. I said
"how the system *does* work". "How", not "that", and the
emphasis was on the "does" to stress the contrast between
the actual operation and your wild speculations.
> Were you previously an employee of an interception network?
If you have any sense at all, you must know that questions
like that must go unanswered as a matter of security policy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Solitiare Algorithm/Math Question?
Date: Fri, 03 Mar 2000 12:07:51 GMT
"Wesley H. Horton" wrote:
> ... how many of those orderings would result in a winnable game
This question must have been addressed long ago..
I suspect it is easier to work out if one considers how many ways
unwinnable hands can be dealt; that way, how the hand is played is
no longer a factor.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: very tiny algorithm - any better than XOR?
Date: Fri, 03 Mar 2000 12:01:40 GMT
In article <89l58e$j1h$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Carl Byington) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I wish to thank everyone for their suggestions. This will be running
on
> an Atmel AT90S8515 <http://www.atmel.com/atmel/acrobat/doc0841.pdf>.
>
> I have added an outer round loop, and changed to overlapping 16 bit
> blocks. This should give better diffusion. The decrypt code is now
78
> bytes, 22 bytes used by the calling sequence overhead, and 56 bytes
for
> the actual code. Given that this is already too large, I don't think
I
> can add a more complicated key schedule. The target was 50 bytes of
> code space.
50 bytes of code space on a AVR is only 25 instructions at the most.
That's very limited for a block cipher. You may either want to make
use of a independant encryption chip [like a IDEA chip etc..] or give
at least 512 bytes of codespace. I only worked with the AVR8015 which
[if I remember] had a few kb of codespace available.
> I did look at TEA, but I don't see any way to get that into anything
> like 50 bytes on this processor.
Well if you design it modular enough [around the 32-bit functions
required] you should be able to fit tea in around 256 words on an AVR.
It does have the three 16-bit registers you can use R2627 ...
> /**********************************************************
> Input values: k[16] 128-bit key
> v[8] 64-bit plaintext block
> Output values: v[8] 64-bit ciphertext block
> **********************************************************/
>
> void encrypt(word8 *k, word8 *v)
> {
> int i, j, r;
> for (r=0; r<16; r++) {
> for (i=0; i<7; i++) {
> for (j=0; j<16; j++) {
> // feistel network v[i], v[i+1] form the 16 bit block
> // L = v[i]
> // R = v[i+1]
> word8 t = v[i+1];
> v[i+1] = v[i] ^ ((rotate_left(t) + k[j]) & 0xff);
> v[i] = t;
> }
> }
> }
> }
>
This code will be much too slow if you are doing a comm link of some
sort. Have you considered simpler ciphers such as RC5?
OT: BTW what C compiler are you using with the AVR?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Status of alleged *THIRD* key in MS Crypto API ?
Date: Fri, 03 Mar 2000 12:10:47 GMT
Francois Grieu wrote:
> I checked with Nicko van Someren (who apparently first pointed the third key)
> and he wrote:
> "the third key is definately a key. When Microsoft moved to Win2K
> they changed the signing format for crypto service providers.
> The third key is used for all new Win2K CSPs. But old CSPs, signed with
> either of the old keys, still work with the later version of Windows."
Thanks for the information. Isn't backward compatibility wonderful?
------------------------------
From: Jon Haugsand <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: 03 Mar 2000 13:19:40 +0100
* Bo D�mstedt
> [EMAIL PROTECTED] (Terry Ritter) wrote:
> >I have proposed having and using many
> >ciphers for years.
>
> At CeBIT Hannover one exhibitor, the well known Crypto AG,
> sad that their cipher algorithms are constructed as follows.
>
> The cipher algorithms are secret. By signing a non-disclosure
> agreement Crypto AG tells the customer how the algorithm works.
> Crypto AG generates, using some means, a new cipher algorithm
> for each new customer.
Is this wrong posted? I mean rec.humor.funny seems to be the
appropriate place...
:)
--
Jon Haugsand
Norwegian Computing Center, <http://www.nr.no/engelsk/>
<mailto:[EMAIL PROTECTED]> Pho: +47 22852608 / +47 22852500,
Fax: +47 22697660, Pb 114 Blindern, N-0314 OSLO, Norway
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: very tiny algorithm - any better than XOR?
Date: Fri, 03 Mar 2000 12:06:13 GMT
In article <89masn$6te$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Carl Byington) wrote:
> Almost surely 30 bytes, since I have yet to see any single byte
> instructions out of this thing.
>
> We need to be able to decrypt several small data blocks (keys), as
well
> as a large buffer. The stream ciphers would work nicely for the
buffer,
> but I feel they would be insecure for decrypting the small blocks. Am
> I wrong here? We only have room for one decrypt routine.
The size of the buffer with a stream cipher is moot, since there is no
diff between a big buffer and a smaller one. One good thing about most
stream ciphers is the functions are symmetrical. Take a simple LFSR
stream cipher [don't use it!] you can just xor the output of the LFSR
to encrypt *and* decrypt.
You should look up LFSR and Lagged Fibonacii generators. If you have
some ram space [around 300 bytes] you could do AlgM :). But a self-
shrinking or shrinking LFSR would work too [would be a bit slow, but
very compact].
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: IDEA question.
Date: Fri, 03 Mar 2000 12:15:35 GMT
In article <89j9eq$26vk$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Chris DiTrani) wrote:
> >I wrote a little utility to en/decrypt files using IDEA, building the
> >encryption key from a user provided pass phrase. In order to confirm
> >that a file is being decrypted with the correct pass phrase, I
encrypt
> >a block containing known (but not secret) data and append it to the
> >file before encrypting the file (so this block is encrypted twice). I
> >can look at the block after decrypting the file to confirm (to some
> >certainty). My question is, am I appreciably weakening the encryption
> >with this approach? Is there a better way?
> >
> >Thanks,
> >
> >CD
>
> Yes you are weakening the encryption with this approach. Far better
to
> not do any checking at all. If the password is wrong then the
decrypted file
> should be wrong. Why help the attacker at all.
The attacker is probably not stupid and will be able to discern that
for themselves.
A better approach is to attach a hash of the file [and encrypt the
hash] so when you decrypt the file and the hash, the hash should match
up. This way there are no known blocks and you can tell if it worked.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RC4 and salt
Date: Fri, 03 Mar 2000 12:19:10 GMT
In article <Pqwv4.2411$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I have a question about implementing "salt" with RC4. Basically, what
> is the standard method?
>
> I've seen how to do it with DES in OFB mode, but RC4 does not lend
> itself to an easy extension.
>
> If there is no standard method, I have some ideas of my own, which I
> will submit for consideration - but only if there isn't some standard
> accepted method already.
>
> Thanks for the help,
>
> Charles R. Wright
Just append a 32-bit tag to the session key when you encrypt/decrypt.
You can even use the time() function if you don't want to code anything
else. As long as each session key is unique [which is possible in this
case].
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Fri, 03 Mar 2000 12:25:28 GMT
In article <ZZlu4.1850$[EMAIL PROTECTED]>,
"Dead Kennedy" <[EMAIL PROTECTED]> wrote:
> If nothing else, PGP encryption ain't making things any easier for the
> spooks at the
> nsa. that's a good thing...
I will let you in a secret. I use PGP to hide things from *you* as
well.
Why everyone picks on the NSA is beyond me. 99.9999% of all crypto is
to stop thieves from stealing stuff, or forging stuff then the NSA from
stealing your thoughts.
If you honest think the NSA or CIA or FBI or ... will just passively
monitor your communication instead of busting down your door and
throwing you in jail for oh say four years, you are wrong. The sad (?)
truth is the NSA just doesn't care about you [or me], however millions
of thieves do :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Kim G. S. OEyhus)
Subject: Hidden computation (Re: Cryonics and cryptanalysis)
Date: 3 Mar 2000 12:52:41 GMT
In article <89a16l$c6r$[EMAIL PROTECTED]>,
Vernon Schryver <[EMAIL PROTECTED]> wrote:
>
>That falls apart given the assumptions. With enough knowledge about how
>the human body works to revive what Larry Niven named a "corpsicle," you
>could surely recover the memories in a frozen head without bothering to
>really revive or probably even thaw it. That might destroy the corpsicle,
>but so what? Given all of your memories, how do you prevent tricking
>those tests? It sounds to me like the software copy protection problem.
>Given the full state of a computer, the "debugging" tools implied by having
>the full state, and the motivation, you can break absolutely any copy
>protection scheme. Encryption, authentication, etc. don't work or are
>irrelevant when all of the secrets are known.
Cryptography can protect information in transmission, but here the
problem is to protect information when the storage device is
accessible and contains plaintext, i.e. memories in a frozen brain.
So, my question is: Is it possible to do computation where data is
encrypted on all stages, all the time? Say, an encrypted
universal Turing machine?
What I am thinking about, is a computer doing computations, but where
it is not possible to understand what the computation does, unless one
decrypts it. Is this possible at all? If so, how efficient can it be
done?
Kim0
------------------------------
From: [EMAIL PROTECTED] (Kim G. S. OEyhus)
Subject: Re: Cryonics and cryptanalysis
Date: 3 Mar 2000 13:02:25 GMT
In article <[EMAIL PROTECTED]>,
John Enright <[EMAIL PROTECTED]> wrote:
>And then comes the moral dilemma. Does Man have a soul? Since we're
>talking about a purely physically process here, and the soul resides in an
>unquantifiable spirit realm, does this effectively separate your soul from
>your body? Basically, the 'you' would be ripped out (i.e. you're dead, no
>matter if your body lives on). I sure as hell hope for better things than
>living forever in this body. ;) Cryonics is a fruitless pursuit stemming
>from a lack of faith, hope, trust, and belief in God. Everybody dies, but
>there is hope. I'll get off my soapbox now, but hey, I wasn't the one who
>originally posted the off-topic sci-fi in the first place.
Wether conciousness is physical, a soul, metaphysical, or whatever,
it really doesn't matter, because all is computation, because there
can be nothing else. All you need for computation is a computer of
some sort.
Kim0
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: IDEA question.
Date: Fri, 03 Mar 2000 13:22:20 +0000
Tom St Denis wrote:
> A better approach is to attach a hash of the file [and encrypt the
> hash] so when you decrypt the file and the hash, the hash should match
> up. This way there are no known blocks and you can tell if it worked.
Or, even better, use HMAC.
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
Date: Fri, 03 Mar 2000 13:32:45 +0000
From: Jim Backus <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.nordic,soc.culture.europe,soc.culture.ukrainian,soc.culture.china
Subject: Re: And this is me actually ...
"Trevor Jackson, III" wrote:
>
> "Markku J. Saarelainen" wrote:
>
> > ------------------------------------------------------------------------
> > [Image] [Image]
>
> If you keep this up people will start complaining to your service provider.
which they will ignore - i've had to bounce all e-mail from *@earthklink
because so much spam comes from there.
--
NT? - caNT work with it
Jim Backus [EMAIL PROTECTED]
Systems engineer Tel +44 1245 702702 ext 2577
------------------------------
Date: Fri, 03 Mar 2000 08:50:47 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Mok-Kong Shen wrote:
> Douglas A. Gwyn wrote:
> >
> > Mok-Kong Shen wrote:
> > > Douglas A. Gwyn wrote:
> > > > No, it was a simple statement of fact.
> > > > When you repeat what you understand that I mean and it
> > > > doesn't at all match what I meant, then you don't show
> > > > signs of understanding my meaning at all.
> > > > And the sarcastic tone you used convinced me that you
> > > > weren't interested in understanding what I was saying.
> > > > So it *is* a good idea to terminate the thread,
> > > > because a discussion requires listeners as well as talkers.
> > > Ah, 'one shows signs of understanding your meaning' if and only
> > > if one 'agrees' with you, isn't that what you are saying above?
> >
> > No, again you pretend to repeat what I said but it doesn't match
> > what I said. If you cannot summarize it accurately you have not
> > understood it.
> >
> > > I would say that this is the viewpoint of a very 'naive' citizen
> > > who believes that all officials in the government are 'gentlemen'.
> >
> > Well, you would be wrong yet again.
>
> Simply saying your opponents are wrong is something any kid could
> do in their talks. Clearly giving detailed and concrete reasons why
> your opponents are wrong is what adult persons engaging in scientific
> discussions do.
>
> >
> > > ... [long speech omitted] ...
> >
> > I've been explaining how the system *does* work, on the basis of
> > first-hand knowledge of its workings, primarily to counter false
> > accusations and to alleviate somewhat the public pressure to "do
> > something" about an incorrectly perceived situation, which would
> > not serve the public interest. Feel free to fantasize, but
> > realize that that is what you are doing.
>
> A claim based on something which one doesn't show or cannot show
> (for whatever reason) does NOT have any value in scientific
> discussions. WHAT were your 'first-hand' knowledge that you have
> shown us in this thread?
This is an impossible request. You are asking for evidence that something
did not happen. Since negative proofs are infeasible, you'll just have to
take his word for it.
> Please cite at least two concrete
> sentences of your previous posts that clearly indicate that
> you 'have been explaining that the system does work'. And please
> say in what 'sense' do you really mean by the phrase 'the system
> does work'. Do you simply mean that some systems (of 'any' kind)
> exist and persons are employed by them and doing some work or
> what?? And based on 'what' should one 'believe' that you indeed
> have 'first-hand' knowledge? Were you previously an employee of an
> interception network? (Otherwise you could only have 'second-hand'
> knowledges, since no visitors are admitted to highly secret
> environments.) Ah, I begin to speculate that I could one day well
> understand why you have argued so fervently to 'prove' the innocence
> and benevolence of such machineries.
Even evil persons have justifications and rationalizations for their
actions. And those with ties to evil persons will forgive them anything.
The last thing Ted Bundy's mother said to him was "You'll always be my
baby."
Given that you cannot reason a person out of a position they did not
arrive at by reason, applying the standards of scientific inquiry to
personal dogma is fruitless.
------------------------------
Date: Fri, 03 Mar 2000 08:53:01 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Status of alleged *THIRD* key in MS Crypto API ?
Francois Grieu wrote:
> "Trevor Jackson, III" <[EMAIL PROTECTED]> wrote:
>
> > The third key was not employed to check crypto packages as were the first two.
>
> I checked with Nicko van Someren (who apparently first pointed the third key)
> and he wrote:
> "the third key is definately a key. When Microsoft moved to Win2K
> they changed the signing format for crypto service providers.
> The third key is used for all new Win2K CSPs. But old CSPs, signed with
> either of the old keys, still work with the later version of Windows."
Interesting. My info was wrong. Thanks for the correction.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
