Cryptography-Digest Digest #247, Volume #11 Fri, 3 Mar 00 17:13:01 EST
Contents:
Re: Pen and Paper Systems (JimD)
Re: Merkle hash tree patent expired ("Ralph C. Merkle")
Re: brute force attack on a 128 bit SSL key? (Bob Silverman)
Re: Can someone break this cipher? (Daniel)
Re: brute force attack on a 128 bit SSL key? (Bob Silverman)
Re: Does RSA use real prime ? (Preda Mihailescu)
Re: Random bit generators ("Joseph Ashwood")
Re: Crypto.Com, Inc. (Mok-Kong Shen)
Re: On jamming interception networks (Mok-Kong Shen)
Re: Solitiare Algorithm/Math Question? (Chad Lawson)
Free Webspace for Research (Tom St Denis)
Re: Can someone break this cipher? (Jeffrey Williams)
CLSID and Security ("John E. Kuslich")
Re: On jamming interception networks (Mok-Kong Shen)
Re: Solitiare Algorithm/Math Question? (Stephen Houchen)
Re: Cellular automata based public key cryptograph ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Pen and Paper Systems
Reply-To: JimD
Date: Fri, 03 Mar 2000 19:13:29 GMT
On Fri, 3 Mar 2000 15:34:57 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>Chad Lawson <[EMAIL PROTECTED]> wrote:
>
>: [...] Bruce Schneier [...] mentions the book [...] "Kahn on Codes" as a
>: source of other 'pen and paper' systems. [...] I have been unable, thus
>: far, in finding this book. [...]
>
>Amazon says it's out of print:
>
>http://www.amazon.com/exec/obidos/ASIN/0025606409/qid%3D952097511/102-5444598-1276060
Out-of-print book agencies are pretty good at finding obscure
publications. Try one, they'll probably turn up a copy.
--
Jim Dunnett.
dynastic at cwcom.net
------------------------------
From: "Ralph C. Merkle" <[EMAIL PROTECTED]>
Subject: Re: Merkle hash tree patent expired
Date: Fri, 03 Mar 2000 11:35:09 -0800
Paul Crowley wrote:
> Where can I find a description of the technique?
Go to http://www.merkle.com, then scan for "digital signature"
The C source code for an implementation is available at
ftp://ftp.parc.xerox.com/pub/hashsig/
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: brute force attack on a 128 bit SSL key?
Date: Fri, 03 Mar 2000 19:34:39 GMT
In article <89m3ht$[EMAIL PROTECTED]>,
"Randy Given" <[EMAIL PROTECTED]> wrote:
<snip>
> He says the machines they used were not faster than the 1977 fastest
> machines. He says the Rivest estimate was not for the best
> known algorithm.
Finally. Someone posts the correct answer.
Ron forgot about the Continued Fraction Algorithm. He was assuming
a variant of Pollard Rho.
Even in 1977 with 1977 machines RSA-129 could have been done in a lot
less than 40 quadrillion years.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Daniel)
Subject: Re: Can someone break this cipher?
Date: Fri, 03 Mar 2000 19:58:25 GMT
On Sun, 27 Feb 2000 16:16:05 GMT, [EMAIL PROTECTED] (Mary -
Jayne) wrote:
>Could anyone willing to do so please solve the challenge at
>
>http://www.xarabungha.btinternet.co.uk/xicipher/xichallenge.htm
>
>I designed the algorithm and if it can be readily broken, then it is useless.
>Your destructive assistance would be appreciated.
>
>
>Regards,
>
>MJ
>
I've read this thread with great attention and to be honest I was
fairly astonished that most of the replies want the algorithm before
they can state if the cipher can be readily broken or not...
>From an academic point of view, this seems rather fair, but what is
the procedure if one gets a ciphertext ( of considerable length) and
one does *not* have a clue with which algorithm it is encrypted.
Suppose you do know that it is a message in English, how does one go
about? FrequencyAnalysis? Ok. Then what? Try all the known systems?
To conclude : is there a standard procedure to be followed if it is an
unknown cipher? How would a professional cryptographer/cryptoanalyst
go about this cipher? Please, fill me in. Thanks!
Daniel
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: brute force attack on a 128 bit SSL key?
Date: Fri, 03 Mar 2000 19:48:54 GMT
In article <[EMAIL PROTECTED]>,
Jerry Coffin <[EMAIL PROTECTED]> wrote:
> In article <89jrge$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
<snip>
> > That's the problem. You remember what
> > "assume" represents, right?
> >
> > For example, wasn't it 30 years ago that
> > some "expert" said it would take 40 quadrillion
> > years (40,000,000,000,000,000 years) to break
> > DES.
>
> I doubt it -- the small key size of DES has been a subject of
> discussion (and considerable complaint) since before the ink dried on
> the proposal to use only 56 bits.
>
> To put things in mathematical terms, 40 quadrillion years would mean
> testing just over 18,000 keys per year. That's about 49 keys a day,
> or just over 2 keys an hour. I suspect somebody who was careful
> could encode one block with DES _almost_ that fast by hand. Even the
> simplest hardware (e.g. the Eniac) could certainly test keys a LOT
> faster than that, and hardware that was common when DES was invented
> was a LOT faster.
>
> > Hmmm. Was he right? I don't think so.
>
> If anybody really said that, they were clearly wrong. I seriously
> doubt anybody did, because if anybody did so, s/he was obviously a
> LONG ways from being an expert in much of anything, down to and
> including arithmetic on the level I seem to recall learning before I
> was a teenager.
Can't anyone get their facts right????
(1) The quote was about RSA-129, not DES.
(2) RSA-129 means 129 digits (not bits as claimed in another post)
(3) The quote, believe it or not, came from Ron Rivest. [sarcasm on]
Obviously he is a long way from being an expert on anything.
Ron was assuming a 1977 computer and was assuming a variant of
Pollard-Rho would be used. He had forgotten about the continued
fraction algorithm (invented in 1970). Don't forget that QS had not yet
been invented, nor a way of doing factoring in parallel.
Some has already posted approximately correct arithmetic about
breaking a 128-bit symmetric cipher by brute force. Despite this,
we have people ranting about differential and linear cryptanalysis
when the question was about breaking 128-bit SSL. Differential and
linear analysis while being nice theoretical tools are USELESS in
practice. Take DES. Differential analysis requires getting your
adversary to provide a ridiculously large number of plaintext/ciphertext
pairs. Exactly how are you going to get him to do that? And where
do you propose to store 2^46 message pairs?
*Thankfully* there are a few people who can do arithmetic.
*Unfortunately*, too many people (who clearly have no clue what they
are talking about) have posted misinformation on this topic.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 03 Mar 2000 21:01:06 +0100
From: Preda Mihailescu <[EMAIL PROTECTED]>
Subject: Re: Does RSA use real prime ?
lordcow77 wrote:
> In article <[EMAIL PROTECTED]>, Paul Koning
> <[EMAIL PROTECTED]> wrote:
> >Yes. On the other hand, I believe you can do non-probabilistic
> >primality tests too. Those are quite a lot slower but still
> >quite fast -- much faster than simplistic approaches like trying
> >all possible divisors...
>
You can generate provable primes faster then such ones tested with a
probabilistic
test. So you have both a proof and performance.
P.
>
> Not true! No composite has been shown to pass a strong pseudo-
> primality test to base 2 and a Lucas sequence test. The total
> cost is about the same as for 3 to 4 strong pseudo-primality
> tests.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Random bit generators
Date: Fri, 3 Mar 2000 12:15:23 -0000
Suggestions similar to this come up quite often. And the
only conclusion that can be derived from it without knowing
the functions involved is to say that there exists an
optimal function f() that is equivalent to your suggestion,
and that your security depends solely on the security of
that function. OTOH your speed does not, your speed will not
be optimal. I suggest that if you are truly interested in
the security of such a method you find the function f() so
that it can be accurately reviewed, by you and others.
Joe
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto.Com, Inc.
Date: Fri, 03 Mar 2000 21:32:15 +0100
wtshaw wrote:
>
> <[EMAIL PROTECTED]> wrote:
>
> > Another possibility: Telepathy! Believe it or not, it was only
> > a few days ago that pre-cognition of animals and such stuffs
> > were earnestly discussed in a French radio broadcast.
> >
> Do you suppose that we can better communicate with BXA this way, or is
> that the technique they are trying to use in lieu of seeding email to us.
I consider it a sad fact that in the 21st century there is still
quite an amount of people who more or less believe such pseudo-
sciences. Decades ago there were rumors that researches were being
done in the former USSR on telepathy with a view to military
applications. It appears plausible that there are even today
in some countries officials that are tempted by 'promises' of
the magicians-turned-scientists and supply much money to them. On
the other hand, one must realize that, since the boundary between
psychics and religions could be rather fuzzy, it is probably
in principle impossible to eliminate the one without some impact
on the other. What is unfortunate in my view is that in a few
countries psychics studies drain on the total budget of public
research funds.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Fri, 03 Mar 2000 21:32:01 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > you 'have been explaining that the system does work'.
>
> Dammit, you can't even get a direct quote right. I said
> "how the system *does* work". "How", not "that", and the
> emphasis was on the "does" to stress the contrast between
> the actual operation and your wild speculations.
I don't have ANY 'personal' 'speculations' on the machineries, not to
mention 'wild speculations'. Look at, among others, the STOA
documents, available at:
http://fly.hiwaay.net/~pspoole/echres.html
Now your views are apparently diametrically opposite to those
expressed in these documents. As a 'third party' person confronted
with the mutually contradictory opinions and without any
possibility to gather 'first hand' informations to independently
learn the 'reality' myself, I naturally have to assign subjective
probabilities to the truth values of the two categories of opinions.
Do you think it is fundamentally wrong, if I assign a probability
of 0.999 to the STOA documents (because the studies have been
conducted by the EU-commission, which is a multi-national
organization) and only 0.001 to the statements of yours (because
Mr. Gwyn is a single private person whose curriculum vitae is
unknown to me)? I am quite sure that other people in the same
situation as mine would do virtually the same (they might e.g.
assign a value of 0.98 in place of my 0.999 though). If you want
to convince others of your view of the machineries, then you have
to present concrete, detailed and reliable FACTS to refute the
STOA documents. If you don't do that, nobody is going to believe
you, even in case you were in fact right and the STOA documents
were actually all wrong. Simply claiming that what you say is
based on some (undisclosed by you) 'first hand' informations
of yours and without giving any convincing supporting facts is
FUTILE to establish ANY of your assertions, because that simply
doesn't correspond to the fundamental convention of determining
truth in sciences. Your style of convincing people probably could
have some utility in religions, but nowhere else!
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Chad Lawson <[EMAIL PROTECTED]>
Subject: Re: Solitiare Algorithm/Math Question?
Date: 3 Mar 2000 20:32:57 GMT
Chad Lawson <[EMAIL PROTECTED]> wrote:
: I've been thinking about the Solitaire system for a while now as I
: am a playing card addict and crypto fan.
: What I am wondering is this:
: Is it possible to determine a method of ordering a deck such that
: using the Solitaire system on it produces the message itself?
: It occurs to me that with 54! possible orders of the deck that like
: the 'monkeys on keyboards' theory that one could order the deck so that
: the deck itself was the encoded message, and by using the method one
: would generate the message itself.
: Granted, this would not be a safe means to send messages as anyone knowing
: how the system works could read the message if they got their hands on
: the deck. But on a mathematic level the question intrigues me.
: Does anyone have any thoughts on how to approach this problem? How could
: one determine the order a deck would need to be in to generate a short
: message (i.e. "HELLO WORLD" or "DO NOT USE PC")?
Let me elaborate since there seems to be some confusion as to what I am
talking about.
I am not talking about Solitaire the game, I am talking about Solitaire
the crypto system.
Bruce Schneier has a system called Solitaire that uses a deck of 54
cards (joker included) to generate a stream of numbers that are used
to encrypt/decrypt a message.
http://www.counterpane.com/solitaire.html
Since the order of the deck (the key) determines the string of characters
that are generated (52 cards, two jokers; 26 letters x 2=54), and since
certain cards can and do come up more than once, I am wondering if it
is possible to order the deck such that the 'keystream' that is generated
is the message itself instead of subtracting from a cypher text to get
the encoded message.
Knowing how the solitaire (crypto) system works, does anyone have any
thoughts on how to order the deck so that the keystream IS the message?
Chad Lawson
--
"He deals the cards as a mediation...the sacred geometry of chance,
the hidden law of a probable outcome, the numbers lead a dance."
--Sting, "Shape of My Heart"
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Free Webspace for Research
Date: Fri, 03 Mar 2000 20:34:35 GMT
Hello all,
I am offering free webspace [no ads, no fees] for research projects on
my home computer [running off a cable modem]. I have 6gb of free space
on an extra hd, and I plan to get a 20gb later on.
If you want a directory on my website please email me at [EMAIL PROTECTED]
Thanks,
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: Can someone break this cipher?
Date: Fri, 03 Mar 2000 15:47:28 -0600
Daniel,
There are several reasons for wanting the algorithm. A couple that come to mind
immediately are:
- it may take a lot of effort to break a single encryption and, other than the
intellectual glory, there really is no reward for the effort;
- the author may not have provided a long enough text to break the encryption.
There are a variety of tools/directions which a professional might use. Much
would depend on what, if anything, you know about the ciphertext, the recipient,
the sender, the possible type of data being sent, the method of transmission,
etc. I suggest that you start by reading Bruce Schneier's tome (Applied
Cryptography).
You might also want to read the FAQ. It talks about "can you break this"
challenges.
Jeff
Daniel wrote:
> On Sun, 27 Feb 2000 16:16:05 GMT, [EMAIL PROTECTED] (Mary -
> Jayne) wrote:
>
> >Could anyone willing to do so please solve the challenge at
> >
> >http://www.xarabungha.btinternet.co.uk/xicipher/xichallenge.htm
> >
> >I designed the algorithm and if it can be readily broken, then it is useless.
> >Your destructive assistance would be appreciated.
> >
> >
> >Regards,
> >
> >MJ
> >
>
> I've read this thread with great attention and to be honest I was
> fairly astonished that most of the replies want the algorithm before
> they can state if the cipher can be readily broken or not...
>
> From an academic point of view, this seems rather fair, but what is
> the procedure if one gets a ciphertext ( of considerable length) and
> one does *not* have a clue with which algorithm it is encrypted.
> Suppose you do know that it is a message in English, how does one go
> about? FrequencyAnalysis? Ok. Then what? Try all the known systems?
>
> To conclude : is there a standard procedure to be followed if it is an
> unknown cipher? How would a professional cryptographer/cryptoanalyst
> go about this cipher? Please, fill me in. Thanks!
>
> Daniel
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: CLSID and Security
Date: Fri, 3 Mar 2000 14:53:46 -0700
I was reading the Microsoft documentation on COM objects and how CLSID's are
used to provide, with almost absolute certainty, a uniquely identifying
number. This number is used to identify interfaces for COM objects across
any arbitrary boundary.
They then go on to say that these CLSID's are not linked to the ethernet MAC
address for security reasons.
Well, when I compute a CLSID using the CoCreateGUID from the Windows API, I
find that the MAC address of the GUID so created is laying right there in
the last few bytes of the GUID.
What am I missing here.
I can surely see why the MAC address could be a security risk in some
situations.
JK http://www.crak.com Password Recovery Software
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Fri, 03 Mar 2000 23:03:31 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > ... Evidently that is beyond the capability of 'logic'. One should
> > also remember that there is not even a 'unique' logic. I happen to
> > be in possession of a copy of a master thesis of somebody entitled
> > 'Nonclassical Logics' with 387 pages!
>
> That argument isn't even worthy of a sophomore.
Do you really mean that nonclassical logics are familiar to
the sophomores (or at least in the US)?
M. K. Shen
------------------------------
From: Stephen Houchen <[EMAIL PROTECTED]>
Subject: Re: Solitiare Algorithm/Math Question?
Date: Fri, 03 Mar 2000 15:54:32 -0600
> Knowing how the solitaire (crypto) system works, does anyone have any
> thoughts on how to order the deck so that the keystream IS the message?
Well, there are 52!=8x10^67 permutations of the deck. Let's say messages
consist, for example, of 26 letters plus 10 digits plus a space (37
characters).
The message length you can support in this system is:
log37 (52!) ~= 43 characters
You would have to define how each permutation maps to each message,
but this would be the approximate cap.
You could increase the number of permutations if you're allowed
to put cards in either right-side-up or upside-down. If you can
put them face-up or face-down, there's some more. But these
could arouse suspicion...
S
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cellular automata based public key cryptograph
Date: Fri, 03 Mar 2000 21:52:43 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> If anyone can help me by providing me with details that I do not already
> have access to, that would be very helpful. For example, if there are any
> books in print containing any of the papers in my bibliography, I'd be
> interested to learn about this.
>
Your message was interesting to me given
that, in an earlier thread, I had asked what
kind of cryptography was possible with
higher- dimensional automata. Howard
Gutowitz is the only non- Chinese person I am
aware of who has developed a key- based
system with automata. (see
www.santafe.edu/~hag/ca11/ca11.html)
C.N. Zhang at the CS Dept. of the University of
Regina, Canada has written the paper "Two
improved algorithms and hardware
implementations for key distribution using
extended programmable cellular automata". I
have never seen his work but he might be
familiar with Renji's papers and able to
discuss them in English. A crypto website
gives his email address which I could send
you.
[Writing this message and seeing that you
appear to be in England has reminded me of
Monty Python's hilharious albeit racist ditty "I
like Chinese". If you know this song then I
hope it does not get stuck in your head like it
has in mine- kind of like "memes" automata or
viruses- nudge, nudge, wink, wink.
> --
> __________
> |im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
>
> Never call a man a fool. Instead, borrow from him.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
