Cryptography-Digest Digest #248, Volume #11 Fri, 3 Mar 00 20:13:01 EST
Contents:
Re: Pen and Paper Systems (John Savard)
Re: On jamming interception networks ([EMAIL PROTECTED])
Re: Far out crypto claims ([EMAIL PROTECTED])
Re: Can someone break this cipher? (CLSV)
Re: Solitiare Algorithm/Math Question? (John Myre)
Re: NIST, AES at RSA conference (Tim Tyler)
Re: Best language for encryption?? (JPeschel)
Re: Best language for encryption?? ("Trevor Jackson, III")
Re: CLSID and Security ([EMAIL PROTECTED])
Re: Can someone break this cipher? (Mary - Jayne)
Re: Can someone break this cipher? (Mary - Jayne)
Re: Crypto.Com, Inc. (wtshaw)
Re: Best language for encryption?? (Paul Schlyter)
Re: Best language for encryption?? (Paul Schlyter)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Pen and Paper Systems
Date: Fri, 03 Mar 2000 15:18:58 GMT
Chad Lawson <[EMAIL PROTECTED]> wrote, in part:
>On Bruce Schneier's web page where he discusses Solitaire in detail
>(http://www.counterpane.com/solitaire.html), he mentions the book
>"Kahn on Codes" as a source of other 'pen and paper' systems.
It is a good book, but there's only one secure pencil and paper system
that I know of that is described in it, the VIC cipher. I also
describe it on my web site.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: On jamming interception networks
Date: Fri, 03 Mar 2000 22:09:37 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > You are correct because the NSA, for example,
> > has a recognized shortage of quality analysis.
>
> Maybe that's because that's the CIA's job.
>
Supposedly, the NSA and CIA obtain
intelligence together via the Special
Collection Service.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Far out crypto claims
Date: Fri, 03 Mar 2000 22:15:24 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
> > If I were a fanatic believer in ETs and their
> > UFOs then I might have to accuse you of being
> > affiliated with the Government and of trying
> > to lead us astray. I would also say it is
> > suspicious that you seem to know so much
> > about this topic and cryptography as well and
> > that you have the time and inclination for such
> > a lengthy and detailed reply.
>
> My contributions in this newsgroup are not in any official capacity.
> You have to judge my veracity and reliability for yourself; there
> is ample evidence available for your inspection.
>
> My intent is to be helpful and informative, in support of my hope
> that eventually everyone will be able to communicate in perfect
> privacy. That requires better public understanding of cryptology.
> I believe that that goal is consistent with legitimate national
> interests, although some people in the business have taken a
> short-sighted view of the matter and try to hold onto their turf.
> If my wanting to contribute to building a better world seems
> suspicious to you, that's not a reflection on *me*.
>
I said "If I were a fanatic believer". Actually, I
have no reason to view you with suspicion and
even if you were trying to lead us astray it
wouldn't bother me.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: CLSV <[EMAIL PROTECTED]>
Subject: Re: Can someone break this cipher?
Date: Fri, 03 Mar 2000 22:40:43 +0000
Mark VandeWettering wrote:
> Skip the coffee, how 'bout taking the time to read section 2.3 of the sci.crypt
> FAQ? A brief snippet:
> If you have come up with an encryption scheme, providing some
> ciphertext from it is not adequate. Nobody has ever been impressed by
> random gibberish.
Unfortunately this is not true, and probably never will be.
Many people are impressed by random gibberish. Especially
people who tell about their new method of cryptography without
providing the algorithm.
Regards,
CLSV
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Solitiare Algorithm/Math Question?
Date: Fri, 03 Mar 2000 15:33:31 -0700
> > Knowing how the solitaire (crypto) system works, does anyone have any
> > thoughts on how to order the deck so that the keystream IS the message?
> ...
> You would have to define how each permutation maps to each message ...
Well, that's the question, isn't it? Or rather, it's backwards.
Mapping
the permutation to the keystream is easy - that is the definition of the
cipher. The question asked is how to map the message (keystream) back
to the permutation.
If Solitaire is actually a secure cipher, this should be quite
difficult,
since it equates to finding the key given a (short) section of
keystream.
This is aside from the question of whether this is really even possible.
It isn't necessarily so that Solitaire is capable of outputting, say,
every possible sequence of 10 characters.
John M.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Reply-To: [EMAIL PROTECTED]
Date: Fri, 3 Mar 2000 22:35:57 GMT
Jon Haugsand <[EMAIL PROTECTED]> wrote:
: * Bo D�mstedt wrote:
:> At CeBIT Hannover one exhibitor, the well known Crypto AG,
:> sad that their cipher algorithms are constructed as follows.
:>
:> The cipher algorithms are secret. By signing a non-disclosure
:> agreement Crypto AG tells the customer how the algorithm works.
:> Crypto AG generates, using some means, a new cipher algorithm
:> for each new customer.
: Is this wrong posted? I mean rec.humor.funny seems to be the
: appropriate place...
They /seem/ serious.
http://www.crypto.ch/english/company_folder/crypto_com_cryptoie.html
``An important element in the security architecture of Crypto AG is the
customer�s independence from the manufacturer�s design. It is based on
manipulation-proof security chips and individual ASICs with proprietary
mathematical algorithms. Because of this design, the user - and only the
user - controls the vital parts of the modern algorithms and
consequently gains effective autonomy. This provides the same level of
independence as leading industrial nations which use proprietary
algorithms geared to their defence or government requirements.''
Unfortunately, on the same page, we have:
``Encryption with this degree of complexity is absolutely unbreakable.''
Crypto-marketing seems frequently to be targetted at those without brains :(
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
The only time I open my mouth is to change feet.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Best language for encryption??
Date: 03 Mar 2000 22:46:27 GMT
[EMAIL PROTECTED] (wtshaw) writes:
>One has to start somewhere, and I have not the time to waste if I can help
>it.
W.T., if you are trying to learn C, might I suggest you forget
about coding philosophy and style, and the way things are done
in BASIC. Get a C book for beginners and start coding simple
stuff, for example, a C program to do frequency analysis.
Get the feel of the language first by doing simple things,
find ways to do those simple things more efficiently,
then move on to developing your style and philosophy.
Good luck.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Fri, 03 Mar 2000 18:03:24 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Best language for encryption??
wtshaw wrote:
> In article <[EMAIL PROTECTED]>, "Trevor Jackson, III"
> <[EMAIL PROTECTED]> wrote:
> >
> > Djikstra commented on this issue, claiming that people he encountered
> (students)
> > who learned languages like BASIC first were mentally damaged in that it
> was very
> > difficult for them to think certain ways. I'd be willing to bet the effect is
> > measurable.
>
> This could be that people trained to cut through the crap are unsettled
> when they meet those that like to pile it on.
Do you _really_ think Djikstra is the kind of person to "pile on the crap"? If
you've read any of his writing, even his travel journals, I suspect you might modify
that opinion.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: CLSID and Security
Date: 3 Mar 2000 22:56:18 GMT
In a previous article, "John E. Kuslich" <[EMAIL PROTECTED]> writes:
---snip---
>What am I missing here.
Both Microsoft and Netscape have made it as hard as possible for anyone to
actually deploy ocx:es and other com objects. If you are using IE 5.0 you
can't download unsigned ocx files even if you have chosen the minimum
security option. I spent a couple of days converting an application into a
well functioning ocx before I realized this. And at that stage I did not feel
up to paying MicroSoft, Netscape and VeriSign about U.S. $1000 for a
certificat.
That's one way of dealing with the problems that arise when you develop
browsers that automatically install all ocx-files they encounter... :-/
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Fri, 03 Mar 2000 21:58:11 GMT
On Fri, 03 Mar 2000 04:07:32 -0600, "Wesley H. Horton" <[EMAIL PROTECTED]>
wrote:
>Well, let's think a moment.
>
>You posted the challenge to the crypto news group on the 27th and no one
>has broken it and returned your cipher text as yet.
>
>Therefor:
>
>It must be absolutely secure! Sure, encrypt whatever data you need to
>keep sensitive using your system. No one will ever be able to break it.
>
>I wouldn't bet my life or fortune on it personally though.
>
>Wesley Horton
>
And you think being silly will help?
I did not know you had set a time limit on breaking my cipher. Personally, I
am in no hurry.
It is quite likely that no-one will ever *try* to break it however :-)
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~auntie_min/
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Fri, 03 Mar 2000 22:01:36 GMT
On Thu, 02 Mar 2000 15:03:41 -0800, Mark VandeWettering <[EMAIL PROTECTED]>
wrote:
>A copy of the program source code would be in order. It seems rather unfair
>for you to ask people to analyze your algorithm without the source code to
>find weaknesses that you can't with the source code.
Dream on.
> If you have come up with an encryption scheme, providing some
> ciphertext from it is not adequate. Nobody has ever been impressed by
> random gibberish. Any new algorithm should be secure even if the
> opponent knows the full algorithm (including how any message key is
> distributed) and only the private key is kept secret. There are some
> systematic and unsystematic ways to take reasonably long ciphertexts
> and decrypt them even without prior knowledge of the algorithm, but
> this is a time-consuming and possibly fruitless exercise which most
> sci.crypt readers won't bother with.
Thank you for that. If most won't, then some might.
>Need we be any more explicit?
If you are not interested, stop replying. Some postings have been quite
helpful to me and I am grateful.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~auntie_min/
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Crypto.Com, Inc.
Date: Fri, 03 Mar 2000 17:15:37 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> I consider it a sad fact that in the 21st century there is still
> quite an amount of people who more or less believe such pseudo-
> sciences. Decades ago there were rumors that researches were being
> done in the former USSR on telepathy with a view to military
> applications. It appears plausible that there are even today
> in some countries officials that are tempted by 'promises' of
> the magicians-turned-scientists and supply much money to them. On
> the other hand, one must realize that, since the boundary between
> psychics and religions could be rather fuzzy, it is probably
> in principle impossible to eliminate the one without some impact
> on the other. What is unfortunate in my view is that in a few
> countries psychics studies drain on the total budget of public
> research funds.
>
Magicians use tricks that may cause the observer to doubt their own
senses. Like magic, the true nature of things can be exploited by those
who discover the tricks, or have the passed to them. If you can find
something useful, you must ask whether you are trying to be a magician or
a scientist.
Rather than exploiting the unknown, a magician exploits what he knows, and
tries to learn more, but guards the information carefully.
If you look at speculative claims in crypto, you wonder if the magic is
well-founded or someone is imagining that they can do the impossible.
Now, if you can get something well-funded that is not well-founded, you
are into pushing pseudoscience, with results which will be always false.
Science, however, is always open to strange new ideas that work, no matter
how well those established might call them bad, false, strange, or
idiotic.
One thing that might drive people up the wall if for someone to post
ciphertext without a discussion of how it was made. This is for some
their domain, to solve ciphertexts, specific algorithm not at first always
known. It is fair if the mechanism is simple enough to be identified.
Rather than getting a real psychic connection, real science needs to be
involved to carry things to a solution.
If someone can solve a cipher and you cannot, you may be tempted to see
them with unnatural powers. It may well be that you will not be able to
learn to do the same things, therefore to you, their powers are one step
beyond.
But, what would this discussion be without something unknown at present to
almost all but one, me.
See if you can discover the nature of something that almost did not
survive to see the light of day, as indeed I almost had no more of them.
Finally debugged and fully functional is a strange little cipher used to
encrypt these sentences. Although it can utilize up to 256 bits of
keyspace, I'll use only 22.
Rxr cp zuw quj agvgwhhp ict xqdqzk gg ukvymtfll qvcx qhcdty kfh ojd
jsrplmz ab lkf rbd eoqah mm nfx, fg nnuhst G cyrdda cat kr eqlu he ijeg.
Eskcykr teegskbb lkn rfhmb hxihhfqofd kr e ouuykwa vhrbob hlyvsx tyzy lk
skdqptg rtfws blnylaqno. Dekamxqb xw hho xawlxhl vc bj 256 izep dp
qpklaynx, P'cz xsa jnzo 22.
I promise to tell all about it shortly, a dumb little something to drive
the over-inflated up the wall, at least for a few days as I get into
something else probably just as weird. Note how I did not give you clean
little uniform groups, I could have, but let it leak like a sieve.
--
Present Government Security is a sandcastle build on a beach
beside a lagoon at low tide. Figure that they will expense it all
before figuring out what is wrong with their planning personel.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Best language for encryption??
Date: 3 Mar 2000 23:29:19 +0100
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
> In article <89n2ju$np6$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
> Schlyter) wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> wtshaw <[EMAIL PROTECTED]> wrote:
>>
>>>
>>> No mention of these is in the literature I have on C/C++,
>>
>> Are you sure? Really sure? If so, your literature is bad and should
>> be replaced.
>
> When clear and conciseness is obvious, fine. It is not, so programming in
> C/C++ remains art rather than science. I'll play along.
I guess no-one can argue against that -- that's why "The Obfuscated C
Code Contest" exists: to get people more skilled in the art of C
programming.
>>> which makes my point...that there is too little standardization
>>> in how the languages are fully used, as opposed to a set of commands
>>> that are easily learned, at least by many who I have taught.
>>
>> I'm sorry, but these are deficiencies in the literature and/or the
>> programmers -- not in the languages themselves!
>
> Stroustrup omits it too.
Which book by stroustrup? He's written several....
I checked his "The C++ Programming Language" though, and was surprised
to find that you're right: I couldn't find it. It wasn't in the index,
and I didn't find it in the chapter about exceptions either. However
to exclude setjmp/longjmp in a book about C++ could be understandable,
since C++ offers a replacement: exceptions. A good C book should
never omit them though, since in C setjmp/longjmp and signal are the
only ways to do non-local jumps.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Best language for encryption??
Date: 3 Mar 2000 23:28:47 +0100
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
> In article <89n2j1$nns$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
> Schlyter) wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> wtshaw <[EMAIL PROTECTED]> wrote:
>>
>>> In article <89l43v$9vk$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
>>> Schlyter) wrote:
>>>
>>>> In article <[EMAIL PROTECTED]>,
>>>> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
>>>>
>>>>
>>>> #include <stdio.h>
>>>>
>>>> #define PRINT int main() { printf (
>>>> #define END "\n" ); return 0; }
>>>>
>>>> PRINT "Hello, world"
>>>> END
>>>
>>> What about:
>>>
>>> PRINT "Goodby, Mr. Gates.":END
>>
>> The compiler will puke at the colon there. Replace with a comma, and
>> the syntax will be accepted by the compiler, but no newline will be
>> printed. Replace with a space instead, and the newline *will* be printed.
>
> It's good BASIC.
C compilers don't compile BASIC code. And my two macros above don't fully
mimic BASIC. Therefore you cnanot put a colon there, if you want to
compile it with a C compiler.
BTW you seem to not understand the "Hello, world" string: the very
first C program written by most people who are learning C is a
program outputting this string. Such a program was included as the
very first C program in K&R's classic "The C Programming Language",
and most other books teaching C followed that habit.
> Fortran would use a semicolon.
So would C - as a statement separator. Note that the semicolon in C
is always required as a statement terminator - in FORTRAN and BASIC,
end-of-line are also valid statement terminators; not so in C though.
However putting a semicolon there would be putting it right within a
statement -- the call to the library function printf(). When the
macros are expanded, we would get these alternative:
Whitespace: printf( "Hello, world" "\n" );
The preprocessor will here paste together the two strings to one
Comma: printf( "Hello, world", "\n" );
Here printf() will receive two arguments. the first will be the
format string; the second will be ignored since there's no format
specifier (%s) for it within the format string.
Colon: printf( "Hello, world": "\n" );
Semicolon: printf( "Hello, world"; "\n" );
These are both syntax errors. One possible way to squeeze a colon
in there though, and get the syntax correct, would be:
printf( 1 ? "Hello, world" : "\n" );
This is syntactically correct C, and will output only the first of the
two strings.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
