Cryptography-Digest Digest #251, Volume #11 Sat, 4 Mar 00 08:13:01 EST
Contents:
Re: On jamming interception networks ("Douglas A. Gwyn")
Re: Passphrase Quality ? (Guy Macon)
Re: Passwords secure against dictionary attacks? (Guy Macon)
Re: CLSID and Security (Paul Rubin)
Re: Decompiling/Tamper Resistent ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? (Guy Macon)
Re: very tiny algorithm - any better than XOR? (Paul Rubin)
Re: Random bit generators ("Joseph Ashwood")
Re: Decompiling/Tamper Resistent ("Joseph Ashwood")
Re: On jamming interception networks (Mok-Kong Shen)
Re: Cellular automata based public key cryptography (Quisquater)
Re: Explaination of method question ([EMAIL PROTECTED])
RIP Bill briefings for 2nd Reading debate (Monday 6th March 3:30pm) ("NoSpam")
Re: Cellular automata based public key cryptograph (Tim Tyler)
Re: Can someone break this cipher? (Daniel)
Re: Can someone break this cipher? (Daniel)
Re: Cellular automata based public key cryptography (Tim Tyler)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Sat, 04 Mar 2000 08:05:06 GMT
David A Molnar wrote:
> I do not think that's what was meant by the statement "That argument
> isn't even worthy of a sophomore", however.
Right; it meant "calling that argument sophomoric would be an insult
to sophomores!"
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Passphrase Quality ?
Date: 04 Mar 2000 03:15:44 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (jungle) wrote:
>
>there is one huge difference, this one I can tell you ...
>you know your pass text all the time [ you did your pass text memorized very
>well ], therefore several methods that are child play simple to use & execute
>exist to get this pass text from you
>
>to get your "simple two sentence mnemonic", irrespectively of your resistance
>any time the AGENCY WOULD LIKE TO DO IT ...
>when agency will like to get your "simple two sentence mnemonic", you will spit
>it out on every request, like a baby spit a dummy
>
Let me get this straight. You are advocating using a passphrase that
is hard to remember so as to avoid someone torturing it out of you?
Let me guess... you keep it on a post-it note on your monitor, right?
I have this mental picture of them increasing the torture and you
REALLY, REALLY, *REALLY* wishing that you could remember your passphrase...
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: 04 Mar 2000 03:19:42 EST
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (JCA) wrote:
>
> I have myself used for years the initial letter approach, whereby I come
>up with a passphrase and construct my password by using the first letter
>of each word, and any punctuation signs in the sentence. There are three
>advantages to this:
>
> 1) The resulting password looks satisfactorily random (if somewhat
>overabundant in lowercase letters,)
>
> 2) Very long passwords can be easily concocted,
>
> 3) One can easily assign a reminder to it that can be kept public.
>
> For instance, choosing "This is just an example, and not such a good one,
>of a Password Reminder(TM)" my password would be "Tijae,ansago,oaPR(TM)",
>and the reminder something like "Example of password reminder".
>
> I have yet to come across a technique more satisfactory than this.
>
I really can't think of a better technique either. One slight addition;
one should use an original phrase, not a quote from any published work.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: CLSID and Security
Date: 4 Mar 2000 08:25:55 GMT
In article <9uWv4.1718$[EMAIL PROTECTED]>,
"John E. Kuslich" <[EMAIL PROTECTED]> writes:
> I was reading the Microsoft documentation on COM objects and how CLSID's are
> used to provide, with almost absolute certainty, a uniquely identifying
> number. This number is used to identify interfaces for COM objects across
> any arbitrary boundary.
>
> They then go on to say that these CLSID's are not linked to the ethernet MAC
> address for security reasons.
>
> Well, when I compute a CLSID using the CoCreateGUID from the Windows API, I
> find that the MAC address of the GUID so created is laying right there in
> the last few bytes of the GUID.
>
> What am I missing here.
There was a big ruckus a few months ago (front page article NY Times)
when Richard Smith discovered that the GUID's contained the MAC address;
and further, files like Microsoft Word documents and Excel spreadsheets
contained GUID's which connected then back to the machines that the files
were written on. I think a GUID like that was found in the Melissa virus
and that's how they caught the author.
I seem to remember that Microsoft changed the scheme after the publicity,
so GUID's didn't use the MAC address any more. So maybe you're looking
at new COM documentation, but using an old compiler that still uses the MAC
address.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Decompiling/Tamper Resistent
Date: Sat, 04 Mar 2000 08:23:36 GMT
I am refering to your post and the above poster. It appears that you
dont have a clue of real crypto systems. Have you heard of FIPS-140
levels 1-4. Most crypto manufacturers have a
tamper-resistent/tamper-proof module (for keys and programs). This is
not to stop customers having access to the source code...customers dont
go snooping around bits of hardware and disassembling code.. There is
an easier way of getting the source code.. You just ask...Isnt that
simple..
And I would aprreciate that you dont answer threads about a subject you
know little about...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: 04 Mar 2000 03:33:16 EST
In article <#0rdlKJh$GA.96@cpmsnbbsa02>, [EMAIL PROTECTED] (Joseph Ashwood) wrote:
>
>I think your estimate of 16 bits of entropy per word isn't
>quite right. Most Americans have a vocabulary of around 5000
>words, the same applies for many other countries. That means
>that, at best, we can have a reasonable expectation of 8192
>words in their vocabulary, or 13 bits. More likely 4096
>words for 12 bits. Now, of those words we tend to use only a
>few hundred in daily conversation (e.g. obfuscation isn't
>used daily), and therefore it is likely that there will be
>an extreme bias towards those words for only 8 bits of
>entropy per words. This makes the 10 word recommendation at
>80 bits, considering varying the space between, people will
>again have a rather strong bias, so I don't see any reason
>to expect an addition of more than 1.5 bits, the 10 word
>recommendation is therefore 93.5 bits, 9 words is 84,
>reducing the needed space to 9 words. The rules of course
>change if someone makes the effort to use their entire
>education, and I would expect that someone whose interest is
>in learning words, would have a knowledge approaching that
>of an unabridged dictionary of 65K words, or 16 bits per
>word, and immediately foiling most dictionary attacks.
>
>I have of course been ignoring capatilization, which by
>itself can offer almost 1 bit of entropy per letter. This
>can offer a significant increase in security against a
>dictionary attack, but can make viewing attacks easier
>(keyboard spying).
In the case of touch typists, I find it hard to watch the
shift key and still see the letters typed. In the case of
two finger typing, it's easy. One finger typing with the
other hand resting on the shift key is a bit harder, but only
if the keyboard has no clicks.
As for capitalization, an attacker would be likely to apply various
permutations to the dictionary attack (transposed characters, qwerty
shifting, hackish, reveresed, etc. You would like to pick a scheme
that is less than obvious, but in=s still easy to remember. JusT
bEInG rANdOm WiTh thE CApS is hard to remember. Capitalizing
onE chAracter peR woRd might be a guessable permutation.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: very tiny algorithm - any better than XOR?
Date: 4 Mar 2000 09:22:02 GMT
Carl Byington <[EMAIL PROTECTED]> wrote:
>>Can I ask what the application is? Maybe you could use some of the
>>cpu program space to code a small interpreter, and run "programs" from
>>the eeprom, migrating other parts of your application to eeprom except
>>for the speed critical parts.
>
>Already doing that. Much of the program code space is used by the
>interpreter, and much of the ram is used by the global variables for
>the interpretive code in eeprom. The rest is used for the time sensitive
>communications stuff.
Maybe you could put the crypto algorithm into interpreted space, e.g.
Skipjack, which needs only about 3 bytes of RAM (plus the data block)
if you're careful. I don't think you could code it in 50 bytes, but
there's a sample PIC implementation at
http://www.brouhaha.com/~eric/crypto/#skipjack
which you might be able to adapt.
>Does the following give better security than a simple additive RNG?
>[home cooked scheme snipped]
I don't know. That scheme would look better if it had a lot more rounds.
Why do you use bit rotations instead of a table lookup from the eeprom
into some type of S box?
Maybe you could use two additive RNG's of differing lengths and
combine the outputs with the plaintext in some simple nonlinear way to
get a keystream. That probably wouldn't stand up to serious
cryptanalysis, but it would be compact and fast, and attackers at
least would have to think about the problem.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Random bit generators
Date: Sat, 4 Mar 2000 01:19:18 -0000
I was replying to what you wrote.
Take the output of three prngs and use the 3rd one to choose
from the other 2.
Joe
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> What exactly are you replying to?
>
> Joseph Ashwood wrote:
>
> > Suggestions similar to this come up quite often. And the
> > only conclusion that can be derived from it without
knowing
> > the functions involved is to say that there exists an
> > optimal function f() that is equivalent to your
suggestion,
> > and that your security depends solely on the security of
> > that function. OTOH your speed does not, your speed will
not
> > be optimal. I suggest that if you are truly interested
in
> > the security of such a method you find the function f()
so
> > that it can be accurately reviewed, by you and others.
> > Joe
>
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Decompiling/Tamper Resistent
Date: Sat, 4 Mar 2000 01:30:45 -0000
The most prominent example (at least in my mind) of how
basically useless those techniques are is the Clipper chip.
In spite of having the highest possible rating, and
exceeding even that, legitimate individual found ways to
play around with it, and change attributes.
Looking at what you said, this appears to be simply a
replacement for a dongle that is actually of some use.
Perhaps you could put a larger portion of your program on
the semi-custom hardware, making it more difficult to solve
the complete problem.
Joe
<[EMAIL PROTECTED]> wrote in message
news:89qh67$u0d$[EMAIL PROTECTED]...
> I am refering to your post and the above poster. It
appears that you
> dont have a clue of real crypto systems. Have you heard
of FIPS-140
> levels 1-4. Most crypto manufacturers have a
> tamper-resistent/tamper-proof module (for keys and
programs). This is
> not to stop customers having access to the source
code...customers dont
> go snooping around bits of hardware and disassembling
code.. There is
> an easier way of getting the source code.. You just
ask...Isnt that
> simple..
>
> And I would aprreciate that you dont answer threads about
a subject you
> know little about...
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Sat, 04 Mar 2000 11:52:22 +0100
Douglas A. Gwyn wrote:
>
> David A Molnar wrote:
> > I do not think that's what was meant by the statement "That argument
> > isn't even worthy of a sophomore", however.
>
> Right; it meant "calling that argument sophomoric would be an insult
> to sophomores!"
But nobody was 'calling that argument sophomoric' (the word
sophomore came up first time in your own post) and it isn't very
clear what 'that arguemt' being referred to exactly is. So that
doesn't seem to be right in my humble view. In fact, I tried diverse
combinations of different meanings of words in the sentence and did
come up with one alternative meaning which I didn't post because
its probability seemed to be lower. However, speculations are
useless and can't substitute an 'authorative' version of the meaning
to be given by you.
M. K. Shen
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptography
Date: Sat, 04 Mar 2000 12:19:29 +0100
"Trevor Jackson, III" wrote:
> Wolfram did some work on automata ciphers.
See
http://www.stephenwolfram.com/publications/articles/ca/85-cryptography/
Stephen Wolfram (Ed.), Theory and Applications of Cellular Automata,
World Scientific Press, Singapore, 1986 (ISBN 9971-50-124-4).
http://www.stephenwolfram.com/publications/books/ca-reprint/
They are many papers about automata and secret-key cryptography.
----------
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Explaination of method question
Date: 4 Mar 2000 10:58:42 GMT
Could you please reformulate the entire algorithm in terms of either cyclic
decomposition of permutations, or integer addition modulo 256 and integer
addition modulo 2.
In a previous article, <[EMAIL PROTECTED]> writes:
> Soon I may be asking if someone can lay an attack on my encryption algy
so
>i can find the problems with it and hopefully defeat them. I have written
an
>explaination and uploaded it on my site I'm hoping maybe some of you could
>check it out and tell me if the explaination is enough to explain the
>encryption algy or weather it seems that with the info provided there is
>something missing.
>
>http://home.cyberarmy.com/puregold/Enigma%20Enc.zip
>this is the url to the zip containing the explaination of the algy.
>Also if any of you know where to find proven methods of crypto that have not
>been broken in VB source i'd be greatfull the onlythings i can find are c
and
>VC and Java
>
>-Pure (thanx)
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: "NoSpam" <[EMAIL PROTECTED]>
Crossposted-To:
uk.politics.parliament,uk.legal,uk.telecom,uk.politics.crime,talk.politics.crypto
Subject: RIP Bill briefings for 2nd Reading debate (Monday 6th March 3:30pm)
Date: Sat, 4 Mar 2000 12:32:42 -0000
FIPR and JUSTICE http://www.fipr.org/rip/index.html
New STAND (excellent) www.stand.org.uk
LIBERTY http://www.liberty-human-rights.org.uk/mlobby2.html
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptograph
Reply-To: [EMAIL PROTECTED]
Date: Sat, 4 Mar 2000 12:48:38 GMT
[EMAIL PROTECTED] wrote:
[CA public key cryptography]
: Your message was interesting to me given
: that, in an earlier thread, I had asked what
: kind of cryptography was possible with
: higher- dimensional automata. Howard
: Gutowitz is the only non- Chinese person I am
: aware of who has developed a key- based
: system with automata. (see
: www.santafe.edu/~hag/ca11/ca11.html)
There's also "Lafe Technologies":
http://www.lafetechnologies.com/html/index1.html
They make a commercial encryption product, CATLock, based on CAs:
http://www.lafetechnologies.com/html/products1_encryption_catlock.html
Although the site seems to have more than its fair share of marketspeak,
the technology appears quite impressive. It's a private key affair,
though.
: C.N. Zhang at the CS Dept. of the University of
: Regina, Canada has written the paper "Two
: improved algorithms and hardware
: implementations for key distribution using
: extended programmable cellular automata".
I didn't know about this. FWIW, there's an abstract of the work here.
http://www.acsac.org/1998/abstracts/thu-a-330-zhang.html
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Legalise IT.
------------------------------
From: [EMAIL PROTECTED] (Daniel)
Subject: Re: Can someone break this cipher?
Date: Sat, 04 Mar 2000 12:56:51 GMT
On Fri, 03 Mar 2000 15:47:28 -0600, Jeffrey Williams
<[EMAIL PROTECTED]> wrote:
>Daniel,
>
>There are several reasons for wanting the algorithm. A couple that come to mind
>immediately are:
>- it may take a lot of effort to break a single encryption and, other than the
>intellectual glory, there really is no reward for the effort;
>- the author may not have provided a long enough text to break the encryption.
>
>There are a variety of tools/directions which a professional might use. Much
>would depend on what, if anything, you know about the ciphertext, the recipient,
>the sender, the possible type of data being sent, the method of transmission,
>etc. I suggest that you start by reading Bruce Schneier's tome (Applied
>Cryptography).
>
>You might also want to read the FAQ. It talks about "can you break this"
>challenges.
>
>Jeff
Thank you for replying. I've started to read "The Code Book" by Simon
Singh and "Decrypted Secrets" by F.L. Bauer. I've worked myself
through "Initiation � la cryptographie" by Gilles Dubertret and read
(most) of D. Kahn's gigantic/fantastic book.
Of course, there's no reward for breaking someone's cipher other than
intellectual glory - unless one works in a modern black chamber :-)
But suppose that the cipher by Miss Stevens would contain text like
"attack the nuclear site this day at that hour". Disaster would have
striken *long* before the cipher is broken. If one would actually
break the cipher even only 1 day after the disaster, the encryption
would have served its purpose : make a text unreadable to others
unless they put in a lot of human resources/time...
I suppose the original text by Miss Stevens is in English and I also
suppose she's done a Vig�n�re after a Caesar-like encryption on the
clear text. Does double encryption make a cipher stronger? How can
we find out what she has done to encrypt a message? What would a
professional cryptographer do besides collecting messages and hope for
some human error? In the books there's always hindsight on the facts.
They used this approach for this and that reason and hey, bingo!
That's always easy;-) Besides frequency analysis, what would you do
on an unkown cipher (like the one from Miss Stevens)? I have tried
several approaches, but all in vain...
Daniel
------------------------------
From: [EMAIL PROTECTED] (Daniel)
Subject: Re: Can someone break this cipher?
Date: Sat, 04 Mar 2000 12:58:16 GMT
On Sat, 04 Mar 2000 04:39:07 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>Daniel wrote:
>> is there a standard procedure to be followed if it is
>> an unknown cipher? How would a professional cryptographer/
>> cryptoanalyst go about this cipher?
>
>There are rather large textbooks on the subject; it cannot be
>done justice in this forum. The sci.crypt FAQ has references.
Thanks. I'll check it out.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Cellular automata based public key cryptography
Reply-To: [EMAIL PROTECTED]
Date: Sat, 4 Mar 2000 13:01:50 GMT
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
: Wolfram did some work on automata ciphers. They turned out to have
: weaknesses, but it worth a look.
I believe this was a stream cypher based on his rule-30 - way back in 1986.
To repeat what "Applied Cryptography" said about this (when used as a RNG):
``The generator's behaviour appears quite random. However, there is a
known-plaintext attack against these generators. [...] Additionally
Paul Bardell proved that the output of a cellular automaton can also be
generated to a linear-feedback shift register of equal length, and is
thus no more secure.'' p. 414.
Though this may make cellular atomata /sound/ bad, Paul's result can only
be considered to apply to the class of simple 1D, r=1 "Wolfram" rules.
I like the way Schneier calls him "*Steve* Wolfram". I can't figure out
if it's a mistake - of if he's making out that they're best buddies ;-)
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Jesus saves... Vishnu invests.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
