Cryptography-Digest Digest #330, Volume #11 Tue, 14 Mar 00 14:13:01 EST
Contents:
Re: Universal Language (Richard Herring)
Re: Q: Twofish' S-Boxes ([EMAIL PROTECTED])
Re: Just *Germain* primes (Robert Harley)
Re: Cipher Contest (Mike Rosing)
Re: Just *Germain* primes ("Tony T. Warnock")
Re: Universal Language ("Tony T. Warnock")
Re: Improvement on Von Neumann compensator? ("John E. Kuslich")
Re: Encryption of fax ("Alex Chartier")
Re: Improvement on Von Neumann compensator? (Mike Rosing)
Re: Cyber Patrol 4 reversed ("John E. Kuslich")
Re: how to introduce hs students to cryptography (Doug Stell)
Re: Random permutations (Scott Nelson)
Re: Universal Language (Paul Koning)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: Universal Language
Date: 14 Mar 2000 17:31:42 GMT
Reply-To: [EMAIL PROTECTED]
In article <8alh56$1kc$[EMAIL PROTECTED]>, ink ([EMAIL PROTECTED]) wrote:
> Richard Herring <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
> 8alggd$g6d$[EMAIL PROTECTED]
> > In article <[EMAIL PROTECTED]>, Mok-Kong Shen
> ([EMAIL PROTECTED]) wrote:
> > > >
> > > I suppose in most languages adjectives generally precede the nouns
> >
> > I wouldn't like to have to defend that as a general principle ;-)
> >
> Especially French people might object.
To be fair, M-K did except French in the bit I didn't quote.
But there are more than a few others...
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Q: Twofish' S-Boxes
Date: 14 Mar 2000 17:40:19 GMT
I should have added that my question concerns what is called the "g-function"
in "TwoFish: A 128-Bit Block Cipher" by Bruce Schneier, John Kelsey, Doug
Whiting, David Wagner, Chris Hall & Niels Ferguson, 15 June 1998.
The box I am referring to is a combination of the four s-boxes and the columns
of the MDS matrix. My question should read if it is true that the g-function
is not bijective and why not?
In a previous article, < [EMAIL PROTECTED]> writes:
>The following line of code is extracted from a Borland Delphi implementation
>of the Twofish encoding function:
>
> X := Box[0, A.A] xor Box[1, A.B] xor Box[2, A.C] xor Box[3, A.D];
>
> (code is copyright Haagen Redmann)
>
>X and A are 32-bit "LongWord"s (the Delphi term for 32-bit unsigned
integers),
>Box is a 4 column 256 row matrix with LongWord elements, A.A is the first
>byte of A, A.B the second byte of A, etc.
>
>As far as I can tell from the TwoFish initialization function (please
correct
>me if I am wrong) the Box matrix is constructed in such a way that the
>variable X will not take on any 32-bit value. I.e. for each possible Box
>there are pairs of A and A' such that (Box[0, A.A] xor Box[1, A.B] xor
Box[2,
>A.C] xor Box[3, A.D]) = (Box[0, A'.A] xor Box[1, A'.B] xor Box[2, A'.C] xor
>Box[3, A'.D]).
>
>My Q is: Am I right? If so, why are the boxes constructed like this? Does
the
>loss of information caused by this property of the boxes REALLY make it
>harder for an attacker to extract a fully functional box (not necessarily
the
>one that was actually used!) from a cipher text - known plain text pair?
>
> ----- Posted via NewsOne.Net: Free Usenet News via the Web -----
> ----- http://newsone.net/ -- Discussions on every subject. -----
> NewsOne.Net prohibits users from posting spam. If this or other posts
>made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Robert Harley <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Date: 14 Mar 2000 18:37:22 +0100
[EMAIL PROTECTED] writes:
> What, then, is different about Sophie Germain that we'd single her out in
> this unusual way? I'm afraid the answer is obvious, and it doesn't
> reflect well on the mathematical community.
I hereby move that we call them "LeBlanc primes", since she wrote
under the pseudonym M. LeBlanc.
Not!
Dumbass.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Cipher Contest
Date: Tue, 14 Mar 2000 11:44:45 -0600
Adam Durana wrote:
>
> Originally the intermediate and advanced categories had a block size of 128
> bits. Do you think it should be put back that way? Or do you want a 128
> bit block size for all 3 categories. I thought a nice small block size (64
> bits) would be easy for everyone to work with. As for the chaining, I've
> seen some people post ciphers to sci.crypt that wouldn't work with certain
> forms of chaining.
I'd go the other way, 32 for beginner, 64 for intermediate and 128 for
advanced.
The beginner class can learn from comparisons between brute force and
analysis,
the intermediates can better understand the attacks and the advanced can
have
fun. It also makes the catagories clearly distinct and if someone has
something
good, they can move it up to the next catagory (and watch it fail there
:-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Just *Germain* primes
Date: Tue, 14 Mar 2000 10:56:27 -0700
Reply-To: [EMAIL PROTECTED]
Bob Silverman wrote:
> In article <[EMAIL PROTECTED]>,
> Paul Koning <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] wrote:
> > > > > >enough) a little mistake in the documentation; the numbers
> turned up
> > > In article <[EMAIL PROTECTED]>,
> > > John Savard <[EMAIL PROTECTED]> wrote:
>
> > > >in the Sophie Germain mode are the ones usable as actual moduli.
> > >
> > > May I say something almost entirely off-topic and annoying? Thank
> you.
> > > ...
> > > What, then, is different about Sophie Germain that we'd single her
> out in
> > > this unusual way? I'm afraid the answer is obvious, ...
> >
> > I always wonder why people (in recent times) insist on
> > immediately attributing things like this to sinister
> > motives.
>
> <snip>
>
> It is even worse than this. The knee-jerk "attribute to discrimination"
> reaction arises from gross stupidity and ignorance.
>
> I heard a story recently of a woman who went on a crusade against
> a reporter because he used the word "niggardly" in an article. It
> would be comical if it were not so pathetic....
>
> To put the record straight. "Sophie Germain primes" are so named
> because she was the first to initiate a serious study of primes p
> such that 2p+1 is also prime. It arose in the context of trying to
> prove FLT. She was able to prove that if p and 2p+1 are both prime,
> then x^p + y^p = z^p has no non-trivial solutions in positive integers.
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
Actually it was the Washington DC city council (or whatever it is called.)
The black members walked out in protest when a gay member used niggardly to
refer to the dearth of funding for some project. I guess vocabulary is not a
political skill.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Tue, 14 Mar 2000 11:00:11 -0700
Reply-To: [EMAIL PROTECTED]
In English narrative, a rather larger proportion of adjectives follow
the nouns. This is especially true for "heavy" adjectives: long words.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Improvement on Von Neumann compensator?
Date: Tue, 14 Mar 2000 10:46:08 -0700
Another easy way to reduce this one zero bias problem is to put the output
of the data sampler latch into the clock input of another flip/flop set up
to toggle. When you sample this flip/flop's output, the bias will be as
close to zero as you can make it,even if the sampler has bias... if your
circuit is set up to support fast rise/fall time parts and the oscillator
period is long wrt the rise/fall times involved.
-____-____-____-____-____-____-____-____-____-____-____- Oscillator
=============_____============_____============_____============_ Data
Sampler (Biased)
====================______________==================___________ Output
Of course, the output data rate is reduced by a factor of two but this is
also true in the Von Neuman case.
(The Data Sampler is shown here as a regular pattern, random data would be
more variable)
JK http://www.crak.com Password Recovery Software
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:8akkcr$[EMAIL PROTECTED]...
>
> Recently we had a discussion about turning certain time related physical
> effects that are believed to have a random component (time between zero
> crossings of a thermal noise source, time between radioactive decay
> events) into a string of ones and zeros without (if possible) adding bias.
>
> Now if I latch the output of a free running oscillator that has lots of
> cycles between the random events, I will get somewhat random data, but
> I am counting on a perfgect 50/50 duty cycle and a perfect 50% threshhold.
> Otherwise I get a bias towards ones or towards zeros.
>
> It has been suggested (and implemented by Intel) that a Von Neumann
> compensator (0 followed by 1 = 1, 1 followed by 0 = 0. 1 followed
> by 1 or 0 followed by 0 = ignored)would remove the bias.
>
> I recently heard of another method: measure the time between a pair
> ov events, then do it again. If the first time measurement is longer,
> call it a one. If the second time measurement is longer, call it a
> zero. Would this be a better scheme than the Von Neumann compensator?
>
>
------------------------------
Reply-To: "Alex Chartier" <[EMAIL PROTECTED]>
From: "Alex Chartier" <[EMAIL PROTECTED]>
Subject: Re: Encryption of fax
Date: Tue, 14 Mar 2000 13:13:15 -0500
My company is in the fax encryption business so take that into consideration
when reading my answers..
To reply please remove no_spam_ from address.
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> 1. Are there specific features ('structure' etc.) of fax that could
> lead to (practically significant) advantages of the opponent,
> when fax is encrypted (as compared to pure common ASCII texts)?
As mentioned by a previous poster, the volume of information in a
transmitted fax is significantly higher than that in an e-mail message. The
data on the page is rasterized and then sent as bits, and in general only
the dark bits are sent. All fax machines will add some padding to the lines,
some more than others (one example is winfax versus msfax, msfax sent a
blank page in 4K bytes while Winfax sent 40KB). This tends to help 'hide"
the data.
The protocol however for fax transmissions is well documented and easily
intercepted. Part of the protocol even identifies the type of fax machine at
either end. Most encryption products only encrypt the payload and not the
protocol headers so much information can be obtained even if the source
document is hidden. This is why we set up a data connection between each
unit and tunnel both the protocol and payload.
>
> 2. If a message is handwritten and faxed, does it have advantages
> or disadvantages compared to e-mailing the same message in
> respect of security resulting from using the same encryption
> algorithm (i.e. we neglect issues of transmission cost, etc.)?
No comments on this one. A fax treats a handwritten document no different to
a typed document.
>
> Many thanks in advance.
>
Hope this helped somewhat.
> M. K. Shen
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Improvement on Von Neumann compensator?
Date: Tue, 14 Mar 2000 12:14:27 -0600
Guy Macon wrote:
>
> Recently we had a discussion about turning certain time related physical
> effects that are believed to have a random component (time between zero
> crossings of a thermal noise source, time between radioactive decay
> events) into a string of ones and zeros without (if possible) adding bias.
>
> Now if I latch the output of a free running oscillator that has lots of
> cycles between the random events, I will get somewhat random data, but
> I am counting on a perfgect 50/50 duty cycle and a perfect 50% threshhold.
> Otherwise I get a bias towards ones or towards zeros.
>
> It has been suggested (and implemented by Intel) that a Von Neumann
> compensator (0 followed by 1 = 1, 1 followed by 0 = 0. 1 followed
> by 1 or 0 followed by 0 = ignored)would remove the bias.
>
> I recently heard of another method: measure the time between a pair
> ov events, then do it again. If the first time measurement is longer,
> call it a one. If the second time measurement is longer, call it a
> zero. Would this be a better scheme than the Von Neumann compensator?
Assuming the time between events is random, that will work. If the time
between events is not random, but biased somehow, it won't. The reason
is
you don't "ignore" anything. The Von Neumann method will stop sending
output if the system locks up and this proposal won't. So it's
definitly
not better.
If you know what the random signal is, you can "subtract off" the
non-random
signals. One way to do this is to integrate. As long as the non-random
signals are sinisoidal, their integral will be zero. Ritter has a huge
bibliography on this, and a lot of other stuff as well.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: Cyber Patrol 4 reversed
Date: Tue, 14 Mar 2000 11:22:56 -0700
It's all there as far as I can tell. Click your refresh button, it should
show up.
Perhaps you have some censoring software running ?? :--))
This is an excellent article, by the way.
JK http://www.crak.com Password Recovery Software
Raphael Phan Chung Wei <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> It seems the article is not complete? up to Chapter 4 only
>
> [EMAIL PROTECTED] wrote:
>
> > [Note: this article may be especially of interest to sci.crypt readers
> > because it includes a description, on a simple level, of how to reverse
> > the CRC32 algorithm. That's a topic that was recently discussed here.]
> >
> > March 11, 2000 - ANNOUNCEMENT
> >
> > Cyber Patrol(R) 4, a "censorware" product intended to prevent users from
> > accessing undesirable Internet content, has been reverse engineered by
> > youth rights activists Eddy L O Jansson and Matthew Skala. A detailed
> > report of their findings, titled "The Breaking of Cyber Patrol(R) 4",
with
> > commentary on the reverse engineering process and cryptographic attacks
> > against the product's authentication system, has been posted on the
World
> > Wide Web at this address:
> >
> > http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html
> >
> > The abstract of the report:
> >
> > Several attacks are presented on the "sophisticated anti-hacker
> > security" features of Cyber Patrol(R) 4, a "censorware" product
intended
> > to prevent users from accessing Internet content considered harmful.
> > Motivations, tools, and methods are discussed for reverse engineering
> > in general and reverse engineering of censorware in particular. The
> > encryption of the configuration and data files is reversed, as are
the
> > password hash functions. File formats are documented, with
commentary.
> > Excerpts from the list of blocked sites are presented and commented
> > upon. A package of source code and binaries implementing the attacks
> > is included.
> >
> > Eddy L O Jansson
> > [EMAIL PROTECTED]
> > http://hem.passagen.se/eddy1/index.html
> >
> > Matthew Skala
> > [EMAIL PROTECTED]
> > http://www.islandnet.com/~mskala/
> > --
> > Matthew Skala "Ha!" said God, "I've got Jon
Postel!"
> > [EMAIL PROTECTED] "Yes," said the Devil, "but *I've*
got
> > http://www.islandnet.com/~mskala/ all the sysadmins!"
>
> --
> Regards,
>
> Raphael Phan
> Faculty of Engineering
> Cyberjaya Campus
> Multimedia University
> +603-83125314
>
>
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: how to introduce hs students to cryptography
Date: Tue, 14 Mar 2000 18:21:55 GMT
On Tue, 14 Mar 2000 15:26:14 GMT, [EMAIL PROTECTED] wrote:
>I want to design one or two lessons for 12th grade students majoring in
>computer science, that will introduce them to the basic concepts,
>problems, and ideas of cryptography. The activity can include anything
>from a computer lab session to group activity or perhaps even a
>cryptosystem competition of some sort.
>If you have any creative, engaging, interesting ideas please share them
>with me. Where would you start? what do you think is most important?
>what should my goals be?
I teach part of an INFOSEC course to professionals and oversee other
parts of the course. Typically, we have one math-lover in a class of
35. In that experience, we have not had good luck by starting with
algorithms and have had especially bad luck starting with lots of
number theory, least for 34 of the 35 students.
We have had good luck starting with the "what do you do with it"
approach. For 12th graders, some spy-versus-spy or hacker scenarios
would whet their interest. From there, you can talk about counter
measures and how you accomplish the task of protecting things.
Algorithms and math can be introduced as you go along. For non-math
types, we have found that the math is much better taught if the class
a) already knows what the application is and b) gets fed number theory
in a series of small spoon fulls.
Keep in mind that the advice you get in a newsgroup like sci.crypt is
from people who love this stuff and/or live in this world every day.
It is not easy to present something that is an integral part of your
life to someone who has never thought about any of this stuff. Put
yourself in your students' place and then ask yourself how you would
like to be taught in a meaningful manner. Start with something they
either know or would be interested in and build on that base to take
them into new areas. Most people, including most students, just don't
think in the abstract, like mathmaticians do.
I have worked examples of Diffie-Hellman and RSA that can be done on a
4-function calculator. These have been very helpful in teaching the
number theory associated with finite field math, these algorithms,
Chinese Remainder Theorem and Montgomery multiplication. I posted the
RSA example in this news group a while back. Let me know if you would
like me to email you a copy.
doug
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Random permutations
Reply-To: [EMAIL PROTECTED]
Date: Tue, 14 Mar 2000 18:52:25 GMT
On Mon, 13 Mar 2000 18:40:36 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Scott Nelson wrote:
>>
>
>> Number of keys are almost always powers of 2.
>> Number of permutations are always N!.
>> Therefore, theoretically, the quality would be lower,
>> since all permutations can not be equi-probable.
>> But compared with other problems (such as the probability
>> of the code being improperly written) this bias is
>> insignificant.
>
>I am afraid that I don't yet quite understand your argument.
>Could you please illustrate with a very tiny example? Thanks.
>
Consider the 3 element list {1, 2, 3}.
There are 3! = 6 possible permutations:
{1, 2, 3} {1, 3, 2} {2, 1, 3} {2, 3, 1} {3, 1, 2} {3, 2, 1}
Now consider a RNG with a 4 bit seed.
It generates 2^4 = 16 possible sequences.
Each sequence will map to one of the permutations.
But 6 doesn't divide 16 evenly, so at best,
some of the permutations will happen 2 times, and some 3.
For a 10 element array and a 64 bit seed, this is
less than 1 part per 5,000,000,000,000 so it's
far below other sources of potential error.
Scott Nelson <[EMAIL PROTECTED]>
- Don't forget to vote on sci.crypt.random-numbers
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Universal Language
Date: Tue, 14 Mar 2000 14:00:05 -0500
Richard Herring wrote:
>
> In article <[EMAIL PROTECTED]>, Mok-Kong Shen
>([EMAIL PROTECTED]) wrote:
> > >
> > I suppose in most languages adjectives generally precede the nouns
>
> I wouldn't like to have to defend that as a general principle ;-)
Nor I.
Word order varies dramatically. Adjectives before or after,
object after the verb or before it, and so on. Linguists can
tell you about this stuff. I have no idea which adjective pattern
is more common.
There are some oddball word order patterns around: most languages
are either SVO (subject verb object, e.g., English) or SOV (subject
object verb, e.g., Latin). There's at least one language that's
OVS (object verb subject) which is bound to be very confusing until
you get used to it...
paul
--
!-----------------------------------------------------------------------
! Paul Koning, NI1D, D-20853
! Lucent Corporation, 50 Nagog Park, Acton, MA 01720, USA
! phone: +1 978 263 0060 ext 115, fax: +1 978 263 8386
! email: [EMAIL PROTECTED]
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "A system of licensing and registration is the perfect device to deny
! gun ownership to the bourgeoisie."
! -- Vladimir Ilyich Lenin
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
