Cryptography-Digest Digest #360, Volume #11 Sat, 18 Mar 00 15:13:01 EST
Contents:
Cracking Excel document ("Bob")
Re: NIST, AES at RSA conference (John Savard)
Re: Quantum crypto and the name of god (John Savard)
Re: 64-bit Permutations (John Savard)
Re: recognizing English text ("Amical")
Re: Card shuffling (Mok-Kong Shen)
Re: Card shuffling (Jim Reeds)
Re: DNA steganography (Mok-Kong Shen)
Re: NIST, AES at RSA conference (Mok-Kong Shen)
Re: Card shuffling (Mok-Kong Shen)
Re: SALT with RC4, where do I store the SALT? (Johnny Bravo)
Re: EOF in cipher??? (Jerry Coffin)
Re: SALT with RC4, where do I store the SALT? (Bill Unruh)
Re: Card shuffling (NFN NMI L.)
Re: Card shuffling (Jim Reeds)
Re: linux's /dev/random (Lincoln Yeoh)
Re: 64-bit Permutations ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "Bob" <[EMAIL PROTECTED]>
Subject: Cracking Excel document
Date: Sat, 18 Mar 2000 16:25:16 GMT
Does anyone know of a guranteed method/service/software (besides
pwcrack.com) to crack an Excel 97/2000 password protected document? I know
there is brute force, but for long passwords that is unreasonable.
Something that searches the key space is what I'm looking for. Thanks.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: NIST, AES at RSA conference
Date: Sat, 18 Mar 2000 16:05:50 GMT
On Sat, 18 Mar 2000 09:28:09 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>I didn't say the conclusion wasn't true, just that
>it didn't follow from the premises.
I will certainly add my agreement to the truth of the statement "'The
Nazis did it' does not necessarily imply 'Clinton could do it'". Even
if I am not fond of all his policies, let's keep a sense of
perspective here!
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Quantum crypto and the name of god
Date: Sat, 18 Mar 2000 16:10:32 GMT
On Sat, 18 Mar 2000 12:15:12 GMT, ca314159 <[EMAIL PROTECTED]>
wrote, in part:
> Small potatoes considering the Kabbalists have been waiting
> millenia for the quantum computer to run through the permutations
> of the Torah for the name of god.
> But we also know, right at the moment of critical read-out,
> the Vogons destroy the Earth to make room for a Dilbert-space
> bypass.
You're probably thinking of an old Arthur C. Clarke short story (The
Nine Billion Names of God) in addition to Douglas Adams' famous
oeuvre. And the pun on Hilbert...
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: 64-bit Permutations
Date: Sat, 18 Mar 2000 16:13:34 GMT
On 18 Mar 2000 12:46:39 GMT, [EMAIL PROTECTED] wrote, in
part:
>In fact, if you say that bits are permuted there are strictly speaking only
>two possible maps: The identity ((0 1) -> (0 1)) and NOT ((0 1) -> (1 0)).
If one is familiar with the literature in a particular field, then one
knows how words are used in that field...and here, permutation means
the bits are moved, not changed, which is substitution. Note the terms
"P-box" and "S-box" in the definition of DES, and the early Scientific
American article about LUCIFER which hearkened back to Claude
Shannon's paper...
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: "Amical" <[EMAIL PROTECTED]>
Subject: Re: recognizing English text
Date: Sat, 18 Mar 2000 16:39:35 GMT
a practical method:
1 - make a table of frequencies of trigrams
2 - remplace each value by log(value)
3 - scan all the trigrams in the text to analyse
4 - sum the values of the trigrams found
the resulting sum is tied to the probability that
the text is an english one
explanations in "Elementary cryptanalysis", A. Sinkov
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Sat, 18 Mar 2000 18:15:15 +0100
Douglas A. Gwyn wrote:
>
> Mok-Kong Shen wrote:
> > Does there exist any objective means to determine (or help to
> > determine) the relative quality of shuffling or is one left to
> > rely on pure subjectivity in deciding on that issue?
> > ...
> > I am aware that there is lot of fuzziness in my questions. But
> > perhaps we could nonetheless have some discussions. (There exist
> > mathematical works on card shuffling based on a certain defined
> > way of 'perfect shuffling'. I am interested however in shuffling
> > done by humans, which almost always have deviations from that.)
> Indeed, perfect shuffling, such as is reportedly actually performed
> by Brent Morris, has been thoroughly studied (by Morris and others).
> We had a discussion about that not very long ago.
>
> In shuffling for a game of chance, one does not *want* perfect
> shuffling. What is wanted is a random permutation; that is not
> hard to formally describe. Any *measure* of randomness is
> necessarily statistical, because a truly random process can on
> occasion produce a highly ordered result.
I agree. However, it seems that the problem is thereby only 'shifted'
a bit. The new problem is now how to 'measure' randomness and that
involves further the (difficult) problem of defining 'randomness'.
Of course, we want something that is 'practical' not the stuffs of
the pedantic people who demand (absolute) perfectness. But I am
yet ignorant of anything that could be useful in that direction.
> As to how thoroughly people shuffle in practice, that can only
> be determined empirically, for example by starting with a
> totally ordered deck and testing the result of the shuffle
> (which normally consists of numerous passes over the deck).
> I think the most interesting information would come from just
> looking at the position of the original top or bottom card,
> since those are the cards most likely not to get shuffled
> very well into the body of the deck. I'm sure somebody has
> already performed the experiment.
If we can have a 'measure' of randomness, then we could determine
how well a deck gets shuffled, I suppose. At least we can then
say that one deck is better shuffled than the other. So the central
problem is to obtain such a 'measure'. Does anyone have suggestions?
(We could discuss even if the proposed ideas are initially not fully
concretized.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Card shuffling
Date: Sat, 18 Mar 2000 17:20:46 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
writes:
...
|>
|> If one let a card deck be processed through a number of successive
|> inferior quality shuffling, it seems plausible that the result
|> will asymptotically approach perfectness. Is it possible to
|> say something more than simply the fact that near perfectness
|> will ultimately be reached without knowing how fast the limit
|> is being approached?
...
There is the Shannon-Gilbert-Reeds model, known to be an optimistic
description of the way people actually riffle shuffle, but amenable
to mathematical analysis. It is a probabalistic model, that is,
allows for the cards randomly interleaving as they are riffled.
Hence it is not at all the magician's non random "perfect shuffle".
It is inaccurate in this way: naive shufflers (like myself) let
the cards clump up more than they should, as blocks of 5 or 10 (even)
stay together, especially towards the ends of the deck. I think
it SGR a pretty good model of the way expert card players riffle,
however.
The good thing about this model is that we can quantify how long it
takes successive SGR riffles to effectively mix up the deck. The
very short story (my contribution to the theory): the second-top
eigenvalue is 1/2, so after a while each further SGR riffle cuts
the deviation from flat random in half. The standard paper is by
P. Diaconis and D. Bayer, Tracking the dovetail shuffle to its lair,
Ann. Appl. Prob., vol. 2, 294-313.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: DNA steganography
Date: Sat, 18 Mar 2000 18:57:54 +0100
Quisquater wrote:
>
> years to win the top prize. Viviana studied steganography, a data
> encryption
> technique that embeds secret messages within large amounts of seemingly
> innocent information. She encrypted the message, "JUNE6_INVASION:
> NORMANDY," inserted it in the gene sequence of a DNA-strand, and flanked
> it by two secret "primer" DNA sequences. Then she combined the molecule
> with many other similar molecules. The hidden message could be retrieved
> only by someone knowing the two secret primer sequences - the keys to
> the
> code. Because the pair of primers provides a trillion trillion options,
> she
> concludes that the code is essentially unbreakable. First in her class,
In the classical cryptography there is the simple grille. If we
use a very huge grille where almost all places are nulls, i.e. the
information-carrying bits are embedded in a (secret) order in
virtually a sea of random bits, I wonder how easy it is for the
analyst to attack that. (The grille can be defined through a key.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NIST, AES at RSA conference
Date: Sat, 18 Mar 2000 18:57:59 +0100
Douglas A. Gwyn wrote:
>
> "SCOTT19U.ZIP_GUY" wrote:
> > Yes it is a different time. Now is a time when even most
> > of the world knows we are corrupt. Our justice system is far
> > more corrupt know than any time in the past. We have Clinton
> > to thank for that. He has done more than any other president
> > in history to destroy the honor of the country. The sad part
> > is that he is to stupid to understand the long term damage he
> > has done to the country.
>
> That may well be true, but it is a different argument than
> the extrapolation from the distant past that Mok-Kong Shen
> used. I didn't say the conclusion wasn't true, just that
> it didn't follow from the premises.
Evidently one could hardly (rigorously) apply mathematical logic
to do deduction in political events. What one can do is plausibility
arguments only. What was possible in certain given situations in a
political or social system decades or centuries ago is highly
probably remaining possible today, unless essential changes (that
are relevant to the situation in question) in that system have
taken place.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Card shuffling
Date: Sat, 18 Mar 2000 19:07:03 +0100
Jim Reeds wrote:
>
> The good thing about this model is that we can quantify how long it
> takes successive SGR riffles to effectively mix up the deck. The
> very short story (my contribution to the theory): the second-top
> eigenvalue is 1/2, so after a while each further SGR riffle cuts
> the deviation from flat random in half. The standard paper is by
> P. Diaconis and D. Bayer, Tracking the dovetail shuffle to its lair,
> Ann. Appl. Prob., vol. 2, 294-313.
Many thanks. I'll try to get that paper from the library, if the
journal is available there. Meanwhile I should appreciate a short hint
of the meaning of 'effective mixing'? Is there a rigorous measure
of the 'effectivness'?
M. K. Shen
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: SALT with RC4, where do I store the SALT?
Date: Sat, 18 Mar 2000 13:01:23 -0500
On 18 Mar 2000 03:36:45 EST, [EMAIL PROTECTED] (Guy Macon) wrote:
>I am somehow missing the nuts and bolts here. Are you saying to:
>
>[1] add a bunch of random bytes at the start of your plaintext.
>
>[2] encrypt normally
>
>[3] decrypt normally
>
>[4] throw away the random bytes
>
>..or am I completely in the weeds?
That's it in a nutshell. The known weakness only affects the first
byte, so throwing away one would cover all known problems, throwing away
512 is just precaution, but it's a cheap precaution.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: EOF in cipher???
Date: Sat, 18 Mar 2000 11:31:46 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Jerry Coffin wrote:
> > > (There *are* several implementation-defined aspects of I/O, but
> > > most programs don't depend on them.)
> > I'm not convinced.
>
> I realize you're not convinced, but I'm one of the people who
> *write* the spec you are trying to interpret, and I'm telling
> you what I told you.
Yes, you say I'm coming to the wrong conclusion, but unwilling or
unable to point out a single error in either the facts I pointed out
or the reasoning that led from those facts to a conclusion.
You should remember that I'm in regular contact with quite a number
of members of the committee, and quite a few of them agree with me on
this point.
> But your attitude leads to a lack of care about such matters.
My belief is that the C standard (for example) is what it is. The
fact that (for example) a person helped write it doesn't mean that it
says one thing for you and another for me: in fact, the whole point
of having a standard is to have something we can all point at and
agree that C is what it says it is, and associated terms mean what it
says they mean.
With that given, if you want to say that my conclusion was incorrect,
it seems to me that there are exactly two possibilities: you can
point out where I got things wrong factually, or else you can point
out where my reasoning that led from those facts to a conclusion was
wrong. So far, instead of either one, you've simply said I'm wrong,
and I should just take your word for it because your position on the
committee makes you smarter, better informed, or something along that
line than I am. If you know something I (or anybody else looking on)
doesn't about the standard, please be so kind as to point out what it
is.
I guess in the end, my attitude is that I'm more than willing to be
educated about things that interest me, but I'm somewhat unwilling to
simply take somebody's word for something based only upon their
claiming to be an authority on the subject. Personally I consider
that a reasonable enough attitude that if it bothers you to the point
that you're unwilling to discuss things with me, so be it.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: SALT with RC4, where do I store the SALT?
Date: 18 Mar 2000 18:32:04 GMT
In <8avf6t$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Guy Macon) writes:
]>The suggestion is that you pretend encrypt or decrypt so many bytes of
]>ether, before beginning encryption or decryption of your data. The
]>reason is that the RC4 algorithm has been shown to have some
]>weaknesses in its key preparation routine. This action stirs up the
]>key state to get past that weakness.
RC4 works by you requesting a byte from rc4, it delivers a byte and you
then xor it with your message text and ask for the next byte. The
suggestion is that you ask for say 50 bytes to start with and just throw
them away. Then you start using them to encrypt your text. Obviously the
person at the other end had better do the same.
RC4_Setup(KEY);
for (i=0;i<50;i++) {RC4_Stream();}
for i=0;i<length(Message);i++)
{C[i]= M[i]^RC4_Stream();}
where Stream delivers a byte from RC4
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Card shuffling
Date: 18 Mar 2000 18:37:04 GMT
I'm no good at shuffling, so when I play cards, I do a different procedure. I
deal the cards out into X piles, and then stack the piles one onto another.
First I'll start with 2 piles, then 3, then 5, then 7, etc. Does _that_
increase randomness, or not?
S.T.L.
------------------------------
From: [EMAIL PROTECTED] (Jim Reeds)
Subject: Re: Card shuffling
Date: Sat, 18 Mar 2000 18:41:28 GMT
In article <[EMAIL PROTECTED]>, Mok-Kong Shen <[EMAIL PROTECTED]>
writes:
|> ... Meanwhile I should appreciate a short hint
|> of the meaning of 'effective mixing'? Is there a rigorous measure
|> of the 'effectivness'?
A given shuffling method repeated n times gives rise to a probablity
distribution on the space of permutations of the card deck. Call that
distribution P_n, so P_n(A) is the chance that the permutation you
get after n shuffles is one of the perms. in the set A. Let Q be the
uniform distribution on the same space. What we'd like is for P_n to
be close to Q. One measure of the discrepancy is called the "total
variation distance" between P_n and Q, namely the max over all A of
|P_n(A) - Q(A)|. It is not hard to see that this is the same as
one half the "L1" distance of P_n and Q, the sum over all permutations
x of |P_n({x}) - Q({x})|.
Suppose we play a betting game, where you think prob. law Q obtains,
but I know P_n does. For any proposed bet, P_n(A) - Q(A) is how much
our judgements differ, and if I'm right, then P_n(A) - Q(A) is how
much money I can make off of you per dollar bet, on average, by betting
that A will occur. Now I'm crafty & pick the most favorable A, from the
point of view of extracting money from you. That's the A in the definition
of TV distance, and that gives a "natural" interpretation of the numerical
values of the TV distance. If it is 2^-50 (say) then to exploit the
fact that P_n is not actually flat random, I will have to bet (invest)
2^50 dollars to expect to earn 1 dollar. Etc.
--
Jim Reeds, AT&T Labs - Research
Shannon Laboratory, Room C229, Building 103
180 Park Avenue, Florham Park, NJ 07932-0971, USA
[EMAIL PROTECTED], phone: +1 973 360 8414, fax: +1 973 360 8178
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: linux's /dev/random
Date: Sat, 18 Mar 2000 19:14:46 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 14 Mar 2000 20:04:48 GMT, [EMAIL PROTECTED] (Scott Nelson) wrote:
>This still might have problems, since we are likely
>to estimate more than 0 per key press, even though
>in the stuck keyboard case it probably should be 0.
But isn't a held down key a random event itself? So it should be worth at
least more than 0 ;).
If the autorepeat delay was very irregular then there could be a bit more
entropy to be squeezed out, but I guess that's unlikely.
Cheerio,
link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: 64-bit Permutations
Date: 18 Mar 2000 19:57:50 GMT
In a previous article, <[EMAIL PROTECTED]> writes:
[--cut--]
>If one is familiar with the literature in a particular field, then one
>knows how words are used in that field...
[--cut--]
And what is the field in question? When I recently read the Twofish paper I
encountered the term "GF" which "abstract algebraic" for a Galois Field. So
you can't possibly be arguing that it would be wrong to interpret
"permutation" in the abstract algebraic way.
>and here, permutation means
>the bits are moved, not changed, which is substitution. Note the terms
>"P-box" and "S-box" in the definition of DES, and the early Scientific
>American article about LUCIFER which hearkened back to Claude
>Shannon's paper...
You do realize that a permutation, in your sense, is the same as a
substitution, in your sense, of positions instead of values.
----- Posted via NewsOne.Net: Free Usenet News via the Web -----
----- http://newsone.net/ -- Discussions on every subject. -----
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
