Cryptography-Digest Digest #367, Volume #11 Sun, 19 Mar 00 23:13:01 EST
Contents:
Re: new Echelon article (JimD)
Re: new Echelon article (JimD)
generating secure id numbers ([EMAIL PROTECTED])
DES Decryption Problem ("Chuah Seong Ping")
Re: Factorization ("Screech")
Password Safe - Did Bruce Schneier ever come through? (Yerk Minola)
Re: Persistent vs Non-Per DH for Voice ("[EMAIL PROTECTED]")
Re: new Echelon article (Mok-Kong Shen)
Re: Q: Voice encryption ("[EMAIL PROTECTED]")
Re: Password Safe - Did Bruce Schneier ever come through? (jungle)
Re: Factorization ("Scott Fluhrer")
Re: KDC + secret key == public key? ("Lyalc")
Re: Special One way function ("Scott Fluhrer")
Re: DES Decryption Problem (James Muir)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,talk.politics.crypto,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Reply-To: JimD
Date: Sun, 19 Mar 2000 22:11:14 GMT
On Sat, 18 Mar 2000 15:54:27 -0600, "Andy Culp" <[EMAIL PROTECTED]> wrote:
>>New focus to justify their existence post Cold-War, and it helps
>>to maintain the funding.
>>
>I think that makes perfect sense, why would the government have them if they
>weren't worth their money? The NSA obviously has to do something useful or
>all of the billions of dollars in funding would be put somewhere else.
Right. And the EU countries should put their own houses in order
before they complain about others. Glass houses and throwing stones,
along with double-standards comes to mind here.
--
Jim Dunnett.
dynastic at cwcom.net
Exiled in Somerset
Right at the heart of England's BSE Industry.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,talk.politics.crypto,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Reply-To: JimD
Date: Sun, 19 Mar 2000 22:11:15 GMT
On Sun, 19 Mar 2000 01:54:12 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>JimD wrote:
>> Well of course they do! Isn't '...the economic well-being of the
>> United States.' part of the NSA's mission statement?
>
>No.
I'm surprised.
>However, they *have* been tasked with helping protect the
>"information infrastructure", which is a legitimate national
>security interest that happens to contribute to our economic
>well-being as well as being of importance for other reasons.
Isn't that just a roundabout way of expressing 'the economic well-
being of the USA'?
--
Jim Dunnett.
dynastic at cwcom.net
Exiled in Somerset
Right at the heart of England's BSE Industry.
------------------------------
From: [EMAIL PROTECTED]
Subject: generating secure id numbers
Date: Sun, 19 Mar 2000 22:51:38 GMT
Hi all,
hope this is the right place to post. if not,
sorry, please point me in the right direction.
I want to generate a secure id based system
containing unique identifiers for people yet
generated in such a way that they would be
particularly difficult to guess.
Can I use a random number generator with a key
and hash these to give encrypted id's ???
Hope someone can help, i'm new to all this.
thanks,
Gareth
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Chuah Seong Ping" <[EMAIL PROTECTED]>
Subject: DES Decryption Problem
Date: Mon, 20 Mar 2000 09:12:31 +0800
Dear Sir,
I have some problem to ask you sir.
Can you help me to check for me the algorithm for DES Decryption as below
(picked from an article written by Matthew Fischer)
Decipherment:
R[16]L[16] = IP(cipher block)
for 1<= i <= 16
R[i-1] = L[i]
L[i-1] = R[i] xor f(L[i],K[i])
plain block = FP(L[0]R[0])
I have try to reverse the order of key and right shifted the key with the
number of position shifted from {1,2,2,2......1,1}.But I still can not get
back my plaintext.
Should I reverse the order of Expansion permutation,Substitution Box,Intial
permutation,Inverse pemutation,PC1,PC2 for key?
I had refer a lot of book on cryptography include Applied Cryptography by
Bruce Schneier.There is no book shows the decryption algorithm for DES.Many
of them just told the reader "Use the same function or algorithm for
decyption with the order of keys are reverse".
I am here attached my source code in Java for your reference.
I hope you are my last hope person can help me to solve this.
I here thanking you in advanced and hope to get your reply as soon as
possible
------------------------------
From: "Screech" <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Sun, 19 Mar 2000 21:40:51 -0000
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
I am an A Level Maths Student and I am posting because I am wondering
how these programs can determine the factors that made up the number.
To generate the number did a program just pick two random numbers of
a certain size and then multiply them together or is there some other
way of doing this?
How can this be considered safe in encryption if the numbers used are
so big, does this not mean that there is only one set of factors that
can produce this number?
Screech
Remove NOSPAM to send me mail
Email [EMAIL PROTECTED]
PGP Key http://www.krash.f9.co.uk/screech.asc
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQA/AwUBONVJYZ8JjIFVMHu1EQLJpACfT4JmdfLYGBU6XltNT1ZXTn2mrXgAoNwt
lhxvhXJm4MRKzd9FIWHhugmY
=OmxA
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Yerk Minola)
Subject: Password Safe - Did Bruce Schneier ever come through?
Date: Mon, 20 Mar 2000 02:02:04 GMT
Remember all the controversy about Password Safe from Counterpane Systems?
There was no source code available and we all wondered why, especially with
Bruce Schneier advocating published source code for cryptographic software.
There was quite a long thread about it and Bruce Schneier eventually
answered with this:
==============================================================
From: [EMAIL PROTECTED] (Bruce Schneier)
Newsgroups: sci.crypt
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Message-ID: <[EMAIL PROTECTED]>
References: <7va359$6um$[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<oE7T3.2615$[EMAIL PROTECTED]>
Lines: 15
Date: Mon, 08 Nov 1999 21:47:04 GMT
NNTP-Posting-Host: 209.98.143.205
NNTP-Posting-Date: Mon, 08 Nov 1999 15:49:03 CST
Sorry. I was in Singapore, and away from news.
Indeed, PasswordSafe should be open source. And it will.
Right now I am trying to put together a team to code PasswordSafe 2.0.
There are a number of bug fixes, improvements, tweaks, etc, that need
to be incorporated into the code. PasswordSafe 2.0 will be entirely
open source.
Cheers,
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
==============================================================
Well, it's been over four months now and the web site still displays that
same promise.
>From <http://www.counterpane.com/passsafe.html>:
>[NEW] Version 2.0 of Password Safe will be open source. We will provide
>details and dates as soon as we have them.
Has anyone heard anything more about this? Maybe he thought we'd just
forget about it.
--
"Yerk Minola" is actually 4531 690872 <[EMAIL PROTECTED]>.
0123 456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Persistent vs Non-Per DH for Voice
Date: Sun, 19 Mar 2000 21:20:38 +0000
Reply-To: [EMAIL PROTECTED]
See the web site www.L-3com.com/privatel for an example. It uses DH to
establish the session key for 3-DES encryption of the vocoded voice. MITM
is prevented by displaying a key fingerprint to each user. The users then
verbally verify to each other that the key fingerprint their unit displays
match the other parties.
Frank
[EMAIL PROTECTED] wrote:
> > Not widely, but it's used in some secure phones. Doing a MITM with RF
> > in real time is pretty hard.
> >
>
> Which secure phones are you refering to?
>
> Not many that use DH and symetric ciphers.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,talk.politics.crypto,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Date: Sun, 19 Mar 2000 22:00:31 +0100
John Savard wrote:
>
> Spying on honest businessmen in our allied democratic neighbors for
> the purpose of stealing from them is neither honest nor advisable, and
> hence I tend to believe the NSA's denials, because I think they and
> the U.S. government would be crazy to get involved in this sort of
> thing.
A government is run by the politicians, isn't it? So you are convinced
that the moral of the politicians is always impecable, aren't you? I
know too little about politicians in the US. Maybe they are indeed all
gentlemen without a single exception, as your sentences above seem
to suggest. At least in Germany, where I am living in, however, the
situation is definitely not so. One of the big political party
together with an Ex-chancellor have recently been occupying the news
headlines since quite a time. I saw sometime ago that the front page
of an issue of the magazine Time had to do with that affair. So I
suppose that you might also be familiar with part of that. Perhaps
you get also some news from TV about that. If the politicians in
the US are really all honourable people with the highest moral
standards, please kindly tell me so. For in that case I would try
to see whether I could eventually emigrate there and live in a
substantially better world than here in Europe.
M. K. Shen
------------------------------
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Q: Voice encryption
Date: Sun, 19 Mar 2000 21:52:59 +0000
Reply-To: [EMAIL PROTECTED]
See www.L-3com.com/privatel for a voice encryption product that uses 3-DES. It
uses a toll-quality vocoder (voice coder) to compress the user speech into a 8kbps
stream of 20 msec packets, then encrypts the 20 msec packets using 3-DES in OFB
mode. The resulting ciphertext is then conveyed over the phone lines using a V.32
modem.
Frank
Mok-Kong Shen wrote:
> JimD wrote:
> >
>
> > Digital ciphony gives better quality and is much more secure, given
> > that the (stream) cipher it uses is well designed, and provided that
> > you have the bandwidth to transmit it.
> >
> > Analogue ciphony depends on splitting the audio bandwidth into
> > discrete bands and transposing these bands within the telephone
> > bandwidth according to a key. There are other schemes. See Kahn,
> > 'The Codebreakers' for an interesting examination of analogue ciphony.
>
> I like to know whether there are reasons against using both
> techniques simultaneously.
>
> > Digital ciphony samples the amplitude of the analogue audio waveform
> > at a high rate (8 kHz or more) and converts these samples to a binary value.
> > The binary output can then be XOR-ed with a key stream to produce a
> > pseudo-random cipher output. The process is reversed at the receiving
> > end: cipher stream is XOR-ed with the identical key stream to reproduce
> > the deciphered digital samples, which then go through a digital to
> > analogue converter to end up as (hopefully!) the original audio.
> >
> > There is a third type: a vocoder, but that's another story.
>
> Is it possible to use e.g. DES to encrypt voice?
>
> M. K. Shen
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Password Safe - Did Bruce Schneier ever come through?
Date: Mon, 20 Mar 2000 03:05:38 GMT
Password Safe from Counterpane Systems could be SNAKE OIL ...
why ?
there is no need to rewrite old code from established program before publishing
it ...
Yerk Minola wrote:
>
> Remember all the controversy about Password Safe from Counterpane Systems?
> There was no source code available and we all wondered why, especially with
> Bruce Schneier advocating published source code for cryptographic software.
> There was quite a long thread about it and Bruce Schneier eventually
> answered with this:
==============
> Sorry. I was in Singapore, and away from news.
==============
> Well, it's been over four months now and the web site still displays that
> same promise.
==============
> Has anyone heard anything more about this? Maybe he thought we'd just
> forget about it.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Factorization
Date: Sun, 19 Mar 2000 18:58:00 -0800
Screech <[EMAIL PROTECTED]> wrote in message
news:nAfB4.1856$Dd2.111746@stones...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am an A Level Maths Student and I am posting because I am wondering
> how these programs can determine the factors that made up the number.
>
> To generate the number did a program just pick two random numbers of
> a certain size and then multiply them together or is there some other
> way of doing this?
You essentially have it, except you need to make sure that the random
numbers you picked are prime. If you are interested in how to you would
determine if such large numbers are prime, I suggest you start by getting
acquainted with Fermat's Little Theorem[1], and then proceed onto the
Miller-Rabin probabilistic primality test algorithm.
>
> How can this be considered safe in encryption if the numbers used are
> so big, does this not mean that there is only one set of factors that
> can produce this number?
The integers is a Unique Factorization Domain, which is a fancy way of
saying that any integer can be factored into primes in essentially one way.
So, if you know the prime factorization of a number (in this case by
construction: you took two primes and multiplied them together), then you
know that there is no other ways to factor that number into primes. The
size of the number doesn't matter to this property.
[1] Not to be confused with Fermat's Last Theorem, which Fermat never proved
--
poncho
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: KDC + secret key == public key?
Date: Mon, 20 Mar 2000 14:13:17 +1100
If one changes the terminology away from 'digital signature" and instead
applies "electronic signature" a-al UNCITRAL model law, then yes, it is
perfectly valid to accept symmetric keys data as a form of signature.
Of course, this already occurs millions of times per day - ATM's and
PIN-based debit transactions already a large degree of legal acceptance.
So, PK is nothing much new in this context.
Lyal
Don Davis wrote in message ...
>
>> could one use a Kerberos variant to get digital signatures and
>> PK encryption with a symmetric algorithm?
>
>hello, mr. hranicky,
>
> i explored your idea in some detail some ten years ago,
>when i worked on kerberos at project athena. strictly
>speaking, the short answer to your question is "no": what
>you're describing is called a message relay, or sometimes
>a notarization service. a digital signature has a crucial
>difference: non-repudiation. by sharing your messages with
>the KDC, you make non-repudiation impossible; non-repudi-
>ation is the defining property of a digital signature per se.
>
> that said, there is a close parallel between public-key
>certificates and kerberos' use of the ticket-granting ticket,
>just as you describe. this analogy is not superficial, but
>underlies much of the in the way the kerberos protocol works.
>the analogy is most evident in kerberos V5's user-to-user
>protocol, which ralph swick and i designed. i must confess
>that i didn't understand the public-key analogy, when i was
>working on u2u; it was roger needham (cambridge u., uk) who
>later told me, during a visit to athena in the late 1980's,
>that our u2u protocol was equivalent to a notion of "private-
>key certificates". he suggested we should write a paper
>about this idea of doing public-key-style stuff with symmetric
>keys, even though we ourselves hadn't realized that we'd _had_
>the idea. here is the paper we wrote:
>
> D. Davis and R. Swick, "Network Security via Private-Key
> Certificates," USENIX 3rd Security Symposium Proceedings,
> (Baltimore; Sept. '92). Also in ACM Operating Systems Review,
> v.24, #4 (Oct. 1990).
> http://world.std.com/~dtd/relay/relay.PS (58 Kbytes)
>
> Abstract: We present some practical security protocols
> that use private-key encryption in the public-key style.
> Our system combines a new notion of private-key certificates,
> a simple key-translation protocol, and key-distribution.
> These certificates can be administered and used much as
> public-key certificates are, so that users can communicate
> securely while sharing neither an encryption key nor a
> network connection.
>
>our paper addressed many of the points you make, and some
>others besides. note that at that time, in the late '80's,
>DES was commonly called a "private-key cipher", instead of
>a "symmetric-key cipher", as we say nowadays. today, i
>would of course title the paper, "network security via
>symmetric-key certificates."
>
>> I was goofing around with the gss-sample program in the stock MIT
>> Kerberos distribution and noticed that the GSSAPI protocol appears
>> to have support for some kind of signature.
>
> only public-key implementations of GSSAPI support digital
>signatures. GSSAPI does not support any variation of our
>"symmetric-key certs" idea, though a microsoft engineer has
>written an internet draft about adding to the gssapi some
>support for krbV5's user2user protocol.
>
> - don davis
> former athena staff
> boston, ma
>
>
>
>
>
>
>-
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Special One way function
Date: Sun, 19 Mar 2000 19:09:06 -0800
James Felling <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tim Tyler wrote:
>
> > Andru Luvisi <[EMAIL PROTECTED]> wrote:
> > : [EMAIL PROTECTED] writes:
> >
> > :> I am looking for a one way function f that has the
> > :> following properties:
> > :>
> > :> f f f f f f
> > :> A1 ---> A2 --->A3 ---> A4 ---> A5 --->... ---> An
> > :>
> > :> where Ai=f(Ai-1).
> > :>
> > :> Assume the computation cost of f is C, then
> > :> generally caculating An from A1 needs a cost of
> > :> O(n). Is there any special kind of one way
> > :> function that can reduce this cost to O(1) or
> > :> O(log(n)).
> >
> >
>
> let f(Ai) = Ai ^ e mod M where e is an intreger >= 2, and M is the product
of
> two large primes. This is 1-way if M has not been factored and , and An=
> A1^(e*n) mod M.
You mean: An = A1^(e^(n-1)) mod M
>
> Mind you there are some implementation issues here, such as A1=1 or A1=0,
and
> small e's but they can be worked around by restricting the selection of A1
to
> a certian range, and requiring that e be sulficiently large.
I'm not quite sure that will meet the requirements the OP is looking for:
An = A1 ^ ((e-1)^n) mod M
computed in the obvious manner takes O(n) time. It can be computed quickly
if you know the factorization of M, as in:
An = A1 ^ ((e-1)^n mod phi(M)) mod M
(knowledge of phi(M) is equivilant to knowledge of the factorization of M),
but I believe the OP wants a one-way function that can be quickly computed
iteratively by anyone, not just someone who can compute inverses.
--
poncho
------------------------------
From: James Muir <[EMAIL PROTECTED]>
Subject: Re: DES Decryption Problem
Date: Mon, 20 Mar 2000 03:50:55 GMT
In article <[EMAIL PROTECTED]>,
"Chuah Seong Ping" <[EMAIL PROTECTED]> wrote:
> Dear Sir,
> I have some problem to ask you sir.
> Can you help me to check for me the algorithm for DES Decryption as
below
> (picked from an article written by Matthew Fischer)
> Decipherment:
> R[16]L[16] = IP(cipher block)
> for 1<= i <= 16
> R[i-1] = L[i]
> ****L[i-1] = R[i] xor f(L[i],K[i])*****
> plain block = FP(L[0]R[0])
Try:
L[i-1] = R[i] xor f(R[i-1],K[16-i+1])
You should validate your DES implementation against some test vectors.
If encryption works properly then decryption should work fine.
There is a good article on DES in the current edition of "Notices of
the AMS":
www.ams.org/notices
-James
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
