Cryptography-Digest Digest #420, Volume #11 Sat, 25 Mar 00 17:13:01 EST
Contents:
Re: Concerning UK publishes "impossible" decryption law (Otto Sykora)
Re: what is a 2048 bit cipher? (Jerry Coffin)
Re: OAP-L3: Answer me these? (Mok-Kong Shen)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: OAP-L3: Answer me these? (Anthony Stephen Szopa)
Re: Download Random Number Generator from Ciphile Software (Boris Kazak)
OAP-L3: Who cares? No one's interested? (Anthony Stephen Szopa)
Re: http://www.cryptomat.com (JimD)
Method for time-altering keys ("RecilS")
Re: http://www.cryptomat.com (Nemo psj)
Re: OAP-L3: Answer me these? (Tim Tyler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Otto Sykora)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,alt.privacy
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Sat, 25 Mar 2000 18:12:40 -0001
Well it sound very scientific, this story abt EM , I dod not understand
thatt much abt it so I could argue it, but common sense tells me, that
if there was a small magnetic device used to create such data, then
similar size of magnet will destroy it as well. The samll electromagnet
placed in the recording head of a harddrive is apparently strong enough
to change the magnetic properties of the disk surface. The same or
stronger magnet will do the same. The erasing of o drive is a problem
apparently on because of mchanical insufficiencies, the head can not
be moved twice to exactly the same position and there fore it needs few
attempts so the track is wiped over its entire with.
--
Otto Sykora
Basel, Switzerland
[EMAIL PROTECTED] (ROT 13)
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: what is a 2048 bit cipher?
Date: Sat, 25 Mar 2000 11:17:51 -0700
In article <8bhohr$ng4$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
[ ... ]
> > Despite this, it's still basically overkill, and the dramatically
> > larger keys some people use are basically pointless as well.
>
> You must distinguish between symmetric and asymmetric ciphers though.
Oh, absolutely.
> Nevertheless the "mimimum size of a safe key" is very dependent on
> whether you're considering a symmetric cipher or an asymmetric cipher:
> an asymmetric cipher will require a key approximately 10 times larger
> to be safe.
Well -- for DH or RSA anyway. ECC requires somewhat larger keys than
a symmetric cipher, but not by nearly as large of a margin. With it,
double (or so) appears to be adequate unless somebody invents a
substantially better algorithm for ECDL.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sat, 25 Mar 2000 20:15:42 +0100
Anthony Stephen Szopa wrote:
>
> Why should anyone tell you anything. You haven't listened for,
> what is it now, over a year? And all you've had to do was read
> a few legal size length pages from the Help Files. You sound
> like a bum begging for money or a young child crying to have
> its mother feed it when it is old enough to feed itself.
>From what you wrote, I infer that people haven't put enough
energy to study your algorithm. Now an algorithm can be
described on different levels, either with minute details or
in abstracted forms that are more convenient for the readers
when they first approach your stuff. (Compare successive
refinements in top-down software design.) I like to recommend
that, if you want to have your algorithm be seriously studied
by many people, you should make the task of these as simple
(and hence as palatable) as possible through first providing
the most abstract form of your algorithm and subsequently the
more refined ones. That way, you are most likely to achieve
your goal of obtaining wide acceptance of your algorithm.
I assume that you have already laid open all details that are
necessary for others to examine. Otherwise there could be
troubles. Incidentally, a couple of years ago, Bruce Schneier
said that he was examining an encryption algorithm that is
patent-pending (and hence not public) under NDA and that he
intended to later publish a paper on that product. But I don't
yet know whether the paper is already available.
M. K. Shen
======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sat, 25 Mar 2000 11:02:01 -0800
Alan Mackenzie wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > OAP-L3: Answer me these?
>
> > Where is the bias in any of the procedures and processes in OAP-L3?
>
> > Where is any bias introduced into any of the procedures and processes
> > found in OAP-L3 when used according to recommendations?
>
> > What conclusions can we draw if there are no biases in any of the
> > procedures and processes, and no biases introduced in
> > any of the procedures and processes used in OAP-L3?
>
> Anthony, I've been listening in on this thread somewhat bemused. You and
> your critics seem to be talking rather at cross-purposes.
>
> I think the answer to the following question _might_ settle differences:
>
> Could a software engineer, using as a specification only the descriptive
> material available at your web site, duplicate your encryption program?
> That is, for any given plaintext, identical key material, and identical
> states for any programmable pseudo random number generators, his program
> and your program would produce the same cyphertext.
>
> --
> Alan Mackenzie (Munich, Germany)
> Email: [EMAIL PROTECTED]; to decode, wherever there is a repeated letter
> (like "aa"), remove one of them (leaving, say, "a").
"Could a software engineer, using as a specification only the
descriptive material available at your web site, duplicate your
encryption program?"
I certainly believe this: anyone experienced in the art can do
so easily at least through creating the OTPs. All of the processes
are fundamentally very simple and well known universally. Only no
one has put them all together to generate random numbers before,
as far as I know.
It might take some extra effort to program the (very logical) OTP
management feature: the logical OTP offset / counter features to
prevent any OTP data from being used more than once, etc. But
even this is simple in its logic and probably most will be able
to implement this feature readily, as well.
The entire software package is more or less a compilation of
fundamental knowledge readily available universally.
Let me give you an example.
Here is what one of the new MixFile processes will do. It is very
simple. From this description anyone with modest abilities should
be able to readily duplicate the process writing their own code:
MixFile(X) Byte Reversal Process - this process merely reverses
the entire byte sequence of a MixFile. (Keep in mind that a
MixFile is compressed in BCD and each byte represents two digits.
Hyphens added for emphasis.) For instance, let's say we have a
MixFile of:
... 01-23-45-67-89 24-68-01-35-79 36-92-58-14-70 ... , the
process would then output:
... 70-14-58-92-36 79-35-01-68-24 89-67-45-23-01 ...
All the processes in OAP-L3 are pretty much this simple and easily
implemented.
Yet I am still amazed that there are some posters to this news
group who insist that if they do not have the source code then,
for instance, this MixFile(X) Byte Reversal Process cannot be
trusted.
All they have to do is open the file with the provided utilities
included with OAP-L3 and look and hopefully see that this is
exactly what the process does. This is true with all the processes
in OAP-L3. I provide test data and the utilities where this can be
clearly demonstrate as part of the software.
What I really like about OAP-L3 is its accessibility. You do not
need any specialized knowledge to understand it. And with this
understanding, testing, and some thought, you can trust it.
Because the software is so fundamentally simple and because of
all the test data, utilities, and test procedures provided with
OAP-L3, I would expect that if there were a flaw in the software
that it should show up sooner, very soon, rather than later, and
we would all hear about it right away. I call it the
"I-shot-Jesse-James effect."
A user can create his or her own test data based upon their
knowledge of the process specification then, having predicted the
outcome, check and see if the output is as expected. But again,
no: if we do not have the source code we cannot even trust our
own eyes and brains.
Well, I am sorry. I can only encourage people to think. I cannot
think for them.
Nor will I do their work for them. They tell me how easy it is
yet none has the energy to punch a few keys on a keyboard.
Go figure.
I am curious, if someone does bother to write their own code, if
they will offer it up to these disagreeable types in this news
group. Or will they discreetly inform only a few interested
and responsible parties, knowing how shabbily the conversation
has been carried out here.
I knew you were out there. I have always acknowledged the silent
majority.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sat, 25 Mar 2000 11:03:31 -0800
"Trevor L. Jackson, III" wrote:
>
> Volker Hetzer wrote:
>
> > "Trevor L. Jackson, III" wrote:
> > > If no one finds any flaws in your product within 60
> > > days you keep my money, and you get to advertise the fact that you software is
> > > flawless. Otherwise I'll split your money with the people who find the flaws
> > > in your software.
> > Of course, this only works if he posts the source code that he actually uses.
>
> I don't see the problem. If he posts flawed code he forfeits. If he posts flawless
> code (har), he can reasonably claim the code he did not post was equally flawless.
If I knew we were all going to have such a great time, I'd have
brought out the barbecue and some ice cold beer.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Date: Sat, 25 Mar 2000 11:06:59 -0800
Tom St Denis wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Joseph Ashwood wrote:
> > 1) CASE: liar. You say the theory, and specification of the
> > procedures and processes have not been made available. Not true.
> > The theory, and specification of the procedures and processes have
> > been available for some time now at http://www.ciphile.com
>
> Your theory on your website is not very specific. Do you have a hidden page
> or something with the required info?
>
> > 2) CASE: idiot. "01234567890123456789... Each output digit will
> > occur an exactly equal number of times making a bias of exactly
> > zero." Not quite. Bias refers to any patterns that can be
> > discerned and exploited cryptoanalytically. There is clearly a
> > pattern here, the sequence is predictable, etc.
>
> So you are saying that if your RNG outputed a million zeros just by chance,
> your rng would not be random? hmmph. ok.
>
> > 3) CASE: stupid. "By adding a new process you inherently add
> > ability to "mix things up even more." That is simply not the
> > case..." Oh, really? In the popular state lotteries or in the
> > gambling game of keno, you may pick six numbers. Six of eighty
> > ping pong balls numbered 1 - 80 are randomly selected. Let's
> > say you bet one dollar for your pick six. If I decide to add
> > 80 more ping pong balls making a total of 160 and keep your
> > potential winnings the same, will you now bet two dollars?
>
> Actually with 160 balls from 1-80, 1-80 you have broken the lottery. Cuz
> the next time they pick your six balls, they could get 1, 1, 2, 2, 3, 3 and
> nobody would win. If you meant 1-160 that's no a new process but a
> different choose operation 160! choose 6 [bah I haven't done finite so if
> that's worded wrong I apologize]
>
> > You admit to not having read the Help files or insist that
> > you are unable to understand them, you have not gotten the
> > software: in other words, you don't know what you are talking
> > about yet you seem to be an authority on OAP-L3. Incredible!
>
> Actually document the thing properly. Write a paper on it. Not just a
> colection of web pages. Also you have to adhere to a standard. If for
> example I choose to evaluate the current one, it's of no use if you keep
> changing the rng.
>
> > As I mentioned, Version 4.3 of OAP-L3 will be out in a week or two.
> >
> > When this update is finished, where I'll be adding 6 more MixFile
> > processes, I will make available for download a new generation
> > program with data files.
>
> Why are you adding more processes? [hmm?] are the current ones broken?
>
> > You will be able to see that I can generate 1.4E20 random digits
> > using only 3540 data bytes with a security level having only one
> > exact key in well over 4E830. This process can be greatly
> > optimized further but I'll talk about this later.
>
> With a LFSR I could make 1.47732893477907533568552248218e+8525 bits
> (2^(8*3540) - 1) output assuming there was a primitive polynomial for that
> size. So what?
>
> > What this indicates is that with a very small number of data
> > bytes you can accomplish secure encryption. With this level
> > of efficiency this encryption theory may soon be considered
> > a potential alternative to existing SET systems.
>
> I could use two 1770 byte LFSR's and make a shrinking gererator, which is
> secure, more analyzed and easier then your methods. Not to mention have a
> longer period.
>
> Tom
I could have said "and then number all the balls from 1 - 160"
(which I assumed was obvious, or so I thought) but then you
wouldn't have had an "out."
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: Sat, 25 Mar 2000 19:31:36 GMT
Anthony Stephen Szopa wrote:
*************************************
> What would you say if there were no attacks possible against
> OAP-L3 when used according to recommendations (truly random user
> input and large key length) except brute force?
> **************
> I believe that I can prove my point mathematically. It is straight
> forward probability theory. I'm working on this proof.
========================
I would say that you are a god, that other people must worship you
and take at face value everything that you ever say.
And since up to now you have not said anything of substance,
except these humoristic declarations, please remember one rule:
The power of any god is proportional to the number of his
followers. In this sense your power == 0, since I did not see
any followers of your faith voice their belief, let alone
come to your help, explain the confused issues, etc.
Best wishes BNK
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: OAP-L3: Who cares? No one's interested?
Date: Sat, 25 Mar 2000 11:14:59 -0800
OAP-L3: Who cares?
No one's interested?
Then who in Redmond, WA would visit my web site and download OAR-L3?
Or who with IP address suffixes with .gov, .mil, .edu, etc?
Arpanet. Companies. Organizations. Individuals.
No one is interested? Give me a break.
Opportunity knocking.
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: http://www.cryptomat.com
Reply-To: JimD
Date: Sat, 25 Mar 2000 19:47:15 GMT
On Sat, 25 Mar 2000 11:51:49 +1100, "Borys Pawliw Newsgroups" <[EMAIL PROTECTED]>
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- -----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Am presently investigating the site http://www.cryptomat.com, the
>individual(s) behind which claim to be able to decipher ciphertext
>that was encrypted with supposedly secure, publicly available strong
>protocols (assume PGP et al). They even offer a service where you
>send then ciphertext and they will decrypt a portion of it as a
>demonstration of their abilities. I tried this service, but as of yet
>have not received any reply (11 days as of 25th March).
What did you send them?
--
Jim Dunnett.
dynastic at cwcom.net
Exiled in Somerset
Right at the heart of England's BSE Industry.
------------------------------
From: "RecilS" <[EMAIL PROTECTED]>
Subject: Method for time-altering keys
Date: Sat, 25 Mar 2000 16:19:06 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
The way I alter my key for time is as follows
loop through each time value (hour first num, hour second num, minute
1st, minute 2nd, seconds " ")
move every Nth byte to the end of the key (N = time value)
Now obviously this isn't a terribly complicated method. It does,
however, completely alter the key with high dependancy on each value
and does so very quickly (A must as these keys are time sensitive).
Any ideas for manipulating the keys based on time?
Also, replys of the nature "Well you obviously need to check the
statistical report analysis for time sensitive PF417 gJq10 data
proccessing routines" don't help me. The only things I'm going to
recognise are A) links B) explanations of such routines
Thanks
- - Doug
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBON0tSBJETAFqh0RgEQKAcQCgtIaYpLzEPjvPq74e/Fho6wDqR1sAnjjS
C/HnB1TK62ZT9A769SDKvFOO
=o9WW
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Nemo psj)
Subject: Re: http://www.cryptomat.com
Date: 25 Mar 2000 21:53:15 GMT
Well I sent them some text encrypted with my cipher and I suppose that if there
telling the truth that they should be able to break my 2 bit cipher like Adam
says, or maybe its not 2 bit or maybe there lying... I dont know but this will
be interesting.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: OAP-L3: Answer me these?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 25 Mar 2000 21:48:46 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] wrote:
:> In a previous article, "Tom St Denis" <[EMAIL PROTECTED]> writes:
:> >There is no such thing as a OTP bit flipping attack. You are making things
:> >up now.
:>
:> There _is_ such thing as a bit flipping attack against Vernam ciphers, and
:> OTPs are usually implemented as Vernam ciphers. The subject of bit flipping
:> attacks has in fact been heavily discussed [...]
: To my humble knowledge, the Vernam OTP, if it is an ideal one
: (i.e. satisfying all the theoretical assumptions, though
: unfortunately not practically obtainable), is perfectly
: secure according to a theorem of Shannon. Thus it can't be the
: case that there is any viable attack. [...]
It's true that you can't extract any information from the message body.
It doesn't mean that you can't use a known plaintext attack to completely
recover the key, or that you can't send faked messages, or that you
can't profitably modify modify existing ones.
With a straight OTP (with no signature scheme) you can do all these things.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
Strip mining helps prevent forest fires.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
