Cryptography-Digest Digest #424, Volume #11 Sun, 26 Mar 00 14:13:01 EST
Contents:
Re: new Echelon article ([EMAIL PROTECTED])
Re: OAP-L3: Answer me these? ("Trevor L. Jackson, III")
Re: Is netcity.com SmartCard Secure? ("KidMo")
Re: Hashes! (newbie question) ("Simon Johnson")
Re: Download Random Number Generator from Ciphile Software (Taneli Huuskonen)
Re: What is "Counter mode" and "Interleaved chaining mode" (Helger Lipmaa)
Re: Method for time-altering keys ("Test")
Re: Cryptomat.com (p1p3r)
Re: Card shuffling (Scott Nelson)
Re: Method for time-altering keys ("Adam Durana")
Re: Cryptomat.com ("Adam Durana")
Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL" ("Geordie")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: new Echelon article
Date: Sun, 26 Mar 2000 16:08:02 +0100
"Douglas A. Gwyn" wrote:
> [EMAIL PROTECTED] wrote:
> > Is there anyway to insert crypto hardware into cellphones?
>
> Not unless they were designed for it, or you are a competent
> electrical/communications engineer (in which case you wouldn't
> be asking the question).
Yep, that's what I thought :-(
> I do know that *some* cellular telephones exist that support
> Fortezza cards. Unfortunately I don't know much about them.
> Perhaps you can find them via a Web search, if they're
> availbale on the open market. (Fortezza format-compatible
> cards are available that use non-classified algorithms.)
-Jared
------------------------------
Date: Sun, 26 Mar 2000 11:15:52 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Answer me these?
Anthony Stephen Szopa wrote:
> "Trevor L. Jackson, III" wrote:
> >
> > Anthony Stephen Szopa wrote:
> >
> > > "Trevor L. Jackson, III" wrote:
> > > >
> > > > Volker Hetzer wrote:
> > > >
> > > > > "Trevor L. Jackson, III" wrote:
> > > > > > If no one finds any flaws in your product within 60
> > > > > > days you keep my money, and you get to advertise the fact that you
>software is
> > > > > > flawless. Otherwise I'll split your money with the people who find the
>flaws
> > > > > > in your software.
> > > > > Of course, this only works if he posts the source code that he actually uses.
> > > >
> > > > I don't see the problem. If he posts flawed code he forfeits. If he posts
>flawless
> > > > code (har), he can reasonably claim the code he did not post was equally
>flawless.
> > >
> > > If I knew we were all going to have such a great time, I'd have
> > > brought out the barbecue and some ice cold beer.
> >
> > My offer stands. You have not responsded. Should I interpret your lack of
>response to
> > mean that you decline the offer?
>
> Let's wait and see the flaws come rolling in.
Let's not wait. Let's decide now. Do you accept or decline the challenge?
------------------------------
From: "KidMo" <[EMAIL PROTECTED]>
Subject: Re: Is netcity.com SmartCard Secure?
Date: Sun, 26 Mar 2000 11:01:00 -0600
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
hehe i never thought of that i guess that is true, but ima legit,
really wonderin how it "worked" per say. Been a while since ive been
on the newsgroup, ive just got it setup with my new computer. While
lookin around some stuff i found this and was just wondering.
Signed,
KidMo
PS> now would an advertiser use PGP? hehe
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.3
iQA/AwUBON5CPZDtgzTwxWM9EQI3YQCfRc+i2rFkZpljU02Spg1l29TjQFQAoL+3
RNNQofgHX2EVf5tNLTSFXdwT
=0WQz
=====END PGP SIGNATURE=====
"Tony L. Svanstrom" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> KidMo <[EMAIL PROTECTED]> wrote:
>
> > I was wondering if this www.netcity.com smartsecure is secure and what
is
> > up with it. Could one of you crypto analysis people take a look at this
> > site and give us the 411?
>
> Hmmm... I've seen this before, if I were to guess I'd say that they are
> just out to get some free advertising and users by asking this in NGs.
>
>
> /Tony
> --
> /\___/\ Who would you like to read your messages today? /\___/\
> \_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
> --oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
> DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
> ---���---���-----------------------------------------------���---���---
> \O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Hashes! (newbie question)
Date: Sun, 26 Mar 2000 16:42:46 -0800
I am designing a new hash for a login system and I have decided to seed a
PRNG and produce a 160bit hash out of a random number generator.. But to do
that I must first pre-hash the text into a number. After many hours of
experimentation, if produced the following algorithm, I tested it over the
(256-1)*3 bits.
For n = 1 to len(text)
a = sqrt((a+n)*asc(mid(text,n,1))) 'square root ( a * n * (the ascii rep
of the n'th char of text))
Next N
I would like to know if this function produces any collisions?
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: Download Random Number Generator from Ciphile Software
Date: 26 Mar 2000 19:59:01 +0300
=====BEGIN PGP SIGNED MESSAGE=====
In <[EMAIL PROTECTED]> Anthony Stephen Szopa
<[EMAIL PROTECTED]> writes:
[...]
>Mr. Huuskonen seems to have a good grasp of the theory and processes
>(probably after just one cursory read.)
Thank you. Anyway, I would describe my reading as "wading" up to a
certain point, from which onwards the word "cursory" does apply.
>So do many others who have paid for the latest version of the
>software.
Your wording is misleading, IMAO. One easily gets the impression I have
paid for your software. I haven't.
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQB1AwUBON5BwAUw3ir1nvhZAQEiFQMAmrlTODbcqcmt42xZGxJ33iowHIQkXob0
qisqXqmjfsSTxIdlU6QSpYj8SbXNo3sunB8ysvbwUw84CLS8PrHzBJwEBuReRfwH
YvKXY0i1LKU1SRs/ldsLW31/ezWg5c/U
=U6D3
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: What is "Counter mode" and "Interleaved chaining mode"
Date: Sun, 26 Mar 2000 20:52:16 +0300
Tong Zhang wrote:
>
>
> Hi,
>
> I just read a book aabout block cipher. It mentioned
>
> two operation mode : Counter mode, and
>
> Interleaved chaining mode. It said that if the block
>
> cipher works in these two modes, the cipher can be
>
> pipelined. But I can't find the definition or explaination
>
> of them. Where can I find related information? Thanks,
>
> Tong
Basically:
1) Counter mode gets as inputs a value ctr (counter), key K, and input
data stream
inp.
Given cipher E (e.g., DES), the n-th ciphertext block out[n] is
computed as;
out[n]:=inp[n] XOR E(K,ctr+n).
2) Interleaved CBC: like CBC, but instead of feeding back n-th
ciphertext block to the
encryption of (n+1)th block, feed it back to the encryption of
(n+k)th block, where
k>1.
That is,
out[n]:=E(K,inp[n] XOR iv[n]) if n<k
out[n]:=E(K,inp[n] XOR out[n-k]) if n>=k
Here, iv is a k-block initial value.
Helger Lipmaa
http://home.cyber.ee/helger
------------------------------
From: "Test" <[EMAIL PROTECTED]>
Subject: Re: Method for time-altering keys
Date: Sun, 26 Mar 2000 10:51:13 -0700
I cannot see how a time dependent reordering of the key weakens it in any
way, but I do agree with Adam that there seems to be no benefit in doing it.
Perhaps it would help if Doug could be more specific about what he is trying
to accomplish.
As for Lyal's comment, yes I agree that time information can be useful in a
passphrase, but you totally lost me with that "shared secret" and "replay
detection" remark. Could you explain further?
Just my 2 cents worth.
Lyalc wrote in message ...
>A critical benefit arises from the suggestion to add time bits to the
user's
>pass phrase.
>This adds a "specific use" element to the use of the password (or any other
>shared secret), increasing the ease of replay detection.
>And, it's used in several environments today - and in the future.
>
>Lyal
>
>
>Adam Durana wrote in message ...
>>
>>I think I follow even though your explanation could be better. But what
is
>>the point of doing this? Letting the time affect the key just seems like
a
>>weakness, i.e. if someone knows what time the key was made they know some
>of
>>the key bits, or the ordering of the bits depending on what your method
>>does. I still can't think of a case where you would want a key to be
>>affected by the time it was created, unless you can derive that time from
>>the key without giving away the key. Keys that expire are interesting but
>>this method does not do that. Also why even bother reordering the bits?
>>Just attach the output of time(0) to the end of the passphrase the user
>>provided.
>>
>>And I do suggest you read "the statistical report analysis for time
>>sensitive PF417 gJq10 data proccessing routine".
>>
>>- Adam
>>
>>
>
>
------------------------------
From: p1p3r <[EMAIL PROTECTED]>
Subject: Re: Cryptomat.com
Date: Sun, 26 Mar 2000 12:12:45 -0600
I wonder why they pop up that traceroute window when you visit the site
more than once. Is it some attempt to show how insecure your computer
is? A way to thwart scriptkiddies? Who knows?!
p1p3r
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Card shuffling
Reply-To: [EMAIL PROTECTED]
Date: Sun, 26 Mar 2000 18:26:17 GMT
On Sun, 26 Mar 2000 07:01:30 GMT, DMc <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] previously wrote:
>>>
>>>My present conclusion based on the evidence I acquired in these
>>>experiments is the minimum riffle is one and the minimum cut is one
>>>in order to maintain a fair contract bridge card deck. This assumes
>>>starting with a fair deck; that is, no person knows its order.
>>>
[snip]
>>
>>I think your standards as stated are too high.
>>
>I do not get your meaning.
Pardon, I should have been more explicit.
1.) I think it's unreasonable to assume that you are starting with
a deck in which no person knows it's order.
In my experience, most expert bridge players can remember the
play of every card in the previous hand.
And once they are aware the order of the pickup is important,
they can remember that too.
Even non experts have little trouble remembering the lay of
the important cards.
2.) It's also unreasonable to demand that players know
the position of the cards without seeing their hand first.
In a real game, the cards are dealt, and you look at your
hand before any actions based on the randomness of the deck
are taken.
3.) It possible that you are demanding too high a level of
accuracy. In bridge, it often occurs that knowing if a king
is to your left or right will let you know if the finesse
will work. There's a 50% chance that you can get this
right just by guessing. Increasing that to 75% is
enough to be noticeable. (Some sharps actually made
use of this info in a tournament, and they were
caught because the other players noticed that there
bidding was too aggressive, but they always "lucked out")
>>
>>After playing a hand of bridge, pick up the cards and deal without
>>shuffling. I'll bet that most "expert" bridge players can guess cards
>>in their opponents hands with a very high degree of success. And
>>their ability to do so will go up quickly once they realize how the
>>test works, and start remembering not just the tricks from last hand,
>>but the order of the cards in the trick as well.
>>
>>After they've been trained on 0 shuffles, then try one shuffle and
>>see how well they do. I'd bet that they do noticeably better than
>>chance until 5 shuffles. (They probably still do better than chance
>>at 5, but I don't think it will be noticed.)
>>
>It happens I agree completely with you here. It is my conjecture that
>without a cut after riffling, 5 to 7 riffles would probably be needed
>to return the deck to a fair [unknowable] state. I have not done the
>experimentation to support that conjecture. From my viewpoint it is
>mindless dogwork.
>
>I repeat my previous statement: One riffle, and one cut, returns a
>bridge deck back to fair; no matter what the previous play and card
>collection process. (By the way, this is where bridge experts begin
>to lay claim to knowing something of the next deal if certain cards
>are observed clumped together. Their claim is not objectively
>supportable. In my experiments, I completely controlled for such a
>possibility.)
>
I too have run experiments with one shuffle and one cut,
but I seem to have gotten very different results.
In particular, I find the last cut almost irrelevant.
If the Ace of Diamonds is on top of the King, it's going to be
dealt to the right of the King, and no amount of normal cutting
will change that. A three way cut (the so called "Scarn" cut)
has a only a tiny chance of changing it.
If the Ace of Diamonds is on top of the King before the shuffle,
after one riffle shuffle there's a better than 50% chance
there is no more than one card between it and the King.
(It's better if the shuffler is bad, but expert bridge
players tend to be above average shufflers.)
That means the odds are about twice as good that
the King will not be to the right of the Ace.
(About 5/6 instead of 2/3)
Knowing this is not a big advantage, but when the players
are otherwise evenly matched, even a tiny advantage
can be enough.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Method for time-altering keys
Date: Sun, 26 Mar 2000 13:37:21 -0500
To thwart replay attacks you can use IVs and/or salts. I rather use one of
those or both instead of the time the key was created, since both an IV or
salt can be totally random values. Basically you are using time as a salt
in this case, and wouldn't you rather use a random value instead of a value
as non-random as time? I know I would and that's why I see no benefit from
what you suggested.
- Adam
"Lyalc" <[EMAIL PROTECTED]> wrote in message
news:ZAoD4.56954$[EMAIL PROTECTED]...
> A critical benefit arises from the suggestion to add time bits to the
user's
> pass phrase.
> This adds a "specific use" element to the use of the password (or any
other
> shared secret), increasing the ease of replay detection.
> And, it's used in several environments today - and in the future.
>
> Lyal
>
>
> Adam Durana wrote in message ...
> >
> >I think I follow even though your explanation could be better. But what
is
> >the point of doing this? Letting the time affect the key just seems like
a
> >weakness, i.e. if someone knows what time the key was made they know some
> of
> >the key bits, or the ordering of the bits depending on what your method
> >does. I still can't think of a case where you would want a key to be
> >affected by the time it was created, unless you can derive that time from
> >the key without giving away the key. Keys that expire are interesting
but
> >this method does not do that. Also why even bother reordering the bits?
> >Just attach the output of time(0) to the end of the passphrase the user
> >provided.
> >
> >And I do suggest you read "the statistical report analysis for time
> >sensitive PF417 gJq10 data proccessing routine".
> >
> >- Adam
> >
> >
>
>
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Cryptomat.com
Date: Sun, 26 Mar 2000 13:48:14 -0500
Tracing [xxxxxxxxxxxxxxxxxxxxx]...
RR: www.cryptomat.com (195.224.241.23)
1 packets transmitted, 0 packets received, 100% packet loss
Round Trip: 0 packets ms.
Storing User Information.
"p1p3r" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I wonder why they pop up that traceroute window when you visit the site
> more than once. Is it some attempt to show how insecure your computer
> is? A way to thwart scriptkiddies? Who knows?!
>
> p1p3r
I think it has something to do with they are a bunch of morons who want to
fool who people who don't know much about computers into thinking their site
has something to do with security. So what information are they storing on
me? Maybe my hostname will be associated with some cookie they set on my
computer so if I didn't have a static IP they could tell which IP I was
using before and which one I'm using now. But that still doesn't tell them
who I am, what I'm doing or anything at all except what hostnames I have
been using. If they were really trying to do something with that
information they wouldn't pop up that window and tell you they are pinging
you.
------------------------------
From: "Geordie" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,uk.politics.censorship
Subject: Re: Sunday People 26/3/2000: "FORGET YOUR PASSWORD... END UP IN JAIL"
Date: Sun, 26 Mar 2000 19:52:29 +0100
NoSpam <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> http://www.people.co.uk/shtml/NEWS/P28S1.shtml
>
> FORGET YOUR PASSWORD... END UP IN JAIL
>
> INTERNET FURY AT STRAW
>
> BIG Brother wants to know your computer password - and he'll throw you in
> jail if you don't tell him.
>
> Home Secretary Jack Straw aims to make it a criminal offence to refuse to
> tell police or secret services the way into your personal computer.
>
> And you could go down for two years, even if you've only forgotten the
vital
> word.
>
> Under the Regulation of Investigatory Powers Bill, any data you have
stored
> will be presumed to be incriminating unless you can prove otherwise. Civil
> liberties groups are furious over the controversial new legislation, which
> is part of the Government's bid to crack down on computer fraud, internet
> terrorism and child porn.
>
>
> America, France, Ireland and Germany have already rejected similar laws.
>
> www.fipr.org/rip#media
>
What this means in effect, no one will want to use encryption in case they
forget their password and end up in jail. This means that any attempt at
privacy by the British computer user when using electronic communications
will carry with it real risks. The old Soviet Union would have been proud of
this law as I'm sure they and other repressive totalitarian states still
existing around the world would welcome Jack Straw on to their Central
Committee as Security Minister.
The most frightening thing is he can get away with it. There seem to be no
organised protest to this attack on fundamental right's to privacy. Well
maybe this just goes to prove, as I have often suspected, that we are the
most intolerant and authoritarian country in the Western world.
Geordie
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
