Cryptography-Digest Digest #443, Volume #11 Wed, 29 Mar 00 14:13:00 EST
Contents:
Re: pgp ([EMAIL PROTECTED])
Re: Blowfish (Eric Lee Green)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Boris Kazak)
RC4? ("Simon Johnson")
Re: Q: Differencing time series (Radford Neal)
Re: RC4? (mark carroll)
Re: Examining random() functions ("Tony T. Warnock")
Re: Examining random() functions (Jonathan Thornburg)
Re: prime solution (Bob Silverman)
Can anyone decrypt this? ([EMAIL PROTECTED])
Re: A newby question: "3DES" is 57.5 bits, and not 168 bits? (Jonathan Thornburg)
Re: Using Am-241 to generate random numbers (Mike Rosing)
Re: Schoof's Algorithm (Mike Rosing)
Re: Is it really NSA ?! ([EMAIL PROTECTED])
Announce: Order Maven 1.20 (Kent Briggs)
Re: Is it really NSA ?! (Tony L. Svanstrom)
Re: prime solution (DJohn37050)
Re: RC4? (Michael Sierchio)
Re: Examining random() functions (Tim Tyler)
Re: http://www.cryptomat.com (Tim Tyler)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: pgp
Date: Wed, 29 Mar 2000 16:25:21 GMT
In article <
[EMAIL PROTECTED]>,
UIC Network Services Kit User <
[EMAIL PROTECTED]> wrote:
> I am new to pgp and would like to know if anyone knows how to use it for
> eudora???
>
Try Eudora's PGP plug-in which is
described at:
http://www.eudora.com/central/plugins
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Blowfish
Date: Wed, 29 Mar 2000 16:41:59 GMT
Mark Wooding wrote:
> Thomas Luzat <[EMAIL PROTECTED]> wrote:
>
> > I'm currently writing a Blowfish implementation and I am now wondering
> > which key sizes are allowed or given by "the Blowfish standard". I
> > only know that the key can be up to 448 bits in size... Do the key
> > sizes have to be multiples of 32 bits, 64 bits or something like that?
>
> The original definition specified that the key had to be a multiple of
> 32 bits in length. However, the official test vectors, generated using
> Eric Young's reference implementation, understands keys whose length is
> any multiple of 8 bits (up to the maximum of 448 bits).
>
> The generalization needed for this is fairly simple. Assume that the
> word array P can be considered as an octet array using a big-endian
> convention. Then simply XOR in octets from the key into consecutive
> octets of P, looping back round to the start of the key when you run off
> the end.
Might also want to consider using TwoFish, which is somewhat faster than
Blowfish. I wrote a quick CBC-128 wrapper for Dr. Gladman's twofish.c routine
(see http://www.twofish-py.sourceforge.net ) and am managing to push over 6
megabytes per second through it on an AMD K6-2/300, with absolutely no
attempts at optimizations (I don't even have the compiler's optimizer flags
turned on, since that interferes with -g and I just finished debugging it).
My only complaint about TwoFish is the key schedule generation time, which is
fine for bulk encoding data, but which can be tiresome if you're trying to use
it as, say, a cryptographic hash or as part of a random number generator.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Wed, 29 Mar 2000 17:15:31 GMT
James Felling wrote:
>
*************************
> 1)Given a knowledge of the form of the starting list of all permutations
> used.
=========================
It is even much simpler than that. Not only the form is known, there is
only 1 single file at the origin of all his permutations.
Taking a reduced model 012 (in place of 0123456789), the original
file
is just a sequence of 6 possible permutations of the model, arranged in
ascending order. Thus, the sequence is:
012
021
102
120
201
210
Writing a routine to produce such an ordered sequence in case of
10 elements is an exercise for 6-th grade schoolchildren. The most
ridiculous thing is the 17-minute requirement, because it is
sufficient to produce this file only once, thereafter it can be
kept on the disk, reused, published on the Web, etc.
===========================
> a single mix file after a full shuffling is compromised in ~10!
> attempts. This means that at best your security is equivalent to
> (log(2 fullly secure mix files *10!))/log 2 bits vs. known plaintext,
> and possibly as low as 3( log(10!))/log2 ?= ~90( sorry no log function
> acailable to me now) bits.( with sulficient known plaintext against my
> admitiedly unsophisticated attack)
>
> Anthony Stephen Szopa wrote:
>
(big snip, snip, snip...)
> > Thank you.
===============================
Best wishes BNK
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: RC4?
Date: Wed, 29 Mar 2000 18:19:45 +0100
Here is a short question, but probably not an easy one to answer:
How strong is RC4?
------------------------------
Crossposted-To: sci.stat.math
From: [EMAIL PROTECTED] (Radford Neal)
Subject: Re: Q: Differencing time series
Date: 29 Mar 2000 16:19:24 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>1. If one applies the difference filter of n-th order to the
> white noise process, obtaining d_t and compute the bit
> sequence
>
> b_t = if d_t < 0 then 0 else 1 fi
>
> is b_t a uniformly distributed (truly) random bit sequence?
>
>2. The same as (1), except applying to a MA or ARMA process.
>
>3. Is there reasonable prospect of obtaining good quality random
> bit sequences this way from the majority of time series
> available in practice? If yes, is there any value of n, the
> order of the filter, that is the minimum for obtaining
> satisfactory results according to experiences?
This is a silly way of trying to obtain random numbers. If your
requirements are to obtain a batch of random numbers to store in a
file for future reference, you are better off taking a few large text
files off the internet, compressing them by various data compression
programs, exclusive-or-ing the results together, and finally
exclusive-or-ing with a standard pseudo-random sequence. It works
fine for me.
On the other hand, if you want an indefinite stream of random numbers
from a physical device, you should (1) think again, since your results
will be non-reproducible, making bug finding rather difficult, and
(2) if you still want to do it, examine the particular physical process
in detail. What's typical for other time series is not relevant.
About the only thing the above method looks to be good for is as a
homework problem.
Radford Neal
------------------------------
From: [EMAIL PROTECTED] (mark carroll)
Subject: Re: RC4?
Date: 29 Mar 2000 17:43:22 GMT
In article <8btdqo$8tr$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
>Here is a short question, but probably not an easy one to answer:
>How strong is RC4?
<shrug> I'm not aware of any terrible weaknesses. I think it's more
the intellectual property than the cipher itself that make it not so
widely used.
-- Mark
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Date: Wed, 29 Mar 2000 10:47:29 -0700
Reply-To: [EMAIL PROTECTED]
Tim Tyler wrote:
> _Andy_ <[EMAIL PROTECTED]> wrote:
> :Johnny Bravo <[EMAIL PROTECTED]> wrote:
>
> :> See the tests in the DieHard test suite. [...]
>
> : Thanks. That's exactly the kind of tool I'm looking for. Would one
> : expect a RNG to pass all these tests? [...]
>
> It depends on what you want to do with it.
>
> If you're using if for cryptography, it should pass all the tests you can
> think of, not just those in Diehard.
>
A "truly random" (whatever that means) random number generator should pass
95% of your tests at the 5% level. The probability of failure also obeys
laws.
------------------------------
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Subject: Re: Examining random() functions
Date: 29 Mar 2000 20:05:58 +0200
In article <[EMAIL PROTECTED]>,
_Andy_ <[EMAIL PROTECTED]> wrote:
> I've been playing around with random integer generators and
>was wondering about different methods of examining the output.
>
> Currently, I take my results and plot a 3-dimensional graph
>and examine it by eye. i.e. I take three consecutive results and treat
>them as the (x,y,z) coordinates of a point and plot it on the graph. I
>repeat this until a visual pattern emerges. (As described in "Jungles
>of Randomness")
Knuth v.2 ("The Art of Computer Programming, v.2: "Seminumerical Algorithms")
devotes a long section to tests of random number generators (RNGs), including
a discussion of this "spectral" test, and how to generalize it to higher
dimensions (at least for one common family of random number generators).
Note, however, that
(a) "good RNG for general-purpose simulation applications"
and
(b) "good cryptographic RNG"
are *completely* different animals. In general (b) ==> (a), but *not*
the other way around, i.e. there are lots of RNGs that are great by
criterion (a), but truly awful by criterion (b). So for crypto purposes,
(a) is at best a weak screening test to help toss out really bad RNGs.
Coming up with (b) is *hard*, see
http://www.counterpane.com/pseudorandom_number.html
for some nice discussion.
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
Amount of all stock owned by the least wealthy 90% of America: 18%
Amount of all stock owned by the most wealthy 1% of America: 41%
-- Economic Policy Institute
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: prime solution
Date: Wed, 29 Mar 2000 17:58:29 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
Just what we need; YAC (Yet Another Crank)
> I offer the following solution to prime numbers.
I was not aware that prime numbers needed a solution.
Perhaps you might state what *PROBLEM* you are solving?
> This solution, as trivial as it is, has been
> hidden from us until now.
Who is "us"?? What makes you think it has been hidden?
>
> A(n)=6*n-1
> B(n)=6*n+1
> for all n=1,2,3...
>
> A and B define the "possible prime space."
They most certainly do NOT if the 'n' is the same for A(n) and B(n)!
> So everything is prime unless it is the
> combination of two other things in this set.
False. Most integers will be the product of 3 or more primes,
not just two.
> So any p^2-1 is divisible by 6.
Trivially and known for only a few thousand years.
>
> I won't give away the ending just yet
, but you can
> use this to find large primes or the prime factors
> of huge numbers with relative ease. Can you see
> the solution?
No. We can't. And I doubt whether you can.
Go Away.
>
> This is like the "special theory of primality"
> There is also a to-be-revealed "general theory of
> primality" which describes how 1,2, and 3 create
> our entire number system (1 _is_ prime). Read Tao
> Te Ching ch. 42 and Isiah 42 for more hints.
This is unadulterated horsesh*t
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Can anyone decrypt this?
Date: Wed, 29 Mar 2000 13:04:02 -0500
$N!FZ@GW?CW$AYY!G@WC@AY?V!FYX$Y@H@G+X?R$FAG@$Y?G@*BA!FBY*Y?Y@ZY!Q@YX$YVG!W!?FZB@AG@Y$FZR+BY@G+Y!@HG+
I know it is simply a substution encryption scheme, but I can't get it?
------------------------------
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Subject: Re: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: 29 Mar 2000 20:13:44 +0200
In article <8br3nc$6rq$[EMAIL PROTECTED]>,
Bill Unruh <[EMAIL PROTECTED]> (hi, Bill!) wrote:
>Because of "meet n the middle" type attacks, one can trade of 56 bits of
>key strength if one has 2^56 words of storage space. This is usually
>taken to say that 3DES only has 112 bits of strength ( although that
>storage requirement is a wee bit steep).
Actually, 3DES is slightly weaker than that: Take a look at
Stefan Lucks,
"Attacking Triple Encryption,"
Fast Software Encryption '98, Volume 1372 of Lecture Notes in
Computer Science (S. Vaudenay, ed.), Springer-Verlag, 1998.
http://th.informatik.uni-mannheim.de/m/lucks/papers.html
Lucks' web page summarizes some of the key results as
about $2^{108}$ steps of computation are sufficient to break
three-key triple DES. If one concentrates on the number of single DES
operations and assumes the other operations to be much faster, $2^{90}$
of these are enough.
That said, 3DES is still very strong: 2^90 is still a *huge* number,
we're looking at attacks which are an absolute minimum of 1e10 or so
times more expensive than exhaustive-searching single-DES, not to
mention some rather astronomical amounts of high-speed memory. In
practice, 3DES is likely to stay secure against exhaustive search
for many decades.
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
"What's nice about GUI is that you see what you manipulate.
What's bad about GUI is that you can only manipulate what you see."
-- Tracy Reed
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Using Am-241 to generate random numbers
Date: Wed, 29 Mar 2000 12:20:25 -0600
Jed Rothwell wrote:
> . . . that people already use radioactive sources to generate random numbers
> for Vernam ciphers and other applications. Obviously I was not the first to
> come up with the idea, but my point is that it might be more economical and
> easier now that cheap AD converters and ionizing smoke alarms are common. In
> the past, acquiring and managing radioactive materials was somewhat
> hazardous.
Yeah, check this out:
http://www.terracom.net/~eresrch and click on /dev/random
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Schoof's Algorithm
Date: Wed, 29 Mar 2000 12:16:33 -0600
Robert Harley wrote:
>
> "Michael Scott" <[EMAIL PROTECTED]> writes:
> > This program counts the number of points on an elliptic curve defined over
> > the field GF(2^m). It does NOT represent the state of the art [...]
> > However it can find a cryptographically suitable
> > curve, with a near-prime number of points over say GF(2^191) in a
> > "reasonable" length of time on a Pentium III 450MHz, typically on an
> > over-night run.
>
> I'm working on an *extremely* fast point counting program, also for
> curves over fields GF(2^m). When it's ready, counting a random curve
> over GF(2^191) ought to take about one minute on a similar PC. Just
> now I ran ten examples over GF(2^120) on my 500 MHz Alpha and they
> took 2.6 seconds each.
>
> I expect to release a demo version in a few weeks (and will announce
> it here in sci.crypt). I am also seeking commercial interest in
> licenses to use "the real thing".
Would you guys care to write up an explanation of how it all works,
in "pedestrian" terms? I've been beating my head against the math
for about a year or so and it almost makes sense.
Even a basic outline of your method would be nice Robert.
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is it really NSA ?!
Date: Wed, 29 Mar 2000 18:20:16 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> The actual Intelligence community classified network
> is disjoint from the public Internet, and also uses
> Type I link-level encryption.
The NSA, for example, has critical systems
underground in Ft. Meade which are not linked
to the public internet. However, the intel
community (and the military) use a variety of
systems which could *potentially* be
vulnerable to an outside attack. In a 1997
British court case, witnesses from the USAF
component of the NSA acknowledged using
packet sniffers and specialized programs to
track *attempts to enter* U.S. military
computers.
but the point
> is that "hacking" that network is not as simple as
> you might think judging by the public Internet.
"I knewww that" - Inspector Clouseau
[The "www" in "knewww" can also imply
"world wide web"- kind of clever]
> P.S. It wouldn't make sense for actual intelligence
> agencies to label their activities with terms like
> "SpookWeb" that convey the nature of the activities
> too clearly to an eavesdropper.
I don't know what the agencies' policy is on
this but they *might* presume that people
wouldn't suspect them of being so bold as to
use the term "Spookweb" and, thus, go ahead
and use the term anyways. In addition, the
agencies store and analyze usenet discussions
(supposedly, the UK's Defence Evaluation &
Research Agency maintains the last 90 days of
usenet messages). These messages (and other
data) are processed by software which looks
for certain keywords (among other things).
Perhaps these agencies might consider
introducing certain terms themselves (e.g.,
"Spookweb") and then tracking people's
interest in the occurrence and meaning of
these terms.
"SpookWeb" sounds
> like some juvenile's brainstorm.
>
If this is true than the hacker community
might be familiar with the term because they
have seen one of their own using it before.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Announce: Order Maven 1.20
Date: Wed, 29 Mar 2000 18:34:36 GMT
I have updated my Order Maven utility with symmetric keys up to 160 bits
and public keys up to 1536 bits, in accordance with the recently relaxed
export restrictions. Order Maven provides a secure credit card
collection system for online merchants who do not have access to SSL web
servers. A press release describing the software is posted here:
http://www.briggsoft.com/promav12.txt
A shareware evaluation version is available for downloading from here:
http://www.briggsoft.com/omaven.htm
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
Home of Puffer, CryptaPix, & Directory Snoop
------------------------------
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Subject: Re: Is it really NSA ?!
Date: Wed, 29 Mar 2000 20:42:07 +0200
Remove NO_SPAM to reply <[EMAIL PROTECTED]> wrote:
> Why is it that everyone assumes the NSA is godlike? Keep in mind, it is
> an organization run by humans. And those humans work for the government,
> so they can't be too smart, can they? (Ok, so I'm being a bit sarcastic.
> Just tired of hearing how the NSA has complete control of anything
> electronic.)
Hey, that would be true if it hadn't been for them using that
alien-tech. ;-)
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
DSS: 0x9363F1DB, Fp: 6EA2 618F 6D21 91D3 2D82 78A6 647F F247 9363 F1DB
---���---���-----------------------------------------------���---���---
\O/ \O/ �1999 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: prime solution
Date: 29 Mar 2000 18:47:50 GMT
thank goodness for *.
Don Johnson
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: RC4?
Date: Wed, 29 Mar 2000 10:59:20 -0800
Simon Johnson wrote:
>
> Here is a short question, but probably not an easy one to answer:
> How strong is RC4?
RC4 is known to leak partial key bits for some classes of short,
weak keys. RSA and NSA are rumored to know of attacks against
RC4 that have not been published [private communication from
Bob Baldwin]. The effective key length is somewhat less than
the maximum possible length -- there is little advantage to
using 1024 bit keys with RC4.
That being said, it's a good cipher. Not as fast as SEAL, but
SEAL has not been as extensive cryptanalyzed. This has nothing
to do with its actual strength, just its perceived robustness.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Examining random() functions
Reply-To: [EMAIL PROTECTED]
Date: Wed, 29 Mar 2000 18:47:22 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
: Johnny Bravo wrote:
:> A good RNG should pass every test, as should the output of a good
:> cipher.
[snip objections]
: I think this approach has only marginal relevance for cryptosystem
: testing. The *real* question should be how hard it is to thwart the
: system's security goals, and this kind of testing doesn't directly
: address that.
Essentially I agree with the spirit of these sentiments.
However, there are *some* places where deviations from randomness always
imply weakness - for example, if you're generating an independent stream
for use with a stream cypher, and *that* fails tests for randomness, then
that usually translates pretty directly into a security problem.
--
__________
|im |yler The Mandala Centre http://mandala.co.uk/ [EMAIL PROTECTED]
A company is known by the people it keeps.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: http://www.cryptomat.com
Reply-To: [EMAIL PROTECTED]
Date: Wed, 29 Mar 2000 18:50:41 GMT
Borys Pawliw Newsgroups <[EMAIL PROTECTED]> wrote:
: I sent them a PGP 6.5.3 encrypted ciphertext message, with a few tricks to
: it...:
: 1) The beginning and end of the plaintext I used was a series of numbers and
: characters such as #$^%, just to make a known/attempted plaintext attack a
: little harder...
: 2) The ciphertext was modified a bit, so that the first character in each
: l64 charctare line of ciphertext, if it was upper case, was changed to
: lowercase and vice-versa...
...but now you've published some "clues" in a public place - on a thread
with their URL in it no less! ;-)
--
__________
|im |yler The Mandala Centre http://mandala.co.uk/ [EMAIL PROTECTED]
2002 - the next year of the palindrome.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
