Cryptography-Digest Digest #447, Volume #11 Thu, 30 Mar 00 07:13:01 EST
Contents:
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: A newby question: "3DES" is 57.5 bits, and not 168 bits? (John Savard)
Re: Opinions? ([EMAIL PROTECTED])
The NSA's little NCSC bots ([EMAIL PROTECTED])
Coderpunks Query on Teledyne Crypto (John Savard)
Re: Key exchange using Secret Key Encryption (NFN NMI L.)
Re: Does the NSA have ALL Possible PGP keys? ([EMAIL PROTECTED])
Re: Newbie, Where should I start, ([EMAIL PROTECTED])
Re: Basic info on cryptography (Slip Gun)
Re: prime solution ([EMAIL PROTECTED])
Re: Q: Differencing time series (Mok-Kong Shen)
Re: Coderpunks Query on Teledyne Crypto (Mok-Kong Shen)
Re: Key exchange using Secret Key Encryption ([EMAIL PROTECTED])
Re: Coderpunks Query on Teledyne Crypto (John Savard)
Re: prime solution (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Thu, 30 Mar 2000 06:36:14 GMT
In article <
nAvE4.2979$[EMAIL PROTECTED]
m>,
"Leo Sgouros" <[EMAIL PROTECTED]>
wrote:
>
> those that care know everything they need to :-)
>
This is one cryptic message that I cannot
decipher. What does it mean?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Thu, 30 Mar 2000 06:45:09 GMT
In article <
8bu51l$mj2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Xcott Craver) wrote:
IMHO, this constitutes a great achievement.
Perhaps you have a latent part- time destiny
as the Benny Hill or Howard Stern of crypto !-)
> ========
> >> But not every bra has a cryptographic function. Most are used for ASCII
> >> armor or for compression. Some are even designed to make the plaintext
> >> stand out and more enjoyable to read.
> >
> > Touche, but I believe what we have here is a clear case of steganography.
>
> Yikes. I think that we should hammer down some definitions before
> this whole thing gets out of hand.
>
> Cryptography:
> Building a difficult-to-unhook bra.
>
> Steganography:
> Building a flesh-colored bra, or one whose unhook mechanism is
> hidden somewhere unexpected (Man: "How the Hell...?" Woman:
> "It unhooks in front." Man: "Damn those steganographers.")
>
> Public-Key Cryptography:
> Building a bra that anyone can put on, but that only Alice can
> remove.
>
> Watermarking:
> Building a bra that stays on even after smoothing, compression,
> and rotation. Also, Bob should not be able to put his own bra
> on over Alice's and claim ownership of her body.
>
> Fingerprinting:
> Um, I'm probably already in trouble for the last one, so I'll
> just skip this.
>
> Signatures:
> Building a bra with a nametag ("Property of Alice, machine wash
> warm...") such that bras with Alice's name only fit Alice's body.
> Bob could in theory remove Alice's bra and replace it with his
> own, but there's no real reason for him to do so.
>
> Zero-Knowledge Proofs:
> Alice transforms her bra into a duffle bag, and either (a) shows
> Bob how to open it, or (b) shows Bob how she made it into a duffle
> bag. Alice repeats the procedure until Bob is satisfied (perverted
> freak).
>
> One-time Pad:
> Kleenex.
>
> NSA: An organization that wants women to go back to wearing corsets and
> chastity belts. Oh, and Bill Clinton gets to keep all the keys.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A newby question: "3DES" is 57.5 bits, and not 168 bits?
Date: Thu, 30 Mar 2000 06:52:15 GMT
On Tue, 28 Mar 2000 19:34:19 GMT, [EMAIL PROTECTED] (Steven C. Den
Beste) wrote, in part:
>I thought that one of the strengths -- and weaknesses -- of DES was that if
>you did the decipher properly, then the engine told you that you had
>succeeded even if you didn't know what the plaintext was.
There might be a way to write a routine to encipher, or decipher, DES,
so that it would tell you if you wrote it without bugs. Usually,
though, test vectors are used for that purpose.
>(Something to the
>effect that if it was done properly then the shift register contained all
>zeros after the process. If it contained any 1's, then it was the wrong
>key.)
But, as others have noted, that is definitely not true. Because DES is
a block cipher that takes 64-bit plaintext inputs to 64-bit cipher
outputs, the cipher output has no extra information in it. You can
decipher any 64-bit block with all 2^56 different keys, and you will
get 2^56 results. They won't necessarily all be different, but the
only thing that makes one result more likely to be correct than
another is if it looks, to you, more like the kind of plaintext you
were expecting the other fellow to have enciphered.
Now, one might encipher using DES in a chaining mode, and encipher an
all-zero block at the end as an error-check. Doing Triple-DES with
such an error-check in each layer would indeed offer only slightly
more than 57.5 bits of security (more, because one would have to
decipher the entire message to test a key) and that is why people
don't do it that way in practice.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Opinions?
Date: Thu, 30 Mar 2000 07:31:06 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
> I am interested to know in which natural science disciplines there
> are effects that come before the clauses, not to say effects without
> causes. Could you elaborate a bit? (I learned that there are
> some speculations about time reversals. But I suppose that these are
> yet speculations and nothing more.) Thanks.
>
There are a variety of approaches to the
issue of causality and locality in quantum
mechanics (QM)- no one really understands
what's going on. IMHO, we should let the
experimentalists continue to refine our
understanding and not worry too much yet
about possible interpretations. This is
because ordinary QM is not fully sufficient for
describing M-theory (superstring theory or
ST).
Thus, if ST turns out to be correct it could
provide us with a more fundamental and more
naturally derived reinterpretation of QM. One
of the main goals of ST is the holy grail of
theoretical physics- the unification of QM and
General Relativity (i.e. a true and hopefully
single theory of quantum gravity). If this
happens then we will be better able to address
the kind of questions you raise.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: The NSA's little NCSC bots
Date: Thu, 30 Mar 2000 07:55:11 GMT
Regarding websites, D. Menscher wrote:
"I_have_been visited by the NSA (well,
actually the NCSC). It shows up in logs, etc."
Earlier, I tried to post:
Yes, according to John Young, the NCSC uses
bots to collect data of interest- they look for
new files and make copies. Also, according to
Young, bots which appeared to be from NCSC
used to visit this site every day (I don't know
if they still visit):
www.jya.com/crypto.htm
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 08:11:29 GMT
There was a question on the Coderpunks mailing list, which I saw in
the newsgroup where its contents are echoed, about the encryption
products discussed at the web site
http://www.infsec.com/EncrypTech.html
While the term "Dynamic Substitution" was used, this wasn't a
reference to Terry Ritter's cipher of that name (although one of his
patents was cited as prior art) but I did find the Teledyne patent
referred to:
U. S. Patent 6035042
and it appears to describe the following process of generating
S-boxes:
Start with two S-boxes of a given size (as an example, I will take the
two S-boxes from LUCIFER):
Input: S-box 1 S-box 2
0000 1100 0111
0001 1111 0010
0010 0111 1110
0011 1010 1001
0100 1110 0011
0101 1101 1011
0110 1011 0000
0111 0000 0100
1000 0010 1100
1001 0110 1101
1010 0011 0001
1011 0001 1010
1100 1001 0110
1101 0100 1111
1110 0101 1000
1111 1000 0101
An S-box of twice the size is produced by choosing a bit position in
which to insert both 0 or 1 for the two occurrences of a value on both
sides of the table:
Input: Output: Input: Output:
00000 10100 00100 01111
00101 11111 00001 01010
00110 00111 00010 10110
00011 10010 00111 10001
01100 11110 01000 00011
01001 10101 01101 11011
01110 10011 01010 00000
01011 01000 01111 00100
10100 00010 10000 11100
10001 01110 10101 11101
10010 01011 10110 01001
10111 00001 10011 11010
11000 11001 11100 00110
11101 01100 11001 10111
11010 00101 11110 10000
11011 11000 11111 01101
^ ^ ^ ^
This guarantees that changing the one bit used for expansion on the
input side will put you in a completely different permutation; hence,
if instead of starting with S-boxes produced by other means, if I used
this method from the ground up, all the bits would have this property,
which would make the permutation _orthomorphic_. (The patent notes
that for 8-bit S-boxes, there are 510 that are orthomorphic.) Since
such a permutation provides perfect diffusion, it is claimed to be
good for cryptographic purposes.
Otherwise, the cipher is illustrated as a classical Shannon S-P
network, like that which appeared in the Scientific American article
on Lucifer (not the Feistel round structure which Lucifer actually
used), using S-boxes constructed this way as its components.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (NFN NMI L.)
Subject: Re: Key exchange using Secret Key Encryption
Date: 30 Mar 2000 08:40:50 GMT
<<I am looking for a method of key exchange that only involves secret key
encryption. The method should also be immune to man-in-the-middle
attack. The scenario I am looking at is described below.
Alice and Bob are complete strangers and have only one channel of
communication. The Channel being the Internet. They only have at their
disposal a secret key encryption method>>
When you say that Alice and Bob are using the Internet (and can only use the
Internet), you may as well say that Alice passes her messages to Eve, who gets
to play with them before passing it to Bob. Man-in-the-middle cannot be
prevented because Alice cannot make sure that she is really talking to Bob if
all she has is the Internet. If they know each other in real life, they could
set up a voice link and end up with a secure asymmetric link (Bob says, "Hey
Alice, my PGP fingerprint is...", and Alice knows it's Bob because of his
voice.) Oh well.
-*---*-------
S.T. "andard Mode" L.
STL's Quotation Archive: http://quote.cjb.net
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Thu, 30 Mar 2000 08:57:10 GMT
In article <
[EMAIL PROTECTED]>,
"Douglas J. Renze" <[EMAIL PROTECTED]> wrote:
>
> If the NSA, CIA, or FBI wants your PGP key, they've probably also already
> got a pretty heavy body of message traffic and a pretty good idea what's in
> that traffic; it's not worth it for a fishing expedition. If that's the
> case, they've got a lot of ways to get your key. They can pick you up and
> pump you full of pentathol. They can beat it out of you. Probably the
> fastest way would be to put a gun to your son/daughter/wife's head and say,
> "Give me the key or I'll pull the trigger."
>
This seems nonsensically paranoid.
Instead, you should be grateful for the many
fine services these agencies provide. For
instance, Big Brother now offers this
convenience- He'll read your email so you
don't have to !-)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Newbie, Where should I start,
Date: Thu, 30 Mar 2000 09:38:54 GMT
"Handbook of applied cryptography" is fairly good and can be downloaded
for free at:
http://cacr.math.uwaterloo.ca/hac/index.html
Neil.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Slip Gun <[EMAIL PROTECTED]>
Subject: Re: Basic info on cryptography
Date: Thu, 30 Mar 2000 10:55:53 +0100
Reply-To: [EMAIL PROTECTED]
Slip Gun wrote:
>
> Where can a newbie to cryptography find info on the subject? Eg how to
> write asymetrical (sorry about spelling) code, what they mean when they
> say 128-bit encryption, etc. A website would be useful.
> Thanks,
> Ed
> --
> Those who trade privacy in favour of security will soon find that they
> have neither.
Thanks to all who replied.
Ed
--
Those who trade privacy in favour of security will soon find that they
have neither.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.math
Subject: Re: prime solution
Date: Thu, 30 Mar 2000 10:20:03 GMT
In article <8btg7r$c5b$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> Just what we need; YAC (Yet Another Crank)
>
Perhaps, in usenet discussion groups, the
emergence of connections to YACs is
unavoidable due to Ramsey Theory :) Or, if
you want to waste time we could derive an
equation for predicting the occurrence of YACs
(kind of like the silly Drake equation for
estimating the prevalence of extraterrestial
life).
> This is unadulterated horsesh*t
>
Aaahhhh, yes
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
And don't try to teach him rectangular
coordinates or you will be putting Descartes
before the horse !-)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: sci.stat.math
Subject: Re: Q: Differencing time series
Date: Thu, 30 Mar 2000 13:03:34 +0200
Radford Neal wrote:
>
> >> About the only thing the above method looks to be good for is as a
> >> homework problem.
> >
> >If you think that my questions are so simple, then would you care
> >to say at least something? At least the first two questions need
> >not have anything associated with practical applications.
>
> I didn't say the questions were simple, just not useful.
>
> Which is exactly why they seem very much like homework problems, which
> we don't answer.
You have not said anything at all to the first two questions, which
are asking about some theoretical points. What are your criteria
of some theorecitcal questions in mathematics being useful or
not? Not very seldom one sees people claiming others' questions to
be 'homework' in order to (1) hide one's own inability to solve
the problems and (2) 'demonstrate' one's knowledge level to
be exceptionally high. A real expert with profound knowledge
either answers the questions or gives hints or else, if he consider
that to be not worth his time and effort, simply says nothing.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 13:20:23 +0200
John Savard wrote:
>
> An S-box of twice the size is produced by choosing a bit position in
> which to insert both 0 or 1 for the two occurrences of a value on both
> sides of the table:
>
> Input: Output: Input: Output:
> 00000 10100 00100 01111
> 00101 11111 00001 01010
> 00110 00111 00010 10110
> 00011 10010 00111 10001
> 01100 11110 01000 00011
> 01001 10101 01101 11011
> 01110 10011 01010 00000
> 01011 01000 01111 00100
> 10100 00010 10000 11100
> 10001 01110 10101 11101
> 10010 01011 10110 01001
> 10111 00001 10011 11010
> 11000 11001 11100 00110
> 11101 01100 11001 10111
> 11010 00101 11110 10000
> 11011 11000 11111 01101
> ^ ^ ^ ^
>
> This guarantees that changing the one bit used for expansion on the
> input side will put you in a completely different permutation; hence,
> if instead of starting with S-boxes produced by other means, if I used
> this method from the ground up, all the bits would have this property,
> which would make the permutation _orthomorphic_. (The patent notes
> that for 8-bit S-boxes, there are 510 that are orthomorphic.) Since
> such a permutation provides perfect diffusion, it is claimed to be
> good for cryptographic purposes.
In the last line of the table
> 11011 11000
> ^ ^
on one side a 0 is inserted, while on the other side a 1. Is this
a printing error? BTW, what is a orthomorpic permutation? Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Key exchange using Secret Key Encryption
Date: Thu, 30 Mar 2000 11:23:42 GMT
In article <8bufbm$g75$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Please excuse a newbie question.
>
> I am looking for a method of key exchange that only involves secret
key
> encryption. The method should also be immune to man-in-the-middle
> attack. The scenario I am looking at is described below.
>
> Alice and Bob are complete strangers and have only one channel of
> communication. The Channel being the Internet. They only have at their
> disposal a secret key encryption method. For the sake or argument,
this
> method is Bob Schnier's Twofish. It can be assumed that Alice and Bob
> are both connected to the internet concurrently, so multiple pass
> protocals can be used. How can Alice and Bob start communicating and
> protect their messages.
Usually the Diffie-Hellman key exchange is used. However, this method is
NOT immune to man-in-the-middle attacks. In order to protect against
man-in-the-middle attacks, you can use digital signatures on the
messages exchanged in the key exchange. However, this requires that
Alice and Bob can securely transfer each others public keys, and since
in this scenario we can only communicate using the internet, it is not
possible.
In conclusion, there must be some way of securely exchanging information
in order to setup a completely secure connection. If we only
have the Internet, we have a cach 22 situation where we can
only setup a secure connection if we have already done so
before.
Strangely enough, many "secure" connections, such as those used in
browsers, completely ignore the man-in-the-middle problem.
-Erik Runeson
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Coderpunks Query on Teledyne Crypto
Date: Thu, 30 Mar 2000 11:25:33 GMT
On Thu, 30 Mar 2000 13:20:23 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>In the last line of the table
>
>> 11011 11000
>> ^ ^
>
>on one side a 0 is inserted, while on the other side a 1. Is this
>a printing error?
No, the bits are essentially random, except that in one copy of 11x11,
a 0 must be inserted, and in the other copy, a 1 must be inserted, and
in one copy of 1x000 a 0 must be inserted, and in the other copy, a 0
must be inserted.
As to what an orthomorphic permutation is, I did not see a clear
explanation of that in the patent.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: prime solution
Date: Thu, 30 Mar 2000 11:29:40 GMT
On Wed, 29 Mar 2000 17:58:29 GMT, Bob Silverman <[EMAIL PROTECTED]>
wrote, in part:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] wrote:
>> This solution, as trivial as it is, has been
>> hidden from us until now.
>Who is "us"?? What makes you think it has been hidden?
Well, he said he hadn't given the ending away: and the "ending" is
claimed to be an easy way to factor any large number. What makes him
thing that _that_ is not visible is the fact that people still regard
RSA as secure, and consider factoring a difficult problem.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
