Cryptography-Digest Digest #480, Volume #11 Mon, 3 Apr 00 23:13:01 EDT
Contents:
Re: NSA ([EMAIL PROTECTED])
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Taneli Huuskonen)
Re: I will make ANY software for ANYBODY (Paul Schlyter)
Re: I will make ANY software for ANYBODY (Paul Schlyter)
Re: Simple authentication protocol: any good? (Anne & Lynn Wheeler)
Re: Keeping numbers small in RSA ([EMAIL PROTECTED])
Re: Can anyone decrypt this? ("John Stone")
Re: NSA (Johnny Bravo)
Cryptoanalysis Algorithms (J4RR3LLS)
Re: Massey-Omura protocol & ECC (Mike Rosing)
BestCrypt and BCWipe for linux (Chem-R-Us)
Re: BestCrypt and BCWipe for linux (Chem-R-Us)
Re: Simple authentication protocol: any good? ([EMAIL PROTECTED])
Re: BestCrypt and BCWipe for linux (Chem-R-Us)
Re: The lighter side of cryptology ([EMAIL PROTECTED])
GSM A5/1 Encryption (Matt Linder)
Re: Disc encryption software question ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NSA
Date: Mon, 03 Apr 2000 23:55:31 GMT
In article <
[EMAIL PROTECTED]
om>,
Johnny Bravo <[EMAIL PROTECTED]> wrote:
>
> Precisely. There is a guy getting paid more 6 figures to read this
> group and publish a monthly report entitled. "Intelligence Gathered
> from Various Diverse Sources with Close Ties to Multiple Crypto
> Assets."
Seriously, is this true? I cannot tell if you
are just making a funny.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: 4 Apr 2000 03:09:27 +0300
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <[EMAIL PROTECTED]> lordcow77
<[EMAIL PROTECTED]> writes:
[...]
>so that he does not have the ability to, say, substitute output
>from RC4 or a block cipher in OFB mode as the output of his own
>algorithm.
Then he wouldn't be able to produce a corresponding key afterwards.
Taneli Huuskonen
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOOkygV+t0CYLfLaVEQIpWwCgro60IL/MUen682TCfI+OBVAZL5oAn1pj
kDjfxk8UXaXDbd1MbI5Sa+72
=Rml0
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: I will make ANY software for ANYBODY
Date: 4 Apr 2000 00:18:46 +0200
In article <8cae5q$[EMAIL PROTECTED]>,
Guy Macon <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>(Jerry Coffin) wrote:
>
>>In article <8c8hvc$pnm$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>>says...
>>
>>[ ... ]
>>
>>> Thanks. I'd like the Windows-2000 operating system ported to the
>>> ENIAC. I'd like it to be finished the day after tomorrow, and this
>>> project should cost no more than $2. I request it to be delivered on
>>> ENIAC-readable paper tape. No bugs will be tolerated.
>
> ENIAC was not a stored program computer, nor did it have a paper tape.
> input was switches and jumpers, output was lights. As usual, most
> problems in engineering projects are tracable to bugs in the requirements.
OK, I really had BESK in mind (BESK = Binary Electronic Sequence
Kalculator, a vacuum tube stored-program computer, built in one copy
in Sweden in the middle 1950'ies -- for a few weeks it was the world's
fastest computer), but since BESK isn't well-known outside Sweden,
I picked ENIAC instead. Apparently I erroneously assumed it had
similar capabilities.
> [ http://www.seas.upenn.edu/~museum/qman/quick.html ]
>
> >I'll be happy to take this on. Of course, you have to supply the
> >working ENIAC, its staff of full-time technicians to keep it running,
> >and (of course) getting my house wired to power it... <G>
>
> Don't make promises that you can't keep on the assumption that your
> conditions cannot possibly be met. See the following web pages for
> a real ENIAC that you can buy today.
Didn't IBM also make an ENIAC-on-a-chip ?
> [ http://www.ee.upenn.edu/~jan/eniacproj.html ]
> [ http://www.upenn.edu/computing/printout/archive/v12/4/chip.html ]
I guess he's safe anyway, since these machines most likely will break
that $2 budget.
>> Just to make sure the staff is up to speed, we'll need an EDSAC,
>> an EDVAC and a Mark I for a month ahead of time as well...
>
> Now you are padding the contract. The original ENIAC programmers
> didn't need those new-fangled contraptions, so why should you?
As a matter of fact, the Mark I predated the ENIAC....
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: I will make ANY software for ANYBODY
Date: 4 Apr 2000 00:18:12 +0200
In article <[EMAIL PROTECTED]>,
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> Paul Schlyter wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> ECN UltraTrader <[EMAIL PROTECTED]> Wrote:
>>
>>> I manage a VAST group of programmers specializing in all fields of
>>> software development. If you have an idea for software that you would
>>> like to develop or are currently working on software but would like
>>> to save time & money, I can help. I offer the CHEAPEST software
>>> development rates in the United States. I can help you in developing
>>> ANY type of software with any provisions you may have
>>> (confidentiality, time limitations, etc). If you are interested,
>>> email me, and I will personally send you more information.
>>
>> Thanks. I'd like the Windows-2000 operating system ported to the
>> ENIAC. I'd like it to be finished the day after tomorrow, and this
>> project should cost no more than $2. I request it to be delivered on
>> ENIAC-readable paper tape. No bugs will be tolerated.
>>
>> I'm looking forward to cooperate with you. If you manage this
>> project, on time and within budget, I have some other, bigger,
>> projects in the pipeline -- or else I'll have to find someone
>> else to do them....
>
> There are two reasons you don't want to do this. First, you would need a
> large farm of paired ASR33s to make a paper tape swap device (_ugly_
> concept). Second, the time required to boot the system would be much longer
> than the average uptime of W2K.
>
> But as a test of the capabilities of the development group it will do to
> screen out those who make silly performance claims. ;-)
Perhaps the ultimate porting project would be to port Win-2000 to
a Turing machine.... :-)))))))))))))))))
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
Subject: Re: Simple authentication protocol: any good?
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Tue, 04 Apr 2000 00:27:23 GMT
[EMAIL PROTECTED] (David S. Harrison) writes:
F> I have need for a simple authentication protocol that can be used
> to insure that a client, speaking to a custom server, cannot be
> easily emulated. Due to the nature of the connection between client
> and server, I must assume that it is very easy to watch the traffic
> between the two.
we've worked with organizations for an AADS version of RADIUS ...
i.e. effectively a digital signature challenge/response in radius.
Radius sends something to be signed ... it gets signed and the
signature returned. the server then verifies the signature using
public key registered for the specific user/account (i.e. public key
registered in place of password). ISPs that use RADIUS for internet
access ... and use web servers that support RADIUS for client
authentication ... then need only a single administrative
infrastructure for authentication.
basically uses similar AADS infrastructure proposed for X9.59
financial transactions. Challenge for X9.59 was lightweight protocol
for all electronic retail payments (credit, debit, e-check, prepaid,
etc) that preserves the integrity of the financial infrastructure with
only a digital signature. Assumptions were transaction could flow over
an untrusted network and everything was subject to evesdropping
... including the account number.
misc. refs.
http://www.garlic.com/~lynn/aadsm2.htm#inetpki
http://www.garlic.com/~lynn/aadsm2.htm#account
http://www.garlic.com/~lynn/aadsm2.htm#straw
http://www.garlic.com/~lynn/aadsm2.htm#keylength
http://www.garlic.com/~lynn/aadsm2.htm#pkikrb
http://www.garlic.com/~lynn/aadsm3.htm#kiss3
http://www.garlic.com/~lynn/aadsmore.htm#hcrl2
http://www.garlic.com/~lynn/99.html#230
http://www.garlic.com/~lynn/200b.html#14
http://www.garlic.com/~lynn/8583flow.htm
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.garlic.com/~lynn/ http://www.adcomsys.net/lynn/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Keeping numbers small in RSA
Date: Tue, 04 Apr 2000 00:54:07 GMT
You can use the repeated squaring technique based on the equation:
a**b mod n = ( ... ((a^2 mod n) ^2 mod n) ..etc. Just for
demonstration here's a little C code for 32 bits intergers:
/*** BEGIN ***/
#define INT32 long int
#define UINT32 unsigned INT32
#include <stdio.h>
/* Prototypes */
UINT32 Modular_Exponentiation(UINT32 a, UINT32 b, UINT32 n);
void main(){
UINT32 r;
/* tests */
// result must be 254
r=Modular_Exponentiation(100,3,319);
printf("for a=100,b=3,n=319: r=%ld\n",r);
// result must be 100
r=Modular_Exponentiation(r,187,319);
printf("for a=254,b=187,n=319: r=%ld\n",r) ;
printf("Press a key...");
getchar();
}
/* Calculate (a**b) mod n by repeated squaring */
UINT32 Modular_Exponentiation(UINT32 a, UINT32 b, UINT32 n){
UINT32 d,z,y;
INT32 i;
d=1;
z=sizeof(b)*8-1; /* number of bits; for a long int:from 31 to 0 */
for (i=z; i>=0; i--){
d=(d*d) % n;
y=b << (z-i) >> z; /* test the i'th bit */
if (y == 1)
d=(d*a) % n;
}
return (d);
}
/*** End ***/
[EMAIL PROTECTED] wrote:
>I am having some trouble calculating result = A*B mod n as part of a
>modular exponentiation. The tempory value for A*B gets too big too
>store before the modular reduction. I am limited to 32 bit storage for
>the tempory register.
>Can anybody suggest a technique(s) or algorithm to reduce these
>numbers, ideally to allow large A and B usage.
>Thanks in advance.
>
>Rick
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
------------------------------
From: "John Stone" <[EMAIL PROTECTED]>
Subject: Re: Can anyone decrypt this?
Date: Mon, 3 Apr 2000 21:19:51 -0400
I bet you think this is pitiful, but I still can't figure it out. Any help
would be greatly appreciated.
"Jim Gillogly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
> >
> >
$N!FZ@GW?CW$AYY!G@WC@AY?V!FYX$Y@H@G+X?R$FAG@$Y?G@*BA!FBY*Y?Y@ZY!Q@YX$YVG!W!?
FZB@AG@Y$FZR+BY@G+Y!@HG+
> >
> > I know it is simply a substution encryption scheme, but I can't get it?
>
> Do a frequency count. It's in English, so try to identify the most common
> letters: E, T, A, O, I, N and so on. If you get stuck, look for pattern
> words... the word THAT appears in it. Often the beginning and ending of
> a cryptogram are the easiest entries, but ignore the end this time: they
> truncated the Dickens quote.
> --
> Jim Gillogly
> Sterday, 8 Astron S.R. 2000, 19:12
> 12.19.7.1.8, 6 Lamat 16 Cumku, First Lord of Night
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: NSA
Date: Mon, 03 Apr 2000 21:09:02 -0400
On Mon, 03 Apr 2000 23:55:31 GMT, [EMAIL PROTECTED] wrote:
>> Precisely. There is a guy getting paid more 6 figures to read this
>> group and publish a monthly report entitled. "Intelligence Gathered
>> from Various Diverse Sources with Close Ties to Multiple Crypto
>> Assets."
>
> Seriously, is this true?
That was my point.
>I cannot tell if you are just making a funny.
It was a joke, but it sounds so possible I'd bet $5 that there are
government agents using computer assisted search to read USENET.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: [EMAIL PROTECTED] (J4RR3LLS)
Subject: Cryptoanalysis Algorithms
Date: 04 Apr 2000 01:20:37 GMT
I'm looking for code that will decrypt simple ciphers such as shift and
substitution ciphers. I searched the web, but my effort was unsuccessful.
Does anyone know where I can get some decryption code or do I have to write my
own?
Thanks.
Michael F. Jarrells
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Massey-Omura protocol & ECC
Date: Tue, 04 Apr 2000 01:23:25 GMT
[EMAIL PROTECTED] wrote:
> I've been searching on http://www.patents.ibm.com/ for any patents on
> massey-Omura Key exchange protocol used with ECC and I have not been
> able to find a patent for it.
>
> Is this protocol in the Public Domain or is it just not patented in US ?
I believe you are correct in that it is not patented under ECC. Public
domain ECC versions have been around for several years. Given the way
the US patent office works, this doesn't mean much. But chances are
good
you can use it without infringing on what patents are there.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Chem-R-Us <[EMAIL PROTECTED]>
Subject: BestCrypt and BCWipe for linux
Date: Mon, 03 Apr 2000 18:51:32 -0700
Here I've been beating my head against a wall trying to develop
encrypted volumes for my Linux box. http:www.jetico.sci.fi has released
some beta code that does an exellent job of creatging encrypted volumes.
As all Linux users know, Linux alpha code is much better than gatesware
beta code. And BCWipe is simply excellent. Don't take my word for it, dl
it and give it a whirl.
I have been examining the sources and I have yet to find a problem with
the code.
--
Chem-R-Us
------------------------------
From: Chem-R-Us <[EMAIL PROTECTED]>
Subject: Re: BestCrypt and BCWipe for linux
Date: Mon, 03 Apr 2000 18:53:19 -0700
Chem-R-Us wrote:
OOPS!! http//:www.jetico.sci.fi has released
--
Chem-R-Us
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Simple authentication protocol: any good?
Date: Tue, 04 Apr 2000 01:31:37 GMT
In article <38e92d22$0$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David S. Harrison) wrote:
> ... When the client
> first connects to the server, the server responds by sending
> a pseudo-random integer computed via Knuth's linear congruential
> algorithm that is seeded using the current time of day.
I think there are better ways to handle this particular detail of the
protocol. It is generally a good advice to avoid using linear
congruential algorithms for cryptological purposes. I suggest that you
let the client send a pseudo-random integer n based on the timing of
the user's mouse clicks and key strokes instead. Let the server
calculate x = f(n), store x in a file F, calculate a hash y out of the
current contents of the file F and send y.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Chem-R-Us <[EMAIL PROTECTED]>
Subject: Re: BestCrypt and BCWipe for linux
Date: Mon, 03 Apr 2000 18:54:11 -0700
Chem-R-Us wrote:
>
> Chem-R-Us wrote:
>
> Criminy: http://www.jetico.sci.fi has released
>
> --
>
> Chem-R-Us
--
Chem-R-Us
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Tue, 04 Apr 2000 02:01:02 GMT
In article <
8ca75t$hqm$[EMAIL PROTECTED]>,
"Test" <[EMAIL PROTECTED]> wrote:
> The scary part is I think this thread is funny!
Do not be afraid for you are not alone.
Sheesh, I need to watch more
> television.
This could be even scarier- try watching
the "Jerry Springer Show".
DES users do it in blocks and chains.
(Markov also did it in chains.)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Matt Linder <[EMAIL PROTECTED]>
Subject: GSM A5/1 Encryption
Date: Tue, 04 Apr 2000 02:34:30 GMT
I am new to this group, but enjoy reading it. I also like the humor :)
I know just enough about cryptology to know that most of it is over my
head.
I am into cell phones, and I know that the days of the old analog FM
phones are gone, replaced by the digital guys.
My question is how difficult is it or would it be to decrypt (in real
time) the over the air voice traffic in GSM (and TDMA) that have been
encrypted using the A5/1 stream cypher?
I have done some research on the internet, and have found conflicting
information. some make it sound like its not so hard, but others make
it sound almost impossible (especially in real time) I think the latter
is the general consensus.
My naive understanding is that with a 64 bit key, it would take forever
to try each key.
What is the truth?
I have seen some ads from companies like G-com in new york that
advertise GSM intercept equipment for sale (to law enforcement only of
course !)
P.S. Some people imply that the NSA made it weak on purpose, but after
doing some research it sounds like it would be difficult even for
them. Do you think they have a machine that can do it?
thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Disc encryption software question
Date: Tue, 04 Apr 2000 02:43:21 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]>
wrote:
> >
> > If you work in vision research do you happen
> > to know anything technical about the new
> > GVPP chip (generic visual perception
> > processor)? It can recognize colors and
> > motion and can handle *20 Billion*
> > instructions per second (compared to a few
> > million instructions/ second by Pentium class
> > processors).
>
> The "instructions: in the two devices are in no way comparable. A general
> purpose CPU is far more complicated than that of a regular matrix of picture
> cells. The regularity buys you many benefits. First the line/column sizes are
> fixed, so can be optimized to minimize overhead. Second, the regularity of the
> data elements and their addressing means that you can pipeline each "instruction"
> to the maximum bandwidth of the instruction store. And of course you can add an
> almost arbitrarily large number of ALUs to parallelize the whole thing. Bottom
> line is that the overall throughput is barely related to the time it take to
> complete a single instruction.
>
> This doesn't begin to scratch the surface because the most effective organization
> of a pattern detector is not close to the architecture of a classical computer
> (vN).
>
I don't know anything technical about the
GVPP and did not mean to imply that its
architecture or functionality is like that of a
Pentium. I was only trying to say that the
GVPP is supposed to have much greater
performance running its intended tasks than a
pc chip would have running the same tasks.
Sorry for any confusion.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
