Cryptography-Digest Digest #487, Volume #11 Tue, 4 Apr 00 17:13:01 EDT
Contents:
Re: Looking for Algorithm (wtshaw)
Re: Key exchange using Secret Key Encryption (wtshaw)
Re: GSM A5/1 Encryption (Matt Linder)
Re: Encryption strength proportional to encrypted message length? ("Joseph Ashwood")
Re: Q: Entropy (Mok-Kong Shen)
Looking for steganography example ("Frank Sundgaard Nielsen")
Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is trying
to silence our program? It's not working...) ("anonymous")
Re: Q: Entropy ("Joseph Ashwood")
Re: RNG based on primitive multiplicative generator. ("Douglas A. Gwyn")
Re: OAP-L3: Semester 1 / Class #1 All are invited. (lordcow77)
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: The lighter side of cryptology ([EMAIL PROTECTED])
Re: Looking for steganography example (John Savard)
Re: NSA (Johnny Bravo)
Re: Looking for steganography example (Xcott Craver)
Re: NSA ([EMAIL PROTECTED])
enigma returned ([EMAIL PROTECTED])
Re: Key exchange using Secret Key Encryption (John Savard)
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Harvey Rook")
Re: OAP-L3: Semester 1 / Class #1 All are invited. ("Harvey Rook")
time-lock crypto (Tom St Denis)
Re: time-lock crypto (Tom St Denis)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Looking for Algorithm
Date: Tue, 04 Apr 2000 12:27:20 -0600
In article <8carjm$mn9$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Help!
> I looking for an algorithm that does the following
> - splits a message in 2 parts,
> - hashes every line
> - so that key and lock have always the same bit-length.
> Maybe a stupid question, but i am new to cypto.
> I have read about somewhere in the web , but I can't
> remember the name of it - i need it for one of my projects.
> Many thanks and a nice day
>
Forget line divisions with single carriage returns and line feeds as these
are usually transparent to the user and not necessary for inclusion is a
text stream. They were necessary to early teletype machines to make the
receiver a slave to the transmitter. Everything goes well if the
communications are sound, otherwise lots of ruined paper with garbage was
need to be discarded.
Computers can be more intelligent than that, but some presist in 150
year-old thinking in this area.
--
Given all other distractions, I'd rather be programming.
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Key exchange using Secret Key Encryption
Date: Tue, 04 Apr 2000 12:36:32 -0600
In article <8cb1lj$tou$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> So, under the following assumptions, SSL connections are secure:
> 1. The crypto in the browser is correctly implemented and unmodified.
> 2. The certificate database in the browser is correct.
> 3. The certificate authorities do their jobs.
> However, given that in many cases the browser is downloaded
> (unencrypted) over the Internet, assumptions 1 and 2 can be
> questionable. And I don't even want to think about assumption 3.
> The flip side of this is that an attacker would have to tweak your
> browser or cert database (meaning access to your machine, or advance
> preparation to compromise your browser when you download it) or
> compromise a CA before they could even begin to mount the active attack
> required to compromise SSL communications.
The assumptions and presumptions that people often make and others are
willing to sell them are generous in fulfilling users' needs to feel
secure. Internet security is too often smoke and mirrors, inadequate,
meant to benefit others more than you, even abuse you in the long run.
The belief that what you don't know won't hurt you is a staple of the
industry.
--
Given all other distractions, I'd rather be programming.
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
From: Matt Linder <[EMAIL PROTECTED]>
Subject: Re: GSM A5/1 Encryption
Date: Tue, 04 Apr 2000 19:34:05 GMT
In article <[EMAIL PROTECTED]>,
stanislav shalunov <[EMAIL PROTECTED]> wrote:
>
> Bruce Schneier mentions in AC2 that, e.g., CELP was designed by the
NSA.
> The final encoding before encryption might provide enough known
plaintext.
>
Im sure I will show how niave I am with this question, but from my
understanding of how A5 works, even knowing 2 of the 3 inputs
(plaintext and frame number) to the algorithim, I dont see how this
helps find the third piece (the 64 bit key) wouldn't you still have
to run through all the 64 bit combinations (54 bits really I understand)
Matt
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Encryption strength proportional to encrypted message length?
Date: Tue, 4 Apr 2000 12:36:51 -0700
My own thoughts on a potential solution.
Assuming A makes the file, A sends to B, and V verifies the
file.
A makes 2 files. File 1 is the full XML document. File 2 is
only the XML tags.
File 2 is hashed, the hash and file 2 are sent to V.
File 1 is sent to B.
V determines if File 2 is properly formed.
If File 2 is properly formatted, V makes a signature out of
the hash (which may be recomputed to verify it)
V sends the signature to B.
B computes File 2 from File 1 by stripping out the tags.
B computes the hash of file 2 and verifies the signature
supplied by V.
I have omitted statements of how to protect the documents in
transit, just use the standard mechanisms (public key/secret
key type).
Joe
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 04 Apr 2000 21:54:10 +0200
Niklas Frykholm wrote:
>
> >My point is that the difficulty lies in quantifying (as against
> >qualifying) entropy in actual practice. This conforms to what
> >you said. To exaggerate a bit, entropy seems like beauty. Most
> >people would agree that some of the famous stars are prettier
> >than an average woman, but it is hard to say by just how much or
> >to compare two of the stars. Under such conditions, I suppose
> >that the question could be legitimately asked whether arguments
> >in practical situations employing entropy, say, whether a password
> >has more entropy than another or how much entropy one has
> >collected through certain means, shouldn't be considered to be
> >essentially fuzzy and at least looked upon with one or several
> >grains of salt.
>
> True, the mathematical definition of entropy may have little to do with the
> actual difficulty of guessing a password.
>
> For example, suppose I roll a dice. If the dice shows 1-3 I select the
> password "akjhdeiune2894n", if the dice shows 4-6 I select the password
> "kfhr3487nfkhed3". Now the entropy is only 1 bit, but the password will
> still be hard to guess, because the attacker does not know how I selected my
> password.
>
> I. e., the choice of the password selection procedure in itself carries an
> ammount of entropy, so perhaps the real entropy is entropy(choice of
> password selection procedure) + entropy(choice of password). But then of
> course, if the attacker does not know how I selected my password selection
> procedure we must add an additional term entropy(choice of way of selecting
> password selection procedure) and so on ad infinitum... ;)
>
> Here is another possible definition of the entropy of a password:
>
> The number of extra bits required to specify the password
> given all the information in the attacker's brain
I think that what you said is indeed worth noting. To mention a
situation in different context: If I use a perfect coin to generate
a bit sequence, it has the full entropy corresponding to the length
of the sequence. But this entropy value is based on my knowledge of
the process of generation and (what I suppose is more important for
use of the sequence in encryption) depends on the fact that I am
the single person in possession of the sequence. If I hand out the
sequence to someone else, then the same sequence has exactly zero
entropy for him for encryption purposes in my humble opinion (for I
know his 'secret' OTP and can utilize that to crack his encipherments).
The choice of any procedures, if these can be kept secret from the
opponent (which I suppose is possible in many practical situations),
does contribute to strength in general in crpto systems. As a
particular example of situations where this may apply, I like to
recall the recently discussed topic of multiple encryption where
one has a choice of the encryption algorithms and their diverse
combinations (in either serial or parallel form of combination).
M. K. Shen
------------------------------
From: "Frank Sundgaard Nielsen" <[EMAIL PROTECTED]>
Subject: Looking for steganography example
Date: Tue, 04 Apr 2000 19:59:38 GMT
I'm looking for an example of steganography that I've seen somewhere, but
can't find now.
It consists of 2 b/w pictures. One says "E=MC2", and the other says "3.14".
Put them on top of eachother and you get a smiley face.
Does anyone know where I can find this and possibly who made it? I thought
it was a really good way to explain steganography in a non-technical way.
Frank
------------------------------
Crossposted-To: alt.privacy
Subject: Re: Magnetic Remenance on hard drives. (was: Re: Evidence Eliminator - Who is
trying to silence our program? It's not working...)
From: "anonymous" <[EMAIL PROTECTED]>
Reply-to: [EMAIL PROTECTED]
Date: Tue, 4 Apr 2000 19:11:43 GMT
On 4-Apr-2000, "xyz" <[EMAIL PROTECTED]> wrote:
> Instead of using your commercial product, I use BC Wipe which is free from
> http://www.jetico.com/ . Runs on Win9x, ME & 2K.
Shredding the files isn't the only problem. EE does a whole more!
______________________________________________________________
Posted via Uncensored-News.Com, http://www.uncensored-news.com
Only $8.95 A Month, - The Worlds Uncensored News Source
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Tue, 4 Apr 2000 13:03:13 -0700
> There is no new language. I remain in the domain of
English. In
> such situations I am not sure of the entropy remaining the
same.
> For I could exchange some nouns or verbs such that the new
sentence
> does not have any sense in the real world, even though it
remains
> to be correct grammatically. (For instance, one
substitutes 'cat'
> for 'computer', 'eat' for 'invent' etc.) In that case the
> probability of that sentence occuring in the language (as
ensemble
> of sentences formulated by people) would be much smaller
than the
> original, I believe.
It depends on how your convolution of English works. If it
is a simple substitution (e.g. take the dictionary, replace
each word with the word after it), if the subsitution is
known to the attacker, the entropy of the message remains
the same as the english version, if the substitution is
determined on an individual message masis, it's more
complex. I was a bit unclear on how you were doing the
substitution, I was under the impression taht it might be a
complete translation maintaining grammar, leading to some
ambiguity as to whether there was a 1 to 1 relationship. The
likelihood of it being a sensible sentence is actually a
non-issue, because you are changing the language, given that
you must consider it within the language (substitution) of
your message. For example considering "Je parle seulement
anglais" in english is useless, but considering it in French
it becomes an at least somewhat sensible sentence (I used
http://babel.altavista.com to translate "I speak only
english" from English to French). The sentence will have
approximately the same amount of entropy as it's English
translation so around 20-bits, however since I don't know
French the French version may have various issues that make
it non-standard French, and I also don't know if there is a
1-1 onto relationship between those sentences.
Joe
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: RNG based on primitive multiplicative generator.
Date: Tue, 4 Apr 2000 19:02:53 GMT
Mike Rosing wrote:
> your dot operation is Trace(a+b). My gut reaction is that this is too
> linear, but I'm not going to try to prove it :-)
No need, that's a well known property of the inner product.
------------------------------
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
From: lordcow77 <[EMAIL PROTECTED]>
Date: Tue, 04 Apr 2000 13:13:32 -0700
In article <[EMAIL PROTECTED]>, DMc
<[EMAIL PROTECTED]> wrote:
>
> Fascinating bull hockey; Take the simple Park and Miller
minimal
>standard generator with an initial seed of 1. Now tell me the 1
073
>741 825th seed value without running the generator.
>
Not true; the nth iterate of a LCG can be calculated based
solely on the seed value to the generator. Hint: think modular
exponentiation.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Tue, 04 Apr 2000 20:20:15 GMT
In article <8c0v63$ej6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Xcott Craver) wrote:
> <[EMAIL PROTECTED]> wrote:
> >I just saw this limerick which isn't
> >extremely funny but at least it's a start:
>
> [Limerick]
>
> How about:
>
> An Alice and Bob in the slammer,
> To communicate under a jammer,
> Sent innocuous text
> To the group alt.sex
> But were buried by mail from a spammer.
>
>
It is better rhythmically than the one I wrote. Here's a funny
crypto bit that some of you may have seen before:
http://www.eff.org/pub/Net_culture/Folklore/Humor/crypto_subpoena.hoax
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The lighter side of cryptology
Date: Tue, 04 Apr 2000 20:26:13 GMT
In article <8c0v63$ej6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Xcott Craver) wrote:
> <[EMAIL PROTECTED]> wrote:
> >I just saw this limerick which isn't
> >extremely funny but at least it's a start:
>
> [Limerick]
>
> How about:
>
> An Alice and Bob in the slammer,
> To communicate under a jammer,
> Sent innocuous text
> To the group alt.sex
> But were buried by mail from a spammer.
>
>
It is better rhythmically than the one I wrote. Here's a funny
crypto bit that some of you may have seen before:
http://www.eff.org/pub/Net_culture/Folklore/Humor/crypto_subpoena.hoax
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Looking for steganography example
Date: Tue, 04 Apr 2000 20:46:56 GMT
"Frank Sundgaard Nielsen" <[EMAIL PROTECTED]> wrote,
in part:
>It consists of 2 b/w pictures. One says "E=MC2", and the other says "3.14".
>Put them on top of eachother and you get a smiley face.
I think you're looking for 'Visual Cryptography', which was an article
in Scientific American a couple of years ago.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: NSA
Date: Tue, 04 Apr 2000 16:33:03 -0400
On Tue, 04 Apr 2000 03:52:47 GMT, [EMAIL PROTECTED] wrote:
>necessary). It's illegal for the NSA to spy on
>Americans living in the U.S., and, thus, it
>might be illegal for them to gather potentially
>incriminating intel from or about Americans
>here who are using the Internet, usenet, etc.
>Perhaps Britain, e.g., does collect the intel and
>shares some of its findings with the U.S.
But nothing prevents other three letter agencies from doing so.
The FBI would probably be interested, and due to the public nature
of the net they wouldn't even have to worry about getting a warrant
to read posts from people they have an interest in.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: [EMAIL PROTECTED] (Xcott Craver)
Subject: Re: Looking for steganography example
Date: 4 Apr 2000 20:43:39 GMT
Frank Sundgaard Nielsen <[EMAIL PROTECTED]> wrote:
>
>It consists of 2 b/w pictures. One says "E=MC2", and the other says "3.14".
>Put them on top of eachother and you get a smiley face.
This sounds like Douglas Stinson's "Visual Cryptography."
Check out his homepage on the subject, including some examples,
at http://cacr.math.uwaterloo.ca/~dstinson/visual.html.
>Frank
-Scott
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NSA
Date: Tue, 04 Apr 2000 20:39:50 GMT
In article <[EMAIL PROTECTED]>,
JimD wrote:
> On Tue, 04 Apr 2000 03:52:47 GMT, [EMAIL PROTECTED] wrote:
>
> > I'd place a side bet that you'd win your bet.
> >Supposedly, the UK's Defence Evaluation &
> >Research Agency maintains the last 90 days of
> >usenet messages (which are meant to be
> >analyzed by computers and then humans if
> >necessary). It's illegal for the NSA to spy on
> >Americans living in the U.S....
>
> Nothing to stop them doing it in the UK, Canada,
> Australia or New Zealand, is there?
>
I don't know but "Publisher?" wrote earlier in sci.crypt that the
NSA & CIA are now opposed to the the potential formation of an EU group
that wants to investigate, at least, how Echelon has been used. Perhaps
the only significant obstacles so far have been technological.
I toy with Big Brother, yet He will not share His toys with me :-(
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: enigma returned
Date: Tue, 04 Apr 2000 20:42:20 GMT
I have just heard (21.30 04/04/00)that a 50 year old man from Bedford,
England, has been arrested for the theft of the enigma machine from
Bletchley Park. No further details known.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Key exchange using Secret Key Encryption
Date: Tue, 04 Apr 2000 20:50:31 GMT
[EMAIL PROTECTED] wrote, in part:
>Maybe I am not reading it right but from Mike Rosing's book it would
>seem the Massey-Omura protocol would make MITM impossible. Am I
>mistaken ?
That is only true if you have another channel to verify that your
intended recipient got your first message before you replied to the
second message. A man in the middle could still execute the complete
protocol with you, then pass the message along by executing the
complete protocol with the recipient.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Harvey Rook" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Tue, 4 Apr 2000 13:57:45 -0700
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message > For any who
need a lesson: first a random digit triplet is formed
> directly from the random digit generator. If this number is
> greater than 767 it is discarded. Otherwise this number is
> divided by 3 and the remainder is truncated. This and all
> subsequent random numbers from 000 - 255 calculated in this manner
> are then stored in RandOut files usually having a length of
> 18144000 binary bytes each. These several RandOut files are
> further processed repeatedly using as many as ten different
> processes. All processes use true random user input as parameters.
> Finally, these RandOut files are combined randomly in the OTPs again
> using true random user input. This is it in a nutshell. Read the
> documentation available in the Help Files for more details at
> http://www.ciphile.com
>
Out of curiosity, Why are you generating biased numbers?
0 and 255 will show up much less often than 127 and 128.
This operates on the same principle as rolling 3 dice,
summing them up and then dividing by 3. The value of 1
and 6 will only show up about 0.5 % of the time, but the
value of 3 will show up 8.3% of the time.
Harvey Rook
------------------------------
From: "Harvey Rook" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Tue, 4 Apr 2000 13:57:45 -0700
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message > For any who
need a lesson: first a random digit triplet is formed
> directly from the random digit generator. If this number is
> greater than 767 it is discarded. Otherwise this number is
> divided by 3 and the remainder is truncated. This and all
> subsequent random numbers from 000 - 255 calculated in this manner
> are then stored in RandOut files usually having a length of
> 18144000 binary bytes each. These several RandOut files are
> further processed repeatedly using as many as ten different
> processes. All processes use true random user input as parameters.
> Finally, these RandOut files are combined randomly in the OTPs again
> using true random user input. This is it in a nutshell. Read the
> documentation available in the Help Files for more details at
> http://www.ciphile.com
>
Out of curiosity, Why are you generating biased numbers?
0 and 255 will show up much less often than 127 and 128.
This operates on the same principle as rolling 3 dice,
summing them up and then dividing by 3. The value of 1
and 6 will only show up about 0.5 % of the time, but the
value of 3 will show up 8.3% of the time.
Harvey Rook
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: time-lock crypto
Date: Tue, 04 Apr 2000 21:04:45 GMT
Here's another idea for time-lock crypto.
Variables.
p = large prime
q = large prime.
n = time threshold (*)
Choose q such that n <= S(q - isqrt(pq))
Hash p with something like HAVAL and use that to symmetrically encrypt a
message.
Then you can factor using Algoritm C (P 387, vol2 of knuth) to factor
the number in n or less seconds.
--
How it works?
Well if we choose are primes large enough, NFS will not be able to
factor it, nor will QS [obviously]. So the only alternative is Alg.C.
So we can tailor the algorithm to that. IF we assume a single operation
of Alg.c takes about S seconds (we are in the 1/1000ths of a second),
then
S(q - isqrt(pq))
Will be about the time required to factor the number. From what I can
tell you can only run Alg.C in serial, so only one computer can work on
it at a time.
So basically the only way to extract the key from that is to factor it
or guess the hash of p.
--
Points of attacks?
Well if you know the time it should take, then you know 'q', that is
Sq - Sisqrt(pq) = n
Sq = n + Sisqrt(pq)
q = n/S + isqrt(pq)
Which means our estimate of 'n' or 'S' has to be incorrect. Which means
we can lie about it. We can say 'it will take 10 years', when infact it
will take 12, or 8.
You can also not give out 'n'. Just give out n=large composite,
C=garbage and let them solve it. If you make the puzzle correctly they
should find the solution in the time *you* want them to.
Better factoring?
--
Any comments are certainly appreciated.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: time-lock crypto
Date: Tue, 04 Apr 2000 21:08:44 GMT
I forgot their is an optimization to run Alg.C in O(N^1/3) time, so you
can make your time required...
n <= MAX(O(N^1/3), S(q - isqrt(pq))).
Also when I said 'not give out 'n'' I meant the expected time. Of
course you give out 'N = pq'..
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
