Cryptography-Digest Digest #552, Volume #11 Sat, 15 Apr 00 13:13:01 EDT
Contents:
Re: Open Public Key (Tom St Denis)
Re: BlowWire (Tom St Denis)
Re: $100 Code Challenge (Tom St Denis)
Re: Is AES necessary? (Tom St Denis)
Re: CLOSE Encryption (Tom St Denis)
Re: SHA1 algorithm verification
Re: BlowWire ([EMAIL PROTECTED])
Re: ? Backdoor in Microsoft web server ? (Ichinin)
Re: DES (Rob Warnock)
Re: ? Backdoor in Microsoft web server ? (David A Molnar)
EPIC report: Cryptography and Liberty 2000 (Steve K)
Re: ? Backdoor in Microsoft web server ? (Francois Grieu)
MD2? ("Simon Johnson")
Re: Is AES necessary? (Mok-Kong Shen)
Re: CLOSE Encryption ([EMAIL PROTECTED])
Re: Stream Cipher - Mark 2. ("Simon Johnson")
Re: ? Backdoor in Microsoft web server ? (Lincoln Yeoh)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Open Public Key
Date: Sat, 15 Apr 2000 10:22:54 GMT
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > ElGammal or ECC are the certain winners in this case. Although
> ElGammal
> > is slightly easier to implement and understand.
> >
> > Tom
> >
>
> How secure are ElGammal and ECC??
> Where can I find more information about ElGammal or ECC?
ElGammal is slower and takes more space then RSA, but it's a bit tougher
to crack [ie solve]. You can find out about it on my little dork page
at
http://24.42.86.123/numtheory.html
Note: My spelling and grammar are a bit off, so if you actually read
the page and have comments please let me know.
ElGammal is really easy to progrma though, assuming you have a large int
lib.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: BlowWire
Date: Sat, 15 Apr 2000 10:23:33 GMT
Spleen Splitter wrote:
>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> >
> >
> > Spleen Splitter wrote:
> > >
> > > Greetings:
> > >
> > > I need something to crank on, so I decided to toy with something I fancifully
>call
> > > BlowWire, which is simply a 500MHz or so fully pipelined implementation of
>Blowfish
> > > in some modern technology, say 0.18um CMOS. Connecting two of these devices on a
> > > cable seems to have enough meat on it to provoke a discussion.
> > >
> > > After eating a key in 64 bit hunks of up to 1024 bits, this thing would have a
>latency
> > > of ~18 clocks, and then treats the incoming 64-bit parallel stream as a block,
>packet,...
> > > to be encrypted/decrypted.
> > >
> > > Software implementations are one thing, but they're slow, and I really don't
>want to
> > > use a "yet-another-embedded-cpu" on this particular project (top performance
>required,
> > > thus the pipeline design, which is more of my interest than say just a wire
>protocol).
> > > The C code for Blowfish that I've seen, however, has guided my views on
>implementing the
> > > hardware.
> > >
> > > I think I can do this in 60Kgates, with my biggest problem being all the
>simultaneous
> > > accesses to pi during each clock (what a ROM, what wires!). I'm looking at
>things like
> > > how many register files of how many ports, and what sort of ROM in how many
>copies.
> > > Each round would presumably be done in a clock, thus leading to the 18 or so
>clock
> > > latency to get through the pipe.
> > >
> > > Given that I'm only doing Blowfish for fun, I'm fairly certain that further
>enlightenment
> > > could be forthcoming on hardware implementations of crypto-functions...
> >
> > Question: Why did you pick Blowfish? I would have looked up another
> > cipher that is a tad more hardware friendly. If you have the time and
> > inclination todo this. If you want to at some point sell your design
> > you had better make it cheap. Try finding a cipher with less ram
> > requirements, such as IDEA, Rijndael, etc...
>
> I fully kow-tow to your point of view, but Blowfish is the assignment in this
> particular endeavour. In particular, I like Blowfish since it is a difficult
> realization in hardware when fully pipelined. It is not my concern to sell
> the device, but simply how to build it as rapidly as possible in an advanced
> CMOS process. I can afford to be somewhat liberal in an implementation if
> it achieves the goal.
>
Oh so it's just the challenge of design, well good luck!
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: $100 Code Challenge
Date: Sat, 15 Apr 2000 10:25:03 GMT
Jeff Hamilton wrote:
>
> You know, it's people like you who have no clue how to even begin
> Cryptanalysis. You know, why don't you try to do something other than make
> stupid comments. I think his challenge is valid. Just as mine was. In fact
> I'm suprised you didn't knock my challenge.
Well what routine did you use to encrypt it?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Sat, 15 Apr 2000 10:28:22 GMT
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
> > Mok-Kong Shen wrote:
>
> > > If you could give a rigorous proof that two particular modern
> > > ciphers are equally strong, that would be a significant scientific
> > > result and certainly worthy of a journal publication.
> >
> > Well I base this asumption on the "fact" that people have analyzed both
> > DES and RC5 with the same analytical methods. True it's possible to
> > find a new differential on either and break it "faster". I doubt that's
> > likely.
>
> If you couldn't break a piece of stone and a piece of steel, you
> are yet far from knowing which one is stronger.
True, but I doubt RC5 has been left in the dark. There are reasons to
want to break it. First off you can snub Rivest, second you can snub
RSA, third it would make you a tad famous. RC5 has been out for five
years and already two differential and one [i think] linear attack have
been discussed.
Basically we are not talking about some kid-cipher.
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: CLOSE Encryption
Date: Sat, 15 Apr 2000 10:30:39 GMT
Can we say linear cryptanalysis?
>From what I can see you just xor bits of the key to the plaintext, but
where is the diffusion?
I don't think your description is complete.
Tom
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: SHA1 algorithm verification
Date: Sat, 15 Apr 2000 06:31:50 -0400
On Fri, 14 Apr 2000 [EMAIL PROTECTED] wrote:
> Hello,
>
> Has anyone tried to compute the SHA1 for the third example from the
> SHA1 standard document (for 1000000 'a's) ? My implementation of this
> algorithm works for the first two examples, but it does not return the
> correct value. I've fixed several errors on the way, but I still can't
> get the right hash value. I would appreciate if someone could tell me
> if that third example is ok, so I could tell if the error is in my code
> or not.
>
> Thank you,
>
> Martin
Yes, the 1,000,000 'a's is a good test. Your problem may be
occurring in reads subsequent to the first. You might want to see my
ASM implementation at
www.afn.org/~afn21533/sha1.zip
=======
My home page URL=http://members.xoom.com/afn21533/ Robert G. Durnal
Hosting HIDE4PGP, HIDESEEK v5.0, TinyIdea, BLOWFISH, [EMAIL PROTECTED]
and tiny DOS versions of RC6, RIJNDAEL, SAFER+, and [EMAIL PROTECTED]
SERPENT. Working on key exchange at present.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: BlowWire
Date: Sat, 15 Apr 2000 10:43:15 GMT
In article <GcRJ4.8945$[EMAIL PROTECTED]>,
"Spleen Splitter" <Spleen*no spam*[EMAIL PROTECTED]> wrote:
>
> particular endeavour. In particular, I like Blowfish since it is a
difficult
> realization in hardware when fully pipelined. It is not my concern to
sell
> the device, but simply how to build it as rapidly as possible in an
advanced
> CMOS process. I can afford to be somewhat liberal in an
implementation if
> it achieves the goal.
>
..and anyone who needs a fully piped Blowfish chip at 500 Mhz
can damn well afford it...
..sorry I misread your intent earlier, you are planning a
*monster* chip.. you also seem interested in place/route issues..
in fact you seem to be looking for designs with routing issues..
BTW the estonian IDEA chip is at
http://www.pld.ttu.ee/~prj/norchip.pdf
=====
"There are no ifdefs in hardware."
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ? Backdoor in Microsoft web server ?
Date: Mon, 10 Apr 2000 04:11:45 +0200
What's _REALLY_ chocking here is that people get their
security news from CNN and Wall ST Journal :o)
(Hint: www.securityfocus.com / packetstorm.securify.com)
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: DES
Date: 15 Apr 2000 12:48:49 GMT
Jim Gillogly <[EMAIL PROTECTED]> wrote:
+---------------
| "Douglas A. Gwyn" wrote:
| > . "Practical cryptanalysis" involves approaches other than
| > analytic, e.g. looking for passwords on Post-It notes on an
| > administrator's console, etc.
|
| Roger. The above attack falls into the traditional subcategory of
| practical cryptanalysis known as "black-bag cryptanalysis". Other
| specialties include wiretaps, "fat checkbook cryptanalysis", "rubber
| hose cryptanalysis", and "svelte blonde cryptanalysis".
+---------------
Ah, yezz... "svelte blonde cryptanalysis", a subset of "social engineering":
<URL:http://www.netmeg.net/jargon/terms/s/social_engineering.html>
<URL:http://www.cert.org/advisories/CA-91.04.social.engineering.html>
<URL:http://www.bellatlantic.com/security/fraud/social.htm>
And a few randomly-selected related links:
<URL:http://www.isoc.org/inet99/proceedings/3g/3g_2.htm>
<URL:http://packetstorm.securify.com/docs/social-engineering/soc_eng.html>
<URL:http://www.isrc.qut.edu.au/bsi/t/t542.htm>
<URL:http://www.seas.rochester.edu:8080/CNG/docs/Security/node9.html>
<URL:http://www.hack-net.com/texts/livesoc.txt>
-Rob
=====
Rob Warnock, 41L-955 [EMAIL PROTECTED]
Applied Networking http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. PP-ASEL-IA
Mountain View, CA 94043
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ?
Date: 15 Apr 2000 12:41:07 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> in the original UNIX code (cf. ACM award lecture) without being
> detected, it shouldn't surprise that software not written by
> oneself may have backdoors.
He never actually admitted to placing the backdoor in login...he simply
described in great detail how one would go about doing it.
Thanks, -Dvid
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Crossposted-To: alt.security.pgp
Subject: EPIC report: Cryptography and Liberty 2000
Date: Sat, 15 Apr 2000 13:58:11 GMT
EPIC has released a detailed report on international crypto
regulations: Cryptography and Liberty 2000, at
http://www2.epic.org/reports/crypto2000/
FYI
Steve
---Continuing freedom of speech brought to you by---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP key 0x5D016218
All others have been revoked.
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ?
Date: Sat, 15 Apr 2000 16:19:05 +0200
Jim Gillogly <[EMAIL PROTECTED]> wrote :
> OK, here's first-hand confirmation. I did a Web search of
> dvwssr.dll and [..it contains..]
> !seineew era sreenigne epacsteN
Thanks; we can now take for granted the sentence "Nescape
engineers are weenies!" is embeded in Microsoft's dvwssr.dll
I found Microsoft's statement on the issue at
<http://www.microsoft.com/technet/security/bulletin/ms00-025.asp>
and
<http://www.microsoft.com/technet/security/bulletin/fq00-025.asp>
Microsoft does acknowledge that dvwssr.dll
" uses an obfuscation key to obscure the names of files being
requested by the client from the server "
My understanding is that "Nescape engineers are weenies!" is this
obfuscation key (now the thread starts to be crypto-related :-)
According to a former version (*) of Microsoft's statement
" The vulnerability could allow a user who has privileges
on a web server to read certain files from other web sites
hosted on the same computer "
This qualifies as a backdoor to me, although not the well known
"universal password" (**) kind of backdoor.
Microsoft now documents the issue with dvwssr.dll as a potential
buffer overrun. The report attempts to justify this focus shift:
the buffer overrun issue (found after the original problem)
could allow arbitrary code to be run, which is more dangerous.
IMHO it's a convenient way to no longer describe a security
override introduced by some programmer _deliberately_, which
makes it quite embarrassing.
Francois Grieu
Various related link are at
<http://www.securityfocus.com/templates/archive.pike?list=1>
discussion on the backdoor
<http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.
[EMAIL PROTECTED]>
problem report on the buffer overrun
<http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-
8&[EMAIL PROTECTED]>
(*) first version of Microsoft's statement on the issue
<http://www.securityfocus.com/templates/archive.pike?list=1&msg=D1A11CCE7
8ADD111A35500805FD43F5867C2E3@RED-MSG-04>
(**) for example, circa 1985 the company I then worked for was
selling the "ASCII Express" BBS for the Apple ][, customised for
our 1200/75 bps modem. To our great embarassement, it turned out
the author had put a backdoor in the login code, allowing him
to connect with the highest privileges by supplying some special
login/password.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: MD2?
Date: Sat, 15 Apr 2000 16:26:54 -0700
What is the strength of MD2?
And do the S-BOX values have to be the digits of PI?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Sat, 15 Apr 2000 18:17:59 +0200
Tom St Denis wrote:
>
> True, but I doubt RC5 has been left in the dark. There are reasons to
> want to break it. First off you can snub Rivest, second you can snub
> RSA, third it would make you a tad famous. RC5 has been out for five
> years and already two differential and one [i think] linear attack have
> been discussed.
>
> Basically we are not talking about some kid-cipher.
Firstly, it certainly hasn't received the same amount of attention
as DES. Secondly, I am not sure whether essentially the same
arguments wouldn't apply to predecessors of that cipher.
On the other hand, it is my humble opinion that there are many good
ciphers (or many that have high potentials of being much improved)
lying around. The problem is how to objectively evaluate them. There
seems to be no good way to do that, or at least to do that to the
satisfaction of all people. But actually that's also not 'necessary'.
Anyone applying encryption is resposible to himself, like driving
a car or doing any other things that involve risks. Let him do what
he thinks is the best. To usurp someone else's opinion/decision
is doing indignity to him, if he is an adult. But there are crypto
popes who unconditionally desire that all worldly people accept
their unique holy doctrines.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: CLOSE Encryption
Date: Sat, 15 Apr 2000 16:06:07 GMT
In article <ABNJ4.80$rv6.5063@news1-hme0>,
"MeneLaus" <[EMAIL PROTECTED]> wrote:
> CLOSE is a new algorithm written by Chaos Legion,
> Thanks, i'll return the favour some day if you ever need something
testing.
>
> MeneLaus
Sir,
The CLOSE algorithm is not secure. Essentially, the alogorithm XOR each
byte of the plain text with multiple key bytes. No non-linear steps are
involved and no diffision among bytes is accomplished. It appears that
one know plain text will reveal a decryption key, by plain XOR cipher =
encryption key.
A few suggestions, first if you want real security use a well known
algorithm. If you are just having fun then ...
Add a non linear step like an s-box substistution or a modular mult, see
the IDEA cipher for mod mult.
Instead of rotating by eight bits each round rotate by 11. After
several (6?) rounds, each bit will influence each output byte.
Add a post whitening step similiar to your pre whitening.
By steps as in your diagram
1 Split the 64 bit into 8 seperate blocks
2 XOR a key byte with each block
3 Substitute each block with the Rijndael s-box byte
4 Rotate the 8 blocks by 11 (13,17,etc) bits in a circular left manor
5 XOR a key byte with each block
6 loop to step 3
This reminds me of the GOST algorithm. GOST has 32 rounds. GOST uses
4-bit s-boxes that are secret.
cheers,
--Matthew
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Stream Cipher - Mark 2.
Date: Sat, 15 Apr 2000 17:11:28 -0700
> Also if 'b=0' then you get 'a += char[i]', which is a bad idea. Also
> you have to realize you are cloning a fibonacci sequence with the use of
> multiplication intersped.
Yes, a good point.
>Also that the period of this RNG is most
> likely vary short, at most 2^32 bytes, also that the upper 8 bits of (a,
> b) play no role whatsoever in the output, so you can simply truncate (a,
> b) modulo 256 in the inner loop.
>
Again, you're correct. However, I'd be quite pleased if my RNG had a period
of 2^32 bytes. After all i could encrypt 4.294 Gb of data without fear of
repeatition. However, as another reply has pointed it, the RNG is probably
sufficently BIAS to making cracking trivial over that size of stream.
------------------------------
From: [EMAIL PROTECTED] (Lincoln Yeoh)
Subject: Re: ? Backdoor in Microsoft web server ?
Date: Sat, 15 Apr 2000 16:34:28 GMT
Reply-To: [EMAIL PROTECTED]
On Fri, 14 Apr 2000 17:07:00 +0200, Francois Grieu <[EMAIL PROTECTED]>
wrote:
>Disclaimer: I have NOT verified this story, which may be bogus.
>
>According to <http://cbs.marketwatch.com>, citing The Wall Street
>Journal, Microsoft has acknowledged the existence of a "backdoor" in one
>of it's consumer web server software. Knowledge of a global password
>would grant [?read-all?] privileges on thousands of deployed web servers.
Apparently the backdoor may affect you if you run a large website which is
shared by lots of independent people. Should not affect you if you're the
only website developer on your own server unless you've misconfigured stuff
;).
http://packetstorm.securify.com/0004-exploits/RFP2K02.txt
http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=1108
http://news.cnet.com/news/0-1003-200-1696137.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2543490,00.html
Microsoft is of course trying to deflect things as usual :). They're saying
it's lies all lies. But please delete that file because there's another
problem with it <grin>.
http://www.microsoft.com/misc/data/servervulnerability.htm
Microsoft has been known to present a rather different perspective of
reality.
Go Open Source. It's easier to get the truth from Open Source software
developers. They have nothing to gain from intentionally hiding flaws, and
everything to lose.
Cheerio,
Link.
****************************
Reply to: @Spam to
lyeoh at @[EMAIL PROTECTED]
pop.jaring.my @
*******************************
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
