Cryptography-Digest Digest #561, Volume #11 Mon, 17 Apr 00 06:13:00 EDT
Contents:
Defensive website uses CipherText for page tag encryption ("C. Prichard")
Re: RC6 world fastest realization - true or fake (Ilya Levin)
Paper on easy entropy (Tom St Denis)
Re: Paper on easy entropy (Guy Macon)
Re: Paper on easy entropy ("Joseph Ashwood")
Re: One Time Pads Redux (Joaquim Southby)
Q: source code for recognizing English ([EMAIL PROTECTED])
Re: Q: NTRU's encryption algorithm (Mok-Kong Shen)
Re: Q: Entropy (Mok-Kong Shen)
Re: GOST idea (Mok-Kong Shen)
Re: Open Public Key (Jerry Coffin)
Re: GOST idea (Mok-Kong Shen)
Re: Regulation of Investigatory Powers Bill ("Stou Sandalski")
Re: Paper on easy entropy (Mok-Kong Shen)
Re: Regulation of Investigatory Powers Bill ("Stou Sandalski")
DES Key Expansion Algorithm (Anuj Seth)
Re: ? Backdoor in Microsoft web server ? [correction] (Francois Grieu)
Re: Does anybody know of a secure FTP server? (Jaime Cardoso)
Re: Regulation of Investigatory Powers Bill (Geoff Dyer)
DES KEY Scheduling ("Karim A")
Re: Is AES necessary? (David Blackman)
----------------------------------------------------------------------------
From: "C. Prichard" <[EMAIL PROTECTED]>
Subject: Defensive website uses CipherText for page tag encryption
Date: Mon, 17 Apr 2000 01:28:37 GMT
The demonstration site at:=20
http://greentv.com/cgi-bin/cgiwrap/greentv/CRI/_nttc.cgi?page=3Dopener&us=
er_id=3D&env=3Dx
uses CipherText to encrypt page tags. The tags appear in links to the =
PERL wrapped site in the message box and source code.
A U.S. patent is pending on CipherText filed in November 1999.
-Charles Prichard
www.greentv.com
------------------------------
From: Ilya Levin <[EMAIL PROTECTED]>
Subject: Re: RC6 world fastest realization - true or fake
Date: Mon, 17 Apr 2000 02:29:48 GMT
[EMAIL PROTECTED] (Scott Contini) wrote:
> I don't have access to a Pentium to try the code out, but the fastest
> Pentium Pro RC6 implementation that I'm aware of is 223 cycles by
> Aoki and Lipmaa.
Scott, thank you for comment. It help get that person back to real
life :)
Sincerely,
Ilya O. Levin
---
Nattyware Research Lab
http://natty.port5.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Paper on easy entropy
Date: Mon, 17 Apr 2000 03:06:50 GMT
I wrote a mini paper discussing a method of extracting entropy from the
keyboard. It's at
http://24.42.86.123/files/entropy.ps
In case anyone cares to read it.
Tom
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Paper on easy entropy
Date: 16 Apr 2000 23:50:27 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
>
>I wrote a mini paper discussing a method of extracting entropy from the
>keyboard. It's at
>
>http://24.42.86.123/files/entropy.ps
>
>In case anyone cares to read it.
>
>Tom
Hmmm. Looks like I need to bite the bullet and add the ability to
display .ps to my NT box. Does anyone have a suggestion as to what
software to use?
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Sun, 16 Apr 2000 21:20:41 -0700
> Does anyone have a suggestion as to what
> software to use?
I've had no problems with gsview. It's available at
http://www.cs.wisc.edu/~ghost/
Joe
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: One Time Pads Redux
Date: 17 Apr 2000 04:58:57 GMT
In article <8dbgdc$guj$[EMAIL PROTECTED]> Joaquim Southby,
[EMAIL PROTECTED] writes:
>(much embarrassing stuff snipped)
>
I made the original post just before going out for the evening. I kept
the scheme ticking over in the back of my mind during dinner. Somewhere
during my lovely Dinner Companion's complaint that I don't pay enough
attention to her (I'm not sure of the particulars because I wasn't
listening that closely), both my synapses fired at once and The Answer
came swimming up from the depths of my unconscious to grinningly present
itself to my mortified brain. In the silence following my anguished
scatological outburst (broken only by the drone of the lovely DC's voice
extolling her awareness of my every word and deed), I could hear the
distant giggling of the ghosts of Bletchley Park and the
scritch-scritch-scritch of NSA pens signing recommendations to the EFF
that I be hired as senior technical advisor.
Eve intercepts Bob's message and the reply from Alice, XOR's the two and
gets Alice's cipher stream as the result. When she intercepts the return
message, she XOR's this message with the captured keystream to produce
the plaintext. Game, set, and match to Eve, you evil cow. Bob and Alice
are taken out back and savagely beaten for using such a stupid scheme.
Their lives are spared only because of the incredible ease of breaking
their encipherment.
This scheme wasn't just broken, it was drawn and quartered. It was
humiliated; it was pantsed in front of the school assembly. It was bent
over the portside rail and rogered mercilessly by the one-legged third
mate. If this were a prison movie, this scheme would be the villain's
bitch. It eats bugs, and not the protein-rich kind, either. It rode the
short bus to school, clad only in diapers and a dunce cap.
To give full credit to my muse of obtuseness (obtusity?), I actually
pondered this atrocity for TWO DAYS before posting. I examined the most
esoteric of attacks while missing the most obvious one. ("It's been
enciphered by an OTP, so the message itself is safe...right?")
My apologies for the wasted bandwidth. I am such a moron.
Forrest Gump
(Yes, I'm changing my name to someone who seems more intelligent.)
------------------------------
From: [EMAIL PROTECTED]
Subject: Q: source code for recognizing English
Date: Mon, 17 Apr 2000 06:24:58 GMT
I am working on a simple program to decipher simple substitution
ciphers. The most important part of the program is to try
various substitutions using AI techniques (forward-chaining and
backward-chaining) using certain assumptions, i.e. English language
frequencies of letters, double-letters (ll,ss,ee,oo), triple letters,
list of most frequent two- and three- letter words. I have some
difficulties though. So if anyone has a source code for a similar
program, I would be IMMENSELY thankful. Please, write to
[EMAIL PROTECTED]! Thanks a lot in advance,
http://www.aubg.bg/cj/~vlk960/resume.htm
================================
Luftetari Kombetar nga Biellarus
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: NTRU's encryption algorithm
Date: Mon, 17 Apr 2000 08:51:38 +0200
Diet NSA wrote:
>
> The NTRU website already explains the math involved. Considering
That's unfortunately too meagre for my poor knowledge status. I
like to learn more about the 'truncated polynomial rings' in general.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Entropy
Date: Mon, 17 Apr 2000 08:51:42 +0200
Bryan Olson wrote:
>
> We can describe the complexity of the sequences
> by the complexity of the infinitely many prefixes.
>
> We cannot say, for example, whether f(n) = n + O(1)
> or g(n) = n/2 + O(1) is larger for any particular
> value of n. But we can say that f(n) becomes larger
> than g(n) as n grows arbitrarily large.
>
> I'm not sure how your reference will express it, but
> we could reasonably say that for sequences r and s,
> r has greater complexity than s if for all universal
> Turing machines M_i, there exists some m such that
> n >= m implies K_i(r_[0..n]) > K_i(s_[0..n]).
>
> (Note that t_[0..k] is the string of the first k+1
> symbols of t).
>
> The theorem which limits |K_i(x) - K_j(x)| to a
> constant allows us to settle the above using just
> one Turing machine M_j by showing that for any
> constant c there exists some m such that
> n >= m implies K_j(r_[0..n]) - K_j(s_[0..n]) > c.
Allow me another question: Could one use periodic duplication
of a string to form an infinite string as a trick to overcome the
problem of finite length of a given string in the present issue?
I mean, starting from two finite strings, we have now two infinite
strings to compare. Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 08:51:26 +0200
Tom St Denis wrote:
>
> That's too vague, sorry. It can't hinder it in this case since the S
> function is simply a permutation itself. And since the quadratic
> used is a permutation it has no bias towards any particular value. It's
> like doing
>
> F(x) = S(x + c), For any constant 'c'. You are just changing the order
> of the outputs, not the properties of S() itself.
Maybe I misunderstood. My point is the following: If v is the
input and w the output and one knows that between v and w there
is a certain avalanche property, i.e. the effect of flipping
one bit of v. Now suppose I have a mapping of u to v that is a
permutation. Two values u1 and u2 differing only in one bit
may have the corresponding values v1 and v2 differing in many
bits and their resulting effect on a comparison between w1 and
w2 may not be simple to tell.
M. K. Shen
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Open Public Key
Date: Mon, 17 Apr 2000 00:51:38 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Secondly, Certicom holds many patents on elliptic curve methods. I
> wouldn't call ECC particularly `open'.
First of all, the "many" above is actually 10, at least according to
the IBM patent server. Some of those appear to be written only about
hardware implementations of ECC, so most people can ignore them in
any case.
Second, Certicom does NOT appear to hold ANY patent that's truly
fundamental to using ECC -- their patents are on improvements in
speed, and things like that. In short, if you have a commercial
product, it's entirely possible that you'd want to use them, but you
can also decide to do ECC without infringing their patents, though
your code will normally be a bit slower than if you used their
techniques.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GOST idea
Date: Mon, 17 Apr 2000 09:07:12 +0200
Mok-Kong Shen wrote:
>
> Tom St Denis wrote:
> >
>
> > That's too vague, sorry. It can't hinder it in this case since the S
> > function is simply a permutation itself. And since the quadratic
> > used is a permutation it has no bias towards any particular value. It's
> > like doing
> >
> > F(x) = S(x + c), For any constant 'c'. You are just changing the order
> > of the outputs, not the properties of S() itself.
>
> Maybe I misunderstood. My point is the following: If v is the
> input and w the output and one knows that between v and w there
> is a certain avalanche property, i.e. the effect of flipping
> one bit of v. Now suppose I have a mapping of u to v that is a
> permutation. Two values u1 and u2 differing only in one bit
> may have the corresponding values v1 and v2 differing in many
> bits and their resulting effect on a comparison between w1 and
> w2 may not be simple to tell.
Addendum:
Could you please give a literature reference to the fact that
the function you gave previously is a permutation?
M. K. Shen
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Mon, 17 Apr 2000 00:04:47 -0700
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:8d5i2k$33h$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>, Jill <[EMAIL PROTECTED]>
wrote:
<snip>
> fun way to do it would be with the random number generation hardware
> built into the Pentium III chip set. That way there would be no
> cryptography programming involved.
There's rand number generator in the P III ? is it cryptographicaly random?
Stou
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 09:11:20 +0200
Tom St Denis wrote:
>
> I wrote a mini paper discussing a method of extracting entropy from the
> keyboard. It's at
>
> http://24.42.86.123/files/entropy.ps
It would be nice if you would say in a couple of sentences here
of what that method is and how one proceeds to determine how much
entropy (method of measurement) is in the stuff one actually
obtains from the keyboard. Thanks.
M. K. Shen
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Mon, 17 Apr 2000 00:16:43 -0700
"Mikey B" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> There's little point, the first time a case comes to the courts, then
> it will fall flat on it's face. If you have encrypted data on your
> hard disk, and refuse to decrypt, the the law says that you can be
> imprisoned.
>
> What this basically means is that they are removing the right of
> indivduals in a criminal court to be tried as innocent until proven
> guilty. This is a breach of at least the European Declaration of
> human rights, and probably the Universal Declaration of Human Rights.
>
I am not sure about international law but in the US in certain cases the
burden of proof is shifted on the accused, and the supreme court has upheld
it as legal. For example when you get pulled over by the police and are made
to take the sobreiety tests. this spawns from the fact that most americans
are willing and happy to give up their freedom for security. at my high
school we have drug dogs come in every week or so to search our lockers and
backpacks. now mass searches are very unconstitutional but the supreme
court has once again upheld this as allright because its for the 'good of
society'... ie security vs freedom. school is one place where the
constituion is pretty limited. another place would be at a high security
research facilities (am not very sure about that... but by striking
somethign with the "Threat to national security" stamp everything becomes
ok) So basicaly if the govn't felt it was necessary they can do quite a few
things to you that are pretty illegal. bombing yugoslavia by the US was not
only in violation of US law but also international one tooo... selling of
stingers to iran... selling of opium by the cia... pahteticaly failing at
killing castro and I am sure hundreds of other things are good examples of
violation of domestic and foreign laws by governments themselvs... I am no
conspiracy-theory advocate but if a government wants to do something illegal
they will make it hapen somehow...
Stou
------------------------------
From: Anuj Seth <[EMAIL PROTECTED]>
Subject: DES Key Expansion Algorithm
Date: Mon, 17 Apr 2000 07:15:37 GMT
Hi,
I'm implementing the WTLS protocol which uses DES. One bulk encryption
algorithm is DES_CBC_40 which uses 5 bytes of the key material to expand
to 8 bytes.
Could someone guide me to a source of information on the algorithm used
for DES key expansion?
Thanks a ton,
With Regards,
Anuj Seth
Visit my homepages at
1. http://anujseth.tripod.com/
2. http://www.geocities.com/anujseth
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Date: Mon, 17 Apr 2000 10:23:57 +0200
Jim Gillogly <[EMAIL PROTECTED]> wrote:
> More than that: it fits the classical definition of a back door.
> The insiders who placed this back door can access more information
> than they're entitled to
Yes. Despite Microsoft denials (*), the word "backdoor" does
applies IMHO.
> by using the password they left in there.
It's not really a "password" I believe. It is the key of an
encryption scheme, which makes some difference. The intend was
apparently to rush a feature to the market quickly, rather than
leave an open access to a selected few.
BTW: how would you define "weenies" ? It is not in my dictionary.
Francois Grieu
(*) from
<http://www.microsoft.com/technet/security/bulletin/fq00-025.asp>
Q: I heard that Dvwssr.dll provides a "back door" into a web site.
Is this true?
A: No. A "back door" is a means by which a user who knows a
password or some other secret information can bypass access
control checking. Dvwssr.dll does not provide a way to do this.
------------------------------
From: Jaime Cardoso <[EMAIL PROTECTED]>
Subject: Re: Does anybody know of a secure FTP server?
Date: Sat, 15 Apr 2000 19:24:27 +0000
You tested this on Sparc or Ultra Sparc?
The differences are very big
Paul Rubin wrote:
> In article <[EMAIL PROTECTED]>,
> Jaime Cardoso <[EMAIL PROTECTED]> wrote:
> >For the hardware, be aware, SSL uses a lot of calculations so, Intel
> >should be the last resource HW platform for you. If you are going
> >with an SSL server, you can increse your performance xfold (10X to
> >20X or more) if you use a CPU that is good with math (UltraSparc,
> >Alpha or SGI).
>
> The Intel PII/III and AMD K6 and K7 are quite fast for SSL with good
> software. On a 500 mhz PIII you should be able to do >100 secret key
> operations per second. This is faster than a low end ($5000) NCipher
> accelerator (I'm not familiar with Rainbow).
>
> I don't think accelerators are cost effective any more. Because the
> market for them is limited, they're always behind the hardware technology
> curve. What some of them are good for is secure key management, and
> I sometimes use them for that.
>
> Btw, the Sparc v8/v9 has very slow integer multiplication and the
> widespread implementations that I know of are much slower than the
> corresponding x86 implementations. You can do somewhat better by using
> the floating point processor, but Intel processors are still a lot faster.
> I am saying this after having benchmarked all four processors I've
> mentioned. From fastest to slowest: K7, PII/III, K6, Sparc.
> I haven't done any timings on SGI or Alpha but I don't see how they
> can approach the X86's in cost effectiveness if you're just doing SSL.
------------------------------
From: [EMAIL PROTECTED] (Geoff Dyer)
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Mon, 17 Apr 2000 09:07:46 GMT
On 13 Apr 2000 22:35:00 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
> Anyway, a
>fun way to do it would be with the random number generation hardware
>built into the Pentium III chip set. That way there would be no
>cryptography programming involved.
Now, that's easy to misread!
IIUC, this is in some chipsets, but is not part of the CPU itself.
Intel's 820 chipset has it (can't remember if the 810 does, or any
non-Intel).
--
Geoff
(to e-mail me, remove any instances of "-nospam" from my address)
------------------------------
From: "Karim A" <[EMAIL PROTECTED]>
Subject: DES KEY Scheduling
Date: Mon, 17 Apr 2000 11:22:48 +0200
Reply-To: "Karim A" <[EMAIL PROTECTED]>
Hi all,
I'm implementing the des algorithm,
And I'd like someone explains me how to perform the key scheduling.
Once I've a 56 bits key, how should I perform the left shift with the 2* 28
bits ?
What kind of data type should I use ?
Can someone give me a "clear" piece of source code ?
Thanks,
best regards ;o)
Karim
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Mon, 17 Apr 2000 19:25:13 +1000
Tom St Denis wrote:
> Yea 3DES is secure, but I think by properly implementing [*] the new AES
> ciphers in my program that others will eventually use, I am doing those
> cryptographers a nice favor. It's one thing to design a cipher,
> cryptanalyze it, [and get the women] but if it's never used who cares?
>
> Tom
Is 3DES really secure? There were quite a few triple DES variants
proposed, but the one normally used now, i think has a block size of
just 64 bits. The key is 112 bits, which is probably enough. But there
are some kinds of attack that focus on the block size, and 64 bits is
getting a bit marginal these days. Since most of the AES candidates are
also faster and simpler than 3DES, switching to one of them makes good
sense all round.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
