Cryptography-Digest Digest #563, Volume #11 Mon, 17 Apr 00 12:13:01 EDT
Contents:
For Mike Rosing (by JOKER) (=?iso-8859-1?Q?Jos=E9?= Antonio Fuentes
=?iso-8859-1?Q?Fern=E1ndez?=)
Any reference implementation of Diffie-Helmann? (Olaf Gellert)
Re: Hash function based on permutation polynomials (Runu Knips)
AES-encryption ([EMAIL PROTECTED])
Re: Is AES necessary? (David Blackman)
Re: The use of Three DES (Runu Knips)
Re: AES-encryption (Volker Hetzer)
Re: AND on encrypted data ("Tony T. Warnock")
Re: Miami Herald article about ATM ripoffs (Mike Andrews)
Prngxor with substitution? ("David C. Oshel")
Re: Q: Entropy (Diet NSA)
Re: Paper on easy entropy ([EMAIL PROTECTED])
Letter frequencies
Re: Paper on easy entropy (Steve Roberts)
Re: Letter frequencies (Joachim Pimiskern)
AEES-encryption ([EMAIL PROTECTED])
Re: Paper on easy entropy (Scott Nelson)
Re: Paper on easy entropy ("Trevor L. Jackson, III")
Re: Paper on easy entropy ("Trevor L. Jackson, III")
Re: Regulation of Investigatory Powers Bill ("Trevor L. Jackson, III")
Re: Paper on easy entropy (wtshaw)
Re: ? Backdoor in Microsoft web server ? [correction] ("Trevor L. Jackson, III")
Re: Twofish problems... (Bruce Schneier)
Re: Requested: update on aes contest (Bruce Schneier)
----------------------------------------------------------------------------
From: =?iso-8859-1?Q?Jos=E9?= Antonio Fuentes =?iso-8859-1?Q?Fern=E1ndez?=
Subject: For Mike Rosing (by JOKER)
Date: Mon, 17 Apr 2000 14:10:24 +0200
Fist, thanks for your answer. But my idea is that I give an exe file
(which you can put a word, number or date and it give the encryption) to
someone (or some institution) and he prove to discover the cryptosystem. I
want to say if someone can prove to destroy my cryptosystem and if a give him
some encryption word he can give the original word.
Another time thanks (and sorry for my English)
JOKER-17
Mike Rosing wrote:
> Jos� Antonio Fuentes Fern�ndez wrote:
> >
> > I have done a little cryptosystem but I don't know how smart is. Is
> > there some software to prove it or some place where can prove it?
> > I agree any answer. Thanks for all.
> > Sorry for my English.
> ---------------------------------------------------------------
> Post it here:
> http://www.wizard.net/~echo/crypto-contest.html
>
> Patience, persistence, truth,
> Dr. mike
--
===============================================================
Jos� Antonio Fuentes Fern�ndez
Becari del LCS
Departament de Matem�tica Aplicada II
e-mail: [EMAIL PROTECTED]
telf: 696 46 63 42
===============================================================
------------------------------
From: Olaf Gellert <[EMAIL PROTECTED]>
Subject: Any reference implementation of Diffie-Helmann?
Date: 17 Apr 2000 12:44:43 GMT
I am looking for a SIMPLE implementation of diffie hellmann
key exchange, because I don't want to reinvent the wheel...
Is there anything like that? Written in plain C?
The implementations in SSH etc are far too complex or general.
Thanx in advance... Olaf
------------------------------
Date: Mon, 17 Apr 2000 14:50:46 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Hash function based on permutation polynomials
Tom St Denis wrote:
Hey you're 17 ! No surprise you have so much time to post here !!! 8-))
> Runu Knips wrote:
> > #if 0
> > /* old code, slow */
> > for (r = 16; r < SIZE; r++) {
> > t = temp[r - 16] ^ temp[r - 15] ^ temp[r - 14] ^ temp[r - 13] ^
> > temp[r - 11] ^ temp[r - 7] ^ temp[r - 6] ^ temp[r - 3] ^
> > temp[r - 2] ^ temp[r - 1] ^ 0x9E37B91Ful ^ r;
> > temp[r] = ROL(t, 11);
> > }
> > #else
> > /* new code, does exactly the same as the above one */
> > t = 0x9E37B91Ful;
> > for (r = 0; r < 15; ++r)
> > t ^= temp[r];
> > for (r = 16; r < SIZE; ++r) {
> > t ^= temp[r-1];
> > temp[r] = ROL(t ^ r, 11);
> > t ^= temp[r-16];
> > }
> > #endif
>
> These two pieces of code do not have the same effect though do they?
If you look at just one round of the loop,
t = temp[r - 16] ^ ... ^ temp[r - 1] ^ 0x9E37B91Ful ^ r;
the subterm
temp[r-16] ^ ... ^ term[r-2] ^ 0x9E37B91Ful
is just the same as that of the round before, while the other part
temp[r-1] ^ r
is new, plus
temp[r-17] ^ (r-1)
from the last result is gone. Therefore you can start with r = 16:
t(16) = temp[0] ^ ... ^ temp[15] ^ 0x9E37B91Ful ^ 16;
and each following round is then (r > 16):
t(r) = t(r-1)
^ temp[r-1] ^ r # add new terms
^ temp[r-17] ^ (r-1) # remove old terms
Again, remember that
a ^ b ^ b = a for any a, b integer
(Or a ^ a = 0).
That is, addition and subtraction is both XOR if you operate
bit-by-bit. If we would have used addition instead of XOR, we
would have to write:
t(r) = t(r-1)
+ (temp[r-1] + r) # add new elements
- (temp[r-17] + (r-1)) # remove old elements
instead.
Maybe you understand the whole thing better what I mean if
I rewrite the loop again:
t = 0x9E37B91Ful;
for (r = 0; r < 16; ++r) // <-- changed ! one element more in sum
t ^= temp[r];
for (r = 16; r < SIZE; ++r) {
temp[r] = ROL(t ^ r, 11);
t ^= temp[r-16]; // remove old temp[r-16]
t ^= temp[r]; // add new round result
}
Okay, I hope you agree now the two loops have the same result :)
> > > One problem I have noted with the perm.poly's is that the lsb is not
> > > effected at all. It either stays on or off. I hope the 6
> > > cyclic-rotations will cure that though :). I dunno if 20 rounds is
> > > enough, probably.
> >
> > Yep, some of the constants in this code _might_ be bad chosen,
> > I simply don't know. Random typing is AFAIK not the best strategy
> > to get crypto constants, however ;-).
>
> What do you mean?
Just intuition.
> Well one thing is on a 64 bit platform you can use 4 four 64-bit words
> [with a diff perm.poly]. Of course this 32-bit version would be slow on
> a 64-bit comp but that's the news.
Nope, loading an aligned unsigned 32 bit value is just 2 instructions
on the alpha processor (for example). Thats not what I call "slow".
> Actually come to think of it, you can do the multiplications in a 64
> bit word and just AND with 2^32-1. So the overhead is not that much.
AFAIK all real RISC processors have no (single) multiplication
instruction
for integers anyway. You always call some subroutine on these machines.
Btw, gcc has 'unsigned long long' which is 64 bit even on 32-bit
machines.
AFAIK VC++ has some 64-bit types, too (at least Windows requires some 64
bit stuff).
------------------------------
From: [EMAIL PROTECTED]
Subject: AES-encryption
Date: Mon, 17 Apr 2000 12:56:30 GMT
AES is symmetric encryption algorithm, which is developed from the
DES architecture.
There are following features:
1. S-boxes are multiplication tables of finite groups
2. A key is used for
2.1. S-boxes generation
2.2. Extension permutation (EP)
2.3. Initial permutation (IP)
One can see following advantages:
1. Algorithm architecture is scalable.
2. Better performance, while a key is used only
once and not in each round.
3. More security, while:
3.1 S-boxes are derived from sub-keys
3.2 Long key and sub-keys.
256-bit AES one round block cipher implementation:
1. Key length 256 byte
2. 16 S-boxes and 16 sub-keys
3. Initial permutation and Extension permutation derived from key
Performance with my IP II,267 Mhz, 128 Mb is 64Kb/sec.
Algorithm description and source code can be found
at <www.alex-encryption.de>
Have fan.
Best regards.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: Is AES necessary?
Date: Mon, 17 Apr 2000 23:11:32 +1000
Tom St Denis wrote:
>
> A 64-bit block size is only a problem if you send over 2^32 blocks of
> ciphertext.
There are real applications out there where people want to encrypt much
more than that, and would prefer to do it all with the one key. 2^32 X 8
bytes is only 32 Gigabytes. That's one cheap hard-disc that ordinary
home users and small businesses can afford. Also it's easy to steal with
the kind of physical security that small players can afford, which is
why it might be a good idea to encrypt it.
> And the keysize of 3des is 168bits not 112bits since the
> memory required for a mitm attack is insane.
OK. Either way, i think the key is big enough for now. The block size is
the problem.
> Any 64-bit block cipher with a effective keysize of 80 bits or more is
> still usefull as a block cipher.
>
> Tom
Getting very marginal for some applications if the guys in the black
hats want your data badly enough.
------------------------------
Date: Mon, 17 Apr 2000 15:09:24 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: The use of Three DES
Tom St Denis wrote:
> Well I seriously doubt the processors (i386) and (PIII) work the same
> way, despite supporting similar instruction sets. This comparison is
> not valid.
i386 is the name of the architecture. Just like Alpha, PowerPC, Sparc,
m86k, m88k, Mips, ARM, ...
Therefore the Pentium is a i386-Processor. Even if it implements some
more instructions (mainly MMX etc) than the first one of this processor
family.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: AES-encryption
Date: Mon, 17 Apr 2000 13:57:04 +0000
[EMAIL PROTECTED] wrote:
>
> AES is symmetric encryption algorithm, which is developed from the
> DES architecture.
[...]
Hi!
Just in case this isn't a troll, you might consider renaming your algorithm.
AES is (going to be) the encryption standard to replace DES ( http://www.nist.gov/aes )
and NIST was probably first.
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: AND on encrypted data
Date: Mon, 17 Apr 2000 08:09:03 -0600
Reply-To: [EMAIL PROTECTED]
Mok-Kong Shen wrote:
> 1198 wrote:
> >
> > Claudio Di Flumeri wrote in message <[EMAIL PROTECTED]>...
> > >Does anyone know if there are encryption schemes that allow logical
> > >operations (AND, OR, NOT) on encrypted data?
> > >
> >
> > Some opinion here... If you take a close look at XOR operation, with a fix
> > key, no two bytes of different values will produce the same result(perfect
> > one to one mapping). This is not true with AND or OR. (NOT is a special case
> > of XOR, XOR with $FF ). So you see more XOR used in encryption than others
> > in simple cases. Sure you can use AND or OR (even rotate, but it need less
> > care as XOR) in your scheme but you need more care so you can be sure that
> > in no case you encrypted data cannot be recovered.
>
> In my humble view, it isn't of much value to draw a sharp division
> line between logical and arithmetic (integer) operations, if they
> are of about the same speed (this is mostly the case, if I don't
> err). It thus depends solely on the actual need of the design to
> determine which operations get used. Because of its simple inversion
> property, XOR is the most commonly used logical operation in
> encryption algorithms. I personally prefer, however, an arithmetic
> add over XOR, for the former effects a certain diffusion of bits
> due to carry-overs.
Actually the operation table for ADD (modulo 2**k) and XOR (on k-bit words) are
permutations of each other. The same is true for subtraction or several other
not-so-obvious operations. The statistics of the output are the same no matter
which operation is used. Any of these methods is useful for combining
pseudo-random number generators as the resulting distribution gets closer to
uniform.
------------------------------
From: [EMAIL PROTECTED] (Mike Andrews)
Subject: Re: Miami Herald article about ATM ripoffs
Date: Mon, 17 Apr 2000 14:18:11 GMT
Armo Linkey <[EMAIL PROTECTED]> wrote:
: "Mark McCarthy" <[EMAIL PROTECTED]> wrote:
:>I don't know how much of this is proprietary so I won't go too deep.
: Why not? What country do you live in? What are you afraid of?
He may have signed a Non-Disclosure Agreement with his employer
or with a third party, such that he is limited in what he can
disclose to people who aren't covered by the NDA.
Enforcement of NDAs is frequently very aggressive, as they typically
cover trade secrets.
--
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
------------------------------
From: "David C. Oshel" <[EMAIL PROTECTED]>
Subject: Prngxor with substitution?
Date: Mon, 17 Apr 2000 09:30:01 -0500
Is there a name for this algorithm? Suppose I use Mersenne Twister, by all
accounts a very nicely distributed long period PRNG, to index a large
substitution table of genuinely random bytes, such as maybe Marsaglia's CD or
that large file at SGI's lava lamp web site, replacing the PRNG's uint32 with
the table's uint32, and collapsing those four bytes into the "next" byte of
the Prngxor cipher?
Ought to be secure, shouldn't it? The MT has a vast period, the table makes
the algorithm immune to dictionary attack (but not sneaker attacks through
my study window). Has the same distribution problem as OTP, I guess, but you
wouldn't have to generate more OTP to keep using the thing, just never use
the same Mersenne Twister seed twice (except for decoding, of course).
Comment?
--
David C. Oshel mailto:[EMAIL PROTECTED]
Cedar Rapids, Iowa http://pobox.com/~dcoshel
``Tension, apprehension, and dissension have begun!" - Duffy Wyg&, in Alfred
Bester's _The Demolished Man_
------------------------------
Subject: Re: Q: Entropy
From: Diet NSA <[EMAIL PROTECTED]>
Date: Mon, 17 Apr 2000 07:30:51 -0700
In article <8ddauf$npq$[EMAIL PROTECTED]>
, Bryan Olson <[EMAIL PROTECTED]>
wrote:
>Again, depending on how references define Turing
>machines and universal Turing machines, they may
>place some other conditions on the machines.
>
>
In terms of additional conditions, I don't
see how the *type* of universal turing
machine (UTM) used would matter. Could
anyone explain a counterexample, i.e. how
defining the complexity of infinite
strings *would* be dependent on which
UTM is used?
"I feel like there's a constant Cuban Missile Crisis in my pants."
- President Clinton commenting on the Elian Gonzalez situation
=======================================================================
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 14:40:28 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> Well I can include pdf files on my site if you like. I just used a
> website to convert the word97 document to a ps file.
If I could make a suggestion, and I'm by no means a MS fan, posting
the actual word97 document may be friendlier for most people.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Letter frequencies
Date: Mon, 17 Apr 2000 15:47:32 +0100
Hi, I am trying to get hold of a set of reliable letter frequencies for a
selection of European languages including English and German, and also some
classical languages if possible, and wanted to know if anyone here knew of
any web sites or books which may contain this. I realise that this may be a
bit below what would normally be discussed in here but I would appreciate
anyones help since I am having real trouble tracking anything down except
for data on the English language.
Matthew
------------------------------
From: [EMAIL PROTECTED] (Steve Roberts)
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 15:20:33 GMT
>> Tom St Denis wrote:
>> >
>> > I wrote a mini paper discussing a method of extracting entropy from the
>> > keyboard. It's at
>> >
>> > http://24.42.86.123/files/entropy.ps
>>
>> It would be nice if you would say in a couple of sentences here
>> of what that method is and how one proceeds to determine how much
>> entropy (method of measurement) is in the stuff one actually
>> obtains from the keyboard. Thanks.
>
>You type at the keyboard, I then make an order-0 model of the input and
>calc the estimated entropy from that. For example the string
>'ogt93trwebfwejkfbhwujhtuih3tlkgkw' contains an estimated 2.01 bits per
>char of entropy (66.54 bits total).
But you can type a pre-determined text and control how much entropy
you let in!
I have implemented a similar system where the application tells you
what letters to type. The letters were randomly chosen (poor
randomiser will do for this) and the application did not accept any
others. Then I took the microsecond time between the typed characters
and got entropy form the low order bits. In this way I was using a
hardware source i.e. the typist's brain and his/her ability to get to
the right keys on the keyboard.
It also meant I could prove to an auditor that the results were
random.
And I could make the application display frivolous messages in the
course of this, which cheered everybody up (at risk to my career)
Steve Roberts
------------------------------
From: Joachim Pimiskern <[EMAIL PROTECTED]>
Subject: Re: Letter frequencies
Date: Mon, 17 Apr 2000 17:28:12 +0200
Hi Matthew,
[EMAIL PROTECTED] schrieb in Nachricht <8df85o$nq$[EMAIL PROTECTED]>...
>Hi, I am trying to get hold of a set of reliable letter frequencies for a
>selection of European languages including English and German, and also some
>classical languages if possible, and wanted to know if anyone here knew of
>any web sites or books which may contain this.
the easiest way to get such statistics is to obtain
examples of your favorite languages via the web.
An algorithm to compute the frequency should be
the simplest exercise.
use strict;
my %a1;
my $filename = $ARGV[0];
my $content;
my $i;
local $/ = undef;
open(FP,"<$filename")|| die "$!\n";
$content = <FP>;
close FP;
for ($i = 0; $i < length($content); $i++)
{
$a1{substr($content,$i,1)}++;
}
foreach $i (keys %a1)
{
printf("%s %10.9f\n",$i,$a1{$i}/length($content));
}
Regards,
Joachim
--
*** Go - das 4000 Jahre alte asiatische Brettspiel ***
Einrichtung der deutschsprachigen Newsgroup de.rec.spiele.go
-->> http://www.dana.de/mod/cfv/1.CfV-de.rec.spiele.go.txt
[ JA ] de.rec.spiele.go Jetzt abstimmen!
------------------------------
From: [EMAIL PROTECTED]
Subject: AEES-encryption
Date: Mon, 17 Apr 2000 15:28:27 GMT
AEES is symmetric encryption algorithm, which is developed from the
DES architecture.
There are following features:
1. S-boxes are multiplication tables of finite groups
2. A key is used for
2.1. S-boxes generation
2.2. Extension permutation (EP)
2.3. Initial permutation (IP)
One can see following advantages:
1. Algorithm architecture is scalable.
2. Better performance, while a key is used only
once and not in each round.
3. More security, while:
3.1 S-boxes are derived from sub-keys
3.2 Long key and sub-keys.
256-bit AEES one round block cipher implementation:
1. Key length 256 byte
2. 16 S-boxes and 16 sub-keys
3. Initial permutation and Extension permutation derived from key
Performance with my IP II,267 Mhz, 128 Mb is 64Kb/sec.
Algorithm description and source code can be found
at <www.alex-encryption.de>
Have fan.
Best regards.
Alex.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Nelson)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Paper on easy entropy
Reply-To: [EMAIL PROTECTED]
Date: Mon, 17 Apr 2000 15:40:34 GMT
On Mon, 17 Apr 2000 03:06:50 GMT, Tom St Denis <[EMAIL PROTECTED]> wrote:
>I wrote a mini paper discussing a method of extracting entropy from the
>keyboard. It's at
>
>http://24.42.86.123/files/entropy.ps
>
The sample code in the paper is flawed.
According to it, "abcdaaaa" has a higher entropy (9.7)
than "abcddcababdcdcbabadc" (8.0)
Perhaps you wanted something like:
double entropy(unsigned char *input, int len)
{
double p[256], chars, e;
int x, y;
memset(p, 0, sizeof(p));
chars = (double)len;
for (x = 0; x < len; x++)
++p[input[x]];
for (x = 0; x < 256; x++)
p[x] /= chars;
/* sum up */
e = 0.0;
for (x = 0; x < 256; x++)
{
if (p[x])
e -= p[x] * (log(p[x]) / log(2.0));
}
return e * chars;
}
I think that's still flawed since it ignores sequency
information (the probability of 'u' after a 'q' is much
higher than the probability of a 'u' after a 'z')
but at least it would be consistent with the definition
in the paper.
Scott Nelson <[EMAIL PROTECTED]>
------------------------------
Date: Mon, 17 Apr 2000 11:49:19 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Guy Macon wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Tom St Denis) wrote:
> >
> >I wrote a mini paper discussing a method of extracting entropy from the
> >keyboard. It's at
> >
> >http://24.42.86.123/files/entropy.ps
> >
> >In case anyone cares to read it.
> >
> >Tom
>
> Hmmm. Looks like I need to bite the bullet and add the ability to
> display .ps to my NT box. Does anyone have a suggestion as to what
> software to use?
Look for Ghostscript.
------------------------------
Date: Mon, 17 Apr 2000 11:51:39 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
[EMAIL PROTECTED] wrote:
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > Well I can include pdf files on my site if you like. I just used a
> > website to convert the word97 document to a ps file.
>
> If I could make a suggestion, and I'm by no means a MS fan, posting
> the actual word97 document may be friendlier for most people.
... but the rest of us may consider it a hostile act. TMK there is no
mechanism whereby a macro virus can infect a ps or pdf file.
------------------------------
Date: Mon, 17 Apr 2000 12:00:15 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Stou Sandalski wrote:
> "Mikey B" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > There's little point, the first time a case comes to the courts, then
> > it will fall flat on it's face. If you have encrypted data on your
> > hard disk, and refuse to decrypt, the the law says that you can be
> > imprisoned.
> >
> > What this basically means is that they are removing the right of
> > indivduals in a criminal court to be tried as innocent until proven
> > guilty. This is a breach of at least the European Declaration of
> > human rights, and probably the Universal Declaration of Human Rights.
> >
> I am not sure about international law but in the US in certain cases the
> burden of proof is shifted on the accused, and the supreme court has upheld
> it as legal. For example when you get pulled over by the police and are made
> to take the sobreiety tests. this spawns from the fact that most americans
> are willing and happy to give up their freedom for security. at my high
> school we have drug dogs come in every week or so to search our lockers and
> backpacks. now mass searches are very unconstitutional but the supreme
> court has once again upheld this as allright because its for the 'good of
> society'... ie security vs freedom. school is one place where the
> constituion is pretty limited. another place would be at a high security
> research facilities (am not very sure about that... but by striking
> somethign with the "Threat to national security" stamp everything becomes
> ok)
Actually this is false. There is no action or declaration by any government
agency that can suspend a citizen's constitutional rights. However, the citizen
can voluntarily disclaim those rights, as for example happens when you accept a
job requiring a security clearance, enroll in a school, visit an airport, etc.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Paper on easy entropy
Date: Mon, 17 Apr 2000 08:50:57 -0600
In article <[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> It's a really short paper, but it discusses a way to get entropy other
> then trapping hardware faults.
>
Here is a call to post it directly here.
--
Doubt until you have proof, then doubt frequently. Descartes
%/^): [|]"! ?=)@~ ;)[]* :@\@} *#~}> ,=+)! .($`\
------------------------------
Date: Mon, 17 Apr 2000 12:02:52 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: ? Backdoor in Microsoft web server ? [correction]
Francois Grieu wrote:
> Jim Gillogly <[EMAIL PROTECTED]> wrote:
> > More than that: it fits the classical definition of a back door.
> > The insiders who placed this back door can access more information
> > than they're entitled to
>
> Yes. Despite Microsoft denials (*), the word "backdoor" does
> apply IMHO.
>
> > by using the password they left in there.
>
> It is not really a "password" I believe. It is the key of an
> encryption scheme, which makes some difference. The intend was
> apparently to rush a feature to the market, rather than leave
> an open access to a selected few.
>
> BTW: how would you define "weenies" ? It is not in my dictionary.
>
> Francois Grieu
>
> (*) from
> <http://www.microsoft.com/technet/security/bulletin/fq00-025.asp>
>
> Q: I heard that Dvwssr.dll provides a "back door" into a web site.
> Is this true?
>
> A: No. A "back door" is a means by which a user who knows a
> password or some other secret information can bypass access
> control checking. Dvwssr.dll does not provide a way to do this.
Perhaps we should characterize this as a zero-length key.
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Twofish problems...
Date: Mon, 17 Apr 2000 16:00:50 GMT
If you're still able to encrypt and decrypt properly, then whatever
mistake you're making is repeatable. I don't know what you're doing
wrong, but if you can't match the test vectors than what you have
isn't Twofish.
On 11 Apr 00 16:23:31 MDT, [EMAIL PROTECTED] (JONATHAN DINERSTEIN)
wrote:
>Can somebody help out a struggling college student???
>
>I'm working with Twofish, and I'm checking my results as compared to the
>standard test ones on the Twofish webpage
>(http://www.counterpane.com/ecb_ival.txt). I am using ECB mode to match the
>test vector, and I get the same S-box keys. What's wrong is I get completely
>different Subkeys. I therefore also get different cipher-text. However, I am
>able to correctly decrypt what I encrypt.
>
>Does anyone have any suggestions or advice? Is there a known issue? I'm using
>the CryptPak Twofish implementation (modified to be ECB).
>
>Thanks in advance!
>
>Jonathan Dinerstein
>[EMAIL PROTECTED]
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: [EMAIL PROTECTED] (Bruce Schneier)
Subject: Re: Requested: update on aes contest
Date: Mon, 17 Apr 2000 16:03:18 GMT
On Fri, 14 Apr 2000 11:39:07 GMT, [EMAIL PROTECTED] wrote:
>hi there,
>
>there must be a lucky attending the AES conference. today is the last
>day. could someone give us an update as to what is happening there?
I suppose it should be someone more impartial than I who gives a
report on FSE and AES.
I had a really good time.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
