Cryptography-Digest Digest #574, Volume #11 Thu, 20 Apr 00 05:13:00 EDT
Contents:
Re: ? Backdoor in Microsoft web server ? (Jonathan Thornburg)
Re: Fighting fire with fire: using encryption to bust encryption [0/2] (Boris Kazak)
Re: Regulation of Investigatory Powers Bill ([EMAIL PROTECTED])
Re: Just another idea... (Boris Kazak)
Re: Books on maths behind NFS (Paul Rubin)
Re: Should there be an AES for stream ciphers? (Anton Stiglic)
Re: Regulation of Investigatory Powers Bill (Robert Stonehouse)
Re: Decrypting (Runu Knips)
Re: ANN: Better optimized version of Serpent. (Gisle Sælensminde)
Re: Just another idea... (Runu Knips)
Re: Q: source code for recognizing English ("Douglas A. Gwyn")
Re: GSM Man-in-the-Middle (Jerry Coffin)
Re: Regulation of Investigatory Powers Bill (Anatoli Tubman)
Re: Fighting fire with fire: using encryption to bust encryption [0/2] ("Douglas A.
Gwyn")
Re: Sony's Playstation2 export-controlled ("Douglas A. Gwyn")
Re: Q: NTRU's encryption algorithm (Mike Rosing)
Re: Requested: update on aes contest (Mike Rosing)
Re: Sony's Playstation2 export-controlled (Ichinin)
Re: Books on maths behind NFS (Mike Rosing)
Re: Should there be an AES for stream ciphers? ("Brian Gladman")
Re: Paper on easy entropy ("Trevor L. Jackson, III")
Re: Just another idea... (real address at end of post)
Re: AES-encryption ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Subject: Re: ? Backdoor in Microsoft web server ?
Date: 18 Apr 2000 16:36:24 +0200
In article <8d9o13$ie8$[EMAIL PROTECTED]>,
David A Molnar <[EMAIL PROTECTED]> wrote
(about Ken Thompson's infamous login.c self-replicating backdoor):
>He never actually admitted to placing the backdoor in login...he simply
>described in great detail how one would go about doing it.
First of all, for anyone who hasn't read it, Ken Thompson's Turing
Award lecture "Reflections on Trusting Trust" (which describes this
(in)famous episode) is a "must read" for computer security people.
It appeared in Communications of the ACM for September 1995, and is
online at both
http://www.acm.org/classics/sep95/
and
http://www.cs.umsl.edu/~sanjiv/sys_sec/security/thompson/hack.html
Second, let's get the historical facts straight: He did indeed place
the backdoor, and it successfully caught another Bell Labs group. But
the compiler was never released outside. See message
From: [EMAIL PROTECTED] (Jay Ashworth)
Newsgroups: alt.sys.pdp10,alt.folklore.computers,comp.lang.lisp,alt.os.multics
Subject: The Thompson Login Trojan: The REAL Story
Date: 30 Apr 1995 01:11:47 -0400
Organization: Intelligence Network Online, Inc.
Lines: 84
Message-ID: <3nv66j$[EMAIL PROTECTED]>
also reposted in message
From: [EMAIL PROTECTED] (Kurt M. Hockenbury)
Newsgroups: comp.security.unix
Subject: Re: UNIX Download Policy?
Date: 19 Jun 1996 23:45:49 GMT
Organization: Stevens Institute of Technology
Lines: 125
Message-ID: <4qa3fd$[EMAIL PROTECTED]>
Quoting from the former posting (by Jay Ashworth):
It occured to me last week that [EMAIL PROTECTED] is _still_ a valid
address, 25 years later... so I asked. Here, from Ken himself, is the
Real Story<tm>:
) From [EMAIL PROTECTED] Sun Apr 23 14:42 EDT 1995
) Received: from plan9.att.com by IntNet.net (5.x/SMI-SVR4)
) id AA19375; Sun, 23 Apr 1995 14:42:51 -0400
) Message-Id: <9504231842.AA19375@ IntNet.net>
) From: [EMAIL PROTECTED]
) To: [EMAIL PROTECTED]
) Date: Sun, 23 Apr 1995 14:39:39 EDT
) Content-Type: text
) Content-Length: 928
) Status: RO
)
) thanks for the info. i had not seen
) that newsgroup. after you pointed it
) out, i looked up the discussion.
)
) writing to news just causes more
) misunderstandings in the future. there
) is no way to win.
[ note: I asked him if he minded my posting the reply, he had no objection ]
) fyi: the self reproducing cpp was
) installed on OUR machine and we
) enticed the "unix support group"
) (precursor to usl) to pick it up
) from us by advertising some
) non-backward compatible feature.
) that meant they had to get the
) binary and source since the source
) would not compile on their binaries.
)
) they installed it and in a month or
) so, the login command got the trojan
) hourse. later someone there noticed
) something funny in the symbol table
) of cpp and were digging into the
) object to find out what it was. at
) some point, they compiled -S and
) assembled the output. that broke
) the self-reproducer since it was
) disabled on -S. some months later
) the login trojan hourse also went
) away.
)
) the compiler was never released
) outside.
)
) ken
Everyone: please save this post, so the next time the question comes up,
you can just go look. :-)
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
"Stock prices have reached what looks like a permanently high plateau"
-- noted economist Irving Fisher, 15 October 1929
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Fighting fire with fire: using encryption to bust encryption [0/2]
Date: Tue, 18 Apr 2000 14:44:50 GMT
Gideon Samid wrote:
>
************************
> For details:
>
> See attached TAKE article.
===========
Where is the article, please...???
Best wishes BNK
------------------------------
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
From: [EMAIL PROTECTED]
Date: Tue, 18 Apr 2000 14:46:44 GMT
>>>>But Bob is forbidden to tell Papinski that the police are involved.
>>
>>No not in this case, you are forbidden under penalty of 5 years
>>imprisonment if you tell anyone except you lawyer.
What about a lack of statements?
eg: Before sending his secret key and/or any
encrypted material, Bob always asks Alice if
she is under investigation.
Normally, she will always answer
"not that I know".
But if one day she stays quiet or says something like
"I can't answer under penalty of law"
then Bob realises something is wrong and stops
all communications.
------------------------------
From: Boris Kazak <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Just another idea...
Date: Tue, 18 Apr 2000 14:50:31 GMT
A little verbal explanation would be appreciated, otherwise it is
not at all clear, is this routine supposed to show flashcards,
or to verify checkbook balances, or whatever else.
Barring that, inline comments would also be appreciated.
Best wishes BNK
==============================================
"Pred." wrote:
>
> #define ulKeyLen 8
> #define rotl(x,y) ... rotate unsigned char left
> #define rotr(x,y) ... rotate unsigned char right
>
> void my_encrypt(unsigned char *szPlainText, size_t szPlainTextLen,
> unsigned char *szEncryptedText, unsigned char *szKey)
> {
> size_t i=0;
> unsigned long ulKey[ulKeyLen];
>
> /* expand key */
> for(i=0; i < (size_t) ulKeyLen*3; i++)
> ulKey[i%ulKeyLen] = 3413215433*i ^ (unsigned long)szKey[i%
> ulKeyLen] * szKey[(i+1)%ulKeyLen] * szKey[(i+1)%ulKeyLen] * szKey[(i+3)%
> ulKeyLen];
>
> /* encrypt */
> for(i=0; i < szPlainTextLen; i++)
> {
> /* operation depends on key */
> switch(ulKey[i] & 1)
> {
> case 0: szEncryptedText[i] = rotr(szPlainText[i]^szKey[i%
> ulKeyLen], rotl((unsigned char)ulKey[i%ulKeyLen], i)) ; break;
> case 1: szEncryptedText[i] = rotl(szPlainText[i]^szKey[i%
> ulKeyLen], rotr((unsigned char)ulKey[i%ulKeyLen], i)) ; break;
> }
> }
> }
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Books on maths behind NFS
Date: 18 Apr 2000 14:54:53 GMT
In article <8dhftu$87g$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>I'm trying to understand the Number Field Sieve, and to do this I need
>to learn the algebraic number theory behind it. Can anyone suggest
>any good books that cover this stuff?
>
>[I have Koblitz ("A Course in Number Theory and Cryptography") on order,
>but given that this dates from 1994 there may be more recent books that
>have more coverage of NFS.]
1. The Development of the Number Field Sieve, by A. K. Lenstra
2. A Course in Computational Algebraic Number Theory, by Henri Cohen
3. I think there is a book by Pomerance
The math is very hairy. If your math background doesn't already
encompass all the stuff in Koblitz's book and way beyond, you have
quite a task ahead of you.
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Should there be an AES for stream ciphers?
Date: Tue, 18 Apr 2000 11:13:28 -0400
This is a multi-part message in MIME format.
==============B3ADB7FCB90E45E091DBCA30
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Albert Yang wrote:
> Well, I know that you can take a Block Cipher and make it into a stream
> cipher, but that's not the point. Should there be a standarized stream
> cipher, the same as the attempt to standarize the block cipher?
That is a good point. Some people were discussing the fact that the
NSA's strong point back in the 70's was stream ciphers, so we were
wondering why did they pick a block cipher (DES..). Stream ciphers
seam more suitable for most applications (the only exception I see is
passwords)? So I beleive that that is a good question.
>
> Thoughts? AES Stream Cipher just a waste of time? While on the
> subject, why not have a AES Hash contest too?
>
I think stream cipher's are important, and often more practical.
For hash function, everyone seems happy with SHA1, and the only
competition is probably RIPEMD, so I don't think that there is a
specific need.
Anton
==============B3ADB7FCB90E45E091DBCA30
Content-Type: text/x-vcard; charset=us-ascii;
name="anton.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Anton Stiglic
Content-Disposition: attachment;
filename="anton.vcf"
begin:vcard
n:Stiglic;Anton
x-mozilla-html:FALSE
org:Zero-Knowledge Systems Inc;Security dev. team.
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Crypto Punk
x-mozilla-cpt:;0
fn:Anton Stiglic
end:vcard
==============B3ADB7FCB90E45E091DBCA30==
------------------------------
From: [EMAIL PROTECTED] (Robert Stonehouse)
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Tue, 18 Apr 2000 15:14:47 GMT
"Scotty" <[EMAIL PROTECTED]> wrote:
...
>Now compare that with the new clause in the RIP bill:
>
>"(2) If any person with the appropriate permission under Schedule 1
>believes, on reasonable grounds-
> (a) that a key to the protected information is in the possession of any
>person,
><snip>
>the person with that permission may, by notice to the person whom he
>believes to have possession of the key, require the disclosure of the key."
>
>and
>
>"49. - (1) A person is guilty of an offence if-
> (a) he fails to comply, in accordance with any section 46 notice, with any
>requirement of that notice to disclose a key to protected information; and
> (b) he is a person who has or has had possession of the key. "
The effect of this is to impose a duty on any person who uses
encryption to keep a complete record of the keys he (or she) has
used. Similarly, any person who enjoys the privileges of limited
liability has to keep statutory records - register of members, books
of account.
>Clause 2 now requires the prosecution to show 'reasonable grounds' to
>believe that you have a key. Reasonable grounds is in effect 'balance of
>probabilities'. Notice the argument is not over whether you have a key or
>not, but whether the police etc can *reasonably believe* that you do. Once
>this hurdle is passed everything is automatic as before. Failure to comply
>is still an offence and forgetting your key wont get you off, you have to
>prove you've forgotten it.
It won't get you off even then. You have a duty to know the key. If
you prove you've forgotten it, you prove yourself guilty.
>Rather like driving with excess alcohol or speeding, failure to comply with
>a decryption notice is an absolute offence, i.e. you're automatically guilty
>until you can show you're innocent. (For example, a defence of 'I drove with
>excess alcohol because a terrorist hijacked my car and made me do it at gun
>point' would have to be proved by the defence beyond reasonable doubt).
No, it is not 'guilty until proved innocent'. It has to be shown you
are a person who has or has had the key. If that is shown, then you
have a duty to keep and produce the key.
Of course, if the data were not in fact encrypted, there would be no
person who had the key.
There seem to be plenty of problems with this proposed legislation.
It just obscures the issue, attacking it for things that aren't
there.
[EMAIL PROTECTED]
------------------------------
Date: Tue, 18 Apr 2000 17:24:22 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Decrypting
"Mr.Mr." schrieb:
>
> I need info on how to decrypt files. is there anybody who can give me
> an reference to an website?
Well I just read that as "I need links about cryptology".
Here are some (some may be outdated):
____________________________________________________________
http://www.openssl.org/ - OpenSSL
http://www.ssleay.org/
http://www.free.lp.se/openssl/
http://www.gnupg.org/ - GnuPG
http://www.dasoft.org/tom/cb.html - CryptoBag
http://24.42.86.123/
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ - CryptLib
http://www.pdc.kth.se/heimdal/ - Heimdal (Kerberos)
https://www.cosic.esat.kuleuven.ac.be/sesame/ - Sesame (Kerberos)
http://csrc.nist.gov/encryption/aes/ - AES
http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.html
http://www.counterpane.com/twofish.html - Twofish
http://www.terravista.pt/ilhadomel/2014/tf.html
http://www.net.lut.ac.uk/psst/ - LSH (SSH)
http://www.scramdisk.clara.net/ - ???
http://www.pgpi.com/ - Commercial PGP
http://www.ssh.fi/sshprotocols2/index.html - Commercial SSH
http://info.aanekoski.fi/~mpe/suojaus/ssh.html
http://th.informatik.uni-mannheim.de/People/Lucks/papers.html
http://theory.lcs.mit.edu/~rivest/
http://www.ntru.com/tutorials/techsecurity.htm
____________________________________________________________
If you want products: sorry, I don't collect links to them.
------------------------------
From: [EMAIL PROTECTED] (Gisle Sælensminde)
Subject: Re: ANN: Better optimized version of Serpent.
Date: 18 Apr 2000 17:29:44 +0200
In article <[EMAIL PROTECTED]>, Gisle Sælensminde wrote:
>
>A new implementation of the Serpent AES candidate cipher written
>is now available. This is the currently fastest available
>implementation of Serpent, and encrypts with a speed of 32 Mbit/s
>on a pentium pro 200. The formerly fastest algorithm encrypted
>with a speed of 26 Mbit/s on the same computer. The implementation
>is written in Ada.
>
>The improvement is based on the optimized sbox functions of
>Dag Arne Osvik. A link to the source can be found at the Serpent
>homepage.
>
>http://www.cl.cam.ac.uk/~rja14/serpent.html - serpent home page
>http://www.ii.uib.no/~gisle/serpent.html - direct link
>
>Dag Arne Osvik's paper on s-box optimization presented at AES3:
>
>http://csrc.nist.gov/encryption/aes/round2/conf3/papers/26-daosvik.pdf
I forgot to tell about the licence:
The licence is the same as the GNU Ada compiler GNAT's runtime,
which is GPL with the exception that it can be linked with commercial
software. (See the source files for details about this)
--
Gisle Sælensminde ( [EMAIL PROTECTED] )
ln -s /dev/null ~/.netscape/cookies
------------------------------
Date: Tue, 18 Apr 2000 17:30:10 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Just another idea...
Boris Kazak wrote:
> "Pred." wrote:
> > #define ulKeyLen 8
> > #define rotl(x,y) ... rotate unsigned char left
> > #define rotr(x,y) ... rotate unsigned char right
> >
> > void my_encrypt(unsigned char *szPlainText, size_t szPlainTextLen,
> > unsigned char *szEncryptedText, unsigned char *szKey)
> > {
> > size_t i=0;
> > unsigned long ulKey[ulKeyLen];
> >
> > /* expand key */
> > for(i=0; i < (size_t) ulKeyLen*3; i++)
> > ulKey[i%ulKeyLen] = 3413215433*i ^ (unsigned long)szKey[i%
> > ulKeyLen] * szKey[(i+1)%ulKeyLen] * szKey[(i+1)%ulKeyLen] * szKey[(i+3)%
> > ulKeyLen];
> >
> > /* encrypt */
> > for(i=0; i < szPlainTextLen; i++)
> > {
> > /* operation depends on key */
> > switch(ulKey[i] & 1)
> > {
> > case 0: szEncryptedText[i] = rotr(szPlainText[i]^szKey[i%
> > ulKeyLen], rotl((unsigned char)ulKey[i%ulKeyLen], i)) ; break;
> > case 1: szEncryptedText[i] = rotl(szPlainText[i]^szKey[i%
> > ulKeyLen], rotr((unsigned char)ulKey[i%ulKeyLen], i)) ; break;
> > }
> > }
> > }
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
>
> A little verbal explanation would be appreciated, otherwise it is
> not at all clear, is this routine supposed to show flashcards,
> or to verify checkbook balances, or whatever else.
> Barring that, inline comments would also be appreciated.
Comments ? On such a simple algorithm ? He generates some pad and
then he's doing a simple XOR, plus some harmless ROR or ROL. And
the ROR and ROL could simply be stripped because they add not the
slightest piece of security. Nothing to comment upon except "this
is a stream cipher" or such.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Q: source code for recognizing English
Date: Tue, 18 Apr 2000 15:33:31 GMT
Jim Gillogly wrote:
> I use it by adding a sort of binary log of the frequency for
> each "hit" in a tentative plaintext, rather than treating it
> as a strict probability, where it goes to 0 if you hit an empty
> cell.
Logarithms don't solve the zero-occurrence problem, because log(0)
is -Infinity, the log-domain equivalent of "impossible event".
If you mean, n*log(n), with 0*log(0) taken as 0, that's a proper
information measure (see Kullback), but you need to subtract
similar terms for first-order constraints (and add back for
second-order, etc.) This measure, also promoted decades ago
by Good as "weight of evidence", is implemented in a form
suitable for problems organized as tests of hypotheses, in my
"I-hat" package which can be found in various places on the net,
including ftp://ftp.arl.mil/pub/gwyn.cautils.tar.Z
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: GSM Man-in-the-Middle
Date: Tue, 18 Apr 2000 09:54:54 -0600
In article <8dhm87$etm$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Would it be possible to do a Man-in-the-Middle type of attack on GSM?
It sounds somewhat difficult -- MITM normally depends on preventing
the intended receiver from seeing the original transmission at all.
It's pretty easy to intercept a radio signal, but quite difficult to
stop somebody else from receiving it. It's possible to transmit
another signal at higher power and the same (or close to the same)
frequenc(y|ies), but this tends to make it fairly obvious to both the
original transmitter and receiver that something's going on. Worse,
it normally renders it essentially impossible to send a different
signal and/or receive the original signal clearly.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: Anatoli Tubman <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk,alt.computer.security
Subject: Re: Regulation of Investigatory Powers Bill
Date: Tue, 18 Apr 2000 15:55:42 GMT
In article <[EMAIL PROTECTED]>,
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote:
> But Bob is forbidden to tell Papinski that the police are involved.
[Enter Policeman]
POLICEMAN: Give me your key.
[Bob dials Papinski's number; Policeman listens]
BOB: Hi, Papinski. Give me my key please.
[Papinski turns on the lie detector connected to his phone]
PAPINSKI: Are you under police investigation, Bob?
BOB: Um...no.
[Red light on the lie detector goes on/off, on/off]
PAPINSKI: Sorry Bob. My hard disk just have crashed.
[Exeunt]
Sorry, couldn't resist.
{DELURKING: OPERATION COMPLETED}
--
Regards
Anatoli (anatoli<at>ptc<dot>com) opinions aren't
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Fighting fire with fire: using encryption to bust encryption [0/2]
Date: Tue, 18 Apr 2000 15:40:40 GMT
Gideon Samid wrote:
> Similarly, given a set of ciphertexts C1, C2, C3... one could iteratively
> look for a key K such that the corresponding plaintexts P1, P2, ... will
> be increasingly non-random.
How does one do that, pray tell?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Sony's Playstation2 export-controlled
Date: Tue, 18 Apr 2000 15:38:34 GMT
Diet NSA wrote:
> The PlayStation2 is not under export
> control for crypto reasons but because it
> does high speed image processing similar
> to the type done in some missile guidance
> systems.
That might very well be the official "thought",
but it's absurd. By the same token, BiC mechanical
pencils should be export-controlled because they're
used by nuclear weapons designers.
As Ken Thompson said when asked about the export
control preventing taking his (and Condon's) Belle
chess machine to a Moscow competition, it probably
could be used as a munition if you dropped it out
of an airplane onto someone's head.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Q: NTRU's encryption algorithm
Date: Tue, 18 Apr 2000 10:43:18 -0500
Runu Knips wrote:
>
> Really ? We have already a cipher which even can't be broken with
> a quantum computer ? Without having a quantum computer ? Thats
> pretty damn cool ! I want to have it !
Just because we don't have an algorithm now doesn't mean there will
never be one. Lots of people have to go thru grad school yet :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Requested: update on aes contest
Date: Tue, 18 Apr 2000 11:02:14 -0500
Anton Stiglic wrote:
>
> Well I could maybe say a word or two.
>
> I went to FSE and AES3 last week in New York. It was the first time
> I had been in a conference that discusses about symmetric encryption.
> I have a few taughts...
[...]
> So that's about it, I personally had allot of fun, met allot of interesting
> people
> and learned a couple of things.
Thanks Anton! It'll be interesting to see which one they choose now.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Sony's Playstation2 export-controlled
Date: Mon, 17 Apr 2000 19:13:39 +0200
Douglas A. Gwyn wrote:
> That might very well be the official "thought",
> but it's absurd. By the same token, BiC mechanical
> pencils should be export-controlled because they're
> used by nuclear weapons designers.
Weird oppinion for a ".Mil" guy :o)
Well, the Amiga was used for it's true multitasking +
multi os capabilities for testing the Hellfire missile
back in the 80, even though it was an off the shelf
home computer running at a mere 7Mhz(!)
/Ichinin
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Books on maths behind NFS
Date: Tue, 18 Apr 2000 11:15:37 -0500
Paul Rubin wrote:
>
> In article <8dhftu$87g$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> >I'm trying to understand the Number Field Sieve, and to do this I need
> >to learn the algebraic number theory behind it. Can anyone suggest
> >any good books that cover this stuff?
> >
> >[I have Koblitz ("A Course in Number Theory and Cryptography") on order,
> >but given that this dates from 1994 there may be more recent books that
> >have more coverage of NFS.]
>
> 1. The Development of the Number Field Sieve, by A. K. Lenstra
> 2. A Course in Computational Algebraic Number Theory, by Henri Cohen
> 3. I think there is a book by Pomerance
Look for this one as well, it covers a lot of ground at the entry level:
H. Reisel, ``Prime numbers and computer methods for factorization''.
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Should there be an AES for stream ciphers?
Date: Tue, 18 Apr 2000 18:29:22 +0100
"Albert Yang" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Well, I know that you can take a Block Cipher and make it into a stream
> cipher, but that's not the point. Should there be a standarized stream
> cipher, the same as the attempt to standarize the block cipher?
>
> RC4 seems to be about the only choice, SEAL hasn't had the
> cryptoanalysis time it should, and also, I don't know about speed, but I
> assume that Stream ciphers are (or should be) faster than block
> ciphers...
>
> Thoughts? AES Stream Cipher just a waste of time? While on the
> subject, why not have a AES Hash contest too?
>
> Albert
There is a european programme reported here looking for a wide range of
crypto primitives including (I think) stream ciphers:
https://www.cosic.esat.kuleuven.ac.be/nessie/call/
Brian Gladman
------------------------------
Date: Tue, 18 Apr 2000 13:45:53 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Paper on easy entropy
Tom St Denis wrote:
> Mok-Kong Shen wrote:
> >
> > Tom St Denis wrote:
> > >
> >
> > > Well for certain chars they are more likely to occur, *and* more likely
> > > to occur after certain other chars. By modelling this as best as
> > > possible I can estimate for a given buffer of text how much 'info' is
> > > actually there. Since I presume the user is just randomly hitting keys
> > > and not trying to get a pattern, the output is random.
> > >
> > > So if the user types random chars, and I estimate say 160 bits of
> > > entropy, and I hash it with say SHA-1 I will have about 160 random bits
> > > to play with.
> >
> > There is no questioning of your having done the best that you can.
> > I just want to point out that the numerical values you compute
> > are dependent on a number of your assumptions and estimates and
> > these are 'by definition' (of their being assumptions and estimates)
> > arguable (if people want to argue with you). That's why I asked
> > how certain/exact are your figures. In lots of measuments in
> > engineering and science, one gives error bounds. If you attempt
> > to do that, I suppose you will see my point.
>
> Well it's impossible to absolutely quantify how many bits of real
> information are in a buffer for this system. If you are a bit
> convservative you can always use a higher order model and/or divide the
> total reported entropy by a constant...
>
> I think in realitiy if I type 200 chars or so at random, even if there
> is only 120 bits of entropy, after hashing it guessing the seed will be
> a hard task.
You may want to read up a bit on keyboard usage. I believe the USSR used
keyboard-generated keys, and this contributed to the crack of the system. I
think you'll find the references under the Venona Project.
------------------------------
From: Postmaster@[127.0.0.1] "Spamarang" (real address at end of post)
Subject: Re: Just another idea...
Date: 18 Apr 2000 17:32:09 GMT
> Comments ? On such a simple algorithm ? He generates some pad and
> then he's doing a simple XOR, plus some harmless ROR or ROL. And
> the ROR and ROL could simply be stripped because they add not the
> slightest piece of security. Nothing to comment upon except "this
> is a stream cipher" or such.
Magic constants like 3413215433 need comments. Intent needs comments.
This algorithm is like a Vigenere with an 8 character key; i.e. every
eighth character uses the same key. And, each character's key has an
effective length of only 11 bits. This is trivially broken.
This algorithm is not only weak, it is slow on most modern processors
where mispredicted branches are very expensive. On a Pentium, the
branch "switch(ulKey[i] & 1)" would cost more cycles all the rest
of the algorithm's statements combined.
--
Don'[EMAIL PROTECTED]
Kevin R. Driscoll, Staff Research Scientist PHONE: (612) 951-7263 FAX: -7438
POST: Honeywell M/S MN65-2200; 3660 Technology Drive; Mpls, MN 55418-1006; USA
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES-encryption
Date: Tue, 18 Apr 2000 17:36:09 GMT
Tom
You are a Real PRAT.
If you have an once of intelligence, you would have guessed that the
guy made a typo...
And if you read what is IN HIS SITE...ITS pretty Original stuff..totally
outclass your school boy buggy crypto library or anything you will do in
the future...
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
>
> [EMAIL PROTECTED] wrote:
> > Dear Tom,
> >
> > Thank you very much for your clear opinion.
> > I changed abbreviation to EAAS to avoid such collision.
> > It wasn't my intention to damage your fillings.
>
> That's better. :-)
>
> Tom
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************