Cryptography-Digest Digest #605, Volume #11 Sat, 22 Apr 00 09:13:01 EDT
Contents:
Re: papers on stream ciphers (Scott Contini)
Re: The Illusion of Security (Mike Kent)
Re: SSL and "man in the middle" attack (Vernon Schryver)
Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don (Anonymous)
Re: New version of MIRACL (David A Molnar)
Re: The Illusion of Security (Tom St Denis)
Re: new idea for symmetric cipher construction (Tom St Denis)
Re: new idea for symmetric cipher construction ("Abyssmal_Unit_#2")
Re: new Echelon article ("Trevor L. Jackson, III")
Re: SSL and "man in the middle" attack (Francois Grieu)
Re: New version of MIRACL (lordcow77)
Re: Primality Test-how many iterations suffice for n digit number ? (Francois Grieu)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: papers on stream ciphers
Date: 22 Apr 2000 08:47:07 GMT
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Tom St Denis wrote:
>> =
>
>> Howdy,
>> =
>
>> Looking for papers about stream ciphers. It seems block ciphers are th=
>e
>> norm lately...
>
Matt Robshaw has a nice survey, which is available at:
http://www.rsasecurity.com/rsalabs/technotes/
Scott
------------------------------
From: Mike Kent <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: The Illusion of Security
Date: Sat, 22 Apr 2000 09:05:55 GMT
Terry Ritter wrote:
>
> On Fri, 21 Apr 2000 16:41:57 GMT, in <[EMAIL PROTECTED]>,
> in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >Mike Kent wrote:
> >>
> >> Tom St Denis wrote:
> >>
> >> > UBCHI2 wrote:
> >> ...
> >> > > Intractable math problem are only in the eye of the beholder. How many of you
> >> > > would have thought that the enigma could be broken?
> >> >
> >> > This is amazingly false.
> >>
> >> Hmmm, it's _very probably_ amazingly false.
> >
> >I would like to think all the math-wizards know what they are doing.
> >Ciphers along the same idea as DES (i.e feistel) have been around for a
> >while.
> >
> >Of course it's entirely possible that all AES ciphers and pre-aes
> >ciphers get broken tommorow. However, that is as likely as monkeys
> >learning speech and taking over the world while we are asleep.
>
> True, the original claims were over the top, but this is way beyond
> what we know in the other direction. We do not know the strength of
> these ciphers. The designers and reviewers do not know the strength
> of these ciphers. None of us *can* know strength with respect to
> opponents we do not know and whose knowledge and resources we also do
> not know.
Hmm, I think we can, we just don't yet. When some bright person
proves P != NP and we see NP-hard crypto, I think it will be
fair
to say this is strong, really.
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: SSL and "man in the middle" attack
Date: 21 Apr 2000 12:21:23 -0600
In article <8dq4tk$1p3$[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Francois Grieu <[EMAIL PROTECTED]> wrote:
>>I am looking for references on the security of the SSL protocol against
>>the "man in the middle" attack (*) in the context of online commerce
>>using credit card info keyed-in by the customer.
> ...
>>Comments and pointers welcome.
>
>See the other posts, and the RFC.
I don't think http://www.counterpane.com/ssl.html has been mentioned,
specifically their discussion of the SSL MAC.
--
Vernon Schryver [EMAIL PROTECTED]
------------------------------
Date: Sat, 22 Apr 2000 12:00:01 +0200
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Observer 16/4/2000: "Jack Straw wants the keys to your office. Don
> Fax your MP about RIP www.stand.org.uk
>
> www.observer.co.uk/business/story/0,6903,194001,00.html
>
> Jack Straw wants the keys to your office. Don't let him in ...
>
> John Naughton
>
> Sunday April 16, 2000
>
> The scene: an office in a high-tech start-up of the kind beloved of Iron
> Chancellor Brown. Let us call it UK-plc.com. The time: early next year; the
> Regulation of Investigatory Powers (RIP) Bill has been on the statute book
> for nearly six months. Alice, UK-plc's star programmer, has been receiving
> encrypted emails from an old flame, Bob, who (unknown to her) has a dodgy
> past.
>
> Enter Inspector Knacker, armed with a Section 46 Notice requiring Alice to
> provide the keys necessary to decrypt her correspondence. Section 50 of the
> RIP Bill requires Alice not to disclose to anyone the existence of the
> Notice, nor the actions taken pursuant to it.
>
> Being a law-abiding subject, Alice gives Knacker the keys. Under Section 50,
> she may not tell Bob, which is right and proper. But now here's the
> interesting bit - Alice may not tell her other correspondents that their
> privacy has been compromised, even though they are entirely innocent and the
> Inspector is now able to decrypt all their messages as well.
The key word here being "subject", as opposed to "citizen".
> She can't tell her boss either, even though his business is suddenly at the
> mercy of Knacker and his boys. The boss, not surprisingly, is annoyed and
> demands to know what the hell is going on. But since Alice could go to jail
> for telling him, she refuses - and is promptly sacked. There is more.
>
> Section 50 forbids Alice to tell an industrial tribunal or even a court of
> law that she has surrendered the keys to Knacker. Nor is she permitted to
> explain to the court why she is unable to answer the question: 'Have you
> revealed the keys to any person?' Stressed out, Alice consults her
> psychiatrist. But if she tells him what is bothering her she can go to jail
> for that too.
> .........
Is it any wonder most of George Orwell's books are set in a country that bears
a striking resemblance to Britian?
Steve
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: New version of MIRACL
Date: 22 Apr 2000 09:31:25 GMT
Dann Corbit <[EMAIL PROTECTED]> wrote:
> It has GPL distribution, which is either a boon or a virus, depending upon
> how you look at it.
Only as of version 4.0 . Earlier versions have a much less clear "you
can do whatever you want" sort of license.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sat, 22 Apr 2000 10:17:50 GMT
Terry Ritter wrote:
>
> On Fri, 21 Apr 2000 22:31:56 GMT, in <[EMAIL PROTECTED]>,
> in sci.crypt Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> >[...]
> >Well Twofish has been out for two years now, and I can imagine the team
> >has spent hours and days working on it. They are the 'leading' people
> >in the field (symmetric ciphers) so I would like to think they know what
> >they are doing.
>
> Even if what you would like to think is in fact true, "knowing what
> one is doing" in cryptography does NOT imply that the ciphers one
> builds can resist our opponents. This is a fundamental issue; to
> misunderstand it is to misunderstand what cryptography is about, and
> what cryptographic peer review can do.
Ok, what is the alternative?
Tom
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: new idea for symmetric cipher construction
Date: Sat, 22 Apr 2000 10:36:09 GMT
David Hopwood wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Tom St Denis wrote:
> >
> > Basically you take the input (say 32 bytes) put it into two square
> > matrices (4x4 each) called L and R. then you do something like
> >
> > for r = 0 to rounds do
> > A = A + F(K[2r] * B)
> > B = B + F(K[2r+1] * A)
> >
> > Where K is an array of square matrices that hold the round keys. The F
> > function can do any re-ordering and substitions required.
>
> The security obviously depends on F. However, the matrix multiplication
> looks as though it would be fairly inefficient way of introducing key
> dependence, especially in software on a 32-bit machine (since in that
> case you would have to use the 32-bit multiplier to do 8-bit multiplic-
> ations, and there are 32 of those in each round).
Yeah, actually it would be a pain for speed. Hmm ok so it's a bad idea.
Tom
------------------------------
From: "Abyssmal_Unit_#2" <[EMAIL PROTECTED]>
Subject: Re: new idea for symmetric cipher construction
Date: Sat, 22 Apr 2000 07:27:32 -0400
speed, shmeed! what's a few thousand extra cpu cycles when clockrates approach
1Gigahertz++ anyway? ;-)
oops, i fergot Video Encryption, the ultimate bandwidth waste!
--
best regards,
hapticz
>X(sign here)____________________________________________<
Tom St Denis wrote in message <[EMAIL PROTECTED]>...
|
|
|David Hopwood wrote:
|>
|> -----BEGIN PGP SIGNED MESSAGE-----
|>
|> Tom St Denis wrote:
|> >
|> > Basically you take the input (say 32 bytes) put it into two square
|> > matrices (4x4 each) called L and R. then you do something like
|> >
|> > for r = 0 to rounds do
|> > A = A + F(K[2r] * B)
|> > B = B + F(K[2r+1] * A)
|> >
|> > Where K is an array of square matrices that hold the round keys. The F
|> > function can do any re-ordering and substitions required.
|>
|> The security obviously depends on F. However, the matrix multiplication
|> looks as though it would be fairly inefficient way of introducing key
|> dependence, especially in software on a 32-bit machine (since in that
|> case you would have to use the 32-bit multiplier to do 8-bit multiplic-
|> ations, and there are 32 of those in each round).
|
|Yeah, actually it would be a pain for speed. Hmm ok so it's a bad idea.
|
|Tom
------------------------------
Date: Sat, 22 Apr 2000 08:13:22 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers
Subject: Re: new Echelon article
Diet NSA wrote:
> In article <
> [EMAIL PROTECTED]
> et>, [EMAIL PROTECTED] wrote:
>
> >2. The (Baltimore) Sun today is running an article where the
> Russian
> >Federal Sercurity Service is requiring ISPs in Russia to buy
> bugging
> >equipment so the FSS can spy on the ISPs customers. The
> brouhaha is
> >that the FSS can't afford the bugging equipment and wants its
> victims
> >to pay for it.
>
> Considering the issue of global security
> from the West's perspective, is it *now*
> more important for there to be order in
> Russia or freedom? The NSA, CIA, MI5,
> etc. also cannot afford any bugging
> equipment, unless the government
> collects taxes from its citizens. I don't
> see why a brouhaha is necessary since the
> citizens (including government
> employees) have to pay for everything
> anyways.
Actually it does make a difference. In _theory_ the taxpayers benefit from the
surveillance. In _practice_ the victims suffer the loss of their privacy at
least. Since not all taxpayers are victims, the groups are distinct. Those who
benefit from the expenditure should fund it. Requiring the victims to fund it
adds insult on top of the injury.
> The equipment needed for the
> FSB to do their job has to be paid for by
> somebody.
>
> I don't care if the spooks go a' spookin'
> but I don't think that Big Brother should
> deliberately be trying to hide from all
> humanity what *may* be the greatest
> true story ever- the empirical truth of
> intelligent extraterrestials & their
> technology. (But this is a topic for a
> different forum).
>
> "I feel like there's a constant Cuban Missile Crisis in my pants."
> - President Clinton commenting on the Elian Gonzalez situation
> -----------------------------------------------------------------------
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: SSL and "man in the middle" attack
Date: Sat, 22 Apr 2000 14:06:30 +0200
[EMAIL PROTECTED] (Vernon Schryver) wrote:
> I don't think http://www.counterpane.com/ssl.html has been mentioned,
> specifically their discussion of the SSL MAC.
Thanks for the pointer, best paper on the topic so far.
Also found
<http://developer.netscape.com/docs/manuals/console/40/admin/app_ssl.htm#
Man-in-the-Middle%20Attack>
Francois Grieu
------------------------------
Subject: Re: New version of MIRACL
From: lordcow77 <[EMAIL PROTECTED]>
Date: Sat, 22 Apr 2000 05:06:43 -0700
In article <[EMAIL PROTECTED]>, "Trevor L. Jackson,
III" <[EMAIL PROTECTED]> wrote:
>I get the same. Mostly unused variables. I think some
configurations use
>variables that others don't, and the latter produces a lot of
warnings.
>
These mostly seem to be intial assignments that are guarded by a
test against (verbose) or (debug). ie:
..
if(verbose) itime=GetTime();
..
..
if(verbose) cerr << GetTime()-itime << "elapsed" << endl
..
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Primality Test-how many iterations suffice for n digit number ?
Date: Sat, 22 Apr 2000 14:23:18 +0200
[EMAIL PROTECTED] (Scott Contini) wrote:
> Francois Grieu <[EMAIL PROTECTED]> wrote:
>> According to Robert D. Silverman (*), citing an article by
>> I. Damgard, P. Landrock et C. Pomerance, for numbers 512 bits
>> or more, 8 Miller-Rabin tests are enough for an error
>> probability below 2^-100.
>
> This assumes that the number to be tested for primality was selected
> randomly. If you don't know anything about where the number came from
> (for example, if somebody e-mailed you some number and asked you to
> test if it were prime) then you would require 50 iterations to
> have probability below 2^-100.
I understand Scott's point: randomly seeded primes is an hypothesis in
the reasoning used to get to the 2^-100 estimate [and is verified in
the technique proposed in Robert D. Silverman's paper]. I should have
mentioned it.
This said, I wonder (= dont know at all) if there is a workable way
to construct a 512 bit number which will pass the strong pseudoprime
test for
a) even one randomly chosen witness, with reasonable probability
(variant: random small prime witness)
b) a few given small primes (say the 8 first).
Francois Grieu
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
