Cryptography-Digest Digest #607, Volume #11 Sat, 22 Apr 00 12:13:00 EDT
Contents:
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Anthony Stephen Szopa)
Re: OAP-L3: Semester 1 / Class #1 All are invited. (Tom St Denis)
Re: new Echelon article ("(Ha +4piMs))
Re: OAP-L3: Semester 1 / Class #1 All are invited. (lordcow77)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs (lordcow77)
Re: OAP-L3: Secure, but WAY more dificult to use than other equally (Tom St
Denis)
Szopa: troll or snake-oil salesman? (lordcow77)
Re: Requested: update on aes contest (DJohn37050)
Re: GOST with sbox? (David A. Wagner)
Tutorial on text encryption ([EMAIL PROTECTED])
Re: Szopa: troll or snake-oil salesman? (David A Molnar)
Re: GOST with sbox? (Tom St Denis)
Re: GSM A5/1 Encryption (David A. Wagner)
Re: 40-Bit DES Question (David A. Wagner)
Re: The Illusion of Security (John Savard)
Re: GOST with sbox? (David A. Wagner)
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs
Date: Sat, 22 Apr 2000 06:05:32 -0700
James Felling wrote:
>
> This program is a clasic example of the assertion that any algortihim that
> does not form a group over its keys can if reiterated enough be made
> arbitrarially secure.
>
> I have withdrawn any criticisms that I have in re: the security of this
> program provided that the Mix files are generated by a sulficient number of
> passes of his processes.
>
> I now wish for him to adress the severe usability and documentational
> issues that his program possesses.
I just put you in my permanent kill file then I read this.
I guess this just goes to prove that you should never say never, or
never say permanent.
You are removed from my permanent kill file.
Perhaps we can continue with further clarifications, and continue
with regard to some of these other issues.
I will be unavailable until Version 4.3 is released.
50 iterations of the shuffle process uses only 50 * 14 = 700 bytes of
input in ascii text.
The software is available.
http://www.ciphile.com
For what it's worth: I thank all of you hard cases for forcing me
to dig a little deeper.
I have more insight into encryption in general than I had just one
weeks ago.
I don't believe in forgiveness and have no intention of apologizing
for anything.
I expect no better treatment.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 22 Apr 2000 06:18:59 -0700
Tom St Denis wrote:
>
> Anthony Stephen Szopa wrote:
> >
> > "Trevor L. Jackson, III" wrote:
> > >
> > > Anthony Stephen Szopa wrote:
> > >
> > > > "Douglas A. Gwyn" wrote:
> > > > >
> > > > > Anthony Stephen Szopa wrote:
> > > > > > This is all so richly comical.
> > > > >
> > > > > That's because instead of conducting a technical dialogue,
> > > > > you're just insisting that you're right and everybody else
> > > > > is intellectually dishonest. And instead of explaining
> > > > > the principles in terms that would make sense to a working
> > > > > cryptologist, you simply direct us to figure it out
> > > > > ourselves from the "help files". How about treating this
> > > > > as a genuine technical discussion? For example, tell me
> > > > > why my observation (based on examining the "help files")
> > > > > that at least one of the three columns of generated "mix"
> > > > > could be recovered by chaining is flawed (as you claimed).
> > > > > I suspect that most cryptologists will have no real
> > > > > interest in your system if their concerns are not addressed
> > > > > in good faith.
> > > >
> > > > Real cryptologists understand my Help Files.
> > >
> > > Excellent. Now we are making progress. Please name at least two "real
> > > cryptologists" who understand your Help Files.
> >
> > Avoiding the issue which you are incapable of discussing with solid
> > support: the security of OAP-L3?
>
> Ho hum, you have yet to prove that your software is any better then a
> LFSR.
>
> And btw why not answer my questions? (under "Problems with OAP-L3")
>
> Tom
Although you are still in my permanent kill file, why don't you look
at the latest posts to this news group regarding OAP-L3.
In particular, my post explaining why OAP-L3 is practicably
unbreakable by examining the shuffle process in some detail.
Then be sure to look at the reply posts to this explanation.
(I have decided not to bite you.)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
Date: Sat, 22 Apr 2000 13:36:46 GMT
Anthony Stephen Szopa wrote:
>
> Tom St Denis wrote:
> >
> > Anthony Stephen Szopa wrote:
> > >
> > > "Trevor L. Jackson, III" wrote:
> > > >
> > > > Anthony Stephen Szopa wrote:
> > > >
> > > > > "Douglas A. Gwyn" wrote:
> > > > > >
> > > > > > Anthony Stephen Szopa wrote:
> > > > > > > This is all so richly comical.
> > > > > >
> > > > > > That's because instead of conducting a technical dialogue,
> > > > > > you're just insisting that you're right and everybody else
> > > > > > is intellectually dishonest. And instead of explaining
> > > > > > the principles in terms that would make sense to a working
> > > > > > cryptologist, you simply direct us to figure it out
> > > > > > ourselves from the "help files". How about treating this
> > > > > > as a genuine technical discussion? For example, tell me
> > > > > > why my observation (based on examining the "help files")
> > > > > > that at least one of the three columns of generated "mix"
> > > > > > could be recovered by chaining is flawed (as you claimed).
> > > > > > I suspect that most cryptologists will have no real
> > > > > > interest in your system if their concerns are not addressed
> > > > > > in good faith.
> > > > >
> > > > > Real cryptologists understand my Help Files.
> > > >
> > > > Excellent. Now we are making progress. Please name at least two "real
> > > > cryptologists" who understand your Help Files.
> > >
> > > Avoiding the issue which you are incapable of discussing with solid
> > > support: the security of OAP-L3?
> >
> > Ho hum, you have yet to prove that your software is any better then a
> > LFSR.
> >
> > And btw why not answer my questions? (under "Problems with OAP-L3")
> >
> > Tom
>
> Although you are still in my permanent kill file, why don't you look
> at the latest posts to this news group regarding OAP-L3.
>
> In particular, my post explaining why OAP-L3 is practicably
> unbreakable by examining the shuffle process in some detail.
>
> Then be sure to look at the reply posts to this explanation.
>
> (I have decided not to bite you.)
I may be a bit slow...So what is the period? Why are you using 0-9?
Will it work in under a kb of ram?
Tom
------------------------------
From: "(Ha +4piMs)<w" <"(MO)(Fe2O3)"@Pterratactical.com>
Crossposted-To:
alt.politics.org.cia,alt.politics.org.nsa,alt.journalism.print,alt.journalism.newspapers,alt.alien.visitors
Subject: Re: new Echelon article
Date: Sat, 22 Apr 2000 13:52:33 GMT
==============E014F5C7E95B475DC4F7CC29
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Diet NSA wrote:
> In article <
> [EMAIL PROTECTED]
> et>, [EMAIL PROTECTED] wrote:
>
> >2. The (Baltimore) Sun today is running an article where the
> Russian
> >Federal Sercurity Service is requiring ISPs in Russia to buy
> bugging
> >equipment so the FSS can spy on the ISPs customers. The
> brouhaha is
> >that the FSS can't afford the bugging equipment and wants its
> victims
> >to pay for it.
>
> Considering the issue of global security
> from the West's perspective, is it *now*
> more important for there to be order in
> Russia or freedom? The NSA, CIA, MI5,
> etc. also cannot afford any bugging
> equipment, unless the government
> collects taxes from its citizens. I don't
> see why a brouhaha is necessary since the
> citizens (including government
> employees) have to pay for everything
> anyways. The equipment needed for the
> FSB to do their job has to be paid for by
> somebody.
>
> I don't care if the spooks go a' spookin'
> but I don't think that Big Brother should
> deliberately be trying to hide from all
> humanity what *may* be the greatest
> true story ever- the empirical truth of
> intelligent extraterrestials & their
> technology. (But this is a topic for a
> different forum).
>
Really now.
Hi={ (Ha-(N2-Nx)Ms)
(Ha-(N2-Ny)Ms)}1/2 (2)
This geometry yields demagnetizing factors of Nx=4p; Ny=0;N2=0
We obtain
Hi= (Ha 2 +4piMsHa)1/2...thus by determining Hi from w=yHi, the required Ha from
a solution of the equation on line 4 can be found
http://www.urantia.org/papers/paper44.html
These "aliens" are spiritual creatures, they are not enemies.
>
> "I feel like there's a constant Cuban Missile Crisis in my pants."
> - President Clinton commenting on the Elian Gonzalez situation
> -----------------------------------------------------------------------
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
==============E014F5C7E95B475DC4F7CC29
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Diet NSA wrote:
<blockquote TYPE=CITE>In article <
<br>[EMAIL PROTECTED]
<br>et>, [EMAIL PROTECTED] wrote:
<p>>2. The (Baltimore) Sun today is running an article where the
<br>Russian
<br>>Federal Sercurity Service is requiring ISPs in Russia to buy
<br>bugging
<br>>equipment so the FSS can spy on the ISPs customers. The
<br>brouhaha is
<br>>that the FSS can't afford the bugging equipment and wants its
<br>victims
<br>>to pay for it.
<p>Considering the issue of global security
<br>from the West's perspective, is it *now*
<br>more important for there to be order in
<br>Russia or freedom? The NSA, CIA, MI5,
<br>etc. also cannot afford any bugging
<br>equipment, unless the government
<br>collects taxes from its citizens. I don't
<br>see why a brouhaha is necessary since the
<br>citizens (including government
<br>employees) have to pay for everything
<br>anyways. The equipment needed for the
<br>FSB to do their job has to be paid for by
<br>somebody.
<p> I don't care if the spooks go a' spookin'
<br>but I don't think that Big Brother should
<br>deliberately be trying to hide from all
<br>humanity what *may* be the greatest
<br>true story ever- the empirical truth of
<br>intelligent extraterrestials & their
<br>technology. (But this is a topic for a
<br>different forum).
<br> </blockquote>
Really now.
<p>Hi={ (Ha-(N2-Nx)Ms)
<br> (Ha-(N2-Ny)Ms)}1/2 (2)
<p>This geometry yields demagnetizing factors of Nx=4p; Ny=0;N2=0
<br>We obtain
<br>Hi= (Ha 2 +4piMsHa)1/2...thus by determining Hi from <i>w=y</i>Hi,
the required Ha from a solution of the equation on line 4 can be found
<p><A
HREF="http://www.urantia.org/papers/paper44.html">http://www.urantia.org/papers/paper44.html</A>
<p>These "aliens" are spiritual creatures, they are not enemies.
<br>
<br>
<br>
<blockquote TYPE=CITE>
<br>"I feel like there's a constant Cuban Missile Crisis in my pants."
<br> - President Clinton commenting on the Elian Gonzalez
situation
<br>-----------------------------------------------------------------------
<br>* Sent from RemarQ <a href="http://www.remarq.com">http://www.remarq.com</a>
The Internet's Discussion Network *
<br>The fastest and easiest way to search and participate in Usenet -
Free!</blockquote>
<br>
<br> </html>
==============E014F5C7E95B475DC4F7CC29==
------------------------------
Subject: Re: OAP-L3: Semester 1 / Class #1 All are invited.
From: lordcow77 <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Date: Sat, 22 Apr 2000 06:56:05 -0700
In article <[EMAIL PROTECTED]>, Anthony Stephen
Szopa <[EMAIL PROTECTED]> wrote:
>Although you are still in my permanent kill file, why don't you
look
You do know what a killfile is, don't you? If Tom St Denis were
indeed in your killfile you would never see his posts. Somehow,
I believe that a) you're too much of a troll to give up a chance
to flame somebody or b) you lack the self-confidence to ignore
someone criticizes you.
>(I have decided not to bite you.)
>
This is just odd, even by Usenet standards...
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally secure
programs
From: lordcow77 <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Date: Sat, 22 Apr 2000 06:57:47 -0700
In article <[EMAIL PROTECTED]>, Anthony Stephen
Szopa <[EMAIL PROTECTED]> wrote:
>I just put you in my permanent kill file then I read this.
Hello?!?! If he were in your killfile, you wouldn't even see his
message. If your understanding of how to use simple newsreader
software is so defective (or you're just a blustering liar), how
can it be expected that your cryptography software is any better.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3: Secure, but WAY more dificult to use than other equally
Date: Sat, 22 Apr 2000 14:02:05 GMT
lordcow77 wrote:
>
> In article <[EMAIL PROTECTED]>, Anthony Stephen
> Szopa <[EMAIL PROTECTED]> wrote:
> >I just put you in my permanent kill file then I read this.
>
> Hello?!?! If he were in your killfile, you wouldn't even see his
> message. If your understanding of how to use simple newsreader
> software is so defective (or you're just a blustering liar), how
> can it be expected that your cryptography software is any better.
Not to be irrevelant but for someone that pulls apart my language you
should have said "cryptographic software" not "cryptography software"..
Hehehe, I am just joking around.
Tom
------------------------------
Subject: Szopa: troll or snake-oil salesman?
From: lordcow77 <[EMAIL PROTECTED]>
Date: Sat, 22 Apr 2000 07:02:51 -0700
Is Szopa a troll or a snake-oil salesman? To be perfectly
honest, it's hard to tell the difference based on his behavior.
If he is a troll, perhaps the best option is to just ignore him
and hope that he switches targets, say Original Absolute
Compression 7.0/comp.compression or Original Absolute Compiler
11.0/comp.lang.c (I'm just kidding of course. I read comp.lang.c
and would hate to have periodic flame wars about how Szopa's
compiler does the Right Thing by insisting main() returns
void...). If he's a snake-oil salesman, someone might want to
prepare a reasonably comprehensive FAQ specifically mentioning
his software for posting whenever he comes around again.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Requested: update on aes contest
Date: 22 Apr 2000 14:19:58 GMT
One interesting point for those that said to have only one cipher, they did not
agree on what the one cipher should be. Each inventor of course, thought it
should be theirs. Adi Shamir even said to flip a five sided coin (small joke)
to pick one.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GOST with sbox?
Date: 22 Apr 2000 06:53:50 -0700
In article <8daqmq$fd5$[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> GOST uses 4x4 S-boxes where each box is supposed to
> be a permutation on the 16 values.
I've seen this ``it must be a permutation'' assertion a few times,
but never been able to tell where it came from. As far as I can see,
there doesn't appear to be anything in the GOST standard that requires
the S-boxes to form a permutation, but maybe I'm missing something.
Am I simply confused?
------------------------------
From: [EMAIL PROTECTED]
Subject: Tutorial on text encryption
Date: Sat, 22 Apr 2000 14:34:16 GMT
Apologies for a newbie question.
I'm looking for a tutorial on coding text as I am working on a very
simple text file encryption application in VSC++. Any simple algorithm
using random number generation would be ok - it's just an exercise.
Thank you!
Eric
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Szopa: troll or snake-oil salesman?
Date: 22 Apr 2000 14:57:51 GMT
lordcow77 <[EMAIL PROTECTED]> wrote:
> void...). If he's a snake-oil salesman, someone might want to
> prepare a reasonably comprehensive FAQ specifically mentioning
> his software for posting whenever he comes around again.
This reminds me.. a while back part 01 of the FAQ changed, indicating
that someone was in the process of putting out an updated version. Any
progress?
I don't expect to find out who They are, but it would be nice to know
how close They are to putting out something...
(or did it happen and I missed it?)
Thanks,
-David
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: GOST with sbox?
Date: Sat, 22 Apr 2000 15:05:14 GMT
"David A. Wagner" wrote:
>
> In article <8daqmq$fd5$[EMAIL PROTECTED]>,
> Paul Rubin <[EMAIL PROTECTED]> wrote:
> > GOST uses 4x4 S-boxes where each box is supposed to
> > be a permutation on the 16 values.
>
> I've seen this ``it must be a permutation'' assertion a few times,
> but never been able to tell where it came from. As far as I can see,
> there doesn't appear to be anything in the GOST standard that requires
> the S-boxes to form a permutation, but maybe I'm missing something.
> Am I simply confused?
If the sboxes did not form a permutation over 0..15 they would be
seriously biased would they not?
tom
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GSM A5/1 Encryption
Date: 22 Apr 2000 08:08:01 -0700
In article <8dakoh$6jl@journal>, Guy Macon <[EMAIL PROTECTED]> wrote:
> The idea that I have ever advocated any change to the
> internals of any well analyzed crypto method is pure fantasy.
Well, either you have to modify the internals of the ciphertext
frame format and the crypto, or you have to modify the internals
of the plaintext frame format and the speech coding. In GSM,
the frame length and speech coding format are finely tuned and
interdependent on each other; you can't just change one and ignore
the other.
The bottom line is, for GSM, I suspect the type of change you
advocate will not be nearly so easy as you seem to believe.
In any case, even if you find a way to implement it, you will lose
something like 15% of bandwidth. That's a huge overhead, for a
security benefit that can be achieved other ways without any overhead.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: 40-Bit DES Question
Date: 22 Apr 2000 08:15:10 -0700
In article <8dl2p2$9j6$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> SSL 3.0 has 40-bit DES as a valid algorithm for "securing" the socket.
Are you sure? I don't believe it does. Are you thinking of 40-bit RC4?
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Illusion of Security
Date: Sat, 22 Apr 2000 16:03:48 GMT
On Fri, 21 Apr 2000 16:57:30 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
in part:
>True, the original claims were over the top, but this is way beyond
>what we know in the other direction. We do not know the strength of
>these ciphers. The designers and reviewers do not know the strength
>of these ciphers. None of us *can* know strength with respect to
>opponents we do not know and whose knowledge and resources we also do
>not know.
>There exists no basis for asserting that breaking these ciphers is
>"unlikely." We have no testable probability distribution for the
>breaking of ciphers. If the only thing we have to go on is the
>limited published experience, we might well say that every algorithmic
>cipher is likely to be broken eventually. And that is precisely the
>opposite of your unproven assertion that breaking AES is unlikely.
Well, it is true that the Enigma was broken, despite the fact that it
seemed secure at the time. And the same might be said of CORAL.
And it might be noted that the original LUCIFER, on which DES was
based, does fall to differential cryptanalysis, and thus its 128-bit
key isn't a guarantee of security.
However, it is true that the general climate of opinion does seem to
tilt in the direction that ciphers such as the five AES finalists are
adequate.
One basis for this might be that in the absence of any real knowledge
about the strength of ciphers, we don't have a basis for assuming that
breaking the AES (or Triple-DES, or Blowfish) will be "likely",
either, and therefore the effort of using something stronger is hard
to justify. If you were to respond that this is a silly place to put
the burden of proof for anyone who is really concerned about security,
I'm afraid I'd have to agree with you.
Of course, many users of cryptography are concerned with Opponents who
have very limited resources. If a bank wants to protect credit-card
transactions, its concern is that it will use something generally
recognized as secure, so that it cannot be found negligent: maybe they
could make an even stronger cipher (or, worse, one they mistakenly
think is even stronger) themselves, but perhaps even that could be
broken, and in that latter case, they would be in a worse situation.
Presumably, if an AES break were used for credit card fraud, word
would get out before the losses were serious.
The power and flexibility of the computer, and the new flurry of
cryptography-related activity in academe, even if they don't prove
anything, are seen by many as indicative that the rules may have
changed: that 'this time', the ciphers believed to be secure won't
fall by the wayside the way the Enigma did.
My personal inclination in this matter is that this point of view has
some validity, but if one is serious about security, taking a single
block cipher "neat"; that is, using it all by itself in one of the
standard DES modes that, except for solving some small problems, do
not fundamentally increase security over ECB mode; ought to be avoided
if one has the resources to do so. A little extra effort is worth
doing, and enciphering a message by a sandwich such as
DES/Panama/SAFER, even if I cannot prove cryptanalysis of it to be
'unlikely', at least would require a method of attack so very far
beyond anything that is public knowledge that some degree of
confidence is warranted.
But I find that encouraging people to make even that little bit of
extra effort seems to be quite difficult.
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: GOST with sbox?
Date: 22 Apr 2000 08:23:47 -0700
In article <[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> If the sboxes did not form a permutation over 0..15 they would be
> seriously biased would they not?
You're talking about analysis of the standard,
and about what the standard ought to have said.
I'm talking about what the standard actually says.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
