Cryptography-Digest Digest #722, Volume #11 Sun, 7 May 00 07:13:00 EDT
Contents:
Re: Increasing bit Entropy (William Rowden)
Re: Unbreakable Superencipherment Rounds ("Joseph Ashwood")
Why no civilian GPS anti-spoofing? / proposal (Paul Rubin)
Re: KRYPTOS Something new ? ("Douglas A. Gwyn")
Re: quantum crypto breakthru? ("Douglas A. Gwyn")
Re: The Illusion of Security ("Douglas A. Gwyn")
Re: Two basic questions ("Douglas A. Gwyn")
Re: Newbie question about generating primes ("Douglas A. Gwyn")
Re: Why no civilian GPS anti-spoofing? / proposal ("Mxsmanic")
Re: Why no civilian GPS anti-spoofing? / proposal ("Douglas A. Gwyn")
Re: Unbreakable Superencipherment Rounds (Mok-Kong Shen)
An argument for multiple AES winners (Mok-Kong Shen)
Re: Fresco transmits my name (was: Spammed after just visiting a site) (Mark Wooding)
Re: AEES Advanced (Paul Schlyter)
Re: Increasing bit Entropy ("Mr. Tines")
Re: Fresco transmits my name (was: Spammed after just visiting a site) ("Mr. Tines")
Re: Is this random? ("Mr. Tines")
Re: SV: cryptographically secure ("Mr. Tines")
Re: Two basic questions ("Mr. Tines")
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Neon Bunny")
Re: Javascript Private Email (Tom St Denis)
----------------------------------------------------------------------------
From: William Rowden <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Increasing bit Entropy
Date: Sun, 07 May 2000 07:04:09 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> On Sat, 06 May 2000 RavingCow <[EMAIL PROTECTED]> wrote:
[snip]
> >Would the entropy go up to
> >0.75, or would it be less?
> >
> In the general case, XOR will work well and produce
> a stream of approximately .71 bits/bit, but it might
> be more or less if the streams aren't independent and/or
> cross-dependant.
What is the basis for the estimate of .71 bits/bit?
--
-William
SPAM filtered; damages claimed for UCE according to RCW19.86
PGP key: http://www.eskimo.com/~rowdenw/pgp/rowdenw.asc until 2000-08-01
Fingerprint: FB4B E2CD 25AF 95E5 ADBB DA28 379D 47DB 599E 0B1A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Unbreakable Superencipherment Rounds
Date: Sat, 6 May 2000 22:46:49 -0700
The problem I see is that there has been little analysis of
them in that combination. Since it's not clear what you mean
by "1 round" (in some of them, a round can mean either what
has become known as a round, or what is commonly called a
half round), I can't really go into too many details. But I
don't see where it would add a significant amount of
security over 3DES applied the same number of times
(provided you mean one of the standard definitions of round,
see above).
It is very possible that with such a concept applied with
such small granularity, that one sub-round could undo some
security offered by a prior sub-round. The basic security
lies in the strength of 3DES. The key schedule would also be
exceedingly difficult.
Joe
"UBCHI2" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> There is a way to encrypt communications that make them
impregnable to
> cryptanalysts theoretically. Can the following sequence
be implemented?
>
> 1) 1 round RC6
> 2) 1 round TwoFish
> 3) 1 round Serpent
> 4) 1 round Mars
> 5) 1 round Rijndael
>
> Then top off the rounds with a final pass with 3DES. Then
I do it again by
> randomizing the number of rounds of each and the order of
the
> superencipherments using SIGABA irregular movement of the
algorithms.
>
> Anyone want to try to get through that? Obviously the
speed would be slow, but
> for top secret materials, is the security too much?
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Crossposted-To: sci.geo.satellite-nav
Subject: Why no civilian GPS anti-spoofing? / proposal
Date: 7 May 2000 07:24:54 GMT
The PPS signal has what's called an anti-spoofing system, which actually
encrypts the signal. It means that military receivers with the decryption
keys can tell whether the signal is being spoofed; it also means that
unclassified receivers, without the secret keys, can't receive the PPS
signal at all.
The civilian signal on the other hand is unencrypted and has no anti-spoofing.
This actually scares me, now that a multi-carrier civilian system (L5
etc.) has been announced, and airliner navigation will depend on it.
One can imagine a terrorist action sending slightly spoofed GPS
signals that cause two planes to crash into each other. It could be
done by an unmanned transmitter near an airport. If it was only active
for a few minutes and then permanently shut down, chances are that nobody
would ever figure out what had happened.
I'd like to propose that civilian signals on the new carriers have
public-key digital signatures, signed by the satellites. Receivers
would be able to check the signatures by having the public key inside.
The receiver would not need any secret keys, so it would be unclassified.
The satellites would have secret keys, but any attacker trying to obtain
them would have to snag the satellites from 10000 km orbit.
Aviation receivers would be required to check the signatures. Most other
types of receivers could omit this feature if it saved cost.
Comments?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: KRYPTOS Something new ?
Date: Sun, 07 May 2000 07:57:40 GMT
Tom Knight wrote:
> Does anyone know the details (or text) of the Sanborn sculpture
> outside of the Hirshorn museum at the Smithsonian? Is it a copy of
> the CIA one? Half of its letters are roman, and the other half
> cyrillic, with a top portion of each a matrix of alphabetic rotations,
> and the bottom half a similar sized matrix of seemingly random text.
That sounds somewhat like Sanborn's "The Cyrillic Projector" installed
at the University of North Carolina at Charlotte (which I don't think
has encrypted text). Anything with Cyrillic characters is not the
same as the CIA Kryptos scultpure, which has all Roman text except for
a few question-mark characters.
Unfortunately the Hirshhorn Web page http://hirshhorn.si.edu/ is
several months out of date..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: quantum crypto breakthru?
Date: Sun, 07 May 2000 08:20:23 GMT
Francois Grieu wrote:
> I wonder how QC by itself helps against the adversary cutting the
> link, inserting a receiver and a transmitter just like the ones of
> the legitimate receiver and transmitter, and intercepting the
> message without even getting noticed.
Measuring the state (interceptor's receiver) interferes with the
state, and the quantum-cryptographic protocol used by the
legitimate communicants detects that interference has occurred.
The basic quantum fact involved here is usually illustrated by
the "two-slit experiment"; Feynman in particular has given very
clear explanations using this example, q.v.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: The Illusion of Security
Date: Sun, 07 May 2000 08:27:58 GMT
Tim Tyler wrote:
> A proof of security that would satisfy a hardened sceptic appears to
> be inconceivable.
That is a philosophical and psychological problem exhibited by the
skeptic, not a problem with physics, mathematics, nor engineering.
The conversion of inherent quantum randomness to laboratory-scale
randomness happens all the time in physics laboratories, e.g. in
multichannel analyzers counting radiation events at different
energies. It really isn't too hard to extract randomness of as
high a quality as one desires from such signals, but simpler and
cheaper methods are used in practice.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Two basic questions
Date: Sun, 07 May 2000 08:34:47 GMT
kidwalden wrote:
> Why don't people just use bad spelling and/or grammer before encrypting
> messages? If my plain text reads "We-uns gonna tack purl harber
> toonite" ...
That still has a lot of the statistical characteristics of English.
A big problem is that the more you corrupt the natural language,
the greater the chance that the intended recipient will misread it.
If you want to go this route, better to use a true code book with
variants and superencipher that. (Although such systems have been
routinely cryptanalyzed.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Newbie question about generating primes
Date: Sun, 07 May 2000 08:37:39 GMT
JoeC wrote:
> As I understand it, one of the key factors(pardon the pun) in the
> security of PGP and similar is the time taken to factor a large
> prime number.
I hope you meant "a large composite number".
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: sci.geo.satellite-nav
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Sun, 7 May 2000 10:45:30 +0200
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:8f35o6$o7i$[EMAIL PROTECTED]...
> I'd like to propose that civilian signals on
> the new carriers have public-key digital signatures,
> signed by the satellites.
Just what part would you sign, exactly? Public-key encryption is not
appropriate for every application.
Since mission-critical navigation applications would supplement the
satellite signals with a ground-based signal, spoofing of both would be
no more likely than spoofing of VOR or ILS signals today, even without
encryption. In fact, I don't remember terrorists ever spoofing any kind
of navigation signal at all--have I missed something?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Why no civilian GPS anti-spoofing? / proposal
Date: Sun, 07 May 2000 08:47:04 GMT
Paul Rubin wrote:
> One can imagine a terrorist action sending slightly spoofed GPS
> signals that cause two planes to crash into each other.
Yes. Maybe some day in the distant future people will finally
start making sure that all safety-critical design is done by
competent designers, but it sure isn't the rule right now.
Are the flight-control computers still using vacuum tubes?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Unbreakable Superencipherment Rounds
Date: Sun, 07 May 2000 11:52:05 +0200
UBCHI2 wrote:
> There is a way to encrypt communications that make them impregnable to
> cryptanalysts theoretically. Can the following sequence be implemented?
>
> 1) 1 round RC6
> 2) 1 round TwoFish
> 3) 1 round Serpent
> 4) 1 round Mars
> 5) 1 round Rijndael
>
> Then top off the rounds with a final pass with 3DES. Then I do it again by
> randomizing the number of rounds of each and the order of the
> superencipherments using SIGABA irregular movement of the algorithms.
>
> Anyone want to try to get through that? Obviously the speed would be slow, but
> for top secret materials, is the security too much?
Since you are considering applications where the speed is not that
crucial an issue, I would say that a much better scheme is to
implement multiple encryption (with entire algorithms), with the user
being able to choose which of these (also more than once) and in
which order the algoritms are used. Further it may be worthwhile
to consider whether the standard number of rounds in these
algorithms can be implemented to be variable, i.e. user choosable.
Since DES has not performed too bad in the past, one could also
include DES in the scheme. (The difference in block size is easy to
deal with technically.)
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: An argument for multiple AES winners
Date: Sun, 07 May 2000 11:52:16 +0200
I remember to have learned some time ago from
discussions in this group that having multiple AES
winners has the advantage of better coping with
the case that one winner is eventually found to
have certain weakness that is hiterto not
discovered.
It just occurs to me that the same applies in
respect of hidden patent claims. If there are e.g.
three AES winners, the chance of all of them have
hidden patent claims is likely to be fairly small.
So if NIST is not able to insure (free of charge)
the absence of hidden patent claims to prevent
the potential catastrophe of users worldwide
having to pay someday patent loyalities, letting
there to be multiple AES winners is definitely
a good idea.
BTW, I like to ask at this opportunity a probably
dumb question. Is it certain that AES will be
freely available to all people of the world?
Would its use be restricted to applications such
as banking and also confined to the 'friendly'
nations? How about the Wassenaar Arrangements?
Thanks.
M. K. Shen
=================================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Crossposted-To: comp.sys.acorn.misc
Subject: Re: Fresco transmits my name (was: Spammed after just visiting a site)
Date: 7 May 2000 09:03:21 GMT
David J. Ruck <[EMAIL PROTECTED]> wrote:
> For further research look into certificate issuing authorities,
> i.e. Verisign and their relationship to certain branches of the US
> government.
See also Thawte Associates in Africa. It's also possible to make your
own CA keys and create certificates if (a) you're a cheapskate, or (b)
you're paranoid.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: AEES Advanced
Date: 7 May 2000 11:02:59 +0200
In article <u7Fw7N#t$GA.260@cpmsnbbsa04>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>> There is no existing software for this architecture.
>
> If there's no software for it, then how do you offer source
> code for it?
Vaporware? <g>
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: Increasing bit Entropy
Date: Sat, 6 May 2000 23:02:28 +0100
In article <8f1po3$[EMAIL PROTECTED]>, Guy Macon
<[EMAIL PROTECTED]> writes
>Could someone explain (or point to a site that explains) in very simple
>clueless newbie friendly terms how to take a stream that is a combination
>of true random and nonrandom bits and turn it into a shorter stream with
>a higher percentage of true random bits? I have been looking at lavarand,
>which clearly has (at the digitized image leval) some bits which are random
>and a lot which are not.
A good cryptographic hash will have the property that a 1-bit change in
input will flip on average half the bits, spreading that one bit of
entropy uniformly throughout the result.
This is the idea behind the usual approach of using a hash as an entropy
compressor; if you have a source of entropy that averages some faction
of a bit of entropy for every bit generated, then put in enough bits of
imperfect output to get as many bits of entropy as the size of the hash
(or a factor of a few more if you're cautious and the generator is
cheap)
Getting a handle on the actual entropy in a stream is a tedious bit of
statistics, which you really need to do first to find out the right
amount of sample to take.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Crossposted-To: comp.sys.acorn.misc
Subject: Re: Fresco transmits my name (was: Spammed after just visiting a site)
Date: Sat, 6 May 2000 23:07:54 +0100
In article <[EMAIL PROTECTED]>, Mark Wooding
<[EMAIL PROTECTED]> writes
>[sci.crypt added to newsgroups.]
>
>greg <[EMAIL PROTECTED]> wrote:
>> "Rev. James Cort" <[EMAIL PROTECTED]> wrote:
>>
>> > I know this is off topic, but... speaking of which, the US government
>> > changed its tune pretty quickly about that (128-bit SSL). Is it likely
>> > that they've got a system which can cerack it?
>>
>> I personally think that they can.
[snip]
>> This is how they have narrowed the recent Lovebug virus down to the
>> servers at Manilla.
>
>This is probably simple traffic analysis, which SSL doesn't attempt to
>frustrate.
Having looked at the LoveBug code, attributing the origin to Manila was
a simple matter of reading the header comments in the source. Was the
culprit stupid enough to give his meatspace location to within a few km?
Or did he choose a random location from an atlas as a misdirection? We
shall have to see.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: Is this random?
Date: Sat, 6 May 2000 23:13:00 +0100
In article <[EMAIL PROTECTED]>, Benjamin Goldberg
<[EMAIL PROTECTED]> writes
>I've come across a number generator written in java which claims to be
>"truly random" number generator (not a PRNG)... Could someone tell me
>how accurate (or inaccurate) this claim is?
>
[snip]
This looks like the java.security.SecureRandom generator, or at least a
generator inspired by a description of same. Given that a computer is a
deterministic engine, it is at best going to be capturing a chaotic
process. But it's better than the PRNG seeding I've seen in all cases
that don't appeal to dedicated hardware or serious amounts of user
input.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: SV: cryptographically secure
Date: Sat, 6 May 2000 22:33:06 +0100
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> writes
>
>java.security.SecureRandom would me more secure. It uses SHA1 in counter
>mode IIRC.
And seeds with data from watching the scheduling algorithm try to handle
multiple threads; this turns out to be a reasonably decent source of
entropy if you request several kb, use the last few k bits, and for
paranoia's sake boil them down by a factor of about 2 by running them
through a good hash (so put 320 bits into SHA and use the 160 bits
output) before putting them into the key generator.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Mr. Tines" <[EMAIL PROTECTED]>
Subject: Re: Two basic questions
Date: Sat, 6 May 2000 22:51:59 +0100
In article <[EMAIL PROTECTED]>, kidwalden <[EMAIL PROTECTED]>
writes
>Forgive me, I'm just starting to learn about crypto to keep from
>becoming bored stiff at school. I have two basic questions:
>
>Why don't people just use bad spelling and/or grammer before encrypting
>messages? If my plain text reads "We-uns gonna tack purl harber
>toonite" and I take reasonable trouble to not be consistent in my
>misspellings, it seems like even a simple substitution cipher would
>throw off most machines for a long time. After all, nothing would match
>a dictionary lookup...
This is a form of multiple encryption; for which explicit multiple
encryption with an agreed on algorithm is probably better. If you're
using English, a procedure that replaces 'e' and 't' would probably be
more effective in slowing down the simpler forms of analysis (e.g.
plaintext 'e' replaced by one of AEIOUY based on rolling a die unless
absolutely crucial in that the misspelling would change the meaning of
the document, rather than merely needing to be picked out from context
by the recipient)
I recall many moons ago (early 70s) a short story in _Analog_ entitled
_Come you nigh Kay shuns_ in which our hero sneaks a message past the
alien message interceptors by sending a text message whose phonetic
values matched the intended transmission. The weakness of that scheme
was revealed in the correspondence about that story, in which it became
obvious in some of the similar jabberwocky published that decrypts were
in effect keyed by the dialect used.
In such broken plaintext ideas, an effective but key-less concealment
from eavesdroppers would probably prevent meaningful communications
between someone from Georgia and someone from the other Georgia
>Also, has anyone ever made a true random number generator for a PC,
>using some truly random event like beta decay or diode noise?
A few minutes with a search engine will turn up a plan for a simple
hardware RNG using a noisy diode, and estimated cost of under $10.
-- PGPfingerprint: BC01 5527 B493 7C9B 3C54 D1B7 248C 08BC --
_______ {pegwit v8 public key =581cbf05be9899262ab4bb6a08470}
/_ __(_)__ ___ ___ {69c10bcfbca894a5bf8d208d001b829d4d0}
/ / / / _ \/ -_|_-< http://www.ravnaandtines.com/
/_/ /_/_//_/\[EMAIL PROTECTED] PGP key on page
------------------------------
From: "Neon Bunny" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Sun, 7 May 2000 11:31:34 +0100
George Edwards <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<SNIP>
> As I said, if we all put headers or sigs
>
> or duff paras:
>
> Nuke iraq spy no10 blair riot communist security kill abduct
> livingstone
<SNIP>
Rumours are that echelon has the ability to recognise "natural language" and
so you need to write a realistic paragraph about us all killing Tony Blair
with the bombs that I've constructed in my shed with plans off the internet
to create a response. And if they have their heads screwed on then they'll
automatically delete any messages with the word "echelon" in since it's
probably about what we're talking about and not some secret murder plot.
NeonBunny
--
Web: http://bunnybox.jml.net
PGP: http://bunnybox.jml.net/neonbunny.asc
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Javascript Private Email
Date: Sun, 07 May 2000 10:57:47 GMT
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> > If you have a webbrowser that can run JavaScript then you will like
> this
> > page by Dr. Leemon
> >
> > http://www.leemon.com/crypto/SelfDecrypt.html
> >
> > It encrypts the message on the users computer using ArcFour then
> sends a
> > html page to the user which contains the javascript to decrypt it
> (when
> > the password is supplied).
> >
> > It's a really good idea I think.
> >
> > Tom
>
> A better way might be to use public-key encription, where the person
> who wants the webpage transmits his public key to the server.The
> message is encrypted using this and send to the user, who decrypts by
> using his private key.
There is no server for this. You can put his page on your computer and
browse it from there...
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
