Cryptography-Digest Digest #881, Volume #11 Sun, 28 May 00 21:13:00 EDT
Contents:
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Mark Evans)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (George Edwards)
Re: list of prime numbers ("Axel Lindholm")
Re: Traffic Analysis Capabilities ("Trevor L. Jackson, III")
Re: encryption without zeros (Bryan Olson)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Anarchist Lemming")
Re: No-Key Encryption (Steve Roberts)
Re: No-Key Encryption ("Kurt Flei�ig")
Re: Hill's algorithm (Mark Wooding)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Bob)
Re: Another possible 3DES mode. (John Savard)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Thomas M. Sommers")
Math problem (P=NP) prize and breaking encryption (root)
Re: On dynamic random selection of encryption algorithms
([EMAIL PROTECTED])
Re: encryption without zeros (lcs Mixmaster Remailer)
Re: Math problem (P=NP) prize and breaking encryption (Paul Rubin)
Re: encryption without zeros (stanislav shalunov)
----------------------------------------------------------------------------
From: Mark Evans <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Sun, 28 May 2000 22:10:19 +0100
Peter G. Strangman <[EMAIL PROTECTED]> wrote:
> In the idiotic belief that criminals would comply!?!?
> No, not really, even they are not that flea-brained.
Maybe someone wants to make a British version of "America's
Dumbest Criminals". But couldn't find enough source
material...
What's next a law requiring criminals to turn themselves
in at police stations?
--
Mark Evans
St. Peter's CofE High School
Phone: +44 1392 204764 X109
Fax: +44 1392 204763
------------------------------
From: George Edwards <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Sun, 28 May 2000 21:18:47 +0100
In article <[EMAIL PROTECTED]>, Peter G.
Strangman <[EMAIL PROTECTED]> writes
>In the idiotic belief that criminals would comply!?!?
This is the standard stupidity. If people comply, they aren't criminals!
It follows that criminals are those who don't comply,and there will
always be (more and more) who don't. Such laws simply make a profit for
Jack Straw from fines, or cost us all for prisons.
I can't help thinking that the presumption that someting "might occcur"
as a reason for criminalistion is less defensible than the proposition
that if it does occur you get locked up. Vide "speeding". Vide drugs.
What of tobacco, prozac, and writing disgruntled notes to newsgroups?
--
George Edwards
------------------------------
From: "Axel Lindholm" <[EMAIL PROTECTED]>
Subject: Re: list of prime numbers
Date: Sun, 28 May 2000 23:40:54 +0200
"Daniel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 25 May 2000 21:50:00 GMT, [EMAIL PROTECTED] (Dan Day) wrote:
>
>
> >Daniel, what were you hoping to do with the list? If you'll
> >explain your application, we can help you address your problem
> >more directly, since keeping a "list" of primes is likely to
> >be a poor way to get the job done, whatever it is.
> >
> >
> Thanks for all the replies.
>
> I'm trying to understand RSA and want to be able to factor a given
> 'public modulus'. Or try it at least ;-)
>
> If one has a large number (say 150 digits), what are the ways to try
> and break this up into its factors? Where does one start? I think
> that there can only be a limited list of possible prime numbers which
> will actually (when multiplied) come up with the correct public
> modulus. Or am I wrong about this? All information is greatly
> appreciated.
>
> Thanks.
>
There are exactly two numbers that form the public modulus, finding these 2
factors of a 300 digit number can be quite hard, that's the whole point of
the RSA system. But if you know how the primes in your RSA system are
generated that might help alot.
Concider the Lucas-Lehmers test of finding primes that fit the description
2^p-1, where p is a prime. If you knew the RSA system generated their primes
that way you could start looking for a divider to the public modulus on that
form that's less than the squareroot of the public modulus. The list of
these numbers surely would be alot smaller than a list of all known primes
of approx. 10^150.
// Axel Lindholm
------------------------------
Date: Sun, 28 May 2000 18:07:14 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Traffic Analysis Capabilities
Guy Macon wrote:
> ... and a life that is an open book with nothing to hide.
The best kind of victim. What the hell, if you have nothing to hide you've
probably wasted your life anyway. ;-)
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
Date: Sun, 28 May 2000 21:55:44 GMT
lordcow77 wrote:
> Why not? ab//cd0000ef/g -> ab////cd/0/0/0/0ef//g
>
You didn't explain how to escape out the zeros. The
escape character followed by a zero byte fails the
given criteria - it still has zero bytes in it. In
addition to the escape character, you need to designate
some character (other than zero or the escape characer)
to serve as the escaped representation of zero.
I think Guy Macon's comment assumed that the escape
character by itself would represent zero.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Anarchist Lemming" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Mon, 29 May 2000 00:03:31 +0100
"David Boothroyd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > On Mon, 8 May 2000 14:31:20 +0100, "NoSpam" <[EMAIL PROTECTED]>
> > wrote:
> >
> > >plans were already far advanced for a law that would stop ILOVEYOU ever
> > >happening again. Yes, it's that darn RIP bill, still struggling to find
> > >supporters in the real world"
> >
> > If they want to stop I Love you virii, why dont they just get
> > everybody to use a secure mail reader? surely it wouldnt cost them a
> > lot to switch to somerthing secure, like pine, or any other *nix mail
> > reader, or even some windows readers are not too bad. Why spent money
> > on a bill that restricts human rights when you could have abetter
> > solution for all for free?
>
> The Regulation of Investigatory Powers Bill has nothing to do with
stopping
> computer virus programs. It simply regulates what state bodies can do in
> investigating communications for illegal activity.
>
> The proposals in the Bill are exactly the same as the ones Labour
suggested
> before the election so there really isn't anything for anyone to get
> worked up about. The Conservatives were planning mandatory key escrow.
Wrong. We have every right to get worked up. I wasn't old enough to vote in
the last election (not that I would have) and if it becomes law I could be
facing up to 2 years imprisonment. Just because they have an electoral
"mandate" doesn't mean it's useless to fight against this kind of
legislation. Remember, we stopped the Poll Tax.
Lemming
www.hellnet.org.uk
------------------------------
From: [EMAIL PROTECTED] (Steve Roberts)
Subject: Re: No-Key Encryption
Date: Sun, 28 May 2000 23:16:23 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
>Michael Pellaton <[EMAIL PROTECTED]> wrote:
>
>: [...] Is there any implementation of no-key ecnryption available?
>
>While "no-key" is not a common cryptographic term, ROT-13 is probably the
>best-known algorithm which uses no key.
Er, ROT-13 *does* have a key - it's the "13" in the name. Maybe it
could be called "Known-Key Encryption"
Watch out for my new improved cipher ROT-X, which does not have this
weakness.... .....
Steve Roberts
------------------------------
From: "Kurt Flei�ig" <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Mon, 29 May 2000 00:09:56 +0200
tomstd wrote <[EMAIL PROTECTED]>...
>In article <[EMAIL PROTECTED]>, Michael Pellaton
><[EMAIL PROTECTED]> wrote:
>>In the literature about cryptography I often read about the
>three
>>different types of encryption - symmentric, asymmetric and no-
>key
>>encryption. I found plenty implementations of the symmetric and
>the
>>asymmetric methode. Is there any implementation of no-key
>ecnryption
>>available?
>>
>
>No-key encryption doesn't make sense at all. Where did you hear
>about that?
>
>Tom
He probably speaks about codes, not ciphers.
Bye
K
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Hill's algorithm
Date: 28 May 2000 23:38:50 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Mark Wooding wrote:
> > You're likely to be plagued by weak keys here. For example,
[snip diagonal matrix]
> It is albeit normally understood that a Hill matrix is full.
It's also normally understood that a block cipher keyspace is flat. If
the matrix is based on key material, I suspect that there will be many
subtle (and not-so subtle) differently strong keys.
-- [mdw]
------------------------------
From: Bob <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Mon, 29 May 2000 00:42:41 +0000
(Woah, major crosspost!)
> The proposals in the Bill are exactly the same as the ones Labour suggested
> before the election so there really isn't anything for anyone to get
> worked up about.
They didn't exactly go out of their way to publicise this gross human
rights
violation though, did they. How many voters actually got hold of and
read
the huge full manifesto document? I'm guessing (outside gov circles)
VERY
few.
> The Conservatives were planning mandatory key escrow.
Which would be worse. But only just.
Bob
--
Where do you want to go TOMORROW?
==========www.linux.org==========
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Another possible 3DES mode.
Date: Sun, 28 May 2000 23:38:44 GMT
On Sat, 27 May 2000 18:16:04 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>I am planning to add to my site, soon, a description of genetic
>algorithms and hill-climbing techniques.
This has now been done. However, my description of hill-climbing is
very simplistic; the application I illustrate of the technique to DES,
is, as I note, one that couldn't possibly work. Maybe against
six-round DES, but certanly not against 16-round actual DES.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: "Thomas M. Sommers" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Mon, 29 May 2000 00:50:37 GMT
Mark Evans wrote:
>
> Peter G. Strangman <[EMAIL PROTECTED]> wrote:
>
> > In the idiotic belief that criminals would comply!?!?
> > No, not really, even they are not that flea-brained.
>
> Maybe someone wants to make a British version of "America's
> Dumbest Criminals". But couldn't find enough source
> material...
>
> What's next a law requiring criminals to turn themselves
> in at police stations?
Well, in the US it's a crime for a criminal not to report his illegal
earnings to the tax man. That's how they got Al Capone.
------------------------------
From: root <[EMAIL PROTECTED]>
Subject: Math problem (P=NP) prize and breaking encryption
Date: 28 May 2000 23:47:02 GMT
Hi;
In the paper last week there was an article about 7 math
problems for the 21st century. One of them (P = NP) was
supposed to allow easy breaking of encryption.
I went to the site (www.claymath.org) and looked at the
problem description. They suggested that if someone could
solve a problem like Hamilton Circuit (path through nodes
visiting each one only once, ending at starting point), then
the safety of encryption is gone.
Is this hype? Would it still take a lot of work? How would
someone use a solution for Hamilton Circuit to break RSA
for instance?
I'm certainly not an expert in encryption, but I was curious
how such an unrelated problem could have anything to do with
breaking encryption.
Thanks,
stan
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: On dynamic random selection of encryption algorithms
Date: Sun, 28 May 2000 18:01:32 -0700
This is just a layman's opinion but I think that this is a conceptually
simple method how to make encryption extremely difficult if not for all
practical purposes impossible to break. You could even use only 64-bit
key and be able to export it.
Speed disadvantage will only be a factor when m > 1. Otherwise the speed
of the PRNG could be negligible compared to the block cipher.
I think that sonebody proposed a similar idea earlier under the name
"Mishmash".
Joseph Poe
Mok-Kong Shen wrote:
> I should very much appreciate obtaining critiques and
> comments on the following (essentially simple) ideas:
>
> Let there be a set of n block ciphers that are deemed
> appropriate for being used in multiple encryptions with
> m constituent ciphers (m1 <= m <= m2). Let a PRNG be
> chosen by the communication partners and a secret session
> key be given. We'll use the key as the seed to the PRNG
> to generate pseudo-random number sequences required below.
>
> For each block of plaintext to be encrypted, first
> generate a random number m in [m1, m2]. Then randomly
> choose m algorithms from the available set of n
> algorithms. Subsequently perform a random permutation
> of the ordering of these to determine the sequential order
> with which the m algorithms are to be placed in the stack
> (eventually avoiding, if desired, the case that two
> consecutive algorithms in the stack are the same). Finally
> generate m keys that are required by these algoritms to do
> the encryption of the given block of plaintext.
>
> Note:
>
> 1. The block sizes of the algorithms forming a stack need
> to be compatible (commensurable) but successive blocks
> of the entire scheme (i.e. of the plaintext) need
> neither be the same nor commensurable.
>
> 2. The special case n = m = 1 reduces to my previous
> proposal to use variable keys for block ciphers to defeat
> differential analysis and other sophisticated techniques
> of attack that rely on the availability of huge amounts
> of materials processed by the same key of a block cipher.
>
> 3. The scheme effectively forces the opponent to brute force
> the seed of the PRNG, which, however, could be made to
> be arbitrarily long.
>
> 4. The ideas here described are in some sense related to the
> one where a PRNG is tightly incorporated (built-in) with a
> block cipher. See my humble WEAK-EX series of algorithms.
>
> 5. Inferior speed performance could under circumstances be a
> disadvantage of the scheme.
>
> M. K. Shen
> --------------------------------
> http://home.t-online.de/home/mok-kong.shen
------------------------------
Date: 29 May 2000 01:00:03 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
Rick - You could use a regular encryption function like triple DES,
but if you get an output block which has a zero byte in it, run that
block through the encryption function again, and repeat until you
don't get any zeros.
DES uses 64 bit (8 byte) data, so the chances of getting a block with a
zero is 8/256 or 1/32, so you won't have to repeat the iteration very
often, and almost never have to do it twice.
To decrypt, do the same thing: decrypt the data block, and if it comes
out with a zero, decrypt it again. This assumes your input doesn't
have any zero bytes either, so that the decryption can recognize when
it is through.
rick2 <[EMAIL PROTECTED]> writes:
> I would like to use some strong encryption but need to have
> the output not have any zeros (needs to fit into zero-terminated
> data chunks). What would be the smallest and fastest way to mask
> the zeros? I've seen some people expand every 7 bits to 8, but
> that seems wasteful (expands to 114% of original size, or so) and
> takes time (every output byte needs to be shifted).
>
> Just for kicks, I'm currently using bit-shifting only, which will
> never produce a zero from a non-zero byte. I guess that's not
> a strong encryption routine, though. Is there any strong routine
> which doesn't make zeros from non-zero data?
>
> Thanks in advance.
>
> RB
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Math problem (P=NP) prize and breaking encryption
Date: 29 May 2000 01:02:27 GMT
In article <[EMAIL PROTECTED]>,
root <[EMAIL PROTECTED]> wrote:
>I went to the site (www.claymath.org) and looked at the
>problem description. They suggested that if someone could
>solve a problem like Hamilton Circuit (path through nodes
>visiting each one only once, ending at starting point), then
>the safety of encryption is gone.
>
>Is this hype? Would it still take a lot of work? How would
>someone use a solution for Hamilton Circuit to break RSA
>for instance?
No, not hype. It's an important theorem, though mostly of theoretical
interest, not anything that keeps codebreakers awake at night. I'm sure
it's a FAQ somewhere.
See Garey and Johnson's book "Computers and Intractability: A Guide to
the Theory of NP-completeness" for a full explanation. Basic
simplified explanation: you can mathematically transform any factoring
problem into a Hamilton Circuit problem, so that being able to answer
the HC problem also answers the factoring problem. The details are
complicated, but the underlying theory is of very general relevance to
computer science, not just cryptography.
------------------------------
Subject: Re: encryption without zeros
From: stanislav shalunov <[EMAIL PROTECTED]>
Date: Mon, 29 May 2000 01:01:44 GMT
rick2 <[EMAIL PROTECTED]> writes:
> I would like to use some strong encryption but need to have
> the output not have any zeros (needs to fit into zero-terminated
> data chunks). What would be the smallest and fastest way to mask
> the zeros? I've seen some people expand every 7 bits to 8, but
> that seems wasteful (expands to 114% of original size, or so) and
> takes time (every output byte needs to be shifted).
If you don't like Base64 (which would mask all questionable
characters) you could always take an escape character ('\e' seems a
good candidate) and do something like this:
while ((c = getc()) != EOF)
if (c == '\e') {
putc('\e');
putc('\e');
} else if (c == '\0') {
putc('\e');
putc('0');
} else {
putc(c);
}
(Escaping all NUL bytes.) This expands it by number of '\0' + number
of '\e' in the original string (or less than 1% for encrypted text).
It'll be much easier for you and much less kludgey to simply store the
length along with the pointer to memory block.
--
stanislav shalunov | Speaking only for myself.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
