Cryptography-Digest Digest #891, Volume #11 Tue, 30 May 00 01:13:00 EDT
Contents:
Classical Crypto Books (CryptoBook)
Re: Evidence Eliminator concerns ("donoli")
Re: Is OTP unbreakable? (Mickey McInnis)
Re: encryption without zeros (David Hopwood)
Re: Is OTP unbreakable?/Station-Station (Joaquim Southby)
driving me and friends nuts (Yanko Leskovar)
Re: Is OTP unbreakable?/Station-Station (Joaquim Southby)
Re: No-Key Encryption (John Savard)
Re: No-Key Encryption (John Savard)
Re: encryption without zeros (Guy Macon)
Re: Is OTP unbreakable? (Guy Macon)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Classical Crypto Books
Date: 30 May 2000 02:19:13 GMT
Classical Crypto Books is pleased to announce the following recent additions
and updates to the CCB catalog.
ANCIENT SCRIPTS
BREAKING THE MAYA CODE: Revised Edition
by Michael D. Coe
Published at $18.95.
SB, Thames & Hudson, 1999, 304 pp.
Nonmember $17.95, Member $16.95
GLYPH-BREAKER
by Steven Roger Fischer
HB, Copernicus, 1997, 244 pp.
Nonmember $24.95, Member $21.95
READING THE PAST: Ancient Writing from Cuneiform to the Alphabet
by J. T. Hooker (Editor)
HB, Barnes & Noble Books, 1998, 384 pp.
Nonmember $15.95, Member $13.95
BIBLE CODE
THE BIBLE CODE
by Michael Drosnin
Published at $25.00. Out of Print.
HB, Simon & Schuster, 1997, 265 pp.
Nonmember $22.95, Member $19.95
THE BIBLE CODE
by Michael Drosnin
SB, Touchstone, 1998, 267 pp.
Nonmember $12.95, Member $11.95
BIOGRAPHIES AND MEMOIRS
GENTLEMAN SPY: The Life of Allen Dulles
by Peter Grose
HB, Andre Deutsch, 1995, 653 pp.
Nonmember $34.95, Member $29.95
BETWEEN SILK AND CYANIDE: A Codemaker's War 1941-1945
by Leo Marks
As head of communications at Britain's Special Operations Executive (SOE), Leo
Marks revolutionized the art of making codes. He also trained SOE agents in
their use before they were infiltrated into enemy-held territory. This is his
story. Published at $27.50.
HB, Free Press, 1999, 624 pp.
Nonmember $24.95, Member $21.95
HE WHO DARES: Reflections of Service in the SAS, SBS, and MI5
by David Sutherland
Published at $34.95.
HB, Naval Institute Press, 1999, 221 pp.
Nonmember $31.95, Member $27.95
CLASSICAL CRYPTO
DECRYPTED SECRETS: Methods and Maxims of Cryptology
by Friedrich L. Bauer
Published at $39.95.
HB, Springer-Verlag, 1997, 460 pp.
Nonmember $37.95, Member $34.95
CRYPTOLOGY: MACHINES, HISTORY, AND METHODS
by Cipher A. Deavours, David Kahn, Louis Kruh, Greg Mellen, Brian Winkel
HB, Artech House, 1989, 518 pp.
Nonmember $119.95, Member $109.95
CRYPTOLOGY: YESTERDAY, TODAY, AND TOMORROW
by Cipher A. Deavours, David Kahn, Louis Kruh, Greg Mellen, Brian Winkel
HB, Artech House, 1987, 528 pp.
Nonmember $109.95, Member $99.95
MACHINE CRYPTOGRAPHY AND MODERN CRYPTANALYSIS
by Cipher A. Deavours, Louis Kruh
HB, Artech House, 1985, 273 pp.
Nonmember $85.95, Member $79.95
SELECTIONS FROM CRYPTOLOGIA: History, People, and Technology
by Cipher A. Deavours, David Kahn, Louis Kruh, Greg Mellen, Brian Winkel
Published at $79.00.
HB, Artech House, 1998, 560 pp.
Nonmember $70.95, Member $62.95
ADVANCED MILITARY CRYPTOGRAPHY, FACSIMILE EDITION
by William F. Friedman
A BEST BUY! Continues Friedman's Elementary Military Cryptography, covering the
same general areas, but with more advanced subject matter. Includes sections on
repetitive and combined systems as well as cryptographs and cipher machines.
Published at $19.95.
SB, Buckmaster Publishing, 117 pp.
Nonmember $14.95, Member $9.95
SECRETS OF MAKING AND BREAKING CODES
by Hamilton Nickels
HB, Barnes & Noble Books, 1998, 144 pp.
Nonmember $9.95, Member $7.95
MANUAL OF CRYPTOGRAPHY: Manuale di Crittografia
by General Luigi Sacco
For the advanced, mathematically inclined student. Part 2, on cryptanalysis,
discusses transposition ciphers; literal, polygraphic and fractionating
substitution ciphers; codes, enciphered codes; and machine ciphers. Part 3
gives advice on crypto usage.
SB, Aegean Park Press C-14, 1977, 203 pp.
Nonmember $26.80, Member $21.45
COUNTERINTELLIGENCE
TRAITORS AMONG US: Inside the Spy Catcher's World
by Stuart A. Herrington
Published at $27.95.
HB, Presidio, 1999, 421 pp.
Nonmember $25.95, Member $22.95
ARMY SURVEILLANCE IN AMERICA, 1775-1980
by Joan M. Jensen
Published at $37.50.
HB, Yale University Press, 1991, 335 pp.
Nonmember $33.95, Member $29.95
CURRENT AFFAIRS
BUILDING IN BIG BROTHER: The Cryptographic Policy Debate
by Lance J. Hoffman
Published at $39.95.
SB, Springer-Verlag, 1995, 576 pp.
Nonmember $36.95, Member $33.95
ESPIONAGE AND INTELLIGENCE
BOMBSHELL: The Secret Story of America's Unknown Atomic Spy Conspiracy
by Joseph Albright, Marcia Kunstel
Published at $25.00.
HB, Times Books, 1997, 416 pp.
Nonmember $22.95, Member $19.95
FOR THE PRESIDENT'S EYES ONLY: Secret Intelligence and the American Presidency
from Washington to Bush
by Christopher Andrew
Published at $30.00. Out of Print.
HB, HarperCollins, 1995, 672 pp.
Nonmember $27.95, Member $24.95
BRITISH SECURITY COORDINATION: The Secret History of British Intelligence in
the Americas, 1940-1945
Published at $35.00.
HB, Fromm International, 1999, 572 pp.
Nonmember $31.95, Member $28.95
THE CENTRAL INTELLIGENCE AGENCY: An Instrument of Government to 1950
by Arthur B. Darling, Bruce D. Berkowitz, Allan E. Goodman
Published at $60.00.
HB, Penn State Press, 1990, 543 pp.
Nonmember $53.95, Member $47.95
SPY SUB: A Top Secret Mission to the Bottom of the Pacific
by Roger C. Dunham
Published at $32.95.
HB, Naval Institute Press, 1996, 235 pp.
Nonmember $29.95, Member $26.95
THE SECRET WAR FOR THE UNION: The Untold Story of Military Intelligence in the
Civil War
Published at $35.00. Out of Print.
HB, Houghton Mifflin Company, 1996, 750 pp.
Nonmember $31.95, Member $27.95
SPYWORLD: Inside the Canadian and American Intelligence Establishments
by Mike Frost, Michael Gratton
Out of Print.
HB, Doubleday Canada, 1994, 280 pp.
Nonmember $32.95, Member $29.95
PROJECT COLDFEET: Secret Mission to a Soviet Ice Station
by William M. Leary, Leonard A. LeSchack
Published at $29.95.
HB, Naval Institute Press, 1996, 209 pp.
Nonmember $26.95, Member $23.95
SPIES AND SPYMASTERS OF THE CIVIL WAR
by Donald E. Markle
HB, Barnes & Noble Books, 1995, 264 pp.
Nonmember $15.95, Member $12.95
SPIES AND SPYMASTERS OF THE CIVIL WAR
by Donald E. Markle
SB, Hippocrene Books, 1995, 264 pp.
Nonmember $11.95, Member $10.95
THE ULTIMATE SPY BOOK
by H. Keith Melton, William Colby, Oleg Kalugin
Published at $29.95.
HB, DK Publishing, 1996, 176 pp.
Nonmember $26.95, Member $23.95
BATTLEGROUND BERLIN: CIA vs. KGB in the Cold War
by David E. Murphy
Published at $30.00.
HB, Yale University Press, 1997, 556 pp.
Nonmember $26.95, Member $23.95
THE CORONA PROJECT: America's First Spy Satellites
by Curtis Peebles
Published at $36.95.
HB, Naval Institute Press, 1997, 367 pp.
Nonmember $33.95, Member $29.95
THE HAUNTED WOOD: Soviet Espionage in America - The Stalin Era
by Allen Weinstein, Alexander Vassiliev
Published at $14.95.
SB, Modern Library, 2000, 432 pp.
Nonmember $13.95, Member $12.95
THE CROWN JEWELS: The British Secrets at the Heart of the KGB Archives
by Nigel West, Oleg Tsarev
This lively account of Soviet foreign intelligence activities in Great Britain
during the Cold War is based on documents newly released from the KGB archives,
their "crown jewels," as the KGB unofficially called their most valuable
assets. Published at $30.00.
HB, Yale University Press, 1999, 380 pp.
Nonmember $27.95, Member $24.95
FICTION AND LITERATURE
ENIGMA
by Robert Harris
Out of Print.
HB, Random House, 1995, 334 pp.
Nonmember $25.95, Member $22.95
SIMPLE SIMON: A Thriller
by Ryne Douglas Pearson
Published at $24.00. Out of Print.
HB, William Morrow, 1996, 268 pp.
Nonmember $21.95, Member $19.95
THE GOLD BUG
by Edgar Allen Poe
Published at $13.95.
HB, Creative Education, 1990, 79 pp.
Nonmember $12.95, Member $11.95
THE GOLD-BUG AND OTHER TALES
by Edgar Allen Poe
SB, Dover Publications, 1991, 127 pp.
Nonmember $1.00, Member $0.90
CRYPTONOMICON
by Neal Stephenson, Bruce Schneier (Appendix on the Solitaire Encryption
Algorithm)
A brilliant, hilarious, historical, adventure novel about a genius
cryptanalyst/inventor charged with keeping Nazis from guessing the Ultra secret
and about his hacker-entrepreneur grandson, who must crack a WWII cipher to
find a fortune in stolen gold. Published at $27.50.
HB, Avon Books, 1999, 928 pp.
Nonmember $24.95, Member $21.95
HISTORY
AMERICAN COMMAND OF THE SEA: Through Carriers, Codes, and the Silent Service
by Carl Boyd
SB, Mariner's Museum, 1995, 79 pp.
Nonmember $13.95, Member $12.95
BEST-KEPT SECRET: Canadian Secret Intelligence in the Second World War
by John Bryden
Published at $28.95. Out of Print.
HB, Lester Publishing, 1993, 400 pp.
Nonmember $26.95, Member $23.95
DAYS OF INFAMY: MacArthur, Roosevelt, Churchill -- The Shocking Truth Revealed,
How Their Secret Deals and Strategic Blunders Caused Disasters at Pearl Harbor
and the Philippines
by John Costello
Published at $24.00. Out of Print.
HB, Pocket Books, 1994, 460 pp.
Nonmember $21.95, Member $19.95
MACARTHUR'S ULTRA: Codebreaking and the War Against Japan, 1942-1945
by Edward J. Drea
Out of Print.
SB, University Press of Kansas, 1992, 312 pp.
Nonmember $19.95, Member $16.95
LISTENING IN: Intercepting German Trench Communications in World War I
by Ernest H. Hinrichs, Jr.
Published at $19.95. Out of Print.
HB, White Mane Books, 1996, 166 pp.
Nonmember $18.95, Member $16.95
BRITISH INTELLIGENCE IN THE SECOND WORLD WAR, VOLUME 1: Its Influence on
Strategy and Operations
by F. H. Hinsley, E. E. Thomas, C. F. G. Ransom, R. C. Knight
Out of Print.
HB, HMSO, 1986, 615 pp.
Nonmember $34.95, Member $29.95
SEIZING THE ENIGMA: The Race to Break the German U-Boat Codes 1939-1943
by David Kahn
A BEST BUY!
HB, Barnes & Noble Books, 1998, 350 pp.
Nonmember $11.95, Member $10.95
NAVAJO WEAPON
by S. McClain
Out of Print.
HB, Books Beyond Borders, 1994, 310 pp.
Nonmember $32.95, Member $29.95
NCVA HISTORY BOOK: U. S. Naval Cryptologic Veterans Association
by George P. McGinnis (Editor)
Published at $52.50.
HB, Turner Publishing Company, 1996, 208 pp.
Nonmember $49.95, Member $45.95
THE ULTRA-MAGIC DEALS: And the Most Secret Special Relationship, 1940-1946
by Bradley F. Smith
Published at $12.95.
SB, Presidio, 1994, 288 pp.
Nonmember $11.95, Member $10.95
DAY OF DECEIT: The Truth About FDR and Pearl Harbor
by Robert B. Stinnett
Published at $26.00.
HB, Free Press, 2000, 400 pp.
Nonmember $23.95, Member $20.95
MODERN AND ADVANCED CRYPTO
PGP, PRETTY GOOD PRIVACY: Encryption for Everyone
by Simson Garfinkel
Published at $34.95.
SB, O'Reilly & Associates, 1995, 429 pp.
Nonmember $31.95, Member $27.95
WEB SECURITY & COMMERCE: Risks, Technologies, and Strategies
by Simson Garfinkel, Gene Spafford
Published at $34.95.
SB, O'Reilly & Associates, 1997, 506 pp.
Nonmember $31.95, Member $27.95
CODING THEORY AND CRYPTOGRAPHY: From Enigma and Geheimschreiber to Quantum
Theory
by David Joyner (Editor)
Published at $79.00.
SB, Springer-Verlag, 2000, 264 pp.
Nonmember $74.95, Member $69.95
ALGEBRAIC ASPECTS OF CRYPTOGRAPHY
by Neal Koblitz, Alfred J. Menezes, Yi-Hong Wu, Robert J. Zuccherat
The first printing sold out quickly. Now, available again in a new printing
with corrections. Published at $64.95.
HB, Springer-Verlag, 1999, 216 pp.
Nonmember $60.95, Member $56.95
THE DEVELOPMENT OF THE NUMBER FIELD SIEVE: Lecture Notes in Mathematics 1554
by A. K. Lenstra, H. W. lenstra, Jr. (Editors)
The number field sieve is an algorithm for factoring large integers that was
proposed by John Pollard in 1988. This volume contains six papers on the sieve,
as well as an annotated bibliography. Published at $32.95.
SB, Springer-Verlag, 1993, 139 pp.
Nonmember $30.95, Member $27.95
PERSONAL ENCRYPTION: Clearly Explained
by Pete Loshin
Published at $39.95.
HB, AP Professional, 1998, 559 pp.
Nonmember $36.95, Member $33.95
HACKING EXPOSED: Network Security Secrets and Solutions
by Stuart McClure, Joel Scambray, George Kurtz
Published at $39.99.
SB, Osborne, 1999, 512 pp.
Nonmember $36.95, Member $33.95
DEFENDING YOUR DIGITAL ASSETS: Against Hackers, Crackers, Spies, and Thieves
by Randall K. Nichols, Daniel J. Ryan, Julie J.H.C. Ryan
Published at $49.99.
SB, RSA Press, 2000, 894 pp.
Nonmember $45.95, Member $41.95
JAVA SECURITY
by Scott Oaks
Published at $34.95.
SB, O'Reilly & Associates, 1998, 473 pp.
Nonmember $31.95, Member $27.95
CRYPTOGRAPHY: Theory and Practice
by Craig R. Stinson
Published at $89.95.
HB, CRC Press, 1995, 448 pp.
Nonmember $84.95, Member $79.95
VENONA
VENONA: Decoding Soviet Espionage in America
by John Earl Haynes, Harvey Klehr
Published at $30.00.
HB, Yale University Press, 1999, 501 pp.
Nonmember $27.95, Member $24.95
VOYNICH MANUSCRIPT
SOLUTION OF THE VOYNICH MANUSCRIPT: A Liturgical Manual for the Endura Rite of
the Cathari Heresy, The Cult of Isis
by Leo Levitov
SB, Aegean Park Press M-12, 1987, 182 pp.
Nonmember $34.80, Member $27.85
ZIMMERMANN TELEGRAM
THE ZIMMERMANN TELEGRAM
by Barbara W. Tuchman
In 1917 Britain wanted desperately for the US to join the fight but President
Wilson was firmly neutral. Then a telegram offering Mexico return of the US
southwest if they would join an invasion was intercepted by the British and
decoded in Room 40.
SB, Ballantine, 1985, 256 pp.
Nonmember $10.95, Member $9.95
==============
HB = Hardbound
SB = Softbound
==============
All items are new, in stock, and available now. Member prices are available to
members of the American Cryptogram Association, the U.S. Naval Cryptologic
Veterans Association, and full-time students. Shipping and handling are extra.
For complete ordering information, a free catalog of crypto books by return
e-mail, or for information about membership in the American Cryptogram
Association, please send e-mail to: [EMAIL PROTECTED]
Best Wishes,
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: "donoli" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Evidence Eliminator concerns
Date: Tue, 30 May 2000 03:44:58 GMT
icarus wrote in message <8gshgh$oaj$[EMAIL PROTECTED]>...
>Hi guys,
>
>I am very concerned about EE. I dont wear a badge. I am a user but not too
>naive i hope.
>
>I dont want it to come in on startup and sit there; I want it to come in
>when I call it. I have deleted various startup options and it goes away and
>comes back two or three times later after a reboot.
>
>I stress that it appears to work but I AM CONCERNED as they are anonymous.
>I have sent them an email but i get no reply.
>
>Is it a good tool or A TROJAN ????
>
>EE support, if you have nothing to fear who are you??? I have nothing to
>gain, I am a user and not a cop.
>
>
>regards,
>
>icarus
>
>
############
To check if it's a trojan, go to a DOS prompt and run
netstat -an
If you see in the foreign address column any connections to port 21 or any
port over 1023, try to identify the connection. If your not sure of the
output from that command, post it here or e-mail me.
donoli.
############
------------------------------
From: [EMAIL PROTECTED] (Mickey McInnis)
Subject: Re: Is OTP unbreakable?
Date: 30 May 2000 03:29:43 GMT
Reply-To: [EMAIL PROTECTED]
In article <8gqoic$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Guy Macon)
writes:
...
|>
|> No. If I use any of the standard authentication protocols,
|> someone who knows my plaintext but not my key and who can
|> intercept my ciphertext and replace it with his own cannot
|> send a message that looks like I sent it. In the case of
|> checksum followed by OTP encryption, he can. This is the
|> classic man-in-the middle attack combined with the classic
|> known/chosen plaintext attack. Good security systems resist
|> these attacks, singly or in combination. OTP doesn't.
|>
This still leaves one possible "attack" If the attacker has
an earlier, signed cleartext, today's cleartext (of the same
length), and man-in-the middle access, he could replace today's
message with the earlier message. He could screen out an
urgent message and send an innoucuous message. You need to include
a time stamp or sequence number as part of the message
and check the checksum number and sequence or time stamp at the
receiving end, too.
I know this is getting rarified, but that's what makes it fun,
and some pretty wild attacks have been used in real life.
--
Mickey McInnis - [EMAIL PROTECTED]
--
All opinions expressed are my own opinions, not my company's opinions.
------------------------------
Date: Mon, 29 May 2000 19:57:59 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: encryption without zeros
=====BEGIN PGP SIGNED MESSAGE=====
Scott Fluhrer wrote:
> rick2 <[EMAIL PROTECTED]> wrote in message news:rb-17BAC7.22362727052000@news...
> > I would like to use some strong encryption but need to have
> > the output not have any zeros ...
> One possibility (assuming that the plaintext has no zero bytes): use your
> favorite block algorithm in ECB mode. When you encrypt a block, you check
> if the ciphertext would contain any zero bytes -- if it does, encrypt the
> block again (and repeat until the output doesn't have any zero bytes).
>
> And, on decryption, to use the same procedure, you keep on decrypting until
> you get a block without any zero bytes.
[...]
> The ECB mode is somewhat weak if plaintext blocks can repeat -- you may want
> to have a transformation on the plaintext beforehand to lessen that
> possibility -- your current set of bit-shifts may do the job nicely...
>
> (I tried to work out a similar procedure for another mode, but I cannot come
> up with way which cannot infinite loop, and whose decryption is
> unambiguous...)
Any of the other chaining modes can be used with the above transformation as
the block cipher, and addition mod 255 on each byte instead of XOR.
E.g. for CBC, if n is the block size in bytes,
Encryption:
C_-1 = IV
C_i = E[K](add(P_i, C_{i-1}))
add(x[0..n-1], y[0..n-1]) =
[adjust(x[0]+y[0]), ..., adjust(x[n-1]+y[n-1])]
Decryption:
C_-1 = IV
P_i = sub(D[K](C_i), C_{i-1})
sub(x[0..n-1], y[0..n-1]) =
[adjust(x[0]-y[0]), ..., adjust(x[n-1]-y[n-1])]
adjust(x) = 255, if x = 0 (mod 255)
= x mod 255, otherwise
[x = adjust(x+y) can be implemented without using conditionals or division,
as { x += y; x -= (x-1) >> 8; }. Similarly, x = adjust(x-y) can
be implemented as { x -= y; x += (x-1) >> 8; x &= 255; }, assuming
twos-complement 16-bit arithmetic.]
- --
David Hopwood <[EMAIL PROTECTED]>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOTK9cjkCAxeYt5gVAQHoMwgAtf/4goIbI/aZMmA2s3vithtb1MEUR30L
xgTWjJk8Gkc7nFUa7kHJ3lv0b0AL+E/CCq9Q+/jk7njFte25d8gftgKvR1SRCsEG
icU0iDHEwH0G/E5kCZbGFgb+RCE+ek+TfL1ebcwIdbOYbzzqq1IH7K/KHYIF58an
bmA0wnDFyiFRWT2yBu2d3kRzuOxKCHOdyfO/yRBVVVD1yldM/m+ZJIbZ1fGUmXQE
lhrhdRNWUZhyYlWdUPbgUCDtkVOy0tzJC1xKpajSSXSUf+WYMm7idIi614XpIztT
jMkNkFf4ipSwqX6p0NCl5WR1p0lRaUwQV1oNcuYk7R8fWKxykhprHA==
=hy0L
=====END PGP SIGNATURE=====
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 04:13:58 GMT
In article <[EMAIL PROTECTED]> Tim Tyler, [EMAIL PROTECTED] writes:
>There's nothing terribly unusual about chosen plaintext attacks - or
>man-in-the-middle attacks.
>
The unusual part is that he proposed obtaining plaintext and then somehow
intercepting the corresponding enciphered text. Oh, and let's not forget
the caveat that the interception must be performed so that the message
doesn't reach the receiver and that neither the sender nor the receiver
are aware of the act. Would this work if the sender secures his
plaintexts? No. Would this work if the enciphered message was
broadcast? No. Would it work more than once? No (unless you have some
very obtuse targets).
>The ability to process information by intercepting all communication
>through a cable provides room for a man-in-the-middle.
>
His original message did not posit the medium of transmission. Even if
you have room in your cable for the man-in-the-middle, you still must
have the original plaintext.
>...and known-plaintexts have been used by cryptanalysts extensively since
>the art was born.
>
>I don't see any coherent arguments against Guy's summary.
>
The arguments were not against the particular case he described, simply
against the rather limited circumstances to which it would apply.
Coherency is in the ear of the beholder.
------------------------------
From: Yanko Leskovar <[EMAIL PROTECTED]>
Subject: driving me and friends nuts
Date: Tue, 30 May 2000 13:29:31 +1000
Can anyone with better decryption skills solve this encoded message ?
MLWMZYZ VSG MLRHHRN WMZ MIFGVI LG VHZY
it's driving me nuts. anyway just to point out some observations of the
above code, which
may or not help are;
* 7 words (but this may be a trick)
* 32 letters (some repeated)
* letters A to E are not used
* lowest alphabet letter is G
* highest alphabet letter is Z
* The used letters, also form adjacent groups from the alphabet
(ghi, lmn, rs, vw,yz) - hmm this must be something cluey?
* Replacing each letter with it's ASCII-value and subtracting with
values 1 (through to 26)
does not reveal any sensible message, so substitution does not work ?
good luck,
yanko
------------------------------
From: Joaquim Southby <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 04:39:16 GMT
In article <8gub5t$[EMAIL PROTECTED]> Guy Macon,
[EMAIL PROTECTED] writes:
>Rather than assuming that I denigrate OTP, why don't you ask me what
>my opinion of it is? (My opinion is that is wonderful. I don't
>have to worry about some crypto expert breaking the scheme through
>cryptanalysis. That's very valuable. My opinion is also that you
>shouldn't just run your plaintext through the OTP. You should
>compress it, encrypt it with a method that provides authentication,
>then encrypt it again with OTP. PGP does the compression and the
>authentication in one step). I see little point in using OTP to
>raise your security level against cryptanalysis from really, really,
>really, good to perfect without also taking simple steps to raise
>your security level against man-in-the-middle and known plaintext
>attacks.
>
Guy, I must apologize to you before anything else. I mixed your posts up
with the person who originally posted the attack scenario. That was
where I got the notion that you were denigrating OTP.
>As for likelihood, I am, among other things, a system administrator
>for a corporate LAN. If one of my users starts using OTP (say with
>a CD-ROM of random bits) I can probably fake incoming emails and do
>a bit of social engineering to achieve chosen plaintext, and I can
>certainly intercept and replace the users ciphertext with my own.
>One of my jobs as sysadmin is to provide my users with security
>that I cannot break. OTP alone doesn't provide that.
>
Once again, the attack here depends on obtaining the original plaintext.
If I'm going to all the trouble of setting up an OTP scheme, I would
certainly secure the plaintext with the same vigor. The attack also
depends on sending the message through a medium that allows the type of
interception proposed. This attack is becoming very narrow in scope.
That was my point.
>Let's be realistic here. The chances of someone using cryptanalysis
>to read your PGP encrypted message is way out in the "angels dancing
>on heads of pins" area already.
>
We're in agreement here.
>The odds of OTP's resistance to
>cryptanalysis increasing your security is much smaller than the
>chances that your sysadmin or ISP will social engineer you into
>encrypting known plaintext and then do a man-in-the-middle attack.
>
This one is a matter of opinion, but that's what 99% of Usenet is about,
right? I personally would not give the sysadmin access to my plaintext
and my ISP can barely maintain a connection, let alone bring about the
type of finesse suggested here. Regardless of the type of encipherment
used, my basic rule is that critical plaintext does not appear on
non-trusted machines. That would include any machine connected to any
network. In such a case, your statement would be false. Others don't
apply the same restrictions to their communications, so in their case
your statement would be true.
Again, apologies for the mixup in posters' identities. The moon was
full, the change was upon me, and I was not reading headers in my rush to
savage those who dared to disagree with the pearls of wisdom I was
dribbling into this thread.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 05:00:12 GMT
On Sun, 28 May 2000 05:07:06 -0700, tomstd
<[EMAIL PROTECTED]> wrote, in part:
>No-key encryption doesn't make sense at all. Where did you hear
>about that?
That term has been used for the Shamir three-pass protocol, for
example the Massey-Omura cryptosystem.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 05:01:49 GMT
On Sun, 28 May 2000 09:03:45 +0200, Michael Pellaton
<[EMAIL PROTECTED]> wrote, in part:
>In the literature about cryptography I often read about the three
>different types of encryption - symmentric, asymmetric and no-key
>encryption. I found plenty implementations of the symmetric and the
>asymmetric methode. Is there any implementation of no-key ecnryption
>available?
Since the Massey-Omura cryptosystem appears to be about equivalent to
RSA or Diffie-Hellman in strength, because of the practical difficulty
of sending three messages back and forth, it hasn't been considered
worthwhile to use it instead of public-key encryption.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: encryption without zeros
Date: 30 May 2000 01:03:57 EDT
In article <8gunu7$17v$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>
>Tim Tyler wrote:
>> zapzing <[EMAIL PROTECTED]> wrote:
>
>> : There are only 256^8 possible 8 bit blocks.
>> : Imagine a directed graph of all possible blocks, in
>> : which block A is connected to block B iff block A
>> : encrypts into bock B. Mow this graph must consist
>> : of a finite number of loops. No dendrites allowed.
>> : A loop either contains a block without zeros or it
>> : doesn't. So you can see that any block without
>> : zeros will eventually lead to another block
>> : without zeros, through the process that
>> : "Mixmaster" described.
>>
>> No. I don't see that at all. In fact, it's wrong ;-|
>>
>> : A block encrypting into itself, and/or a block
>> : that takes more than about 10 steps to encrypt,
>> : is highly improbable.
>>
>> I didn't say it was *likely* to fail to terminate. I said that it
>> "may not always terminate".
>>
>> Blocks can encrypt to themselves, or to other blocks that
>> encrypt to the first block, and so on in cycles of 3, 4, 5, etc.
>>
>> It's quite possible for this encryption system to go into an
>> infinite loop.
>
>No. Remember that we know the original plaintext has
>no zeros, and the block encryption function is a
>permutation. There is at least one zero-free block on
>the cycle - the original plaintext.
So it chugs away for a while and finally sends out your message
unencrypted! Sorry, that violates my patent. I did this first,
while experimenting with various ciphers. I am proud to say that to
this day, no crypto expert has ever been able to look at the output
of my plaintext to plaintext encryption method and derive either the
key or the exact algorithm that I used.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?
Date: 30 May 2000 01:08:52 EDT
In article <8gvcj7$ou0$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>
>In article <8gqoic$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Guy Macon)
>writes:
>...
>|>
>|> No. If I use any of the standard authentication protocols,
>|> someone who knows my plaintext but not my key and who can
>|> intercept my ciphertext and replace it with his own cannot
>|> send a message that looks like I sent it. In the case of
>|> checksum followed by OTP encryption, he can. This is the
>|> classic man-in-the middle attack combined with the classic
>|> known/chosen plaintext attack. Good security systems resist
>|> these attacks, singly or in combination. OTP doesn't.
>|>
>
>This still leaves one possible "attack" If the attacker has
>an earlier, signed cleartext, today's cleartext (of the same
>length), and man-in-the middle access, he could replace today's
>message with the earlier message. He could screen out an
>urgent message and send an innoucuous message. You need to include
>a time stamp or sequence number as part of the message
>and check the checksum number and sequence or time stamp at the
>receiving end, too.
>
>I know this is getting rarified, but that's what makes it fun,
>and some pretty wild attacks have been used in real life.
I love it!
Would using PGP followed by OTP be open to this attack? Could
someone suggest a commercial product that would add resistance
to this attack?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
