Cryptography-Digest Digest #892, Volume #11 Tue, 30 May 00 05:13:01 EDT
Contents:
Re: Is OTP unbreakable?/Station-Station (Guy Macon)
Re: Is OTP unbreakable?/Station-Station (Guy Macon)
Re: Is OTP unbreakable?/Station-Station (Guy Macon)
Re: Is OTP unbreakable?/Station-Station (Greg)
Re: Is OTP unbreakable?/Station-Station (Greg)
Re: No-Key Encryption (Greg)
Re: new public key? (Mok-Kong Shen)
Re: Crypto patentability (Mok-Kong Shen)
Re: No-Key Encryption (Mok-Kong Shen)
Re: No-Key Encryption (Greg)
Re: No-Key Encryption (Greg)
Re: No-Key Encryption (Greg)
Re: No-Key Encryption (Greg)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" ("Ian
B")
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May ("Ian B")
Re: new public key? ("G. Orme")
Small compression/encryption problem (Richard John Cavell)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 01:31:37 EDT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>Guy Macon wrote:
>>
>> Rather than assuming that I denigrate OTP, why don't you ask me what
>> my opinion of it is? (My opinion is that is wonderful. I don't
>> have to worry about some crypto expert breaking the scheme through
>> cryptanalysis. That's very valuable. My opinion is also that you
>> shouldn't just run your plaintext through the OTP. You should
>> compress it, encrypt it with a method that provides authentication,
>> then encrypt it again with OTP. (PGP does the compression and the
>> authentication in one step).
>
>This appoach only increases security if one assumes that an attacker can read a
>PGP-enciphered message, but cannot forge a PGP-authenticated message. Is there a
>basis for making such assumptions? It seems to me that this will appy in an
>extremely narrow set of circumstances.
Are you sure? Maybe my thinking is off on this one. It seems to me that:
***********************
IF YOU USE THE METHOD
PGP alone
A SUCESSFUL ATTACKER MUST
Decrypt a PGP message.
IN ORDER TO
Read your message.
***********************
IF YOU USE THE METHOD
PGP alone
A SUCESSFUL ATTACKER MUST
Recover your key.
IN ORDER TO
send messages that look like they came from you.
***********************
IF YOU USE THE METHOD
OTP alone
A SUCESSFUL ATTACKER MUST
Combine man-in-middle with known-plaintext
IN ORDER TO
Send a message that looks like it came from you
***********************
IF YOU USE THE METHOD
PGP, followed by OTP
A SUCESSFUL ATTACKER MUST
Combine man-in-middle with known-plaintext
and be able to recover your key
IN ORDER TO
Send a message that looks like it came from you.
***********************
In the last scenario, the attacker can't recover your key
using cryptanalysis, because the OTP mal]kes it impossible
to read the post PGP encrypted / pre OTP encrypted ciphertext.
So how can the attacker get the information needed to forge
a PGP-enciphered message, or even figure out that PGP is
being used?
Or am I going astray somewhere in my thinking? Be gentle....
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 01:44:05 EDT
In article <8gvf66$dl8$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>In article <[EMAIL PROTECTED]> Tim Tyler, [EMAIL PROTECTED] writes:
>
>>I don't see any coherent arguments against Guy's summary.
>>
>The arguments were not against the particular case he described, simply
>against the rather limited circumstances to which it would apply.
>Coherency is in the ear of the beholder.
If you are really concerned about limited circumstances, how limited
is the circumstance that someone can break PGP? The entire idea of
OTP being more secure against cryptanalysis depends on the *very*
limited circumstance of someone being able to defeat whatever strong
encryption you use. Compared to that, the idea of me social
engineering one of the users of the LAN I administer into sending
a known plaintext is extremely probable, and I already have the
ability to intercept their message and replace it with one of mine.
Every one of use has someone who can do that somewhere in the line.
Limited circumstances? I strongly disagree.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Is OTP unbreakable?/Station-Station
Date: 30 May 2000 01:58:28 EDT
Joaquim Southby wrote:
>Guy, I must apologize to you before anything else. I mixed your posts up
>with the person who originally posted the attack scenario. That was
>where I got the notion that you were denigrating OTP.
Thanks!
>>As for likelihood, I am, among other things, a system administrator
>>for a corporate LAN. If one of my users starts using OTP (say with
>>a CD-ROM of random bits) I can probably fake incoming emails and do
>>a bit of social engineering to achieve chosen plaintext, and I can
>>certainly intercept and replace the users ciphertext with my own.
>>One of my jobs as sysadmin is to provide my users with security
>>that I cannot break. OTP alone doesn't provide that.
>>
>Once again, the attack here depends on obtaining the original plaintext.
>If I'm going to all the trouble of setting up an OTP scheme, I would
>certainly secure the plaintext with the same vigor. The attack also
>depends on sending the message through a medium that allows the type of
>interception proposed. This attack is becoming very narrow in scope.
>That was my point.
(snip)
>This one is a matter of opinion, but that's what 99% of Usenet is about,
>right? I personally would not give the sysadmin access to my plaintext
>and my ISP can barely maintain a connection, let alone bring about the
>type of finesse suggested here. Regardless of the type of encipherment
>used, my basic rule is that critical plaintext does not appear on
>non-trusted machines. That would include any machine connected to any
>network. In such a case, your statement would be false. Others don't
>apply the same restrictions to their communications, so in their case
>your statement would be true.
I was assuming care in protecting of plaintext. You aren't alone in
being very careful with your secrets. The scenario I am talking about
(which really is a reasonable one), is where someone gives you a
text and asks/orders you to encrypt it and send it. Most people
wouldn't associate sending someone elses secret message with a
breakdown of security. That's why resistance to chosen plaintext
attacks is Generally Considered To Be Important. The addition of
man-in-the-middle hardly changes the scope give me $10,000 and I
am pretty sure that I could get yopur ISP to do a bit of message
supstituting for me.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: Tue, 30 May 2000 07:27:48 GMT
> Or am I going astray somewhere in my thinking? Be gentle....
(as I gently push the keys...) The only thing I see you or others
going astray about is that you think somehow you will know what my
plain text is before it gets to the other side of the wire.
Let me make something clear right now. Apart from having the
OTP key from the receiver (in which case, no issue for you at
all), you will never know, because I ain't saying and I will
destroy the key once I use it. I will prefix and suffix my
plain text with random length garbage and compress the shit
out of it so you cannot figure out just how much there is
to the message in the first place.
So the whole idea that a plain text attack can be used is nonsense-
at least, against my messages. That is where you lose me.
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: Tue, 30 May 2000 07:30:43 GMT
> ... To gain authentication, use it with
> a universal hash function.
Ya! That's what I ment to say...
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 07:41:57 GMT
>... Instead of keeping
> the keys (which you don't have anymore) secret, keep the algorithms
> (with embedded keys) secret. The result is a no-key system that is
> as resistant to cryptanalysis as the original keyed system was.
As I understand present day cryptography, the algorithm then becomes
the key, because that is what must be kept protected from your
opponent.
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: new public key?
Date: Tue, 30 May 2000 10:02:29 +0200
"G. Orme" wrote:
> [snip]
> multiplied together makes a number xy often difficult to factor. Has anyone
> tried finding the xth root of y and the yth root of x? These would both give
If you are acquainted with the difficulty of computing roots in numerical
computations, I am afriad you would hesitate a bit. Further what you
described later in the post seems not to be clear, unless you would
kindly provide a concrete numerical example.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Crypto patentability
Date: Tue, 30 May 2000 10:02:38 +0200
Bill Unruh wrote:
> However, in the case of software, I find it hard to find a justification
> for patents. Since software must be readable by computer, and thus also
> ( with more work) by humans, it is very very hard to maintain trade
> secrecy. The publication of the patented process is the primary reason
> for patents. Why should society grant a monopoly when it gets little in
> return it would not get anyway? (Of course some people are of the
Your arguments are not yet clear to me. Software patents are quite akin
to book copyrights, aren't they? They let their authors to obtain some
rewards for their intellectual activities. In both cases illegal copies can be
done and hard to find.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 10:02:55 +0200
Bryan Olson wrote:
> I think it's a little subtler. We can build the scheme
> from an invertible associative operation, call it *, as:
>
> ----- k1 * x ----->
>
> <-- k1 * x * k2 ----
>
> ----- x * k2 ------>
>
> But what we want is somewhat more general: the encryption
> functions must commute. (Which is not the same as saying
> each encryption function must be a commutative operation
> on message and key.)
Pardon, I don't yet see why you additionally require commutativity.
When x*k2 gets to the receiver, he can just do the inversion to
get x, can't he? Or do you mean that it is 'desirable' to have in
addition commutativity? (But then why?) Thanks.
M. K. Shen
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 07:49:54 GMT
> Lots of these exist on the bookshelves on form of dictionaries
> (English/Greek, Russian/Spanish, French/Chinese, etc)
>
> Also, codebooks are quite commonly used in diplomatic communications.
Are you sure? If the dictionary is used to decipher the message,
then the dictionary is the key. Since it is not maintained in
secrecy, it is simply maintaining a key in obscurity.
That is, the key is WHICH dictionary to use.
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 07:47:05 GMT
> Yes. (Private) key is a piece of secret, not assumed to be
> available to the public. A codebook is also secret and
> equivalent to 'key' (one chooses the mapping or even chooses
> a codebook from several). Hence 'no-key encryption' excludes
> all such stuffs. What remains is, as Boris Kazak pointed
> out, language translations.
That makes no sense, because the language becomes the key.
Understand the language, or the tranformation with the language,
and you understand the cipher traffic.
The concept of a no key cipher is puzzling. Can it actually
exist and if so for what applications can it be useful?
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 07:51:08 GMT
> Frequently switching languages may indeed be a good idea
> supplementary to frequently changing keys.
Further illustrating that the key is not the dictionary, but
WHICH dictionary to use in deciphering.
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: No-Key Encryption
Date: Tue, 30 May 2000 07:55:31 GMT
> Since the Massey-Omura cryptosystem appears to be about equivalent to
> RSA or Diffie-Hellman in strength, because of the practical difficulty
> of sending three messages back and forth, it hasn't been considered
> worthwhile to use it instead of public-key encryption.
Is not Massey-Omura a key exchange algorithm? And if I am correct
about that, what has that to do with encryption without a key?
The bulk encryption is still performed with a key. That is,
though the two parties are not aware of what that key may be,
finding that key is one way to crack the message. Thus, it is
part of a keyed cryptosystem.
Again, if you can calculate the parameters in the M-O algorithm, you
can find the key being exchanged. Thus its parameters are considered
keys. Even though the parties at each end are not aware of what
those keys may be, the keys exist non the less.
--
There is only one gun law on the books- the second amendment.
The only vote that you waste is the one you never wanted to make.
RICO- we were told it was a necessary surrender of our civil liberties.
Asset Forfeiture- the latest inevitable result of RICO.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Ian B" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Tue, 30 May 2000 08:49:48 +0100
>
> > The dangerous criminals and terrorists will get round this - so who do
you
> > think they are going to be looking at?
>
> Of course they will - simply use a mobile to connect to a
> foreign ISP and use secure encryption.
>
Why, if you are using secure encryption (whatever that may be), you
could send a copy to the spooks and they still would not be able to read it.
Ian B
--
www.ok2design.co.uk
------------------------------
From: "Ian B" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Tue, 30 May 2000 08:58:06 +0100
Dear David
Begin Encrypted Message:
jlsev;e;ogus;jf;oua[j'au9u
uaih;iwriwh;hawy38984u98u[ov[ua[tgoahajdbkjvbd.jvhdjhnbfgkjsh.kvna.jfn;LKDLA
GHVKDNV.
KDNVKJHVKJHKHNjkh;kjn;khg;lkegn;ksv/lknnv,mxncv,xm.vmd/bkjzsl;gnlknml
End Encrypted Message
You are now breaking the (proposed) law as you have an encrypted file on
your computer to which you "refuse" to provide a decryption key.
Nice Law!!
--
www.ok2design.co.uk
> > "David Boothroyd" <[EMAIL PROTECTED]> wrote in message
> >
> > Wrong. We have every right to get worked up. I wasn't old enough to vote
in
> > the last election (not that I would have) and if it becomes law I could
be
> > facing up to 2 years imprisonment.
>
> The answer is simple: Don't break the law.
>
------------------------------
From: "G. Orme" <[EMAIL PROTECTED]>
Subject: Re: new public key?
Date: Tue, 30 May 2000 08:45:20 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> "G. Orme" wrote:
>
> > [snip]
> > multiplied together makes a number xy often difficult to factor. Has
anyone
> > tried finding the xth root of y and the yth root of x? These would both
give
>
> If you are acquainted with the difficulty of computing roots in numerical
> computations, I am afriad you would hesitate a bit. Further what you
> described later in the post seems not to be clear, unless you would
> kindly provide a concrete numerical example.
>
> M. K. Shen
G. As an example, say your public key was a number 100 digits long, and this
was the first hundred digits of 59 e 1/43, or the 43rd root of 57, an
irrational number. Seeing the public key, parties A and B know 43 and 57, so
they reverse it and find the 57th root of 43, or 43 e 1/57, get the first
100 digits and use that as a key. From the public key someone would have to
work out the numbers 59 and 43 to find the actual key being used. Of course
instead of 43 and 57 one would use much larger numbers. Because the key in
both cases is part of an irrational number there should be no clue as to the
values of 43 and 57, except by trying all combinations.
>
>
------------------------------
From: Richard John Cavell <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Small compression/encryption problem
Date: Tue, 30 May 2000 18:53:19 +1000
Hi all,
The task is this:
A set of data needs to be encoded and transferred in a nonsecure manner to
an operator, who will type the encrypted data into a computer program
manually. The operator (who has no particular skill in programming) must
be unable to easily decipher what the data is. Errors in
typing/transferring the data must be made impossible or very unlikely.
The data (which is actually a multiple choice exam):
A twenty-character alphanumeric string, which may contain punctuation.
Alpha characters are far more likely.
Either twenty or forty values of 1, 2, 3, 4. The value 4 is significantly
less likely to appear than any of the first 3.
My solution:
Encode the string by mapping all the available alphanumeric characters
against random others, then exchanging, rotating the key by one for each
successive character.
Encode each answer as a 2-bit value. Squash them together and break the
resulting code up into base-32 values. Encode the values as alphanumeric
(36 possible characters, so leave 0/O and 1/I out of the possbilities).
Lastly, a simple checksum of all the data encoded as 2
hexadecimal characters.
Does anyone have a better idea?
==============
Richard Cavell
Melbourne University Medical Student
Debater, Chess Player, etc.
- [EMAIL PROTECTED]
Newsgroups - Please copy your replies to me via email. (Server problems).
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
