Cryptography-Digest Digest #901, Volume #11 Wed, 31 May 00 10:13:01 EDT
Contents:
Re: DVD encryption secure? -- any FAQ on it (Gisle S�lensminde)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
("Michael Watson")
Re: Number Theory Book -- one last thing for now (tomstd)
Re: Does it even matter? (Runu Knips)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Peter G. Strangman)
Re: email list for the contest (Mark Wooding)
Re: email list for the contest (Mark Wooding)
Re: Small compression/encryption problem (Mok-Kong Shen)
Re: email list for the contest (Mok-Kong Shen)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (Adrian Kennard)
Re: encryption without zeros (Mark Wooding)
Re: safer style sboxes (Mark Wooding)
Re: DVD encryption secure? -- any FAQ on it (Guy Macon)
Re: DVD encryption secure? -- any FAQ on it (Roger Schlafly)
Re: DVD encryption secure? -- any FAQ on it (Casper H.S. Dik - Network Security
Engineer)
Re: Best crypto if encrypted AND plain text are known (and small) ? (Mark Wooding)
Re: No-Key Encryption (John Savard)
Re: Does it even matter? (Mark Wooding)
Re: DVD encryption secure? -- any FAQ on it (Runu Knips)
Re: Use of wasted symmetric key bandwidth in key agreement protocols (John Savard)
Re: No-Key Encryption (John Savard)
Implementation of crypt(3) (David R Conorozzo)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (U
Sewell-Detritus)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Gisle S�lensminde)
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: 31 May 2000 10:54:42 +0200
In article <a6_Y4.2597$[EMAIL PROTECTED]>, Dulando wrote:
>
>
>Well, basicly, every DVD player has a unique key to use for descrambling
>which ubiquely needs to be encrypted within the program to prevent reverse
>engineering of the application to determine the key. While a different key
>for each player seems like a nice precaution as to not invalidate the entire
>cipher if one key is discovered. However, apparantly (and this is just what
>I've read) the system (CSS itself) is not the best encryption, and the
>people who made DeCSS (Masters of Reverse Engineering, or MoRE) were able to
>identify around fourty or fifty acceptable keys all from one original one,
>which they gathered from the Xing DVD player for Windows, which was found to
>not encrypt thier CSS key. (Blame RealPlayer, they made Xing).
>You could probably find a more in depth description from doing a Websearch
>or asking someone with more information on the subject.
Besides the problems with global secrets DVD is based on, the CSS algorithm
is extraordinary weak. Frank A. Stevenson made an attack that only required
2^16 steps and a few bytes of known plaintext, but the MoRE team did not use
this attack. The key length is also short, only 40 bits, which makes brute
force attacks easy.
With all these weaknesses, it was only a matter of (short) time before the
system was broken.
http://people.a2000.nl/mwielaar/dvd-css/csspaper/css.html
--
Gisle S�lensminde ( [EMAIL PROTECTED] )
ln -s /dev/null ~/.netscape/cookies
------------------------------
From: "Michael Watson" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Wed, 31 May 2000 09:59:19 +0100
I /think/ so. Catterick seems to be the area in the North-east where there is an
Army-base. I wouldn't be surprised to find out
that the MI5 was there - there are too many "government-like" actions in that area.
Plus everybody keeps mentioning North Yorkshire
which, in theory, is where Catterick is!
BASMIC
====
"George Edwards" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <CdRY4.419$[EMAIL PROTECTED]>, Michael
> Watson <[EMAIL PROTECTED]> writes
> > MI5 is almost down the road from me, in Catterick Garrison I believe!!!
> > BASMIC
>
> REALLY?
>
> CATTERICK?
>
> --
> George Edwards
------------------------------
Subject: Re: Number Theory Book -- one last thing for now
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 31 May 2000 02:14:16 -0700
In article <[EMAIL PROTECTED]>, tomstd
<[EMAIL PROTECTED]> wrote:
>at
>
>http://tomstdenis.com/crypto/Elements%20of%20Linear%20and
>Abstract%20Algebra.ps
Er the address is
http://tomstdenis.com/crypto/Elements%20of%20Linear%20and%
20Abstract%20Algebra.ps
(one line, there is supposed to be %20 between words).
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Wed, 31 May 2000 11:17:17 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Does it even matter?
tomstd wrote:
> As some of you may already know, I was offered a job with RSA
> this summer (in San Mateo) working on some software. Sounds
> great seems like people appreciate my work, obviously since I am
> not even done high school. Of course they hype me up about the
> job, get me all excited.
>
> And what happends (thru no fault of RSA) big old mr government
> steps in and acts like a dolt. I can't get the job because I
> don't have a "post-secondary education diploma with three years
> work experience". Super, if I had a job, why would I move 3000
> miles to work in the states?
Well, sad :-(. Comfort you !
> Anyways, I am beginning to think my research is pointless since
> well I would rather focus on my school now and prepare for the
> exciting job as a mop-jocky.
Hmm. There are also other interesting things than cryto,
I think :)
> It has been nice chatting with you guys, maybe I will come back
> some time.
I would be surprised if you wouldn't :)
------------------------------
From: Peter G. Strangman <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Wed, 31 May 2000 10:20:47 +0100
Reply-To: [EMAIL PROTECTED]
On Wed, 31 May 2000 00:10:40 +0100, "Scotty"
<[EMAIL PROTECTED]> wrote:
> On contrary if you read the minutes of the HoC Standing Commitee they can.
> In regard to loosing your keys the Home Office minister Mr. Clarke said:
>
> "There are two clear different circumstances, the first of which involves
> the case of a business. The business, which is responsible and secure,
> always has back-up mechanisms, always anticipates the loss of a key and
> always has an audit trail that establishes when keys were used for what
> purposes and when they were thrown away. We have got that message strongly
> from talking to business, and it is entirely reasonable to have such
> expectations. The hon. Member for Esher and Walton mentioned the possibility
> that some might choose the approach that is associated with key escrow. That
> is a different way to secure a rigorous system that pursues and tracks keys.
Someone is being *very* badly advised and being so by people
who have no idea what really happens.
Take the case of the popular PGP. Anyone who raids my computer
could find my private key. Not much use to them without the
passphrase though is it? And THAT is what I would 'forget'.
> Finally what are *your* contingency arrangements' for forgetting your
> passwords? Do you make an arrangement every time you require a new password
> to be constructed? Of course not, most people don't work that way. I suggest
Actually I use a little program, which I wrote, which will
generate a random password whenever I need a new one. It will
generate a password of specified length with options to include
the types of characters of your choice. i.e. you can tell it to
include (or not include) upper case alpha, lower case alpha,
numerals or special characters. Alternatively you can create
a template for the password.
--
Peter G. Strangman | Leser, wie gefall ich dir?
[EMAIL PROTECTED] | Leser, wie gefaellst du mir?
http://www.adelheid.demon.co.uk | (Friedrich von Logau)
XLIV-VII-DCCCII-CCXII-DCCCXXXI |
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: email list for the contest
Date: 31 May 2000 09:46:11 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> Here are the revelant email addys you need to know.
>
> Addresses:
> Post message: [EMAIL PROTECTED]
> Subscribe: [EMAIL PROTECTED]
> Unsubscribe: [EMAIL PROTECTED]
> List owner: [EMAIL PROTECTED]
> URL to this page: http://www.egroups.com/group/ciphercontest
>
> This way we can specialize the discussion for the contest.
Who thought this was a good idea? Where was the discussion? Where's
the charter?
This seems like a bizarre idea to move topical and interesting traffic
away from sci.crypt where it belongs.
Anyway, I for one can't be bothered to join any more mailing lists, so
count me out.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: email list for the contest
Date: 31 May 2000 09:48:17 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> It would be fine, if some benevolent rich person (Gates?)
Hang on: Gates, benevolent? In the same sentence? Without a negative?
I think I'd better go somewhere and lie down for a bit. I've had a
major shock.
-- [mdw]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Small compression/encryption problem
Date: Wed, 31 May 2000 12:27:54 +0200
Richard John Cavell wrote:
> Encode the string by mapping all the available alphanumeric characters
> against random others, then exchanging, rotating the key by one for each
> successive character.
>
> Encode each answer as a 2-bit value. Squash them together and break the
> resulting code up into base-32 values. Encode the values as alphanumeric
> (36 possible characters, so leave 0/O and 1/I out of the possbilities).
>
> Lastly, a simple checksum of all the data encoded as 2
> hexadecimal characters.
There have been suggested sophisticated techniniques to
solve your problem. I guess however from what you wrote
that the threat in your environment is not extremely
high and hence what you said seems to be basically o.k.
You said that the data can be collected into groups of
32 bits by packing the 2 bit input values. You can do
some primitive operations on that word, like rotation
by a certain amount, xor a word or add a word mod 2^32.
You can, if you like, also do some classical stuffs,
e.g. permuting groups of 4 bits or do a polyalphabetical
substitution on these. Finally, you can e.g. output in
hexs for handling by your operators, who are certainly
not very competent cryptanalysts according to you.
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: email list for the contest
Date: Wed, 31 May 2000 12:47:19 +0200
Mark Wooding wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > It would be fine, if some benevolent rich person (Gates?)
>
> Hang on: Gates, benevolent? In the same sentence? Without a negative?
>
> I think I'd better go somewhere and lie down for a bit. I've had a
> major shock.
Here again the ambiguity of natural language plays a role. The '?'
mark can namely be interepreted differently. Anyway, if a certain
person is willing to donate a large sum of money for a purpose
that is likely to be very beneficial to the public, then, lacking other
persons who are willing to do the same and who have impacable
characters, I don't think it to be unconditionally a bad idea to use
the word 'benevolent', if that helps to elicit the sum. Sorry that I
was not in your city. Otherwise, I would have called the emergency
doctor or at least sent you some psychopharmaca.
Cheers,
M. K. Shen
------------------------------
From: Adrian Kennard <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Wed, 31 May 2000 12:01:25 +0100
George Edwards wrote:
>...
> How on earth can anyone prove that you HAVEN'T forgotten your key,
> unless you suvsequently use it? I see huge legal bills on this, all fees
> for the solicitors.
Even then - it is perfectly possible to forget something, quite
genuinely, and remember it later. Even more so under stress (like
being in court).
--
_ Andrews & Arnold Ltd, 01344 400 000 http://aa.nu/
(_) _| _ . _ _ Professional Voice and Data Systems for Business.
( )(_|( |(_|| ) Gold Certified Alchemists, BT ISDN/ADSL Resellers
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: encryption without zeros
Date: 31 May 2000 11:45:04 GMT
[Scott Fluhrer] wrote:
> If you send an 8 block message, and the attacker can determine that it took
> long enough to actually encrypt 10 blocks, then he has a good guess that two
> of the blocks has a zero in them when they were encrypted, and had to be
> re-encrypted (or, possibly, one of the blocks had to be encrypted three
> times).
So you get incomplete information about the result of encrypting the
plaintext with a secure block cipher and an unknown key. I'm not sure
that's terribly helpful from a cryptanalytic perspective. Compare it,
from a cryptanalyst's point of view, with being given the raw ciphertext
and being able to iterate the block cipher (with the unknown key) on the
given ciphertext until you remove all the zeroes. This clearly provides
the cryptanalyst with more information, but it's also just as clearly a
chosen-plaintext attack against a block cipher, and therefore the sort
of thing it should be able to resist.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: safer style sboxes
Date: 31 May 2000 11:47:34 GMT
[zapzing] wrote:
> I think you have hit the nail on the head. Another word for it would
> be "Brinksmanship". Just why cryptologists do this is unclear.
Because fast, simple, secure ciphers are more interesting and useful
than complicated, slow and secure ones.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: 31 May 2000 08:04:44 EDT
Gisle S�lensminde wrote:
>
>With all these weaknesses, it was only a matter of (short) time before the
>system was broken.
>
>http://people.a2000.nl/mwielaar/dvd-css/csspaper/css.html
>
It's been sad to watch. I worked as an engineer making DVD mastering
and replication equipement, and had the whole thing laid out for me,
algorithms, internals of the chips, keys, the whole shhoting match.
I am far from a crypto expert, but I could see a bunch of holes in it,
some of which haven't been discovered and publicised yet.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: Wed, 31 May 2000 05:19:44 -0700
"Gisle S�lensminde" wrote:
> Besides the problems with global secrets DVD is based on, the CSS algorithm
> is extraordinary weak. Frank A. Stevenson made an attack that only required
> 2^16 steps and a few bytes of known plaintext, but the MoRE team did not use
> this attack. The key length is also short, only 40 bits, which makes brute
> force attacks easy.
>
> With all these weaknesses, it was only a matter of (short) time before the
> system was broken.
>
> http://people.a2000.nl/mwielaar/dvd-css/csspaper/css.html
I don't think they really cared how strong it was. They
just wanted strong enough that it would be considered a
copy protection mechanism, and thus trigger the legal
protections of the Digital Millennium Copyright Act.
It is not illegal to circumvent weak encryption in the US
under this law.
------------------------------
From: [EMAIL PROTECTED] (Casper H.S. Dik - Network Security Engineer)
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: 31 May 2000 12:48:41 GMT
[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
Roger Schlafly <[EMAIL PROTECTED]> writes:
>I don't think they really cared how strong it was. They
>just wanted strong enough that it would be considered a
>copy protection mechanism, and thus trigger the legal
>protections of the Digital Millennium Copyright Act.
>It is not illegal to circumvent weak encryption in the US
>under this law.
Except, of course, that it's not a copy protection mechanism at all,
despite what they say.
You can do bit-by-bit copying of DVD disks and they'll play in
any player; no need to decrypt.
What the encryption does achieve is disallowing non-licensed players,
and that seems to be bordering on the illegal.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Best crypto if encrypted AND plain text are known (and small) ?
Date: 31 May 2000 13:12:28 GMT
TheGame <[EMAIL PROTECTED]> wrote:
> Sorry for this basic question, but I'm wondering what the best
> algorithm would be to encrypt and decrypt a user name (e.g.
> 'fred'). The goal would be to give 'fred' his encrypted username as a
> cookie, and to be able to get back the original username 'fred' when
> decrypting the cookie.
Any modern cipher should be able to resist known- and chosen-plaintext
attacks. Just choose one.
This technique is not new, I believe. I remember hearing that (some
version of) IBM's RACF system stored the password for user U as DES_P(U),
where P was the real password.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: No-Key Encryption
Date: Wed, 31 May 2000 13:33:58 GMT
On Tue, 30 May 2000 07:55:31 GMT, Greg <[EMAIL PROTECTED]> wrote,
in part:
>
>> Since the Massey-Omura cryptosystem appears to be about equivalent to
>> RSA or Diffie-Hellman in strength, because of the practical difficulty
>> of sending three messages back and forth, it hasn't been considered
>> worthwhile to use it instead of public-key encryption.
>
>Is not Massey-Omura a key exchange algorithm? And if I am correct
>about that, what has that to do with encryption without a key?
>The bulk encryption is still performed with a key. That is,
>though the two parties are not aware of what that key may be,
>finding that key is one way to crack the message. Thus, it is
>part of a keyed cryptosystem.
>
>Again, if you can calculate the parameters in the M-O algorithm, you
>can find the key being exchanged. Thus its parameters are considered
>keys. Even though the parties at each end are not aware of what
>those keys may be, the keys exist non the less.
Although each partner, at each end, does use his own "key", these keys
don't need to be communicated to the other partner in any form. Thus,
they might not be viewed as keys in some sense. I do know I've seen
the term 'no-key encryption' applied to the Shamir three-pass
protocol, of which Massey-Omura is the best known secure instance, in
the literature, and the original poster later made another posting
indicating that this was the sort of thing he was talking about.
I, therefore, disclaim responsibility for whether or not the term
"no-key encryption" is _accurate_ as a description of that form of
encryption.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Does it even matter?
Date: 31 May 2000 13:41:37 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
> Hmm. There are also other interesting things than cryto, I think :)
If you find some, can you let me know? ;-)
> tomstd wrote:
>
> > It has been nice chatting with you guys, maybe I will come back
> > some time.
>
> I would be surprised if you wouldn't :)
The group will be the poorer without Tom's contributions.
-- [mdw]
------------------------------
Date: Wed, 31 May 2000 15:39:08 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Roger Schlafly wrote:
(^ Cool, the author of the famous broken pkzip encryption...)
> I don't think they really cared how strong it was. They
> just wanted strong enough that it would be considered a
> copy protection mechanism, and thus trigger the legal
> protections of the Digital Millennium Copyright Act.
> It is not illegal to circumvent weak encryption in the US
> under this law.
Well I think they just wanted to stop "normal" people.
And they didn't cared about systems like Linux where
you can't get commercial players for dvds. I think
thats the reason why they fought against DeCSS that
much.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Use of wasted symmetric key bandwidth in key agreement protocols
Date: Wed, 31 May 2000 13:37:06 GMT
On 29 May 2000 08:29:16 GMT, [EMAIL PROTECTED] (Mark Currie) wrote,
in part:
>I would be interested in any other idea's for the use of these often wasted
>bytes to increase data security without (ideally) impacting on the data
>encryption performance.
In the case of RSA, one could use the rest of the block to encrypt
part of the message, in addition to the key.
With Diffie-Hellman, of course one could use the excess bytes in the
key to form a larger key. However, the security of Diffie-Hellman for
a given key size is less than that achievable by a symmetric cipher
with the same key size; hence, using such a long key might be
considered 'wasteful'.
However, there are many stream cipher algorithms that could use a
large key without being slow to execute (while not necessarily
achieving all the potential security that size of key could offer).
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: No-Key Encryption
Date: Wed, 31 May 2000 13:39:50 GMT
On Mon, 29 May 2000 23:03:12 GMT, Bryan Olson <[EMAIL PROTECTED]>
wrote, in part:
>Suppose we limit ourselves to the associative operation
>case. Does there exist an associative operation "*" such
>that the protocol illustrated above is secure? I don't
>know.
Well, it isn't secure for XOR or multiplication. It is known
(believed) to be secure for an operation that *isn't* associative:
modular exponentiation. In that case, it is called the Massey-Omura
cryptosystem.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: David R Conorozzo <[EMAIL PROTECTED]>
Subject: Implementation of crypt(3)
Date: Wed, 31 May 2000 09:58:52 -0400
I need to find a C implementation of the Unix/Linux crypt function that is
used to store passwords. Does anyone know where such an implementation
lies?
Thanks,
David Conorozzo
------------------------------
From: [EMAIL PROTECTED] (U Sewell-Detritus)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: 31 May 2000 14:05:22 GMT
In <Ty4Z4.175$[EMAIL PROTECTED]>,
Michael Watson <[EMAIL PROTECTED]> wrote:
>I /think/ so. Catterick seems to be the area in the North-east where there is an
>Army-base. I wouldn't be surprised to find out
>that the MI5 was there - there are too many "government-like" actions in that area.
>Plus everybody keeps mentioning North Yorkshire
>which, in theory, is where Catterick is!
Isn't the location of MI5's "home pad" somewhat academic?
According to the investigative hack, Duncan Campbell,
the UKUSA agreement makes provision for foreign
military personnel to eavesdrop on British subjects
because, whilst on base in Britain, they are not subject to
British laws on comms interception?
i.e. the USAF bugs british subjects and HMG reciprocates
for the US government.
If you have a US base near you, chances are it has a
chunky telecoms trunk running right through the middle of it ;o
http://www.gn.apc.org/duncan/
[btw, word wrap ain't such a bad thing..]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
