Cryptography-Digest Digest #905, Volume #11 Wed, 31 May 00 19:13:01 EDT
Contents:
Re: CAST Sboxes -- need help (Terry Ritter)
Q: Session key generation (Mok-Kong Shen)
Re: DVD encryption secure? -- any FAQ on it (Bryan Olson)
Re: Is OTP unbreakable?/Station-Station ("Douglas A. Gwyn")
Re: Encrypting random data ("Joseph Ashwood")
Re: email list for the contest ("Douglas A. Gwyn")
PGP 5.0 auto-seeding insecure ("Douglas A. Gwyn")
Re: Is OTP unbreakable? ("Douglas A. Gwyn")
SAC Workshop: Second Announcement (Stafford Tavares)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (David Boothroyd)
Re: Small compression/encryption problem (Richard John Cavell)
Re: DVD encryption secure? -- any FAQ on it (Casper H.S. Dik - Network Security
Engineer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: CAST Sboxes -- need help
Date: Wed, 31 May 2000 21:12:20 GMT
On Tue, 30 May 2000 11:42:27 -0700, in
<[EMAIL PROTECTED]>, in sci.crypt tomstd
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, Mike Rosing
><[EMAIL PROTECTED]> wrote:
>>tomstd wrote:
>>>
>>> I have read several of the CAST papers over and over and over
>>> and over, and I can't seem to grasp how they actually made the
>>> 32x32 sboxes (using four 8x32) or how their 'permute' function
>>> works to make bijective sboxes.
>>
>>I thought they picked values at random and then checked to see
>if
>>the result passed all their tests. Been a long time since I've
>>read those papers tho. The "Good S-boxes are easy to find"
>paper
>>should explain it some.
>
>Problem is they don't explain how todo the walsh transform on
>huge arrays in a realistic amount of time, etc...
My explicit description of the fast Walsh-Hadamard transform (FWT) has
been cited many times:
http://www.io.com/~ritter/JAVASCRP/NONLMEAS.HTM
. The textual description includes a "by hand" computation of a tiny
block complete with intermediate values. The text also includes full
source code for a tested and working FWT procedure in Pascal.
The same document is also an active JavaScript page, and includes
source code in JavaScript (visible with View, Page Source) to perform
an arbitrary FWT in a window upon command. The active code supports
the easy generation of FWT test cases and experimentation which goes
far beyond any static textual description. The page also produces
explicit Boolean function nonlinearity results for s-boxes.
I have had several reports from those who have used this information
to produce their own nonlinearity measurement programs.
>I sorta get the math (basics) but not enough to turn it into
>equivelent faster programs...
If you have explicit questions ask them here.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Session key generation
Date: Wed, 31 May 2000 23:26:01 +0200
Suppose one uses a block cipher with a certain key size and needs
a lot of session keys each day, then it seems desirable to have
some systematic method of obtaining these. I think that different
people are using different methods or maybe even have different
'philosophies' about what is preferable/best. I should appreciate
being able to know them. Many thanks in advance.
M. K. Shen
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: Wed, 31 May 2000 21:11:06 GMT
Casper H.S. Dik :
> Except, of course, that it's not a copy protection mechanism at all,
> despite what they say.
Though now broken, the DVD system was a copy protection
mechanism, of which the disk encryption was one part. The
concept was that decoders able to decrypt the disk would
refuse to do so unless the data was read from the original
media.
> You can do bit-by-bit copying of DVD disks and they'll play in
> any player; no need to decrypt.
Consumer equipment will not make exact copies of DVD disks.
Equipment that can write to the special reserved areas is
available only under restrictive licensing terms.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?/Station-Station
Date: Wed, 31 May 2000 21:41:07 GMT
Greg wrote:
> So the whole idea that a plain text attack can be used is nonsense-
> at least, against my messages. That is where you lose me.
Nobody cares about your personal messages, but even so, there is a
some degree of predictability to them, which means that we can
*guess a portion* correctly in some cases. For example, you're
quoting postings to which you respond using a standard format,
and we therefore have a good chance of guessing the first hundred
or so characters of your plaintext. For some non-OTP systems,
that would allow recovery of the key used for the whole message,
allowing us to read the whole thing or to change the plaintext
and reencipher it and send it to the destination, which is known
as "spoofing".
Known plaintext attacks are in fact an important tool in general
cryptanalysis. The most important targets tend to send mo much
traffic that much of it follows some simple pattern, such as:
LOCAL 010010 020020020
LACCOUNT 123-45-6789
AMOUNT USD +12345678.90
REMOTE 101101 202202202
RACCOUNT 098-76-5432
AUTHCODE 123456789
If this transaction is one that you initiated, you should know
*all* the information, otherwise you can guess *some* of it.
If the cryptosystem is not secure against a known-plaintext
attack, you could (for example) alter the authorized amount
being transferred, which might or might not help make you rich
at some bank's expense.
A simple OTP encryption would in fact allow *easy* modification
of the underlying plaintext before the ciphertext is relayed to
its intended destination. There are many cryptosystems that are
much more immune to known-plaintext attack.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Encrypting random data
Date: Wed, 31 May 2000 14:41:14 -0700
I think I can clarify the line a bit better. Based on the assumption of
using RC4 (an XOR based stream cipher), and an XOR based OTP.
unknown ran, a stream of unknown random bits
unknown RC4, the output of the RC4 random number generator
unknown Dat, a stream of data that is intended to be communicated protected
by the pad ran
Given RC4ran, the stream ran, xored with the output of the RC4 prng
Given ranDat, the stream ran, XORd with a stream of unknown data (OTP style
encryption)
one can compute the XOR of the RC4 and Dat, by taking the XOR of RC4ran and
ranDat.
The resultant strength is no greater than that of RC4 (it can be weakened by
using a weak ran stream).
Joe
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: email list for the contest
Date: Wed, 31 May 2000 21:49:50 GMT
Mok-Kong Shen wrote:
> It would be fine, if some benevolent rich person (Gates?) could
> donate a similar prize to solve the problem of crackability of a
> certain cipher that is destined for universal use in the new
> millennium.
Of course, it would be much *more* lucrative to keep one's
successful cracking method secret.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: PGP 5.0 auto-seeding insecure
Date: Wed, 31 May 2000 21:55:18 GMT
Funny how nobody has mentioned the recent CERT advisory about all
versions of PGP 5.0, which apparently miuses the /dev/random facility
found on some systems and as a result picks guessable keys.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Is OTP unbreakable?
Date: Wed, 31 May 2000 21:58:22 GMT
Joseph Ashwood wrote:
> This authenticator is not subject to known-plaintext attacks, ...
That was just cipher-feedback mode. You're assuming that single-
block DES encryption is immune to known-plaintext key recovery.
------------------------------
From: Stafford Tavares <[EMAIL PROTECTED]>
Subject: SAC Workshop: Second Announcement
Date: Wed, 31 May 2000 18:27:50 -0400
****************************** SAC 2000 *******************************
Seventh Annual Workshop on Selected Areas in Cryptography
SAC 2000
Centre for Applied Cryptographic Research (CACR)
University of Waterloo, Waterloo, Ontario, Canada
Second Announcement.
August 14-15, 2000
University of Waterloo
Waterloo, Ontario, Canada.
Co-Chairs:
* Doug Stinson, University of Waterloo
* Stafford Tavares, Queen's University
Workshop Themes:
* Design and analysis of symmetric key cryptosystems.
* Primitives for private key cryptography, including
block and stream ciphers, hash functions and MACs.
* Efficient implementations of cryptographic systems
in public and private key cryptography.
* Cryptographic solutions for web/internet security.
Invited Speakers:
* M. Bellare, UCSD (U.S.A)
Title: "The Provable-Security Approach to
Authenticated Session-key Exchange"
* D. Boneh, Stanford U. (U.S.A.)
Title: TBA
Program Committee:
* D. Stinson, U. of Waterloo (Canada)
* S. Tavares, Queen's U. (Canada)
* L. Chen, Motorola (U.S.A.)
* H. Heys, Memorial U. of Newfoundland (Canada)
* L. Knudsen, U. of Bergen (Norway)
* S. Moriai, NTT Labs. (Japan)
* L. O'Connor, European Security COE (Switzerland)
* S. Vaudenay, EPFL (Switzerland)
* A. Youssef, U. of Waterloo (Canada)
* R. Zuccherato, Entrust Technologies (Canada)
Sponsors:
* Certicom Corporation
* Entrust Technologies
* MITACS
* University of Waterloo
Important Dates:
* Submission Deadline: May 1
* Notification of Acceptance: June 19
* Early Registration Deadline: July 9
* Workshop Dates: August 14-15
* Deadline for Proceedings: September 18
Proceedings: The Proceedings will be published by
Springer-Verlag in the Lecture Notes in Computer
Science (LNCS) Series. In order to to be included in
the Proceedings, papers must be presented at the
Workshop. As in previous years, a Workshop Record will
be available to participants during the Workshop. Final
versions of papers will be due by September 18.
For further information contact:
* Doug Stinson, University of Waterloo,
[EMAIL PROTECTED]
* Stafford Tavares, Queen's University,
[EMAIL PROTECTED]
Arrangements:
REGISTRATION
There will be an early registration fee of $250 Cdn
($125 Cdn for students) which is due by July 9.
Registration after July 9 will be $300 Cdn ($150 Cdn for students).
We cannot process a registration until all fees are paid in full.
To register, complete, in full, the attached REGISTRATION FORM
and return it along with your payment to:
Mrs. Frances Hannigan, C&O Dept., University of Waterloo, Waterloo,
Ontario, Canada N2L 3G1. (If you wish, you can fax the
registration form to the following number:
(519)-725-5441.)
Confirmation of your registration will be
sent by email when payment is received in full.
------------------------cut form here--------------------------
SAC 2000 WORKSHOP REGISTRATION FORM
Full name:
_________________________________________________________
Affiliation:
_________________________________________________________
Address:
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
_________________________________________________________
E-Mail Address:
_________________________________________________________
Telephone #:
_________________________________________________________
Registration Fee: Please check the appropriate box:
[ ] Early Registration (by July 9).......$250.00
.................$________
[ ] Full Registration (after July 9).....$300.00
.................$________
[ ] Full-time Student (by July 9)........$125.00
................$________
[ ] Full-time Student (after July 9).....$150.00
...............$________
Extra Dinner tickets @ $50.00 per ticket: ( )x$50..........$________
TOTAL AMOUNT PAYABLE: .......................................$________
**Make Cheque/Money Order Payable in Cdn funds only to: SAC 2000
Additional Information:
-------------------------cut form here----------------------------
TRAVEL
Kitchener-Waterloo is approximately 100km/60miles from Pearson
International Airport in Toronto. Ground transportation to Kitchener-
Waterloo can be pre-arranged with Airways Transit.
TRANSPORTATION TO AND FROM TORONTO AIRPORT
PROVIDED BY AIRWAYS TRANSIT
It is advisable to book your transportation between the Pearson
Airport,
Toronto, and Waterloo in advance to receive the advance booking rate
of
$52 Cdn per person, one way, with Airways Transit (open 24 hours a
day).
This is a door-to-door service; they accept cash (Cdn or US funds),
MasterCard, Visa and American Express.
Upon arrival:
Terminal 1: proceed to Ground Transportation Booth, Arrivals Level,
Area 2.
Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E.
Terminal 3: proceed to Ground Transportation Booth, Arrivals Level,
under domestic area escalators.
Complete the form below and send by mail or fax well in advance of
your
arrival to Airways Transit. They will not fax confirmations: your
fax
transmission record is confirmation of your reservation.
-------------------------cut form here----------------------------
AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC '99
ARRIVAL INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Arrival Date Airline Flight #
____________________________________________________________
Arrival Time Arriving From
____________________________________________________________
Destination in Kitchener/Waterloo No. in party
DEPARTURE INFORMATION:
____________________________________________________________
Surname First name
____________________________________________________________
Toronto Departure Date Airline Flight #
____________________________________________________________
Departure Time Flight # Destination
____________________________________________________________
Pickup From No. in party
____________________________________________________________
Signature Date
Send or Fax to:
Airways Transit
99A Northland Road
Waterloo, Ontario
Canada, N2V 1Y8
Fax: (519) 886-2141
Telephone: (519) 886-2121
-----------------------------cut form here----------------------
ACCOMMODATIONS
There is a limited block of rooms set aside on a first-come
first-serve
basis at the Waterloo Inn for the evenings of
August 13,14 and 15. Please make your reservations prior
to July 9, 2000, directly with the hotel.
Waterloo Inn
475 King Street North
Waterloo, Ontario
Canada N2J 2Z5
Phone: (519) 884-0222
Fax: (519) 884-0321
Toll Free: 1-800-361-4708
Website: www.waterlooinn.com
- $94 Cdn plus taxes/night for a single or double room
- please quote "SAC 2000 WORKSHOP" when making your
reservation.
Other hotels close to the University of Waterloo are:
Comfort Inn
190 Weber Street North
Waterloo, Ontario
Canada N2J 3H4
Phone: (519) 747-9400
Rate: $95-105 Cdn plus taxes/night
Destination Inn
547 King Street North
Waterloo, Ontario
Canada N2L 5Z7
Phone: (519) 884-0100
Fax: (519) 746-8638
Rate: $77 Cdn plus taxes/night
Best Western
St. Jacobs Country Inn
50 Benjamin Road, East
Waterloo, Ontario
Canada N2V 2J9
Phone: (519) 884-9295
Rate: $109-$119 Cdn plus taxes/night
The Waterloo Hotel
2-4 King Street North
Waterloo, Ontario
Canada N2J 1N8
Phone: (519) 885-2626
Rate: $112-$130 Cdn plus taxes/night
HOTEL TO CONFERENCE TRANSPORTATION
A shuttle to/from the campus will be available each day of the
conference from the Waterloo Inn only.
For further information or to return your Registration, please
contact:
Mrs. Frances Hannigan
Department of Combinatorics & Optimization
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1
e-mail: [EMAIL PROTECTED]
Fax: (519) 725-5441
Phone: (519) 888-4027
------------------------------
From: [EMAIL PROTECTED] (David Boothroyd)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Wed, 31 May 2000 23:45:31 +0000
In article <[EMAIL PROTECTED]>, Andru Luvisi
<[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (David Boothroyd) writes:
> [snip]
> > > Yet there is still a vast weight of legal opinion (more highly respected
> > > than the government's own law officers),
> >
> > Is this possible?
> >
> > Are these mysterious givers of legal opinion in some way connected with
> > organisations who have always been against the Bill?
> [snip]
>
> Even if they are, that does not imply that their legal opinion was
> influenced by their opposition to the bill.
And likewise the opinions of Government law officers were not influenced
by their support for the Bill, QED.
------------------------------
From: Richard John Cavell <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Small compression/encryption problem
Date: Thu, 1 Jun 2000 08:50:37 +1000
Thanks to all who replied.
3 of the answers involve greatly increasing the amount of data (from 2
bits per item to 8 bits per item, and decreasing the alphabet size by
50%). I'll probably go with a simpler encryption solution, without any
compression other than the obvious bitpacking.
==============
Richard Cavell
Melbourne University Medical Student
Debater, Chess Player, etc.
- [EMAIL PROTECTED]
Newsgroups - Please copy your replies to me via email. (Server problems).
On Tue, 30 May 2000, Richard John Cavell wrote:
> Hi all,
>
> The task is this:
>
> A set of data needs to be encoded and transferred in a nonsecure manner to
> an operator, who will type the encrypted data into a computer program
> manually. The operator (who has no particular skill in programming) must
> be unable to easily decipher what the data is. Errors in
> typing/transferring the data must be made impossible or very unlikely.
>
> The data (which is actually a multiple choice exam):
>
> A twenty-character alphanumeric string, which may contain punctuation.
> Alpha characters are far more likely.
>
> Either twenty or forty values of 1, 2, 3, 4. The value 4 is significantly
> less likely to appear than any of the first 3.
>
> My solution:
>
> Encode the string by mapping all the available alphanumeric characters
> against random others, then exchanging, rotating the key by one for each
> successive character.
>
> Encode each answer as a 2-bit value. Squash them together and break the
> resulting code up into base-32 values. Encode the values as alphanumeric
> (36 possible characters, so leave 0/O and 1/I out of the possbilities).
>
> Lastly, a simple checksum of all the data encoded as 2
> hexadecimal characters.
>
> Does anyone have a better idea?
>
> --------------
> Richard Cavell
> Melbourne University Medical Student
> Debater, Chess Player, etc.
> - [EMAIL PROTECTED]
>
> Newsgroups - Please copy your replies to me via email. (Server problems).
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (Casper H.S. Dik - Network Security Engineer)
Subject: Re: DVD encryption secure? -- any FAQ on it
Date: 31 May 2000 22:37:53 GMT
[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
Bryan Olson <[EMAIL PROTECTED]> writes:
>Though now broken, the DVD system was a copy protection
>mechanism, of which the disk encryption was one part. The
>concept was that decoders able to decrypt the disk would
>refuse to do so unless the data was read from the original
>media.
Or from media exactly like; it's a fallacy: the disks are just a bunch
of bits; you can read them you can copy them
>> You can do bit-by-bit copying of DVD disks and they'll play in
>> any player; no need to decrypt.
>Consumer equipment will not make exact copies of DVD disks.
>Equipment that can write to the special reserved areas is
>available only under restrictive licensing terms.
Yeah, And the consumers are the main pirates? It's the people
with serious $$ who'll make millions of copies and sell them.
The consumer technology needs to read the entire disk, even though some
data will stay inside the controller; how hard do you think it is to
replace the drive firmware and just read the bits?
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
