Cryptography-Digest Digest #911, Volume #11 Thu, 1 Jun 00 15:13:00 EDT
Contents:
Re: Why encrypt email... ([EMAIL PROTECTED])
Re: Question about Re: RSA/PK Question (Mike Rosing)
Re: Best crypto if encrypted AND plain text are known (and small) ? ("Tor Rustad")
Re: Question about Re: RSA/PK Question ([EMAIL PROTECTED])
PKware (PKZIP) Encryption ([EMAIL PROTECTED])
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: Why encrypt email... (Anton Stiglic)
Re: PKware (PKZIP) Encryption (Troed)
Re: Pollard's algorithm for computing discrete logs (Mike Rosing)
Re: encryption without zeros (James Felling)
Re: decoded ? (Paul Koning)
Re: Is it possible to use encryption to solve this problem? (Bill Unruh)
otp breaktrough !!!!!!!!!!!!! ("analyser")
Re: XTR (was: any public-key algorithm) (Wei Dai)
Re: Free Crypto-Lib for VB? (Custer)
Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net" (Jim)
Powers of s-boxes and other functions (Jim Steuert)
Re: Is it possible to use encryption to solve this problem? ("Paul Pires")
Re: email list for the contest (Mok-Kong Shen)
Re: Tableaus Revisited, Again (Jim Gillogly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Why encrypt email...
Date: Thu, 01 Jun 2000 17:01:03 GMT
[apologies for formatting.]
[EMAIL PROTECTED] (Mark Wooding) wrote:
> jungle <[EMAIL PROTECTED]> wrote:
>
> > in S/MIME, no need to query server, signature has public key ...
> And the result is a vast signature, often much larger than
> the message. This is an apalling system.
The S/MIME specifications suggest sending the public key if the client
knows the sender has not already recieved it --- so that the first
message is expensive, and the others are essentially free. Of course,
this is all implementation-specific, and depending on one's uses, could
be hideously expensive.
> And nobody's mentioned the main problem with S/MIME of having to cough
> up cash to certification authorities or (if you've the stomach for it)
> setting your own up and trying to persuade other people to trust it
> without a sensible transitive-trust concept being in the software.
Well, for many companies, running their own CA isn't too expensive, nor
does it look *that* difficult to do. (Keeping in mind that I haven't yet
built one, but I am looking at it -- either buying an existing one, or
building our own.)
Getting others to trust your own home-grown CA would be (rightfully)
difficult to do.
I suppose it all depends on the intended uses. :)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Question about Re: RSA/PK Question
Date: Thu, 01 Jun 2000 12:20:16 -0500
tomstd wrote:
> I mean what I said, since you can't possibly search either a 128
> or 256 bit key space they are equally secure.
>
> When you compare 40 and 56 bit keys, well obviously 56 bit keys
> are more secure, since you can search both, just the latter
> takes more time.
>
> You can't search either 128/256 bit keyspaces, so technically
> there is no advantage to using 256 bit keys.
True *today*. 50 years from now what will we be able to do? Will we
have quantum computers with 100 GHz cycle times? Nobody knows.
If you're *really* paranoid, 256 bit keys isn't a bad choice for
making a secret stay secret for another 50 years. If you are space
and time constrained, and you need to keep a secret for at least 10
years, then 128 bits is fine.
Crypto is an art form with lots of fluid inputs. There's no one
right answer because there's not a single type of problem. "It
depends" is about as close to correct as you'll get.
Study hard Tom! Good luck with finals!
Patience, persistence, truth,
Dr. mike
------------------------------
From: "Tor Rustad" <[EMAIL PROTECTED]>
Subject: Re: Best crypto if encrypted AND plain text are known (and small) ?
Date: Thu, 1 Jun 2000 19:27:27 +0200
> > Sorry for this basic question, but I'm wondering what the best
> > algorithm would be to encrypt and decrypt a user name (e.g.
> > 'fred'). The goal would be to give 'fred' his encrypted username as a
> > cookie, and to be able to get back the original username 'fred' when
> > decrypting the cookie.
>
> Any modern cipher should be able to resist known- and chosen-plaintext
> attacks. Just choose one.
>
It would then be possible to collect a small dictionary of cookies, I think
one should put in some time-dependent information aswell...e.g.
cookie = Encrypt( name || timestamp, key)
Tor
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Question about Re: RSA/PK Question
Date: Thu, 01 Jun 2000 17:28:49 GMT
In article <KkvZ4.15$[EMAIL PROTECTED]>,
"DD" <[EMAIL PROTECTED]> wrote:
> tomstd <[EMAIL PROTECTED]> wrote in message
> > I also don't agree with using 128+ bit symmetric keys because it
> > provides a false sense of security. "Oh it's secure because I
> > use a 256-bit symmetric key", big deal.
>
> I don't understand what you mean, can you or anyone else please
> explain? Are you saying that it is not secure or that whether the
> key is 128bits or say 256 bits makes little difference in practice
> because both are thought to be secure today?
In an attempt to help Tom study bio, I will try putting words into his
mouth. :)
What I think Tom is getting at, is that a 256-bit key is as easy to
bribe/steal/torture/blackmail out of users as a 128-bit key. However,
since a 256 bit key is so much more secure in terms of brute-force
check-all-keys attacks, people are more likely to commit secrets to
256-bit keys when the O(1) attacks on the keys are just as effective on
256-bit as 128-bit. The extra bits leads people to trust the system more
than they should, leading to a false sense of security. (Or, perhaps, by
seeing "256-bit" users might think the system is great, whereas the
protocol itself might leak too much information, or the implementation
was done poorly, etc..)
(For those secrets where one needs 256-bits of brute-force protection, a
good FIPS 140-1 level 4 hardware device with a threshold scheme on
operators isn't too much to ask. :)
But, of course, I don't speak for Tom -- I just think I understood what
he was saying. :)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: PKware (PKZIP) Encryption
Date: Thu, 01 Jun 2000 17:32:59 GMT
Does anyone know how well PKZIP encryption algorythem work? I have
encrypted a file using this s/w and I am curious how safe it is
provided that the password is long and random enough.
Thank you all.
WS
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 01 Jun 2000 17:44:07 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Why encrypt email...
Date: Thu, 01 Jun 2000 13:55:37 -0400
[EMAIL PROTECTED] wrote:
> > And nobody's mentioned the main problem with S/MIME of having to cough
> > up cash to certification authorities or (if you've the stomach for it)
> > setting your own up and trying to persuade other people to trust it
> > without a sensible transitive-trust concept being in the software.
>
> Well, for many companies, running their own CA isn't too expensive, nor
> does it look *that* difficult to do. (Keeping in mind that I haven't yet
> built one, but I am looking at it -- either buying an existing one, or
> building our own.)
>
> Getting others to trust your own home-grown CA would be (rightfully)
> difficult to do.
>
> I suppose it all depends on the intended uses. :)
It's not that difficult, you can simply follow something like the SPKI
proposal, which will probably give you everything that you need.
The problem is inter operating with other software.
It would be nice to be able to set up your own system that uses S/MIME,
in such a way that it would smoothly work with Netscape, for example,
without having to pay $$$ to some CA.
There are other ways of getting yourself in Netscapes list of trusted
CA without paying $$$ (this is what PrivacyX does), but clients will get
big Warning signs that might scare them away.
Anton
------------------------------
From: [EMAIL PROTECTED] (Troed)
Subject: Re: PKware (PKZIP) Encryption
Reply-To: [EMAIL PROTECTED]
Date: Thu, 01 Jun 2000 17:55:13 GMT
[EMAIL PROTECTED] wrote:
>Does anyone know how well PKZIP encryption algorythem work? I have
>encrypted a file using this s/w and I am curious how safe it is
>provided that the password is long and random enough.
It's protected internally by 32-bit keys (3 of them). 14 (or was it
11?) bytes of known plaintext (often easily guessable looking at the
contents) is enough for a stock Pentium to brute-force the keys in <1
hour. The password itself is irrelevant.
ZIP encryption should be avoided.
___/
_/
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Pollard's algorithm for computing discrete logs
Date: Thu, 01 Jun 2000 13:00:29 -0500
Jesper Stocholm wrote:
>
> I'm trying to implement Pollard's algorithm for discrete logs - but I
> have a little problem:
>
> I have to partition the Group into 3 sections (S1, S2 and S3). However -
> the book I use (Handbook of Applied Cryptography) just says,
> that "some care must be exercised in selecting the partition" - which
> doesn't help me much.
>
> How do I choose the right partition of the Group ?
It's arbitrary. Just make each group about the same size. You can have
more sections too, if you have 4, then the last 2 bits of a result can
determine which group the result goes into.
Patience, persistence, truth,
Dr. mike
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: encryption without zeros
Date: Thu, 01 Jun 2000 13:01:55 -0500
[EMAIL PROTECTED] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> James Felling wrote:
> > How about ab//cd0000ef/1 -> ab ////cd/1/1/1/1ef//1
> >
> > or something along this line.
> > Rules as follows.
> > If character != 0 and !=/ then output character.
> > If character =0 output /1
> > If character =/ output //
> > Done.( it will expand the stream in proportion to the number of escape
> > characters and 0's in it so I would try to make the escape character a low use
> > character)
>
> there is no 'low use character' in cypher output,
> every character is with probability 1/256
(Assuming perfect crypto -- I made the suggestion so that if this were being used to
store plaintext( prior to encoding) an efficient storage would be achieved.)
>
>
> == <EOF> ==
> Disastry http://i.am/disastry/
> http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
> http://disastry.dhs.org/pegwit <-- Pegwit - simple alternative for PGP
> remove .NOSPAM.NET for email reply
> -----BEGIN PGP SIGNATURE-----
> Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
>
> iQA/AwUBOTVFhzBaTVEuJQxkEQL6qwCfUQv50LftOLhZuGx4HbzYkC551H0Anjnc
> mWZutD+6FA1DyDwehELoJqrQ
> =+oBp
> -----END PGP SIGNATURE-----
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: decoded ?
Date: Thu, 01 Jun 2000 13:51:23 -0400
Wbelsito wrote:
>
> has anybody figured out the juno passsword 16 character code ?
>
> lost my password & juno wants me to wait 3 weeks for the new one .
Sounds like you need a different ISP no matter what the
answer is:
-- if someone can recover your password, you need to switch
because the encryption is no good
-- if not, then you should switch because making people wait
3 weeks is bogus...
paul
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Is it possible to use encryption to solve this problem?
Date: 1 Jun 2000 18:17:53 GMT
In <[EMAIL PROTECTED]> Mok-Kong Shen <[EMAIL PROTECTED]> writes:
>Some software are protected through checking a processor
>identification, so that it can be run only on that one computer.
>You might consider that method.
Sure, if you want to totally piss off your customers. Computers crash or
are replaced often enought that this procedure is simply dumb marketing.
You want to loose less by instituting the copy protection than you loose
by not having it. Not evey one copied is a loss either, as you customers
may well never have bought it.
The primary defense is for your customers to see your product as
something which really provides value to them. Once you give them the
feeling they are being ripped off you have lost it as they will not
care if it gets hacked or copied by others.
------------------------------
Reply-To: "analyser" <[EMAIL PROTECTED]>
From: "analyser" <[EMAIL PROTECTED]>
Subject: otp breaktrough !!!!!!!!!!!!!
Date: Thu, 1 Jun 2000 19:31:56 +0200
analyser did it again !!!!!!!!!!!!
it works......
------------------------------
From: Wei Dai <[EMAIL PROTECTED]>
Subject: Re: XTR (was: any public-key algorithm)
Date: Thu, 1 Jun 2000 11:28:26 -0700
In article <8h5ulk$pke$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> In article <[EMAIL PROTECTED]>,
> Wei Dai <[EMAIL PROTECTED]> wrote:
> >Elliptic curves are supposed to offer exponential security whereas XTR still
> >only offers subexponential security at best. This means to obtain 2^128
> >security you'll need EC over GF(p) with p around 2^256 versus XTR over GF(q)
> >with q around 2^413.
>
> But q will be p^6, and the XTR tricks will mean that you only ever actually
> deal with elements of GF(p^2). [Which would be *smaller* than 2^256;
> are you sure about the 2^413 figure?]
I meant GF(p) with p around 2^413 as the base field. The extension field would
be GF(p^6) with p^6 around 2478. Sorry for the confusion.
--
cryptopp.com - a free C++ class library of cryptographic schemes
------------------------------
From: Custer <[EMAIL PROTECTED]>
Subject: Re: Free Crypto-Lib for VB?
Date: Thu, 01 Jun 2000 14:33:09 -0400
[EMAIL PROTECTED] (Charles) wrote:
>I'm looking for a free cryptography library full of vector-tested
>algorithms, either in BAS, OCX or DLL format, which are usable in a
>Visual Basic environment. I realise that VB is the poorest choice for
>a language involving crypto, but I would appreciate some help in
>finding something.
>
>I have had limited success, once finding a vector-verified Blowfish
>DLL, and another in a group of BAS files with the hashes MD5 and
>SHA-1, and the cipher RC4, but MD5 didn't verifiy against the
>vectors...so scrap that one.
>
>Anyone know where I can find a free crypto-lib for VB? (particularly
>including an implementation of SHA-1).
I put some Win32 DLLs that contain implementations in C of the hash
algos sha1, ripemd160 and md5 here (they have been tested with their
respective test vectors):
http://www.geocities.com/WallStreet/Bureau/1195/rmdsha.zip
http://www.geocities.com/WallStreet/Bureau/1195/md5.zip
Also an example program, it's in visual foxpro but you should be able
to adapt to vb:
http://www.geocities.com/WallStreet/Bureau/1195/example.txt
For the ciphers, sorry I don't have them.
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk
Subject: Re: Sunday Times 30/4/2000: "MI5 builds new centre to read e-mails on the net"
Date: Thu, 01 Jun 2000 17:36:13 GMT
Reply-To: Jim
On Wed, 31 May 2000 21:50:19 +0100, George Edwards
<[EMAIL PROTECTED]> wrote:
>In article <Ty4Z4.175$[EMAIL PROTECTED]>, Michael
>Watson <[EMAIL PROTECTED]> writes
>>I /think/ so. Catterick seems to be the area in the North-east where there is
>>an Army-base. I wouldn't be surprised to find out
>>that the MI5 was there - there are too many "government-like" actions in that
>>area. Plus everybody keeps mentioning North Yorkshire
>
>Should we put the bomb in McDonalds or Tesco then?
Do McDonalds...leave Tesco alone.
--
amadeus at netcomuk.co.uk
nordland at lineone.net
g4rga at thersgb.net
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Powers of s-boxes and other functions
Date: Thu, 01 Jun 2000 14:33:30 -0400
The idea here is to generalize from iterated
multiply operations to iterated function
composition operations.
Hash functions like MD5 or SHA-1 cannot be
symbolically composed, and thus cannot be
iterated in time proportional to the log
of the count of iterations, but many
function descriptions can be easily
composed.
It would be interesting to come up with
a hash function which could be
practically "iterated" in logarithmic
time.
It seems too simple to be a new idea.
Does anyone know or use this idea?
-Jim Steuert
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Is it possible to use encryption to solve this problem?
Date: Thu, 1 Jun 2000 11:46:26 -0700
<Snip>
> Sure, if you want to totally piss off your customers. Computers crash or
> are replaced often enought that this procedure is simply dumb marketing.
> You want to loose less by instituting the copy protection than you loose
> by not having it. Not evey one copied is a loss either, as you customers
> may well never have bought it.
> The primary defense is for your customers to see your product as
> something which really provides value to them. Once you give them the
> feeling they are being ripped off you have lost it as they will not
> care if it gets hacked or copied by others.
Excellent point. All security problems are not necessarily solved
technologically. Marketing and customer service can (and should) address
some issues. Some folks are inclined to hack. These people will never be
your customers so don't design your product based upon the presence of these
folks. True customers will buy if they see a value to your product and a
reason to walk into your "Store". Your product has to have value and so do
you.
Paul
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: email list for the contest
Date: Thu, 01 Jun 2000 21:02:39 +0200
"Douglas A. Gwyn" wrote:
> Mok-Kong Shen wrote:
> > It would be fine, if some benevolent rich person (Gates?) could
> > donate a similar prize to solve the problem of crackability of a
> > certain cipher that is destined for universal use in the new
> > millennium.
>
> Of course, it would be much *more* lucrative to keep one's
> successful cracking method secret.
You are certainly right. One should also note that the number of
persons attempting to attack a cipher increases with the size of the
domain of application of it. (I can still remember that back in 1984
someone told me that he was using certain (then) very modern
special hardware trying to crack DES.)
There is, however, the other possible outcome, namely that the
prize algorithm turns out to be provably uncrackable, in which
case the scientist involved would be sufficiently rewarded for
his effort.
M. K. Shen
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Tableaus Revisited, Again
Date: Thu, 01 Jun 2000 18:57:26 +0000
Mok-Kong Shen wrote:
> I always wonder why Vigenere was that popular and people didn't
> widely employ substitution tables with independent alphabets, i.e.
> with each column being an arbitrary permutation of the alphabet.
> Do you happen to know of a reason?
The system Vigenere invented did use arbitrary permutations of the
alphabet, unlike the system now known by his name. The Fuer GOD cipher
used by the Germans in World War 1 was a polyalphabetic with unrelated
alphabets. The Allies used a system called SYKO in WW2 with 30 or 32
mixed alphabets. It was still far too insecure.
--
Jim Gillogly
12 Forelithe S.R. 2000, 18:47
12.19.7.4.12, 5 Eb 15 Zip, Second Lord of Night
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
