Cryptography-Digest Digest #946, Volume #11 Mon, 5 Jun 00 11:13:00 EDT
Contents:
Re: DES -- Annoyed (Mark Wooding)
Re: Observer 4/6/2000: "Your privacy ends here" ("James Winsoar")
Re: Evidence Eliminator, is it patented, copyrighted, trademarked ?
([EMAIL PROTECTED])
Re: Cipher design a fading field? ("Trevor L. Jackson, III")
Re: Observer 4/6/2000: "Your privacy ends here" (U Sewell-Detritus)
Re: HTML encryption ("Trevor L. Jackson, III")
Re: Solovay-Strassen primality test (Bob Silverman)
Re: DES -- Annoyed ("Kasper Pedersen")
Re: DES -- Annoyed ("Thomas J. Boschloo")
Question about recommended keysizes (768 bit RSA) ("Thomas J. Boschloo")
Re: DES -- Annoyed (Albert P. Belle Isle)
Re: RC4 and ciphersaber for the clueless newbie. ("John E. Kuslich")
Re: Observer 4/6/2000: "Your privacy ends here" ("John E. Kuslich")
Statistics of occurences of prime number sequences in PRBG output as ("John A.
Malley")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: DES -- Annoyed
Date: 5 Jun 2000 11:16:07 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> Unfortunately neither of those are true DES implementations.
> The initial 64-bit key is permuted (top of p273 of applied
> crypto), in this compression-permutation 56 bits are chosen from
> the user key.
I've no idea what you're talking about.
The 7-byte key is nonstandard, but is convenient if you want to ensure
that all of your key material is actually used.
The 8-byte key is a proper DES key. Properly, the low-order bit of each
byte is set to ensure that the byte has odd parity, but the
implementation doesn't check that and simply ignores the parity bits.
Given a 7-byte key, the implementation first expands it to an 8-byte key
by doing some simple shifting. It then applies the PC1 permutation to
strip away the `parity' bits.
Finally, I didn't invent those test vectors. They came straight from
HAC, page 256, actually.
-- [mdw]
------------------------------
From: "James Winsoar" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 5 Jun 2000 12:25:04 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"B Labour" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> http://www.observer.co.uk/focus/story/0,6903,328071,00.html
>
> Your privacy ends here
>
> A Bill which is slipping through the House of Lords will allow MI5
> access to all our online communications, says John Naughton. It
> could mean we're all guilty until proven innocent. So why don't we
> care more?
We are suggesting people download PGP from
ftp://tucows.belgium.eu.net/Tucows/files/PGPfreeware_6.5.3.zip
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: For PGP details go to http://www.smi-group.co.uk/main.shtml
iQA/AwUBOTuN9VGwY0s2M70+EQLSjACg0iUDtkMpsT6ekyZcbQ4B1oiQhUUAoMIi
LqbvFG2ldToHjFQ6L1lMFWO7
=FnBY
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Evidence Eliminator, is it patented, copyrighted, trademarked ?
Date: Mon, 05 Jun 2000 12:58:13 GMT
I'm not a lawyer, but I do know a little about trademarks. In the U.S.
you can pretty much make anything your trademark. However, you need to
establish your mark. The first step is to put a "TM" next to your mark.
That tells anyone who sees the mark that you have/want to establish
that mark as your trademark. The serious businesses will then
"register" the trademark, which then allows one to put the infamous (R)
next to the mark.
Even before the trademark question came up, the first thing that hit me
with evidence eliminator is their "e" looks a lot like Microsoft's
internet explorer "e". The thought crossed my mind as to whether
Microsoft would take issue with that mark?
In article <#76ChGqz$GA.451@cpmsnbbsa08>,
"Hiram Yaeger" <no@email> wrote:
> "jungle" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > where trademarked ? what country ?
> > it is not trademark in USA ...
> >
> > Hiram Yaeger wrote:
> > >
> > > "jungle" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > the other 2 ?
> > > >
> > > > Lucifer wrote:
> > > > >
> > > > > On Sat, 03 Jun 2000 06:13:12 -0400 jungle
<[EMAIL PROTECTED]>
> wrote:
> > > > >
> > > > > >Evidence Eliminator, is it patented, copyrighted, trademarked
?
> > > > >
> > > > > It's copyrighted when it's written.
> > > > >
> > > > > No filing is required.
> > >
> > > I would assume that "Evidence Eliminator" is legally their
trademark.
> As
> > > for patented, they use methods for overwriting data that are well
known
> and
> > > have been in use for years. They didn't invent it. No patent.
>
> I'm not a lawyer. I was taking a guess, which is why I said I assume.
I
> don't know how trademarks work.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 05 Jun 2000 09:34:19 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
"... morally implacable top politicians ..." -- Now there's a nightmare concept.
Mok-Kong Shen wrote:
> wtshaw wrote:
>
> > "Douglas A. Gwyn"<[EMAIL PROTECTED]> wrote:
> > >
> > > (a) It has not been demonstrated that a group of amateurs can
> > > in fact design a truly "strong" cipher.
> >
> > Ah..the old problem: What is strength?
>
> This question is virtually in the same category as 'What is truth?'.
>
> > > (b) I wish that the amateurs would quit inventing a plethora
> > > of new encryption schemes until they have figured out how to
> > > defeat the existing ones. This may be relevant to your thesis.
> > >
> > A new cipher each day can clear the palate.
>
> This can't be useful for 'regular traffic', like communications of banks.
> That's why one needs standards, like 3DES and AES. But as previously
> discussed, one can obtain fairly high diversity/variability to tease the
> analyst through multiple encryptions and parametrized ciphers (e.g. AES
> with variable number of rounds or variable keys, the implementation of
> which is no problem at least in software).
>
> On the other hand, 'a new cipher each day' for such traffics as personal
> e-mails will create in short time a diversity far exceeding the biodiversity
> in nature. (I don't know whether it is true, but I was told that the
> biologists don't yet fully oversee the kindom of objects of their study.)
> Since any one single e-mail has the potential of carrying some highly
> delicate stuffs, like calls for revolutions as well as scandalous expressions
> of affections of unlawful couples, which the dutiful and morally impacable
> top politicians must attempt to eradicate, this provides a good foundation
> for a bill to build a dozen more Echelons.
>
> M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (U Sewell-Detritus)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: 5 Jun 2000 13:32:33 GMT
James Winsoar <[EMAIL PROTECTED]> wrote:
>"B Labour" <[EMAIL PROTECTED]> wrote:
>> http://www.observer.co.uk/focus/story/0,6903,328071,00.html
>>
>> Your privacy ends here
>>
>> A Bill which is slipping through the House of Lords will allow MI5
>> access to all our online communications, says John Naughton. It
>> could mean we're all guilty until proven innocent. So why don't we
>> care more?
>
>We are suggesting people download PGP from
>ftp://tucows.belgium.eu.net/Tucows/files/PGPfreeware_6.5.3.zip
PGP et al suit being coupled with a steganography package. [1]
Today, the Beeb reports yet another industry plea for RIP to
be scrapped. [2]
Slightly off-topic, but where was our foxy PM Blair hiding this weekend?
He was not at Chequers, that's for sure and there've been no sightings
of him at the 1-4June secret Bilderberg conference with the rest of the
"High Priests of Globalisation." But then, the media are always excluded,
naturally.
The $1m Rothschild-sponsored question is whether Blair will once more
try to mislead parliament about his attendance. [3]
Here standeth The Rt Hon. Anthony 'double-standards, lie through
his teeth' Blair, if ever there was. Complete with a majority of 32,852.
If RIP is to subject his "lumpen proletariat" to mass secret service
scrutiny, then so too for Brother Blair and his fellow "high priests"?
Obviously not.
====================================================================
"Publicity is just recommended as a remedy for social and industrial
diseases. Sunlight is said to the best of disinfectants; electric
light the most efficient policeman."
Judge Louis Brandeis, US Supreme Court, 1976 [4]
====================================================================
[1] http://members.tripod.com/steganography/stego.html
[2] http://news.bbc.co.uk/hi/english/sci/tech/newsid_774000/774652.stm
[3] http://www.bilderberg.org/bilder.htm#Blair
[4] Many parts of Blair's last conference speech were lifted straight
from Jonathan Freedland's book, "Bring Home The Revolution", where
this quote is to be found.
It's a dashing shame Brother Blair feels the intelligence spotlight
is appropriate for his subjects but when shone in his own
direction, he releases a hideous Gremlinesque squeal. What a t*sser.
http://www.the-times.co.uk/news/pages/sti/1999/10/24/stinwenws02039.html
http://www.amazon.co.uk/exec/obidos/ASIN/1841150215
------------------------------
Date: Mon, 05 Jun 2000 09:59:44 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: HTML encryption
Mark Wooding wrote:
> If I copy something, then we both have one, and you've lost nothing.
The raison d'etre of this NG shows the above statement false. Secrecy is a
valuable property that is lost during the process of making unauthorized
copies. Thus the owner of a secret loses something when you gat a copy of the
secret.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Solovay-Strassen primality test
Date: Mon, 05 Jun 2000 13:52:39 GMT
In article <Pine.LNX.4.10.10006030008200.1321-
[EMAIL PROTECTED]>,
Marek Futrega <[EMAIL PROTECTED]> wrote:
> On Fri, 2 Jun 2000, Bob Silverman wrote:
>
> > > The basis of the Solovay-Strassen algorithm is the fact that for
any
> > > given composite number "n", there are at most n/2 values of "a"
less
> > > than "n" for which "n" is an Euler pseudo-prime with base "a".
> >
> > Hint: Think about Euler's criterion for quadratic reciprocity.
> >
>
> It doesn't help me much.
OK, here's another hint:
Let p be prime. How many quadratic residues does it have?
Now let n be composite. How many quadratic residues (at most) does
it have? Further hint: let n = pq and use the Chinese Remainder
Theorem.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Kasper Pedersen" <[EMAIL PROTECTED]>
Subject: Re: DES -- Annoyed
Date: Mon, 05 Jun 2000 14:19:39 GMT
"tomstd" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> As part of my 'Tiny Crypt Lib' I am implementing DES (and then
> of course 3key 3des) and have possibly the smallest (and
> slowest) implementation ever... problem is I can't find test
> vectors for DES anywhere!!!
I have a little program that would be beneficial, I think.
It's a Win32 DES 'calculator' (with/without IP/IP-1s), checked against the
official vectors.
Source included.
Once upon a time it was available on my site, but my provider died, and I'm
waiting for that SDSL line...
Mail me and I'll push it over the puny analog modem I'm using these days.
Or if you'd like, we have an ultimately-slow implementation that uses FIPS
numbering all the way through. VERY confusing.
/Kasper
kasper at traceroute dot dk
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Subject: Re: DES -- Annoyed
Date: Mon, 05 Jun 2000 15:46:03 +0200
tomstd wrote:
>
> As part of my 'Tiny Crypt Lib' I am implementing DES (and then
> of course 3key 3des) and have possibly the smallest (and
> slowest) implementation ever... problem is I can't find test
> vectors for DES anywhere!!!
>
> I looked at the FIPS-42 pages ...etc, nothing. I can't believe
> they specify DES without test vectors...
>
> Any help?
They were posted to <news:alt.security.scramdisk> recently. The tread is
called "Q: Cipher Verification".
Hope it helps,
Thomas
--
We live in the Matrix <http://www.whatisthematrix.com>
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x225CA009
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Question about recommended keysizes (768 bit RSA)
Date: Mon, 05 Jun 2000 16:12:20 +0200
Hi sci.crypt guys,
I'm mainly from a.p.a-s nowadays and yesterday I found the document
<http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html>. In it it
says "Further, 768 bits seems unreachable today, even utilizing the
TWINKLE device, because of the difficulties in dealing with the matrix.
However, we do believe that 768-bits might be breakable in about
10-years time. The fitted data from section III gives a date of 2019 for
breaking such a key by public effort."
My, PGP 2.6.3i RSA, key is about 768 bits and my computer is not that
secure (windows 95 and not behind a locked door, with a BIOS password or
with a 'lasted used' message like in Solaris) so I'm fine with it taking
the NSA at least ten years to break it (and lots of dough). I am aware
of Bruce's 'Attack trees'
<http://www.counterpane.com/attacktrees-ddj-ft.html>, so making my key
much larger might give the people I communicate with a false sense of
security, I think.
'Steve' however gave me the link
<http://www.cryptosavvy.com/cryptosizes.pdf>, inside which is claimed
that "According to Table 1 usage of 768-bit RSA keys can no longer be
recommended. Even in the equipment cost equivalent model 768-bit RSA
keys will soon no longer offer security comparable to the security of
the DES in 1982."
I can't figure out which model is best; The computional equivalence
model by RSA Labs, or the cost equivalence based model by
Lenstra/Verheul. I tend to trust the word of Bob Silverman, but I'm also
chauvinistic enough to trust my fellow dutchmen.
I don't want a summing up of why the two models are valid in their own
rights and how the reseachers came to then. Just a short answer of which
one is more accurate.
In the table at <http://www.cryptosavvy.com/table.htm> 101 bits
symmetric is claimed to be 3214 assymetric. Phil Zimmerman claimed in a
signed letter that 128 bits symmetric is 3100 assymetric, and RSA Labs
claims 128 bit symetric 1620 assymetric. Can you understand that I am a
bit confused?
I can go along with the assumptions and deductions claimed in
<http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html> about
Moore's law not holding, bus speeds and no big breakthroughs to be
archived in factoring/discrete logarithms.
Help me!
Thomas
--
We live in the Matrix <http://www.whatisthematrix.com>
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x225CA009
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: Albert P. Belle Isle <[EMAIL PROTECTED]>
Subject: Re: DES -- Annoyed
Date: Mon, 05 Jun 2000 10:35:30 -0400
Reply-To: [EMAIL PROTECTED]
On Mon, 05 Jun 2000 03:31:13 -0700, tomstd
<[EMAIL PROTECTED]> wrote:
>As part of my 'Tiny Crypt Lib' I am implementing DES (and then
>of course 3key 3des) and have possibly the smallest (and
>slowest) implementation ever... problem is I can't find test
>vectors for DES anywhere!!!
>
>I looked at the FIPS-42 pages ...etc, nothing. I can't believe
>they specify DES without test vectors...
>
>Any help?
>
>Tom
>
Tom:
If you're looking at "FIPS-42" I'm not surprised <g>, the "Data
Encryption Standard (DES)" is FIPS Pub 46-3 (the update from 46-2 that
finally specifes outer-CBC-mode TDEA as the standard).
The official test vectors for the modes of use of DEA ("single-DES")
are in FIPS Pub 81, and in NBS (now NIST) Special Pub 500-20.
(The "implementing" FIPS Pub 74 lists the weak and semi-weak keys.)
If you use the EDE version of TDEA, by using the same 8-byte DEA key
value for each third of the 24-byte TDEA key, you can just use these
tests for validation. Our cryptosystem startup tests use 84 such tests
from FIPS 81 and 171 from SP 500-20 (along with the FIPS 140-1 level
3/4 keystream tests and the FIPS 180-1 SHA1 tests, of course).
A definite "implementers benefit" of EDE over EEE or DDD TDEA.
Good luck.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Subject: Re: RC4 and ciphersaber for the clueless newbie.
Date: Mon, 5 Jun 2000 07:56:24 -0700
Guy, if you ever work out a hardware implementation of RC4, please contact
me about the speed you are able to achieve.
We have done some really fast assembler RC4 but the need for speed never
ends. If you have a fast microcontroller implementation, I want to see it.
JK http://www.crak.com You can get my e-mail address there...I don't want
any more spam than I have already.
Guy Macon <[EMAIL PROTECTED]> wrote in message
news:8hfrrb$[EMAIL PROTECTED]...
> Scott Fluhrer wrote:
> >
> >tomstd wrote:
> >
> >> [EMAIL PROTECTED] (Guy Macon) wrote:
> >>
> >>>Sorry for being a bother, but I am a clueless newbie who has a
> >>>special interest in RC4 (the ciphersaber implementation, really)
> >>>and the above went over my head. Could someone explain the
> >>above in simple terms?
> >
> >Maybe you want to pick up a copy of Applied Cryptography by Schneier
> >(second edition) and look at it -- RC4 might be the simplest
> >believed-secure cipher in existence.
>
> I have looked at it. I don't have it in front of me, but I didn't
> see anything about s-boxes. Then again, I am not really clear on
> the concept of s-boxes, so maybe I misunderstood.
>
> Here is where I am coming from. I am an autodidact who designs
> and programs embedded systems. I have created VCRs, aerospace
> test fixtures, a DVD-RAM replication line, etc. and I am currently
> designing microcontroller-based toys for a major toy manufacturer.
> I know *everything* about designing products and writing programs
> for them, but am very limited in the areas of math that are often
> discussed in this newsgroup. Given my strengths and weaknesses,
> I decided to learn cryptography using the following method:
>
> [1] Identify the simplest possible algorithms.
>
> [2] Study them, write programs using them, and experiment with
> variations of them.
>
> [3] Read all the Usenet discussions and web pages about them, and
> eventually become able to carry on an intelligent conversation
> concerning them.
>
> I chose One Time Pad and Ciphersaber as being the two simplest
> methods of encrypting data, so those are the ones that I am
> studying first. I believe that I understand the strengths and
> weaknesses of OTP pretty well, so now I am focusing on ciphersaber,
> arcfour and RC4. My next step will probably be whatever looks like
> the simplest asymmetric key system.
>
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 5 Jun 2000 08:03:47 -0700
Go down to the ocean and make salt!!! Like "10004848edfeeddac" (my
personal favorite salt).
This will absolutely drive them nuts!!!
After all, it worked for Gandhi!
JK Password Recovery http://www.crak.com
Anarchist Lemming <[EMAIL PROTECTED]> wrote in message
news:8he6et$1q5$[EMAIL PROTECTED]...
> There are countless groups that oppose the RIP Bill but only a few have
been
> particularly vocal about it:
>
> www.liberty-human-rights.org.uk
> www.stand.org.uk
> www.schnews.org.uk
> www.fipr.org/rip
> www.urban75.com
> www.hellnet.org.uk (expect relaunch mid-July)
>
> Most underground hacking and anti-capitalist groups in the UK are also
> fiercely opposed to this clampdown on our rights. I agree that electronic
> civil disobedience like the methods you mentioned are the only effective
> method of resistance, but first we have to raise public awareness - this
> will affect everyone in the UK even if they do not use the Internet
> regularly.
>
>
> Lemming
> www.hellnet.org.uk
>
>
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Statistics of occurences of prime number sequences in PRBG output as
Date: Mon, 05 Jun 2000 08:03:04 -0700
Hello everybody,
I'm developing a synchronous stream cipher (called Dengo) in the course
of my cryptography self education. ( I hope to post the algorithm on
sci.crypt, after I finish cryptanalyzing it, with an explanation of
how/why the design came about, and to put it in the public domain.)
I'm designing "Dengo" with respect to known plaintext attack, replay
attack and attacks based on the statistical properties of pseudorandom
bit generation for its key stream. For example, I'm applying
statistical tests in described in Chapter 5 of the Handbook Of Applied
Cryptography for pseudorandom bit sequences to help assess the algorithm
- the poker test, the runs tests, frequency test, FIPS 140-1.
Something struck me yesterday while looking at the behavior of LFSR
stream ciphers and then at stream ciphers in general. Say the keystream
generator uses a register m bits long. Look at each m bit block in the
output keystream as an m bit number. The keystream generator makes a
non repeating sequence of 2^m - 1 numbers. And phi(2^m) of those numbers
are prime. Now there is no iterated or recursive mathematical function
that
generates all primes starting from a given input value. So stream
ciphers as iterated or recursive math functions should not generate
"long" sequences of primes starting from a seed value, where "long" is
TBD. The probability of finding any two m-bit prime numbers, or any
three m-bit prime numbers, or any k m-bit prime numbers in successive
sequence in PRBG output should be much smaller than expected for a
genuine random bit sequence of the same bit length as the keysteam. And
above some value of k the probability of encountering a k prime sequence
in the PRBG keystream probable goes to zero.
The statistics of pairs, triplets, etc. of m-bit prime numbers in
pseudorandom bit sequences should be measurably different than the
statistics for these sequences in true random bit sequences. Maybe
these statistics allow for new cryptanalytic attacks on stream ciphers.
Does anyone know of any work or analyses available covering the
probability of prime number sequences in PRBG output as a measure of
"goodness of fit" to a true random bit sequence? Is this characteristic
covered by other empirical statistical tests? And is there a published
attack exploiting this?
Any info appreciated,
John A. Malley
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
