Cryptography-Digest Digest #949, Volume #11 Mon, 5 Jun 00 17:13:00 EDT
Contents:
Re: Observer 4/6/2000: "Your privacy ends here" ("Dr Braddock")
Re: Could RC4 used to generate S-Boxes? (tomstd)
Re: Observer 4/6/2000: "Your privacy ends here" ("Anarchist Lemming")
Re: Question about recommended keysizes (768 bit RSA) (DJohn37050)
Re: Concerning UK publishes "impossible" decryption law (zapzing)
Re: Question about recommended keysizes (768 bit RSA) (tomstd)
Favorite Cipher Contest Entry ([EMAIL PROTECTED])
Re: Favorite Cipher Contest Entry (tomstd)
Re: Could RC4 used to generate S-Boxes? (David A. Wagner)
Re: Question about recommended keysizes (768 bit RSA) (Roger Schlafly)
Re: Retail distributors of DES chips? (zapzing)
----------------------------------------------------------------------------
From: "Dr Braddock" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 5 Jun 2000 20:33:46 +0100
These are the words which, according to the owner of
http://platon.ee.duth.gr/data/maillist-archives/security/msg00114.html ,
will
register immediate interest with any government listening stations; use them
freely!
Rewson, SAFE, Waihopai, INFOSEC, ASPIC, MI6, Information Security, SAI,
Information Warfare, IW, IS, Privacy, Information Terrorism, Terrorism
Defensive Information, Defense Information Warfare, Offensive Information,
Offensive Information Warfare, The Artful Dodger, NAIA, SAPM, ASU, ASTS,
National Information Infrastructure, InfoSec, SAO, Reno, Compsec, JICS,
Computer Terrorism, Firewalls, Secure Internet Connections, RSP, ISS, JDF,
Ermes, Passwords, NAAP, DefCon V, RSO, Hackers, Encryption, ASWS, CUN, CISU,
CUSI, M.A.R.E., MARE, UFO, IFO, Pacini, Angela, Espionage, USDOJ, NSA, CIA,
S/Key, SSL, FBI, Secert Service, USSS, Defcon, Military, White House,
Undercover, NCCS, Mayfly, PGP, SALDV, PEM, resta, RSA, Perl-RSA, MSNBC, bet,
AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET, SAMU, COSMOS, DATTA,
E911, FCIC, HTCIA, IACIS, UT/RUS, JANET, ram, JICC, ReMOB, LEETAC, UTU,
VNET, BRLO, SADCC, NSLEP, SACLANTCEN, FALN, 877, NAVELEXSYSSECENGCEN, BZ,
CANSLO, CBNRC, CIDA, JAVA, rsta, Active X, Compsec 97, RENS, LLC, DERA, JIC,
rip, rb, Wu, RDI, Mavricks, BIOL, Meta-hackers, ^?, SADT, Steve Case, Tools,
RECCEX, Telex, OTAN, monarchist, NMIC, NIOG, IDB, MID/KL, NADIS, NMI, SEIDM,
BNC, CNCIS, STEEPLEBUSH, RG, BSS, DDIS, mixmaster, BCCI, BRGE, Europol,
SARL, Military Intelligence, JICA, Scully, recondo, Flame, Infowar, Bubba,
Freeh, Archives, ISADC, CISSP, Sundevil, jack, Investigation, JOTS, ISACA,
NCSA, ASVC, spook words, RRF, 1071, Bugs Bunny, Verisign, Secure, ASIO,
Lebed, ICE, NRO, Lexis-Nexis, NSCT, SCIF, FLiR, JIC, bce, Lacrosse,
lashbangs, HRT, IRA, EODG, DIA, USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC,
AFSPC, BMDO, site, SASSTIXS, NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA,
AHPCRC, ARPA, SARD, LABLINK, USACIL, SAPT, USCG, NRC, ~, O, NSA/CSS, CDC,
DOE, SAAM, FMS, HPCC, NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, LLNL,
bemd, SGC, UNCPCJ, CFC, SABENA, DREO, CDA, SADRS, DRA, SHAPE, bird dog,
SACLANT, BECCA, DCJFTF, HALO, SC, TA SAS, Lander, GSM, T Branch, AST,
SAMCOMM, HAHO, FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, benelux,
SAS, SBS, SAW, UDT, EODC, GOE, DOE, SAMF, GEO, JRB, 3P-HV, Masuda, Forte,
AT, GIGN, MB, CQB, TECS, CONUS, CTU, RCMP, GRU, SASR, GSG-9, 22nd SAS, GEOS,
EADA, SART, BBE, STEP, Echelon, Dictionary, MD2, MD4, MDA, diwn, 747, ASIC,
777, RDI, 767, MI5, 737, MI6, 757, Kh-11, EODN, SHS, ^X, Shayet-13, SADMS,
Spetznaz, Recce, 707, CIO, NOCS, Halcon, NSS, Duress, RAID, Uziel, wojo,
Psyops, SASCOM, grom, NSIRL, D-11, DF, ZARK, SERT, VIP, ARC, S.E.T. Team,
NSWG, MP5k, SATKA, DREC, DEVGRP, DSD, FDM, GRU, LRTS, SIGDEV, NACSI,
MEU/SOC,PSAC, PTT, RFI, ZL31, SIGDASYS, TDM. SUKLO, Schengen, SUSLO, TELINT,
fake, TEXTA. ELF, LF, MF, Mafia, JASSM, CALCM, TLAM, Wipeout, GII, SIW,
MEII, C2W, Burns, Tomlinson, Ufologico Nazionale, Centro, CICAP, MIR,
Belknap, Tac, rebels, BLU-97 A/B, 007, nowhere.ch, bronze, Rubin, Arnett,
BLU, SIGS, VHF, Recon, peapod, PA598D28, Spall, dort, 50MZ, 11Emc Choe,
SATCOMA, UHF, The Hague, SHF, ASIO, SASP, WANK, Colonel, domestic
disruption, 5ESS, smuggle, Z-200, 15kg, DUVDEVAN, RFX, nitrate, OIR,
Pretoria, M-14, enigma, Bletchley Park, Clandestine, NSO, nkvd, argus,
afsatcom, CQB, NVD, Counter Terrorism Security, Enemy of the State, SARA,
Rapid Reaction, JSOFC3IP, Corporate Security, 192.47.242.7, Baldwin, Wilma,
ie.org, cospo.osis.gov, Police, Dateline, Tyrell, KMI, 1ee, Pod, 9705
Samford Road, 20755-6000, sniper, PPS, ASIS, ASLET, TSCM, Security
Consulting, M-x spook, Z-150T, High Security, Security Evaluation,
Electronic Surveillance, MI-17, ISR, NSAS, Counterterrorism, real, spies,
IWO, eavesdropping, debugging, CCSS, interception, COCOT, NACSI, rhost,
rhosts, ASO, SETA, Amherst, Broadside, Capricorn, NAVCM, Gamma, Gorizont,
Guppy, NSS, rita, ISSO, submiss, ASDIC, .tc, 2EME REP, FID, 7NL SBS, tekka,
captain, 226, .45, nonac, .li, Tony Poe, MJ-12, JASON, Society, Hmong,
Majic, evil, zipgun, tax, bootleg, warez, TRV, ERV, rednoise, mindwar,
nailbomb, VLF, ULF, Paperclip, Chatter, MKULTRA, MKDELTA, Bluebird, MKNAOMI,
White Yankee, MKSEARCH, 355 ML, Adriatic, Goldman, Ionosphere, Mole,
Keyhole, NABS, Kilderkin, Artichoke, Badger, Emerson, Tzvrif, SDIS, T2S2,
STTC, DNR, NADDIS, NFLIS, CFD, BLU-114/B, quarter, Cornflower, Daisy, Egret,
Iris, JSOTF, Hollyhock, Jasmine, Juile, Vinnell, B.D.M., Sphinx, Stephanie,
Reflection, Spoke, Talent, Trump, FX, FXR, IMF, POCSAG, rusers, Covert
Video, Intiso, r00t, lock picking, Beyond Hope, LASINT, csystems, .tm,
passwd, 2600 Magazine, JUWTF, Competitor, EO, Chan, Pathfinders, SEAL Team
3, JTF, Nash, ISSAA, B61-11, Alouette, executive, Event Security, Mace,
Cap-Stun, stakeout, ninja, ASIS, ISA, EOD, Oscor, Tarawa, COSMOS-2224,
COSTIND, hit word, hitword, Hitwords, Regli, VBS, Leuken-Baden, number key,
Zimmerwald, DDPS, GRS, AGT. AMME, ANDVT, Type I, Type II, VFCT, VGPL, WHCA,
WSA, WSP, WWABNCP, ZNI1, FSK, FTS2000, GOSIP, GOTS, SACS STU-III, PRF, PMSP,
CMT, I&A, JRSC, ITSDN, Keyer, KG-84C, KWT-46, KWR-46, KY-75, KYV-5, LHR,
PARKHILL, LDMX, LEASAT, SNS, SVN, TACSAT, TRANSEC, DONCAF, EAM, DSCS,
DSNET1, DSNET2, DSNET3, ECCM, EIP, EKMS, EKMC, DDN, DDP, Merlin, NTT, SL-1,
Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time, MSEE, Cable
& Wireless, CSE, SUW, J2, Embassy, ETA, Porno, Fax, finks, Fax
encryption, white noise, Fernspah, MYK, GAFE, N9, pink noise, CRA, M.P.R.I.,
top secret, Mossberg, 50BMG, Macintosh Security, Macintosh Internet
Security, OC3, Macintosh Firewalls, Unix Security, VIP Protection, SIG,
sweep, Medco, TRD, TDR, Z, sweeping, SURSAT, 5926, TELINT, Audiotel,
Harvard, 1080H, SWS, Asset, Satellite imagery, force, NAIAG, Cypherpunks,
NARF, 127, Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit,
FLAME, J-6, Pornstars, AVN, Playboy, ISSSP, Anonymous, W, Sex, chaining,
codes, Nuclear, 20, subversives, SLIP, data havens, unix, SUBACS, DES, 1*,
N-ISDN, NLSP, OTAR, OTAT, OTCIXS, MISSI, MOSAIC, NAVCOMPARS, NCTS, NESP,
MILSATCOM, AUTODIN, BLACKER, C3I, C4I, CMS, CMW, CP, SBU, SCCN, SITOR,
SHF/DOD, Finksburg MD, Link 16, LATA, NATIA, NATOA, sneakers, UXO, (),
OC-12, counterintelligence, Shaldag, sport, NASA, TWA, DT, gtegsc, emc,
industrial espionage, SUPIR, PI, TSCI, spookwords, industrial intelligence,
H.N.P., SUAEWICS, Juiliett Class Submarine, Locks, qrss, loch, 64 Vauxhall
Cross, Ingram Mac-10, wwics, sigvoice, ssa, E.O.D., SEMTEX, penrep, racal,
OTP, OSS, Siemens, RPC, Met, CIA-DST, INI, watchers, Blowpipe, BTM, CCS,
GSA, Kilo Class, squib, primacord, RSP, Z7, Becker, Nerd, fangs, Austin,
no|d, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, BROMURE, ANC,
zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation, Starr,
Wackenhutt, EO, burhop, Wackendude, mol, Shelton, 2E781, F-22, 2010, JCET,
cocaine, Vale, IG, Kosovo, Dake, 36,800, Hillal, Pesec, Hindawi, GGL, NAICC,
CTU, botux, Virii, CCC, ISPE, CCSC, Scud, SecDef, Magdeyev, VOA, Kosiura,
Small Pox, Tajik, +=, Blacklisted 411, TRDL, Internet Underground, BX,
XS4ALL, wetsu, muezzin, Retinal Fetish, WIR, Fetish, FCA, Yobie, forschung,
emm, ANZUS, Reprieve, NZC-332, edition, cards, mania, 701, CTP, CATO,
Phon-e, Chicago Posse, NSDM, l0ck, beanpole, spook, keywords, QRR, PLA,
TDYC, W3, CUD, CdC, Weekly World News, Zen, World Domination, Dead, GRU,
M72750, Salsa, 7, Blowfish, Gorelick, Glock, Ft. Meade, NSWT, press-release,
WISDIM, burned, Indigo, wire transfer, e-cash, Bubba the Love Sponge,
Enforcers, Digicash, zip, SWAT, Ortega, PPP, NACSE, crypto-anarchy,
AT&T, SGI, SUN, MCI, Blacknet, ISM, JCE, Middleman, KLM, Blackbird, NSV,
GQ360, X400, Texas, jihad, SDI, BRIGAND, Uzi, Fort Meade, *&, gchq.gov.uk,
supercomputer, bullion, 3, NTTC, Blackmednet, :, Propaganda, ABC, Satellite
phones, IWIS, Planet-1, ISTA, rs9512c, Jiang Zemin, South Africa, Sergeyev,
Montenegro, Toeffler, Rebollo, sorot, Yucca Mountain, FARC, Toth, Xu
Yongyue, Bach, Razor, AC, cryptanalysis, nuclear, 52 52 N - 03 03 W, Morgan,
Canine, GEBA, INSCOM, MEMEX, Stanley, FBI, Panama, fissionable, Sears Tower,
NORAD, Delta Force, SEAL, virtual, WASS, WID, Dolch, secure shell, screws,
Black-Ops, O/S, Area51, SABC, basement, ISWG, $@, data-haven, NSDD,
black-bag, rack, TEMPEST, Goodwin, rebels, ID, MD5, IDEA, garbage, market,
beef, Stego, ISAF, unclassified, Sayeret Tzanhanim, PARASAR, Gripan, pirg,
curly, Taiwan, guest, utopia, NSG, orthodox, CCSQ, SHA, Global, UNSCOM,
Fukuyama, Manfurov, Kvashnin, Marx, Abdurahmon, snullen, Pseudonyms, MITM,
NARF, Gray Data, VLSI, mega, Leitrim, Yakima, NSES, Sugar Grove, WAS,
Cowboy, Gist, 8182, Gatt, Platform, 1911, Geraldton, UKUSA, veggie, XM,
Parvus, NAVSVS, 3848, Morwenstow, Consul, Oratory, Pine Gap, Menwith,
Mantis, DSD, BVD, 1984, blow out, BUDS, WQC, Flintlock, PABX, Electron,
Chicago Crust, e95, DR&E, 3M, KEDO, iButton, R1, erco, Toffler, FAS,
RHL, K3, Visa/BCC, SNT, Ceridian, STE, condor, CipherTAC-2000, Etacs,
Shipiro, KY, 32, Edens, Kiwis, Kamumaruha, DODIG, Firefly, HRM, Albright,
Bellcore, rail, csim, NMS, 2c, FIPS140-1, CAVE, E-Bomb, CDMA, Fortezza,
355ml, ISSC, cybercash, NAWAS, government, NSY, hate, illuminati, BOSS,
Kourou, Misawa, Morse, HF, P415, ladylove, filofax, Gulf, lamma, Unit 5707,
Sayeret Mat'Kal, Unit 669, Sayeret Golani, Lanceros, Summercon, NSADS,
president, ISFR, freedom, ISSO, walburn, Defcon VI, DC6, Larson, P99, HERF
pipe-bomb, 2.3 Oz., cocaine, Roswell, ESN, COS, E.T., credit card, b9,
fraud, ST1, assassinate, virus, ISCS, ISPR, anarchy, rogue, mailbomb, 888,
Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone, BATF,
SGDN, Nike, WWSV, Atlas, IWWSVCS, Delta, TWA, Kiwi, PGP 2.6.2., PGP 5.0i,
PGP 5.1, siliconpimp, SASSTIXS, IWG, Lynch, 414, Face, Pixar, IRIDF, NSRB,
eternity server, Skytel, Yukon, Templeton, Johohonbu, LUK, Cohiba, Soros,
Standford, niche, ISEP, ISEC, 51, H&K, USP, ^, sardine, bank, EUB, USP,
PCS, NRO, Red Cell, NSOF, DC7, Glock 26, snuffle, Patel, package, ISI, INR,
INS, GRU, RUOP, GSS, NSP, SRI, Ronco, Armani, BOSS, Chobetsu, FBIS, BND,
SISDE, FSB, BfV, IB, froglegs, JITEM, SADF, advise, TUSA, LITE, PKK,
HoHoCon, SISMI, ISG, FIS, MSW, Spyderco, UOP, SSCI, NIMA, HAMASMOIS, SVR,
SIN, advisors, SAP, Monica, OAU, PFS, Aladdin, AG, chameleon man, Hutsul,
CESID, Bess, rail gun, .375, Peering, CSC, Tangimoana Beach, Commecen,
Vanuatu, Kwajalein, LHI, DRM, GSGI, DST, MITI, JERTO, SDF, Koancho,
Blenheim, Rivera, Kyudanki, varon, 310, 17, 312, NB, CBM, CTP, Sardine,
SBIRS, jaws, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut, SONANGOL, Flu, &,
Loin, PGP 5.53, meta, Faber, SFPD, EG&G, ISEP, blackjack, Fox, Aum,
AIEWS, AMW, RHL, Baranyi, WORM, MP5K-SD, 1071, WINGS, cdi, VIA, DynCorp,
UXO, Ti, WWSP, WID, osco, Templar, THAAD, package, CISD, ISG, BIOLWPN, JRA,
ISB, ISDS, chosen, LBSD, van, schloss, secops, DCSS, DPSD, LIF, J-Star,
PRIME, SURVIAC, telex, Analyzer, embassy, Golf, B61-7, Maple, Tokyo, ERR,
SBU, Threat, JPL, Tess, SE, Alex, EPL, SPINTCOM, FOUO, ISS-ADP, Merv,
Mexico, SUR, blocks, SO13, Rojdykarna, RSOC, USS Banner, S511, 20755,
airframe, jya.com, PECSENC, Agfa, 3210, Crowell, moore, 510, OADR, FIS,
N5P6, EuroFed, SP4, Crypto AG
"Anarchist Lemming" <[EMAIL PROTECTED]> wrote in message
news:8he6et$1q5$[EMAIL PROTECTED]...
> There are countless groups that oppose the RIP Bill but only a few have
been
> particularly vocal about it:
>
> www.liberty-human-rights.org.uk
> www.stand.org.uk
> www.schnews.org.uk
> www.fipr.org/rip
> www.urban75.com
> www.hellnet.org.uk (expect relaunch mid-July)
>
> Most underground hacking and anti-capitalist groups in the UK are also
> fiercely opposed to this clampdown on our rights. I agree that electronic
> civil disobedience like the methods you mentioned are the only effective
> method of resistance, but first we have to raise public awareness - this
> will affect everyone in the UK even if they do not use the Internet
> regularly.
>
>
> Lemming
> www.hellnet.org.uk
>
>
------------------------------
Subject: Re: Could RC4 used to generate S-Boxes?
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 12:41:31 -0700
In article <8hgr8b$di5$[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> wrote:
>Strictly by definition, RC4 does have an s-box; One value get
>substituted for another. Wether it slowly evolves makes no
difference
>to its name; it is still an s-box. However, like one of you
stated, it
>is not an S-Box in the fiestel sense of the word.
>
>However, here is another question. I believe it is true that a
random s-
>box become increasingly 'better' as the size of them increases.
Is this
>true, and at which size does it become acceptable to use a
random, but
>fixed, s-box?
Depends on the size like you said. Random 4x4 sboxes for
something like Serpent would be a very bad idea, but random
sboxes for say a CAST like cipher are not a bad idea.
The pros to using random sboxes. It makes cryptanalysis harder,
it makes the F function a bit more random, they normally have
close to ideal properties.
The cons is that cryptanalysis is not impossible (e.g Blowfish),
they can make weak F functions thru predefined key classes, they
take key setup time and don't always have ideal properties.
There are compromises. You could for example make random
bijective sboxes, like in Twofish they make a 32x32 sbox by
performing a 4x4 linear transform on the 4 input bytes, then
perform four parallel 8x8 keyed sboxes. The linear transform
provides some ideal properties such as high avalanche and
bijectiveness, and the keyed sboxes provide ideal confusion.
Generally your substitution becomes
S(X) = T o L(X)
Where X is a mx1 row matrix consisting of 'm', n-bit components,
L is a mxm linear/affine transform and T is 'm' keyed nxn
substitutions.
Ideally L should cause at least 'c+1' output words to change
when 'c' input words change (i.e MDS) to promote a high level of
diffusion. It should also not commute with the construction of
the SBOX (i.e if you use sboxes in GF(2^8) you can't use a MDS).
Ideally T should have no 'weak' keys in the sense that all keys
form bijections, the majority form SAC and good LP/DP
characteristic sboxes. If for example you have 32-bit sbox keys
and there are a class of 256 weak sboxes then 2^-24 is a low
enough bound that your sboxes will be good, etc.. You should
also look for fixed points per keyed sbox. Ideally you want to
have under 2 per sbox (normally 1) because fixed points could be
exploited under an attack.
Phew... my 2 cents.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "Anarchist Lemming" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 5 Jun 2000 20:51:55 +0100
You mean David Shayler. He has a website at www.shayler.com.
I've left a message on his guestbook and emailed him about the RIP Bill but
I expect he gets loads of email so he might not reply.
Lemming
www.hellnet.org.uk
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: 05 Jun 2000 20:17:11 GMT
Roger, as usual, comes up with a cynical way to interpret a plain statement.
Don Johnson
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk
Subject: Re: Concerning UK publishes "impossible" decryption law
Date: Mon, 05 Jun 2000 20:11:38 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Your Name) wrote:
> On Mon, 05 Jun 2000 02:14:11 +0100, Dave Howe <DHowe@hawkswing> wrote:
>
> >In our last episode (<alt.security.pgp>[Sun, 04 Jun 2000 17:35:52
> >-0400]), jungle <[EMAIL PROTECTED]> said :
> >>no ...
> >>Jim wrote:
> >>> >128 bit PGP has been cracked according to announcements
> >>> >posted here some time ago.
> >>> I don't think anyone saw any proof of this, did they?
> >>no ...
> >But a 128 bit key is pretty lousy by today's standards. I would be
> >horrified to think that anyone would consider 128 bit RSA
trustworthy.
>
> I think that the problem is that some people are talking about
> symmetric keys while others are talking about asymmetric keys.
>
Indeed, as a secret key for a secure cipher,
128 bits is excellent. for RSA, it is terrible.
3DES has an effective key length, I believe,
of 128 bits.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Question about recommended keysizes (768 bit RSA)
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 13:26:25 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (DJohn37050) wrote:
>Roger, as usual, comes up with a cynical way to interpret a
plain statement.
>Don Johnson
>
What ever you care to look at, I think 768-bit keys are secure
now primarily because of the space issue, but to be cautious I
think 1024-bit keys should be used. They will be secure for
much longer and are not that much less efficient.
Simple as that. (Well for the common math-less like me).
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED]
Subject: Favorite Cipher Contest Entry
Date: Mon, 05 Jun 2000 20:17:15 GMT
Sci.crypt,
I was reviewing the ciphers in the cipher contest and listing them in
favorite order.
Other than my own entry, Vortex, my favorite is the Storin cipher.
Storin has a simple description and elegant structure. So far as I know,
no attacks against it have been presented. I have given it a hard look
and found no weakness.
One note, Storin appears vulnerable to timing attacks on some computers.
The author specifically mentioned that multiplication must be constant
for a proper implementation so I don't think this can be considered a
weakness.
What are other peoples favorites?
--Matthew
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Favorite Cipher Contest Entry
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 13:33:31 -0700
In article <8hh1ro$j2o$[EMAIL PROTECTED]>, matthew_fisher@my-
deja.com wrote:
>Sci.crypt,
>
>I was reviewing the ciphers in the cipher contest and listing
them in
>favorite order.
>
>Other than my own entry, Vortex, my favorite is the Storin
cipher.
>Storin has a simple description and elegant structure. So far
as I know,
>no attacks against it have been presented. I have given it a
hard look
>and found no weakness.
>
>One note, Storin appears vulnerable to timing attacks on some
computers.
>The author specifically mentioned that multiplication must be
constant
>for a proper implementation so I don't think this can be
considered a
>weakness.
>
>What are other peoples favorites?
What not a Pikachu fan?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (David A. Wagner)
Subject: Re: Could RC4 used to generate S-Boxes?
Date: 5 Jun 2000 13:45:12 -0700
In article <8hgr8b$di5$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> Strictly by definition, RC4 does have an s-box; One value get
> substituted for another. Wether it slowly evolves makes no difference
> to its name; it is still an s-box.
I think most cryptographers would agree that, in the traditional meaning
of the word, a S-box is a fixed mapping, not a time-varying mapping. If
you want to use the word differently, that's your choice, but don't be
surprised if the result is occasional confusion and miscommunication.
In any case, it's not clear that thinking of the RC4 table as a S-box is
very useful; the usual literature on S-box design doesn't seem applicable
here.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Mon, 05 Jun 2000 13:48:11 -0700
There is nothing cynical about saying that an analysis that
properly takes into account space and time will be more
accurate than one that just looks at time. The fact is that
time and space and other technological issues put limits
on GNFS, and hence give info about the security of DH and
RSA systems. Analyses that only look at time in MIPS and
nothing else will give a misleading and inaccurate picture
of the security of those systems.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Retail distributors of DES chips?
Date: Mon, 05 Jun 2000 20:40:12 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Terry Ritter) wrote:
>
> On Wed, 31 May 2000 02:34:29 GMT, in <8h1tnk$bra$[EMAIL PROTECTED]>, in
> sci.crypt zapzing <[EMAIL PROTECTED]> wrote:
>
> >[...]
> >In article <[EMAIL PROTECTED]>,
> > ritter <[EMAIL PROTECTED]> wrote:
>
> >[...]
> >> What we really want is a cipher subsystem -- hardware
> >> or software -- which demonstrably produces no more
> >> data than we send to it. To assure this, we might
> >> send in a buffer of data, and then use that same
> >> buffer with the original length as the result. There
> >> must be (at this level) no subsystem-selected or
> >> produced random values.
> >>
> >
> >And I'm glad you pointed that out because only
> >hardware can assure us that no *more* data is
> >being transmitted than we want. After all, a
> >software system could do everything we wanted
> >it to do, and then sneak through some other
> >information in the FAT table, for instance.
> >Such as the key, for example.
>
> But unless you advocate having *all* *hardware*, front to back, your
> chip will eventually communicate to software, where you pick up the
> same problem. Why should an opponent worry about subverting a cipher
> when they can simply send the latest key over the net?
>
Well, not exactly. At least, that's what I'm hoping.
For the system I'm working on, the computer would
basically have an "encrypted hard drive" which
would mean that there would be hardware encryption
between the RAM, Processor, etc. and the HD and/or
floppy drive. Basically, the RAM, CPU, etc. is
"inside" and the HD and floppy are "outside". It
works if there is no possible residue left in RAM.
I don't like having to assume that, but there is
no choice.
Perhaps there is something that could be done after
the computer is turned off, to get rid of any
information that might be lingering in RAM.
like powering it up on and off several times.
Perhaps with lower than recommended supply voltage.
(Does anyone know anything about that?)
> The advantage of the software is the possibility of certifying the
> source code to the object code (compile it, or check the result with a
> cryptographic hash), and then reviewing the source to assure that it
> does not have bad things. We cannot hope to review hardware designs
> that way.
>
No, we can't. But if we take, say, a chip for
doing DES we can be pretty sure that it actually
does do DES at least most of the time. If we put
several chips together, perhaps with a hardware
permutation between them (is this called a
"plugboard"?) then we can decrease the level of
uncertainty. Doing a trial decryption of the data
reduces uncertainty even further.Though,it's true,
not ever eliminating it entirely.
As far as I can tell, this can't be done in software.
If we make our algorithm perfectly secure, and
iterate it a zillion times, that is still no
guarantee that the OS will, out of the kindness of
it's heart, actually do what we requested of it.
> >[...]
> >The way I see it the problem with a scaleable cipher
> >as a defense against a malicious attacker (hardware
> >*or* software), is that the attacker might make it
> >so that the cipher performed as expected in a small
> >system but then reverted to a significantly weaker
> >algorithm when it was scaled up a certain amount.
>
> It certainly is necessary to check the source. Some ciphers will have
> no internal state-machine or special cases, so security dangers will
> stand out.
>
> I think that probably the larger issue is to have some guarantee that
> the object code we certify is that which is actually running. I
> suspect that a suitably-modified OS could pretend to be running our
> code and actually run something else. But when we cannot depend upon
> the OS (and we can't), hardware isn't going to help. First, we can't
> certify commercial hardware, and second, an insecure OS runs that
> hardware, or claims to.
>
Well I disagree that we cannot certify commercial
hardware. Discrete components can be certified by
buying them in batches and destructively testing
some of them by slicing them open. If we're talking
about chips, we can give them "trick questions" by
testing the chip against known test vectors. Do
a thousand test vectors and you pretty much know
that the chip will do the right thing at least 999
times out of a thousand. You can deal with the
1/1000 chance by using superencryption, plugboards,
etc.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
