Cryptography-Digest Digest #952, Volume #11 Tue, 6 Jun 00 00:13:00 EDT
Contents:
Re: slfsr.c (tomstd)
Re: Cryptographic voting (Anton Stiglic)
Re: Cipher design a fading field? (John Savard)
Re: Question about recommended keysizes (768 bit RSA) (Roger Schlafly)
ANNC: IECrypt (Ryan Phillips)
Re: Observer 4/6/2000: "Your privacy ends here" (Mok-Kong Shen)
Re: Observer 4/6/2000: "Your privacy ends here" (Mok-Kong Shen)
Re: Call for evaluating and testing a stream cipher program
([EMAIL PROTECTED])
Re: Call for evaluating and testing a stream cipher program (tomstd)
Re: Towards an attack on Storin (tomstd)
Re: Towards an attack on Storin (tomstd)
Re: ANNC: IECrypt (Ryan Phillips)
Re: Cipher design a fading field? ("Douglas A. Gwyn")
Re: Cipher design a fading field? ("Douglas A. Gwyn")
Re: Call for evaluating and testing a stream cipher program
([EMAIL PROTECTED])
Re: Question about recommended keysizes (768 bit RSA) (DJohn37050)
Cryptography is a property rights issue (zapzing)
Re: Question about recommended keysizes (768 bit RSA) (Roger Schlafly)
----------------------------------------------------------------------------
Subject: Re: slfsr.c
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 17:17:40 -0700
In article <[EMAIL PROTECTED]>, tomstd
<[EMAIL PROTECTED]> wrote:
>In article <8hd0sq$po8$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>wrote:
>>thanks tomstd for this program and
>>your contribution in crypto
>>
>>your prog pass diehard test ...
>
>I actually did test my slfsr with ENT and Diehard and it
>performs very well.
>
>>slfsr 64 bits is easy to crack
>>(predict) the sequence ???
>
>Assuming the period of the polynomial I chose is maximal length
>it's reasonably secure.
>
>>same question for more bit 128 etc...
>
>Yeah I would pick the same design with a +96bit LFSR. But they
>are just a tad slow which makes them less then usefull...
>
>Tom
Yeah my polynomial is invalid, please don't use SLFSR...
Anybody no Maple enough to help out? I am basically copying the
math from page 374 of Applied Crypto and it doesn't seem to
work...
Tom
--
[EMAIL PROTECTED]
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Cryptographic voting
Date: Mon, 05 Jun 2000 20:27:36 -0400
Jim Ferry wrote:
>
> I was wondering if there's a way for a small group of people
> (less than 100) to vote cryptographically. <...>
Check out http://www.acm.org/crossroads/xrds2-4/voting.html
for a starters....
There is still allot of problems with the existing solutions..
Anton
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cipher design a fading field?
Date: Tue, 06 Jun 2000 00:34:05 GMT
On Mon, 5 Jun 2000 15:17:42 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>Not at all. A scientific investigation of cryptosecurity is possible;
>you can't just wave away the issue. It's a matter of knowledge vs.
>uninformed guessing.
I certainly agree that some aspects of the potential security of a
cipher lend themselves to scientific investigation. So far, however,
from the open literature, it appears that this investigation is rather
limited: we can say what the key length is, and we can check for
vulnerability against a number of known attacks.
But some people have expressed a wish for proofs of security for
ciphers, and in my opinion, that looks like something equivalent to
solving the halting problem. Thus, while one indeed shouldn't "wave
away the issue", it does appear that what can be done scientifically
is, at least somewhat, limited.
John Savard (teneerf <-)
http://www.ecn.ab.ca/~jsavard/
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Mon, 05 Jun 2000 17:40:52 -0700
"David A. Wagner" wrote:
> ... van Oorschot and Wiener have shown how
> to greatly reduce the space requirements, at some comparably small cost
> in time complexity, so it was indeed correct to consider 2DES insecure
> in practice, despite the space complexity of the original attack.
There are several questions here.
1. What is the complexity of the best attack?
2. How much better might new attacks be?
3. How much of a safety margin do I need for a particular application?
New arguments might improve the time or the space complexity.
Computer science textbooks often estimate both. It is not
unusual, and it is valid information. How to make use of that
info is another question.
------------------------------
From: Ryan Phillips <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss
Subject: ANNC: IECrypt
Date: Mon, 5 Jun 2000 17:58:08 -0700
I just started internet banking and wanted to see what algorithms were
being used with both Internet Explorer 4/5 and Netscape Navigator 4.3 for
SSL. For some reason Netscape will default to using RC4. By going to
the security settings and clicking on 'Navigator' a user can tell
Netscape what encryption algorithms to use by disabling all the other
algorithms. I like 3DES and SHA1, and didn't want to use RC4. Netscape
gives you this special feature within the application.
On the other hand, Internet Explorer gives you no such option to change
its settings, and still defaults to RC4. I have added this feature to
IE.
Download Binaries and Source and PGP Sig here:
http://members.xoom.com/ryanphillips/Security.html
By choosing the FIPS level within IECrypto, a user can force Internet
Explorer to use 3DES and SHA (or any other combination) in SSL
transactions.
BTW: You can test what SSL algorithm is defaulted by going to
www.fortify.net
Any feedback/ideas is welcome: [EMAIL PROTECTED]
-Sincerely,
Ryan Phillips
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 05 Jun 2000 11:14:47 +0200
B Labour wrote:
> http://www.observer.co.uk/focus/story/0,6903,328071,00.html
>
> Your privacy ends here
> overturned. And that is just for starters. From that date also the police
> and security services will enjoy sweeping powers to snoop on your email
> traffic and web use without let or hindrance from the Commissioner for Data
> Protection.
Isn't it that Echelon and similar machineries have been doing that same job
since time immemorial?
> Every UK internet service provider (ISP) will have to install a black box
> which monitors all the data-traffic passing through its computers,
> hard-wired to a special centre currently being installed in MI5's London
> headquarters. This new mass surveillance facility is called the Government
That's not new in some European countries, even though such measures are
not stated in official writings that are destined for the public.
> innocent. And how do you prove that you have forgotten something?
Open up the box that contains the wonderful neural network and let it
be examined under microscopes.
> a key. If you were unable to comply and were taken in for questioning, it
> would be a criminal offence punishable by five years' imprisonment to
> explain to your family why you were being dragged off.
There will be more prisoners and hence a higher demand for prison
guardians. An excellent way to solve the unemployment problem.
> discussion of it. The Ministers driving his Bill through Parliament concede
> that the powers they seek are sweeping, but argue that they can be trusted
> to apply them reasonably and that in any case the powers are commensurate
> with the threat from online criminals, terrorists, paedophiles and
> pornographers. In the absence of proper safeguards, the first argument is
Persuing such propaganda tactics of gathering trusts from the folk further
in other domains, it is not difficult to establish a totalitarian regime. Superb
hope for ambitious would-be political leaders.
> graphic transactions. But then so does the telephone system and the Royal
> Mail, and yet nobody proposes tapping every phone in the land or scanning
> every letter. A terrifying erosion in our liberties is being planned, yet
Defacto it is 'free' for the guys to tap any phone call (and to call -- sort
of active attacks in the terminology of cryptography) and open up any
letter in some European countries.
> Will they then remember Burke's warning that for evil to triumph it is
> necessary only for good men to do nothing? And will they wonder why they had
> not been more alarmed on the morning of 5 October 2000?
People seem to have learnt nothing from some of the more recent chapters
of history.
M. K. Shen
===============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 05 Jun 2000 11:14:44 +0200
George Edwards wrote:
> Phillip Deackes <[EMAIL PROTECTED]>writes
> >include certain words in every email they send.
>
> I suggested this some time ago
Much better: Include several lines of random hex digits that look like
the ciphertext of some top secrets. I posted this scheme sometime
back in sci.crypt.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Call for evaluating and testing a stream cipher program
Date: Mon, 05 Jun 2000 18:36:16 -0700
I think you did not read the description. The reason I "postprocess" the BBS is
that it is very slow. I think you missed the very principle of the scheme. In
fact you can run it and find out for yourself how fast it is.
Instead of emotional outbursts do you have any specific idea how to break it?
Cascade Research
tomstd wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> >We are offering $200 reward to the person who can break our
> new, fast
> >stream cipher. The details are available on this website:
> >
> >http://CascadeResearch.ebz.com/
> >
> >You can obtain an executable, source code, and description.
>
> You have to be joking right? Your scheme is such a stupid idea
> that it even hurts to read.
>
> You feed three LFG's and a BBS gen into some mixing functions,
> etc... Do you even know what a BBS gen is? It's a very slow
> somewhat secure prng. Why would you post-process it?
>
> How could you put the words 'fast' and BBS together anyways?
>
> What asham.
>
> Tom
> >
> >Cascade Research
> >
> >
> >
> >
> >
> >
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Call for evaluating and testing a stream cipher program
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 18:33:11 -0700
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>I think you did not read the description. The reason
I "postprocess" the BBS is
>that it is very slow. I think you missed the very principle of
the scheme. In
>fact you can run it and find out for yourself how fast it is.
>
>Instead of emotional outbursts do you have any specific idea
how to break it?
Post filtering a BBS generator is a very stupid idea. You lose
all it's theoretical properties by changing the output. Enough
detail for ya?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Towards an attack on Storin
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 18:50:46 -0700
In article <[EMAIL PROTECTED]>, tomstd
<[EMAIL PROTECTED]> wrote:
>I might possibly have a valid idea for starting a differential
>attack (this attack may not be valid, but I think it is):
>
Assuming my characteristic of 2^-16 for the lsb key bits works
it will only go thru 5 rounds (theoretically) before it's not
possible, therefore I conclude my characteristic can only break
5 of the 8 rounds with a probability of 2^-80 (and it recovers
four key bits only).
This is assuming my initial observation is correct.
Assuming I did get it right, his choice of 8 rounds is a good
one, apparently he must have thought of this attack.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: Towards an attack on Storin
From: tomstd <[EMAIL PROTECTED]>
Date: Mon, 05 Jun 2000 18:54:48 -0700
In article <[EMAIL PROTECTED]>, tomstd
<[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, tomstd
><[EMAIL PROTECTED]> wrote:
>>I might possibly have a valid idea for starting a differential
>>attack (this attack may not be valid, but I think it is):
>>
>
>Assuming my characteristic of 2^-16 for the lsb key bits works
>it will only go thru 5 rounds (theoretically) before it's not
>possible, therefore I conclude my characteristic can only break
>5 of the 8 rounds with a probability of 2^-80 (and it recovers
>four key bits only).
Of course I over looked the fact that my char only works on the
lower 12 bits of all four words, and there are only 2^48
(12*4=48) possible pairs, which means my attack can break only 3
rounds of the cipher, above that you would run out of pairs.
Which means my attack breaks 3 of 8 rounds...
Doh...
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: Ryan Phillips <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss
Subject: Re: ANNC: IECrypt
Date: Mon, 5 Jun 2000 20:07:33 -0700
The highlighted algorithm on fortify is the algorithm is the default
algorithm currently being used. I have tried many SSL sites and it
always defaults to RC4. If you select in IECrypto the FIPS method, the
SSL layer will always choose the securest algorithm (in my opinion) 3DES.
BTW: You must restart IE after executing IECrypto.
-Ryan
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
>
> I just started internet banking and wanted to see what algorithms were
> being used with both Internet Explorer 4/5 and Netscape Navigator 4.3 for
> SSL. For some reason Netscape will default to using RC4. By going to
> the security settings and clicking on 'Navigator' a user can tell
> Netscape what encryption algorithms to use by disabling all the other
> algorithms. I like 3DES and SHA1, and didn't want to use RC4. Netscape
> gives you this special feature within the application.
>
> On the other hand, Internet Explorer gives you no such option to change
> its settings, and still defaults to RC4. I have added this feature to
> IE.
>
> Download Binaries and Source and PGP Sig here:
> http://members.xoom.com/ryanphillips/Security.html
>
> By choosing the FIPS level within IECrypto, a user can force Internet
> Explorer to use 3DES and SHA (or any other combination) in SSL
> transactions.
>
> BTW: You can test what SSL algorithm is defaulted by going to
> www.fortify.net
>
> Any feedback/ideas is welcome: [EMAIL PROTECTED]
>
> -Sincerely,
> Ryan Phillips
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Tue, 06 Jun 2000 03:10:04 GMT
Mok-Kong Shen wrote:
> The problem is, I guess, that the knowledge can't be perfect and
> often leaves much to be desired, e.g. what concerns the resources
> of the opponents or certain yet unproved propositions related to
> number theory, etc.
That's not really an obstacle; a large number of theorems take
the form "assuming X, then Y".
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: Tue, 06 Jun 2000 03:11:16 GMT
John Savard wrote:
> But some people have expressed a wish for proofs of security for
> ciphers, and in my opinion, that looks like something equivalent to
> solving the halting problem.
Maybe an attempt to prove that equivalence would prove enlightening.
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Call for evaluating and testing a stream cipher program
Date: Mon, 05 Jun 2000 20:22:31 -0700
I think you did not read the description. The reason I "postprocess" the BBS is
that it is very slow. I think you missed the very principle of the scheme. In
fact you can run it and find out for yourself how fast it is.
Instead of emotional outbursts do you have any specific idea how to break it?
Cascade Research
tomstd wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> >We are offering $200 reward to the person who can break our
> new, fast
> >stream cipher. The details are available on this website:
> >
> >http://CascadeResearch.ebz.com/
> >
> >You can obtain an executable, source code, and description.
>
> You have to be joking right? Your scheme is such a stupid idea
> that it even hurts to read.
>
> You feed three LFG's and a BBS gen into some mixing functions,
> etc... Do you even know what a BBS gen is? It's a very slow
> somewhat secure prng. Why would you post-process it?
>
> How could you put the words 'fast' and BBS together anyways?
>
> What asham.
>
> Tom
> >
> >Cascade Research
> >
> >
> >
> >
> >
> >
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
> The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: 06 Jun 2000 03:57:25 GMT
All I was saying and what I think David was saying is that the LESS assumptions
that are made, the MORE conservative the model. Choose your model and pick
your keysizes, but be aware of what assumptions you are making and the need to
monitor things for improvements in all the assumptions.
The simplest assumption is simply to count computer ops (e.g., TIME), esp. as
that is what is needed to exhaust an ideal sym. key.
There are many possible metrics: ops, storage, money, power, heat, etc.
Don Johnson
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Cryptography is a property rights issue
Date: Tue, 06 Jun 2000 03:52:10 GMT
The only way to be sure that trade secrets
are protected is to have strong encryption.
If trade secrets cannot be secured, then
people will not have an incentive to work
on trade secrets, and none will be produced.
This means that many wonderful ideas that
might have come to fruition will be
squelched because their would be producers
will have no incentive to produce them.
Another way to say this is: When property rights
are insecure, interest rates rise, When interest
rates rise, investment is discouraged. Thus the
lack of strong encryption would discourage
people from investing in the development of
trade secrets.
Why should we be concerned about trade secrets?
Because they represent more efficient ways of
producing valuable products. So without
good trade secrets out there, products will
be more expensive. Not only that, but some
products may never be produced at all.
Crypto that is accessible to the government is
not crypto at all. Noone trusts the government
to concerned about keeping their trade secrets
secret, and so there is no difference between
strong crypto that is only accessible to the
government and no encryption at all.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Question about recommended keysizes (768 bit RSA)
Date: Mon, 05 Jun 2000 21:06:52 -0700
DJohn37050 wrote:
> All I was saying and what I think David was saying is that the LESS assumptions
> that are made, the MORE conservative the model.
So if you have 2 models:
Model A: space constraints considered.
Model B: space constraints ignored.
Then you conclude that Model B is more conservative, and hence superior?
That is silly because Model A may give a much more accurate picture
of the risks.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
