Cryptography-Digest Digest #963, Volume #11 Tue, 6 Jun 00 16:13:01 EDT
Contents:
Cryptography FAQ (10/10: References) ([EMAIL PROTECTED])
Re: Observer 4/6/2000: "Your privacy ends here" (U Sewell-Detritus)
Re: Some dumb questions (Jim Gillogly)
Re: Brute forcing for Counterpane's Password Safe (tomstd)
Re: slfsr.c (tomstd)
Re: Some dumb questions - Two Time Pad (E-mail)
Re: Brute forcing for Counterpane's Password Safe (Sundial Services)
----------------------------------------------------------------------------
Crossposted-To: talk.politics.crypto,sci.answers,news.answers,talk.answers
Subject: Cryptography FAQ (10/10: References)
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: 06 Jun 2000 19:15:51 GMT
Archive-name: cryptography-faq/part10
Last-modified: 94/06/13
This is the tenth of ten parts of the sci.crypt FAQ. The parts are
mostly independent, but you should read the first part before the rest.
We don't have the time to send out missing parts by mail, so don't ask.
Notes such as ``[KAH67]'' refer to the reference list in this part.
The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu
as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography
FAQ is posted to the newsgroups sci.crypt, talk.politics.crypto,
sci.answers, and news.answers every 21 days.
Contents
10.1. Books on history and classical methods
10.2. Books on modern methods
10.3. Survey articles
10.4. Reference articles
10.5. Journals, conference proceedings
10.6. Other
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
10.8. Electronic sources
10.9. RFCs (available from [FTPRF])
10.10. Related newsgroups
10.1. Books on history and classical methods
[FRIE1] Lambros D. Callimahos, William F. Friedman, Military Cryptanalytics.
Aegean Park Press, ?.
[DEA85] Cipher A. Deavours & Louis Kruh, Machine Cryptography and
Modern Cryptanalysis. Artech House, 610 Washington St.,
Dedham, MA 02026, 1985.
[FRIE2] William F. Friedman, Solving German Codes in World War I.
Aegean Park Press, ?.
[GAI44] H. Gaines, Cryptanalysis, a study of ciphers and their
solution. Dover Publications, 1944.
[HIN00] F.H.Hinsley, et al., British Intelligence in the Second
World War. Cambridge University Press. (vol's 1, 2, 3a, 3b
& 4, so far). XXX Years and authors, fix XXX
[HOD83] Andrew Hodges, Alan Turing: The Enigma. Burnett Books
Ltd., 1983
[KAH91] David Kahn, Seizing the Enigma. Houghton Mifflin, 1991.
[KAH67] D. Kahn, The Codebreakers. Macmillan Publishing, 1967.
[history] [The abridged paperback edition left out most
technical details; the original hardcover edition is
recommended.]
[KOZ84] W. Kozaczuk, Enigma. University Publications of America, 1984
[KUL76] S. Kullback, Statistical Methods in Cryptanalysis. Aegean
Park Press, 1976.
[SIN66] A. Sinkov, Elementary Cryptanalysis. Math. Assoc. Am. 1966.
[WEL82] Gordon Welchman, The Hut Six Story. McGraw-Hill, 1982.
[YARDL] Herbert O. Yardley, The American Black Chamber. Aegean Park
Press, ?.
10.2. Books on modern methods
[BEK82] H. Beker, F. Piper, Cipher Systems. Wiley, 1982.
[BRA88] G. Brassard, Modern Cryptology: a tutorial.
Spinger-Verlag, 1988.
[DEN82] D. Denning, Cryptography and Data Security. Addison-Wesley
Publishing Company, 1982.
[KOB89] N. Koblitz, A course in number theory and cryptography.
Springer-Verlag, 1987.
[KON81] A. Konheim, Cryptography: a primer. Wiley, 1981.
[MEY82] C. Meyer and S. Matyas, Cryptography: A new dimension in
computer security. Wiley, 1982.
[PAT87] Wayne Patterson, Mathematical Cryptology for Computer
Scientists and Mathematicians. Rowman & Littlefield, 1987.
[PFL89] C. Pfleeger, Security in Computing. Prentice-Hall, 1989.
[PRI84] W. Price, D. Davies, Security for computer networks. Wiley, 1984.
[RUE86] R. Rueppel, Design and Analysis of Stream Ciphers.
Springer-Verlag, 1986.
[SAL90] A. Saloma, Public-key cryptography. Springer-Verlag, 1990.
[SCH94] B. Schneier, Applied Cryptography. John Wiley & Sons, 1994.
[errata avbl from [EMAIL PROTECTED]]
[WEL88] D. Welsh, Codes and Cryptography. Claredon Press, 1988.
10.3. Survey articles
[ANG83] D. Angluin, D. Lichtenstein, Provable Security in Crypto-
systems: a survey. Yale University, Department of Computer
Science, #288, 1983.
[BET90] T. Beth, Algorithm engineering for public key algorithms.
IEEE Selected Areas of Communication, 1(4), 458--466,
1990.
[DAV83] M. Davio, J. Goethals, Elements of cryptology. in Secure
Digital Communications, G. Longo ed., 1--57, 1983.
[DIF79] W. Diffie, M. Hellman, Privacy and Authentication: An
introduction to cryptography. IEEE proceedings, 67(3),
397--427, 1979.
[DIF88] W. Diffie, The first ten years of public key cryptography.
IEEE proceedings, 76(5), 560--577, 1988.
[FEI73] H. Feistel, Cryptography and Computer Privacy. Scientific
American, 228(5), 15--23, 1973.
[FEI75] H. Feistel, H, W. Notz, J. Lynn Smith. Some cryptographic
techniques for machine-to-machine data communications,
IEEE IEEE proceedings, 63(11), 1545--1554, 1975.
[HEL79] M. Hellman, The mathematics of public key cryptography.
Scientific American, 130--139, 1979.
[LAK83] S. Lakshmivarahan, Algorithms for public key
cryptosystems. In Advances in Computers, M. Yovtis ed.,
22, Academic Press, 45--108, 1983.
[LEM79] A. Lempel, Cryptology in transition, Computing Surveys,
11(4), 285--304, 1979.
[MAS88] J. Massey, An introduction to contemporary cryptology, IEEE
proceedings, 76(5), 533--549, 1988.
[SIM91] G. Simmons (ed.), Contemporary Cryptology: the Science of
Information Integrity. IEEE press, 1991.
10.4. Reference articles
[AND83] D. Andelman, J. Reeds, On the cryptanalysis of rotor and
substitution-permutation networks. IEEE Trans. on Inform.
Theory, 28(4), 578--584, 1982.
[BEN87] John Bennett, Analysis of the Encryption Algorithm Used in
the WordPerfect Word Processing Program. Cryptologia 11(4),
206--210, 1987.
[BER91] H. A. Bergen and W. J. Caelli, File Security in WordPerfect
5.0. Cryptologia 15(1), 57--66, January 1991.
[BIH91] E. Biham and A. Shamir, Differential cryptanalysis of
DES-like cryptosystems. Journal of Cryptology, vol. 4, #1,
3--72, 1991.
[BI91a] E. Biham, A. Shamir, Differential cryptanalysis of Snefru,
Khafre, REDOC-II, LOKI and LUCIFER. In Proceedings of CRYPTO
'91, ed. by J. Feigenbaum, 156--171, 1992.
[BOY89] J. Boyar, Inferring Sequences Produced by Pseudo-Random
Number Generators. Journal of the ACM, 1989.
[BRI86] E. Brickell, J. Moore, M. Purtill, Structure in the
S-boxes of DES. In Proceedings of CRYPTO '86, A. M. Odlyzko
ed., 3--8, 1987.
[BRO89] L. Brown, A proposed design for an extended DES, Computer
Security in the Computer Age. Elsevier Science Publishers
B.V. (North Holland), IFIP, W. J. Caelli ed., 9--22, 1989.
[BRO90] L. Brown, J. Pieprzyk, J. Seberry, LOKI - a cryptographic
primitive for authentication and secrecy applications.
In Proceedings of AUSTCRYPT 90, 229--236, 1990.
[CAE90] H. Gustafson, E. Dawson, W. Caelli, Comparison of block
ciphers. In Proceedings of AUSCRYPT '90, J. Seberry and J.
Piepryzk eds., 208--220, 1990.
[CAM93] K. W. Campbell, M. J. Wiener, Proof the DES is Not a Group.
In Proceedings of CRYPTO '92, 1993.
[CAR86] John Carrol and Steve Martin, The Automated Cryptanalysis
of Substitution Ciphers. Cryptologia 10(4), 193--209, 1986.
[CAR87] John Carrol and Lynda Robbins, Automated Cryptanalysis of
Polyalphabetic Ciphers. Cryptologia 11(4), 193--205, 1987.
[ELL88] Carl M. Ellison, A Solution of the Hebern Messages. Cryptologia,
vol. XII, #3, 144-158, Jul 1988.
[EVE83] S. Even, O. Goldreich, DES-like functions can generate the
alternating group. IEEE Trans. on Inform. Theory, vol. 29,
#6, 863--865, 1983.
[GAR91] G. Garon, R. Outerbridge, DES watch: an examination of the
sufficiency of the Data Encryption Standard for financial
institutions in the 1990's. Cryptologia, vol. XV, #3,
177--193, 1991.
[GIL80] Gillogly, ?. Cryptologia 4(2), 1980.
[GM82] Shafi Goldwasser, Silvio Micali, Probabilistic Encryption and
How To Play Mental Poker Keeping Secret All Partial Information.
Proceedings of the Fourteenth Annual ACM Symposium on Theory of
Computing, 1982.
[HUM83] D. G. N. Hunter and A. R. McKenzie, Experiments with
Relaxation Algorithms for Breaking Simple Substitution
Ciphers. Computer Journal 26(1), 1983.
[KAM78] J. Kam, G. Davida, A structured design of substitution-
permutation encryption networks. IEEE Trans. Information
Theory, 28(10), 747--753, 1978.
[KIN78] P. Kinnucan, Data encryption gurus: Tuchman and Meyer.
Cryptologia, vol. II #4, 371--XXX, 1978.
[KIN92] King and Bahler, Probabilistic Relaxation in the
Cryptanalysis of Simple Substitution Ciphers. Cryptologia
16(3), 215--225, 1992.
[KIN93] King and Bahler, An Algorithmic Solution of Sequential
Homophonic Ciphers. Cryptologia 17(2), in press.
[KOC87] Martin Kochanski, A Survey of Data Insecurity Packages.
Cryptologia 11(1), 1--15, 1987.
[KOC88] Martin Kochanski, Another Data Insecurity Package.
Cryptologia 12(3), 165--177, 1988.
[KRU88] Kruh, ?. Cryptologia 12(4), 1988.
[LAI90] X. Lai, J. Massey, A proposal for a new block encryption
standard. EUROCRYPT 90, 389--404, 1990.
[LUB88] C. Rackoff, M. Luby, How to construct psuedorandom
permutations from psuedorandom functions. SIAM Journal of
Computing, vol. 17, #2, 373--386, 1988.
[LUC88] Michael Lucks, A Constraint Satisfaction Algorithm for the
Automated Decryption of Simple Substitution Ciphers. In
CRYPTO '88.
[MAS88] J. Massey, An introduction to contemporary cryptology.
IEEE proceedings, 76(5), 533--549, 1988.
[ME91a] R. Merkle, Fast software encryption functions. In Proceedings
of CRYPTO '90, Menezes and Vanstone ed., 476--501, 1991.
[MEY78] C. Meyer, Ciphertext/plaintext and ciphertext/key
dependence vs. number of rounds for the Data Encryption
Standard. AFIPS Conference proceedings, 47, 1119--1126,
1978.
[NBS77] Data Encryption Standard. National Bureau of Standards,
FIPS PUB 46, Washington, DC, January 1977.
[PEL79] S. Peleg and A. Rosenfeld, Breaking Substitution Ciphers
Using a Relaxation Algorithm. CACM 22(11), 598--605, 1979.
[REE77] J. Reeds, `Cracking' a Random Number Generator.
Cryptologia 1(1), 20--26, 1977.
[REE84] J. A. Reeds and P. J. Weinberger, File Security and the UNIX
Crypt Command. AT&T Bell Laboratories Technical Journal,
Vol. 63 #8, part 2, 1673--1684, October, 1984.
[SHA49] C. Shannon, Communication Theory of Secrecy Systems. Bell
System Technical Journal 28(4), 656--715, 1949.
[SHE88] B. Kaliski, R. Rivest, A. Sherman, Is the Data Encryption
Standard a Group. Journal of Cryptology, vol. 1, #1,
1--36, 1988.
[SHI88] A. Shimizu, S. Miyaguchi, Fast data encipherment algorithm
FEAL. EUROCRYPT '87, 267--278, 1988.
[SHI92] K. Shirriff, C. Welch, A. Kinsman, Decoding a VCR Controller
Code. Cryptologia 16(3), 227--234, 1992.
[SOR84] A. Sorkin, LUCIFER: a cryptographic algorithm.
Cryptologia, 8(1), 22--35, 1984.
[SPI93] R. Spillman et al., Use of Genetic Algorithms in
Cryptanalysis of Simple Substitution Ciphers. Cryptologia
17(1), 31--44, 1993.
10.5. Journals, conference proceedings
CRYPTO
Eurocrypt
IEEE Transactions on Information Theory
Cryptologia: a cryptology journal, quarterly since Jan 1977.
Cryptologia; Rose-Hulman Institute of Technology; Terre Haute
Indiana 47803 [general: systems, analysis, history, ...]
Journal of Cryptology; International Association for Cryptologic
Research; published by Springer Verlag (quarterly since
1988).
The Cryptogram (Journal of the American Cryptogram Association);
18789 West Hickory Street; Mundelein, IL 60060; [primarily
puzzle cryptograms of various sorts]
Cryptosystems Journal, Published by Tony Patti, P.O. Box 188,
Newtown PA, USA 18940-0188 or [EMAIL PROTECTED]
Publisher's comment: Includes complete cryptosystems with
source and executable programs on diskettes. Tutorial. The
typical cryptosystems supports multi-megabit keys and Galois
Field arithmetic. Inexpensive hardware random number
generator details.
Computer and Communication Security Reviews, published by Ross Anderson.
Sample issue available from various ftp sites, including
black.ox.ac.uk. Editorial c/o [EMAIL PROTECTED] Publisher's
comment: We review all the conference proceedings in this field,
including not just Crypto and Eurocrypt, but regional gatherings
like Auscrypt and Chinacrypt. We also abstract over 50 journals,
and cover computer security as well as cryptology, so readers can
see the research trends in applications as well as theory.
Infosecurity News, MIS Training Institute Press, Inc. 498 Concord Street
Framingham MA 01701-2357. This trade journal is oriented toward
administrators and covers viruses, physical security, hackers,
and so on more than cryptology. Furthermore, most of the articles
are written by vendors and hence are biased. Nevertheless, there
are occasionally some rather good cryptography articles.
10.6. Other
Address of note: Aegean Park Press, P.O. Box 2837, Laguna Hills, CA
92654-0837. Answering machine at 714-586-8811. Toll Free at 800 736-
3587, and FAX at 714 586-8269.
The ``Orange Book'' is DOD 5200.28-STD, published December 1985 as
part of the ``rainbow book'' series. Write to Department of Defense,
National Security Agency, ATTN: S332, 9800 Savage Road, Fort Meade, MD
20755-6000, and ask for the Trusted Computer System Evaluation
Criteria. Or call 301-766-8729.
The ``Orange Book'' will eventually be replaced by the U.S. Federal
Criteria for Information Technology Security (FC) online at the NIST
site [FTPNS], which also contains information on other various proposed
and active federal standards.
[BAMFD] Bamford, The Puzzle Palace. Penguin Books, 1982.
[GOO83] I. J. Good, Good Thinking: the foundations of probability and
its applications. University of Minnesota Press, 1983.
[KNU81] D. E. Knuth, The Art of Computer Programming, volume 2:
Seminumerical Algorithms. Addison-Wesley, 1981.
[KUL68] Soloman Kullback, Information Theory and Statistics.
Dover, 1968.
[YAO88] A. Yao, Computational Information Theory. In Complexity in
Information Theory, ed. by Abu-Mostafa, 1988.
10.7. How may one obtain copies of FIPS and ANSI standards cited herein?
Many textbooks on cryptography contain complete reprints of the FIPS
standards, which are not copyrighted.
The following standards may be ordered from the
U.S. Department of Commerce, National Technical Information Service,
Springfield, VA 22161.
FIPS PUB 46-1 Data Encryption Standard (this is DES)
FIPS PUB 74 Guidelines for Implementing as Using the NBS DES
FIPS PUB 81 DES Modes of Operation
FIPS PUB 113 Computer Data Authentication (using DES)
[Note: The address below has been reported as invalid.]
The following standards may be ordered from the
American National Standards Institute Sales Office,
1430 Broadway, New York, NY 10018.
Phone 212.642.4900
ANSI X3.92-1981 Data Encryption Algorithm (identical to FIPS 46-1)
ANSI X3.106-1983 DEA Modes of Operation (identical to FIPS 113)
Notes: Figure 3 in FIPS PUB 46-1 is in error, but figure 3 in X3.92-1981
is correct. The text is correct in both publications.
10.8. Electronic sources
Anonymous ftp:
[FTPAL] kampi.hut.fi:alo/des-dist.tar.Z
[FTPBK] ftp.uu.net:bsd-sources/usr.bin/des/
[FTPCB] ftp.uu.net:usenet/comp.sources.unix/volume10/cbw/
[FTPCP] soda.berkeley.edu:/pub/cypherpunks
[FTPDF] ftp.funet.fi:pub/unix/security/destoo.tar.Z
[FTPDQ] rsa.com:pub/faq/
[FTPEY] ftp.psy.uq.oz.au:pub/DES/
[FTPMD] rsa.com:?
[FTPMR] ripem.msu.edu:pub/crypt/newdes.tar.Z
[FTPNS] csrc.nist.gov:/bbs/nistpubs
[FTPOB] ftp.3com.com:Orange-Book
[FTPPF] prep.ai.mit.edu:pub/lpf/
[FTPPK] ucsd.edu:hamradio/packet/tcpip/crypto/des.tar.Z
[FTPPX] ripem.msu.edu:pub/crypt/other/tran-and-prngxor.shar
[FTPRF] nic.merit.edu:documents/rfc/
[FTPSF] beta.xerox.com:pub/hash/
[FTPSO] chalmers.se:pub/unix/des/des-2.2.tar.Z
[FTPTR] ripem.msu.edu:pub/crypt/other/tran-and-prngxor.shar
[FTPUF] ftp.uu.net:usenet/comp.sources.unix/volume28/ufc-crypt/
[FTPWP] garbo.uwasa.fi:pc/util/wppass2.zip
World Wide Web pages:
[WWWQC] http://www.quadralay.com/www/Crypt/Crypt.html
Quadralay Cryptography archive
[WWWVC] ftp://furmint.nectar.cs.cmu.edu/security/README.html
Vince Cate's Cypherpunk Page
10.9. RFCs (available from [FTPRF])
[1424] B. Kaliski, Privacy Enhancement for Internet Electronic Mail:
Part IV: Key Certification and Related Services. RFC 1424,
February 1993.
[1423] D. Balenson, Privacy Enhancement for Internet Electronic Mail:
Part III: Algorithms, Modes, and Identifiers. RFC 1423,
February 1993.
[1422] S. Kent, Privacy Enhancement for Internet Electronic Mail:
Part II: Certificate-Based Key Management. RFC 1422, February
1993.
[1421] J. Linn, Privacy Enhancement for Internet Electronic Mail:
Part I: Message Encryption and Authentication Procedures. RFC
1421, February 1993.
10.10. Related newsgroups
There are other newsgroups which a sci.crypt reader might want also to
read. Some have their own FAQs as well.
alt.privacy.clipper Clipper, Capstone, Skipjack, Key Escrow
alt.security general security discussions
alt.security.index index to alt.security
alt.security.pgp discussion of PGP
alt.security.ripem discussion of RIPEM
alt.society.civil-liberty general civil liberties, including privacy
comp.compression discussion of compression algorithms and code
comp.org.eff.news News reports from EFF
comp.org.eff.talk discussion of EFF related issues
comp.patents discussion of S/W patents, including RSA
comp.risks some mention of crypto and wiretapping
comp.society.privacy general privacy issues
comp.security.announce announcements of security holes
misc.legal.computing software patents, copyrights, computer laws
sci.math general math discussion
talk.politics.crypto politics of cryptography
------------------------------
From: [EMAIL PROTECTED] (U Sewell-Detritus)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: 6 Jun 2000 19:17:35 GMT
In <[EMAIL PROTECTED]>, Paul Shirley
<[EMAIL PROTECTED]> wrote:
>
>Or better yet: construct a program to create random messages wrapped to
>look like ciphertext based on a key. You can safely tell the plods
>there's no key... (or even give them it: it won't decode anything;) yet
>prove to a court the 'message' is random by regenerating it.
How could you regenerate the random message unless you had
stored the seed which itself would become a key.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions
Date: Tue, 06 Jun 2000 19:19:46 +0000
Mok-Kong Shen wrote:
> 2. If an ideal OTP is misused, in that it is used a small
> number n of times, how is one going to attack, if
> absolutely no known plaintext is available?
Going back to the original question (informed by a later message that
assumes the underlying frequencies of the plaintext are known), I did
a little example. I took the first n=10 sentences of Pride and Prejudice
that are at least 15 characters long, and pulled out the 15th character
of each, then XORed those characters with a randomly selected key. The
ciphertext is: 0f 5a 1f 16 1f 1f 14 5a 1b 5a
Now look at all possible values of the key. We know the underlying
frequencies of the plaintext (English with spaces and other punctuation),
so we can eliminate many of them. For example, decrypting that slice
with 0x00 to 0x09 gives:
00: 0f Z 1f 16 1f 1f 14 Z 1b Z
01: 0e [ 1e 17 1e 1e 15 [ 1a [
02: 0d X 1d 14 1d 1d 16 X 19 X
03: 0c Y 1c 15 1c 1c 17 Y 18 Y
04: 0b ^ 1b 12 1b 1b 10 ^ 1f ^
05: 0a _ 1a 13 1a 1a 11 _ 1e _
06: 09 \ 19 10 19 19 12 \ 1d \
07: 08 ] 18 11 18 18 13 ] 1c ]
08: 07 R 17 1e 17 17 1c R 13 R
09: 06 S 16 1f 16 16 1d S 12 S
In general we can ignore lines that include any unprintable character.
Starting with 0x20 we get some of these:
20:/z?6??4z;z
21:.{>7>>5{:{
22:-x=4==6x9x
23:,y<5<<7y8y
24:+~;2;;0~?~
and so on. These aren't likely for English -- they'll be mostly
lower case and spaces, with few low-frequency characters. The
most likely section appears to be in the 0x70's:
70: 7f *ofood*k*
71:~+ngnne+j+
72:}(mdmmf(i(
73:|)lellg)h)
74:{.kbkk`.o.
75:z/jcjja/n/
76:y,i`iib,m,
77:x-hahhc-l-
78:w"gnggl"c"
79:v#foffm#b#
7a:u eleen a
7b:t!dmddo!`!
7c:s&cjcch&g&
7d:r'bkbbi'f'
7e:q$ahaaj$e$
7f:p%`i``k%d%
Of these, 0x7a is the obvious winner; and it still would be
with fewer than 10 samples. With n large enough, the obvious
winner would be correct in enough cases to allow the attacker
to unwind a simple transposition layered under this.
--
Jim Gillogly
Highday, 17 Forelithe S.R. 2000, 19:02
12.19.7.4.17, 10 Caban 20 Zip, Seventh Lord of Night
------------------------------
Subject: Re: Brute forcing for Counterpane's Password Safe
From: tomstd <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 12:28:28 -0700
In article <rab%4.30$[EMAIL PROTECTED]>, "Joeseph
Smith" <[EMAIL PROTECTED]> wrote:
>I've been asked to help the executor of the estate
>of a fellow who recently died in Florida. The fellow
>was techno-savvy enough to use Password Safe
>from Counterpane to hold his various account names
>and passwords. Unfortunately, he was not real-world
>savvy enough to leave a way for his heirs to recover
>the data. The executor has tried various obvious
>passwords (names of grandchildren, significant dates
>and places, etc.), but they have not worked.
>
>Does anyone have a program that does brute
>force password guessing for Counterpane's
>Password Safe program? Alternatively, does
>anyone have the details of the file format and
>algorithms so I can write one? Bruce's website
>says that it uses Blowfish and that a 2.0 version
>would be published with source, but I don't think
>the 2.0 version was ever published. Does anyone
>have source to it?
>
>Please reply to the list, since I believe the answer
>will be generally useful.
If he was truly techno-savvy your best bet would be to brute
force all ascii'able passwords. Most likely his password is at
most 10 chars, so you have about 95^10 or 2^65 work ahead of
ya... have fun.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Subject: Re: slfsr.c
From: tomstd <[EMAIL PROTECTED]>
Date: Tue, 06 Jun 2000 12:29:55 -0700
In article <8hjdsa$bch$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
wrote:
>hello tomstd !!!
>
>i have modified your prog
>
>/* return a shrunk bit */
>static int lfsr_bit(unsigned long *l)
>{
> int a, b;
>
> // do { a = lfsr_step(l); deleted
>
> b = lfsr_step(l);
>
> // } while (a); deleted
>
> return b;
>}
>
>and after i do a diehard test no problem the test
>is ok can you explain the utility of your routine
>thanks !!!
>
Why the hell would you do that? You just turned it into a
normal ****LINEAR**** LFSR. The whole point of randomly
skipping outputs is to make the LFSR hard to attack.
I suggest you read the HAC or AC...
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: E-mail <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions - Two Time Pad
Date: Tue, 6 Jun 2000 15:35:57 -0400
On Tue, 6 Jun 2000, Mike Rosing wrote:
> Mok-Kong Shen wrote:
.
.
.
> > Note also that, if the
> > OTP is used exactly twice, then (1) the xor of different pairs of
> > messages (each pair has the same OTP segment, but different pairs
> > have different segements) are essentailly unrelated to each other and
> > (2) if there is a number of messages intercepted, one has to correctly
> > pair the messages according to the OTP segment used (how is that
> > going to be done?).
>
> By autocorrelation. You take all possible combinations of xor and
> offset and look for similar sequences. If the OTP is used more
> than 2 times, you have a very good chance of finding the same pad
> data, which means you can decode all n messages.
>
> Might take a while for long files, but for short messages and a modern
> computer, not more than a few seconds.
>
> Patience, persistence, truth,
> Dr. mike
Dr. Mike,
You have made your observations for a OTP used more that 2 times,
but I believe that it is critically important to look at the case
of using a OTP exactly 2 times.
I feel that what Mok-Kong Shen is getting at is that there is a
special advantage in using a shared random pad exactly twice.
If I were to reuse parts of pads a year later, or disguised by
another algorithm, I would be able to send numbers from my random
number generator to my brother in Bolivia. He leaves my home town
with a CD copy of initial numbers that we share. From then on,
we send each other twice as many random numbers as we consume in the
sending. From time to time, we send an actual message.
Mok-Kong Shen,
Is this not the basis of your inquiry?
Best regards to both of you,
Jim Trek
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
Date: Tue, 06 Jun 2000 12:57:45 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Brute forcing for Counterpane's Password Safe
Most people do -not- use random passwords; they use a name such as a
person's name, or a word in a dictionary. I've even seen strongly
encrypted files where the password was "password" or "secret" or
"abcdef."
A dictionary-attack is the most practical one to try but you may have to
hire a computer programmer (sorry, not me) to write a program that will
do it for you. These programs need to test ordinary combinations of
capitalization for each word in the dictionary and they can usually
finish their job in less than 24 hours.
Now, before going to an exhaustive amount of trouble, or money for the
estate, I would first determine if the information cannot be obtained by
some other source. Perhaps a local private investigator, or the
attorney handling the account, or the decedent's banker, might be able
to assist you in locating the information which was in the original
encrypted file.
>tomstd wrote:
>
> In article <rab%4.30$[EMAIL PROTECTED]>, "Joeseph
> Smith" <[EMAIL PROTECTED]> wrote:
> >I've been asked to help the executor of the estate
> >of a fellow who recently died in Florida. The fellow
> >was techno-savvy enough to use Password Safe
> >from Counterpane to hold his various account names
> >and passwords. Unfortunately, he was not real-world
> >savvy enough to leave a way for his heirs to recover
> >the data. The executor has tried various obvious
> >passwords (names of grandchildren, significant dates
> >and places, etc.), but they have not worked.
> >
> >Does anyone have a program that does brute
> >force password guessing for Counterpane's
> >Password Safe program? Alternatively, does
> >anyone have the details of the file format and
> >algorithms so I can write one? Bruce's website
> >says that it uses Blowfish and that a 2.0 version
> >would be published with source, but I don't think
> >the 2.0 version was ever published. Does anyone
> >have source to it?
> >
> >Please reply to the list, since I believe the answer
> >will be generally useful.
>
> If he was truly techno-savvy your best bet would be to brute
> force all ascii'able passwords. Most likely his password is at
> most 10 chars, so you have about 95^10 or 2^65 work ahead of
> ya... have fun.
>
> Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************