Cryptography-Digest Digest #972, Volume #11 Thu, 8 Jun 00 00:13:01 EDT
Contents:
Re: Brute forcing for Counterpane's Password Safe (Paul Rubin)
Re: Some dumb questions (Bryan Olson)
Re: Retail distributors of DES chips? (Thor Arne Johansen)
Re: Brute forcing for Counterpane's Password Safe (Roger Schlafly)
Re: testing non linearity of arithmetic-logic combinations ("cranky cransky")
Re: equation involving xor and mod 2^32 operations (tomstd)
Re: testing non linearity of arithmetic-logic combinations ("cranky cransky")
Re: Brute forcing for Counterpane's Password Safe (Paul Rubin)
Re: Enigma Variations (Paul Rubin)
Re: equation involving xor and mod 2^32 operations (Scott Contini)
Re: Brute forcing for Counterpane's Password Safe (Roger Schlafly)
Re: equation involving xor and mod 2^32 operations (tomstd)
Re: Question about recommended keysizes (768 bit RSA) ("Trevor L. Jackson, III")
Re: bamburismus ("Trevor L. Jackson, III")
Opening digital envelope & decrypting data encrypted with DES3 (Abid Farooqui)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Brute forcing for Counterpane's Password Safe
Date: 7 Jun 2000 23:15:20 GMT
Volker Hetzer <[EMAIL PROTECTED]> wrote:
>> The heirs would normally care about stuff like bank accounts,
>> which the executor should be able to locate by knowing the SSN (tax ID
>> number) of the dead person.
>
>I was assuming that there is a legally defensible reason for this.
>Is there any circumstance in your country where you can be legally forced
>to hand over encryption keys to somebody else or where they can be seized
>while you're absent or dead?
This gets debated in the newsgroups sometimes and the answer seems to
be "no" (in the case of stuff like passwords) but "yes" for physical
objects such as documents. However, that's not relevant here. I'm
saying that without direct evidence, I'm skeptical of the story about
the dead person in Florida as posted by the fairly obvious pseudonym
Joe Smith at hotmail.com. I think it's more likely that someone wants
to crack a password belonging to a living person who doesn't want it
cracked, and the cracker is not being honest with us about it. I
don't feel inclined to be helpful in that situation.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Some dumb questions
Date: Wed, 07 Jun 2000 23:38:13 GMT
E-mail asked:
> How much would the effort have been hindered if the second use of
> the pad was done after transforming the pad with a pseudo-random
> number generator (and the pad is discarded after its second use)?
That would depend on the PRNG, and my experiment doesn't say
(for any PRNG). One trouble with these "in practice"
investigations is that they are very sensitive to the exact
conditions.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Thor Arne Johansen <[EMAIL PROTECTED]>
Subject: Re: Retail distributors of DES chips?
Date: Thu, 08 Jun 2000 02:26:11 +0200
If after all this flaming/discussion/exploration you're still interested
in a DES chip, you should check out:
http://www.pcc.pijnenburg.nl/
BR,
Thor A. Johansen
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Brute forcing for Counterpane's Password Safe
Date: Wed, 07 Jun 2000 17:11:14 -0700
Paul Rubin wrote:
> >I was assuming that there is a legally defensible reason for this.
> >Is there any circumstance in your country where you can be legally forced
> >to hand over encryption keys to somebody else or where they can be seized
> >while you're absent or dead?
>
> This gets debated in the newsgroups sometimes and the answer seems to
> be "no" (in the case of stuff like passwords) but "yes" for physical
> objects such as documents.
BTW, Justice Thomas on the US Supreme Court just expressed the opinion
that the answer should be "no" for documents (if you plead the Fifth in
a criminal case). See:
http://supct.law.cornell.edu/supct/html/99-166.ZC.html
The case involved Web Hubbell who Clinton prosecutor Ken Starr forced to
produce a lot of financial documents, and was then charged with various
irregulaties. The majority sided with Hubbell, but did not go as far
as Thomas. (For those outside the US, Hubbell was a friend of Clinton
and the assistant Attorney General.)
You'd never know it from the press he gets, but IMHO Clarence Thomas's
opinions are models of clarity compared to the mush that others like
O'Connor and Souter write, and Thomas is the most reliable defender
of the Bill of Rights on the Supreme Court.
------------------------------
From: "cranky cransky" <[EMAIL PROTECTED]>
Subject: Re: testing non linearity of arithmetic-logic combinations
Date: Thu, 8 Jun 2000 11:03:19 +1000
thankyou all for the information. its has been helpfull.
Terry Ritter <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> On Thu, 08 Jun 2000 00:17:01 +0200, in
> <[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >
> >> A Latin square is a table look-up, an array access. In general, the
> >> reason to use an explicit Latin square instead of a computation is
> >> that the Ls can be far more complex. In the end, a complex
> >> transformation is what we want.
> >
> >A dumb question: If a randomly generated substitution table (each
> >column being a permutation) is used, by how much (roughly) is it
> >worse than the Latin square?
>
> They are different: A Latin square is a 2-in 1-out function (which I
> call "dyadic") that can combine two values into one result like XOR or
> ADD. A substitution table is a 1-in 1-out function (which I call
> "monadic") that takes one value into one result. So the two are not
> really interchangeable.
>
> With respect to nonlinearity, a completely random table is likely to
> be more nonlinear than an invertible substitution table which is
> necessarily restricted to be a permutation, but a random table is not
> guaranteed to be balanced, and is unlikely to be invertible.
> Similarly, a substitution table is likely to be more nonlinear than a
> similar-sized row or column of a Latin square which is more than just
> an arbitrary permutation: each row or column also must be a
> permutation in a set which will make a Latin square. Of course, a
> Latin square will have multiple of such permutations, each guaranteed
> different, so simply taking the minimum nonlinearity of all these
> measured one-by-one can be deceptive.
>
> ---
> Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
> Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>
------------------------------
Subject: Re: equation involving xor and mod 2^32 operations
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 07 Jun 2000 18:02:45 -0700
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
>Can someone help me out with the following
>problem.
>I have an equation
> (a + x) xor (b + x)
>where + is the add mod 2^32 operator and
>xor is the xor operator on bit representation.
>a and b are known, x is the unknown.
>How do I solve such a problem?
>Even better, how do I generally solve a system
>of n equations, containing n variables, in a system
>that has two different operators such as xor and
>addition mod 2^32.
The problem is the x's cancel out so your equation is not much
better then '(a + b) + x - x'.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
From: "cranky cransky" <[EMAIL PROTECTED]>
Subject: Re: testing non linearity of arithmetic-logic combinations
Date: Thu, 8 Jun 2000 11:19:43 +1000
Terry Ritter <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Articles have been published on this, but no arithmetic-level function
> is very nonlinear. Much better nonlinear functions and related
> operations are random-like substitutions, Latin squares, and
> orthogonal Latin squares.
my idea was to test the relative non linearity (if those words can be
used ) of various combinations of simple chip level operations ( << , >> ,
xor, and, bit-complement, +, - ...etc )on 32 and 64 bit ints, in an effort
to make systematic the process of choosing functions for the simulation of
32 bit or 64 bit substitution table. rather than just randonly combining a
few. so my aim is to discover the most nonlinear combination of operands for
mixing, that creates the greatest avalanche (perhaps avalanche is not a
function of non linearity, i dont know). for people who arnt familiar with
c-conventions,
^ means xor;
a += b mean a = a + b;
for example: we have three variables, a, b, c; combine in them in these
ways...
1: a = b ^ c; b = a + c; c = b - a;
2: a = c - b; b = c ^ a; c = a + b;
3: a = b + c; b = a - c; c = a ^ b;
rotate through the combinations , then replace the = with +=, -=, ^=, etc...
then you could add more levels of complexity...
a = (b + c) ^ ( (b << 17) - (c >> 5) );
or a = (b + c) ^ ( (b << i ) - (c >> j) ); where i, and j are iterated.
> The form of nonlinearity which is currently measured is "Boolean
> function nonlinearity," on which topic I have a page of description
> with JavaScript computation of results.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Crossposted-To: talk.politics.crypto
Subject: Re: Brute forcing for Counterpane's Password Safe
Date: 8 Jun 2000 02:30:18 GMT
In article <[EMAIL PROTECTED]>,
Roger Schlafly <[EMAIL PROTECTED]> wrote:
>> This gets debated in the newsgroups sometimes and the answer seems to
>> be "no" (in the case of stuff like passwords) but "yes" for physical
>> objects such as documents.
>
>BTW, Justice Thomas on the US Supreme Court just expressed the opinion
>that the answer should be "no" for documents (if you plead the Fifth in
>a criminal case). See:
>http://supct.law.cornell.edu/supct/html/99-166.ZC.html
The way I heard it, that decision basically said the prosecution can't
order you to "turn over all your documents pertaining to so-and-so",
if they don't know what documents you have. That's because admitting
the existence of documents is testimony, and the 5th stops them from
compelling testimony. However, if they know you have a *specific*
document (e.g. a business record that you're required to keep), they
can demand it.
Also, the 5th Amendment is for criminal cases, not civil. In civil
discovery, demands to turn over "all documents regarding <whatever>"
are routine.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Enigma Variations
Date: 8 Jun 2000 02:36:00 GMT
In article <[EMAIL PROTECTED]>,
Joseph Reuter <[EMAIL PROTECTED]> wrote:
>Jim wrote:
>>
>> Read Kahn, 'The Codebreakers' the non-abridged version if possible,
>> although it's long been out of print. A definitive history of
>> cryptography up to around the early '70s I think.
>>
>
>Funny! Amazon.com shows
> The Codebreakers; The Comprehensive History of Secret
> Communication from Ancient Times to the Internet
> by Daivd Kahn, David A. Kahn
> List Price: $65.00
> Our Price: $45.50
> You Save: $19.50 (30%)
>
> Hardcover - 1181 pages Revised edition (December 1996)
> Scribner; ISBN: 0684831309 ; Dimensions (in inches): 2.44 x 9.61
>x 6.50
>
>Surely 1181 pages is not the abridged version!
The original 1968 hardcover edition is long out of print. There was a
much shorter, abridged paperback edition that may or may not still be
around, but it has all the good parts removed so should be avoided.
The version on Amazon now is the "revised" edition. It's still a
great book, but it's exactly the same as the 1968 edition, with a few
pages tacked on the end to mention developments since 1968
(development of public key cryptography, plus the Enigma disclosures
of the 70's). That makes it the most complete edition, but if you
already have a copy of the 1968 version or can find a used one cheap,
it's not worth paying a lot extra just for the "revisions".
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: equation involving xor and mod 2^32 operations
Date: 8 Jun 2000 02:42:50 GMT
In article <[EMAIL PROTECTED]>,
Anton Stiglic <[EMAIL PROTECTED]> wrote:
>Can someone help me out with the following
>problem.
>I have an equation
> (a + x) xor (b + x)
>where + is the add mod 2^32 operator and
>xor is the xor operator on bit representation.
>a and b are known, x is the unknown.
>How do I solve such a problem?
Interesting problem...
There is not necessarily a solution or a unique solution. For example, take
a = b and solve
(a + x) xor (a + x) = c
If c==0 then there are 2^32 solutions, otherwise there are no solutions.
Now consider the case b = a + 1
then we have
(a + x) xor (1 + a + x) = c
which is of the form
y xor (y + 1) = c
for y = (a + x) .
There can only be a solution if c consists of a single block of
1's where the block starts from the least significant bit. IE
c is one of: 1, 3, 7, ... , 2^i - 1, ... 2^31 - 1
If c is 1 , there are 2^31 solutions.
If c is 3 , there are 2^30 solutions.
If c is 2^i-1 , there are 2^(32-i) solutions.
(double check this since I might be making mistakes)
Ok, I have not solved the problem but I think there is value to this
approach? I'd be interested in knowing the answer once you have
it figured out.
Scott
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Brute forcing for Counterpane's Password Safe
Date: Wed, 07 Jun 2000 20:14:56 -0700
Paul Rubin wrote:
> >BTW, Justice Thomas on the US Supreme Court just expressed the opinion
> >that the answer should be "no" for documents (if you plead the Fifth in
> >a criminal case). See:
> >http://supct.law.cornell.edu/supct/html/99-166.ZC.html
>
> The way I heard it, that decision basically said the prosecution can't
> order you to "turn over all your documents pertaining to so-and-so",
> if they don't know what documents you have. That's because admitting
> the existence of documents is testimony, and the 5th stops them from
> compelling testimony. However, if they know you have a *specific*
> document (e.g. a business record that you're required to keep), they
> can demand it.
Right, but as Thomas's separate opinion explains, the 5th used to
protect against using your own diary and personal papers to convict
you in a criminal case. Thomas (and Scalia) want to revisit the
issue. If his analysis is correct (and the others are persuaded),
they could not demand and use your diary even if they know you
have it.
> Also, the 5th Amendment is for criminal cases, not civil. In civil
> discovery, demands to turn over "all documents regarding <whatever>"
> are routine.
Right, altho the 5th can come up in a civil case. If you witnessed
a fender bender, you can be compelled to testify, but if they ask
you what you were smoking at the time, you can plead the 5th.
------------------------------
Subject: Re: equation involving xor and mod 2^32 operations
From: tomstd <[EMAIL PROTECTED]>
Date: Wed, 07 Jun 2000 20:24:52 -0700
In article <8hn17a$8ck$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Scott Contini) wrote:
>In article <[EMAIL PROTECTED]>,
>Anton Stiglic <[EMAIL PROTECTED]> wrote:
>>Can someone help me out with the following
>>problem.
>>I have an equation
>> (a + x) xor (b + x)
>>where + is the add mod 2^32 operator and
>>xor is the xor operator on bit representation.
>>a and b are known, x is the unknown.
>>How do I solve such a problem?
>
>Interesting problem...
>
>There is not necessarily a solution or a unique solution. For
example, take
>a = b and solve
>(a + x) xor (a + x) = c
>
>If c==0 then there are 2^32 solutions, otherwise there are no
solutions.
>
>Now consider the case b = a + 1
>then we have
>
>(a + x) xor (1 + a + x) = c
>
>which is of the form
>
>y xor (y + 1) = c
>
>for y = (a + x) .
>
>
>There can only be a solution if c consists of a single block
of
>1's where the block starts from the least significant bit. IE
>c is one of: 1, 3, 7, ... , 2^i - 1, ... 2^31 - 1
>
>If c is 1 , there are 2^31 solutions.
>If c is 3 , there are 2^30 solutions.
>If c is 2^i-1 , there are 2^(32-i) solutions.
>(double check this since I might be making mistakes)
>
>Ok, I have not solved the problem but I think there is value to
this
>approach? I'd be interested in knowing the answer once you have
>it figured out.
>
All I have to say... "I am not worthy... I am not worthy". I
would probably never have thought of that....
Good work :)
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Wed, 07 Jun 2000 23:57:00 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: Re: Question about recommended keysizes (768 bit RSA)
"Thomas J. Boschloo" wrote:
> Jerry Coffin wrote:
> >
>
> <s>
>
> > I won't bother with another follow-up like this: far be it from me to
> > spend more time and effort simply to force you to admit that you were
> > and are wrong -- I think intelligent people reading the thread have
> > enough information to realize that your comparison and conclusions
> > were inaccurate. Unless you're willing to change your ways and add
> > something substantive to the thread, there's no real point in
> > continuing it.
>
> Please don't let it end like this, the least you could do is agree to
> disagree. I think that back in 1980 computers were very expensive, but
> not because they were or weren't high end, but because we didn't have
> the industry, competition and market share to keep prices low like they
> are now!
Actually in 1980 there was quite a bit of industry and very intense
competition. There wasn't a mass market for ~1e8 desktop machines, but there
was still a respectable market in dollars.
At that time the prices were influenced as much by the expectations of the
users/conmsumers as by the economics of production. For instance, circa 1980
owners of minicomputers would not purchase software packages that cost in the
00s of dollars. They would only consider packages in the multiple 000s of
dollars. The only reason for this prejudice was mindset.
On the hardware end, I once suggested to NASA (Marshall Space Flight Center)
that they need not wait months for time on their univac in order to analyze a
megabyte or so of data because the analysis could be performed on a
microcomputer in a few days of machine time after a couple weeks of
programming. The response was inquiries regarding my sanity. Again, the only
reason for the prejudice was mindset.
Bottom line is that the computer market place (hardware and software) is an
imperfect market. It still is (Microsoft is still profitably selling Really
Bad Software(tm)).
>
>
> When I left the vrije university in Amsterdam, they just got a computer
> matrix consisting of a hundered or so pentium pro's. They are just mass
> produced now, what makes them relatively cheap.
If the introduction of mass production were the only explanation for the
reduction in price/performance we would not expect the decline to continue as
it has over the last several decades. If you inspect the projections and
plans of the major manufacturers you'll find that they expect it to continue
into the foreseeable future.
------------------------------
Date: Thu, 08 Jun 2000 00:02:53 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: bamburismus
Sundial Services wrote:
> I guess my thought is that we are probably long past "good enough" for
> most non-military applications ... that is to say, we are past the point
> where the cipher is going to be the exploitable weak-link.
How can you tell?
> The
> exploitable point, if a communications-net is broken, is probably not
> going to be the cipher, but the way that it is being used or the people
> who are using it.
Unless you know how it is being attacked, how can you make a comparison?
------------------------------
From: Abid Farooqui <[EMAIL PROTECTED]>
Subject: Opening digital envelope & decrypting data encrypted with DES3
Date: Thu, 08 Jun 2000 03:56:14 GMT
Does anyone have a program that will do the following:
Given the private key, open a digital envelope, decrypt the symmetric
DES3 key using the private key (possibly output the DES3 key to a file)
and then go ahead and perform decryption of the payload data using the
DES3 key and output the data to a file or to the console.
Something like that would really help me.
Thanks
Abid Farooqui
Senior QA Engineer
CommerceQuest Inc.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
