Cryptography-Digest Digest #60, Volume #12 Mon, 19 Jun 00 08:13:01 EDT
Contents:
Re: LSFR, a character twist (Simon Johnson)
Re: Observer 4/6/2000: "Your privacy ends here" (Peter G. Strangman)
Re: small subgroups in Blum Blum Shub (Mok-Kong Shen)
Re: Weight of Digital Signatures (Mok-Kong Shen)
On utilizing entropy in natural language texts (Mok-Kong Shen)
Re: Equally like bit-flips in a Gray code? (Mok-Kong Shen)
Re: On using compression as proper means of encryption (Mok-Kong Shen)
Forgot ZIP File password. (Pranshu Singhal)
Re: Forgot ZIP File password. (JPeschel)
BeeCrypt 1.0.1 released. (Bob Deblier)
Re: Cipher design a fading field? (Alan Braggins)
Re: small subgroups in Blum Blum Shub (Mark Wooding)
Re: How RSA SecurID tokens work? (Daniel James)
Re: Observer 4/6/2000: "Your privacy ends here" ("Anarchist Lemming")
Re: XOR versur MOD (Mark Wooding)
Re: Observer 4/6/2000: "Your privacy ends here" (Therion Ware)
Re: AWFUL PUN (was: Why the golden ratio?) ("G. A. Edgar")
----------------------------------------------------------------------------
Subject: Re: LSFR, a character twist
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Mon, 19 Jun 2000 01:34:22 -0700
Before Tom kills you, be sure to use *LFSR* instead of _LSFR_.
Don't worry, i have also comitted such a sin.
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: Peter G. Strangman <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 19 Jun 2000 09:35:21 +0100
Reply-To: [EMAIL PROTECTED]
On Fri, 16 Jun 2000 12:03:48 +0100, "Darren Rhodes"
<[EMAIL PROTECTED]> wrote:
> I tried to access the Shayler web site listed below but could not. This was
> said to be due to an HTTP error 403 - Forbidden.
> Has anyone had a similar experience?
> Is this due to my ISP Globalnet?
"403 forbidden" means precisely that. It also means that
the client should not retry the URL and that trying with
a password will not help.
It is NOT an error. It is a specific return code indicating,
VERY clearly, that the client is not allowed access.
--
Peter G. Strangman | Leser, wie gefall ich dir?
[EMAIL PROTECTED] | Leser, wie gefaellst du mir?
http://www.adelheid.demon.co.uk | (Friedrich von Logau)
XLIV-VII-DCCCII-CCXII-DCCCXXXI |
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: small subgroups in Blum Blum Shub
Date: Mon, 19 Jun 2000 10:56:15 +0200
Terry Ritter wrote:
> [EMAIL PROTECTED] (David A. Wagner) wrote:
>
> >You can never rule out the chance that the attacker gets lucky and guesses
> >your private key correctly. It's simply unavoidable.
>
> Fine, but the issue here is weakness *beyond* guessing the key. It is
> the (theoretical) possibility that a stream cipher is using a
> generator with a short cycle. It is the possibility that, having
> deciphered only the short cycle, the attacker can now run that
> repeating sequence through the end of the message without further
> work.
I am not commenting on the chance of using a 'weak key' but like
to mention that for a sequence from a non-linear generator there
is normally an initial segment (which could be long) followed by
a loop, so that the chance of getting problems due to the loop is
likely to be higher if one uses longer sequences from the generator.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Weight of Digital Signatures
Date: Mon, 19 Jun 2000 10:56:20 +0200
Lyalc wrote:
> The subtext of many of the press reports is that 'equally binding' implies a
> similar level of supporting infrastructure is required to allow relying
> parties to have a similar level of confidence in the received data.
>
> A single technology, on it's one, has never provided a secure solution, nor
> a reliable one.
I think that a technology's usefulness depends on a wide range of
factors, including risk, which at least partly involves one's subjective
reasoning. With time, the implementations get improved, but then the
users' (unsatiable) expections grow also. Economy seems to be the
principle governing issue. Often competing (parallel) technologies can
co-exist but users' preference could also be influenced by psychology
or other non-technical, sometimes even quite irrational, reasons.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: On utilizing entropy in natural language texts
Date: Mon, 19 Jun 2000 10:56:52 +0200
As stated in Schneir's AC, an ASCII message that is nothing
more than printed English has 1.3 bits of information per
byte of message. This implies that, if one appropriately
concentrates the bit sequences of such texts by a factor
of 8/1.3 = 6.15, one could hope to obtain good quality
random bits.
Now we can do the following: Randomly select a book from
library and randomly determine a starting point in it.
(A PRNG may be employed here to avoid human bias.) Feed
the text into a good cipher and hash the result with
a factor greater than 6.15 (e.g. 8) through a simple
hashing mechnism, e.g. modular addition of successive
groups of 8 computer words.
I don't think that any sophisticated hashing algorithm
is needed, since the key of the cipher and the random
selection of the text sequence are both beyond the
knowledge of the opponent. One can, on the other hand,
combine a number of streams independently generated as
described above through e.g. xor or modular addition,
should higher security be felt to be desirable.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Equally like bit-flips in a Gray code?
Date: Mon, 19 Jun 2000 10:56:44 +0200
M Joonas Pihlaja wrote:
> Yes, that was my plan. First find the key bits that affect the
> cipher bits the least (or most). Ideally there should be a 50/50
> chance of a given cipher bit changing when you flip a given key
> bit, but if that probability is much less than 0.5 then the key
> bit doesn't matter as much (and can be disregarded). OTOH, if
> the probability is close to 1, then it's a good key bit to choose
> for Gaussian elimination.
Question: Wouldn't the input to the cipher affect the task of 'finding
the key bits that affect the cipher bits the least (or most)'? I mean
you have another parameter to consider.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On using compression as proper means of encryption
Date: Mon, 19 Jun 2000 10:56:07 +0200
Guy Macon wrote:
> Mok-Kong Shen wrote:
> >
> >As previously pointed out, pathological cases of input, e.g.
> >a file of all zeros, can be taken care of through a
> >frequency flattening step. Since a PRNG is already used in
> >our scheme, it is simplest and natural to do this through
> >combining the plaintext with random bit sequences from the
> >PRNG (xor or modular addition).
> >
>
> Wouldn't that stop the compression step from compressing?
As said previously, we are here only using (borrowing) the techniques
of compression to achieve our purpose of encryption. Whether the
file gets compressed well or not or even gets expanded, we don't
care much here. (Concerning the bandwidth issue, see the recent
thread 'Some citations'.)
M. K. Shen
------------------------------
From: Pranshu Singhal <[EMAIL PROTECTED]>
Subject: Forgot ZIP File password.
Date: Mon, 19 Jun 2000 05:12:38 -0400
I encrypted a Win ZIP file and now after many weeks I am unable to recall
the
password. I have tried many options which I thought possible but to no use.
What do I do??? Please Help...
Pranshu.
Adieu,
Pranshu Singhal
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Forgot ZIP File password.
Date: 19 Jun 2000 09:24:33 GMT
[EMAIL PROTECTED] writes:
>I encrypted a Win ZIP file and now after many weeks I am unable to recall
>the
>password. I have tried many options which I thought possible but to no use.
>
>What do I do?
Crack it with one of the PKZ utilities on the "Key Recovery Resources"
page of my web site.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: BeeCrypt 1.0.1 released.
Date: Mon, 19 Jun 2000 12:07:05 +0200
Hi all.
I've just posted version 1.0.1 of the BeeCrypt open-source crypto
library to my company's website at http://beecrypt.virtualunlimited.com/
New in this version is a sliding window modular exponentiation, which
gives a performance increase of about 30%. Benchmarks of the library are
also available.
If you have need of any platforms or features currently unsupported,
have comments or questions, please let me know at
[EMAIL PROTECTED]
Sincerely
Bob Deblier
Virtual Unlimited
------------------------------
From: Alan Braggins <[EMAIL PROTECTED]>
Subject: Re: Cipher design a fading field?
Date: 19 Jun 2000 11:16:12 +0100
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> > :> Or at least they only accept a finite amount of input, since then we can
> > :> just encode the possible inputs along with the program (e.g. stick the
> > :> program encoding and its input on a finite length input to a Universal
> > :> Turing machine).
> > :> Which I think means my post was a valid illustration of the argument
> > :> someone else was making earlier, but that that argument (and my post)
> > :> was wrong if we include finite programs taking a potentially infinite
> > :> input, which we should. Rats. This is what comes of not thinking
> > :> carefully enough before making sci.crypt postings when bored waiting
> > :> for a long compile to halt....
> >
> > : How can you conclude that a program accepting an infinite input halts?
> > : Either it stops reading input after a finite amout, or it attempts to
> > : read it "all". The latter is a condition that does not halt.
The point is that if the input is infinite, you can't just look it up
in a table of all possible program/input combinations (well, you can,
since they are still countable, but the lookup could take an infinite
time, in which case your lookup doesn't halt).
"Accept" was possibly a poor choice of word. How about "can be given"?
I wasn't saying anything about how the input is processed, just
whether it can be present in the first place or not.
> In principle I agree, but AB was specifically concerned with the distinction
> between the set of programs plus finite inputs and the set of programs plus
> potentially infinite inputs. There's little difference between a program of
> bounded size accepting an unbounded input tape and program of unbounded size.
> The bounded program can be a UTM and the unbounded input a machine definition,
> which combination can do anything a program of unbounded size can do.
That's what I said.
> > FWIW, I'm *not* considering potentially infinite inputs (and to do so
> > would be mistaken here).
Well in that case, with a finite program accepting a finite input, you
can construct the (finite) lookup table. (Which is much larger than the
input programs it tests for - if the test program as to fit in the same
length as the programs it tests, we have a different problem (and the
test program has to be zero length, since it has to handle inputs which
are of the limiting length, I think)).
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: small subgroups in Blum Blum Shub
Date: 19 Jun 2000 10:22:19 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I am not commenting on the chance of using a 'weak key' but like
> to mention that for a sequence from a non-linear generator there
> is normally an initial segment (which could be long) followed by
> a loop, so that the chance of getting problems due to the loop is
> likely to be higher if one uses longer sequences from the generator.
This doesn't happen in the BBS. To see this, it suffices to note that,
within the subgroup of quadratic residues mod n where n is a Blum
integer, the map x |-> x^2 is bijective.
-- [mdw]
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: How RSA SecurID tokens work?
Date: Mon, 19 Jun 2000 12:02:56 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Vin McLellan wrote:
> When SecurID cards or key-fobs are purchased, RSA ships the tokens with
> an encrypted database of the keys embedded in each token, indexed by the
> serial number engraved on the back of each SecurID.
> [snip]
>
> There is no PRN generator. The token-specific keys embedded in each
> SecurID are true random numbers, generated by a radioactive-trace
> hardware device.
I notice from RSA's website that it's possible to use a PalmPilot device as a
SecurID. How is the key initialized in this case, and how securely is it
protected in the handheld device?
Cheers,
Daniel
------------------------------
From: "Anarchist Lemming" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 19 Jun 2000 12:12:02 +0100
"Peter G. Strangman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 16 Jun 2000 12:03:48 +0100, "Darren Rhodes"
> <[EMAIL PROTECTED]> wrote:
>
> > I tried to access the Shayler web site listed below but could not. This
was
> > said to be due to an HTTP error 403 - Forbidden.
> > Has anyone had a similar experience?
> > Is this due to my ISP Globalnet?
>
> "403 forbidden" means precisely that. It also means that
> the client should not retry the URL and that trying with
> a password will not help.
> It is NOT an error. It is a specific return code indicating,
> VERY clearly, that the client is not allowed access.
>
> --
> Peter G. Strangman | Leser, wie gefall ich dir?
> [EMAIL PROTECTED] | Leser, wie gefaellst du mir?
> http://www.adelheid.demon.co.uk | (Friedrich von Logau)
> XLIV-VII-DCCCII-CCXII-DCCCXXXI |
But it might not just be restricting access from Globalnet. It could be all
UK ISPs. I couldn't connect through either of mine, and it won't let you use
a proxy.
I think 403 "errors" happen becuase you don't meet the requirements of the
server. If all UK visitors are banned they must have had a lot of pressure
put on them by the UK government, although I'm reluctant to believe this
because even Jack Straw and his stormtrooper buddies aren't that stupid. Can
anyone get in? If so, how?
Lemming
www.hellnet.org.uk
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: XOR versur MOD
Date: 19 Jun 2000 11:51:32 GMT
tomstd <[EMAIL PROTECTED]> wrote:
> RC5 is not more secure because of the use of addition (although the
> alternating add/xor does make rotations secure) it's more secure
> because of the rotations.
Please think before posting in future.
Let's replace the adds in RC5 with XORs, and call the result RC5X. Let
P(x) be the parity of x. Note that P(x <<< r) = P(x) for all r, and
that P(x ^ y) = P(x) ^ P(y). By looking at RC5X ciphertexts, we can
therefore partition them according to plaintext parity, and by knowing
the plaintext parity, we can decide key parity.
We can perform more interesting statistical attacks against this system,
using chosen plaintexts, by looking at larger groups of bits. There are
2n rotations in RC5X with n rounds. Choose k, 0 <= k < 5. We have a
probability of 2^{-2 n k} that all of the rotation values will be zero
mod 2^k.
Now choose some function P_k with the properties that:
P_k(x <<< r) = P_k(x), if r = 0 (mod 2^k)
P_k(x ^ y) = P_k(x) ^ P_k(y)
An example P_k would be XOR of k-bit chunks. Note that P_0 = P, my
parity function above. Now, with 2^{-2 n k} probablity we can correctly
assign a partition to a plaintext according to its P_k reults by
examining the P_k of its ciphertext. We can then use this for key
recovery by guessing parts of the first round key; when the guess is
right, the probability of successful partitioning improves by a factor
of 4, which should be easily noticeable using a simple statistical test.
And when we're lucky, we also predict the P_k of the key. Starting with
k = 1 and working up should work quite well for key recovery.
Note also that using only addition, rather than the mixture of addition
and XOR, gives us RC5P which Schneier, Wagner et al. cryptanalysed using
mod 3 techniques.
RC5's security depends on the mixture of addition and XOR almost as much
as it depends on rotations.
-- [mdw]
------------------------------
From: Therion Ware <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Mon, 19 Jun 2000 13:02:22 +0100
On Mon, 19 Jun 2000 12:12:02 +0100, "Anarchist Lemming"
<[EMAIL PROTECTED]> wrote in uk.legal:
>
>"Peter G. Strangman" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Fri, 16 Jun 2000 12:03:48 +0100, "Darren Rhodes"
>> <[EMAIL PROTECTED]> wrote:
>>
>> > I tried to access the Shayler web site listed below but could not. This
>was
>> > said to be due to an HTTP error 403 - Forbidden.
>> > Has anyone had a similar experience?
>> > Is this due to my ISP Globalnet?
>>
>> "403 forbidden" means precisely that. It also means that
>> the client should not retry the URL and that trying with
>> a password will not help.
>> It is NOT an error. It is a specific return code indicating,
>> VERY clearly, that the client is not allowed access.
>>
>> --
>> Peter G. Strangman | Leser, wie gefall ich dir?
>> [EMAIL PROTECTED] | Leser, wie gefaellst du mir?
>> http://www.adelheid.demon.co.uk | (Friedrich von Logau)
>> XLIV-VII-DCCCII-CCXII-DCCCXXXI |
>
>But it might not just be restricting access from Globalnet. It could be all
>UK ISPs. I couldn't connect through either of mine, and it won't let you use
>a proxy.
>
>I think 403 "errors" happen becuase you don't meet the requirements of the
>server. If all UK visitors are banned they must have had a lot of pressure
>put on them by the UK government, although I'm reluctant to believe this
>because even Jack Straw and his stormtrooper buddies aren't that stupid. Can
>anyone get in? If so, how?
It can't be accessed via the secure cotse proxy, so presumably it's
more to do with the server than a block elsewhere. Down for maintance,
maybe?
--
"Do unto others as you would have them do unto you." - attrib: Pauline Reage.
Hell? <http://www.city-of-dis.co.uk/entry/hell.html>
Inexpensive Video 2 Mpeg conversion? <http://www.Video2CD.co.uk>
The <news:alt.atheism> twitlist: <http://www.twitlist.co.uk>
Your films on CD? <http://www.FilmsOnCD.co.uk>
------------------------------
From: "G. A. Edgar" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: AWFUL PUN (was: Why the golden ratio?)
Date: Mon, 19 Jun 2000 08:05:42 -0400
In article <[EMAIL PROTECTED]>, John Savard
<[EMAIL PROTECTED]> wrote:
> I was hoping someone would get my *original* pun, which was what I
> tried to call attention to (the reference to _laurels_ was simply an
> easier clue to the name of W. H. Hardy) ... as W. H. Hardy is also the
> author of a famous essay, "A Mathematician's Apology", where he
> explains the relevance of pure mathematics as an activity.
Well, perhaps if you had meant G. H. Hardy we sould have got it.
--
Gerald A. Edgar [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
