Cryptography-Digest Digest #89, Volume #12 Thu, 22 Jun 00 20:13:00 EDT
Contents:
Re: how to compare the securtity between ECC and RSA (DJohn37050)
Re: breaking encryption - help! (Jeffrey Williams)
Re: breaking encryption - help! (Steve Basford)
Re: breaking encryption - help! (Steve Basford)
Compression and known plaintext in brute force analysis (restatements caused by the
missing info .... thread) ("Joseph Ashwood")
Re: Comments/analysis requested ([EMAIL PROTECTED])
Re: I need help to find reliable external MIME decoding utility, (jungle)
Re: Encryption on missing hard-drives (jungle)
Re: how to compare the securtity between ECC and RSA (Roger Schlafly)
Re: how to compare the securtity between ECC and RSA (tomstd)
tomstdenis.com (tomstd)
Re: tomstdenis.com [WARNING: POTENTIALLY OFFENSIVE] ("Joseph Ashwood")
Re: how to compare the securtity between ECC and RSA ("Joseph Ashwood")
Re: How encryption works (infamis.at.programmer.net)
Re: Observer 4/6/2000: "Your privacy ends here" ("Danny Johnson")
Re: Encryption on missing hard-drives (jungle)
Re: Try it. (Bill Unruh)
Re: Observer 4/6/2000: "Your privacy ends here" ("Anarchist Lemming")
Re: Variability of chaining modes of block ciphers (Eric Lee Green)
Re: obfuscating the RSA private key (Andrew Bortz)
Re: How encryption works ("Joseph Ashwood")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Subject: Re: how to compare the securtity between ECC and RSA
Date: 22 Jun 2000 21:09:28 GMT
Tom,
The attack on symmetric key takes time as its major constraint.
Some attacks on asymmetric keys do not need much space, some attacks currently
do. So the question is:
Do you just measure the time all attacks take (this is conservative) or try to
factor in the space somehow? Given that the attack on symmetric is based on
time, it is more straightforward to just consider time.
Don Johnson
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: breaking encryption - help!
Date: Thu, 22 Jun 2000 16:21:53 -0500
It occurs to me that, if he's using a free proxy server program that it might be
helpful to know what it is. It's entirely possible that a public solution to his
problem already exists. For that matter, it could be open source code.
Andrew Carol wrote:
> In article <[EMAIL PROTECTED]>, Steve Basford
> <[EMAIL PROTECTED]> wrote:
>
> > On 22 Jun 2000 19:02:52 GMT, [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
> > wrote:
> >
> >
> > > I think you need more than one example to see if its XOR what
> > >is the encryption of a second or third site so we can tell.
> >
> > 0F := length
> > 00 00 00 := spacer
> > 2F 83 92 A3 D5 78 82 42 78 97 22 43 E3 E6 E6 : www.hotmail.com
> > 01 := index
> >
> > 0F := length
> > 00 00 00 := spacer
> > 2F 83 92 A3 DC 37 A1 3A 0A FA 29 83 A6 41 D7 : www.aaaaa.co.uk
> > 01 := index
> >
> > 0F := length
> > 00 00 00 := spacer
> > 2F 83 92 A3 DF B8 7C 4D 89 CC 29 5C 77 7D 60 : www.bbbbb.co.uk
> > 01:= index
> >
> > 0B := length
> > 00 00 00 := spacer
> > 2F 83 92 A3 8D E7 DF 66-6C 80 F1 : www.000.com
> > 01:= index
>
> Whatever they do, it's not a simple XOR with a single key because the
> ".uk" suffix (of identical length strings) do not all map to the same
> thing.
>
> Yet notice the leading "www." DO match. Perhaps they are employing a
> carry from left to right between characters? Or some other feedback
> system between characters.
>
> Another thing to try to is use a web address such as "aaaaaaaaaa.com",
> "bbbbbbbbbb.com", and "cccccccccc.com" to see if there is a common
> change which would suggest a simple carry.
>
> --- Andy
------------------------------
From: Steve Basford <[EMAIL PROTECTED]>
Subject: Re: breaking encryption - help!
Date: Thu, 22 Jun 2000 22:41:11 +0100
On Thu, 22 Jun 2000 13:24:02 -0700, Andrew Carol <[EMAIL PROTECTED]>
wrote:
>Whatever they do, it's not a simple XOR with a single key because the
>".uk" suffix (of identical length strings) do not all map to the same
>thing.
>
>Yet notice the leading "www." DO match. Perhaps they are employing a
>carry from left to right between characters? Or some other feedback
>system between characters.
>
>Another thing to try to is use a web address such as "aaaaaaaaaa.com",
>"bbbbbbbbbb.com", and "cccccccccc.com" to see if there is a common
>change which would suggest a simple carry.
Okay, here you go...
0E
00 00 00
39 57 09 7D 19 0E F8 D4 AB 40 76 DE 33 B3 := aaaaaaaaaa.com
01
0E
00 00 00
3B F8 FF 99 91-B2 46 29 6A 65 6D E6 3D EA := bbbbbbbbbb.com
01
0E
00-00 00
3A 7D 7A C3 08 90 51 14 5B 16 44 A0 31 3B := cccccccccc.com
01
------------------------------
From: Steve Basford <[EMAIL PROTECTED]>
Subject: Re: breaking encryption - help!
Date: Thu, 22 Jun 2000 22:41:10 +0100
On Thu, 22 Jun 2000 16:21:53 -0500, Jeffrey Williams <[EMAIL PROTECTED]>
wrote:
>It occurs to me that, if he's using a free proxy server program that it might be
>helpful to know what it is. It's entirely possible that a public solution to his
>problem already exists. For that matter, it could be open source code.
The proxy is Jana Server (http://www.jana-server.ocm.de/Englisch/FrameSet.htm)
I've already emailed the author asking if he could write a util, but he says
that he is re-writing the whole program, so doesn't want to add this 'feature'
as you say, maybe someone already has worked out the encryption
thanx...
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Compression and known plaintext in brute force analysis (restatements caused
by the missing info .... thread)
Date: Thu, 22 Jun 2000 14:38:04 -0700
Compression is certainly not a cure all for cryptographic protection,
especially against a known plaintext attack. For this I am assuming that the
compression algorithm uses a fixed table known to the attacker. According to
results that were posted here certainty in a DES sized cipher should take 2
blocks of attempts, with ASCII text. This is due to the amount of entropy
and the unicity being at 2 blocks.
But with compression a slightly different result can occur, we can end up
with a deflation down to significantly smaller sizes. A quick test with
winzip on a large text file gave a size reduction of 65%, more usefully for
this that means that the compression resulted in 3 bytes per byte. Moving
outward this leads to 3 blocks per block, so with a (semi)known plaintext,
under compression, it is entirely possible that the unicity distance could
actually be reduced.
Joe
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Comments/analysis requested
Date: Thu, 22 Jun 2000 21:35:29 GMT
In article <[EMAIL PROTECTED]>,
Runu Knips <[EMAIL PROTECTED]> wrote:
>
> You don't need C. Any highlevel language or any pseudocode
> notation would suffice. Just use some general notation such
> as
>
> for i in [1..16] do (
> x := ~k[i] ^ p[i] ... (k[i] & 0xf) ... (p[i] & k[i]) ...
> ....)
>
> That is FAR more readable than any assembly or pseudoassembly
> listing, because in that I have always to keep track of all
> these registers.
>
Hopefully this is a little better:
encryptedpassword
='<90h,44h,ABh,95h,30h,D9h,B1h,92h,34h,83h,40h,91h,78h,D5h,9Ah,A2h>'&|
'<C4h,2Ch,2Bh,69h,90h,A9h,D5h,B5h,64h,25h,D5h,64h,98h,2Dh,D1h,B5h>' & |
'<50h,58h,D2h,49h,48h,35h,6Bh,61h,48h,E6h,22h,97h,A0h,5Ah,CAh,E2h>' & |
'<CCh,94h,90h,21h,60h,6Bh,ABh,F4h,A4h,2Dh,42h,53h,D8h,B9h,29h,95h>'
OriginalText = All('<B0h>',64)
This does the encrypting:
Loop Counter = 1 to 16
epvlong = EncryptedPasswordValue[Counter] !95AB4490h for counter=1
otvlong = OriginalTextValue[Counter]
savedotvlong = OriginalTextValue[Counter]
counter2 = band(EncryptedPasswordValue[Counter],0Fh) + 1
otvlong2 = OriginalTextValue[Counter2]
EncryptedLong = bor(band(otvlong2,epvlong),band(otvlong,bxor
(epvlong,0ffffffffh)))
OriginalTextValue[ Counter2 ] = EncryptedLong + epvlong
EncryptedLong = bxor(band(savedotvlong,epvlong),band(otvlong2,bxor
(epvlong,0ffffffffh)))
OriginalTextValue[ Counter ] = EncryptedLong + epvlong
End
The trick is that it writes back two times (counter and counter2) for
each pass through the loop. Therefore, when it gets to counter=16 the
originaltextvalue[16] may not = 9529B9D8h because it could have been
changed at some point if counter2 = 16. I'm curious as to how safe
this is against someone being able to derive the EncryptedPassword if
they have the encrypted text and the original text. What do you think?
Thanks in advance, Wayne
BTW, here is the decrypt:
Loop Counter = 16 to 1 By -1
epvlong = EncryptedPasswordValue[Counter]
otvlong = OriginalTextValue[Counter]
savedotvlong = OriginalTextValue[Counter]
counter2 = band(EncryptedPasswordValue[Counter],0Fh) + 1
otvlong2 = OriginalTextValue[Counter2]
EncryptedLong = bor(band((maxulong + 1 + otvlong -
epvlong),epvlong),band((maxulong + 1 + otvlong2 - epvlong),bxor
(epvlong,0ffffffffh)))
OriginalTextValue[ Counter ] = EncryptedLong
EncryptedLong = bor(band((maxulong + 1 + otvlong2 -
epvlong),epvlong),band((maxulong + 1 + otvlong - epvlong),bxor
(epvlong,0ffffffffh)))
OriginalTextValue[ Counter2 ] = EncryptedLong
End
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: I need help to find reliable external MIME decoding utility,
Date: Thu, 22 Jun 2000 17:55:34 -0400
thanks ...
JPeschel wrote:
>
> jungle [EMAIL PROTECTED] writes:
>
> >I need help to find reliable external MIME decoding utility,
> >decode MIME from file
>
> WinZip can handle MIME file formats. It doesn't seem to
> recognize the .mme extension, so I usually change the
> extension to .uue, and WinZip decodes it.
>
> Joe
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Encryption on missing hard-drives
Date: Thu, 22 Jun 2000 18:09:19 -0400
very good points ...
"SCOTT19U.ZIP_GUY" wrote:
>
> The individual that you quoted is most likely correct. Scientists
> are treated like shit in the DOD. I becase of my nature was frequently
> choosen by management to take the "PEE TESTS" but because of the
> long drive to where you had to pee many times important tests or meetings
> or the running of my code (which many of my peers had trouble following)
> cost the government large sums of tax dollars due to the large
> unscheduled delays.
> What was so insulting was that management with there acces to more highly
> classifed documents seldom if ever took such tests. I now of individuals
> belonging to the correct religiuos groups that were never "PEE TESTED" yet
> when you go to PEE they say everything is random. FUCKIN BULL SHIT. I
> offered to write software that would pick people at random and weight
> such that those who where never picked would get picked and that your
> chances of getting picked go up as a function of time since last pick
> and as a function of your access to secrets. GUESS what they don;t give
> a fuck.
> I think one reason that most scientists are treated like shit is
> becasue many science orientated people are those seeking the truth
> while manager types are more into controlling and distorting the truth
> so they tend not to like the scienve type.
> Most scientists types are not stupid they know the POLYGRAPH shit is
> a joke. It works best on idiots that break down during an enteragation
> yet the media as part of american dummying down makes it sound as if
> it can get to the truth.
> One thing that stands out in the PEE test that was so stupid was
> all the forms you had to sign and the bottle you had to pour you PEE
> in was all in indivual sealed plastic bags opened under you eyes. THen
> they give you a cup off of an open stack of cups and have you pee in it
> first so they can pour it in the bottle. I complianed he could have
> put drugs in this open stack of cups. IT just makes them angry. IT
> also amde them angry that I get so nervous peeing in the cup that I
> usually fillit all up and spill pee all over my hands the cup and floor.
> They hate that. But what can I do I get nervous when forced to PEE
> for uncle so much more than most. THe up side is at least upper
> management gives you a phone call and says why give the pee assitant
> so much trouble he is only following orders.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: how to compare the securtity between ECC and RSA
Date: Thu, 22 Jun 2000 15:26:35 -0700
DJohn37050 wrote:
> Some attacks on asymmetric keys do not need much space, some attacks currently
> do. So the question is:
> Do you just measure the time all attacks take (this is conservative) or try to
> factor in the space somehow? Given that the attack on symmetric is based on
> time, it is more straightforward to just consider time.
Yes, it is easier and cruder to just consider time and
ignore space. But I do not think it is more conservative.
The most conservative strategy is to make the most accurate
estimates you can for the attacks, and then to make allowances
for technological advances.
------------------------------
Subject: Re: how to compare the securtity between ECC and RSA
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 22 Jun 2000 15:28:35 -0700
[EMAIL PROTECTED] (DJohn37050) wrote:
>Tom,
>The attack on symmetric key takes time as its major constraint.
>
>Some attacks on asymmetric keys do not need much space, some
attacks currently
>do. So the question is:
>Do you just measure the time all attacks take (this is
conservative) or try to
>factor in the space somehow? Given that the attack on
symmetric is based on
>time, it is more straightforward to just consider time.
>Don Johnson
That's just it, we may not have the *space* to perform the
attacks on future RSA keys.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: tomstdenis.com
From: tomstd <[EMAIL PROTECTED]>
Date: Thu, 22 Jun 2000 15:40:39 -0700
My ISP sucks so I am moving my stuff to
http://www.geocities.com/tomstdenis/
It's not up yet but just to let you know. I will also try to
format my site better while I am at it.
BTW Rogers@Home is my ISP and it's a really terrible service.
Tom
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: tomstdenis.com [WARNING: POTENTIALLY OFFENSIVE]
Date: Thu, 22 Jun 2000 15:56:35 -0700
WARNING: REALLY BAD JOKE AHEAD, BEWARE, TOTALLY OFF-TOPIC AND QUITE
OFFENSIVE, CONTINUE AT YOUR OWN RISK.
[snip moving stuff]
> BTW Rogers@Home is my ISP and it's a really terrible service.
My guess is that they're just in it for the rogering.
Joe
[snip signature]
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: how to compare the securtity between ECC and RSA
Date: Thu, 22 Jun 2000 15:53:02 -0700
I always found the chicken without a head method to be the most
conservative. We've all seen it, the one where the person decides that they
want a 400Mbit RSA key that is replaced every hour, used exclusively for
their low security communications, they never want to reveal what they use
for the high security. But anyway, I find it comfortable to simply assume
infinite technological advances in the space direction, simply to make my
life easier (and because it really doesn't make that big of a difference to
the final key size), and because I can always state that they haven't
reached the limits I accounted for in terms of space. In the compute power
direction I usually assume that we'll leave moore's law well behind and go
4x in individual and another 4x in number per year. I can if nothing else be
quite certain that we will not out pace 16x growth in the world computing
power annually. So right now in PGP I use a 4096 bit DH/DSS public key
(apologies to the people that only allow RSA keys), that I tend to replace
annually, usually because of hardware failures more than expectations (I run
my hardware very hard, and often well beyond the specifcations).
Joe
"Roger Schlafly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> DJohn37050 wrote:
> > Some attacks on asymmetric keys do not need much space, some attacks
currently
> > do. So the question is:
> > Do you just measure the time all attacks take (this is conservative) or
try to
> > factor in the space somehow? Given that the attack on symmetric is
based on
> > time, it is more straightforward to just consider time.
>
> Yes, it is easier and cruder to just consider time and
> ignore space. But I do not think it is more conservative.
>
> The most conservative strategy is to make the most accurate
> estimates you can for the attacks, and then to make allowances
> for technological advances.
------------------------------
From: [EMAIL PROTECTED] (infamis.at.programmer.net)
Subject: Re: How encryption works
Date: 22 Jun 2000 23:10:00 GMT
How does DH encrypt the block-cipher key?
Are there any other encryption programs or simulations that I can study,
because I need something other than PGP.
Where can I learn about memory management and processing of keys ie greater
than 256bit? For instance, a 4096bit key would take up 512 bytes of memory! How
does a program compute large values like this? Do they use the FPU directly, or
just use the normal general purpose registers? Any source code that displays
this? I know x86 assembly language best, so any examples in asm would be great,
but C examples are also welcome.
[EMAIL PROTECTED]
------------------------------
From: "Danny Johnson" <[email protected]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Thu, 22 Jun 2000 18:05:03 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
(CROSS POSTED)
Please repost the URL so I can try it (In the US)
Through the modem, off the server, over the T1, past the frame-relay,
< < NOTHIN' BUT NET > >
Danny
[email protected].
- -Remove N.o.S.p.A.m. and every other dot to reply-
**My news server "misses" posts occasionally. If I don't reply to**
**a question or something, please repost and/or e-mail me.**
Public PGP Keys & other info: http://dannyj.come.to/pgp/
All <S><P><A><M> (or other unsolicited) messages will be forwarded to
[EMAIL PROTECTED], [EMAIL PROTECTED], PostMaster@(your
domain),
and WebMaster@(your domain). I may choose to give one (1) warning.
Tim Cocks wrote in message <8ios3s$sak$[EMAIL PROTECTED]>...
>> > >> > I tried to access the Shayler web site listed below but
could not.
>> This
>> > >was
>> > >> > said to be due to an HTTP error 403 - Forbidden.
>
>I don't pretend to be an amazing expert on webservers, but in my
experience
>this is generally down to the OS the webserver is running on. In
my
>experience, you could be either:
>a) Trying to get a directory listing because there is no default
document
>(Common under NT)
>b) Trying to get access to a file on the webserver that the user
running the
>server process does not have access to (Common under poorly setup
Un*x
>boxes)
>c) Something completely different
>
>It looks to me like it was /.ed and had to be pulled down somehow
(or the
>webserver program is doing this because too many people are
accessing the
>file and the OS won't let the program have any more handles -
therefore the
>server /assumes/ it can't get a handle coz it doesn't have access)
>
>Tim Cocks
>[EMAIL PROTECTED]
>(C'mon. Spam me. There you go bots, there's my e-mail address.
It even
>works. Go on. I dare ya.)
>
>
>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: http://DannyJ.Come.To/PGP/
iQA/AwUBOVKbl+rxnFAWPoHvEQKK6wCfc5Lp8eCvMWPhlAoRhJQMjE3eYuAAoKxe
vQUdADXIbbAKmxIDcERI6KDI
=9Ngy
=====END PGP SIGNATURE=====
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Encryption on missing hard-drives
Date: Thu, 22 Jun 2000 19:18:56 -0400
another urban myth ...
I'm running stable system for years now ...
"Trevor L. Jackson, III" wrote:
> On the 32-bit versions of Microsoft(tm) Windows(!tm) you cannot disable the
> swapfile because the memory management subsystem goes through the disk
> subsystem. If you disable swapping the system becomes (ahem) "unstable".
another urban myth ...
I'm running stable system for years now ...
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Try it.
Date: 22 Jun 2000 23:19:28 GMT
In <[EMAIL PROTECTED]> John <[EMAIL PROTECTED]>
writes:
>Hmmm...I wonder, though, should they just have put the source
>code on this group? :-) HOw can they make money if they can't
>protect there source? Oh well, this is sure a strange business.
You do not make money from the algorithm. That should be open for all to
see and study and make sure you have not screwed up (by accident or on
purpose). You make your money by providing a service-- ie all of the
protocol and the program to make use of the algorithm easy, useful, and
safe.
------------------------------
From: "Anarchist Lemming" <[EMAIL PROTECTED]>
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Fri, 23 Jun 2000 00:36:12 +0100
"Danny Johnson" <[email protected]> wrote in message
news:8iu66p$aik$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> (CROSS POSTED)
> Please repost the URL so I can try it (In the US)
You probably could have worked it out, but it's www.shayler.com. I still
haven't had a reply to the message I sent the webmaster. Maybe the
webmaster's been assassinated by MI6.
>
>
> Through the modem, off the server, over the T1, past the frame-relay,
> < < NOTHIN' BUT NET > >
>
> Danny
> [email protected].
> - -Remove N.o.S.p.A.m. and every other dot to reply-
> **My news server "misses" posts occasionally. If I don't reply to**
> **a question or something, please repost and/or e-mail me.**
> Public PGP Keys & other info: http://dannyj.come.to/pgp/
>
> All <S><P><A><M> (or other unsolicited) messages will be forwarded to
> [EMAIL PROTECTED], [EMAIL PROTECTED], PostMaster@(your
> domain),
> and WebMaster@(your domain). I may choose to give one (1) warning.
>
>
> Tim Cocks wrote in message <8ios3s$sak$[EMAIL PROTECTED]>...
> >> > >> > I tried to access the Shayler web site listed below but
> could not.
> >> This
> >> > >was
> >> > >> > said to be due to an HTTP error 403 - Forbidden.
> >
> >I don't pretend to be an amazing expert on webservers, but in my
> experience
> >this is generally down to the OS the webserver is running on. In
> my
> >experience, you could be either:
> >a) Trying to get a directory listing because there is no default
> document
> >(Common under NT)
> >b) Trying to get access to a file on the webserver that the user
> running the
> >server process does not have access to (Common under poorly setup
> Un*x
> >boxes)
> >c) Something completely different
> >
> >It looks to me like it was /.ed and had to be pulled down somehow
> (or the
> >webserver program is doing this because too many people are
> accessing the
> >file and the OS won't let the program have any more handles -
> therefore the
> >server /assumes/ it can't get a handle coz it doesn't have access)
> >
> >Tim Cocks
> >[EMAIL PROTECTED]
> >(C'mon. Spam me. There you go bots, there's my e-mail address.
> It even
> >works. Go on. I dare ya.)
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> Comment: http://DannyJ.Come.To/PGP/
>
> iQA/AwUBOVKbl+rxnFAWPoHvEQKK6wCfc5Lp8eCvMWPhlAoRhJQMjE3eYuAAoKxe
> vQUdADXIbbAKmxIDcERI6KDI
> =9Ngy
> -----END PGP SIGNATURE-----
>
>
>
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: Variability of chaining modes of block ciphers
Date: Thu, 22 Jun 2000 23:42:08 GMT
Mok-Kong Shen wrote:
> Eric Lee Green wrote:
> > Mok-Kong Shen wrote
> > > The most popular block chaining mode seems to be CBC.
> > > There is also PBC which chains with plaintext blocks.
> > > One can also accumulate the previous blocks for doing the
> > > chaining and use plaintext as well as ciphertext for
> > > chaining. (I used this in one of my own designs.) By
> > > combinatorics this gives 8 variants.
> >
> > Great. You just added 3 bits to the key space. At the expense of adding yet
> > more code that could be defective/insecure or slow the operation of the
> that I have omitted from my considerations. Chaining is in fact very
> simple to implement. So neglecting the benefit it offers is not
> economically justified in my humble view.
Implementing *A* chaining mode is not the point. Been there, done that. The
point is that every additional line of code is a line of code that could
represent a bug or a security problem with your implementation. Past a certain
point, the added security of globbing yet more code on top of code is
illusionary.
In other words, complexity is to be avoided whenever possible because it is a
security problem. My opinion is that adjustable chaining modes (as vs. one
chaining mode) is added complexity whose cost-benefit margin is dubious.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: Andrew Bortz <[EMAIL PROTECTED]>
Subject: Re: obfuscating the RSA private key
Date: Thu, 22 Jun 2000 19:50:47 -0400
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> Dave Ahn wrote:
> > Our group has client-server programs that are open sourced for peer review.
> > We distribute these programs in source and precompiled binary form. Users
> > download the client binary and use it to connect to servers over the
> > Internet.
> >
> > We wish to ensure that the users of the client software are using the
> > official precompiled binary as opposed to a custom-compiled version based
> > on the public source code. We do not trust the client users. But we do
> > trust the server administrator. We also trust the network connection
> > between the client and the server (i.e. ignore eavesdropping or man-in-middle
> > attacks).
> [...]
>
> > Does this clarify my original questions a bit?
>
> Yup. I think you're attacking the problem from the wrong direction. As pointed
> out by other replies, you can't stop a determined hacker. However, you can
> make their life really miserable.
>
> Since you trust the sever, use a zero-knowledge-proof on a running basis to
> check the client. For example, every 10 or 100 messages (or whatever seems
> reasonable) the sever asks the client "what's the <random address> byte of code?"
> This is really simple to reply. You can even use encryption to make it look
> like you're doing something else :-)
>
> It's still easy to hack, but the hacker now needs to fully understand all your
> code and have a copy of the original binaries to use as the look up table.
> It's also pretty quick so honest users don't notice anything in loss of performance.
>
> A hacked copy will probably run slower and take more space, so you can use
> averaging too to help determine if there's a hacker out there sophisticated
> enough to get by your code. You keep the sophisticated math on the server,
> so the client doesn't even know they are being closely watched.
>
> Expand on this so the questions are more diverse, and make the hackers have to
> comprehend every aspect of the system check. For example: how big are you,
> how big is library xxx, how many questions have I asked so far, etc.
>
> As I said, you can't stop them, but if they have to think about things instead
> of responding "instantly" you can catch most of them.
>
> Patience, persistence, truth,
> Dr. mike
>
Basically, the theoretical best you can do in the case of a hacker with
infinite control over his PC is make your system impossible to fake
without running a legitimate version of the software in parallel with
the hacked version, ready to answer 'proofs'. This will slow down the
hacker's computer a lot. Or, if he's using a seperate computer, well, he
deserves to hack the game!
Andrew
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: How encryption works
Date: Thu, 22 Jun 2000 16:53:59 -0700
I'm sure someone more qualified will answer your first question, as I'm not
sure of many of the details.
> Where can I learn about memory management and processing of keys ie
greater
> than 256bit? For instance, a 4096bit key would take up 512 bytes of
memory! How
> does a program compute large values like this? Do they use the FPU
directly, or
> just use the normal general purpose registers? Any source code that
displays
> this? I know x86 assembly language best, so any examples in asm would be
great,
> but C examples are also welcome.
The memory management is actually fairly simple, you use the 512 bytes of
memory, actually you use several 512 bytes of memory to perform the
exponentiation, addition, and modular division (performed after each step of
the exponentiation). You never touch the FPU, floating point values are bad,
very, very bad, they lose information, it all has to be done using advanced
algorithms doing things like splitting the value in two equal size parts to
speed up multiplication, and using the multiplication along with the
behavior of exponents (specifically a^n = (a^2)^(n/2)) to speed things up
immensly. Generally your computer does things that you never want to do in
your life.
Joe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
