Cryptography-Digest Digest #142, Volume #12 Fri, 30 Jun 00 18:13:01 EDT
Contents:
Re: DES Analytic Crack (Jim Gillogly)
Re: Observer 4/6/2000: "Your privacy ends here" (JimD)
CryptoTools ("Phil")
Re: breaking encryption - help! (Andru Luvisi)
Re: Surrendering Keys, I think not. (Eric Norman)
Re: searching for a special GUI crypto tool (tl_jergen)
Re: searching for a special GUI crypto tool (Jim Gillogly)
Re: Blowfish for signatures? (stanislav shalunov)
Re: very large primes (Roger Schlafly)
Re: How encryption works (David A Molnar)
Re: Certificate authorities (CAs) - how do they become trusted authorities ?? (Shawn
Willden)
Newbie question about factoring ([EMAIL PROTECTED])
Re: Newbie question about factoring (Daniel A. Jimenez)
Tying Up Lost Ends II (SCOTT19U.ZIP_GUY)
Re: AES: It's been pretty quiet for some time... (David Crick)
Re: SV: SV: DES 64 bit OFB test vectors (Jack Spencer)
Encryption and IBM's 12 teraflop MPC...... ([EMAIL PROTECTED])
Re: Encryption and IBM's 12 teraflop MPC...... (Tom McCune)
Re: Encryption and IBM's 12 teraflop MPC...... ("Dann Corbit")
----------------------------------------------------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: DES Analytic Crack
Date: Fri, 30 Jun 2000 16:52:35 +0000
lordcow77 wrote:
>
> What ever happened to Eric Michael Cordian's DES Analytic Crack
> project that was floating around the cypherpunks mailing list in
> 1998 or so? They haven't updated their FAQ for since then and I
> haven't heard anything else about their results (or even their
> lack thereof).
I checked with him last October, looking for a sensible way to
attack one of Simon Singh's cipher challenges. He responded that
some of the urgency had gone out of the project when Deep Crack
demonstrated the total death of DES against anybody with $0.25M.
He indicated that he was still interested in it and working on
it, but in a much more relaxed mode. Don't expect turnkey software
soon.
By the way, I went on to contact John Gilmore, who partnered with
me for the Simon Singh challenge, and he coaxed 1/2 of Deep Crack
to come up and crack the problem. Yes, it does work quite nicely
against unknown ASCII plaintext. See the Singh leader board at
http://www.4thestate.co.uk/cipherchallenge/ for more detail.
--
Jim Gillogly
Sterday, 7 Afterlithe S.R. 2000, 16:45
12.19.7.6.1, 8 Imix 4 Tzec, Fourth Lord of Night
------------------------------
From: [EMAIL PROTECTED] (JimD)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.security.scramdisk,uk.telecom
Subject: Re: Observer 4/6/2000: "Your privacy ends here"
Date: Fri, 30 Jun 2000 16:26:13 GMT
Reply-To: JimD
On Thu, 29 Jun 2000 23:10:33 +0100, Simon Elliott <[EMAIL PROTECTED]>
wrote:
>JimD <[EMAIL PROTECTED]> writes
>>On Tue, 27 Jun 2000 21:25:34 +0100, Andy Dingley <[EMAIL PROTECTED]>
>>wrote:
>>
>>>[EMAIL PROTECTED] (JimD) a �crit :
>>>
>>>>>>>Maybe the webmaster's been assassinated by MI6.
>>>
>>>>Absolutely. There was that woman from Shrewsbury they had
>>>>murdered.
>>>
>>>Hilda Murrell ?
>>
>>None other.
>
>What was that all about? I don't remember reading about this in the
>papers.
It was a long time ago, during the Thatcher r�gime I think.
This Hilda Murrell, had a nephew(?) who knew what happened to
the log of the submarine that sunk the Belgrano. You'll recall
the log mysteriously went missing when enquiries were being made
about this incident.
She was also active in some peace movement or other - that and
the matter of the log was just a bit too much of a risk for
the odious Thatcher woman to take, so she had her eliminated.
Or so the story goes. The local police, unsurprisingly, got
nowhere with the murder enquiry.
--
Jim Dunnett.
g4rga at thersgb.net
------------------------------
From: "Phil" <[EMAIL PROTECTED]>
Subject: CryptoTools
Date: Fri, 30 Jun 2000 14:08:18 -0400
CryptoTools
http://pages.infinit.net/gce/cryptotools
CryptoTools component allow you to add encryption and encoding
to your programs developped in VisualBasic and VisualC++.
CryptoTools supports:
+ DES Encryption
+ TripleDES Encryption
+ Base64 Encoding
+ MD5 Hashing
CryptoTools encrypts any types of VARIANTS (including objects)
and FILES.
Demo available at:
http://pages.infinit.net/gce/cryptotools
------------------------------
From: Andru Luvisi <[EMAIL PROTECTED]>
Subject: Re: breaking encryption - help!
Date: 30 Jun 2000 10:58:01 -0700
It's not a 64 or 128 bit block cipher in CFB mode. Errors in the
ciphertext extend all the way to the end when decrypting.
Andru
--
==========================================================================
| Andru Luvisi | http://libweb.sonoma.edu/ |
| Programmer/Analyst | Library Resources Online |
| Ruben Salazar Library |-----------------------------------------|
| Sonoma State University | http://www.belleprovence.com/ |
| [EMAIL PROTECTED] | Textile imports from Provence, France |
==========================================================================
------------------------------
From: Eric Norman <[EMAIL PROTECTED]>
Subject: Re: Surrendering Keys, I think not.
Date: Fri, 30 Jun 2000 13:39:03 -0500
Simon Johnson wrote:
>
> Now, to complicate matters, the government wants us to surrender
> our keys if were involved in a criminal investigation. So how do
> we satifiy the police, by providing a key (which is going to be
> fake), and insure are information remains secure?
This is easily done with Rivest's chaffing and winnowing.
Incriminating message + one key = wheat.
Innocuous message + another key = chaff.
--
Eric Norman
"Congress shall make no law restricting the size of integers
that may be multiplied together, or the number of times that
an integer may be multiplied by itself, or the modulus by
which an integer may be reduced".
------------------------------
From: tl_jergen <[EMAIL PROTECTED]>
Subject: Re: searching for a special GUI crypto tool
Date: Fri, 30 Jun 2000 18:41:37 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> "TL" [EMAIL PROTECTED] writes, in part:
>
> >I'm searching for a special GUI crypto tool.
> >The aim is just to hide my private infos, when sending
> >email attachments thru the net, or even progs I made.
>
> >Some downloaded binairies I like the most :
> >- PUFFER http://www.briggsoft.com/puffer.htm
> >- CRYPTO http://www.gregorybraun.com/crypto.html
> >- HARDCRYPT http://www.alternetive.asso.fr/securite/jcutils.htm
>
> I'd recommend Puffer, and Puffer would have
> been one of my recommendations even if you
> hadn't mentioned any programs.
>
> I've never heard of the stuff on the French
> web page you mention, but Gregory Braun's
> Crypto 3.5 is snake-oil.
>
> Joe
>
> __________________________________________
>
> Joe Peschel
> D.O.E. SysWorks
> http://members.aol.com/jpeschel/index.htm
> __________________________________________
>
>
I cant phantom why on earth you think Crypto 3.5 is snakeoil. It uses
the Blowfish algy in this proggy. Do you really think you can break
Blowfish!!! Do you really have informations for us on easy ways to break
2^128 bits encryption. I think *not*!!! You better do more studying
before you suggest to us that Blowfish & this proggie are snakeoil!
tl_jergen
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: searching for a special GUI crypto tool
Date: Fri, 30 Jun 2000 19:10:44 +0000
tl_jergen wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (JPeschel) wrote:
> > I've never heard of the stuff on the French
> > web page you mention, but Gregory Braun's
> > Crypto 3.5 is snake-oil.
>
> I cant phantom why on earth you think Crypto 3.5 is snakeoil. It uses
> the Blowfish algy in this proggy. Do you really think you can break
> Blowfish!!! Do you really have informations for us on easy ways to break
> 2^128 bits encryption. I think *not*!!! You better do more studying
> before you suggest to us that Blowfish & this proggie are snakeoil!
Joe has backup for this assertion. See:
http://www.fortunecity.com/skyscraper/coding/379/caz6a.htm
which can be reached from Joe's page at:
http://members.aol.com/jpeschel/crack.htm
Executive summary: Casimir says Braun only pretends to use Blowfish, but
actually uses a weak proprietary algorithm, and he tells how to break it.
--
Jim Gillogly
Sterday, 7 Afterlithe S.R. 2000, 19:06
12.19.7.6.1, 8 Imix 4 Tzec, Fourth Lord of Night
------------------------------
From: stanislav shalunov <[EMAIL PROTECTED]>
Subject: Re: Blowfish for signatures?
Date: 30 Jun 2000 14:44:50 -0400
"Joseph Ashwood" <[EMAIL PROTECTED]> writes:
[Description of how to turn any block cipher into a message
manipulation digest.]
> The last C[n] is your signature, just transfer K securely and it can be
> verified and will be difficult to fake.
But that's not a "digital signature" as everybody understands it.
Being able to check this MDC is the same as being able to fake it.
For completeness sake, you could also make the key publicly known and
turn Blowfish into regular message digest algorithm, not unlike MD5.
If you transfer the digest securely, you can verify whether insecurely
transferred file was modified.
Another small problem with both schemes is that they both provide no
protection in situation where we could be concerned about birthday
attacks. I cannot provide an example of such a situation here,
however.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: very large primes
Date: Fri, 30 Jun 2000 12:59:01 -0700
Dennis Ritchie wrote:
> I no longer remember the precise results and their consequences,
> but it is probably more like: for every recursively enumerable set,
> there is a polynomial f(a; x1, x2, ..., xn) where n is fairly small
> (10 or 20 or so) whose coefficients are integers, such that there is a
> solution in integers for f()=0 if and only if a<0 or a is a member
> of the r.e. set.
Yes. Dann Corbit posted some links.
http://mathworld.wolfram.com/PrimeDiophantineEquations.html
You can also arrange the primes to be the (positive) range
of the polynomial by some simple tricks. Eg, if a > 0 in your
notation, (1-2f()^2)a will be negative or in the r.e. set.
If you want to make sure that a > 0, then you can replace it
with 1+a1^2+a2^2+a3^2+a4^2.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: How encryption works
Date: 30 Jun 2000 19:44:14 GMT
Simon Johnson <[EMAIL PROTECTED]> wrote:
> calculate modulo inverses. I'll be different and say you use the
> Euler Totient function. to calculate and modulo inverse:
> d=e^((p-1)x(q-1)) mod (pxq)
> Simplicity itself :)
uh, exponents are taken mod phi(n). So you really need
d = e^( phi(phi(n)) ) mod phi(n)
where phi(n) = p-1 * q-1
this requires that you know the prime factorization of p-1 and q-1,
which you generally don't unless you take special care in generating
p and q. This is why the Extended Euclidean Algorithm, while
more complicated and more difficult to understand, is preferable to
using euler's formula in this case.
-dmolnar
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: Certificate authorities (CAs) - how do they become trusted authorities ??
Date: 30 Jun 2000 14:19:13 -0600
Greg <[EMAIL PROTECTED]> writes:
> > In doing a bit of research on internet security I naturally came
> > across "Certificate authorities (CAs)" (ie: Verisign, twaite, etc)
> > ... can anyone tell me (or give me a URL) from where these
> > companies get *their* certification - who says they are 'trusted'
> > ?? ...I suppose I am asking as well what/who is the root of all
> > authorities!
>
> Yes you are, no there is no answer, and that is the problem that CAs
> face.
>
> IMHO, CAs are to solve a business model by tricking the consumer
> into unwarranted confidence of security.
>
> The only question you have to ask yourself is, "Does it make sense
> to you?" It sure does not to me.
Sure it does. This is no different than many, many things in the
normal world. Why should we trust a CA? Why should we trust a bank?
Why do we trust any individual or organization?
The way we go about determining whether or not some entity is
trustworthy ultimately boils down to a simple process of first
trusting them, and then seeing if we get screwed. At times we have
the luxury of being able to use "transferred" trust, using
already-established trust in one entity who then certifies another
entity, but we must always trust first.
In the case of CAs, we actually have some of both. Most CAs provide
some sort of contractual agreement containing provisions for
reimbursement of the purchasers losses. In the case of Verisign (I
just looked) purchasers of server certificates are "insured" up to
$100,000 against "econonomic loss resulting from the theft,
corruption, impersonation or loss of use of a certificate" (that's
from a one-paragraph summary, the actual agreement is very detailed
and explicit).
So, we have some transferrable trust, based on our confidence that if
Verisign doesn't hold up its end, the courts will force them to pay
up. And, although I haven't looked into it, since Verisign is a
public company, and shareholders worry about such open-ended
liabilities as those represented by the warranty agreement, I'm sure
that Verisign has insurance to cover the liabilities, and I'm sure
that the insurance company watches things carefully to cover their own
liabilities.
Beyond that, it's also the case that any verifiable failure on the
part of Verisign will be publicized (this is the "trust them and see
if they let you down" part).
So, for financial transactions, I think it is quite reasonable and
safe to trust the CAs. If you're looking to secure communications
between terrorist organizations, though, you'd better look elsewhere.
Finally, I have a question for you:
Suppose there were a "root" CA. Who *would* you trust with that
responsibility?
Shawn.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.theory
Subject: Newbie question about factoring
Date: Fri, 30 Jun 2000 20:23:59 GMT
In the FAQs for sci.crypt and rsasecurity.com
it is stated that the security of RSA depends
(partially) on the assumption that factoring is
hard. Does this mean the assumption that
factoring is NP-hard and, if not, then how
hard? Also, can factoring be described as a
decision problem?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Daniel A. Jimenez)
Crossposted-To: comp.theory
Subject: Re: Newbie question about factoring
Date: 30 Jun 2000 16:00:59 -0500
In article <8jivkc$qd9$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
> In the FAQs for sci.crypt and rsasecurity.com
>it is stated that the security of RSA depends
>(partially) on the assumption that factoring is
>hard. Does this mean the assumption that
>factoring is NP-hard and, if not, then how
>hard?
No, just "real hard." Unless P=NP, it's unlikely that factoring is NP-hard.
Nevertheless, that doesn't mean factoring is easy; one could still imagine
a lower bound of subexponential or very high order polynomial on its
complexity, making it practically very hard. For instance, maybe a lower
bound on the complexity of factoring is Omega(n^1000), where n is the
logarithm of the number to be factored. Then it's doable in polynomial
time, but it's still going to take a very long time.
>Also, can factoring be described as a decision problem?
Yes, in a couple of different ways:
1. Given positive integers N and K, is there a non-trivial prime factor of
N less than K? You can use a binary search to find a factor of N this way
(or determine that N is prime if the only such K is equal to N).
2. Given positive integers N and K, is the K'th bit in the binary
representation of the smallest prime factor of N equal to one? Stepping
through K gives you a factor of N one bit at a time (or N itself, if N
is prime).
--
Daniel Jimenez [EMAIL PROTECTED]
"I've so much music in my head" -- Maurice Ravel, shortly before his death.
" " -- John Cage
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Tying Up Lost Ends II
Date: 30 Jun 2000 21:10:17 GMT
Tying Up Loose Ends MORE
This is based on John Savard's work but he misses a few minor points
In the previous post I cleaned up the lost Ends in John's work in
the follow up I will show what he should have done when he use
NNNxxxxx xxxxxxxx as the last two bytes of a compressed file.
Fist use my method to get the finitely odd file. The last byte
in that file will have a last one in bit postion 0 to 7 since
it is fintely odd. Now convert the file to a unque byte file
as I describe. Now comes the big trick. "GET RANDOM" numbers
how is is anyones guess. But if it was easy everyone would use
ONE TIME PADS.
slide over the last byte to make room for NNN
let NNN be the bit positon that had the trailing 1.
to make it easy the right most bit is 0 and the left
most is 7
example .... 00100000 finitely odd file
becomes .....11000000 or 01000000 depinding on carrys
this means nnn be 5 so last two bytes become
101 11xxx xxxxxxxx note the last 6 + nnn bits
random this is kind of what john was drving at when he missed
the boat.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS **no JavaScript allowed**
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed ** JavaScript OK**
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
"The road to tyranny, we must never forget, begins with the destruction
of the truth."
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: AES: It's been pretty quiet for some time...
Date: Fri, 30 Jun 2000 22:16:47 +0100
Volker Hetzer wrote:
>
> Hi!
> Does anyone know what's going on?
> The last announcement was on may, 15.
Just as you write this, here's latest annoucement:
Preliminary information is now available for a Modes of Operation
Workshop. [Link to] < http://csrc.nist.gov/encryption/aes/modes/ >.
In response to your original query, NIST are current evaluating the
Round 2 material:
Following the close of the Round 2 public analysis period on May 15,
2000, NIST intends to study all available information and make a
selection for the AES, from among the finalists. Currently, NIST
anticipates that it will announce the AES selection by late summer or
early fall of 2000. No firm date has been set for this announcement,
which will be made using a Federal Register notice, press release,
and information on this AES home page, at a minimum.
[ < http://csrc.nist.gov/encryption/aes/ >. ]
--
+-------------------------------------------------------------------+
| David Crick [EMAIL PROTECTED] RSA 22D5C7A9 DH BE63D7C7 87C46DE1 |
| Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
+-------------------------------------------------------------------+
------------------------------
From: Jack Spencer <[EMAIL PROTECTED]>
Subject: Re: SV: SV: DES 64 bit OFB test vectors
Date: Sat, 01 Jul 2000 07:27:46 +1000
> > The smallest core will do up to 7.5 million encryption/decryption per
> > second(480 Mbits/s).
>
> > A fully pipelined ECB DES core will do up to 120 million enc/dec per
> second
> >
> > (7.68 Gbits/s).
> > This in FPGA, an ASIC will do better.
> That seem's fast enough!
>
> So do you have a retail source for this cores ?
I know of a company in the Valley who got the unpipelined DES core
from Ocean Logic (http://www.ocean-logic.com/). The Verilog version
synthesizes in Virtex E @ 120 MHz and takes 16 cycles.
This for the unpipelined version. I assume that a pipelined version would
be
~16 times faster.
I posted names and URLs of other companies in the messages above.
> Regards Erik
JS
------------------------------
From: [EMAIL PROTECTED]
Subject: Encryption and IBM's 12 teraflop MPC......
Date: Fri, 30 Jun 2000 21:19:39 GMT
Greetings,
I was just reading about the new 12 teraflop MPC (massively parallel
computer) IBM has just released to the Department of Energy�s Lawrence
Livermore National Laboratory in Livermore, California.
(http://www.msnbc.com/news/426657.asp?
bt=pu&btu=http://www.msnbc.com/m/olk2k/msnbc_o_install.asp I don't
know if that link will work.....)
There is a lot of discussion about all that can be done with such a
computer along the lines of the simulation of nuclear explosions and
weather phenomenon. But suprisingly, nothing about cryptographic
implications (such as factoring).
I seem to recall Schnierer had a table in on of his books that compared
keylength to time required for brute force key recovery given computing
capability at the time. But it seems computing power is growing at a
rate faster than predicted. Does anyone know how such computing power
as a 12 teraflop MPC effects current preception of the security of
various keylengths under various crypto systems?
Any sources online that discuss the new IBM machine and its crypto
implications. Think the NSA already has one?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Encryption and IBM's 12 teraflop MPC......
Date: Fri, 30 Jun 2000 21:34:18 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <8jj2sp$sre$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
<snip>
>Any sources online that discuss the new IBM machine and its crypto
>implications. Think the NSA already has one?
Out of curiousity, why does it have 8192 processors? Is it just a nice
even 8k number, or is there special reason to have an even multiple,
rather than 8200 or 8100?
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.3
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
iQCVAwUBOV0SmcMxrQ5/VTwtAQGmpgQAiQicuAE7TD1J9IErbfbppyCmHEZbpNFT
oT8GkhJHQO2Ct2mQoyI/0tg82jmDOj/2SYR/mwP9TYqQtZCQPcWygXZiydOcZovb
fa4VTRJlGxwou0hOpHrxxBeN+H43m22WZrUnVI/x7HiwNQQA6NYfuNyo2Ef8IZ4E
egWW71R6QOc=
=u4Hn
=====END PGP SIGNATURE=====
------------------------------
From: "Dann Corbit" <[EMAIL PROTECTED]>
Subject: Re: Encryption and IBM's 12 teraflop MPC......
Date: Fri, 30 Jun 2000 14:49:25 -0700
"Tom McCune" <[EMAIL PROTECTED]> wrote in message
news:un875.23809$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In article <8jj2sp$sre$[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> <snip>
> >Any sources online that discuss the new IBM machine and its crypto
> >implications. Think the NSA already has one?
>
> Out of curiousity, why does it have 8192 processors? Is it just a nice
> even 8k number, or is there special reason to have an even multiple,
> rather than 8200 or 8100?
A power of 2 lends itself to n-cube style wiring (just a guess).
--
C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
"The C-FAQ Book" ISBN 0-201-84519-9
C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
