Cryptography-Digest Digest #227, Volume #12 Sat, 15 Jul 00 00:13:00 EDT
Contents:
Re: Has RSADSI Lost their mind? (phil hunt)
Re: Steganographic encryption system (phil hunt)
Re: Steganographic encryption system (phil hunt)
Re: Quantum Computing (Was: Newbie question about factoring) (Jeffrey Shallit)
Re: General Question on cryptography (John Savard)
Re: Enigma Variations (John Savard)
Re: Has RSADSI Lost their mind? ("Paul Pires")
Re: New Idea - Cipher on a Disk (Greg)
Re: New Idea - Cipher on a Disk (Greg)
Re: On intermixing as encryption processing (David Hopwood)
Help: is it diffie-hellman in phone.com browser? ([EMAIL PROTECTED])
Re: Random numbers and online-gambling (John Savard)
Re: Idea for CFB-like cipher (Benjamin Goldberg)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Subject: Re: Has RSADSI Lost their mind?
Date: Fri, 14 Jul 2000 23:02:35 +0100
Reply-To: [EMAIL PROTECTED]
On Fri, 14 Jul 2000 11:12:24 -0700, Roger Schlafly <[EMAIL PROTECTED]> wrote:
>Mark Wooding wrote:
>> [Diffie-Hellman in SSL]
>> > The trouble is that not that many browsers support it.
>>
>> Indeed. Is there any good reason for this? It would save me worrying
>> about keys being demanded from the server admins and decrypting past
>> sessions.
>
>This was done by agreement between Netscape and RSADSI.
>
>RSADSI controlled the patents for Diffie-Hellman and RSA, but it
>much preferred customers to use RSA because it got higher
>royalties and the RSA patent lasts longer.
>
>Netscape needed either Diffie-Hellman or RSA for SSL.
Couldn't they have used an unemcumbered algorithm such as Blowfish?
--
***** Phil Hunt ***** send email to [EMAIL PROTECTED] *****
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Crossposted-To: comp.os.linux.development.apps,uk.comp.os.linux
Subject: Re: Steganographic encryption system
Date: Fri, 14 Jul 2000 23:04:34 +0100
Reply-To: [EMAIL PROTECTED]
On 14 Jul 2000 16:50:05 +0100, Phil Britton <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (phil hunt) writes:
>
>> On 12 Jul 2000 14:54:36 GMT, Paul Hughett <[EMAIL PROTECTED]> wrote:
>> >In comp.os.linux.development.apps phil hunt <[EMAIL PROTECTED]> wrote:
>> >
>> >:>Explaining quite why a 1k plaintext encrypts to a 30k cyphertext
>> >:>might keep you busy.
>> >
>> >: Not at all. If you try to encrypt a 1K file, the system will *always*
>> >: produce a ciphertext which is substantially larger. This has the advantage
>> >: of helping to defeat traffic analysis attacks.
>> >
>> >: Since stes will be open source, it probably won't be too difficult to prove
>> >: to a court that this is the case.
>> >
>> >The hard part comes when to try to prove to a court that the 1k plaintext
>> >is the *only* message stored in this 30k ciphertext.
>>
>> This will depend on the jurisdiction you live in. If a court will imprison you
>> for failing to prove something that is impossible to prove, then you are not
>> living somewhere under the rule of law, so stes cannot help you.
>
>You mean the sort of country that Jack Straw is trying to turn Britain into
Indeed.
Jackboot's RIP bill and his other measures to stamp out our liberties are one
of main tihngs motivating me to develop stes. (Another motivation was to
find out if it was possible).
--
***** Phil Hunt ***** send email to [EMAIL PROTECTED] *****
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Crossposted-To: comp.os.linux.development.apps,uk.comp.os.linux
Subject: Re: Steganographic encryption system
Date: Fri, 14 Jul 2000 23:08:00 +0100
Reply-To: [EMAIL PROTECTED]
On Fri, 14 Jul 2000 18:19:47 +0100, Bob Billing (AKA Uncle Bob)
<[EMAIL PROTECTED]> wrote:
>Phil Britton wrote:
>
>> You mean the sort of country that Jack Straw is trying to turn Britain into
>
> Trying?
Well RIP isn't law yet.
> Seriously though I've been following this with some interest, as an
>encryption system like this would enable binary files to be encrypted in
>transit, and to be given a "watermark" which could be used to prove
>fairly conclusively which file was which.
I hadn't thought of using it for that. How would that work?
> I may have a commercial use
> for this.
I'm intrigued.
If it's not too commercially sensitive, I'd like to know more...
--
***** Phil Hunt ***** send email to [EMAIL PROTECTED] *****
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
------------------------------
From: [EMAIL PROTECTED] (Jeffrey Shallit)
Crossposted-To: comp.theory
Subject: Re: Quantum Computing (Was: Newbie question about factoring)
Date: 15 Jul 2000 00:29:47 GMT
In article <8kg1gj$5mk$[EMAIL PROTECTED]>,
Nick Maclaren <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Tony T. Warnock <[EMAIL PROTECTED]> wrote:
>>
>>That's true. I was basing my comment on the article by van der Poorten and
>>Loxton in Crelle's Journal vol 392, p57, that (purported, there may be an
>>error) that the bits of an algebraic number can not be generated by a finite
>>state machine. Bit strings generated by finite state machines must be either
>>rational or transcendental.
>
>Well, as it stands, that statement is clearly false! As finite state
>machines necessarily repeat, they can generate only rational numbers.
>And, obviously, they can generate any rational number.
>
>
>Regards,
>Nick Maclaren,
>University of Cambridge Computing Service,
>New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
>Email: [EMAIL PROTECTED]
>Tel.: +44 1223 334761 Fax: +44 1223 334679
Well, unfortunately, you're both wrong.
Maclaren is wrong because he misunderstands the model used to generate
real numbers with a finite automaton that Warnock is referring to. In this
model, the finite automaton is equipped with an output function for each
state, say from Q (the state set) to {0, 1, ..., b-1} for some integer
b >= 2. We say such a machine generates the real number
. a_0 a_1 a_2 ... in base b
if, when fed with the base-k expansion of i, the machine reaches a state
q whose output is a_i.
Under this model, it is easy to create finite automata to generate
transcendental numbers. For example, a 2-state machine can
generate the Thue-Morse real number
.0110100110010110 ...
whose i'th bit is the sum (mod 2) of the bits in the binary expansion of i.
This number is known to be transcendental; Dekking proved this some
time ago (although his published proof has an flaw that can be repaired).
And Warnock is wrong because the van der Poorten-Loxton "proof" that all
such numbers are either rational or transcendental has a flaw in it that
no one has yet been able to repair. Van der Poorten acknowledged this at
a conference at Penn State a couple of years ago.
Partial results are known; in particular Allouche and Zamboni have
proved the "either rational or transcendental" result for binary
alphabets. (For exact details see their 1998 paper in Journal of
Number Theory.)
Jeffrey Shallit, Computer Science, University of Waterloo,
Waterloo, Ontario N2L 3G1 Canada [EMAIL PROTECTED]
URL = http://www.math.uwaterloo.ca/~shallit/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: General Question on cryptography
Date: Sat, 15 Jul 2000 00:48:06 GMT
On Fri, 14 Jul 2000 18:58:06 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>One author of a paper, though, has the opinion that under certain
>circumstances the assumption that the opponent has knowledge of the
>algorithm could be weakened. I gave a citation of that some time back.
It certainly is advantageous if one can keep an algorithm secret,
because it makes brute-force search rather more open-ended.
But I think that there is no good reason not to design our algorithms
to be strong enough to be safe if known: even if we pursue additional
strength by keeping them secret. For most users of cryptography,
though, this is not an option, because it is the publicly known
algorithms that have been reviewed by the competent specialists.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Enigma Variations
Date: Sat, 15 Jul 2000 00:45:19 GMT
On Thu, 13 Jul 2000 12:17:20 -0500, "Wesley H. Horton"
<[EMAIL PROTECTED]> wrote, in part:
>Am I to understand that the 5 ten contact rotors on the SIGABA do not
>move during encipherment? In essance, their position was set at the
>begining of the encipherment and they remained static?
Yes, that's correct. Basically, they replace a plugboard; the
advantage is that they're easier to set, their setting is easier to
write down, and there are no small parts to lose or break.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Fri, 14 Jul 2000 17:56:16 -0700
phil hunt <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Fri, 14 Jul 2000 11:12:24 -0700, Roger Schlafly
<[EMAIL PROTECTED]> wrote:
> >Mark Wooding wrote:
> >> [Diffie-Hellman in SSL]
> >> > The trouble is that not that many browsers support it.
> >>
> >> Indeed. Is there any good reason for this? It would save me worrying
> >> about keys being demanded from the server admins and decrypting past
> >> sessions.
> >
> >This was done by agreement between Netscape and RSADSI.
> >
> >RSADSI controlled the patents for Diffie-Hellman and RSA, but it
> >much preferred customers to use RSA because it got higher
> >royalties and the RSA patent lasts longer.
> >
> >Netscape needed either Diffie-Hellman or RSA for SSL.
>
> Couldn't they have used an unemcumbered algorithm such as Blowfish?
Ehrrr... Blowfish is a symmtric cipher (Same single key for encrypt and
decrypt)
RSA is an assymetric scheme (Public key/private key).
RSA and PKP had a virtual monopoly on all assymetric patents for awhile but
I believe that El Gamal and Diffie/Helman are now lapsed and the RSA patent
is due soon.
Different animals
Paul
>
> --
> ***** Phil Hunt ***** send email to [EMAIL PROTECTED] *****
> Moore's Law: hardware speed doubles every 18 months
> Gates' Law: software speed halves every 18 months
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: New Idea - Cipher on a Disk
Date: Sat, 15 Jul 2000 00:53:42 GMT
In article <8knfmj$1fs$[EMAIL PROTECTED]>,
Chris T <[EMAIL PROTECTED]> wrote:
>
> Greg wrote:
> <
> < > There's one thing that I'm not clear about. I'm not sure what
> < > security needs you would be addressing with an encrypted disk?
> <
> < My own. I want security to become common place. I want all disks
> < to become self encrypted processes. I want people to use this
> < stuff because it asks nothing more than a password from them
> < when their machine starts up. When it gets to be that transparent
> < and that easy to use, then people will use it far more than they
> < do today - even if reluctantly. I want security USED by all. I
want
> < people to become so used to having it, that they will cry if they
lose
> < it. Then the next step is building some type of on board encryption
> < onto every network card or replacing the entire TCP/IP with TCP/SIP
> < (secured internet protocol) - a network protocol based upon
encrypted
> < traffic.
> <
> < It is for my security needs - I want to see this next evolutionary
> < step in computers to take place ASAP all over the world. I want
> < so much security to transpire that any wire tap on the internet
> < is a waste of money and time - by anyone and everyone.
> <
> < Privacy is not something we enjoy because most people don't use it
> < because most people don't know how or don't want to bother. I want
> < it everywhere. I want to be part of it everywhere. And I want to
> < make the excuses drop away quickly and effortlessly. I want there
> < to be absolutely no reason for a person NOT to encrypt his disk from
> < end to end. That is my goal.
> <
> < That is the security need I am addressing. Make it everywhere,
> < transparent, and extremely simple to employ. Then people will use
> < it and those seeking to gain access to confidential data will find
> < all of us in a new era - an era where privacy prevails.
> <
>
> But for access points to information that can be protected in
> a physical way I still prefer it that way. I would like a double
> electric fence around my computer, 100 yards of mine field in
> between and armed security guards all around. As for the hard
> disk I would like a lock on it that would block any data transfer
> if not open not just encrypt it. And just in case someone trying
> to take the disk apart I would like a small explosive
> charge that would blow the platters to dust.
And I was worried that I sounded too religious on the subject...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: New Idea - Cipher on a Disk
Date: Sat, 15 Jul 2000 00:59:11 GMT
> Agreed. But does the average computer user need to add security
> to their storage subsystem without adding security to their
> communication subsystem?
Yes, they need both, but here is a simple and transparent solution
that encourages them to begin down one of the two paths.
> Personally, I fear abuse of Carnivore much more than I fear
> warrantless search of my hard drives.
I am open to ideas for this one two. But with new laws that allow
cops to enter your home and read your HD without your awareness,
I think my idea is good for today also.
> It may be that the market is defined by user's fears rather
> than the actual threats to which they may be exposed.
I think the new laws make such a threat a reality to many.
> > > There's also the issue of the obsolescence of the encryption
> > > hardware.
> >
> > Sort of like disk capacity, huh?
>
> I don't think so. Storage capacity is additive. Computational
> throughput generally isn't.
But once people get to feeling secure, then the need to secure will
be I think. Perhaps not, but I think so.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 14 Jul 2000 14:15:37 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: On intermixing as encryption processing
=====BEGIN PGP SIGNED MESSAGE=====
Mok-Kong Shen wrote:
> David Hopwood wrote:
> > Mok-Kong Shen wrote:
[...]
> > > That is, we intermix the bits of the two given streams in
> > > such a manner that the resulting bits have equal chance of
> > > being originated from the one stream or the other.
> > >
> > > Obviously this materially enhances the difficulty of the
> > > opponent,
> >
> > I don't see that this is obvious at all; it depends how the input
> > bit streams can be attacked. If either of the two mixed streams are
> > biased, for example, then the output will also be biased. As a method
> > of combining three (including r()) possibly-random bitstreams in order
> > to produce a hopefully stronger bitstream, I don't see that this method
> > is very efficient or effective.
> >
> > > since he has to identify (guess) which bits of
> > > u_i belong to the first stream and which to the second.
> >
> > That may or may not be true.
>
> The processing here introduced is not stand-alone but is a step
> supplementary to an encryption algorithm and enhances its strength.
I don't think you've established that it does enhance the strength.
I described a case in which it doesn't, and you haven't provided any
specific response to that. In any case, even where it does increase
the strength, it isn't a very efficient method of doing so compared
to, say, using one cipher and increasing the number of rounds.
> That mixing something together (in other context) renders the
> separating the stuffs out rather difficult is a common experience
> and should be intuitively clear.
No, it isn't clear, nor is it true in general. For the above
technique, all you can say in general is that the mixed sequence
is no weaker (in the sense of indistinguishability from a random
sequence), than the *weakest* of the input sequences c1 and c2.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOW8SSTkCAxeYt5gVAQGH/Af9F/bjcrPPgTcd8KnR+7Ad8Bn0Nwdj8dnZ
RDe6gnnaXoqUV9bRkEWZtF6yJzvMY8WL1cNJyYuwmIFCKJdBAUpIu+Lc/H3F3gb+
tofR8JrHmlmmkK8n43wDahHOPRyD7sVJEe0MsEAhO93AdbY1LUZMSETA0KR1QLer
OcRmfQ8cyLwGR6vHt7KTTA5oSpwivGLcPt/FEpTmUm4JjEzVTJmRBN3w9t09Ubnm
uheILoAivVVdTIoPOwXhWXd9bBM63B9xQ1hqkQPklAXBETfvA9Ju5sWsXhUheY5V
v5oLbhSp4AENKkEQ0UtT5YaOGJSsDHnBWq3o0/QCal60yqVgKZAdmQ==
=Fl3z
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.cellular.motorola,alt.cellular.sprintpcs
Subject: Help: is it diffie-hellman in phone.com browser?
Date: Sat, 15 Jul 2000 02:48:57 GMT
Hi Experts,
Does phone.com browser use Diffie-hellman or RSA?
Regards,
Neil
--
http://800mph.com
Free Hosting
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Random numbers and online-gambling
Date: Sat, 15 Jul 2000 03:31:15 GMT
On Thu, 13 Jul 2000 15:30:02 GMT, [EMAIL PROTECTED] wrote,
in part:
>Some weeks ago I found a web-page containing
>an analysis of an online-poker system. There
>was described how the shuffling of the cards
>was done and why the chosen approach was not
>appropriate for online-gambling.
A news story appeared in the local newspapers about a week ago. An
Edmonton man had discovered a flaw in electronic slot machines.
Instead of using it to rip them off, he notified Alberta gaming
authorities.
Yet, he is still facing a $15 million lawsuit from the slot machine
manufacturer.
This, of course, has significant implications for "white hat" hacking.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Idea for CFB-like cipher
Date: Sat, 15 Jul 2000 03:50:57 GMT
Mack wrote:
[snip]
>
> The MDC-MD5 use the same method but with MD5 as the
> hash function.
>
> This is also similar in structure to the SCOTT ciphers
> as well as my X8 series which is based on the same idea.
What are the SCOTT ciphers? Ciphers by SCOTT19U.ZIP_GUY?
Where can I find your X8 series?
>
> Only those ciphers use a truly shuffled lookup table rather than
> a computed function and have multiple rounds of chaining.
The problem with using a truly shuffled array, rather than one with
array[i] != i for all i, is that it's possible for array[0] to be 0,
which would mean, that with probability 1/256, a string of 0's in the
plaintext will become a string of 0's in the ciphertext. If a modified
array is used, then a repeated byte in plaintext will be a random string
the ciphertext. Repeated bytes in the ciphertext *can* occur, but will
decrypt to a random-looking string of plaintext.
> M8 the only secure (so far 3 years) variant of the X8 series
> also adds a round key at the begining of each block and uses a
> modified chaining method.
When you say round key, would the equivilant for my H be: in the place
where I have 'out' initialized to 0, it would be initialized by some
psuedo-random, key-dependant value? This would, I suppose, eliminate
the problem of a repeated byte in input becoming a repeated byte in
output, maybe even better than my modifying the shuffling of the
key-array. It occurs to me, though, that using a simple 8 bit counter
here would work nearly as well.
What kind of "modified chaining method" do you use? Different from
mine, I suppose, but different how?
> >The H I would use is more-or-less grabbed from lja1:
> >
> >/* K is the key, in is the input, N in the size */
> >/* K is a shuffled array 0..255, which has been */
> >/* changed so that for all i, K[i] != i */
> >char H(char *K, char *in, int N) {
> > int i, out;
> > for( i = out = 0; i < N; ++i )
> > out = key[out+key[in[i]]];
> > return (char)out;
> >}
--
This is the signature worm.
Help me spread by appending me to your signature.
This is the signature worm.
Help me spread by appending me to your signature.
This is the signature worm.
Help me spread by appending me to your signature.
This is the signature worm.
Help me spread by appending me to your signature.
This is the signature worm.
Help me spread by appending me to your signature.
This is the signature worm.
Help me spread by appending me to your signature.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
