Cryptography-Digest Digest #229, Volume #12 Sat, 15 Jul 00 14:13:01 EDT
Contents:
Re: Has RSADSI Lost their mind? (phil hunt)
Re: Bit Shuffling (Mark Wooding)
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? (John Savard)
Improving the KEA (John Savard)
Re: Bit Shuffling (Sundial Services)
Re: General Question on cryptography (Sundial Services)
Re: New Idea - Cipher on a Disk ("Trevor L. Jackson, III")
Re: Who was that girl? (Sundial Services)
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? (John Savard)
Re: Improving the KEA (John Savard)
Still another uncommon number transformation scheme (Mok-Kong Shen)
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? (Mack)
Re: Random numbers and online-gambling (zapzing)
Re: New Idea - Cipher on a Disk (Mok-Kong Shen)
Re: Still another uncommon number transformation scheme (Sundial Services)
Re: Computing with Encrypted Functions (zapzing)
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: Defeating the RIP bill ("Michael Tickle")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Subject: Re: Has RSADSI Lost their mind?
Date: Sat, 15 Jul 2000 13:28:04 +0100
Reply-To: [EMAIL PROTECTED]
On Fri, 14 Jul 2000 17:56:16 -0700, Paul Pires <[EMAIL PROTECTED]> wrote:
>phil hunt <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Fri, 14 Jul 2000 11:12:24 -0700, Roger Schlafly
><[EMAIL PROTECTED]> wrote:
>> >Mark Wooding wrote:
>> >> [Diffie-Hellman in SSL]
>> >> > The trouble is that not that many browsers support it.
>> >>
>> >> Indeed. Is there any good reason for this? It would save me worrying
>> >> about keys being demanded from the server admins and decrypting past
>> >> sessions.
>> >
>> >This was done by agreement between Netscape and RSADSI.
>> >
>> >RSADSI controlled the patents for Diffie-Hellman and RSA, but it
>> >much preferred customers to use RSA because it got higher
>> >royalties and the RSA patent lasts longer.
>> >
>> >Netscape needed either Diffie-Hellman or RSA for SSL.
>>
>> Couldn't they have used an unemcumbered algorithm such as Blowfish?
>
>Ehrrr... Blowfish is a symmtric cipher (Same single key for encrypt and
>decrypt)
>
>RSA is an assymetric scheme (Public key/private key).
Aren't there unencumbered public key algorithms? What does GnuPG use?
--
***** Phil Hunt ***** send email to [EMAIL PROTECTED] *****
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Bit Shuffling
Date: 15 Jul 2000 10:16:56 GMT
Jayant Shukla <[EMAIL PROTECTED]> wrote:
> I know this function is linear and it is not meant to be a complete
> cipher in itself. It is meant to be used for creating diffusion
It's not even very good at that.
The main problem with bit permutations is that they can do nothing with
single active bits except move them around. Thus, the best differential
or linear hull for a cipher may take in only a single active S-box per
round.
Constructing ciphers which are based around bit permutations as the main
diffusion element is extremely hard, requiring a great deal of care in
the design of the permutations and nonlinear elements and the way in
which they interact. MDS matrices and PHT networks (e.g., in Rijndael
and SAFER) are both more effective in increasing the number of active
components per round and easier to use in new designs.
This is beside the fact that the usual way to implement bit permutations
is to combine them with S-boxes in big tables, making the permutation
free.
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: Sat, 15 Jul 2000 13:25:55 GMT
On Fri, 14 Jul 2000 17:35:05 -0400, jungle <[EMAIL PROTECTED]>
wrote, in part:
>FIPS 46-2, The Data Encryption Standard (DES), is the approved symmetric
>algorithm for protection of sensitive but unclassified information by
>government agencies.
That, of course, should read "was". Nowadays, they're either using
SKIPJACK or Triple-DES. Soon, they will be using the AES.
>what is the symmetric algorithm for protection of classified info by gov
>agencies ?
There is no public standard for that: it is known that several
different algorithms are used, and it is known that they are secret.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Improving the KEA
Date: Sat, 15 Jul 2000 13:40:49 GMT
A while back, I made a post about the KEA where I noted that I had
thought of a possible improvement to it, but then realized that I
hadn't clearly understood what it was good for.
Given that, in Diffie-Hellman, knowing A^(xy) requires knowing one of
x and y, it then follows that if someone knew both x and y, they could
determine A^(x'y) XOR A^(xy') if they intercepted A^(x') and A^(y'),
the public keys corresponding to the two nonces.
But someone in that position would still be unable to know A^(x'y').
So if that were brought into the process somehow, and verified by
reading a number in an LCD display over the telephone, one could still
have the secure exchange of messages despite the compromise of all the
persistent keys in the system!
(Because reading the number in the display amounts to certifying the
nonce keys, so one really isn't getting something for free. To extract
the private key from a telephone, however, probably involves having
the opportunity to tamper with it as well, so the security is not
perfect.)
I would tend to recommend using something like E( A^(x'y) XOR A^(xy'),
A^(x'y') ) as the session key, where E( plaintext, key ) is a good
symmetric algorithm. Possibly, involving a second set of nonce keys,
x" and y", would be better (e.g., a session key of A^(x'y) XOR
A^(xy') XOR A^(x"y")).
Note that the alternative of using A^(xy) XOR A^(x'y') is probably not
a good idea, as it involves the XOR of a fixed quantity, even though
it seems to offer this same advantage at the price of regular KEA.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Sat, 15 Jul 2000 07:17:12 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Bit Shuffling
No need to argue about it -- http://www.uspto.gov provides searches of
both awarded, pending, and withdrawn patent applications. Free of
charge. All you need to instantly verify or refute this claim is the
application number -- and if the claim is valid...
>Adam Durana wrote:
> I'm sure if I had said 98, your patent would have been filed in 97.
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
Date: Sat, 15 Jul 2000 07:26:28 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: General Question on cryptography
One of the subtle ideas that John is alluding to is that you might
*think* that your cipher is strong when in fact it has a weak-link that
you cannot see.
The Germans lost a war confident that the Enigma machine could not be
broken -- because after all it really only had one cryptographic
weakness, namely that a letter could never encipher to itself. But that
alone was enough to permit a break into Enigma.
You might also inadvertantly create a "cipher" that turns out to be
non-reversible! :-O
>John Savard wrote:
>[...]
> If someone attacking a message of yours can't even *think of* the
> algorithm you are using, your message would be safe. But the keyspace
> of ideas like "use FFT" is not really that large. That you are using
> RSA would likely provide the _real_ security your message has, and
> that part of the algorithm could likely be inferred by the nature of
> your previous exchange of keys.
>
> Cryptography as it exists today has been shaped by influential writers
> on the subject. Auguste Kerchoffs made a list of six characteristics
> the ideal cipher should have. One of them is that a cipher's easily
> changeable key - rather than the algorithm itself - should be the
> source of its security.
>
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
Date: Sat, 15 Jul 2000 10:41:34 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: New Idea - Cipher on a Disk
Greg wrote:
> In article <8knfmj$1fs$[EMAIL PROTECTED]>,
> > But for access points to information that can be protected in
> > a physical way I still prefer it that way. I would like a double
> > electric fence around my computer, 100 yards of mine field in
> > between and armed security guards all around. As for the hard
> > disk I would like a lock on it that would block any data transfer
> > if not open not just encrypt it. And just in case someone trying
> > to take the disk apart I would like a small explosive
> > charge that would blow the platters to dust.
>
> And I was worried that I sounded too religious on the subject...
Children go through phases in the linguistic development, starting with
mama/dada. One interesting phase (in the chinese curse sense) is the "No!"
phase -- somewhere around age two. Only a little later comes the possessive,
"Miyun!", phase -- a resistance to familial socialism I suppose.
Most people, myself included, retain a vestige of that possessive attitude
well into adulthood. Some people apply it to their mates, some to their
weapons, and some to their privacy (data). AFAICT this is a healthy attitude.
------------------------------
Date: Sat, 15 Jul 2000 07:34:41 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Who was that girl?
Even though this girl's algorithm proved to have some flaws, it
certainly was a fine bit of truly original thinking . . . I think
she'll have a great career in science.
>Derek Bell wrote:
>
> David A Molnar <[EMAIL PROTECTED]> wrote:
> : Typing "science talent search" into Google or other
> : search engine will probably pull those out.
>
> The original contest was the _Young Scientist_ contest in Ireland.
>
> Derek
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: Sat, 15 Jul 2000 16:06:59 GMT
On Sat, 15 Jul 2000 06:18:52 -0400, jungle <[EMAIL PROTECTED]>
wrote, in part:
>the encryption software is allocated into lev 1, therefore tell / kill option
>is not applicable ...
Are you saying that, although you don't know the algorithms involved,
you do know that they are _not_ secret? That would be news.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Improving the KEA
Date: Sat, 15 Jul 2000 16:08:33 GMT
On Sat, 15 Jul 2000 13:40:49 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>But someone in that position would still be unable to know A^(x'y').
>So if that were brought into the process somehow, and verified by
>reading a number in an LCD display over the telephone, one could still
>have the secure exchange of messages despite the compromise of all the
>persistent keys in the system!
>(Because reading the number in the display amounts to certifying the
>nonce keys, so one really isn't getting something for free. To extract
>the private key from a telephone, however, probably involves having
>the opportunity to tamper with it as well, so the security is not
>perfect.)
Of course, this would work just as well with regular Diffie-Hellman
using only nonce keys. So an elaboration of the KEA is not needed.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Still another uncommon number transformation scheme
Date: Sat, 15 Jul 2000 18:43:09 +0200
Recently I have posted four more or less uncommon schemes
of transformation of numbers that could have some crypto
utility. Here is another one:
Without loss of generality, we shall assume that the input
is a bit sequence separated into groups of n bits, i.e.
consisting of numbers U in [0, 2^n-1]. Choose an arbitrary
prime p satisfying 2^n < p < 2^(n+1).
Let S = U^2 mod p and
V = S, if U < p/2
V = S + 2^(n+1), if U > p/2
This mapping between U and V is obviously bijective.
Taking V to be an n+2 bit binary number, its leading bit
indicates which of the two square roots of V is to be
taken when determining U from given V (for non-zero V).
There is an obvious disadvantage with this scheme. It
is namely in general hard to compute the square root of
V mod p. However, for some relatively small p's, say
with n=16 above, one can easily compute a look-up table
for use. An advantage of the present scheme over my
previous schemes is that, since V is a n+2 bit number
and n is constant, there is no need to employ separators
that separate the elements of a sequence of V's from one
another.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: 15 Jul 2000 16:36:30 GMT
>On Sat, 15 Jul 2000 06:18:52 -0400, jungle <[EMAIL PROTECTED]>
>wrote, in part:
>
>>the encryption software is allocated into lev 1, therefore tell / kill
>option
>>is not applicable ...
>
>Are you saying that, although you don't know the algorithms involved,
>you do know that they are _not_ secret? That would be news.
>
>John Savard (teneerf <-)
>http://home.ecn.ab.ca/~jsavard/crypto.htm
>
>
I think he is saying that software is not an allowed option for
anything but the lowest level of security. Everything else is
hardware.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Random numbers and online-gambling
Date: Sat, 15 Jul 2000 16:39:28 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> On Thu, 13 Jul 2000 15:30:02 GMT, [EMAIL PROTECTED] wrote,
> in part:
>
> >Some weeks ago I found a web-page containing
> >an analysis of an online-poker system. There
> >was described how the shuffling of the cards
> >was done and why the chosen approach was not
> >appropriate for online-gambling.
>
> A news story appeared in the local newspapers about a week ago. An
> Edmonton man had discovered a flaw in electronic slot machines.
>
> Instead of using it to rip them off, he notified Alberta gaming
> authorities.
>
> Yet, he is still facing a $15 million lawsuit from the slot machine
> manufacturer.
>
> This, of course, has significant implications for "white hat" hacking.
He doesn't really sound like
someone who would have fifteen
million lying around, does he??
:)
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: New Idea - Cipher on a Disk
Date: Sat, 15 Jul 2000 19:09:47 +0200
Chris T wrote:
> But for access points to information that can be protected in a physical
> way I still prefer it that way. I would like a double electric fence
> around my computer, 100 yards of mine field in between and armed security
> guards all around. As for the hard disk I would like a lock on it that
> would block any data transfer if not open not just encrypt it. And just in
> case someone trying to take the disk apart I would like a small explosive
> charge that would blow the platters to dust.
Perhaps you should give your good advice to those responsible for a
recent loss of a disk drive that has made news headlines.
M. K. Shen
------------------------------
Date: Sat, 15 Jul 2000 10:04:37 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Still another uncommon number transformation scheme
As an aside, I find it remarkably refreshing that nowhere in Mok-Kong's
post do I find the words, "patent pending."
>Mok-Kong Shen wrote:
>
> Recently I have posted four more or less uncommon schemes
> of transformation of numbers that could have some crypto
> utility. Here is another one:
>
> Without loss of generality, we shall assume that the input
> is a bit sequence separated into groups of n bits, i.e.
> consisting of numbers U in [0, 2^n-1]. Choose an arbitrary
> prime p satisfying 2^n < p < 2^(n+1).
> Let S = U^2 mod p and
>
> V = S, if U < p/2
>
> V = S + 2^(n+1), if U > p/2
>
> This mapping between U and V is obviously bijective.
> Taking V to be an n+2 bit binary number, its leading bit
> indicates which of the two square roots of V is to be
> taken when determining U from given V (for non-zero V).
>
> There is an obvious disadvantage with this scheme. It
> is namely in general hard to compute the square root of
> V mod p. However, for some relatively small p's, say
> with n=16 above, one can easily compute a look-up table
> for use. An advantage of the present scheme over my
> previous schemes is that, since V is a n+2 bit number
> and n is constant, there is no need to employ separators
> that separate the elements of a sequence of V's from one
> another.
>
> M. K. Shen
> -----------------------------
> http://home.t-online.de/home/mok-kong.shen
--
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Computing with Encrypted Functions
Date: Sat, 15 Jul 2000 16:57:28 GMT
In article <8kmdc8$2km$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Paul Rubin) wrote:
> In article <8kjci8$j9h$[EMAIL PROTECTED]>, Austin Godber <[EMAIL PROTECTED]>
wrote:
> >"The idea is to encrypt a function f to obtain some other function
E(f)
> >that hides the function f. This encrypted function can then be
> >implemented as a program P(E(f)), which is interpreted as a mobile
> >agent and sent to the agent executor. The latter can execute the
mobile
> >agent P(E(f)) on an input value x, which leads to the encrypted
result:
> >P(E(f))(x). Since the agent executor does not know what function it
> >actually computed, it can not meaningfully tamper with the code or
its
> >execution and is restricted to random modifications (which result in
> >denial-of-service) and replay attacks. The encrypted result is
returned
> >to the agent owner who can apply the decryption function, that only
he
> >knows, to obtain the desired result of the function f applied to the
> >input value x: E^1(P(E(f))(x)) = f(x)."
>
> Well, if they have a workable method in general for doing that, among
> other things it makes identity-based encryption trivial.
You're not talking about Biometrics based encryption,
are you? because if so, I don't see the connection.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Sat, 15 Jul 2000 10:54:57 -0700
phil hunt wrote:
> >RSA is an asymmetric scheme (Public key/private key).
>
> Aren't there unencumbered public key algorithms? What does GnuPG use?
Yes. Diffie-Hellman. Predates RSA. Patent has lapsed. Use DSA
for signatures. Considered rock solid.
------------------------------
From: "Michael Tickle" <[EMAIL PROTECTED]>
Subject: Re: Defeating the RIP bill
Date: Sat, 15 Jul 2000 19:03:06 +0100
"Kad" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: I just thought I would make a suggestion as to how easy it
is
: to write a crypto program which makes the RIP bill the
lame duck
: it already is
I am new to this group, so I don't want to seam out of
place, but... Would it not be easier set up hotmail
accounts or similar in the names of all the people evolved
with RIP. Then send encrypted data to them. Tell the
police the data transferred is of interest to them. Then
the police will ask to see the decrypted data. The
receivers can not do this and are thus sentenced to 2 years
in prison. I know this idea is a little rough around the
edges, but you get the idea
Mike
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
