Cryptography-Digest Digest #230, Volume #12 Sat, 15 Jul 00 19:13:00 EDT
Contents:
a file security proposal (Michael Gu)
xor confusion! ([EMAIL PROTECTED])
Re: what is the symmetric algorithm for protection of classified info by (jungle)
Re: Has RSADSI Lost their mind? (Bodo Moeller)
Re: a file security proposal (Kaz Kylheku)
Re: Has RSADSI Lost their mind? (Bill Unruh)
Re: Deleting directory entries without revoking key? (jungle)
Re: Has RSADSI Lost their mind? (Bill Unruh)
Re: xor confusion! (Larry Himes)
Re: xor confusion! ("Joseph Ashwood")
Re: Has RSADSI Lost their mind? ("Joseph Ashwood")
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: Help: is it diffie-hellman in phone.com browser? (Marck Gorszwick)
Re: SECURITY CLEAN freeware text editor in win95 ? (Richard Heathfield)
Re: SECURITY CLEAN freeware text editor in win95 ? (JPeschel)
Re: xor confusion! ("Trevor L. Jackson, III")
Re: RC4-- repetition length? (Rex Stewart)
Re: Quantum Computing (Was: Newbie question about factoring) (Jeffrey Shallit)
Re: Prime Numbers? ("Derrick Coetzee")
Re: SECURITY CLEAN freeware text editor in win95 ? (jungle)
mirror bit !! ([EMAIL PROTECTED])
Re: xor confusion! (Milo Yanker)
----------------------------------------------------------------------------
From: Michael Gu <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.development.system,comp.os.linux.security
Subject: a file security proposal
Date: Sat, 15 Jul 2000 19:38:49 GMT
If this has already been done, please ignore this message.
I suggest to add file encryption capability to the system ( kernal, or
whatever ). The general idea I have is following:
1. system distinguish whether a file is encrypted or not
2. when access an encrypted file, system will get the key by some
means. e.g. prompt for a password, read user config file ...
3. after having aquired the key, system will handle
encryption/decryption transparent to the calling party.
4. when create an file, the function call has an option to make it
encrypted.
In conclusion, this will enable system to handle user-level,
individual-file-level file security, and can be transparent to the
application. ( system can handle the key, so the application does not
even know the file is encrypted. )
The advantage of this is that:
1. Maximum compability. Any application can become secure file
access application even without change.
2. Flexibility. Key can be different for user, individual file ...
3. Performance. If well designed, performance should be better than
application handling security.
Extra cost:
each file may need some extra bytes for key information.
Implementation:
It should be pretty straight forward to implement. On the cypher side,
we probably need a hash function and a block cypher.
------------------------------
From: [EMAIL PROTECTED]
Subject: xor confusion!
Date: Sat, 15 Jul 2000 20:06:51 GMT
i don't quite understand how the XOR operation works. i was reading
about it in Applied Cryptography, by Bruce Schneier. the explaination
was rather brief, so I decided to make a program that generated two
random integers and XORed them. i understand why the same number twice
will return zero, but i don't get how 6 xor 3 can be five (that's one
of the pairs i got). any help is greatly appreciated!
--spud
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by
Date: Sat, 15 Jul 2000 16:29:38 -0400
thanks ...
exactly is the case ...
Mack wrote:
>
> >On Sat, 15 Jul 2000 06:18:52 -0400, jungle <[EMAIL PROTECTED]>
> >wrote, in part:
> >
> >>the encryption software is allocated into lev 1, therefore tell / kill
> >option
> >>is not applicable ...
> >
> >Are you saying that, although you don't know the algorithms involved,
> >you do know that they are _not_ secret? That would be news.
> >
> >John Savard (teneerf <-)
>
> I think he is saying that software is not an allowed option for
> anything but the lowest level of security. Everything else is
> hardware.
thanks ...
exactly is the case ...
------------------------------
From: [EMAIL PROTECTED] (Bodo Moeller)
Subject: Re: Has RSADSI Lost their mind?
Date: 15 Jul 2000 18:53:05 GMT
Paul Rubin <[EMAIL PROTECTED]>:
> Note that an EDH key agreement (at least with OpenSSL) takes about 3x
> as much CPU time as an RSA connection.
You mean "as an RSA connection without forward secrecy" -- you can
also use EDH with RSA, but this will take more CPU time than EDH with
DSA as far as the server is concerned. For the client, RSA without
EDH takes by far the least computational effort; but then, it's the
client that can decide to attempt or not to attempt session reuse, so
maybe cipher suites that are more computationally expensive for the
client could reduce server workload, in the long run.
Here are some timings with OpenSSL's ssltest program. Timings are
over the same number of connections.
1024 bit RSA with no EDH:
Approximate total server time: 3.20 s
Approximate total client time: 0.71 s
1024 bit RSA with 1024 bit EDH:
Approximate total server time: 5.94 s
Approximate total client time: 16.80 s
1024 bit DSA with 1024 bit EDH:
Approximate total server time: 4.62 s
Approximate total client time: 18.54 s
Note that server workload increases by less than 50 % when switching
from RSA without EDH to DSA with EDH. These timings have been made
with DSA-style DH parameters and 160-bit DH exponents. When using
1023-bit exponents (and DH parameters where the modulus is a safe
prime), things indeed become quite slow -- when the server reuses its
DH key (which cannot be done with DSA-style parameters because of
small-subgroup attacks), my timings look like this:
Approximate total server time: 10.17 s
Approximate total client time: 17.38 s
and when DH key reuse is disabled by calling SSL_CTX_set_options(s_ctx,
SSL_OP_SINGLE_DH_USE), even like this:
Approximate total server time: 17.11 s
Approximate total client time: 17.53 s
DSA-style DH parameters can be created by using the '-dsaparam' option
to 'openssl dhparam'; e.g., 'openssl dhparam -dsaparam 1024'.
Otherwise, a safe prime will be used. As said above, when using
DSA-style DH parameters you have to make sure the you don't reuse
DH keys.
------------------------------
From: [EMAIL PROTECTED] (Kaz Kylheku)
Crossposted-To: comp.os.linux.development.system,comp.os.linux.security
Subject: Re: a file security proposal
Reply-To: [EMAIL PROTECTED]
Date: Sat, 15 Jul 2000 20:39:45 GMT
On Sat, 15 Jul 2000 19:38:49 GMT, Michael Gu <[EMAIL PROTECTED]> wrote:
>If this has already been done, please ignore this message.
>
>I suggest to add file encryption capability to the system ( kernal, or
>whatever ). The general idea I have is following:
It's spelled ``kernel'' and there are already solutions for this, like
CFS from AT&T Research or block device encryption.
> 1. system distinguish whether a file is encrypted or not
> 2. when access an encrypted file, system will get the key by some
>means. e.g. prompt for a password, read user config file ...
Hmm, read a plaintext user config file. And what will protect that?
Prompt for a password at access time? What if it's a GUI application?
At one time, some goofballs decided to make low level file access
calls of an operating system generate prompts at the user. The result was the
infamous ``abort, retry, fail, ignore'' question of MS-DOS.
CFS has a solution in the form of a command that creates plain-text mapping
which appears to be an NFS mounted filesystem. The encryption key is held
within the CFS daemon, which acts as the encryption/decryption agent on
behalf of the user; the user's application manipulate the plaintext tree,
and the CFS daemon performs encrypted I/O on the encrypted tree which is
stored somewhere else, possibly on another machine.
A user can have many trees, with distinct keys. When the user wishes to access
his or her encrypted directory, he or she invokes the CFS command for creating
the plaintext mapping. At that time, the password is entered. The program
passes the authentication to the CFS daemon, which creates the plain view in a
directory tree that is NFS mounted from the deamon by the user's kernel.
> 3. after having aquired the key, system will handle
>encryption/decryption transparent to the calling party.
> 4. when create an file, the function call has an option to make it
>encrypted.
So each application that creates files has to be modified to support
this new option in the file creation system call! Good plan!
--
#exclude <windows.h>
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Has RSADSI Lost their mind?
Date: 15 Jul 2000 20:45:02 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (phil hunt)
writes:
>>
>>Netscape needed either Diffie-Hellman or RSA for SSL.
>Couldn't they have used an unemcumbered algorithm such as Blowfish?
Blowfish is not public key. No public key algorithm was unencumbered.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: Deleting directory entries without revoking key?
Date: Sat, 15 Jul 2000 16:50:39 -0400
the easy [ & only one ] solution for all PGP key management problems, such as :
/ delete / revoke / is this,
only OWNER of the key [ owner of PRIVATE key ] can :
/ delete / revoke / up - load /
key [ to / on ] key server ...
to do above operations, signature must be needed ...
the above is similar concept to one used on NYM servers to :
/ amend / create / delete /
NYM accounts ...
"Thomas J. Boschloo" wrote:
>
> Gerd Ewald wrote:
> >
> > You can delete keys on ldap/ldaps-server which allow this option.
> >
> > But: even if you have your key deleted, someone else might upload it again out
> > of his/her keyring. So it's better to revoke the key and show that this key
> > shouldn't be used any more (well, the revoked key can't be used, but there might
> > be a non revoked public key on a keyring)
>
> There should be a 'X-No-Archive: YES' in the next version of PGP. To
> keep your key from ending up on keyservers when you don't want them to.
> Ideal for beginners (who can change the setting once they feel more
> confortable with PGP).
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Has RSADSI Lost their mind?
Date: 15 Jul 2000 21:04:15 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (phil hunt)
writes:
]>>
]>> Couldn't they have used an unemcumbered algorithm such as Blowfish?
]>
]>Ehrrr... Blowfish is a symmtric cipher (Same single key for encrypt and
]>decrypt)
]>
]>RSA is an assymetric scheme (Public key/private key).
]Aren't there unencumbered public key algorithms? What does GnuPG use?
Now there are. The DH patent expired in 97 or 98. SSL was much before
that . RSA expires in two months. Elliptic curve is some time in the
future. There are no other public key algorithms I know of.
------------------------------
Subject: Re: xor confusion!
From: [EMAIL PROTECTED] (Larry Himes)
Date: Sat, 15 Jul 2000 21:03:20 GMT
[EMAIL PROTECTED] wrote in <8kqg8j$m5v$[EMAIL PROTECTED]>:
>i don't quite understand how the XOR operation works. i was reading
>about it in Applied Cryptography, by Bruce Schneier. the explaination
>was rather brief, so I decided to make a program that generated two
>random integers and XORed them. i understand why the same number twice
>will return zero, but i don't get how 6 xor 3 can be five (that's one
>of the pairs i got). any help is greatly appreciated!
>
6 = 110 (base 2)
3 = 011 (base 2)
5 = 101 (base 2)
Does that help??
>--spud
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
>
--
Save a meezer: http://www.siameserescue.org/
============================================
Remove my Zorch before sending mail.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: xor confusion!
Date: Sat, 15 Jul 2000 14:06:36 -0700
Actually XOR was defined long ago, along with AND, OR and
NOT, it's a bitwise operation. The mappings are:
NOT
In OUT
0 1
1 0
AND
In1 In2 OUT
0 0 0
0 1 0
1 0 0
1 1 1
OR
In1 In2 OUT
0 0 0
0 1 1
1 0 1
1 1 1
XOR
In1 In2 OUT
0 0 0
0 1 1
1 0 1
1 1 0
So to answer your question about 6 XOR 3 = 5
6 decimal = 110 binary
3 decimal = 011 binary
XOR of them 101 binary = 5 decimal
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Sat, 15 Jul 2000 14:11:41 -0700
> Elliptic curve is some time in the future.
Actually ECC itself is unencumbered, it's DH, however
Certicom (maybe others too) have patents on fast ways of
performing the operations.
Joe
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Sat, 15 Jul 2000 14:33:42 -0700
Joseph Ashwood wrote:
> ? Elliptic curve is some time in the future.
> Actually ECC itself is unencumbered, it's DH, however
> Certicom (maybe others too) have patents on fast ways of
> performing the operations.
Whether ECC was ever encumbered is debatable. There is an
argument that the DH patent covers it, but AFAIK the folks
who controlled the patent never made the argument.
Crandall has some ECC patents that are now owned by Apple.
They are considered unenforceable.
Certicom has applied for some patents, but I doubt that
they will be significant. Perhaps the most controversial
is the one that claims to have invented the idea that a
quadratic equation can have 2 roots. If that issues, it
will be more of a joke than the Apple patents.
------------------------------
From: [EMAIL PROTECTED] (Marck Gorszwick)
Crossposted-To: alt.cellular.motorola,alt.cellular.sprintpcs
Subject: Re: Help: is it diffie-hellman in phone.com browser?
Date: Sat, 15 Jul 2000 21:37:31 GMT
On Sat, 15 Jul 2000 02:48:57 GMT, [EMAIL PROTECTED] wrote:
>Hi Experts,
>Does phone.com browser use Diffie-hellman or RSA?
I'm not sure which one Sprint chose for incoperating into it's
browser, but Phone.com's gateway supports both RSA and Diffie-Hellman.
If you check out http://www.phone.com/pub/Security_WP.pdf, there's
plenty of information about public key crypto and their
browser/gateway.
I got this from there...
"UP.Link WAP Gateway is the only WAP gateway to offer both RSA and
Diffie-Hellman key exchange algorithms as part of its WTLS
implementation. This allows it to provide secure connections to the
broadest selection of WAP handsets in the industry, including all
handsets that use the UP.Browser™ microbrowser, as well as other
popular handsets, such as the Nokia 7110."
Marck
------------------------------
Date: Sat, 15 Jul 2000 22:50:54 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
jungle wrote:
>
> most of the programs are very smelly & dirty ...
>
> any help for freeware in win95 :
> SECURITY CLEAN text editor [ like NOTEPAD ] that can be used to edit
> up to 1 MB files ?
>
> SECURITY CLEAN =
> - no temp files
> [ permanent or / and intermittent = deleted after program closed ]
> - no entries in registry
> - no windows folder messing
vi -n foo.txt
vi can easily edit files larger than 1MB.
The -n switch says "don't use a swap file" - of course, recovery after a
crash will be impossible, but then crashing vi is quite difficult.
Since Linux doesn't have a registry, vi puts no entries there.
vi doesn't mess with the Windows folder, not least because there isn't a
Windows folder on a Linux system.
So vi would appear to meet all your requirements. Happy hacking.
Oh! You said win95. Sorry, just saw that now. Hmm - if you're so
concerned about security that you are worried about temporary files
being used by an editor while you're editing with it, I think you might
want to reconsider your choice of operating system.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
58 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (39
to go)
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
Date: 15 Jul 2000 22:34:27 GMT
Richard Heathfield [EMAIL PROTECTED] writes, in part:
>jungle wrote:
>> any help for freeware in win95 :
>> SECURITY CLEAN text editor [ like NOTEPAD ] that can be used to edit
>> up to 1 MB files ?
>>
>vi -n foo.txt
>
>vi can easily edit files larger than 1MB.
>The -n switch says "don't use a swap file" - of course, recovery after a
>crash will be impossible, but then crashing vi is quite difficult.
>Since Linux doesn't have a registry, vi puts no entries there.
>vi doesn't mess with the Windows folder, not least because there isn't a
>Windows folder on a Linux system.
>
>So vi would appear to meet all your requirements. Happy hacking.
>
>Oh! You said win95. Sorry, just saw that now. Hmm - if you're so
>concerned about security that you are worried about temporary files
>being used by an editor while you're editing with it, I think you might
>want to reconsider your choice of operating system.
>
>
The original poster, if he's interested in vi, might want to try something
called WinVi at:
http://winfiles.cnet.com/apps/98/text-editors-q.html
Folks interested in Linux/UNIX ports to Windows might look at:
http://winfiles.cnet.com/apps/98/unix.html
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Sat, 15 Jul 2000 18:50:40 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: xor confusion!
[EMAIL PROTECTED] wrote:
> i don't quite understand how the XOR operation works. i was reading
> about it in Applied Cryptography, by Bruce Schneier. the explaination
> was rather brief, so I decided to make a program that generated two
> random integers and XORed them. i understand why the same number twice
> will return zero, but i don't get how 6 xor 3 can be five (that's one
> of the pairs i got). any help is greatly appreciated!
You'll probably get other replies describing the single-bit truth table for
XOR. But for your purposes XOR is identical to ADD, except there are no
carries from the low bits to the high bits. So 0xor1 is 1, 1xor1 is 0, 2xor1
is 3, 3xor1 is 2, 4xor1 is 5, etc.
>
>
> --spud
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: RC4-- repetition length?
Date: Sat, 15 Jul 2000 22:30:02 GMT
In article <8kj04a$bd4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> John Myre <[EMAIL PROTECTED]> wrote:
> > Bill Unruh wrote:
> > <snip>
> > >
<<cut>>
>
> I did some analysis a few years ago because RC4 resembled a
> generator I had developed independently. Here's the analysis:
>
> http://burtleburtle.net/bob/rand/isaac.html
>
<<cut>>
>
> - Bob Jenkins
As I was looking at the above paper, I realised it said the
method of keying prevented landing in a short cycle. I was
wandering if the keying method in Ciphersabre 2 might be
problematic since it uses the same keying method, but does
not stop in the same place.
Also, I analised a simplified version of Solitaire some time
back and found short cycles, but I couldn't duplicate them in
the full cypher. I know Paul Crowley said he expected them
to exist due to a flaw in the reversibility of the cypher.
Has anyone else looked at Solitaire for conditions that could
lead to short cycles?
(Especially since the liberal method of keying allows *any*
state of the cipher to be reached)
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jeffrey Shallit)
Crossposted-To: comp.theory
Subject: Re: Quantum Computing (Was: Newbie question about factoring)
Date: 15 Jul 2000 22:21:52 GMT
In article <8kpind$ek2$[EMAIL PROTECTED]>,
Nick Maclaren <[EMAIL PROTECTED]> wrote:
>
>Oh, hell, OF COURSE a finite automaton can generate such things if
>you allow it to be fed an infinite input tape or use an infinite
>working tape (in the Turing model)!
It's not being fed an infinite input tape. As I explained, to get
the i'th digit, you feed the automaton with the base-k expansion of i.
>There are lots of other similar
>models, such as the one where the input is a true random sequence of
>bits. That can clearly generate the expansion of ANY real number,
>provided that you don't want any particular one :-)
You misunderstand the model. It has nothing to do with random inputs.
And the interesting point is that such a model is conjectured to generate
only rational or transcendental numbers.
>However, whether you can call such a thing "a finite state machine"
>is more debatable ....
The underlying machine is definitely a finite state machine,
and everyone who studies the model calls it one.
It might be nice if you restricted your comments to things with which
you are familiar. Judging from what I've seen, however, this might
substantially restrict your output.
Jeffrey Shallit
------------------------------
From: "Derrick Coetzee" <[EMAIL PROTECTED]>
Subject: Re: Prime Numbers?
Date: Sat, 15 Jul 2000 18:53:10 -0400
> Also the race to see who could find the largest prime
> would become an abusive search with people finding the nth prime with some
> absurdly large number for n.
I think really the search would come to a grinding halt, because it would
become without merit... similar to finding n! for very large n. People
would, though, struggle towards finding increasingly rapid methods for
evaluating the algorithm.
-Derrick Coetzee
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
Date: Sat, 15 Jul 2000 18:56:31 -0400
thanks ...
I'm looking at it right now ...
JPeschel wrote:
> >jungle wrote:
>
> >> any help for freeware in win95 :
> >> SECURITY CLEAN text editor [ like NOTEPAD ] that can be used to edit
> >> up to 1 MB files ?
> >
> The original poster, if he's interested in vi, might want to try something
> called WinVi at:
>
> http://winfiles.cnet.com/apps/98/text-editors-q.html
------------------------------
From: [EMAIL PROTECTED]
Subject: mirror bit !!
Date: Sat, 15 Jul 2000 22:48:34 GMT
hello
Mok-Kong Shen say
(2) Mirroring. This also has levels similar to swapping. At the first
level, the bits of the word referenced are exchanged by mirroring about
the central axis. At the second level, the mirroring is done separately
on each half of the word. Analogously for the higher levels.
could you give me some example please with 32 bit number !!!
thanks !!!
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Milo Yanker)
Subject: Re: xor confusion!
Date: Sat, 15 Jul 2000 23:02:44 GMT
[EMAIL PROTECTED] wrote:
>i don't quite understand how the XOR operation works.
The exclusive-or operation determines if two inputs are different. A one
means yes, they're different, and a zero means no, they're the same.
>i was reading
>about it in Applied Cryptography, by Bruce Schneier. the explaination
>was rather brief, so I decided to make a program that generated two
>random integers and XORed them. i understand why the same number twice
>will return zero, but i don't get how 6 xor 3 can be five (that's one
>of the pairs i got). any help is greatly appreciated!
Six is 0110 in binary.
Three is 0011 in binary.
Comparing the corresponding bits:
0 XOR 0 = 0 (The bits are the same.)
1 XOR 0 = 1 (The bits are different.)
1 XOR 1 = 0 (The bits are the same.)
0 XOR 1 = 1 (The bits are different.)
The result is 0101, which equals 5 in decimal.
--
"Milo Yanker" is actually 0178 654239 <[EMAIL PROTECTED]>.
0123 456789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
