Cryptography-Digest Digest #233, Volume #12 Sun, 16 Jul 00 06:13:01 EDT
Contents:
Re: Discreate logrithms in GF(p) ("David Sowinski")
Re: Proposal of some processor instructions for cryptographical ("Douglas A.
Gwyn")
Re: what is the symmetric algorithm for protection of classified info by gov
agencies ? ("David Sowinski")
Re: source code CD -from Burce Schneier (applied cyotopgraphy) ("David Sowinski")
Re: Has RSADSI Lost their mind? (Roger Schlafly)
Re: Win2000 Encryption (Greg)
Re: SECURITY CLEAN freeware text editor in win95 ? (JPeschel)
Re: Idea for CFB-like cipher ("Scott Fluhrer")
Re: xor confusion! (John Savard)
Re: SECURITY CLEAN freeware text editor in win95 ? (jungle)
Re: what is the symmetric algorithm for protection of classified info by (jungle)
Re: Win2000 Encryption (Ryan Phillips)
Re: Win2000 Encryption (Paul Schlyter)
Re: Diffie Hellman Primes : Speed Tradeoff Q (Mark Wooding)
Re: New Idea - Cipher on a Disk ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: "David Sowinski" <[EMAIL PROTECTED]>
Subject: Re: Discreate logrithms in GF(p)
Date: Sun, 16 Jul 2000 01:16:45 -0500
Andrew Odlyzko's papers are also a very good source for information. Namely:
"Discrete logarithms: The past and future"
"On the Complexity of Computing Discrete Logarithms and Factoring
Integers"
"Discrete Logarithms in finite fields and their cryptographic
significance"
-dave
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Is there a techique for z, if x, y, p are known:
>
> x = y^z mod p.
>
> n.b. p is a prime.
>
>
> -----------------------------------------------------------
>
> Got questions? Get answers over the phone at Keen.com.
> Up to 100 minutes free!
> http://www.keen.com
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: comp.arch
Subject: Re: Proposal of some processor instructions for cryptographical
Date: Sun, 16 Jul 2000 02:16:57 -0400
"Stefan Monnier " wrote:
> You said that when casting int to char*, a bit-addressed architecture
> could provide the illusion of sizeof(char)==1 by shifting the int
> value by 3 bits (assuming chars are 8bit).
I didn't say that. Probably the C implementation would use the natural
mapping of bit pointer to int, which would not involve shifting. The
requirement sizeof(char)==1 is met simply by allocating all objects as
multiples of octets (assuming 8 bits per char). Pointer arithmetic
would involve shifting even for pointers to char, as it already does
for pointers to objects consisting of more than one byte.
> But then c1 and c2 in the following code won't be the same anymore
> unless you do something very funky with casts from int* to char**:
> void f (int n)
> {
> char *c1 = (char*)n;
> char *c2 = *(char**)&n;
> ....
> }
These are already (in Standard C) not necessarily the same.
------------------------------
From: "David Sowinski" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by gov
agencies ?
Date: Sun, 16 Jul 2000 01:25:00 -0500
"jungle" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> FIPS 46-2, The Data Encryption Standard (DES), is the approved symmetric
> algorithm for protection of sensitive but unclassified information by
> government agencies.
>
> what is the symmetric algorithm for protection of classified info by gov
> agencies ?
Why wouldn't it be Skipjack? The FORTEZZA Crypto Card has a security label
for "Top Secret" information; and as we all know (or do we) the FORTEZZA
Crypto Card utilizes Skipjack and KEA. Can I say this???
-dave
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "David Sowinski" <[EMAIL PROTECTED]>
Subject: Re: source code CD -from Burce Schneier (applied cyotopgraphy)
Date: Sun, 16 Jul 2000 01:39:46 -0500
> Does nay one used source code CD -from Burce Schneier (applied
> cyotopgraphy)
> 3DES code does not work, does not have any test code or main() function
> I am pretty new to crypto..., And I am stck on a project.
What language is this question in? ;-) For an optimized X86 implementation
of 3DES try.
http://people.qualcomm.com/karn/code/index.html
-dave
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Sat, 15 Jul 2000 23:43:05 -0700
Mack wrote:
> ?? ELGamal, probably described lots of places, but I don't know where.
> ?That is DH (It is the name given to the public key version of DH )
Yes. DH was the original public key cryptosystem. Sometimes it is
called ElGamal, but ElGamal's innovation was in using DH keys for
signatures. ElGamal's signatures have since been superceded by DSA.
> The original DH patent used knapsack didn't it?
There were 2 crucial Stanford patents. One described DH key exchange
and the other described knapsack. A third patent was similar to RSA
but used a prime modulus and was not public key.
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Win2000 Encryption
Date: Sun, 16 Jul 2000 06:48:22 GMT
> >Are you saying that it should have been encrypted like it reported?
> >
>
> No to tell if it is actually encrypted, you would have to
> examine it using some sort of disk editor. As long as you copy with
> Win2k running it will convert it to the unencrypted form.
So it is only encrypted on the HD, but when NT using NTFS drivers
reads it off the HD it is decrypted and thus I never see the
cipher text of the file (unless I bypass NT and use a disk
editor like you say)?
How can I be sure that it is encrypted? This is a very interesting
puzzle...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 16 Jul 2000 07:04:55 GMT
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
jungle [EMAIL PROTECTED] writes, in part:
>the winvi32 is NOT CLEAN ...
Sorry, haven't used it myself, but it sounded like
a possibility. Couldn't you just use the DOS edit
command?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Idea for CFB-like cipher
Date: Sat, 15 Jul 2000 23:46:19 -0700
Benjamin Goldberg <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> After reading the description of the 'Cipher FeedBack' mode of chaining
> for DES, where the last 64 bits of ciphertext were encrypted, and one
> bit of this was XORed with one bit of plaintext to get the next
> ciphertext bit, I came up with the following idea: Using a small, fast,
> secure keyed hash, do something similar. CFB in DES is slow and
> inefficient, but that's because DES is designed for 64 bit output; we
> can easily make a hash that is designed to have an 8 bit output.
>
> This has probably been done before, but who knows?
>
> IV = initialization vector.
> PT[0..] = plaintext
> CT[0..] = ciphertext
> H_K = a keyed psuedorandom function {0,1}^(8N) -> {0,1}^8
>
> Algorithm:
> CT[-N .. -1] = IV
> CT[i] = PT[i] XOR H_K( CT[i-1 .. CT[i-N] )
>
> The H I would use is more-or-less grabbed from lja1:
>
> /* K is the key, in is the input, N in the size */
> /* K is a shuffled array 0..255, which has been */
> /* changed so that for all i, K[i] != i */
> char H(char *K, char *in, int N) {
> int i, out;
> for( i = out = 0; i < N; ++i )
> out = key[out+key[in[i]]];
> return (char)out;
> }
Possible chosen-ciphertext attack: choose the 256 ciphertexts:
00 ... 00 XX
where there are N-1 zeros, and XX cycles through all possible bytes. Then,
by examining how the next byte after each pattern is decrypted, we can
determine, for each XX, the value of:
key[ C + key[ XX ] ]
for some unknown (but constant) C. Then, assume the value of C (that is,
iterate through all 256 possible values), and:
- Assume key[0]
- Because we know key[C + key[0]] and C and key[0], we know key[y] where y
= C + key[0]
- Because we know key[C + key[y]] and C and key[y], we know key[z] where z
= C + key[y]
Iterate until we hit a loop, or have hit a counterdiction (that is, some
element of the key array must take on two values, or (if the key array is a
permutation) two different elements of the key array must take on the same
value.
If we hit a counterdiction, at least one of the values we assumed is wrong.
If we hit a loop, if we know/assumed the entire key permutation, decrypt
some text to verify. Otherwise, select another element, and start a loop
there.
Note that, if key[] is a permutation, then the only place we can loop back
to without hitting a counterdiction is the beginning. Otherwise, we will
have two distinct values x, y for which:
key[ C + key[x] ] = key[ C + key[y] ]
And, if we have assumed the wrong value for C, key[0], we can (put furious
handwaving here) model the above process as a random function. And so, we
can expect it to hit a counterdiction (that is, loop back to some value
other than the beginning) most of the time, and within a relatively few
steps.
And so, the work effort for this attack looks quite doable.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: xor confusion!
Date: Sun, 16 Jul 2000 07:13:03 GMT
On Sat, 15 Jul 2000 20:06:51 GMT, [EMAIL PROTECTED] wrote, in
part:
>i don't quite understand how the XOR operation works. i was reading
>about it in Applied Cryptography, by Bruce Schneier. the explaination
>was rather brief, so I decided to make a program that generated two
>random integers and XORed them. i understand why the same number twice
>will return zero, but i don't get how 6 xor 3 can be five (that's one
>of the pairs i got). any help is greatly appreciated!
6 in binary is 110; meaning 4 + 2.
3 in binary is 11; meaning 2 + 1.
So, the XOR between them:
4 2 1
1 1 0
1 1
======
1 0 1
is exactly 5, because one has a 4, one has a 1, but both have a 2, so
those cancel.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: SECURITY CLEAN freeware text editor in win95 ?
Date: Sun, 16 Jul 2000 03:43:38 -0400
thanks,
I will stay in 30 kb limitation of notepad [ it is very clean ] ...
for other staff, EditPad 351 [ it creates / deletes intermittent temp files ]
...
JPeschel wrote:
>
> jungle [EMAIL PROTECTED] writes, in part:
>
> >the winvi32 is NOT CLEAN ...
>
> Sorry, haven't used it myself, but it sounded like
> a possibility. Couldn't you just use the DOS edit
> command?
dos :
for partitions manipulation / back - up
&
the highest level of encryption with pgp262 for pass of passes ...
all above are very infrequent incidences ...
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: what is the symmetric algorithm for protection of classified info by
Date: Sun, 16 Jul 2000 03:52:36 -0400
fortezza & skipjack is used for unclassified info only ...
http://www.defenselink.mil/news/Jun1998/b06231998_bt316-98.html
David Sowinski wrote:
>
> "jungle" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > FIPS 46-2, The Data Encryption Standard (DES), is the approved symmetric
> > algorithm for protection of sensitive but unclassified information by
> > government agencies.
> >
> > what is the symmetric algorithm for protection of classified info by gov
> > agencies ?
>
> Why wouldn't it be Skipjack? The FORTEZZA Crypto Card has a security label
> for "Top Secret"
???
> information; and as we all know (or do we) the FORTEZZA
> Crypto Card utilizes Skipjack and KEA. Can I say this???
------------------------------
Subject: Re: Win2000 Encryption
From: [EMAIL PROTECTED] (Ryan Phillips)
Date: 16 Jul 2000 03:39:15 -0500
You could try logging in as a different person, and try viewing the file.
-Ryan
[EMAIL PROTECTED] (Greg) wrote in <8krlrk$ea0$[EMAIL PROTECTED]>:
>
>> >Are you saying that it should have been encrypted like it reported?
>> >
>>
>> No to tell if it is actually encrypted, you would have to
>> examine it using some sort of disk editor. As long as you copy with
>> Win2k running it will convert it to the unencrypted form.
>
>
>So it is only encrypted on the HD, but when NT using NTFS drivers
>reads it off the HD it is decrypted and thus I never see the
>cipher text of the file (unless I bypass NT and use a disk
>editor like you say)?
>
>How can I be sure that it is encrypted? This is a very interesting
>puzzle...
>
>
>Sent via Deja.com http://www.deja.com/
>Before you buy.
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Win2000 Encryption
Date: 16 Jul 2000 10:46:52 +0200
In article <8krlrk$ea0$[EMAIL PROTECTED]>, Greg <[EMAIL PROTECTED]> wrote:
>>> Are you saying that it should have been encrypted like it reported?
>>
>> No to tell if it is actually encrypted, you would have to
>> examine it using some sort of disk editor. As long as you copy with
>> Win2k running it will convert it to the unencrypted form.
>
> So it is only encrypted on the HD, but when NT using NTFS drivers
> reads it off the HD it is decrypted and thus I never see the
> cipher text of the file (unless I bypass NT and use a disk
> editor like you say)?
>
> How can I be sure that it is encrypted? This is a very interesting
> puzzle...
Boot plain MS-DOS from a floppy, and then run your disk editor from MS-DOS.
This of course assumes you have a disk editor which runs from MS-DOS.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Diffie Hellman Primes : Speed Tradeoff Q
Date: 16 Jul 2000 09:21:57 GMT
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mark Wooding) wrote:
>
> > Does the structure of p, containing as it does many small factors, not
> > make attacks against the cyclic group of the whole field easier?
[I thought I cancelled this version of the article and sent a clearer
one. Oh, well.]
> Huh? Z/pZ* isn't cyclic.
Yes it is. For prime p, Z/pZ is a finite field and therefore the
elements other than zero form a cyclic multiplicative group.
> What do you mean by "cyclic group of the whole field"?
That was the part I attempted to clarify in the new version. I agree
that my phrasing was confused.
> What do you really mean?
I'm considering a cryptosystem whose security is based on the difficulty
of a discrete logarithm problem: given primes p and q, where p = q R + 1
for some composite R, with p large enough that the Number Field Sieve is
impractical for computing discrete logs mod p' for random primes p' of
the same size as p, and q large enough that collision-finding algorithms
such as Pollard's rho are impractical for computing discrete logs in the
order-q subgroup of GF(p), what constraints are there on the structure
of R such that, with current algorithms, computing discrete logs in the
order-q subgroup is impractical?
-- [mdw]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: New Idea - Cipher on a Disk
Date: Sun, 16 Jul 2000 09:46:46 GMT
On 16 Jul 2000 05:47:48 GMT, [EMAIL PROTECTED] (Mack) wrote:
>>
>>Is this not best achieved by having a user generated key and
>>encryption process on a smart card (user may have as many cards as
>>they wish), which requires biometrics to operate. All PCs and
>>appliances have a slot for the card, all operating systems compluy
>>with open standards for the inciorporation of the card based processes
>>in their security model.
>>
>>
>
>Smart cards aren't the best answer by themselves. What happens if the
>card is lost or stolen? If it can be easily duplicated then stolen cards are
>a problem. If they are impossible to duplicate then lost cards are a problem.
If the card is stolen, they must be able to get past the card security
to use it. It is quite feasible to construct the card so that it is
tamper proof.
If the card is lost, that is a prima facie problem, as you lose the id
associated with the card. Ways to address this include: simply
requiring people to re-establish their rights against a new id (eg as
when people lose/forget their password on a system now), "replace" the
locks (if the card is being used for car, house etc.) although replace
in this context would presumably mean a locksmith initialising the
lock and the person re-identifying themselves with a new card; and no
doubt there would be a market for secure, voluntary escrow, for people
who wanted to back their cards up. The latter maight entail some
compromise of security, but this could be tackled by usual methods
such as requiring another user held key to access the data in escrow.
>I personally like the idea of a single access code smart code that would spit
>out the appropriate password and certificate when queried.
That's what I am suggesting. The aim in using a smart card is to make
it portable, universal and within the control of the user.
>Building readers and an OS interface should not be a major problem.
>Microsoft has the power to bully everyone into accepting some
>kind of standard. I believe there is already a standard for smart card
>hardware interfaces already. I don't know about a software interface though.
Embedding a standard method into the OS security model is the critical
development. I have suggested it to Microsoft. I'll be surprised if
they dont produce something like this. Mind you the Linux crowd could
do it pretty quick, although someone would have to produce the
smartcard. That would put the heat on the proprietary OS mob to catch
up or lose market share.
>The best security would require a passphrase, a fingerprint and
>a token. After all if your opponent is an oppresive police force
>they may not have any compunction about cutting off a finger to
>get a good fingerprint.
I believe the biomechanics used for fingerprint recognition will not
recognise the finger if the person is dead or the finger is detached.
But this doesn't stop someone (eg a mugger) forcing you to use the
card.
I suspect finger print recognition on a card is the easiest, but one
could use a 4 number pin, and simply code the card so that it locks up
after 4-5 failed attempts.
>But they would still have to torture the
>password out of you.
Encryption cannot of itself stop someone beating out of you what you
know.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
