Cryptography-Digest Digest #236, Volume #12 Mon, 17 Jul 00 07:13:01 EDT
Contents:
Re: Win2000 Encryption (Ichinin)
RC5 Question ("Brian Patterson")
Re: RC5 Question (James Pate Williams, Jr.)
Re: Win2000 Encryption (Suchandra Thapa)
Re: xor confusion! (Suchandra Thapa)
Classical Crypto Books (CryptoBook)
Re: Win2000 Encryption (Mack)
Re: Win2000 Encryption (Jerry Coffin)
Re: New Idea - Cipher on a Disk (Mack)
Re: Win2000 Encryption (Volker Hetzer)
Re: Computing with Encrypted Functions (Paul Rubin)
Re: Has RSADSI Lost their mind? (Mark Wooding)
Re: stes-0.0.0 released (was: Steganographic encryption system) (Nick Kew)
Re: Quantum Computing (Was: Newbie question about factoring) (Kent Paul Dolan)
Re: Comment on [Mixmaster] version 3. [Section 3.2] (Pete Chown)
Re: Quantum Computing (Was: Newbie question about factoring) (Nick Maclaren)
Re: Blowfish Algorithm ("Falissard")
Re: Win2000 Encryption (Daniel James)
----------------------------------------------------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Win2000 Encryption
Date: Mon, 17 Jul 2000 03:10:21 +0200
Steve Rush wrote:
> Let me guess: by default, Win2K not only doesn't erase the swapfile on
> shutdown, but sets every security parameter to "wide open."
1) By default = Yupp.
2) Not "wide open", the words you're looking for is
"caught-with-the-pants-halfway-down".
/Ichinin
P.S: If anyone have info on HOW NT/W2K erases the swapfile -> Email me
(Please)
------------------------------
From: "Brian Patterson" <[EMAIL PROTECTED]>
Subject: RC5 Question
Date: Mon, 17 Jul 2000 01:52:02 GMT
Hi All,
I have a question concerning the source code to RC5 as shown in "Applied
Cryptography". The source code uses a data type of "u4". I'm trying to
compile the test app using MS Visual C++ 6.0. What exactly is a "u4"
datatype?
- Brian Patterson
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: RC5 Question
Date: Mon, 17 Jul 2000 02:32:25 GMT
On Mon, 17 Jul 2000 01:52:02 GMT, "Brian Patterson" <[EMAIL PROTECTED]>
wrote:
>Hi All,
>I have a question concerning the source code to RC5 as shown in "Applied
>Cryptography". The source code uses a data type of "u4". I'm trying to
>compile the test app using MS Visual C++ 6.0. What exactly is a "u4"
>datatype?
>
>- Brian Patterson
Look on page 654 of _Applied Cryptography_ under 3-Way:
typedef unsigned long u4;
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
From: [EMAIL PROTECTED] (Suchandra Thapa)
Subject: Re: Win2000 Encryption
Reply-To: [EMAIL PROTECTED]
Date: Mon, 17 Jul 2000 03:58:00 GMT
Mack <[EMAIL PROTECTED]> wrote:
>Greg [EMAIL PROTECTED] wrote:
>>Can anyone explain what is happening? Do I need to install some
>>software component to make this work or am I doing something wrong?
>>
>
>Have you tried booting from linux or some other OS and accessing
>the same file? Possibly with a disk editor from DOS?
Don't try to use linux to access the drive. Linux doesn't
handle NTFS very well. I believe it reads NT4's file system
without many errors. However any writes to win2000 or NT4's file systems
WILL corrupt the filesystem enough that nt or win2000 probably
won't be able to mount the filesystem.
--
==================================================================
Suchandra S. Thapa
[EMAIL PROTECTED]
==================================================================
------------------------------
From: [EMAIL PROTECTED] (Suchandra Thapa)
Subject: Re: xor confusion!
Reply-To: [EMAIL PROTECTED]
Date: Mon, 17 Jul 2000 03:58:02 GMT
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>i don't quite understand how the XOR operation works. i was reading
>about it in Applied Cryptography, by Bruce Schneier. the explaination
>was rather brief, so I decided to make a program that generated two
>random integers and XORed them. i understand why the same number twice
>will return zero, but i don't get how 6 xor 3 can be five (that's one
>of the pairs i got). any help is greatly appreciated!
Basically,
1 xor 1 = 0
1 xor 0 = 1
0 xor 1 = 1
0 xor 0 = 0
xor works on a bit by bit basis so 110 xor 011 = 101.
--
==================================================================
Suchandra S. Thapa
[EMAIL PROTECTED]
==================================================================
------------------------------
From: [EMAIL PROTECTED] (CryptoBook)
Subject: Classical Crypto Books
Date: 17 Jul 2000 04:23:43 GMT
16 July 2000
Classical Crypto Books is pleased to announce the following recent update to
the CCB catalog.
ESPIONAGE AND INTELLIGENCE
BRITISH MILITARY INTELLIGENCE IN THE PALESTINE CAMPAIGN 1914-1918
by Yigal Sheffy
British victory was assured, in large measure, because all important enemy
secrets were known by their military intelligence. Wireless intelligence was an
absolutely reliable source, with all Turkish Commissariat ciphers known.
Published at $29.50.
SB, Frank Cass, 1998, 400 pp.
Nonmember $27.95, Member $26.95
ESPIONAGE: Past, Present, Future?
by Wesley K. Wark (Editor)
Features four articles on the Canadian intelligence services, including
"Intrepid's [Sir William Stephenson's] Last Deception," two articles on the KGB
by Gordievsky and Andrew, and others. (See also "British Security Coordiantion"
by Anonymous.) Published at $19.50.
SB, Frank Cass, 1994, 168 pp.
Nonmember $18.95, Member $17.95
HISTORY
THE CLANDESTINE COLD WAR IN ASIA, 1945-65: Western Intelligence, Propaganda and
Special Operations
by Richard J. Aldrich, Gary D. Rawnsley, Ming-Yeh T. Rawnsley (Editors)
Information about post WWII COMINT is not yet plentiful. So, the lead paper in
Part I, by Matthew M. Aid, is a welcome addition to the literature: "US Humint
and Comint in the Korean War: From the Approach of War to the Chinese
Intervention." Published at $24.50.
SB, Frank Cass, 2000, 312 pp.
Nonmember $22.95, Member $21.95
ALLIED AND AXIS SIGNALS INTELLIGENCE IN WORLD WAR II: Studies in Intelligence
by David Alvarez (Editor), Forword by David Kahn
Much of the attention on World War II SIGINT has focused on British and
American successes. This volume sheds light on cryptanalysis, by both sides, in
Australia, China, England, France, Germany, Hungary, Finland, Italy, Japan, and
the USA. Published at $57.50.
HB, Frank Cass, 1999, 240 pp.
Nonmember $54.95, Member $51.95
ALLIED AND AXIS SIGNALS INTELLIGENCE IN WORLD WAR II: Studies in Intelligence
by David Alvarez (Editor), Forword by David Kahn
Much of the attention on World War II SIGINT has focused on British and
American successes. This volume sheds light on cryptanalysis, by both sides, in
Australia, China, England, France, Germany, Hungary, Finland, Italy, Japan, and
the USA. Published at $24.50.
SB, Frank Cass, 1999, 240 pp.
Nonmember $22.95, Member $21.95
INTELLIGENCE INVESTIGATIONS: How Ultra Changed History
by Ralph Bennett
The author, the retired President of Cambridge's Magdalene College, worked at
Bletchley Park for four years during World War II as a senior producer of Ultra
intelligence (military intelligence based on decrypted Enigma traffic).
Published at $42.50.
HB, Frank Cass, 1996, 209 pp.
Nonmember $39.95, Member $37.95
INTELLIGENCE INVESTIGATIONS: How Ultra Changed History
by Ralph Bennett
The author, the retired President of Cambridge's Magdalene College, worked at
Bletchley Park for four years during World War II as a senior producer of Ultra
intelligence (military intelligence based on decrypted Enigma traffic).
Published at $22.50.
SB, Frank Cass, 1996, 209 pp.
Nonmember $20.95, Member $19.95
VATICAN
NOTHING SACRED: Nazi Espionage Against the Vatican, 1939-1945
by David Alvarez, Robert A. Grahm, SJ
Considering the Catholic Church a serious domestic security threat, Hitler's
agents penetrated it in Germany, but were less successful in Rome.
Codebreaking, on the other hand, was a huge success: the Nazis read just about
all secret Papal traffic. Published at $24.50.
HB, Frank Cass, 1997, 207 pp.
Nonmember $22.95, Member $21.95
VATICAN CODE SYSTEMS
by Anonymous, National Security Agency
Written in 1944; formerly classified. Covers general characteristics of WW2
systems; red, yellow, and green codes; & traffic identification & logging.
Includes an overall survey of codes and an appraisal of Vatican cryptography.
Typeset for this edition.
SB, Aegean Park Press C-86, 1999, 80 pp.
Nonmember $28.80, Member $23.05
==============
HB = Hardbound
SB = Softbound
MG = Magazine
==============
All items are in stock and available now. Member prices are available to
members of the American Cryptogram Association, the U.S. Naval Cryptologic
Veterans Association, and full-time students. Shipping and handling are extra.
For complete ordering information, a free catalog of crypto books by return
e-mail, or for information about membership in the American Cryptogram
Association, please send e-mail to: [EMAIL PROTECTED]
Best Wishes,
Gary
Gary Rasmussen
Classical Crypto Books
E-Mail: [EMAIL PROTECTED]
Fax: (603) 432-4898
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 17 Jul 2000 05:39:24 GMT
Subject: Re: Win2000 Encryption
>Mack <[EMAIL PROTECTED]> wrote:
>>Greg [EMAIL PROTECTED] wrote:
>>>Can anyone explain what is happening? Do I need to install some
>>>software component to make this work or am I doing something wrong?
>>>
>>
>>Have you tried booting from linux or some other OS and accessing
>>the same file? Possibly with a disk editor from DOS?
>
> Don't try to use linux to access the drive. Linux doesn't
>handle NTFS very well. I believe it reads NT4's file system
>without many errors. However any writes to win2000 or NT4's file systems
>WILL corrupt the filesystem enough that nt or win2000 probably
>won't be able to mount the filesystem.
>
>
>--
>------------------------------------------------------------------
>
>Suchandra S. Thapa
>[EMAIL PROTECTED]
>
>------------------------------------------------------------------
>
Haven't had that problem so far. Of course haven't really used the win2k
file system with linux.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: Win2000 Encryption
Date: Sun, 16 Jul 2000 23:55:40 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
[ ... ]
> Let me guess: by default, Win2K not only doesn't erase the swapfile on
> shutdown, but sets every security parameter to "wide open."
Well, there _are_ ways to set it to be less secure than it is by
default, but if you're at all interested in security, the default
settings are almost certainly a LOT different than you want.
> Has anyone checked to see if Win2K stores the decryption key in the file?
I haven't checked, but at least according to their literature, it's
not...or more accurately, they're not: they include a key-escrow
setup, so if (for example) a person dies with files encrypted, an
administrator can recover the data. As I understand it, there
doesn't _have_ to be more than one key for any particular piece of
data, but that does seem to be the intended mode of operation (I'll
refrain from commenting on the good and bad points of key-escrow in
general and this particular application of it, as that's mostly a
separate question).
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 17 Jul 2000 06:04:09 GMT
Subject: Re: New Idea - Cipher on a Disk
>On 16 Jul 2000 05:47:48 GMT, [EMAIL PROTECTED] (Mack) wrote:
>
>>>
>>>Is this not best achieved by having a user generated key and
>>>encryption process on a smart card (user may have as many cards as
>>>they wish), which requires biometrics to operate. All PCs and
>>>appliances have a slot for the card, all operating systems compluy
>>>with open standards for the inciorporation of the card based processes
>>>in their security model.
>>>
>>>
>>
>>Smart cards aren't the best answer by themselves. What happens if the
>>card is lost or stolen? If it can be easily duplicated then stolen cards
>are
>>a problem. If they are impossible to duplicate then lost cards are a
>problem.
>
>If the card is stolen, they must be able to get past the card security
>to use it. It is quite feasible to construct the card so that it is
>tamper proof.
I believe there was a paper a while back about that. It is somewhere
on the web. 'Tamper proofing' a smart card just depends on the
budget of the atacker. If they have unlimited budget and unlimited
access to the card they can get what is in it out. Of course if it has
some kind of encrypted data they still have to crack the code.
>
>If the card is lost, that is a prima facie problem, as you lose the id
>associated with the card. Ways to address this include: simply
>requiring people to re-establish their rights against a new id (eg as
>when people lose/forget their password on a system now), "replace" the
>locks (if the card is being used for car, house etc.) although replace
>in this context would presumably mean a locksmith initialising the
>lock and the person re-identifying themselves with a new card; and no
>doubt there would be a market for secure, voluntary escrow, for people
>who wanted to back their cards up. The latter maight entail some
>compromise of security, but this could be tackled by usual methods
>such as requiring another user held key to access the data in escrow.
>
These two are dependent problems. In this case we are saying
put your whole life in this card. If you lose it you must start over.
or else we can duplicate your data for you. But someone else
may be able to steal/duplicate that data.
>>The best security would require a passphrase, a fingerprint and
>>a token. After all if your opponent is an oppresive police force
>>they may not have any compunction about cutting off a finger to
>>get a good fingerprint.
>
>I believe the biomechanics used for fingerprint recognition will not
>recognise the finger if the person is dead or the finger is detached.
>But this doesn't stop someone (eg a mugger) forcing you to use the
>card.
>
Most fingerprint readers don't care if the finger is real or a plastic
replica. They simply check for certain patterns of ridges. More
advanced models can detect body heat and pulse but they are of
course more expensive. I believe that info could be used to
detect if a person is under duress or drugged. Ie body temp lower
if drugged. Pulse higher if under duress.
>I suspect finger print recognition on a card is the easiest, but one
>could use a 4 number pin, and simply code the card so that it locks up
>after 4-5 failed attempts.
>
>>But they would still have to torture the
>>password out of you.
>
>Encryption cannot of itself stop someone beating out of you what you
>know.
>
But a password does add a layer of protection. Ie. they can't kill you
till they have it.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Win2000 Encryption
Date: Mon, 17 Jul 2000 10:18:52 +0200
Mack wrote:
>
> Greg [EMAIL PROTECTED] wrote:
> >And what is more odd is that there is no password provided to me.
>
> Should be the same as the password for your user name.
You mean Win2000 stores the password in a retrievable form???
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Computing with Encrypted Functions
Date: 17 Jul 2000 08:56:01 GMT
In article <8kq55h$eil$[EMAIL PROTECTED]>, zapzing <[EMAIL PROTECTED]> wrote:
>> Well, if they have a workable method in general for doing that, among
>> other things it makes identity-based encryption trivial.
>
>You're not talking about Biometrics based encryption,
>are you? because if so, I don't see the connection.
No, nothing to do with biometrics. See a cryptography book.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Has RSADSI Lost their mind?
Date: 17 Jul 2000 09:32:18 GMT
Bodo Moeller <[EMAIL PROTECTED]> wrote:
> when the server reuses its DH key (which cannot be done with DSA-style
> parameters because of small-subgroup attacks),
This is interesting, and not something I've come across before. Does
anyone have a more detailed reference?
-- [mdw]
------------------------------
From: [EMAIL PROTECTED] (Nick Kew)
Crossposted-To: comp.os.linux.development.apps,uk.comp.os.linux
Subject: Re: stes-0.0.0 released (was: Steganographic encryption system)
Date: Sun, 16 Jul 2000 22:45:05 +0000
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (phil hunt) writes:
> This is a highly unfinished version, as the version number suggests: it
> encrypts but it doesn't decrypt.
Wonderful! Keep it like that, and let's all start using it as and when
anything looking like RIP becomes law!
--
Nick Kew
Site Valet - the essential service for anyone with a Website.
Now available at <URL:http://valet.webthing.com/>
------------------------------
Crossposted-To: comp.theory
Subject: Re: Quantum Computing (Was: Newbie question about factoring)
Reply-To: [EMAIL PROTECTED] (Kent Paul Dolan)
From: [EMAIL PROTECTED] (Kent Paul Dolan)
Date: Mon, 17 Jul 2000 09:54:51 GMT
Nick Maclaren <[EMAIL PROTECTED]> wrote:
>Oh, hell, OF COURSE a finite automaton can generate such things if
>you allow it to be fed an infinite input tape or use an infinite
>working tape (in the Turing model)!
I don't understand this last part. Turing machines have _always_ had an
infinite working tape; that is part of the model.
Similarly, I don't see the objection to feeding an FSA an infinite input
tape; it either reaches an exit state, and stops reading the tape, or it
doesn't, and goes on doing someting possibly interesting "forever".
xanthian, confused and in over his head, as usual.
===== random archival quality quote =====
"The Information contained in this E-Mail and any subsequent
correspondence is private and is intended solely for the intended
recipient(s). For those other than the intended recipient any
disclosure, copying, distribution, or any action taken or omitted to be
taken in reliance on such information is prohibited and may be
unlawful."
-- from a British poster; not sure how useful this would be under US
law, but if it would work, what a nice mallet this would be to use in
smashing employer email snooping. Modifying this to be a copyright
statement could be a good approach for US law.
--
Kent Paul Dolan.
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
------------------------------
From: Pete Chown <[EMAIL PROTECTED]>
Subject: Re: Comment on [Mixmaster] version 3. [Section 3.2]
Date: Mon, 17 Jul 2000 10:01:14 GMT
Sorry about the late followup to this post -- I just thought of
something.
I wonder if it would be worth adding transport layer encryption to the
communication between to Mixmasters. Suppose that the black hats were
recording all communications going in and out of all Mixmasters.
Subsequently they obtain the Mixmasters' private keys. Exactly how is
immaterial; say burglary for the sake of argument.
It would be nice if this did not allow them to decrypt all the
intercepted traffic. We could add forward secrecy to the Mixmaster
protocol by passing the messages (encrypted the same as now) over TLS.
(Not all TLS cipher suites provide forward secrecy, but we could insist
on, for example TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.)
Mixmaster messages go over SMTP, so an easy way of supporting TLS is to
use the STARTTLS SMTP extension, described in RFC2487.
--
Pete
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Nick Maclaren)
Crossposted-To: comp.theory
Subject: Re: Quantum Computing (Was: Newbie question about factoring)
Date: 17 Jul 2000 10:49:37 GMT
In article <LJAc5.1469$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Kent Paul Dolan)
writes:
|> Nick Maclaren <[EMAIL PROTECTED]> wrote:
|>
|> >Oh, hell, OF COURSE a finite automaton can generate such things if
|> >you allow it to be fed an infinite input tape or use an infinite
|> >working tape (in the Turing model)!
|>
|> I don't understand this last part. Turing machines have _always_ had an
|> infinite working tape; that is part of the model.
Yes, but finite automata haven't. The traditional finite state
machine is just what it says - a machine with a finite number of
states, each in a fixed initial state, with a SINGLE, ARBITRARY,
FINITE input tape, and a fixed set of transitions between the
states. It is trivial to show that this can generate only
rational numbers (because it has to repeat.)
This is actually a fairly uninteresting object, so most work has
been done on various extensions. There are zillions of these,
some of which end up being equivalent to Turing machines. In
turn, Turing machines can be extended in zillions of different
ways, few of which seem to make much difference to the set of
soluble problems but several which make a difference to which
problems are exponentially complex and which aren't. Which is
where we came in.
|> Similarly, I don't see the objection to feeding an FSA an infinite input
|> tape; it either reaches an exit state, and stops reading the tape, or it
|> doesn't, and goes on doing someting possibly interesting "forever".
However, the difference between assuming a finite and infinite
input makes quite a difference to the analysis.
Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Email: [EMAIL PROTECTED]
Tel.: +44 1223 334761 Fax: +44 1223 334679
------------------------------
From: "Falissard" <[EMAIL PROTECTED]>
Subject: Re: Blowfish Algorithm
Date: Mon, 17 Jul 2000 12:57:03 +0200
Reply-To: "Falissard" <[EMAIL PROTECTED]>
You should read Schneier's page at :
http://www.counterpane.com/blowfish.html
and review the original Blowfish paper.
The "standard" Blowfish has 16 rounds.
The F function must always process 4 bytes
in the same way.
You should also read "mod 2 power 32"
instead of "mod 232".
http://os390-mvs.hypermart.net
Is there life after MVS ?
Garrett Kajmowicz <[EMAIL PROTECTED]> a �crit dans le message :
[EMAIL PROTECTED]
> As a cryptography newbie, I've decided to take the first step by
writing
> an implementation of Blowfish-16, as per the specs listed at
> www.cryptography.org
> The 3 questions I have are:
> 1) The F() function splits the 32-bit word into 4 bytes in full
> implementation. With Blowfish-16, do I split the 8-bit byte into 4 2-bit
> chunks?
>
> 2) If 1 is true, then what do I use instead of mod 232?
>
> 3) Where can I get a very good in-deapth file on modern cryptography on
> the 'net?
>
> Thanks for all the help!
>
> Garrett Kajmowicz
> [EMAIL PROTECTED]
>
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Win2000 Encryption
Date: Mon, 17 Jul 2000 12:09:08 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Steve Rush wrote:
> Has anyone checked to see if Win2K stores the decryption key in the file?
According to MS: Win2k encrypts the file using a symmetric cipher (I don't
know which, but it uses MS CryptoAPI to do the work so it can only shoose
between those supported by the CSPs you have installed), and encrypts the
symmetric key under the public key of each user and each group that has
access to the file (presumably in the file's ACL). When you try to access the
file Win2k checks access permissions using the file's ACLs and if you have
permission to access the file it obtains the encrypted symmetric key; Win2k
then decrypts this with your private key, and so is able to decrypt the file.
This is all fairly well described in the MSDN, and is discussed in a
continuing series of articles on Win2k security issues by Keith Brown in MSDN
magazine.
Cheers,
Daniel.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
