Cryptography-Digest Digest #265, Volume #12 Fri, 21 Jul 00 15:13:01 EDT
Contents:
Re: Encryption program list... (JPeschel)
Re: Carnivore and Man-in-the-middle (dbt)
Re: Has RSADSI Lost their mind? (Sander Vesik)
Re: New stream cipher (Paul Koning)
Re: Idea? Need Comments... (Paul Koning)
Re: General Question on cryptography (Sander Vesik)
Re: RC4-- repetition length? (Simon Johnson)
Re: RC4 free for noncommercial ? (Simon Johnson)
Re: RC4-- repetition length? (Bill Unruh)
random malar-key ("Abyssmal_Unit_#3")
Re: Has RSADSI Lost their mind? (Bill Unruh)
Re: how strong is my own encryption? (Mok-Kong Shen)
Re: microwave cd (JimD)
Re: Encryption program list... (JimD)
Re: RC4 free for noncommercial ? (Larry Kilgallen)
Re: md5 uses, questions ("Joseph Ashwood")
Re: Hashing hash algorithms: a waste of time (Simon Johnson)
Re: Random numbers and online-gambling (Simon Johnson)
Re: Question Regarding Encrypting CD-ROM -RW Disks (Greg)
Re: random malar-key ("Mikal 606")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Encryption program list...
Date: 21 Jul 2000 16:56:50 GMT
Laurent ANGELI [EMAIL PROTECTED] writes, in part:
>So, if you crypt, what program do you use ?
PGP, Puffer.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (dbt)
Subject: Re: Carnivore and Man-in-the-middle
Date: Fri, 21 Jul 2000 16:57:23 GMT
Anon User <[EMAIL PROTECTED]> says:
>>> not really,
>>> the box is TOTALLY FBI secured, therefore no one [ event ISP ]
>>> knows what FBI is / will collect ...
>>
>> Yes, but the original assertion that a canivore unit will be
>> permanently installed in every ISP's data path is something I haven't
>> heard before. (And tend to doubt ;)
>
>Why? CALEA makes sure LEO access is built in to every Central Office switch.
>E911 requires wireless companies to provide LEO with tracking ability.
>And we all know about ECHELON. This is just another avenue towards the feds'
>ultimate goal of total pervasive surveillance capacity. Orwell's nightmare
>fully realized and expanded with technology in ways he could never imagine.
*sigh*.
Have you even read 1984? Total surveillance was just a small part
of that dystopian vision. Why can't "this is bad" stand on its own
without a faux literary allusion?
--
David Terrell | "Instead of plodding through the equivalent of
Prime Minister, NebCorp | literary Xanax, the pregeeks go for sci-fi and
[EMAIL PROTECTED] | fantasy: LSD in book form." - Benjy Feen,
http://wwn.nebcorp.com | http://www.monkeybagel.com/ "Origins of Sysadmins"
------------------------------
From: Sander Vesik <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: 21 Jul 2000 16:59:01 GMT
phil hunt <[EMAIL PROTECTED]> wrote:
> On 20 Jul 2000 18:44:34 GMT, Sander Vesik <[EMAIL PROTECTED]> wrote:
>>Paul Koning <[EMAIL PROTECTED]> wrote:
>>> Bill Unruh wrote:
>>>>
>>>> That letter is incredible. Absolutely everything there sounds like
>>>> algorithms, which cannot be patented.
>>
>>> What country are you speaking of? Certainly that isn't correct
>>> in case of the USA...
>>
>>Just about anything - and most probably even 'operation of an entity
>>called PTO' is patentable in the US.
> Especially if you include the words "using the Internet".
> Someones should patent the idea of an organisation making a living for itself
> by issuing stupid patents. Because this is an absurd idea, the patent is
> bound to be granted. Then sue the USPTO for breach of that patent -- it
> should hold up in court because the USPTO granted it in the first place.
That's what I meant with 'operation of an entity called PTO'. 8-)
Yes, I understand that it sounds like slamming, but in all truth -
their standards as to what can be patented have really gone down the
drain. Not to mention stuff that is kept by their applicants in the
'pending' phase for a decade with no end in sight. Not to mention a
wonderfull 'we can never do anything wrong and will always protected
our employees (who obviously just plain couldn't have done anything
wrong in teh first place)' corporate culture.
> --
> ***** Phil Hunt *****
--
Sander
FLW: "I can banish that demon"
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: New stream cipher
Date: Fri, 21 Jul 2000 12:27:02 -0400
[EMAIL PROTECTED] wrote:
>
> AOTP-Alex One Time Pad stream cipher.
You would be wise to rename it "Alex's Stream Cipher" since
that is what it is. The name you've picked will only set
off the snake oil alarms.
I don't know if your cipher is strong. If it is, that's
a reason to have it stand on its merits. It will never
stand on its merits if you give it the wrong name, because
people who understand crypto will never treat it as having
any value so long as you do that.
paul
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Subject: Re: Idea? Need Comments...
Date: Fri, 21 Jul 2000 12:34:48 -0400
Big Boy Barry wrote:
>
> H E L L O
>
> H = 8
> E = 5
> L = 12
> L = 12
> O = 15
>
> 8 + 5 = 13
> 5 + 12 = 17
> 12 + 12 = 24
> 12 + 15 = 27 = (27 - 26 = 1) = 1
> 15 + 8 = 23
>
> 13 - 17 - 24 - 27 - 23
> M Q X A W
>
> If a program stores a password 'HELLO' as 'MQXAW', can it be cracked in
> anyway other than a bruteforce attack using a worldlist... Am I correct to
> say that the above encryption method is one-way? And, is there a name for
> the above method... Thank you...
That's "autokey" (using the plaintext, with an offset, as the key).
It's easy to break, especially in this case where the offset is 1.
paul
------------------------------
From: Sander Vesik <[EMAIL PROTECTED]>
Subject: Re: General Question on cryptography
Date: 21 Jul 2000 17:12:23 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I agree with you (and hence not with the author mentioned). A very
> large organization might have the expertise to design good algorithms,
> but then, because of the number of people involved, it is very difficult
> to keep these secret, independent of the problem of quality. Among
> others, there is the issue of disgrunted employees. (I happen to know,
> though, an industrial firm that uses a secret algorithm in certain of its
> products.) A single person can easily keep secrets but is very likely to
> be blind to the weakness of his designs.
And it's not just 'the employees getting disgruntled'. It is sufficent to
buy up somebody up the food chain who has the neccessary clearance to just
get the spec at any time. Like say one of the vice-presidents of the company.
This of course applies equally well to the NSA, considering all the high
level spies the US keeps finding in it's hierarchies... Not that they
would talk about what percentage of the secret algos have been leaked.
> M. K. Shen
--
Sander
FLW: "I can banish that demon"
------------------------------
Subject: Re: RC4-- repetition length?
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 10:33:53 -0700
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote:
>
>Simon Johnson <[EMAIL PROTECTED]> wrote
in message
>news:[EMAIL PROTECTED]...
>> Lets side step,
>>
>> I've read on this forum that RC4 is distinquishable from
random
>> data after 4Tb. Though this is a large figure, its still just
a
>> tiny fraction of the amount of data it could encrypt securely
if
>> it used all the possible permutations. In terms of security,
>> this make the cycle length meaingless (providing of course,
that
>> the cycle length is greater than 4 Tb.)
>>
>> Just some food for thought........
>Two things:
>
>- It is now known that RC4 is efficiently distinguishable from
random data
>after 2Gb.
Ahh, Thats a rather smaller number..... Thanxs for correcting
that one :)
>- Looping would be a *much* more serious problem than
distinguishability
>from randomness. Once a keystream generator starts looping,
the attacker
>can derive the value of two portions of the plaintext xor'ed
together, and
>practically speaking, he can often rederive the plaintext from
that. No
>similar attack is known if the keystream is merely
distinguishable from
>random, unless the attacker has a *lot* of information about
the plaintext.
>
>On the other hand, distinguishability is not a totally
meaningless concept.
>For one, the attacker can use it to verify if a plausible
plaintext
>corresponds to a ciphertext, if you manages to obtain the
plausible
>plaintext by another method.
>
I agree with this 100%. I'd like to explore this a bit more
though: How much cipher-text does one require before u can
totaly break RC4, I.e. recover the internal state?
>--
>poncho
>
>
>
>
>
>
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: RC4 free for noncommercial ?
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 10:37:34 -0700
[EMAIL PROTECTED] (Larry Kilgallen) wrote:
>In article <[EMAIL PROTECTED]>, Simon
Johnson <[EMAIL PROTECTED]> writes:
>> I asked them, they didn't reply. :+)
>> Don't u just Love RSA-LABS. They know how to treat customers.
>
>Or did you mean prospective customers ?
I meant prospective customers, yes
>What were you going to buy from them ?
I asked about RC4, and try and sign that non-disclosure
aggreement. I would have being willing to part with cash........
>
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: RC4-- repetition length?
Date: 21 Jul 2000 17:45:52 GMT
In <8l8tfd$at1$[EMAIL PROTECTED]> "Scott Fluhrer" <[EMAIL PROTECTED]>
writes:
]>
]> ]Look at digraph statistics. Certain digraphs, such as the (00,00)
]digraph,
]> ]occur more frequently than expected. Other digraphs, such as the (FF,FF)
]> ]digraph, occur less frequently than expected. In addition, if the
]attacker
]> ]keeps track of the value of i, other digraphs come into play. For
]example,
]> ]the (i+1,FF) digraph is more likely than expected, and the (00,i+1)
]digraph
]> ]is less likely. By taking advantage of all these digraph variances (an
]> ]exhaustive list appears in the paper), it turns out that 2**30.6 outputs
]is
]> ]sufficient for a 90% certainty rate.
]>
]> I have difficulty in understanding this. What differentiates 00 from ff.
]> Ie, the algorithm is symmetric under interchange of any two numbers,
]> since all arithmetic is modulo arithmetic ( mod ff). This may be true
]> for some particular key, but how could it be true of a random key?
]Actually, no, the algorithm is not symmetric. For example, in one of the
]steps, j is advanced by the permutation element pointed to by i. If that
]element happens to be zero, then j is unchanged. If you interchange that
]zero with any other value, j is changed. Or, in other words, the algorithm
]acts differently depending on the precise value of a permutation element.
]Here is a more extended example: suppose we happened to happen apon a state
]where, for some N (and S is the permutation array),
] i = N-1
] j = N+2
] S[N] = FF
] S[N+1] = N+1
]Then, if you do the next-state function twice, that is:
]- Increment i by 1, new value = N
]- Increment j by S[i]=FF, new value = N+1
]- Swap S[i] and S[j], so S[N]=N+1, S[N+1]=FF
]- Output S[S[i]+S[j]] = S[N] = N+1
]- Increment i by 1, new value = N+1
]- Increment j by S[i]=FF, new value = N
]- Swap S[i] and S[j], so S[N]=FF, S[N+1]=N+1
]- Output S[S[i]+S[j]] = S[N] = FF
]That is, the above situation outputs the digraph (N+1, FF) independent of
]any other state within the permutation.
]Note that this mechanism doesn't work if you replace the value FF with
]anything else. In addition, if i=N-1 (which the attacker can know), the
]above starting situation happens (assuming a random state otherwise)
]approximately 2**-24 of the time. That, coupled with the fact that the
](N+1,FF) digraph happens 2**-16 through normal mechanisms, leads to that
]particular digraph being slightly more probable than in a truly random
]keystream.
Thanks for the explanation. In your description you compared 00,00 with
FF,FF . In this explanation you single out FF. Does this mean that FF,ff
tends to occur more fequently than any other double or is 00,00 also
special?
Also you state that (N+1,FF) happed 2**-16 through normal mechanisms.
You then assume that the mechnism you define happens in addition to
those "normal" mechanisms. However, it is also possible that this
mechanism is just a part of the "normal" mechanisms. Since this is a
pseudo random stream, one cannot assume that the "normal" mechanisms are
just random selection. All mechanisms to create a pair are caused by
some prior state of the system. Ie, those "normal" mechanisms could well
produce a probability which was 2**-16 - 2**-24 probable, giving a total
probablility with no excess. Or of course there could be some subtle
mechanism to create this with some arbitrary other probability.
------------------------------
From: "Abyssmal_Unit_#3" <[EMAIL PROTECTED]>
Subject: random malar-key
Date: Fri, 21 Jul 2000 13:46:01 -0400
ok, heres a fun random generator:
attach sensor electrodes to user's scalp (appropriate equipment is required).
sense a-periodically some brain waves, de-correlate from past history any periodic
elements and dump 12 bit A to D digitized
integers into a filebase.
while eliminating known wave cycling of alpha, beta, etc... would the content of
these databases be random or based on
historically emotional based chemical pattrens of the individual?
;-D
--
best regards,
hapticz
>X(sign here)____________________________________________<
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Has RSADSI Lost their mind?
Date: 21 Jul 2000 17:54:34 GMT
In <[EMAIL PROTECTED]> Sander Vesik <[EMAIL PROTECTED]>
writes:
>The patented part affects the usability of the cypher only in areas where
>it is patented. It is *IMHO* not clear how picking one of the finalists
>means that it is a "better" cypher in the long run. And at any rate I consider
presumably the selection process is based precisely on whether one
cypher is "better" than another. Of course ignorance, incompetence, or
politics could skew the choice, but also presumably the chances of
my being better able to make the choice of the best cypher (or even
deciding that they are roughly equal) is almost non-existant.
>the availability of a number of cyphers of roughly equal strength and
>support for similar block/key sizes advantageos.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: how strong is my own encryption?
Date: Fri, 21 Jul 2000 20:06:16 +0200
phil hunt wrote:
> Lots of books (and other documentation on technical subjects) are freely available
> on the Internet.
Technical reports, yes. That's because most are research results funded
by public means. But lots of books that are also sold in bookstores? It
would be fine, if you could provide an example list or else pointers.
(There are other people than you in the group who want to save some
money.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: microwave cd
Date: Fri, 21 Jul 2000 16:56:36 GMT
Reply-To: JimD
On 20 Jul 2000 22:50:25 GMT, [EMAIL PROTECTED] (Paul Rubin) wrote:
>In article <[EMAIL PROTECTED]>,
>Steve Rush <[EMAIL PROTECTED]> wrote:
>>>Probably the most convenient and effective thing to do, especially if
>>>you have a lot of CD's to destroy, is take them to the city dump and
>>>toss them into a high temperature incinerator.
>>
>>Are there any municipal garbage incenerators still operating in the USA? I
>>thought the EPA banned them years ago.
>
>I don't know. I was kind of wondering that when I made that post.
>The only time I saw one was many years ago. It was impressive. I
>could have easily jumped in or thrown someone else in, and no remains
>would have ever been found. So I wondered whether municipal
>incinerators might have been closed off to the public for liability
>reasons. I hadn't really been thinking of the EPA angle.
They're about to be closed in the UK because of the carcinogenic
emissions they produce.
Perhaps you're ahead of us in this?
--
Jim Dunnett.
g4rga at thersgb.net
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: Encryption program list...
Date: Fri, 21 Jul 2000 16:56:37 GMT
Reply-To: JimD
On Fri, 21 Jul 2000 10:37:01 +0200, Laurent ANGELI
<[EMAIL PROTECTED]> wrote:
>Hi there,
>
>I am looking for the names of generally used programs to encrypt infos
>in email, or info on disk
>
>So, if you crypt, what program do you use ?
The two most popular and trusted are PGP for EMail and SCRAMDISK
for files, although PGP can also be used to encipher files.
--
Jim Dunnett.
g4rga at thersgb.net
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Subject: Re: RC4 free for noncommercial ?
Date: 21 Jul 2000 15:19:13 -0500
In article <[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Larry Kilgallen) wrote:
>>In article <[EMAIL PROTECTED]>, Simon
> Johnson <[EMAIL PROTECTED]> writes:
>>> I asked them, they didn't reply. :+)
>>> Don't u just Love RSA-LABS. They know how to treat customers.
>>
>
>>Or did you mean prospective customers ?
>
> I meant prospective customers, yes
>
>>What were you going to buy from them ?
>
> I asked about RC4, and try and sign that non-disclosure
> aggreement. I would have being willing to part with cash........
Enough cash to match their price ? I thought it was costly ?
I hear there is a used US airforce jet for sale today,
but the seller would be foolish to consider me a viable
customer and let me have a ride (even ignoring the fact
that it is a single-seater and I am not a pilot). RSA
shareholders could sue the company if it squandered
resources giving free rides to people who were not
seriously in their target market.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: md5 uses, questions
Date: Fri, 21 Jul 2000 11:22:15 -0700
> What about appending a random one-time session value to the data
> that is about to be hashed?
The most brutish way around that is to simply embed in the fake client all
the data to be hashed, perform the operation that needs to be performed to
generate the hash, ship it, it verifies that my fake program is authentic.
Joe
------------------------------
Subject: Re: Hashing hash algorithms: a waste of time
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 11:32:07 -0700
lcs Mixmaster Remailer <[EMAIL PROTECTED]> wrote:
>When computing a signature, does it add security to include the
sig and hash algorithm in the data which is hashed?
I don't understand....... To compute a signiture you must first
hash the original data anyway......
If u mean: u take the data, sign it, append the this signiture
to the original data, Then sign the contatenation of the data
and the signiture?
In which case i would say it doubles the security...... You have
to do twice the work to find two messages that collide to
produce the two signitures that are identical. This is only true
if the change to the data, made by the appending the first
signiture is suffiently large to make the relationship between
the first and second hashes too difficult to fathem.
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: Random numbers and online-gambling
From: Simon Johnson <[EMAIL PROTECTED]>
Date: Fri, 21 Jul 2000 11:42:26 -0700
Sander Vesik <[EMAIL PROTECTED]> wrote:
>zapzing <[EMAIL PROTECTED]> wrote:
>> In article <[EMAIL PROTECTED]>,
>> [EMAIL PROTECTED] (John Savard) wrote:
>>> On Thu, 13 Jul 2000 15:30:02 GMT, michael_m_david@my-
deja.com wrote,
>>> in part:
>>>
>>> A news story appeared in the local newspapers about a week
ago. An
>>> Edmonton man had discovered a flaw in electronic slot
machines.
>>>
>>> Instead of using it to rip them off, he notified Alberta
gaming
>>> authorities.
>>>
>>> Yet, he is still facing a $15 million lawsuit from the slot
machine
>>> manufacturer.
>>>
>>> This, of course, has significant implications for "white
hat" hacking.
>
>> He doesn't really sound like
>> someone who would have fifteen
>> million lying around, does he??
>> :)
>
>Well, if his attack was good, he just needs to take the money
out of
>the machines. 8-)
>
>On the other hand, it can easily mean that people will do less
of
>publishing of the finds and even less taking credit for the
cases
>that do get published, one way or the other.
>
>> --
>> If you know about a retail source of
>> inexpensive DES chips, please let
>> me know, thanks.
>
>In-System Programmable FPGA-s won't do?
>
>--
> Sander
>
>FLW: "I can banish that demon"
>
It really annoy's me when companys do this.......
There suing this person because _THEY_ couldn't be arsed
insuring their random number generation was secure; They just
sue the person who finds the weakness.
This suit is a stupid as suing someone who pointed out u're car
had a flat tire, because you made the person aware that his life
was possibly at risk.
Thats my two pennys worth.......
Simon
Ps. Its amazing RSA-LABS havn't tried this trick yet.
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
From: Greg <[EMAIL PROTECTED]>
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
Date: Fri, 21 Jul 2000 18:52:29 GMT
> To paraphrase a silly fast-food commercial, bits is bits.
> The physical storage mechanism isn't even visible above the
> level of the device drivers.
You assume that a CDROM drive is the only tool available to
read a CD?!
> As for secure wiping of any removable disk, I wouldn't fiddle
> with overwriting schemes when an incinerator is perfectly secure...
I concur. But who has an incinerator? I have a shredder, but no
incinerator. Staples and Office Depot don't sell incinerators for
home offices - yet. I would suggest burning the CD outside far from
the house. Perhaps stoke up that Webber of yours. But make certain
that you don't stand down wind - the plastic burning is baaaaad for
your nose.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Mikal 606" <[EMAIL PROTECTED]>
Crossposted-To: alt.religion.kibology
Subject: Re: random malar-key
Date: Fri, 21 Jul 2000 15:10:18 -0700
"Abyssmal_Unit_#3" <[EMAIL PROTECTED]> wrote in message
news:u#Ht8tz8$GA.328@cpmsnbbsa08...
> ok, heres a fun random generator:
>
> attach sensor electrodes to user's scalp (appropriate equipment is
required).
>
> sense a-periodically some brain waves, de-correlate from past history any
periodic elements and dump 12 bit A to D digitized
> integers into a filebase.
>
> while eliminating known wave cycling of alpha, beta, etc... would the
content of these databases be random or based on
> historically emotional based chemical pattrens of the individual?
>
> ;-D
>
> --
> best regards,
> hapticz
>
> >X(sign here)____________________________________________<
>
>
>
Just where do you plant to get this individuals history?
Sounds like fascism to me, sonny boy.
MiKa-il
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
