Cryptography-Digest Digest #271, Volume #12 Sat, 22 Jul 00 21:13:01 EDT
Contents:
Re: IExplore AutoComplete crypto-algorithm ("El Paco")
Re: New Idea - Cipher on a Disk ("Boyd Roberts")
Re: Random Appearance (Mok-Kong Shen)
Re: News about quantum computer (ca314159)
Re: Encrypting RPCs and visible procedure numbers/session ids (Pawel Krawczyk)
8 bit block ciphers (Mack)
Re: Computing with Encrypted Functions (David A Molnar)
Re: RC4 free for noncommercial ? (JimD)
Re: Q: Cascading multiple block algorithms (Bryan Olson)
Re: PGP US Versions Broken,no good?? (Edward A. Falk)
Re: Compression & Encryption in FISHYLAND (Kurt Shoens)
Re: Random Appearance ("Douglas A. Gwyn")
Re: 8 bit block ciphers ("Douglas A. Gwyn")
Re: Hashing hash algorithms: a waste of time (David Hopwood)
Re: Question Regarding Encrypting CD-ROM -RW Disks (Guy Macon)
Re: Random Appearance (Guy Macon)
Re: RC4-- repetition length? (Guy Macon)
Re: PGP US Versions Broken,no good?? (jungle)
Re: Question Regarding Encrypting CD-ROM -RW Disks (jungle)
----------------------------------------------------------------------------
From: "El Paco" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,fr.misc.cryptologie,alt.security
Subject: Re: IExplore AutoComplete crypto-algorithm
Date: Sat, 22 Jul 2000 16:23:10 +0200
It's probably XOR-ed, like the poor Screensaver passwords,,,
Willing to try?
Grtz,
EP
> Yes, a description is somewhere on Peter Gutmann's web site. It's
> fairly trivial. But it's intended to save stuff on your own computer,
> so it doesn't try to provide real security.
------------------------------
From: "Boyd Roberts" <[EMAIL PROTECTED]>
Subject: Re: New Idea - Cipher on a Disk
Date: Sat, 22 Jul 2000 16:42:55 +0200
Greg <[EMAIL PROTECTED]> a écrit dans le message :
8kocmh$a3b$[EMAIL PROTECTED]
> > But for access points to information that can be protected in
> > a physical way I still prefer it that way. I would like a double
> > electric fence around my computer, 100 yards of mine field in
> > between and armed security guards all around. As for the hard
> > disk I would like a lock on it that would block any data transfer
> > if not open not just encrypt it. And just in case someone trying
> > to take the disk apart I would like a small explosive
> > charge that would blow the platters to dust.
huh, no air support?
--
Boyd Roberts [EMAIL PROTECTED]
``I come over here to kill them cocksuckers, not work for 'em''
-- Moon Dog, _Pettibone's Law_, John Keene
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Random Appearance
Date: Sat, 22 Jul 2000 18:39:53 +0200
Future Beacon wrote:
> There is also the possibility of teams of people writing obliquely
> to each other through each other in messages that are fragmented and
> assembled from a month's worth of transmissions, if timing isn't
> urgent. In such a setting, random numbers could be received as data
> and later XORed with some news group message about flowers to get
> the next patent page.
>
> Perhaps we have hardly scratched the surface. Is it worth
> exploring?
>
I don't have concrete arguments but it is my feeling of the gut that
what you described isn't going to be the direction that would
yield spectacular success. If you do want to delve deep into the
field of steganography, I suggest that you read some papers in the
proceedings on information hiding, in the series Lecture Notes on
Computer Science published by Springer Verlag.
M. K. Shen
------------------------------
From: ca314159 <[EMAIL PROTECTED]>
Subject: Re: News about quantum computer
Date: Sat, 22 Jul 2000 16:59:32 GMT
In article <8l20pu$e3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bill Unruh) wrote:
> In <[EMAIL PROTECTED]> Runu Knips <[EMAIL PROTECTED]> writes:
>
> ]In the german computer magazine c't, issue 15/2000 (from this
monday),
> ]page 40 they say that the current record is 8 qubits, implemented
with
> ]rydberg states of a single atom.
>
> This makes no sense. 8 bits is 256 states.
> I think the magazine has gotten itself very confused.
>
Qubits aren't bits. There's an infinity of gray between the true
and the false, like fuzzy logic.
The big problem though is decoherence. Think of it as
the quantum computer going religious on you and thinking
only of infinities (gods).
It may say interesting things, but it won't say what you expect.
You'll have no control over the outcome. You can also think
of this as dreaming unconsciously, metaphorically, and analogically.
To harness the analogic power in the quantum computer, it
must be constrained to some extent. Only then can it act
like an idiot savant and crack your codes.
Remember Archimedes day-dreaming in tub ? The
quantum computer also has to be in a nice tub
but have a sufficient grounding to realise when
analogies, correlations and metaphors etc, are
useful, and when they are not.
But a quantum computer that gets religion, decoheres and
gets artistic, may be useful as well for less deterministic
applications. It may act like a million monkeys typing out
Shakespeare.
Get a "Universe Inside" sticker on your next quantum computer.
--
http://www.bestweb.net/~ca314159/rorwold2.gif
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Pawel Krawczyk <[EMAIL PROTECTED]>
Subject: Re: Encrypting RPCs and visible procedure numbers/session ids
Date: 22 Jul 2000 17:18:50 GMT
Reply-To: <[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote:
> I was thinking about encrypting an RPC-based program. Does anyone know
> of any packages that fits seamlessly into RPCs? Both Certicom and RSA
> do not (they handle things at the TPC/IP level, which is too low for my
> application). I have a workaround in place right now, but I'm wondering
> if there's another packages that works directly with RPCs.
You could consider using IPSEC instead of protection in the application
layer.
--
Pawe³ Krawczyk <http://ceti.pl/~kravietz/>
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: 8 bit block ciphers
Date: 22 Jul 2000 17:31:16 GMT
Does anyone have any information on 8 bit block
ciphers? I don't mean simply shuffling an array.
And I am aware that it is simple to do a dictionary
attack. I am looking for methods that can be used
instead of array shuffling.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Computing with Encrypted Functions
Date: 22 Jul 2000 17:52:55 GMT
Paul Rubin <[EMAIL PROTECTED]> wrote:
>>knows, to obtain the desired result of the function f applied to the
>>input value x: E^1(P(E(f))(x)) = f(x)."
> Well, if they have a workable method in general for doing that, among
> other things it makes identity-based encryption trivial.
yep. it would also be great for remailer reply blocks : put message in one
end, out the other end pops an onion-wrapped message ready to send off,
complete with embedded instructions to each remailer where to send it
next.
it does seem a little too far out to be possible, though, then again this
whole field is...
-David
------------------------------
From: [EMAIL PROTECTED] (JimD)
Subject: Re: RC4 free for noncommercial ?
Date: Sat, 22 Jul 2000 16:39:23 GMT
Reply-To: JimD
On 21 Jul 2000 18:53:47 -0500, [EMAIL PROTECTED] (Larry
Kilgallen) wrote:
>In article <[EMAIL PROTECTED]>, Andru Luvisi <[EMAIL PROTECTED]>
>writes:
>> [EMAIL PROTECTED] (Larry Kilgallen) writes:
>> [snip]
>>> I hear there is a used US airforce jet for sale today,
>>> but the seller would be foolish to consider me a viable
>>> customer and let me have a ride (even ignoring the fact
>>> that it is a single-seater and I am not a pilot). RSA
>>> shareholders could sue the company if it squandered
>>> resources giving free rides to people who were not
>>> seriously in their target market.
>>
>> Are you saying you consider it prudent for a company to ignore people
>> unless they represent a big business at the moment in question?
>
>I consider it their right to make such a choice.
>
>I consider it foolish of someone (but still their right)
>to spend time on what sales folks call an "unqualified"
>prospect.
You mean they'd think twice about sending you a free catalogue
unless you were a reasonable prospect?
What a way to do business!
--
Jim Dunnett.
g4rga at thersgb.net
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Q: Cascading multiple block algorithms
Date: Sat, 22 Jul 2000 19:02:42 GMT
Mok-Kong Shen wrote:
>
>
> Mok-Kong Shen wrote:
>
> > In Schneier's AC, p.367, about cascading two block ciphers it
> > is stated:
> >
> > If the second algorithm is vulnerable to a chosen-plaintext
> > attack, then the first algorithm might facilitate that
> > attack and make the second algorithm vulnerable to a known-
> > plaintext attack when used in a cascade.
>
[...]
> Now that input is the output from the first algorithm. It
> cannot be directly chosen but only indireclty through choosing
> input to the first algorithm. This indirectness, assuming that
> the first algorithm has any strength at all, evidently means
> that the said attack is now more difficult.
The statement doesn't say there's any realistic chance of
this happening. It's a possibility we cannot disprove, and
we can create contrived situations to illustrate it, but we
certainly don't expect it with reasonable ciphers.
In known plaintext attack, the attacker is limited to the
given plaintext distribution. Putting another cipher in
front could result in a distribution much worse for the
second cipher. Suppose you have a block cipher that's very
strong if the first bit of the plaintext block is always 0,
but terrible when the first bit is one. It's vulnerable to
chosen plaintext, but when used to send ASCII text it's
strong.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Edward A. Falk)
Crossposted-To: alt.security.pgp
Subject: Re: PGP US Versions Broken,no good??
Date: 22 Jul 2000 19:23:45 GMT
> I've heard from a few people(one who is a
> programer of encryption software) that the
> US versions of PGP(6.5.3 etc) are broken,
> no good and the US gov. can break them
> because these versions are made so they
> can be broken so the gov. can read anything
> encrypted by the US versions. Could just be
> an urban myth but I 've dumped my 6.5.3 for
> 6.5.1i(international)(supposedly safe)
This needs to be reposted from time to time:
For the record, the number of times an allegation of a back door
[in PGP] has been made in this newsgroup is about eleventy-zillion.
The total amount of evidence produced to back it up is Zip-Squat
(sorry about the mathematical jargon, there).
-- Andrew Spring
Here are my own comments: I down-loaded an international version
of pgp 5 a couple years ago and was unable to even compile it
without first fixing a large number of glaring bugs in the source
code.
When the source code won't even compile, you can pretty much bet
that it hasn't undergone any kind of security review.
I would not trust *any* pgpi version unless it's had a thorough
going over by someone I trust, and the source code has been signed
(with a signature I can verify under 2.6.2)
Without verification, if you think the international version of
pgp is any more trustworthy than the official version, you're badly
mistaken.
--
-ed falk, [EMAIL PROTECTED] See *********************#*************#*
http://www.rahul.net/falk/whatToDo.html #**************F******!******!*!!****
and read 12 Simple Things You Can Do ******!***************************#**
to Save the Internet **#******#*********!**WW*W**WW****
------------------------------
From: [EMAIL PROTECTED] (Kurt Shoens)
Subject: Re: Compression & Encryption in FISHYLAND
Date: 22 Jul 2000 13:58:57 -0700
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
[a response to what I'd written previously]
I was going to respond point by point but I realized I had nothing new to
add. Instead, what I'll do is to state your position to make sure I've
got it straight.
You've said the following:
1. Compression reduces the redundancy of plaintext and should generally
work in favor of security.
2. Getting rid of any fixed values in the compressed result also likewise
reduces redundancy and is better for security.
3. In a perfectly implemented and practiced cryptosystem using the best
algorithms currently known, getting rid of the redundancies may not
be necessary, BUT:
a. Cryptosystems are not perfectly implemented and practiced
b. There may analytic techniques not widely known that are frustrated
by 1-1 compression
c. In the future, new analytic techniques will be discovered, with
unknown consequences
Is that a fair statement?
Incidentally, I've really liked posting articles under this subject!
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random Appearance
Date: Sat, 22 Jul 2000 17:41:57 -0400
Future Beacon wrote:
> ... I am thinking that a dense message that
> wastes no characters might seem orderly but not be the oder which
> is the intended message.
That's not possible, assuming you mean that for any PT of length N,
the CT has length N, and every CT exhibits some given pattern.
If the CT length can be greater than N, then it is trivial to make
such a system (just use a normal system and prefix the extra data,
all with constant value [e.g. 0] to the beginning of the CT).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 8 bit block ciphers
Date: Sat, 22 Jul 2000 17:48:20 -0400
Mack wrote:
> Does anyone have any information on 8 bit block
> ciphers? I don't mean simply shuffling an array.
> And I am aware that it is simple to do a dictionary
> attack. I am looking for methods that can be used
> instead of array shuffling.
It's not clear what you really want.
ct = table[pt]; // general 8-bit transformation
covers any 8-bit block cipher and is very efficient.
The only issue is how to construct the 256 entries in
the transformation table.
------------------------------
Date: Sat, 22 Jul 2000 10:31:18 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Hashing hash algorithms: a waste of time
=====BEGIN PGP SIGNED MESSAGE=====
David Hopwood wrote:
[...]
> Burt Kaliski,
> "Hash Function Firewalls in Signature Schemes,"
> Slides presented at IEEE P1363 Working Group Meeting, June 2, 2000
> (Rev. June 8, 2000)
> [somewhere on the P1363a site; I don't have the exact URL]
http://grouper.ieee.org/groups/1363/Research/Presentations.html#hash
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOXlmtjkCAxeYt5gVAQEYCwf9EkqPLtFWzNzcId7aBSzcD3x8WVl298SP
U3DA+Twj1pUbVzGczGaP0wGDIixc4A3jhHhsTqx+SEZFzGe0O+YyT4Kl8FnLMtf+
VgPrZMTc/3TeW8U6LsOG6auEaSDB5xdbtJoJ+i/7a7feHok7AKzXM+undmrgnWKZ
auuEM7WNa5JYH3x1vE6RWoRfEosmhHsEoUotvTjKoOm1zu4CeiRG/UUitaHfKWzh
drfJcxusUGZ0EHvPysb8SL1zEqFTaMzW48fERItDjwsXPalvB/jRP6IkbRw1mdgd
249janZu8NBoVazaOevZQzh2GcSQeBHASy0j0NUo5cyWMHTchOV9Ow==
=EE4b
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
Date: 22 Jul 2000 20:23:49 EDT
Greg wrote:
>
>
>
>> Well, wiping a CD of any form is a very different prospect
>> from wiping a hard drive, but the old standby of destruction
>> by fire is a very viable option, and works quite well on CDs.
>
>This is more true with CDs than HDs. CDs are cheap and they have
>a much shorter life time than HDs when the data on them is volatile
>over days, weeks, or even months.
>
>But on my laptop, I have a Travelstar 12G drive. I replaced my
>4G Travelstar with it. To replace the drive, I simply slid out the
>drive caddy, then replaced the drive in the caddy with the 12G.
>
>The point I am making is that with my notebook, and others like it
>I am sure, if you had to destroy the HD in a hurry, you could simply
>slide it out and go at it with a sledge hammer. These drives are
>tiny, thin, and very susceptible to any pressure on their top surface.
I hope for your sake that the attacker who wants what is on your drive
insn't a cop or a spook. Making the drive stop working is not the same
as making the data unreverable with special tools.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Random Appearance
Date: 22 Jul 2000 20:27:04 EDT
Mack wrote:
>Of course such systems are more like OTPs. They are
>subject to known plaintext attacks.
Make up your mind. They are either like OTPs or they are subject
to known plaintext attacks. OTPs are immune to known plaintext
attacks and the even tougher chosen plaintext attacks.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: RC4-- repetition length?
Date: 22 Jul 2000 20:35:09 EDT
I have a request.
There are a lot of folks like me who are interested in ciphersaber
( http://www.ciphersaber.gurus.com ) but are a bity shy of the horsepower
to tell the good arguments in this thread from the bad. Could one of
the experts post a practical summary when this discussion is complete?
Thanks in advance.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: PGP US Versions Broken,no good??
Date: Sat, 22 Jul 2000 20:50:06 -0400
see comments inside text ...
"Edward A. Falk" wrote:
>
> > I've heard from a few people(one who is a
> > programer of encryption software) that the
> > US versions of PGP(6.5.3 etc) are broken,
> > no good and the US gov. can break them
> > because these versions are made so they
> > can be broken so the gov. can read anything
> > encrypted by the US versions. Could just be
> > an urban myth but I 've dumped my 6.5.3 for
> > 6.5.1i(international)(supposedly safe)
>
> This needs to be reposted from time to time:
>
> For the record, the number of times an allegation of a back door
> [in PGP] has been made in this newsgroup is about eleventy-zillion.
> The total amount of evidence produced to back it up is Zip-Squat
> (sorry about the mathematical jargon, there).
> -- Andrew Spring
>
> Here are my own comments: I down-loaded an international version
> of pgp 5 a couple years ago and was unable to even compile it
> without first fixing a large number of glaring bugs in the source
> code.
compiler related ?
or
program functionality related ?
the difference is enormous ...
> When the source code won't even compile, you can pretty much bet
> that it hasn't undergone any kind of security review.
yes & no ...
the source code MUST tell what compiler to use to create same PGP executable as
the one available for download ...
> I would not trust *any* pgpi version unless it's had a thorough
> going over by someone I trust, and the source code has been signed
very valid ...
source code MUST be signed by NAI key ...
> (with a signature I can verify under 2.6.2)
to use v262 for verification is not relevant ...
starting from v262, any newer PGP will do it to ...
> Without verification, if you think the international version of
> pgp is any more trustworthy than the official version, you're badly
> mistaken.
yes, big mistake ...
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Question Regarding Encrypting CD-ROM -RW Disks
Date: Sat, 22 Jul 2000 20:59:43 -0400
Greg wrote:
==========
> The point
your point will not protect your data "in a hurry" against AGENCIES work ...
> I am making is that with my notebook, and others like it
> I am sure, if you had to destroy the HD in a hurry, you could simply
> slide it out and go at it with a sledge hammer.
hammer is not destroying data but ONLY DRIVE ...
you need to understand the difference ...
> These drives are
> tiny, thin, and very susceptible to any pressure on their top surface.
what above has to do with destroying magnetic data ?
ANSWER : almost nothing ...
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
