Cryptography-Digest Digest #296, Volume #12 Thu, 27 Jul 00 06:13:00 EDT
Contents:
Re: FWZ1 (Mack)
Re: How is the security of Outlook Express encryption ? (Mack)
Re: MD5 algorithm questions (Mack)
Re: 8 bit block ciphers (Runu Knips)
Re: Selecting cipher - which one to use? (Runu Knips)
generating S-boxes (Tom Anderson)
looking for asymmetric program sources ("Ian Dichkovsky")
Re: PGP US Versions Broken,no good?? (Florian Weimer)
Re: Get Free Software (Mark Wooding)
Re: How is the security of Outlook Express encryption ? ("???")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: FWZ1
Date: 27 Jul 2000 08:11:02 GMT
>One part of this is actually some fairly clever engineering.
>They
>apparently get into the windows file system drivers at a low
>enough
>level that it seems to be impossible to open the file without
>invoking
>their control software. And their software somehow prevents
>printing
>and copying, regardless of the type of the file. And, if you
>try to
>bypass the windows filesystem by, say, booting Linux, what you
>see is
>a zero-size file. I haven't used a disk editor to see if I could
>actually locate the data.
Sounds like their software would crash many computers.
If they really are intercepting at the driver level then there
should be some data in the registry or the .ini files.
Possibly even in the config.sys.
Does it work with FAT16 and FAT32? If it does then it
would probably be easier to put it on an FAT16 and
boot from dos and see what it looks like there.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: How is the security of Outlook Express encryption ?
Date: 27 Jul 2000 08:22:22 GMT
>
>The protocols used for email (SMTP and POP3) are NOT encrypted.
>Thus your ISP can read all your emails.
>
>Outlook downloads these messages in clear, and then encrypts them
>before writing them to disk.
>
Not being an Outlook user now I know why not to use it. Other than the ease
that "worms" have attacked it.
>If you want to encrypt your message so that your ISP cannot read them,
>you will have to use PGP (using private/public key cryptosystem.)
>PGP 6.5.1i is free. http://www.pgpi.org.
>
>--
>Sébastien SAUVAGE - [EMAIL PROTECTED]
>http://www.bigfoot.com/~sebsauvage
>
>
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: MD5 algorithm questions
Date: 27 Jul 2000 08:23:25 GMT
>Mack wrote:
>
>=============
>>
>> If it isn't going to be used for security consider a CRC
>
>than why to verify in first place ?
>use MD5 or / and SHA-1 ...
>
My point exactly.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
Date: Thu, 27 Jul 2000 10:42:45 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: 8 bit block ciphers
Mack wrote:
> I am looking into skipjack.
The following might help you.
/*
** Skipjack algorithm, from sci.crypt.
** Edited for better readability - Runu Knips
*/
/*
Subject: Re: Skipjack implementation in C (this one works)
Date: Thu, 18 May 2000 23:09:24 GMT
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Organization: @Home Network
Newsgroups: sci.crypt
SKIPJACK implementation in Standard C
last edit: 25-Jan-1999 [EMAIL PROTECTED]
This is a C89 implementation of the SKIPJACK block cipher
algorithm
described in version 2.0 of NSA's SKIPJACK specification dated
29 May 1998 <http://csrc.nist.gov/encryption/skipjack-kea.htm>.
*/
#ifdef DEBUG
#include <stdio.h>
#endif
/*
** Interface specification:
*/
#define SJ_Keysize 10 /* (80 bits) */
/* Encryption/decryption is performed for a single 64-bit block. */
void SJ_Encrypt (
const unsigned char *Key,
const unsigned char *Plaintext,
unsigned char *Ciphertext
);
void SJ_Decrypt (
const unsigned char *Key,
const unsigned char *Ciphertext,
unsigned char *Plaintext
);
int SJ_Selftest (void); /* returns nonzero iff passed test */
/*
** Implementation:
*/
static const unsigned char F[256] = {
0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4,
0xB3, 0x21, 0x15, 0x78, 0x99, 0xB1, 0xAF, 0xF9,
0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E,
0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28,
0x0A, 0xDF, 0x02, 0xA0, 0x17, 0xF1, 0x60, 0x68,
0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53,
0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19,
0x7C, 0xAE, 0xE5, 0xF5, 0xF7, 0x16, 0x6A, 0xA2,
0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B,
0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8,
0x55, 0xB9, 0xDA, 0x85, 0x3F, 0x41, 0xBF, 0xE0,
0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90,
0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69,
0x45, 0x00, 0x94, 0x56, 0x6D, 0x98, 0x9B, 0x76,
0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20,
0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D,
0x42, 0xED, 0x9E, 0x6E, 0x49, 0x3C, 0xCD, 0x43,
0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18,
0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA,
0xC8, 0x74, 0xDC, 0xC9, 0x5D, 0x5C, 0x31, 0xA4,
0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87,
0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40,
0x34, 0x4B, 0x1C, 0x73, 0xD1, 0xC4, 0xFD, 0x3B,
0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5,
0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0,
0x29, 0x79, 0x71, 0x7E, 0xFF, 0x8C, 0x0E, 0xE2,
0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1,
0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8,
0x08, 0x77, 0x11, 0xBE, 0x92, 0x4F, 0x24, 0xC5,
0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC,
0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3,
0xBD, 0xA8, 0x3A, 0x01, 0x05, 0x59, 0x2A, 0x46
};
void SJ_Encrypt (
const unsigned char *K,
const unsigned char *P,
unsigned char *C)
{
register int i, k; /* could be unsigned char */
unsigned char counter = 0;
unsigned char temp[2];
for (i = 0; i < 8; ++i)
C[i] = P[i];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
k = 0;
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0] ^ C[2];
C[1] = temp[1] ^ C[3] ^ counter;
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 8);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[4] ^= C[0];
C[5] ^= C[1] ^ counter;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0];
C[1] = temp[1];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 16);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0] ^ C[2];
C[1] = temp[1] ^ C[3] ^ counter;
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 24);
do {
++counter;
temp[0] = C[6];
temp[1] = C[7];
C[6] = C[4];
C[7] = C[5];
C[4] = C[2];
C[5] = C[3];
C[2] = C[0];
C[3] = C[1];
C[4] ^= C[0];
C[5] ^= C[1] ^ counter;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[2] ^= F[C[3] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[3] ^= F[C[2] ^ K[k]];
if (++k >= SJ_Keysize) k = 0;
C[0] = temp[0];
C[1] = temp[1];
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
#endif
} while (counter < 32);
}
void SJ_Decrypt (
const unsigned char *K,
const unsigned char *C,
unsigned char *P)
{
register int i, k; /* could be unsigned char */
/* the last comment is WRONG, k has to be signed - Runu Knips */
unsigned char counter = 32;
unsigned char temp[2];
for (i = 0; i < 8; ++i)
P[i] = C[i];
k = 127 % SJ_Keysize /* + 1 */;
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0];
temp[1] = P[1];
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[2] ^= P[0];
P[3] ^= P[1] ^ counter;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 24);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0] ^ P[2];
temp[1] = P[1] ^ P[3] ^ counter;
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 16);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0];
temp[1] = P[1];
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[2] ^= P[0];
P[3] ^= P[1] ^ counter;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 8);
do {
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
temp[0] = P[0] ^ P[2];
temp[1] = P[1] ^ P[3] ^ counter;
P[0] = P[2];
P[1] = P[3];
P[2] = P[4];
P[3] = P[5];
P[4] = P[6];
P[5] = P[7];
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[1] ^= F[P[0] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[0] ^= F[P[1] ^ K[k]];
if (--k < 0) k = SJ_Keysize - 1;
P[6] = temp[0];
P[7] = temp[1];
--counter;
} while (counter > 0);
#ifdef DEBUG
printf("%2d", counter);
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
}
int SJ_Selftest(void)
{
register int i;
unsigned char C[8], P2[8];
const static unsigned char K[10] = {
0x00, 0x99, 0x88, 0x77, 0x66,
0x55, 0x44, 0x33, 0x22, 0x11
};
const static unsigned char P[8] = {
0x33, 0x22, 0x11, 0x00,
0xDD, 0xCC, 0xBB, 0xAA
};
const static unsigned char Cexp[8] = {
0x25, 0x87, 0xCA, 0xE2,
0x7A, 0x12, 0xD3, 0x00
};
#ifdef DEBUG
printf("K:");
for (i = 0; i < 10; ++i)
printf(" %2.2x", K[i]);
printf("\n");
printf("P:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", P[i]);
printf("\n");
#endif
SJ_Encrypt( K, P, C );
#ifdef DEBUG
printf("C:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", C[i]);
printf("\n");
printf("E:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", Cexp[i]);
printf( "\n" );
for (i = 0; i < 8; ++i)
C[i] = Cexp[i];
#endif
SJ_Decrypt(K, C, P2);
#ifdef DEBUG
printf("R:");
for (i = 0; i < 8; ++i)
printf(" %2.2x", P2[i]);
printf("\n");
#endif
for (i = 0; i < 8; ++i)
if (C[i] != Cexp[i] || P2[i] != P[i])
return 0;
return 1;
}
#ifdef TEST
/*
SKIPJACK test in Standard C
last edit: 25-Jan-1999 [EMAIL PROTECTED]
*/
#include <stdio.h>
#include <stdlib.h>
/*
Test program:
*/
int main(int argc, char *argv[])
{
int ok;
ok = SJ_Selftest();
printf("SKIPJACK TEST: %s.\n", ok ? "Succeeded" : "Failed");
return ok ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif
------------------------------
Date: Thu, 27 Jul 2000 10:49:20 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Selecting cipher - which one to use?
Mok-Kong Shen wrote:
> Runu Knips wrote:
> > (a) Don't use IDEA. It uses only 64-bit blocks, uses multiplications and
> > even worse it is PATENTED and you'll have to pay (much !) money for using
> > it.
>
> I understand what you said except 'multiplications'. What's inherently
> wrong with using multiplications? Thanks.
Well, nothing, except that they're expensive, slow (except
if you give them many gates of course), and can be used for
timing attacks.
------------------------------
From: Tom Anderson <[EMAIL PROTECTED]>
Subject: generating S-boxes
Date: Thu, 27 Jul 2000 10:24:17 +0100
i was wondering about how one generates S-boxes. i'm talking about
bijective S-boxes, ie permutations. none of that 'first 2048 binary digits
of pi / e / root 2' business here, thank you very much. i am right in
thinking bijective S-boxes are used, right? not as Feistel F-functions
(mostly), but elsewhere.
i know a good S-box should have various properties, eg avalanche,
nonlinearity, etc. let's abstract these into a quality measure (call it
q), where 0 is rubbish (eg the identity permutation) and big values are
wonderful.
my main question is this: is there a transformation which can be applied
to a permutation (eg swapping two entries) that will lead to small changes
in q? if, so i imagine simulated annealing would be good at finding good
S-boxes.
is there a transformation that always leads to increases in q? in that
case, making good S-boxes is trivial (i'm guessing no such transform
exists).
tom
------------------------------
From: "Ian Dichkovsky" <[EMAIL PROTECTED]>
Subject: looking for asymmetric program sources
Date: Thu, 27 Jul 2000 12:28:45 -0700
Hi All!
I'm looking for free asymmetric program sources
(RSA, PGP, etc)
Pleas post in NG all known http, or ftp, where I could get it.
I'm searching third day. I'm tired >:-P.
------------------------------
From: Florian Weimer <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: PGP US Versions Broken,no good??
Date: 27 Jul 2000 11:36:21 +0200
[EMAIL PROTECTED] (Edward A. Falk) writes:
> Many of these are minor, but some send a chill down my spine. Please
> tell me the official version of pgp doesn't ship with these warnings.
The 6.5x Windows GUI has a problem with long user IDs (read: it
crashes in some key selection dialogs). I don't know if this is
exploitable, but it certainly doesn't make me more confident in NAI
products.
> This is all kind of beside the point though, since 5.0i is kind of
> obsolete. Where is the best, most current version of pgp for Unix
> nowadays?
GnuPG (http://www.gnupg.org/).
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Get Free Software
Date: 27 Jul 2000 09:48:17 GMT
George Peters <[EMAIL PROTECTED]> wrote:
> Perhaps you didn't notice the source.zip contained within. Since you make
> so many assumptions without first checking them out, I would not take any of
> the other comments seriously either.
You're right, I didn't. I don't have any machines which run Windows, so
I can't unpack self-extracting archives. So I made guesses based on
your announcement and my persdonal experience of people announcing
`free' software that comes in self-extracting archives.
I don't see that this has much relevance to anything else. Indeed, if I
were less charitable, I might suspect that you've seized on this trivium
in order to avoid addressing the other, more serious, points below.
-- [mdw]
------------------------------
From: "???" <[EMAIL PROTECTED]>
Subject: Re: How is the security of Outlook Express encryption ?
Date: Thu, 27 Jul 2000 18:05:12 +0800
"Donald L. Nash" <[EMAIL PROTECTED]> ?????
news:[EMAIL PROTECTED]...
> In article <8ln7o1$q7g$[EMAIL PROTECTED]>, "???"
> <[EMAIL PROTECTED]> wrote:
>
> >Actually, I want to know which encryption algorithm and what key lenghth
> >are used by Outlook Express.
>
> It depends. OE uses the Cryptographic API ("CAPI") provided by Windows,
> and CAPI is modular. The algorithm and key size used depend on the
> modules installed and on what the application asks for. I think the
> default is either 40-bit or 56-bit DES and 512-bit RSA, but it has been
> a long time since I looked at CAPI so I'm not positive about that. I
> just remember that the default is pretty weak.
>
> But Greg makes a good point: CAPI can be subverted by inserting a DLL
> between the CAPI DLL and the application, which would allow the
> attacker's DLL to intercept all the plaintext and do anything it wants
> to it. This requires that the attacker be able to install DLLs on your
> system, but with all the security holes in Internet Explorer how hard
> can that be? This isn't an indictment against CAPI per se, but is yet
> another illustration that the weakest link determines the strength of
> the chain.
>
How about PGP ? Does it suffer form the attack of DLL interception ?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
