Cryptography-Digest Digest #315, Volume #12 Sun, 30 Jul 00 13:13:00 EDT
Contents:
Re: Reference to a public key technique in NYTimes (Johnny Bravo)
Skipjack and KEA test vectors (Mark Wooding)
Re: JavaCard vs Multos security (Daniel James)
Re: Reference to a public key technique in NYTimes (jungle)
BRUTE FORCE PASSTEXT crack software, which is the best ? (jungle)
Re: substring reversal (wtshaw)
Re: substring reversal (Mok-Kong Shen)
Combining bit sequences (Mok-Kong Shen)
Re: Reference to a public key technique in NYTimes (David A Molnar)
Re: Enigma with Transpostion (German Mechanisation) (John Savard)
Re: A naive question (John Savard)
Re: Just Curious. Are girls/women interested (Bob Silverman)
New block cipher for the contest ("Manuel Pancorbo")
Math�matics (Ioshua)
Re: Has RSADSI Lost their mind? (Matthew Skala)
Re: Random numbers and online-gambling (Matthew Skala)
Encrypt string to produce a unique number ("yankee")
Re: JavaCard vs Multos security (Matthias Bruestle)
Re: Combining bit sequences (Mack)
Re: Encrypt string to produce a unique number (James Pate Williams, Jr.)
----------------------------------------------------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: Reference to a public key technique in NYTimes
Date: Sun, 30 Jul 2000 06:53:12 -0400
On Sat, 29 Jul 2000 20:50:20 GMT, [EMAIL PROTECTED] (John Bailey)
wrote:
>minute song could be scrambled into 180 different codes; anyone
>taking the time to break a single code would be rewarded with only one
>second of music.
And it only took one second to think of a way to bypass six years of
"research".
Play music, record music as it gets sent to speakers. The software
needed for this is already around, I've used it to record a broadcast
channel playing through WinAmp.
"Impractical" and "Impossible" merely becomes inconvenient as the
music pirates now have to actually play the song before converting to
MP3 format.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Skipjack and KEA test vectors
Date: 30 Jul 2000 11:24:41 GMT
In a different thread, the subject of the paucity of Skipjack test
vectors came up. In particular, Annex III of `SKIPJACK and KEA
Algorithm Specifications' version 2.0 (29 May 1998)[1] only provides one
test vector for the Skipjack algorithm itself, and it doesn't cover the
F table very thoroughly.
I suddenly remembered that the KEA protocol uses Skipjack internally to
hash the result of the Diffie-Hellman-oid key exchange. Aha! I thought
to myself, a source of further test vectors for Skipjack. But I can't
get sensible results out of my implementation. Or Doug Gwyn's either.
The Diffie-Hellman bit of KEA spits out two 80-bit values which for no
adequately explored reason are called v1 and v2. I'm going to try to
draw the diagram which explains how these are combined to form the final
80-bit message key.
+-------------------+ +---------------+---+
| v1 | | v2 |
+-------------------+ +---------------+---+
| | |
/ 80 / 64 / 16
| | |
v v |
(+)---/----------*------->[Skipjack] |
^ 80 | | |
| / 80 / 64 |
/ 80 | | |
| | v |
+-------------------+ | +---+----------+ |
| pad | | | x | |
+-------------------+ | +---+----------+ |
| | | v
| `-/----------->(+)
| 16 | |
| / 64 |
| | |
| v |
`------->[Skipjack] |
| |
/ 64 / 16
| |
v v
+---------------+---+
| Key |
+---------------+---+
Is that fairly clear, at least to the people with monospace fonts?
The `pad' is a constant whose value is 72f1a87e92824198ab0b. Its
purpose is unclear to me.
Looking, for example, at the first KEA test vector, we see the following
values:
v1 = 95b8c6e776e0cae734f0
v2 = 99ccfe2b90fd550b4471
v1 (+) pad = e7496e99e4628b7f9ffb
Key = 740839dee833add46b41
A quick calculation shows that my values for pad, v1 and v1 (+) pad are
correct.
The test vectors don't tell us what the intermediate value I've called x
should be. However, since the bottom 16 bits of Key are derived from
XORing the low 16 bits of v2 and the high 16 bits of x, we can reverse
this to recover those top 16 bits, which should be 2f30.
Here's the problem: encrypting the top 64 bits of v2 = 99ccfe2b90fd550b
with the key v1 (+) pad = e7496e99e4628b7f9ffb gives me the utterly
bogus result 60a73d387b517fca. Working from the other end, decrypting
the top 64 bits of Key = 740839dee833add4 gives me the wrong answer of
acbd1ef2381d1e4f, which is quite unlike any of the previous values.
Something similar happens with the email test vector.
Usually at this point I'd be suspicious of my implementation. So I
pulled Doug Gwyn's version which was posted to this very newsgroup not
so very long ago, and plugged my numbers into that. It gives me exactly
the same wrong answers as my version does.
I'm quite willing to accept that this is all a hopeless mess caused by
my misunderstanding the spec, or typing in the test vectors wrongly or
something. So if anyone has any light to shed on this, I'll ve very
grateful.
Oh, as an aside, typesetting the F table in Times and then scanning a
printout badly makes it very difficult to distinguish the letters `c'
and `e'. I spent a while comparing my F table against the one from the
spec, stopping every now and then to magnify individual letters to see
which was which. No fun.
[1] How odd. A European-order date. I'd not noticed that before.
-- [mdw]
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: JavaCard vs Multos security
Date: Sun, 30 Jul 2000 12:31:59 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Matthias Bruestle
wrote:
> So where can some cards and DK be bought? Where to get the
> documentation?
Take a look at http://www.multos.com and individual vendors' pages referenced
therefrom.
Also have a look at the alt.technolgy.smartcards FAQ at
http://www.scdk.com/atsfaq.htm for more information on smartcards generally.
Cheers,
Daniel.
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Reference to a public key technique in NYTimes
Date: Sun, 30 Jul 2000 07:33:01 -0400
it's nice to see intelligent thinking in this subject ...
isn't this common anymore ?
Johnny Bravo wrote:
>
> On Sat, 29 Jul 2000 20:50:20 GMT, [EMAIL PROTECTED] (John Bailey)
> wrote:
>
> >minute song could be scrambled into 180 different codes; anyone
> >taking the time to break a single code would be rewarded with only one
> >second of music.
>
> And it only took one second to think of a way to bypass six years of
> "research".
you just in 1 second discounted 6 years of 3 or 4 PhD's work ...
nice work ... bravo to Bravo ...
> Play music, record music as it gets sent to speakers. The software
> needed for this is already around, I've used it to record a broadcast
> channel playing through WinAmp.
>
> "Impractical" and "Impossible" merely becomes inconvenient as the
> music pirates now have to actually play the song before converting to
> MP3 format.
>
> --
> Best Wishes,
> Johnny Bravo
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: BRUTE FORCE PASSTEXT crack software, which is the best ?
Date: Sun, 30 Jul 2000 07:56:23 -0400
BRUTE FORCE PASSTEXT crack software, which is the best ?
=========================================================
looking for reference to BRUTE FORCE PASSTEXT crack software ...
to test passtext quality ...
to be :
- very flexible in the options to build words relations & word catenation
OR
- providing substantial list of default options for word list AUTO modification
- multiple words lists, when possible
- will search against passtext / vector / list / matrix /
- free to evaluate
- run in DOS / win95
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: substring reversal
Date: Sun, 30 Jul 2000 05:35:43 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> Multiple encryption with algorithms of fairly different nature
> (similarly for employing different operations in one algorithm) is in
> principle always a good idea, I believe, whether that be in classical
> or in modern cryptography. Some people seem to be of the
> opinion though that there should be one universal algorithm for all
> purposes.
>
The problem with one size fits all is the Russian Boot Problem, most
applications have needs that vary from what the assumption produces. If
you were to allow only usage that fits well, you exclude many uses as you
then have the Palace Guard Problem, finding enough eunuchs that are loyal
to your proposes and compatible with theirs.
--
Free Circus soon to appear in Philadelphia, complete with a
expectation of elephants, and noisy clowns in undignified
costumes performing slight of logic, and, lots of balloons.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: substring reversal
Date: Sun, 30 Jul 2000 15:21:10 +0200
Boris Kazak wrote:
> Mok-Kong Shen wrote:
>
> > Multiple encryption with algorithms of fairly different nature
> > (similarly for employing different operations in one algorithm) is in
> > principle always a good idea, I believe, whether that be in classical
> > or in modern cryptography. Some people seem to be of the
> > opinion though that there should be one universal algorithm for all
> > purposes.
>
> I would like to see a serious attempt at cracking a 480 character
> long
> message processed first with 11-character Vigenere substitution and then
> permuted through a 10x12 grille.
I don't think that somebody will take up your challenge and
do the work. However, since each of the two can evidently
be attacked without the tasks being considered to be in the
very hard category, the combination, though much stronger,
may also not be extremely hard against analysis (as compared
to what one normally believes about attacking a good modern
block cipher). On the other hand, the pair can be taken to
be one round of an encryption algorithm and one can use
several rounds (with different substitution tables and
grilles) to achieve higher desired strength.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Combining bit sequences
Date: Sun, 30 Jul 2000 15:31:36 +0200
Given a number of bit sequences, one simple way of combining
these is to XOR them or add them modulo 2^n, where n is the
number of bits in a computer word. But this is linear in certain
sense. Evidently some nonlinear methods of combinations would
be advantageous for crypto purposes. A simple method of
combining three sequences X, Y and Z that I can think of is the
following:
R = X*Y + Z mod 2^n
To add some complexity to the scheme, one could e.g. use certain
bits from one sequence (from a previous set of words being
combined) to rotate the words of the other sequences before
combination.
I should appreciate learning further ideas of bit sequence
combinations that are not too complicated for implementations.
M. K. Shen
===========================
http://home.t-online.de/mok-kong.shen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Reference to a public key technique in NYTimes
Date: 30 Jul 2000 13:01:57 GMT
jungle <[EMAIL PROTECTED]> wrote:
> you just in 1 second discounted 6 years of 3 or 4 PhD's work ...
> nice work ... bravo to Bravo ...
For what it's worth, the 6 years likely refers to the development of the
NTRU public key cryptosystem, not to the development of its application to
encrypting MP3s.
-david
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Enigma with Transpostion (German Mechanisation)
Date: Sun, 30 Jul 2000 14:20:15 GMT
On Sun, 30 Jul 2000 11:34:14 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>This establishes that substituion
>can't be achieved in general through transpositions (not even at
>finer granularity, i.e. at the bit level).
I certainly agree that substitution and transposition are two
different things.
However, if one uses a 5-bit code to represent the characters of a
32-letter alphabet, permuting the bits which represent a single
character, say by the arrangement 51324, certainly would produce a
substitution of sorts on the characters.
But the translations from the alphabet to the bits are substitutions,
so one isn't doing substitution by transposition only without
substitution, I guess...things do start to get fuzzy when one tries to
look at the methods at that level of granularity.
John Savard (teneerf <-)
Now Available! The Secret of the Web's Most Overused Style of Frames!
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A naive question
Date: Sun, 30 Jul 2000 14:26:41 GMT
On Sat, 29 Jul 2000 08:36:31 -0700, Simon Johnson
<[EMAIL PROTECTED]> wrote, in part:
>Bruce says in Applied Cryptography, that double transposisition
>holds up quite well, for a hand cipher. I was wondering how its
>possible to do double transposisition?
>I would have thought that doing two transpositions would be
>equivelent to one transposition, i.e. it forms a group....
>wouldn't this be as easy to break as just the one transposistion?
Well, two transpositions are equivalent to one transposition, if by
one transposition you mean *any arbitrary rearrangement of letters in
a message*.
However, 'double transposition' is actually short for double columnar
transposition. (Actually, there is a crack for it that has recently
been declassified. A book describing it is available from Aegean Park
Press.)
Simple columnar transposition is the transposition cipher where you
use a keyword to encrypt a message like this:
B R E A D B O X
===============
t h e m o n e y
i s h i d d e n
u n d e r t h e
t h i r d r o c
k
and you take the letters out by columns, under the letters of the
keyword in alphabetical order:
MIER TIUTK NDTR ODRD EHDI EEHO HSNH YNEC
Obviously, doing that again with another short keyword will still also
produce a transposition of the original message, but _not_ a
transposition achievable in a single simple columnar transposition
step with a single keyword of similar length.
John Savard (teneerf <-)
Now Available! The Secret of the Web's Most Overused Style of Frames!
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Just Curious. Are girls/women interested
Date: Sun, 30 Jul 2000 14:50:56 GMT
In article <8ltmh2$mcg$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> in cryptography? Is there any female poster on this board? Any
> prestigious woman in the field at all? Thank you for your response.
Shafi Goldwasser!!!
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Manuel Pancorbo" <[EMAIL PROTECTED]>
Subject: New block cipher for the contest
Date: Sun, 30 Jul 2000 18:02:05 +0200
JALEO BLOCK CIPHER
Main Features
* 128-bit block size cipher (could be implemented in 64-bit fashion or in
any
64-bit size).
* It's not a Feistel cipher; its concept is totally different. Only 3 single
steps. No "round" is needed.
* It's based on two matrix transforms (Hill method) modulo 2, with mixed
operation on 2^N to avoid linearity.
* Internal key size of 8256 bits (2080 in case of 64-bit block size).
* User key is variable, its size must be an exact 32 multiple. The internal
key is generated by a suited non-linear propagator applied to the user key.
* Memory occupied by the key-dependent variables sizes up to 4112 bytes
(1032
in case of 64-bit block size). Key scheduling needs about 80Kb of temporal
memory in an unoptimized way.
* Actual performance is 1.5 Mb/s in a K6-II 350Mhz. Due to the structure of
the core algorithm it can be naturally programmed in assembler or even in
hardware, this way gaining speed. Moreover this algorithm will take much
advantage of 64-bits micros.
Full description and source code in www.scandicus.es.org/jaleo.zip (~135 Kb)
------------------------------
From: Ioshua <[EMAIL PROTECTED]>
Subject: Math�matics
Date: 30 Jul 2000 16:13:31 GMT
Does someone know MAPLE V.4 PRO?
======
User of http://www.foorum.com/. The best tools for usenet searching.
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Has RSADSI Lost their mind?
Date: 30 Jul 2000 09:02:32 -0700
In article <[EMAIL PROTECTED]>,
Eric Lee Green <[EMAIL PROTECTED]> wrote:
>There are some legal scholars who believe that, since no money changed hands,
>the open source license is a "gift offer" rather than a contract, and thus can
>be revoked at any time. That obviously is not a notion that I (or the Free
>Software Foundation) agree with, but some day somebody is going to try to test
>it in a court of law.
Something sort of like that may be tested in a few days' time, in the
Cyber Patrol reverse engineering case. Eddy L O Jansson and I released
our work under unclear license terms, including the bare statement
"Released under the GPL" without including a copy of the GPL, the usual
disclaimers that go along with a GPL release, or spelling out *which* GPL;
and the note "You are allowed to mirror this document and the related
files anywhere you see fit." The plaintiffs, as part of the settlement
agreement, purchased the copyrights to the work for a dollar; now they
want to restrict its distribution.
There were enough procedural questions about the original ruling that the
appeals court may never have to go to the level of examining the copyright
terms. Also, the copyright sale was made after the current appellants set
up their mirror sites, so the court could possibly rule on *their* being
allowed to continue to use the material, without ruling on whether the
free-distribution permission can be revoked as to the general public who
didn't already have a copy before the assignment.
Howevever, if the court actually did that it might simply raise even more
questions, since if our work did turn out to be GPL after all, and the
mirror sites were allowed to distribute it as such, that could mean that
everyone else was also allowed to distribute it as GPL if their copy was
descended from one of the mirror site copies. Or something. Whatever
happens may well be too specific to this case to provide general guidance
on whether open-source licenses can be revoked.
Still, one court has already ruled on more than it needed to in this case,
so we may yet see some kind of general ruling on the revocability of open
source licenses. The hearing is scheduled for August 2nd in Boston. I
maintain an FAQ at http://www.islandnet.com/~mskala/cpbfaq.html; I don't
know where the best place to watch for news on the appeal will be, though.
I'm not really in the loop for that.
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Random numbers and online-gambling
Date: 30 Jul 2000 09:18:45 -0700
In article <8kovjq$[EMAIL PROTECTED]>,
Guy Macon <[EMAIL PROTECTED]> wrote:
>I am an admitted Ethical Hacker, but AFAIKT nobody has been able to link
>my other identity with this one, which is my real name. He should have
>used anonymity to notify the authorities.
He shouldn't have needed to.
--
Matthew Skala
[EMAIL PROTECTED] I'm recording the boycott industry!
http://www.islandnet.com/~mskala/
------------------------------
From: "yankee" <[EMAIL PROTECTED]>
Subject: Encrypt string to produce a unique number
Date: Mon, 31 Jul 2000 00:54:32 +0800
Is there any algorithm to produce a unqiue number based on a string . The
string is except to have a maximum length of 30(the string is alphanumeric
only) After "encryption" . It should result in a number length of not more
than unsigned long which is about 10 .
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: JavaCard vs Multos security
Date: Sun, 30 Jul 2000 16:54:42 GMT
Mahlzeit
Daniel James ([EMAIL PROTECTED]) wrote:
> Take a look at http://www.multos.com and individual vendors' pages referenced
> therefrom.
You wrote also
: MULTOS is now looking like a better bet than JavaCard from just about all
: angles
Not when you want to start developing for it. Registration here,
licence there. No thanks.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Aber wenn er mal trifft, dann schiesst er nicht vorbei.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: Combining bit sequences
Date: 30 Jul 2000 17:03:08 GMT
>
>Given a number of bit sequences, one simple way of combining
>these is to XOR them or add them modulo 2^n, where n is the
>number of bits in a computer word. But this is linear in certain
>sense. Evidently some nonlinear methods of combinations would
>be advantageous for crypto purposes. A simple method of
>combining three sequences X, Y and Z that I can think of is the
>following:
>
> R = X*Y + Z mod 2^n
>
>To add some complexity to the scheme, one could e.g. use certain
>bits from one sequence (from a previous set of words being
>combined) to rotate the words of the other sequences before
>combination.
>
>I should appreciate learning further ideas of bit sequence
>combinations that are not too complicated for implementations.
>
>M. K. Shen
>---------------------------
>http://home.t-online.de/mok-kong.shen
>
>
>
There is always
R=XY+YZ+XZ
IIRC all other three variable boolean combiners of
maximum non-linearity that are balanced are
linearly equivalent.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (James Pate Williams, Jr.)
Subject: Re: Encrypt string to produce a unique number
Date: Sun, 30 Jul 2000 17:23:37 GMT
On Mon, 31 Jul 2000 00:54:32 +0800, "yankee" <[EMAIL PROTECTED]>
wrote:
>Is there any algorithm to produce a unqiue number based on a string . The
>string is except to have a maximum length of 30(the string is alphanumeric
>only) After "encryption" . It should result in a number length of not more
>than unsigned long which is about 10 .
>
A cryptographic hash function will convert a string of bytes into a
number of certain fixed length:
MD5 128-bit output (4 unsigned or signed longs on a 16-bit or 32-bit
system)
SHA-1 160-bit output (5 unsigned or signed longs on a 16-bit or 32-bit
system)
==Pate Williams==
[EMAIL PROTECTED]
http://www.mindspring.com/~pate
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
