Cryptography-Digest Digest #317, Volume #12 Sun, 30 Jul 00 23:13:00 EDT
Contents:
Re: Small block ciphers (Terry Ritter)
Re: Combining bit sequences (Future Beacon)
About DES Key Schedule function (Garba)
Re: encrypting folders in Windoze ("r.e.s.")
Re: Random numbers and online-gambling (Guy Macon)
Re: Encrypt string to produce a unique number (Bill Unruh)
Re: Encrypt string to produce a unique number (Bill Unruh)
Re: Combining bit sequences (Mok-Kong Shen)
Re: About DES Key Schedule function (Mok-Kong Shen)
Re: Encrypt string to produce a unique number (Sundial Services)
BUGS v3.3.0 - CONTEST (Sylvain Martinez)
BUGS v3.3.0 - CONTEST (Sylvain Martinez)
Re: Skipjack and KEA test vectors (Mark Wooding)
Re: Combining bit sequences (Future Beacon)
Re: Skipjack and KEA test vectors ("Douglas A. Gwyn")
Re: Combining bit sequences ("Douglas A. Gwyn")
Re: Has RSADSI Lost their mind? (Roger Schlafly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Small block ciphers
Date: Sun, 30 Jul 2000 20:16:15 GMT
On 30 Jul 2000 07:49:42 GMT, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (Mack) wrote:
>Has the field of building small block ciphers
>been neglected? Skipjack used a 16 bit four
>round cipher as an S-box. This is reported to
>be part of a family of ciphers used in Type 1
>crypto hardware.
Terminology seems to be part of the problem here (as it often is).
Normally, we see a "block cipher" as a Simple Substitution which is so
large that we cannot store or traverse it. So the idea of a "small
block cipher" is almost contradictory, but we use things much like
that all the time and just call them substitution tables.
>Presumably Skipjack was at the low end of
>this family. Although it has a very low safety
>margin it is still an interesting design.
>
>Has anyone experimented with similar designs?
>Does anyone have any 'good' short block ciphers
>laying around?
Certainly, Substitution-Permutation (S-P) designs have been around for
a long time, but are harder than they look. I have done a lot of work
in the mixing of multiple substitution tables so as to produce effects
statistically similar to that of a table which is far too large to
store.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: Re: Combining bit sequences
Date: Sun, 30 Jul 2000 17:13:58 -0400
On Sun, 30 Jul 2000, Mok-Kong Shen wrote:
>
> Given a number of bit sequences, one simple way of combining
> these is to XOR them or add them modulo 2^n, where n is the
> number of bits in a computer word. But this is linear in certain
> sense. Evidently some nonlinear methods of combinations would
> be advantageous for crypto purposes. A simple method of
> combining three sequences X, Y and Z that I can think of is the
> following:
>
> R = X*Y + Z mod 2^n
>
> To add some complexity to the scheme, one could e.g. use certain
> bits from one sequence (from a previous set of words being
> combined) to rotate the words of the other sequences before
> combination.
>
> I should appreciate learning further ideas of bit sequence
> combinations that are not too complicated for implementations.
>
> M. K. Shen
> ---------------------------
> http://home.t-online.de/mok-kong.shen
Instead of using binary operations like * and +, you might
generalize them with 64K look-up tables. There are many more
possible look-up tables than elementary functions. Also, they
can be changed from time to time. The disadvantage is the overhead,
but I think that it is often worth the memory, time, and program
complexity.
If a look-up table defines * instead of it meaning multiplication,
the X * Y is the entry at the address that has the bits of X
followed by the bits of Y. If both X and Y are 8 bits, then you
get a 16 bit address and therefore need a 64K look-up table.
If you want to make some look-up tables small, you could use
Q + Y mod 2^8 as an address and therefore have only 256 table
entries. Such a small amount of data could be changed rather
frequently.
That's the way I would use your X * Y + Z.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
From: Garba <[EMAIL PROTECTED]>
Subject: About DES Key Schedule function
Date: Sun, 30 Jul 2000 21:14:18 GMT
Maybe it's a stupid question, but I haven't understood if in Key
Schedule function in Des the left shifts are "real" logical shifts (*2
operations) or rotations.
Thanks
Garba
#################################
Remove SPAMAWAY from address
to reply by e-mail
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: encrypting folders in Windoze
Date: Sun, 30 Jul 2000 14:45:13 -0700
In this vein, does anyone here have experience with Cryptext?
It appears to be SHA1/RC4-based freeware.
See http://www.pcug.org.au/~njpayne
--r.e.s.
<[EMAIL PROTECTED]> wrote ...
| Can anyone share how they encrypt folders in Windoze? Winzip? I
| basically just want to be able to lock folders and their contents
| from snooping eyes.
|
| Thanks, and my apologies if this is too basic.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Random numbers and online-gambling
Date: 30 Jul 2000 18:03:52 EDT
Matthew Skala wrote:
>
>
>In article <8kovjq$[EMAIL PROTECTED]>,
>Guy Macon <[EMAIL PROTECTED]> wrote:
>>I am an admitted Ethical Hacker, but AFAIKT nobody has been able to link
>>my other identity with this one, which is my real name. He should have
>>used anonymity to notify the authorities.
>
>He shouldn't have needed to.
I agree. Given the fact that we live in a world where the Church of
Scientology can accuse otherwise anonymous AOL users of copyright
violation, get a court order to force AOL to reveal who they are
during the discovery phase of the trial, then drop the charges,
He should have used a service such as [ http://www.zeroknowledge.com/ ]
to notify the authorities with minimal risk of being identified.
He shouldn't have needed to, but he should have.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Encrypt string to produce a unique number
Date: 30 Jul 2000 22:17:27 GMT
In <8m1mpc$2hh$[EMAIL PROTECTED]> "yankee" <[EMAIL PROTECTED]> writes:
>Is there any algorithm to produce a unqiue number based on a string . The
>string is except to have a maximum length of 30(the string is alphanumeric
>only) After "encryption" . It should result in a number length of not more
>than unsigned long which is about 10 .
Impossible. There are about (2^7)^30 strings of length 30 made up of
just ascii characters (2^(6*30) if just printable) and say 8 bits in an
unsigned long or 2^64 bits. Since 210 ( or 180) is bigger than 64, it is
impossible to produce a unique number for each string. There are too
many strings and too few numbers.
If you are willing to settle for "unlikely to produce the same number"
use any hash and keep just the first 8 bytes.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Encrypt string to produce a unique number
Date: 30 Jul 2000 22:21:41 GMT
In <8m1qn4$60v$[EMAIL PROTECTED]> "yankee" <[EMAIL PROTECTED]> writes:
>You mention about MD5 and SHA . How is the code looks like and how does it
>really works.
Get Schneier's book and read up on how they work. I do not think that is
what you want. They take an arbitrary length input string and produce
128 bits of output, which is designed so that finding two inputs which
produce the same output is very hard to find.
But you know they exist.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Combining bit sequences
Date: Mon, 31 Jul 2000 00:40:03 +0200
"Douglas A. Gwyn" wrote:
> Mok-Kong Shen wrote:
> > I should appreciate learning further ideas of bit sequence
> > combinations that are not too complicated for implementations.
>
> There are all sorts of ways of "combining" variables in expressions.
> What other properties are required? For example, do you want to be
> able to invert a transformation from one set of variable to another
> using a fixed algorithm no matter what the values? Without further
> constraints your question is essentially, what mathematics is
> possible.
Indeed my post was not very clear and hence misleading. Instead
of 'bit' I should have used 'random bit'. The purpose of obtaining
nonlinearity is to render the resulting sequence less susceptible to
prediction.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: About DES Key Schedule function
Date: Mon, 31 Jul 2000 00:39:57 +0200
Garba wrote:
> Maybe it's a stupid question, but I haven't understood if in Key
> Schedule function in Des the left shifts are "real" logical shifts (*2
> operations) or rotations.
It is circular shift (rotation). Maybe you have bad literature.
M. K. Shen
------------------------------
Date: Sun, 30 Jul 2000 15:30:26 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Encrypt string to produce a unique number
If you must guarantee that the number produced will (a) be solely
derived from the input; and (b) must be unique for all unique inputs
given ... then I doubt that what you ask for can be done unless you are
very lucky with compression. And it is rather unlikely that a
compression algorithm will reduce only 30 bytes to 10.
If you can tolerate any sort of redundancy at all, or if you are simply
trying to hash something (for a lookup purpose) and are wondering what
to do with a collision, that is where two values DO hash to the same
bucket, then this is an entirely different and very solvable problem.
You need to better-describe exactly WHAT you are doing and WHY, so that
the rest of us can ascertain the true nature of the problem. There is a
trade-off system of constraints at work here, "and some of these must
give-up in favor of the others." The question, that I certainly cannot
divine from your posting, is which ones.
{ reply to newsgroup only }
>yankee wrote:
>
> Thanks , you have a give me good understanding about all this stuff.
> What I need is more to "hashing function" .
> Actually , I have thought of summing up the ASCII value of the whole string
> , but as you have said, the value produce will not be unique. Actually , the
> easier the algorithm ,it will be more easy for me to understand. Do you have
> any ideas how I can go about it , to hash a string of length 30 to digits of
> max length 10 .
>
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: BUGS v3.3.0 - CONTEST
Date: Sun, 30 Jul 2000 23:30:07 GMT
Hi,
I have created a cryptography algorithm. I am not good at cryptography,
but I am really interested in this subject.
I am not sure that this algorithm, called BUGS, is really good or even
good at all. This is why I am posting an email in this newsgroup and
also running a contest to crack it, the Prize (only) is 50 English
Pounds.
I know it is not a lot, but this algorithm is free and open source and
I have only done it during my free time. And really this prize is just
there to show that I am serious about it. Because I have never managed
to crack it and I haven't got the knowledge to even do it, I have
launched this contest.
Even if you don't want to participate to the contest (and I am sure
that professional cryptographer will never even try for so little money)
I invite you to go to the Web site:
http://www.bcrypt.com
Where you can find the Unix applications, the source code, a
documentation about how the algorithm works and information about the
contest.
BUGS is a private key algorithm.
Once again I am not posting a message to say I've done a brilliant
algorithm, but just that I have done one and if anybody could tell me
where are the possible weak points it would be really useful.
This is an open source, GNU/GPL package. If you've got any ideas about
how to improve it please let me know on:
[EMAIL PROTECTED]
Thanks for your time.
Sylvain.
PS: I am french, therefore english is not my mother tongue please
excuse me if I make mistake or if I "invent words" ;o)
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Sylvain Martinez <[EMAIL PROTECTED]>
Subject: BUGS v3.3.0 - CONTEST
Date: Sun, 30 Jul 2000 23:30:15 GMT
Hi,
I have created a cryptography algorithm. I am not good at cryptography,
but I am really interested in this subject.
I am not sure that this algorithm, called BUGS, is really good or even
good at all. This is why I am posting an email in this newsgroup and
also running a contest to crack it, the Prize (only) is 50 English
Pounds.
I know it is not a lot, but this algorithm is free and open source and
I have only done it during my free time. And really this prize is just
there to show that I am serious about it. Because I have never managed
to crack it and I haven't got the knowledge to even do it, I have
launched this contest.
Even if you don't want to participate to the contest (and I am sure
that professional cryptographer will never even try for so little money)
I invite you to go to the Web site:
http://www.bcrypt.com
Where you can find the Unix applications, the source code, a
documentation about how the algorithm works and information about the
contest.
BUGS is a private key algorithm.
Once again I am not posting a message to say I've done a brilliant
algorithm, but just that I have done one and if anybody could tell me
where are the possible weak points it would be really useful.
This is an open source, GNU/GPL package. If you've got any ideas about
how to improve it please let me know on:
[EMAIL PROTECTED]
Thanks for your time.
Sylvain.
PS: I am french, therefore english is not my mother tongue please
excuse me if I make mistake or if I "invent words" ;o)
---
Unix security administrator
BUGS crypto project: http://www.bcrypt.com
http://www.encryptsolutions.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mark Wooding)
Subject: Re: Skipjack and KEA test vectors
Date: 30 Jul 2000 23:58:23 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> Mark Wooding wrote:
> > Usually at this point I'd be suspicious of my implementation. So I
> > pulled Doug Gwyn's version which was posted to this very newsgroup not
> > so very long ago, ...
>
> Make sure you're using the second posting; the first was from an
> intermediate stage of code development that I thought I had
> deleted and it performed the computation incorrectly. If you
> want a corrected version send me e-mail at [EMAIL PROTECTED]
I'm using the version posted by Runu Knips, because it was still in my
news spool, and it claims to be the working version.
I've dredged up your original article from Deja now anyway. For future
reference, the relevant details for the article are:
: From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
: Subject: Re: Skipjack implementation in C (this one works)
: Date: 18 May 2000 00:00:00 GMT
: Message-ID: <[EMAIL PROTECTED]>
: Newsgroups: sci.crypt
I've verified that this implementation behaves the same as mine: it
passes the `official' test vector, but spectacularly fails the ones I
derived from the KEA vectors, giving instead *exactly* the same `wrong'
answers as my version.
Has anyone managed to get the KEA test vectors to work? Do our
independent implementations really have exactly the same bizarre bug?
Is my understanding of KEA up the spout? [Snip paranoid ramblings.]
-- [mdw]
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: Re: Combining bit sequences
Date: Sun, 30 Jul 2000 20:47:46 -0400
On Sun, 30 Jul 2000, Mok-Kong Shen wrote:
>
> Given a number of bit sequences, one simple way of combining
> these is to XOR them or add them modulo 2^n, where n is the
> number of bits in a computer word. But this is linear in certain
> sense. Evidently some nonlinear methods of combinations would
> be advantageous for crypto purposes. A simple method of
> combining three sequences X, Y and Z that I can think of is the
> following:
>
> R = X*Y + Z mod 2^n
>
> To add some complexity to the scheme, one could e.g. use certain
> bits from one sequence (from a previous set of words being
> combined) to rotate the words of the other sequences before
> combination.
>
> I should appreciate learning further ideas of bit sequence
> combinations that are not too complicated for implementations.
>
> M. K. Shen
> ---------------------------
> http://home.t-online.de/mok-kong.shen
I should add to my previous reply the suggestion that look-up
tables can be used in series. The found entry in one look-up
table might be used as the address in the next look-up table
instead of using that found entry as an answer.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Skipjack and KEA test vectors
Date: Sun, 30 Jul 2000 21:42:04 -0400
Mark Wooding wrote:
> I've verified that this implementation behaves the same as mine: it
> passes the `official' test vector, ...
Okay, then that's the corrected version.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Combining bit sequences
Date: Sun, 30 Jul 2000 21:44:26 -0400
Mok-Kong Shen wrote:
> Indeed my post was not very clear and hence misleading. Instead
> of 'bit' I should have used 'random bit'. The purpose of obtaining
> nonlinearity is to render the resulting sequence less susceptible to
> prediction.
If the input bits are random they're already unpredictable.
So I guess you're asking about methods to take biased bits
and remove the bias. There is a paper on this in a recent
(May 2000 I think) issue of IEEE Trans. Inf. Th.
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Has RSADSI Lost their mind?
Date: Sun, 30 Jul 2000 19:54:12 -0700
Matthew Skala wrote:
> Something sort of like that may be tested in a few days' time, in the
> Cyber Patrol reverse engineering case. Eddy L O Jansson and I released
> our work under unclear license terms, including the bare statement
> "Released under the GPL" without including a copy of the GPL, the usual
> disclaimers that go along with a GPL release, or spelling out *which* GPL;
> and the note "You are allowed to mirror this document and the related
> files anywhere you see fit." The plaintiffs, as part of the settlement
> agreement, purchased the copyrights to the work for a dollar; now they
> want to restrict its distribution.
I don't get it. Why would you copyright it and then turn it over
to your enemies? Why didn't you just put it into the public domain
as soon as you got into legal trouble.
Your web site is confusing about whether you released your stuff
under GPL. Make up your minds!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
