Cryptography-Digest Digest #331, Volume #12 Tue, 1 Aug 00 21:13:01 EDT
Contents:
Re: Plausible Word Generation via Trigram Statistics (Mok-Kong Shen)
Re: C++ Plaintext To Block unsigned long ("Joseph Ashwood")
Re: Small block ciphers (Mok-Kong Shen)
Re: PRNG cryptoanalysis (Tome')
Re: Stream Ciphers ("Trevor L. Jackson, III")
Re: Blowfish Implementation (John Myre)
Re: Elliptic Curves encryption ("Trevor L. Jackson, III")
Re: Combining bit sequences (Future Beacon)
Re: Just Curious. Are girls/women interested ([EMAIL PROTECTED])
Re: Plausible Word Generation via Trigram Statistics ("Steve Hollasch")
Re: Small block ciphers ("Trevor L. Jackson, III")
Re: Just Curious. Are girls/women interested ("Joseph Ashwood")
Re: PRNG cryptoanalysis ("Trevor L. Jackson, III")
Re: Small block ciphers (Terry Ritter)
MS Word Master Password ("CMan")
Re: MS Word Master Password (Rex Stewart)
Re: unbreakable code? Yes ("Joseph Ashwood")
Re: MS Word Master Password (Rex Stewart)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Plausible Word Generation via Trigram Statistics
Date: Tue, 01 Aug 2000 23:37:09 +0200
Steve Hollasch wrote:
> The meat of this post is that it occurred to me that one could employ
> standard English trigram statistics to generate a random stream of plausible
> English words. Beyond securing easy-to-remember and meaningless domain
> names, it would be a cool product name generator as well.
>
> Does such a tool exist already? If not, is there a source of English
> trigram statistics (plus any other statistical data I've not yet considered)
> that would help me write such a tool?
I don't yet understand how you are going to generate random
English words from a table of trigram frequencies. Could you
explain a bit?
BTW, if you simply want a random English word, why don't you
use a random number to pick a word from a dictionary?
To your last question, the answer is yes. See H. F. Gaines,
Cryptanalysis. (Dover publications) Note, however, such data
depend on the corpus used to obtain them, i.e. there is no
'universal' trigram frequency table.
M. K. Shen
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: C++ Plaintext To Block unsigned long
Date: Tue, 1 Aug 2000 14:37:30 -0700
Encrypt:Pad it to the length of 2 chunks before encrypting, treat it as an
array of 2.
Decrypt: convert it to a string pointer, remove padding, index as usual.
Joe
e.g
int i;
char *str
str = malloc(8*sizeof(char))
strcpy(str, "weeble");
for(i =strlen(str); i < 8; i++)
{
str[i] = 0;
}
str = (char *)encrypt((long *)str, key);
str = (char *)decrypt((long *)str, key);
i = 7;
/*make sure the padding is removed*/
while(str[i] == 0)
{
str[i] = '\0';
}
printf(str);
printf("\nweeble\n");
If you want to index the long* array use pLong[0] and pLong[1] (where pLong
is a pointer to a long) it is after all just an array. I don't think I can
be much clearer, as long as you're working in C/C++.
Joe
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Small block ciphers
Date: Wed, 02 Aug 2000 00:08:42 +0200
Terry Ritter wrote:
> Small transformations may make more sense as a stream cipher, since
> there will be some hidden RNG involved, or tables can be used in
> arbitrary order, or their contents changed. For the single unchanging
> transformation of a block cipher, only size and plaintext distribution
> hides the contents.
I like to add by pointing out the fact that, since e.g. two 8-bit tables
cannot in general replace a 16-bit substitution table, a larger table
size means more room for realizing better confusion. Persuing this
idea to the extreme, it would be best to have a substitution table
as large as the whole message, which however is in general
unfortunately impossible to do in practice. As I said previously,
the Hill cipher could be a viable compromise for realizing a fairly
large substitution (in limited sense). Permutation of large units ,e.g.
computer words, of a message can also help. (Permutation is
normally said to produce diffusion. However, an interesting
alternative view point is to interpret a permutation to be a special
case of substitution on a larger scale.)
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Tome')
Subject: Re: PRNG cryptoanalysis
Date: Tue, 01 Aug 2000 22:21:50 GMT
see the Handbook of Applied Cryptography HAC by Menezes,
you can evaluate the book on
http://cacr.math.uwaterloo.ca/hac/
What kind of LFSR are you interested cryptanalize?
by, Tom�
------------------------------
Date: Tue, 01 Aug 2000 18:42:22 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Stream Ciphers
This is an excellent existential reply to the OP. It illustrates perfectly the
fact that any twit can _claim_ to have a secure stream cipher. I suppose it's
like counting on ones fingers -- they will always be with us.
Anthony Stephen Szopa wrote:
> Lisa Retief wrote:
> >
> > I just did a quick scan through the FAQs and couldn't find anything on
> > stream ciphers. Have I missed it or does this newsgroup focus only on block
> > ciphers? Are there any non-proprietry/patented stream ciphers out there?
> >
> > Just curious,
> > Lisa
>
> I claim that OAP-L3 encryption software is practicably unbreakable
> when used according to recommendations.
>
> Why do you need a "free" stream cipher?
>
> What do you plan to use it for or do with it?
>
> You can have a shareware copy of OAP-L3: Original Absolute
> Privacy - Level3 encryption software package.
>
> There are many many people who have it. I realize that many of
> them use it without paying for it. There is NO programmed
> expiration within the software.
>
> I would not be upset if someone placed the shareware software
> on a server for free download from an ISP in Iceland, Ireland,
> or Mexico, since these countries do not have any restrictions on
> exporting encryption software (unless this has changed recently.)
>
> Go to http://www.ciphile.com
>
> Go to the Pricing and Ordering web page and click on the blue
> anchor "email" to get your shareware copy.
>
> If your interest is encryption then you need to at least become
> familiar with OAP-L3 firsthand.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Blowfish Implementation
Date: Tue, 01 Aug 2000 16:51:25 -0600
Daniel Leonard wrote:
<snip>
> That is why he said as introduction (not exact quote) :
>
> if you do not worry about endianness
>
> with power comes responsability
<snip>
Evidently he's not worried about architecture, either. On
some processors, accessing (say) and odd address as a 32-bit
value simply causes an access violation (which is to say,
your program crashes).
Part of the problem is the evident character of the OP.
Anyone who has to ask how to convert strings to words for
the purposes of encryption is probably unaware of the
cautions needed. For instance, that endianess is not the
only issue.
JM
------------------------------
Date: Tue, 01 Aug 2000 18:57:13 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Elliptic Curves encryption
Jerry Coffin wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> > We can tell that cryptography is not a science because we have
> > incomplete proofs widely being taken as something they clearly are
> > not: an "almost" proof of result.
>
> By this standard, biology, physics, chemistry, etc., aren't sciences
> either. Nobody's absolutely proven the general theory of relativity,
> but most current physicists take it nearly for granted as a fact. By
> your standard of proof, the theory of evolution is probably
> completely unprovable, but nearly every biologist accepts it without
> question as well. In chemistry we commonly make assumptions about
> the number of electrons that can live in a given shell, and that
> theory seems to fit pretty darned well with how chemicals combine.
> Despite this, we know we can't directly observe electrons in their
> native habitat, so to speak.
>
> IOW, "science", by your definition has never and probably will never
> exist! Humpty-Dumpty would be proud of you...
There appears to be a difference between domains that permit experimental
XpXrXoXoXfX confirmation and those that do not. Sciences do this. Is it your
position that crypto supports experimental confirmation of strength?
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: Re: Combining bit sequences
Date: Tue, 1 Aug 2000 19:08:55 -0400
On Sun, 30 Jul 2000, Mok-Kong Shen wrote:
>
> Given a number of bit sequences, one simple way of combining
> these is to XOR them or add them modulo 2^n, where n is the
> number of bits in a computer word. But this is linear in certain
> sense. Evidently some nonlinear methods of combinations would
> be advantageous for crypto purposes. A simple method of
> combining three sequences X, Y and Z that I can think of is the
> following:
>
> R = X*Y + Z mod 2^n
>
> To add some complexity to the scheme, one could e.g. use certain
> bits from one sequence (from a previous set of words being
> combined) to rotate the words of the other sequences before
> combination.
>
> I should appreciate learning further ideas of bit sequence
> combinations that are not too complicated for implementations.
>
> M. K. Shen
> ---------------------------
> http://home.t-online.de/mok-kong.shen
I have been assuming that you wish to combine bit sequences in such
a way that they cannot be undone. The must be used by the sender
and receiver through shared data and a shared algorithm to arrive
at the same result by combining in the same way. Is this correct?
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Just Curious. Are girls/women interested
Date: Tue, 01 Aug 2000 23:14:05 GMT
Your joke shows how male-dominated this field is. I'm sure the last
female on earth has been driven away. :)
But thanks to all the posters here, we know there are women and they are
GOOD!
So next time you ask a hot chick "Hey baby what's your prime?" she just
might answer you "2-0-6 mod fifty-nine". BTW that's my age.
Have a nice day!
--Sisi
In article <8m73rf$6om$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> If you wondering if becoming a cryptographer will be a good way to
pick
> up chicks, the answer is no. "Hey baby what's your prime?" isn't
likely
> to get you far.
>
> Then again, if you're looking to have an affair, it might not be a bad
> idea to choose a woman who knows how to keep a secret!
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Steve Hollasch" <[EMAIL PROTECTED]>
Subject: Re: Plausible Word Generation via Trigram Statistics
Date: Tue, 1 Aug 2000 16:27:24 -0700
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
<<
I don't yet understand how you are going to generate random English words
from a table of trigram frequencies. Could you explain a bit?
>>
No, the idea is to generate random gibberish words whose trigram
frequency matches that of English text. For example, agilent is not an
English word, but is a plausible imposter.
------------------------------
Date: Tue, 01 Aug 2000 19:38:56 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: Small block ciphers
Mack wrote:
> >Mack wrote:
> >>
> >> ****************
> >> My current interest is in block ciphers. I am not sure
> >> what relevance the security of stream ciphers has in this.
> >> Certainly adding state increases security, however doing so
> >> it is no longer a block cipher.
> >>
> >> Mack
> >> Remove njunk123 from name to reply by e-mail
> >--------------------------
> > But you can regard propagating state as a kind of block
> >chaining mode. Otherwise, in your presentation, the only legitimate
> >chaining mode is ECB.
> >
> >Best wishes BNK
> >
> >
>
> For what I am currently working on ECB is the only
> legitimate chaining mode. All other modes contain
> state which doesn't work with the representations
> I am using. Specifically the block size
> is no longer a constant.
Would you care to define your use of the term "block size"? It's usually
independent of internal state.
>
>
> Obviously proving a cipher is insecure in ECB mode
> casts serious doubt on its use in chaining modes.
How did you reach this conclusion? More terminology skew?
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Just Curious. Are girls/women interested
Date: Tue, 1 Aug 2000 16:35:27 -0700
WARNING: Going more off topic, and potentially more offensive, especially to
chauvanists and/or guys that still think "Hey baby what's your prime" will
work.
<[EMAIL PROTECTED]> wrote in message news:8m7ljp$kva$[EMAIL PROTECTED]...
> Your joke shows how male-dominated this field is. I'm sure the last
> female on earth has been driven away. :)
I will not make the obvious heavenly observation, I will not make the
obvious heavenly observation.
>
> But thanks to all the posters here, we know there are women and they are
> GOOD!
Maybe it's just me, but can this setup be made any easier? It's so hard to
resist.
>
> So next time you ask a hot chick "Hey baby what's your prime?" she just
> might answer you "2-0-6 mod fifty-nine". BTW that's my age.
Gee, and I would've thought the answer would be 5, if for no other reason
than that's the number of red marks on his face for using such a stupid
pickup line.
Joe
------------------------------
Date: Tue, 01 Aug 2000 19:49:07 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: PRNG cryptoanalysis
Mack wrote:
> >Hello everybody,
> >I'd like to know if there is any site around dealing with cryptoanalysis
> >of two common pseudo-random number generators known as "linear
> >congruential" (maybe the easiest one around) and "linear feedback shift
> >register" (or LFSR).
> >I found many sites dealing with related theory and applications but none
> >dealing with cryptoanalysis. :(
> >Thank you in advance.
> >
> > Corrado Galdini
> >
> >
>
> The Blum-Blum-Shub paper showed that the LCG generator was
> weak.
>
> The LFSR in its simplest form outputs its state as its output.
> Various mechanisms have been invented to overcome this
> drawback.
>
> Both of these generators fail various statistical tests.
This observation is not meaningful. For any LFSR there is a test that can
distinguish it from random. For any suite of such tests there an an LFSR that
can pass them.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Small block ciphers
Date: Tue, 01 Aug 2000 23:53:36 GMT
On Wed, 02 Aug 2000 00:08:42 +0200, in
<[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>
>> Small transformations may make more sense as a stream cipher, since
>> there will be some hidden RNG involved, or tables can be used in
>> arbitrary order, or their contents changed. For the single unchanging
>> transformation of a block cipher, only size and plaintext distribution
>> hides the contents.
>
>I like to add by pointing out the fact that, since e.g. two 8-bit tables
>cannot in general replace a 16-bit substitution table, a larger table
>size means more room for realizing better confusion.
Absolutely. I see at least two issues here: Keying potential, and
the revealable internal state. With only 256 bytes, keying potential
is far beyond what we need, but if we reveal only 255 bytes we have a
big problem. So the question is how one could use this secret
information without revealing it in known plaintext.
The more bytes there are the more bytes we can afford to reveal before
changing the key. One approach is to change the key automatically and
frequently as part of the cipher itself, but this may have to be so
frequent as to not really be practical. But maybe then we could argue
that such a cipher inherently puts limits on the length of a
table-exposure break. And if a table is all we have, that may be more
than we can normally say about a cipher.
In practice, though, we'd probably want a far smaller limit, the
square root of the number of elements, which means that most of the
table would not be used in every keying cycle.
Another approach is to in some way hide the structure of one table by
using another table.
>Persuing this
>idea to the extreme, it would be best to have a substitution table
>as large as the whole message, which however is in general
>unfortunately impossible to do in practice. As I said previously,
>the Hill cipher could be a viable compromise for realizing a fairly
>large substitution (in limited sense). Permutation of large units ,e.g.
>computer words, of a message can also help. (Permutation is
>normally said to produce diffusion. However, an interesting
>alternative view point is to interpret a permutation to be a special
>case of substitution on a larger scale.)
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: MS Word Master Password
Date: Tue, 1 Aug 2000 17:01:13 -0700
I have published the software details and algorithm for the 48 bit one time
pad generator that protects any Word document from password guessing
attacks. That is, 48 bits of the Word document are changed, and the
password can no longer be guessed even if it is 1 character.
See http://www.crak.com/masterpa.htm
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: MS Word Master Password
Date: Wed, 02 Aug 2000 00:35:41 GMT
I just checked your website. My observations.
1. The system described would completely prevent guessing
the password by keying in passwords at the keyboard.
(And, to your credit, this seems to be what you are
advertising)
2. Use of this system will prevent any crackers currently
on the market (that I have been able to find) from
finding the key to the document.
3. A cracking tool could still be written that would
defeat this additional security, although granted,
it might be a tad slower than the ones in use today.
(Also granted, it would probably get less use than
one aimed at the entire world of Word documents,
providing a substantial price/performance penalty)
In article <6xJh5.792$[EMAIL PROTECTED]>,
"CMan" <[EMAIL PROTECTED]> wrote:
> I have published the software details and algorithm
> for the 48 bit one time pad generator that
> protects any Word document from password guessing
> attacks. That is, 48 bits of the Word document
> are changed, and the password can no longer
> be guessed even if it is 1 character.
>
> See http://www.crak.com/masterpa.htm
>
> JK
>
> --
> CRAK Software
> http://www.crak.com
> Password Recovery Software
> QuickBooks, Quicken, Access...More
> Spam bait (credit E. Needham):
> root@localhost
> postmaster@localhost
> admin@localhost
> abuse@localhost
> webmaster@localhost
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: unbreakable code? Yes
Date: Mon, 31 Jul 2000 22:20:39 -0700
Except that you still have that same issue of getting the CD
to the other person securely. You can't tell if I've
hijacked your Post, read the CD, and dropped it back in the
post. If you plan on delivering it in person, why don't you
deliver your information in person too? Not to say that you
can't make a go of it, after all M$ has produced _much_
worse and people keep buying it at insane rates.
Joe
------------------------------
From: Rex Stewart <[EMAIL PROTECTED]>
Subject: Re: MS Word Master Password
Date: Wed, 02 Aug 2000 00:49:34 GMT
Gotta quit posting when tired.
Couple of corrections.
Your site says most of what was in my last post.
1. I was unaware MS was still using a password
check field in their documents.
(I thought when I first read your page you
were double encrypting the first 48 characters
of the RC4 encypered text - my mistake.)
2. I do take issue that the recovery of the RC4 encrypted
text would not provide the user key used to encrypt
the document. Is their some other factor added to
the user key before keying the RC4 cypher that would
prevent this?
In article <6xJh5.792$[EMAIL PROTECTED]>,
"CMan" <[EMAIL PROTECTED]> wrote:
> I have published the software details and
> algorithm for the 48 bit one time
> pad generator that protects any Word
> document from password guessing
> attacks. That is, 48 bits of the
> Word document are changed, and the
> password can no longer be guessed
> even if it is 1 character.
>
> See http://www.crak.com/masterpa.htm
>
> JK
>
> --
> CRAK Software
> http://www.crak.com
> Password Recovery Software
> QuickBooks, Quicken, Access...More
> Spam bait (credit E. Needham):
> root@localhost
> postmaster@localhost
> admin@localhost
> abuse@localhost
> webmaster@localhost
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
--
Rex Stewart
PGP Print 9526288F3D0C292D 783D3AB640C2416A
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
