Cryptography-Digest Digest #360, Volume #12 Sat, 5 Aug 00 01:13:01 EDT
Contents:
Re: New William Friedman Crypto Patent (filed in 1933) (AllanW)
Re: Multiple encryption passes (Terry Ritter)
Re: Password Protected Documents (Edward A. Falk)
Re: New William Friedman Crypto Patent (filed in 1933) (John Savard)
Re: New William Friedman Crypto Patent (filed in 1933) (wtshaw)
Re: Let us have Lattice (wtshaw)
Re: Multiple encryption passes (AllanW)
Re: Square/Rijndael/Crypton S-box question (Mack)
Re: Basic Question concerning digital certificates and Microsoft Outlook ("Douglas
A. Gwyn")
Re: RC5 / 4 (Mack)
Re: Small block ciphers (wtshaw)
Good pointers on MDS (Mack)
Re: New William Friedman Crypto Patent (filed in 1933) (John Savard)
Re: Plausible Word Generation via Trigram Statistics (Kurt Shoens)
Re: Password Protected Documents ("Lyalc")
Re: Plausible Word Generation via Trigram Statistics (Kurt Shoens)
Re: What is the word on TC5? (tomstd)
Re: Observation on MDS matrices (tomstd)
----------------------------------------------------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Fri, 04 Aug 2000 22:58:13 GMT
Tom Anderson <[EMAIL PROTECTED]> wrote:
[ re patent on Hyperlink ]
> i think Nelson even traces it back to the
> quasi-hypertextual commentary in the Torah [1].
> [1] i think it's the Torah; one of the jewish holy books.
The Torah is the old testament (the first half of the Bible),
it has no quasi-hypertextual commentary. You may be thinking
of the Talmud.
> i apologise for my lack of erudition in this field [2].
No apology needed.
> [2] and for the off-topicness of this post.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Multiple encryption passes
Date: Fri, 04 Aug 2000 23:31:43 GMT
On Fri, 04 Aug 2000 22:18:18 GMT, in <8mfff6$fhs$[EMAIL PROTECTED]>, in
sci.crypt AllanW <[EMAIL PROTECTED]> wrote:
>A month or two ago, I posted a question here about taking
>data that had already been encrypted and encrypting it
>again with a completely different algorithm.
See, for example:
http://www.io.com/~ritter/NEWS4/LIMCRYPT.HTM
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: [EMAIL PROTECTED] (Edward A. Falk)
Subject: Re: Password Protected Documents
Date: 5 Aug 2000 00:08:59 GMT
In article <cqah5.58894$[EMAIL PROTECTED]>,
Lyalc <[EMAIL PROTECTED]> wrote:
>What's to stop a complete cut'n'paste for the document content into a clean,
>unprotected document?
Digital signature.
--
-ed falk, [EMAIL PROTECTED] See *********************#*************#*
http://www.rahul.net/falk/whatToDo.html #**************F******!******!*!!****
and read 12 Simple Things You Can Do ******!***************************#**
to Save the Internet **#******#*********!**WW*W**WW****
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sat, 05 Aug 2000 00:10:31 GMT
On Fri, 04 Aug 2000 16:23:23 -0500, Bruce Schneier
<[EMAIL PROTECTED]> wrote, in part:
>Could this be an M-228?
> http://home.ecn.ab.ca/~jsavard/crypto/te0305.htm
>From what I saw in the patent, it's definitely for the design that was
the M-134-T2, M-134, and M-134-A.
I suppose that a patent on the M-228, or one on the M-229, which was
the device used to supplement the M-134 to turn it into a machine
similar to the SIGABA, would be the "other shoe" that may drop soon.
But the M-134 takes 5-level code as input, and uses it to control the
scrambling of letters in normal rotor fashion; the M-228 and M-229
move their rotors in odometer fashion, and generate five streams of
bits as output, so they are opposites.
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Fri, 04 Aug 2000 19:00:05 -0600
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> > When the patent process is used to enable government control at the
> > expense of the inventor, this is contrary to reasonable action. NSA
> > should not expect to extend its control by virtue of beaucratic planned
> > inefficiency in addressing an inventor's generated works; their tentacles
> > are not to be enhansed at the cost of someone elses testacles.
>
> Bureaucratic inefficiency has nothing to do with it,
> and WFF was awarded a large sum in compensation for
> not being able to profit directly from classified
> patents. Perhaps you should check your facts before
> ranting.
Nevertheless, even a crazy or somewhat trivial patent can have effect from
sometime from when it is granted. I doubt that this one is an isolated
fluke as it would seem harmless enough to launch it as a trial balloon.
Figure that they sit on more than this, other pending patents that could
throw a monkey wrench into some inventor's current plans.
--
Free Circus soon to appear in Philadelphia, complete with a
expectation of elephants, and noisy clowns in undignified
costumes performing slight of logic, and, lots of balloons.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Let us have Lattice
Date: Fri, 04 Aug 2000 19:21:52 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> : Finally, it is a linear transformation. [...]
>
> Yes. This appears to make it next-to-useless as an encryption device.
> --
Every useful encryption algorithm is build of primatives. To say that
what we see here is next to useless would seem to target generally called
modern algorithms more than me. Now, if you are volunteering to say
something meaningful, say it.
One hears the montra that diffusion is of kingly importance in
encryption. I maintain that an algorithm may not need to rely on it.
But, here I put in in something that caters to the montra, and you spit at
it. Be careful that you do not appear more as prejudiced than scientific.
Whenever you take a block of plaintext binary bits and divide them into
halves, you are merely defining text in a higher base so that it is easier
to work with. While seeming to do yourself a favor, you are not if the
recursion properties of that higher defined base are poor. Then, a mess
of steps are necessary to try to juggle weakness into something useful.
Any isolated primative is apt to be poor on its face; it matters more how
more than one primative are used together.
If you were to use inadequate keying, that is no test. It is surely
useful to see how more keys add to strength.
----
Sinnet needs a odd number of characters per group, otherwise, with even,
the group is handled as isolated halves.
--
Free Circus soon to appear in Philadelphia, complete with a
expectation of elephants, and noisy clowns in undignified
costumes performing slight of logic, and, lots of balloons.
------------------------------
From: AllanW <[EMAIL PROTECTED]>
Subject: Re: Multiple encryption passes
Date: Sat, 05 Aug 2000 01:49:10 GMT
> AllanW <[EMAIL PROTECTED]> wrote:
>
> >A month or two ago, I posted a question here about taking
> >data that had already been encrypted and encrypting it
> >again with a completely different algorithm.
[EMAIL PROTECTED] (Terry Ritter) wrote:
> See, for example:
>
> http://www.io.com/~ritter/NEWS4/LIMCRYPT.HTM
Wow, it's like you read my mind. I haven't read the entire
page yet, but so far this covers EXACTLY what I was thinking
about!
Thank you for saving and organizing this information.
--
[EMAIL PROTECTED] is a "Spam Magnet," never read.
Please reply in newsgroups only, sorry.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 05 Aug 2000 02:04:57 GMT
Subject: Re: Square/Rijndael/Crypton S-box question
>Mark Wooding <[EMAIL PROTECTED]> wrote:
>> The S-box in Rijndael is inversion in the field GF(2^8) represented as
>> GF(2)[x]/(x^8 + x^4 + x^3 + x + 1), followed by the affine
>> transformation
>>
>> [ 1 1 1 1 1 0 0 0 ] [ x_7 ] [ 0 ]
>> [ 0 1 1 1 1 1 0 0 ] [ x_6 ] [ 1 ]
>> [ 0 0 1 1 1 1 1 0 ] [ x_5 ] [ 1 ]
>> [ 0 0 0 1 1 1 1 1 ] [ x_4 ] [ 0 ]
>> [ 1 0 0 0 1 1 1 1 ] [ x_3 ] + [ 0 ]
>> [ 1 1 0 0 0 1 1 1 ] [ x_2 ] [ 0 ]
>> [ 1 1 1 0 0 0 1 1 ] [ x_1 ] [ 1 ]
>> [ 1 1 1 1 0 0 0 1 ] [ x_0 ] [ 1 ]
>>
>> over GF(2).
>
>Fascinating. You know, I'd never noticed this before, but staring at
>what you posted, there seems to be a lot of regularity in that affine
>transformation, doesn't there?
>
>Example. Let M be the above matrix, * represent GF(2^8)-multiplication,
>and 2 represent the element 0x02 of GF(2^8) (i.e., the polynomial "x").
>Then the relation M(2*x) = 2*(Mx) holds with probability 1/4.
>
>Does anyone else find this example a bit disconcerting? The main role
>of the matrix M is to destroy the GF(2^8) structure; yet the example shows
>that, due to the regularity in the matrix M, the affine transformation
>leaves some considerable remnants of the GF(2^8) structure intact.
>
>
I never really looked at it all that close but I can
see why I have been having trouble using these s-boxes
in different 8-bit ciphers. The structure still has too much
of a group property.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Basic Question concerning digital certificates and Microsoft Outlook
Date: Fri, 04 Aug 2000 22:07:10 -0400
Harmonics wrote:
> ... what if I want to create a simple certificate myself?
It's nontrivial, but there is free software available to help
you do that. The PKCS specs are available at RSA's Web site,
and by following links there you should find source code.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 05 Aug 2000 02:10:41 GMT
Subject: Re: RC5 / 4
>John Myre wrote:
>> tomstd wrote:
>> <snip>
>> > Note: RC5 is the holy grail of RSA so unless you want to start a
>> > war with them I would avoid it.
>>
>> Hm. This analogy isn't exactly right; a "holy grail" is something
>> you want very badly, but don't have yet. And maybe, it's not possible
>> to get it. Like, say, a proof of security for SHA.
>>
>> What is something that you have, and are jealously protective of?
>
>"Crown jewels." (Not that this is really appropriate for RC5.)
>
>- --
>David Hopwood <[EMAIL PROTECTED]>
>
>Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
>RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
>Nothing in this message is intended to be legally binding. If I revoke a
>public key but refuse to specify why, it is because the private key has been
>seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
>
>
Well since RSA is about to lose its 'value', I think RC5 is about as
the most valuable property they have. So "Crown Jewels" is quite
appropriate.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Small block ciphers
Date: Fri, 04 Aug 2000 19:30:40 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mack) wrote:
>
> But the problems of how many ciphertext it takes to break the cipher and
> how to create ciphers immune to related key attacks are still good topics
> of study.
>
This defines the advantage of many ciphers over a OTP, that the amount of
key state might be less, yet, if text length is below some necessary
length for breakability, you can have a comparable result.
--
Free Circus soon to appear in Los Angeles, complete with a
expectation of lots of braying, and noisy clowns in undignified
costumes performing slight of logic, and, lots of balloons.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Good pointers on MDS
Date: 05 Aug 2000 02:54:19 GMT
Does anyone have good pointers on MDS codes?
Off line references are ok but I would prefer
some web links.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: New William Friedman Crypto Patent (filed in 1933)
Date: Sat, 05 Aug 2000 03:27:31 GMT
On Fri, 04 Aug 2000 19:00:05 -0600, [EMAIL PROTECTED] (wtshaw) wrote,
in part:
>Nevertheless, even a crazy or somewhat trivial patent can have effect from
>sometime from when it is granted. I doubt that this one is an isolated
>fluke as it would seem harmless enough to launch it as a trial balloon.
>Figure that they sit on more than this, other pending patents that could
>throw a monkey wrench into some inventor's current plans.
I am much more inclined to believe that the patent simply worked
through the system once the secrecy order against it was lifted; its
subject matter _had become_ public due to the release of formerly
classified papers to the National Archives some years previous.
That the patent application wasn't simply withdrawn, because its value
in the normal way of things as a source of royalties was limited - I
believe that the claims don't include claims for the process or
algorithm embodied in other forms, since back in 1933 they didn't
*have* computers to worry about - is for reasons that I should think
are also obvious.
Having a patent to one's name is an honor, and it is likely to
recognize W. F. Friedman's contributions as an inventor that this
patent went through the full process even though its practical
relevance is now diminished by the passage of time, and similar
considerations apply to many of the other long-delayed patents.
(I suppose it's *possible* that my suggestion on my web page, under
"Child's Play", of making a rotor-machine educational toy for children
based on the M-134 and M-229 prompted or contributed to the release of
this patent, but I *really* doubt it. Anyways, I put the page up
probably less than a month ago, perhaps by coincidence just after the
patent went through.)
John Savard (teneerf <-)
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Kurt Shoens)
Subject: Re: Plausible Word Generation via Trigram Statistics
Date: 4 Aug 2000 21:14:41 -0700
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>My question is: Aren't genuine English words better than
>artificial words for use or the other way round?
Genuine English words are much better for this purpose (easily
memorable phrase for random bits) than artificial words.
In my experience, the artificial words are slippery for memorizing.
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Password Protected Documents
Date: Sat, 5 Aug 2000 14:23:50 +1000
I don't think digital signatures help in the slightest in this case, unless
there are unconventional ways of adapting to this technology to the problem
of read but never edit.
A complete cut'n'paste allows the new 'owner' to sign the material as their
own, with or without further editing, possibly creating interesting
ownership and copyright issues.
A digital signatures does not stop a cut'n'paste from giving ongoing,
uncontrolled access to the material for read, write and edit.
Only a purpose built, tamper-resistant reader device can provide that
capability.
Lyal
Edward A. Falk wrote in message <8mflur$2jmc$[EMAIL PROTECTED]>...
>In article <cqah5.58894$[EMAIL PROTECTED]>,
>Lyalc <[EMAIL PROTECTED]> wrote:
>>What's to stop a complete cut'n'paste for the document content into a
clean,
>>unprotected document?
>
>Digital signature.
>
>--
>-ed falk, [EMAIL PROTECTED] See
*********************#*************#*
>http://www.rahul.net/falk/whatToDo.html
#**************F******!******!*!!****
>and read 12 Simple Things You Can Do
******!***************************#**
>to Save the Internet **#******#*********!**WW*W**WW****
------------------------------
From: [EMAIL PROTECTED] (Kurt Shoens)
Subject: Re: Plausible Word Generation via Trigram Statistics
Date: 4 Aug 2000 21:45:32 -0700
In article <[EMAIL PROTECTED]>,
James Pate Williams, Jr. <[EMAIL PROTECTED]> wrote:
>Is the source code public domain? If so, I would like a copy. What
>sort of learning paradigm are you using?
I wrote most of the source myself from scratch, so I could make it
available. There's a small part of it that I'd like to replace first
to avoid any issues of ownership (i.e., I don't want to give away that
which I don't own). It will unfortunately take me a few weeks to
get this fixed.
I misused the word "training" in my original post and that triggered
the question about the learning paradigm. The way my program is simpler
than that: it reads a dictionary of source terms and collects the
likelihood of each possible letter following each trigram.
The program uses two extra symbols to denote beginning and end of word.
If "<" corresponds to beginning of words and ">" is end of word, then
each word in the dictionary is rewriten into the form <<<word> before
analysis.
To generate words, it starts with <<< and selects a random next character
weighted by the probabilities collected from the dictionary. The trigram
is shifted over and the process repeats until the end of word is selected.
As you would expect, the program favors certain words. I've dealt with
this, but for reasonable length words, getting the rarity of the words
generated below about 1 out of 10 billion (or about 33 bits worth)
is difficult. For the purposes of password generation, compare this
to the typical method of choosing 8 random characters from A-Z, a-z, 0-9
which gives you about 47 bits worth. For even better security, consider
Diceware (http://www.diceware.com).
Given these limitations, I hope the interest in plausible word generation
is for some other purpose.
------------------------------
Subject: Re: What is the word on TC5?
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 04 Aug 2000 21:57:21 -0700
[EMAIL PROTECTED] (Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> But in a perfect cipher (0,d) -> (d,0) should occur only once
anyways
>> right?
>
>Umm... possibly (can't be bothered to the maths on that). But
not
>relevant. Let me say it once more before I give up:
>
>In a four-round Feistel network with a bijective F-function, if
a
>plaintext pair has a difference (0, d), for *any* nonzero XOR
difference
>d, then the output difference can *never*, under *any*
circumstances, be
>(?, d), for *any* value of `?'. And that's a big surprise.
Gotcha. And this makes it attackable how?
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Subject: Re: Observation on MDS matrices
From: tomstd <[EMAIL PROTECTED]>
Date: Fri, 04 Aug 2000 21:58:47 -0700
[EMAIL PROTECTED] (Mark Wooding) wrote:
>tomstd <[EMAIL PROTECTED]> wrote:
>
>> When the two input vectors differ in all of their components
the
>> output vectors must only differ in one component to be a MDS.
>> This is my point you get a max difference that causes a
minimum
>> difference...
>
>No! Do the sums! This can't *possibly* be true -- there
aren't enough
>output vectors with three elements zero for this to happen.
You've
>turned an inequality into an equation by accident.
Let's assume a 4x4 MDS... now let's suppose the input is
(a,b,c,d) and (e,f,g,h) and the distance is four, then the
output distance must only be at least 5-4=1. Then a distance of
one i.e (a,b,c,d) and (a,b,e,f) must differ in output by 5-
1=4 ...
Tom
===========================================================
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
