Cryptography-Digest Digest #535, Volume #12 Fri, 25 Aug 00 15:13:00 EDT
Contents:
Re: Questions about stream cipher ("Scott Fluhrer")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: New algorithm for the cipher contest ("Alexis Machado")
Re: My encryption algorithm ("Slava K.")
Secure key exchange over an unsecure network ("Slava K.")
Re: My encryption algorithm (JPeschel)
Looking for link (Ryan Phillips)
Steganography question ("Harris Georgiou")
Re: 1-time pad is not secure... ("Tony T. Warnock")
Re: challange ("Douglas A. Gwyn")
Re: Excerpt of SECRETS AND LIES available on-line (Bruce Schneier)
Re: Excerpt of SECRETS AND LIES available on-line (Bruce Schneier)
----------------------------------------------------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Questions about stream cipher
Date: Fri, 25 Aug 2000 08:51:27 -0700
Mark Wooding <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] (Mark Wooding) wrote:
> > > No, SEAL can't do random seeking.
> >
> > Um yes it can. Why do you think it allows for stretching of 32- bit
> > 'index' variables? That's fairly close to seeking.
>
> No, it's almost completely different. What you can do with a BBS
> generator, if you know the factors, is seeking. SEAL gives you a
> mapping from a key to 2^32 different nonseekable pseudorandom streams.
> That's not the same at all.
To be unutterly pedantic, SEAL also allows you to seek into 2^6 different
locations in each of those 2^32 different pseudorandom streams (which hardly
makes them "nonseekable")
--
poncho
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 25 Aug 2000 15:14:43 GMT
> <<EPR experiments "pretty much" rule out the idea that physics
> depends only on local interactions.>>
"S. T. L." wrote:
> Shows you what you know. Spooky action at a distance is D-E-A-D, no matter
> what you think. It just looks like it isn't. Hence the term spooky. Duh.
Basically what has happened is that we eventually realized
that no causation is occurring FTL in the EPR setup. The
currently preferred way of describing such things involves
so-called "entanglement", which is, roughly, a description
about how one's knowledge is distributed among components of
a system. The apparent nonlocality is due merely to moving
entangled components some distance apart while preserving
their correlation. The situation is no more indicative of
nonlocal causality than if I were to take a red and a blue
jawbreaker candy, put one in each of two opaque bags, give
one to you, move off some distance and let you open your bag.
That doesn't suddenly cause a color change of the candy in my
bag. The main difference in the quantum case is just that
the initial uncertainty is due to more than an accidental
lack of a priori knowledge, so we interpret observing one
component of the system as "determining" the state of the
other component. It's really no worse than the 2-slit
experiment. More a case of people thinking confusedly
than anything else.
------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: New algorithm for the cipher contest
Date: Fri, 25 Aug 2000 13:25:33 -0300
<[EMAIL PROTECTED]> wrote in message
news:8ns07a$4ne$[EMAIL PROTECTED]...
>
> Please download the documentation and source file (19 KB):
> http://www.meubrfree.com.br/~gauss-inf/nimbus/unimbus.cpp
>
Hi,
My web site is failing.
Please download my cipher from
http://www.gold.com.br/~olimpiom/unimbus.cpp
Alexis
------------------------------
From: "Slava K." <[EMAIL PROTECTED]>
Subject: Re: My encryption algorithm
Date: Fri, 25 Aug 2000 19:36:55 +0200
The funny part is that I have no idea what a Vinegere cipher is.
<[EMAIL PROTECTED]> wrote in message news:8o5s3u$h59$[EMAIL PROTECTED]...
> In article <8o4ij6$eub$[EMAIL PROTECTED]>,
> "Slava K." <[EMAIL PROTECTED]> wrote:
> > I have designed a new encryption algorithm, and would like comments
> about
> > it's security. The following is a specification of the algorithm in
> general
> > programming terms. Tell me what you think. EMail me your comments
> > ([EMAIL PROTECTED]).
> >
> > � A password of any size is inputted (K). If K is the length of zero
> or one,
> > and error is reported.
> > � A counter � N1 is set to the first character of the password. N2 is
> set to
> > the second.
> > � The two password character (Respective to N1 and N2. They may be
> converted
> > to integers or bytes if required by the language) are XORed together
> (X).
> > � A character is read from the input file (P. This can again be
> converted
> > into an integer or a byte if required) and XORed with X.
> > � The result is written to the output file.
> > � If N1 equals the size of K, it is set to 1. Otherwise, N1 equals N1
> + 1.
> > � If N2 equals the size of K, it is set to 1. Otherwise, N2 equals N2
> + 1.
> > � The process is repeated if there are any characters left to encrypt.
> >
>
> Wow a modification of a Vinegere Cipher (I think). Righto.
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Slava K." <[EMAIL PROTECTED]>
Subject: Secure key exchange over an unsecure network
Date: Fri, 25 Aug 2000 19:44:03 +0200
Since I began studying cryptography (Not that long ago actually), I
attempted creating a protocol which will allow for secure public-key
exchange over an unsecure network. I have come close with a modificatin of
the Mental Poker protocol, but after further analysis I found that this
protocol merely complicated the man-in-the-middle attack, but did not
disallow it.
I'm looking to gather variouse pieces of information about protocols which
attempt to disallow this attack, such as timestamping protocols (Send these
too). I prefer non-arbitrated protocols, as these are as susceptible to the
man-in-the-middle attack as any, but have also that added requirment of a
trusted third party.
Any help is welcome!
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: My encryption algorithm
Date: 25 Aug 2000 16:51:06 GMT
[EMAIL PROTECTED] writes:
>· A password of any size is inputted (K). If K is the length of zero or one,
>and error is reported.
>· A counter – N1 is set to the first character of the password. N2 is set
to
>the second.
>· The two password character (Respective to N1 and N2. They may be converted
>to integers or bytes if required by the language) are XORed together (X).
>· A character is read from the input file (P. This can again be converted
>into an integer or a byte if required) and XORed with X.
>· The result is written to the output file.
>· If N1 equals the size of K, it is set to 1. Otherwise, N1 equals N1 + 1.
>· If N2 equals the size of K, it is set to 1. Otherwise, N2 equals N2 + 1.
>· The process is repeated if there are any characters left to encrypt.
What you're describing sounds like a polyalphabetic cipher with
a repeating key, as Tom says, a modified Vigenere. It's vulnerable
to a ciphertext-only attack.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Fri, 25 Aug 2000 09:57:14 -0700
From: Ryan Phillips <[EMAIL PROTECTED]>
Subject: Looking for link
I've been looking for a link for days now and cannot find it. There is
a German computer security company that has created a "new" IP security
scheme and they also specialize in network security. Does anyone know
what company it is? The guy who owns it also has a personal web page (a
.com I think); his name might be kenneth or kenny - he's a professional
hacker. Any help would be appreciated.
Regards,
Ryan
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Steganography question
Date: Fri, 25 Aug 2000 20:08:33 +0300
Looking at some references to steganography methods, I couldn't help
thinking: even if someone knows that a message is hidden within large
"random" block, can it be retrieved if the excact steganographic algorithm
is not known?
Suppose one wants to hide N bytes in a randomly initialized block of size M
(M>>N). If he uses random positioning (no chaining) the main weakness
resides on the security of the lookup table storage, presumably inside the M
block as well. If he uses no-random positioning (fixed, but complex offset
sequence function) there is no longer need for a lookup table, but the
positioning is far less random than before. Of course, any initialization
keys are supposed to be kept secure outside the M block in both cases.
In any case, how can anyone analyze the M block with statistical or any
other means, in order to discover the exact or relative positioning of all
the N hidden bytes contained in it?
Any references to papers (on/off the net)?
--
Harris
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Sat, 26 Aug 2000 00:00:42 -0600
Reply-To: [EMAIL PROTECTED]
"Douglas A. Gwyn" wrote:
> > <<EPR experiments "pretty much" rule out the idea that physics
> > depends only on local interactions.>>
> "S. T. L." wrote:
> > Shows you what you know. Spooky action at a distance is D-E-A-D, no matter
> > what you think. It just looks like it isn't. Hence the term spooky. Duh.
>
> Basically what has happened is that we eventually realized
> that no causation is occurring FTL in the EPR setup. The
> currently preferred way of describing such things involves
> so-called "entanglement", which is, roughly, a description
> about how one's knowledge is distributed among components of
> a system. The apparent nonlocality is due merely to moving
> entangled components some distance apart while preserving
> their correlation. The situation is no more indicative of
> nonlocal causality than if I were to take a red and a blue
> jawbreaker candy, put one in each of two opaque bags, give
> one to you, move off some distance and let you open your bag.
> That doesn't suddenly cause a color change of the candy in my
> bag. The main difference in the quantum case is just that
> the initial uncertainty is due to more than an accidental
> lack of a priori knowledge, so we interpret observing one
> component of the system as "determining" the state of the
> other component. It's really no worse than the 2-slit
> experiment. More a case of people thinking confusedly
> than anything else.
It's more like using a colorless jawbreakers, opening one bag, if it's red, the
other is blue, if the first one is blue, the other is red. The experiment may be
repeated, half the time one gets red-blue, the other half blue-red.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: challange
Date: Fri, 25 Aug 2000 17:26:00 GMT
[EMAIL PROTECTED] wrote:
> what could that be ? instead of ascii or unicode
Looks like a challenge-response authentication.
The user is supposed to have a token that when given
the challenge, returns a response which is then entered
to prove that the token was used.
------------------------------
From: Bruce Schneier <[EMAIL PROTECTED]>
Subject: Re: Excerpt of SECRETS AND LIES available on-line
Date: Fri, 25 Aug 2000 13:19:06 -0500
On Thu, 24 Aug 2000 13:48:34 -0600, John Myre <[EMAIL PROTECTED]>
wrote:
>Bruce Schneier wrote:
>>
>> A couple of weeks ago, someone asked about on-line distribution of my
>> latest book. I just noticed that Chapter 3 is up on Amazon:
><snip>
>> Not the chapter I would have picked to excerpt, but no one asked me.
><snip>
>
>I notice that at the bottom is the phrase "used by permission". What
>permission did they get, from whom? Is the author involved at all?
"Is this author involved at all?" Ah yes, authors. What a quaint
notion.
Amazon got permission from the publisher, John Wiley & Sons. I do
remember that Wiley told me they were doing it. Presumably, if I
kicked up enough fuss, they would not have. But this is all part of
Wiley's publicity, and they make all the decisions.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: Bruce Schneier <[EMAIL PROTECTED]>
Subject: Re: Excerpt of SECRETS AND LIES available on-line
Date: Fri, 25 Aug 2000 13:19:51 -0500
On 25 Aug 2000 16:46:28 +1000, Anthony David <[EMAIL PROTECTED]>
wrote:
>I hope this was retyped from the printed text and not lifted from the
>electronic copy. There are spelling errors all through it.
It was the electronic copy pre-copyediting.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
