Cryptography-Digest Digest #560, Volume #12 Tue, 29 Aug 00 00:13:01 EDT
Contents:
Re: secrets and lies in stores (S. T. L.)
Re: Pencil and paper cipher (Benjamin Goldberg)
Re: could someone post public key that is tempered ? (Nick Andriash)
Re: PGP 6.5.8 test: That's NOT enough !!! ([EMAIL PROTECTED])
Re: Future computing power ([EMAIL PROTECTED])
Re: 96-bit LFSR needed (Mack)
Re: 4x4 s-boxes (Mack)
Re: Pencil and paper cipher (Jim Gillogly)
Re: secrets and lies in stores (David A Molnar)
Re: Blowfish question (and others) (David A Molnar)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: secrets and lies in stores
Date: 29 Aug 2000 02:16:04 GMT
<<It is a hard book to read in the sense that it makes the point, and then
mostly backs it up, that cryptography is hardly relevant.>>
Sounds like a stupid book. If you have a secret, then you'll want to hide it.
And cryptography is a good way to hide it. You can debate how good good is,
but it's better than nothing. You can't deny that cryptography slows down
attackers, just like you can't deny that locks slow down robbers. And you
can't deny that people have secrets to keep. They always have, and they always
will. Stupid book.
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Pencil and paper cipher
Date: Tue, 29 Aug 2000 02:51:07 GMT
Jim Gillogly wrote:
>
> Benjamin Goldberg wrote:
> > Split the alphabet into 4 words, length 3, 5, 7, 11:
> > AFN GTJIK DOSPEQB ULVHWMXRYCZ
> >
> > Now, multi-encipher the message using Vernam's method, using each
> > string as a seperate key:
> >
> > ThisI sTheP laint extIH opeTh atItI sUnde ciphe rable
> > AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN
> > GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK
> > DOSPE QBDOS PEQBD OSPEQ BDOSP EQBDO SPEQB DOSPE QBDOS
> > ULVHW MXRYC ZULVH WMXRY CZULV HWMXR YCZUL VHWMX RYCZU
> > -----------------------------------------------------
> > QLDAM WCXMS GYEJV TPKKS TPKML CUOLQ DDXGW IBNAG KTYIC
> >
> > How would one break this cipher, and is a computer needed?
>
> A known plaintext attack would need no more than 26 letters:
> express each ciphertext letter as the sum of the 3 letters
> in each column and the plaintext, and you have 26 independent
> equations in 26 unknowns. I didn't check to see if you're
> changing it based on upper/lower case, but that's just a few
> more known plaintext letters. Should be dead simple.
Where do you get THREE letters plus the plaintext? Do you have problems
counting to 4?
While it is true that there are an equal number of unknowns and
equations, this does NOT necessarily yield a unique solution for the
unknowns, *especially* with integers under a modulo.
Consider for a moment the matrix of just the cooeficients, and ignore
the last column, which would contain the values of ciphertext minus
plaintext. We then have a 26x26 matrix, which we are trying to invert,
using integers modulo 26. How do you know that this matrix isn't
singular? If the determinant is either even or 13, it won't be fully
invertable. Is the probability of this more than or less than 14/26?
Also, keeping in mind that we're not supposed to ever re-use a key,
known plaintext is only useful if we know part of the plaintext, but not
the rest of it. How often (in what kind of situations) will we know 26
letters of a message, but not the rest of it?
> If you really use words for your key, then a dictionary search
> also works.
Actually, phrases work just as well or better. A couplet from your
favorite piece of poetry should be pretty good, and a dictionary isn't
likely to help.
> Ciphertext-only should also be possible, but more tedious.
Please tell me how. This is really what I wanted in the first place,
actually.
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: could someone post public key that is tempered ?
From: [EMAIL PROTECTED] (Nick Andriash)
Date: Tue, 29 Aug 2000 02:53:31 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
[EMAIL PROTECTED] (jungle) wrote in <[EMAIL PROTECTED]>:
>thanks doug ... but it is wrong ...
>
>PGP has no problem to indicate to me that Bill Clinton key has ADK in
>it ...
>
>the question is open : could someone post public key that is tempered
>& pgp will not detect it ?
What version of PGP are you using? If you are using 6.5.8, PGP will not
detect the ADK... thus not detect a hacked Public Key. But, perhaps I do
not fully understand what you are after, and if that is the case, I
apologise.
- --
Nick
N.J. Andriash [ Xnews v03.08.26 | PGP 6.5.8 | Win 98 v4.10 ]
Vancouver, B.C. Canada | PGP Key ID: 0x7BA3FDCE
____________________________________________________________
=====BEGIN PGP SIGNATURE=====
Version: PGP 6.5.8
Comment: Join PGP-Basics at http://www.egroups.com/group/PGP-Basics
iQA/AwUBOaslbcUChHR7o/3OEQL6cQCgpWXYPN3xvwMQx7LgdAD3tu0K1UoAn2hh
+6D7duUK+yVzrMOUyZGxEYFt
=BeXB
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Mon, 28 Aug 2000 22:02:15 -0500
On Sun, 27 Aug 2000 02:26:45 +0900, "Greg" <[EMAIL PROTECTED]> wrote:
>Wish I had time to do a nice shell for GnuPG.
I wish *anyone* had time to do a nice GPG shell.
--
ClassAct
"With guns, we are citizens. Without them, we are subjects."
-YZGuy, IPL
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Future computing power
Date: Tue, 29 Aug 2000 02:58:53 GMT
In article <8of50a$oc7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Yes I am. Let's say you are interesting purely in graphics
> manipulation. What is more usefull for you? flops/sec or dct/etc per
> sec?
>
Benchmarks like SpecFP and SpecInt are far more involved than merely
repeating a simple operation many times. If you are interested in
scientific programming, the Spec benchmarks can give you some idea of
the performance you might expect on standard codes. Of course, if you
are interested in something else, by all means, use your own benchmarks
on products. But don't expect everyone to use your benchmark too.
Flops/sec are usually measured using a dense linear algebra routine
like linpack (or its parallelized cousins). If you are interested in
graphics manipulation, there are content creation benchmarks available,
as well as 3d-rendering based application level tests.
> At anyrate I think cycles per opcode, pipeline efficiency, cache
> effectiveness and branch prediction effectiveness are more
quantitative
> things then how many times you can do fsqrt a second.
>
Your comment displays your lack of knowledge of how modern MPUs work.
Cycles per opcode, pipeline depth, cache hit rates, and branch
prediction success are only a very small part of the information needed
to model a contemporary deeply pipelined, out-of-order, superscalar
processor. Even if you generously throw in more information like
instruction density, memory bandwidth, decoding width, functional
units, and SIMD instructions, you have but a minute part of the overall
picture that will allow you to judge performance. Many designs look
good on paper (Itanium, ahem). Internal microarchitecture must be
considered, as well as the intagibles like process technology and
routing techniques.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: 96-bit LFSR needed
Date: 29 Aug 2000 03:28:18 GMT
Below you will find a number of random
dense primitive polynomials.
Order 95, using the 'random' search method.
Starting with $47927c7af9dab0cf889181ed:
0,1,3,4,6,7,8,9,16,17,21,24,28,32,33,34,35,36,39,40,45,46,48,50,52,53,55,5
6,57,60,61,62,63,64,66,68,69,70,71,75,76,77,78,79,82,85,88,89,90,91,95
$480ba88f052d33153d3e5d0d:
0,1,3,4,9,11,12,13,15,18,19,20,21,22,25,27,28,29,30,33,35,37,41,42,45,46,4
9,51,52,54,57,59,65,66,67,68,72,76,78,80,81,82,84,92,95
$5a3bc67ac24f530f3c609b49:
0,1,4,7,9,10,12,13,16,22,23,27,28,29,30,33,34,35,36,41,42,45,47,49,50,51,5
2,55,58,63,64,66,68,69,70,71,74,75,79,80,81,82,84,85,86,90,92,93,95
$712c9ea99b16d0126d99c999:
0,1,4,5,8,9,12,15,16,17,20,21,24,25,27,28,30,31,34,37,45,47,48,50,51,53,57
,58,60,61,64,65,68,70,72,74,75,76,77,80,83,84,86,89,93,94,95
$74fcf6a2aa59025d2fff8b24:
0,3,6,9,10,12,16,17,18,19,20,21,22,23,24,25,26,27,28,30,33,35,36,37,39,42,
49,52,53,55,58,60,62,64,66,70,72,74,75,77,78,79,80,83,84,85,86,87,88,91,93
,94,95
$4008bcb8f40e6e14771b7cb3:
0,1,2,5,6,8,11,12,13,14,15,17,18,20,21,25,26,27,29,30,31,35,37,42,43,44,46
,47,50,51,52,59,61,62,63,64,68,69,70,72,75,76,77,78,80,84,95
$49333adebc747593407b637d:
0,1,3,4,5,6,7,9,10,14,15,17,18,20,21,22,23,31,33,34,37,40,41,43,45,46,47,5
1,53,54,55,59,60,61,62,64,66,67,68,69,71,72,74,76,77,78,81,82,85,86,89,92,95
$66107dfcf959b1729e9e7966:
0,2,3,6,7,9,12,13,14,15,18,19,20,21,24,26,27,28,29,32,34,37,38,39,41,45,46
,48,49,52,53,55,57,60,61,62,63,64,67,68,69,70,71,72,73,75,76,77,78,79,85,9
0,91,94,95
$6cc9c338611d7ecee9f34a83:
0,1,2,8,10,12,15,17,18,21,22,23,24,25,28,30,31,32,34,35,36,39,40,42,43,44,
45,46,47,49,51,52,53,57,62,63,68,69,70,73,74,79,80,81,84,87,88,91,92,94,95
$4ed2d50ac17fa6401f920e49:
0,1,4,7,10,11,12,18,21,24,25,26,27,28,29,39,42,43,46,48,49,50,51,52,53,54,
55,57,63,64,66,68,73,75,77,79,80,82,85,87,88,90,91,92,95
$74d1c2efea0b8b3aced3bd0a:
0,2,4,9,11,12,13,14,16,17,18,21,23,24,26,27,28,31,32,34,36,37,38,41,42,44,
48,49,50,52,58,60,62,63,64,65,66,67,68,70,71,72,74,79,80,81,85,87,88,91,93
,94,95
$568594d5d3badfa73eab9cf8:
0,4,5,6,7,8,11,12,13,16,17,18,20,22,24,26,27,28,29,30,33,34,35,38,40,41,42
,43,44,45,47,48,50,52,53,54,56,57,58,61,63,64,65,67,69,71,72,75,77,80,81,8
3,88,90,91,93,95
$51bb787f47aca37a44f82bdd:
0,1,3,4,5,7,8,9,10,12,14,20,21,22,23,24,27,31,34,36,37,38,39,41,42,46,48,5
1,52,54,56,57,58,59,63,65,66,67,68,69,70,71,76,77,78,79,81,82,84,85,86,88,
89,93,95
$49d55bebc491ec8256fd071d:
0,1,3,4,5,9,10,11,17,19,20,21,22,23,24,26,27,29,31,34,40,43,44,46,47,48,49
,53,56,59,63,64,65,66,68,70,71,72,73,74,76,77,79,81,83,85,87,88,89,92,95
$63a94f65c6d6a998d6d8b750:
0,5,7,9,10,11,13,14,16,20,21,23,24,26,27,29,31,32,36,37,40,41,44,46,48,50,
51,53,55,56,58,59,63,64,65,67,70,71,73,74,75,76,79,81,84,86,88,89,90,94,95
$6ec9afebb00640459132b6c8:
0,4,7,8,10,11,13,14,16,18,21,22,25,29,32,33,35,39,47,50,51,61,62,64,65,66,
68,70,71,72,73,74,75,76,78,80,81,84,87,88,90,91,92,94,95
$5219cfe97a3672976c3e98d0:
0,5,7,8,12,13,16,18,19,20,21,22,27,28,30,31,33,34,35,37,40,42,45,46,47,50,
51,53,54,58,60,61,62,63,65,68,70,71,72,73,74,75,76,79,80,81,84,85,90,93,95
$518f05272e1271b880dd313f:
0,1,2,3,4,5,6,9,13,14,17,19,20,21,23,24,32,36,37,38,40,41,45,46,47,50,53,5
8,59,60,62,65,66,67,70,73,75,81,82,83,84,88,89,93,95
$73a9d5f4de11222d64162445:
0,1,3,7,11,14,18,19,21,27,30,31,33,35,36,38,42,46,49,53,58,59,60,61,63,64,
67,69,70,71,72,73,75,77,79,80,81,84,86,88,89,90,93,94,95
$5ea7efe165b224ab2fd843a0:
0,6,8,9,10,15,20,21,23,24,25,26,27,28,30,33,34,36,38,40,43,46,50,53,54,56,
57,59,62,63,65,70,71,72,73,74,75,76,78,79,80,81,82,83,86,88,90,91,92,93,95
$76fd8311da270c68b4039e18:
0,4,5,10,11,12,13,16,17,18,27,29,30,32,36,38,39,43,44,49,50,51,54,58,60,61
,63,64,65,69,73,74,80,81,83,84,85,86,87,88,90,91,93,94,95
$4db343f74551b7530563f727:
0,1,2,3,6,9,10,11,13,14,15,16,17,18,22,23,25,27,33,34,37,39,41,42,43,45,46
,48,49,53,55,57,59,63,65,66,67,69,70,71,72,73,74,79,81,82,85,86,88,89,91,92,95
$557394b598b9288e33a669da:
0,2,4,5,7,8,9,12,14,15,18,19,22,24,25,26,29,30,34,35,36,40,44,46,49,52,53,
54,56,60,61,64,65,67,69,70,72,75,77,80,81,82,85,86,87,89,91,93,95
$6dc1e06bf9a7ee0bef159b4c:
0,3,4,7,9,10,12,13,16,17,19,21,25,26,27,28,30,31,32,33,34,36,42,43,44,46,4
7,48,49,50,51,54,56,57,60,61,62,63,64,65,66,68,70,71,78,79,80,81,87,88,89,
91,92,94,95
$54491568bf22a363aeb00a49:
0,1,4,7,10,12,21,22,24,26,27,28,30,32,33,34,38,39,41,42,46,48,50,54,57,58,
59,60,61,62,64,68,70,71,73,75,77,81,84,87,91,93,95
$529c9e5e5692a91cc229f884:
0,3,8,12,13,14,15,16,17,20,22,26,31,32,35,36,37,41,44,46,48,50,53,56,58,59
,61,63,66,67,68,69,71,74,75,76,77,80,83,84,85,88,90,93,95
$596cf801379da2b7c04d124c:
0,3,4,7,10,13,17,19,20,23,31,32,33,34,35,37,38,40,42,46,48,49,51,52,53,56,
57,58,59,61,62,65,76,77,78,79,80,83,84,86,87,89,92,93,95
$52f1376ac712d7ddf7f63ea5:
0,1,3,6,8,10,11,12,13,14,18,19,21,22,23,24,25,26,27,29,30,31,32,33,35,36,3
7,39,40,41,42,43,45,47,48,50,53,57,58,59,63,64,66,68,70,71,73,74,75,77,78,
81,85,86,87,88,90,93,95
$4c2b8e040cfc8272619e974f:
0,1,2,3,4,7,9,10,11,13,16,18,19,20,21,24,25,30,31,34,37,38,39,42,48,51,52,
53,54,55,56,59,60,67,74,75,76,80,81,82,84,86,91,92,95
$4a1397931813bc53e351ccc1:
0,1,7,8,11,12,15,16,17,21,23,25,26,30,31,32,33,34,37,39,43,44,45,46,48,49,
50,53,60,61,65,66,69,72,73,74,75,77,80,81,82,85,90,92,95
$6f39879707efa0044068671c:
0,3,4,5,9,10,11,14,15,20,22,23,31,35,46,48,49,50,51,52,54,55,56,57,58,59,6
5,66,67,69,72,73,74,75,80,81,84,85,86,89,90,91,92,94,95
$61f0d957fca508ce6b5cec54:
0,3,5,7,11,12,14,15,16,19,20,21,23,25,26,28,30,31,34,35,36,39,40,44,49,51,
54,56,59,60,61,62,63,64,65,66,67,69,71,73,76,77,79,80,85,86,87,88,89,94,95
at $4324b27c6b3b489f89b3e5e3:
0,1,2,6,7,8,9,11,14,15,16,17,18,21,22,24,25,28,32,33,34,35,36,37,40,44,47,
49,50,52,53,54,57,58,60,62,63,67,68,69,70,71,74,77,78,80,83,86,89,90,95
Elasped seconds = 42
number which passed first, but failed subsequent checks 2
attempts = 820
count = 31
Order 96, using the 'random' search method.
Starting with $c7927c7af9dab0cf889181ec:
0,3,4,6,7,8,9,16,17,21,24,28,32,33,34,35,36,39,40,45,46,48,50,52,53,55,56,
57,60,61,62,63,64,66,68,69,70,71,75,76,77,78,79,82,85,88,89,90,91,95,96
$84ca426a04e4af6965c55a4f:
0,1,2,3,4,7,10,12,13,15,17,19,23,24,25,27,30,31,33,36,38,39,41,42,43,44,46
,48,51,54,55,56,59,66,68,70,71,74,79,82,84,87,88,91,96
$bb4791a434f37ba64deb9ec5:
0,1,3,7,8,10,11,12,13,16,17,18,20,22,23,24,25,27,28,31,34,35,38,40,41,42,4
4,45,46,47,49,50,53,54,55,56,59,61,62,67,70,72,73,77,80,81,82,83,87,89,90,
92,93,94,96
$9b445d5fe4f2fa581bce499c:
0,3,4,5,8,9,12,15,18,19,20,23,24,25,26,28,29,36,37,39,42,44,45,46,47,48,50
,53,54,55,56,59,62,63,64,65,66,67,68,69,71,73,75,76,77,79,83,87,89,90,92,93,96
$f60bd2f56e277dfac1264f02:
0,2,9,10,11,12,15,18,19,22,25,31,32,34,36,37,38,39,40,41,43,44,45,46,47,49
,50,51,54,58,59,60,62,63,65,67,69,70,71,72,74,77,79,80,81,82,84,90,91,93,9
4,95,96
$d137002172b01cabb1f8a676:
0,2,3,5,6,7,10,11,14,16,20,21,22,23,24,25,29,30,32,33,34,36,38,40,43,44,45
,53,54,56,58,61,62,63,65,70,81,82,83,85,86,89,93,95,96
$e094684f96d92b5fba702b40:
0,7,9,10,12,14,21,22,23,26,28,29,30,32,33,34,35,36,37,39,41,42,44,46,49,52
,53,55,56,58,59,61,64,65,66,67,68,71,76,78,79,83,85,88,94,95,96
$8834386727dd334fb7179e9e:
0,2,3,4,5,8,10,11,12,13,16,17,18,19,21,25,26,27,29,30,32,33,34,35,36,39,41
,42,45,46,49,51,52,53,55,56,57,58,59,62,65,66,67,70,71,76,77,78,83,85,86,92,96
$8a9a00eaefaefa3d2df08813:
0,1,2,5,12,16,21,22,23,24,25,27,28,30,33,35,36,37,38,42,44,45,46,47,48,50,
51,52,54,56,57,58,59,60,62,63,64,66,68,70,71,72,82,84,85,88,90,92,96
$e64ea05e7024018faa32cc14:
0,3,5,11,12,15,16,18,21,22,26,28,30,32,33,34,35,36,40,41,51,54,61,62,63,66
,67,68,69,71,78,80,82,83,84,87,90,91,94,95,96
$cad7deea2d2ad5efb90e123a:
0,2,4,5,6,10,13,18,19,20,25,28,29,30,32,33,34,35,36,38,39,40,41,43,45,47,4
8,50,52,54,57,59,60,62,66,68,70,71,72,74,75,76,77,79,80,81,82,83,85,87,88,
90,92,95,96
$c9557712922e850a82466e1d:
0,1,3,4,5,10,11,12,14,15,18,19,23,26,32,34,36,41,43,48,50,51,52,54,58,61,6
4,66,69,73,74,75,77,78,79,81,83,85,87,89,92,95,96
$a6721b2d9657f6b03763cbeb:
0,1,2,4,6,7,8,9,10,12,15,16,17,18,22,23,25,26,27,29,30,37,38,40,42,43,45,4
6,47,48,49,50,51,53,55,58,59,61,64,65,67,68,70,73,74,76,77,82,85,86,87,90,
91,94,96
$c39aa5d57ba8f22b1ea97627:
0,1,2,3,6,10,11,13,14,15,17,20,22,24,26,27,28,29,33,34,36,38,42,45,46,47,4
8,52,54,56,57,58,60,61,62,63,65,67,69,71,72,73,75,78,80,82,84,85,88,89,90,95,96
at $c39aa5d57ba8f22b1ea97627:
0,1,2,3,6,10,11,13,14,15,17,20,22,24,26,27,28,29,33,34,36,38,42,45,46,47,4
8,52,54,56,57,58,60,61,62,63,65,67,69,71,72,73,75,78,80,82,84,85,88,89,90,95,96
Elasped seconds = 36
number which passed first, but failed subsequent checks 12
attempts = 575
count = 13
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: 4x4 s-boxes
Date: 29 Aug 2000 03:38:30 GMT
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Mack) wrote:
>> Has anyone analyzed the number of s-boxes
>> that could be used for Serpent?
>>
>> more specifically, serpent s-boxes don't appear
>> to have particularly good avalanche characteristics.
>>
>> The criteria seem logic but is it possible that
>> the serpent s-boxes might have been chosen
>> using stricter criteria?
>
>At http://www.geocities.com/tomstdenis/files/sboxes.c
>
>You can find about 10000 4x4 sboxes that have a DPmax of 4, a LPmax of
>4. They don't follow SAC/BIC in either direction.
>
>This just goes to show that your citation from CAST was wrong.
citation from CAST????
>
>It's true however that the number of sboxes that follow SAC/BIC in one
>direction is quite a bit lower, and much lower in *both* direction.
>
>Tom
I found an interesting correllation (at least to me).
One of the criteria of the serpent s-boxes <APPEARS> to
eliminate s-boxes satisfying the SAC. That is the
criteria that no one bit input change results in a one
bit output change. I may be wrong on this one,
but from my observation all s-boxes that satisfy the
SAC in both directions have a one bit output change
for some one bit input change.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Pencil and paper cipher
Date: Tue, 29 Aug 2000 03:45:09 +0000
I sent a detailed response off-line (next time send email or post news,
but not both, please), but to summarize:
Benjamin Goldberg wrote:
> Where do you get THREE letters plus the plaintext? Do you have problems
> counting to 4?
Yes, I do. Still, the algebra works out.
> While it is true that there are an equal number of unknowns and
> equations, this does NOT necessarily yield a unique solution for the
> unknowns, *especially* with integers under a modulo.
If it doesn't, it's only "a little" ambiguous, and well within the
range of brute force to resolve the final ambiguity. In any case,
add a few letters to the known plaintext and you'll get enough
independent equations. The point is that known plaintext kills it
with very little plaintext required. I've solved a goodly number
of these multi-loop Vigenere problems with known plaintext.
> Also, keeping in mind that we're not supposed to ever re-use a key,
> known plaintext is only useful if we know part of the plaintext, but not
> the rest of it. How often (in what kind of situations) will we know 26
> letters of a message, but not the rest of it?
Very often indeed. All ciphers should be proof against it.
> > Ciphertext-only should also be possible, but more tedious.
>
> Please tell me how. This is really what I wanted in the first place,
> actually.
I'd try shotgun hillclimbing, my favorite general method against
classical ciphers.
--
Jim Gillogly
Hevensday, 7 Halimath S.R. 2000, 03:40
12.19.7.9.1, 3 Imix 4 Mol, First Lord of Night
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: secrets and lies in stores
Date: 29 Aug 2000 03:44:48 GMT
S. T. L. <[EMAIL PROTECTED]> wrote:
> Sounds like a stupid book. If you have a secret, then you'll want to hide it.
> And cryptography is a good way to hide it. You can debate how good good is,
> but it's better than nothing. You can't deny that cryptography slows down
> attackers, just like you can't deny that locks slow down robbers. And you
> can't deny that people have secrets to keep. They always have, and they always
> will. Stupid book.
Suddenly you sound uncannily like my roommate. :-)
Maybe you should read it instead of condemning it based on my tenuous
summary of / ruminations inspired by the first 70 pages?
Because it doesn't deny the above. It points this out. Then notes
that having a perfect lock is not enough. There is a lot more to security,
and the way people think about it, and act in a society which has
certain kinds of locks, than the lock itself. So much else that often
focusing on the lock alone leads us to miss much larger points.
That's what I meant by "hardly relevant." Perhaps it was too strong or a
misrepresentation, in which case I am sorry and I apologize.
I recommend at least flipping through it in the bookstore, or better yet,
getting someone else (like a library) to buy a copy for you.
On a tangent -- a piece in the same vein of pointing out the "larger
effects of cryptography" is Andrew Odlyzko's "Strong IP Protection
: Possible, Inevitable, and Irrelevant." I have yet to see the full
paper, but the abstract is available on the web as part of the submissions
to a recent DIMACS workshop. The abstract makes the point that content
protections (e.g. Intertrust, Wave Systems, SDMI, ...) will be implemented
and become widespread, but that the market will reward vendors which
choose not to implement such protections. It's an intriguing approach; it
takes the cryptography as a given and then tries to reason from there.
Not sure if I buy it or not (I'd like to see the full paper), but I would
like to see more of this kind of analysis.
The same author also has a critique of pay-per-use pricing
schemes available at his web page http://www.research.att.com/~amo
(if memory serves).
It's this kind of thinking, looking at the social and everyday
implications of cryptography, which attracts me. It's why the cypherpunks
are appealing, and it's why I started looking at all of this in the first
place.
-David
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Blowfish question (and others)
Date: 29 Aug 2000 03:59:36 GMT
Jeffrey Walton <[EMAIL PROTECTED]> wrote:
> Hey David,
> I recall hearing a german mathematician all but broke DES. I have no
> references to back the statement. Have you heard anything similar (or is
> more misinformation).
Um, I haven't heard anything like that.
You realize, if anyone were to do that, they'd be either
a) working for a major intelligence agency or other entity unlikely
to publicise the discovery
b) on the front cover of every major newspaper and winning some newly
created IACR award, plus maybe the Turing and whatever else people
can give them
or
c) quietly liquidated.
b) has not happened. you would have heard. a) and c) make it unlikely that
I would have heard...but also unlikely that your friend would have heard
as well.
Your friend may be referring to the construction by the EFF in association
with Cryptography Research of a machine capable of brute-forcing DES.
This is a valid attack and shows that single-DES is no longer sufficient
for protecting data due solely to its short key length of 56 bits.
The head of Cryptography Research is named Paul Kocher; perhaps your
friend took him to be German (I'm not sure what his nationality is).
There's a book on _Cracking DES_ available which outlines all of this
in gory detail.
Triple-DES does not fall to the same attack, thanks to a much longer 112
or 168-bit key. (depending on how it's used).
-David
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
