Cryptography-Digest Digest #640, Volume #12 Sat, 9 Sep 00 06:13:00 EDT
Contents:
Re: Security of whitening alone? ([EMAIL PROTECTED])
Re: RSA patent expiration party still on for the 20th (Paul Rubin)
Re: Carnivore article in October CACM _Inside_Risks (No User)
Re: ExCSS Source Code (Wim Lewis)
Re: could you please tell me how this calculation has been obtained ? (Your Name)
Re: could you please tell me how this calculation has been obtained ? (Your Name)
Re: Security of whitening alone? ("Scott Fluhrer")
Re: ExCSS Source Code (Bill Unruh)
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
(nym_test)
RSA?? ("Big Boy Barry")
Re: ExCSS Source Code ("John A. Malley")
could you please tell me how this calculation has been obtained ? 3rd (jungle)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
Re: Camellia, a competitor of AES ? (Mok-Kong Shen)
Re: Camellia, a competitor of AES ? (David A Molnar)
Re: could you please tell me how this calculation has been obtained ? (Mok-Kong
Shen)
Re: Losing AES Candidates Could Be a Good Bet? (Chris Rutter)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Security of whitening alone?
Date: Sat, 09 Sep 2000 00:57:05 GMT
In article <[EMAIL PROTECTED]>,
Andru Luvisi <[EMAIL PROTECTED]> wrote:
>
> Assuming one has a well known good random transformation, for example
> DES encryption with a well known key, what attacks can you see against
> the following algorithm?
>
> Let p(x) be the transformation. Let q(x) be the inverse
transformation.
> Let the 128 bit key k have a left part, l, and a right part r.
> ^ means xor.
>
> E_k(x) = p(x^l)^r
> D_k(y) = q(x^r)^l
>
> In other words, the key is *only* used for whitening before and after
> applying the transformation.
Since the key in the rounds is known differential cryptanalysis is much
easier I would think. Perhaps I am wrong. But if you get the right
difference into the last round 'r' will be easy to find in the
encryption direction and 'l' in the decryption direction.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA patent expiration party still on for the 20th
Date: 9 Sep 2000 01:38:04 GMT
In article <[EMAIL PROTECTED]>,
No User <[EMAIL PROTECTED]> wrote:
>Keeping the invention internal and unproductive for the term of the
>patent is not enough to claim the experimental use defense; if you
>were actually trying to develop a product for later public release (as
>opposed to merely playing around to see if you could get the invention
>to work), the courts would probably regard that as infringement.
I seem to remember that a lot of phone companies used step by step
(SXS) switches while waiting for the crossbar phone switch patent to
expire. When the crossbar patent finally did expire, SXS exchanges
cut over to crossbar switches en masse. So I think there must have
been some pre-expiration development going on. Anyone know more?
------------------------------
Date: Fri, 8 Sep 2000 19:55:32 -0500
From: No User <[EMAIL PROTECTED]>
Subject: Re: Carnivore article in October CACM _Inside_Risks
>>> Why wouldn't the ISPs just unplug Carnivore, reboot, and
>>> tell the FBI that they'll plug it back in when it works?
>>
>> Because anybody who did so would immediately be thrown in jail for
>> violating a court order.
>
> A "court order" that dictates inclusion of foreign software
> into one's core business system should never be complied with
> in the first place. Do "court orders" require that automobile
> manufacturers install FBI-created mechanical boxes in drive
> trains? It would be absurd.
Attention cave-dweller: the feds require all types of things installed
in all sorts of products foisted upon unwary public. CALEA requires
telcos to build LEO-access directly into their CO switch fabric for ease
of wiretapping conventional switched-circuit conversations. Carnivore and
the laws governing its use achieve the same goal for ISPs and packetized
info. E911 requires wireless communications service providers to build in
cellphone-locating ability into their systems. And of course there's ECHELON.
Carnivore is simply another facet of govt's tireless quest to create a
pervasive total surveillance system - if you talk on a hardwired phone line,
you can be tapped with a flick of a switch. If you talk on a cell phone you
can be both tapped AND pinpointed. If you send an email it can be snatched.
Got a new driver's license lately? - if so your photo has been digitized and
stored in a state database linked to all other states' databases for instant
access by the feds to comb over with facial-recognition software.
But using your strictly Clintoneque lawyerspeak language, you are correct.
"Court orders" do not require these things be built into a companys product -
either laws or "mandates" from govt regulatory agencies force a company to
comply. And the "boxes" that are mandated are not FBI-created - the feds
simply push the requirements onto the company to compy with. And the "box"
may not be "mechanical" in nature - more likely software. And the "box" need
not be installed in the drive train.
------------------------------
From: [EMAIL PROTECTED] (Wim Lewis)
Subject: Re: ExCSS Source Code
Date: 9 Sep 2000 02:16:31 GMT
In article <8pbgr5$h7b$[EMAIL PROTECTED]>, zapzing <[EMAIL PROTECTED]> wrote:
>In article <8pavup$hak$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Wim Lewis) wrote:
>> (And I *think* that DeCSS, etc., don't violate copyright law;
>> they violate the Digital Millennium Copyright Act, which has
>> "copyright" in its title but isn't strongly related to previously
>> existing copyright law except that it benefits copyright holders.)
>
>This suggests that DeCSS actually does not violate the
>DMCA. It would only be a violation of the DMCA to *use
>DeCSS in an illegal way.
I don't know why you think that what I wrote suggests what you
wrote. The DMCA prohibits the circumvention of "technological
protection measures", which CSS is argued to be, regardless of
distribution, regardless of what it's used for[1]. I believe
that the DMCA also outlaws distributing information about how
to circumvent TPMs, which also covers DeCSS.
[1] With an exception for "compatibility". Using DeCSS to play
DVDs on Linux would be legal according to my reading of the DMCA,
though not, IAFAIK, according to the DVD-CCA's reading. Using DeCSS
on Windows is probably out-and-out illegal.
--
Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
PGP 0x27F772C1: 0C 0D 10 D5 FC 73 D1 35 26 46 42 9E DC 6E 0A 88
The netcom address will be unreliable after September. Use the hhhh address.
------------------------------
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sat, 09 Sep 2000 03:42:26 GMT
On Fri, 08 Sep 2000 22:34:42 GMT, [EMAIL PROTECTED] wrote:
>In sci.crypt Your Name <[EMAIL PROTECTED]> wrote:
>> And, how many people use PGP but have never put a key on a server?
>> Me, for one.
>
>Someone must have added you, then:
>
>$ pgpk -a [EMAIL PROTECTED]
>Retreiving hkp:/horowitz.surfnet.nl:[EMAIL PROTECTED]
>Looking up host horowitz.surfnet.nl
>Establishing connection
>Sending request
>Receiving data
>Cleaning up
>Complete.
>
>Adding keys:
>
>Key ring: '[EMAIL PROTECTED]'
>Type Bits KeyID Created Expires Algorithm Use
>pub 1024 0x085B85D1 1996-11-18 ---------- RSA Sign & Encrypt
>uid Rich Eramian <[EMAIL PROTECTED]>
>
>1 matching key found
Thanks a lot for the info, Dan.
I am shocked as how that info got there because it was
not put there by me or anyone that I know of.
I would sure like to know how it got there because I know
nothing about key servers and everything I have heard
about them, I don't like and now this crap.
However, many moons ago I did put it on something called
a .plan at my ISP when I had something called a schell
account and was trying to understand it.
Maybe someone will give me more info on this because
I want nothing to do with key servers.
Rich Eramian aka freeman at shore dot net
------------------------------
From: [EMAIL PROTECTED] (Your Name)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sat, 09 Sep 2000 03:52:36 GMT
On Fri, 08 Sep 2000 19:24:48 -0400, jungle <[EMAIL PROTECTED]>
wrote:
>wrong, you did ...
>all servers have your key [ Rich Eramian aka freeman at shore dot net ] ...
No, I didn't because I don't like key servers. But I sure would like
to know how it got there. Could some trojan on my system be
responsible? I hope that my PGP software did not put it there.
Rich Eramian aka freeman at shore dot net
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Security of whitening alone?
Date: Fri, 8 Sep 2000 20:33:22 -0700
Andru Luvisi <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Assuming one has a well known good random transformation, for example
> DES encryption with a well known key, what attacks can you see against
> the following algorithm?
>
> Let p(x) be the transformation. Let q(x) be the inverse transformation.
> Let the 128 bit key k have a left part, l, and a right part r.
> ^ means xor.
>
> E_k(x) = p(x^l)^r
> D_k(y) = q(x^r)^l
>
> In other words, the key is *only* used for whitening before and after
> applying the transformation.
If b is the block size (eg. 64 for DES), and you are allowed 2**a chosen
plaintexts, then you can break this with O(2**(b-a)) effort.
Algorithm:
- Choose the plaintexts 0, 1, ..., 2**a - 1, and obtain the corresponding
ciphertexts E(0), E(1), ..., E(2**a-1)
- For each ciphertext pair E(2*k), E(2*k+1) that you have, compute E(2*k) ^
E(2*k+1) and store those in the list L
- For j from 0 to 2**b stepping by 2**a, compute p(j) ^ p(j+1), and check if
it's in the list L.
- If p(j) ^ p(j+1) = E(2*k) ^ E(2*k+1), then check if l (left part of the
key) = j^(2*k) or j^(2*k+1). If so, you've rederived the key.
You might be able to convert this into a known plaintext attack, but it's
likely to become much less efficient, unless your known plaintext has some
nice properties.
--
poncho
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: ExCSS Source Code
Date: 9 Sep 2000 04:07:47 GMT
In <8pbf55$1cf6$[EMAIL PROTECTED]> "David C. Barber" <[EMAIL PROTECTED]> writes:
]<[EMAIL PROTECTED]> wrote in message
]news:8p71m4$9h2$[EMAIL PROTECTED]...
]> This is source code describing the algorithm to decode the Content
]> Scrambling System. It's written in Standard ML and is purely functional
]> and machine-independent.
What is "Standard ML"?
------------------------------
Date: 9 Sep 2000 05:06:06 -0000
From: nym_test <Use-Author-Address-Header@[127.1]>
Subject: Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE
MANAGER)
Crossposted-To:
alt.security.pgp,alt.security.scramdisk,alt.computer.security,alt.security,comp.security.misc
=====BEGIN PGP SIGNED MESSAGE=====
Very weak, replace asap.
On Wed, 06 Sep 2000, [EMAIL PROTECTED] (HeWhoCannotBeNamed) wrote:
>It lets you encrypt files/folders. It's several years old, but I still use it
>as a great file manager in WIN95 (and works in win98, at least for me). I
>don't know much at all about encryption, but I'm wondering whether I have
>decent safety by encrypting my confidential files with this program (if my
>laptop gets stolen). I don't know of anyway to find out what kind of
>encryption algorithm it uses. I can't find out from Norton, since the
>program is about 5 years old.
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Sat Sep 9 05:06:04 2000 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBObnFPU5NDhYLYPHNAQHrNwf+OxJtGug+6/CSnNrZW9FgcGrJm5eFp1sS
2KJlRViMK3lxFsiARCGZyJSwuBNIMjch4stANeUpWi8Vk5D7aN7s06U/Sp4tZOpr
X7b/KrCN+9P5cpbr/+r4sHGPT1D2xnqsxe+NWwOLlVhP94uOXHKxtDTpapL4TiMZ
lM4jmUNuRcFfgKBEz1WdUrDfmYl6DzxpOyilKmEyEa+7TI3V0DVtNceUTgVGv3Dj
a8p8OsD7GESe00e1BWcqh4JgDj+nI/JjD58TLfLJneE0YqNZP/XPfZZGNFwOamfb
qxjUic5jef6jaBZLOvYJPRuoZSyMUuQ0lP65iAu0OJ2SAr5K1Wufnw==
=P5uk
=====END PGP SIGNATURE=====
------------------------------
From: "Big Boy Barry" <[EMAIL PROTECTED]>
Subject: RSA??
Date: Sat, 09 Sep 2000 05:15:54 GMT
Is RSA encryption unsecure? I know nothing is 100% secure... but I would
like your opinion on RSA?
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Fri, 08 Sep 2000 22:43:34 -0700
Bill Unruh wrote:
>
[snip]
>
> What is "Standard ML"?
Standard Meta-Language.
Defined as follows in the ML FAQ:
ML (which stands for Meta-Language) is a family of advanced programming
languages with [usually] functional control structures, strict
semantics,
a strict polymorphic type system, and parametrized modules. It
includes
Standard ML, Lazy ML, CAML, CAML Light, and various research
languages.
Implementations are available on many platforms, including PCs,
mainframes,
most models of workstation, multi-processors and supercomputers. ML
has
many thousands of users, is taught at many universities (and is the
first
programming language taught at some).
See
http://www.cs.cmu.edu/afs/cs.cmu.edu/project/fox/mosaic/sml.html
for a cornucopia of ML details and applications.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: could you please tell me how this calculation has been obtained ? 3rd
Date: Sat, 09 Sep 2000 02:15:56 -0400
could you please tell me how this calculation has been obtained ?
3rd time requested
=================================================================
question directed to NAI [ official ] management:
TO [EMAIL PROTECTED]
CC [EMAIL PROTECTED]
and copy it to 2 news forums :
sci.crypt
alt.security.pgp
Michael Brown wrote:
>
> I'd guess it'd be based somehow on the number of public keys on
> keyservers. That's how I would do it.
> jungle wrote:
> >
> > hi mike,
> >
> > in the recent [ 25 aug ] ap article by peter svensson, he is writing,
> > wallach said, that pgp is used by 7 million people ...
> >
> > could you please tell me how this calculation has been obtained ?
> > how accurate this number is ?
> >
> > --
> > thanks, richard
hi mike,
in the recent [ 25 aug ] ap article by peter svensson, he is writing,
wallach said, that pgp is used by 7 million people ...
could you please tell me how this calculation has been obtained ?
how accurate this number is ?
--
thanks, richard
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Sat, 09 Sep 2000 09:33:16 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> And I will reapeat mine it is in the website plus the code is
> know also done by a German so maybe even you can understand
It was meant good to you. Then don't wonder, if people
continue to ignore your arguments.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Camellia, a competitor of AES ?
Date: Sat, 09 Sep 2000 10:10:25 +0200
David A Molnar wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> > NTT and Mitsubishi will propose Camellia in response to
> > calls for contributions from ISO/IEC JTC 1/SC27 and are
> > aiming at adoption as a international standard.
>
> This is nice, but does it tell us whether Camellia will be released to the
> public domain ? i.e. does the ISO require standardized algorithms to be
> unpatented? (it seems not, since previous ISO standards included RSA, but
> I'm not familiar with this process).
I don't know but doubt that RSA itself was ever an ISO
standard. (Could you please give the ISO number?) Maybe
some ISO standards just mention that RSA could be used
in conjunction with them. The above quote (in my
interpretation) means that the algorithm itself would
be an ISO standard.
In another thread, I remarked that AES candidates, once
submitted, apparently don't have much freedom to get
greatly modified. E2 having failed in the AES competition,
its authors seem to have benefited from that freedom to
present presently an improved scheme. My first (very
superficial) impression of Camellia is, though, that it
contains lots of 'magic' constants. Such stuffs have to
be meticulously explained and rendered able to be
reproduced by third party, if ANY cipher is to obtain
genuine confidence of its users.
M. K. Shen
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Camellia, a competitor of AES ?
Date: 9 Sep 2000 08:07:08 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I don't know but doubt that RSA itself was ever an ISO
> standard. (Could you please give the ISO number?) Maybe
> some ISO standards just mention that RSA could be used
> in conjunction with them. The above quote (in my
That may be the case. I was thinking of ISO 9796, but that may only
specify padding for an underlying function. Probably at this point
I should go obtain a copy of the standard.
-David
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sat, 09 Sep 2000 11:50:22 +0200
jungle wrote:
>
> in the recent [ 25 aug ] ap article by peter svensson, he is writing,
> wallach said, that pgp is used by 7 million people ...
>
> could you please tell me how this calculation has been obtained ?
> how accurate this number is ?
A related though off-topic question: How are the so-called
TV-quotes obtained?
M. K. Shen
------------------------------
From: Chris Rutter <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Fri, 8 Sep 2000 22:28:50 +0100
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
> Actually the losing candidates would most likely be a bad beat.
> Becasue they most likely would have never gotten in front of the
> public unless the NSA precieved them as weak. You are correct
> that the so called winning candidate we be subjected to analysis
> which may see the light of public some day. But I feel is is only
> makes sense to use something other than any of the AES candiates
> if you want security.
This doesn't reconcile with how I understand the NSA's operative goals.
The NSA is interested in trapping, decoding, sifting and protecting
information which has a relevance to their national security; I imagine
that their interest in consumer transactions, personal email
correspondance and so forth will be vanishing. The majority of the
use of the eventual AES cipher will be, I imagine, in precisely these
sorts of corporate and consumer transactions.
The bad guys have expert cryptanalysts on their side: they don't
necessarily succumb to a standard like the AES when its security
properties in the face on the NSA, from a political theorist point of
view, look questionable. Thus they can and perhaps will use massively
overspecified encryption to take no chance: after all, do you think the
idea of using a massively-popular cipher appeals, ideologically, to
people trying to remain as underground and covert as possible?
I thus assume that the NSA probably has little interest either way in
whether it can or cannot break AES.
c.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
