Cryptography-Digest Digest #645, Volume #12 Sun, 10 Sep 00 09:13:01 EDT
Contents:
Re: Security of whitening alone? ("Alexis Machado")
Re: Security of whitening alone? ("Alexis Machado")
Re: Security of whitening alone? ("Alexis Machado")
Re: ExCSS Source Code (Ichinin)
Re: Losing AES Candidates Could Be a Good Bet? ("Douglas A. Gwyn")
Re: RSA?? ("Douglas A. Gwyn")
Re: Scottu19 Broken ("Douglas A. Gwyn")
Re: Bytes, octets, chars, and characters ("Douglas A. Gwyn")
Re: blowfish problem ("Douglas A. Gwyn")
Re: DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston (those
who know me have no need of my name)
Re: could you please tell me how this calculation has been obtained ? (those who
know me have no need of my name)
Re: could you please tell me how this calculation has been obtained ? (those who
know me have no need of my name)
Re: RSA patent expiration party still on for the 20th (those who know me have no
need of my name)
Re: Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: Scottu19 Broken (Tim Tyler)
Re: could you please tell me how this calculation has been obtained ? (nym_test)
Re: Ciphertext as language (Mok-Kong Shen)
Re: Scottu19 Broken (Tom St Denis)
Re: RC5-SAFE? - SAFEBOOT (Tom St Denis)
RSA for Random Data (Future Beacon)
----------------------------------------------------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: Security of whitening alone?
Date: Sun, 10 Sep 2000 03:48:31 -0300
"Alexis Machado" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I'm not sure I understood the cipher proposition:
>
> - X and Y are the 2 halfs of a 128-bit plaintext.
> - E and D are the corresponding halfs of the ciphertext.
> - R and L are the 2 halfs of a 128-bit key.
> - The equations are
>
> E = p(X ^ L) ^ R (1)
> D = q(Y ^ R) ^ L (2)
>
> In this case I have another way.
>
> Inverting (1) we have
>
> X = q(E ^ R) ^ L (3)
>
> "XORing" left and right sides of (2) with (3) results
>
> X ^ D = q(Y ^ R) ^ q(E ^ R) (4)
>
> If we have any plaintext-ciphertext pair ((X,Y) and (E,D)), there is, *at
> least*, an O(2**64) brute-force attack on equation (4) to find R.
>
> Similarly, starting from (2) we find L in O(2**64).
>
> The total complexity to find the key is O(2**64 + 2**64) = O(2**65). Since
> the key have 128 bits ...
>
I did a mistake. After finding L, we calculate R directly in equation (1).
So the effort to find the key is, at least, O(2**64).
---
Alexis
------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: Security of whitening alone?
Date: Sun, 10 Sep 2000 04:16:38 -0300
Thanks for decrypting Andru Luvisi presentation :-)
---
Alexis
------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: Security of whitening alone?
Date: Sun, 10 Sep 2000 04:34:04 -0300
"Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
news:8pf9ca$a6t$[EMAIL PROTECTED]...
>
> X (and D) is the 64 bit plaintext
> E (and Y) is the 64 bit ciphertext
> R and L are the 2 halfs of a 128-bit key
> And, equation (1) shows us how to encrypt, and (2) shows us how to
decrypt.
>
> Oh, and OP's construction had (at best) 64 bit security (using a reduction
> very similar to yours, on two known plaintexts/ciphertexts), even though
it
> also used a 128 bit key.
>
In this case, I think the reduction is even easier.
The encryption function is
Y = p(X ^ L) ^ R
With two pairs (X1, Y1), (X2, Y2) we have
Y1 = p(X1 ^ L) ^ R
Y2 = p(X2 ^ L) ^ R
"XORing"
Y1 ^ Y2 = p(X1^ L) ^ p(X2 ^ L)
And so on ...
---
Alexis
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ExCSS Source Code
Date: Sat, 09 Sep 2000 23:20:08 +0200
> True, since pirates don't do byte-by-byte copies to writable media anyhow.
Yes, but it CAN be done without breaking the encryption. Hidings special
commands in a system is plain stupid.
> Most pirate copies of DVDs are actually made on the exact same equipment that
> makes the "legit" copies, sometimes even in the exact same factories. Amazing,
> what a little bribery of factory managers being paid $8 per week will get you
> :-).
Probably, yes :o) Actually, the "Pirates" i know convert the whole 4+
Gig
shabang into standard MPEG then squish it using DivX and can put 2
movies
on a single 650 MB cd. That's 3 hours and 45 minutes(!)
> Err, the U.S. has a million men in uniform and billions of dollars in
> expensive military hardware that say different.
Humpty dumpty sat on a wall, humpty got a virus and fell down.
/Ichinin
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Sun, 10 Sep 2000 05:16:22 -0400
Chris Rutter wrote:
> I thus assume that the NSA probably has little interest either way
> in whether it can or cannot break AES.
I don't speak for them, but I am sure they are quite interested
in that matter, for numerous reasons including that it could be
used by targets of interest to the Agency.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: RSA??
Date: Sun, 10 Sep 2000 05:22:13 -0400
Big Boy Barry wrote:
> Is RSA encryption unsecure?
It is readily cracked if the keys are too small.
How big is big enough? Opinions vary..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Scottu19 Broken
Date: Sun, 10 Sep 2000 05:27:43 -0400
/dev/null wrote:
> > [EMAIL PROTECTED] babbles:
> > Oh now I have to give reasons? Nah. NSA likes breaking all crypto
> > espescially from fanatics.
> What do you know of them? It is their job. If they do break something
> it is very unlikely you or anyone else outside the agency will know.
Actually they don't have resources to waste on attacking
amateur ciphers that aren't involved in traffic of interest.
When new ideas turn up, some research might be done to
investigate them, for several reasons including being able
to handle new systems based on them should they arise.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: Bytes, octets, chars, and characters
Date: Sun, 10 Sep 2000 05:32:23 -0400
Chris Rutter wrote:
> If C is not to become trapped in the past -- a relic of days when
> processor architectures happened to be 32-bit -- it must stick to its
> ideology. Condemning C, as Java, to deal in 32-bit types once and for
> all seems a grave mistake.
I don't know where you got the idea that C has ever been linked
to "32-bit" architectures. The PDP-11 where it originated would
be considered a "16-bit" architecture, and one of the first
other platforms on which C was implemented was "36-bit". Some
of us used C on 60- and 64-bit supercomputers a *long* time ago.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Sun, 10 Sep 2000 05:39:59 -0400
Chris Rutter wrote:
> For instance, the C89 way to output a denary representation of a
> `sizeof_t' was to cast it to an `unsigned long', which was guaranteed
> to hold the largest range of positive numbers of any type. This
> assumption no longer holds; ...
This is a very old issue that has been argued ad infinitum.
Existing C89 code does not malfunction on that account when
compiled by a C99 conforming implementation on any platform
where it ever worked. The only time there would be a problem
is when objects are encountered that are larger that the
program ever *could* have handled under the C89 implementation.
Note that such objects would have been mishandled before, and
they would be mishandled now (in a different way). So some
program modification to handle them is required anyway; at
least with C99 there is finally a standard way to designate
the widest integer type, that will continue to work as new
integer types appear (e.g. __int128).
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston
Date: Sun, 10 Sep 2000 09:39:08 GMT
<[EMAIL PROTECTED]> divulged:
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>R. A. Hettinga <mailto: [EMAIL PROTECTED]>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
*sigh*
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sun, 10 Sep 2000 10:34:22 GMT
<[EMAIL PROTECTED]> divulged:
>On Fri, 08 Sep 2000 22:34:42 GMT, [EMAIL PROTECTED] wrote:
>>Key ring: '[EMAIL PROTECTED]'
>>Type Bits KeyID Created Expires Algorithm Use
>>pub 1024 0x085B85D1 1996-11-18 ---------- RSA Sign & Encrypt
>>uid Rich Eramian <[EMAIL PROTECTED]>
>I am shocked as how that info got there because it was
>not put there by me or anyone that I know of.
any number of ways.
>Maybe someone will give me more info on this because
>I want nothing to do with key servers.
if that's your keyid and you still have the private key for it just send a
delete request for the key. doesn't guarantee that your key will disappear
from being publically available though.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Crossposted-To: alt.security.pgp
Subject: Re: could you please tell me how this calculation has been obtained ?
Date: Sun, 10 Sep 2000 10:35:24 GMT
<[EMAIL PROTECTED]> divulged:
>I hope that my PGP software did not put it there.
depending on the version it certainly could have, but you have to tell it
to do so.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: RSA patent expiration party still on for the 20th
Date: Sun, 10 Sep 2000 10:48:39 GMT
<[EMAIL PROTECTED]> divulged:
>[Disclaimer: I am not a lawyer; do not rely on statements made here
>without consulting a qualified intellectual property attorney]
ditto
>Furthermore, RSA applications that were developed before the 6th
>(which includes applications that were legally developed outside the
>United States, like PGP v2.6.3i) are not covered by this two-week
>grace period at all; as I understand the law and RSASI's announcement,
>(read the disclaimer above!), it is still illegal to use them within
>the United States before the patent expires.
even after the patent's expiration those programs will continue to be
illegal since they were produced during the patent's period of enforcement,
so far as i understand patent law, i.e., so little that you should probably
just skip this article.
--
okay, have a sig then
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sun, 10 Sep 2000 13:05:00 +0200
"S. T. L." wrote:
>
> What's funny is that not even 8086s are as slow as 1.13 MHz. :->
It is indeed funny that several people ignore my errata and
continue go generate lots of noise. Maybe they couldn't
read.
M. K. Shen
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Scottu19 Broken
Reply-To: [EMAIL PROTECTED]
Date: Sun, 10 Sep 2000 10:52:42 GMT
[EMAIL PROTECTED] wrote:
: I heard that the NSA broke Scottu19, is that true?
Is http://www.deja.com/threadmsg_ct.xp?AN=666637659 the source of your
information? The only other mention recently here appears to be
http://x60.deja.com/threadmsg_ct.xp?AN=666850697.1
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
Date: 10 Sep 2000 11:16:07 -0000
From: nym_test <Use-Author-Address-Header@[127.1]>
Subject: Re: could you please tell me how this calculation has been obtained ?
Crossposted-To: alt.security.pgp
=====BEGIN PGP SIGNED MESSAGE=====
IMO jungle will not get answers for questions he did ask.
My estimates from what I know are : we have not more than 100k users.
The active number of users could be half of the above provided number,
50,000 worldwide.
On Thu, 7 Sep 2000, Lronscam <[EMAIL PROTECTED]> wrote:
>The addy of [EMAIL PROTECTED]=NOSPAM, In article ID
><[EMAIL PROTECTED]>, On or about Thu, 07 Sep 2000 07:13:40
>GMT,
>
> Arturo says...
>
>>On Thu, 07 Sep 2000 16:37:05 +1200, Michael Brown
>><[EMAIL PROTECTED]>
>>wrote:
>>
>>>I'd guess it'd be based somehow on the number of public keys on
>>>keyservers. That's how I would do it.
>>>jungle wrote:
>>>>
>>>> hi mike,
>>>>
>>>> in the recent [ 25 aug ] ap article by peter svensson, he is writing,
>>>> wallach said, that pgp is used by 7 million people ...
>>>>
>>>> could you please tell me how this calculation has been obtained ?
>>>> how accurate this number is ?
>>>>
>> I have heard some numbers (from servers in Spain, Holland and the US),
>>and the number of PGP keys in keyservers is about 1 million. Where did the
>>other 6 million go?
>
>And if there are only 1 million keys on the public key servers then you
>know that there are less people using PGP. How many people have only one
>key?
>
>I doubt you will get an answer Jungle.
>
>This sounds like big business to me lying as usual about how many people
>they have using their product. AOL does it, and I know of several other
>business doing just that to promote themselves as #1, so why shouldn't
>PGP do it?
>
>Being a commercial enterprise does have its weak points at times.
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Sun Sep 10 11:16:04 2000 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBObttdk5NDhYLYPHNAQGcewf/T+01o/afpFdWp8Sl67V2TBZB1Ls0iwdT
3OIZ/V/cOzcDtJ9VPmpfbhR7HSJTO+n/ZecFomQidV2cKTRuM60FSgWbhq/mY0hG
5aDCTzRZJPNHpiqomZH5mDvO9sJA3oYMwSlzeg6gWBtKCyRTKR/deXNUR4eRYhpF
7Z1sDy4n3g00Z4paznLSkJuiZfqnzVCTImXO7OZ90kxcNbacTvLURSV+IyJeJb2C
tLakgDUFxdb7TML5fBWz/3oofiT5d58JSU/NyhJ8kZiC6kjAlFel3aRxKnjH2y1i
z8YcSvQPC/a/FnV1Eysn+0HL/nEKe9/+BAR1k0nxcoTYiq2YMwTEKQ==
=snl2
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ciphertext as language
Date: Sun, 10 Sep 2000 13:45:20 +0200
wtshaw wrote:
>
> Having done more that a dozen algorithms with base 78 ciphertext, it
> seemed attractive to take on 78 sounds in an artificial language. It was
> simple to write a translation program to produce readable words. There
> are nineteen characters used, thirteen consonants, BDFGHLMNPRSTV, and six
> vowels, AEIOUX. I suggest that all six vowels sound like the name of the
> letter except U, which should be 00 as in smooth. The resulting sound of
> the words is fairly unambiguious, certainly not a romance language.
>
> Taking the algorithm Providence, any group of four normal alphabetic
> characters can be base-translated to three characters in base 78. In my
> program, these are shaped letters, and can be converted to the new system
> where each base 78 character is represented by a consonant and vowel pair.
Do I understand correctly that you transform the plaintext
into a sequence of base 78 characters, which is each
transformed to a pair of consonant and vowel such that
the consonant precedes the vowel? Questions: There are 78
characters but lots more of possible consonant-vowel pairs.
In which way do you determine the mapping? Do you use a
key for that? Wouldn't it be conceivable that, through
eliminating certain candidate pairs, the concatenations
of the (remaining) pairs would be better for the hearing
by humans and hence the ciphertext could be better
transmitted by voice?
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Scottu19 Broken
Date: Sun, 10 Sep 2000 12:07:58 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> [EMAIL PROTECTED] wrote:
>
> : I heard that the NSA broke Scottu19, is that true?
>
> Is http://www.deja.com/threadmsg_ct.xp?AN=666637659 the source of your
> information? The only other mention recently here appears to be
> http://x60.deja.com/threadmsg_ct.xp?AN=666850697.1
Both posters are in fact me. I did it to hopefully prove a point for
DaveScott that you can't just randomly rant about things. Apparently
he doesn't care though.
Oh well, c'est la vie.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: RC5-SAFE? - SAFEBOOT
Date: Sun, 10 Sep 2000 12:11:47 GMT
In article <1gDu5.37341$[EMAIL PROTECTED]>,
"Paul Pires" <[EMAIL PROTECTED]> wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> wrote in message
> news:8pesut$5sf$[EMAIL PROTECTED]...
> > In article <8peohu$2n8$[EMAIL PROTECTED]>,
> > "lala" <[EMAIL PROTECTED]> wrote:
> > > Sorry, I', a novice, so sorry if this question is stupid. I
believe
> > this
> > > program is great for total disk encryption.
> > > Some information sent to me says,....
> > > "The encryption method is based on the RC5 algorithm published by
RSA
> > > Laboratories. This algorithm uses a 1024 bit key and 12 rounds
with a
> > 32-bit
> > > word size in CBC mode. Using this method, SafeBoot is able to
encrypt
> > data
> > > at the rate of ~6MB/sec."
> > > Is this totally insecure, or still not bad encryption? It's the
32bit
> > not
> > > the 1024 bit I should be looking at right? i.e. this is not 128bit
> > > encryption. Thanks for advice.
> >
> > Your obviously a crypto-newbie. The 32-bit word size means RC5 is
> > implemented as a 64-bit block cipher. The 1024-bit key is a bit
> > disconcerning since RC5 is normally only used with keys from 64 to
256
> > bits. 1024 bits seems excessive.
> >
> > Also with 12 rounds a differential or linear attack could in theory
be
> > applied, I would use at least 16 rounds and hope not to have a weak
key
> > (low chance really).
> >
> > plus 6mb/sec is really slow. My RC5 code with 12 rounds gets 22.25
> > MB/sec on my K6-2. So thats about four times slower then it should
be.
>
> Sorry for the off track but...
>
> It's Dennis Miller time.
>
> Gosh, if everybody would state the platform and clock speed when
> discussing stats it would be so nice. Clocks per byte isn't great but
I think
> it's the most relevent spec if it is derived from actual testing.
Another wonder
> spec is when someone posts C source and then claims performance for
> what is obviously a higly optimized, pipelined nitro-burning
assembler version.
> "The Source is free and un-patented. Oh, you want the fast one? I'll
have our
> sales rep set up an appointment." By the way Tom. I'm not aiming this
at you.
> Your post just reminded me of it.
Well ok, I get 15 cycles/byte with my implementation in Assembler. And
it's *FREE* to use if you don't live in the states. Except my RC5 key
schedule doesn't work right in asm (the rest is ok).
Or you could try TC6a which is the fastest block cipher in the world in
plain C code on a x86 series cpu. I get 12 cycles/byte. It's rather
secure except for a impossible differential attack that would require
about 2^64 work anyways.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: RSA for Random Data
Date: Sun, 10 Sep 2000 08:32:29 -0400
If RSA is used to send random numbers that are never again
transmitted without first being radically transformed, would
the message (random numbers) be more secure than plain text
communicated the same way? I suspect that the random numbers
would be more secure than the plain text and possibly immune
from attack (at least until the transformations are
transmitted). What do you think?
If this is true, cooperating senders and receivers could come
into possession of the same collection of random numbers for various
purposes that might lead to a more secure method. This paragraph
is a speculation offered merely point out the possible relevance
of my question.
Thank you for your help.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
