Cryptography-Digest Digest #679, Volume #12 Thu, 14 Sep 00 13:13:01 EDT
Contents:
Re: Hash algorithms (Daniel Leonard)
Re: Music Industry wants hacking information for cheap (Daniel Leonard)
Re: Hash algorithms
Re: Problem with Tiger hash algorithm and binary files (Daniel Leonard)
Re: (Jury Selection) Re: Carnivore article in October CACM _Inside_Risks (Yiorgos
Adamopoulos)
Re: [Q] Design criteria for sboxes in Tiger/192 ? (Mok-Kong Shen)
On dictionary encoding (Mok-Kong Shen)
free ssl cert ([EMAIL PROTECTED])
Re: Announcement (John Myre)
Re: For the Gurus (/dev/null)
Re: For the Gurus (/dev/null)
Re: For the Gurus (/dev/null)
Fresh Meat: New Crypto Algorithms Announced (Bruce Schneier)
Re: Scottu19 Broken ("Douglas A. Gwyn")
Recent crypto text ("Douglas A. Gwyn")
Re: sac fullfilling decorelated functions (Serge Vaudenay)
GSM tracking (Arturo)
Re: Recent crypto text (John Myre)
Re: Fresh Meat: New Crypto Algorithms Announced (John Myre)
RSA Questions (Future Beacon)
Re: GSM tracking (Mok-Kong Shen)
Re: Fresh Meat: New Crypto Algorithms Announced (Mok-Kong Shen)
Re: [Q] Design criteria for sboxes in Tiger/192 ? ("David C. Barber")
----------------------------------------------------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Hash algorithms
Date: Thu, 14 Sep 2000 12:12:54 GMT
On Thu, 14 Sep 2000 [EMAIL PROTECTED] wrote:
> Greetings,
>=20
> I have a project that requires me to look into 5 hash algorithms, I have
> been attempting to figure out what exactly is a hash algorithm. I know t=
hat
> MD2-5 are one-way hash algorithms, but what would the definition be of a
> hash algorithm so I can identify the other 4 that I require?
>=20
> Thanks in advance,
> Ray
You can take a look at:
http://www.nw.com.br/users/pbarreto/hflounge.html
for identifying your 4 other required hash functions
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Music Industry wants hacking information for cheap
Date: Thu, 14 Sep 2000 12:16:54 GMT
On Wed, 13 Sep 2000, David C. Barber wrote:
> Our wonderful music industry is looking for hacking information, but sure
> doesn't want to pay much for it. www.hacksdmi.org is offering $10K for
> anyone who can defeat SDMI II before its release. Hardly what such
> information would be worth unless it's just a couple days work for some
> clever person.
>=20
> Wonder what it will cost them if (when?) SDMI II is cracked *after* its
> official release?
>=20
> (SDMI for the not completely informed is Secure Digital Music Initiative.
> The concept is that they can embed information into the music stream that
> cannot be filtered out, will survive various
> decompression/recompression/format conversions, and will still tell SDMI
> compliant players not to play or allow copies. This is all while the res=
t
> of the world chugs along on MP3.)
>=20
> *D B*
As someone said here no long ago, intercept and record the data stream
between the apps that does the decyphering and the driver for the
videocard, you will get the plaintext... Not even worth cracking, let them
think it is safe (ok it will need some system programming, but it is
another matter, like cipher considered unsafe because they can be broken
in less time than brute force, but the time is still too big in practice).
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Hash algorithms
Date: Thu, 14 Sep 2000 12:23:48 GMT
Hi,
Thank you guys for all your help! this gives me a much better understanding
of what I am looking for.
Thanks again,
Ray,
"Runu Knips" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] wrote:
> > I have a project that requires me to look into 5 hash algorithms
>
> A hash algorithm is an algorithm which gives you a checksum of
> some data. There are hash functions for different purposes,
> noticeably for the realization of hash tables.
>
> In Crytography, the hash functions should be cryptographically
> hard, i.e.
>
> (a) the function should create a result which is long enough to
> make brute force attacks impossible
> (b) it should not be possible to get from the hashsum any
> information about the document.
> (c) it should not be possible to create a document which creates
> a given checksum.
> (d) it should not be possible to find two documents which have
> the same checksum.
>
> Cryptographically hard hash functions are used, for example,
> to prove that someone has some kind of information. If I have
> a document and want to know if you have it too, I ask you for
> the hashsum. If you can give it to me, it has been prooved
> that you have that document.
>
> Hash functions are really a new concept in cryptography.
> Interesting hash functions are MD2, SHA-1, RIPE MD160 and Tiger.
> Of historical interest are MD4 and its successor MD5, also
> Snefru and Snefru-8.
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Problem with Tiger hash algorithm and binary files
Date: Thu, 14 Sep 2000 12:24:24 GMT
On Thu, 14 Sep 2000, Runu Knips wrote:
> Daniel Leonard wrote:
> >=20
> > On Wed, 13 Sep 2000, Konrad Podloucky wrote:
> >=20
> > > From Eli Biham's Tiger page
> > > (http://www.cs.technion.ac.il/~biham/Reports/Tiger/):
> > > "[...]Note that in the original reference implementation that we have
> > > published in this page there was a typo that used the wrong bit
> > > order when it padded the '1' bit at the end of the message. It
> > > used the constant 0x80, rather than 0x01 to append this bit. The
> > > reference implementation and test results given above are already
> > > corrected. We are grateful to John Lull who found this typo."
> >=20
> > This confused me more because while discussing with Mr. Antoon Bosselae=
rs,
> > he told me that the correction was wrong.
>=20
> Well, in fact it is a question of intepretation. If you have, say, 12
> bits of information
>=20
> 111111111111
>=20
> and need to get the hash sum of it, you have to store the first 8 bits
> in a first byte, then you have to decide: (a) you put bit 9 of your
> information into (a) the lsb OR (b) the msb of the second byte. In
> the first case, the 2 bytes have the values ( 0xff, 0x0f ), in the
> second case their values are ( 0xff, 0xf0 ).
>=20
> This means that both intepretations are possible. Saying that one
> is more 'correct' than the other leads to a "fight" like "little
> endian" against "big endian", not in gulliver, but in computer
> technology. x86 and alpha are little endian, sparc and ppc are
> big endian, and even worse is mips which might be little or big
> endian, depending upon the setup.
>=20
> If, for Tiger, the lsb is the first bit, its simply okay.
>=20
That is why usually the paper states which endianness is the one for the
alogorithm, no need to concern about wars. MD family is little endian, sha
is big-endian.
What concerns me the most is that 0x80 and 0x01 is endianness at the bit
level, which I never heard about. But if such thing exists, I do think
that only in assembly should one be concern with it and that
"higher" programming language should shield the programmer from that
thing, if only for the sake of protability.
I think I will requery Mr Anderson and Mr.Biham.
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW :
------------------------------
From: [EMAIL PROTECTED] (Yiorgos Adamopoulos)
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto,us.legal
Subject: Re: (Jury Selection) Re: Carnivore article in October CACM _Inside_Risks
Date: 14 Sep 2000 12:27:16 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Robert H. Risch wrote:
>lawyers can object to the question so it may not even get asked. Do
>the jurors just raise their hand and ask in Greece?
Yes
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: [Q] Design criteria for sboxes in Tiger/192 ?
Date: Thu, 14 Sep 2000 14:42:37 +0200
Tim Tyler wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> [secret s-boxes]
>
> : I don't know. But I like to point out that the same
> : question apparently could apply to almost all well-
> : known block ciphers that have S-boxes, starting with
> : DES, whose design rationales are kept secret even
> : today. [...]
>
> These were published by IBM, IIRC. Aren't they as stated on A.C. p. 294?
No, you erred. There has never been a (complete) publication
of the DES design informations.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: On dictionary encoding
Date: Thu, 14 Sep 2000 14:46:25 +0200
Consider a medium sized dictionary. The one I have at
hand has 1002 pages and each page has less than 32 words.
This means each entry can be located with 10+5=15 bits.
If we use 3 bits to code grammatical informations
(singular/plural, present/past participle, etc.), the
encoding can be done with 18 bits. Special words not
found in the dictionary can be coded in ASCII and
signalized through indicators (borrowing space from
the 3 bits used for grammatical informations).
If we are luxurious and employ large lexicons, 20 bits
for encoding a word are certaininly sufficient. If we
have all words of a dictionary listed sequentially in
a database, then the number of bits needed could be
reduced a little bit.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED]
Subject: free ssl cert
Date: Thu, 14 Sep 2000 14:07:30 GMT
Hi there,
can anybody tell me how to get a free ssl cert (40 or 128 bit) to test
web sites? I do not expect anyone to guarantee for my web pages.
I know the Apache package delivers a cert generation tool but I would
need it for the Netscape server.
Has anybody any idea?
regards
Claus
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Announcement
Date: Thu, 14 Sep 2000 08:42:25 -0600
Tom St Denis wrote:
<snip>
> BTW don't post 10x ok?
<snip>
I suppose you didn't read the subject lines? You might
have noticed that each post is different.
JM
------------------------------
From: /dev/null <[EMAIL PROTECTED]>
Subject: Re: For the Gurus
Date: Thu, 14 Sep 2000 10:53:41 -0400
Jim Gillogly wrote:
Nice work. HOOSIER. Pattern lists or machine assist?
>
> "root@localhost " wrote:
> > Even a monoalphabetic substitution system can be secure under the right
> > conditions. For example, what does this say? LMUU MEOZ AQDR LEXX It
> > is a simple keyword based mono-alphabetic substitution cipher.
>
> "Not today, friend." Keyword KOSHER. (Or, equivalently, GOITER or HOSIER
> or a host of others.)
> --
> Jim Gillogly
> Mersday, 22 Halimath S.R. 2000, 15:37
> 12.19.7.9.16, 5 Cib 19 Mol, Seventh Lord of Night
------------------------------
From: /dev/null <[EMAIL PROTECTED]>
Subject: Re: For the Gurus
Date: Thu, 14 Sep 2000 10:56:33 -0400
[EMAIL PROTECTED] wrote:
Thanks Mike. I'll take a look.
> --
> Mike Andrews
> Tired old sysadmin
> [EMAIL PROTECTED]
------------------------------
From: /dev/null <[EMAIL PROTECTED]>
Subject: Re: For the Gurus
Date: Thu, 14 Sep 2000 11:03:54 -0400
Jim Gillogly wrote:
>
>
> Note that although you're limiting the cipher clerk to pencil
> and paper, you can't limit the attacker in that way.
Thank you, Jim, for the reminder. I wrote something to run on Coherent,
back in '92 that used pattern matching to recover the possible plain
texts in a similar manner.
It has been a very long time since I was in school. I have forgotten
quite a lot -- sometimes it feels as I've forgotten everything I ever
learned. :)
> --
> Jim Gillogly
> Mersday, 22 Halimath S.R. 2000, 18:59
> 12.19.7.9.16, 5 Cib 19 Mol, Seventh Lord of Night
------------------------------
From: Bruce Schneier <[EMAIL PROTECTED]>
Subject: Fresh Meat: New Crypto Algorithms Announced
Date: Thu, 14 Sep 2000 10:13:58 -0500
The European Telecommunication Standards Institute (ETSI) has made a
bunch of encryption algorithms public:
<http://www.etsi.org/dvbandca/>
My guess is that most of these are breakable, and that a good break
paper is publishable.
Bruce
**********************************************************************
Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
Free crypto newsletter. See: http://www.counterpane.com
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Scottu19 Broken
Date: Thu, 14 Sep 2000 14:35:59 GMT
Tim Tyler wrote:
> I wonder if James Joyce (Finnegan's Wake) could
> make use of a similar excuse... ;-)
I suppose it depends on whether we have solid evidence that
he *could* write decent prose, also on whether the style of
FW was essential to the story or was just a wild experiment.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Recent crypto text
Date: Thu, 14 Sep 2000 14:47:16 GMT
Paul Garrett, "Making, Breaking Codes: An Introduction to Cryptology".
My copy just arrived and from a quick perusal, e.g.:
http://www.math.umn.edu/~garrett/crypto/Contents.html
it seems to be a very comprehensive modern textbook on the subject.
------------------------------
Date: Thu, 14 Sep 2000 17:28:57 +0200
From: Serge Vaudenay <[EMAIL PROTECTED]>
Subject: Re: sac fullfilling decorelated functions
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> Serge Vaudenay <[EMAIL PROTECTED]> wrote:
> >
> > It is actually a little tricky.
> > If you consider differential cryptanalysis with any input difference a
> > and any output difference b, the probability DP(a,b) depends on the
> > secret key. We can show that *on average over the key*, this
> probability
> > is too low to be useful, which shows that a random linear cipher
> resists
> > to differential cryptanalysis.
>
> Which is just a different way to resist differential cryptanalysis
> right?
Different from what?
> If you have seen my earlier posts such as TC6a you will see I used the
> decorrelated function as my round function. Would you suggest that as
> a insecure design?
No I did not.
I was off recently.
Serge
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Arturo)
Subject: GSM tracking
Date: Thu, 14 Sep 2000 15:57:29 GMT
I know that a mobile phone can be tracked while being used. But there�s
something I�m not sure about: can a GSM phone be tracked when it�s off, or is it
necessary to plug the battery away?
Also, has the tracking capability been already requested by law
enforcement bodies (e.g. FBI), or is it the next gift they�ll ask from Santa?
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Recent crypto text
Date: Thu, 14 Sep 2000 10:28:24 -0600
"Douglas A. Gwyn" wrote:
>
> Paul Garrett, "Making, Breaking Codes: An Introduction to Cryptology".
>
> My copy just arrived and from a quick perusal, e.g.:
> http://www.math.umn.edu/~garrett/crypto/Contents.html
> it seems to be a very comprehensive modern textbook on the subject.
How would you compare (contrast) this with AC2 (Schneier)?
(What does it cover, at what level, what quality?)
JM
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Fresh Meat: New Crypto Algorithms Announced
Date: Thu, 14 Sep 2000 10:25:38 -0600
Bruce Schneier wrote:
>
> The European Telecommunication Standards Institute (ETSI) has made a
> bunch of encryption algorithms public:
>
> <http://www.etsi.org/dvbandca/>
Well, semi-public. It costs a money and you have to sign a
license agreement. See the "conditions" links (Microsoft Word
documents, sigh). I see prices of 100 and 1000 EURO's; I think
this is per algorithm.
JM
------------------------------
From: Future Beacon <[EMAIL PROTECTED]>
Subject: RSA Questions
Date: Thu, 14 Sep 2000 12:44:40 -0400
Does anybody know what goes wrong with RSA
if p or q or both are not necessarily prime?
Surely there is still a way to select a d such
that decryption works for the receiver.
If RSA becomes weaker, does anybody know how
messages would be decrypted without d?
I ask these questions because the strength of RSA seems
to depend upon the size of the numbers. The numbers encrypted
by RSA must be large; otherwise, a table could be made of the
number range mapping the plain text to the ciphertext and the
difficulty of factoring would be irrelevant. Meanwhile, the
numbers encrypted must be smaller than pq or they will not be
reported correctly to the person who holds d. This means that pq
must be large to avoid a table-making attack.
If the game is merely outrunning current computers, what is the
significance of p and q being prime?
Thank you for your help.
Jim Trek
Future Beacon Technology
http://eznet.net/~progress
[EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: GSM tracking
Date: Thu, 14 Sep 2000 19:19:50 +0200
Arturo wrote:
>
> I know that a mobile phone can be tracked while being used. But there�s
> something I�m not sure about: can a GSM phone be tracked when it�s off, or is it
> necessary to plug the battery away?
We recently discussed this. If you are sure that your phone
is not bugged, then swithing off is o.k.
A recent newpaper article said that, through GPS, a certain
product named Navstream of a firm Parthus enables positioning
via handy to a precision up to 5 metres.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Fresh Meat: New Crypto Algorithms Announced
Date: Thu, 14 Sep 2000 19:19:43 +0200
John Myre wrote:
>
> Bruce Schneier wrote:
> >
> > The European Telecommunication Standards Institute (ETSI) has made a
> > bunch of encryption algorithms public:
> >
> > <http://www.etsi.org/dvbandca/>
>
> Well, semi-public. It costs a money and you have to sign a
> license agreement. See the "conditions" links (Microsoft Word
> documents, sigh). I see prices of 100 and 1000 EURO's; I think
> this is per algorithm.
So that excludes analysts that are poor and one has 'security
through high cost' :-)
M. K. Shen
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: [Q] Design criteria for sboxes in Tiger/192 ?
Date: Thu, 14 Sep 2000 10:06:27 -0700
As I recall once hearing, DES proved surprisingly resistant to later
developed attacks (differential cryptanalysis) and it was determined that
its S-boxes appeared optimized against that type of attack. When asked, one
of the original designers basically just smiled and did not comment further.
The implication was that the designers knew of the DC attack, and perhaps
others not publicly known, and armored DES against it.
*David Barber*
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tim Tyler wrote:
> >
> > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> > [secret s-boxes]
> >
> > : I don't know. But I like to point out that the same
> > : question apparently could apply to almost all well-
> > : known block ciphers that have S-boxes, starting with
> > : DES, whose design rationales are kept secret even
> > : today. [...]
> >
> > These were published by IBM, IIRC. Aren't they as stated on A.C. p.
294?
>
> No, you erred. There has never been a (complete) publication
> of the DES design informations.
>
> M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
