Cryptography-Digest Digest #682, Volume #12 Thu, 14 Sep 00 21:13:01 EDT
Contents:
Re: "Secrets and Lies" at 50% off (William Stallings)
Re: Scottu19 Broken (John Savard)
Re: Recent crypto text (John Savard)
Re: "Secrets and Lies" at 50% off (Mr. Olie Yank)
Re: "Secrets and Lies" at 50% off (Tom St Denis)
Re: SDMI Crypto Challenge (Tom St Denis)
decorrelated MDS? (Tom St Denis)
Re: "Secrets and Lies" at 50% off (Bill Unruh)
Re: "Secrets and Lies" at 50% off (Jim Gillogly)
Re: Disappearing Email redux ("Rick")
Re: Problem with Tiger hash algorithm and binary files (David Hopwood)
Re: RSA Questions (David Hopwood)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (William Stallings)
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Thu, 14 Sep 2000 19:13:52 -0400
In article <8prii3$sla$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Bruce Schneier <[EMAIL PROTECTED]> wrote:
> > This is the cheapest I've seen the book. I know what the publisher
> > sells the book for, and FatBrain is losing money on every sale. I
> > have no idea if this is a temporary promotion, or how long it will
> > last. But I figured I should get the word out:
> >
> > http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471253111
>
> I know you are well intentioned but for the same reason I don't like
> other spammers, I would suggest that you don't do this.
>
> If you want to talk about your book by all means go ahead, but you
> really are spamming this group.
>
> Just my two cents, and seriously no offence intended.
>
Geez. He is doing a service to the interested community. Not my idea of spam.
Bill
| | Descriptions, errata sheets and discount order info |
| | for my current books and info on forthcoming books: |
| Bill Stallings | WilliamStallings.com |
| [EMAIL PROTECTED] | |
| | Visit Computer Science Student Support site: |
| | WilliamStallings.com/StudentSupport.html |
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Scottu19 Broken
Date: Thu, 14 Sep 2000 23:41:09 GMT
On Thu, 14 Sep 2000 14:35:59 GMT, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote, in part:
>Tim Tyler wrote:
>> I wonder if James Joyce (Finnegan's Wake) could
>> make use of a similar excuse... ;-)
>I suppose it depends on whether we have solid evidence that
>he *could* write decent prose, also on whether the style of
>FW was essential to the story or was just a wild experiment.
Well, he did write other books, which weren't quite as extreme as
Finnegan's Wake. (The recognition that book achieved despite the
difficult style in which it was written, I suppose, must speak to it
having literary quality of some sort.)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Recent crypto text
Date: Thu, 14 Sep 2000 23:39:21 GMT
On Thu, 14 Sep 2000 10:28:24 -0600, John Myre <[EMAIL PROTECTED]>
wrote, in part:
>How would you compare (contrast) this with AC2 (Schneier)?
>(What does it cover, at what level, what quality?)
>From the table of contents referenced in the post, it seems to be a
very mathematical book. It appears to begin with a look at very simple
ciphers from a mathematical point of view, reminiscent of Abraham
Sinkov's book "Elementary Cryptanalysis".
It goes on to deal with such things as probability theory (perhaps
like Konheim) and with number theory and the mathematics of public-key
systems.
I was surprised to see that the very recent NTRU cryptosystem is among
those dealt with in the book.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Mr. Olie Yank)
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Fri, 15 Sep 2000 00:04:03 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>If you want to talk about your book by all means go ahead, but you
>really are spamming this group.
Hey Bruce, you want we should take this turkey back in the alley and rough
him up a little?
--
"Mr. Olie Yank" is actually 0495 876321 <[EMAIL PROTECTED]>.
01 2345 6789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Thu, 14 Sep 2000 23:59:19 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (William Stallings) wrote:
> In article <8prii3$sla$[EMAIL PROTECTED]>, Tom St Denis
> <[EMAIL PROTECTED]> wrote:
>
> > In article <[EMAIL PROTECTED]>,
> > Bruce Schneier <[EMAIL PROTECTED]> wrote:
> > > This is the cheapest I've seen the book. I know what the
publisher
> > > sells the book for, and FatBrain is losing money on every sale. I
> > > have no idea if this is a temporary promotion, or how long it will
> > > last. But I figured I should get the word out:
> > >
> > > http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?
theisbn=0471253111
> >
> > I know you are well intentioned but for the same reason I don't like
> > other spammers, I would suggest that you don't do this.
> >
> > If you want to talk about your book by all means go ahead, but you
> > really are spamming this group.
> >
> > Just my two cents, and seriously no offence intended.
> >
>
> Geez. He is doing a service to the interested community. Not my idea
of spam.
Ok, tell me when he has discussed his book openly in this forum? It
seems all posts are about him selling his book.
BTW I am not trying to offend him honest, I regard him as a very
competent cryptographer. It's just let's not be hypocritical about
posting here.
If I was a MS engineer posting about a new MS WALLET software (for
example) would you regard the post with the same respect?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SDMI Crypto Challenge
Date: Fri, 15 Sep 2000 00:10:50 GMT
In article <8porb2$gjh$[EMAIL PROTECTED]>,
"David C. Barber" <[EMAIL PROTECTED]> wrote:
> The music industry is paying (underpaying) $10K for anyone who can
defeat
> the SDMI-II proposals. Visit www.hacksdmi.com for info.
Is this gonna be a re-run of the DVD CSS case? When will people learn
that you *cant* do this. Unless new authors don't use CDs (bad idea) or
the producers encrypt each copy to each user (watermark) (still weak).
If I can play the audio on my comp I can rip it. Plain and simple.
And since MP3 technology already exists I can re-encode it to a
suitable form.
Why not release good music that people will not mind buying instead of
selling rubish and hoping for some DMCA to protect you? Personally
most cds have 16 tracks of pure garbage and two tracks you may actually
like. Why not make an entire cd of good music. Paying 15 to 25 bucks
for a cd is not terrible, given that it's worth it. Anyways, backto
Napster :-)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: decorrelated MDS?
Date: Fri, 15 Sep 2000 00:24:45 GMT
I am thinking the answer is no, but here we go.
Given a n by n square matrix with elements from a finite field. Let's
suppose the matrix is also a MDS in the respective field (i.e GF(2)^8
and the matrix is non-singular, etc..)
If I pick a random square MDS matrix M and a column vector B I do
F(x) = Mx + b
Where x is a n by 1 column vector (say a 4x1 with 8-bit elements for a
32-bit transform).
Obviously if M is random then each multiplication (going down a column)
will produce a random output column vector... i.e
a x x x | t1
b x x x | t2
c x x x | t3
d x x x | t4
(if that looks messy each 'a,b,c,d' should be on their own line)
When you precompute a matrix mult in GF you go down a column and
compute the relevant byte position terms (see the twofish source code).
That's great.
However, the reason I don't think this is pair-wise decorrelated is
that the values inside the matrix are self-constrained. I.e you can
pick almost any value for some elements of the matrix, but eventually
you are more restricted (it has to be a MDS).
It would be a nice tool since you could place a decorrelated MDS inside
a block cipher (twofish perhaps?) and get nice immunity to
differential/linear cryptanalysis. In the case of 4x4 mds matrices I
can't imagine they are hard to make on a desktop (a bunch of xors and
GF 8x8 mults...). In the case of twofish with four 8x8 key dependent
sboxes and a key dependent MDS would make it very hard to attack.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: 15 Sep 2000 00:34:22 GMT
In <8prii3$sla$[EMAIL PROTECTED]> Tom St Denis <[EMAIL PROTECTED]> writes:
]In article <[EMAIL PROTECTED]>,
] Bruce Schneier <[EMAIL PROTECTED]> wrote:
]> This is the cheapest I've seen the book. I know what the publisher
]> sells the book for, and FatBrain is losing money on every sale. I
]> have no idea if this is a temporary promotion, or how long it will
]> last. But I figured I should get the word out:
]>
]> http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471253111
]I know you are well intentioned but for the same reason I don't like
]other spammers, I would suggest that you don't do this.
]If you want to talk about your book by all means go ahead, but you
]really are spamming this group.
?? Spamming? He is not cross posting to thousands of groups. You can
ignore the post. I think what you object to is the commercialisation,
not the spamming.
(and you have now had the message he sent out repeated in at least two
posts-- yours and mine.)
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Crossposted-To: comp.security,comp.security.misc
Subject: Re: "Secrets and Lies" at 50% off
Date: Fri, 15 Sep 2000 00:38:33 +0000
Tom St Denis wrote:
> If I was a MS engineer posting about a new MS WALLET software (for
> example) would you regard the post with the same respect?
Certainly not. However, if you were Adi Shamir or Jim Reeds or
Doug Gwyn posting about your new cryptanalysis book, or Frode
Weierud or Tony Sale or David Hamer posting about your new Enigma
book, or Ron Rivest or Don Coppersmith or Eli Biham posting about
your new crypto algorithm design book I wouldn't be snippy about
your not posting more detail about why I ought to buy the book.
In particular, I didn't complain when Alfred Menezes kept telling
us a new chapter of HAC was being posted for free, even though I
already had the hard copy.
By the way, the 50% off is right, but the $4 shipping + $1 CA tax
bumped the price up to where I only got 1/3 off. Oh, well. Beats
Amazon or my local Borders anyway.
--
Jim Gillogly
Sterday, 24 Halimath S.R. 2000, 00:29
12.19.7.9.18, 7 Edznab 1 Chen, Ninth Lord of Night
------------------------------
From: "Rick" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,uk.legal
Subject: Re: Disappearing Email redux
Date: Thu, 14 Sep 2000 19:08:46 -0500
I have reason to agree.
"Tommy the Terrorist" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I don't trust this scheme. Sorry, but it sounds like yet another variant
> on "key escrow", which is inherently MEANT to be unreliable. While
> perhaps someone who has a Windows system to install it on gets some last
> minute message I don't know about, so far I see no clear GUARANTEE on the
> site that every last copy of the key will really BE deleted. To the
> contrary, I see this stuff in the privacy policy (which to be fair is no
> more weaselly-worded than any other privacy policy on the Internet......)
>
>
> "Disappearing Inc. may disclose information about users or information
> about their use of the service for the following reasons: as required by
> law, such as the Electronic Communications Privacy Act, regulations, or
> governmental or legal requests for such information; to disclose
> information that is necessary to identify, contact or bring legal action
> against someone who may be violating our Terms of Service or other user
> policies; to operate the Services properly; or to protect Disappearing
> Inc. and our users. This site contains links to other sites. Disappearing
> Inc. is not responsible for the privacy practices or the content of these
> Web sites."
>
> In other words, they can give away your key whenever they feel like it,
> right up until the moment they "destroy" it. More to the point, it
> sounds like they can be ordered to hand over the company key that was
> supposed to be destroyed on any given day in response to a single court
> process. Provided that the FBI or other agencies can maintain a single
> simulated "child molestor" on their service sending E-mail every day,
> they can confiscate EVERY key and decode EVERY message. (Admittedly, I
> didn't see details on how the company-specific key and user-specific key
> are combined, but we know the company can display any E-mail that hasn't
> expired using ordinary HTML, and I doubt they delete the user specific
> key; and if they do then I also am skeptical that the messages are hard
> to crack provided the company-specific key is compromised)
>
> Security
>
> "While we make every effort to ensure the integrity and security of our
> network and systems, we cannot guarantee that our security measures will
> prevent third-party "crackers" from illegally obtaining this information.
> Disappearing Inc. is not responsible or liable for any such unauthorized
> uses of the Disappearing Email Service or its data."
>
> In other words, when an NSA listening post or CIA tap on the Internet
> (such as the one across the street from the AOL Reston facility that all
> AOL traffic passes through) intercepts keys being transmitted between the
> mirrored servers they say they have, and a single Canadian or Australian
> agent hits the "BEER" key (well, the "Spy On Americans" key, actually)
> and then "decides" to "share" this intelligence with the U.S. agencies,
> all the crypto keys are divulged and this company is not responsible.
>
> P.S. There's also an issue with anonymity. This company,
> unsurprisingly, demands the receipt and sending back of an E-mail code
> before allowing the software to be downloaded. One "feature" of that
> system is that the software could be designed to use that key number as a
> built-in identification number, placed in every E-mail sent with it. In
> other words, if you send a "disappearing email" through twenty chained
> remailers to someone, the E-mail itself is coded with a number directly
> tied to the E-mail address you specified before download and the IP
> number you used to download with (which they also say they retain in the
> "privacy" policy)
>
> In short: "Trusted third parties" AREN'T. If you want secure,
> unrecoverable E-mail for yourself or your company, you can run PGP 2.3a
> and regularly subject your keys to unrecoverable erasure. I am very
> skeptical that this really works (there are too many back doors built
> into the operating systems, mail programs, and word processors,
> especially Microsoft's) but it has to be better than this.
------------------------------
Date: Thu, 14 Sep 2000 23:49:22 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Problem with Tiger hash algorithm and binary files
=====BEGIN PGP SIGNED MESSAGE=====
Runu Knips wrote:
> Daniel Leonard wrote:
> > On Wed, 13 Sep 2000, Konrad Podloucky wrote:
> >
> > > From Eli Biham's Tiger page
> > > (http://www.cs.technion.ac.il/~biham/Reports/Tiger/):
> > > "[...]Note that in the original reference implementation that we have
> > > published in this page there was a typo that used the wrong bit
> > > order when it padded the '1' bit at the end of the message. It
> > > used the constant 0x80, rather than 0x01 to append this bit. The
> > > reference implementation and test results given above are already
> > > corrected. We are grateful to John Lull who found this typo."
> >
> > This confused me more because while discussing with Mr. Antoon Bosselaers,
> > he told me that the correction was wrong.
>
> Well, in fact it is a question of intepretation.
It's not a question of interpretation at all. The Tiger paper specifically said
that the padding was to be done in the same style as the MD4 family, which
uses 0x80 as the first padding octet when the input is a multiple of 8 bits,
and treats the most significant bit of an octet as "first".
Note that this is an entirely separate issue to byte order; MD4, MD5 and
RIPEMD-*, which are little-endian, and SHA-1, which is big-endian, all use
the same bit ordering convention. (HAVAL and Panama use the opposite
convention.) In any case, the interpretation used in the new Tiger reference
code is definitely inconsistent with the original paper.
> This means that both intepretations are possible.
Of course, but that wasn't the question. For most applications, bit order
doesn't matter because data is treated as a sequence of opaque octets. In
practice that is also how it is treated for hash function inputs, despite
most hashes being defined for inputs that are bit sequences. For that to work
it's essential that hash designers don't change their mind about which bit
order is meant.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOcFVxzkCAxeYt5gVAQG3lwgAt9mjjMWoRnd6g0CkDGwdKbmc7NCqeY9O
OjB+kbc+oU/k5vvBCiaWj1fd+K6T8JCz8KizLN9sb9x9Sbik19L2EFg4bIN2s41W
0M3nGU4tA6Zsk0EoucnQ0mXqlZGrkSOPZHZtDEbU2K+xH/09PSFYFv+GXZxQpMNg
rxLqyNOwPHzY75liKtHGZ6rVsbOKaxBtSNEVTMFy/Df+Thewk4owj2SHCmEzsPgy
ZpBIafN0ZFsqR37jZKOn/68vogOmxB3njx8241XD+iK8NH+DlBHsfUzJ2tTEkzwd
l3t3NRc3Zs6Z9xQQpT+7faU8vi8X/X3OteoVdKUVxDdVWuCvkAZB8A==
=LxbS
=====END PGP SIGNATURE=====
------------------------------
Date: Fri, 15 Sep 2000 00:26:12 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RSA Questions
=====BEGIN PGP SIGNED MESSAGE=====
Future Beacon wrote:
> Does anybody know what goes wrong with RSA
> if p or q or both are not necessarily prime?
RSA does not necessarily have to be used with two primes.
However, some factoring methods (in particular Lenstra's Elliptic
Curve Method, or ECM) require work that depends on the size of the
smallest factor rather than the size of the modulus. To resist these
methods all the prime factors should be larger than about 300 bits.
The case that is most likely to maximise the attacker's expected work,
though (even if new factoring methods are found), is two random prime
factors of equal length.
> Surely there is still a way to select a d such
> that decryption works for the receiver.
d = e^-1 mod phi(n). phi(n) is the product of (p_i - 1) for all
prime factors p_i. (The least common multiple of the (p_i - 1)
will also work.)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOcFdkDkCAxeYt5gVAQHpbggAv3g2A0LSVSkaNzuX/rreh4o9FCAXjF9c
I28JZ3eCgpgRnqPM0+CZeT5pZ2xyaeHTXQos9nyQ4cgmkF9LWjGtd3YxxnpWkERo
lzJYAQb3y8CLMv7Xtnv1wOu5ieMzz5hcOpEohrtEiOHTPWY8oTh3EdL/KRGWVz8i
6sphyJvGKbEkFnLtObcxinXEpnub0//JflYexUXbMHLPE/WcT+yLYMS5/JG1PupH
5m2zG61DeyY9YjJhXfV2M1zTXOhuAnmQiStG0UNQgsF06XVia0Q133eJl4Na/F6r
NKZy274FMMqYpwyK7iid+i4HX4RfLkzOO+ATZtpn4ULUdGv2058DGw==
=VwSC
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
