Cryptography-Digest Digest #706, Volume #12 Mon, 18 Sep 00 07:13:00 EDT
Contents:
Re: Double Encryption Illegal? (Paul Schlyter)
Re: Police want help cracking code to find Enigma machine (Anders Thulin)
Re: SDMI Crypto Challenge (Scott Craver)
help hacking Crypt() (Peter Schlosser)
Re: SDMI Crypto Challenge (Matthias Bruestle)
Re: Intel's 1.13 MHZ chip ("Abyssmal_Unit_#3")
Re: More Bleh from a Blahish person. ;) (=?iso-8859-1?Q?H=E5vard?= Raddum)
Re: Tying Up Loose Ends - Correction (Mok-Kong Shen)
Re: question about delastelle cipher in Bauer's book (Mok-Kong Shen)
Re: Frequency Analysis Tables (Mok-Kong Shen)
Re: 20 suggestions for cryptographic algorithm designers (Runu Knips)
Memorizing the CRT (lcs Mixmaster Remailer)
Chosen and known attacks - are they possible ?? ("kihdip")
Re: Comments TC6a please (Runu Knips)
Re: Disappearing Email redux (David Rush)
New Cipher Machine Simulators (Frode Weierud)
Re: question about delastelle cipher in Bauer's book (John Savard)
Algebra, or are all block ciphers in trouble? (John Savard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: comp.databases.oracle
Subject: Re: Double Encryption Illegal?
Date: 18 Sep 2000 07:40:14 +0200
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
> In article <8q1tfb$bj1$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Paul
> Schlyter) wrote:
>
>> In article <[EMAIL PROTECTED]>,
>> wtshaw <[EMAIL PROTECTED]> wrote:
>>
>>> When a person uses 3-DES, they are single encrypting with 3-DES.
>>
>> FYI: 3-DES consists of three rounds of DES, using two or three
>> different keys.
>
> That is the definition of a newer algorithm than just plain DES. It
> is not DES.
Well, if you consider any combination of crypto algorithm as "one
single, newer, algorithm", then there is of course no such thing
as "double encryption" or "triple encryption": you've just defined
it as non-existent....
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: Police want help cracking code to find Enigma machine
Date: Mon, 18 Sep 2000 06:41:57 GMT
"root@localhost " wrote:
> Anders, Is the initial post with the message text still on the servers
> that you are getting your news from?
You'll find it in the www.deja.com/usenet sci.crypt achive as well.
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia Prosoft AB, Box 85, S-201 20 Malm�, Sweden
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI Crypto Challenge
Date: 18 Sep 2000 06:52:00 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
>[EMAIL PROTECTED] (Scott Craver) wrote:
>>
>> You can, of course, remove a mark, if you know where it is
>> and how it is embedded. Without that detail, it's not as
>> easy.
>
>If this black box mp3 codec knows where it is, then so will I. Nuff
>said.
I agree with your first sentence but not your second.
>Tom
-S
------------------------------
From: [EMAIL PROTECTED] (Peter Schlosser)
Subject: help hacking Crypt()
Reply-To: [EMAIL PROTECTED]
Date: Mon, 18 Sep 2000 07:33:02 GMT
I have a FTP deamon running on one of my servers, that I'd like to
configure user accounts for using Perl scripts. I have examined its
configuration files, and outlined the format the records must be in.
I have one issue that is left to be resolved, and that's the
encryption of the passowrds.
Repeated requests to the author for assistance have gone unanswered.
I suspect the method used is some kind of cipher. Using the user
interface of this FTP server, I can create accounts with known
passwords, and then look at the config files after the passwords have
been ciphered.
All I want to do is copy the method used, so I can set up these
accounts in a more automated way. Some examples of the password
encodings are:
password: "rb17nc01" -> "(v2V'*Tz)o"
password: "65nw52ts" -> "Gnjd^Hjg_w"
password: "35st05ge" -> "H3dtUMAm69"
Can anyone help?
I'm not trying to do anything unethical, am I?
===================<====================>===================
Peter Schlosser Peter at NoSpamoni.Signature.Net
"Jack of all trades, master of none."
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: SDMI Crypto Challenge
Date: Sun, 17 Sep 2000 22:56:14 GMT
Mahlzeit
Scott Craver ([EMAIL PROTECTED]) wrote:
> You can, of course, remove a mark, if you know where it is
> and how it is embedded. Without that detail, it's not as
> easy.
How much information do you get, when you have the chance to compare
the same song with 10 different water marks?
> They're starting to. Note that Microsoft now sells "medialess"
> OS licenses. Meaning, your computer comes with Win98 or Win2000,
> but no CDs for reinstallation.
This is not new, although the last medialess computers where because
the computer shops wanted to save money. They had a software installed,
which allowed you to make the medias yourself - maybe 20 or 40 floppies.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Ein Pnorkel, ein Huerfendrimp und ein neffiges Doemplein.
------------------------------
From: "Abyssmal_Unit_#3" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Mon, 18 Sep 2000 04:12:28 -0400
thanks for tip of History @ IEEE
yes, we had an early line printer that was a band or chain type. was quite rapid at
spewing paper and was dangerous to listen to
when the protective acoustic cover was removed for maintenance.
--
best regards,
hapticz
>X(sign here)____________________________________________<
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
|
|
|Abyssmal_Unit_#3 wrote:
|>
|> i thought the ibm 1620 with its banks of incandescent flashing bulbs along with the
|clatter of hundreds of relays was definitely
a
|> crowd pleaser. made all my friends think some powerful stuff was actually being
|done. actually the quantity of energy being
|> squandered to solve a petty equation ten million times over was really quite
|ridiculous as i think back.
|>
|> then there was the ibm 1130, much quieter and useful.
|>
|> but still those blasted card punch stations made a nice resounding commotion...
|>
|> and this was 1969/70 or so, i think....
|>
|> ahhhhhh, memory lane, such a gas!
|>
|> anybody want to collaborate on a book full of anecdotes about "old" computers??
|
|I had only worked with the 360 series of IBM (from model 20
|up to model 91), not with the two series you mentioned.
|There were for these no clatter of relays, as far as I can
|remember. The uncommon noise of the computer rooms I knew
|in the past stemmed from the printers and card punchers
|and sometimes the card sorting devices and big plotters.
|(There was at one time a printer for card decks that was
|very loud.)
|
|For your project, you may be interested to read the Journal
|of the History of Computing. I think it's from IEEE. If you
|couldn't locate it, send me an e-mail.
|
|M. K. Shen
------------------------------
From: =?iso-8859-1?Q?H=E5vard?= Raddum <[EMAIL PROTECTED]>
Subject: Re: More Bleh from a Blahish person. ;)
Date: Mon, 18 Sep 2000 10:59:05 +0200
Simon Johnson wrote:
> Okay, try again... its obvious u've missed the question i'm trying to
> ask (through my bad phrasing.)
>
> What i'm saying is this (not sure if this has been proven/disproven):
> Every mapping of n bits to n bits has a function that will describe it.
> Does this make any sense?
>
> So like: Say we wanted a 8x8 s-box. Instead of using a fixed table, we
> could use an maths function. let F(X) = X + 1 mod 256. We take x and
> compute F(X), F(X) then substitues x. If this doesn't make sense, i
> give up ;)
>
> Okay, now what i was trying to ask was this:
>
> Does a function exist that can describe every s-box? If so, then some
> of these functions must duplicate the *best* s-boxes one can produce.
It sounds like you are looking for an algebraic expression for the
function that an S-box is. Look at the n bits of input/output as elements
in GF(2^n). By using Lagrange interpolation for example, you can produce
a polynomial with degree at most 2^n-1 and coefficients in GF(2^n) that
gives a mapping identical to the S-box mapping. If this is your question,
then yes, every S-box, also the "good" ones can be described algebraically
>
>
> Say i found such a function in GF(2^32). I could then use this one
> function as my entire f-function, in a Feistel based cipher. Lets say i
> added the round key to the plain-text chunk being encrypted, mod
> (2^32). How many rounds would this require before the best linear and
> differential attack requires more known plain-text blocks than exist?
>
> I believe this is somewhat clearer. If my langauge is incorrect don't
> hesitate to point it out
>
> Thanxs,
> Simon Johnson.
>
> -------------------------
> 'Man is everywhere in chains'
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Date: Mon, 18 Sep 2000 11:34:17 +0200
John Savard wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >I don't think that it is worthwhile to worry about the
> >slight 'increase in redundancy'.
>
> My position is a bit different. I agree that it isn't so important as
> to be *the* _sine qua non_ of good cryptography.
>
> However, when known plaintext is not available, redundancy is what the
> cryptanalyst has to grab on to. So the payoff from a reduction in
> redundancy might be a significant reduction in the difficulty of the
> ciphers the cryptanalyst can solve.
The point is how much, i.e. in percentage, in reality.
As analogy, in most normal computations tweaking the
last digit of a seven digit number doesn't matter. Note
that, in both the static Huffman (without a pre-pass
to determine the real frequencies) and the adaptive
Huffman, the compression is in general not as good as
the case where one uses a pre-pass to find the actual
frequencies and then do the compression, i.e. we don't
do the 'optimal' compression.
It is in general important that the 'accuracies'
maintained in different parts of a computation (or
an experiment) be 'compatible'. I like to give in
this connection an interesting anecdote that I
personally experienced. In a hydrological study of
two basins, there were measurements of flow of the
river in one basin but not in the other. The ingenieur
wanted to estimate the non-existing data (the flow in
the other basin) on the assumption that the intensity
of rainfall on the two basins was the same. He thus
calculated a multiplication factor for use (which was
the ratio of the areas of the basins) to an accuracy
of five digits, while the flow data itself had an
accuracy of three digits only. Together with the
questionability of the validity of the multiplication
factor itself, you could easily see what that
'extremely' accurate result from the computation
actually meant. (The basins were neighbours, so the
assumption of same intensity of rainfall wasn't in
fact too bad, but a very rough one nonetheless.)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: question about delastelle cipher in Bauer's book
Date: Mon, 18 Sep 2000 11:34:11 +0200
John Savard wrote:
>
[snip]
> The missing point is that it IS true that any digraphic cipher can be
> thought of as a cipher with 26 homophones for the first letter, and
> with 26 homophones for the second.
>
> But in the former case, one has the same cipher with 26 homophones for
> every letter - most importantly, for _consecutive_ letters. In the
> "true" digraphic case, two _different_ homophonic ciphers alternate.
Would it be a good idea to apply the two methods in
succession? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Frequency Analysis Tables
Date: Mon, 18 Sep 2000 11:43:07 +0200
SafeMode wrote:
>
> Does anybody now of a website with "Frequency Anaylysis" tables for most of
> the common Greek Alphabet derivation languages??
>
> And does anybody know of an application that can do the Frequency analysis
> for me, so that I can stop going crossed eyed trying to count pages and
> pages of letters?
The are such tables in some crypto textbooks, e.g. the
one by Gaines. These were obtained from some texts
assumed to be representative and may deviate from the
average case of your application. It is not difficult
to write a program to determine the frequencies of a
given text.
M. K. Shen
------------------------------
Date: Mon, 18 Sep 2000 11:37:04 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: 20 suggestions for cryptographic algorithm designers
David Hopwood wrote:
> Runu Knips wrote:
> > David Hopwood wrote:
> > > [big endian is better]
> That isn't what I said.
I'm sorry.
> > Of course it would be better if all architectures would use
> > the same ordering, no matter if big or little.
>
> Which order is used by processor architectures is irrelevant
> (as has already been pointed out, most new architectures have
> equal support for both, although that may be constrained by the
> operating system). I'm talking about the byte order used in
> protocol and algorithm designs.
Okay.
> > But finally it doesn't matter, it is just a matter of taste.
>
> If that point of view were followed, we would have roughly half of all
> new protocol and algorithm designs big-endian, and half little-endian.
> That situation is far from optimal.
Okay, in that case I would recommend, just like you, using network
format (which is two-complementary and big endian), because its
more readable in binary char-by-char dumps, and there are already
standard inet functions to handle it in C (ntohs, ntohl, htons,
htonl).
However, there is no way to force people to do so. I think there
is no way to force people to do so.
Btw, it would be good if there would be also functions for 64 bit
integers (ntohll, htonll) and floating point numbers (ntohf, ntohd,
htonf, htond).
------------------------------
Date: 18 Sep 2000 10:00:14 -0000
From: lcs Mixmaster Remailer <[EMAIL PROTECTED]>
Subject: Memorizing the CRT
The Chinese Remainder Theorem formula for two values is easy to
reconstruct if you just think it through step by step.
You have two primes, p and q. You want a value which equals "a" mod p and
"b" mod q. You also have p_inv mod q, that is, p * p_inv = 1 mod q.
Start off with "a", the value you want mod p. You can add any multiple
of p to this and it won't change the mod p value:
a + p * ...
Now look at things mod q. You can multiple p * p_inv to get a simple
value mod q. We have,
a + p * p_inv * ...
which, mod q, is
a + 1 * ...
and to make this be "b", we obviously must fill in (b-a) mod q:
a + p * p_inv * (b-a)
That's it. Mod p this is obviously "a", and mod q this is obviously "b".
Think of it like this and it'll save you the trouble of looking it up
in a book next time you have to implement RSA.
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Chosen and known attacks - are they possible ??
Date: Mon, 18 Sep 2000 12:19:46 +0200
In 'Communications Security for the Twenty-first Century: The Advanced
Encryption Standard' Susan Landau explains different attack models.
<http://www.ams.org/notices/200004/fea-landau.pdf>
The models are frequently used to describe an attack form:
- Ciphertext only
- Known plaintext
- Chosen plaintext
- Chosen ciphertext
Forgive my ignorance, but are the known and chosen attacks only teoretical
?? If not: How would an attacker get a chosen plaintext encrypted ??
(His goal is to find the key, so obviously he cannot encrypt the plaintext
himself)
Kim
------------------------------
Date: Mon, 18 Sep 2000 12:20:59 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Comments TC6a please
Tom St Denis wrote:
> In article <[EMAIL PROTECTED]>, Runu Knips <[EMAIL PROTECTED]> wrote:
> > Tom St Denis wrote:
> > > The source is on my webpage at http://geocities.com/tomstdenis/
> > Hey, Tom, this sounds quite cool and interesting :)
> Good comments (thanks for replying) any technical/mathy comments?
Hehe, whats its endian ? ;-)
Yepyep I know your endian :-)) (little for x86)
Btw, I implemented Blowfish this WE and was a little surprised
that Blowfish is big endian in the gnupg source. Both the
(written) Blowfish implementation in Bruce Schneiers Applied
Crypto and your CryptoBag lacked any specification. They just
take some pointer to 'long', tzk. And the OpenSSL source ...
AAAAARG ! Some people have horrible programming style. Well
but its also big endian :)
No, I still don't understand enough of GF to comment on the
key schedule itself. The rest looks like Blowfish without
the pbox and with only 8 rounds (instead of 16 in Blowfish)
- but with 8 different sbox sets, should be extremely secure
if the key schedule is okay.
Your cipher seems to be a typical case for the size-speed
tradeoff. Give it enough memory and it can be very fast -
just like in Blowfish.
Cool thing :-)
------------------------------
From: David Rush <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy,uk.legal
Subject: Re: Disappearing Email redux
Date: 18 Sep 2000 11:33:27 +0100
Tommy the Terrorist <[EMAIL PROTECTED]> writes:
> In other words, when an NSA listening post or CIA tap on the Internet
> (such as the one across the street from the AOL Reston facility that all
> AOL traffic passes through)
Do you have evidence of this, or are you just speaking from a healthy
sense of paranoia about a 'media' provider which believes that
centralized servers provide the best 'internet' service?
I am a more than slightly interested party, but can't say more in an
open forum.
david rush
=====BEGIN GEEK CODE BLOCK=====
Version 3.12
GCS d? s-: a C++$ ULSAH+++$ P+(---) L++ E+++ W+(--) N++ K w(---) O++@
PS+++(--) PE(++) Y+ PGP !tv b+++ DI++ D+(--) e*(+++>+++) h---- r+++
z++++
=====END GEEK CODE BLOCK=====
------------------------------
From: [EMAIL PROTECTED] (Frode Weierud)
Subject: New Cipher Machine Simulators
Date: 18 Sep 2000 10:29:44 GMT
Reply-To: [EMAIL PROTECTED]
The Cipher Simulation Group (CSG) has just released another two
cipher machine simulators for Windows 3.1/95/98/NT4/2000. They are
the American machine SIGABA (ECM Mark II) and the pocket machine
CD57 made by Hagelin Cryptos.
These simulators, as well as others (Service Enigma, Railway Enigma,
Naval Enigma M3, the Swiss NEMA, Siemens Geheimschreiber T52d), are
available from my Crypto Web Page at:
http://frode.home.cern.ch/~frode/crypto/index.html
or directly from the CSG Simulator Web pages at:
http://frode.home.cern.ch/~frode/crypto/simula/index.html or
http://www.blueangel.demon.co.uk/crypto/index.html
There are also other interesting links that have been added to
my Crypto Web page in the last few days:
Tony Sale's Web Page "Codes and Ciphers in the Second World War"
and direct links to his explanation of the Enigma machine and his
virtual tour of Bletchley Park.
Please enjoy.
Frode
--
Frode Weierud Phone : +41 22 7674794
CERN, SL, CH-1211 Geneva 23, Fax : +41 22 7679185
Switzerland E-mail : [EMAIL PROTECTED]
WWW : home.cern.ch/frode/
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: question about delastelle cipher in Bauer's book
Date: Mon, 18 Sep 2000 10:14:07 GMT
On Mon, 18 Sep 2000 11:34:11 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>Would it be a good idea to apply the two methods in
>succession? Thanks.
With two different squares, it would work.
Basically, the objection rested on the fact that contact frequencies
are needed to solve a homophonic cipher, so the case that makes them
available is weaker than the one which does not.
So if one did a transposition first, and then used the 'bad' method,
that also would be passable.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Algebra, or are all block ciphers in trouble?
Date: Mon, 18 Sep 2000 10:20:41 GMT
Well, I've added a new page to my site:
http://home.ecn.ab.ca/~jsavard/co041206.htm
in which I try to generalize from the fact that, given an invertible
f-function, it is trivial to solve for the subkeys from known
plaintext for a two-round Feistel cipher, to solving a four-round one
with two known plaintexts, an eight-round one with four known
plaintexts, and so on.
I don't get very far: for four rounds, I get to:
T2 = C2 XOR f( T1 XOR c1 XOR f( c2 XOR C2 XOR F( C1 XOR T1 ) ) XOR
F( c2 XOR p2 XOR f( p1 XOR P1 XOR F( T2 XOR P2 ) ) ) )
T1 = P1 XOR f( T2 XOR p2 XOR f( p1 XOR P1 XOR F( T2 XOR P2 ) ) XOR
F( c1 XOR f( c2 XOR C2 XOR F( C1 XOR T1 ) ) XOR p1 ) )
where p and P are the two plaintexts (p1 and p2 are the left and right
halves), c and C the two ciphertexts, and T is the intermediate result
after two rounds for the second plaintext/ciphertext set.
F is the inverse of the f-function.
So I did eliminate the subkeys and the intermediate result for the
first known plaintext from the equations, and obtaining T would let me
substitute in and get the subkeys trivially.
But as long as f(x) is nonlinear, it appears that one cannot go
further, and that Feistel-round block ciphers are safe.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
