Cryptography-Digest Digest #797, Volume #12 Fri, 29 Sep 00 13:13:01 EDT
Contents:
Re: Deadline for AES... (John Savard)
Re: Josh MacDonald's library for adaptive Huffman encoding (SCOTT19U.ZIP_GUY)
Re: Which is better? CRC or Hash? (John Myre)
Re: Chaos theory (Jim Gillogly)
Re: Chaos theory (John Myre)
Re: Adobe Acrobat -- How Secure? (John Myre)
Re: Deadline for AES... (John Myre)
Re: Which is better? CRC or Hash? (SCOTT19U.ZIP_GUY)
Re: Deadline for AES... (John Myre)
Re: CPU's aimed at cryptography (JCA)
Re: Which is better? CRC or Hash? (Paul Schlyter)
Re: CPU's aimed at cryptography (Paul Schlyter)
Re: Which is better? CRC or Hash? (Dido Sevilla)
Re: Software patents are evil. ("Paul Pires")
Re: Deadline for AES... (Jim Gillogly)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 13:03:26 GMT
On Fri, 29 Sep 2000 10:35:30 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>John Savard wrote:
>> The text quoted: "the standard is ready for public comment" does make
>> it possible the announcement will take place there, since that implies
>> it won't have been released by that date.
>I guess that there is a mistake in the quote above. Only
>a draft standard has a public comment period, as far as
>I know.
I interpret that to mean that the standard will be a draft standard
only at that time.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: comp.compression,comp.theory
Subject: Re: Josh MacDonald's library for adaptive Huffman encoding
Date: 29 Sep 2000 13:16:03 GMT
[EMAIL PROTECTED] (Mok-Kong Shen) wrote in <39D44654.73C6246D@t-
online.de>:
>But you could at least publish it in a cs or crypto
>scientific journal, since it would be a significant
>contribution. But perhaps I could conjecture what
>would be your answer: These journals have editors
>that are all against a real scientist like you.
>
I think most publishing is for a more or less closed
group of people. I have had some of my work published by
others when I worked for the government I expect nothing
different know that I am retired. If you wish to publish
it fell free to do so.
But in compression since most ways to exaime it are
open my feelings are that that is what most real
scientists end up doing. But a recent published article
that slipped by called on so called adaptive huffman
compression was really on standard static compression.
However in encryption governments are so involved in
keeping it a secret black art that most published work
should be viewed with caution. I guess it a matter of faith
do you really belive the US government would actively
incourage an encyption that its own NSA could not break.
Actually I did publish something in EDN if you call it
publishing. A guy talked me into submitting an article for
the DESIGN AWARDS I did after I saw a poor one win. Mine
won the voters choice for that issue. But even then I saw
subsets of it come out later as if it was something new.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Which is better? CRC or Hash?
Date: Fri, 29 Sep 2000 07:22:28 -0600
Tiemo Ehlers wrote:
>
> I want to be able to notice any changes, no matter if done by evil forces or
> just by coincidence.
<snip>
>
> But CRC is easier to computer. How likely is it to generate a file with a
> different content and the same CRC value as before?
> I don't have a clue. How can I find out?
<snip>
If the CRC polynomial is known (i.e., not a secret key), then
it is quite easy for an evil force to generate a file with a
different content and the same CRC value as before.
The evil force doesn't do it by guessing or by trial. Instead,
he just computes what needs to be done, knowing the mathematics
of how CRC's work - and the computation is fast.
JM
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 14:01:33 +0000
Tim Tyler wrote:
>
> Jim Gillogly <[EMAIL PROTECTED]> wrote:
> : http://mathworld.wolfram.com/Chaos.html
> :
> : A dynamical system is chaotic if it
> : 1. Has a dense collection of points with periodic orbits,
> : 2. Is sensitive to the initial condition of the system [...]
> : 3. Is topologically transitive.
> : Criterion 1 above is the property I was referring to that allowed
> : me to break a "chaotic" cryptosystem posted to sci.crypt and another
> : that wasn't.
>
> FWIW, the FAQ rejects this as a defining criterion. Unless I'm mistaken,
> all points in (say) a block cypher will have periodic orbits /anyway/, so
> you'd have to explain the relevance of this property to cryptography
> further before I can see what you're talking about.
I'm not trying to make general statements about the relevance of this
property to cryptography, but I've been pointing out that I have used
this property to break cryptosystems claimed to be based on chaos. As
it happens, I was just now able to dredge up the exchange I'm referring
to, which took place here in 1991 -- it seems to have fallen off of
DejaNews. The first message is from Chris Raile, who later did work
in wavelet compression, and who proposed a crypto algorithm based on
the logistic function:
============================= msg 1 =======================================
From: [EMAIL PROTECTED] (Otter)
Newsgroups: sci.crypt
Subject: Cryption system based on chaos mathmatics
Date: 19 Mar 91 05:47:03 GMT
Organization: University of Kansas Academic Computing Services
Here is a simple (can you tell I just learned 'C') en/decryption algorithm
based on the mathematics of chaos. It uses the magic number of the 'strange
attractor' to produce the 'random' cipher characters for the data to be
XOR'd with. It is written for Turbo C. Feedback is encouraged.
/* crypt.c */
/* CHAOS encryption/decryption routine */
/*-------------------------------------*/
/* Written by Chris Raile 1989 */
/* [EMAIL PROTECTED] */
/* [EMAIL PROTECTED] */
/*-------------------------------------*/
/* Implementation: */
/* */
/* 'in' File to be en/decrypted */
/* 'out' Resulting en/decrypted file */
#include "stdio.h"
main()
{
FILE *fptrin;
FILE *fptrout;
int i, ch;
double r = 3.56994571869;
double j, x=.31379412; /* <-- change numbers after 1st '3' */
fptrin = fopen("in","rb"); /* to alter encryption scheme (key) */
fptrout = fopen("out","wb");
while ( (ch=getc(fptrin)) != EOF)
{
x=(r*x)*(1-x);
j=x*100;
i=(int)j;
ch=i^ch;
putc(ch,fptrout);
}
fclose(fptrin);
fclose(fptrout);
}
====================== msg 2, same day =========================
From: [EMAIL PROTECTED] (Jim Gillogly)
Newsgroups: sci.crypt
Subject: Re: Cryption system based on chaos mathmatics
Summary: No good
Keywords: chaos, index of coincidence
Date: 19 Mar 91 17:28:39 GMT
Organization: Banzai Institute
Chris Raile suggests an encryption routine based on the logistic function.
I won't state categorically that chaos isn't useful in cryptography, but
this particular routine isn't cryptographically effective.
================= <snippage> ====================================
The program below tests about 1000 key values in the given
range (.3 to .4) and looks at the result.
Here's a sample crypto file (hex dump from "od"):
0000000 0751 2746 3102 245d 3b49 2010 2c51 7043
0000020 3044 2711 2b43 3e5c 384b 7441 2c4f 3353
0000040 2a04 3557 3747 2259 234a 2143 7951 3858
0000060 2d49 3711 374d 2418 3543 744c 314d 2253
0000100 3604 3346 7950 3156 334a 3e01 5300
The analysis program is mildly instructive -- if you haven't used the
Index of Coincidence to test for a successful decryption, you should.
The I.C. for English is around 0.066, so the program prints out all the
results it finds above .06 for our amusement. Here's the result:
Key 0.3136: (IC 0.061)
Knuuh tells us that random number generatoul shoumd#not be chosen at randoj.
Key 0.3137: (IC 0.066)
Knuth tells us that random number generatoul shoumd not be chosen at random1
Key 0.3138: (IC 0.066)
Knuth tells us that random number generators should not be chosen at randoj.
Key 0.3139: (IC 0.062)
Knuth tellt?us th`t random number generators should not be chosen at randoj.
Key 0.3169: (IC 0.061)
Jotwh tellt?us th`t random number generators should not be chosen at randoj.
Key 0.3170: (IC 0.061)
Jotwh tellt?us th`t random number generators should not be chosen at randoj.
Key 0.3171: (IC 0.065)
Jotwh tells us that random number generatorl should not be chosen at random1
Key 0.3172: (IC 0.061)
Jotwh tells us that random number generatoul shoumd#not be chosen at random1
None of these is perfect, but it certainly tells us where to try refining
our key. It's interesting that the decryptions get back on track after
initial derailments in some case... no butterfly effect here.
Jim Gillogly
Banzai Institute
=========================== <decryption program snipped> =======================
Back to the present. What I've been saying is that even without guessing
the correct key we can see significant pieces of plaintext, because the
orbits come close to each other. Even in areas where the key is quite wrong
we can see recognizable plaintext, and by stitching together the different
pieces of plaintext we can get the whole message without needing to recover
the actual initial state or key. I don't now insist on my "no butterfly
effect here" remark -- small changes in the initial conditions of the logistic
function can indeed lead to large divergences. However, they can diverge in
statistically tractable ways, as in this case.
--
Jim Gillogly
Sterday, 8 Winterfilth S.R. 2000, 13:42
12.19.7.10.12, 8 Eb 15 Chen, Fifth Lord of Night
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Fri, 29 Sep 2000 07:58:56 -0600
"Douglas A. Gwyn" wrote:
>
> John Myre wrote:
> > And too, the only way to "not have any cycles" would
> > be to have an unbounded state.
>
> I guess technically to represent each of an infinite number
> of values requires an infinite state register, but in
> practice it needs only be big enough to allow the machine
> to run for its design lifetime. That might be only a couple
> of hundred bits.
Well, I guess I was being obnoxious. Sorry.
(The quoted material seemed to indicate that "sufficient
hashing" had something to do with lack of cycles. Whereas
I think now zapzing's real point was that a physical RNG
could be truly non-cyclic (because of chaotic behavior).
And I agree that the main point is that having no cycles
is not enough.)
JM
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Adobe Acrobat -- How Secure?
Date: Fri, 29 Sep 2000 08:15:07 -0600
"David C. Barber" wrote:
<snip>
> I always knew someone could retype the text and screen capture the
> pictures, but my thinking is most people would find that not worth
> the effort,
<snip>
Of course it depends on particulars. A case you always have to
consider is the person does go the extra mile, and then distributes
the results. It only takes one.
Also important is to know the "real" requirements. Do you recall
the running battle between game program publishers and hackers?
At first, it seems the publishers want to prevent hacking. But
in fact, the real requirement is just to make profits; whereby
all that was necessary was to slow down hacking "enough". Other
strategies (e.g., convincing the prospective customers that
piracy is evil) are theoretically possible. In the end, it's
"whatever works".
JM
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 08:17:49 -0600
"SCOTT19U.ZIP_GUY" wrote:
<snip>
> Maybe Halloween would be a good time to pick one.
<snip>
ROTFL.
JM
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Which is better? CRC or Hash?
Date: 29 Sep 2000 14:15:16 GMT
[EMAIL PROTECTED] (John Myre) wrote in <[EMAIL PROTECTED]>:
>Tiemo Ehlers wrote:
>>
>> I want to be able to notice any changes, no matter if done by evil
>> forces or just by coincidence.
><snip>
>>
You could just make a backup copy somewhere and then
do a compare from time to time to see if it has changed.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 08:23:04 -0600
John Savard wrote:
<snip>
> I interpret that to mean that the standard will be a draft standard
> only at that time.
<snip>
A reasonable interpretation, since NIST has always said that
AES will be a draft standard first. As they do for all of
their standards. (I await a nitpicker to find an exception.)
JM
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: CPU's aimed at cryptography
Date: Fri, 29 Sep 2000 07:35:27 -0700
If we are talking 1024-bit RSA moduli, 32 ms for the signature
time is very unimpressive. Similar or better speeds are already
achieved in software on a medium range PA-RISC box, and much
faster performance on a 500 MHz IA64 box.
kihdip wrote:
> CPU especially designed for cryptography are available.
> This is probably old news, but here are the links:
>
> Motorola's CPU, MPC180 at:
> http://mot-sps.com/news_center/press_releases/PR000926A.html
> Analog Device's CPU, ADSP-2141 at:
> http://products.analog.com/products/info.asp?product=ADSP-2141L
>
> Kim
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Which is better? CRC or Hash?
Date: 29 Sep 2000 16:45:52 +0200
In article <[EMAIL PROTECTED]>,
Tiemo Ehlers <[EMAIL PROTECTED]> wrote:
> But CRC is easier to computer. How likely is it to generate a file with a
> different content and the same CRC value as before?
> I don't have a clue. How can I find out?
If you use an n-bit CRC; the probability will be 2^(-n) that another
file will have the same CRC by chance.
If you OTOH encounter someone who deliberately tries to create a
different file with the same CRC; the probability is near 100% that
he'll succeed, since it's easy to create a file with a CRC of your
choice.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: CPU's aimed at cryptography
Date: 29 Sep 2000 16:46:15 +0200
In article <8r1ru9$c18$[EMAIL PROTECTED]>,
kihdip <[EMAIL PROTECTED]> wrote:
> CPU especially designed for cryptography are available.
> This is probably old news, but here are the links:
>
> Motorola's CPU, MPC180 at:
> http://mot-sps.com/news_center/press_releases/PR000926A.html
Yep -- that news was a full 2 days old.
You shouldn't post outdated info like that!!! :-))))))))))))))
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: Which is better? CRC or Hash?
Date: Sat, 30 Sep 2000 00:26:05 +0800
Tiemo Ehlers wrote:
>
> I want to be able to notice any changes, no matter if done by evil forces or
> just by coincidence.
> And it should be infeasable to generate a file with a different content but
> the same digest number.
> I think real one way hash functions would do that job.
>
> But CRC is easier to computer. How likely is it to generate a file with a
> different content and the same CRC value as before?
> I don't have a clue. How can I find out?
>
It's fairly easy. CRC's are designed to defend against non-malicious
threats to data integrity, such as flaky hardware and line noise. A
good choice of polynomial will protect against single bit errors, burst
errors, and other sorts of modifications that are caused by coincidence
or happenstance, but if the polynomial is not kept secret, it's not that
difficult for enemy action to produce modifications in the file that
don't affect the digest.
On the other hand, a cryptographic hash is designed specifically to
thwart enemy action in that regard. If that's what you're after, then
that's what you should be going for, definitely. And if you're not
doing the digest computation on a cheap microcontroller with limited
processing power, then this is definitely the way to go.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Fri, 29 Sep 2000 09:44:39 -0700
Dann Corbit <[EMAIL PROTECTED]> wrote in message
news:yqSy5.108$Lf5.1216@client...
> "Jerry Coffin" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > In article <kQ8y5.67$bx3.1112@client>, [EMAIL PROTECTED]
> > says...
> >
> > [ ... ]
> >
> > > And yet it is the huge conglomerates like IBM and AT&T that own almost
> all
> > > of the software patents.
> >
> > Likewise with hardware patents. What of it? Would it surprise you
> > if GM had more patents on automotive technology than you or I do?
> > Software is no different from anything else in this respect.
> >
> > Also keep in mind that every time IBM, AT&T, Lucent, etc., writes a
> > patent (on hardware, software or whatever) they're voluntarily giving
> > that technology to ALL of us as soon as the patent expires.
>
> 17 years later. By that time, a new and superior algorithm will be
> patented, starting the circle over again. Oh joy.
>
> > > Really small operators cannot afford the legal
> > > battles that can ensue.
> >
> > Nonsense. If you've got good patents on useful technology, you'll be
> > able to take your choice of firms with REALLY deep pockets to help
> > you enforce them.
>
> This is pretty funny. Name ONE time that this has EVER happened. They
> might buy a patent from you, but they won't help you enforce a patent they
> don't own.
You are projecting your own distaste onto the motives of others.
Many business have no problem with the idea of Payment for
Value Recieved. It's kind of normal to them. EVERY technology
licence I have granted for my stuff (all three) has the licencee
responsible for all enforcement. Think about it for a moment from
a practical side, not an emotional side. If they truely want the
licence, they do not want others violating it. They typically
insist on running (and therefore paying for) the enforcement
issue.
Generally they must raise many millions of dollars to tool up
and penetrate the market. They don't want some vulture to
swoop in when the cash flow starts and suck it up.
You seem to think that a licencese is resentfull. That doesn't
start until they have made out a few checks. Until then
they are tickled pink. Human nature.
Paul
>
> > There are a fair number of quite large companies
> > that do NOTHING but help their clients enforce patents. For one
> > example, the Mahr-Leonard Management Company has made a huge amount
> > on patent licensing. Contrary to some statements in this thread
> > though, the owners of the patents really DO make money on them -- it
> > doesn't all go to the attorneys or anywhere close to it.
>
> I would be interested in seeing some figures for small-time people or
> start-up companies to see how this really works out for "the little guy."
>
> > > On the other hand, it might go unchallenged -- even
> > > at that, they are sitting on top of a huge money pit if it does get
> > > challenged. But (for the most part) it is the mega-mega huge players
> that
> > > benefit. They already have multiple millions of dollars in their legal
> > > budget so that they can afford software patents.
> >
> > Quite the opposite: patents are the majority of what lets little
> > companies compete with the huge ones. Of course, anymore many of the
> > little companies don't really WANT to compete: they want to start up,
> > create some new technology (patent it, of course) and get bought out
> > by a big company. Without patents, that wouldn't happen though: the
> > little company might start up and create some great new technology,
> > but without something to give them ownership of it, the big company
> > wouldn't bother buying out the small one -- they'd just take the
> > technology and use it for free instead.
>
> In my experience working as a subcontractor and as an employee, the firms I
> have worked for have never bothered to try and patent anything.
>
> I will admit that there have been compelling arguments that I had not
> thought of to support patents. I still think they are evil, and here's why:
>
> "Back in the day" (I've been a programmer a long time) people used to invent
> algorithms and just publish them in the ACM. No patent, no secrecy, no
> nothing. "Lookie! A new algorithm! Here is the explanation. Have fun."
> Now, back in those days, algorithms exploded like a bomb blast going off.
>
> With the heavy advent of patents (and even copyrights for that matter) that
> has really simmered down.
>
> How many interesting and new algorithms have been invented outside of
> academia in the 30 years since Knuth's TAOCP?
>
> Very, very few. Or maybe it is just as many as always, but the new
> algorithms are hidden in the bushes.
>
> To me, I see exponential drop-off of sharing algorithms. With the advent of
> instantaneous world-wide communication via the internet and all the recent
> advances, it should be just the opposite.
>
> Are you really sure that patents and trade secrets are not to blame?
> --
> C-FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> "The C-FAQ Book" ISBN 0-201-84519-9
> C.A.P. Newsgroup http://www.dejanews.com/~c_a_p
> C.A.P. FAQ: ftp://38.168.214.175/pub/Chess%20Analysis%20Project%20FAQ.htm
>
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Fri, 29 Sep 2000 17:03:08 +0000
Tim Tyler wrote:
> No official announcement of the date has been posted yet on
> http://csrc.nist.gov/encryption/aes/
The new notice just went up at this site: announcement to be made
2 Oct with simultaneous webcast. They (explicitly) won't say yet
how many algorithms have been chosen as the AES. There's no mention
of new versions of SHA-* with appropriately longer hashes.
--
Jim Gillogly
Sterday, 8 Winterfilth S.R. 2000, 17:00
12.19.7.10.12, 8 Eb 15 Chen, Fifth Lord of Night
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
