Cryptography-Digest Digest #807, Volume #12 Sun, 1 Oct 00 19:13:01 EDT
Contents:
How Colossus helped crack Hitler's codes (Helger Lipmaa)
Re: Chaos theory ("CMan")
Re: Chaos theory ("CMan")
Re: Question on biases in random-numbers & decompression (Mok-Kong Shen)
Re: Question about encryption. (Tom St Denis)
Re: Why is TwoFish better than Blowfish? (Anonymous)
Re: Adobe Acrobat -- How Secure? (Tom St Denis)
Re: Which is better? CRC or Hash? (Tom St Denis)
Re: Adobe Acrobat -- How Secure? ("Douglas A. Gwyn")
Re: Question about encryption. (Paul Rubin)
Shareware Protection Schemes ("musashi_x")
Slow but unbreakable? (Simon Johnson)
Re: Shareware Protection Schemes (Ichinin)
Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins .... check
out the developers .... they just want to violate people's freedom of speech rights
... (John Savard)
Re: How Colossus helped crack Hitler's codes (John Savard)
Re: Adobe Acrobat -- How Secure? (Tom St Denis)
Re: Slow but unbreakable? (Tom St Denis)
Re: Deadline for AES... ("Paulo S. L. M. Barreto")
Re: Deadline for AES... ("Paulo S. L. M. Barreto")
----------------------------------------------------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: How Colossus helped crack Hitler's codes
Date: Sun, 01 Oct 2000 22:14:34 +0300
Quite interesting report at
http://www.telegraph.co.uk/et?ac=003549412141223&rtmo=wAfMMQKb&atmo=gggggg3K&pg=/et/00/9/30/ncol30.html
---
THE full story of how Hitler's secret codes were
cracked by a rudimentary
computer was told officially for the first time
yesterday.
The Government Communications Headquarters at
Cheltenham declassified a
two-volume technical report on Colossus, the
forerunner of the post-war digital
computer that saw the first practical use of
large-scale program-controlled
computing. Released through the Public Record
Office, the 500-page report
features photographs, specifications and detailed
notes about Colossus and other
code-breaking devices.
The report also contains the blueprint of Colossus
2, an upgraded "production
model". This began operation on June 1, 1944, in
time to decipher messages
confirming that Hitler had swallowed the Allies'
deception campaigns, giving them
the confidence to go ahead with the invasion of
Europe.
More Colossi followed at the rate of about one a
month and by the end of the war
there were 10 at Bletchley Park, the secret
codebreaking establishment in
Buckinghamshire.
[...]
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Sun, 1 Oct 2000 11:03:44 -0700
What is INTERESTING is a subjective and relative term so filled with value
judgment as to be meaningless in this context.
Perhaps you should take a lesson from the poetry of Gerard Manely Hopkins
who notes in his work "Binsey Poplars" some things having to do with chaos:
MY aspens dear, whose airy cages quelled,
Quelled or quenched in leaves the leaping sun,
All felled, felled, are all felled;
Of a fresh and following folded rank
Not spared, not one
That dandled a sandalled
Shadow that swam or sank
On meadow and river and wind-wandering weed-winding bank.
etc...
Surely Spock, upon first hearing about Chaos theory as a student in a Vulcan
kindergarten would have raised one eyebrow and uttered the word
"interesting."
An example of a well known interesting fact is that the teaching of Chaos
theory in the classroom is not allowed in Kansas.
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Jim Gillogly <[EMAIL PROTECTED]> wrote:
>
> :> : In mathematics, however, chaos lies on the boundary between
> :> : order and disorder, and is a study of systems that have behavior
> :> : that's largely predictable statistically...
> :>
> :> Not necessarily correct - chaotic systems can be highly disordered.
>
> : Gillogly was closer to the mark.
>
> Except for the fact that he stated that "chaos lies on the boundary
> between order and disorder" - which isn't right at all - while my
> statement was correct.
>
> : Random chaotic systems are relatively uninteresting,
> : and would not be usable to construct cryptosystems in the
> : sense envisioned by people who ask the original question.
>
> I /assumed/ they were talking about what they said: chaotic systems.
>
> : What they have in mind are iterated functions [...]
>
> A tiny subset of chaotic systems, which were never mentioned.
> --
> __________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
> |im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: Chaos theory
Date: Sun, 1 Oct 2000 11:23:12 -0700
The behavior of analog systems from the standpoint of Chaos theory is rich
and beautiful (some would even say interesting or even fascinating). I
recommend every person who engages in electronic circuit design as a
vocation investigate Chaos theory.
On of the unexpected properties of certain analog systems is that they may
interact with highly regular and predictable periodic signals in very
unpredictable ways.
If you want to learn about Chaos and randomness, I suggest you engage in the
fine art of precision oscillator design. You will discover something
interesting, I assure you.
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> zapzing wrote:
> > Yes well I was sort of making the
> > unstated assumption that the chaotic
> > system would be implemented in analog
> > not in digital. Implementing a chaotic
> > system in digital *would* be a bad way
> > of making a PRNG, I admit.
> > You would then digitize the analog
> > signal and hash that down. Sorry for
> > the confusion.
>
> You'd be even sorrier if you tried to implement
> that idea and carefully measured the result.
> Analog systems are easily perturbed by the
> environment, so for example it could synchronize
> with an ambient signal from some other source,
> e.g. 60-Hz hum.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Question on biases in random-numbers & decompression
Date: Sun, 01 Oct 2000 20:47:05 +0200
Benjamin Goldberg wrote:
>
[snip]
> 2) If all the previous values of the base-3 stream are known, there
> should be no better than 1/3 probability of guessing the next symbol,
> even if the underlying base-2 generator (but not the generator's state)
> are known.
The problem is, I guess, that this requirement could
hardly be 'exactly' achieved, i.e. only approximately.
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Question about encryption.
Date: Sun, 01 Oct 2000 19:03:44 GMT
In article <[EMAIL PROTECTED]>,
Serge Paccalin <[EMAIL PROTECTED]> wrote:
> On/le Sun, 01 Oct 2000 12:06:12 GMT,
> Melinda Harris <[EMAIL PROTECTED]>
> wrote in/a �crit dans sci.crypt...
>
> > We are still trying to find out who is responsible for ANEC
encryption. Any
> > one out there have a clue?.
> >
>
> According to:
> http://www.metrowestnews.com/guestbooks/north.html
>
> Mon Aug 7 12:21:28 2000
>
> David Matthias Schiesl ([EMAIL PROTECTED])
> "I am a freelance cryptographer, inventor of the strong
> encryption program called ANEC. Looking for book,journals
> and magazine on the subject of cryptograhy."
>
> Melinda, do you think you can find that asshole now? I guess
> you can work out the typo in "his" email address...
"strong encryption program called ANEC" what exactly is ANEC anyways?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 1 Oct 2000 21:12:00 +0200
From: Anonymous <[EMAIL PROTECTED]>
Subject: Re: Why is TwoFish better than Blowfish?
On Thu Sep 28 12:58:17 PDT 2000 "Joseph Ashwood" <[EMAIL PROTECTED]> wrote:
><most of excellent post snipped>
>
>Blowfish: should be used where speed is an issue, where the security limits
>must exceed 2^64, there will never be more than 2^40 unique blocks encrypted
>with the same key
>
Where does this 2^40 block limit for blowfish come from?
Can you post a pointer?
Thanks
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Adobe Acrobat -- How Secure?
Date: Sun, 01 Oct 2000 19:08:38 GMT
In article <8qu5tu$gkq$[EMAIL PROTECTED]>,
"David C. Barber" <[EMAIL PROTECTED]> wrote:
> I am looking to distribute some documents I don't want the user to be
able
> to alter or print. Acrobat was suggested, but IIRC, wasn't the
Steven King
> story distributed through Acrobat, and it was broken quickly just by
loading
> it into the full fledged Acrobat program?
>
> *David Barber*
>
>
When are people going to realize that crypto is NOT FOR PREVENTING
ALTERATIONS ON PLAINTEXT!. If you decrypt something I send you (say
via PGP) there is NO WAY I can stop you from editting it.
Crypto is designed to prevent this situtations... I am A and the person
I am talking to is B we have... A----->C----->B where C is a person in
the middle eavesdropping. Crypto is designed to prevent C from
learning the plaintext and to notify B if it's been altered without
permission.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Which is better? CRC or Hash?
Date: Sun, 01 Oct 2000 19:06:12 GMT
In article <[EMAIL PROTECTED]>,
Tiemo Ehlers <[EMAIL PROTECTED]> wrote:
> I want to find out if a data file (size: about half meg) has been
> changed.
> I can get a digest number with a hash function (RIPEMD or SHA) 160 bit
> wide or so.
> I can also use a CRC, 32, 64 or higher to get a remainder or some kind
> of digest number.
>
> Which way is the better one?
> I have doubts using CRC because it is based on the modulo operation.
See your question makes no sense. What errors are you trying to
prevent? Who are making the errors (line noise, malicious attacker).
I am surprised anyone is capable of suggesting which one is appropriate
for your case.
Also many hashes use finite rings (and fields) thus "because it uses
modulo operations" is not only very ambiguous, but technically not a
flaw.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Adobe Acrobat -- How Secure?
Date: Sun, 01 Oct 2000 15:24:53 -0400
Tom St Denis wrote:
> "David C. Barber" <[EMAIL PROTECTED]> wrote:
> > I am looking to distribute some documents I don't want the user
> > to be able to alter or print.
> When are people going to realize that crypto is NOT FOR PREVENTING
> ALTERATIONS ON PLAINTEXT!. If you decrypt something I send you
> (say via PGP) there is NO WAY I can stop you from editting it.
However, cryptography certainly *can* be used to prevent the
undetected alteration of a copy of the *distributed* file,
i.e. the one that has been cryptographically signed by the
author and is therefore verifiable as authentic.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Question about encryption.
Date: 01 Oct 2000 12:39:01 -0700
"Melinda Harris" <[EMAIL PROTECTED]> writes:
> We are still trying to find out who is responsible for ANEC encryption. Any
> one out there have a clue?.
Apparently nobody else cares, and with good reason as far as I can tell.
So why do you keep asking?
------------------------------
From: "musashi_x" <m u s a s h i _ [EMAIL PROTECTED]>
Subject: Shareware Protection Schemes
Date: Sun, 1 Oct 2000 15:42:41 -0400
I want to create a serial number registration scheme for a piece of
shareware I'm working on. I would like to use blowfish, with the private
key allowing access to the software's full features. I'm thinking that I
could label each copy with a unique serial number (which would tell me which
key to send the person puchasing it). The serial number would be the first
7 characters of the private key that I send them. This is my first time
protecting anything, any help or ideas would be very much appreciated.
[EMAIL PROTECTED]
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Slow but unbreakable?
Date: Sun, 01 Oct 2000 19:40:00 GMT
It's reasonable to assume that for most of the security of a cipher
comes from its s-boxes. The bigger an s-box that smaller the chance
that a randomly s-box configuration will have bad characteristics. So
here's what i propose (its stupdily inpracticle but should be secure.)
Our old friend, RSA will be our s-box. If we use a fiestel structure,
then the entire f-fucntion is just an iteration of RSA. The round-key
is XORed with the plain-text, then raised to the public exponent mod
the modulo. The block size is obivously twice the width of the modulo.
Thus F(x,k) = (x xor k)^e mod n
Say we used a 4098-bit modulo, This would make a 8196-bit block size
which i massive. Its safe to assume that even if this RSA style
permutation is useless, that it would still be difficult to get enough
known-plain-text to launch an attack.
This isn't very revolutionary, i was just wondering really, if it could
be solved without having to factor N?
Would diff & linear crypto still work?
Moreover, Could one apply diff & linear anaylsis to the actual equation
and form generalise a solution? I presume the answer is no, because RSA
would be attackable if this was the case, right?
Anyway, this is useless cause its slow :-)
---
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Shareware Protection Schemes
Date: Sun, 01 Oct 2000 10:38:12 +0200
musashi_x wrote:
>
> I want to create a serial number registration scheme for a piece of
> shareware I'm working on. I would like to use blowfish, with the private
> key allowing access to the software's full features. I'm thinking that I
> could label each copy with a unique serial number (which would tell me which
> key to send the person puchasing it). The serial number would be the first
> 7 characters of the private key that I send them. This is my first time
> protecting anything, any help or ideas would be very much appreciated.
>
> [EMAIL PROTECTED]
Ask yourself a few questions:
- Who is the "protection" targeted at? The honest people or do
you seriously belive that copy protection will work against
everyone?
- What would stop a cracker from killing your key validation
code in the software?
- HOW will you validate the purchaser?
- What would stop anyone from distributing the software WITH
a (stolen or compromised) legitemate key?
Just my 0.02 strips of latinum,
Glenn
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The algorithm that can be broken by the U.S. mil and NSA/CIA/FBI wins
.... check out the developers .... they just want to violate people's freedom of
speech rights ...
Date: Sun, 01 Oct 2000 20:36:41 GMT
On Sun, 01 Oct 2000 15:57:55 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>would presumably have disclosed (or at least hinted at) loads of
>highly classified information, which is why a statement was issued
>that was worded to reveal as little as possible.
The specific problem that led to the excess of ambiguity is likely to
be that it is hard to say, in the English language, that all five
algorithms met "Type 3" requirements without also indicating whether
or not one or more exceeded them.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: How Colossus helped crack Hitler's codes
Date: Sun, 01 Oct 2000 20:33:36 GMT
On Sun, 01 Oct 2000 22:14:34 +0300, Helger Lipmaa <[EMAIL PROTECTED]>
wrote, in part:
>Quite interesting report at
>http://www.telegraph.co.uk/et?ac=003549412141223&rtmo=wAfMMQKb&atmo=gggggg3K&pg=/et/00/9/30/ncol30.html
>The Government Communications Headquarters at
>Cheltenham declassified a
>two-volume technical report on Colossus
>the 500-page report
>features photographs, specifications and detailed
>notes about Colossus and other
>code-breaking devices.
Quite interesting; of course, the 500-page techincal report will be
rather more interesting (many of the salient features *appear* to have
already been declassified, which is how I was able to say what I do
about Colossus on my web site)...and I can *hardly* expect Frode to
put the whole thing up on _his_ site!
Which reminds me: the forthcoming book mentioned in that "Science and
Technology" article about Mike, Copperhead, and company will be coming
out soon as well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Adobe Acrobat -- How Secure?
Date: Sun, 01 Oct 2000 22:46:01 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> > "David C. Barber" <[EMAIL PROTECTED]> wrote:
> > > I am looking to distribute some documents I don't want the user
> > > to be able to alter or print.
> > When are people going to realize that crypto is NOT FOR PREVENTING
> > ALTERATIONS ON PLAINTEXT!. If you decrypt something I send you
> > (say via PGP) there is NO WAY I can stop you from editting it.
>
> However, cryptography certainly *can* be used to prevent the
> undetected alteration of a copy of the *distributed* file,
> i.e. the one that has been cryptographically signed by the
> author and is therefore verifiable as authentic.
I was specifically hinting at the "altering" or "printing" part. I can
alter a document you send me, I can copy/print/resend a document you
send me. I can't fake a signature, but that wasn't my point.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Slow but unbreakable?
Date: Sun, 01 Oct 2000 22:47:59 GMT
In article <8r83ug$4kc$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> It's reasonable to assume that for most of the security of a cipher
> comes from its s-boxes. The bigger an s-box that smaller the chance
> that a randomly s-box configuration will have bad characteristics. So
> here's what i propose (its stupdily inpracticle but should be secure.)
>
> Our old friend, RSA will be our s-box. If we use a fiestel structure,
> then the entire f-fucntion is just an iteration of RSA. The round-key
> is XORed with the plain-text, then raised to the public exponent mod
> the modulo. The block size is obivously twice the width of the modulo.
>
> Thus F(x,k) = (x xor k)^e mod n
>
> Say we used a 4098-bit modulo, This would make a 8196-bit block size
> which i massive. Its safe to assume that even if this RSA style
> permutation is useless, that it would still be difficult to get enough
> known-plain-text to launch an attack.
>
> This isn't very revolutionary, i was just wondering really, if it
could
> be solved without having to factor N?
>
> Would diff & linear crypto still work?
> Moreover, Could one apply diff & linear anaylsis to the actual
equation
> and form generalise a solution? I presume the answer is no, because
RSA
> would be attackable if this was the case, right?
>
> Anyway, this is useless cause its slow :-)
You're not the first to think of this. Look up "Pohlig-Hellman". It's
an idea of using a single prime modulus (secret) and two secret
exponents. It's terribly slow but provably secure (as discrete logs go
anyways).
You wouldn't really use linear/diff attacks since all the bits "m^x mod
p" are provably hard (read up asia/euro crypt papers).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 01 Oct 2000 19:58:19 -0200
From: "Paulo S. L. M. Barreto" <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Mok-Kong Shen wrote:
<blockquote TYPE=CITE>John Savard wrote:
<br>>
<p>> I interpret that to mean that the standard will be a draft standard
<br>> only at that time.
<p>So in principle the AES winner could still be improved in
<br>its final version. Is that right? That wouldn't be bad.
<p>M. K. Shen</blockquote>
Yes, it would be bad. Modifying the AES winner(s) now could endanger
or nullify all analysis made up to now and compromise any confidence derived
from it. NIST could as well propose a totally different algorithm
instead (an NSA design for instance). I doubt they would do that.
<p>Paulo Barreto.
<br> </html>
------------------------------
Date: Sun, 01 Oct 2000 20:00:53 -0200
From: "Paulo S. L. M. Barreto" <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Mok-Kong Shen wrote:
<blockquote TYPE=CITE>Scott Fluhrer wrote:
<br>>
<br>[snip]
<br>> certainly arise, and would be unlikely to go away. Similar
questions arose
<br>> with the hidden design principles behind DES, and NIST wants to avoid
that
<br>> scenario...
<p>As I have said many times, the yet incompleteness of the
<br>documents concerning the design unfortunately doesn't
<br>entirely remove that age-old problem.
<p>M. K. Shen</blockquote>
Would you please point out what is incomplete in the documentation of *any*
of the finalists?
<p>Paulo Barreto.
<br> </html>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
