Cryptography-Digest Digest #815, Volume #12 Mon, 2 Oct 00 16:13:00 EDT
Contents:
Re: Maximal security for a resources-limited microcontroller (Tom St Denis)
is NIST just nuts? (Tom St Denis)
Re: is NIST just nuts? ("alex")
Idea for Twofish and Serpent Teams (Tom St Denis)
Re: Adobe Acrobat -- How Secure? ("David C. Barber")
Re: Shareware Protection Schemes (Darren New)
Re: newbie question (Albert Yang)
Re: Is RC4 a serious cipher? ("David C. Barber")
Re: How Colossus helped crack Hitler's codes (Jim)
Re: NIST Statistical Test Suite (Peter J. Acklam)
Re: It's Rijndael (Daniel Leonard)
Re: is NIST just nuts? (Albert Yang)
Re: Re: It's Rijndael (Jane Gilbert)
Re: Signature size ([EMAIL PROTECTED])
Re: hourra for europa :) (Mok-Kong Shen)
Re: Choice of public exponent in RSA signatures (John Myre)
Re: Choice of public exponent in RSA signatures (D. J. Bernstein)
Re: How Colossus helped crack Hitler's codes (Mok-Kong Shen)
Re: is NIST just nuts? (Mok-Kong Shen)
Re: Comments on the AES winner (JCA)
Re: hourra for europa :) (Frank M. Siegert)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Date: Mon, 02 Oct 2000 18:01:07 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Sagie wrote:
> >Hello all,
> >
> > I'm in need of a symmetric (secret key) encryption process for
one of my
> >projects. I would love to use one of the popular schemes, such as
blowfish
> >and DES, but the cipher has to be implemented in a teeny-weeny
> >microcontroller with very limited resources.
>
> We could design a new system for you, that would meet your objectives
> better that what you can archive using conventional technology.
What do you have that is better then publicly known methods of crypto
and implementing crypto?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: is NIST just nuts?
Date: Mon, 02 Oct 2000 18:05:54 GMT
As if that was picked... From what I understand it's not at all close
to the securest block cipher. Will aes specify that cipher with more
rounds? What a shame...
I demand a recount! Twofish should have won!
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "alex" <[EMAIL PROTECTED]>
Subject: Re: is NIST just nuts?
Date: Mon, 2 Oct 2000 20:23:40 +0200
you could email monika lewinsky, she could perhaps ask the President for
that.
Tom St Denis <[EMAIL PROTECTED]> a �crit dans le message :
8raips$vsd$[EMAIL PROTECTED]
> As if that was picked... From what I understand it's not at all close
> to the securest block cipher. Will aes specify that cipher with more
> rounds? What a shame...
>
> I demand a recount! Twofish should have won!
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Idea for Twofish and Serpent Teams
Date: Mon, 02 Oct 2000 18:15:57 GMT
Do what RSA did and make your own "Symmetric Cipher Standards" and
ignore the govt.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: Adobe Acrobat -- How Secure?
Date: Mon, 2 Oct 2000 11:33:36 -0700
Isn't that Jack's Secret Sauce? :^)
If McDonald's has a secret sauce -- it remains a well protected secret.
*David Barber*
"Nogami" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Acrobat is a reasonable compromise which should keep most people out
> of it, but if you're going to be publishing the secret receipe for
> Coke, or McDonald's "secret sauce", then you're probably safer just
> not sending it at all ;P
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Shareware Protection Schemes
Date: Mon, 02 Oct 2000 18:38:54 GMT
Ichinin wrote:
> - What would stop anyone from distributing the software WITH
> a (stolen or compromised) legitemate key?
I saw an interesting mechanism once that just put the credit card number
used to pay for the software into the "About" box. Encrypted in the
executable, of course. And it wasn't worth it to me to try to track down how
to remove it, since I'd paid for the software. A simple thing like is likely
just as much a hinderance to people trying to steal it as anything more
complicated, for all the reasons already mentioned here.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
The tragedy of the commons applies to monitizing eyeballs, too.
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: newbie question
Date: Mon, 02 Oct 2000 18:40:00 GMT
cryto-libs are a' plenty on the web, just do some searches.
As for the crypto, stick with some reliable algorithms. Keep in mind
that if the items you are XORing the plaintext with, is short and
repeating, then finding the period and then XORing them together
magically produces what you were trying to hide... So be careful.
Same with stream ciphers, so don't use the same password twice on stream
ciphers. And when you use block ciphers, use CBC instead of ECB, you'll
thank me later for it.
Albert
Aaron Cannon wrote:
>
> Aaron Cannon <[EMAIL PROTECTED]> wrote:
> : Thank you all for your helpful responses! I very much appreciate it. I
> : think I'll just try to find a good secure prebuilt c library and use that.
> : any recommendations on what single key algorithms are best and easiest to
> : use? I was considering IDEA but I haven't heard anything on it for a
> : while, and so I don't know if any weaknesses have been found in it.
> : Thanks again for the help!
>
> I did a little more research since posting that message and realized that
> IDEA won't work because of the patent issue. So, I think I'd like to use
> 3DES. Does anyone know where I can obtain a public domain or freely
> usable c library for 3des? Once again, thanks for any and all help!
>
> --
> "Man is superior to government and should remain master over it, not the
> other way around."
> Ezra Taft Benson (Teachings of Ezra Taft Benson, page 680)
>
> ICQ #: 22773363
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: Is RC4 a serious cipher?
Date: Mon, 2 Oct 2000 11:41:19 -0700
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/ciphers/
"Guy Macon" <[EMAIL PROTECTED]> wrote in message
news:8r3mt0$[EMAIL PROTECTED]...
> David C. Barber wrote:
> >
> >I was looking the RC4 Cypherpunks code and doesn't seem to be much more
than
> >a simple key generator and an xor with a cycle of 256. Is this at all a
> >serious (read: secure) cipher?
> >
> > *David Barber*
> >
>
> Where is the "RC4 Cypherpunks (Cipherpunks?) code"? Are you
> refering to Ciphersaber, [ http://www.ciphersaber.gurus.com ]
> or some other implementation?
>
------------------------------
From: [EMAIL PROTECTED] (Jim)
Subject: Re: How Colossus helped crack Hitler's codes
Date: Mon, 02 Oct 2000 18:45:54 GMT
Reply-To: Jim
On Mon, 02 Oct 2000 11:30:35 +0200, Mok-Kong Shen <[EMAIL PROTECTED]>
wrote:
>
>
>John Savard wrote:
>>
>
>> The article was in "American Heritage of Technology and Invention",
>> and the book is "Battle of Wits" by Stephen Budiansky, ISBN
>> 0684859327, published by Free Press.
>
>I vaguely remember that the director of the museum at
>Bletchley Park was writing a book several years ago. Does
>anyone know about that, or is it the one given above?
I don't know if I'd term him 'the director', but Ted Enver wrote
a book in 1994 entitled 'Britain's Best Kept Secret' Ultra's Base
at Bletchley Park. Sutton Publishing Ltd. ISBN 0-7509-0631-6.
A rundown of the chapter headings:
Foreword by Sir Harry Hinsley
The Park Under Threat
The Mansion & the Leons
The Sentry Box & the Bombing of Hut 4
The Stable Block
The Wooden Huts
The Bombe Unit
The Homes of Collosus
'D' Block & 'G' Block
The Card Index
Safe Against Gas
The Bletchley Park Trust
Lots of photos and diagrams - the book is more about buildings
than about cryptography.
--
Jim Dunnett
amadeus @ netcomuk.co.uk
nordland @ lineone.net
------------------------------
From: [EMAIL PROTECTED] (Peter J. Acklam)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: NIST Statistical Test Suite
Date: 02 Oct 2000 16:43:20 +0100
[EMAIL PROTECTED] writes:
> Has anyone got code for the function erfc() that i could include
> in the software as this function does not seem to be available
> when using Visual C++ 6.0.
Do a search at Netlib: http://www.netlib.org
Peter
--
Peter J. Acklam - [EMAIL PROTECTED] - http://www.math.uio.no/~jacklam
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 02 Oct 2000 19:01:37 GMT
On Mon, 2 Oct 2000, Serge Paccalin wrote:
> On/Le Mon, 02 Oct 2000 10:44:59 -0500,=20
> [EMAIL PROTECTED] wrote/a =E9crit
> in/dans sci.crypt...
> > Quisquater wrote:
> > >=20
> > > Yes !
> > >=20
> > > See http://www.esat.kuleuven.ac.be/cosic/#press
> >=20
> > How is it pronounced?
>=20
> Ay-ee-ess.
>=20
> This answer is more serious than you could think. Who remembers the=20
> original name of DES?
>=20
> --=20
> ___________
> _/ _ \_`_`_`_) Serge PACCALIN
> \ \_L_) [EMAIL PROTECTED]
> -'(__) L'hypoth=E8se la plus =E9labor=E9e ne saurait remplacer
> _/___(_) la r=E9alit=E9 la plus bancale. -- San-Antonio (1921-2000)
>=20
Wasn't it Lucifer ?
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: is NIST just nuts?
Date: Mon, 02 Oct 2000 19:03:50 GMT
I don't think Twofish should have won. Twofish is WAY too complex, and
complexity in crypto is like a cat in a rocking chair store..
It wasn't the most secure or had the most security margain (Serpent wins
that)
It wasn't the most elegant (RC6, hands down)
It wasn't the easiest to cryptoanalyse (Serpent, RC6, and Rijndael)
It wasn't the fastest on software (Rijndael, RC6)
It wasn't the fastest on hardware (Serpent, Rijndael)
It wasn't the best at anything... So no Tom, twofish shouldn't have
won.
I thought Rijndael with 16 rounds for all key sizes would have been
better, but oh well...
Albert
Tom St Denis wrote:
>
> As if that was picked... From what I understand it's not at all close
> to the securest block cipher. Will aes specify that cipher with more
> rounds? What a shame...
>
> I demand a recount! Twofish should have won!
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jane Gilbert)
Subject: Re: Re: It's Rijndael
Date: 2 Oct 2000 21:09:35 +0200
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
======_=_NextPart_001_01C02CA3.E19873D0
Content-Type: text/plain;
charset="iso-8859-1"
Lucifer, no?
======_=_NextPart_001_01C02CA3.E19873D0
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4134.600" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=830011219-02102000><FONT face=Arial size=2>Lucifer,
no?</FONT></SPAN></DIV></BODY></HTML>
======_=_NextPart_001_01C02CA3.E19873D0==
--
Posted from [206.156.202.6]
via Mailgate.ORG Server - http://www.Mailgate.ORG
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Signature size
Date: Mon, 02 Oct 2000 18:57:20 GMT
> The mathematical problem is different. The amount of work you need
to do
> to crack 170 bit ECC problem is about the same (but not really -
there's
> lots of details I'm leaving out) as the work you need to do to crack
1024 bit
> RSA problem. You need to learn a lot of math to understand why.
I understand that ;-) I was just wondering because ECDSS signatures are
2x160=320 bits long and it is claimed on
http://www.certicom.com/research/wecc2.html that digital signatures
using ECC are 320 bits long for messages longer than 2000 bits (with
security comparable to RSA 1024 bit).
So my questions are:
How can I achieve shorter signatures when the messages are shorter?
How can I achieve a a 160/170 bit signature using ECC signature
algorithms? (Answer seems to be ECC ElGamal)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: hourra for europa :)
Date: Mon, 02 Oct 2000 21:26:33 +0200
alex wrote:
>
> We can not be good in all domains :)
There are bigger and smaller domains. It is better be
good in bigger (more important for most people) domains.
>
> But Mok-Kong you are german aren't you ?
> Germany is in Europa, no ? :)
Should I therefore close my eyes?
M. K. Shen
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Choice of public exponent in RSA signatures
Date: Mon, 02 Oct 2000 13:02:17 -0600
Roger Schlafly wrote:
>
> Thomas Pornin wrote:
> > Besides, choosing a prime number speeds up the key selection algorithm
> > (e must be prime to (p-1)(q-1), so, with e = 3, when you choose p, you
> > have only ~67% chance that p-1 is prime to e).
Actually, wouldn't that be 50%? Presuming, that is, that you have
already checked that p is relatively prime to 3.
>
> Testing for divisibility by 3 is so fast, compared to other needed
> operations, that it is insignificant. I doubt that you could notice
> the difference, if it is done in a reasonable way.
In case it isn't obvious to some, the "reasonable way" is to do the
test really early, before you do any expensive primality tests on p.
For instance, suppose that you are searching for p like this:
p = random bits
set bottom bit (so p is odd)
while p is not (probably) prime
p = p + 2
Then you could search at the same speed, while maintaining the
requirement that both p and p-1 are relatively prime to 3, by
doing the following:
p = random bits
p = p - (p modulo 6) + 5
while p is not (probably prime)
p = p + 6
In this case we have folded the requirement on p-1 into the
loop, so no explicit test is required.
The time when this sort of thing would not work is if you
are using some sort of "black box" to generate p, and you
can't test p-1 each time until it is completely done.
JM
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: Choice of public exponent in RSA signatures
Date: 2 Oct 2000 19:17:29 GMT
Francois Grieu <[EMAIL PROTECTED]> wrote:
> What is special with Rabin-Williams signature is that attacks on the
> padding scheme can be turned into a total break, which does not appear
> true with RSA.
Bad hash functions allow easy forgeries under all of these systems.
Forgeries are unacceptable. The solution is to stop using bad hash
functions.
Rabin's original proposal (unlike the RSA proposal) included sensible
hashing. Oversimplified versions of the system (like the RSA proposal)
are insecure, but all this means is that one shouldn't oversimplify.
The specific system described in http://cr.yp.to/papers/sigs.dvi has the
same security guarantee as any other sensible RSA-type system, with much
faster signature verification.
---Dan
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: How Colossus helped crack Hitler's codes
Date: Mon, 02 Oct 2000 21:50:33 +0200
Jim wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> [snip]
> >I vaguely remember that the director of the museum at
> >Bletchley Park was writing a book several years ago. Does
> >anyone know about that, or is it the one given above?
>
> I don't know if I'd term him 'the director', but Ted Enver wrote
> a book in 1994 entitled 'Britain's Best Kept Secret' Ultra's Base
> at Bletchley Park. Sutton Publishing Ltd. ISBN 0-7509-0631-6.
>
> A rundown of the chapter headings:
>
> Foreword by Sir Harry Hinsley
> The Park Under Threat
> The Mansion & the Leons
> The Sentry Box & the Bombing of Hut 4
> The Stable Block
> The Wooden Huts
> The Bombe Unit
> The Homes of Collosus
> 'D' Block & 'G' Block
> The Card Index
> Safe Against Gas
> The Bletchley Park Trust
>
> Lots of photos and diagrams - the book is more about buildings
> than about cryptography.
My memory isn't too well about I lecture that I heard
several years ago. The lecturer, if not director, had
at least a rather important position in the museum.
I have now not the faintest idea of his name. He said
that he was writing a book about the machine and the
crypto techniques involved. He seemed to have been
principally involved in the reconstruction of the machine.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: is NIST just nuts?
Date: Mon, 02 Oct 2000 22:09:28 +0200
Tom St Denis wrote:
>
> As if that was picked... From what I understand it's not at all close
> to the securest block cipher. Will aes specify that cipher with more
> rounds? What a shame...
>
> I demand a recount! Twofish should have won!
I guess that there are lots of people at NIST having
superior crypto knowledge than you. If they are nuts .....
M. K. Shen
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Comments on the AES winner
Date: Mon, 02 Oct 2000 12:39:54 -0700
I understand that the original Rijndael (i.e. with 10
rounds) seemed to be dangerously close to be broken,
in the sense that an 8 round Rijndael has already been
broken. I have been unable to find information in this
respect so I assume that the are no additional rounds
in the newly-elected AES.
As an aside, in my browser the number of possible
128-bit key for Rijndael, as mentioned in the AES
fact sheet, appears as 3.4*101038. Can anybody see it as
it should (3.4*10^38)?
Mok-Kong Shen wrote:
> Now that the AES winner has been determined, it is more
> covenient and more efficient (since one has only one target
> instead of a considerable number of them) to attempt to
> comment on it. Our group, I think, has sort of natural
> 'responsibility' to do that, in order that some more or
> less practicable (realizable) improvements, if any of these
> could be found by us, have a chance of being incorporated
> into the final standard version of AES.
>
> As I see, AES is probably first going to be an American
> national standard, before becomming an ISO standard. This
> means that comments have to go through the ways that
> national draft standards get officially processed and this
> would presumably, I guess, exclude comments from foreign
> origins. On the other hand, if we could manage to agree on
> a certain number of concrete points of our opinions about the
> AES winner, then I suppose it is no problem to find among us
> someone of American nationality to submit a joint paper.
>
> So shouldn't we start right now? (There were already some
> amounts of discussions on Rijndael recently.)
>
> M. K. Shen
> ---------------------------
> http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: hourra for europa :)
Date: Mon, 02 Oct 2000 20:00:59 GMT
On Mon, 02 Oct 2000 20:09:49 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>EURO does much less well :-)
Also this may change in time... (hopefully before my next US visit
;-))
Nice to see RIJNDAEL (I do like the pronunciation alternative 'Rain
Doll" ;-)), I personally - even as European - would have opted for
Twofish but I am sure this wet thingy will do a good job too...
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
