Cryptography-Digest Digest #846, Volume #12 Thu, 5 Oct 00 04:13:01 EDT
Contents:
Re: pronunciation of "DES" (John Savard)
Re: Mathematical Problem (David A Molnar)
Re: The best way to pronounce AES (JPeschel)
Re: pronunciation of "DES" ("John A. Malley")
Re: Advanced Encryption Standard - winner is Rijndael (Gregory G Rose)
Re: Encryption problem (Jon Haugsand)
Re: pronunciation of "DES" (Mok-Kong Shen)
Re: SHA C++ Implementation (Bob Deblier)
Re: pronunciation of "DES" (Mok-Kong Shen)
Re: Counterpane Funny Stuff (Anders Thulin)
Re: Q: does this sound secure? ("William A. McKee")
Re: CDMA tracking (was Re: GSM tracking) (Steven Murray)
Re: TC8 -- Yet Another Block Cipher (David Blackman)
Re: Deadline for AES... (Mok-Kong Shen)
Re: Deadline for AES... (Mok-Kong Shen)
Re: It's Rijndael (Mok-Kong Shen)
Re: No Comment from Bruce Schneier? (Mok-Kong Shen)
Re: The best way to pronounce AES (Mok-Kong Shen)
Re: pronunciation of "DES" (Arturo)
Re: Faraday Cage (Was CDMA tracking) (Arturo)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: pronunciation of "DES"
Date: Thu, 05 Oct 2000 04:59:46 GMT
On Wed, 04 Oct 2000 22:19:20 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>David Crick wrote:
>> Thinking back to a long-running thread on here a while back, it was
>> interesting to note that Dr Cheryl Shavers pronounced DES as "dee
>> ee ess" (rather than "dez") during her part in the AES announcement.
>> I don't know about any of the others who followed her, since I keep
>> getting server time-outs in Real Player so can't hear/see the rest
>> of the webcast. :(
>So you are very interested to know how AES (or whatever the
>successor) is pronounced?
Well, while most people will pronounce DES as "dez", AES will have to
be pronounced "ay ee ess", I'm afraid.
Despite the fact that "aes" _is_ a word (it's a Roman bronze coin), no
non-spelling pronounciation of AES would be non-confusing.
But maybe it _could_ be pronounced "ace", if one is in a hurry.
Since Rijndael is not pronounced "Reendayl", but "Rhine" (with a long
I) and "Rain" (with a long A) are both suggested for the first
syllable, I have a sinking feeling that the *real* correct
pronounciation for the ij in Rijndael is the Russian "yerry", a sort
of eeih sound (try to say A but with your tongue in position for E).
The ae apparently is just the o in often, odd, on, cot, top, and
similar words.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Mathematical Problem
Date: 5 Oct 2000 05:25:36 GMT
Mike Rosing <[EMAIL PROTECTED]> wrote:
>> I'd prefer a theoretical problem as my interests lie in the same. I have a
>> descent background in mathematics, information theory and
>> communication (maths olympiad levels).
> How about explaining how you use error correction for public key crypto?
> Maybe we can ask enough dumb questions you'll find a hard problem :-)
McEliece cryptosystem comes to mind. Wasn't there a recent paper which
discussed methods of strengthening it?
There are some similarities between error correcting codes and lattices.
Lattice based cryptosystems have been broken in recent years. Maybe
McEliece is vulnerable (if it hasn't already been broken). Maybe there
are some neat "transfer theorems" which can carry results between the
two worlds. Maybe there are some randomly self-reducible coding
problems just waiting for you to discover them. (no, I don't think that is
an 8-month problem...it seems much harder :\ )
You might check out this course:
http://www-cse.ucsd.edu/~daniele/cse291fa99.html
and see if it looks interesting.
Another major area you might look at might be authentication
codes and secret sharing schemes.
authentication codes:
http://www.cacr.math.uwaterloo.ca/~dstinson/acbib.html
a thesis on secret sharing schemes:
http://www.cs.bgu.ac.il/~beimel/Papers/thesis.ps.gz
I don't know either area nearly well enough to suggest problems,
much less do-able ones. But they do seem to use codes here and there.
-david
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: The best way to pronounce AES
Date: 05 Oct 2000 05:30:52 GMT
[EMAIL PROTECTED] (John Savard) writes, in part:
>but
>in fact it is Midwestern English which is considered the most
>"standard".
Where'dja get that idea?
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: pronunciation of "DES"
Date: Wed, 04 Oct 2000 22:40:24 -0700
John Savard wrote:
>
[snip]
>
> Since Rijndael is not pronounced "Reendayl", but "Rhine" (with a long
> I) and "Rain" (with a long A) are both suggested for the first
> syllable, I have a sinking feeling that the *real* correct
> pronounciation for the ij in Rijndael is the Russian "yerry", a sort
> of eeih sound (try to say A but with your tongue in position for E).
Gosh, every time I read the name "Rijndael" I hear it like "Dinsdale" (
"Reens - dale" ) as uttered by Spiny Norman, the giant hedgehog, from an
ancient Monty Python episode...
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Crossposted-To: alt.security.scramdisk
Subject: Re: Advanced Encryption Standard - winner is Rijndael
Date: 4 Oct 2000 22:47:52 -0700
First let me say that I agree with the *thrust* of
David's comment. Nothing NIST has said carries the
implication that Rijndael isn't *secure enough* to
be used for classified data.
In article <[EMAIL PROTECTED]>,
David Schwartz <[EMAIL PROTECTED]> wrote:
> For the third time, I ask you if you have any evidence to support your
>claim that the U.S. government does not consider Rijndael suitable for
>protecting classified data. I'm become more and more confident that you
>don't.
However, it is a requirement of the US Government
that Classified data be encrypted using a "Type I"
algorithm. Part of the requirement for such an
algorithm is that the algorithm itself is
classified. It can't be both classified and a
published standard. Therefore, AES (whatever it is
and no matter how good it is) cannot be used to
encrypt classified data. QED.
This requirement comes from the principle of
red/black separation, BTW. It is not stupid, even
though it does appear to violate Kerkhoff's Maxim
that all secrecy should reside in the keys.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
QUALCOMM Australia VOICE: +61-2-9181 4851 FAX: +61-2-9181 5470
Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F
------------------------------
From: Jon Haugsand <[EMAIL PROTECTED]>
Subject: Re: Encryption problem
Date: 05 Oct 2000 08:02:54 +0200
* ed dominguez
> How can I implement a program that will encrypt a random number but
> that its so secure that even the programmers cant brute-force it
> in small amount of time (days,weeks) ?
Randomly choose the price -> P
Generate a random string of, say, 1000 bytes -> S
Strongly encrypt the string "P+++S"
--
Jon Haugsand
Norwegian Computing Center, <http://www.nr.no/engelsk/>
<mailto:[EMAIL PROTECTED]> Pho: +47 22852608 / +47 22852500,
Fax: +47 22697660, Pb 114 Blindern, N-0314 OSLO, Norway
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: pronunciation of "DES"
Date: Thu, 05 Oct 2000 09:06:45 +0200
John Savard schrieb:
>
> On Wed, 04 Oct 2000 22:19:20 +0200, Mok-Kong Shen
> <[EMAIL PROTECTED]> wrote, in part:
> >David Crick wrote:
>
> >> Thinking back to a long-running thread on here a while back, it was
> >> interesting to note that Dr Cheryl Shavers pronounced DES as "dee
> >> ee ess" (rather than "dez") during her part in the AES announcement.
>
> >> I don't know about any of the others who followed her, since I keep
> >> getting server time-outs in Real Player so can't hear/see the rest
> >> of the webcast. :(
>
> >So you are very interested to know how AES (or whatever the
> >successor) is pronounced?
>
> Well, while most people will pronounce DES as "dez", AES will have to
> be pronounced "ay ee ess", I'm afraid.
>
> Despite the fact that "aes" _is_ a word (it's a Roman bronze coin), no
> non-spelling pronounciation of AES would be non-confusing.
>
> But maybe it _could_ be pronounced "ace", if one is in a hurry.
>
> Since Rijndael is not pronounced "Reendayl", but "Rhine" (with a long
> I) and "Rain" (with a long A) are both suggested for the first
> syllable, I have a sinking feeling that the *real* correct
> pronounciation for the ij in Rijndael is the Russian "yerry", a sort
> of eeih sound (try to say A but with your tongue in position for E).
> The ae apparently is just the o in often, odd, on, cot, top, and
> similar words.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: Re: SHA C++ Implementation
Date: Thu, 05 Oct 2000 08:51:13 +0200
[EMAIL PROTECTED] wrote:
> Hi. I was wanting to know if there is any source
> code for C++ that implements SHA(Secure Hash
> Algorithm), aka SHS(Secure Hash Standard). I have
> found some C implementations, but they do not seem
> to work. Could someone please help? Thanks.
>
> -GH
> [EMAIL PROTECTED]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
The BeeCrypt crypto library contains SHA-1 code. It is written in C and
assembler, with headers that are usable in C++ as well. It's portable -
it runs on Solaris, Linux, FreeBSD, Win32, Tru64 Unix, and I've even
tried it on QNX.
If you want to experiment with it, see
http://beecrypt.virtualunlimited.com/
Sincerely
Bob Deblier
Virtual Unlimited
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: pronunciation of "DES"
Date: Thu, 05 Oct 2000 09:08:53 +0200
Sorry, the posting was due to wrong mause klick.
M. K. Shen
------------------------------
From: Anders Thulin <[EMAIL PROTECTED]>
Subject: Re: Counterpane Funny Stuff
Date: Thu, 5 Oct 2000 06:56:09 GMT
Andru Luvisi wrote:
> So if I had to guess, I'd say they were trying to say:
>
> "Whether your problem is big or small, you can handle security really
> well by going with us and getting the full benefit from our being
> really good."
>
> ...which, based on what I know of Counterpane, is probably true.
The quotation is actually by Peter Chung of Morgan Stanley Dean Witter
Private Equity, who seems to be one of the new investors in Counterpane
So naturally it's in business-speak.
--
Anders Thulin [EMAIL PROTECTED] 040-10 50 63
Telia Prosoft AB, Box 85, S-201 20 Malm�, Sweden
------------------------------
Reply-To: "William A. McKee" <[EMAIL PROTECTED]>
From: "William A. McKee" <[EMAIL PROTECTED]>
Subject: Re: Q: does this sound secure?
Date: Thu, 05 Oct 2000 06:57:35 GMT
So ... I scrapped my first attempt and use SRP instead. A very nice package
but it took a while to get the config.h right for WIN32. A big "Thank You"
goes to Tom and his team. (To Tom: If your interested in the diff, and there
were a few minor changes to make the code compile "clean" with MS VC++ 6.0,
please email me. Also, I made some changes to the Java to make it 1.2/1.3
compliant.) The problem is that java.security.SecureRandom takes forever the
first time it is called so I replaced it with the good old java.util.Random.
Does this make the SRP weaker? If so, in what way?
Also, why is SRP safe against password guessing attacks? Seems like it
suffers from the same problem I had originally in my first attempt.
Thanks again,
Will McKee.
[EMAIL PROTECTED]
Thomas Wu <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "William A. McKee" <[EMAIL PROTECTED]> writes:
>
> > I have to ask the user for an user id and password in a Java applet
(client)
> > then validate it on a server. Does this sound like a secure scheme?
> >
> > 1) the server issues a random session key (32 bits).
> > 2) the user id and password are hashed (MD5) by the client.
> > 3) the session key and hash key from 2 are hashed (MD5).
> > 4) the user id and hash key from 3 are sent to the server.
> > 5) the server looks up the user id in a password file then hashs the
session
> > key and the stored hash key (previously computed, the same as in 2).
> > 6) the two hash keys (from 3 and 5) are compared.
> > 7) the server issues a "PASS" if 6 compares true (and moves into a
"logged
> > on state") else it issues a "FAIL"
> >
> > Passwords are at least 6 characters long with at least one non-alpha
> > character.
>
> As others have noted, this is vulnerable to a password-guessing attack
> from an eavesdropper. In addition, since the server's secret is a
> a password equivalent, somebody who reads the server's password file
> can impersonate all the users.
>
> Use a strong password protocol, like SRP or SPEKE. SRP, for example, has
> a Java implementation (jdk102 or jdk11x) already in the distribution
> which is free.
>
> http://srp.stanford.edu/
> http://www.integritysciences.com/
>
> Incidentally, you should sign your applet, so that user's don't type
> their passwords into a trojan horse applet.
> --
> Tom Wu * finger -l [EMAIL PROTECTED] for PGP
key *
> E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms
in
> Phone: (650) 723-1565 exchange for security deserve
neither."
> http://www-cs-students.stanford.edu/~tjw/
http://srp.stanford.edu/srp/
------------------------------
From: Steven Murray <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Thu, 05 Oct 2000 18:15:21 +1100
> >>> >> > >If you are concerned about your phone being
> >>> >> > >trackable when it is off, why not just put
> >>> >> > >it in an aluminum briefcase ?
Its Dangerous to add to a thread when you don't know what
went before - but if you are after a Legitimate test method
to stop signal getting to/from a mobile phone, why not put
it into a gauranteed (consumer quality) RF-proof enclosure nearly
everyone owns --- a microwave oven. Just don't turn the oven on!!
--
Steven Murray, AirBorn Electronics -- [EMAIL PROTECTED]
PO Box 1491, North Sydney, NSW 2060, Australia.
Ph(61)(2)9925 0325 Fax 9925 0297 -- http://www.airborn.com.au
"Opportunities multiply as they are seized. " -- Sun Tzu
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: TC8 -- Yet Another Block Cipher
Date: Thu, 05 Oct 2000 18:22:48 +1100
Tom St Denis wrote:
>
> This cipher is designed after CS-Cipher but is much simpler and uses
> little ram/rom. It's a cute cipher and I would appreciate any comments.
>
> This cipher has awesome diffusion amongst the bytes (64-bit block
> cipher) and is very simple to look at.
>
> I noticed very little comments on MyFish... oh well...
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
64 bit block cyphers are toys. It seems that even with chaining modes,
there are birthday attacks after a few GB, and lots of us would like to
be able to work with more data than that.
Please switch to 128 bits for future designs. Or maybe even 256. I'm
half expecting someone to come up with a generic attack on all 128 bit
block cyphers, now that everyone is committed to using them for the next
30 years :-)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Thu, 05 Oct 2000 10:02:47 +0200
"Paulo S. L. M. Barreto" wrote:
>
> Mok-Kong Shen wrote:
>
> > Scott Fluhrer wrote:
> > >
> > [snip]
> > > certainly arise, and would be unlikely to go away. Similar
> > questions arose
> > > with the hidden design principles behind DES, and NIST wants to
> > avoid that
> > > scenario...
> >
> > As I have said many times, the yet incompleteness of the
> > documents concerning the design unfortunately doesn't
> > entirely remove that age-old problem.
>
> Would you please point out what is incomplete in the documentation of
> *any* of the finalists?
The most conspicuous one and about which I have the
most concern is that there are lots of numbers (numerical
constants) whose derivation is not clear to the reader,
i.e. these cannot be reproduced by them in some way. This
provides an essential ground to nurish doubts about the
absence of backdoors. Certainly it hinders a proper
understanding and hence probably also analysis.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Deadline for AES...
Date: Thu, 05 Oct 2000 10:02:55 +0200
"Paulo S. L. M. Barreto" wrote:
>
> Mok-Kong Shen wrote:
>
> > John Savard wrote:
> > >
> >
> > > I interpret that to mean that the standard will be a draft
> > standard
> > > only at that time.
> >
> > So in principle the AES winner could still be improved in
> > its final version. Is that right? That wouldn't be bad.
>
> Yes, it would be bad. Modifying the AES winner(s) now could endanger
> or nullify all analysis made up to now and compromise any confidence
> derived from it. NIST could as well propose a totally different
> algorithm instead (an NSA design for instance). I doubt they would do
> that.
What's wrong with more rounds??
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Thu, 05 Oct 2000 10:03:01 +0200
"Paulo S. L. M. Barreto" wrote:
>
> Before resorting to triple encryption, you must prove the cipher is
> not a group (otherwise triple encryption is plain waste of time). I
> doubt this has been done for any of the AES candidates (I mean any of
> the 15 original ciphers, not only the finalists); if you know better,
> please share the proof (or a link to it).
If only very small groups could exist, then the said
disadvantage of using triple encryption could be neglected,
noting that in the worst case it doesn't lead to weakening.
In practical situations, some decisions are based on
incomplete informations and are more or less subjective
and heuristic. (Do you check every parts of your car
each time before you drive?)
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: No Comment from Bruce Schneier?
Date: Thu, 05 Oct 2000 10:03:09 +0200
John Savard wrote:
>
> But he only visits sci.crypt to post occasionally, and he may be busy
> right now.
He might be scared away by the massive chosen plaintext
attack launched by someone to crack his recent post.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The best way to pronounce AES
Date: Thu, 05 Oct 2000 10:03:15 +0200
JPeschel wrote:
>
> Mok-Kong Shen [EMAIL PROTECTED] writes:
>
> >As far as I know, the 'standard' British
> >English is the Oxford English. Which is the corresponding
> >one for American English?
>
> What do you mean by "the Oxford English?" You are
> asking about dictionaries? You are asking about
> formal, colloquial, or slang usage? Dialects?
I think what I was questioning corresponds to 'dialects'.
There is normally in each country a dialect which is
considered by the majority to be in some sense pure,
elevated, etc. and is prefered in theatres, news broadcasts,
teaching, etc. For Chinese, for example, this is the
Peking dialect. I like to know what is the corresponding
one for American English.
M. K. Shen
------------------------------
From: Arturo <[EMAIL PROTECTED]=NOSPAM>
Subject: Re: pronunciation of "DES"
Date: Thu, 05 Oct 2000 09:44:53 +0200
On Thu, 05 Oct 2000 04:59:46 GMT, [EMAIL PROTECTED] (John
Savard) wrote:
>On Wed, 04 Oct 2000 22:19:20 +0200, Mok-Kong Shen
><[EMAIL PROTECTED]> wrote, in part:
>>David Crick wrote:
>
>
>Despite the fact that "aes" _is_ a word (it's a Roman bronze coin), no
>non-spelling pronounciation of AES would be non-confusing.
>
>But maybe it _could_ be pronounced "ace", if one is in a hurry.
I like that one. Much better than spelling it.
------------------------------
From: Arturo <[EMAIL PROTECTED]=NOSPAM>
Subject: Re: Faraday Cage (Was CDMA tracking)
Date: Thu, 05 Oct 2000 09:50:10 +0200
>>Guy's comments:
>>
>>The idea of grounding a Faraday shield was Faraday's, and it is very
>>important in Faraday's application, which was to protect humans from
>>large electrostatic charges. Without the ground, the cage can hold
>>a charge and zap you as you step out of it.
>>
I don�t follow it. We want to ground a cellphone via a Faraday cage.
But if you do it right, the FC will block all EM signals incoming and outcoming.
In that case: how on Earth will you be able to talk through your phone, or
receive incoming calls? You�d might as well just plug the battery out.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
