Cryptography-Digest Digest #861, Volume #12 Sat, 7 Oct 00 00:13:00 EDT
Contents:
Pencil and paper cipher. (Benjamin Goldberg)
Re: TC8 -- Yet Another Block Cipher (Mack)
Re: It's Rijndael (Bryan Olson)
Re: No Comment from Bruce Schneier? (SCOTT19U.ZIP_GUY)
Re: Idea for Twofish and Serpent Teams (Benjamin Goldberg)
Re: Idea for Twofish and Serpent Teams (Benjamin Goldberg)
Re: one time pad using a pseudo-random number generator ([EMAIL PROTECTED])
GOST (was Re: TEA) (David Hopwood)
Re: Storing an Integer on a stream (SCOTT19U.ZIP_GUY)
Re: what is wrapped PCBC? (SCOTT19U.ZIP_GUY)
Re: Idea for Twofish and Serpent Teams (JPeschel)
Re: Oblivious transfer.... (David Hopwood)
Re: Elliptic Curve / Blowfish combination as an alernative to PGP ? (David Hopwood)
Re: NSA quote on AES (Eric Smith)
Re: NSA quote on AES (UBCHI2)
DES for PIC microcontrollers (was Re: TEA) (Eric Smith)
Re: Pencil and paper cipher. (Mack)
Why wasn't MARS chosen as AES? (UBCHI2)
Re: ISO an SHA-1 Implemention in Javascript (Mack)
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Pencil and paper cipher.
Date: Sat, 07 Oct 2000 01:59:23 GMT
I'm not certain if anything like this has been done before, so if it
has, somebody tell me. Also, if anyone can see any really obvious
attacks, tell me.
1) Drop one letter from the alphabet, probably j (replace it with i).
2) Convert the letters to numbers, writing them in base 5. Use either:
2a) Use the digits in order, so "a" becomes "00" and "z" becomes "44".
2b) Use a Playfair key, and use the row and column of each letter.
3) Move the first digit to the end of the message.
4) Convert digit pairs back to letters. See a and b in step 2.
5a) If a keyed substitution was used in 2 or 4, we could be done.
5b) Using a simple substitution table, encrypt the message.
5c) Alternatively, use Playfair. Do NOT insert an x between doubled
letters, use something else -- either copy them through, or use
(doubled) a letter that is in a certain position relative to the
plaintext (one up and to the right, or something like that).
Note that some sort of keyed transformation needs to be done in at least
one of steps 2 or 4 or 5, and using more than one keyed step may or may
not strengthen the system, but shouldn't weaken it. Also, using
different playfair keys for different steps may or may not make the
system stronger but shouldn't weaken it.
The way I personally would use this system is choose 2b, 4b, and 5a, and
use the same key for 2 and 4. Not only does this make things simple,
but I don't have to write down a partially encrypted message, if I can
keep 2-3 numbers in my head.
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: [EMAIL PROTECTED] (Mack)
Subject: Re: TC8 -- Yet Another Block Cipher
Date: 07 Oct 2000 01:59:39 GMT
>>You can have a look about birthday attacks concerning CBC-mode and any
>>64-bit block cipher:
>>
>>http://lasecwww.epfl.ch/birthday.shtml
>
>If I understand correctly, the "birthday attack" looks for two identical
>blocks of ciphertext, and then uses their predessor ciphertext blocks
>(which are the IV) to recover (cleartext1 XOR cleartext2)?
>
>A chaining mode like this (encryption)
>
> ciphertext = crypt( cleartext XOR chainregister );
> chainregister += cleartext; // 64bit
addition
> chainregister += ciphertext; // 64bit
addition
>
>shouldn't be vulnerable to birthday attacks, should it? The IV is
>a) influenced by unknown information (the cleartext) and b) carried
>on throughout the whole chain.
>
>
>
>
That is very similar to PCBC which is
ciphertext= crypt (cleartext XOR last_cleartext XOR lastciphertext)
Since these propagate the state by an additional 64 bits no it isn't
vulnerable to the birthday attack.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Sat, 07 Oct 2000 02:03:17 GMT
Jim Gillogly
[snip of some disadvantages of a variable round count]
> In short, I think picking a specific number makes good sense,
> even though I'm not sure what that number should be.
And if Jim Gillogly isn't sure, think where corporate America
stands. Just the three AES key lengths doom the nation, and
later the world, to waste vast quantities of time and money.
Enterprises all over the globe will task teams of programmers,
MBA's and accountants with choosing a key size. They'll hold
meetings. They'll write reports. Some will argue for the
efficiency of 128-bit keys, and then be condemned as
irresponsible by those who insist on 256. Others will argue
the need for "balance" as clearly offered by the 192-bit size.
And then the inevitable expert opinion: "while all sizes have
advantages and disadvantages, no one key size is suited for
all our applications". Corporate policy manuals will bloat
with "rules", "guidelines" and "authorities" for determining
the appropriate key size for every possible bit of data.
It's a fine cipher. Let's move on.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: No Comment from Bruce Schneier?
Date: 7 Oct 2000 02:05:56 GMT
[EMAIL PROTECTED] (Forrest Johnson) wrote in
<8rl4pq$[EMAIL PROTECTED]>:
>In article <[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] says...
>>
>> I guess that is why I never became
>>a manager. Its hard for me to lie.
>>
>>David A. Scott
>>
>Try again, Mr. Scott. Have you forgotten the claims you made a year or
>so ago about altering software in fielded weapons systems? I challenged
>you to prove those claims and you were unable to do so. Not only are
>you a liar, you are an accomplished one.
>
>
Well as Clinton or his clone Gore would say. It depends on your
defination of "lie" and just what is considered a fielded weapons
system. As an example I was an expert TC2 programmer and made
numberous changes in the programs and algoriths for that. But I
doubt you even know what a TC2 computer is. Hint it was made by
IBM.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Idea for Twofish and Serpent Teams
Date: Sat, 07 Oct 2000 02:32:28 GMT
JPeschel wrote:
> Runu Knips writes:
> >Helger Lipmaa wrote:
> >> There was a thread recently in this newsgroup, about the general
> >> attitude that guys who understand nothing about security try to
> >> strut and to demand and to insult those who know better.
> >
> >Tom might insult people unnecessarily in this NG, but
> >AFAIK he's far from being a 'guy who understand nothing
> >about security' !
>
> Much of what Tom posts is insulting, patronzing, wrong or exaggerated.
You sure you're not confusing Tom with David Scott?
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Idea for Twofish and Serpent Teams
Date: Sat, 07 Oct 2000 02:38:30 GMT
JPeschel wrote:
> Runu Knips writes:
> >Helger Lipmaa wrote:
> >> There was a thread recently in this newsgroup, about the general
> >> attitude that guys who understand nothing about security try to
> >> strut and to demand and to insult those who know better.
> >
> >Tom might insult people unnecessarily in this NG, but
> >AFAIK he's far from being a 'guy who understand nothing
> >about security' !
>
> Much of what Tom posts is insulting, patronzing, wrong or exaggerated.
You sure you're not confusing Tom with David Scott?
--
... perfection has been reached not when there is nothing left to
add, but when there is nothing left to take away. (from RFC 1925)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: one time pad using a pseudo-random number generator
Date: Sat, 07 Oct 2000 02:26:54 GMT
In article <[EMAIL PROTECTED]>,
"William A. McKee" <[EMAIL PROTECTED]> wrote:
> Is there a replacement for MT that is of cryptographic quality?
>
> Will.
Try the PRNG ISAAC.
http://burtleburtle.net/bob/rand/isaacafa.html
I'm a great fan of this algorithm as it is fast, statistically quite
good, the author claims undetectable bias under 2^64, and the seed is
computationally "hard" to determine (ie. break)
No one else has refuted these claims.
I'd like to see the profile of this algorithm raised as it appears much
better than algorithms based around RC4, and algorithms using
cryptographic hash functions eg SHA1. I say better for two reasons:
- Speed.
- The algorithm is designed to be a PRNG, not a block cipher, or a
hash function.
If more people use it, and more try to break it and can't, it gives a
better assurance of safety. There is so much effort in analysing block
ciphers, and hash functions today, but little effort on random number
generators.
Unseenrising.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sat, 07 Oct 2000 01:23:52 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: GOST (was Re: TEA)
=====BEGIN PGP SIGNED MESSAGE=====
Runu Knips wrote:
> Btw, there is a very good russian cipher, GHOST.
More precisely GOST 28147-89 (note spelling, and also note that GOST by
itself is just a shortening of Gosudarstvennyi Standard, i.e. a former
USSR government standard, much like a FIPS in the U.S.)
> It is very old and not
> too fast, but it is also still considered secure (and unlikely to change
> that state because it has a 256 bit key and 32 rounds, where each round
> is a little worse than original DES, on which this design was based).
GOST has large classes of weak keys and poor avalanche properties (it is
not broken as such, AFAIK, but only because of the large number of rounds).
See
C. Charnes, L. O'Connor, J. Pieprzyk, R. Savafi-Naini, Y. Zheng,
"Comments on Soviet encryption algorithm,"
Advances in Cryptology - EUROCRYPT '94 Proceedings, Volume 950 of Lecture
Notes in Computer Science (A. De Santis, ed.), pp. 433-438. Springer
Verlag, 1995.
C. Charnes, L. O'Connor, J. Pieprzyk, R. Safavi-Naini, Y. Zheng,
"Further comments on GOST encryption algorithm,"
Preprint 94-9, Department of Computer Science, The University of
Wollongong, 1994.
ftp://ftp.cs.uow.edu.au/pub/papers/1994/tr-94-9.ps.Z
John Kelsey, Bruce Schneier, David Wagner,
"Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES,"
Advances in Cryptology - Crypto '96 Proceedings. Springer-Verlag, August
1996.
http://www.cs.berkeley.edu/~daw/papers/keysched-crypto96.ps
(references from http://www.users.zetnet.co.uk/hopwood/crypto/scan/)
There are plenty of faster and better-analysed ciphers, so I wouldn't
recommend the use of GOST.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd43dzkCAxeYt5gVAQHlcwf/aXCxs14JZCR5M8elxEC4LSg4yCFz717s
BOk5xxu+PvDnyZ163/qM4QScF9rjH4h7YRpiIF/V6KcJ/u2aNrTYsMTtb0JFCJhT
N1cScZe2qol079QihCrZ126ETvz8zPkJFsWkHqGrd9Yeu5ANr70CDT3bZepB7f8y
SqfT8pOBW0EbCvg8Y7PH6IiXKT7vNmarJyE96Ctvt+HLu31H61xmQSa/RNA6+Z/o
9ceZ3NlsQZOKtRb2NTMm7LqKX4d1E0my608/os2eBhPip7BTW9VTJ1uyp+waDKiJ
hlUauU9QWAhWlp+BJKVKSKO9Ifn/OPFAa92IZCqFMpwTmPuZD/cj8Q==
=Hs8T
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Storing an Integer on a stream
Date: 7 Oct 2000 02:51:47 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>
>
>> You can use my DSC program.
>
>If I could find it. You didn't give a URL.
SORRY http://members.xoom.com/ecil/compres8.htm
>
>> If the file data is in whole bytes. and the padding starts on a word
>> boudary.
>
>That sentence no verb.
>
>> You can use my code without any modification at all. However the
>> format of your file would have to change. Instead of a length field
>> followed by data followed by random padding.
>
>This sentence also no verb.
But where you able to figure it out?
>
>> You would have the data followed by random padding followed by a
>> pointer that points to the start of the random padding.
>
>In terms of amount of information, there is no difference between length
>+ data + padding and data + padding + length. Also, either way, I asked
>how write a length value as some number of bytes. My post was asking
>what is the best way to do that.
Good the code does that.
>
>> You have all the information of the first file in a form that is
>> better suited for encryption.
>
>What proof do you have that your method is better suited than mine? I'm
>not saying it isn't, but I want to know what basis you use to make this
>assertion. If I were stating something were better, I would usually add
>"IMHO" or (in your case) "IMNSHO." Stating an opinion as a fact, and
>not offering evidence to back it up makes you look like an ass.
The proof is this. THe data combining is bijective to the set
of all binary files.
Meaning you take any 8bit byte type of file run it through UNDSC
and you get a data file with a intger in the range of 0 to N-1
where N is the Length of file. Just check it out my explaining
not as good as the simple examples.
>
>Thus, your method of writing the padding length at the end of the file,
>instead of writing the data length at the front, doesn't work at all if
>the length of the padding is variable, and only works if the number is
>written as a fixed number of bytes (or bits).
Really?
>> If you don't like this rearangement of format you can edit DSC to make
>> it fit what you want. The source code is included.
>
>IF your method does something other than one of those things I described
>above, I would appreciate a URL.
You have it above. You may have to modify it slightly you will
get a better idea when you look at code anad examples its all
there. Just but more faith in the code than any verbal explantion
that I might have added.
>
>--
>... perfection has been reached not when there is nothing left to
>add, but when there is nothing left to take away. (from RFC 1925)
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: what is wrapped PCBC?
Date: 7 Oct 2000 03:02:47 GMT
[EMAIL PROTECTED] (Mack) wrote in
<[EMAIL PROTECTED]>:
>>[EMAIL PROTECTED] (Mack) wrote in
>><20001006000832.15659.00000334@ng- fd1.aol.com>:
>>
>[snip]
>>>
>>>wrapped PCBC is basically a form of chaining similar to CBC and PCBC.
>>>It uses multiple passes over the text wrapping the last block to the
>>>front
>>>
>>>It is a form of AONT. If the encryption function is unbreakable
>>>wrapped PCBC is unbreakable.
>>>
>>>example
>>>
>>>P1 P2 P3 P4
>>>E1=f(P4^P1^P2)
>>>E2=f(E1^P2^P3)
>>>E3=f(E2^P3^P4)
>>>E4=f(E3^P4^E1))
>>
>> However in scott19u E1 does not overlay P1 there is a 9 bit shit
>>so that the file rotates 9 bits each pass.
>
>Interesting but it complicates the nice description. I can see the use
>but it slows it down.
Well scott16u is not slowed that much. Since I use
an 8 bit shift. But scott19u. is dam slow with the 9 bit shift.
I only ran it a few times on my 486. But scott19u flys on a k6-III
that I know have.
>
>>
>>>
>>>now here is where it gets interesting
>>>
>>>second round produces what we will call G
>>>G1=f(E4^E1^E2)
>>>G2=f(G1^E2^E3)
>>>G3=f(G2^E3^E4)
>>>G4=f(G3^E4^G1)
>>>
>>>notice that this is invertible
>>>
>>>In scott19u and relatives the second xor is changed to a +.
>>>
>>>It must be decrypted last block first to unwind it.
>>>In particular scott19u uses large tables for f and round keys.
>>>
>>>This prevents 'the Onions attack' by Paul Onions which is
>>>a form of Slide attack. It is interesting that it isn't mentioned
>>>in David Wagner's paper on Slide attacks. I believe David may have
>>>been around a bit when that attack was introduced.
>>>
>>
>> Well at the time David Wanger brought up his slide attack
>>he made a grand statement that it was the death of my cipher
>>until someone tried it and mentioned some of the problems it
>>caused for the slide attack. Wagner in only one small post
>>admitted that the slide attack may well not work against it
>>but that he did not really understand what my code did.
>>I guess having the complete source code that compiles was just
>>to hard for him to follow.
>> Actually I suspect he never looked at it at all and was just
>>spouting BS out his mouth. Most people who attend Berkeley are
>>quite arrogant. I konw I have met many of them and one of my siblings
>>went there for 3 years. But then again there are a few rare
>>good ones from there.
>>
>
>Yes but you think he would have given Paul some credit.
Well I think the so called crypto gods only go around
patting each other on the back. A ture independent thinker
like Paul Onions is an embarassment to them. Its obvious
he seems much sharper than Mr Wagner who has trouble reading
code. I wonder how you followed my code when the so called
experts could not. I don't see Mr Onions writting very ofen
but I like his thoughts on various things.
>
>>
>>>I posted a paper about it a long time back in sci.crypt.research
>>>I introduced IS8, RS8 and M8 of those only M8 had round keys
>>>and is still unbroken. It is in the north american crypto archive
>>>as X8.ZIP
>>>
>>
>> I remeber but for some reasom I thought your name was Maack
>>but then again I can't spell worth shit.
>>
>
>No the account I was using then was [EMAIL PROTECTED]
>
I do remember you. It just names are hard. I know it was
a different spelling of Mack but considering my dsylxeia
I think I got pretty dam close.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Idea for Twofish and Serpent Teams
Date: 07 Oct 2000 03:15:00 GMT
Benjamin Goldberg [EMAIL PROTECTED] writes:
>JPeschel wrote:
>> Runu Knips writes:
>> >Helger Lipmaa wrote:
>> >> There was a thread recently in this newsgroup, about the general
>> >> attitude that guys who understand nothing about security try to
>> >> strut and to demand and to insult those who know better.
>> >
>> >Tom might insult people unnecessarily in this NG, but
>> >AFAIK he's far from being a 'guy who understand nothing
>> >about security' !
>>
>> Much of what Tom posts is insulting, patronzing, wrong or exaggerated.
>
>You sure you're not confusing Tom with David Scott?
No. David Scott has been posting here a lot longer, and doesn't
use commas. I can see why you might confuse the two, though:
they're a lot alike, but don't like each other. One is an old cat
like me, and, also like me, not about to change; the other is
young enough to decide not to grow up to be like his nemesis.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
Date: Sat, 07 Oct 2000 01:55:30 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Oblivious transfer....
=====BEGIN PGP SIGNED MESSAGE=====
Gabby wrote:
> I want to find this paper:
>
> Mihir Bellare, Silvio Micali:
> Non-Interactive Oblivious Transfer and Spplications.
>
> Where do I find it ?
What you really wanted to ask is, how do I find it?
Do a search using MetaCrawler (www.metacrawler.com) on
"Non-Interactive Oblivious Transfer and Applications". That gives
Mihir Bellare and Silvio Micali,
Non-interactive oblivious transfer and applications.
In G. Brassard, editor, Advances in Cryptology -- CRYPTO '89,
Volume 435 of Lecture Notes in Computer Science, pages 547-557,
20-24 August 1989. Springer-Verlag, 1990.
1989 is too early for it to be on-line. However, Springer-Verlag sells
a CD with the Crypto and Eurocrypt proceedings from 1981 to 1997; it's
quite expensive, but extremely useful.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd50WTkCAxeYt5gVAQEJ1gf/Z8kj/9ebyS1w75Cq5+vb6IJ1ga63xQ8j
3pCOMHcoXgZbTq1eB8pG2Eg5T+beJqAnVrmas63jIpDTY4mcC7+fMVR7LKD2DzMN
oQCzBA/woIQYac39sRKG4mrbKFefTbkKW+MH6cc0SNdW+HMZJH/wNMrl8kph2ifY
IdNtXpP/EqQTUZDWLxJ+OqE7leaoP6/yp6njDfX/C5SRU4HshLYSPOD5lNrDePLI
pDA08wzyFcrfePf3nlpWPZIFd/YWp+eXnnGHNSqgTYaMOpbqOHZ4dHFYUKrhZMKb
B30sPdJOqAfzpIS0DeHzzi9jMOc1oSea19VsYNFzjEK6GjrMYSi67Q==
=2ejj
=====END PGP SIGNATURE=====
------------------------------
Date: Sat, 07 Oct 2000 01:56:38 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Elliptic Curve / Blowfish combination as an alernative to PGP ?
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
> Just wondering if anyone could give me an opinion on using a
> combination of an Elliptic Curve / Blowfish set to produce a type of
> Public key encryption solution for securing files, in contrast to using
> the PGP DLL solution? (client wants PGP type public/private security
> setup but wants to stear clear of actual PGP because of import
> regulations in one of their branch offices)
>
> Specifically I am looking at the Delphi components offered by TSM Inc
> (http://www.crypto-central.com).
If PGP can't be imported, why is writing your own software and importing
that any different (especially if you use crypto components produced by a
U.S. company)? What country is the branch office in?
> Their solution involves using their
> Elliptic Curve object to create a public/private key pair, then use an
> exchanged value from the Elliptic Curve object to act as an
> initalization key for the Blowfish object. Their documentation states:
>
> "TEllipticCurve is an implementation of an elliptic curve (ECC) based
> asymmetrical cryptosystem, based loosely on the work of Paulo Barreto
> and George Barwood, but extensively reworked to offer greater
> performance and stability."
If it's based on Pegwit, note that the curves over GF(2^255) used by
the original version of that program are no longer considered secure.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd50tzkCAxeYt5gVAQEiRwgAzzKS+CiSy7gza7RZUc6+5yQHQ8h0u+1h
KwALhf8dCzudBOOLzwy7YG5+Skm7cK9Mvx8oZiDttRfwFxERhpk/V0vR14b3/K8N
RbKGhMsJeeSN9a18t5uVo0bIJdpjEqf7n0p9qvt+QwFfyT525lrdZmfkPaK8Db/Q
HtAwRsmPuVTFZ1MXVdp3G9urAmVESV79zDeHt0dkeEmDuobmA6gvpfTm5MmbYKLV
tAfw2zGtSsA6rs0eMijauhmoCNNUU/Lr7I24/xUoo0mtKDVvSltNNugHCnz2sN2P
rpmGZ7+f5SDZBrhMRGIjQQtUn/4MWTRUqgUH5lXbcNFeaJDIciXRrQ==
=K5Ys
=====END PGP SIGNATURE=====
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: 06 Oct 2000 20:30:12 -0700
[EMAIL PROTECTED] (Mack) writes:
> After the Skipjack fiasco the NSA is being much more careful.
What Skipjack fiasco is that?
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Re: NSA quote on AES
Date: 07 Oct 2000 03:39:27 GMT
The NSA message could be interepreted differently. That the NSA intends to use
the encryption for the "information protection needs" of the government could
mean that it needs to make your communications unprotected to meet it's needs.
Let's see a definitive statement that they can't break the AES. Otherwise it's
just DES with a 10 year lag.
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: DES for PIC microcontrollers (was Re: TEA)
Date: 06 Oct 2000 20:39:39 -0700
"Nik" <[EMAIL PROTECTED]> wrote:
> I want to use TEA in the microcontroller (PIC 16C8x), because it(he) is
> very simply realized.
[EMAIL PROTECTED] (Marc) writes:
> There exist DES implementations that occupy 1/2 of the CODE space only.
> Don't know if the shortest ones are published though. The SAT TV hackers
> are a good starting point for your search.
Mine, called DESPICABLE, uses a total of 690 words on a PIC16C8x or
equivalent (any of the parts using the Microchip mid-range core). It's
available under the GPL at:
http://www.brouhaha.com/~eric/crypto/
If there are any other published DES implementations for PIC
microcontrollers (aside from Microchip's bigger, slower implementation
for the 17C4x), I'd like to hear about them.
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 07 Oct 2000 03:39:42 GMT
Subject: Re: Pencil and paper cipher.
>I'm not certain if anything like this has been done before, so if it
>has, somebody tell me. Also, if anyone can see any really obvious
>attacks, tell me.
>
>1) Drop one letter from the alphabet, probably j (replace it with i).
>
>2) Convert the letters to numbers, writing them in base 5. Use either:
>2a) Use the digits in order, so "a" becomes "00" and "z" becomes "44".
>2b) Use a Playfair key, and use the row and column of each letter.
>
>3) Move the first digit to the end of the message.
>
>4) Convert digit pairs back to letters. See a and b in step 2.
>
>5a) If a keyed substitution was used in 2 or 4, we could be done.
>5b) Using a simple substitution table, encrypt the message.
>5c) Alternatively, use Playfair. Do NOT insert an x between doubled
>letters, use something else -- either copy them through, or use
>(doubled) a letter that is in a certain position relative to the
>plaintext (one up and to the right, or something like that).
>
>Note that some sort of keyed transformation needs to be done in at least
>one of steps 2 or 4 or 5, and using more than one keyed step may or may
>not strengthen the system, but shouldn't weaken it. Also, using
>different playfair keys for different steps may or may not make the
>system stronger but shouldn't weaken it.
>
>The way I personally would use this system is choose 2b, 4b, and 5a, and
>use the same key for 2 and 4. Not only does this make things simple,
>but I don't have to write down a partially encrypted message, if I can
>keep 2-3 numbers in my head.
>
>--
>... perfection has been reached not when there is nothing left to
>add, but when there is nothing left to take away. (from RFC 1925)
>
>
>
>
>
I suggested something similar a while back using base 37. Only
instead of rearanging digits or using really odd base. You added
the previous digits to the current digit like a checksum but mod 37.
And then looped the sum for each round. A key was added as
digits at the beginning of each round and the actual base 37 substitution
table was part of the key.
Perhaps a better method would use an operation to produce the
substitution table from the key.
In your scheme rather than drop a letter simply include numbers
and use base 36/6.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
From: [EMAIL PROTECTED] (UBCHI2)
Subject: Why wasn't MARS chosen as AES?
Date: 07 Oct 2000 03:41:54 GMT
Why wasn't MARS chosen as AES?
------------------------------
From: [EMAIL PROTECTED] (Mack)
Date: 07 Oct 2000 03:41:44 GMT
Subject: Re: ISO an SHA-1 Implemention in Javascript
>Will appreciate any information on subject matter availability. I'm aware
>of a couple of MD5 implementations around, but haven't found an SHA source.
>Thanks, folks.
>
>Arnold Shore
>Annapolis, MD USA
>
>
>
>
>
I believe the crypto API for java includes SHA. I could be wrong but check
the SUN web site.
Mack
Remove njunk123 from name to reply by e-mail
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
