Cryptography-Digest Digest #877, Volume #12 Mon, 9 Oct 00 05:13:00 EDT
Contents:
Re: Can anyone point me to info on this privacy code ? Big sample (Jim Gillogly)
Re: (fwd) A secure encrypted IRC network. (David Schwartz)
Re: A new paper claiming P=NP (Rajarshi Ray)
Re: Microsoft CAPI's PRNG seeding mechanism (Jack Love)
Re: education where ???please help (Dido Sevilla)
RC5 Test Vectors ("Chris Kerslake")
ElGamal in Java ("William A. McKee")
Re: It's Rijndael (Bryan Olson)
Re: Internet Security Question ("Tony")
Re: CRC vs. HASH functions (Bryan Olson)
Re: How Colossus helped crack Hitler's codes (Olivier Breard)
Re: Why wasn't MARS chosen as AES? (Runu Knips)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Re: SDMI challenge (Scott Craver)
Re: Internet Security Question (Paul Rubin)
Re: A new paper claiming P=NP (Volker Hetzer)
Re: It's Rijndael (Bryan Olson)
Re: SDMI challenge (Scott Craver)
Re: SDMI challenge (David Blackman)
Re: TEA (Runu Knips)
----------------------------------------------------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: Can anyone point me to info on this privacy code ? Big sample
Date: Mon, 09 Oct 2000 04:16:05 +0000
webb wrote:
> I found a Usenet post in what appears
> to be a privacy code - looks to me like the stuff
> Subject: kqelm pcmncy insue deloe kjkskbz fhe efm tbeuf
> mkf From: [EMAIL PROTECTED] Date: 2000/04/09 Newsgroups:
> alt.fan.ed-wood
>
> Zefbfkllr rertsm xeky auifueemm flfasslf uny oeeiy oivei teu ysde
> feapi mbaxi mcf ndsvkm esr umuie!
It's produced by a spamming tool called Hipcrime.
See: http://www.howardknight.net/hipcrime/NewsAgent.html
There's no plaintext underneath it.
Actually, that'd be a good way to do stego. Since everybody <knows>
there's no underlying plaintext in this type of post, they won't bother
trying to decrypt it, just snarling at the spammers each time it turns
up.
--
Jim Gillogly
Trewesday, 18 Winterfilth S.R. 2000, 04:12
12.19.7.11.2, 5 Ik 5 Yax, Sixth Lord of Night
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: (fwd) A secure encrypted IRC network.
Date: Sun, 08 Oct 2000 21:30:59 -0700
those who know me have no need of my name wrote:
>
> <[EMAIL PROTECTED]> divulged:
>
> >The network seems to work well, and a lot of users come to it,
> >but as far as I know - it is in development stages.
>
> 120 isn't very many users. have you modeled what the flow requirements
> might be like when thousands are using it?
RC4 is fast enough that a server encrypting/decrypting with it could
easily encrypt/decrypt more traffic than could fit down its 'net pipes.
DS
------------------------------
From: Rajarshi Ray <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 09 Oct 2000 04:47:22 GMT
Stas Busygin wrote:
>
> Dear Fellows!
>
> A new paper has just been published in Stas Busygin's Repository
> for Hard Problems Solving. It is "An Efficient Algorithm for the
> Minimum Clique Partition Problem" by A. Plotnikov. Please find this
> proposal on efficient solving of an NP-hard problem at:
> http://www.busygin.dp.ua/clipat.html
> http://www.geocities.com/st_busygin/clipat.html (mirror)
>
> The publication policy of the repository may be found at:
> http://www.busygin.dp.ua/call.html
> http://www.geocities.com/st_busygin/call.html (mirror)
>
> Best regards,
>
> Stas Busygin
> email: [EMAIL PROTECTED]
> WWW: http://www.busygin.dp.ua
Is it not possible to implement the presented algorithm and try it out
on examples to see the growth rate, just as a preliminary check?
--
"The most incomprehensible thing about the universe is
that it is comprehensible."
- Albert Einstein
------------------------------
From: Jack Love <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Microsoft CAPI's PRNG seeding mechanism
Date: Sat, 07 Oct 2000 22:00:13 -0700
On Fri, 06 Oct 2000 07:30:18 -0700, JCA <[EMAIL PROTECTED]>
wrote:
>Pascal JUNOD wrote:
>
>> Does someone have any information about it, or do I have to trust
>> Microsoft about their crypto
>> capabilities ?
>>
>
> If anything, you would have to adopt the opposite attitude: trust that
>
>their crypto capabilities are flawed.
>
> MS is well-known for not taking security seriously.
>
>
>
Windows 2k was recently given a C2 rating.
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: education where ???please help
Date: Mon, 09 Oct 2000 13:42:57 +0800
simon wrote:
>
> dear group i live in surrey uk and wish to learn about cryptography
> but i cannot find anywhere that offers any courses please could anybody
> point me in a direction
> i would be very grateful
> SIMON P.........................
If you're an undergraduate, maybe you ought to be taking pure
mathematics and/or computer science first. Most universities would then
offer electives on cryptography and security to those whose research
directions turn to that area. And IIRC, at the graduate level, masteral
programs on such exist. I believe Cambridge Computer Lab provides a
formal graduate program on cryptography (gee, you actually get to have
Ross Anderson as a teacher...), among other universities.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
Reply-To: "Chris Kerslake" <[EMAIL PROTECTED]>
From: "Chris Kerslake" <[EMAIL PROTECTED]>
Subject: RC5 Test Vectors
Date: Mon, 09 Oct 2000 07:09:46 GMT
I am looking for test vectors for RC5 (and eventually other ciphers).
I have downloaded three different crypto-libraries off the Net and have been
trying to compare them, but before getting too serious I want to ensure that
they all return the same "correct" values, and thus the need for the test
vectors.
So far I have Wei Dai's Crypto++, Eric Young's libeay, BeeCrypt, and Bruce
Schneider RC5 (from Applied Crypto v2)... but the only test vectors I could
find were from Wei's code and when I run these vectors through Bruce's
implementation the encryption and decryption seemed to work (i.e. I got the
same out as in with a given key), but the vectors were scrambled?
Wei says:
(key)
00000000000000000000000000000000
(plain text)
0000000000000000
(encrypted text)
21A5DBEE 154B8F6D
Bruce's RC5 produces:
(encrypted text)
EEDBA521 6D8F4B15
Is this just an endian issue? I did write a function to swap the bytes
around to match Wei's results, but in order to decrypt the bytes they have
to be in the same order that they came out of the encrypt process...
- Chris
------------------------------
Reply-To: "William A. McKee" <[EMAIL PROTECTED]>
From: "William A. McKee" <[EMAIL PROTECTED]>
Subject: ElGamal in Java
Date: Mon, 09 Oct 2000 07:38:06 GMT
// Is this a correct implementation of ElGamal public key encryption /
decryption?
import java.math.BigInteger;
public class EGPublicKey
{
public BigInteger p, q, alpha, publicKey;
}
import java.math.BigInteger;
public class EGPrivateKey
{
public BigInteger p, secret;
}
public class EG
{
private final static int LENGTH (BigInteger i)
{
return (i.bitLength () - 1) / 32 + 1;
}
public final static BigInteger Encrypt
(BigInteger message, EGPublicKey key, BigInteger randomStart)
{
BigInteger x, K, c1, c2;
BigInteger result, one = new BigInteger ("1");
x = randomStart.mod (key.q).add(one);
if (!x.testBit(0))
x = x.add (one);
K = key.publicKey.modPow(x, key.p);
c1 = key.alpha.modPow(x, key.p);
c2 = message.xor(K);
result = c1.shiftLeft(LENGTH(key.p) * 32);
result = result.add(c2);
return result;
}
public final static BigInteger Decrypt
(BigInteger message, EGPrivateKey key)
{
BigInteger c2, K;
// it's a bit messy to recover c2 this way...
byte[] tmp = message.toByteArray();
byte[] sml = new byte [LENGTH(key.p) * 4];
for (int i = 0; i < sml.length; i++)
sml[i] = tmp[i + tmp.length - sml.length];
c2 = new BigInteger (1, sml);
// maybe c2 = message.mod(new BigInteger
("1").shiftLeft(LENGTH(key.p)*32)); is better?
K = message.
shiftRight(LENGTH(key.p) * 32).
modPow(key.secret, key.p);
return c2.xor(K);
}
}
// Also, how important is it that x is very random?
// TIA,
// Will.
--
William A. McKee
[EMAIL PROTECTED]
Asia Communications Quebec Inc.
http://www.cjkware.com
"We're starfleet: weirdness is part of the job." - Janeway
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 09 Oct 2000 07:34:33 GMT
Dianelos wrote:
> 1. Why not define a meta-standard to be respected by all future
> protocols and which defines which cipher is used, at how many rounds,
> at which key size, and so on. [...]
I think parameterization in protocols makes sense, but not
if it delays by more than five minutes the actual deployment
of reasonable cryptosystems, and not if it prevents true
end-to-end encryption in the devices that people actually
use to communicate.
>
> 2. If naked AES is used, why not always use 256 bit keys?
[...]
Entirely reasonable, and more efficient than the endless
debates. But I'd say the same about 128 bits.
I care about two cryptologic pursuits: scientific results
and actual protection of people's data. The paper-tiger
systems don't clearly help with either one. Arguments on
the danger of 10 rounds versus 20 seem kind of moot while
the world runs on un-authenticated cleartext.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Reply-To: "Tony" <[EMAIL PROTECTED]>
From: "Tony" <[EMAIL PROTECTED]>
Subject: Re: Internet Security Question
Date: Mon, 9 Oct 2000 08:49:47 +0100
"Paul Rubin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Tony" <[EMAIL PROTECTED]> writes:
>
> > Hi,
> >
> > I have a problem with a particular website. When I click on register I
am
> > sent to a secure server. I am supposed to enter details here and click
> > send. However, when I double click on the padlock on Internet Explorer
5 &
> > 5.5, instead of telling me about the server certificate and the secure
> > connection it says "This certificate has failed to verify for all of
it's
> > intended purposes". This message is a bit vague but to me it says there
is
> > a problem with the security, probably to do with the authentication
> > process. Can anyone tell me exactly what it means?
>
> What site is it? There is a known bug between MSIE and certain Verisign
> SGC certificates. IE shows that error but it doesn't mean anything.
> If you post the URL, I'll check it. Or if you look at the certification
> path, and it's something like
>
> Verisign Public CA
> \_ Verisign International CA
> \_ site certificate
>
> then that's what you're seeing. I figured out the details of the
> problem once but don't remember them. Basically the certificate is
> marked as certifying web sites (which is fine, and which is what you
> want) and also for some other thing that its CA is not marked for.
>
> If you're really worried, call Verisign customer service and ask them
> to explain it to you.
Thanks for your help regarding this issue. I actually phoned their help
line 4 times. On each occasion they give a different reason for the problem
but one of the explainations what almost exactly what you said.
The path is:
VeriSIgn Class 3 Public Primary CA
\_ www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Verisign
\_The domain of the sercure server address
Two hours after me being quite persistant on the phone that there is a
problem, the secure server went down and has been down for 10 hours so far.
Internet Explorer gives it's usual nonsense generic error message. I've
checked and the domain name for the server can't be resolved.
Thanks for the advice about phoning Verisign, I'll do that.
I can't say what site it is yet, I'll explain why later.
Thanks again,
Bruce.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: CRC vs. HASH functions
Date: Mon, 09 Oct 2000 07:54:07 GMT
Mack wrote:
> CRC's are generally best for:
>
> 1) compressing entropy free from outside influence.
That one is debatable. Noise (the part we want in this
application) that appeared largely in multiples of the
CRC polynomial would be very surprising, but not
inconceivable.
> 2) Hashing data for table lookups or other non-security oriented
> identification.
> 3) Random single bit error detection and burst error detection.
I think any time I need a digest larger than 64-bits, I
would always use a cryptographic hash. I cannot envision a
case where I would believe I hit a 2^-64 shot (or even a
2^-32) before I would suspect foul play.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Olivier Breard <[EMAIL PROTECTED]>
Subject: Re: How Colossus helped crack Hitler's codes
Date: Mon, 9 Oct 2000 10:04:42 +0200
I will be OFF-TOPIC, or almost, but i want to say that I loved the reading
of Robert Harris ' Enigma book.
Maybe not technical enough for cryptographers, but i think it is good in
showing us the whole atmosphere of Bletchley Park.
Arrrgggg, what a pity i can't easily visit BP !
I want to explain to all of you, that my first, yet decisive, meeting with
crypto was in London National Museum of Science and Industry, where i stood
for about 1 hour in front of a curious typewriter, with some lamps on it...
That's how i discovered the Enigma. THE object, THE machine.
- A marvellous machine, even if it helped killing lots of people. The tool
for a world-wide invasion, but a great crypto idea... -
Since then, i just can't wait visiting England again, with only one
objective: NMSI and BP afterwards ! A crypto trip, that is.
Even if i am not easy at all with maths, i love the reading of crypto
papers, and stories gathered on the Net !
I don't know what you all think about 'paper&pencil' crypto, but it was much
more fun than pure math encryption, don't you think ? I take more pleasure
in reading about Vigenere, Playfair, Scytale, Enigma (-Even if there is lots
of math in it-) and others, than reading about public and private keys....
Just my humble opinion. You will reply that you can't achieve max security
with paper-cyphers, true but....
Thank you all, for giving life to this crypto newsgroup !!
A crypto newbie. An Enigma lover,
Olivier.
Helger Lipmaa a �crit dans le message <[EMAIL PROTECTED]>...
>Quite interesting report at
>http://www.telegraph.co.uk/et?ac=003549412141223&rtmo=wAfMMQKb&atmo=gggggg3
K&pg=/et/00/9/30/ncol30.html
>
>---
> THE full story of how Hitler's secret codes were
>cracked by a rudimentary
> computer was told officially for the first time
>yesterday.
>
> The Government Communications Headquarters at
>Cheltenham declassified a
> two-volume technical report on Colossus, the
>forerunner of the post-war digital
> computer that saw the first practical use of
>large-scale program-controlled
> computing. Released through the Public Record
>Office, the 500-page report
> features photographs, specifications and detailed
>notes about Colossus and other
> code-breaking devices.
>
> The report also contains the blueprint of Colossus
>2, an upgraded "production
> model". This began operation on June 1, 1944, in
>time to decipher messages
> confirming that Hitler had swallowed the Allies'
>deception campaigns, giving them
> the confidence to go ahead with the invasion of
>Europe.
>
> More Colossi followed at the rate of about one a
>month and by the end of the war
> there were 10 at Bletchley Park, the secret
>codebreaking establishment in
> Buckinghamshire.
>
>[...]
>
------------------------------
Date: Mon, 09 Oct 2000 10:29:19 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Why wasn't MARS chosen as AES?
UBCHI2 wrote:
> Why wasn't MARS chosen as AES?
Why do you think it should have been ?!? According to my
best knowledge, it was the weirdest and worst of all of
the finalists, and, like RC6, failed to meet the
requirement to offer high key agility in hardware.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 09 Oct 2000 10:47:59 +0200
David Hopwood wrote:
>
> Mok-Kong Shen wrote:
> > Bryan Olson wrote:
> [Re: an attack on a block cipher encryption mode that uses the
> fact that intermediate data is leaked from between rounds]
>
> > > The attack is efficient - check it out. I already estimated
> > > it should run within five minutes. Of course the end-game
> > > depends on the block cipher which is unspecified, but the
> > > attack isolates the last round or two, so most should then
> > > fall quickly.
> >
> > So you can implement it e.g. with DES and check it
> > out. Given the fact that the communication partners are
> > using a certain block cipher in the normal way with a
> > certain key. Now design the set of messages that you'll
> > need to crack my scheme. Since you don't know the serect
> > seed, you have no idea of what the permutations are. It
> > means that, since you claim that your method works, the
> > set of messages must be able to crack in the special
> > case where the PRNG delivers the identity permutation.
> > But this special case means that you have before you
> > exactly the original scheme. So you can crack DES within
> > five minutes. What a world sensation that would have been!!
>
> This argument is quite obviously wrong. Brian Olson is claiming
> that the scheme can be broken with high probability (and given
> reasonable parameter choices) when the permutation is random.
> That does not imply that it can be broken if you choose a
> specific permutation. In order to be secure, a scheme has to
> be unbreakable in all cases except with negligable probability;
> it's certainly not sufficient for it to be secure in one case.
He never mentioned in his posts in this sense. He said
he could somehow adapt to the permutation, which means
getting that information from trials (chosen plaintext)
and which seems indeed feasible if 'sufficient' (how
large is another matter) materials can be obtained. If
the hardness of a break depends on the permutation,
then an average value (the statistical expectation)
should count. But he in two posts claimed that the
scheme can be broken in five minutes. Do you think
that it is ever possible that the scheme can be broken
in five minutes for each and every permutation EXCEPT
the identity permutation??
M. K. Shen
------------------------------
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
from: [EMAIL PROTECTED]
reply-to: [EMAIL PROTECTED]
Date: 09 Oct 2000 08:34:15 GMT
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI challenge
Date: 9 Oct 2000 08:31:47 GMT
Dido Sevilla <[EMAIL PROTECTED]> wrote:
>Scott Craver wrote:
>>
>> Hurry up, you have 3 1/2 hours to submit an attack.
>
>Let him wait. I hope he publishes his attack two days *after* the RIAA
>has committed to using a particular technology.
I have no reason to wish upon the poor fellow the same thing
what happened to the author of DeCSS. Anyone who believes SDMI
analysis should be postponed until SDMI is set in stone should
be willing to pay any legal bills or fines cryptanalysts' might
accumulate.
Remember, DMCA does not just prohibit distributing programs
to eliminate copy-protection mechanisms, but also creating
them. If you publish results that you could only know if
you created such a program....
In fact, there's a kind of perjury trap associated with the
DMCA. Suppose a company sells a fraudulent copy protection
system. In the good ol' days of consumer protection laws
you could report them. Now, however, if you warn the public
that their system is trivially breakable you must either
(a) have broken the DMCA to have evidence for this, or
(b) have not collected any evidence, and deserve to be taken
to court for libel.
>Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
-S
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Internet Security Question
Date: 09 Oct 2000 01:41:45 -0700
"Tony" <[EMAIL PROTECTED]> writes:
> Thanks for your help regarding this issue. I actually phoned their help
> line 4 times. On each occasion they give a different reason for the problem
> but one of the explainations what almost exactly what you said.
>
> The path is:
>
> VeriSIgn Class 3 Public Primary CA
> \_ www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Verisign
> \_The domain of the sercure server address
Yes, that is an SGC cert (Verisign Global ID). This is starting to
come back to me. It's actually a Verisign bug. Verisign's
International CA (the middle CA in the picture) is marked as having
more capability than the Primary CA which signed it. Old browsers
didn't care but newer versions of IE show that annoying message.
You can make the message stop appearing in your browser by selecting
the Public Primary certificate in the Certification Path screen, then
click "View Certificate", select the "Details" tab, click "Edit
properties", and select "Enable all purposes for this certificate".
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Mon, 09 Oct 2000 10:47:12 +0200
Stas Busygin wrote:
>
> Dear Fellows!
>
> A new paper has just been published in Stas Busygin's Repository
> for Hard Problems Solving. It is "An Efficient Algorithm for the
> Minimum Clique Partition Problem" by A. Plotnikov. Please find this
> proposal on efficient solving of an NP-hard problem at:
> http://www.busygin.dp.ua/clipat.html
> http://www.geocities.com/st_busygin/clipat.html (mirror)
The paper is very hard to read. Could you please advise the author
to \usepackage{times} in his source code before his \begin{document}?
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Mon, 09 Oct 2000 08:35:33 GMT
John Savard wrote:
> Jim Gillogly wrote in part:
>
> >Interesting use of "product", but OK. If you're building your own
> >Secure-IRC client and want it to interoperate with somebody else's
> >Secure-IRC server,
>
> All he is saying is that, for example, an SET client won't
> interoperate with an SSL server, even if both use Rijndael as their
> symmetric cipher.
They also won't interoperate if they use cleartext.
Using a standard cipher doesn't imply interoperability,
but deviation can certainly screw it up. A protocol
spec could specify it's own variant, but then all the
tools that support the standard cipher would be useless.
It's also easy to write ambiguous specifications; the
obvious way to add rounds to a cipher may not be obvious
to everyone.
The hard part of crypto programming is to implement
protocols correctly so that one's products interoperate
with others. One key to getting things right in both
specification and implementation, is to use components
that interoperated before.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: SDMI challenge
Date: 9 Oct 2000 08:42:48 GMT
Scott Craver <[EMAIL PROTECTED]> wrote:
>
> I have no reason to wish upon the poor fellow the same thing
> what happened to the author of DeCSS. Anyone who believes SDMI
> analysis should be postponed until SDMI is set in stone should
> be willing to pay any legal bills or fines cryptanalysts' might
> accumulate.
Of course, it is possible to perform all your attacks during the
challenge and not publish them until long after. However, unless
the watermark signal is so obvious as to be clearly removable
without an oracle (and you don't know if there's more than one
mark in the music!) then you might need to submit attacked files
to their oracle to see if your hunches are correct.
So if you submit an attacked file to the oracle and it works, then
they know there is an attack on that scheme. But you don't need
to worry about this, as I am quite certain that every watermarking
scheme's oracle had a successful attack submitted to it. It
won't help them to pick the scheme broken the least, since one
break is enough to be written into cracking software by an anonymous
overseas hacker.
> -S
By the way, the oracles SUCKED. The watermarked ones only gave
you a two-valued response, succeed or fail. Success consists of
TWO bits, however: success in removing the mark and success in
keeping the audio quality "high" by their standards. If you fail,
you are not told which count failed.
In the real world, an oracle would be an SDMI device, and an
attacker would clearly know which of these two requirements are
being met. Hence researchers were given less data than a hacker
would have with a black-box device.
-S
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: SDMI challenge
Date: Mon, 09 Oct 2000 19:53:54 +1100
Scott Craver wrote:
Much of DMCA is very unconstitutional, including the parts needed to
enforce the below. It would be nice if someone was brave enough to break
those parts so that this could be confirmed by the courts. Of course,
that would entail risks and probably significant court costs, so don't
do it unless you're prepared.
For people outside the USA, DMCA should not be a problem, but local laws
do need to be considered, and most other countries don't have any
constitutional protection for basic human rights like freedom of speech.
>
> I have no reason to wish upon the poor fellow the same thing
> what happened to the author of DeCSS. Anyone who believes SDMI
> analysis should be postponed until SDMI is set in stone should
> be willing to pay any legal bills or fines cryptanalysts' might
> accumulate.
>
> Remember, DMCA does not just prohibit distributing programs
> to eliminate copy-protection mechanisms, but also creating
> them. If you publish results that you could only know if
> you created such a program....
>
> In fact, there's a kind of perjury trap associated with the
> DMCA. Suppose a company sells a fraudulent copy protection
> system. In the good ol' days of consumer protection laws
> you could report them. Now, however, if you warn the public
> that their system is trivially breakable you must either
> (a) have broken the DMCA to have evidence for this, or
> (b) have not collected any evidence, and deserve to be taken
> to court for libel.
>
> >Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
>
> -S
------------------------------
Date: Mon, 09 Oct 2000 10:59:18 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: TEA
David Wagner wrote:
> Remember, just because we don't know of any attacks don't mean
> there aren't any.
Which is true for any cipher, not only GOST.
> [3DES is the most secure]
I can't prove the opposite :-)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
