Cryptography-Digest Digest #882, Volume #12 Mon, 9 Oct 00 21:13:00 EDT
Contents:
Re: What is "freeware"? (was: Re: Any products using Rijndael?) ("Paul Pires")
Re: xor algorithm ("Paul Pires")
Re: What is "freeware"? (was: Re: Any products using Rijndael?) (John Savard)
Re: Why trust root CAs ? ("Lyalc")
Re: Why trust root CAs ? ("Lyalc")
Re: On block encryption processing with intermediate permutations (Bryan Olson)
R: newbie pathetic question ("Danilo")
Re: Advanced Encryption Standard - winner is Rijndael (wtshaw)
Re: TEA (David Wagner)
Re: It's Rijndael (David Wagner)
Quantized ElGamal ("William A. McKee")
Re: Microsoft CAPI's PRNG seeding mechanism (Tim Tyler)
Re: A new paper claiming P=NP (Mark William Hopkins)
Re: Internet Security Question (Paul Schlyter)
Re: What is "freeware"? (was: Re: Any products using Rijndael?) (Paul Schlyter)
Re: A new paper claiming P=NP (Ross Smith)
----------------------------------------------------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: Mon, 9 Oct 2000 15:10:17 -0700
Paul Schlyter <[EMAIL PROTECTED]> wrote in message
news:8rss7n$cv8$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Runu Knips <[EMAIL PROTECTED]> wrote:
>
> > Besides the fact that I believe Blowfish is very
> > hard to break (as described above), the two
> > *fish ciphers are also free, while using IDEA
> > legally is only possible in (a) freeware or
> > (b) for a IMHO really expensive license.
>
> What do youi consider "freeeware" ? Any software which can be
> legally used for free? Well, that's what I though, until I
> encountered someone in another NG who by "freeware" meant
> "copyrighted freeware" -- according to that person, "public domain"
> was a class of its own, distinct from "freeware". And most other
> participants in the NG seemed to agree.
>
> So I'd like to ask the participants in this NG: how do you
> define "freeware"? And in particular: is "public domain" one
> class of "freeware", or is it distinct from "freeware"?
I think the OP had it right. There is Public Domain. Where the user
is un-encumbered in his use of the technology (Note: does not mean
you can swipe copyrighted material verbatim) and Patented; Where
a license fee is paid to the owner OR a royalty free grant is made OR
where party B licenses from party A and supplies the software gratis
to all other parties. "Freeware". Freeware, to me, means the actual code
given to use for free.
Free is the status of the intellectual property in general as opposed to
encumbered.
Some folks confuse Non-Public Domain with secret. Typically,
Non-Public Domain is painfully disclosed and in the Public record.
It is the rights to commercialize that are restricted, not the knowledge
itself.
Paul
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: xor algorithm
Date: Mon, 9 Oct 2000 15:10:49 -0700
William A. McKee <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Antonio Merlo <[EMAIL PROTECTED]> wrote in message
> news:8rs4sr$mm7$[EMAIL PROTECTED]...
> > How strong will be an encryption method based on a xor operation with a
> pass
> > phrase (or password) an a buffer to encrypt? (suppossed a very strong
> > password of, let's say 16 letters, combining uppercase, lowercases and
> > digits)
> > How will you cryptoanalise that algoritm?
> >
> >
>
> If you use your password to seed a pseudo random number generator (PRNG)
> like ISAAC, WAKE, etc. and xor the buffer with the PRNG output, I think it
> can be quite secure. I may be wrong. I'm such a newbie :)
I'm a newbie too but I think you should point out that not all PRNG's
are equal. There are PRNG's and then there are Cryptographically
secure PRNG's. I am not sure about ISAAC. Regardless, this is a
stream cipher and has use limitations. A blanket statement that it
can be "Quite secure" could be misleading.You cannot re-use a keyed stream.
If the same key is used for two different messages and a
plaintext is known for one, it is trivial to slove for the other plaintext.
There are ways of dealing with this but it's not like falling off a log.
Stream ciphers and Block ciphers are not two different, but equivalent,
methods
How the password is used to seed the PRNG is not trivial either.
This can be hosed easily.
Paul
> Cheers,
> Will.
>
> --
> William A. McKee
> [EMAIL PROTECTED]
> Asia Communications Quebec Inc.
> http://www.cjkware.com
>
> "We're starfleet: weirdness is part of the job." - Janeway
>
>
>
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: Mon, 09 Oct 2000 22:12:03 GMT
On 9 Oct 2000 18:37:11 +0200, [EMAIL PROTECTED] (Paul Schlyter)
wrote, in part:
>So I'd like to ask the participants in this NG: how do you
>define "freeware"? And in particular: is "public domain" one
>class of "freeware", or is it distinct from "freeware"?
Most commonly, the former - public domain is a class of freeware -
when discussing questions like "are there any freeware programs
available to do this for me".
However, in discussions where the specific type of software is
important - where the topic is licensing itself - then "freeware" is
used in the sense of "free programs not in the public domain" in order
to have a short, consise, name for that individual category.
I think that latter meaning is probably considered to be the "correct"
one as well.
And, of course, *between* freeware and public domain, there lies open
source: where the program is copyrighted, but the source is available,
and its use is restricted only by conditions such as the GPL.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Tue, 10 Oct 2000 09:33:45 +1000
I don't see banks and card companies as the ones facing the biggest
challenge.
It's the individual customer and small business owner who has the biggest
challenge in all of this CA trust stuff.
And let's face it, trust is a one to one grant process.
It cannot be easily made a one to many grant, noe can it easily become a
many to on process without a huge amount of time and money to educate and
promote 'trust' to the masses.
Until then, CAs and digital signatures are simply a waste of time that are
not electronic signatures.
Lyal
Daniel James wrote in message ...
>In article <EM6E5.23226$[EMAIL PROTECTED]>, Lyalc wrote:
>> An electronic signature related to a specific purchase order has no
inherent
>> relationship to an electronic signature on the transaction paying for
that
>> order. That's how business is today, and neither CAs nor certs are going
to
>> change that anytime soon.
>
>No, I'm afraid you're probably right. That doesn't alter the fact that the
>technology exists to improve the security of the whole business model.
>
>> A certificate issued by your bank has no meaning when it comes to your
>> ability to send an email or be bound by the email's contents, apart from
>> saying "person X is known to us and has an account". What's in it for
the
>> bank? The bank has the same liability, added infrstructure to operate
and
>> no cost savings. Why would a bank be a CA?
>
>A bank would be a CA to issue certificates for its own customers' online
>banking and eCommerce activities because that eliminates the need for
anyone
>to trust a 3rd-party CA. A bank might well not want to accept any liability
>for any other use of the certificates it issues - but could do so as a
service
>to its customers if those customers demanded it (e.g. to stop them moving
>their business to another bank that did offer that service).
>
>> Trusting Root CAs:
>> Well, you can only trust them as much as you trust your software - no
more.
>> If a false "CA Root" cert is inserted into the CA Cert store ..., then
>> any certificate signed by that false CA will be trusted by your machine.
>
>You have to trust the software, certainly, and that is a problem that can
be
>at least partly solved by code-signing and other such techniques.
>
>If the certificate store for the root CA cert is a read-only file on your
>(smart) credit card you can have rather more confidence in it than if it
just
>resides on a disk.
>
>> Will you check the CA trust chain and CRL for every cert you receive?
>> If not, then you rely on the trust you place in your machine, not the CA.
>
>One should make that check, yes, whenever the certificate is used for any
>value-bearing transaction. I wouldn't expect a bank or credit card company
to
>have to uphold any payment made using a revoked or expired certificate.
>
>Cheers,
> Daniel
>
>
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Tue, 10 Oct 2000 09:35:39 +1000
Why does every sniffer and every server along the line need to see your name
and address that is embodied in the certificate?
Only you and the delivery agent need that information, yet certificates give
it all away, every time the certificate is used. No ifs, no buts,
privacy=zero.
Lyal
Daniel James wrote in message ...
>In article <[EMAIL PROTECTED]>, Anne & Lynn Wheeler wrote:
>> in retail business wtih consumer ... having consumer "identity"
>> certificates ... creates privacy issues.
>
>In face-to-face retail business, perhaps. For any (e)mail-order business
>the trader needs a delivery address and once that is disclosed there is
>very little privacy left.
>
>> Various financial operations have done relying party only certificates,
>> which address both privacy concerns and liability concerns. Effectively,
>> certificate contains the account number.
>
>Agreed. Privacy concerns are not a reason to eschew PKI schemes.
>
>> Given that the financial institution needs to read the account record
>> to obtain meaningful information (including the certificate original),
>..
>> Since every field in the copy of the certificate is also in the
>> original of the certificate, it is possible to compress the
>> certificate appended to the transaction to zero bytes. This can be
>> significant when an uncompressed certificate is 10-50 times larger
>> than the financial transaction it is appended to.
>
>Then, of course, only the bank can verify the signature. I think it's
>important that other parties involved in the transaction can verify the
>customer's signature, and so the full certificate will have to be sent
>with each transaction, and the full certification chain (and revocation
>lists) must be available to all parties. I agree that that adds somewhat
>to the volume of comms trafic for each transaction, but it does buy useful
>security.
>
>Cheers,
> Daniel.
>
>
>
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 09 Oct 2000 22:26:29 GMT
Mok-Kong Shen wrote:
> Bryan Olson wrote:
> > Mok-Kong Shen wrote:
> > > So does that imply that there is a factor of the order of
> > > 1000 in comparison with cracking the original block cipher?
> > > If not, why?
> >
> > Of course not. It does not imply, or even suggest, that there
> > is a tractable attack on the original block cipher.
>
> Let me see whether the following makes it more clear for
> you:
>
> Permutations are discrete entities. Nevertheless, one can
> say that there are permutations that are close to one
> other, i.e. neighbours. What if I use permutations that
> are not the identity but close to it? Does it mean that
> the job then becomes 'suddently' extremely easy as you
> claimed?
Please do not fabricate claims or quotes and attribute them to
me.
What I claimed once more:
| You specified a pseudo-random permutation. I wrote that a
| block with the properties that support the attack probably
| exists among about a thousand blocks.
That's enough for the attack. I don't need anything to
'suddently' happen close to the identity permutation.
> I suppose you can see from this why I consider
> your arguments to be problematical from the outset.
When David Hopwood wrote "Brian Olson is claiming..." he got
the claim exactly right. I urge you to study his clear and
accurate explanation.
--Bryan
--
email: bolson at certicom dot com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Danilo" <[EMAIL PROTECTED]>
Subject: R: newbie pathetic question
Date: Thu, 5 Oct 2000 14:56:21 +0200
> Your tree structure for English would be very predictable
I meant some kind of 'random' frequency table.
Of course this way I would more likely 'expand' rather than compress
the message, but my interest was just in making it hard to decode.
Danilo
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: alt.security.scramdisk
Subject: Re: Advanced Encryption Standard - winner is Rijndael
Date: Mon, 09 Oct 2000 15:36:48 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> At the moment, computer security is generally so pathetic that the
> government can waltz into your computer and wander off with all your
> files. Encrypting traffic that travels over the wires won't help
> much with this.
The control moguls simply railroad lowly consumers, and conspire to twart
any successful efforts caused by dissent. They hype defective technology
as the single viable choice while be merciless in their methods/
--
A Pangram: 57) *The Codebreakers often views juxaposed
cryptological maze quests.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: TEA
Date: 9 Oct 2000 15:56:06 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Runu Knips wrote:
>David Wagner wrote:
>> Remember, just because we don't know of any attacks don't mean
>> there aren't any.
>
>Which is true for any cipher, not only GOST.
Yes.
>> [3DES is the most secure]
No. That is not what I said, and the difference is crucial.
I said that 3DES has received the most scrutiny. Thus, if you had to make
an informed bet about which cipher is most likely to be secure, I'd say
3DES looks like a good bet -- it's offering about the best odds around.
*This* is why I prefer 3DES over GOST, even though I do not know of any
devastating attacks on either.
Evaluating the level of assurance is very different from comparing security
against the optimum (possibly unknown) attack.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: It's Rijndael
Date: 9 Oct 2000 15:52:17 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
>1. Why not define a meta-standard to be respected by all future
>protocols and which defines which cipher is used, at how many rounds,
>at which key size, and so on. Why not play it safe?
Well, this may be introducing its own set of risks.
What happens when Alice thinks N rounds were negotiated,
and Bob thinks N+1 rounds were negotiated? Answer: If
you can break the 1-round cipher, you can recover some
of the key. You might say "ok, so don't do that, then",
but it is an extra thing to worry about that you don't
have to worry about if you've got a standard number of
rounds.
And, anyway, I see little reason to believe that random
sysadmins are going to do a better job of choosing the
right number of rounds than the best the collective wisdom
of the research community could arrive at ... so this
now introduces the risk of operator error ("I wanted
better performance, and 4 rounds looked good to me").
------------------------------
Reply-To: "William A. McKee" <[EMAIL PROTECTED]>
From: "William A. McKee" <[EMAIL PROTECTED]>
Subject: Quantized ElGamal
Date: Mon, 09 Oct 2000 23:33:32 GMT
What is Quantized ElGamal? What is a timing-attack? Is ElGamal secure or
has it been broken?
TIA,
Will McKee.
--
William A. McKee
[EMAIL PROTECTED]
Asia Communications Quebec Inc.
http://www.cjkware.com
"We're starfleet: weirdness is part of the job." - Janeway
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Microsoft CAPI's PRNG seeding mechanism
Reply-To: [EMAIL PROTECTED]
Date: Mon, 9 Oct 2000 22:56:27 GMT
In sci.crypt.random-numbers ink <[EMAIL PROTECTED]> wrote:
: Jack Love dropped into the real world with a crash and proclaimed...
:> JCA <[EMAIL PROTECTED]> wrote:
:>> MS is well-known for not taking security seriously.
:>
:>Windows 2k was recently given a C2 rating.
: Only if you don't connect it to a network...
``NT earned its C2 rating as a standalone system, with no networking
enabled. If you take your C2Config C2-certified system and attach it
to your LAN, your system loses its C2 certification.''
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=3143
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ ILOVEYOU.
------------------------------
From: [EMAIL PROTECTED] (Mark William Hopkins)
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 10 Oct 2000 00:08:09 GMT
In article <8rt821$102$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Jeremy
Spinrad) writes:
>It would be nice to have a program at
>least so we could check whether the author could make the program answer
>the problem correctly before we do the difficult job of reviewing the paper.
Pshaw. Reviewing a proof is not difficult. That's P-time. FINDING the
proof, on the other hand, that's NP-time or worse. Since P is not equal to
NP, then reviewing is easier than finding.
Therefore, it should be fairly easy to spot the flaw in the paper. No
demo programs are needed.
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Internet Security Question
Date: 10 Oct 2000 01:13:21 +0200
In article <[EMAIL PROTECTED]>,
David Hopwood <[EMAIL PROTECTED]> wrote:
> Tony wrote:
>
>> I have a problem with a particular website. When I click on register I am
>> sent to a secure server. I am supposed to enter details here and click
>> send. However, when I double click on the padlock on Internet Explorer 5 &
>> 5.5, instead of telling me about the server certificate and the secure
>> connection it says "This certificate has failed to verify for all of it's
>> intended purposes".
>
> This is a bug in IE5 with SGC certificates. The last thing I heard was
> that Microsoft were refusing to fix it; they apparently don't think it's
> important because it is "just a user interface issue", which should tell
> you something about their attitude to security and correctness of software
> in general.
And even more interesting is this: if Microsoft indeed considers
"user interface issues" unimportant, why did they bother developing
and marketing Windows at all? Why weren't they content with a
command-line interface? After all, Windows is "just a user interface
issue", isn't it?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: What is "freeware"? (was: Re: Any products using Rijndael?)
Date: 10 Oct 2000 01:12:49 +0200
In article <[EMAIL PROTECTED]>,
John Savard <[EMAIL PROTECTED]> wrote:
>On 9 Oct 2000 18:37:11 +0200, [EMAIL PROTECTED] (Paul Schlyter)
>wrote, in part:
>
>>So I'd like to ask the participants in this NG: how do you
>>define "freeware"? And in particular: is "public domain" one
>>class of "freeware", or is it distinct from "freeware"?
>
>Most commonly, the former - public domain is a class of freeware -
>when discussing questions like "are there any freeware programs
>available to do this for me".
>
>However, in discussions where the specific type of software is
>important - where the topic is licensing itself - then "freeware" is
>used in the sense of "free programs not in the public domain" in order
>to have a short, consise, name for that individual category.
>
>I think that latter meaning is probably considered to be the "correct"
>one as well.
>
>And, of course, *between* freeware and public domain, there lies open
>source: where the program is copyrighted, but the source is available,
>and its use is restricted only by conditions such as the GPL.
I don't understand that "in between freeware and public domain" stuff.
Either the program is copyrighted, or it is not copyrighted. It cannot
be "in between", can it? Therefore open source is copyrighted freeware.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: Ross Smith <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Tue, 10 Oct 2000 13:23:26 +1300
Mark William Hopkins wrote:
>
> In article <8rt821$102$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Jeremy
>Spinrad) writes:
> >It would be nice to have a program at
> >least so we could check whether the author could make the program answer
> >the problem correctly before we do the difficult job of reviewing the paper.
>
> Pshaw. Reviewing a proof is not difficult. That's P-time. FINDING the
> proof, on the other hand, that's NP-time or worse. Since P is not equal to
> NP, then reviewing is easier than finding.
>
> Therefore, it should be fairly easy to spot the flaw in the paper. No
> demo programs are needed.
Ah, but that "...or worse" gives them an out. If reviewing a proof is
P-time, but *finding* the proof is *worse* than NP-time, then reviewing
can still be easier than finding without contradicting P=NP.
--
Ross Smith <[EMAIL PROTECTED]> The Internet Group, Auckland, New Zealand
========================================================================
"C++ is to programming as sex is to reproduction. Better ways might
technically exist but they're not nearly as much fun." -- Nikolai Irgens
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
