Cryptography-Digest Digest #884, Volume #12 Tue, 10 Oct 00 01:13:01 EDT
Contents:
Developer courses in PKI? ([EMAIL PROTECTED])
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: NSA quote on AES (Greggy)
Re: Microsoft CAPI's PRNG seeding mechanism (Greggy)
Re: A new paper claiming P=NP ("Trevor L. Jackson, III")
Re: NSA quote on AES (Jim Gillogly)
Re: NSA quote on AES (David Schwartz)
Re: Can anyone point me to info on this privacy code ? Big sample included.
(webb)
Re: Quantized ElGamal ("John A. Malley")
RSA signing in Perl on FreeBSD (Pete Ness)
Re: Any products using Rijndael? (Charles Blair)
Re: xor algorithm ("Paul Pires")
Re: Why trust root CAs ? (Greggy)
AES Runner ups (Greggy)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Developer courses in PKI?
Date: Tue, 10 Oct 2000 01:59:32 GMT
I'm looking into developing my product such that it fits into
a PKI infrastructure properly. Obviously, I would like to take
some courses since I've never even worked with PKI before in
my life. I only have a vague notion of certificates and would
like to learn exactly what this is, with the help of a real-
life teacher, not a book.
Does anyone have any suggestions for courses (preferably in
the Bay Area, or Hawaii :-) ) from companies that would teach
PKI courses from the perspective of programmers, and NOT
certificate server admins?
Thanks,
Kev
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:09:04 GMT
> > :> >"The National Security Agency (NSA) wishes to congratulate the
> National
> > :> >Institute of Standards and Technology on the successful
selection of
> an
> > :> >Advanced Encryption Standard (AES). It should serve the nation
well.
> In
> > :> >particular, NSA intends to use the AES where appropriate in
meeting
> the
> > :> >national security information protection needs of the United
States
> > :> >government."
> > :>
> > :> These are weseal words if nothing else. To say they will use
it
> > :> where its appropraite does not mean anything at all. They may
> > :> only use it in the sense of decoding messages. And they don't say
> > :> where its appropriate for them to use. But I guess it is to much
> > :> to expect an honest anwser from them.
> >
> > : Once again we can see that accuracy and objective analysis are
not among
> > : your stronger abilities.
> >
> > : You see 'where appropriate' as a 'let out' clause but you fail to
notice
> > : that the statement also says that NSA intends to use the AES in
meeting
> the
> > : national security ***information protection*** needs of the United
> States
> > : government".
> >
> > : There are none so blind as those who will not see.
> >
> > The get-out clause reduces the positive statement about intended use
> > to meaninglessness.
>
> What you mean is that *you* see this statement as meaningless because
you
> judge that NSA is being insincere in making it.
No, I think what he means is that it is insincere because it is coming
from an insincere agency cloaked in insincerity and it offers no
meaningful information for any of us to glean from. I mean what did
you expect the NSA to say?
They said what I would have expected them to say - absolutely nothing
of substance.
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:11:50 GMT
> It can be interpreted in various ways.
Ya, like "We say nothing, we mean nothing!"
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:11:01 GMT
> >> :> These are weseal words if nothing else. To say they will use
it
> >> :> where its appropraite does not mean anything at all. They may
> >> :> only use it in the sense of decoding messages. And they don't
say
> >> :> where its appropriate for them to use. But I guess it is to much
> >> :> to expect an honest anwser from them.
> >>
> >> : Once again we can see that accuracy and objective analysis are
not among
> >> : your stronger abilities.
> >>
> >> : You see 'where appropriate' as a 'let out' clause but you fail
to notice
> >> : that the statement also says that NSA intends to use the AES in
meeting
> >the
> >> : national security ***information protection*** needs of the
United
> >States
> >> : government".
> >>
> >> : There are none so blind as those who will not see.
> >>
> >> The get-out clause reduces the positive statement about intended
use
> >> to meaninglessness.
> >
> >What you mean is that *you* see this statement as meaningless
because you
> >judge that NSA is being insincere in making it.
> >
> >I take a different view, namely that this is a sincere statement of
support
> >and that NSA does intend to use the algorithm for protecting some US
> >national security information. Their policy does not surprise me
since
> >there are very good reasons for doing this.
> >
> > Brian Gladman
> >
>
> Certainly AES is appropriate for sensitive non-classified data.
After the
> Skipjack fiasco the NSA is being much more careful.
EXACTLY !
>
> But I don't see the NSA using a public algorithm for classified data.
Why not? If it aint good enough for classified data why would anyone
think it good enough at all? I mean security is on or off as far as I
am concerned. There is no maybe about it. Maybe can get you into
trouble.
> Security by obscurity is still an added layer of security. If it is
> only a thin veil it may be all that is necessary to prevent some
> information from falling into the 'wrong' hands.
>
> Mack
> Remove njunk123 from name to reply by e-mail
>
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:12:24 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Brian Gladman <[EMAIL PROTECTED]> wrote:
> : "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> :> Brian Gladman <[EMAIL PROTECTED]> wrote:
>
> :> : You see 'where appropriate' as a 'let out' clause but you fail
to notice
> :> : that the statement also says that NSA intends to use the AES in
meeting
> :> : the national security ***information protection*** needs of the
> :> : United States government".
> :>
> :> The get-out clause reduces the positive statement about intended
use
> :> to meaninglessness.
>
> : What you mean is that *you* see this statement as meaningless
because you
> : judge that NSA is being insincere in making it.
>
> I don't doubt their sincerity.
WHAT SINCERITY!?!?!?!
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:13:41 GMT
> : What you mean is that *you* see this statement
> : as meaningless because you judge that NSA is being
> : insincere in making it.
> I don't doubt their sincerity.
NSA Sincerity - isn't that an oxymoron? How can a super secret agency
be sincere in what they say?
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:14:58 GMT
> I can draw the conclusion that NSA will use AES to
> protect some US national security information - not
> just 'something', which is much less specific.
You said you "can", but I don't see how. They never touched on this
mater in their statement.
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Microsoft CAPI's PRNG seeding mechanism
Date: Tue, 10 Oct 2000 02:16:53 GMT
Uh, why would you even consider using CAPI?
For more information, see http://www.ciphermax.com/ecc/Technology.html
for why I ask...
> I'm looking for some documentation about the internal seeding
mechanism
> of the
> Microsoft CAPI's cryptographic secure PRNG.
>
> Does someone have any information about it, or do I have to trust
> Microsoft about their crypto
> capabilities ?
>
> A+
>
> Pascal
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> * Pascal Junod, [EMAIL PROTECTED] *
> * Laboratoire de S�curit� et de Cryptographie (LASEC) *
> * INR 313, EPFL, CH-1015 Lausanne, Switzerland ++41 (0)21 693 76 17 *
> * Place de la Gare 12, CH-1020 Renens ++41 (0)79 617 28 57 *
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 09 Oct 2000 22:43:02 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Mark William Hopkins wrote:
> In article <8rt821$102$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Jeremy
>Spinrad) writes:
> >It would be nice to have a program at
> >least so we could check whether the author could make the program answer
> >the problem correctly before we do the difficult job of reviewing the paper.
>
> Pshaw. Reviewing a proof is not difficult. That's P-time. FINDING the
> proof, on the other hand, that's NP-time or worse. Since P is not equal to
> NP, then reviewing is easier than finding.
>
> Therefore, it should be fairly easy to spot the flaw in the paper. No
> demo programs are needed.
Hmmm. Assuming the conclusion. Useful technique that. ;-)
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Tue, 10 Oct 2000 02:56:21 +0000
Greggy wrote:
> > But I don't see the NSA using a public algorithm for classified data.
>
> Why not? If it aint good enough for classified data why would anyone
> think it good enough at all? I mean security is on or off as far as I
> am concerned. There is no maybe about it. Maybe can get you into
> trouble.
Nobody, least of all the NSA, has said it isn't good enough for classified
data. It won't be used for classified data because it wasn't designed by
the process used to select algorithms for use with classified data. Maybe
it is good enough, maybe it isn't -- nobody who knows is saying.
AES certainly appears to be plenty good enough for <my> secrets.
--
Jim Gillogly
Hevensday, 19 Winterfilth S.R. 2000, 02:53
12.19.7.11.3, 6 Akbal 6 Yax, Seventh Lord of Night
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: NSA quote on AES
Date: Mon, 09 Oct 2000 19:58:58 -0700
Greggy wrote:
> Why not? If it aint good enough for classified data why would anyone
> think it good enough at all? I mean security is on or off as far as I
> am concerned. There is no maybe about it. Maybe can get you into
> trouble.
In the real world, engineering is full of compromises. Taking any
particular design parameter to an extreme will get you nowhere.
In particular, attemping to pick an incredibly strong cryptosystem is
likely to get you only a falase sense of security. The weak link will be
the keyboard you use to type in the key, the camera in the room watching
you press key, the emissions from your monitor, the memory you store the
key in, the people who know the key, the operating system the key passes
through, and so on.
A cryptographic algorithm has to be strong enough for its intended
purpose. A little bit stronger doesn't hurt.
DS
------------------------------
From: webb <webb*stop-spam*@att.net>
Subject: Re: Can anyone point me to info on this privacy code ? Big sample
included.
Reply-To: webb*stop-spam*@att.net
Date: Tue, 10 Oct 2000 03:14:45 GMT
Jim-
Just want to say many thanks for your post.
Didn't know about NewsAgent, let alone its gibberish generator;
have only read 1/2 of its lengthy description so far.
Didn't know about stego, nor watermarking etc.
either so your pointers have set me off learning a bunch of new
and interesting stuff.
Very best regards, Webb
==============================
On Mon, 09 Oct 2000 04:16:05 +0000, Jim Gillogly <[EMAIL PROTECTED]> wrote:
|webb wrote:
|> I found a Usenet post in what appears
|> to be a privacy code - looks to me like the stuff
|
|> Subject: kqelm pcmncy insue deloe kjkskbz fhe efm tbeuf
|> mkf From: [EMAIL PROTECTED] Date: 2000/04/09 Newsgroups:
|> alt.fan.ed-wood
|>
|> Zefbfkllr rertsm xeky auifueemm flfasslf uny oeeiy oivei teu ysde
|> feapi mbaxi mcf ndsvkm esr umuie!
|
|It's produced by a spamming tool called Hipcrime.
|See: http://www.howardknight.net/hipcrime/NewsAgent.html
|There's no plaintext underneath it.
|
|Actually, that'd be a good way to do stego. Since everybody <knows>
|there's no underlying plaintext in this type of post, they won't
bother
|trying to decrypt it, just snarling at the spammers each time it
turns
|up.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Quantized ElGamal
Date: Mon, 09 Oct 2000 21:03:55 -0700
"William A. McKee" wrote:
>
> What is Quantized ElGamal? What is a timing-attack?
There are attacks on cryptosystems relating the time it takes to
calculate private key operations to the values of exponents, keys, etc.
See:
http://www.ecst.csuchico.edu/~atman/Crypto/misc/timing-attack.html
http://www.cryptography.com/timingattack/paper.html
An immediate way to prevent timing attacks is to make all operations
take exactly the same amount of time.
I believe that's what's meant by "quantized."
> Is ElGamal secure or
> has it been broken?
>
ElGamal is based on the Discrete Logarithm Problem and the
Diffie-Hellman Problem. With judicious selection of "large" prime number
modulus and an unpredictable (cryptographically secure) pseudorandom
number source, ElGamal is as secure as algorithms to solve the Discrete
Logarithm Problem permit. See Chapters 3 and 8 and Chapter of the
Handbook of Applied Cryptography at
http://cacr.math.uwaterloo.ca/hac/
you can download them there.
There's a excellent paper from D. Boneh, A. Joux and P. Nguyen, "Why
Textbook ElGamal and RSA Encryption are Insecure" on the need to
pre-process messages before using "textbook" ElGamal. It's also a good
review of the security of ElGamal. From the abstract on Prof. Boneh's
web site:
"We present an attack on plain ElGamal and plain RSA encryption. The
attack shows that without proper preprocessing of the plaintexts, both
ElGamal and RSA encryption are fundamentally insecure. Namely, when one
uses these systems to encrypt a (short) secret key of a symmetric cipher
it is often possible to recover the secret key from the ciphertext. Our
results demonstrate that preprocessing messages prior to encryption is
an essential part of both systems."
Keep in mind this analysis focuses on a "short" secret key.
You can find their paper at:
http://crypto.stanford.edu/~dabo/abstracts/ElGamalattack.html
> TIA,
> Will McKee.
>
You're welcome!
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Pete Ness <[EMAIL PROTECTED]>
Subject: RSA signing in Perl on FreeBSD
Date: Tue, 10 Oct 2000 04:01:44 GMT
Hi.
I'm working on implementing a system where a server (running FreeBSD)
sends a document that is the server signs using RSA. Most of the
server side work is currently being done via Perl, so my preference
would be to solve this in Perl (I am by no means a *nix expert).
Given the fact that I have a fixed private key (no key generation is
necessary), what would my best bet be for doing a RSA PK signature on
a text-based message on my server? The hash is no problem (there are
numerous libraries available for doing this in Perl), it's just doing
the signature I'm having problems with.
My server has ssleay available (as a binary), and I'd prefer not to
custom compile an OpenSSL application to do create the signature.
Can anyone offer me some advice on this front?
Thanks a ton!
------------------------------
Subject: Re: Any products using Rijndael?
From: [EMAIL PROTECTED] (Charles Blair)
Date: Tue, 10 Oct 2000 04:19:23 GMT
The GNU Privacy Guard people have announced on their web site
that a rijndael extension of their software will be available soon.
www.gnupg.org
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: xor algorithm
Date: Mon, 9 Oct 2000 21:26:24 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:8rtqkq$u4$[EMAIL PROTECTED]...
> In article <oqrE5.173$[EMAIL PROTECTED]>,
> "Paul Pires" <[EMAIL PROTECTED]> wrote:
> >
> > William A. McKee <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Antonio Merlo <[EMAIL PROTECTED]> wrote in message
> > > news:8rs4sr$mm7$[EMAIL PROTECTED]...
> > > > How strong will be an encryption method based on a xor operation
> with a
> > > pass
> > > > phrase (or password) an a buffer to encrypt? (suppossed a very
> strong
> > > > password of, let's say 16 letters, combining uppercase,
> lowercases and
> > > > digits)
> > > > How will you cryptoanalise that algoritm?
> > > >
> > > >
> > >
> > > If you use your password to seed a pseudo random number generator
> (PRNG)
> > > like ISAAC, WAKE, etc. and xor the buffer with the PRNG output, I
> think it
> > > can be quite secure. I may be wrong. I'm such a newbie :)
> >
> > I'm a newbie too but I think you should point out that not all PRNG's
> > are equal. There are PRNG's and then there are Cryptographically
> > secure PRNG's. I am not sure about ISAAC. Regardless, this is a
> > stream cipher and has use limitations. A blanket statement that it
> > can be "Quite secure" could be misleading.You cannot re-use a keyed
> stream.
> > If the same key is used for two different messages and a
> > plaintext is known for one, it is trivial to slove for the other
> plaintext.
> > There are ways of dealing with this but it's not like falling off a
> log.
> > Stream ciphers and Block ciphers are not two different, but
> equivalent,
> > methods
>
> Technically any effective PRNG is cryptographically secure by
> definition. But I will agree that some PRNG's are weak and "allowed"
> to be weak for logistical purposes.
Don't mean to argue but.... A PRNG for crypto needs to be irreversible
and unpredictable. Just because it makes output that statistically checks
out doesn't mean that you can't predict future behavior from past output
or back track and derive the key.
Don't burn me up here. I think I'm amplifying what you said, not
necessarily contradicting it.
Paul
>
> ISAAC looks neat but has had little cryptanalysis. WAKE is also not
> secure and very incomplete (the paper doesn't say how the tables are
> made just that "they are key supplied...."). RC4 is perhaps your best
> bet.
Agreed. Just don't use the same key over again from the start without an IV
or salt and don't use it for something that needs tamper protection/detection.
Paul
>
> > How the password is used to seed the PRNG is not trivial either.
> > This can be hosed easily.
Don't make it sound too easy, the OP wanted to use what sounded
like a vigenere cipher or some weird autokey thing,
He needs a little caution.
Paul
>
> Simple, take Password + SALT and hash it to make the key. Of course
> many people get this step wrong...
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Tue, 10 Oct 2000 04:49:03 GMT
> OK, so you're off to do some e-shopping. You click on the padlock and
> it says "this certificate belongs to bogus.com" and
> "this certificate was issued by snakeoil CA" (no I don't mean
> the CA generated by OpenSSL, I mean one of the "normal" ones
> like verisign or thawte...).
>
> So, I can discover snakeoil CA's procedures for verifying bogus.com,
> and assure myself that they have checked out bogus.com.
> But how can I trust snakeoil CA itself ?
I know! I know! Because if you don't, then there is no longer a CA
infrastructure and those that want us to rely on such a money making
scheme would lose money!
> I had a conversation with a CA on this subject and the answer was
> "because it's in the browser". But my browser was downloaded off
> the Internet in clear, and besides, do I really trust the browser
> vendor ? Do you trust Microsoft not to lie ?
Microsoft is driven entirely on money. That answers your question
completely.
> Do you trust Microsoft
> or Netscape to produce secure independantly verified code ?
> I have more faith in PGP/GPG, since the source code is open, I built
> it myself, and I can control who I trust. (OK, I can probably
> build Mozilla and OpenSSL ...)
But you cannot build the CA... I wonder why they made such a hole for
themselves....NOT!
> Is there a chain of trust from any institution that I might trust,
> such as my bank, back to the root CAs ?
I don't see why the banks just produce their own certificates and
publicly state their public key in the news papers, WSJ, etc. Then
there is no CA and you are absolutely certain that your bank is
providing the security they need to CTA with...
> Is there any reason, apart from the fact that they've been operating
for
> a number of years now and AFAIK nothing's gone wrong, for us all to
trust
> the root CAs ? Apart from a general lack of trust leading the the end
> of e-civilization as we know it ?
NO
> As a non-US citizen, I have a slight problem with most of the CAs and
browser
> vendors being US corporations. If I were a member of some organization
> or country that the US regards as an enemy (Libya, Iraq ??) I might
have
> a more serious problem with it.
As a US citizen, I have even a greater problem with CAs. I don't need
them, but they need me and despite that they are pawning such a
ridiculous system off - which makes me wonder just how dangerous they
are to the internet.
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: AES Runner ups
Date: Tue, 10 Oct 2000 04:52:24 GMT
So if Rijndael is the winner, are there any runner ups that would take
its place if a significant weakness were discovered soon?
--
If I were a cop, I would refuse to go on any no knock raid.
But then, I am not a cop for basically the same reasons.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
