Cryptography-Digest Digest #896, Volume #12 Wed, 11 Oct 00 11:13:01 EDT
Contents:
Re: Why trust root CAs ? (Anne & Lynn Wheeler)
Re: On block encryption processing with intermediate permutations (John Myre)
Re: No Comment from Bruce Schneier? (John Myre)
Re: working with huge numbers (Bob Silverman)
Re: FTL Computation ("Paul Lutus")
Re: Police want help cracking code to find Enigma machine ([EMAIL PROTECTED])
A5/1 attack implementation? (rot26)
Re: A new paper claiming P=NP (Jo Totland)
----------------------------------------------------------------------------
Subject: Re: Why trust root CAs ?
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Wed, 11 Oct 2000 13:29:19 GMT
[EMAIL PROTECTED] (Vernon Schryver) writes:
> In other words, since when is a DUNS number a proof of identity, honesty,
> financial stability, or anything else?
... D&B ... several years ago i was doing some consulting under a
registered DBA name (but wasn't in D&B). company i was signing a new
contract with had a process that included a D&B check. since this was
a two person operation ... we didn't at the time have a D&B ... but
D&B called us up ... gave us a D&B number and took down our
information over the phone. This information, they provided back to
the company we were signing a contract with (they may have done
something else also ... but if they did, i saw no evidence of it).
with regard to a domain name ... i can register a DBA and open a
checking account with that DBA, get D&B registration ... hijack a
domain name and provide all information to the CA that correctly
validates (i.e. the domain name validates with the domain name
infrastructure ... and all the other information provided also
validates).
in the ssl domain name server certificate case ... all the client is
doing is checking that the web address they are using and the domain
name in the certificate match.
if there is any addition information in a certificate & it doesn't
correspond with what a client might expect, oh well ... out of the millions
of people that might do a SSL operation with the server & also
actually physically look at any other information that may be part of
a ssl domain name server certificate is possibly countable on fingers
& toes.
a CA can authenticate stuff it has direct knowledge of and for the
rest relies on authoritative sources for that information (like domain
name infrastrcuture as the authoratative source for domain name
ownership)
also as to regard to DBAs ... in the past i've purchased computer
equipment with a bank card and later got the statement ... the legal
DBA name on the statement of the business I bought the equipment from
... bore no correlation with the name of the store that I bought the
equipment from. I did call the store and confirm their legal DBA name.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED], finger for pgp key
http://www.garlic.com/~lynn/
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Wed, 11 Oct 2000 07:23:49 -0600
Mok-Kong Shen wrote:
<snip>
> If I prove a theorem and there is a weakness, say, it depends
> on the existence of a quantity p being prime and someone
> points out that in a degenerate case p can be 1 and hence
> the proof is invalid and I do a little modification such
> that this case can be avoided and a prime p still can be
> chosen, then my purpose of establishing the theorem is
> achieved, isn't it?
<snip>
Of course not.
There is no reason to suppose that the weakness pointed out
is the only weakness. Do you also presume, when you fix a
bug in a program, that you have now proven it correct?
JM
(Why am I entering this debate? I just know I'm going to
be sorry.)
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: No Comment from Bruce Schneier?
Date: Wed, 11 Oct 2000 07:26:37 -0600
Greggy wrote:
>
> Honestly, I was hoping Twofish would win. I thought it was Bruce's
> turn for the gold.
<snip>
My (similarly useless) hope was for RC6, just because it
is so insanely easy to code. Of course, NIST's criteria
were more boringly practical.
JM
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: working with huge numbers
Date: Wed, 11 Oct 2000 13:47:25 GMT
In article <8rua7p$ifh$[EMAIL PROTECTED]>,
"DeSilva" <[EMAIL PROTECTED]> wrote:
> I would like to implement some encryption into software, but have come
> across the obvious problem of doing math on huge numbers. How to
device two
> 500 digit numbers with eachother..
> Can anyone in here please explain to me how this is normally done?
> Are the numbers converted into a new numeric system which is based on
ex 256
> in stead og 10 so each digit fits into a byte, or... how??
See Knuth Vol 2 for a complete exposition on this topic.
Basically, for moderately sized numbers you do it the same way you
do on pencil & paper. Each number is stored using multiple words
with a radix of perhaps 2^30 or 2^31.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Lutus" <[EMAIL PROTECTED]>
Crossposted-To: sci.astro,sci.physics.relativity,sci.math
Subject: Re: FTL Computation
Date: Wed, 11 Oct 2000 07:44:46 -0700
ca314159 <[EMAIL PROTECTED]> wrote in message
news:8s1ela$tpp$[EMAIL PROTECTED]...
> You haven't defined information yet.
It is you who haven not defined information yet. You have asserted false
things about information WRT FTL communications, but you have yet to define
it.
> Consider how QM uses virtual wavefunctions and
> how I/O causes their unusual properties to collapse.
>
> Wavefunctions are a 'cheat' just like FTL computation.
No, they are not. They are not because quantum wave functions cannot be used
to circumvent any of the rules of relativity, including the prohibition
against FTL communication of information. Just like the lighthouse effect.
> In the olympics, does the high-jumper jump the height
> if his or her center of mass never goes over the bar ?
> A virtual cheat has its uses.
This is an example that has no bearing on your claim -- a non sequitur.
> In an earlier thread I gave you a link to a specific use
> for the lighthouse effect. Do you remember ?
Since you read it but failed to understand it, why are you bringing this up?
You should be reading it yourself.
The lighthouse effect, invoked most often in discussions of pulsars, is
simply a way to convert a continuous stream of energy into an apparent
series of pulses. It has none of the magic properties you are ascribing to
it.
--
Paul Lutus
www.arachnoid.com
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Police want help cracking code to find Enigma machine
Date: Wed, 11 Oct 2000 14:40:53 GMT
There's another article in today's Times:
http://www.thetimes.co.uk/article/0,,17776,00.html
The Enigma riddle
Codewords, encryption and chauvanism are all involved in the theft of
the Enigma machine. Giles Whittell reports
Some time on the afternoon of April 1 this year a thief walked through
the elegant main entrance of Bletchley Park mansion, 50 miles north of
London, and calmly removed one of the world's rarest encryption
machines from a glass-topped case inside the door. He walked out,
probably by the same route, and drove off without being stopped. At
first police thought it was an April Fool's joke. They hoped the Enigma
G312, built for German military intelligence in the Second World War
and valued at �100,000, would return as quietly as it left. Now they
think that its disappearance wasn't funny at all. They believe it may
have been an inside job, or something similar, and are close to a
controversial deal with the machine's new owner, struck through
anonymous letters, public appeals and sudden, urgent phone calls.
To intelligence historians, the Enigma G312 is exceptionally precious.
Its unusual keyboard makes it one of only two of its kind in existence.
In theory it could be anywhere in the world, in the hands of a
collector who bought it in good faith and now wants to return it. In
practice, police say, it is probably still in England. What they are
not saying, at least not publicly, is that it may also have become a
bargaining chip in the complex battle for the future of Bletchley Park,
the intelligence-gathering station where the Enigma codes were cracked.
The job of recovering this typewriter-sized piece of history has fallen
to Detective Chief Superintendent Simon Chesterman of Milton Keynes
CDI, a tall, quietly spoken man who likes to have his notes handy when
talking to the media, not least because until late last week we were
his only way of talking to the owner. Over a cup of tea last week in
the Naafi caf� at the back of the mansion, he says bluntly: I've been
convinced from day one that there's an inside element to this. You
don't have to be a codebreaker to see why. Whoever took the G312 knew
that security at Bletchley Park, once the most secret place in Britain,
was almost non-existent. At the entrance to its 60-acre grounds there
is a barrier and a keep out sign, but these are no obstacle to familiar
faces. No one checks your identity or asks for tickets at the front
door. There is no inner door to the Churchill exhibition from which the
missing Enigma was taken and, even though it was on loan from GCHQ in
Cheltenham and uninsured, there was no lock on its display case. A
metal strip has since been screwed across the back, but it wasn't there
on April 1.
Whoever took the Enigma also knew enough about the rhythms of Bletchley
Park to minimise the risk. The thief made a move in broad daylight on
one of the alternate Saturdays when the park is open to the public. Far
from attracting suspicion, the thief was one of a horde of visitors
that day, ignored by all of them. A group of about 100 had just come in
and they were milling around the front rooms, remembers William Boyes,
a 73-year-old volunteer, leaning on the now-empty display case under a
splendid marble mantelpiece. Let me ask you: if you came in, opened
this up, put the machine in a bag and walked out, they'd all think you
worked here, wouldn't they? That was Detective Chesterman's first
thought, too. He admits that he had no idea of the significance of a
missing Enigma when first told about it.
Like millions of others he would ordinarily have waited for the
forthcoming thriller film based on Robert Harris's novel Enigma to
learn how a hothouse of eccentric academics shortened � some say won �
the war in the grounds of a stately home a few miles from his police
station.
But when anxious calls started pouring in to Milton Keynes from
encryption buffs on several continents, he pulled out all the stops. An
all ports warning was put out alerting Customs officers throughout
Britain to the missing machine. The hoax theory was ruled out and every
Bletchley Park staff member, volunteer and visitor that day was asked
to provide sample fingerprints. Eighty per cent have obliged, but none
has yielded a match with a set of prints found on the back of the
display case. The remaining 20 per cent constitute one of several lines
of inquiry we're still pursuing, says Chesterman.
Another line of inquiry, at least at the start, was based on the theory
that the thief panicked and dumped the Enigma in Bletchley Park's
grounds.
Chesterman called in ten specialists with sniffer dogs and an
underwater search team who spent two days turning the place upside
down. All that they found was a terrapin on an island in the lake into
which Hugh O'Donnell Alexander, a chess grandmaster and breaker of
German naval codes, used to throw his coffee cups in moments of
enlightenment. But there was no trace of the Enigma.
There were two hot leads early on. A red Peugeot 205 was found on the
evening the machine went missing, parked illegally in the stable yard
where Alan Turing cracked the updated Enigma codes in 1941. Police
announced that they wanted to interview its driver. She turned out to
be a woman in her eighties who explained, when she emerged, terrified,
that she had parked there because she found walking difficult. Two days
later a
50- year-old man was arrested after claiming he had the machine. He did
not and was released.
The disappearance of the Enigma was already, appropriately, baffling.
Chesterman's next step was to interview everyone connected to Bletchley
Park, however loosely, but none was listed as a suspect. For five
months, as he puts it, the investigation slowed.
Then the letters started. The first, postmarked Birmingham on September
4, purported to be from a representative of the machine's buyer and
demanded �25,000 and a guarantee of immunity from prosecution for its
safe return. Written on an ancient manual typewriter, the letter
authenticated itself with a picture of the Enigma's brass number plate
but also put up a strange linguistic smokescreen: The unwitting person
have no ultimate desire of depraving your august self or any one the
pleasure to see again, it read. It is though not his position to freely
give the possession for nothing either as the large sum is not to be
lost that has been paid.
The letter gave a deadline in mid-September for a response, but no
return address. So Chesterman took to the airwaves asking the owner to
get in touch directly. The owner was not satisfied. On September 19 the
first letter threatening to destroy the machine came through, also from
Birmingham. Another press conference followed. Unspecified reassurances
were offered, but a third letter on the 28th, postmarked West London,
ostensibly ended the affair in the worst way. The negotiations were
over, it declared. The machine would be destroyed.
Chesterman says that at that point he was extremely worried. But he
also had a gut feeling that the new owner was someone who would find
the machine very, very difficult to destroy. One reason was that if the
owner had really paid �25,000 for it he was obviously an aficionado.
Another more compelling one had a little to do with scathing references
in the letters to someone identified as that woman, and a lot to do
with Bletchley Park's tortured recent history.
That woman is the director of the Bletchley Park Trust, Christine
Large. One of her supporters at the sprawling complex of huts and bomb-
proof offices that she is trying to bring back to life said glowingly:
I want to warn you about Christine. She's tiny. She's a Geordie. But
she's got a spine of steel.
She has needed it. A graduate in law and industrial relations, she
worked in property development and was a member of the CBI's London
regional council before arriving at Bletchley Park two years ago. When
she did, she caused waves.
She was a bit of a new broom, says Chesterman, with understatement.
This place had been an old-school-tie environment before that. It was
clear the apple cart had been upset.
Before Large's appointment, Bletchley Park was owned jointly by BT and
PACE, the Treasury agency responsible for government buildings. But it
was run entirely by volunteers with a shared reverence for the
astonishing wartime achievements of Station X, and a desire to save the
place from bulldozers and a planned housing estate. They had tried for
seven years to reach a deal with BT and PACE to turn Bletchley Park
into a permanent museum, but they had little success.
Large, whose vision for Bletchley Park involves inviting in new
businesses as well as preserving its history, won a 250-year lease from
BT within a few months on the job. Even so, not everyone was impressed.
At an early meeting of the Park's trustees, she remembers, one of the
old guard stood up, and with considerable emotion, said (of her
appointment): 'That'll be the end of Bletchley Park, then'. Shortly
afterwards the same man seems to have been behind a boardroom coup in
which seven of the Park's 12 trustees voted to have Large sacked.
She took the photographs of her two daughters off her desk, left and
did not return until an investigation of the sacking by the Charities'
Commission triggered the resignations of all seven trustees who had
opposed her. It was a power struggle disguised as policy struggle, says
Large. I think the problem was that I was female, not retired, not a
civil servant.
The man who showed such emotion at the board meeting and worked with
others to oust the new director was Tony Sale, a former MI5 officer and
a tireless lecturer on Bletchley Park minutiae who was also the prime
mover in a project to rebuild the mighty Colossus. (Widely regarded as
the world's first computer, this was the machine that broke the codes
used by the Lorenz machine with which Hitler communicated with his
field marshals, a far tougher code-breaking challenge than even the
Enigma).
Sale was closely involved in the effort to save the Park from
developers before Large's arrival, but she says he made an industry out
of letting people believe he was at Bletchley during its glory days.
Leaving aside the problems Large had with the old guard, she later
received two telephoned death threats at her home. One of them said:
We'll kill you dead.
As for the Enigma case, there are no formal suspects. Sources say the
investigation has focused on some of those involved in Bletchley's
rancorous turf wars, but questions about individuals bring down masks
of objectivity from Large and Chesterman. Last week they simply
repeated the mantra that they believed the owner cared too deeply about
the machine to destroy it. They wanted to get the message out that
concessions were possible on the issue of prosecution, and, thanks to
anonymous benefactors, that the �25,000 was available.
Then, last Friday, the phone rang in Large's office. She didn't
recognise the voice, but knew the call was not a prank because the
caller used an encrypted codeword given in previous letters. He was
extremely precise and businesslike and gave some instructions for
swapping the Enigma for the money.
Chesterman admits that he has a problem. He cannot promise cash and
immunity from prosecution without opening the floodgates to
extortionists, so he is doing everything but, and risking public wrath
in the process.
No one died here, he argues. This is a machine, after all. Yet if his
hunch is right its disappearance is not just a case of theft. The
references in the letters to that woman, and her struggles at Bletchley
Park, have left him convinced that this scenario smacks of inside
knowledge. The ironies of communicating with codewords to recover an
Enigma machine are not lost on Large. She seems genuinely captivated by
Bletchley Park's extraordinary history, which those who tried to oust
her sought to preserve in aspic (and which is expertly summarised in a
virtual tour on Tony Sale's website). But she is also impatient. This
place won't survive in mothballs, she muses, wandering back to the
mansion through the drizzle after having her picture taken. No deadline
was set in last Friday's phone call and the swap has not yet happened.
The owner doesn't want to deal directly with the police and Large is
not keen to be involved in a handover in an underground carpark,
however that might suit Hollywood. There's no way I'm taking a bagful
of money to meet him, she says, mindful of the enemies she has made in
her two years on the job. Instead, she has left a message on the
answering machine at her London home asking the owner to get back in
touch so that she can direct him to a third party who will have the
money. I'm trying to carry out your instructions, the message says, let
me know the time-frame when I should be around and I'll make sure I am.
No one can accuse her of not trying.
Copyright 2000 Times Newspapers Ltd
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: rot26 <[EMAIL PROTECTED]>
Subject: A5/1 attack implementation?
Date: Wed, 11 Oct 2000 14:47:15 GMT
Does anyone know whether the A5/1 (used in the GSM protocol)
attacks described in
http://cryptome.org/a51-bsw.htm
has ever been implemented?
Also what's considered of the GSM protocol as a whole in terms of
security nowadays? I searched the web but no single document seems to
give the big picture of the state of affairs.
I need to know because I am thinking of implementing the attacks as a
final year university project. So does anyone care to give any advice on
implementing attacks on algorithm and protocols in general? What are the
pitfalls, caveats, difficulties etc? Obviously I don't want to mess up
my final year...
Thanks in advance.
rot26
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Jo Totland <[EMAIL PROTECTED]>
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: 11 Oct 2000 16:57:05 +0200
[ Bill Unruh ]
> In <[EMAIL PROTECTED]> glenn <[EMAIL PROTECTED]> writes:
>
> >Irrelevant question, but is there any way of converting a pdf file to
> >ps?
>
> pdf2ps
> Both are Unix programs available with many Linux distributions. They
> were apparently written by Adobe or adobe people, so may well be
> available on other platforms.
I highly doubt that. My guess would by that they were written by
Aladdin people, as the rest of ghostscript is. Haven't seen much open
source from Adobe lately...
Actually, Adobe seems to want to control pdf to themselves, these
days. The latest version of acroread incorporates encryption using the
cpu-id of Pentium-]I[ processors, so you can make files that will be
readable on only one machine. A great service to content-providers,
and a great disservice to humanity and fair use...
> Alternatively, Acroread will produce a ps
> file from a pdf file ( just "print to file" as a postscript printer).
> xpdf will also do it.
-Jo
--
Hours and hours of sheer boredom, punctuated by lunch.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
