Cryptography-Digest Digest #936, Volume #12 Mon, 16 Oct 00 14:13:00 EDT
Contents:
Re: Basic skills and equipment... (Bob Silverman)
Re: What is meant by non-Linear... ("Stephen M. Gardner")
Re: Why trust root CAs ? (Bob Silverman)
Re: Is it trivial for NSA to crack these ciphers? ("Stephen M. Gardner")
Re: More on the SDMI challenge (Daniel Leonard)
Re: SHA-256 implementation in pure C (free) (Anton Stiglic)
very OT: gender vs. sex (Runu Knips)
Re: Rijndael implementations (Runu Knips)
Re: Rijndael implementations (Runu Knips)
Is there a telnet client/server that will allow secure logins over telnet? (Alex)
Oracle Security Server (table encryption) ([EMAIL PROTECTED])
Re: Is it trivial for NSA to crack these ciphers? ("Paul Pires")
Re: Is there a telnet client/server that will allow secure logins over telnet?
(Markus Salax)
Re: More on the SDMI challenge (Scott Craver)
Re: CHES 2001 Workshop (Mike Rosing)
Re: 2 of 5 code, 3 of 7 code... (Mike Rosing)
Re: Basic skills and equipment... (Mike Rosing)
Re: Why trust root CAs ? (Pawel Krawczyk)
MS's fast modular exponentiation claims II (JCA)
----------------------------------------------------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Basic skills and equipment...
Date: Mon, 16 Oct 2000 13:24:05 GMT
In article <01c035e5$4a72e300$LocalHost@betelgeuse>,
"Alexandros Andreou" <[EMAIL PROTECTED]> wrote:
> Hello all!
> I am beginning to enjoy cryptography, but I don't know where to start
from.
> What are the essential mathematics skills one should have?
The following are essential.
Elementary Number Theory
Elementary Group Theory
Elementary Statistics and Probability
The following are desirable
Elementary Combinatorics
Algorithmic COmplexity Theory
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: What is meant by non-Linear...
Date: Mon, 16 Oct 2000 08:31:11 -0500
Tim Tyler wrote:
> I don't want to haggle;
Then don't haggle, just draw. Draw some linear equations defined on a finite field
(use a cylinder as the drawing surface if you want). Compare them to similar
equations defined on an interval of the field of reals (again, mapped to the
cylinder if you want). You will find that the finite field equations jump around
instead of staying on the line. Don't argue, just draw. ;-)
For example: What do you make of the following?
y = 2x + 1 defined on GF(3) gives the following set of ordered pairs {(0,1), (1,0),
(2,2)}. Draw that on a cylinder if you want but how does it lie on a line or line
segment?
> "a straight line mapped onto the surface of a
> cylinder" is defined as having an equation in the form of either x = k,
> or theta = a.x + b.
Where did you get this definition? How general is it? Hint: What assumptions
are you making here about the field that the equations are defined on?
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Mon, 16 Oct 2000 13:27:25 GMT
In article <eMoD5.416654$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> OK, so you're off to do some e-shopping. You click on the padlock and
> it says "this certificate belongs to bogus.com" and
> "this certificate was issued by snakeoil CA" (no I don't mean
> the CA generated by OpenSSL, I mean one of the "normal" ones
> like verisign or thawte...).
All cryptography can do for you is to *shift* trust from one party
to another. It can not create trust in the first place. One needs
a starting point.
Your question might also be answered by asking "how can you trust
any piece of software?". One trusts CA's in the same way.
I like David Gerrold's definition of trust:
Trust is the condition necessary for betrayal.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Mon, 16 Oct 2000 08:20:57 -0500
"John A. Malley" wrote:
> It only takes a few zealots, people with a mission, to push the limits
> of the envelope; organizational adepts will recognize and capitalize on
> that generous, selfless behavior.
Perhaps that is the major difference we have in viewpoint. I don't think there
is anything generous or selfless about working for the NSA. They had their day
during the cold war. That whole era of the cult of secrecy had a very corrosive
effect on our nation. I don't see any reason to trust the secret arms of any
government, ours or anybody's. Secrecy is sometimes necessary but more often then
not abused by those who would profit from it.
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: More on the SDMI challenge
Date: Mon, 16 Oct 2000 14:11:10 GMT
On 14 Oct 2000, Scott Craver wrote:
> Dido Sevilla <[EMAIL PROTECTED]> wrote:
> >
> >Well it reassures me a little, knowing that what they want to do really =
is
> >impossible, but I really think that these fools at the RIAA need to be
> >taught a hard lesson. Let them adopt a standard, and let's see their
> >faces WHEN it is cracked. =20
>=20
> =09But if the technology is cracked in deployment, rather than=20
> =09on the drawing board, everyone loses to some extent. The recording=20
> =09industry obviously, device manufacturers most certainly,=20
> =09but also pirates.
>=20
> =09With SDMI broken after finding its way into devices people
> =09may be able to download SDMI circumvention tools, but would=20
> =09have to deal with the pain and inconvenience of doing so.
> =09If it was broken before ever being deployed, this situation
> =09would not occur. Not to condone piracy here, just pointing
> =09out that a wait-til-later approach isn't good for anyone.
>=20
> >digital watermarking technique, and persistence in doing what is likely
> >impossible, they probably need to learn the hard way that the world no
> >longer works the way they've always assumed.
>=20
> =09Nobody needs to learn the hard way. If we're scientists
> =09(and this is, after all, sci.crypt,) then we will not engage
> =09in tactics such as tricking the industry into choosing a scheme
> =09before performing analysis. Our goal is to analyze security
> =09systems and share our results with the scientific community,
> =09and therefore everyone else with a library card.
> =09
> =09=09=09=09=09=09=09-S
Yes, but sometimes, even scientists have to stop and ponder what they are
doing. I for one would very much like to see the RIAA have their scheme
cracked just after committing to it. If not, there is a wonderful story
here:
http://www.gnu.org/philosophy/right-to-read.html
let's apply this story to music instead of books (you learn much more in
books than from music, but music was there first - ever tried to build a=20
wood-o-phone ?).
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: SHA-256 implementation in pure C (free)
Date: Mon, 16 Oct 2000 10:19:16 -0400
Tom St Denis wrote:
> Personally I think both algorithms are stupid but SHA-256 has more use
> then SHA-512. Like who would put 2^256 effort to forge a msg anyways?
>
> Tom
There is not just that to consider. For example, someone
might want to implement a variation of the DSS scheme,
using a q of 512 bits. There are probably many other
examples as well...
But on another note: thanks for posting an implementation
of SHA-256, that's very cool!
Anton.
------------------------------
Date: Mon, 16 Oct 2000 16:29:07 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: very OT: gender vs. sex
Chris Jones wrote:
> It seems as likely to me that gender is used to avoid saying
> sex, for fear of offending prudes.)
Well this is something I've read lately:
The 'sex' of a person is its biological sex, i.e. if it has 'XX'
(female)
or 'XY' (male) chromosomes.
The 'gender' of a person is its social sex, i.e. if it lives as a man or
as a woman.
In general, the two are equal.
But, for example, there is a not too seldom gene defect which causes the
body to ignore the testosteron it produces, which causes biologically
male people to become very female women (big breasts etc). Many models
have this defect, i.e. they are biologically male.
Or a person might have 'XXY' or 'XXX' or 'XYY' or 'X0' chromosones.
And so on.
Therefore, using 'sex' and 'gender' as two different terms makes sense.
------------------------------
Date: Mon, 16 Oct 2000 16:32:35 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Daniel James wrote:
> I'd say that "byte" should be taken to mean the smallest directly
> addressable storage unit of a computer's architecture - which will ususlly
> by 8 bits, but sometimes not - and "octet" should be taken to mean
> specifically a unit of 8 bits.
Using the term 'byte' for the smallest directly addressable storage
unit is IMHO extremely contraproductive. A byte are 8 bits, point.
One can read this in any textbook about computer science. And
Wordaddressable machines can't address bytes.
And before I've read your posting I wouldn't have the tiniest clue
what 'octett' means.
------------------------------
Date: Mon, 16 Oct 2000 16:33:08 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Daniel James wrote:
> I'd say that "byte" should be taken to mean the smallest directly
> addressable storage unit of a computer's architecture - which will ususlly
> by 8 bits, but sometimes not - and "octet" should be taken to mean
> specifically a unit of 8 bits.
>
Using the term 'byte' for the smallest directly addressable storage
unit is IMHO extremely contraproductive. A byte are 8 bits, point.
One can read this in any textbook about computer science. And
Wordaddressable machines can't address bytes.
And before I've read your posting I wouldn't have the tiniest clue
what 'octett' means.
------------------------------
Subject: Is there a telnet client/server that will allow secure logins over telnet?
From: Alex <[EMAIL PROTECTED]>
Date: 16 Oct 2000 11:27:45 -0400
Hi. I'm sure this is not the appropriate newssgroup for this question,
but I was hoping someone could point me in the right direction.
If you're on a machine A behind a firewall that allows telnet but not
ssh (and I know nothing about the low-level network protocols, so I
don't know how the firewall is blocking ssh,) is there a telnet server
that you can set up on a machine B beyond the firewall, and a
corresponding client that you can use behind the firewall on A, that
will securely negotiate a connection to an arbitrary machine C through
the telnet to the server on B?
Alex.
--
Speak softly but carry a big carrot.
------------------------------
From: [EMAIL PROTECTED]
Subject: Oracle Security Server (table encryption)
Date: Mon, 16 Oct 2000 16:23:14 GMT
Hello, I was reading some articles about the Oracle Security Server
because I'm looking for a tool to encrypt information in tables
(one column in a table) using triple-des (128 bit) -or an equivalent
public/private key algorithm-. I know the dbms_obfuscation_toolkit
provide some encryption procedures but only for 56 bit keys.
Some knows if the Security Server provides such tools (128 bit keys)
to encrypt tables (not only messages)? I could't find any information
about in the documentation I read.
Any tip on how to do this will be appreciated.
thanks in advance
Jorge Bachler
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Mon, 16 Oct 2000 09:28:14 -0700
<Snip> Good stuff.
> We aren't that valuable in the scheme of world politics. Our thoughts,
> our positions, our cares and woes, our files, our documents are not
> matters of national security.
I guess this is the point I was trying to make but got diverted
by post poisoning. As someone without a history of contact
with these agencies, it just seems that rumor and speculation
tends to avoid obvious, mundane explainations. I do know one
"ex-NSA puke", her words, not mine. One head, two
arms and an innate sense of right and wrong. Kinda normal.
Paul
>Unless we figure highly in some
> organization, movement, political or economic structure of some
> nation-state, city or region that matters to US interests, we give no
> reason for the NSA to care about our traffic. People should realize that
> in general, no one thinks about them more than they think about
> themselves.
Thanks.
> John A. Malley
> [EMAIL PROTECTED]
------------------------------
From: Markus Salax <[EMAIL PROTECTED]>
Subject: Re: Is there a telnet client/server that will allow secure logins over telnet?
Date: Mon, 16 Oct 2000 18:51:07 +0200
On 16 Oct 2000 11:27:45 -0400, Alex <[EMAIL PROTECTED]> wrote:
>If you're on a machine A behind a firewall that allows telnet but not
>ssh
try making the ssh server (sshd) run on port 23 instead of port 22.
if the firewall is only filtering certain ports (like the ssh port)
you could have luck.
max
fup2 comp.security.ssh
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: More on the SDMI challenge
Date: 16 Oct 2000 16:51:10 GMT
Daniel Leonard <[EMAIL PROTECTED]> wrote:
>
>Yes, but sometimes, even scientists have to stop and ponder what they are
>doing.
True, but we're not cloning sheep or building warheads.
We're not even developing cryptosystems that some consider
a threat to national security.
The question here is not whether one should refrain from
analysis, but specifically perform analysis after the
standard is unchangeable. I.e., with the specific goal of
screwing the system designers.
First, cryptanalysts don't do cryptanalysis because they're
looking for hacks they can exploit later. Nor are they out
to damage somebody's system: they're out to learn more
about security systems. Ideally, this would help people
not make stupid mistakes in the future.
Second, screwing the system designers will screw everyone
else. If we wait until SDMI is deployed before breaking it,
then lots of people will suffer along with SDMI. Device
manufacturers will have spent gobs of useless money on ASICs
for enforcing SDMI's scheme. Would a hacker let Diamond
Multimedia pay for the mistakes of the recording industry?
And, of course, consumers will have devices that suck more
battery power. And they will have SDMI stopping them unless they
go to the trouble to download a tool which will be aggressively
sued off of web sites.
> I for one would very much like to see the RIAA have their scheme
>cracked just after committing to it.
I believe that the whole DMCA fiasco stemmed from the
misconception that cryptanalysis was the domain of Evil,
Malicious Hackers(tm), and not, say, something people
need to research at universities.
Why reinforce this by performing analysis with a malicious
ulterior motive? It isn't even analysis with the intent
to facilitate piracy---it makes the situation worse for
pirates, SDMI, hardware companies, customers, everyone.
-S
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Crossposted-To: comp.arch.fpga,comp.arch.arithmetic
Subject: Re: CHES 2001 Workshop
Date: Mon, 16 Oct 2000 12:04:47 -0500
Tom St Denis wrote:
>
> Would a paper on a block cipher geared towards low end microcontrollers
> be suited for this conference?
>
Probably, but the number of papers accepted is very small. Unless you're
working for a professor or corporation that's part of the "in" group, you
might as well not waste your effort. I'm missing a lot of conferences
this year 'cause I can't afford the trip to Europe. At least the people
on the other side of the pond are finally getting a lower cost conference!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: 2 of 5 code, 3 of 7 code...
Date: Mon, 16 Oct 2000 12:13:47 -0500
John Savard wrote:
>
> Looking at the illustrations in "Battle of Wits", one thing possibly
> not specifically noted in the text is apparent; in order to ensure
> that the positive and negative films bearing Japanese code messages to
> be kappa tested actually block the light between them _only_ for
> identical groups, digits are represented by a 2 of 5 code.
>
> Since every digit, therefore, is represented by a code with the same
> number of active elements, no digit can have a code that is included
> in the code for another digit.
>
> If one were to do letters the same way, one would have to go up to a 3
> of 7 code.
Howdy John,
I'm not familiar with the how the dots are arranged. Is it possible to
set it up with some error correction? For example, some dot combinations
might not be allowed, so if one showed up you would know there's a problem
somewhere. If you have 3 of 7, that's 35 combinations (yes?), but if
took 3 of 8 you'd have 56 combinations, and you could use half for
letters and half for error detection.
Interesting anyway :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Basic skills and equipment...
Date: Mon, 16 Oct 2000 12:26:04 -0500
Alexandros Andreou wrote:
>
> Hello all!
> I am beginning to enjoy cryptography, but I don't know where to start from.
> What are the essential mathematics skills one should have? Moreover, which
> books/online text files would you recommend? Any special
> (freeware/open-source) computer programs?
There is an incredable amount on the web. Do a web search on crypto, and
read everything you get. Use what you read from that to get more search
words - especially of stuff you don't understand. Sooner or later you'll
run into the same reference more than 5 times - and you'll probably want
to get it from the library or buy it.
It doesn't matter where you start! There's too much to learn at once,
so go in a direction that feels comfortable. As you get into it and
build up confidence, you'll find other things you want to learn. It's
pretty amazing really, you can spend your whole life studying crypto,
and you still won't know everything :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: Pawel Krawczyk <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Mon, 16 Oct 2000 17:59:08 +0000 (UTC)
Allen Ethridge <[EMAIL PROTECTED]> wrote:
> Bruce Schneier's new book, "Secrets and Lies", has an interesting section
> on certificates and such where, if I understand him correctly, he concludes
> that the real security in B2C web transactions comes from the credit card
> company and it's limits on personal liability and not the CA.
BTW there is a requirement in most world e-commerce laws, that the CAs
escrow their keys to the goverment. This applies to France, Germany
for sure, and probably most other countries where digital signature
law exists (Poland soon, so this is why I'm interested in it).
I've wondered why is it required, but haven't got any reasonable answer.
Note that the CA keys aren't used for encryption, but rather for signing
other public keys. It could be that they want to hold the keys for backup
or to prevent the CA from some kind of abuse, but I don't consider those
good reasons for the escrow.
--
Pawe� Krawczyk <http://ceti.pl/~kravietz/>
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: MS's fast modular exponentiation claims II
Date: Mon, 16 Oct 2000 10:56:16 -0700
I asked a few days ago a question about some claims the MS made (at
Crypto '95,
I believe) to the effect that they possess an algorithm that outperforms
Montgomery's
techniques when doing modular exponentiation. Much to my surprise, given
the high
caliber of some of the regulars in this group, nobody has said anything
yet.
At the risk of coming across as pig-headed allow me please to
restate my question:
does anybody know if such claims have been independently substantiated?
Has anybody
got more information about them?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
