Cryptography-Digest Digest #964, Volume #12 Fri, 20 Oct 00 10:13:01 EDT
Contents:
Re: What is desCDMF? (Richard Heathfield)
Re: Which "password" is best. (CiPHER)
Re: What is desCDMF? (Tom St Denis)
Re: Works the md5 hash also for large datafiles (4GB) ? (Daniel Leonard)
Re: Counting one bits is used how? (Rob Warnock)
Re: Works the md5 hash also for large datafiles (4GB) ? (Runu Knips)
Re: Counting one bits is used how? (Rob Warnock)
Re: Rijndael in Perl (Tony L. Svanstrom)
Re: Rijndael in Perl (Rasputin)
Re: Rijndael in Perl (Runu Knips)
Re: Efficient software LFSRs (Rob Warnock)
Re: Rijndael in Perl (Runu Knips)
Re: What is desCDMF? (Richard Heathfield)
----------------------------------------------------------------------------
Date: Fri, 20 Oct 2000 11:23:14 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Tom St Denis wrote:
>
> > > Why the heck would you use a 40-bit key? That's like asking "can
> you
> > > steal my messages". Why not just not use a key at all?
> >
> > I can think of three reasons without particularly trying:
> >
> > 1) Newbie-level study of cryptanalytic techniques. This makes even a
> > monoalphabetic sub or Vigenere cipher worth doing.
>
> Why not then try to break 3-round DES instead of "DES with an insanely
> short key"? Personally the former seems much more challenging then the
> latter.
Why not try both? Personally, I find that I learn something a lot more
effectively if I actually do it. Have you never broken a Vigenere
cipher, just for fun? I have. And it was tremendous fun, and I learned a
lot. But to break a Vigenere cipher, you have to have a Vigenere cipher
to break. And therefore someone has to make one for you, or you have to
roll your own. Same with 40-bit DES.
>
> > 2) An informal competition among friends.
>
> CDMF coding is very old, nothing new.
Must we only ever be on the bleeding edge? Remember that this newsgroup
is read not just by experts and deep-level hobbyists, but also by people
who are interested in cryptology and like to dabble in it, but don't
have the expertise of some of the regular posters here. You're still at
school, I believe, and yet it's pretty clear that (no matter how much
one or two of the regs bite you on occasion) you know a damn sight more
about crypto than I do. But that doesn't stop me being interested in
crypto, and even having a go at learning more about it, and what applies
to me undoubtedly applies to others too. You might consider CDMF
(whatever the hell that is) to be old hat, but to others it may yet be
just beyond, or perhaps on, the horizon of their current knowledge. In
other words, we all have to start somewhere.
>
> > 3) 'Kid sister' cryptography (i.e. a not very threatening* threat
> > model).
>
> Why not just xor 0xAA against the plaintext?
"Threat model" is a sliding scale from "none" to "NSA, GCHQ, KGB, or
alien invaders from the Andromeda Galaxy" and, for the genuinely
paranoid, upward from there. There will be a point on that scale where
the level of security provided by 40-bit DES or its equivalent is
necessary and sufficient.
(No, I wouldn't use 40-bit DES either. But that's not the point.)
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: CiPHER <[EMAIL PROTECTED]>
Subject: Re: Which "password" is best.
Date: Fri, 20 Oct 2000 10:41:19 GMT
In article <dlSH5.4488$[EMAIL PROTECTED]>,
Ray Dillinger <[EMAIL PROTECTED]> wrote:
> I would definitely never use a password that had been published
> on usenet.
*lol*
--
Marcus
---
[ www.cybergoth.cjb.net ] [ alt.gothic.cybergoth ]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Date: Fri, 20 Oct 2000 11:32:26 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > > > Why the heck would you use a 40-bit key? That's like
asking "can
> > you
> > > > steal my messages". Why not just not use a key at all?
> > >
> > > I can think of three reasons without particularly trying:
> > >
> > > 1) Newbie-level study of cryptanalytic techniques. This makes
even a
> > > monoalphabetic sub or Vigenere cipher worth doing.
> >
> > Why not then try to break 3-round DES instead of "DES with an
insanely
> > short key"? Personally the former seems much more challenging then
the
> > latter.
>
> Why not try both? Personally, I find that I learn something a lot more
> effectively if I actually do it. Have you never broken a Vigenere
> cipher, just for fun? I have. And it was tremendous fun, and I
learned a
> lot. But to break a Vigenere cipher, you have to have a Vigenere
cipher
> to break. And therefore someone has to make one for you, or you have
to
> roll your own. Same with 40-bit DES.
This is a bit different. To break 40-bit DES you either do a brute
force attack or itterative attack such as Diff/Linear Cryptanalysis.
My point was that you will learn more by mounting an attack on fewer
rounds then by brute forcing the key.
And BTW I am kinda ashamed to say this I have never tried to break
pen&paper ciphers before. I have broken a few digital ciphers and can
point out weaknesses in others...
> >
> > > 2) An informal competition among friends.
> >
> > CDMF coding is very old, nothing new.
>
> Must we only ever be on the bleeding edge? Remember that this
newsgroup
> is read not just by experts and deep-level hobbyists, but also by
people
> who are interested in cryptology and like to dabble in it, but don't
> have the expertise of some of the regular posters here. You're still
at
> school, I believe, and yet it's pretty clear that (no matter how much
> one or two of the regs bite you on occasion) you know a damn sight
more
> about crypto than I do. But that doesn't stop me being interested in
> crypto, and even having a go at learning more about it, and what
applies
> to me undoubtedly applies to others too. You might consider CDMF
> (whatever the hell that is) to be old hat, but to others it may yet be
> just beyond, or perhaps on, the horizon of their current knowledge. In
> other words, we all have to start somewhere.
I agree that we are all at different levels, but honestly CDMF is not
really that interesting. It works like this... input 56-bit key... out
pops 40-bit key.
> >
> > > 3) 'Kid sister' cryptography (i.e. a not very threatening* threat
> > > model).
> >
> > Why not just xor 0xAA against the plaintext?
>
> "Threat model" is a sliding scale from "none" to "NSA, GCHQ, KGB, or
> alien invaders from the Andromeda Galaxy" and, for the genuinely
> paranoid, upward from there. There will be a point on that scale where
> the level of security provided by 40-bit DES or its equivalent is
> necessary and sufficient.
40-bit DES (40 bit keys in general) don't provide any real security,
just slightly annoying...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Daniel Leonard <[EMAIL PROTECTED]>
Subject: Re: Works the md5 hash also for large datafiles (4GB) ?
Date: Fri, 20 Oct 2000 12:16:56 GMT
On Fri, 20 Oct 2000, Runu Knips wrote:
> That of course doesn't mean it has to be SHA512. I think after SHA512
> is out, there will be other hashes with that output size as well. I
> had never liked the fact that the largest output size of a serious
> hash was only 192 bits (Tiger/192), even if this would fit all
> practical requirements for the moment. Schneier suggests not to use
> ciphers with less than 112 bit keys. So the minimum size for a
> hash should be 224 bits, shouldn't it ?
You forget HAVAL that can go to 256 bits, RIPEMD256 ad RIPEMD320, and
finally SNEFRU that can also do 256 bits hashes. But please define
"serious hash".
==========
Daniel L=E9onard
OGMP Informatics Division E-Mail: [EMAIL PROTECTED]
D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149
Universit=E9 de Montr=E9al Fax : (514) 343-2210
Montr=E9al, Quebec Office: Pavillon Principal G-312
Canada H3C 3J7 WWW : http://megasun.bch.umontreal.ca/~leonard
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Counting one bits is used how?
Date: 20 Oct 2000 12:26:11 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
+---------------
| Rob Warnock wrote:
| > Exercise for the reader:
|
| I hate this arrogance of the mathematicans.
+---------------
Hey, how did you know I had a Math degree? ;-} ;-}
No, seriously, for anyone who's done any work at all with GF arithmetic,
it's a trivial exercise, hardly worth the trouble of typing in. And for
a newbie who wants to get his hands dirty, it's only a few minutes (or
hours, at most) of thinking about the problem. Might be fun, who knows?
If you're *really* impatient, see the code [SPOILER!!] at the bottom of:
<URL:http://www.landfield.com/faqs/compression-faq/part1/section-26.html>
But you'll only really understand it if you work it out for yourself anyway,
so why not start by doing it yourself, and then only compare solutions
after you have something working?
-Rob
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
Network Engineering http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. PP-ASEL-IA
Mountain View, CA 94043
------------------------------
Date: Fri, 20 Oct 2000 14:31:07 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Works the md5 hash also for large datafiles (4GB) ?
Daniel Leonard wrote:
> On Fri, 20 Oct 2000, Runu Knips wrote:
>
> > That of course doesn't mean it has to be SHA512. I think after SHA512
> > is out, there will be other hashes with that output size as well. I
> > had never liked the fact that the largest output size of a serious
> > hash was only 192 bits (Tiger/192), even if this would fit all
> > practical requirements for the moment. Schneier suggests not to use
> > ciphers with less than 112 bit keys. So the minimum size for a
> > hash should be 224 bits, shouldn't it ?
>
> You forget HAVAL that can go to 256 bits, RIPEMD256 ad RIPEMD320, and
> finally SNEFRU that can also do 256 bits hashes. But please define
> "serious hash".
The RIPE MD paper says clearly that 'RIPE MD256 doesn't offer more
security than RIPE MD128, it is only for people which need a longer
hash'.
HAVAL was a weak hash function anyway, if I remember correctly.
SNEFRU - well I don't know.
The most serious hash functions all have relatively small outputs,
160 or 192 bits.
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Counting one bits is used how?
Date: 20 Oct 2000 12:34:20 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
+---------------
| bubba wrote:
| > I have seen the two variations you describe call Galois LFSR and
| > Fibonacci LFSR.
+---------------
I just ran into those terms the other day, but had forgotten them.
Thanks for reminding me. (Now if I can only remember which is which...)
+---------------
| > But I don't think properly chosen polynomials
| > can cause them to produce the same output.
|
| There is some fuzz on the term "output" in this context. One can
| interpret the "output" to be the most recently generated bit or
| "output" can mean the contents of the register.
+---------------
I meant it in the former sense, the sequence of bits shifted out of
the register.
I have at least one text that claims that the two feedback styles
can generate the same output-bit-stream sequence if one style uses
the reciprocal polynomial of the other. [I'll look up the exact
reference, of anyone thinks it's a biggy...]
-Rob
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
Network Engineering http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. PP-ASEL-IA
Mountain View, CA 94043
------------------------------
Crossposted-To: comp.lang.perl.misc
Subject: Re: Rijndael in Perl
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Fri, 20 Oct 2000 12:34:38 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
> those who know me have no need of my name wrote:
> > <[EMAIL PROTECTED]> divulged:
> >
> > >Anyone that knows if Rijndael exists in Perl yet and/or if someone's
> > >working on it?
> >
> > ummm. how would one protect the plaintext?
>
> I've no clue what you're actually asking. The plaintext is guarded
> by transforming it to ciphertext using some encryption routine, for
> example Rijndael. But the simple fact that you know what 'plaintext'
> is means you already know that.
>
> So what do you want to know ???
I think he meant how I can use Perl to avoid attacks where the attacker
looks at what's "left behind" (tempfiles, diskswapping...).
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
on the verge of frenzy - i think my mask of sanity is about to slip
---���---���-----------------------------------------------���---���---
\O/ \O/ �99-00 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: [EMAIL PROTECTED] (Rasputin)
Crossposted-To: comp.lang.perl.misc
Subject: Re: Rijndael in Perl
Reply-To: [EMAIL PROTECTED]
Date: Fri, 20 Oct 2000 13:03:04 GMT
[EMAIL PROTECTED] <Tony L. Svanstrom> wrote:
>Runu Knips <[EMAIL PROTECTED]> wrote:
>
>> those who know me have no need of my name wrote:
>> > <[EMAIL PROTECTED]> divulged:
>> > >Anyone that knows if Rijndael exists in Perl yet and/or if someone's
>> > >working on it?
>> > ummm. how would one protect the plaintext?
>> I've no clue what you're actually asking. The plaintext is guarded
>> by transforming it to ciphertext using some encryption routine, for
>> example Rijndael. But the simple fact that you know what 'plaintext'
>> is means you already know that.
>I think he meant how I can use Perl to avoid attacks where the attacker
>looks at what's "left behind" (tempfiles, diskswapping...).
Don't use tempfiles, and encrypt your swap.
OpenBSd does this, (using Rijndael, funnily enough)
I'd imagine other decent OSes could be patched.
It's not really perl's job.
--
Rasputin.
Jack of All Trades - Master of Nuns.
------------------------------
Date: Fri, 20 Oct 2000 15:06:27 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.perl.misc
Subject: Re: Rijndael in Perl
"Tony L. Svanstrom" wrote:
> I think he meant how I can use Perl to avoid attacks where the attacker
> looks at what's "left behind" (tempfiles, diskswapping...).
Interesting.
I don't even know the answer for C. Is it actually possible with
Windows or Linux to get memory which isn't swappable ? As an
ordinary user process, or as a administrator process ?
------------------------------
From: [EMAIL PROTECTED] (Rob Warnock)
Subject: Re: Efficient software LFSRs
Date: 20 Oct 2000 13:22:20 GMT
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
+---------------
| This is a brief summary of a technique for implementing efficient LFSRs
| in software. The mechanism involves generating successor states a word
| at a time rather than a bit at a time. In order to accomplish this
| parallelism inter-tap dependencies must be eliminated.
+---------------
I'm not sure what you mean by "inter-tap dependencies" here. The code at
<URL:http://www.landfield.com/faqs/compression-faq/part1/section-26.html>
will work with *any* set of feedback bits using the Galois arrangement, in
which the XOR gates (for the non-zero polynomial coefficients) are between
the register stages. [Note that the Fibonacci configuration has to have
a single huge N-input XOR, which is a lot slower in both hardware *and*
software (unless you have a single-cycle pop-count instruction) for dense
polynomials than the Galois configuration.]
By the way, I found several pages with diagrams of the two styles. Figures
1 & 2 in <URL:http://www.cs.berkeley.edu/~iang/isaac/hardware/main.html>,
or <URL:http://www.cdg.org/tech/a_ross/LFSR.html> (which shows that the
"reciprocal polynomial" I was talking about is actually just a reversed
numbering of the coefficients).
Finally, <URL:http://www.repairfaq.org/filipg/LINK/F_crc_v33.html> has a
good detailed derivation of software input-byte-at-a-time table-driven CRCs
(primitive LFSRs + data input) for the Galois wiring.
-Rob
=====
Rob Warnock, 31-2-510 [EMAIL PROTECTED]
Network Engineering http://reality.sgi.com/rpw3/
Silicon Graphics, Inc. Phone: 650-933-1673
1600 Amphitheatre Pkwy. PP-ASEL-IA
Mountain View, CA 94043
------------------------------
Date: Fri, 20 Oct 2000 15:24:23 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.perl.misc
Subject: Re: Rijndael in Perl
Rasputin wrote:
> [EMAIL PROTECTED] <Tony L. Svanstrom> wrote:
> >Runu Knips <[EMAIL PROTECTED]> wrote:
> >> those who know me have no need of my name wrote:
> >> > <[EMAIL PROTECTED]> divulged:
> >> > >Anyone that knows if Rijndael exists in Perl yet and/or if
> >> > >someone's working on it?
> >> > ummm. how would one protect the plaintext?
> >> I've no clue what you're actually asking. The plaintext is guarded
> >> by transforming it to ciphertext using some encryption routine, for
> >> example Rijndael. But the simple fact that you know what
> >> 'plaintext' is means you already know that.
> >I think he meant how I can use Perl to avoid attacks where the
> >attacker looks at what's "left behind" (tempfiles, diskswapping...).
>
> Don't use tempfiles, and encrypt your swap.
> OpenBSd does this, (using Rijndael, funnily enough)
> I'd imagine other decent OSes could be patched.
I would be surprised if Linux would get such a feature, because
encrypting the swap of course slows it down substantly.
> It's not really perl's job.
Yep.
------------------------------
Date: Fri, 20 Oct 2000 14:39:42 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: What is desCDMF?
Tom St Denis wrote:
>
<much snippage, to avoid a tis/tisn't exchange>
> And BTW I am kinda ashamed to say this I have never tried to break
> pen&paper ciphers before. I have broken a few digital ciphers and can
> point out weaknesses in others...
I don't know that it's anything to be /ashamed/ of...
As it happens, the Vigenere cipher I mentioned was 'digital', in that it
was coded on a PC. It was done by a colleague who simply asked me, "I
wonder if you can crack this?". It took me a couple of hours of thought
and coding to do it. (This is actually the most advanced cryptanalysis
I've ever done!)
But I've done pen and paper cryptanalysis too - I spent a thoroughly
enjoyable half hour or so showing my sons how to crack a monoalphabetic
substitution cipher, using a ciphertext from a puzzle magazine.
Curiously, it probably would have taken me /longer/ to do on a PC than
by hand, because I'd have tried to write the last word in mono sub
cipher cryptanalytic tools, whereas doing the decryption on paper was
clearly a this-case-only thing.
If it doesn't interest you to play with pen and paper ciphers, why
bother? But for those who enjoy that kind of thing, maybe that's the
kind of thing that that kind of person enjoys, and who are we to deny
them that pleasure?
And the same applies to 40-bit DES keys. :-)
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
