Cryptography-Digest Digest #986, Volume #12 Mon, 23 Oct 00 12:13:01 EDT
Contents:
Looking for Binarys ("Darren Forward")
Re: Encrypting a file using Rijndael
Re: Help ,Does anybody know ??? ([EMAIL PROTECTED])
Re: Rijndael implementations (Daniel James)
Re: who first will break claim that DVD pattern of imprints can't be tampered with,
erased or falsified ? (H.Bruijn)
Re: What is meant by non-Linear... (Tim Tyler)
Re: Rijndael implementations (Tim Tyler)
Re: Looking for Binarys (Tim Tyler)
Re: ---- As I study Rinjdael... (Tim Tyler)
Ann: BeeCrypt 1.1.2 is available. (Bob Deblier)
Re: ---- As I study Rinjdael... (John Savard)
Re: Huffman stream cipher. (SCOTT19U.ZIP_GUY)
Re: Help ,Does anybody know ??? (SCOTT19U.ZIP_GUY)
Re: new to data encryption please help (SCOTT19U.ZIP_GUY)
Re: ---- As I study Rinjdael... (SCOTT19U.ZIP_GUY)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Darren Forward" <[EMAIL PROTECTED]>
Subject: Looking for Binarys
Date: Mon, 23 Oct 2000 11:17:32 +0100
Please help looking for Binary to count frequency, and find pattern.
Kind regards
Darren Forward.
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Encrypting a file using Rijndael
Date: Mon, 23 Oct 2000 06:24:53 -0400
You simply encrypt successive blocks (of whatever size you
have assembled for) until the ehtire file has been encrypted. If the
last block is not complete, you still encrypt a full block, and
on decryption the 'garbage' at the end will be restored.
========
My home page URL=http://www.afn.org/~afn21533/ Robert G. Durnal
Hosting RIJNDAEL, the AES winner, in CFB block [EMAIL PROTECTED]
chaining mode with key hashing. Source and docs [EMAIL PROTECTED]
available on home page as tinyrijn.zip, 484 bytes.
On Sun, 22 Oct 2000, mac wrote:
> Hello!
>
> I've somehow managed to make an implementation of Rijndael in C++ that
> encrypts a single string and would like to add an option of encrypting a
> whole file. I don't know what's the standard for doing this. Is every null
> terminated string in a file encrypted separatelly or do I treat the whole
> file as one array of 8-bit bytes no matter of null-characters. Of course, it
> is not the same and if someone else would try to decrypt it using the other
> method, result wouldn't be the original plain text.
>
> Thank you in advanced.
>
>
>
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help ,Does anybody know ???
Date: Mon, 23 Oct 2000 10:43:53 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> It is not that hard to code your self. But it
> is not considered a strong method of encryption. It
> has lots of weaknesses.
RSA is not considered strong encryption? That's news to me. RSA is as
far as anyone knows a strong encryption method because of the difficulty
of factoring large numbers. If you chose large enough primes to generate
your private key, it is comparable in strength to many good block
ciphers (if not even better). The reason it is not often used for file
encryption is that it is slow when working with large amounts of data.
Hence, it's a great method for exchanging keys (which are small compared
to most files).
The most obvious way to encrypt a file using RSA (and the way PGPDisk
does it), is to encrypt the symmetric key used for a block cipher such
as CAST with RSA, and then encrypt the file using the (faster) block
cipher.
If you have made a breakthrough in factoring large numbers, then please
let everyone know. You might even be up for a nobel prize in
mathematics.
- Magnus
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Mon, 23 Oct 2000 11:59:07 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Tim Tyler wrote:
> "Word" has much less strong connotations of 32 bits than byte has of 8
> bits. Nor is information commonly measured in words - there is no
> KiloWord - or MegaWord.
Indeed. In the PC world - even on today's 32-bit architectures - WORD still
means 16 bits, DWORD means 32 (and QWORD means 64). It's silly calling a
32-bit quantity a double word on a machine with 32-bit words, but there it
is.
> There are other differences as well. I do think a fixed size 32-bit unit
> is a desirable thing to have a term for. I would rather strongarm "int"
> into this service than "word" (although "int" comes with baggage of its
> own). Perhaps there's an existing technical term for 32-bit units.
"int" would be a poor choice, as there are many architectures on which int
has other meanings. I quite like "mouthful" for 4 bytes but I don't
seriously advocate its adoption <smile>.
> Well, I think the current situation is a mess. If given a blank slate,
> I'd have "byte" nailed down to meaning "8 bits" - and some more obscure
> technical term meaning "the volume of information used to represent a
> character".
I think we're all agreed that - given a clean slate and a time machine -
we'd outlaw architectures using wordlengths that are not multiples of 8
before any fool could invent one. Unfortunately we don't have those
luxuries.
> : You're misusing "architecture-dependent" here, but the important
> : point is that one could just as well complain than you want to
> : "pollute" a long-established term that denotes sub-word contiguous
> : bit field by burdening it with additional constraints.
>
> The motiviation for my view is clear enough. As it stands byte means
> "sub-word bitfield" - but it /also/ means "8 bits" - as in Kbyte and
> Mbyte. This is confusing, and needlessly so.
I understand your view - and I agree that life is needlessly confusing. The
source of the confusion is real, however: some words have more than one
established meaning. It's unfortunate but it's so. It may be true that
there would be less confusion if it were not so, but it's awfully hard to
persuade the world to change its habits - and doing so might well cause
even more confusion. Much better to learn to live with it, and to become
more sensitive to context.
This is so off-topic that I'm tempted to set followups to
alt.usage.english, but without the context of the rest of this discussion I
fear it would just cause confusion there <smile>.
Cheers,
Daniel.
------------------------------
From: [EMAIL PROTECTED] (H.Bruijn)
Subject: Re: who first will break claim that DVD pattern of imprints can't be
tampered with, erased or falsified ?
Date: 23 Oct 2000 12:16:12 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 23 Oct 2000 03:40:52 -0400, jungle allegedly wrote:
>who first will break claim that DVD pattern of imprints can't be tampered with,
>erased or falsified ?
>http://www.wired.com/news/print/0,1294,39351,00.html :
>
>FINGERING THE DVD PIRATES
>
>Benjamin Bachrach, Intelligent Automations' senior scientist, said the
>DiscPrint system uses a laser sensor to build a 3-D map of the surface of the
>disk, looking for the unique pattern of imprints.
>
>"The stamping plate has some imperfections that are involuntarily transferred
>to the CD itself," he said. "Just like a bullet fired from a gun."
>
>Bachrach said that, unlike other coding technologies, the pattern of imprints
>can't be tampered with, erased or falsified.
>
Basically what they claim is that the dvd/cd stamping process leaves
certain marks on the product. Forensic science can then tie a certain
machine to the discs it produced. Just like in the old detectives where
the note printed with a mechanical type writer can be used to tie the
owner of it to a crime.
The thing is, this would be the last stage in an investigation, where
the printing plant has already been identified, but you want to have
conclusive evidence that you have the correct location where the pirated
copies where poduced. To stick with the first anology; you need to find
the gun to tie it to a bullet fired from that gun.
I would say it's just a question of replacing the parts that are
responsible for imprint. Just like a good gun smith can change the
barrel of gun, thus changing scratch marks that will be found on bullets
fired from the gun, changing the stamp and some of the other moving
parts will change the imprints. It's not an encryption scheme that you
can "break", it's the imperfection in any mechanical process. The copies
will never be perfect, and the imperfections in the copying process pro-
duce systematic errors in the end-product, rather then random ones.
--
If a trainstation is the place where trains stop, what is a workstation?
========================================================================
Herman Bruijn mail: [EMAIL PROTECTED]
The Netherlands website: http://hermanbruijn.com
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What is meant by non-Linear...
Reply-To: [EMAIL PROTECTED]
Date: Mon, 23 Oct 2000 12:20:12 GMT
Stephen M. Gardner <[EMAIL PROTECTED]> wrote:
: Tim Tyler wrote:
:> Like this (on a torus).
:>
:> 2 . . .
:> 1. . .
:> 0 . . .
:> 2 . . .
:> 1. . .
:> 0 . . .
:> 2 . . .
:> 1. . .
:> 0 . . .
:> +0 1 2 0 1 2 0 1 2 -> x
:>
:> I'm sure you can make out the straight line yourself.
: Doesn't this rule for plotting make any equation look linear as long as
: it jumps around enough to hit all the lattice points? How does this
: distinguish something that is non-linear (say y = x^2 + 1)?
I don't believe so. Here's the equivalent graph for that non-linear
function - /hopefully/ it speaks for itself.
2 . . . . . .
1. . .
0
2 . . . . . .
1. . .
0
2 . . . . . .
1. . .
0
+0 1 2 0 1 2 0 1 2 -> x
If you're thinking you can draw the same set of parallel lines as
in the previous diagram - if only you're prepared to put them closer
together - then I'd say that any such lines can be distinguished from one
another as different lines, by having different y (i.e. theta)
coordinates at the same x coordinate (although they have the same slope).
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Chaste makes waste.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Reply-To: [EMAIL PROTECTED]
Date: Mon, 23 Oct 2000 12:54:25 GMT
Daniel James <[EMAIL PROTECTED]> wrote:
: In article <[EMAIL PROTECTED]>, Tim Tyler wrote:
:> I do think a fixed size 32-bit unit is a desirable thing to have a
:> term for. Perhaps there's an existing technical term for 32-bit units.
: "int" would be a poor choice [...] I quite like "mouthful" for 4 bytes []
Wonderful. You could even spell it "moythful" to get more into the spirit
of deriving information units from natural words ;-)
:> The motiviation for my view is clear enough. As it stands byte means
:> "sub-word bitfield" - but it /also/ means "8 bits" - as in Kbyte and
:> Mbyte. This is confusing, and needlessly so.
: I understand your view - and I agree that life is needlessly confusing. The
: source of the confusion is real, however: some words have more than one
: established meaning. It's unfortunate but it's so. It may be true that
: there would be less confusion if it were not so, but it's awfully hard to
: persuade the world to change its habits - and doing so might well cause
: even more confusion. [...]
I'm not advocating some sort of crusade - I'm saying what I think
the terms would be best off meaning - and predicting that that is the
usage that will eventually become common.
I previously cited Java - where the 8-bit unit is called a "byte" (rather
than an octet), and /nobody/ calls the volume of storage occupied by its
16-bit unicode characters "bytes".
If this sort of usage gains ground it will probably be the dictionaries
that change, if they see their role as reflecting usage, rather than
trying to dictate it.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Looking for Binarys
Reply-To: [EMAIL PROTECTED]
Date: Mon, 23 Oct 2000 13:07:45 GMT
Darren Forward <[EMAIL PROTECTED]> wrote:
: Please help looking for Binary to count frequency, and find pattern.
It's not at all clear what you want - but it *might* be this:
#define BITCOUNT(x) (((BX_(x)+(BX_(x)>>4)) & 0x0F0F0F0F) % 255)
#define BX_(x) ((x) - (((x)>>1)&0x77777777) \
- (((x)>>2)&0x33333333) \
- (((x)>>3)&0x11111111))
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: ---- As I study Rinjdael...
Reply-To: [EMAIL PROTECTED]
Date: Mon, 23 Oct 2000 13:19:03 GMT
Scott Fluhrer <[EMAIL PROTECTED]> wrote:
: Tim Tyler <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
:> Eric Lee Green <[EMAIL PROTECTED]> wrote:
:> : Could you tell, just by looking at a file, whether it
:> : was encrypted via Rijndael, 3DES, IDEA, or NSA256?
:>
:> I can partly distinguish between sets of files encrypted with the above
:> algorithms. All I do is look at the size of the blocks.
: And how do you determine the block size [...?]
By simple inspection of more than one file.
: Especially if either they use a block cipher mode that does not require
: padding [...]
Like OFB? OFB has no shortage of problems of its own - partly due to a
1-1 mapping between plaintext bits and cypherttext bits. This gives it
the same lack of authentication as a OTP. It's unlikely that it would be
in use.
: [...] or alternatively, they always pad to a 256 byte boundary to
: partially foil traffic analysis?
If they padded /after/ encryption, that might well mix things up.
It would probably turn the answer to the question "is this file encrypted
via Rijndael, 3DES, IDEA, or NSA256?" into a "no", though - some other
scheme would have been used.
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ ILOVEYOU. --
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: Ann: BeeCrypt 1.1.2 is available.
Date: Mon, 23 Oct 2000 16:15:03 +0200
Hi all,
Virtual Unlimited has released version 1.1.2 of the BeeCrypt, an open
source low-level cryptography library. It is available for download at
http://beecrypt.virtualunlimited.com/. Precompiled versions can be found
on http://sourceforge.net/projects/beecrypt
This version's changes are:
- Fixed bugs in discrete logarithm domain parameter generators. The code
to make a generator of order q and (p-1) was wrong. This was pointed out
by Susumu Yamamoto.
- Added MD5 hash function.
Your feedback, comments, and bug reports are welcome at
[EMAIL PROTECTED]
Sincerely
Bob Deblier
Virtual Unlimited
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: ---- As I study Rinjdael...
Date: Mon, 23 Oct 2000 14:07:24 GMT
On Mon, 23 Oct 2000 13:19:03 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote, in
part:
>Scott Fluhrer <[EMAIL PROTECTED]> wrote:
>: And how do you determine the block size [...?]
>By simple inspection of more than one file.
Do look up "ciphertext stealing". It's even in the section
"Terminating Block Cipher Use" on my page at
http://home.ecn.ab.ca/~jsavard/crypto/mi060303.htm
and of course, one can use CFB mode which creates no need for special
actions at the end of an odd block as well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Huffman stream cipher.
Date: 23 Oct 2000 15:01:55 GMT
[EMAIL PROTECTED] (Richard Heathfield) wrote in
<[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>>
>> >But as for the mistakes, please notice that I said:
>> >
>> >"I had a quick look at your source code. He's right. It's hard to
>> >read, it's non-portable (I'd guess it's for DJGPP, but that's just a
>> >guess) and in at least one place it's incorrect. I couldn't look at
>> >it for long because it was so tiring."
>> >
>> >The "at least one place" is:
>> >
>> >void
>> >main()
>> >{
>> >
>>
>> I state that is written for DJGPP.
>
>No, you don't. You mention DJGPP in the source code as follows: "this
>works even for a 25meg test file on a 486 with 4 megs of memory because
>the gnu djgpp version of C handles virtual memory". This is not the same
>as saying the program is written purely for DJGPP.
>
>In the README file, however, you state: "ALso if you don't have GNU C
>good luck in rehosting."
>
>Well, I do have GNU C, so I tried it out on GNU C.
>
>[rjh@arc11] /home/rjh/scott > gcc -W -Wall -ansi -pedantic scott19u.c
>scott19u.c:5: pc.h: No such file or directory
>scott19u.c:6: keys.h: No such file or directory
>
>> If you have other compilers
>> you may have to change it. But the above is not an error it complies
>> and runs under DGJPP C.
>
>Well, let's find out. One install of DJGPP later (I presume you mean
>DJGPP, not DGJPP, by the way)...
>
>Here is the output I got:
>
>D:\alldata\dev\crypto\scott19u>gcc -W -Wall -ansi -pedantic scott19u.c
>In file included from scott19u.c:8:
I see your mistake. you should have used
gcc -O3 scott19u.c -o scott19u.exe
then it will work. Yes the "long long" type is not standard
blessed C but it is stadard DGJPP GNU C to get use of
64 bit chunks of data. GNU seems to have many advanced features
that allows one to do things normal C lacks.
I most also say that this did not compile on my original
486 intel PC I had to ship it encryped to my son to get it
to compile. But on my new machine a K6-III no problem. So if
you have low memory it will run out of space during compile.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Help ,Does anybody know ???
Date: 23 Oct 2000 15:11:45 GMT
[EMAIL PROTECTED] wrote in <8t14p9$mj4$[EMAIL PROTECTED]>:
>In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>> It is not that hard to code your self. But it
>> is not considered a strong method of encryption. It
>> has lots of weaknesses.
>
>RSA is not considered strong encryption? That's news to me. RSA is as
>far as anyone knows a strong encryption method because of the difficulty
>of factoring large numbers. If you chose large enough primes to generate
>your private key, it is comparable in strength to many good block
>ciphers (if not even better). The reason it is not often used for file
>encryption is that it is slow when working with large amounts of data.
>Hence, it's a great method for exchanging keys (which are small compared
>to most files).
>
Even the FAQ shows RSA is weak compared to most other encryption
methods. It is used for secrect key exchange since they are not many
other ways to do public key. But even you have the ability to read
the FAQ which shows that you need far longer keys then normal
encryption to get what the current open literature grus consider
safe.
It is weak since it is a zero information type of encryption where
one kows for sure that if a test key works then you have exactly the
file that was encrypted even if is random. There have been articles
saying how one could use choosen plaintext attacks agains pure RSA
encryption. Even MR BS or Wagner both of whom hate my guts would tell
you that it is a bad idea. Since you don't trust my word and you
seem to lazy to look into it. Why don't you ask THEM!
>The most obvious way to encrypt a file using RSA (and the way PGPDisk
>does it), is to encrypt the symmetric key used for a block cipher such
>as CAST with RSA, and then encrypt the file using the (faster) block
>cipher.
Obviously you were to lazy to check thread the original poster wanted
to use pure RSA for the whole thing.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: new to data encryption please help
Date: 23 Oct 2000 15:22:52 GMT
[EMAIL PROTECTED] (Dido Sevilla) wrote in
<[EMAIL PROTECTED]>:
>[EMAIL PROTECTED] wrote:
>>
>> hi
>> i am a biology student with nothing whatsoever to do with encryption
>> yet i have written some programs to do the same just for fun but now i
>> want to learn the real methods of doing it. Can anyone please help me ?
>> i would like to know any online references for beginners and if
>> possible books .
>
>
>Find a copy of Bruce Schneier's "Applied Cryptography". Try visiting
>http://www.cacr.math.uwaterloo.ca/hac/ as well. And read the FAQ too.
>There are lots of references there although admittedly it's somewhat
>dated. The Counterpane website (http://www.counterpane.com/) is another
>nice site with lots of useful information. They publish their research
>online and it's nice to be able to study how the professionals do it.
>
Beaware remember crypto is a black art. And part of the game is to
mislead people into how to do safe secure crypto. So any book you read
should be done with a jaundice eye. Try reading various sources and
don't buy any books. A good book to read is "THe code breakers"
"the Puzzle Palace" and checkout my site. I am a black sheep of
the open crypto community.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: ---- As I study Rinjdael...
Date: 23 Oct 2000 15:18:18 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>Scott Fluhrer <[EMAIL PROTECTED]> wrote:
>: Tim Tyler <[EMAIL PROTECTED]> wrote in message
>: news:[EMAIL PROTECTED]...
>:> Eric Lee Green <[EMAIL PROTECTED]> wrote:
>
>:> : Could you tell, just by looking at a file, whether it
>:> : was encrypted via Rijndael, 3DES, IDEA, or NSA256?
>:>
>:> I can partly distinguish between sets of files encrypted with the
>:> above algorithms. All I do is look at the size of the blocks.
>
>: And how do you determine the block size [...?]
>
>By simple inspection of more than one file.
>
>: Especially if either they use a block cipher mode that does not
>: require padding [...]
>
>Like OFB? OFB has no shortage of problems of its own - partly due to a
>1-1 mapping between plaintext bits and cypherttext bits. This gives it
>the same lack of authentication as a OTP. It's unlikely that it would
>be in use.
>
Tim I could be wrong but I will risk it. I don't think that
PGP is very secure even in the earily days. It is very easy to
use however. But I think PGP uses the OFB mode so I think one
would have to say it is used. However it may be used there becasue
of influence of the NSA. However I am only guessing JS may remember
what it is using. I only remember for sure that it used bad compression
and did not use CBC which John had thought for years.
>: [...] or alternatively, they always pad to a 256 byte boundary to
>: partially foil traffic analysis?
>
>If they padded /after/ encryption, that might well mix things up.
>
>It would probably turn the answer to the question "is this file
>encrypted via Rijndael, 3DES, IDEA, or NSA256?" into a "no", though -
>some other scheme would have been used.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Mon, 23 Oct 2000 18:00:01 +0200
Bryan Olson wrote:
>
> Here are a couple errata and one enhancement to the attack
>
> I wrote:
> > The cipher is
> > specified only as a Feistel cipher.
>
> Actually, Shen did not restrict it Feistel ciphers, though
> Feistel ciphers were specifically mentioned as candidates.
> The basic attack method applies to other types. The
> end-game of course depends upon the "cycle" structure of the
> cipher.
>
> [...]
> > Now how do we determine which pairs of 1-block ciphertext
> > descended from the same state before the last permutation?
> > If the Feistel cipher allows for very efficient solution of
> > the equations, we might just do it by exhaustive guessing.
> > If not, then we use more chosen ciphertext.
>
> Of course the last word there should be "plaintext", not
> "ciphertext".
>
> [...]
> > There is exactly one other class of ciphertexts from our
> > two-block plaintext with members as probable as the
> > equal-blocks and the sibling pairs. They appear when the
> > first five permutations preserve block equality, and the
> > last takes (x, y, x, y) to (x, x, y, y) or (y, y, x, x). We
> > can recognize these outputs by their frequency, and they
> > give us an alternative set of equations with which to attack
> > the last two rounds. Given that the output is (a, b, c, d),
> > there are words x and y such that,
Excuse me for my poor knowledge and comprehension ability
once again. I have to understand you stuff step by step.
So let me ask questions of the very first part (and later
on in another post about the remaining part). What do you
mean by having the 'first five permutations preserve block
equality'? I mean (1) What is preservation of block equality
and (2) How can the opponent achieve that since he has no
control at all of the PRNG.
Thanks.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
