Cryptography-Digest Digest #995, Volume #12 Tue, 24 Oct 00 18:13:00 EDT
Contents:
Re: Huffman stream cipher. (Tom St Denis)
Re: Quasi philosphical question regarding Index of Coincidence (John Myre)
Re: Rijndael and PGP (Tom St Denis)
I am after a simple one-way encryption algorithm ("William Smith")
[a bit OT] Re: Huffman stream cipher. (Richard Heathfield)
Re: Finding Sample implementation for DES and IDEA ([EMAIL PROTECTED])
Re: Rijndael and PGP (Tom McCune)
Re: inquiry to 2 key servers resulted in failures ... (jungle)
Re: I am after a simple one-way encryption algorithm (Tom St Denis)
Re: [a bit OT] Re: Huffman stream cipher. (Tom St Denis)
Re: Rijndael and PGP (David Crick)
Discrete Log Question (Kent Briggs)
Re: On block encryption processing with intermediate permutations (Bryan Olson)
Re: Discrete Log Question (Ian Goldberg)
Re: SHA-384 and SHA-512 (Bryan Olson)
Re: Discrete Log Question (Mok-Kong Shen)
Re: Discrete Log Question (Kent Briggs)
Re: inquiry to 2 key servers resulted in failures ... (Lord Running Clam)
Re: Steganography books (zapzing)
Re: Rijndael implementations (Daniel James)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Huffman stream cipher.
Date: Tue, 24 Oct 2000 18:13:23 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (Richard Heathfield) wrote in
> <[EMAIL PROTECTED]>:
>
> >Tom St Denis wrote:
> >>
> >> In article <[EMAIL PROTECTED]>,
> >> Richard Heathfield <[EMAIL PROTECTED]> wrote:
> >> > Tom St Denis wrote:
> >> > >
> >
> ><big snip>
> >
> >> > > Also I use "void main(void)" quite a bit, I know it's wrong,
> >> >
> >> > Then why do it? :-)
> >>
> >> Because it's a bad habit and my ms-dos machine can take it.
Honestly
> >> though if I release source code (i.e on my website) I will not take
> >> offense to critism and suggestions (hint hint).
> >
> >I'll be happy to check over it at the weekend if I get time, but only
> >from a C point of view, not from a crypto point of view!
> >
> >[I presume, by the way, that <<< means either 'rotate left' or 'left
> >shift a LOT* :-) ]
> >
>
> I have not seens Tommy email but assuming your making fun of his
> the synbol "<<" you would be right it could mean either "rotate left"
> or "shift left" it is one of the machine dependent features of good
> old C. So maybe in your proper dream world it should not ever be used.
> When I get on a new machibe I play with it to see what it does,
Often << means shift left and <<< means rotate left. Both which are
machine independent. On *any* binary computer a << will multiply by a
power of two.
I don't see the relevence of your rant.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Quasi philosphical question regarding Index of Coincidence
Date: Tue, 24 Oct 2000 12:12:21 -0600
[EMAIL PROTECTED] wrote:
<snip>
> Would you a) assume that ..
> --or-- b) ...
<snip>
General comment: when you don't know exactly what scheme
you are attacking, you try different guesses (assumptions)
and see which works best. You don't pick one a priori
and ignore other possibilities. Also, which guesses you
try depends on what you know about the specific case.
General rules like "try A before B" are still only right
within certain contexts.
JM
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Rijndael and PGP
Date: Tue, 24 Oct 2000 18:15:25 GMT
In article <bsgJ5.161$[EMAIL PROTECTED]>,
"George Gordon" <[EMAIL PROTECTED]> wrote:
> Rijndael and PGP. What's the word on this?
>
You have succesfully named two buzzwords. Your homework is to study
why your question is stupid.
Honest, the ciphers in PGP (IDEA, CAST, 3DES) are secure enough, adding
Rijndael will ****NOT**** make PGP any better or usefull then it
already is.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "William Smith" <[EMAIL PROTECTED]>
Subject: I am after a simple one-way encryption algorithm
Date: Tue, 24 Oct 2000 19:48:26 +0100
Hi,
What is the simplest way to encrypt passwords using a one way algorithm from
a perl script. I wish to hold user passwords in a data file which can then
be used to validate passwords which are entered.
Any help appreciated.
William Smith
[EMAIL PROTECTED]
------------------------------
Date: Tue, 24 Oct 2000 19:33:55 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: [a bit OT] Re: Huffman stream cipher.
Tom St Denis wrote:
>
<snip>
>
> Often << means shift left and <<< means rotate left. Both which are
> machine independent. On *any* binary computer a << will multiply by a
> power of two.
Sure about that? Try the following on a S16ILxx machine (i.e. short int
is 16 bits, int and long are <whatever> - your own machine at home is
almost certainly of this kind, even if it's an old DOS machine):
#include <stdio.h>
int main(void)
{
short int i;
i = 33000;
i <<= 1;
printf("i=%hu\n", i);
i = -1;
i <<= 1;
printf("i=%hu\n", i);
return 0;
}
:-)
unsigned short solves the second problem. The first problem is insoluble
in the sense that eventually any native integer type will run out of
bits on the left.
>From a crypto point of view, this matters little, since you already know
you have to use bignums if you want really big values, and the shifting
does exactly what you want it to do (as long as you remember to use
unsigned integer types when shifting).
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Finding Sample implementation for DES and IDEA
Date: Tue, 24 Oct 2000 18:43:35 GMT
In article <8t45on$4nl$[EMAIL PROTECTED]>,
Steven Wu <[EMAIL PROTECTED]> wrote:
> Hi Jan,
>
> Thanks for your guide. I got the IDEA, but I still could not found
DES
> source on thoese sites. Could your like to help me again?
>
> -Steven
> [EMAIL PROTECTED]
>
I wrote a sample DES implementation in C (ECB mode only), with some
test vectors in the code. And because I wrote it, it's ugly, badly
written, slow, uses too much memory, terribly inefficient,etc. of
course :). But it works.
http://www.geocities.com/WallStreet/Bureau/1195/des.c
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Rijndael and PGP
Date: Tue, 24 Oct 2000 18:53:22 GMT
=====BEGIN PGP SIGNED MESSAGE=====
In article <8t4jjk$hq9$[EMAIL PROTECTED]>, Tom St Denis
<[EMAIL PROTECTED]> wrote:
<snip>
>Honest, the ciphers in PGP (IDEA, CAST, 3DES) are secure enough, adding
>Rijndael will ****NOT**** make PGP any better or usefull then it
>already is.
Don't forget that PGP 7.0 includes Twofish.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Privacy 6.5.8
Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
iQEVAwUBOfXbUDYk/PXew/BzAQEwjwgAgdBSLdBUzgGZCBW/kzswJrepCf4HFMUH
+21g51iAm30ZEPTZT56UugtKgTTGrVBaHoVmCwVaTLJy4owzHS9Edhv/CNHju3tW
LGrWXbZIlKSOgnHBHPparSZ5lGvURZhVQSUSgDwjd2tRllN1OuO8yqenRjcdgGX4
jA51K5XfxEQ0vRlKorPKt980ZReNkFzP0BScz9NrkwarIUIXU/Lf1KWt5vxljw9e
dcFFEb3xnP+CNTUOrO543Kavv/MgshEka7t9gxJHhde5Zx93OcvcKTp7b4y2TR7t
GtF9kqW5EjaozJKFHlP4p0P8EeEaD+Nv9kNAcKW9RL0KnMRB82IEmQ==
=+fim
=====END PGP SIGNATURE=====
------------------------------
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
Subject: Re: inquiry to 2 key servers resulted in failures ...
Date: Tue, 24 Oct 2000 15:00:53 -0400
same problems now ...
noone dare to intervene with ?
jungle wrote:
>
> inquiry to 2 key servers resulted in failures ...
>
> at server http://pgpkeys.mit.edu:11371
> response was unknown response from server
>
> at server ldap://certserver.pgp.com
> response was server open failed
>
> what the f___k is going on ?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: I am after a simple one-way encryption algorithm
Date: Tue, 24 Oct 2000 19:14:36 GMT
In article <8t4klv$9jn$[EMAIL PROTECTED]>,
"William Smith" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> What is the simplest way to encrypt passwords using a one way
algorithm from
> a perl script. I wish to hold user passwords in a data file which can
then
> be used to validate passwords which are entered.
>
> Any help appreciated.
You don't want an encryption algorithm at all my friend.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: [a bit OT] Re: Huffman stream cipher.
Date: Tue, 24 Oct 2000 19:14:02 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> <snip>
> >
> > Often << means shift left and <<< means rotate left. Both which are
> > machine independent. On *any* binary computer a << will multiply
by a
> > power of two.
>
> Sure about that? Try the following on a S16ILxx machine (i.e. short
int
> is 16 bits, int and long are <whatever> - your own machine at home is
> almost certainly of this kind, even if it's an old DOS machine):
The fact that the result overflows bears little on the fact that it's
still doing the same thing.
i.e
int x = 4; x <<= 1; printf("%d\n", x"); output: 8
By your example I could do long x = (1<<31); x <<= 1; and be very
disapointed...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: Rijndael and PGP
Date: Tue, 24 Oct 2000 20:21:59 +0100
Tom McCune wrote:
>
> >Honest, the ciphers in PGP (IDEA, CAST, 3DES) are secure enough, adding
> >Rijndael will ****NOT**** make PGP any better or usefull then it
> >already is.
>
> Don't forget that PGP 7.0 includes Twofish.
The NAI PGP developers have stated (before Rijndael was selected)
that they might include Rijndael in PGP if it was selected, but that
Twofish was the cipher that they considered suited their needs and
goals better.
OpenPGP specifications it should be noted, allow for the inclusion
of AES in it's three variants - 128, 192 and 256-bit keys. It would
be plausible therefore that we see Rijndael - in the guise of AES -
included in implementations such as GPG, even if NAI chose not to
use it in their own releases.
I expect NAI will include it though - having the "AES" buzzword in
their product would be a marketing feature too good to pass up, if
nothing else.
--
+-------------------------------------------------------------------+
| David A. Crick <[EMAIL PROTECTED]> PGP: (OCT-2000 KEY) 0xE0F73D98 |
| Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
+-------------------------------------------------------------------+
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Discrete Log Question
Date: Tue, 24 Oct 2000 20:07:16 GMT
Using the equation:
y = g^x mod p
we know that finding x is a hard problem when y, g, and p are known (and
p is a large prime). However, what if y, x, and p are known and you
want to solve for g? Is that an equally hard problem?
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Tue, 24 Oct 2000 20:07:15 GMT
Mok-Kong Shen wrote:
> In the one block (u,v) case, through encrypting a few
> hundred times, one achieves that all possible combinations
> of permutations (assumed taking place with equal frequency)
> occur in the inter-cycle permutation processes. With 6
> such processes one gets 2^6 different kinds of ciphertext
> blocks of the type (a,b), each with equal frequency. Is
> that right?
Yes.
> BTW, I don't understand why do you want to limit to 6
> and don't allow 7 permutation processes which is the
> actual situation. Does that cause difficulties to your
> attack?
I read your proposal as inserting the permutation between
cycles of the block cipher. You later suggested replacing one
of the permutations with the identity, effectively removing
the permutation step. Thus I got that an eight-cycle cipher
would have six permutations. Seven would cause no major
difficulty.
> By the same argument, in the two block (u,v,u,v) case
> (with the same u and v as above) one gets 8^6 different
> kinds of ciphertext blocks of the type (c,d,e,f),
> again each with equal frequency. Is that right also?
No. The total number is higher than that, and they are not
all equally probable. Fortunately for the attacker, the ones
he's looking for are the most likely. They are the outputs
for which the first five of the six permutations preserved
block equality.
Why are these the most probable? Because if the output of a
permutation is two equal blocks, then the next random
permutation has fewer possible outcomes.
Let's look at a case reduced to two permutations (three block
cipher cycles). We start with message (u, v, u, v). The
cipher cycle always preserves block equality - the same input
produces the same output. After the first cycle, we have (w,
x, w, x).
The permutation of (w, x, w, x) has six possible outcomes, all
with probability 1/6. Two of these outcomes consist of two
equal blocks (w, x, w, x) and (x, w, x, w), the other four
have two distinct blocks. The second cipher cycle preserves
block equality, but the four un-equal blocks will usually be
mapped to texts of four distinct words (a, b, c, d).
If the first permutation preserved block equality, then the
last permutation receives a text of two equal blocks (x, y, x,
y), and has six possible outcomes. If the first permutation
did not preserve block equality, then the second permutation
receives (a, b, c, d) and has 24 possible outcomes.
There are thus twelve possible outcomes in which the first
permutation preserved block equality - two possible outcomes
from the first permutation, times six from the second. Each
has probability 1/6 * 1/6 = 1/36. There are 96 possible
outcomes in which the first permutation did _not_ preserve
block equality. Four outcomes from the first, times 24 from
the second. Each of those has probability 1/6 * 1/24 = 1/144.
We can check that 12 * 1/36 + 96 * 1/144 = 1, as expected.
That's a key insight to the attack: if the output of one
permutation is two equal blocks, then the input to the next is
two equal blocks and therefore the 24 possible permutations of
four items produce only six distinct outcomes (two of which
are also equal blocks). Of course that does not apply to the
last permutation, since there is no "next" permutation.
It is possible that the block cipher cycle could do something
strange, such as map (a, b, c, d) to (e, f, f, e). I regard
the probability of such things as negligible.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: Discrete Log Question
Date: 24 Oct 2000 20:46:33 GMT
In article <[EMAIL PROTECTED]>,
Kent Briggs <[EMAIL PROTECTED]> wrote:
>Using the equation:
>
>y = g^x mod p
>
>we know that finding x is a hard problem when y, g, and p are known (and
>p is a large prime). However, what if y, x, and p are known and you
>want to solve for g? Is that an equally hard problem?
Nope. Taking x'th roots mod a prime is easy (_very_ easy if x and p-1 have
no common factors; just find the inverse of x mod p-1 and raise each side
of the equation to that power).
Taking x'th roots mod a composite of unknown factorization is the RSA
problem, and is of course presumed hard.
- Ian
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: SHA-384 and SHA-512
Date: Tue, 24 Oct 2000 20:36:53 GMT
Mack wrote:
| Kent Briggs wrote:
> >Daniel Leonard wrote:
> >> BTW, why is it "128 bit" and not "128 bits" ?
> >
> >In that context, "bit" is an adjective, not a noun. The same
> >reason you say "5 car pileup" instead of "5 cars pileup".
> Since we are arguing english semantics.
>
> It should be 128-bit hash or 5-car pileup.
> The hyphen indicates a combined advective.
Correct in prenominal usage, as shown. If the adjective is
after the noun it modifies, omit the hyphen.
The MD5 hash, 128 bit, has fallen out of favor.
I learned this bit of trivial from a funny Crypto Rump Session
talk by Phil Rogaway. He was worried about "public key"
versus "public-key".
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Discrete Log Question
Date: Tue, 24 Oct 2000 23:13:13 +0200
Kent Briggs wrote:
>
> Using the equation:
>
> y = g^x mod p
>
> we know that finding x is a hard problem when y, g, and p are known (and
> p is a large prime). However, what if y, x, and p are known and you
> want to solve for g? Is that an equally hard problem?
g may not be very easy to find. But I suppose the problem has
a problem for application: There may be several g's satisfying
the equation, given y, x and p, while, if g is a generator and
g, y and p are given, the x satisfying the equation with
0 <= x <= p-2 must be unique.
M. K. Shen
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: Discrete Log Question
Date: Tue, 24 Oct 2000 21:10:16 GMT
Ian Goldberg wrote:
> In article <[EMAIL PROTECTED]>,
> Kent Briggs <[EMAIL PROTECTED]> wrote:
> >Using the equation:
> >
> >y = g^x mod p
> >
> >we know that finding x is a hard problem when y, g, and p are known (and
> >p is a large prime). However, what if y, x, and p are known and you
> >want to solve for g? Is that an equally hard problem?
>
> Nope. Taking x'th roots mod a prime is easy (_very_ easy if x and p-1 have
> no common factors; just find the inverse of x mod p-1 and raise each side
> of the equation to that power).
Darn, I thought I had come up with a new DL signature scheme but I now see
where it falls apart. Oh well, thanks for the info.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
Date: Tue, 24 Oct 2000 15:12:40 -0500
From: Lord Running Clam <Use-Author-Supplied-Address-Header@[127.1]>
Subject: Re: inquiry to 2 key servers resulted in failures ...
Crossposted-To: comp.security.pgp.discuss,alt.security.pgp
=====BEGIN PGP SIGNED MESSAGE=====
On Tue, 24 Oct 2000, jungle <[EMAIL PROTECTED]> wrote:
>same problems now ...
>noone dare to intervene with ?
>
>jungle wrote:
>>
>> inquiry to 2 key servers resulted in failures ...
>>
>> at server http://pgpkeys.mit.edu:11371
>> response was unknown response from server
>>
>> at server ldap://certserver.pgp.com
>> response was server open failed
>>
>> what the f___k is going on ?
Checked - 19:15 UTC
got through to the mit server.
certserver - failed.
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOfXStIer+ijnZohVAQGx6Af6Ajm1wvKwdyCOh+rgiSgC7b1Di4NnsbOw
mVZW7JpyY7camBBdPU56+BKl1WcvjsjjKyCo6d5eFs8NbHqdoYAqGbbG/6sfk8lt
+U6pI0DYdllyhc4JUCGhY+R+MJp2JKAEkP7ZgKaFhSdHKmo9LsWw76h72XPQ8L9s
rLesKUgZyFji8t9mQmm4i9u2pYIwYjFlXqh9SPGWzQTuw5gpoNt0ohv4wQdDHxQD
unAkt/fw/iajNjZm6E2lfwvWa5ujegMBIb4kk/lPAnjm5NfLzVGb2pVdMkYgoJyM
kA4XCfvUjj1kZLvM7+Z0z3VYo4mC3N3Pu6L+5AH7hkXSX04RQabnqg==
=Y26i
=====END PGP SIGNATURE=====
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: Steganography books
Date: Tue, 24 Oct 2000 21:11:15 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (wtshaw) wrote:
> In article <8t1og6$5s3$[EMAIL PROTECTED]>, zapzing
<[EMAIL PROTECTED]> wrote:
> > >
> >
> > Actuall since inked or uninked paper is a
> > solid, the term "spectral lines" doesn't
> > really even apply, since solids generally
> > do not have spectral lines, but rather
> > retransmit over a continuous region of the
> > spectrum.
> >
> Then, according to this line of thinking, problems that exist should
not.
>
> After exitation, atoms radiate according to their specific quantum
jumps
> to lower states releasing vibrating photons of various frequencies.
Yes, they do, but technically a spectral "line"
is a very high concentration of energy in an
extramly narrow bandwidth, a "delta" function
as it were, as you would observe
in the response of a gas. Solids generally have
more spread out responses. They have spectral
distributions, but they are not generally called
"lines" since their distributions are more
curvey than spikey.
> Colored radiations have spectra, which is the area that I am looking
at.
> How true the colors are as spit/sensed is the crux of the problem.
> Illumination sources makes a difference in resonance with sensor
> capabilities, as certain frequencies excite certain orbital changes
better
> than others.
Couldn't you just specify a standardized
light source?
--
Void where prohibited by law.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Tue, 24 Oct 2000 22:34:03 +0100
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Richard Heathfield
wrote:
> I think you'll find that for a 32-bit quantity, 'dynner' is already in
> the literature. ;-)
What! Only 4 bytes to a dynner? /Somebody's/ on a dyet!
(Sorry, I couldn't resist - but we /do/ need to keep some terms in
reserve for 64-bits, 128, etc..)
Cheers,
Daniel.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
