Cryptography-Digest Digest #998, Volume #12 Wed, 25 Oct 00 10:13:01 EDT
Contents:
Re: Ciphers and Unicode (John Savard)
LinuxSecurity.com Speaks With AES Winner (Dave Wreski)
Decrypted Secrets (Peter Koppenaal)
Re: I can post absolutely anything on the Internet for you to download. (wtshaw)
Re: I can post absolutely anything on the Internet for you to download. (Matthew
Skala)
Re: Decrypted Secrets ("John A. Malley")
Re: Rijndael implementations (Richard Heathfield)
Re: Timestamping (Helger Lipmaa)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Andre)
Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom (Andre)
Re: Decrypted Secrets (John Savard)
Re: Efficient software LFSRs ([EMAIL PROTECTED])
Modes of Operation Workshop (Volker Hetzer)
Re: Rijndael file encryption question. ("Lassi Hippeläinen")
Re: Discrete Log Question (Zulfikar Ramzan)
Re: Rijndael file encryption question. (SCOTT19U.ZIP_GUY)
Re: Rijndael file encryption question. (Volker Hetzer)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Ciphers and Unicode
Date: Wed, 25 Oct 2000 02:59:28 GMT
On Mon, 02 Oct 2000 18:59:52 -0400, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote, in part:
>Ray Dillinger wrote:
>> One basic issue I see is that if we start writing english with a
>> 16-bit character set, ...
>External text formats should be UTF-8 encoded, which is no
>different from 7-bit ASCII for the characters in the ASCII
>codeset.
This is true.
I have been looking at UTF-8, and it is certainly very elegant and
symmetric, providing ease of processing and high compatibility with
7-bit ASCII.
But it is not terribly efficient. Only accented letters, and the
Hebrew and Arabic scripts have two-byte encodings; everything else
takes three bytes.
It works like this:
0abcdefg : the 7-bit character 0abcdefg
110abcde 10fghijk : the 11-bit character 00000abc defghijk
1110abcd 10efghij 10klmnop : the 16-bit character abcdefgh ijklmnop
and so on, supporting characters up to 31 bits long.
By not allowing a character to start with 10xxxxxx the danger of loss
of sync is avoided; by using only high-bit codes to compose a
character, devices requiring 7-bit ASCII can be compatible by simply
ignoring the high-bit codes; and the code doesn't involve any shifting
to different states.
This is very good as a way to unambiguously represent the characters
of a large set.
But something vastly more efficient, I think, is needed for other
purposes. Still, UTF-8 leaves enough space that it could be included
as part of such a code.
For example:
replacing
110abcde 10fghijk
by
110abcde 01fghijk
could result in a shift to a mode where
1pqrstuv
represents the character
00000abc dpqrstuv
and similarly, replacing
1110abcd 10efghij 10klmnop
by
1110abcd 10efghij 01klmnop
could result in a shift to a mode where
1pqrstuv
represents the character
abcdefgh ipqrstuv
thus allowing representing, say, a single Greek or Armenian character
by a three-byte code to cause a shift to an 8-bit code where the
characters of that alphabet only take a single byte. (This assumes
that either this would be useful while still avoiding FE and FF, or
the UTF-8 property of avoiding them - primarily useful for
compatibility with 16-bit Unicode - can be dropped as well as the
other properties we are surrendering.)
Returning back to augmented UTF-8 would, of course, require other
measures. The SO control code could be used.
Using three bytes for every CJK ideogram is also wasteful, but
shifting into groups of 256 of them will not help. But code space
remains available.
Following the same pattern seen previously,
1110abcd 01efghij 10klmnop
could be used to shift into a mode where
10ABCDEF 0GHIJKLM
represents the character
abcABCDE FGHIJKLM
and again, exit would be by Shift Out. But that is not very helpful,
as the unified CJK ideographs area of Unicode is larger than 8,192
characters. Again, if FE and FF are not a problem, we can simply
instead go to
1ABCDEFG HIJKLMNO
to represent
aABCDEFG HIJKLMNO
but the problem is that the CJK auxilliaries start at U+0300, and the
range for CJK doesn't end at U+07FF but continues to U+08FF.
Perhaps the solution will be to use SI to shift into a coding for CJK
characters dependent on the structure of Unicode, while retaining one
of these two more general strategies for other large character sets,
such as Korean Hangul syllables, and also hieroglyphics and cuneiform
when they are added.
Note that, since these changes for mode switching don't affect the
first octet of a UTF-8 combination, we still have code space we can
use to encode more characters in two bytes instead of three.
110abcde 10fghijk
already represents
00000abc defghijk
so we can fill up additional space like this:
10abcdef 110ghijk
representing
00001abc defghijk
10abcdef 10ghijkl
representing
0001abcd efghijkl
10abcdef 0ghijklm
representing
001abcde fghijklm
so that there are now two-character representations not just for the
first 2,048 characters of Unicode, but for the first 16,348
characters, getting us all the way up to U+03FF.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (Dave Wreski)
Subject: LinuxSecurity.com Speaks With AES Winner
Crossposted-To:
comp.os.linux.security,alt.hacker,alt.sources.crypto,comp.os.linux.security,comp.security.unix
Date: 24 Oct 2000 23:19:48 -0500
In this interview Vincent Rijmen talks about the development of the
Rijndael algorithm, his selection as the NIST algorithm of choice for AES,
thoughts on Linux and security, and the future of Internet security.
"Rijndael takes its name from its creators' last names, and beat out
finalists including those from IBM, RSA, Counterpane, and the Serpent
algorithm developed by a group of European cryptographers. AES will soon
replace DES as the standard algorithm for encrypting sensitive data. It
has been reported that even a machine capable of breaking the old DES
standard in a second would take some 149 trillion years to crack the
proposed AES's lowest level of security."
http://www.linuxsecurity.com/feature_stories/interview-aes.html
------------------------------
From: Peter Koppenaal <[EMAIL PROTECTED]>
Subject: Decrypted Secrets
Date: Wed, 25 Oct 2000 03:26:16 GMT
I'm a total newbie to this field, and I am trying to learn a little
about it. I have begun reading "Decrypted Secrets" by F.L. Bauer, as
well as a few other books ("The Codebreakers", "Secrets and Lies", and
"Maximum Security"). I am having trouble understanding the logic
notation used in Bauer's second chapter.
I can not locate an introductory book on logic or set theory nor a
mathematical reference book that describes this type of notation
entirely.
Can anyone tell me where the key to this notation is ?
Thanks for any help you can offer,
Peter Koppenaal
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: talk.politics.crypto,alt.freespeech,talk.politics.misc
Subject: Re: I can post absolutely anything on the Internet for you to download.
Date: Tue, 24 Oct 2000 21:04:04 -0600
In article <[EMAIL PROTECTED]>, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
> I can post absolutely anything on the Internet for you to download.
...
>
> Let's say you have a software program that has been deemed illegal
> to distribute, and illegal to link to a site where it is available
> for download.
>
...
> But then I suppose the government will outlaw the posting or making
> available for download any file that is or appears to be random data.
>
> But you can use any file. Here's an example: create a file
> containing the text from an online encyclopedia. Then distribute
> a key such that when this key is XORed with the encyclopedia text
> file it results in the prohibited software.
>
> Your only minor problem is distribution of the key.
>
> So for all you defeatists out there, I guess the government can
> always prohibit posting or making any file available on the Internet
> to stop the transfer of prohibited material over the Internet.
>
> Oh, well.
Before you do something like this consider that conspiracy to further
illegal acts alone can get you into deep dodo. It all hangs on what is is
and if you think your thong, I mean song of de tails is going to get
swallowed.
Best try the scheme in a way to embarrass those who would attack it and
you, but for your best interests, keep it light, as proving a point as the
main thing is better than proving that you can ask for trouble amnd get
it.
--
52) *Part of job is making whimsical, zippy, and vexing key sequences.
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Crossposted-To: talk.politics.crypto,alt.freespeech,talk.politics.misc
Subject: Re: I can post absolutely anything on the Internet for you to download.
Date: 24 Oct 2000 21:49:34 -0700
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>I can post absolutely anything on the Internet for you to download.
Congratulations. Now go write something worth downloading.
--
Matthew Skala
[EMAIL PROTECTED] :CVECAT DELENDA EST
http://www.islandnet.com/~mskala/
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Decrypted Secrets
Date: Tue, 24 Oct 2000 23:14:53 -0700
Peter Koppenaal wrote:
>
> I'm a total newbie to this field, and I am trying to learn a little
> about it. I have begun reading "Decrypted Secrets" by F.L. Bauer, as
> well as a few other books ("The Codebreakers", "Secrets and Lies", and
> "Maximum Security"). I am having trouble understanding the logic
> notation used in Bauer's second chapter.
> I can not locate an introductory book on logic or set theory nor a
> mathematical reference book that describes this type of notation
> entirely.
>
I've never seen a single volume covering all of the symbology - but that
doesn't mean such a book does not exist.
> Can anyone tell me where the key to this notation is ?
>
Chapter 2 does define the symbols in most cases in the text itself.
Similar notation is used in the description of rewriting systems in
computability theory and in formal language theory (see Introduction to
Formal Languages by Gyorgy E. Revesz, Dover, ISBN 0-486-66697-2.)
Some of the notation comes straight from set theory and logic - and
there are many basic texts on that symbology available at public
libraries - for example, "Numbers, sets and axioms, the apparatus of
mathematics" by A.G. Hamilton, Cambridge University Press, ISBN
0-521-28761-8.
Hope this is of some help,
John A. Malley
[EMAIL PROTECTED]
------------------------------
Date: Wed, 25 Oct 2000 09:30:11 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Daniel James wrote:
>
> In article <[EMAIL PROTECTED]>, Richard Heathfield
> wrote:
> > I think you'll find that for a 32-bit quantity, 'dynner' is already in
> > the literature. ;-)
>
> What! Only 4 bytes to a dynner? /Somebody's/ on a dyet!
>
> (Sorry, I couldn't resist - but we /do/ need to keep some terms in
> reserve for 64-bits, 128, etc..)
I propose fyst for 64 bits, and banquyt for 128.
<g,d&rlh>
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: Helger Lipmaa <[EMAIL PROTECTED]>
Subject: Re: Timestamping
Date: Wed, 25 Oct 2000 14:06:23 +0200
Kevin Crosbie wrote:
> Hi all,
>
> I am writing a program to sign some data, and I wanted to add a timestamp to
> this. I figure that I just hash the signed data that I have, and send that
> off to a notary service, they attach their signature and public key, and
> sent it back, allowing me to verify that it was timestamped at that time.
>
> Does anyone know of a good free service which does that, or if not, some
> service which does that for a fee.
>
> Thanks a million,
See http://www.tml.hut.fi/~helger/crypto/link/timestamping/, which has many
links to different servers.
Helger Lipmaa
http://www.tml.hut.fi/~helger
------------------------------
From: Andre <[EMAIL PROTECTED]>
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Wed, 25 Oct 2000 10:14:38 GMT
In article <[EMAIL PROTECTED]>,
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
> Sundial Services wrote:
> > The "theory" that Nikolai Telsa had a secret for unlimited energy,
> > and that these secrets were locked-away in a particular
> > (secretly-different!) Enigma machine is one of those things that
> > "cannot be disproved, just as it cannot [practically] be proved,"
>
> Actually it can be disproved, to the extent that there are not
> very many bits available in the settings of the machine
> parameters (e.g. rotor wiring). It could be proved in other
> ways too, such as in examining Tesla's lab notes (I have a copy).
Cool :-) Anything about ball lightning production in there .. ??? if
so please send me a copy of the relevant section .
I *know* that this was one of the ideas that worked ...
(all the notes I can find on the Net aren't detailed enough or are
missing sections) .
>
> Tesla was quite interested in the geoelectric properties of the
> Earth, especially in allowing power to be broadcast through
> standing waves to distant locations, and he performed experiments
> along these lines (with some success). But he also became wackier
> as he got older and most of his later ideas simply weren't feasible.
>
--
Andre de Guerin :- Email <[EMAIL PROTECTED]>
Who is "General Failure" and why is he reading my hard disk ?
1+1=3 for very large values of 1
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Andre <[EMAIL PROTECTED]>
Subject: Re: Enigma: Stolen German Code Machine Turns Up in BBC Mailroom
Date: Wed, 25 Oct 2000 10:17:43 GMT
In article <[EMAIL PROTECTED]>,
David Schwartz <[EMAIL PROTECTED]> wrote:
>
> David Hamer wrote:
>
> > The article contains details and a number of photographs of the
> > Abwehr machine including close-ups of its internal mechanism.
> > The wiring and notch information for the three wheels, the
> > Eintrittwalze and the Umkehrwalze are given together with a
> > detailed description of the stepping mechanism [which is totally
> > different from that of any of the other Enigma variants].
>
> Darn. I hate to lose a good conspiracy theory.
Same here .
>
> Perhaps the thieves were unaware of this article? <G>
Neither was I ; I thought that this particular machine had some variant
that made it unbreakable with technology available at the time .
Evidently not .
>
> DS
>
--
Andre de Guerin :- Email <[EMAIL PROTECTED]>
Who is "General Failure" and why is he reading my hard disk ?
1+1=3 for very large values of 1
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Decrypted Secrets
Date: Wed, 25 Oct 2000 10:29:48 GMT
On Wed, 25 Oct 2000 03:26:16 GMT, Peter Koppenaal <[EMAIL PROTECTED]>
wrote, in part:
>I'm a total newbie to this field, and I am trying to learn a little
>about it. I have begun reading "Decrypted Secrets" by F.L. Bauer, as
>well as a few other books ("The Codebreakers", "Secrets and Lies", and
>"Maximum Security"). I am having trouble understanding the logic
>notation used in Bauer's second chapter.
>I can not locate an introductory book on logic or set theory nor a
>mathematical reference book that describes this type of notation
>entirely.
I think that A --> B means a mapping of set A to set B, and x |-> y
means that element x of a set is mapped to element y of a set. The
other symbols are standard; thus, in 2.2.2.1 we get "if x maps to z,
and y maps to z, then x is the same as y".
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Efficient software LFSRs
Date: Wed, 25 Oct 2000 11:32:21 GMT
> By the way, I found several pages with diagrams of the two styles.
Figures
> 1 & 2 in
<URL:http://www.cs.berkeley.edu/~iang/isaac/hardware/main.html>,
> or <URL:http://www.cdg.org/tech/a_ross/LFSR.html> (which shows that
the
> "reciprocal polynomial" I was talking about is actually just a
reversed
> numbering of the coefficients).
>
> Finally, <URL:http://www.repairfaq.org/filipg/LINK/F_crc_v33.html> has
a
> good detailed derivation of software input-byte-at-a-time table-driven
CRCs
> (primitive LFSRs + data input) for the Galois wiring.
I've implemented a table-driven LFSR as described at
www.repairfaq.org and it's about 8 times as fast as a "normal" Galois
bit-at-a-time LFSR. The drawback is that it needs a lookup table,
but it's the fastet implementation I've seen until now.
Andreas
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Modes of Operation Workshop
Date: Wed, 25 Oct 2000 14:52:14 +0200
Hi!
What became of the Symmetric Key Block Cipher Modes of Operation Workshop?
http://csrc.nist.gov/encryption/aes/modes/ did get updated last on oct 18th.
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: "Lassi Hippeläinen" <"lahippel$does-not-eat-canned-food"@ieee.org.invalid>
Subject: Re: Rijndael file encryption question.
Date: Wed, 25 Oct 2000 13:07:29 GMT
SCOTT19U.ZIP_GUY wrote:
<...>
> Actually this is a dumb method since what if the real file had
> a ending likt 01 then how would you know not to toss it. No wonder
> I never joined IEEE if this is there standard maybe we should wait
> for the Europeans because this is plain stupid.
As an European IEEE member I can't resist the temptation to suggest
something else:
Pick a byte that differs from the last byte of the message. Repeat that
until the block is full. When decoding you can remove as padding all
bytes that are equal with the last one.
If the original message happens to end at a block boundary, you'll have
to add one full block of padding :-(
-- Lassi
------------------------------
Date: Wed, 25 Oct 2000 09:22:09 -0400
From: Zulfikar Ramzan <[EMAIL PROTECTED]>
Subject: Re: Discrete Log Question
It is easy to find g given x, y,and p.
I recall that in Marty Hellman's invited talk at CRYPTO99, he mentioned that he
and Whit Diffie had come up with the idea of doing a type of *symmetric* cipher by
making x the secret key (before RSA had come out) -- though the idea was never
really publicized to the masses, and was not known to either Rivest, Shamir, or
Adelman.
Of course, the cipher wasn't terribly efficient, etc -- but the rationale was to
base its security on a number theoretic primitive. Also, this was at a time when
no one had come up with a method for achieving Public Key cryptography.
In some sense, Diffie and Hellman had come extremely close to discovering the RSA
algorithm, since all they had to do was replace p by an RSA modulus. Hellman said
that it pointed to the overall ingenuity of RSA -- that as close as he and Diffie
came, they were still unable to see the final step.
Does anyone have a good recollection of this talk?
Zulfikar.
Kent Briggs wrote:
>
> Using the equation:
>
> y = g^x mod p
>
> we know that finding x is a hard problem when y, g, and p are known (and
> p is a large prime). However, what if y, x, and p are known and you
> want to solve for g? Is that an equally hard problem?
>
> --
> Kent Briggs, [EMAIL PROTECTED]
> Briggs Softworks, http://www.briggsoft.com
--
--Zully
=======
Zulfikar Ramzan (AKA Zully)
Laboratory for Computer Science, MIT
NE43-311, (617) 253-2345
http://theory.lcs.mit.edu/~zulfikar/homepage.html
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Rijndael file encryption question.
Date: 25 Oct 2000 13:31:49 GMT
"lahippel$does-not-eat-canned-food"@ieee.org.invalid (Lassi Hippeläinen)
wrote in <[EMAIL PROTECTED]>:
>SCOTT19U.ZIP_GUY wrote:
><...>
>> Actually this is a dumb method since what if the real file had
>> a ending likt 01 then how would you know not to toss it. No wonder
>> I never joined IEEE if this is there standard maybe we should wait
>> for the Europeans because this is plain stupid.
>
>As an European IEEE member I can't resist the temptation to suggest
>something else:
>
>Pick a byte that differs from the last byte of the message. Repeat that
>until the block is full. When decoding you can remove as padding all
>bytes that are equal with the last one.
>
>If the original message happens to end at a block boundary, you'll have
>to add one full block of padding :-(
>
>-- Lassi
>
At least your idea seems to work. But I have the feeling that
the previous author did not give a complete explanation. I hope the
US version of the IEEE is not so stupid as being able to create
a file that one is not sure what bytes to drop when decrypting.
But a better way is to at least do a 1-1 mapping from your file
structure type to the block structure type of the encryption
program in use. Since both the IEEE methods only seem to lengthen
the file. They both would have the feature of adding information
to a file. And that goes against the true goal of encryption
which is not only to hid the information you have. But don't
add any information that the enemy can use to help break the
system. I feel like I am pissing against the wind since obviously
the IEEE has power and will leave the situation all fucked up as
it is in PGP and the GNU successor.
However you can use the code or similar code that is found at
my site that would map a file sturcture to a block size. I don't
think mine is the only way but at least it is bijective and not
adulterated as either IEEE method seems to be.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Rijndael file encryption question.
Date: Wed, 25 Oct 2000 15:46:00 +0200
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Mike Rosing) wrote in
> <[EMAIL PROTECTED]>:
> >Fill the remaining block with extra known data. The IEEE standard says
> >to fill with 01, 0202, 030303, etc up to the number of bytes you've
> >filled with. that's binary, so you can make it ascii if you like: 1,
> >22, 333, 4444, etc.
> >
> >That way you always send a correct multiple of block data bytes and it's
> >pretty easy to pick off the padding.
> Actually this is a dumb method since what if the real file had
> a ending likt 01 then how would you know not to toss it. No wonder
> I never joined IEEE if this is there standard maybe we should wait
> for the Europeans because this is plain stupid.
I suppose, if the real file ends with 01 it *still* would have to be padded with
an additional 01, which you could then remove at the receiving end.
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
