Cryptography-Digest Digest #6, Volume #13 Thu, 26 Oct 00 13:13:01 EDT
Contents:
Re: DATA PADDING FOR ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: Is OPT the only encryption system that can be proved secure? ("Peter
Thorsteinson")
Q: Computations in a Galois Field ("kihdip")
Re: My comments on AES ("Trevor L. Jackson, III")
Re: Save RSA bandwidth (SCOTT19U.ZIP_GUY)
Re: Q: Computations in a Galois Field (Volker Hetzer)
Re: Whitening necessary? (Zulfikar Ramzan)
Re: Visual Basic (mdc)
Re: Is OPT the only encryption system that can be proved secure?
([EMAIL PROTECTED])
Re: DATA PADDING FOR ENCRYPTION (Andrew Carol)
Re: rc4 proprieties (Dave Hazelwood)
Re: DATA PADDING FOR ENCRYPTION (John Myre)
Re: DATA PADDING FOR ENCRYPTION (John Myre)
Re: DATA PADDING FOR ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: DATA PADDING FOR ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: rc4 proprieties ("dexMilano")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: 26 Oct 2000 14:04:02 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>On 25 Oct 2000 20:50:33 GMT, [EMAIL PROTECTED]
>(SCOTT19U.ZIP_GUY) wrote, in part:
>
>> I did a search of the internet for IEEE encryption padding
>>I could not find much but below is a cutout of what was
>>typically found
>
>>http://www.google.com/search?q=cache:www.security.ece.orst.edu/documents
>>/P1
>>363/12S_9403.txt+IEEE+padding+during+encryption+01+0202+030303&hl=en
>
>If one goes straight to
>
>http://www.security.ece.orst.edu/documents/P1363/12S_9403.txt
>
>there is still a document there, one doesn't have to resort to the
>Google cache.
>
John there are several reasons for using the Google cache.
1) it seems faster.
2) it highlights searched words
3) the address was cut and pasted from my browser so that was
what was there when I finailly decided to stop looking
I could come up with more reasons but is that really needed,
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Peter Thorsteinson" <[EMAIL PROTECTED]>
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Thu, 26 Oct 2000 14:14:53 GMT
>No longer seems to care about Claude Shannon ...
That is sad.
> bases all hopes of security on non provable mathematic hardness...
Feet of clay perhaps? (a biblical reference in case you are non-Christian)
>influence on the open cyrpto community by ...NSA which do not want ...
secure crypto.
This is sad if true. Another possible explanation is that the Shannon
approach is obviously more rigorous, much more hard work, and produces fewer
attractive results (at least on the surface).
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Q: Computations in a Galois Field
Date: Thu, 26 Oct 2000 16:17:48 +0200
Twofish and Rijndael (among others) use computations in a Galois Field.
Can any of you explain to me why the Galois Field is usefull. (Advantages)
Is it because of the modulus, so you'll never get more than 8 bits ??
Or because it eases decryptation ??
Rijndael uses 11B and Twofish uses 169 - how do one choose the irreductable
polynomia ?? Are some better than others ??
Kim
------------------------------
Date: Thu, 26 Oct 2000 10:24:42 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: My comments on AES
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> Bruce Schneier <[EMAIL PROTECTED]> wrote:
> > Recently there was a thread where people discussed my scant comments
> > on AES. Those who expected them to appear in Crypto-Gram were
> > correct:
> >
> > http://www.counterpane.com/crypto-gram-0010.html#8
>
> I think that Rijndael won because of "the rules of the game". In
> academic cryptanalysis a cipher is considered broken if an academic
> attack is discovered (even if it has no practical value whatsoever).
> The reasoning is that even an academic attack demonstrates a flaw in
> the design of the cipher.
It is not inconceivable that all possible ciphers have some kind of
academic break. I'd be intensely interested in a proof (or even a sketch
of a proof) that it is even possible for a non-OTP cipher to be certified
against such breaks.
> Now, all 5 finalists have proven to be
> flawless in this sense
This assertion is false. There is no "proveness" about it. There is only
lack of known weakness, which is a comment upon our ignorance, not upon the
strength of the ciphers.
> , i.e. secure according to the accepted wisdom of
> academic cryptanalysis.
So far. Lacking a proof means that we lack the ability to predict future
research results.
Further, one aspect of the accepted wisdom of academic cryptanalysis is
that one chooses ciphers at least in part based on their age. It takes
time to mount a serious attack on a serious cipher. Often the number of
attackers is irrelevant to the time required (c.f., 9 women making a baby).
> So NIST chose Rijndael because it appeared to
> be the most efficient (in speed and resources required in most
> platforms) than the other four. It seems to me that Rijndael won fair
> and square.
>
> If, as you expect, an academic attack is found against Rijndael in the
> next five years, then I believe that it should not be considered secure
> and should not be used - and probably will not. Maybe, in retrospect,
> NIST should have chosen a back-up AES algorithm after all.
>
> Elsewhere I have suggested a more quantitative methodology for
> measuring the strength of ciphers: analyze them at fewer rounds where
> attacks are known and compare how fast their resistance to these
> attacks grows if more rounds are added. This methodology would have
> allowed NIST to compute a ranking of security for the finalists, even
> if all are as yet resistant to attacks on their full version.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Save RSA bandwidth
Date: 26 Oct 2000 14:10:44 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>Well, I've found a practical application for my scheme.
>
>As I noted, some time back, I thought that PGP was inefficient,
>because it enciphered a 128-bit key inside a large RSA block, then
>using the 128-bit key to encipher the message. Why not put the first
>piece of the message inside the RSA block, too?
>
John I long ago commented on PGP being inefficient and
sugguested putting the first part of the compressed encrypted message
in with the key. That way part of the weakness where pgp
checks the validity of the key ( which I still don't like)
is done on data that was RSA encoded. I feel this is so
obvious I am sure other people have also thought of this.
I think the reason this is not done may have more to do with
the NSA keeping the product deliberately weak. Since these
kind of mods would be so hepful.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Thu, 26 Oct 2000 16:38:04 +0200
kihdip wrote:
>
> Twofish and Rijndael (among others) use computations in a Galois Field.
>
> Can any of you explain to me why the Galois Field is usefull. (Advantages)
> Is it because of the modulus, so you'll never get more than 8 bits ??
> Or because it eases decryptation ??
>
> Rijndael uses 11B and Twofish uses 169 - how do one choose the irreductable
> polynomia ?? Are some better than others ??
Could anybody answering please post here? I'd like to learn a bit too.
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
Date: Thu, 26 Oct 2000 10:41:21 -0400
From: Zulfikar Ramzan <[EMAIL PROTECTED]>
Subject: Re: Whitening necessary?
Rijndael already has a pre and post whitening step involving a bit-wise XOR. If
you XOR'ed an additional value at both the beginning and the end, the result would
simply be a Rijndael encryption, but with slightly different round keys (ignoring
the key scheduler for the moment).
So, it's likely that an extra pre/post whitening will not really enhance
security. Unless of course, there is some inherent major weakness in the key
scheduler, that makes the original first and last round keys more vulnerable, or
something along those lines.
[EMAIL PROTECTED] wrote:
>
> I use Rijndael in CBC mode with unique IV's. Would pre- /or
> postwhitening (through simple xor for example) make the encryption
> stronger? And if yes, against what kind of attack would it make it
> stronger than if I just used the implementation described above.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
--
--Zully
=======
Zulfikar Ramzan (AKA Zully)
Laboratory for Computer Science, MIT
NE43-311, (617) 253-2345
http://theory.lcs.mit.edu/~zulfikar/homepage.html
------------------------------
From: [EMAIL PROTECTED] (mdc)
Subject: Re: Visual Basic
Date: Thu, 26 Oct 2000 14:43:05 GMT
On Wed, 25 Oct 2000 07:41:35 +0200, Ichinin <[EMAIL PROTECTED]> wrote:
>mdc wrote:
>> But in VB, integers are signed. If you're coding an algorithm that
>> uses 32-bit unsigned integer values, you have to either split your
>> values into high/low 16-bit values or overload all the integer
>> functions like mod to work with long or variant data types.
>
>Hi.
>
>(AFAIK they are unsigned)
Nope, at least up until VB5 the integer type is signed only.
That may have changed in VB6, but I don't believe so. This
means you can't store an unsigned 16 bits in an integer type.
You could use long or variant types, but many of the functions
like mod require integer arguments. Hence my comment about
overloading those functions.
If VB6 actually does allow unsigned integers then this would
remove a huge performance block on using VB for algorithms
like Blowfish, etc. I'd be interested if this were true, but I
haven't bothered to look that hard at VB6.
mdc
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Thu, 26 Oct 2000 14:54:15 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (Peter Thorsteinson)
wrote
> in <HHKJ5.39842$[EMAIL PROTECTED]>:
>
> >Cool, and thanks. Actually, I am more interested in the Theoretical
One
> >Time Pad! I very much appreciate your distinction against the
Realized
> >One Time Pad, the crux of which the assumption of a physically
realized,
> >perfectly random source. What I would love to know is whether or not
> >(theoretically) there is no possible perfect cypher other than the
OTP,
> >and a mathematical proof would be nice, but even just a citation rom
a
> >recognized cryptography expert would do fine.
> >
> >
>
> Actaully the only reason a OTP used in the correct way is secure
> is becuase if one has cipher text there can be more than one possible
> solution. Most real world ciphers are not secure in this sense take
> PGP for example. It is not secure at all in this sense becasue of the
> public key.
Sorry....what are you talking about?
Are you claiming that Public Key crypto is insecure?.
If so, please explain why.
But one can encrypt with PGP not using a public key so
> that only the main cipher is in use. But even in this case PGP is not
> secure since there may only be one key that unlocks the cipher and
> that key is the one that gives the anwser.
> To get close to a secure cipher one should compress bijectively
> as small as possible and then use encryption in a bijective way
> however none of the big boys do this in the open literature and
> most portocols are desinged not to do this. I feel scott19u is
> secure
WHat is scott19u? Is it a Product/Feistel ciphers?.
with my compression since there exist many possible solutions
> and the more false solutions the more secure. But if you keep
> using the same types of files and same key after a while even it
> is not theoritically secure.
> However no method that is completely repeatable is secure
> against a plain text attack. If the same key is used twice.
> One could defeat this by changing key every time or add the use
> of secret random numbers.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Andrew Carol <[EMAIL PROTECTED]>
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: Thu, 26 Oct 2000 08:28:35 -0700
In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
> Something simple like appending a 1 and padding with 0s to the end of the
> block can allow up to 2^128 - 1 out of 2^128 keys to be rejected without
> any further knowledge of the plaintext - possibly enough to reject all but
> one message.
They can't be rejected without TRYING THEM FIRST!
If any kind of chaining mode is used then they can't use that last
block until they get to that block.
Oh well....
------------------------------
From: Dave Hazelwood <[EMAIL PROTECTED]>
Subject: Re: rc4 proprieties
Date: Thu, 26 Oct 2000 23:29:33 +0800
Even with NO changes the algorithm can be and has been deployed in
public.
It was never copyrighted or patented as the company chose to keep
it as a trade secret.
Somebody spilled the beans and the secret was out. Now it is public
domain.
EXCEPT for the name. The one thing you can't do is call it RC4. The
name "is" trademarked or copyright. This is why everyone usually
refers to the "clones" as "arcfour" or something similar.
On Thu, 26 Oct 2000 15:57:27 +0200, "dexMilano"
<[EMAIL PROTECTED]> wrote:
>As a lot of you knows, is available on the web a source code for an rc4
>compatible cipher.
>I've worked on it making some modification.
>
>I want to verify if, with these changes, the algoritm can be deployed to
>public.
>I know that rc4 is RSA's properties, but with changes? also the compatible
>version?
>Any suggestion will be appreciated.
>
>dex
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: Thu, 26 Oct 2000 10:01:22 -0600
Andrew Carol wrote:
<snip>
> If any kind of chaining mode is used then they can't use that last
> block until they get to that block.
<snip>
Not so, actually. Details depend on the mode. Consider
CBC, for example; to decrypt any block you need that
block and the prior ciphertext, and only one decryption:
P(i) = decrypt( C(i) ^ C(i-1) )
(On the other hand, I agree that it is pointless to
worry about the attacker's ability to confirm a key
guess, if they have to guess randomly.)
JM
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: Thu, 26 Oct 2000 10:04:56 -0600
Tim Tyler wrote:
<snip>
> Something simple like appending a 1 and padding with 0s to the end of the
> block can allow up to 2^128 - 1 out of 2^128 keys to be rejected without
> any further knowledge of the plaintext - possibly enough to reject all but
> one message.
<snip>
Nobody with any sense cares, and you know why.
JM
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: 26 Oct 2000 16:29:57 GMT
[EMAIL PROTECTED] (John Myre) wrote in <[EMAIL PROTECTED]>:
>Andrew Carol wrote:
><snip>
>> If any kind of chaining mode is used then they can't use that last
>> block until they get to that block.
><snip>
>
>Not so, actually. Details depend on the mode. Consider
>CBC, for example; to decrypt any block you need that
>block and the prior ciphertext, and only one decryption:
>
> P(i) = decrypt( C(i) ^ C(i-1) )
>
>(On the other hand, I agree that it is pointless to
>worry about the attacker's ability to confirm a key
>guess, if they have to guess randomly.)
>
>JM
>
Yes but given the fact only a few blocks are needed
what makes you think a code breaker would limit them
selves to a "random" guess especially when the information
for the weakness so obviously exists. Who are you to say
they have to be limited to some blind random guess.
Trust me they seldom use blind random guesses this only
occurs in peoples dreams who blindly think that some
system is secure because they think the only attack
is a blind guess.
Oh Well ......
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: 26 Oct 2000 16:26:11 GMT
[EMAIL PROTECTED] (Andrew Carol) wrote in
<[EMAIL PROTECTED]>:
>In article <[EMAIL PROTECTED]>, Tim Tyler <[EMAIL PROTECTED]> wrote:
>
>> Something simple like appending a 1 and padding with 0s to the end of
>> the block can allow up to 2^128 - 1 out of 2^128 keys to be rejected
>> without any further knowledge of the plaintext - possibly enough to
>> reject all but one message.
>
>They can't be rejected without TRYING THEM FIRST!
>
>If any kind of chaining mode is used then they can't use that last
>block until they get to that block.
>
>Oh well....
>
Actaully that is one of big lies of so called modern crypto.
All the blessed approved chaining modes only require the analysist
to look at a few blocks of ciphertext and not the whole ciphertext.
THis is done so that the NSA can make easy partial forms of plan
text attack it worked in WWII and it works today.
You can easily prove this to your self if your not to lazy. But
I suspect you are. Take any fishy cipher like twofish encrypt with
a secret IV and encrypt a long file. Know take a small portion
of the file that contains several blocks. Use a zero for the IV
and try to decrypt it with the "correct key" guess what after a
few blocks the rest of the protion is in the clear. No need to
bother with the rest of file. But maybe either this fact or
concept is over your head.
Oh well .....
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "dexMilano" <[EMAIL PROTECTED]>
Subject: Re: rc4 proprieties
Date: Thu, 26 Oct 2000 18:55:38 +0200
thx for your comments.
they make sense.
dex
"Dave Hazelwood" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:[EMAIL PROTECTED]...
>
> Even with NO changes the algorithm can be and has been deployed in
> public.
>
> It was never copyrighted or patented as the company chose to keep
> it as a trade secret.
>
> Somebody spilled the beans and the secret was out. Now it is public
> domain.
>
> EXCEPT for the name. The one thing you can't do is call it RC4. The
> name "is" trademarked or copyright. This is why everyone usually
> refers to the "clones" as "arcfour" or something similar.
>
>
> On Thu, 26 Oct 2000 15:57:27 +0200, "dexMilano"
> <[EMAIL PROTECTED]> wrote:
>
> >As a lot of you knows, is available on the web a source code for an rc4
> >compatible cipher.
> >I've worked on it making some modification.
> >
> >I want to verify if, with these changes, the algoritm can be deployed to
> >public.
> >I know that rc4 is RSA's properties, but with changes? also the
compatible
> >version?
> >Any suggestion will be appreciated.
> >
> >dex
> >
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
