Cryptography-Digest Digest #13, Volume #13 Fri, 27 Oct 00 04:13:00 EDT
Contents:
Re: Is OPT the only encryption system that can be proved secure? (wtshaw)
TH 26/10/2000 no posts between 4 am & 2 pm (jungle)
Re: A naive question (Mok-Kong Shen)
Re: Q: Computations in a Galois Field ("kihdip")
Re: Q: Computations in a Galois Field ("kihdip")
the missed number of messages is more then 130 !!! (jungle)
Re: BEST BIJECTIVE RIJNDAEL YET? (Runu Knips)
Re: Is OPT the only encryption system that can be proved secure? (Mok-Kong Shen)
Re: Is OPT the only encryption system that can be proved secure? (Mok-Kong Shen)
Re: hardware vs. software vs. crypto accelerators (Albert Yang)
RC4 modification ideas ? (Runu Knips)
Re: MD5 / SHA1 on SQL Server 7.0 (Albert Yang)
Re: Q: Computations in a Galois Field (Runu Knips)
Re: My comments on AES (Runu Knips)
Re: On block encryption processing with intermediate permutations (Mok-Kong Shen)
OT: How to be offtopic (Runu Knips)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Thu, 26 Oct 2000 22:44:21 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (wtshaw) wrote in <jgfunj-2510002207040001@dial-244-
> 002.itexas.net>:
> >>
> >The GVA does the trick of reusing two keys and changing some values in
> >one. It does something no other algorithm does as well, the secret
> >numbers are incorporated in a retreviable manner so that they are
> >automatically available in decryption and need not be independently
> >generated. I believe that this method ranks it well between the OTP and
> >other algorithms taken as a class.
>
> But the GVA does count on the individual picking some random
> columns so that you don't get the same message every time you
> encrypt the exact some text. So I was not talking about your type
> of encryption. Which is very solid.
>
> David A. Scott
> --
No, not the way that I have implemented it. Given the many ways one might
come up with random numbers, I have tried several.
My Favorite: Bearing in mind that the various stages in the block are
rather obscure, the output of a PRNG can be mixed in some way with the
current string being encrypted, in the form in that stage. The result is
a convoluted series of offsets in which cylinder, PRNG, and actual message
have a role. I am not sure it is worth the trouble, but the offsets can
be buried rather effectively. The decryption process needs none of the
convoluting generator structure
--
Production technology goes wrong when the producers do not
understand the users. --Patrick Whitney
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: TH 26/10/2000 no posts between 4 am & 2 pm
Date: Fri, 27 Oct 2000 01:24:22 -0400
This is a multi-part message in MIME format.
==============27C73DB71380B4AC9323547D
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
today I have the gap between 26/10/2000 4 am & 26/10/2000 2 pm ...
the 2 messages that I'm referring to are included here ...
for the time of 10 hours no posts whatsoever between these 2 messages ...
any help to solve this mystery ?
jungle wrote:
>
> NYC time, -4 hours adjustment from GMT ...
>
> "Tony T. Warnock" wrote:
> >
> > jungle wrote:
> >
> > > today nothing has been posted between 2 am & 12 am ...
> > > yesterday nothing has been posted between 8 am & 3 pm ...
> > >
> > > is this right ?
> >
> > Would that be daylight savings time?
> > Or GMT?
==============27C73DB71380B4AC9323547D
Content-Type: text/plain; charset=us-ascii;
name="nsmailDH.TMP"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nsmailDH.TMP"
Path:
news-west.usenetserver.com!cyclone-pass-sjo.usenetserver.com!cyclone1.usenetserver.com!news-hub.cableinet.net!hermes.visi.com!news-out.visi.com!nycmny1-snh1.gtei.net!news.gtei.net!newsfeed.mathworks.com!ptdnetP!newsgate.ptd.net!newsfeed00.sul.t-online.de!newsmm00.sul.t-online.com!t-online.de!news.t-online.com!not-for-mail
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Newsgroups: sci.crypt
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Thu, 26 Oct 2000 10:11:01 +0200
Organization: T-Online
Message-ID: <[EMAIL PROTECTED]>
References: <SHJJ5.39299$[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: news.t-online.com 972546788 07 12433 YfRLpTbSZayS1 001026 07:53:08
X-Complaints-To: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: Mozilla 4.51 [de]C-CCK-MCD DT (Win98; I)
X-Accept-Language: de
Xref: cyclone1.usenetserver.com sci.crypt:63094
Terry Ritter wrote:
>
> The mathematically-proven OTP depends upon various assumptions which
> cannot be provably achieved in practice. And proof based on
> unprovable assumptions is ultimately no proof at all.
Very well said. Need to be repeated time and again and again.
I like to remark that that provable security means only
that the aposteriori knowledge of the opponent with the
ciphertext at hand is equal to his apriori knowledge.
However, there could be cases where the occurence of
communication (the sending of a message as such) may mean
something to the opponent, in which case the employment of
any system, including OTP, would mean leaking of some
information.
M. K. Shen
===================================
http://home.t-online.de/home/mok-kong.shen
==============27C73DB71380B4AC9323547D
Content-Type: text/plain; charset=us-ascii;
name="nsmailR4.TMP"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="nsmailR4.TMP"
Path:
e420r-sjo2.usenetserver.com!cyclone-pass-sjo.usenetserver.com!cyclone1.usenetserver.com!news.maxwell.syr.edu!newsfeed.icl.net!skynet.be!newsfeed1.funet.fi!newsfeeds.funet.fi!news.kolumbus.fi!not-for-mail
From: Jouni Hiltunen <[EMAIL PROTECTED]>
Newsgroups: sci.crypt,nl.comp.crypt,alt.comp.opensource,alt.cellular.gsm
Subject: End to end encryption in GSM
Date: Thu, 26 Oct 2000 21:11:32 +0300
Organization: Kolumbus Internet Services Customer
Message-ID: <[EMAIL PROTECTED]>
NNTP-Posting-Host: kg168u1hel.dial.kolumbus.fi
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
Xref: cyclone1.usenetserver.com sci.crypt:63171 nl.comp.crypt:1338
alt.comp.opensource:95 alt.cellular.gsm:46437
Greetings, first apologies in cross posting this to
hell and back, but I'm really interested in
extending privacy to cellular communications.
Here is the problem, present GSM system offers you
an illusion of privacy, communications are
supposedly secured by encryption. However, depending
on the operator and country you might have weak or
no encryption and no way to verify how your
communications are secured. Also encryption only
happens over the air interface i.e. between phone
and base station from there on all communications
are plain. To make matters worse, standards require
manufacturers to design legal interception gateways
into the switches.
What I have in mind is program which you could
download into your phone which allows Diffie/Hellman
key exchange and encryption of the following call to
make sure your private conversations remain private.
Anybody interested in developing a program to do
that? I sure as hell cannot do it myself,
Anyone interested in e-mailing me, please use the
public key below. Post the follow-ups to sci.crypt
Jouni Hiltunen
=====BEGIN PGP PUBLIC KEY BLOCK=====
Version: PGPfreeware 6.5.3 for non-commercial use
<http://www.pgp.com>
mQGiBDj8X6oRBADfW0QUWoXeQPV5Cys3xKXK4obFDX9NrR2p/1G6q9w8uC7AWh1z
IFVL6kvdpsmpDLh9COXYUiAjti9T9pWCBLj8ja/XrYIF9bmsi0Vhf7szDYfuCU1N
Ar44FcEAZv6+ifvNhb82TAzYwhX7cnBUVEm9Ql3BA8rsGNxtbl7HcUJnuQCg/zrC
Ujw9BIg+W/IdCoqmZ3F99J8EALuRnbf8hi2+A9MMTUEEf5JppLzBIcE5W4PSYVN9
dLXYpHwrOsn7HcaMtL53B5oCbbzYJX3fLvU9NZGEb9LHhhkFr/Q8B1jlhD00gapo
hAUQYB9T8tDz+/LBxnRwxnZyBrNjtpo9rFmBRI0ulaKT2ILMNnFNSoiL7CHL2fw5
NBw2A/9EkQnnLGCAGxP2DCfZVrbQiulJKA/v+FKIV9FlLy+UuINMWDebueLSSqbO
Hz1qe/PhfmnPufQttfAFuiwG6x7F2DAVyTncx2GzXDAMwMMq3tf6XjjTXGgWqoby
evV2xWIKEfJhMjfvGPRJu1gZVVtqGLhl1JEPK5bquyMXrft16bQrSm91bmkgSGls
dHVuZW4gPGpvdW5pLmhpbHR1bmVuQGtvbHVtYnVzLmZpPokATgQQEQIADgUCOPxf
qgQLAwIBAhkBAAoJEFHhnQ8I1H7Z4JYAoMjdiJ9LupLakXMWRkorpXt0lkS2AJ9y
xjEJqXfdY87AkiNWoK9msTlkzLkCDQQ4/F+rEAgA9kJXtwh/CBdyorrWqULzBej5
UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1
WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01ue
jaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJ
I8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaG
xAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwAC
Agf+Mi5yC47v4wqthNU6FAHcrVd2SMrhDlPDNtoR6m5yry3fO95FxBrXV4OnVVSe
hb6OwysvG4yltg26wzCJHwaw1W2zVm4x3FWGJ5rLqvHS3T9z2lKvg6+Emvwk5mYs
mTYPiQNN00mZpnxyjQ5byX+GOrUG04zaReuHe0Sy9OyUG9Gsi9ISD5Xw+Ww+8afe
hSsp+xnojyD9e2GVwL1EHjYiS4U5MkQRJOYbrAF32g+4Ssydl/tT38bxU/dyp967
VV6tD+RTFdRtgQeYzbEqOhIcC8rKE2CBO27icpEuLbtedf4wsjtp9qING8nM8tX1
zIwvw3PT1n2h0//PPUvW5ATbHIkARgQYEQIABgUCOPxfqwAKCRBR4Z0PCNR+2YBi
AKCvRJ7IVzYk14zbS8EwdJhjN8DEXwCg1X35+5PCRzXFqqvih8bgv2t1WGg=
=isQf
=====END PGP PUBLIC KEY BLOCK=====
==============27C73DB71380B4AC9323547D==
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: A naive question
Date: Fri, 27 Oct 2000 08:51:30 +0200
Mok-Kong Shen wrote:
>
> John Savard wrote:
> >
> > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> > >Is there anything wrong with the following?
> >
> > >Let there be a master key Q. To send message blocks P
> > >with a sufficiently strong algorithm E, we pick a random
> > >number R, obtain K = E(Q,R) and send R and blocks E(K,P)
> > >to the recipient.
> >
> > Given that E(Q,R) means "R, encrypted with key Q", there is nothing
> > wrong with that, although it is more conventional to send K and blocks
> > E(R,P) to the recipient. In that case, Q is called the "key-exchange
> > key".
> >
> > It is a standard practice, and useful in reducing the number of times
> > one has to use time-consuming public-key algorithms.
>
> Could one say that in case R, due to practical imferpectness,
> is not entirely random, one achieves in the first case
> a more random key in doing the encryption of the message
> blocks? Or is there absolutely nothing gained? Thanks.
I think a slight difference could be that in the second case,
where E(R,P) is used for encryption of messages, if R is from
a stream that is predictable, then, though managing to obtain
a number of R's to enable prediction, the opponent would have
an easy job in the future. This seems much harder in the
first case. Is this line of thought erroneous? Thanks.
M. K. Shen
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Fri, 27 Oct 2000 08:41:26 +0200
<snip>
> > > polynomia ?? Are some better than others ??
> >
> > No polynomial is "better" then another. There are about 25 polynomials
> > of nine bits (8-bit fields).
>
> This depends on what you mean by 'better'.
<snip>
When I wrote "better", I was thinking of security. Let's say Twofish used
the polynomia from Rijndael (11B) instead of 169. Would it be more or less
secure ??
(I believe this is the question Tom answered - with a 'no')
Kim
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Fri, 27 Oct 2000 09:04:36 +0200
> If anybody has problems with or suggestions for any of these or any
> other topics, please let me know.
I looked into your glossary and just wondered about one thing:
Field:
In abstract algebra, a commutative ring in which all non-zero elements have
a multiplicative inverse. (This means we can divide.)
- If the order of a ring is a prime, would it always be a field ??
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: the missed number of messages is more then 130 !!!
Date: Fri, 27 Oct 2000 03:15:53 -0400
I rebuild my data base of indexes [ deleted old & recreated again for this news
group ] and now the gap reported is much much bigger !!!
the gap is more then 24 hours ...
the missed number of messages is more then 130
what is going on ???
From: zapzing <[EMAIL PROTECTED]>
Newsgroups: talk.politics.crypto,sci.crypt,alt.freespeech,talk.politics.misc
Subject: Re: I can post absolutely anything on the Internet for you to
Date: Wed, 25 Oct 2000 18:54:53 GMT
Message-ID: <8t7a9o$pnc$[EMAIL PROTECTED]>
NNTP-Posting-Host: 169.139.115.67
Xref: cyclone1.usenetserver.com sci.crypt:63039
From: Jouni Hiltunen <[EMAIL PROTECTED]>
Newsgroups: sci.crypt,nl.comp.crypt,alt.comp.opensource,alt.cellular.gsm
Subject: End to end encryption in GSM
Date: Thu, 26 Oct 2000 21:11:32 +0300
Message-ID: <[EMAIL PROTECTED]>
NNTP-Posting-Host: kg168u1hel.dial.kolumbus.fi
Xref: cyclone1.usenetserver.com sci.crypt:63171
------------------------------
Date: Fri, 27 Oct 2000 09:15:38 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
"SCOTT19U.ZIP_GUY" wrote:
> It can treat any file as a compressed encypted file.
> So you can give the government any key since any key
> will decrypt any file and when renecrypted you get same
> file back.
I don't understand the advantage.
The government would like to get a key which leads to a
reasonable result, doesn't it ? You can't tell them
you've encrypted random data. And if you decrypt the
file with the wrong key and pipe it through a bijective
compressor, the result is again random.
So what ?
Gained nothing.
Well okay, except that you can't prove automatically
that you have the wrong key, like with non-bijective
compressors, but that is only of interest for brute
force attacks.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Fri, 27 Oct 2000 09:36:09 +0200
Tim Tyler wrote:
>
> You can't be completely confident of anything else - I don't see why
> security should have some exalted status.
Right, not only for security in the crypto sense but also
for security in general. But I have the impression that
for academics anything an epsilon below infinite security
is worth a big big cry.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Is OPT the only encryption system that can be proved secure?
Date: Fri, 27 Oct 2000 09:36:03 +0200
John Savard wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >I doubt that I understand you. Is the main stress of the
> >above sentence on 'secure algorithm' or on 'memerizable
> >key' or on 'mental computation'? I don't see why mental
> >computation is important. (Do you means e.g. bugs on the
> >computer that could leak the key or computations to the
> >opponent and hence much or all processing has to be done
> >in the brain?)
>
> Yes, that was what I meant. The idea is that _all three_ of those
> conditions would have to be meant so that there was no contact with
> the messy "real world" where software has bugs and so on.
If I have doubts of software bugs, I'll write an interpreter
to do computations. That should be almost certainly safe.
It is evidently impossible to do sophisticated encryption
computations in one's own brain.
M. K. Shen
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: hardware vs. software vs. crypto accelerators
Date: Fri, 27 Oct 2000 07:31:27 GMT
If that's the case, I suggest you approach it backwards and it will be
really easy.
You have "blocks" of data vs. "Streams" of data. You have data that
only needs a short shelf-life, you have data that needs to have a very
long shelf-life. You have data that requires encrypt/decrypt in real
time, you have things that can be offloaded.
So you establish these things, and THEN put email, ssh etc... into the
correct corresponding catagories and then you will have your answers.
For example, you have a chart, and it says, "blocks of data, long
shelf-life, no need for real time, a slight delay is OK."
That to me translates to: Block Cipher in CBC, with 128bit key minimum
size (or maybe even 256bit key, for that extra long shelf-life), no need
for hardware or crypto appliances because it doesn't need to be in
real-time.
Am I making sense?
Albert
Simon wrote:
>
> I need to define an architecture that lists what crypto services are
> required, and how they should be delivered. The requirements range from
> simple secure email, ssl, right through to application specific encryption,
> and as the company are looking to deliver financial products, there is a
> requirement for payments to be macced, and protected in transit.
>
> So essentially there is a wide range of services required, and I want to put
> forward a paper that compares software toolkits against on host accelerators
> against network crypto appliances.
>
> "Simon" <[EMAIL PROTECTED]> wrote in message
> news:8t7023$sde$[EMAIL PROTECTED]...
> > Could anybody point me in the direction of a good resource comparing and
> > contrasting the various approaches to delivering cryptographic services
> for
> > enterprise customers?
> >
> > Replies to [EMAIL PROTECTED] would be appreciated.
> >
> >
------------------------------
Date: Fri, 27 Oct 2000 09:31:04 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: RC4 modification ideas ?
dexMilano wrote:
> As a lot of you knows, is available on the web a source code for an rc4
> compatible cipher. I've worked on it making some modification.
Which modifications did you add ? I recently thought one should write
a completely new key schedule for it, a little more RC5-like (loop
at multiple times over the key bits, modify the key bits with some
rotations etc).
Increasing the item size to 16 bit is an old idea. I personally would
prefer to use 12 bits, fits better into the 1st or 2nd level caches of
processors :-) [yep I know there are machines with 128 KB of 1st level
cache].
There are really good block ciphers and oneway hash functions in the
public domain, but no good stream ciphers. :-(
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: MD5 / SHA1 on SQL Server 7.0
Date: Fri, 27 Oct 2000 07:33:16 GMT
You have ASP call a program that computes SHA1 or MD5, and then pass it
to the database, or avoid SQL Server like the plague it is altogether!!
Is there not an innate hash function?
Albert
------------------------------
Date: Fri, 27 Oct 2000 09:40:17 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Volker Hetzer wrote:
> kihdip wrote:
> > Can any of you explain to me why the Galois Field is usefull.
> Could anybody answering please post here? I'd like to learn a bit too.
Hehe I second that :-)
The comments in this thread where extremely helpful until now.
------------------------------
Date: Fri, 27 Oct 2000 09:44:59 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: My comments on AES
Mok-Kong Shen wrote:
> Tim Tyler wrote:
> > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > : Tim Tyler wrote:
> >
> > :> How about the bit where he wrote (from the URL above):
> > :>
> > :> ``I believe that within the next five years someone will discover an
> > :> academic attack against Rijndael.''
> >
> > : However, if an academic attack is only of interest
> > : academically and not a genuine menace in practice, then
> > : that would be only a happy and laudable success of some
> > : intellectual endeavour, nothing more.
> >
> > No doubt it would be an inspiration for those wishing to embark on
> > further such intellectual endeavours.
>
> I wouldn't care, as long as the current record of cracking
> the algorithm I use needs a time above, say, 2 million years.
Ouch. That remembers me too much of the estimates how long it
would take to break the Enigma... they did number games like
that and guess what - it was broken.
IMHO, a 'really good' algorithm should have no academic break,
i.e. there should be no attack substantly better than brute
force.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encryption processing with intermediate permutations
Date: Fri, 27 Oct 2000 10:07:41 +0200
Bryan Olson wrote:
>
> I think the approach is misguided, for reasons previously
> stated. Furthermore, it solves no problem. What's wrong with
> a conventional chaining mode, IV and a modern block-cipher?
> True, we cannot prove security, but don't claim to solve that
> one without theorem in hand. The reason sci.crypt is flooded
> with techniques for symmetric encryption is not that the world
> needs them; it's that they're easy to produce.
The basic idea underlying my original post is to consider
a block cipher of n cycles to be a concatenation of n
individual (though identical/related) ciphers. Thus I
also propose to do block chaining in performing each
cycle and to do random rotations of words between cycles.
A single technique may not bring forth much and be worse
under certain specific conditions (e.g. possibility of
lauching chosen plaintext attack) but a combination of
these may usually result in much more than their simple
'sum'. Of course, if one has a certain definite cipher,
e.g. AES, and has complete confidence in it, then by
definition one need not to look at anything else. (It
indeed could well be that future crypto text books will
deal with AES as the single symmetric cipher, eliminating
materials on any others of its kind). Otherwise, I
believe discussion of potential techniques could be
beneficial and this is in my humble view part of the
very raison d'etre of this group.
Thanks.
M. K. Shen
============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
Date: Fri, 27 Oct 2000 09:52:30 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: OT: How to be offtopic
those who know me have no need of my name wrote:
> <8t0o9h$[EMAIL PROTECTED]> divulged:
> >different languages shine in different
> >situations. C make a lousy Perl, for example.
> actually ... nah, never mind, this is already way too far
> from sci.crypt.
Just write 'OT: <something>' into the header, and people which
don't want to go offtopic will skip your postings.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
