Cryptography-Digest Digest #18, Volume #13 Fri, 27 Oct 00 17:13:00 EDT
Contents:
Re: Collision domain in crypt()? (David Schwartz)
Re: Image on glasses of the cover guy in Secrets & Lies ("Aztech")
very large mult. div. (Brian Phillips)
Re: Rijndael and PGP (Tom St Denis)
Re: CHAP security hole question (Gregory G Rose)
Re: My comments on AES (Mok-Kong Shen)
Re: very large mult. div. (Bob Silverman)
Re: Q: Computations in a Galois Field (Bob Silverman)
Re: On introducing non-interoperability (John Savard)
Re: BEST BIJECTIVE RIJNDAEL YET? (John Savard)
Re: Ciphers and Unicode (Mok-Kong Shen)
Re: Rijndael implementations ("Douglas A. Gwyn")
What devices have the Clipper chip ? (Phillip Wong)
Re: Q: Computations in a Galois Field (Tom St Denis)
Re: On introducing non-interoperability (Mok-Kong Shen)
Re: On introducing non-interoperability (Mok-Kong Shen)
Re: Is OPT the only encryption system that can be proved secure? (Richard Heathfield)
Re: very large mult. div. (Tom St Denis)
Re: very large mult. div. (Mok-Kong Shen)
Re: Q: Computations in a Galois Field (JPeschel)
Re: very large mult. div. (Mok-Kong Shen)
----------------------------------------------------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Collision domain in crypt()?
Date: Fri, 27 Oct 2000 12:17:18 -0700
[EMAIL PROTECTED] wrote:
>
> David Schwartz <[EMAIL PROTECTED]> wrote:
>
> >> I'm in need of a simple hash function for ~4 million items, with a digest of
> >> approx 10-14 chars; MD5 et al at 32 characters is simply overkill. Am I
> >> in the right ballpark?
>
> > MD5 creates a 128-bit hash, which is 16 characters. If you encounter
> > any collisions, post them and you will get instant fame as none are
> > known.
>
> The digest from MD5 is 16 bytes (32 chars).
How is 16 bytes 32 characters?
> I was not suggesting that MD5 has
> any collisions, but when I chopped the last 8 bytes off, I had several collisions
> with existing records.
Well, DON'T DO THAT THEN.
DS
------------------------------
From: "Aztech" <[EMAIL PROTECTED]>
Subject: Re: Image on glasses of the cover guy in Secrets & Lies
Date: Fri, 27 Oct 2000 19:24:17 GMT
It might just be stock photography from the likes of
http://www.photodisc.com
Az.
"Jeff Moser" <[EMAIL PROTECTED]> wrote in message
news:8tbvnj$gqd$[EMAIL PROTECTED]...
> > Looking at it in a mirror, and employing a little thought and guesswork
it
> > looks like:
>
> I did mine reading backwards, but the mirror does help with the fuzzy
words.
>
> After looking a little more.. I agree:
>
> You have requested an insecure
> document. The document and any
> information you send back could be
> observed by a third party while in
> transit.
>
> For more information on security
> (Choose page prfs through the view menu.)
>
> Do not show again Cancel OK
>
>
> Thanks,
>
> Jeff
>
>
------------------------------
From: Brian Phillips <[EMAIL PROTECTED]>
Subject: very large mult. div.
Date: Fri, 27 Oct 2000 12:28:12 -0700
I am implementing DSA and was wondering if anyone had any knowledge on
large (160 bit) multipliers and dividers. Any help is appreciated.
Brian
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Rijndael and PGP
Date: Fri, 27 Oct 2000 19:26:13 GMT
In article <8tciik$31q$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> > I disagree strongly.
> Right there you've given enough information for a reasonable person to
> strongly agree. Of course it doesn't hurt that you have contradicted
> the statements of every major cryptanalyst, made a mockery of
yourself,
> and been a pretender to the thrown for as long as I've been around.
>
> In this case I would say that we will see RC6, MARS, Twofish, Serpent
> and Rijndael/AES all around for a long time, simply because more
people
> are becoming aware that having multiple strong ciphers makes it more
> difficult to attack a system. And more importantly the people who
> actually do proper reviews of ciphers for products (last time I
checked
> you weren't one of them), realize that there are occassions where
> Twofish will be better than Rijndael (alternately insert you favorite
> and not so favorite algorithm). As the awareness rises there will be
> demand for products supporting multiple strong ciphers, and for that I
> would right now recommend Rijndael (because of the buzz mostly),
> Twofish, Serpent, Triple-DES, Blowfish, and MARS. I see no reason to
> limit ourselves from using the other strong ciphers that abound simply
> because one has been given a blessed name.
You are talking as if adding ciphers to PGP will *improve* security.
It won't and in the long run will cause maintenance problems, bugs and
etc.
If CAST/3DES/IDEA are shown to be marginally secure then I would agree
with you, but that's not the case.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: CHAP security hole question
Date: 27 Oct 2000 12:47:33 -0700
In article <8tb3q7$nsd$[EMAIL PROTECTED]>,
Vernon Schryver <[EMAIL PROTECTED]> wrote:
>As far as I can tell, the claims at http://www.IntegritySciences.com/ are
>over the top. Maybe I'm wrong, but, for example, it strikes me as
>impossible make small secrets unguessable.
You are at best misunderstanding the threat model.
These protocols work as advertised.
>In other words, beware of technical information from sales people.
On behalf of Bellovin, Jablon, Wu, and others, I
can tell you:
a) that statement is insulting
b) you're wrong.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
QUALCOMM Australia VOICE: +61-2-9181 4851 FAX: +61-2-9181 5470
Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: My comments on AES
Date: Fri, 27 Oct 2000 22:09:06 +0200
Runu Knips wrote:
>
> Mok-Kong Shen wrote:
> > Tim Tyler wrote:
> > > Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > > : Tim Tyler wrote:
> > >
> > > :> How about the bit where he wrote (from the URL above):
> > > :>
> > > :> ``I believe that within the next five years someone will discover an
> > > :> academic attack against Rijndael.''
> > >
> > > : However, if an academic attack is only of interest
> > > : academically and not a genuine menace in practice, then
> > > : that would be only a happy and laudable success of some
> > > : intellectual endeavour, nothing more.
> > >
> > > No doubt it would be an inspiration for those wishing to embark on
> > > further such intellectual endeavours.
> >
> > I wouldn't care, as long as the current record of cracking
> > the algorithm I use needs a time above, say, 2 million years.
>
> Ouch. That remembers me too much of the estimates how long it
> would take to break the Enigma... they did number games like
> that and guess what - it was broken.
>
> IMHO, a 'really good' algorithm should have no academic break,
> i.e. there should be no attack substantly better than brute
> force.
Enigma's break was not entirely due to the diligence
of the analyst, if I don't err. There are BTW all kinds
of attacks, including cipher operator bribing attack,
stealing key attack and stealing plaintext attack.
M. K. Shen
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: very large mult. div.
Date: Fri, 27 Oct 2000 19:54:31 GMT
In article <[EMAIL PROTECTED]>,
Brian Phillips <[EMAIL PROTECTED]> wrote:
>
> I am implementing DSA and was wondering if anyone had any knowledge on
> large (160 bit) multipliers and dividers. Any help is appreciated.
No. Noone has any knowledge..... That is why noone has ever
implemented a crypto-system involving large numbers.... :-)
The algorithms you want can be found in Knuth Vol 2, Chapt. 4
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Fri, 27 Oct 2000 20:04:09 GMT
In article <8t9t5f$tf2$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>
> No polynomial is "better" then another. There are about 25
polynomials
> of nine bits (8-bit fields).
>
> I suggest you read the Rijndael paper about manipulating the elements.
> If you have any specific questions please ask.
Yes. Please ask. But don't ask Tom.
Once again Tom finds it necessary to make assertions based upon his
ignorance. Do us all a favor, Tom, and stop misleading others.
Some polynomials most certainly ARE better than others. In particular
a finite field is isomorphic to the quotient ring Z_p[x]/(g(X))
where p is the field characteristic and (g(x)) is an ideal generated
by a primitive polynomial. This is the polynomial you are looking
for. It is much faster to choose a polynomial of low Hamming weight
when choosing g(x) as this can make the arithmetic quite a bit
faster.
And optimal normal bases are even better (when they exist).
I suggest you read Lidl & Neiderreiter's book "Finite Fields".
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: On introducing non-interoperability
Date: Fri, 27 Oct 2000 20:03:27 GMT
On Fri, 27 Oct 2000 20:54:52 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>In fact, to the contrary, it is evidently very much to
>their benefit, if the opponent's system turns out to be
>not interoperable with theirs.
Compared to the problems presented by any encryption used, the
difficulties presented by incompatibilities are essentially trivial.
If necessary, electrical signals can be recorded in analog format, and
then analyzed.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Fri, 27 Oct 2000 20:07:18 GMT
On 27 Oct 2000 12:43:31 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote, in part:
> I have never seen you take the middle road.
>Matts code does both for those that think Rijndael is secure.
>He has it. For those that want no added crap add to file so an
>attacker can take advantage of it his has that. It has great
>compression. It is a great tool of one wants to add others
>things after it. It is like having your cake and eating it too.
> I suggest you try it. I am sure your socalled middle of
>the road approach is to badmouth it with out looking since I
>suspect your quadrathing does not yet exist as working code
>that is bijective.
Oh, I'm quite happy with Mr. Timmermans. And my scheme isn't
bijective, since it uses random padding. But that has nothing to do
with my block cipher designs - which are intended to be instructive
about cipher design. Clear diagrams and explanations enable them to
fulfill that purpose.
Some of us have day jobs.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ciphers and Unicode
Date: Fri, 27 Oct 2000 22:24:03 +0200
John Savard wrote:
>
> But it is not terribly efficient. Only accented letters, and the
> Hebrew and Arabic scripts have two-byte encodings; everything else
> takes three bytes.
I am ignorant. But does Unicode really employ three instead
of two bytes to represent Chinese ideographs? Thanks.
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
Date: Fri, 27 Oct 2000 19:12:36 GMT
"Trevor L. Jackson, III" wrote:
> So, is there a Hardware Compatibility List that describes the
> architectures at which the the C standard is aimed?
The scope of the C standard is described in the first pages of
the standard itself. Efficient implementation is possible on
any reasonable architecture with certain minimal resource
requirements. For C99 we assume translation occurs on a host
with 512KB RAM (for C89 we assumed 64KB RAM). The target for
execution of the program can be nearly any platform from small
embedded processors to supercomputers.
> It appears that the goal is a universally implementable language,
> which goal is of course bound to cause implementation and usage
> problem in applying the standard to any particular architecture.
One of the main jobs of the C standards committee has been to
make sure that such problems are minimal.
------------------------------
From: Phillip Wong <[EMAIL PROTECTED]>
Subject: What devices have the Clipper chip ?
Date: Fri, 27 Oct 2000 20:26:17 GMT
Dear sci-crypters:
I am new to this group.
The last time I heard of the Clipper chip was five years ago when I
first read about it in the NY Times. Then later on that in various books
such as Zimmerman's PGP book.
Question:
What devices today are equipped with this chip ?
Any revisions made to the Skipjack algorithm used ?
regards
Phillip Wong
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Fri, 27 Oct 2000 20:34:26 GMT
In article <8tcn3j$7cu$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <8t9t5f$tf2$[EMAIL PROTECTED]>,
> Tom St Denis <[EMAIL PROTECTED]> wrote:
> >
> > No polynomial is "better" then another. There are about 25
> polynomials
> > of nine bits (8-bit fields).
> >
> > I suggest you read the Rijndael paper about manipulating the
elements.
> > If you have any specific questions please ask.
>
> Yes. Please ask. But don't ask Tom.
>
> Once again Tom finds it necessary to make assertions based upon his
> ignorance. Do us all a favor, Tom, and stop misleading others.
Oh how big of you.
> Some polynomials most certainly ARE better than others. In particular
> a finite field is isomorphic to the quotient ring Z_p[x]/(g(X))
> where p is the field characteristic and (g(x)) is an ideal generated
> by a primitive polynomial. This is the polynomial you are looking
> for. It is much faster to choose a polynomial of low Hamming weight
> when choosing g(x) as this can make the arithmetic quite a bit
> faster.
>
> And optimal normal bases are even better (when they exist).
>
> I suggest you read Lidl & Neiderreiter's book "Finite Fields".
For the purposes of a block cipher, only the hamming weight really
affects anything. In many cases the operations are precomputed.
When I said "none are better then each other" I meant from a security
standpoint. Sure multiplying by 3 is more efficient then 17 but that
was not the question...
How about you get off your high horse there Bob? I am not paid so I am
giving help I feel relevent instead of attacking little kids I try to
help others. I am sorry I am not some 40 year old prick, or that I
don't have a degree from MIT or that I am not a super-math-god, but
this is not a theocracy this is sci.crypt. Beginners and Pro's alike,
not just the gods. So why not lay off. I don't see any fault in my
posting. I answered the question asked.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On introducing non-interoperability
Date: Fri, 27 Oct 2000 22:54:46 +0200
John Savard wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >In fact, to the contrary, it is evidently very much to
> >their benefit, if the opponent's system turns out to be
> >not interoperable with theirs.
>
> Compared to the problems presented by any encryption used, the
> difficulties presented by incompatibilities are essentially trivial.
> If necessary, electrical signals can be recorded in analog format, and
> then analyzed.
I suppose I don't yet understand you. If the opponent
want to determine the key, the xor-ed unknown quantities
cause him difficulty. Or can you tell your trivial way to
get around this? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On introducing non-interoperability
Date: Fri, 27 Oct 2000 22:55:59 +0200
Addendum:
The Gi could be generated from some algorithm from less
material. Another viable method is to rotate the round keys
by chosen amounts.
M. K. Shen
------------------------------
Date: Fri, 27 Oct 2000 21:44:12 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Is OPT the only encryption system that can be proved secure?
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Richard Heathfield) wrote in
> <[EMAIL PROTECTED]>:
>
> >I have spent four evenings studying what you are pleased to describe as
> >source code.
>
> Did you look at the new improved listing found at radinet. There
> are a few changes to make it more portable. But not many. The scott16u
> version was moded by a guy in germany so that it complies on many more
> systems. It is not for scott19u but it could give you ideas.
I think I've seen enough code from your direction to last me a lifetime.
> The hardest part of scott19u was placing the file in memory and
> overlaying on it in various 19bit continuous strurctures that have
> different origins that are not offset by 19bits. I really don't
> see how to do this in other versions of C.
I did in fact make a start on writing my own implementation of your
algorithm, reverse engineering it from your source code, but I gave up
in disgust. Make of that what you will; your opinion is of no value to
me. Nevertheless, before I gave up on it, I had written functions to
extract an n-bit integer (for n <= the number of value bits in an
unsigned int) from any location in a bit array, and similarly to insert
an n-bit integer into any position in a bit array, in 100% portable ISO
C. It's not difficult.
> >I am not surprised that Mr Wagner was unable to follow it.
> >
> >If the reader cannot understand the source code, there are two possible
> >places to lay the blame, not just one.
>
> I really suspect Wagner was lying and that he never had
> the balls to give it an honest look in the first place.
Having seen your source code, I am quite prepared to believe that he
found it unreadable.
> Most
> pompous assholes just make general statements with out every
> looking and few have the nerve to question there integrity.
Hmmm - someone's been looking in the mirror again. I should give that up
if I were you. You might see something you don't like.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: very large mult. div.
Date: Fri, 27 Oct 2000 20:35:18 GMT
In article <8tcmhj$6r7$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Brian Phillips <[EMAIL PROTECTED]> wrote:
> >
> > I am implementing DSA and was wondering if anyone had any knowledge
on
> > large (160 bit) multipliers and dividers. Any help is appreciated.
>
> No. Noone has any knowledge..... That is why noone has ever
> implemented a crypto-system involving large numbers.... :-)
>
> The algorithms you want can be found in Knuth Vol 2, Chapt. 4
Now we expect them to immediately purchase a 65 dollar book because you
said so? hmm fishy.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: very large mult. div.
Date: Fri, 27 Oct 2000 23:17:06 +0200
Brian Phillips wrote:
>
> I am implementing DSA and was wondering if anyone had any knowledge on
> large (160 bit) multipliers and dividers. Any help is appreciated.
I am ignorant, but I conjecture that you could implement
with FPGA well.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Q: Computations in a Galois Field
Date: 27 Oct 2000 21:04:10 GMT
Tom, instead of bickering with Bob, how about you let him
answer the math questions, and, then, if you have a question,
you can ask Bob? Would work out better for all, don't ya think?
Joe
[EMAIL PROTECTED] writes:
>In article <8tcn3j$7cu$[EMAIL PROTECTED]>,
> Bob Silverman <[EMAIL PROTECTED]> wrote:
>> In article <8t9t5f$tf2$[EMAIL PROTECTED]>,
>> Tom St Denis <[EMAIL PROTECTED]> wrote:
>> >
>> > No polynomial is "better" then another. There are about 25
>> polynomials
>> > of nine bits (8-bit fields).
>> >
>> > I suggest you read the Rijndael paper about manipulating the
>elements.
>> > If you have any specific questions please ask.
>>
>> Yes. Please ask. But don't ask Tom.
>>
>> Once again Tom finds it necessary to make assertions based upon his
>> ignorance. Do us all a favor, Tom, and stop misleading others.
>
>Oh how big of you.
>
>> Some polynomials most certainly ARE better than others. In particular
>> a finite field is isomorphic to the quotient ring Z_p[x]/(g(X))
>> where p is the field characteristic and (g(x)) is an ideal generated
>> by a primitive polynomial. This is the polynomial you are looking
>> for. It is much faster to choose a polynomial of low Hamming weight
>> when choosing g(x) as this can make the arithmetic quite a bit
>> faster.
>>
>> And optimal normal bases are even better (when they exist).
>>
>> I suggest you read Lidl & Neiderreiter's book "Finite Fields".
>
>For the purposes of a block cipher, only the hamming weight really
>affects anything. In many cases the operations are precomputed.
>
>When I said "none are better then each other" I meant from a security
>standpoint. Sure multiplying by 3 is more efficient then 17 but that
>was not the question...
>
>How about you get off your high horse there Bob? I am not paid so I am
>giving help I feel relevent instead of attacking little kids I try to
>help others. I am sorry I am not some 40 year old prick, or that I
>don't have a degree from MIT or that I am not a super-math-god, but
>this is not a theocracy this is sci.crypt. Beginners and Pro's alike,
>not just the gods. So why not lay off. I don't see any fault in my
>posting. I answered the question asked.
>
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: very large mult. div.
Date: Fri, 27 Oct 2000 23:20:09 +0200
Tom St Denis wrote:
>
> Now we expect them to immediately purchase a 65 dollar book because you
> said so? hmm fishy.
Are the public libraries in your region fairly poor?
Just interested.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
