Cryptography-Digest Digest #26, Volume #13 Sat, 28 Oct 00 13:13:00 EDT
Contents:
Re: DATA PADDING FOR ENCRYPTION (SCOTT19U.ZIP_GUY)
Re: BEST BIJECTIVE RIJNDAEL YET? (Tom St Denis)
Re: Psuedo-random number generator ("Brian Wong")
Re: Applied Cryptography software. ("Jeff Moser")
Re: Collision domain in crypt()? (Tony L. Svanstrom)
Re: End to end encryption in GSM (A.M.)
Re: Ciphers and Unicode (Mok-Kong Shen)
Re: Q: Computations in a Galois Field (Mok-Kong Shen)
Re: Psuedo-random number generator (Peter Maxwell)
Re: very large mult. div. (Mok-Kong Shen)
Re: BEST BIJECTIVE RIJNDAEL YET? (John Savard)
Re: BEST BIJECTIVE RIJNDAEL YET? (SCOTT19U.ZIP_GUY)
Re: Is OPT the only encryption system that can be proved secure? (Sundial Services)
Re: Psuedo-random number generator (G Tillman)
Re: Psuedo-random number generator ("CMan")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: 28 Oct 2000 14:31:13 GMT
[EMAIL PROTECTED] (Tim Tyler) wrote in <[EMAIL PROTECTED]>:
>SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
>
>[RFC 1423 padding mechanism]
>
>Here's what Applied Cryptography has to say about padding:
>
>``Pad the last block with some regular padding - zeros, ones, alternating
> ones and zeros - to make it a complete block. If you need to delete the
> padding after decryption, add the number of padding bytes as the last
> byte of the last block.'' -2nd ed. p. 190.
>
>So far, not very good (from the known-plaintext POV). However,
>we also have a method which does not change the size of the message.
>
>The idea is to encrypt the last full block *again* truncate this to the
>size of any short block at the end and XOR this with the plaintext of
>the short block (rather than encrypting that with the cypher).
>
>This means that the OFB-like bit-flipping attacks can only be applied to
>the short block at the end. (2nd e. p. 195 for details).
>
>This method gets a bijection - at the expense of not encrypting the end
>of the file very securely.
Tim I may by wrong but I don't see how it gets a bijection of all
8 bit file to all 8 bit files. Example if the encrypted file is one
byte long, If the method above that you mention is bijective how
did this encrypted one byte file occur?
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sat, 28 Oct 2000 14:48:13 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Tim I am not sure it is worth replying to Tom. THough I make that
> mistake myself form time to time. He is so full of shit. He really
> has not the foggest idea of what Matt did. He thinks Matt used some
> preiously used mode. His pee brain can't comprehend some one actually
> using intelligent optimal endhandling to make the thing completely
> bijective. He has no idea what bijection to the whole 8bit file space
> means. I really can't see why this is not commonly done unless somehow
> people like TOM get a software virus of the brain that does not allow
> them to see the obvious. I really find it hard to bleieve Mr BS and
> Wagner seem so clueless in this ares of crypto too. Unless they want
> to keep people in the dark about information theorical concerns with
> encryption. I would like to hear you thoughts on why this actaully
> realitively simple concept casues such hostility and why peoples
> brains seem so incapble of seeing the obvious. Especailly after the
> work Shanon did.
Shall I hold my breath in anticipation of your proof of "higher
security" via obscure methods of cryptology?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Brian Wong" <[EMAIL PROTECTED]>
Subject: Re: Psuedo-random number generator
Date: Sat, 28 Oct 2000 11:12:18 -0400
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8tej7q$j0j$[EMAIL PROTECTED]...
> In article <8tecqo$bjr$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Paul Schlyter) wrote:
> > Because such formulae cannot generate "absolutely random numbers". NO
> > formula can do that -- you'll need some external unpredictable event
> > (such as radiactive decay of atoms, or noise from some hardware noise
> > source) to get anywhere near "absolutely random numbers".
>
> I would argue that even real life events are not totally random. The
> decay of an atom is not predictable because we can't properly observe
> it. Simple as that.
>
Then you would not understand quantum mechanics and why the decay
of an arbitrary atom is indeed a random process and that there cannot be
any hidden variables in the atom that we cannot observe that determine
the time that the atom decays.
Brian
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Re: Applied Cryptography software.
Date: Sat, 28 Oct 2000 10:37:37 -0500
> Hi, I was wondering if it's legal (I don't want to rip anyone's honest
work
> off) to download the sources from "Applied Crytography" by Bruce Schneier.
> I'm just a poor student, and spent the last of my cash on the book.
> I do live in America, in case anyone really cares about the NSA. Please
get
> in touch if you can, I'd be very interrested in checking them out.
http://www.attrition.org/~wrlwnd/crypto/bruce_schneier/applied-crypto/
Bruce certainly knows this website exists (he even mentions it in Secrets
and Lies). He hasn't done anything to remove the contents, so I assume he
doesn't care about its distribution.
Enjoy,
Jeff
------------------------------
Subject: Re: Collision domain in crypt()?
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Sat, 28 Oct 2000 15:42:09 GMT
<[EMAIL PROTECTED]> wrote:
> Tony L. Svanstrom <[EMAIL PROTECTED]> wrote:
>
> >> It was MD5..
> >>
> >> Unfortunately, I don't have that hash list any more.. I overwrote it
> >> with the 32-char digests.
> >>
> >> But I can can tell you that I was seeding the MD5 hash with a unique
> >> email address, first and last name, current timestamp, current PID and
> >> a pseudo random number which I thought should generate enough variety
> >> to give me unique hashes..
>
> > That just isn't right; either you did something that no one has ever
> > been able to do before, or something wasn't working right.
>
> I didn't think that seemed right either; I mean, if the mathematical
> possibilities of a collision are near inifinity for 16-bytes, they should
> still be pretty high for 8-bytes. :-/
I read that part after I'd written the above, and you are just... [Do
you know a world that means stupid but sounds nicer? If you do, insert
it here]. You can't go and break something that has with cryptography to
do and expect it to work just as well as before you broke it; your logic
is just as flawed as thinking that if you use a 1024-bit RSA-key instead
of a 2024-bit RSA-key you're only cutting the break-time in half...
/Tony
--
/\___/\ Who would you like to read your messages today? /\___/\
\_@ @_/ Protect your privacy: <http://www.pgpi.com/> \_@ @_/
--oOO-(_)-OOo---------------------------------------------oOO-(_)-OOo--
on the verge of frenzy - i think my mask of sanity is about to slip
---���---���-----------------------------------------------���---���---
\O/ \O/ �99-00 <http://www.svanstrom.com/?ref=news> \O/ \O/
------------------------------
From: A.M. <[EMAIL PROTECTED]>
Crossposted-To: nl.comp.crypt,alt.comp.opensource,alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: Sat, 28 Oct 2000 18:07:00 +0200
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] says...
> As other have discussed, this would require heavily modified hardware,
> and a lot of other things.
>
> You are much better and cheaper off buying the product off the shelf.
> There is a GSM phone with military-class end-to-end encryption
> available, the Swedish Tiger. Cost is about USD 4000 / handset.
>
I suspect that the encryption provided is not that secure, i.e. the
conversation could still be eavesdropped, as the encryption scheme can't
be that powerful, given the data rate limitations (max. 9.6 or 14
Kbit/s).
--
Alfred Molon
Email address is alfred_molon at csi.com
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ciphers and Unicode
Date: Sat, 28 Oct 2000 18:26:42 +0200
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I am ignorant. But does Unicode really employ three instead
> > of two bytes to represent Chinese ideographs? Thanks.
>
> "Unicode" specifies code values and several different encodings
> of those values. UTF-8 is one such encoding, which represents
> code values 0..127 in a single octet (ASCII-compatible) and
> larger code values in multiple octets. Most CJK ideographs
> are assigned code values in the range 4E00..9FAF (hexadecimal),
> which have 3-octet UTF-8 encodings.
>
> For more details see http://www.cl.cam.ac.uk/~mgk25/unicode.html
Thanks. I understand this to mean that, if one occasionally
inserts a few Chinese ideographs in a stream of English
characters, then one has to spend 3 bytes for each, but that
for entire paragraphs of Chinese one can switch to another
encoding under Unicode that codes each ideograph to two bytes.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Sat, 28 Oct 2000 18:26:36 +0200
Bob Silverman wrote:
>
> Some polynomials most certainly ARE better than others. In particular
> a finite field is isomorphic to the quotient ring Z_p[x]/(g(X))
> where p is the field characteristic and (g(x)) is an ideal generated
> by a primitive polynomial. This is the polynomial you are looking
> for. It is much faster to choose a polynomial of low Hamming weight
> when choosing g(x) as this can make the arithmetic quite a bit
> faster.
>
> And optimal normal bases are even better (when they exist).
I have a question of ignorance. If one uses the same
formulae, e.g. as in Rijndael, to define substitution,
would different primitive polynomials lead to substitutions
that have different desirable properties such as avalanche
etc.? If yes, would the computationally best polynomial also
be the best with respect to these properties? Thanks.
M. K. Shen
------------------------------
From: Peter Maxwell <[EMAIL PROTECTED]>
Subject: Re: Psuedo-random number generator
Date: Sat, 28 Oct 2000 17:15:33 -0700
> >I would argue that even real life events are not totally random. The
> >decay of an atom is not predictable because we can't properly observe
> >it. Simple as that.
when you study the physical world at the quantum scale you will find that
things are truely random(with a specific probablility). the heisenberg
uncertanty principle which is one of the corner stones of modern quantum
mechanics has been tried and tested over almost a century and is now widely
accepted as a fundamental principle rather than a factor of human
incompetance. there are certain radioactive decays that arent even possible
if you don't include the theory of uncertanty.
from what i understand, quantum events can generally be expressed as a
probability waveform, we know the probability that something is going to
happen but it is still random.
since the quantum level is the basis for all phsical objects - and the
quantum level is random - there must be a certain randomness in all events
no matter how small. the only reason we don't observe it is through
statistical distribution. ie comparison of microscopic events to
macroscopic.
Peter Maxwell.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: very large mult. div.
Date: Sat, 28 Oct 2000 18:31:25 +0200
Tom St Denis wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > I assume that in Canada the public libraries are inter-
> > connected like here in Germany. I can e.g. get books
> > in a library somewhere in northern Germany, if these are
> > not present locally. It takes some time. But I'll get
> > them nonetheless.
>
> Yeah, but people in Kanata don't believe in thinking. If I asked the
> librarian for "Knuth Vol2, Semi-Numerical..." she would probably
> explode or something...
We in Germany normally have to do the search ourselves, then
fill in a form with indication of the libraries having
the book in question and hand it over to the librarian.
It's a routine work for her.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sat, 28 Oct 2000 16:19:44 GMT
On 28 Oct 2000 14:36:11 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote, in part:
> Where is this pointer to Matts I would like to see the page
>Im curous as to what you say about it before you point to it.
Not much.
http://home.ecn.ab.ca/~jsavard/crypto/mi060303.htm
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: 28 Oct 2000 16:45:01 GMT
[EMAIL PROTECTED] (John Savard) wrote in
<[EMAIL PROTECTED]>:
>http://home.ecn.ab.ca/~jsavard/crypto/mi060303.htm
I am flubergasted it is much more than I expected.
However I may have given Matt some of the idea but He
is the one who incorporated in to arithmetic coding
not me.
I will have to take a closer look at your stuff.
But what I fail to understand is you only seem to talk
of code. Why don't you write the actual code?
Take Care
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Date: Sat, 28 Oct 2000 09:58:24 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is OPT the only encryption system that can be proved secure?
"The weak link is, and will always be, the humans." We really cannot do
too much about that. We know that people do strange things when they
are being shot at, and almost as many strange things when the shells are
landing -really close.-
Nonetheless, we do need to be confident that the "human influence" is
the only wild-card in the deck. We cannot get rid of human nature, but
we certainly can stack the odds in our favor by being sure that the
cryptosystem we're using is "apart from that wild-card, secure."
Having said that, however, I must go on to say that OTP is rather an
exception to that rule, or maybe, an extreme example of it. We can
prove that, "except for that wild card," OTP is impregnably secure. We
can also observe that, "because of that wild card," and other irritating
realities such as dropped TCP/IP packets, solar flares, and radio
static, OTP is practically almost useless.
The root problem with OTP is that it is 100% intolerant of mistakes. It
derives all of its security from randomness and perfection. "In a real
world where mistakes DO happen, and will ALWAYS happen," it falls apart.
>John Savard wrote:
> Well, I've probed this in further detail. We may not "have" anything
> perfect, but since the path towards making anything a science includes
> engaging in _reductionism_ from time to time, it is indeed meaningful
> to talk about the security of an encryption algorithm as distinct from
> the security of its actual implementation.
>
> Otherwise, we would be overwhelmed by trying to consider everything at
> once, and we would be unable to design better algorithms.
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
Subject: Re: Psuedo-random number generator
From: [EMAIL PROTECTED] (G Tillman)
Date: Sat, 28 Oct 2000 18:57:48 +0200
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <HJmK5.1300$[EMAIL PROTECTED]>,
> "slak-" <[EMAIL PROTECTED]> wrote:
[snip]
> > to scan a number of radio-frequencies and do
> > a series of calculations based on the
> > results to generate a seed?
[snip]
> Also note that frequency of various atoms (Hydrogen for example) are in
> the Ghz which means you will need really good equipment to pick it up.
Why not use data from the Seti-project? They pick up this kind of
radiation by using the Arecibo telescope (i.e. good equipment). And
since the project so far is unsuccessful in finding extraterrestrial
entropy sources it could perhaps serve our interest in cryptology :-)
Further info can be found at: http://setiathome.berkeley.edu/
> Also note that the noise from a radio (or any other analogue device) is
> not entirely random (i.e not gaussian white noise). So it's not a good
> idea to use too little for something important.
But perhaps this issue makes the Seti data invalid also.
Anyway, it strikes me that the Seti-project basically is about
steganography. They/we look for a stream of information hidden in white
noise. Perhaps it's possible to apply some techniques discussed in this
newsgroup when analyzing the Arecibo-data? Any ideas about this?
--
Regards from G�ran Tillman, Stavanger, Norway.
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: Psuedo-random number generator
Date: Sat, 28 Oct 2000 10:08:14 -0700
The problem is much harder than it appears.
The power supplies have to be bypassed and filtered using wideband shunt
regulators as well as LC filters. Shielding from external fields must be
carefully done and the circuit layout must be field conservative.
The output quality is critically dependent on design details of the sampler
used.
The output can almost never be used without some post processing to whiten
the output spectrum.
One should never attempt to design such a device without first specifying
the exact tests used to judge the output quality.
During the testing phase, one will find sensitivities to temperature, supply
voltage, component parameter values, offset voltages, clock rise times and
on and on.
It's kind of like singing opera, it's a lot harder than it looks.
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Dido Sevilla" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> slak- wrote:
> >
> > Would it not be feesable to use your sound blaster to scan a number of
> > radio-frequencies and do a series of calculations based on the results
to
> > generate a seed? I've been thinking about it, but my mediocre
programming
> > knowledge doesn't let me do too much, although I'm learning :)
> >
> > The radio signals don't have to be from some local frequency. Could you
not
> > simply check extremely high frequencies that would be severely affected
by
> > the sun, for instance.
> >
>
> The trouble is the sound blaster is not a radio card; you can't use it
> to scan RF noise from external sources, at least not without some sort
> of external hardware. And if you're going to be having external
> hardware anyway, why not just have a dedicated hardware RNG anyway?
> There are a number of resources I've found on the Internet describing
> how to build such a thing out of components you can buy at your local
> radio shack or whatever. One of the simplest I've found uses the
> base-emitter junctions of a couple of transistors to generate noise from
> avalanche multiplication, the two transistors, plus a TTL inverter
> should be good enough to generate a Gaussian-distributed random bit
> generator that you can easily connect to a parallel port with no
> hassle. And then use a 20:1 SHA-1 to decorrelate the noise and have
> your random seed. You may need to shield the transistors to prevent the
> noise from becoming biased by external sources, though.
>
> --
> Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
> ICSM-F Development Team, UP Diliman +63 (917) 4458925
> OpenPGP Key ID: 0x0E8CE481
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
