Cryptography-Digest Digest #35, Volume #13 Sun, 29 Oct 00 13:13:01 EST
Contents:
Re: frequency analysis (SASundchiffreur)
Re: JAWS/JAWZ patent, and another one (Tom St Denis)
Re: [PGP] Twofish, 256bit, and Usenet Posting ("Thomas J. Boschloo")
Re: End to end encryption in GSM (Jonathan Thornburg)
Re: Algebra texts (Basic skills and equipment...) (anish)
Re: Image on glasses of the cover guy in Secrets & Lies (Daniel James)
Re: Open Request to Dr. Kaliski, Jr. at RSA Research - looking for your (Albert
Yang)
Re: BEST BIJECTIVE RIJNDAEL YET? ("Brian Gladman")
Re: End to end encryption in GSM (Jouni Hiltunen)
----------------------------------------------------------------------------
Date: Sun, 29 Oct 2000 16:38:05 +0100
From: SASundchiffreur <[EMAIL PROTECTED]>
Subject: Re: frequency analysis
binary digit wrote:
> Anyone know of any programs out there that will try to do a frequency
> analysis on a peice of enciphered text and it will output occording to the
> amount of times a letter appears which letter is which?
http://homepages.comuserve.de/sasundchiffreur/download/wort.tgz
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: JAWS/JAWZ patent, and another one
Date: Sun, 29 Oct 2000 15:43:05 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] ("dixon mcknight") wrote:
> This if from the JAWZ SEC filing last November. Filings since then
haven't
> mentioned receiving the patent. Note that the algorithm has
been "refined"
> to address security and performance issues. This company got flamed
on the
> cypherpunk and coderpunk lists a couple years back when they hyped
the
> algorithm with a cracking contest.
>
> http://www.secinfo.com/d1zf8a.67.htm
>
> INTELLECTUAL PROPERTY MATTERS
>
> JAWS has applied for patent protection in the United States. The US
Patent
> Office has confirmed receipt of the application and JAWS has
qualified to
> have its patent application reviewed and evaluated. JAWS has not
> registered any of its trademarks, trade names or service marks
but
> has acquired the XMAIL tradename from British Telecom PLC. JAWS
owns the
> copyright in all the software created by its employees and the
copyrights
> which it has contractually acquired. JAWS maintains strict
> confidentiality practices with its employees including contractual
> obligations by the employees. JAWS' business is not dependent on a
single
> license or group of licenses.
>
> BUSINESS OF THE ISSUER
>
> JAWS has offices in Calgary, Alberta, Canada where it provides
complete
> information security solutions to its clients. These solutions
include
> the development of proprietary encryption software using the
JAWS L5
> encryption algorithm. The algorithm secures binary data in
various
> forms, including streamlining or block based data.
>
> The L5 encryption algorithm was developed and refined over
approximately 15
> years by its inventor Jim Morrison. Jim Morrison was Chief
Programmer at
> JAWS from March 1, 1998 to April 20, 1999.
>
> On October 20, 1997, JAWS Software Ltd. (a company controlled
by Jim
> Morrison) resolved to assign and assigned all of the right, title
and
> interest in the L5 algorithm, and other miscellaneous
intellectual
> property, to JAWS Technologies, Inc. (the Alberta corporation) (see
Item 13
> - Exhibit 10.1.10). In October 1998, during JAWS patent
application
> process, there was a further assignment of the L5 algorithm, and
other
> miscellaneous intellectual property,
> to JAWS by Jim Morrison personally (see Item 13 - Exhibit 10.1.11)
in
> order to fulfill the requirements of the patent application
process.
>
> My attention was drawn to this company when I read this article. I
had to
> bookmark it for future reference as I watched the
company's "progress."
>
> http://www.informationweek.com/702/02iujaw.htm
>
>
JAWS "technology" is pure snake oil. Any serious cryptographer that
totes 4096-bit symmetric keys is just a lame fool. That plus they
mention that "compared to a 56-bit key, a 4096-bit key is thousands of
times harder".
That is wrong for two reasons... for starters it is 2^4040 times
harder, and second the strength really depends on the algorithm not the
key length.
My advice is to forget all about JAWS and stick with trusted and
analyzed algorithms (3DES, CAST-128, IDEA, Blowfish, RC5, the AES
finalists, just to name a few).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: [PGP] Twofish, 256bit, and Usenet Posting
Date: Sun, 29 Oct 2000 16:45:02 +0100
Tom McCune wrote:
>
> In article <[EMAIL PROTECTED]>, "Thomas J. Boschloo"
> <[EMAIL PROTECTED]> wrote:
>
> >Forgive my intrusion, but PGP needs a new hashing function to make the
> >effective keystrength anything more than 160 bits (SHA-1, RIPEM).
> <snip>
>
> Thomas, you are not the first knowledgeable individual I've heard this
> from. So my assumption is that you are correct. Please explain what I'm
> missing:
>
> The private key is encrypted to the hash of the passphrase, but that
> appears to be a separate issue unless you allow access to the private key
> (another whole separate issue). I believe the message/file is directly
> encrypted to the random session key (256 bit if using Twofish), and that
> the session key is directly encrypted to the asymmetric public key
> (currently up to 4096 bits). I don't believe the asymmetric key is
> hashed for encryption of the session key?
My mistake really, I have been spending too much time in other newsgroups
and forgot about public key crypto (can you imagine ;) Of course PGP might
be very capable in generation a random session key of 256 bits (if they
did use that particular keylenght in PGP 7, you probably are more up to
date with the precise figures). OTOH, concatanating two smaller hashes to
get a larger one is not the way to go :( You would need random material
with a minimal entophy of 256 bits if you are going to use 256 bit Twofish
and how are you going to produce that from a 160 bit hash? Take the SHA-1
of the first chunck of random material constituting 160 bits of entropy
and concatanate a SHA-1 hash of 96 bits on entropy? Or do you take the
first 128 bits of the SHA-1 hash of all the material and take the last 128
bits from the SHA-1 on the the reversed sequence of random material? It
just doesn't sound ultimately safe to me. Just like using 4x32 bits
checksums doesn't sound safe. You just won't get the full 128 bits of hash
as they can depend on each other in some wierd ways. Maybe this would be a
good question for sci.crypt?
With conventional encryption (which I was refering to really), the issue
is very important as the way a password string translates into a 256 bit
hash is a very important thing indeed, that must be functionally equal in
every breed of PGP 7+. I just don't know how they have done that in PGP. If
we are unlucky, they would have used the same routines in generating
session keys. It would seem the logical thing to do for a programmer I
think?? Reuse your own code as much as possible. (That is why Scramdisk's
256 bit Blowfish, is really just 160 bits strong [SHA-1])
I still don't know about why you would need a 512 bits hash for a 256 bit
algorithm. It looks very nice however for an improved version of Pegwit
with Rijndael instead of Square, and a 512 bit curve instead of a 255 bit
one. It will probably be secure forever! (Quite unlike DES).
Well, I will try to post more frequently in ASP. I do feed my newsreader
frequently though! BTW This extra hour we have today in Holland is really
nice in order to get up-to-date with my newsreader again ;)
Happy regards,
Thomas
--
We live in the Matrix <http://www.whatisthematrix.com>
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x225CA009
Email: boschloo_at_multiweb_dot_nl
------------------------------
From: [EMAIL PROTECTED] (Jonathan Thornburg)
Crossposted-To: alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: 29 Oct 2000 17:13:11 +0100
In article <[EMAIL PROTECTED]>, Marc <[EMAIL PROTECTED]> wrote:
[[many comments with which I quite agree]]
>In consequence the only way to go seems to me to generate XOR
>pads for each voice frame by good crypto means, and then simply
>XOR the frame with it.
[[...]]
One would also need a few other things:
- per-call key generation for that "good crypto", presumably something
like Diffie-Hellman done by grabbing the full link bandwidth for the
first second or so of a call
- someone needs to deal with issues of key management for the long-term
keys (per-phone or per-plugin-card-in-phone).
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
http://www.thp.univie.ac.at/~jthorn/home.html
Universitaet Wien (Vienna, Austria) / Institut fuer Theoretische Physik
Q: Only 7 countries have the death penalty for children. Which are they?
A: Congo, Iran, Nigeria, Pakistan[*], Saudi Arabia, United States, Yemen
[*] Pakistan moved to end this in July 2000. -- Amnesty International,
http://www.amnesty.org/ailib/aipub/2000/AMR/25113900.htm
------------------------------
From: anish <[EMAIL PROTECTED]>
Subject: Re: Algebra texts (Basic skills and equipment...)
Date: Sun, 29 Oct 2000 17:12:39 +0100
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> Bob Silverman wrote:
> >
> > Cerainly not Hungerford or Lang. I think well of Birkhoff/MacLane.
> > VanDerWaerden is a good book if you can find a translation.
> >
> > A good book from a comp. sci. perspective is "Modern Applied Algebra"
> > by Birkhoff & Bartee.
>
> I'm interested in refreshing and enhancing my understanding of algebra.
> I did an undergrad degree in math & c.s. so I have a strong math
> background but I'd like to improve my algebra, in particular looking to
> understand modern cryptography as an end goal.
>
> So I am looking for either a more complete undergrad level text (more
> than just proving Galois Theory as the goal of the text), or an
> introductory level graduate text.
>
> The biggest issue for me is that I need it to be as self-contained as
> possible since I do not have professors handy to ask questions to, or
> ready access to other texts.
>
> Thanks
sir,
what would you suggest , as a book for algebra ,if the person is from a
non CS/maths background ,with no acess to other texts nor having acess to
professors . I would like to extent the same to
number theory too .
thanks in advance
anish
------------------------------
From: Daniel James <[EMAIL PROTECTED]>
Subject: Re: Image on glasses of the cover guy in Secrets & Lies
Date: Sun, 29 Oct 2000 16:17:23 GMT
Reply-To: [EMAIL PROTECTED]
In article <BDkK5.47$[EMAIL PROTECTED]>, Aztech wrote:
> It might just be stock photography from the likes of
> http://www.photodisc.com
No, it's not stock footage - it's clearly a mock-up done especially for
the book cover.
I say it's a mock-up because (a) it shows text from (John Savard says)
a Mac screen - but it's light text on a dark background and a Mac
normally displays dark text on a light background so it seems that it
must have been reversed especially for the shot; and (b) the two
reflections in the two spectacle lenses are perfectly aligned, and
neither shows any distortion from the curvature of the front of the
lenses - which leads me to suspect that the text images were
superimposed on the photograph after it was taken.
Cheers,
Daniel.
------------------------------
From: Albert Yang <[EMAIL PROTECTED]>
Subject: Re: Open Request to Dr. Kaliski, Jr. at RSA Research - looking for your
Date: Sun, 29 Oct 2000 17:08:09 GMT
As a service to the newsgroup, I have made Dr. Kaliski aware that there
is a group of us who would be interested in obtaining his thesis.
Since I work for RSA, I have his email address :-) So if/when I do get
a copy of it, (pending his permission) I will email you a copy. Sound
fair?
Now, what is the problem in PRNG with elliptic curves you have, as this
has drawn my interest.
Albert
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: BEST BIJECTIVE RIJNDAEL YET?
Date: Sun, 29 Oct 2000 17:47:04 -0000
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Brian Gladman) wrote in
> <K4VK5.3233$zO3.92645@stones>:
>
[snip]
> >It would certainly help this debate if someone who thinks they know what
> >is meant by the term 'file' in the context of bijective compression
> >could ***carefully*** specify their use of this term.
> >
> > Brian Gladman
> >
> >
>
> Brain Glady will i do that. In the case of matts program think of
> file as a any set of bits ( where a bit has a only two vlasue "0" or
> "1") and the number of bits that represent this file when divided by
> 8 will exactly match a number in the set { 1 2 3 4 ...)
> I hope that is specific enough.
Thank you for your efforts, which are helpful. It would be useful to
understand the significance of limiting the length of such bit sequences to
be multiples of 8. Surely it would be better to remove such an arbitrary
constraint and allow bit sequences of any length.
Once it is admitted that a property can only be maintained when the length
is a multiple of 8, there is no logic (apart from matters of practice rather
than principle) for rejecting other approaches that maintain the property
for files containing bit sequences that are multiples of any other arbitrary
integer.
And, of course, if you are limiting the lengths of bit sequences to be
multiples of eight for practical reasons, then there are many other
practical matters to consider such as, for example, whether the
representation of such bit sequences should (or should not) contain explicit
representations of their lengths.
> Matts program magically maps every
> member to every other member in a unique way based on the key.
> The main way it does this is he cleverly compresses to a intermediate
> file that is infinite in length. This infinite file has at last one
> bit that is a one. And the last bit that is a one is a finite distacne
> from the start. He then basically encrypts this file wiht Rijndael use
> full block sizes to map it to another unique file in the specail
> cinsturction. When this process is done he converts the output back
> to normal files as descriped at start of this paragraph.
> Know this is a quick summary and not fully detailed. But I hope you
> get the drift. Check out his code.
I have looked at his work and he uses arithmetic coding with a nice
technique for recognising the ends of files. I did some work on arithmetic
coding in a cryptographic context around 10 years ago and I am aware of what
it can offer in this context.
But in my view, in the great majority of practical situations the security
advanatges provided by arithmetic coding will not be significantly different
when the file length is represented externally rather than internally .
This is not an argument for not using his termination technique but rather
one to question whether there are significant security reasons for doing
this.
Brian Gladman
------------------------------
From: Jouni Hiltunen <[EMAIL PROTECTED]>
Crossposted-To: alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: Sun, 29 Oct 2000 19:01:44 +0200
Steve Cerruti wrote:
> Does this scheme of yours work without modifying the switching equipment
> at the service providers facility.
As far as I understood, yes, because all would be happening within the
handsets and circuit switched call i.e. no signalling channel is used for
it.
> Basically any call that was switched to another network couldn't be
> converted to a common form for exchange could it?
Why not? Voice data and signalling/switching data are separated and this
wouldn't be changing those (?).
Jouni
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
