Cryptography-Digest Digest #49, Volume #13 Mon, 30 Oct 00 18:13:00 EST
Contents:
Re: how i decode this? (SCOTT19U.ZIP_GUY)
Re: Padding scheme? (Benjamin Goldberg)
Re: DATA PADDING FOR ENCRYPTION (SCOTT19U.ZIP_GUY)
Calculating the redudancy of english? (Simon Johnson)
Re: Padding scheme? (SCOTT19U.ZIP_GUY)
Re: End to end encryption in GSM (A.M.)
Re: Padding scheme? (Benjamin Goldberg)
Re: .java.policy (i figured it out) ([EMAIL PROTECTED])
Re: Calculating the redudancy of english? (JPeschel)
Re: Cracking of MasterKey Completed (JPeschel)
Re: how i decode this? (Tom St Denis)
Re: Calculating the redudancy of english? (Simon Johnson)
Re: RSA Multiprime (JCA)
Re: Padding scheme? (Tim Tyler)
Re: Padding scheme? (Tim Tyler)
how do you decrypt something encoded by C=M^e(mod N) ("Pepitoe")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: how i decode this?
Date: 30 Oct 2000 20:58:38 GMT
[EMAIL PROTECTED] wrote in <8tkk4u$3jl$[EMAIL PROTECTED]>:
>
>> If the secret algorithm is as good as trusted public algorithm, why
>> would this be worse than using an algorithm which already is public?
>
>Based on that assumption (the secret algorithm is at least as good as
>the public) using the secret algorithm will be at least as secure.
>HOWEVER, there is no absolute way to rank algorithms, we can only
>guess. Since the algorithms available publically have been evaluated
>much more rigorously (see http://members.aol.com/jpeschel/crack.htm for
>reference). Also there is a fair amount of gaurentee that your
>algorithm will get published, will get used, will get analyzed (see
>RC4) on matter what you do. It just makes sense to publish the
>algorithm completely, and maintain your knowledge, or just use an
>already public cipher that is believed to be strong.
> Joe
>
The problem is even if you as an ametuer trying to use
a trusted open literature method. YOu asre also sitting
yourself up to have your data read. It is obviously better
to use a method that no one but you knows about. That is
what the government does. But it is also ture that you
secrest method could be weak so that the bad guys could
break your method even if it was secret.
If I was an ametuer I would use more than one method
in series for protection. I would use only methods that
are fully bijective so that indvivdual stages don't add
information a layer at a time making it far easier to
break. For one of the layers I would use Matt's code since
it fully bijective and uses RIjndael the AES standard. But
I would also use more. You could even use scott16u its bijective
fully. You could also uncompress with a bijective uncompress
reverse the file and use Matts nore than once. THe nice thing
is you will still get a 1-1 mapping from input file to output
file and no may even guess the order inwhich you did things.
You can even at one stage add your own freshly invented method
if it is bejective. But above have fun and keep part of it
secret.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Padding scheme?
Date: Mon, 30 Oct 2000 21:19:56 GMT
After having read some other recent stuff on this group discussing
padding, I realize that a trojan horse type program could use the random
padding as a subliminal channel. To avoid this, the padding should,
instead of being random, be the first bytes and bits from a
cryptographicly secure hash of the message. The reason for doing a hash
is that won't add known or probable plaintext, whereas fixed content
padding would.
--
"Mulder, do you remember when I was missing -- that time that you
*still* insist I was being held aboard a UFO?"
"How could I forget?"
"Well, I'm beginning to wonder if maybe I wouldn't have been
better off staying abo-- I mean, wherever it was that I was
being held." [from an untitled spamfic by [EMAIL PROTECTED]]
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: DATA PADDING FOR ENCRYPTION
Date: 30 Oct 2000 21:10:59 GMT
[EMAIL PROTECTED] (Bryan Olson) wrote in
<8tkn12$6de$[EMAIL PROTECTED]>:
>That's one of my points. Use techniques that work for all
>message spaces.
>
Seems like an ad and endoresment for Matts bicom to me.
>[...]
>Again, randomized one-to-many is better.
And again its easy to correctly add randomize data
to a file and then encrypt with something like Matts
bicom. So its easy to get the best of all worlds. However
since many encryption compression schemse are not
properly bijective it may be hard in practice to this
with out proper tools like Matts code.
thanks
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Calculating the redudancy of english?
Date: Mon, 30 Oct 2000 21:23:36 GMT
How does one calculate the redudancy of english?
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Padding scheme?
Date: 30 Oct 2000 21:27:45 GMT
[EMAIL PROTECTED] (Benjamin Goldberg) wrote in
<[EMAIL PROTECTED]>:
>After having read some other recent stuff on this group discussing
>padding, I realize that a trojan horse type program could use the random
>padding as a subliminal channel. To avoid this, the padding should,
>instead of being random, be the first bytes and bits from a
>cryptographicly secure hash of the message. The reason for doing a hash
>is that won't add known or probable plaintext, whereas fixed content
>padding would.
>
Yes this might be valuable if the padding is applied in some purely
bijective way so that the result is still fully bijective.
The problem is not just one of substituting the trailing bits
but one of unsuring no information is added and the tecknique is
fully bijective.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: A.M. <[EMAIL PROTECTED]>
Crossposted-To: nl.comp.crypt,alt.comp.opensource,alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: Mon, 30 Oct 2000 22:57:02 +0100
> I'm not sure what you mean. How can the data rate limit the strength of the
> encryption scheme ?
If you encrypt something the output size is proportional to the size of
the key and usually the longer the key the more difficult to break the
encryption. But of course I'm not an expert.
--
Alfred Molon
Email address is alfred_molon at csi.com
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Padding scheme?
Date: Mon, 30 Oct 2000 22:06:48 GMT
SCOTT19U.ZIP_GUY wrote:
>
> [EMAIL PROTECTED] (Benjamin Goldberg) wrote in
> <[EMAIL PROTECTED]>:
>
> >After having read some other recent stuff on this group discussing
> >padding, I realize that a trojan horse type program could use the
> >random padding as a subliminal channel. To avoid this, the padding
> >should, instead of being random, be the first bytes and bits from a
> >cryptographicly secure hash of the message. The reason for doing a
> >hash is that won't add known or probable plaintext, whereas fixed
> >content padding would.
>
> Yes this might be valuable if the padding is applied in some purely
> bijective way so that the result is still fully bijective.
> The problem is not just one of substituting the trailing bits
> but one of unsuring no information is added and the tecknique is
> fully bijective.
Although it's true that using bits from a hash, rather than bits from a
TRBG, does create a bijective mapping from the set of messages whose
lengths are multiples of 8 bits to the set of messages whose lengths are
multiples of 128 bits, there is no significant difference in security
between the original 1-to-many mapping and the hash-based 1-to-1
mapping. The only security advantage of the change is that it closes
off a possible subliminal channel. Nothing more, nothing less.
--
"Mulder, do you remember when I was missing -- that time that you
*still* insist I was being held aboard a UFO?"
"How could I forget?"
"Well, I'm beginning to wonder if maybe I wouldn't have been
better off staying abo-- I mean, wherever it was that I was
being held." [from an untitled spamfic by [EMAIL PROTECTED]]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: .java.policy (i figured it out)
Crossposted-To: comp.lang.java.programmer
Date: Mon, 30 Oct 2000 22:01:45 GMT
In sci.crypt William A. McKee <[EMAIL PROTECTED]> wrote:
> The original post was in comp.lang.java.programmer where I was asking how to
> use .java.policy to stop unsigned .jar files from being run. Nobody knew.
> It turns out you cannot do it.
You can use your own class loader that refuses to load unsigned
classes though.
> What I do is have a SFX that does the configuration required to setup the
> client machine. This must be downloaded over the network and run on the
> client machine. Most people would not even know how to use the java tools
> to modify .java.policy and .keystore IMHO.
> I guess the best way around this security hole is to use SSL to transfer the
> data.
So you use unsigned code to edit the policy file to only allow signed
code to run, then complain about the java security model? The
"security hole" you describe is really self-inflicted.
--
Matt Gauthier <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Calculating the redudancy of english?
Date: 30 Oct 2000 22:10:02 GMT
Simon Johnson [EMAIL PROTECTED] writes:
>How does one calculate the redudancy of english?
Use the index of coincidence.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: Cracking of MasterKey Completed
Date: 30 Oct 2000 22:13:57 GMT
SCOTT19U.ZIP_GUY writes:
>I would like your and
>or his opinion of Matts bijective bicom program.
>
I haven't looked at it. But you really don't need my
comments, as you have all the birds chirping about
it now. :-)
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: how i decode this?
Date: Mon, 30 Oct 2000 22:05:50 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> The problem is even if you as an ametuer trying to use
> a trusted open literature method. YOu asre also sitting
> yourself up to have your data read. It is obviously better
> to use a method that no one but you knows about. That is
> what the government does. But it is also ture that you
> secrest method could be weak so that the bad guys could
> break your method even if it was secret.
>
> If I was an ametuer I would use more than one method
> in series for protection. I would use only methods that
> are fully bijective so that indvivdual stages don't add
> information a layer at a time making it far easier to
> break. For one of the layers I would use Matt's code since
> it fully bijective and uses RIjndael the AES standard. But
> I would also use more. You could even use scott16u its bijective
> fully. You could also uncompress with a bijective uncompress
> reverse the file and use Matts nore than once. THe nice thing
> is you will still get a 1-1 mapping from input file to output
> file and no may even guess the order inwhich you did things.
> You can even at one stage add your own freshly invented method
> if it is bejective. But above have fun and keep part of it
> secret.
What are you talking about? Why is bijectivity so good? How much
information is being added do you suppose? Take PGP how much plaintext
is known in the data stream?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Calculating the redudancy of english?
Date: Mon, 30 Oct 2000 22:42:08 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (JPeschel) wrote:
> Simon Johnson [EMAIL PROTECTED] writes:
>
> >How does one calculate the redudancy of english?
>
> Use the index of coincidence.
What is the index of coincidence, Applied crypto doesn't seem to give
enough info for me to estimate the redudanct of english.
> Joe
> __________________________________________
>
> Joe Peschel
> D.O.E. SysWorks
> http://members.aol.com/jpeschel/index.htm
> __________________________________________
>
>
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: RSA Multiprime
Date: Mon, 30 Oct 2000 14:37:35 -0800
The only reason why you want to have this is because your private key
operations can be implemented in such a way that they perform faster than
traditional, two-prime ones. Now, as far as I am concerned the multiprime
(i.e. more than two primes) approach is not satisfactory for two reasons:
1) The resulting implementation is amenable to attacks that don't work
for two-prime moduli. Therefore, for a given modulus size the algorithm
is weakened. True, when using three primes it is not weakened to the
extent that it is rendered useless; but it is nevertheless weakened. Thus,
a three-prime, 1024-bit modulus is weaker than a two-prime, 1024-bit
modulus, as far as the RSA algorithm is concerned.
2) The performance issue is not all that relevant these days, when
extremely efficient, 1024-bit moduli implementations exist. In fact, fine
tuning the modular exponentiation operation for two-prime, 1024-bit
moduli produces spectacularly fast code in some platforms. In addition,
such fine tuning will easily carry over to 2048-bit if/when they become
desirable. Other than this, if one is concerned about speed one still can
use two-prime 768-bit moduli, which are as of today for all practical
purposes as impervious to realistic brute force attacks as two-prime,
1024-bit moduli.
While a neat thing, I am not all that fond of multiprime moduli. But
that's just me.
[EMAIL PROTECTED] wrote:
> Has anyone had much of a chance to work with the RSA Multiprime version
> of the algorithm yet?
>
> -Jeff
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Padding scheme?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 30 Oct 2000 22:46:38 GMT
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
: After having read some other recent stuff on this group discussing
: padding, I realize that a trojan horse type program could use the random
: padding as a subliminal channel. To avoid this, the padding should,
: instead of being random, be the first bytes and bits from a
: cryptographicly secure hash of the message. The reason for doing a hash
: is that won't add known or probable plaintext, whereas fixed content
: padding would.
Using a hash is inferior to the use of genuinely random numbers in at
least one sense - because attackers can identify incorrect decrypts
by checking to see if the padding is padding that would have been added
if the specified hash function was used.
This allows them to use the padding to reject keys. Rejecting keys by
this method would be laborious, though - since you need to have the entire
message on hand to reject each key.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Padding scheme?
Reply-To: [EMAIL PROTECTED]
Date: Mon, 30 Oct 2000 22:53:12 GMT
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
: SCOTT19U.ZIP_GUY wrote:
:> [...] I would prefer to use the random number as a number use to
:> rotate the source file and then DSC to mate it in. Then optimal end
:> treatment such as Matts or mine that works on any file to match the
:> block size of the encryption used. That is what I would so if for some
:> reason I want to padd out to match the encrypted block size.
: This statement of yours is completely "out there."
In fact it makes perfect sense.
: Perhaps you should get your head out of your ass and read what I wrote.
: Nowhere do I use my random bits as numbers... they're just garbage
: data, junk, fill, un-looked-at bits-and-bytes. [...]
I don't think Scott was claiming *you* used your RNG that way. He was
describing how *he* would employ a RNG - if he was confident he had a
reliable one available.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: "Pepitoe" <[EMAIL PROTECTED]>
Subject: how do you decrypt something encoded by C=M^e(mod N)
Date: Mon, 30 Oct 2000 23:02:59 -0000
I don't know if im posting in right place, i have very little knowledge of
cryptography, but was interested in what i saw on a tv programme last night
(ch4 the science of secrecy if anyone english is reading), they gave C=M^e
(mod N) as a method of encryption where c is obviously the encrypted output,
m is letter's value, n is multiple of keys and e seemed to be just a chosen
power. I can understand how to use this to encrypt but i didn't see how to
decrypt, and my knowledge of maths so far (not finished a level yet) doesn't
let me work it out for my self (its probably simple but im not that
clever!). So please explain a way to decrypt, if possible e-mail me
[EMAIL PROTECTED] as i may not get a chance to visit this newsgroup
again in time to read any replies.
Thanks for your help
Pepitoe
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
