Cryptography-Digest Digest #129, Volume #13 Thu, 9 Nov 00 10:13:00 EST
Contents:
Re: Regarding assymetric encryption algorithms (Tim Tyler)
Re: RSA security (Francois Grieu)
Re: OAP-L3 v. 5.0 broken (was Re: Crypto Export Restrictions) (Taneli Huuskonen)
Re: algorithms before 1939 (Mathew Hendry)
Re: Updated XOR Software Utility (freeware) Version 1.1 from CiphileSoftware (Tom St
Denis)
Re: Announcement: One Time Pad Encryption - 0.9.3 - freeware (Tom St Denis)
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software (Tom
St Denis)
Rijndael Key Schedule (Trish Conway)
Updated Sbox Generator (Tom St Denis)
Re: Rijndael Key Schedule (Tom St Denis)
Re: Rijndael Key Schedule (Thomas Pornin)
Re: RSA security ("Martin Otten")
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile (Richard
Heathfield)
Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile (Richard
Heathfield)
Re: Help Needed with Public Key Cryptography (Lee Hasiuk)
Re: hardware RNG's (Alan Rouse)
----------------------------------------------------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Regarding assymetric encryption algorithms
Reply-To: [EMAIL PROTECTED]
Date: Thu, 9 Nov 2000 10:57:41 GMT
Sundial Services <[EMAIL PROTECTED]> wrote:
: You should plan to use a well-known algorithm, such as Rijndael, DES,
: Twofish, or something like that -- with a well-understood cryptographic
: system that you can get in source-code form. Any of these algorithms
: should produce the level of protection that you seek.
...or would do - if they were asymmetric systems in the first place.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: RSA security
Date: Thu, 09 Nov 2000 12:26:02 +0100
> I want to use RSA for encryption (..)
> My question : how many bits must my RSA key have, to proof an attack with
> normal hardware ( no Cray or 256 station linux cluster) for 60 minutes ?
> Would 64 bit be enough ?
No. Factoring a 64 bit integer takes a mere fraction of a second.
A less unsafe number would be like 320 bits, which would take like a CPU.day
(within a factor of maybe 20).
Although direct RSA encryption at the rate and processing power your quote
looks like feasible for reasonable keys (512 bits), this is most innaproriate
if all your packets are to the same destination (which by the way would need
over a 100 time the processing power to decipher in real time). Therefore
the appropriate method is, on the transmit side:
- choose a random session key, say 128 bits (that's a tricky part)
- format it properly (see PKCS#1v2) and encrypt it under RSA with say a
512 bit of better key, and transmit the result
- transmit the data enciphered with the session key and a symetric
algorithm (2-key tripple DES, IDEA, AES..), maybe in CBC mode.
- discard the session key
Of course the receiver side deciphers the RSA block, gets the random key,
deciphers the data, and discards the session key.
Note that this method enciphers the data, but does not give data integrity.
Overall, the most serious problem looks like you plan to improvise your own
cryptograhic system.
Francois Grieu
------------------------------
From: [EMAIL PROTECTED] (Taneli Huuskonen)
Crossposted-To: talk.politics.crypto
Subject: Re: OAP-L3 v. 5.0 broken (was Re: Crypto Export Restrictions)
Date: 9 Nov 2000 13:31:08 +0200
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In <8u9t8s$66h$[EMAIL PROTECTED]> 0xdeadbeef <[EMAIL PROTECTED]> writes:
[...]
>OK. I take the challenge. I can break OAP-3 version 5.0 if it works as
>your website says.
>You do this: you take about 1 MB text file of English and add words
>"Sincerely Yours, XXXXXXXXXXXXXXX" in 100 different places in it.
>"XXXXXXXXXXXXXXX" is your secret code name with 15 letters and numbers.
>You encrypt it with your program, but you use only 50 rows in your
>tables. Then you put encrypted file on your Web site and post the URL.
>After 30 days or earlier I post the secret name to this newsgroup.
>Deal?
Good luck with making him accept your challenge - he told me he'd
accept mine, but then the CD-ROM he promised to send me somehow failed
to materialize...
Regards,
Taneli H
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA+AwUBOgqK7F+t0CYLfLaVEQK2MwCY7y+gayKHpnADslxVeXGekaNe5QCg+slX
cD6iQPYDEMU6E23xLT0HrDs=
=d17R
=====END PGP SIGNATURE=====
--
I don't | All messages will be PGP signed, | Fight for your right to
speak for | encrypted mail preferred. Keys: | use sealed envelopes.
the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
------------------------------
From: Mathew Hendry <[EMAIL PROTECTED]>
Subject: Re: algorithms before 1939
Date: Thu, 09 Nov 2000 11:37:46 +0000
Reply-To: [EMAIL PROTECTED]
Erik Runeson <[EMAIL PROTECTED]> wrote:
: In article <8u9tv0$sa6$[EMAIL PROTECTED]>,
: "Michal z Sopotu" <[EMAIL PROTECTED]> wrote:
:
: > I`m looking for some internet pages,magazines, books (or other
: > sources) of cipher/decipher algorithms used before 1939.
:
: Check out "The Code Book", by Simon Singh. It's an exellent history of
: cryptography and should be available at a reasonable price in most
: bookstores.
David Kahn's _The Codebreakers_ (Scribner; ISBN: 0684831309) is much
more comprehensive, and more accurate.
: I had the pleasure of seeing the author a few days ago when he
: presented the price for the books code-breaking contest to a team of
: five swedish graduate students in Stockholm.
He also presented a UK Channel 4 documentary called _The Science Of
Secrecy_, based loosely on the book
http://www.channel4.co.uk/nextstep/secrecy/index.html
with another contest
http://www.channel4.co.uk/nextstep/secrecy/quiz.html
Only 4 days left, but it looks much easier than the book version.
--
Mathew Hendry, Programmer, Visual Sciences Ltd.
Work <[EMAIL PROTECTED]>, Home <[EMAIL PROTECTED]>
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: alt.freespeech,talk.politics.misc,talk.politics.crypto
Subject: Re: Updated XOR Software Utility (freeware) Version 1.1 from CiphileSoftware
Date: Thu, 09 Nov 2000 11:58:27 GMT
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> You can do no more than what you can imagine yourself doing.
Ok, sure.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Announcement: One Time Pad Encryption - 0.9.3 - freeware
Date: Thu, 09 Nov 2000 11:57:45 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
> Tom St Denis wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > d <[EMAIL PROTECTED]> wrote:
> > > Command line One Time Pad utility. Options: pad generation,
randomness
> > > testing, en/decryption, base64 en/decoding and disk wiping. ANSI-C
> > > source and DOS executable included.
> > >
> > > Free download at <http://www.vidwest.com/otp/>
> > >
> > > Your bug reports/other feedback will be gratefully received.
> >
> > Perhaps you missed the boat, OTP's are not practical solutions!
>
> Are you sure about that? Sure, they are not practical solutions in
> /many/ circumstances, but there are surely /some/ circumstances where
> they could usefully be employed. I'm thinking particularly of "secret
> agent behind enemy lines" scenarios.
I would bet "secret agent behind enemy lines" would rather carry a
smart card with the cipher+128 bit key embedded in it then a computer +
MASS storage device for the OT pad...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: alt.freespeech,talk.politics.misc,talk.politics.crypto
Subject: Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile Software
Date: Thu, 09 Nov 2000 12:01:34 GMT
In article <8ucvg5$5oa$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Scott Craver) wrote:
> Richard Heathfield <[EMAIL PROTECTED]> wrote:
> >>
> >> [snip] Amazing. Maybe you should run speed tests.
> >
> >I did (having first sorted out a test machine that I didn't mind
> >reinstalling from scratch if need be). They're about the same. Mr
> >Szopa's may even have a slight edge (I didn't spend any time trying
to
> >make mine quick, after all). For speed, I have an ISO C version on
the
> >Web.
>
> Does your program do the XOR a byte at a time or a long int
> at a time? More importantly, does it fwrite and fread in
> units of bytes, or larger? I'm interested in what Mr. Szopa's
> program is actually doing, and if it's reading in units of
> bytes rather than larger chunks there could be a major speed
> difference.
As if you're really considering discussing the speed of a XOR program.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Trish Conway)
Subject: Rijndael Key Schedule
Date: 9 Nov 2000 12:15:40 -0000
I posted the following message a while ago :
In the Rijndael key schedule the first subkey is just a copy of the userkey(for 128
bit userkey). Could the following scenario be interpreted as a weakness : Say the
subkeys are generated in a black box in hardware and an unauthorised person breaks
into the black box and obtains the subkeys. They now have the userkey and can go to
another black box and input the userkey and impersonate a legitimate user(supposing
that the userkey is distributed to a number of users all using a central host).
The replies posted seemed to sa that it wasn't a legitmate attack because if you have
the subkeys the cipher is already broken. But knowledge of the subkeys doesn't allow
the attacker to impersonate a legitimate user in the way I described. And why have the
4 other AES finalist algorithms ensured that the subkeys are derived from the userkey
in a more complex fashion?
The AES is supposed to last for the next 20 or so years. It will be used in a wide
variety of applications. Is this such a far fetched scenario as to be irrelevant? And
why have such a simple relationship between the userkey and first subkey when it can
so easily be avoided?
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Updated Sbox Generator
Date: Thu, 09 Nov 2000 13:11:58 GMT
I fixed up the Sbox Generator to be a little more "ANSI" conformant. I
also corrected a bug when making mxn sboxes where m>n. Finally I added
a "limit the fixed points" option for bijective sboxes.
The new source code is at
http://www.geocities.com/tomstdenis/files/sboxgen.c
Enjoy (if you have use for such a program :-) )
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Rijndael Key Schedule
Date: Thu, 09 Nov 2000 13:10:22 GMT
In article <8ue4hc$1edh$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Trish Conway) wrote:
>
> I posted the following message a while ago :
>
> In the Rijndael key schedule the first subkey is just a copy of the
userkey(for 128 bit userkey). Could the following scenario be
interpreted as a weakness : Say the subkeys are generated in a black
box in hardware and an unauthorised person breaks into the black box
and obtains the subkeys. They now have the userkey and can go to
another black box and input the userkey and impersonate a legitimate
user(supposing that the userkey is distributed to a number of users all
using a central host).
>
> The replies posted seemed to sa that it wasn't a legitmate attack
because if you have the subkeys the cipher is already broken. But
knowledge of the subkeys doesn't allow the attacker to impersonate a
legitimate user in the way I described. And why have the 4 other AES
finalist algorithms ensured that the subkeys are derived from the
userkey in a more complex fashion?
>
> The AES is supposed to last for the next 20 or so years. It will be
used in a wide variety of applications. Is this such a far fetched
scenario as to be irrelevant? And why have such a simple relationship
between the userkey and first subkey when it can so easily be avoided?
First off, any cipher is broken if I know all the round keys. It's a
fact of life. Second, I am not an expert on Rijndael but perhaps they
chose that key schedule to simplify the algorithm?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Thomas Pornin)
Subject: Re: Rijndael Key Schedule
Date: 9 Nov 2000 13:32:03 GMT
According to Trish Conway <[EMAIL PROTECTED]>:
> Could the following scenario be interpreted as a weakness
Interpret it as you want, but usually, the security of the subkeys
is considered strictly equivalent to the security of the master key.
If you want your system to perform authentication tasks, I suggest you
incorporate an authentication module. Hashing the passphrase of the user
with SHA-1 (inside the black box), and using this hash as the key would
somehow do the trick. Hashing passphrases is done anyway, so that keys
may remain easy to remember and yet have a correct entropy.
--Thomas Pornin
------------------------------
From: "Martin Otten" <[EMAIL PROTECTED]>
Subject: Re: RSA security
Date: Thu, 9 Nov 2000 15:07:15 +0100
Hi,
Ok, i understand. You mean, instead of using very strong asymetric
encryption all the time, I should use a 512 bit RSA just for transmitting a
128 symetric key for the main data, because symetric en/decoding is much
more faster. The problem is to get a good random number, right ? What is
PKCS#1v2. Sorry, I'm a newbie.
Thank you a lot : )
Martin
------------------------------
Date: Thu, 09 Nov 2000 10:54:01 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.misc,talk.politics.crypto
Subject: Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile
[alt.freespeech snipped yet again, I'm afraid...]
Anthony Stephen Szopa wrote:
>
<snip>
>
> Here's the difference between most of you and myself:
>
> I ACT and you react: BIG difference.
Yes, it's a huge difference. It's tricky to point out someone's
foolishness until they've actually made a fool of themselves.
That this thread might yet turn from flame to fruitfulness, I suggest
that you publish the source code to any code you expect people to run on
their own machines. I have done so. Others have done so. Why have you
not done so? It's only an XOR, for heaven's sake.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
Date: Thu, 09 Nov 2000 11:17:03 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.misc,talk.politics.crypto
Subject: Re: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile
[alt.freespeech censored :-) ]
Anthony Stephen Szopa wrote:
>
> Scott Craver wrote:
> >
> > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > >"Trevor L. Jackson, III" wrote:
> > >>
> > >> Pointing out the limitations of your software is to amusement as Jerry Springer
>is
> > >> to entertainment.
> > >
> > >You said it: so what are the limitations of the XOR software
> > >utility?
> >
> > We just *told* you. It's a huge binary, not open, and only runs on a
> > single platform.
> >
> > -S
>
> You know why it is as large as it is. Don't complain to me. This
> is the nature of the modern GUI interface. People have decided
> that this is how they want to interact with their computer programs
> and are even demanding that such programs be provided to them. Are
> you saying that most computer users are stupid but you are the smart
> one?
It's not an unreasonable claim, actually. Command line programs are much
more flexible and portable if written sensibly. Often, they're more
powerful too.
> Why do you need it open source?
It's a matter of trust. Frankly, I doubt that many people here trust
you.
> It does what it is intended to do
So you say.
> and what it is claimed to do
So you say.
> and does no more than it is supposed to do
So you say.
> and you can prove this
That's your job. One way you can prove it is to release the source code.
> by using it, especially if you have
> firewall software and virus software which many many people do
> since these programs are free. No one has claimed that there is
> any problems with the software. You are ranting just like a
> lunatic. Don't you have something better to do?
Actually, rebutting your claims *is* something better to do. When you
are ready to understand that openness is essential in building trust,
perhaps the rest of the world will be more ready than at present to
listen to you.
>
> You are not getting the source code. I thought of it
Sorry? You thought of XOR? You invented the One Time Pad? Pure BS.
> and engineered
> it and I am not going to just give it to you all.
That's all right. Since I have now released source code to a program
that does not only what your program does but more too, anyone who has a
genuine need for this software in graphical form has an open source
alternative to your program. If they don't like the (colossal) lack of
error-checking in my code, they can add it themselves if they wish, or
nag me to do it (which I may well do, even though it was meant to be
joke code).
And those who don't need it in graphical form can use either the other
program I wrote to do the same thing, or Tom's program, or Andre's
program. They don't *need* yours. There are at least four open source
versions available now.
> Yes, it's simple
Ah, a correct statement. Well done. Make a note in your memoirs.
> but as most of you should realize by now with all the posturing and
> pretending in these news groups that all this cannot be too easy
> because almost none of you are thinking of new ideas or innovations
XOR is innovative?
> or even producing the simplest of software and making it available
> to the public.
I'm pretty sure that all the finalists in the AES competition are
patent-free - even the winner. This doesn't sound like a lack of
available innovation.
> Your lack of creativity and imagination has been
> demonstrated by your deciding that your place in these news groups
> is as pseudo consumer advocate. But you have merely become trivial
> clowns.
No. Some of the subscribers in sci.crypt (which is where I read your
article) are world-class cryptographers and cryptanalysts, and you make
yourself out to be very foolish by insulting them. Every sensible person
is open to *intelligent* criticism, but you provide only the stupid
kind.
>
> It probably runs on 85% of computers in the entire world.
Well, 85% of desktop machines, maybe. We'll allow this as your second
true statement (in the same article, too!), assuming you meant "can run"
rather than "runs" - I don't believe you have that level of market
penetration yet.
> It is not
> my fault that there is more than one platform in use worldwide with
> one dominant. Why haven't you provided a Linux or Mac or Etc.
> version?
I did one earlier this week which is available on the Web. It can run on
Linux, Windows, DOS, wherever. Even Macs, I believe (although you'd have
to track down a Mac user to actually test that statement). That's the
nice thing about command line programs.
> When it really comes down to it, don't you give a damn?
> All we are hearing from most of you is give me, give me, me me me ...
Nobody sensible is going to use your stuff if they don't have the source
code.
>
> Quit complaining and start contributing something that people might
> benefit from, if you can.
I have done so. You have not.
>
> Are you figgin' deaf?
No. Are you?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: [EMAIL PROTECTED] (Lee Hasiuk)
Subject: Re: Help Needed with Public Key Cryptography
Date: Thu, 09 Nov 2000 14:31:47 GMT
This sounds perfect. Where would I find ECC information and/or
implementations?
Lee
Mike Rosing <[EMAIL PROTECTED]> wrote:
>Lee Hasiuk wrote:
>>
>> I'm set on 64 bits because I want to allow the possibility of the
>> registration key being used on a computer which is not connected to
>> the Internet, where the user would type the code in manually, and that
>> would be all that's needed to unlock the product. Maybe I shouldn't
>> allow for that, but it seemed like something that might be easy to do.
>> Now I'm not so sure.
>
>With ECC you can get 64 bits of security with 130 bits transmitted. If
>you only need 56 bits of security (DES equivelent) then you can transmit
>113 bits. If you transmit 64 bits only, you have about 32 bits of security.
>That's truely worthless for anyone who wants to attempt to crack it, but
>for those who won't make the attempt it's perfecty secure.
>
>So what are the odds that someone will attempt to crack your security
>vs. the attempt to bypass your security? If bypassing is more likely,
>you might as well go with less security since it won't make any difference
>in terms of cracking anyway.
>
>Patience, persistence, truth,
>Dr. mike
------------------------------
From: Alan Rouse <[EMAIL PROTECTED]>
Subject: Re: hardware RNG's
Date: Thu, 09 Nov 2000 14:33:05 GMT
I wrote:
> You seem to be equating an event's randomness with your ability to
> predict that event. I think that is an inadequate definition of
> randomness. An event that occurs with statistical bias is not random,
> but it still might be extremely difficult to predict.
David Schwartz wrote
>That is total nonesense. If an event can only be described
>statistically (bias or no) that means it's random.
>Random and unpredictable are synonymous
Not true. Every sample can be described statistically. For example,
if I select one object from a population of one object, there is a 100%
statistical chance that I'll get the same object in every trial. That
is NOT random.
More importantly, your ability to predict depends upon your knowledge.
However, the randomness of a sample is independent of a particular
person's knowledge. If not, then a sample that is random to one person
would not be random to another person.
If a sample is random, then by definition no information exists,
whether known to you or not, which would reduce the size of a brute
force search for the sample's value.
There is a difference between a random sample and one that contains
some entropy. Random is absolute. It means that there are no patterns
and no biases.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
