Cryptography-Digest Digest #137, Volume #13 Fri, 10 Nov 00 17:13:01 EST
Contents:
Re: Rijndael file encryption question. (SCOTT19U.ZIP_GUY)
Re: voting through pgp (SCOTT19U.ZIP_GUY)
Re: Q: Computations in a Galois Field (Mok-Kong Shen)
Re: Announcement: One Time Pad Encryption - 0.9.3 - freeware (Daniel)
Re: Photons, polarization and quantum crypto (Bryan Reed)
Re: voting through pgp ([EMAIL PROTECTED])
Re: hardware RNG's (David Schwartz)
Re: The Freedom to Communicate the Power to Protect (Tom St Denis)
Re: Photons, polarization and quantum crypto ([EMAIL PROTECTED])
Q: Rotor machines (Mok-Kong Shen)
Austin Cypherpunks Physical Meet: Tue. Nov. 14, 2000 (Jim Choate)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Rijndael file encryption question.
Date: 10 Nov 2000 20:04:25 GMT
[EMAIL PROTECTED] (Russ Housley) wrote in
<[EMAIL PROTECTED]>:
>> I would like to see the IEEE standard. I am begining to have a
>>gut feelling that they screwed up and asshole manager types may
>>have made the actual standard. Anyone know what it really is and
>>if there where dumb enough so that some files are ambiguous?
>>I wil report anything I learn about this so called standard and
>>I will say if its messed up assuming its written so the reading
>>itself is not ambiguous.
>> I will make one quick point. If it is for use to only fill the
>>last encryption block if it is not full it sucks big time.
>>
>>
>>David A. Scott
>
>The technique that you are discussing was originally developed for
>Privacy-Enhanced Mail (PEM). See RFC 1423. In PEM, we were using
>DES, so the padding was at most eight bytes (an extra block). The
>technique extens to any block size less that 255 bytes.
>
>Extract from RFC 1423:
> The input to the DES CBC encryption process shall be padded to a
> multiple of 8 octets, in the following manner. Let n be the length
> in octets of the input. Pad the input by appending 8-(n mod 8)
> octets to the end of the message, each having the value 8-(n mod
>8),
> the number of octets being added. In hexadecimal, the possible
> paddings are: 01, 0202, 030303, 04040404, 0505050505,
>060606060606,
> 07070707070707, and 0808080808080808. All input is padded with 1
>to
> 8 octets to produce a multiple of 8 octets in length. The padding
> can be removed unambiguously after decryption.
>
>
>
Yes it can be removed unambiguusly but it adds known information
to an encryption that aids in the attacker breking the code. You can
make the encryption slightly shorter by not doing the padding this
way you can padd as in Matts bicom so output any 8bit file or you
could pad in a bijective way so the output is any blocksize you want.
An example of add info. An attacker looks at only the last 2
encrypt blocks of the code. He nows its CBC mod DES without know
any thing about the file. he knows the bits in last byte are
0000xxxx where the x's can either zeroes or ones this
reduces the effect soultion space by at least 16 got by 2**4
why reduce the effective solution space when its so easy not too.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: voting through pgp
Date: 10 Nov 2000 20:08:06 GMT
[EMAIL PROTECTED] (binary digit) wrote in
<ydXO5.191030$[EMAIL PROTECTED]>:
>Imagine if everyone had pgp in the world and voted through pgp, every
>single vote could be verrified and everyone would be happy, and there
>wouldnt be this problem that is going on now in florida
>
That would still not work since the vote is kept secret. It might
prevent you from voting twice with same identity. But you don't want
your boss to know that you voted for someone he did not want you to.
With a secret ballot you can vote for who you think is best while
you swear to you boss you voted for the asshole he thinks is best.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Q: Computations in a Galois Field
Date: Fri, 10 Nov 2000 21:25:23 +0100
Paul Crowley wrote:
>
> Mok-Kong Shen wrote:
> > It seems, as I mentioned, that there are a number of
> > affine transformations that are just as good as the one
> > chosen in Rijndael. Could you please say something to
> > that? Further I should appreciate to know whether there
> > are other transformations in GF(2^8) that are just as
> > good as x to 1/x.
>
> If you haven't read Section 7.2 of the Rijndael paper yet I recommend
> you do so, it covers this issue.
> http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
>
> They mention a paper discussing nonlinear substitutions with good
> properties against LC and DC from which they chose x -> 1/x - perhaps
> that paper would answer your second question.
My understanding of the section you mentioned is that both
the x to 1/x mapping and the affine transformation are
such that they are simple to describe and (apparently by
some chance) happen to be very good. One knows from
general optimization problems that one normally/often has
more than one optimum or near-optimum. These may be more
complicated in mathematical form but may not be complicated
in implementation as compared to Rijndael's choice. (Note
that the x to 1/x mapping is very likely to be implemented
as a look-up table so a more complicated mathematical
expression wouldn't matter.) This would mean that one can
have other equally good or almost equally good substitutions
to replace the original Rijndael substitution, thus opening
a path to obtain variants of Rijndael, in case these are
desirable. Cf. the thread 'On introducing non-operability'
of 27th Oct initiated by me. It may be noted that, besides
ByteSub, the components ShiftRow and MixColumn of Rijndael
could also be varied and further that the four components
of a round of Rijndael could be permuted without possibly
materially affecting the strength of the cipher, at least
with the fairly large number of rounds that Rijndael has.
M. K. Shen
========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (Daniel)
Subject: Re: Announcement: One Time Pad Encryption - 0.9.3 - freeware
Date: Fri, 10 Nov 2000 20:36:25 GMT
>
>I would argue that your stealing of a card in my pocket is a bit less
>trivial then a remote online attack. So I doubt that's a serious
>threat with smart cards.
>
Does an agent carry this kind of evidence on him 24/7? Or does his
stash it away in a 'secure' place? What did the SOE agents do with
their radio sets? Try 'Beween Silk and Cyanide' from Leo Marks. It
tells the story of a master cryptographer during WO II.
regards,
Daniel
------------------------------
From: [EMAIL PROTECTED] (Bryan Reed)
Crossposted-To: sci.optics,sci.physics
Subject: Re: Photons, polarization and quantum crypto
Date: 10 Nov 2000 20:10:47 GMT
In article <8uhgt6$efb$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>
>I have thought of one method by which such a system might indeed be
>subject to attack/interception without changing the states
>*sufficiently* to alert either sender or receiver.
>
>Suppose photon 1 comes along with a given but unknown (to
>the interceptor) polarization. The interceptor places a half-wave plate
>in the path. Classically at least, the polarization state will be
>rotated by twice the angle between the half-wave plate optic axis and
>the photon polarization direction.
>
>During this interaction, a torque is imparted on the plate in order to
>preserve angular momentum. Now, this torque may be vanishingly small,
>but *hypothetically* I propose that it could be measured. Furthermore,
>the magnitude of this torque would be proportional to the angle between
>the photon polarization. Thus, one could know, certainly to within 90
>degrees, what the state of the photon was just prior to entering the
>plate. If the photon was lined up with the optic axis, there would be
>no rotation and no torque. If it was at 45 degrees there would be a 90
>degree rotation and some torque. If it was at 90 degrees, there would be
>180 degrees rotation and the maximum torque.
>
Your measurement records the circular polarization of the wave. You have
altered the polarization state, so it's now an eigenfunction of circular
polarization.
>Following the first half-wave plate would be another, identically
>aligned half-wave plate. This would then reverse the effects of the
>first plate, leaving the photon in its initial state, or at least very
>close to its intitial state.
>
It won't reverse the effects. You "collapsed the wave function" with the
first measurement. You can't uncollapse it once the measurement is
coupled to a macroscopically irreversible variable, such as a bit of
information recorded in your head.
There are clever ways to intercept some of the quantum crypto techniques
that have been proposed, though. One of the most recent Physics Today's
has a pretty good discussion of it.
Have fun,
Bryan
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 20:25:37 GMT
In article <ydXO5.191030$[EMAIL PROTECTED]>,
"binary digit" <[EMAIL PROTECTED]> wrote:
Your proposal blatantly ignores one very important factor in the US
style voting. If we allow people to vote from wherever they choose, we
run a very distinct risk of a person with a gun pointed to the back of
someone else's head swaying the vote. How many people do you _really_
think would vote their conscience with a gun at the back of their head?
How much corruption do you think would happen? I'd put the estimate at
high enough that we'd never have a reasonable vote again. Even now,
after all the votes have been counted, and all the ballots are "safe"
we get significantly different results from a recount. YOu have also
not even considered the possibility that a vote stream would be broken,
for example instead of using a gun at someone's head, I find the areas
that will vote for X, and I hijack the network for a day. What about
anonymity? Using PGP it would be possible to locate who voted which
way? So there is certainly a possibility for threats outside the voting
area.
While I am a very strong believer in the security a properly designed
digital system can offer, I really don't think that e-voting, at least
from home, is even a remotely viable solution.
A much more reasonable solution would be electronic voting inside the
current vote booths. Riverside County, Ca actually did this, and it
seems to have worked quite well. The votes were counted at compute
speed, and the level of fraud and misvoting seems to have been no
higher than normal.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: hardware RNG's
Date: Fri, 10 Nov 2000 12:33:46 -0800
Alan Rouse wrote:
>
> David Schwartz wrote:
> > Nonesense. Random is not absolute. If I roll a die with a '1'
> on one
> > side and a '2' on five other sides, the result is random, however it
> > will have biases. Your formulation defies common usage as well.
>
> Ok we have established that our differences are semantics. If I am to
> communicate further with you on this subject I need a new word that
> means to you what "random" means to me. How about arfbixqy? Good
> enough? Just replace all my previous usages of "random"
> with "arfbixqy" and we'll be fine. ;->
How about "unpredictable" or even "random"?
DS
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: The Freedom to Communicate the Power to Protect
Date: Fri, 10 Nov 2000 20:47:28 GMT
In article <8uhjmc$h3s$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> http://www.winvista.com
>
> Electronic Officedocument Protection Interface� from WinVista�
> represents the next generation of enterprise content protection,
> providing a range of author-configured controls that stay with a
> document throughout the information lifecycle, from composition to
> distribution to iteration and propagation to termination.
And who is going to post the first hack of WinVista?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: sci.optics,sci.physics
Subject: Re: Photons, polarization and quantum crypto
Date: Fri, 10 Nov 2000 20:55:00 GMT
Hi Paul,
Thanks very much for the input. It appears that my understanding of QM
is even more incomplete than I had thought. But ...
In article <zeYO5.2013$[EMAIL PROTECTED]>,
"Paul Lutus" <[EMAIL PROTECTED]> wrote:
> <[EMAIL PROTECTED]> wrote in message
news:8uhgt6$efb$[EMAIL PROTECTED]...
>
> > During this interaction, a torque is imparted on the plate in order
to
> > preserve angular momentum. Now, this torque may be vanishingly
small,
> > but *hypothetically* I propose that it could be measured.
Furthermore,
> > the magnitude of this torque would be proportional to the angle
between
> > the photon polarization. Thus, one could know, certainly to within
90
> > degrees, what the state of the photon was just prior to entering the
> > plate.
>
> You managed to miss the point of the original text. If you observe the
> photon sufficiently to make this statement about it, you have
collapsed its
> wave function and this eavesdropping can be detected.
>
> To say it simply, if you find out what state the photon has, you have
> harvested the photon -- its wave function has collapsed.
I would have to say that "within the text", the simplified explanation
describes only 4 possible directions of the linearly polarized photon,
basically equally spaced at 45 degrees. Vertical, horizontal, 45 left,
45 right. This is by choice of the sender, at least as it is described,
not suggesting that only these states can exist. (Sorry, I had suggested
an eavesdropper need only determine the polarization state to within 90
degrees before.)
The eavesdropper was described as trying to use a linear polarizer to
determine the state. (With no comment about a detector!) Neglecting that
for a moment, the possibilities were described as: 1) Guessing right and
having the LP parallel to the photon. The photon passes through. 2)
Guessing wrong and having the LP at +/- 45 degrees to the photon, then
having equal probability of the photon passing through or not. This
leave the eavesdropper in doubt. 3) Guessing wrong and having the LP
perpendicular to the photon, thus blocking it, but still knowing its
state.
My suggestion about the half-wave plate was 1) It gave you a
hypothetical actual detection means 2) you did not have to determine the
state exactly, just to within some large error. (Again, I meant <22.5
degrees, not 90.) My thinking (perhaps incorrectly as you suggest) is
that because you do not try to determine the exact polarization
direction, the Uncertainty Principle leaves you some room for letting
the photon continue to exist. Here my ignorance may be blazing.
>
> > Following the first half-wave plate would be another, identically
> > aligned half-wave plate. This would then reverse the effects of the
> > first plate, leaving the photon in its initial state, or at least
very
> > close to its intitial state.
>
> "Very close" isn't good enough. You've detected the photon's state.
This is
> like trying to detect which slit the single photon goes through in the
> classic two-slit experiment -- the detection prevents the effect to be
> measured.
Ah, but here there are only two conditions that *can* exist, slit 1 or
slit 2. What I suggest is that the direction of photon polarization can
be anything, and the eavesdropper is only trying to determine what it is
to within <22.5 degrees. Unless, of course, that by virtue of the sender
*choosing* only 1 of four possible states the wavefunction must collapse
once one of those four is determined. Is this the case?
Spencer
Spencer Luster, Owner
Light Works -- Creative Optical Devices
333 N. 14th Street
Toledo, OH 43624
Phone: 419-534-3718
FAX: 419-534-3717
e-mail: [EMAIL PROTECTED]
http://www.LW4U.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Rotor machines
Date: Fri, 10 Nov 2000 22:44:20 +0100
I remember having seen elsewhere several people claiming to
have good computer simulations of rotor machines. If the
rotors are not for the normal natural language alphabet but
for a larger alphabet of 256 characters (8-bit ASCII) and if
there are a fairly large number, say 16 or more, of rotors,
how easy is it nowadays to crack such a system with computers?
Thanks.
M. K. Shen
===========================
P.S. A recent article of F. L. Bauer noted that, according
to dpa, Prince Andrew, who presented on 18th Sep an original
Enigma to the prime minister of Poland, Jerzej Buzek,
stressed that the crypto experts of the Allies would not
have broken the encryption of the German military, had there
not been the help from the Polish scientists.
------------------------------
From: [EMAIL PROTECTED] (Jim Choate)
Subject: Austin Cypherpunks Physical Meet: Tue. Nov. 14, 2000
Date: 10 Nov 2000 15:59:49 -0600
Austin Cypherpunks Monthly Physical Meeting
Central Market HEB Cafe
38th & N. Lamar
2nd. Tuesday of each month
7-9pm
http://einstein.ssz.com/cdr/index.html
We normaly meet outside at the tables unless the weather is bad. Look for
the red covered 'Applied Cryptography' book to identify the group. Please
visit the homepage for information on joining both the Cypherpunks
Distributed Remailer (CDR) as well as the local mailing list.
--
____________________________________________________________________
He is able who thinks he is able.
Buddha
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ [EMAIL PROTECTED]
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
