Cryptography-Digest Digest #179, Volume #13 Fri, 17 Nov 00 21:13:00 EST
Contents:
---- Internet Voting Questions (Greggy)
Comprehensive RC4(ARC4) resource page is now up! ([EMAIL PROTECTED])
Re: [Question] XOR encryption ("Paul Pires")
Re: DES question: Has this ever been proven before? (David Wagner)
Re: help on user authentication protocol (Thomas Wu)
Re: help on user authentication protocol ([EMAIL PROTECTED])
Re: ---- Internet Voting Questions ([EMAIL PROTECTED])
RE: Big-block cipher, perhaps a new cipher family? ("Manuel Pancorbo")
Re: so many fuss about impossibility to backtrace from MD to original text.
([EMAIL PROTECTED])
Re: Comprehensive RC4(ARC4) resource page is now up! (Bill Unruh)
Re: so many fuss about impossibility to backtrace from MD to original (David
Schwartz)
Re: so many fuss about impossibility to backtrace from MD to original text. (Will
Janoschka)
Re: ---- Internet Voting Questions ([EMAIL PROTECTED])
Re: so many fuss about impossibility to backtrace from MD to original text.
([EMAIL PROTECTED])
Re: ---- Internet Voting Questions (David Schwartz)
----------------------------------------------------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: ---- Internet Voting Questions
Date: Fri, 17 Nov 2000 22:26:27 GMT
I have been talking with some people here at work about internet voting
(in light of Florida's voting problems) and I was suggesting some
solutions that could give greater confidence to the overall integrity
of the ballot.
One person stated that really the voting process is quite simple and
could be done over a secured browser. I thought that if he was right
we should have seen it by now, but he said people are not excited with
giving their credit card number over the internet either.
So I thought I should ask:
Are there any serious internet based voting proposals that are being
considered or were considered, especially using a web server and
browser?
If they have not been considered to be adequate solutions, what where
the problems?
Does anyone know where I can find some information on the current
programs underway to implement an internet based voting system anywhere
in the US?
Any opinions from this NG are very much appreciated...
--
I prefer my fourth amendment rights over a dope free
society, even if the latter could actually be achieved.
Al Gore - quite possibly America's greatest threat today
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Comprehensive RC4(ARC4) resource page is now up!
Date: Fri, 17 Nov 2000 22:37:19 GMT
http://www.achtung.com/crypto/rc4.html
I've been trying to study stream ciphers, and design one myself, and in
doing so, I've done a lot of research on RC4. I noticed that there is a
lot of RC4 information, but it's all scattered, and no centeralized
location for this type of information. So I decided to build one.
I ask for multiple source code submissions to me, documents, especially
attacks or biases or weaknesses found etc... and I'll add to the page.
I hope it's something the community will use, and use well. If you spot
any mistakes etc.. let me know.
Albert
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: [Question] XOR encryption
Date: Fri, 17 Nov 2000 14:51:31 -0800
<[EMAIL PROTECTED]> wrote in message news:8v4926$8ig$[EMAIL PROTECTED]...
> [snip is XOR secure]
>
> There's a rather continual debate going on about just that.
<Snip>
Off on tangent but I'll never get a better chance to ask
a really clueless question.
Often XOR is discussed as if it was synonymous with OTP. It
is also a simple operation used in a variety of other algorithms.
While it is a useful operation, certain conditions can occur to
produce a surprisingly scary result, at least to me.
Example:
1, Load an array with a variety of values.
2, Mix them up by randomly selecting two of the values
and XOR them together.
3, Overwrite each original value in the list with each result obtained.
Do this long enough and you end up with an array full of zero's.
Using XOR in this way appears to be a bad practice.
I think I have a clue on why it happens. The
possible pairs for one bit position are
0,0 0,1 1,0 and 1,1.
A pair without a zero XOR'ed can make a zero
but a pair without a one cannot make a one. Once all ones are
gone from a bit position in the list,
they can never "come back".
I'm curious about this and was just wondering if
anyone has compiled a list of things NOT to do with simple
operators.
I realize that the best solution for my curiosity is to
go back to school and stay awake this time but I was
wondering if there was a general article somewhere
about uncommon cases using simple operations?
Paul
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: DES question: Has this ever been proven before?
Date: 17 Nov 2000 23:05:49 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
John Myre wrote:
>David Wagner wrote:
><snip>
>> generate 2^28 random values of X, and sort them by X XOR DES_k(X);
>> generate 2^28 random values of Y, sorted by Y XOR DES_k(Y); finally,
>> merge the two sorted lists and look for duplicates.
>
>Um, why are there two lists? Wouldn't it be simpler to just
>generate random X XOR DES_k(X) values until two were the same?
Why? I guess because I didn't notice that one would suffice. :-)
Sure, using just one list is a better idea. 2^28.5 workfactor, etc.
Thanks for catching that.
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: help on user authentication protocol
Date: 17 Nov 2000 15:18:19 -0800
[EMAIL PROTECTED] writes:
>
> Can you comment on Tomas Wu's SRP? I like this protocol but would want
> to know how strong SRP is with comparison to other protocols like PAK,
> SNAPI, SPEKE, AMP, etc. Thanks.
I'll try my best to be objective on this one. :-) Choosing a protocol
is like choosing any other crypto primitive - you need to make an
evaluation based on all factors, like security, ease of implementation,
performance, availability of reference implementations, freedom from
encumbrance, etc.
Unless you have done so already, I'd recommend reading some background
material on the subject:
http://srp.stanford.edu/
http://www.integritysciences.com/
All of the widely-used modern strong password protocols have, like the
various AES candidates, received scrutiny from the open community;
you are unlikely to go wrong with any of them.
> c6ap
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: help on user authentication protocol
Date: Fri, 17 Nov 2000 23:09:41 GMT
In article <8v48cd$7uv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Can you comment on Tomas Wu's SRP? I like this protocol but would
want
> to know how strong SRP is with comparison to other protocols like PAK,
> SNAPI, SPEKE, AMP, etc. Thanks.
Wow, I managed to get this reply in before Tom got here. Basically SRP
is approximately equally strong compared to a large number of others,
of which you gave a small list. I appreciate the simplicity of the
protocol, very much so in fact, and would like to see it propogate
further.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ---- Internet Voting Questions
Date: Fri, 17 Nov 2000 23:13:04 GMT
In article <8v4baa$aj2$[EMAIL PROTECTED]>,
Greggy <[EMAIL PROTECTED]> wrote:
> Are there any serious internet based voting proposals that are being
> considered or were considered, especially using a web server and
> browser?
Quite frankly I would NEVER cast a vote in a real election via a web
browser. The possibilities for failure of the system are limitless. The
possibilities for fraud, corruption, linking of votes to an individual,
etc are endless. And the accounability is simple not there.
> Does anyone know where I can find some information on the current
> programs underway to implement an internet based voting system
anywhere
> in the US?
There are a fairly large number of protocols proposed, you might try
checking the voting through PGP and Why remote elctronic voting is a
bad idea threads.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Manuel Pancorbo" <[EMAIL PROTECTED]>
Subject: RE: Big-block cipher, perhaps a new cipher family?
Date: Fri, 17 Nov 2000 23:43:22 GMT
"Tom St Denis" <[EMAIL PROTECTED]> escribi� en el mensaje
news:8v3mb6$nhg$[EMAIL PROTECTED]...
> In article <8v3ib9$jo2$[EMAIL PROTECTED]>,
> Manuel Pancorbo <[EMAIL PROTECTED]> wrote:
> > What exactly are these F/G functions anyways? The security of this
> > > scheme will have to take those into account.
> >
> > OK, I will show you how they are. Anyway I will post soon the whole
> > code.
> >
> > ----- Encryption of single unit ---------
> > o = F(i; s0, s1) where
> > F(i; s0, s1) = s1 ^ SubsBox2(SubsBox1(i ^ s0) <<< 4)
> >
> > s1 <- G(i, o) where
> > G(i, o) = SubsBox_1 (i ^ o) >>> 4
> > -----------------------------------------
> >
> > SubsBox1 is a 4-byte-word substitution consisting in 4 indivual byte
> > substitution. The S-Boxes used are Rijndael and inverse Rijndael ones
> > in the following manner {R, R_1, R, R_1}
> > SubsBox2 is other 4-byte-word substitution with other combination of
> > Rijndael S-Boxes, namely {R_1, R_1, R, R}. Further, a full byte shift
> > to the left is performed (<<< 8).
> > SubsBox_1 is the inverse of SubsBox1.
>
> Double application of an sbox is *only* usefull when there are keys
> applied (i.e xor, addition, etc..) to the input of the substitution.
> So doing S0[S1[x]] is no better then S3[x] where S3 = S0 o S1.
>
This apply when x is 8-bit and S acts on 8-bits words. But in this case x is
32-bit and there is 4 8bit-sboxes; so the intermediate rotation is usefull.
> The rotation left by four bits promotes weak diffusion in one direction
> only. I.e a change of one bit could result in only one active sbox
> after the S0[S1[x ^ k] <<< 4] layers.
>
... in a single step. But the cipher has a lot of steps. As much as twice
the numbers of 32-bit chuncks.
--
____________________________________________________________________
Manuel Pancorbo
[EMAIL PROTECTED] (Apply ROT13)
____________________________________________________________________
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: so many fuss about impossibility to backtrace from MD to original text.
Date: Sat, 18 Nov 2000 00:16:59 GMT
On Thu, 16 Nov 2000 17:51:03 GMT, "Douglas A. Gwyn"
<[EMAIL PROTECTED]> wrote:
<snip>
>Suppose a man has a drawer in which there are 100 black socks
>and 100 brown socks, thoroughly mixed. It is dark so he cannot
>discern the colors. How many socks must he grab from the drawer
>to be certain of taking at least one matching pair of socks?
101
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Comprehensive RC4(ARC4) resource page is now up!
Date: 18 Nov 2000 00:27:37 GMT
In <8v4buu$b3u$[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>http://www.achtung.com/crypto/rc4.html
>I've been trying to study stream ciphers, and design one myself, and in
>doing so, I've done a lot of research on RC4. I noticed that there is a
>lot of RC4 information, but it's all scattered, and no centeralized
>location for this type of information. So I decided to build one.
>I ask for multiple source code submissions to me, documents, especially
>attacks or biases or weaknesses found etc... and I'll add to the page.
>I hope it's something the community will use, and use well. If you spot
>any mistakes etc.. let me know.
I think your lines on "Legal Status" is misleading and needs work. There
is no obligation on anyone to give anything to RSA Security for the use
of Arc4, the public RC4 compatible algorithm. RSA has never ackowledged
that ARC4 has anything to do with RC4 and they furthermore decided
consciously that they would rather take their chances with secrecy than
with patent, for whatever reason. You probably have a greater moral
obligation to license RSA from then than RC4 even though the patent is
expired.
RC4 is however trademarked, so that use of that term is something with
legal consequences with respect to RSA Security. Do not use that term.
Ie, use ARC4 all you want, commercially or otherwise without feelings of
obligation. Anyone can sue anyone if they want, but the courts would
regard RSA's suit in this case with about the same kindness as if I sued
you for using the latin alphabet in your post.
However, use RC4 only with great care.
(I am posting this in case I have made mistakes which need correction.)
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: so many fuss about impossibility to backtrace from MD to original
Date: Fri, 17 Nov 2000 16:27:23 -0800
[EMAIL PROTECTED] wrote:
>
> On Thu, 16 Nov 2000 17:51:03 GMT, "Douglas A. Gwyn"
> <[EMAIL PROTECTED]> wrote:
>
> <snip>
>
> >Suppose a man has a drawer in which there are 100 black socks
> >and 100 brown socks, thoroughly mixed. It is dark so he cannot
> >discern the colors. How many socks must he grab from the drawer
> >to be certain of taking at least one matching pair of socks?
>
> 101
Try 3.
DS
------------------------------
From: [EMAIL PROTECTED] (Will Janoschka)
Subject: Re: so many fuss about impossibility to backtrace from MD to original text.
Date: Sat, 18 Nov 2000 00:40:53 GMT
That's the answer for gloves..... for socks it's 3 er
2 if you feel that 'maching' means a sock for each foot.
On Sat, 18 Nov 2000 00:16:59, [EMAIL PROTECTED] wrote:
> On Thu, 16 Nov 2000 17:51:03 GMT, "Douglas A. Gwyn"
> <[EMAIL PROTECTED]> wrote:
>
> <snip>
>
> >Suppose a man has a drawer in which there are 100 black socks
> >and 100 brown socks, thoroughly mixed. It is dark so he cannot
> >discern the colors. How many socks must he grab from the drawer
> >to be certain of taking at least one matching pair of socks?
>
> 101
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ---- Internet Voting Questions
Date: Sat, 18 Nov 2000 00:45:56 GMT
On Fri, 17 Nov 2000 22:26:27 GMT, Greggy <[EMAIL PROTECTED]>
wrote:
>
>
>I have been talking with some people here at work about internet voting
>(in light of Florida's voting problems) and I was suggesting some
>solutions that could give greater confidence to the overall integrity
>of the ballot.
>
>One person stated that really the voting process is quite simple and
>could be done over a secured browser. I thought that if he was right
>we should have seen it by now, but he said people are not excited with
>giving their credit card number over the internet either.
>
>So I thought I should ask:
>
>Are there any serious internet based voting proposals that are being
>considered or were considered, especially using a web server and
>browser?
>
>If they have not been considered to be adequate solutions, what where
>the problems?
>
>Does anyone know where I can find some information on the current
>programs underway to implement an internet based voting system anywhere
>in the US?
>
>Any opinions from this NG are very much appreciated...
>
The problem with Internet voting, or indeed any form of electronic
voting, is lack of transparency, combined with the incentive to attack
the integrity of the system whih is present in any voting process.
Rigging ballots, stuffing ballot boxes, enrolling phantom voters etc
has been going on for as long as there has been voting. When the
prize is access to power, the incentive to fix the outcome is very
large, and attempts are often very resourceful. History is full of
them.
The response to this is to have all kinds of checks along the way,
incuding scrutineers representing the candidates at polling places,
vote counting etc. But one of the major reassurances to voters is
that they can see their vote in tangible form, and understand how it
is counted.
The problem with electronic voting is that it increases the
vulnerability of the vote to mass manipulation (by technical means),
while making it harder to ensure that such manipulation hasn't taken
place. Also, there is no physical representation of the votes to fall
back on if it there is subsequent doubt about the electronic process.
So, there is a major incentive to corrupt the electoral software at
any point of the system - whether through trojans on voters' machines,
or the software itself. Does one have to have party scrutineers who
are software engineers, entitled to access and verify the electoral
software - at *every* point in the system? What about the possibility
that the vote is corrupted at the client end, how is that scrutinised?
The second vulnerability, even if the voting process is technically
inviolate, is that people would attempt to manipulate the perceptions
of the system. That is people would attempt to game the system by
casting doubt on the process. Imagine if Gore or Bush had suggested
in an electronic voting system, that the Florida count was wrong due
to a software bug in the system. How would the vote be verified? It
could dramatically undermine the public's confidence in the system and
the outcome. Democracy relies fundamentally on public commitment to a
fair process, over and above the result. If the process is in doubt,
democracy collapses. How does one give the public *absolute*
confidence in an electronic voting system they cannot see or few of
them can understand?
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: so many fuss about impossibility to backtrace from MD to original text.
Date: Sat, 18 Nov 2000 00:51:31 GMT
On Fri, 17 Nov 2000 16:27:23 -0800, David Schwartz
<[EMAIL PROTECTED]> wrote:
>
>[EMAIL PROTECTED] wrote:
>>
>> On Thu, 16 Nov 2000 17:51:03 GMT, "Douglas A. Gwyn"
>> <[EMAIL PROTECTED]> wrote:
>>
>> <snip>
>>
>> >Suppose a man has a drawer in which there are 100 black socks
>> >and 100 brown socks, thoroughly mixed. It is dark so he cannot
>> >discern the colors. How many socks must he grab from the drawer
>> >to be certain of taking at least one matching pair of socks?
>>
>> 101
>
> Try 3.
>
> DS
Damn! :-) Writes 1000 times:
I *must* remember to think *before* I post.
I *must* remember to think *before* I post.
I *must* remember to think *before* I post.
<snip the other 997>
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: ---- Internet Voting Questions
Date: Fri, 17 Nov 2000 17:40:24 -0800
[EMAIL PROTECTED] wrote:
These are all arguments from lack of imagination.
> The problem with Internet voting, or indeed any form of electronic
> voting, is lack of transparency, combined with the incentive to attack
> the integrity of the system whih is present in any voting process.
Why couldn't an electronic system be as transparent as a physical
system?
> The problem with electronic voting is that it increases the
> vulnerability of the vote to mass manipulation (by technical means),
> while making it harder to ensure that such manipulation hasn't taken
> place. Also, there is no physical representation of the votes to fall
> back on if it there is subsequent doubt about the electronic process.
Why can't there be a physical representation of the votes to fall back
on? And do you realize how many systems in current use have no physical
ballots to fall back on?
> So, there is a major incentive to corrupt the electoral software at
> any point of the system - whether through trojans on voters' machines,
> or the software itself.
The software doesn't have to know who it's voting for. Again, argument
from lack of imagination.
> Does one have to have party scrutineers who
> are software engineers, entitled to access and verify the electoral
> software - at *every* point in the system? What about the possibility
> that the vote is corrupted at the client end, how is that scrutinised?
Again, the client software doesn't have to know who it's voting for. It
could, for example, only know that I'm voting for candidate number '3'
without knowing that, for me, number '3' represents George Bush.
> The second vulnerability, even if the voting process is technically
> inviolate, is that people would attempt to manipulate the perceptions
> of the system. That is people would attempt to game the system by
> casting doubt on the process. Imagine if Gore or Bush had suggested
> in an electronic voting system, that the Florida count was wrong due
> to a software bug in the system. How would the vote be verified? It
> could dramatically undermine the public's confidence in the system and
> the outcome.
How do you verify the counts from current systems that use touch
screens or modified palm pilots? How do you verify the results for
current mechanical level voting machines?
> Democracy relies fundamentally on public commitment to a
> fair process, over and above the result. If the process is in doubt,
> democracy collapses. How does one give the public *absolute*
> confidence in an electronic voting system they cannot see or few of
> them can understand?
Oh that's just such total bunk that it doesn't even deserve a response.
If lack of absolute confidence was sufficient to collapse democracy, we
couldn't have gotten nearly this far. This is an argument from lack of
understanding of history. Obviously, we should continue to move in the
direction of better and better electoral processes.
DS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
