Cryptography-Digest Digest #182, Volume #13 Sat, 18 Nov 00 17:13:01 EST
Contents:
Re: Cryptogram Newsletter is off the wall? ("Matt Timmermans")
Re: vote buying... (zapzing)
A poorman's cipher (Mok-Kong Shen)
Re: Cryptogram Newsletter is off the wall? (Roger Schlafly)
Criteria for Simple Substitutions? ("r.e.s.")
Re: Cryptogram Newsletter is off the wall? ([EMAIL PROTECTED])
Re: Cryptogram Newsletter is off the wall? (Simon Johnson)
�� ("salsa")
������ ("salsa")
Re: Cryptogram Newsletter is off the wall? (Tom St Denis)
Re: �� (Tom St Denis)
Re: vote buying... (David Hopwood)
----------------------------------------------------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sat, 18 Nov 2000 18:16:06 GMT
And even if your software is "trusted", i.e., it contains no bugs and no
code that was written with evil intent, and even if nobody steals your key
or signs anything you don't want signed, digital signitures are still not
semantically reliable.
Let's say I send you a message and it's signed with my private key. What
does that signiture mean? Perhaps you take it to mean that I agree to all
the terms and conditions in the message, but perhaps I only meant to assure
you that the message originated with me.
Hand-written signitures on paper are designed to be semantically
unambiguous -- A contract says that the undersigned agree to the terms and
conditions, and provide lines where the signatures go. You can do the same
thing with software, of course, but it doesn't work the same way, because to
do the same thing with software you have to invent a data format that
carries the information you want. There are serious problems with that:
1) The data format only means what you think it does because that's the way
you wrote the code that generates it. A signed file, by itself, has no
universally understood interpretation. A paper contract is written in
natural language, and it's implications rely on the fact that everyone who
speaks that language will interpret the contract in roughly the same way.
2) It is _highly_ unlikely that users will actually see and understand the
stream of bytes that actually gets signed. Would you sign a contract that's
written in a language you can't read? You would have to have a translator
read it for you, and no matter how much you trust the translator, you would
be worried about implications and connotations that get lost in the
translation. It's the same when you apply your digital signiture to an
electronic contract.
3) In the event that an electronic contract comes under displute, it is
always possible to question the efficiency or intent of the translator,
which seriously interferes with "non-repudiation". You can always say
"that's not what I understood by what was presented above the
'click-to-sign' button". With a paper contract, it is reasonable to expect
that someone who signs it has read it, understands that is a contract, and
understands the terms and conditions -- otherwise they wouldn't sign. With
a digital contract you know only that the user was not _presented_ with any
information that offended them enough not to sign.
------------------------------
From: zapzing <[EMAIL PROTECTED]>
Subject: Re: vote buying...
Date: Sat, 18 Nov 2000 18:21:38 GMT
In article <[EMAIL PROTECTED]>,
"Frog2000" <[EMAIL PROTECTED]> wrote:
>
> "zapzing" <[EMAIL PROTECTED]> wrote in message
> news:8v15k4$lfq$[EMAIL PROTECTED]...
> > In article <[EMAIL PROTECTED]>,
> > "Frog2000" <[EMAIL PROTECTED]> wrote:
> > >
> > > "zapzing" <[EMAIL PROTECTED]> wrote in message
> > > news:8usakb$ne9$[EMAIL PROTECTED]...
> >
> > > > You can't stop it. That is why democracy
> > > > will collapse, as all systems eventually
> > > > must.
> > >
> > > That is an opinion based on pesimism, and not backed up by fact.
> >
> > History shows that all past empires
> > have collapsed for pretty much the
> > same reasons. And this one is following
> > that trajectory quite well. Corruption
> > is increasing and the government is
> > turning against its own people.
>
> If you call the US an empire, you MAY be right. The EU, all of Europe,
> Africa. Who will be safe?
My opinion is that an empire should be viewed
more as a living entity than a permanent fixture.
They have life cycles. They are born, live, and
die. In that sense none are "safe" from decay
and death. I came to this conclusion by studying
the evolution of altruistic behavior. Empires
require altruistic behavior to survive. But they
create conditions that destroy altruistic behavior.
So they are more or less like the "predators" in
a predator-prey cycle.
> > This sort of behavior is predicted
> > by evolutionary biology, because
> > altruism is expected to evolve only
> > between people with a high degree of
> > relatedness, but the "freedom of the
> > empire" means that family and tribal
> > groups will be severely disrupted.
>
> Sounds more like socialogy, or psychology to me. I don't know any
> system/culture that is immune. I mean, they all have flaws.
I agree. Perfection is not a thing to
be found in this universe.
> > As to your other point, that I am
> > "pessimistic", that is an argument
> > ad hominem and is therefore invalid.
>
> Well you tell me, so I don't make an ASS out of myself, which I may
have,
> but are you optiimistic or pesimistic about things? Or, maybe neither.
I don't really think of myself as being
either. I think of myself as being realistic.
Furthermore, I really would not want to say
whether people are better off when they are
living in an empire or not, so I don't think
you could really call my views about empires
optimistic *or* pessimistic.
--
Void where prohibited by law.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: A poorman's cipher
Date: Sat, 18 Nov 2000 20:06:03 +0100
Recently in another thread John Savard mentioned what he
called a lazy man's cipher. I like to talk about the issue
but change the name to avoid the negative connotation of
layziness.
We recall that an autokey cipher is in general employing a
previous plaintext or ciphertext character (the latter is
very bad) to encrpyt a (current) plaintext character. It
uses in the historical version addition modulo the size of
the alphabet to encrypt (see HAC). Generalizing, we could
use any substitution to do the encryption, leading to the
version that is the same as what John Savard described.
If we regard a block of a block cipher as a 'unit' of a
'stream' encryption, then in the CBC case the previous
ciphertext unit is xored (or added) to the current plaintext
unit and the result is then subjected to the substitution
effected by the block cipher used. If we remove the block
cipher, i.e. when the mapping done is the identity, then
CBC degenerates to the historical autokey cipher (the case
using the ciphertext character).
With reference to a non-linear block chaining that I proposed
sometime ago, I like to suggest a simple variant of the
autokey cipher on sequences of units of arbitrary size
(m bits, say m=32), as follows with a given (round) key K of
the same size to convert the plaintext P[1..n] to the
ciphertext C[1..n]:
S:=K;
do i=1 to n
C[i]:=P[i] + S (mod 2^m);
S:=S + P[i]^2 + C[i]^2;
od;
We can have multiple rounds with correspondingly more keys
and do the rounds in alternating directions to effect better
diffusion.
Obviously, using sufficient rounds, any sufficient practical
security could be achieved. Additional complexity could be
introduced through permutation of the units or bit rotations
of the units, but these measures would distract somewhat
from the simplicity. (Note that there is no block cipher in
the conventional sense involved in scheme above, the poorman
being assumed not in possession of any sophisticated
mechanisms or capable of correctly implementing these.)
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sat, 18 Nov 2000 11:45:00 -0800
Matt Timmermans wrote:
> 1) The data format only means what you think it does because that's the way
> you wrote the code that generates it. ...
>
> 2) It is _highly_ unlikely that users will actually see and understand the
> stream of bytes that actually gets signed. Would you sign a contract that's
> written in a language you can't read? You would have to have a translator
> read it for you, and no matter how much you trust the translator, you would
> be worried about implications and connotations that get lost in the
> translation. It's the same when you apply your digital signiture to an
> electronic contract.
A lot of paper contracts have these problems. Yes, I have signed
paper contracts that I have never read, and most other people
have also. Almost no one read insurance forms, loan agreements,
lease agreements, etc.
> 3) In the event that an electronic contract comes under displute, it is
> always possible to question the efficiency or intent of the translator,
> which seriously interferes with "non-repudiation". You can always say
> "that's not what I understood by what was presented above the
> 'click-to-sign' button". With a paper contract, it is reasonable to expect
> that someone who signs it has read it, understands that is a contract, and
> understands the terms and conditions -- otherwise they wouldn't sign. With
> a digital contract you know only that the user was not _presented_ with any
> information that offended them enough not to sign.
Every day, 1000s of contracts are signed by someone faxing in
a signature page only.
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Criteria for Simple Substitutions?
Date: Sat, 18 Nov 2000 12:14:12 -0800
Here's a basic question about simple substitutions
when the plaintext & ciphertext use the same set of
characters.
For simplicity, suppose the alphabet is just abcdef,
so that a substitution can be described by filling
in the second row of a table like
abcdef
......
meaning that each letter is to be replaced by the
letter below it.
Following are some possible substitution tables
and their corresponding cycle structures:
--
S-tables Cycle Notation
abcdef
======
abcdef (a)(b)(c)(d)(e)(f)
fbcdea (af)(b)(c)(d)(e)
fbadec (afc)(b)(d)(e)
edfbac (ae)(bd)(cf)
acefbd (a)(df)(bce)
cedafb (acd)(bef)
dceafb (ad)(bcef)
cebafd (acbefd)
... ...
The first few tables in this list are presumably
unacceptable, since they leave all or many of the
letters unchanged.
Question:
What generally accepted principles (if any) exist
for judging one substitution table to be less
"cryptographically secure" than another?
(To make the question a bit more realistic, suppose
the substitution occurs as an embedded component of
a more sophisticated cipher, in such a way that
frequency analysis doesn't moot the point.)
--r.e.s.
------------------------------
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sat, 18 Nov 2000 20:19:35 +0000
Matt Timmermans wrote:
> ...
> 1) The data format only means what you think it does because that's the way
> ...
> 2) It is _highly_ unlikely that users will actually see and understand the
> stream of bytes that actually gets signed. Would you sign a contract that's
> ...
> 3) In the event that an electronic contract comes under displute, it is
> always possible to question the efficiency or intent of the translator,
> which seriously interferes with "non-repudiation". You can always say
> ...
Whether a language is natural or artificial (i.e. data format) is
irrelevant. As far as I am aware there is not universally understood
interpretation of contract law either. In Canada, for example, under
federal law, digital signatures and electronic documents are recognized
to be legally binding documents and signatures under the existing legal
framework for contracts, evidence, etc. (The Personal Information
Protection and Electronic Documents Act).
I have signed document in a foreign language which I was not fluent in,
because I was traveling in a foreign country where I was not fluent in
the official languages of the country.
It not reasonable to expect a person reads and understands a contract to
make it enforceable. It in only reasonable to assume that he/she agrees
to abides by the contract. I am not aware of a requirement to read and
understand a contract in order to make it enforceable. Otherwise all
those T&C contracts I ignored from various companies are not effective
contracts. It would also preclude the illiterate or those who do not
speak the specified language(s) to enter a contract agreement. A
"trusted" software package would display what is to be signed, in some
humanly understandable method.
If the software is "trusted" and "correct" then we can infer from the
given facts that the software is correct and trusted that what it
presents us is what we are in fact signing. It is a matter of trust and
correctness. If we can meet those requirements, then digital signatures
can be useful.
I think your argument of data formats and seeing bytes are red herrings,
there is nothing magically about paper-and-ink signatures. Blind people
can even sign contracts....
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sat, 18 Nov 2000 20:16:49 GMT
In article <[EMAIL PROTECTED]>,
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> On Sat, 18 Nov 2000 14:28:18 GMT, Tom St Denis <[EMAIL PROTECTED]>
> wrote:
>
> >About the signatures. Perhaps Mr Schneier forgot that private keys
are
> >often password protected. Unless "Alice" has a poor or easy to guess
> >password it's not so easy to use her signature without her knowing.
> >And like real signatures I could forge it anyways without her
knowing.
>
> We've reached the point where passwords do not provide security
> against off-line attacks.
>
> There is an upper limit of what people can be reasonably expected to
> remember and type in. And over the years, the efficacy of dictionary
> attacks has increased. A few years ago, the two crossed.
>
> Look at programs like L0phtCrack.
>
> In any case, passwords are besides the point. If I have a Trojan on
> your computer, I can easily wait until you type your password and
> decrypt your private key...and then steal it.
>
> Bruce
> **********************************************************************
> Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
> 3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
> Free crypto newsletter. See: http://www.counterpane.com
>
yeah, at the end of the day, all the cryptography in the universe won't
save you from a trojan. If some one manages to get BO2k, Netbus, Sub7
etc on your machine then its all over.
This attack is clearly more deadly than any mathematical attack, and
takes a trivial effort to implement. Infact, a real life story proves
how EASY this is.
At my college, the server was hacked by a single kid who walked into
the server room and installed BO2k on the main server. The
Adminstration assigned passwords to everyone in the college, and stored
them in an Excel file on this server. Within 25 minutes all the
passwords for everyone in the college was known (bar the actually
administrators) and off line attack recovered the 3 character
administration password in a couple of minutes, The password was (of
course) 'Dog'.
These hackers were actually quite responsible and didn't trash peoples
work etc.... but notified the adminstration of their massive blunders.
Which is why, of course, i know about it!
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "salsa" <[EMAIL PROTECTED]>
Subject: ��
Date: Sat, 18 Nov 2000 23:12:07 +0200
������
------------------------------
From: "salsa" <[EMAIL PROTECTED]>
Subject: ������
Date: Sat, 18 Nov 2000 23:21:44 +0200
sd bsdg dsf dfb dfnhfh
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sat, 18 Nov 2000 21:23:10 GMT
In article <[EMAIL PROTECTED]>,
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> On Sat, 18 Nov 2000 14:28:18 GMT, Tom St Denis <[EMAIL PROTECTED]>
> wrote:
>
> >About the signatures. Perhaps Mr Schneier forgot that private keys
are
> >often password protected. Unless "Alice" has a poor or easy to guess
> >password it's not so easy to use her signature without her knowing.
> >And like real signatures I could forge it anyways without her
knowing.
>
> We've reached the point where passwords do not provide security
> against off-line attacks.
>
> There is an upper limit of what people can be reasonably expected to
> remember and type in. And over the years, the efficacy of dictionary
> attacks has increased. A few years ago, the two crossed.
>
> Look at programs like L0phtCrack.
>
> In any case, passwords are besides the point. If I have a Trojan on
> your computer, I can easily wait until you type your password and
> decrypt your private key...and then steal it.
Yeah, but there are analogies for any of your counterpoints into the
real world. Look at a trojan. I could review tape of a bank when you
sign a cheque. I could then study your signing patterns (the way you
make your letters) and forge your signatures.
Like a trojan horse proximity is a problem. Albeit sometimes it may be
easier to install trojans on foolish users (or anyone using outlook)
but still for the most part the attack is remote.
I think when a digital signature is done properly it can be just as
semantically secure as a real signature.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: ��
Date: Sat, 18 Nov 2000 21:41:22 GMT
In article <8v6rho$ioq$[EMAIL PROTECTED]>,
"salsa" <[EMAIL PROTECTED]> wrote:
> ������
>
Hmm... I would guess this is Kanji or some other foreign character
coding?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sat, 18 Nov 2000 22:07:56 +0000
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: vote buying...
=====BEGIN PGP SIGNED MESSAGE=====
Paul Rubin wrote:
> "Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> > The requirements are:
> >
> > a) Anyone(*) can confirm that no fraud occurred. Types of fraud
> > include:
> > 1. Eligible voters cast more than one vote
> > 2. Non-eligible voters cast any votes
> > 3. Votes were properly attributed to the candidates subtotals
> > (This list is not exhaustive.)
> > b) No person or group(**) can determine how any citizen voted
>
> To be more explicit about b), you might have to add:
> c) No voter can give evidence that s/he voted for or against any given
> candidate ("receipt-free").
>
> > I believe the fundamental conflict is irreducible.
>
> Certainly it's hard.
All the attempted solutions I've seen fail to solve the problem that
voters' authentication credentials can be bought. (Authentication
credentials are whatever a voter knows or has that proves that they
are eligible to vote, and that distinguishes them from another voter -
e.g. keys or smartcards.)
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOhb9lTkCAxeYt5gVAQHDVgf7BivA9md1FamgmN1YRZH9WhKMjsqtpPw5
kKFFb7iVFczuyQfnQv+xfoalZR+L6kU78idnY4Fo7uzQIwZ7zvbPMhtDA5I983Tz
/iVCMofcZOhwTAI/vmiYKFHSW9FFIWvtutpLZ810Vx35xMZZLwwknrzb5/02MmDf
2ESkgUVPmZuHexVcQIthqSnZTMFELFzkNwWB6y+v7/aYfENRXo80AlLd4PNvjwD4
7QeRsjYV4FmsInbssDpOfF834zi2Z0eRzSHTbaxaFO2YCaOOStNK8m1r7apUXBbD
YcVub6Ww07/6bcWqcJRgIMz/grNhCB/CVQZQamC5ZH4eo7bq2kPcnQ==
=+wmP
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
