Cryptography-Digest Digest #186, Volume #13 Sun, 19 Nov 00 09:13:01 EST
Contents:
Re: Criteria for Simple Substitutions? (John Savard)
Re: XOR: A Very useful and important utility to have (proton)
Re: Cryptogram Newsletter is off the wall? ("Brian Gladman")
Re: A Question About Multi-encrypting ("Scott Fluhrer")
Re: Mode of operation to maintain input size with block ciphers? (Paul Crowley)
Re: Mode of operation to maintain input size with block ciphers? ("Benny Nissen")
Re: Cryptogram Newsletter is off the wall? (Simon Johnson)
Re: A Question About Multi-encrypting (Simon Johnson)
Re: Cryptogram Newsletter is off the wall? ([EMAIL PROTECTED])
Re: Big-block cipher, perhaps a new cipher family? (Mok-Kong Shen)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Criteria for Simple Substitutions?
Date: Sun, 19 Nov 2000 11:34:38 GMT
On Sun, 19 Nov 2000 10:26:08 GMT, "news.free.fr"
<[EMAIL PROTECTED]> wrote, in part:
>An interesting question
>
>How can we measure the "strength" of a permutation ?
>
>Is there some references in books or web site ?
Well, the S-boxes in DES were supposed to be strong; nonlinearity is
required, and there is material on 'bent functions'.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: proton <[EMAIL PROTECTED]>
Subject: Re: XOR: A Very useful and important utility to have
Date: Sun, 19 Nov 2000 11:56:33 GMT
Guy Macon wrote:
> Anthony Stephen Szopa wrote:
> >XOR: A Very useful and important utility to have
> >
> >A few people in this news group said any XOR program is less than
> >useless.
> Balderdash. What people have said is that *YOUR*
> XOR program is less than useless. Which it is.
Maybe mine can be a little bit more useful? =)
> [1] It's 156KB zipped. Bloatware Alert! Bloatware Alert!
Mine's ~4K in Linux (after stripping it).
> [2] You haven't published the source code. Security Risk! Security Risk!
I publish only the source :]
I just wrote this for fun. And im posting it for fun.
Just to prove that not everyone is out to rob your wallet
for some tiny tool that you could easily write yourself.
Yes I know he says its freeware, but Im pretty sure that
somewhere in there is a nag screen or such that will annoy
you to no end. Thats not useful in my book.
Anyways, your copy of `the extra small but maybe useful XOR utility'
can be picked up at < http://www.energymech.net/users/proton/ >.
GPL source, naturally. I hope /someone/ likes it :)
/proton
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 12:09:35 -0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8v6rvq$429$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Bruce Schneier <[EMAIL PROTECTED]> wrote:
> > On Sat, 18 Nov 2000 14:28:18 GMT, Tom St Denis <[EMAIL PROTECTED]>
> > wrote:
> >
> > >About the signatures. Perhaps Mr Schneier forgot that private keys
> are
> > >often password protected. Unless "Alice" has a poor or easy to guess
> > >password it's not so easy to use her signature without her knowing.
> > >And like real signatures I could forge it anyways without her
> knowing.
> >
> > We've reached the point where passwords do not provide security
> > against off-line attacks.
> >
> > There is an upper limit of what people can be reasonably expected to
> > remember and type in. And over the years, the efficacy of dictionary
> > attacks has increased. A few years ago, the two crossed.
> >
> > Look at programs like L0phtCrack.
> >
> > In any case, passwords are besides the point. If I have a Trojan on
> > your computer, I can easily wait until you type your password and
> > decrypt your private key...and then steal it.
>
> Yeah, but there are analogies for any of your counterpoints into the
> real world. Look at a trojan. I could review tape of a bank when you
> sign a cheque. I could then study your signing patterns (the way you
> make your letters) and forge your signatures.
>
> Like a trojan horse proximity is a problem. Albeit sometimes it may be
> easier to install trojans on foolish users (or anyone using outlook)
> but still for the most part the attack is remote.
This is an underestimate of the problem of trojans. It is quite difficult to
guard against this and quite wrong to imply that only foolish users are
vulnerable.
A covert virus designed to silently look for, capture and report bank
account access codes has already been seen in action.
> I think when a digital signature is done properly it can be just as
> semantically secure as a real signature.
But it is not possible to do a digital signature 'properly' with the
hardware and software that most people now use.
As Bruce says there is a huge difference between a person signing something
and a computer doing this. These are not even remotely similar activities.
Brian Gladman
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: A Question About Multi-encrypting
Date: Sun, 19 Nov 2000 04:20:57 -0800
Mathew Hendry <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> More sophisticated algorithms only have more sophisticated weaknesses:
> Triple-DES (3DES) uses a 3*56 = 168-bit key, but is thought to have an
effective
> strength closer to 130 bits - although I guess that is partly due to
weaknesses
> in [single] DES itself.
To set the record straight, the best known attacks do no use any weakness
within DES itself. Instead, they treat it as a random keyed permutation of
Z/2**64, and attack the triple structure itself.
A standard meet-in-the-middle attack can, with O(2**N) memory, rederive the
key with a few known plaintexts and O(2**(168-N)) effort, for N<=56.
Assuming the maximum useful memory, this gives an attack effort of O(2**112)
More recently, Stefan Lucks has found a more sophisticated attack that, with
a large amount of known plaintext, reduce the effort to O(2**90) trial
decryptions and a large number (O(2**108)) bookkeeping operations.
See http://th.informatik.uni-mannheim.de/People/Lucks/papers.html for more
details.
--
poncho
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Mode of operation to maintain input size with block ciphers?
Date: Sun, 19 Nov 2000 12:31:06 GMT
Benny Nissen wrote:
> Is there a mode of operation where I can maintain the size in all cases
> (input/output). I know that CFB mode can be used, but with this mode a new
> IV need to be generated each time to maintain security. I am looking for a
> way to maintain the size at all times and without the need to make a new IV
> (a fixed one is OK).
> I have heard about a method called byte stealing, but I do not know what it
> is all about!
What you want usually isn't a good idea: if you tell us more about your
application you'll get better advice. However, what you've asked for I
think is a Variable Sized Block Cipher, and so you should check out the
Bibliography in my paper on the subject
http://hedonism/homepgs/new/paul/mercy/mercy-paper/bibliography.html
particularly 1, 2, and 11.
hope this helps,
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: "Benny Nissen" <[EMAIL PROTECTED]>
Subject: Re: Mode of operation to maintain input size with block ciphers?
Date: Sun, 19 Nov 2000 13:57:49 +0100
Sorry but your URL does not work.
Actually I have no specific application for this ;) Just in the process of
learning this topic in details.
I am not looking for a specific block cipher, that can work with variable
block size but a way to use any block cipher in this way (a special mode).
Benny
"Paul Crowley" <[EMAIL PROTECTED]> skrev i en meddelelse
news:[EMAIL PROTECTED]...
> Benny Nissen wrote:
> > Is there a mode of operation where I can maintain the size in all cases
> > (input/output). I know that CFB mode can be used, but with this mode a
new
> > IV need to be generated each time to maintain security. I am looking for
a
> > way to maintain the size at all times and without the need to make a new
IV
> > (a fixed one is OK).
> > I have heard about a method called byte stealing, but I do not know what
it
> > is all about!
>
> What you want usually isn't a good idea: if you tell us more about your
> application you'll get better advice. However, what you've asked for I
> think is a Variable Sized Block Cipher, and so you should check out the
> Bibliography in my paper on the subject
>
> http://hedonism/homepgs/new/paul/mercy/mercy-paper/bibliography.html
>
> particularly 1, 2, and 11.
>
> hope this helps,
> --
> __
> \/ o\ [EMAIL PROTECTED]
> /\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 12:53:24 GMT
In article <[EMAIL PROTECTED]>,
David Crick <[EMAIL PROTECTED]> wrote:
> Roger Schlafly wrote:
> >
> > A lot of paper contracts have these problems. Yes, I have signed
> > paper contracts that I have never read, and most other people
> > have also. Almost no one read insurance forms, loan agreements,
> > lease agreements, etc.
>
> While I agree with what you are saying, the distinction here is that
> the signer CHOSE not to read the paper contract.
>
> What Bruce is saying, I believe, is that you can THINK you are
> signing what is being presented, but in fact you could be signing
> something different.
>
> I guess it's one of those "cheating attacks" that don't necessarily
> attack the algorithms, etc directly, but uses other, more subtle
> means to achieve the compromise.
>
> David.
>
> --
> +-------------------------------------------------------------------+
> | David A Crick <[EMAIL PROTECTED]> PGP: (NOV-2000 KEY) 0x710254FA |
> | Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
> | M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
> +-------------------------------------------------------------------+
>
well i suppose this models reality. If a crook wants to steal the
contents of a safe. He really has two options:
1. Break the Safe
2. 'Talk' to the guy who owns the safe.
I'd put my bet that breaking the human is easier than the safe!
The problem with digital security is that there has
to be human invervention and trust somewhere (and even if there wasn't
it wouldn't be useful). We can never make things impossible for an
attacker, just harder. If we have AES vs. XOR then clearly the AES is
much more likely to be harder to compromise.
I think the problem with topics like this is the frequent scare
mongering caused by people. We must ground the theoritical in the real,
and pit the improbable against the possible.
Anyone can forge a signiture with little effort because people do not
look for fraudsters but trust people to be honest. That trust doesn't
exist in digital signitures yet. And until we have dedicated, trusted
hardware it will not be trusted.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: A Question About Multi-encrypting
Date: Sun, 19 Nov 2000 13:05:37 GMT
In article <8v4t72$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Bobby) wrote:
> I hope this question isn't too mundane for this group. I am not
involved
> professionally with encryption but am very interested in the topic for
> reasons involving the security of data at my place of employment and
for
> purely intellectual reasons.
>
> My question is about securing a file. I would imagine that a file
> encrypted with an algorithm such as Blowfish or Twofish or PGP or
what have
> you, though very secure, could eventually be cracked by someone with
> experience in doing such things. But that assumes that the file was
only
> encrypted once, with one encryption key. How much more difficult does
> multi-encrypting make it to crack into a file when using algorithms
such as
> these and other hard encryption algorithms? By this I mean, I
encrypt a
> file using encryption key-1. This results in an encrypted file. Now
I
> encrypt the encrypted file using a second key, resulting in a second
> encrypted file. I now use THAT double encrypted file as input one
more
> time with a third key. Based on my limited knowledge of things, it
seems
> to me that it would be near impossible to crack such a file. Am I
correct
> in that assumption? Would using the same algorithm for all three
passes
> make this a weaker scheme? Would using three different algorithms
make it
> even more difficult to crack into the file? I read once that triple
> encrypting a file was the most secure way to protect anything from
any and
> all prying eyes.
>
> I would appreciate any response from you folks who post to this
group. And
> again, I apologize for this being such an elementary question.
>
>
Double encryption, with independent keys, is a little bit more secure
than a single encryption. Tripple encryption is much more secure than a
double encryption. Hence 3-DES and not 2-DES.
Using seperate algorithms for each encryption is dodgy. It is possible
that one algorithm could undo the work of another, resulting in a less
secure construction. This said, it is highly unlikely but since not
much work has been done in this field i wouldn't trust it.
The impossiblity of breaking multiple encryptions is false. It is much
harder to break by brute-force (trying every key) but clever
mathematical attacks can retrieve the key with much less difficulty
then this attack. These attacks are (usually) based on the knoweldge of
a large amount on known encrypted text. Triple AES with three seperate
keys is likely to be much more secure than Triple-des with three
seperate keys. It is physically impossible to break triple AES by brute-
force and is known to require significantly more known plain-text to
break.
At the end of the day, its your choice, but single-AES is secure enough
for ANY application. If you really want multiple encryption use Tripple-
AES. Though, i would mix algorithms, since how this affects security is
unknown (and this is bad thing).
---
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 13:14:00 GMT
There are methods of detecting Trojan horses such as BO etc, BlackIce
is one good Intrusion Detection Software. I am really surprised that
Bruce seems to have given up on Trojans. I understood that Bruce
Schneier has set up a new outfit dealing exclusively with things like
Intrusion Detection, Security access etc...If he has already given up
on things like BO well...what is it exactly is he recommending to his
Clients...
For very secure encryption, I recommend that an encryption/decryption
workstation be used offline, not connected to the internet. This is
ofcourse not practical for a large user community, but in some
instances this may solve the problems of Trojan horses, virusus,
etc....Just have a DOS 5 workstation, and transfer your encrypted file
on a floppy disk to a PC connected to the net. Or for an example a
business user, can use his laptop exclusively for
encryption/decryption...and a manual transfer to the desktop PC for net
connectivity.
In article <AjPR5.855$17.20907@stones>,
"Brian Gladman" <[EMAIL PROTECTED]> wrote:
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:8v6rvq$429$[EMAIL PROTECTED]...
> > In article <[EMAIL PROTECTED]>,
> > Bruce Schneier <[EMAIL PROTECTED]> wrote:
> > > On Sat, 18 Nov 2000 14:28:18 GMT, Tom St Denis
<[EMAIL PROTECTED]>
> > > wrote:
> > >
> > > >About the signatures. Perhaps Mr Schneier forgot that private
keys
> > are
> > > >often password protected. Unless "Alice" has a poor or easy to
guess
> > > >password it's not so easy to use her signature without her
knowing.
> > > >And like real signatures I could forge it anyways without her
> > knowing.
> > >
> > > We've reached the point where passwords do not provide security
> > > against off-line attacks.
> > >
> > > There is an upper limit of what people can be reasonably expected
to
> > > remember and type in. And over the years, the efficacy of
dictionary
> > > attacks has increased. A few years ago, the two crossed.
> > >
> > > Look at programs like L0phtCrack.
> > >
> > > In any case, passwords are besides the point. If I have a Trojan
on
> > > your computer, I can easily wait until you type your password and
> > > decrypt your private key...and then steal it.
> >
> > Yeah, but there are analogies for any of your counterpoints into the
> > real world. Look at a trojan. I could review tape of a bank when
you
> > sign a cheque. I could then study your signing patterns (the way
you
> > make your letters) and forge your signatures.
> >
> > Like a trojan horse proximity is a problem. Albeit sometimes it
may be
> > easier to install trojans on foolish users (or anyone using outlook)
> > but still for the most part the attack is remote.
>
> This is an underestimate of the problem of trojans. It is quite
difficult to
> guard against this and quite wrong to imply that only foolish users
are
> vulnerable.
>
> A covert virus designed to silently look for, capture and report bank
> account access codes has already been seen in action.
>
> > I think when a digital signature is done properly it can be just as
> > semantically secure as a real signature.
>
> But it is not possible to do a digital signature 'properly' with the
> hardware and software that most people now use.
>
> As Bruce says there is a huge difference between a person signing
something
> and a computer doing this. These are not even remotely similar
activities.
>
> Brian Gladman
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Big-block cipher, perhaps a new cipher family?
Date: Sun, 19 Nov 2000 14:46:07 +0100
Manuel Pancorbo wrote:
>
> Really interesting. I didn't realize that huge-block ciphers were
> matter of discussion in sci.crypt in the past.
[snip]
It is in my (and also some others, I presume) view that
one need not very sharply distinguish between stream and
block ciphers. A stream encryption of a message is in fact
an encryption of a 'block' of the same size as the message.
A block encryption of a message consisting of a number of
blocks is 'stream' encryption when each block is considered
as a unit of the 'stream'. It is the diverse specific
technologies employed in the commonly called block ciphers
that attempt to do a very good confusion and diffusion
within a block (the number of bits inside it) that merit
their having a separate class name to distinguish them
from the so-called stream ciphers, I suppose. It naturally
follows that one can advantageously combine stream and block
technologies in one encryption algorithm.
The (in my humble view) dominante position of block ciphers
is likely to be history dependent. Now that NIST has
brought out AES as successor to DES (which has a very good
record in practice), the position of block ciphers in
cryptography will perhaps be further strengthened. Since
AES is likely to indeed fulfill its task well (as the
majority of opinions indicate), the need in practice of
symmetric encryption algorithms could be said to have been
met for the majority of applications. (For exceptional
requirements, AES could certainly be employed as the
principal component in combination with others.) The job
done by NIST is indeed extremely fine, because it has
rendered a very strong algorithm available to the people
of the whole world that is entirely free, in particular
without any encumberance of dirty tricks of patent holders.
(See AES site for intimidations expressed by one of them.)
M. K. Shen
======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
