Cryptography-Digest Digest #254, Volume #13 Fri, 1 Dec 00 23:13:01 EST
Contents:
Leazrn Web VIP quotes...Re: Send me an Angel .. living in the darkness (Many Noia)
Re: IBM's new algorithm (John Savard)
Re: I Will Make ANY Software for ANYBODY!!! (John Savard)
Re: IBM's new algorithm (David A Molnar)
"targeted-ciphertext" encryption? (David A Molnar)
Newbie ("Michael")
Re: Simple checksum algorithm ("Michael")
Re: Simple checksum algorithm ("Michael")
Re: Entropy paradox (Bryan Olson)
Re: Pentium 4 and modular exponential (Cornelius Sybrandy)
Re: Newbie (Tom St Denis)
Re: Simple checksum algorithm (Tom St Denis)
AIM Password Decoding for the Inquisitive v1.02 (Stephen Anthony Uy)
----------------------------------------------------------------------------
From: Many Noia <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,com.security,alt.security
Subject: Leazrn Web VIP quotes...Re: Send me an Angel .. living in the darkness
Date: Sat, 02 Dec 2000 01:18:37 GMT
This is a multi-part message in MIME format.
==============20A51A1433542C390EC5D3FF
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Choice Group Bulletin on-line Web quotes - Web History, Web do and
don�t , E-book rescue, High Tech Advice by VIPs, email crooks to watch,
founder unquote & opportunities offer � Just choose line quote for
virtual article to read, then click on Go +Back for more at
www.LearnjobsGroup.com/giquotat.htm access lines. Please send email with
other important Web quotes you know and/or offer your comments on these
quotes and on sites www.LearnJobsGroup.com. Several choice
Opportunities are available and INQUIRIES and/or discussions are
welcome - Ideal bulletin for Web surfers to keep up to date and learn
Web surfing the group.
==============20A51A1433542C390EC5D3FF
Content-Type: text/x-vcard; charset=us-ascii;
name="noia.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Many Noia
Content-Disposition: attachment;
filename="noia.vcf"
begin:vcard
n:Noia;Many
tel;fax:905-845-3348
tel;work:905-845-3256
x-mozilla-html:TRUE
url:www.LearnJobsGroup.com/founder.htm
org:learnjobsgroup.com
adr:;;1359 White Oaks Blvd. #2203;Oakville;Ontario;L6H 2R8;Canada
version:2.1
email;internet:[EMAIL PROTECTED]
title:Founder
x-mozilla-cpt:;19984
fn:Many Noia
end:vcard
==============20A51A1433542C390EC5D3FF==
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: IBM's new algorithm
Date: Sat, 02 Dec 2000 00:42:40 GMT
On Sat, 02 Dec 2000 00:24:48 GMT, [EMAIL PROTECTED]
(John Savard) wrote, in part:
>Thus: I have public key p (with private key P), and you have public
>key q (with private key Q). I want to send a message X to you; in this
>method, I apply an encryption transform C=E(X,P,q) and you can read it
>with D(C,p,Q).
There is a way to do that with Diffie-Hellman...it's called the KEA.
Of course, it takes twice as long as one-sided Diffie-Hellman, and it
doesn't even do encryption simultaneously with key agreement.
So Bruce seems to have been entirely right; the only interest may be
speed, which is a small point. (And whether the algorithm is
intrinsically fast would, of course, be more relevant. But if it is a
fast algorithm, there's nothing wrong with it having this little extra
feature.)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: I Will Make ANY Software for ANYBODY!!!
Date: Sat, 02 Dec 2000 00:44:20 GMT
On Sat, 02 Dec 2000 00:33:17 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote, in part:
>Because you are not offering your services for free I shall remind you
>that you have **SPAMMED** this group. I hope nobody from here takes
>you up on your service and I hope you learn some netiquette soon.
In any case, what the subject line makes *me* think (except, of
course, that it is unlikely to be true, so I think it only as an
amusing notion, and not a conclusion) is that someone at the CIA must
think Hezbollah is *really* hard up for computer programmers...
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: IBM's new algorithm
Date: 2 Dec 2000 01:02:46 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> No technical details are in the IBM press release, let alone the news
> items on it, but IBM has a new algorithm that 'authenticates and
> encrypts simultaneously'.
One possibility is that this preprint is it:
http://eprint.iacr.org/2000/039/
Encryption Modes with Almost Free Message Integrity
Charanjit S. Jutla
Abstract. We define a new mode of operation for block encryption which
in addition to assuring confidentiality also assures message
integrity. In contrast, previously for message integrity a separate pass
was required to compute a cryptographic message authentication code
(MAC). The new mode of operation, called Integrity Aware CBC (IACBC),
requires a total of m + log m block encryptions on a plaintext of length
m blocks. The well known CBC (cipher block chaining) mode requires m
block encryptions. The second pass of computing the MAC essentially
requires additional m block encryptions. We also show a lower bound of
\Omega(log m) additional block encryptions for any reasonably modeled
(linear) scheme which assures message integrity along with
confidentiality.
Category / Keywords. secret-key cryptography / Block cipher, CBC,
authentication, MAC, modes of operation
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: "targeted-ciphertext" encryption?
Date: 2 Dec 2000 01:24:06 GMT
Suppose I have a message M and a "target" ciphertext C = E_PK(M,r) for
some randomized public key encryption and padding scheme E_PK with
padding value r. How difficult is it to find a different M',r' such that
E_PK(M',r') = C ?
It's not clear to me right now whether this is implied by some other
property (such as semantic security) or not. It seems that for
deterministic cryptosystems, however, this is exactly the inverting
problem for E_PK().
The motivation is that I am thinking about a protocol which needs a
public key scheme to do double duty as a commitment scheme. To commit,
Alice sends C := E_PK(M,r) to Bob. To decommit, Alice sends Bob M and r
and then Bob can run E_PK(M,r) himself and verify that it produces the
same string which Alice sent. Neither Alice nor Bob have access to the
decryption key D_PK. Alice can cheat if she can find an M' and r' whch
result in the same C.
In general we can investigate variants like "does an encryption scheme
allow targeted ciphertexts with the private key but not without it?"
In any case, I think that the particular case of OAEP padding makes
targeting a ciphertext impossible because of the random oracle. Finding
an M' and r' would require finding a relation over the H and G oracles
in OAEP which you wouldn't expect from a random function. (I haven't
made this formal yet).
Anyone seen this before? maybe in stego?
Thanks much,
-David Molnar
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Newbie
Date: Sat, 02 Dec 2000 01:51:15 GMT
Hello, I just started playing with creating my on algorithm. I have written
one *I* think is good. I am looking for a cryptanalysis program that I can
test it with.
Which leads me to processing power. It is my experience (playing with
cryptanalysis) that it takes a hell of a lot more processing power to chug
away at code then my poor K7 500. So, how did they EVER break a code using
humans.
Are there any books that are generally accepted as the 'bible?'
I did several searches on 'Cryptanalysis Programs' on the Internet and every
program it took me to was a program to Encrypt.
Thank you, sorry for my naivet�,
Michael
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Simple checksum algorithm
Date: Sat, 02 Dec 2000 01:55:32 GMT
I have written a checksum program with options of 'normal' and 'Twos
Compliment' if you explain the rules for how it works, I will add that as a
option to my program and send you a copy.
Michael
"Terry Neckar" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can someone refer me to a simple checksum algorith that has an output of
> from 0-9, A-Z (caps only)? A normal checksum has values of from 0 - FF.
>
> Thanks,
> Terry
>
>
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Simple checksum algorithm
Date: Sat, 02 Dec 2000 01:55:45 GMT
I have written a checksum program with options of 'normal' and 'Twos
Compliment' if you explain the rules for how it works, I will add that as a
option to my program and send you a copy.
Michael
"Terry Neckar" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Can someone refer me to a simple checksum algorith that has an output of
> from 0-9, A-Z (caps only)? A normal checksum has values of from 0 - FF.
>
> Thanks,
> Terry
>
>
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Entropy paradox
Date: Sat, 02 Dec 2000 02:09:21 GMT
Mok-Kong Shen wrote:
>
>
> Bryan Olson wrote:
> >
> > Mok-Kong Shen wrote:
> > > "Douglas A. Gwyn" wrote:
> > > >
> > > > Mok-Kong Shen wrote:
> > > > > to generate u bits, with u >> m. We know that (accepting
> > > > > certain plausible assumptions) the u bits are provably
> > > > > secure.
> > > >
> > > > There is a simple proof that on average at least u-m
> > > > bits are predictable from knowledge of the other m.
> > > > So probably you're being confused by the sloppy use of
> > > > "provably secure". You need to refer to the *specific*
> > > > theorem that has been proven in order to figure out
> > > > exactly what is meant by that phrase.
> > >
> > > That would mean any m bits suffice to predict the rest
> > > of u (u could be made fairly large!).
> >
> > Not true. The m bits may have less than m bits of entropy.
>
> See below.
Nothing of consequence there. The rest of u need not
be predictable even with unbounded computation.
> > > But this can only
> > > mean theoretical predictability, not practical predictability,
> > > for otherwise one can't use any output longer than m and
> > > the generator would be useless (for one could just as well
> > > use the original m bits). Anyway, I suppose it is not
> > > necessary to argue further about the paradox, see the
> > > follow-up of John A. Malley.
> >
> > That follow-up was serious?????
> >
> > The correct answer has appeared over and over: entropy and
> > polynomial-time predictability are not the same. Deterministic
> > computation cannot increase the entropy of it's starting
> > state, but there's no similar result about computation-limited
> > predictability.
>
> I suppose that you don't doubt that the paper cited was
> serious????? (That was a published paper in a well-known
> journal written by persons having some good names!)
Of course the paper was serious. It re-enforces what
people have been telling you all along.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Cornelius Sybrandy <[EMAIL PROTECTED]>
Subject: Re: Pentium 4 and modular exponential
Date: Fri, 01 Dec 2000 22:03:36 -0500
>From what I've seen, yes. Unfortunately I haven't seen any benchmarks
to prove this. It would be best to wait and see what comes up. Of
course, by that time you can probably get a dual processor Athlon system
pretty reasonably.
csybrandy
Paul Rubin wrote:
> Cornelius Sybrandy <[EMAIL PROTECTED]> writes:
> > You would have to use SSE 2 in order to get any integer speedups.
>
> Yes, that's correct, the question was about whether there was a gain
> to be had by using SSE2.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 02:57:09 GMT
In article <nAYV5.84170$[EMAIL PROTECTED]>,
"Michael" <[EMAIL PROTECTED]> wrote:
> Hello, I just started playing with creating my on algorithm. I have
written
> one *I* think is good. I am looking for a cryptanalysis program that
I can
> test it with.
>
> Which leads me to processing power. It is my experience (playing with
> cryptanalysis) that it takes a hell of a lot more processing power to
chug
> away at code then my poor K7 500. So, how did they EVER break a code
using
> humans.
Um yea. DES was cryptanalyzed during the 90's when 486's were "new" :)
> Are there any books that are generally accepted as the 'bible?'
>
> I did several searches on 'Cryptanalysis Programs' on the Internet
and every
> program it took me to was a program to Encrypt.
>
> Thank you, sorry for my naivet�,
Well "cryptanalysis programs" generally DO NOT exist. There are
standard techniques you could start with but there are no conclusive
tests.
My suggestion is to get a book like Applied Crypto and familiarize
yourself with basic terminology and attacks. Then read conference
papers to get an idea of some real attacks being done.
My second suggestion is to keep your algorithm to yourself unless you
also stipulate that it is not to be used for real products (e.g my
website has about 12 diff algorithms but I post a warning saying "do
not use my toy ciphers in real products!").
My final suggestion is to ask alot of questions. Do your reading first
however. www.counterpane.com/labs.html has a ton of research papers
indexed already so it's not a bad place to start either.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Simple checksum algorithm
Date: Sat, 02 Dec 2000 03:00:13 GMT
In article <[EMAIL PROTECTED]>,
Terry Neckar <[EMAIL PROTECTED]> wrote:
> Can someone refer me to a simple checksum algorith that has an output
of
> from 0-9, A-Z (caps only)? A normal checksum has values of from 0 -
FF.
What the heck is a "normal checksum" there is no standard for such a
thing. There are comm standards for CRC's I think but that's about it.
Checksums however are totally useless for the most part. You're better
off using a CRC32 or something and just formatting the output to be in
your range of 0-9, A-Z. Note that since #(0-9, A-Z) = 36 and is not an
integral amount of bits of information (it.s about 5.2). So either you
take six bits and do (modulo 36) (bad idea!) or you use a charset with
32 characters (0-9, A-V).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Stephen Anthony Uy <[EMAIL PROTECTED]>
Subject: AIM Password Decoding for the Inquisitive v1.02
Date: Fri, 01 Dec 2000 19:06:49 -0800
Hello; I'm a lurker here. I hope this hasn't already been done, but
I've done an analysis of the encoding scheme that AIM uses to encrypt
passwords stored in the registry; for those interested, it's available
via direct link on my web site:
http://www.ics.uci.edu/~suy/aimpwdec102.zip
I'm not, by any means, a cryptographer, so please don't bash me too
mercilessly... this is my first attempt at cryptanalysis. Comments
and criticism are welcome. Thanks for listening.
-Steve
email.(ROT-13)[EMAIL PROTECTED]
aim...........................................tsanth
homepage.......................http://www.tsanth.com
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
