Cryptography-Digest Digest #256, Volume #13 Sat, 2 Dec 00 02:13:01 EST
Contents:
Re: Newbie (John Savard)
Re: Entropy paradox (John Savard)
Re: IBM's new algorithm (John Savard)
Re: JOB: Software Engineer : Security - Ohio ("Trevor L. Jackson, III")
Re: Rudimentary Encryption (John Savard)
Re: keysize for equivalent security for symmetric and asymmetric keys ("Trevor L.
Jackson, III")
Re: Newbie ("Michael")
Re: Newbie (David Schwartz)
Encrypting messages in images?? ([EMAIL PROTECTED])
Re: IBM's new algorithm ("Scott Fluhrer")
Re: Newbie ("Michael")
Re: Newbie ("Michael")
Re: Encrypting messages in images?? ("MindHunter")
Re: Vulnerability to Attack (Thomas Wu)
Re: SRP - not good enough? (Thomas Wu)
Re: Newbie (Scott Craver)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 04:20:07 GMT
On Sat, 02 Dec 2000 01:51:15 GMT, "Michael" <[EMAIL PROTECTED]> wrote,
in part:
>So, how did they EVER break a code using
>humans.
Well, the codes were easier to break back then too, since the coding
had to be done by humans instead of by a computer.
And the humans didn't just do it the brute-force way of trying every
possible key; they worked intelligently at the problem, something that
is still largely beyond computers.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Entropy paradox
Date: Sat, 02 Dec 2000 04:17:22 GMT
On Wed, 29 Nov 2000 11:57:04 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>So the increase in 'computational
>entropy' does come from somewhere and not out of the
>vacuum.
Well, I've noted that it depends on the quality of the encryption/PRNG
algorithm. So it comes from doing something; but that doesn't mean the
difference between carrying out a good algorithm and generating true
random numbers is not also significant.
While it takes effort to increase 'computational entropy' as you call
it, it takes a different kind of effort to increase real entropy, and
the distinction is very important. That is what I was arguing.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: IBM's new algorithm
Date: Sat, 02 Dec 2000 04:12:23 GMT
On 2 Dec 2000 01:02:46 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote, in part:
>One possibility is that this preprint is it:
>http://eprint.iacr.org/2000/039/
That sounds right, but it also looks familiar: like something that was
discussed here several months ago.
Perhaps, based on this research on encryption _modes_, he discovered a
new public-key _algorithm_ more recently?
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Fri, 01 Dec 2000 23:32:58 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: JOB: Software Engineer : Security - Ohio
Mike Rosing wrote:
> "Trevor L. Jackson, III" wrote:
> >
> > Plea to readers: Please call the toll-free number below and inform Ms. Kay
> > that her post in sci.crypt is offensively off topic.
>
> Why? If you're not looking for work, ignore it. If you are looking, it's
> mighty nice to see!
Because such traffic belongs in the jobs ngs. I fail to see that it has anything
to do with the purpose of this forum.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Rudimentary Encryption
Date: Sat, 02 Dec 2000 04:21:53 GMT
On Sat, 02 Dec 2000 00:50:32 GMT, "Potyanimal"
<[EMAIL PROTECTED]> wrote, in part:
>so since the seed does vary, it
>would have to be simulating several thousand rotary machines, and so I ruled
>that out.
Well, it can feed the seed into a random number generator, and call it
for random numbers as it builds a rotor machine - so it can simulate
thousands of different rotor machines, but only one at a time.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
Date: Fri, 01 Dec 2000 23:38:45 -0500
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: keysize for equivalent security for symmetric and asymmetric keys
Kenneth Almquist wrote:
> Bob Silverman <[EMAIL PROTECTED]> wrote:
> > In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (John Savard) wrote:
> >> Yes, but who says the technology around in 100 years from now is all
> >> going to be forecastable today?
> >
> > This response is just plain silly. No one is trying to determine
> > what will be safe key sizes 100 years from now! We are trying to
> > do it for the forseeable future.
>
> If you worked for the census bureau, which is required by law to
> keep individual data private for 100 years, you would have to
> worry about what key size will be safe 100 years from now. This
> is the type of application where 256 bit keys are attractive. We
> don't have much of an idea of what computing technology will look
> like 100 years from now, but we can be reasonably confident that
> fundamental physical laws will prevent anyone from building a
> machine which can brute force a 256 bit key.
I suspect this conclusion is false. Since, in theory, a QC enjoys a square
root advantage over classical architectures a 256-bit key attacked by a QC
would be as a 128-bit key attacked by a classical computer. I'd expect a
search of a 2^128 space to be trivial for a classical computer in 2100
(assuming that there are any classical computers in existence in 2100).
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 04:41:42 GMT
Thanks for the quick reply.
I realize that the NSA could break my algorithm 1/1000th of a second after
they hit return.
I am just wondering could say, a crypto hobbyist who doesn't have a Cray.
Would it be 'proper' to paste a snippet of encoded text here and if anyone
was up for it they could give it a try?
If someone broke it, I would LOVE to know how the heck they did it. Which
method worked. How long it took them, etc.
I have Applied Cryptography, the new red one. However, I moved a year ago
and haven't found it after the move. Must be in the attic <G>
It has been many years since college, I need to get back into math.
I discovered this newsgroup tonight while doing an MSN search. I'm sure you
will hear from me again. I will do my best to not annoy.
Thanks again,
Michael (looking for a new host for my web site www.INERFAZE.com old one
went bankrupt)
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:909oe4$cgs$[EMAIL PROTECTED]...
> In article <nAYV5.84170$[EMAIL PROTECTED]>,
> "Michael" <[EMAIL PROTECTED]> wrote:
> > Hello, I just started playing with creating my on algorithm. I have
> written
> > one *I* think is good. I am looking for a cryptanalysis program that
> I can
> > test it with.
> >
> > Which leads me to processing power. It is my experience (playing with
> > cryptanalysis) that it takes a hell of a lot more processing power to
> chug
> > away at code then my poor K7 500. So, how did they EVER break a code
> using
> > humans.
>
> Um yea. DES was cryptanalyzed during the 90's when 486's were "new" :)
>
> > Are there any books that are generally accepted as the 'bible?'
> >
> > I did several searches on 'Cryptanalysis Programs' on the Internet
> and every
> > program it took me to was a program to Encrypt.
> >
> > Thank you, sorry for my naivet�,
>
> Well "cryptanalysis programs" generally DO NOT exist. There are
> standard techniques you could start with but there are no conclusive
> tests.
>
> My suggestion is to get a book like Applied Crypto and familiarize
> yourself with basic terminology and attacks. Then read conference
> papers to get an idea of some real attacks being done.
>
> My second suggestion is to keep your algorithm to yourself unless you
> also stipulate that it is not to be used for real products (e.g my
> website has about 12 diff algorithms but I post a warning saying "do
> not use my toy ciphers in real products!").
>
> My final suggestion is to ask alot of questions. Do your reading first
> however. www.counterpane.com/labs.html has a ton of research papers
> indexed already so it's not a bad place to start either.
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Fri, 01 Dec 2000 20:46:27 -0800
Michael wrote:
> Would it be 'proper' to paste a snippet of encoded text here and if anyone
> was up for it they could give it a try?
No. If you want to challenge someone to break it, post the algorithm
itself on a web page and mention it here.
It's totally improper to ask people to break a cipher given only a
sample of its output. After all, suppose my cipher is that '1' means
'now is the time for all good men' and '2' means 'to come to the aid of
their party'. I could then challenge anyone to decrypt '12' and they
would certainly fail. That doesn't mean my cipher is strong!
DS
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Encrypting messages in images??
Date: Sat, 02 Dec 2000 04:55:01 GMT
I saw this on a documentary on my plane flight and I cant
find my notes on it.
A model created a method of embedding messages (like PGP)
inside an image so its not obvious the message is encrypted.
I remember she is from England and posed nude earlier in her
career and she invented this technique I believe.
Does anyone have any ideas who she is or where I can
find her software, etc.........
thanks in advance!!!!
george
====================From the mind of George Lewycky==========
http://georgenet.net
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: IBM's new algorithm
Date: Fri, 1 Dec 2000 21:08:53 -0800
John Savard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> No technical details are in the IBM press release, let alone the news
> items on it, but IBM has a new algorithm that 'authenticates and
> encrypts simultaneously'.
>
> Of course, every secret key algorithm does that for free...if the
> plaintext makes sense, you must have known the key.
Actually not. Totally apart from the consideration of whether you want to
rely on an upper level to decide whether the message "makes sense", it's
also possible for an attacker to take a legit message, alter that, and send
that. It is important that the altered message be rejected, and not
decrypted into an altered plaintext.
Here is a simple example of such an attack: suppose you are using OTP to
exchange bank transactions, in the following format:
struct bank_transaction {
char to[32]; /* Name of the account being transfered to */
char from[32]; /* Name of the account being transfered from */
char amount[32]; /* Amount being transfered */
};
. The attacker would like to inject bogus transactions intto his own
account, but not having the pad, he cannot. What he can do is open an
account in the name of "Cill Gates", and wait for Mr. Bill Gates to make a
stock sale, transfering a large amount of money into his own account. When
that happens, he grabs the packet, which is encrypted and whose plaintext
has "Bill Gates" in the "to" field. He then flips the LSBit of the first
byte of the packet and sends it on. When the receiver gets the altered
packet, he decrypts the "to" field into "Cill Gates", and procedes to
deposit the large amount into the attacker's account. He then withdraws the
money, and heads for Argentina.
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 05:18:30 GMT
OK, I will not post it here.
However, I find your example a little silly. I think that would be pushing
the term algorithm. I think you assumed (correctly) that it is an algorithm
that can convert any ASCII into a 'secret message.'
What, in your opinion, would be the proper protocol for challenging people
to break it.
Thanks again,
Michael
"David Schwartz" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Michael wrote:
>
> > Would it be 'proper' to paste a snippet of encoded text here and if
anyone
> > was up for it they could give it a try?
>
> No. If you want to challenge someone to break it, post the algorithm
> itself on a web page and mention it here.
>
> It's totally improper to ask people to break a cipher given only a
> sample of its output. After all, suppose my cipher is that '1' means
> 'now is the time for all good men' and '2' means 'to come to the aid of
> their party'. I could then challenge anyone to decrypt '12' and they
> would certainly fail. That doesn't mean my cipher is strong!
>
> DS
>
------------------------------
From: "Michael" <[EMAIL PROTECTED]>
Subject: Re: Newbie
Date: Sat, 02 Dec 2000 05:27:33 GMT
I would think a (fast) computer would be perfect for brute forceing it.
But, I have no concept of just how fast the computers 'they' have are.
Mine is not up to the task!
I once (when I had a P200) wrote a program to attempt a brut force decode of
a simple message.
It was going so slow I added code to estimate (based on progress) how long
it would take to finish.
It was MANY YEARS! I gave up.
Not exactly practical.
Thanks for the reply,
Michael
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sat, 02 Dec 2000 01:51:15 GMT, "Michael" <[EMAIL PROTECTED]> wrote,
> in part:
>
> >So, how did they EVER break a code using
> >humans.
>
> Well, the codes were easier to break back then too, since the coding
> had to be done by humans instead of by a computer.
>
> And the humans didn't just do it the brute-force way of trying every
> possible key; they worked intelligently at the problem, something that
> is still largely beyond computers.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
>
------------------------------
From: "MindHunter" <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Re: Encrypting messages in images??
Date: Sat, 02 Dec 2000 05:47:59 GMT
It's called Stenography I believe and there are several win based programs
that do it. Look in a search engine
- MindHunter
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Vulnerability to Attack
Date: 01 Dec 2000 22:10:20 -0800
"BreakingNews" <[EMAIL PROTECTED]> writes:
>
> I think you can argue with number crunching geeks until your head falls off
> and I think the clever thing to do is just to avoid the 10001 ways to do
> authentication. What I do is just look at something or someone that I think
> probably does has a good system... and copy it.
>
> I would just say to your programmers, do it this way... and tell them to
> use the CHALLENGE RESPONSE methodology the microsoft uses.
You give a good piece of advice in your first paragraph (which I agree
with), but immediately contradict it with your second paragraph (which
is almost precisely the worst possible approach you can take to password
authentication, next to blatantly cleartext passwords).
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: SRP - not good enough?
Date: 01 Dec 2000 22:18:47 -0800
[EMAIL PROTECTED] (John Savard) writes:
> On 1 Dec 2000 17:09:10 GMT, [EMAIL PROTECTED] (Bill Unruh) wrote,
> in part:
>
> >I do not see how. The server needs that extra information. How is it
> >communicated to the server?
>
> I wasn't claiming there must be a way, just that I didn't see a way to
> prove there wasn't.
>
> 1) Both sides could always set up, with nonce keys, a
> non-authenticated Diffie-Hellman session.
>
> 2) The password could protect a private key, and the server can have
> on it only the public key corresponding to it, yet the two sides can
> authenticate.
But you've changed the assumptions - you're now allowing for persistent,
secure, client-side storage of a (possibly passphrase-protected) private
key. You're no longer dealing with a purely password-based system, and
you lose some of the benefits, like inherent, universal portability,
when you do so. ObDisclaimer: I work at a company that deploys just
this kind of a stored-key system, and which has to deal with said
portability issues constantly.
Incidentally, strong password systems like SRP can be trivially modified
to fit in this different security model by placing the salt on the client
side and not storing it on the server, as others have pointed out. So the
final answer might be that strong password protocols ARE in fact "good
enough" by your requirements.
> These steps by themselves don't solve the problem, they just show that
> proving what can and can't be done isn't trivial.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: Newbie
Date: 2 Dec 2000 06:11:41 GMT
Michael <[EMAIL PROTECTED]> wrote:
>OK, I will not post it here.
>
>However, I find your example a little silly. I think that would be pushing
>the term algorithm. I think you assumed (correctly) that it is an algorithm
>that can convert any ASCII into a 'secret message.'
>
>What, in your opinion, would be the proper protocol for challenging people
>to break it.
All you really need to do is describe the algorithm. People
can simply analyze that to see if the cipher has any flaws.
Or, for a more traditional challenge, you can describe the
algorithm, provide ciphertext encrypted with a secret key,
and see if anyone can determine the plaintext and possibly
the key. But providing the algorithm is a basic necessity
for a cryptographic challenge.
Just put it on a web page and post the URL here.
>Thanks again,
>Michael
-S
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
