Cryptography-Digest Digest #926, Volume #12 Sat, 14 Oct 00 17:13:00 EDT
Contents:
Credit (redux) - is this the right place (Steve Sobol)
Re: Is it trivial for NSA to crack these ciphers? ("Stephen M. Gardner")
Re: Rijndael implementations (John Savard)
Re: Rijndael implementations (John Savard)
Re: Is it trivial for NSA to crack these ciphers? (John Savard)
Re: Is it trivial for NSA to crack these ciphers? ("Stephen M. Gardner")
Re: Is it trivial for NSA to crack these ciphers? (jungle)
Re: Why trust root CAs ? (Anne & Lynn Wheeler)
Re: Is it trivial for NSA to crack these ciphers? ("John A. Malley")
Re: Is it trivial for NSA to crack these ciphers? (Stephan Eisvogel)
Re: block-cipher silly question? (N. Weicher)
Re: Bestcrypt technical difficulty question (Musashi)
Re: A new paper claiming P=NP (Eric Lehman)
Re: Is it trivial for NSA to crack these ciphers? (Sundial Services)
Re: Newbie question to practical brute-force analysis ("Scott Fluhrer")
Re: Rijndael implementations (Richard Heathfield)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Steve Sobol)
Subject: Credit (redux) - is this the right place
Date: Sat, 14 Oct 2000 18:41:36 -0000
So, since no one answered my question about encrypting credit card info..
is this the proper newsgroup? is there another forum that might be more
appropriate?
Are people just afraid that I'm going to sue them if I use their suggestions
and my data is compromised anyhow?
HELP! (I know barely enough about crypotgraphy to be dangerous, and I know
how to use OpenSSL and some of the functions of libcrypto, but that's about
it :)
Thanks.
--
A beautiful Chow puppy was rescued a couple months ago from the Geauga County,
Ohio animal shelter and has been fostered in a home in Montville, OH. After
receiving medical care and much love, he's ready for a permanent home.
http://www.WrinkleDogs.com/rescue/fall2000/
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 13:42:06 -0500
"Douglas A. Gwyn" wrote:
> "Stephen M. Gardner" wrote:
> > With modern cryptography the NSA is no better off than anyone else.
>
> That's quite a claim. What supporting evidence do you have?
What could possibly make me think that a group of scientists working
in secret, whose membership is restricted by security clearance (and
therefore not optimized for exceptional ability) could accomplish more
than a larger group of scientists working in the open and thus subject to
wider peer review? I dunno, it's probably not proof but I think I have
house odds in a bet. ;-)
> > There is no such thing as wizardry, only misdirected attention.
>
> Apparently you have never met real wizards.
Do they still have those funny hats with the moons and stars? ;-) If
so then I haven't. ;-)
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Rijndael implementations
Date: Sat, 14 Oct 2000 18:51:19 GMT
On Sat, 14 Oct 2000 15:53:01 +0100, Richard Heathfield
<[EMAIL PROTECTED]> wrote, in part:
>Changing the meaning of a word is not only unnecessary and costly, but
>rather silly if you don't provide a new word for what the old word used
>to mean.
>If you're going to shanghai 'byte' as a synonym for 'octet', what do you
>propose to call what /I/ still call a byte?
It's not me or him; virtually everyone understands 'byte' to mean a
unit of storage consisting of eight bits.
A unit of storage typically used to contain a character, whether it is
eight bits or six, always had been called a 'character' in the books
about computers from the days when computers with character cells
other than eight bits in size existed.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Rijndael implementations
Date: Sat, 14 Oct 2000 18:55:22 GMT
On Sat, 14 Oct 2000 15:53:01 +0100, Richard Heathfield
<[EMAIL PROTECTED]> wrote, in part:
>Tim Tyler wrote:
>> Consider the term "gender". This is a linguistic term relating to
>> the classification of nouns and pronouns in languages such as French.
>> However, it has widely been used as a term to refer to the sex of
>> individuals, without use of the broader term, "sex". A few (e.g.
>> Richard Dawkins) lament this theft - but it is now by far the more
>> common usage.
>Not amongst grammarians or linguists, I suspect.
Perhaps, but as they are in the Arts department, they too are subject
to intense winds of political correctness.
The use of 'gender' instead of 'sex' to denote whether an individual
is male or female was introduced for a specific political purpose: to
categorize the identification of humans as male or female as a social
construction as opposed to a biological reality.
I heard recently in the news about a cross-dresser who got a court
order forcing a restaurateur to admit him to the ladies' room. Such
are the fruits of this.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 18:48:43 GMT
On Sat, 14 Oct 2000 13:42:06 -0500, "Stephen M. Gardner"
<[EMAIL PROTECTED]> wrote, in part:
>could accomplish more
>than a larger group of scientists working in the open
Ah, but the number of mathematicians working in the open on
cryptography is far smaller than the number working in the NSA. Also,
the NSA has access to the open literature, like anyone else.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Stephen M. Gardner" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 13:46:53 -0500
CiPHER wrote:
> I have no doubts in my mind that every (applicable) cipher out there
> has already been easily broken by the top intelligence agencies.
What makes you think this?
> You see, otherwise, they'd really be shitting it and export laws would
> be tougher than you could possible imagine...
Since the genie is already out of the bottle, export rules only harm
American companies and do no good. Even some warmed over cold war
dinosaur can see that. (It takes a while but even they can read the
handwriting on the wall when the typeface is large enough) ;-)
> ...and everyone acts suprised when flaws are found in the 'best'
> systems. *tut-tut*
Do you have any specific examples?
--
Take a walk on the wild side: http://www.metronet.com/~gardner/
There is a road, no simple highway, between the dawn and the
dark of night. And if you go no one may follow. That path is
for your steps alone.
The Grateful Dead ("Ripple")
------------------------------
From: jungle <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 15:26:29 -0400
"Stephen M. Gardner" wrote:
===
> (It takes a while but even they can read the
> handwriting on the wall when the typeface is large enough) ;-)
very nice !!!
------------------------------
Subject: Re: Why trust root CAs ?
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Sat, 14 Oct 2000 19:32:00 GMT
[EMAIL PROTECTED] (Vernon Schryver) writes:
> "Verification" or authentication is not a boolean that you either have or
> do not have. Like all other security related things, authentication is
> a continuous variable. You can have a little or a lot, although it is
> hard to have absolutely none and impossible to have absolute confidence.
and a wide variety of different business processes could select
different points on the landscape involving different levels of
integrity as well as behavior on the part of individuals
even within the same business process there could be very large
portion of the landscape coverage.
banks tend to have more confidence & experience with individuals that
they give $10,000 credit card limits to compared to individuals they
start out at $300 limits ... which can involve a broad range of
different factors and the weight/importance given those factors.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED]
http://www.garlic.com/~lynn/
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 12:36:06 -0700
"Stephen M. Gardner" wrote:
>
[snip]
>
> What could possibly make me think that a group of scientists working
> in secret, whose membership is restricted by security clearance (and
> therefore not optimized for exceptional ability) could accomplish more
> than a larger group of scientists working in the open and thus subject to
> wider peer review? I dunno, it's probably not proof but I think I have
> house odds in a bet. ;-)
>
(Provided what you meant wasn't satire) :
The Manhattan Project springs to mind as a historical example of a group
of scientists working in secret, whose membership was restricted by
security clearance, who accomplished more than a larger group of
scientists working in the open and thus subject to wider peer review
(first controlled fission reactor, first fission weapon). Possibly the
war squelched the rate of peer reviewed papers, but peer-reviewed
Physics journals continued publishing research results in quantum
physics, fission research and nuclear transmutation during the war. The
U.S. and Imperial Japanese Army and Navy assigned physicists to scour
these journals for intelligence.
Bletchley Park in England during World War II (cryptanalysis of
state-of-the-art crypto systems, some of the first programmable
computers) is another example.
And the Super Conference (secret, restricted to a small group of
scientists mostly from the Manhattan Project) and subsequent Super
project (first hydrogen fusion weapon) is another example.
I won't argue the morality of the innovations, only the fact that these
significant bursts in applied mathematics and applied physics and
engineering fit your billing. Significant strides without significant
peer review, publication or openness.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Stephan Eisvogel <[EMAIL PROTECTED]>
Subject: Re: Is it trivial for NSA to crack these ciphers?
Date: Sat, 14 Oct 2000 21:39:26 +0200
lcs Mixmaster Remailer wrote:
> It's not off topic if we're speculating about the speed that the NSA
> could crack these ciphers, is it?
Look at DES and look at Skipjack. Key size is 'small' and hardware
implementation is easy, plus both designs are well brute-forcable
with Wiener machines. Whether 80-bits is within or just a nudge above
NSA capabilities, who cares? I have no doubt however that NSA has
very good classification methods that can judge a cipher's strength
well. I was impressed with Skipjack's balanced triple, the chosen
number of rounds, its key size and its round structure.
> The NSA knew how to strengthen DES against differential cryptanalysis
> many years before the civilian world knew what it was. I'm simply
> asking people to speculate about what tools beyond teraflop computing
> horsepower that NSA can bring to bear on these ciphers.
The random number that wasn't. Common. The key bits that weren't. Also
common. If it didn't take stupid tricks like these they wouldn't have
used them. So relax because even NSA is helpless with the latest and
greatest of ciphers, and remember that in a crypto system the weakest
link is almost never the cipher itself.
--
hawo bofh
------------------------------
From: N. Weicher <[EMAIL PROTECTED]>
Subject: Re: block-cipher silly question?
Reply-To: [EMAIL PROTECTED]
Date: Sat, 14 Oct 2000 19:42:09 GMT
<< A true block cipher with an 8-bit block would be a monalphabetic
substitution on a 256-character alphabet. That could not be secure. >>
That's what I assumed, but I was just wondering if anyone had any
flashes of inspiration <g>.
Neil
------------------------------
From: Musashi <a drenalx [EMAIL PROTECTED]>
Subject: Re: Bestcrypt technical difficulty question
Date: Sat, 14 Oct 2000 15:46:19 -0400
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Hi,
>
> I recently installed BestCrypt 6.06.3 on my Windows2000 machine.
> When I start windows, I get a message saying
>
> "BCRESIDENT.exe-No Disk
> There is no disk in the drive. Please insert a disk into drive A:"
>
> I Press continue and things are alright, or sometimes it gives another
> error message that says something like " \disk2\hard2 disk does not exist",
> or something like that (sorry, trouble reproducing it tonight)
>
> Finally, every time I open a container, the A: drive gets "pinged", as in a
> disk is looked for, but then the container opens without any error
> messages.
>
> I've looked in the Bestcrypt control panel, can't see where the problem is,
> and also have searched the registry for Bcresident, and can't see what is
> causing the problem. Any ideas?? Thanks in advance,
When you made your Crypto-container, did you perhaps specify that you
wanted to use a key disk? I know that Scramdisk has this option, and
looks for a floppy every time you mount the container if you checked the
Key Disk block when you made the container. Not sure about BC's inner
workings though...check the manual for the phrase "Key Disk", would be my
suggestion.
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Eric Lehman <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: comp.theory,sci.math,sci.op-research
Subject: Re: A new paper claiming P=NP
Date: Sat, 14 Oct 2000 19:45:16 GMT
Hi Michael,
Thanks for the suggestions. I think you're right on all counts. With
your comments and a little help from Stas, I made it a bit further
forward.
Theorem 2 is trivial, now that D(G) has been redefined. The wording is
odd, since every digraph in D(G) is acyclic by definition, but okay.
The definition of "vertex saturated" confused me for some time, but the
example helped. (Though I believe that vertices x9 and x10 are swapped
in Figures 6a and 7a of the example.)
Here's my latest frustration. There is an algorithm on page 12 used to
construct a "vertex saturated" dag. Theorem 3 effectively makes two
assertions about this algorithm: that it really does construct a
"vertex saturated" digraph, and that the running time is O(n^5).
Unfortunately, the proof only addresses the running time and not
correctness! Maybe it isn't *hard* to argue that if the algorithm
completes then the construction must be valid, but the idea of a P = NP
paper that leaves a correctness argument as an exercise to the reader is
pretty funny. :)
The overall plan of the paper seems reasonable enough: given a graph,
orient the edges just so, add some "covertices", call it a poset, and
find a minimum chain decomposition. Then throw out the covertices, and
the chain decomposition of the remainder is your minimum clique
partition. Hey, just might work! Buuut... so far as I can tell, there
have been errors in:
* the first algorithm
* the first theorem
* the first major example
So I'm waffling on whether to put in more effort or not. I'm inclined
to withdraw until the author devotes some more of his own time to
rooting out bugs.
/Eric
------------------------------
Date: Sat, 14 Oct 2000 12:51:45 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Is it trivial for NSA to crack these ciphers?
Good point. People should also bear in mind that there are many, many
other factors for considering a cipher, besides its brute strength
against the likes of the NSA. The AES project had many requirements,
including the suitability of the algorithm for implementation in very
small machines. (The world is full of Palm Pilots, cell phones, and
smart cards now.)
The world is also full of far more messages that are of short-term,
tactical importance rather than long-term, strategic ones. Millions of
credit and transaction related messages flash across the internet and
phone-lines every hour of every day. These messages are useful only for
a few seconds, but it's important that they not be forged or altered
during their brief life-span. A cipher that could provide Fort Knox
security to such messages but took even one thousandth of a second to do
it, might be much too long for such an application.
To warp a comment that I read in source-code once, for a lot of messages
one might say, "Okay, when you get ready, dig me up [from my grave] and
I'll tell you everything."
>Stephan Eisvogel wrote:
>
> lcs Mixmaster Remailer wrote:
> > The NSA knew how to strengthen DES against differential cryptanalysis
> > many years before the civilian world knew what it was. I'm simply
> > asking people to speculate about what tools beyond teraflop computing
> > horsepower that NSA can bring to bear on these ciphers.
>
> The random number that wasn't. Common. The key bits that weren't. Also
> common. If it didn't take stupid tricks like these they wouldn't have
> used them. So relax because even NSA is helpless with the latest and
> greatest of ciphers, and remember that in a crypto system the weakest
> link is almost never the cipher itself.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Newbie question to practical brute-force analysis
Date: Sat, 14 Oct 2000 12:52:53 -0700
Joseph Ashwood <[EMAIL PROTECTED]> wrote in message
news:#IujM5vLAHA.322@cpmsnbbsa09...
> r.e.s. wrote:
> > Is it true that more than a gigabyte of ciphertext
> > is likely to be required to detect the bias in RC4?
Actually, probably not. You can distinguish 212 bytes of RC4 output from
randomness, as long as you have infinite computing power available (hint:
try all 256*256! initial j and permutation settings). In addition, it
appears likely that there are efficient methods that work with considerably
less than a gigabyte, however, we don't know what they are.
>
> The current understanding is that there is no detectable bias beyond
1/2^24,
> this may or may not be the actual case.
Could you elaborate on that a bit? What do you mean "no detectable bias
beyond 1/2^24"?
>
> > Does RC4's bias become a problem only in ciphertext
> > generated using a single key?
>
> Yes. As with all ciphers if you change the key in an independent way an
> attacker will be forced to start over.
>
> As long as you always throw out the first bytes (there is a known bias in
> the first byte) also, yes that will prevent the currently known methods of
> detecting bias.
Actually not. The best known methods for "detecting a bias", that is,
distinguishing the RC4 output from random, work almost equally as well if
you periodically change the key. This happens because those methods work by
finding statistical imperfections in the next-state function, and those
imperfections don't change when you update the key.
Now, these methods won't be able to tell you what any of the keys were, but
these methods are not key recovery attacks anyways.
Now, if you are interested in a key recovery attack, the only ones known
(once you eliminate the first bytes weakness that Roos found) take either
enormous amounts of time (brute force is easier for any sane key length), or
an enormous amount of keystream (far beyond a few gigabytes).
--
poncho
------------------------------
Date: Sat, 14 Oct 2000 21:45:05 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Rijndael implementations
John Savard wrote:
>
> On Sat, 14 Oct 2000 15:53:01 +0100, Richard Heathfield
> <[EMAIL PROTECTED]> wrote, in part:
>
> >Changing the meaning of a word is not only unnecessary and costly, but
> >rather silly if you don't provide a new word for what the old word used
> >to mean.
>
> >If you're going to shanghai 'byte' as a synonym for 'octet', what do you
> >propose to call what /I/ still call a byte?
>
> It's not me or him; virtually everyone understands 'byte' to mean a
> unit of storage consisting of eight bits.
In that case, "virtually everyone" must exclude many professional C
programmers.
>
> A unit of storage typically used to contain a character, whether it is
> eight bits or six, always had been called a 'character' in the books
> about computers from the days when computers with character cells
> other than eight bits in size existed.
In Knuth's TAOCP I (the most obvious example of "books about computers
from the days..." and the only such book I had immediately to hand), the
body of the text disagrees with you, but the footnote contradicts it,
saying that "byte" was "standardized" to 8 bits in approximately 1975.
So I find myself in the uncomfortable position of disagreeing with
Knuth's footnote (whilst agreeing with his more flexible definition in
the body of the text). You would appear to take the opposite (but
equally uncomfortable) position.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
66 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (31
to go)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
