Cryptography-Digest Digest #275, Volume #13 Tue, 5 Dec 00 15:13:00 EST
Contents:
About governments and my ex-relatives in Finland and the U.S.A. ... basically my
ex-spouse had around 350000 US dollars and then my ex-relatives (Finland and US )
collaborated in their efforts to force me to leave the U.S.A. without any of this
money ... (Markku J. Saarelainen)
Re: RC4 or Rijndael ("CMan")
Re: Journal of Craptology (Mike Rosing)
wrapper code (Steve Blinkhorn)
Re: Why Galois Fields in Cryptography? (Mike Rosing)
Possibly-new attack on D-H? (Peter Fairbrother)
Re: Possibly-new attack on D-H? (Roger Schlafly)
Re: ARCFOUR (RC4) used for CipherSaber-N (Ichinin)
Re: RC4 or Rijndael (Ichinin)
Re: RC4 or Rijndael (Ichinin)
Re: Why Galois Fields in Cryptography? (John Savard)
Re: Why Galois Fields in Cryptography? (John Savard)
Re: Why Galois Fields in Cryptography? (John Savard)
Re: DES and Salt ([EMAIL PROTECTED])
Re: cracking a char subst cypher (Simon Johnson)
Re: DES and Salt ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: Markku J. Saarelainen <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,alt.security,comp.security
Subject: About governments and my ex-relatives in Finland and the U.S.A. ... basically
my ex-spouse had around 350000 US dollars and then my ex-relatives (Finland and US )
collaborated in their efforts to force me to leave the U.S.A. without any of this
money ...
Date: Tue, 05 Dec 2000 15:34:27 GMT
And this is the real story ...
Basically, my ex-mother, Eeva Nuora, ex-sister, Senja Saarelainen-
Swedyc (her husband is Polish) and my ex-borther, Jukka Saarelainen
wanted me to leave to Finland and sent me messages and letters with the
content such as " come immediately to Finland .. ask Kathy to give some
money for the trip..." and so on .. .. Kathy in this case was "Kathryn
Goll Saarelainen" who collaborated with the U.S. government against
me ....
The embassy of Finland sent me a letter and told me ... they can take
me to Finland with funds of the government of Finland ... basically
leave my properties without getting any moneys to which I had all
rights .... my ex-spouse, the embassy of Finland and my ex-relatives
had been collaborating and I have letters indicating to this nature ...
and of course, by now you know that my ex-spouse collaborated and
worked with the U.S.government and affiliates and spied on me ...
And then of course, the U.S. government attacked me and caused the
divorce actually in 1999 ....and I am just an ordinary private man ...
SO now you got the picture ... there was something terribly wrong in
this and their control efforts .. but this was my living in the end of
1999 and in the beginning of 2000 .. basically I knew that I was
alone .. totally alone .. everybody attacking me and trying to cause
harm to me and my living ... and my ways ...
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: RC4 or Rijndael
Date: Tue, 5 Dec 2000 08:42:09 -0700
Bits are like chad, they must be emptied out periodically or they keep
elderly computer users from punching the keyboard all the way through.
Most people don't realize that the bit-bucket in a computer must be
periodically services or bit built-up will occur. I had this happen once and
I had to call a computer geek to have it emptied. This is especially a
problem when one attempts to run Windows 2000 off a floppy! These days you
almost need a hard drive to run Windows at all.
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
news:90gnk1$c0$[EMAIL PROTECTED]...
> In <[EMAIL PROTECTED]> "Julian Morrison"
<[EMAIL PROTECTED]> writes:
>
> ]> In article <[EMAIL PROTECTED]>,
> ]> "Julian Morrison" <[EMAIL PROTECTED]> wrote:
> ]>> Which of RC4 or Rijndael is better for:
> ]>>
> ]>> - strength of security
> ]>> - ease of coding
> ]>> - speed
> ]>> - smaller key
> ]>>
> ]>
> ]> Q: What's the difference between a duck? A: One of its legs are both
the
> ]> same.
> ]>
> ]> Your question is too vague, and too open ended to be answered. Further,
> ]> you are comparing different *kinds* of ciphers.
>
> ]As I recall, RC4 is a byte-by-byte stream cypher, and Rijndael is a block
> ]cypher that would need CBC or something. In use tho they're both
symmetric
> ]cypers useful for the purpose of doing a RSA/symmetric pairing. I'm
trying
> ]to figure out which is best for how I want to do that (optimize for
> ]speed, security, and low wastage of bytes).
>
> Yes, RC4 is a stream cypher. The key can never be reused or the strength
> is essentially zero. It is very easy to code, and is much faster.
> However it is totally useless unless you can choose a random key each
> use. (eg, by sending the key via RSA). Uh, what is wastage of bytes? You
> don't want to empty the bit bucket too often?
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Journal of Craptology
Date: Tue, 05 Dec 2000 12:10:31 -0600
Lars Knudsen wrote:
> A new issue of Journal of Craptology can be found at
>
> http://www.ii.uib.no/~larsr/crap.html
>
> Enjoy
Excellent! I really enjoyed "On the efficiency of elliptic curves
arising in French literature", especially since I'm pounding my head
against Harley et. al.'s recent paper. Now I have to find that
connection to Bugs Bunny :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Steve Blinkhorn)
Subject: wrapper code
Date: 5 Dec 2000 18:18:09 GMT
64-bit block ciphers all seemed to be coded to take pointers to two long
integers as arguments. Simple question to avoid reinventing wheel:
is there a bit of standard wrapper code somewhere to feed a
random-length byte string to such a cipher (blowfish is what I have
in mind)?
--
Steve Blinkhorn <[EMAIL PROTECTED]>
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Why Galois Fields in Cryptography?
Date: Tue, 05 Dec 2000 12:21:02 -0600
John Savard wrote:
>
> The new Advanced Encryption Standard, Rijndael, makes use of
> arithmetic in GF(2^8). So did Twofish, one of the other finalists in
> the AES process.
>
> Not being terribly up on advanced math, I wondered why this relatively
> unfamiliar type of operation was used in these block ciphers. I
> realize that exotic math is needed for public-key algorithms, but
> surely prosaic things like addition, XOR, table-lookup, and so on seem
> to be enough for many block ciphers.
XOR is GF math. It's addition over GF(2), and you can describe each bit
as the coefficient of a polynomial to call it GF(2^n). It's not "exotic",
it's what binary logic does easily. Parity( A AND B) is also a simple
operation. That's a vector dot product!
I'd like to see more math connections to symmetric ciphers. That way we
can "prove" some level of security. while the operations are simple,
the mathematical description is horribly complex. If we were taught
this stuff in high school, it might not seem so exotic.
Right Tom ? :-)
Patience, persistence, truth,
Dr. mike
------------------------------
Subject: Possibly-new attack on D-H?
From: Peter Fairbrother <[EMAIL PROTECTED]>
Date: Tue, 05 Dec 2000 18:28:35 +0000
Hi All,
I'm writing an implementation of D-H for m-o-o-t (you don't know m-o-o-t?
try www.m-o-o-t.org ) and wanted a way to find g/p pairs where g is a
generator for GF(p). Someone suggested I use the primes from SKIP.
What!?! I thought. Surely people are not reusing primes? There's an old
algorithm by Merkle and Adleman later developed by Hellman and Reyneri {1}
which could produce tables of logs of small primes or (later and better)
tables of polynomial coefficients.
The effort to create the tables is large, about the same as factoring a
similar-size RSA key , but once created finding individual discreet logs is
comparatively easy. (and I heard a whisper in the eighties "someone" had
found a way of choosing r-subscript-i that's a lot better than random)
This makes high-volume or high-value traffic using one p a juicy target.
So perhaps people use different g? (not sure offhand exactly what advantage
that might have, might make things harder) No, they often all use 2.
Wow, I thought, but haven't they heard of the attack based on turning that
method round? Creating tables, finding the relevant N, doing this a few
times and choosing one that is a prime of form 1+2*q (q prime) and lo! and
behold! you have a "Certified Key" resistant to Pohlig-Hellman and Pollard
but which you can break easily using the tables? All you have to do now is
get people to use it.
Apparently not. One or two people I spoke to are getting slightly worried.
I wonder how they made the SKIP primes. Do people use fixed primes a lot? In
eg RNG's? ElGamal, DSA, Schnorr etc?
Or am I hopelessly off track here? Has no-one ever heard of it/ is it
impractical? I don't think the latter is the case, I'll work on it, there
may be limitations I don't know about. (the last time I thought about this
was a lot of years ago, I kinda assumed everyone used new g/p) Before I
start, does anyone know anything about this?
Thanks
--
Peter Fairbrother
[EMAIL PROTECTED]
{ "Fast computation of discreet logs in GF(q)" by Martin E Hellman and
Justin M Reyneri, presented at Crypto 84, I don't have the exact reference }
------------------------------
From: Roger Schlafly <[EMAIL PROTECTED]>
Subject: Re: Possibly-new attack on D-H?
Date: Tue, 05 Dec 2000 10:44:03 -0800
Peter Fairbrother wrote:
> The effort to create the tables is large, about the same as factoring a
> similar-size RSA key , but once created finding individual discreet logs is
> comparatively easy. (and I heard a whisper in the eighties "someone" had
> found a way of choosing r-subscript-i that's a lot better than random)
> This makes high-volume or high-value traffic using one p a juicy target.
Harder than factoring similar-size RSA key. Only feasible for D-H
keys up to about 400 bits.
Just use 1024-bit keys, and you are far out of range for the
known attacks for a long time.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ARCFOUR (RC4) used for CipherSaber-N
Date: Sat, 02 Dec 2000 16:00:24 +0100
Punchy wrote:
<Snip>
There are lots of surprises for C++ only programmers at
www.vbdiamond.com...
/Ichinin
(No - i use Crypto libs written in C++ for my VB apps.)
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RC4 or Rijndael
Date: Sat, 02 Dec 2000 16:04:51 +0100
Mats Lofkvist wrote:
>
> [EMAIL PROTECTED] (Bill Unruh) writes:
>
> > Yes, RC4 is a stream cypher. The key can never be reused or the strength
> > is essentially zero. It is very easy to code, and is much faster.
> > However it is totally useless unless you can choose a random key each
> > use. (eg, by sending the key via RSA).
>
> Isn't adding a cryptographically strong random part to the RC4 key
> and sending the random part in clear to the receiver considered a
> secure way to reuse RC4 keys?
>
Nope, Random Bytes + Key = still as hard to break as sizeof(key)
Regards,
Ichinin
_________________________________
Email address is for spammers, bounces regardless.
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: RC4 or Rijndael
Date: Sat, 02 Dec 2000 16:07:23 +0100
CMan wrote:
> ...This is especially a
> problem when one attempts to run Windows 2000 off a
> floppy! These days you almost need a hard drive to
> run Windows at all.
LS-120 :o)
/Ichinin
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: Why Galois Fields in Cryptography?
Date: Tue, 05 Dec 2000 19:03:10 GMT
On Tue, 05 Dec 2000 14:40:47 GMT, Erwann ABALEA <[EMAIL PROTECTED]>
wrote, in part:
>OTP states that the random number generator shouldn't be a pseudo one...
>If you choose to use a prng, then the weakness lies in your
>implementation.
As I said,
"the one-time-pad and certain other stream ciphers"
I'm well aware that a stream cipher using a PRNG is *not* a
one-time-pad. But while the true one-time-pad doesn't share the other
weakensses a PRNG cipher has, both are susceptible to the bit-flipping
attack.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: Why Galois Fields in Cryptography?
Date: Tue, 05 Dec 2000 19:05:56 GMT
On Tue, 05 Dec 2000 14:44:15 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>As to your OTP issue, I certainly have not fully understood.
>But I have a point: One can group the bits of that sequence,
>say 8 bits (byte) for the case corresponding to an alphabet
>of size 256, and use them as keys to a sufficiently large
>polyalphabetic substitution table, i.e. somewhat more columns
>than 256 but not necessarily extremely large, where each
>column is an arbitrary random permutation of the alphabet.
>Would such a scheme serve well your purposes?
Yes; but here I'm trying to find out what the _smallest_ table is that
would serve my purpose, and if the number of columns is 256*255, my
purpose can be served perfectly. But how to generate the ideal table?
>I also have a probably very trivial question: The expression
>ax+b is a linear one. Now this evaluated in GF is certainly
>not linear in Z_n and vice versa. So, one has to be very
>careful when talking about the advantages/disadvantages
>of linearity in crypto, isn't it? (In other words, what are
>the disadvantages of linearity, when the context of where
>the expression is evaluated is not given?)
Well, the final combiner is linear, but if I didn't use a true OTP,
but instead a PRNG, it had better not be linear, and thus easily
predictable.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: sci.math
Subject: Re: Why Galois Fields in Cryptography?
Date: Tue, 05 Dec 2000 19:11:45 GMT
On Tue, 05 Dec 2000 13:11:56 GMT, Tom St Denis <[EMAIL PROTECTED]>
wrote, in part:
>This won't work in GF(2^w) for two reasons. 1) If plain is zero then
>A is known. (i.e cipher = A). 2) Vice versa for B. So in a chosen
>plaintext attack this cipher is completely weak. In a known plaintext
>attack 1/256 ciphertext bytes will directly leak the internal state.
With a regular stream cipher of the PRNG or OTP XOR to plaintext type,
knowing the plaintext and the ciphertext certainly does leak the byte
XORed to the plaintext.
In this case, knowing both only means that (A,B) are restricted to 255
possibilities out of the original 256*255 possibilities. (It is
assumed that either A and B come from a true OTP, or from a secure
PRNG, the question of predicting other A,B values is not discussed.
The question of a chosen plaintext attack would depend on that issue.)
And the property I'm looking for is that these 255 possibilities will,
for some altered ciphertext, make the resulting plaintext still
ambiguous. And that property _does_ still exist. Whether or not the
plain or cipher is zero.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES and Salt
Date: Tue, 05 Dec 2000 19:24:49 GMT
In article <Rc7X5.339$[EMAIL PROTECTED]>,
"Mike The Man" <[EMAIL PROTECTED]> wrote:
> This is an old one, that I'm trying to grasp; Salting the DES.
>
> I first wrote a DES-routine in Delphi, which seems to be working
(compared
> results with known tests). Then I added a salt value, trying to do it
in a
> UNIX-password-style. However it doesn't come up with the same results
as it
> appears in the etc/passwd.
>
> From what I've gathered, the Unix password consists of thirteen
> base64-encoded characters. The two first make up the 12-bit salt.
I don't think it's the standard base64, the charset is determined like
this (c contains the six bits):
c += '.';
if(c > '9')
c += 7;
if(c > 'Z')
c += 6;
c will now contain a printable character.
> The other eleven is the 64bit result from doing the 25-times DES.
> When you type in a password the first eight ASCII characters will be
> leftshifted (so an A - h41 would be h82), because the 8th bit is
ignored as
No I don't think they're shifted. You take the 7 most significant bits
of the 1st byte, and place them in the key as bits 1 to 7 (offset
starting at 1 not 0). The 8th bit is ignored (it should be the parity
bit as you say). Then you move to the second byte, its 7 msbits are
placed in the key as bits 9 to 15, bit 16 is the parity, etc...
> parity in DES. Then these 64bits are inserted as the key in the DES.
> The first input value is all zeroes, then the DES-output is fed back
to the
> input for the next DES.
> This is repeated 25 times.
That's correct. But, where do you use the salt? It's used to modify
the expansion function (there are 2^12 = 4096 variations).>
> Could anyone tell me, if this is right?
>
> /Mike the Man
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: cracking a char subst cypher
Date: Tue, 05 Dec 2000 19:35:54 GMT
In article <90ip3b$us1$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> Frank Hsueh <[EMAIL PROTECTED]> wrote:
> > I was just wondering... is there any code out there to crack a
simple
> > character substitution cypher?
>
> Like a monoalphabetic substitution cipher? Not too hard. You look
for
> matching frequencies of characters (between a sample of original
> language and the ciphertext) and try to match up characters. It's a
> bit of math/muddle but often can be done easily if the ciphertext is
> long enough.
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
For polyalphabetics, you find the length of the key, using the index of
co-incidence, then you collect all the characters that were encrypted
with the same letter of the key and analyse the frequencies of these
characters. By doing this for all the letters of the key, one can
easily find the solution to polyalphabetics.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: DES and Salt
Date: Tue, 05 Dec 2000 19:51:29 GMT
In article <90jfdn$it6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <Rc7X5.339$[EMAIL PROTECTED]>,
> "Mike The Man" <[EMAIL PROTECTED]> wrote:
...
> >
> > From what I've gathered, the Unix password consists of thirteen
> > base64-encoded characters. The two first make up the 12-bit salt.
>
> I don't think it's the standard base64, the charset is determined like
> this (c contains the six bits):
> c += '.';
> if(c > '9')
> c += 7;
> if(c > 'Z')
> c += 6;
> c will now contain a printable character.
>
Just to make this clear the charset is "./0-9A-Za-z" while for the
standard base64 (RFC2045 section 6.8) it's "A-Za-z0-9+/" so they're not
quite the same.
> > The other eleven is the 64bit result from doing the 25-times DES.
> > When you type in a password the first eight ASCII characters will be
> > leftshifted (so an A - h41 would be h82), because the 8th bit is
> ignored as
>
> No I don't think they're shifted. You take the 7 most significant
bits
> of the 1st byte, and place them in the key as bits 1 to 7 (offset
> starting at 1 not 0). The 8th bit is ignored (it should be the parity
> bit as you say). Then you move to the second byte, its 7 msbits are
> placed in the key as bits 9 to 15, bit 16 is the parity, etc...
>
My answer is wrong, it is the 7 low order bits that are kept not the 7
high-order bits, so in that sense you're right, the bits in each byte
are shifted by 1 to the left and the least significant bit is ignored.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
