Cryptography-Digest Digest #279, Volume #13 Tue, 5 Dec 00 22:13:01 EST
Contents:
Re: Pentium 4 and modular exponential (Greggy)
Re: Pentium 4 and modular exponential (Greggy)
Re: Smart Card vs 1.44 Disk (Tom St Denis)
Re: Why Galois Fields in Cryptography? (Tom St Denis)
Re: Possibly-new attack on D-H? (Tom St Denis)
Re: wrapper code (Tom St Denis)
Re: Fips Pub 140-1 and RNG (DJohn37050)
Re: newbie: how to persuade my managment not to do our own home-grown encryption?
([EMAIL PROTECTED])
Re: newbie: how to persuade my managment not to do our own home-grown encryption?
(Bruce Stephens)
Math background required for Cryptology ? ("Ryan J Schave")
Re: Smart Card vs 1.44 Disk (David Schwartz)
Re: What's better CAST in PGP or Blowfish 128bit? ("Noname")
Re: Smart Card vs 1.44 Disk (Timothy M. Metzinger)
Re: newbie: how to persuade my managment not to do our own home-grown encryption?
(Eric Lee Green)
Re: ---- Are AES algorithms export restricted? (Eric Lee Green)
Re: Journal of Craptology (Eric Lee Green)
Re: Encrypting messages in images?? (Cassj)
Re: Encrypting messages in images?? (Cassj)
----------------------------------------------------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: Pentium 4 and modular exponential
Date: Tue, 05 Dec 2000 23:58:59 GMT
In article <905vfh$tma$[EMAIL PROTECTED]>,
"James Dabbs" <[EMAIL PROTECTED]> wrote:
> This situation reminds me of when 386's came out and everyone said the
> performance increase was not so great. Of course everyone was running
> segmented 16-bit apps and it was hard and expensive to find 32-bit
tools.
> Well, same thing now. Of course, with IA-64, I can't even see how a
C++
> compiler can even make use of the architecture.
I thought the large integral was primarily for addressing storage.
>
> Roger Schlafly <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Tom's Hardware has had mixed reviews of the Pentium 4. The
> > chip did well on some benchmarks, but surprisingly poorly
> > on a lot of them. It may be that you have to have software
> > optimized for the Pentium 4 to get any benefit.
> > http://www.tomshardware.com/blurb/00q4/001128/index.html
>
>
--
I prefer my fourth amendment rights over a dope free
society, even if the latter could actually be achieved.
Al Gore and the Florida Robes - More than just another rock group;
a clear and present danger to America's national security.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: Pentium 4 and modular exponential
Date: Wed, 06 Dec 2000 00:06:42 GMT
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> Wei Dai <[EMAIL PROTECTED]> writes:
> > The 32x32 -> 64 packed multiply instruction (PMULUDQ) in SSE2 is
> > clearly designed with modular exponentiation in mind.
>
> What makes you say that??? If it were made for big-integer arithmetic
> it would have a wide carry register or large accumlator. The best
> architecture I've seen yet for modexp is the Motorola 56000 series
DSP.
> This can start a 24x24 multiply-accumulate every cycle, with a 56 bit
> accumulator, so you can add up to 256 partial products before you
> have to worry about carry overflow.
If Intel (or anyone else for that matter) really wanted to help crypto
software, they would simply provide full size integral registers
without the need to carry anything and basic arithmetic operations to
support them.
>
>
--
I prefer my fourth amendment rights over a dope free
society, even if the latter could actually be achieved.
Al Gore and the Florida Robes - More than just another rock group;
a clear and present danger to America's national security.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Smart Card vs 1.44 Disk
Date: Wed, 06 Dec 2000 00:21:21 GMT
In article <90jrg4$ic9$[EMAIL PROTECTED]>,
"JustBrowsing" <[EMAIL PROTECTED]> wrote:
> Smart Card vs 1.44 Disk
>
> This is probably a really dumb question but once I get past all the
smart
> card marketing, I cant see the advantages of a smart card over a 1.44
disk
> using good crypto techniques.
>
> I keep coming to this conclusion, once data has been securely locked
up,
> does it matter what the medium is?
> Does giving the medium a "mind of its own" really make a difference.
>
> Just dont get it!
> For the sake of argument please assume all mediums are equal. For
example,
> yes, 1.44 disks get messed up easily, mag stripes cant hold a huge
amount of
> info etc.
> Get past that and tell me why smart card as a medium can do something
a 1.44
> disk and PC with reader cant?
>
> I'm thinking about setting up a travel agency voucher system... why
must I
> buy expensive smart cards?
"Anonymous" pointed out the secrecy of smart cards. Also you can carry
a smart card around and it can do the work for you such as decrypting
messages or signing something. You don't need a host to run the task
for you.
Some smart cards (or tokens) can be used for remote logins if they are
equipped with an LCD display.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Why Galois Fields in Cryptography?
Date: Wed, 06 Dec 2000 00:24:22 GMT
In article <[EMAIL PROTECTED]>,
Mike Rosing <[EMAIL PROTECTED]> wrote:
> John Savard wrote:
> >
> > The new Advanced Encryption Standard, Rijndael, makes use of
> > arithmetic in GF(2^8). So did Twofish, one of the other finalists in
> > the AES process.
> >
> > Not being terribly up on advanced math, I wondered why this
relatively
> > unfamiliar type of operation was used in these block ciphers. I
> > realize that exotic math is needed for public-key algorithms, but
> > surely prosaic things like addition, XOR, table-lookup, and so on
seem
> > to be enough for many block ciphers.
>
> XOR is GF math. It's addition over GF(2), and you can describe each
bit
> as the coefficient of a polynomial to call it GF(2^n). It's
not "exotic",
> it's what binary logic does easily. Parity( A AND B) is also a simple
> operation. That's a vector dot product!
>
> I'd like to see more math connections to symmetric ciphers. That way
we
> can "prove" some level of security. while the operations are simple,
> the mathematical description is horribly complex. If we were taught
> this stuff in high school, it might not seem so exotic.
>
> Right Tom ? :-)
Hmm yeah, GF math is pretty cool and they certainly don't teach it in
school.
(BTW Mike: I never did fix my inversion in my "gfmath.c" listing... oh
well)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Possibly-new attack on D-H?
Date: Wed, 06 Dec 2000 00:27:16 GMT
In article <[EMAIL PROTECTED]>,
Peter Fairbrother <[EMAIL PROTECTED]> wrote:
> in article [EMAIL PROTECTED], Roger Schlafly at
> [EMAIL PROTECTED] wrote on 5/12/00 6:44 pm:
>
> > Peter Fairbrother wrote:
> >> The effort to create the tables is large, about the same as
factoring a
> >> similar-size RSA key , but once created finding individual
discreet logs is
> >> comparatively easy. (and I heard a whisper in the
eighties "someone" had
> >> found a way of choosing r-subscript-i that's a lot better than
random)
> >> This makes high-volume or high-value traffic using one p a juicy
target.
> >
> > Harder than factoring similar-size RSA key. Only feasible for D-H
> > keys up to about 400 bits.
> >
> > Just use 1024-bit keys, and you are far out of range for the
> > known attacks for a long time.
>
> You're talking about using 1024-bit keys (primes), I'm not objecting
to
> that, just to reusing one 1024-bit prime, especially one that has been
> chosen by someone else.
>
> The attack I meant, I was referring to Mallory creating a g/p pair
which
> only Mallory can find discreet logs in, and then him getting other
people to
> use it.
I believe in PGP new primes are chosen for each new DH/DSS key. The
problem is that you must use p- strong primes for an "ideal" DH/EG
environment. Making them could take much longer then making normal
primes.
Tom
>
> Peter
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: wrapper code
Date: Wed, 06 Dec 2000 00:28:57 GMT
In article <90jbh1$ilf$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Steve Blinkhorn) wrote:
> 64-bit block ciphers all seemed to be coded to take pointers to two
long
> integers as arguments. Simple question to avoid reinventing wheel:
> is there a bit of standard wrapper code somewhere to feed a
> random-length byte string to such a cipher (blowfish is what I have
> in mind)?
Depends on what chaining mode you plan on using. I would suggest
either CBC or a counter-feedback-mode (i.e encrypt a counter and xor).
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 06 Dec 2000 00:41:32 GMT
Subject: Re: Fips Pub 140-1 and RNG
The FIPS tests will each fail less than one in a million times each, but that
still means some failures some times.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: newbie: how to persuade my managment not to do our own home-grown
encryption?
Date: Wed, 06 Dec 2000 00:36:43 GMT
Honestly, they're managers, hit them where it hurts; the bottom line.
Point
out that there are freely available, professionally made cryptopgrahic
algorithms, and that you think that the development speed gains would be
worth using the pre-made portions. From there it's a fairly simple
matter to
use Rijndael, Twofish, Serpent, 3DES, etc, along with RSA. If there is a
high performance requirement, point out that ARCFOUR is far faster than
anything your company is likely to design. I'm sure you can think of
other
reasons, but basically just cheat, you know what the requirements are,
hit
them there. Sometimes they listen, sometimes they don't. I personally
wouldn't bother with such and such is more secure, go with Rijndael is
faster, free, and already built. I've personally found this to be the
easiest way to get around the sluggishness, managers like the sound of
free,
fast, immediate delivery, and Rijndael at least meets these.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bruce Stephens <[EMAIL PROTECTED]>
Subject: Re: newbie: how to persuade my managment not to do our own home-grown
encryption?
Date: 06 Dec 2000 01:03:58 +0000
"L.V.S." <[EMAIL PROTECTED]> writes:
[...]
> Also, (forgive my ignorance!) are there other good public-key
> encryption schemes out there besides RSA and Diffie-Hellman? These
> are the only two that I ever seem to see get mentioned that have
> much credibility.
There are elliptic curve algorithms, too, and ElGamal. Probably
others (the Crypto++ web page below lists a few).
> Lastly, now that the RSA patent has expired (Sept. 6, 2000), are
> there folks out there writing some other commercial packages that
> provide it for the general public's use (both commercially and
> privately)? Can I use a version of this from the international
> community and not need to worry about licensing at all?
OpenSSL <http://www.openssl.org/> and Crypto++
<http://www.eskimo.com/~weidai/cryptlib.html> spring to mind. You
still have to check the various IPR issues, but both of these have
pretty liberal licenses (and are used in a number of commercial
products); you'll probably decide you just need to avoid the patented
algorithms.
------------------------------
From: "Ryan J Schave" <[EMAIL PROTECTED]>
Subject: Math background required for Cryptology ?
Date: Wed, 06 Dec 2000 01:05:37 GMT
I have recently become interested in cryptology. Unfortunately my knowledge
of math is pretty weak. I imagine this small detail will hold me back from
learning everything I can about cryptology. I have pulled out my old math
books from college and looked at the TOC of each of them.
What topics in math should I have a firm grasp of before I can expect to get
the most of cryptology? Obviously many topics in math are based on other
topics, but I don't want to spend time teaching myself stuff that I won't
use in my study of cryptology.
Hope this makes sense.
Ryan
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: Smart Card vs 1.44 Disk
Date: Tue, 05 Dec 2000 17:42:57 -0800
Anonymous wrote:
> One big difference. A smart card can Prove something by what it can do with
> a secret that it has. In effect, it can prove knowledge of the secret without
> revealing it.
In addition, a smart card can act as a vault for information, releasing
only specific bits of information in response to specific requests.
Different access codes can be required for different sets of
information. So I can enter a code into a machine that takes my smart
card that only allows the machine to do only some specific set of things
with the credentials in my smart card.
DS
------------------------------
From: "Noname" <[EMAIL PROTECTED]>
Subject: Re: What's better CAST in PGP or Blowfish 128bit?
Date: Tue, 5 Dec 2000 02:04:34 +0100
I need strong algorithm and it can be slow in encrypt/decrypt. I need the
best:o).
Tom St Denis <[EMAIL PROTECTED]> p��e v diskusn�m
p��sp�vku:90cctq$6ul$[EMAIL PROTECTED]
> In article <90be2d$f2v$[EMAIL PROTECTED]>,
> "Noname" <[EMAIL PROTECTED]> wrote:
> > Hi all!
> > What is better? CAST in PGP or Blowfish 128bit.
> > Does anywhere exists freeware program with new and strong algorithm?
> > Thx.
> >
>
> What is your requirement of the algorithms/systems?
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Timothy M. Metzinger)
Date: 06 Dec 2000 02:18:14 GMT
Subject: Re: Smart Card vs 1.44 Disk
In article <90jrg4$ic9$[EMAIL PROTECTED]>, "JustBrowsing" <[EMAIL PROTECTED]>
writes:
>I keep coming to this conclusion, once data has been securely locked up,
>does it matter what the medium is?
>Does giving the medium a "mind of its own" really make a difference.
Yep.. A smart card has an OS, and therefore can check itself on power up. In
fact, FIPS 140 compliance requires POST (power on self test) in a smartcard.
Also, a smart card can be designed to be tamper resistant (i.e. it can actively
zeroize itself if an attacker tries and fails to access it). A floppy can be
copied sector by sector onto a hard disk and then attacked over and over.
Also, as noted earlier, the smart card can prove it has the private key without
revealing it.
Good strong smart cards do all the crypto processing on the card itself, the
private key is generated on the card, and NEVER leaves it.
Smart cards are much better in high-assurance systems. You need to determine
how tightly you wish to bind the private key to an individual, and how strongly
you wish to clone the key.
Timothy Metzinger
Commercial Pilot - ASMEL - IA AOPA Project Pilot Mentor
'98 M20J - N1067W
Pipers, Cessnas, Tampicos, Tobagos, and Trinidads at FDK
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: newbie: how to persuade my managment not to do our own home-grown
encryption?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Dec 2000 02:25:03 GMT
On Wed, 06 Dec 2000 00:36:43 GMT, [EMAIL PROTECTED] <> wrote:
>Honestly, they're managers, hit them where it hurts; the bottom line.
>Point
>out that there are freely available, professionally made cryptopgrahic
>algorithms, and that you think that the development speed gains would be
>worth using the pre-made portions. From there it's a fairly simple
I also pointed out, to management, the damage to our reputation if we
implemented buggy, defective encryption and our encryption got picked
by Bruce Schneir as one of his example whipping boys. Our corporate
motto, after all, is "Backup you can trust." Not "Backup you can some
times, some days, trust." I pointed out, "We have to protect our
corporate name and reputation, because it's a valuable asset on our
balance sheet."
I'm afraid I've started speaking fluent marketese in the process of
bringing my current baby to market... I guess that means my days of
being an anonymous engineer in a cubicle at the back of the
Engineering department are over :-(.
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: ---- Are AES algorithms export restricted?
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Dec 2000 02:44:37 GMT
On Tue, 05 Dec 2000 23:39:57 GMT, Greggy <[EMAIL PROTECTED]> wrote:
>It just seemed to me as I was reading another post here that none of
>the AES algorithms could possibly be export restricted from within the
>US since they were all published during the AES contest. Am I
>correct? Or did I miss something in my thinking here?
You missed something in your thinking.
I suggest you go to http://www.nist.gov/aes and follow the links they
have there to the BXA export restrictions. Basically: Open source
software (such as the AES algorithms and their descriptions) can be
freely exported via the Internet as long as you publish the source
code on the Internet and send the URL to the BXAf which then probably
sends it to the NSA (I suggest that you go to http://www.crypto.com
and use Matt Blaze's nice EMAIL form there in order to do this, this
will also help with the "but we never received your submission"
problem if the NSA ever wants to come down on you). Consumer shrink
wrap software can include cryptography of any strength but you must
send a copy of it to the BXA along with the proper form and wait for
export approval, which supposedly is automatic.
Anything else may require various specialised licensing and
restrictions in order to export, but you'll have to read the BXA
regulations yourself and contact a good attorney knowledgable about
crypto export regulations (I think there's one or two of them in the
country, somewhere). I was only interested in the consumer shrink wrap
and open source cases, since I work for a software vendor that has
produced both kinds of software (i.e., both consumer shrink wrap and
Open Source software).
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: Journal of Craptology
Reply-To: [EMAIL PROTECTED]
Date: Wed, 06 Dec 2000 02:49:00 GMT
On Tue, 05 Dec 2000 12:10:31 -0600, Mike Rosing <> wrote:
>Lars Knudsen wrote:
>> A new issue of Journal of Craptology can be found at
>>
>> http://www.ii.uib.no/~larsr/crap.html
>
>Excellent! I really enjoyed "On the efficiency of elliptic curves
>arising in French literature", especially since I'm pounding my head
>against Harley et. al.'s recent paper. Now I have to find that
>connection to Bugs Bunny :-)
But the classic was in an earlier issue, the section on "Practical Key
Recovery", especially since the British government is so keen to
employ those techniques, albeit in slightly modified form ("Give us
your keys or to the gaol you go!").
Something to think about while we talk about the effectiveness of
encryption algorithms and such... i.e., that you can have the
strongest encryption in the world and it's no good if somebody gives
the attacker the key (whether voluntarily or no).
--
Eric Lee Green There is No Conspiracy
[EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: Cassj <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Re: Encrypting messages in images??
Date: Wed, 06 Dec 2000 02:39:50 GMT
I've tried posting this 3 times since 12/2/00.....
Steganography comes from the Greek, meaning "hidden writing". It actually
goes back as far as the Steganography allows an encrypted message to be sent
hidden within a graphic file OR a sound file. Steg is becoming very
important in the development of "Digital watermark" technology. Digital
watermarks, as you may know, will likely play a crucial role in the ecommerce
of digital media such as music.
I can recommend (2) books if you want to know more:
1. "Disappearing Cryptography" by Peter Wayner; 1996. ISBN: 012738671-8
(Intermediate/Advanced) 2. "Information Hiding - Techniques for
Steganography and Digital Watermarking" edited by Stefan Katzenbeisser and
Fabien A. P. Petitcolas; 2000. ISBN: 1-58053-035-4 (Advanced)
For the latest in digital watermarking, check out http://www.digimarc.com.
Hope this helps. Steg is very cool, and you can finds lots more through your
favorite Search engine.
-Cass
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Cassj <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.2600.hacker,alt.security
Subject: Re: Encrypting messages in images??
Date: Wed, 06 Dec 2000 02:35:45 GMT
test
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
