Cryptography-Digest Digest #280, Volume #13 Wed, 6 Dec 00 04:13:00 EST
Contents:
Re: Math background required for Cryptology ? (Tom St Denis)
Re: What's better CAST in PGP or Blowfish 128bit? (Tom St Denis)
Re: Possibly-new attack on D-H? (Paul Rubin)
Re: About governments and my ex-relatives in Finland and the U.S.A. ... ("John A.
Malley")
Re: [Question] Generation of random keys (Benjamin Goldberg)
Re: MD5 byte order (Benjamin Goldberg)
Re: [Question] Generation of random keys ("John A. Malley")
Re: Journal of Craptology (David A Molnar)
Re: About governments and my ex-relatives in Finland and the U.S.A. ... (Error_404)
Re: newbie: how to persuade my managment not to do our own home-grown encryption?
(Jon Haugsand)
Re: Simulataneous encryption and authentification (was IBM's new algorithm) (David
Wagner)
Re: ARCFOUR (RC4) used for CipherSaber-N (Glide)
Re: Smart Card vs 1.44 Disk (Francois Grieu)
Re: About governments and my ex-relatives in Finland and the U.S.A. ... (Richard
Heathfield)
Re: What's better CAST in PGP or Blowfish 128bit? (Bill Unruh)
Re: ---- Are AES algorithms export restricted? (Bill Unruh)
Re: Revised cipher (Jorgen Hedlund)
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Math background required for Cryptology ?
Date: Wed, 06 Dec 2000 03:29:07 GMT
In article <BhgX5.134660$[EMAIL PROTECTED]>,
"Ryan J Schave" <[EMAIL PROTECTED]> wrote:
> I have recently become interested in cryptology. Unfortunately my
knowledge
> of math is pretty weak. I imagine this small detail will hold me
back from
> learning everything I can about cryptology. I have pulled out my old
math
> books from college and looked at the TOC of each of them.
>
> What topics in math should I have a firm grasp of before I can expect
to get
> the most of cryptology? Obviously many topics in math are based on
other
> topics, but I don't want to spend time teaching myself stuff that I
won't
> use in my study of cryptology.
>
> Hope this makes sense.
Hmm well you should be familiar with programming languages such as C.
Should have a familiarity with how a processor works (assembly language
at least). Should have some finite math and linear algebra.
If you want to get into PK crypto you need to know alot of Number
Theory. If you want to get into symmetric crypto you need to know alot
of discrete mathmatics.
All in all if you want to be an avid amateur I would suggest high
school level maths.
If you want to be a pro, go to university and take compsci/math courses.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: What's better CAST in PGP or Blowfish 128bit?
Date: Wed, 06 Dec 2000 03:26:53 GMT
In article <90jlus$2rpc$[EMAIL PROTECTED]>,
"Noname" <[EMAIL PROTECTED]> wrote:
> I need strong algorithm and it can be slow in encrypt/decrypt. I need
the
> best:o).
You need to learn about crypto is what you need.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Possibly-new attack on D-H?
Date: 05 Dec 2000 20:17:06 -0800
Tom St Denis <[EMAIL PROTECTED]> writes:
> I believe in PGP new primes are chosen for each new DH/DSS key.
No there's a table of fixed Sophie Germain primes of various lengths.
They are generated according to an algorithm given in a comment in
the code. It also says how long it took to generate each one. For
the 1024 bit one I think it was on the order of an hour.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: About governments and my ex-relatives in Finland and the U.S.A. ...
Date: Tue, 05 Dec 2000 20:19:54 -0800
JustBrowsing wrote:
>
[snip]
> Actually I'm kidding, but I cant believe this is a real message. Probably a
> test to
> see who's really awake in this news group :)
Sometimes I wonder if these posts aren't truly:
1. Steganographic messages to some person or cell of persons.
2. Code signals to some person or cell of persons (some key word or
phrase is in the message and means something to those with the code book
or agreed upon use)
The crafted tone and content leads the casual reader to dismiss the
postings as inconsequential ramblings. This may deliberately hide the
true meaning.
It's just unusual to see these postings appear when they do, in
clusters, followed by relatively long periods of silence.
Or maybe they are just someone's idea of a joke on the readers of
sci.crypt and other USENET groups?
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: [Question] Generation of random keys
Date: Wed, 06 Dec 2000 04:20:31 GMT
Per Claesson wrote:
>
> Alan Rouse wrote:
> >
> > The original post on this thread was requesting source code to
> > generate a random key. I've never seen source code that could flip
> > a coin or roll dice.
>
> I guess a PRNG could be used for this purpose? I searched for one
> recently, and found Yarrow on www.counterpane.com (sorry, can't
> remember exact url).
Umm, Alan is saying that it's impossible to algorithmically perform a
real-world physical act. Code can simulate a coin flip, but not
actually do one. Anyone who believes that they can algorithmically
generate random number is in a state of sin. (Name that quote!)
--
There are three methods for writing code in which no bug can be found:
1) Make the code so straightforward that there are obviously no bugs.
2) Make the code so complicated that there are no obvious bugs.
3) Insist that any apparent bugs were really intentional features.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: MD5 byte order
Date: Wed, 06 Dec 2000 04:34:21 GMT
Paul Schlyter wrote:
>
[snip]
> However, reading is somewhat more complex than that. Only children
> who are learning to read do read text one single character at a time
> strictly from left to right -- that's why they read so slowly. When
> your reading skills improve, you learn to read whole words, or at
> least whole syllables, at a time. Therefore, when I read e.g. the
> number "76", it's not at all certain that I read the "7" before the
> "6" -- I can easily do it the other way around - or, most probalby,
> both at the same time.
>
> "But you say seventy-six, not six-seventy!!" I hear you cry. Yes, in
> English you do that -- but in e.g. German you do indeed say
> "six-and-seventy". Some other languages are even weirder -- in e.g.
> Danish you say "six and half-fours" where "fours" means "4*20=80"
> and "half" here implies "halfway between 3*20 and 4*20" i.e. 70.
> French is somewhat clearer -- they'd say "three-twenty ten and six".
And English used to be just as bad, until reading and writing [arabic
numerals] became common; 76 would have been "three score and sixteen,"
or something like that. Consider the famous speech which begins, "Four
score and seven years ago..." This was not considered archaic at that
time. People [English speaking people] counted things in dozens,
scores, gross. (I don't mean gross/disgusting, I mean gross as in one
dozen dozen.)
> Thus reading isn't as strictly sequential from left to right as you
> seem to believe.
--
There are three methods for writing code in which no bug can be found:
1) Make the code so straightforward that there are obviously no bugs.
2) Make the code so complicated that there are no obvious bugs.
3) Insist that any apparent bugs were really intentional features.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: [Question] Generation of random keys
Date: Tue, 05 Dec 2000 20:54:53 -0800
Benjamin Goldberg wrote:
>
>Anyone who believes that they can algorithmically
> generate random number is in a state of sin. (Name that quote!)
>
Paraphrase of John von Neumann (1951)-
"Any one who considers arithmetical methods of producing random digits
is, of course, in a state of sin."
(Knuth, The Art of Computer Programming", Vol. 2, pg. 1.)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Journal of Craptology
Date: 6 Dec 2000 04:47:23 GMT
Eric Lee Green <[EMAIL PROTECTED]> wrote:
> Something to think about while we talk about the effectiveness of
> encryption algorithms and such... i.e., that you can have the
> strongest encryption in the world and it's no good if somebody gives
> the attacker the key (whether voluntarily or no).
This is why forward security is important.
At least then you can limit the damage a bit.
-david
------------------------------
From: Error_404 <[EMAIL PROTECTED]>
Crossposted-To: alt.2600,alt.security
Subject: Re: About governments and my ex-relatives in Finland and the U.S.A. ...
Date: Wed, 06 Dec 2000 05:02:08 GMT
basically he's saying that there's a government conspiracy to causew him to
have a divorce, and leave the country, where he will never be admitted
again
Greggy wrote:
> In article <3a2d4b5b$0$94481$[EMAIL PROTECTED]>,
> "Huckleberry Hoshimoto" <[EMAIL PROTECTED]> wrote:
> > OK - we're clear on 5 points:
> > (1) Your a maste-oid
> > (2) You're exactly were you belong (outta HERE)
> > (3) Your ex-relatives have some common sense (& are probably
> celebrating
> > like crazy!)
> > (4) You're STILL whining to others who couldn't care less
> > (5) You are unclear on the concept of "Subject" vs. "Body Text"
> >
> > Our response is (or should be):
> > "What's your point?"
>
> How did you get ANY of that stuff out of his post? I cannot figure out
> what he is saying at all.
>
> >
> > "Markku J. Saarelainen" <[EMAIL PROTECTED]> wrote in message
> > news:90j1u3$6f9$[EMAIL PROTECTED]...
> >
> >
>
> --
> I prefer my fourth amendment rights over a dope free
> society, even if the latter could actually be achieved.
> Al Gore and the Florida Robes - More than just another rock group;
> a clear and present danger to America's national security.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Jon Haugsand <[EMAIL PROTECTED]>
Subject: Re: newbie: how to persuade my managment not to do our own home-grown
encryption?
Date: 06 Dec 2000 06:52:31 +0100
* [EMAIL PROTECTED]
> Honestly, they're managers, hit them where it hurts; the bottom
> line. Point out that there are freely available, professionally
> made cryptopgrahic algorithms, and that you think that the
> development speed gains would be worth using the pre-made portions.
I might also help to control the language. Call any algorithm
developed by amatours consequently for "pseudo crypto" and all good
cryptography for "real crypto". Define "real crypto" as those
algorithms well-known and developed by experts. Say you are willing to
lead a project to design and implement a "pseudo crypto" algorithm.
--
Jon Haugsand
Norwegian Computing Center, <http://www.nr.no/engelsk/>
<mailto:[EMAIL PROTECTED]> Pho: +47 22852608 / +47 22852500,
Fax: +47 22697660, Pb 114 Blindern, N-0314 OSLO, Norway
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Simulataneous encryption and authentification (was IBM's new algorithm)
Date: 6 Dec 2000 06:28:27 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Francois Grieu wrote:
>I hope I get David Wagner's point: a problem with the "plaintext
>makes sense" approach is that it might be possible to build up
>a message that makes sense from intercepted messages [...]
Yes, that's right.
>I tentatively propose the following symetric key encryption and
>message authentication technique:
>
>Message Authentication and Encryption
>- pad message as usual to make it n blocks of b bits M[i]
>- compute S = M[0] XOR M[1].. XOR M[n-1]
>- encipher and transmit the ciphertext
> C[0] = ENC(S)
> C[i] = ENC(M[i-1] XOR C[i-1]) for i in [1..n]
This is not secure under chosen-message attack.
The adversary can get the encryption of any block B he likes with
a single chosen-message query simply by picking a message M[0..n-1]
so that the xor of the message equals B. Since the ability to encrypt
is the only thing needed to create valid ciphertexts, this means that
the adversary can compute the encryption of any target message he likes.
------------------------------
From: [EMAIL PROTECTED] (Glide)
Subject: Re: ARCFOUR (RC4) used for CipherSaber-N
Date: Wed, 06 Dec 2000 06:38:19 GMT
Thank you guys for helping me.
the VB code I got from a set of .BAS modules by this benefactor:
Asgeir Ingvarsson
[EMAIL PROTECTED]
http://zarr.net/vb/download/encryption.asp
http://zarr.net/vb/download/files/encryption.zip
(so did a lamer named Waty Thierry at www.vbdiamond.com. he should
get an award for "most posted plagiaristic code, with no credit to the
actual author". if you look at what he takes credit for, you would
think he fricking invented VB)
his (Asgeir Ingvarsson's) VB SHA-1 implementation is spot on. between
using his SHA-1 module (to get good non-colliding vectors) and his RC4
module (with a little mod for large binaries), it was a quick task to
get a nice working version of Ciphersaber. I wanted to strengthen the
key schedule part a little due to the information here:
http://www.ciphersaber.gurus.com/cryptanalysis.html
can't get (Asgeir Ingvarsson's) MD5 module to pass known vector test,
but the SHA-1 and RC4 modules do indeed pass known vector tests.
Thanks again. I really get a kick out of the elegant simplicity of
RC4. Ron Rivest is brilliant.
On 5 Dec 2000 17:48:25 -0600, [EMAIL PROTECTED] (Not Amused) wrote:
>Yeah, dude. What you're doing is multiple mixes of the state array
>which is what you call "mixing the key". Cool VB code.
>
>
>On Thu, 30 Nov 2000 16:27:44 GMT, [EMAIL PROTECTED] (Glide) wrote:
>
------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Smart Card vs 1.44 Disk
Date: Wed, 06 Dec 2000 07:58:51 +0100
JustBrowsing <[EMAIL PROTECTED]> wrote :
> I cant see the advantages of a smart card over a 1.44 disk
> using good crypto techniques.
>
> I keep coming to this conclusion, once data has been securely locked
> up, does it matter what the medium is?
> Does giving the medium a "mind of its own" really make a difference.
Consider the following problem:
- the card is used as reserve of prepaid value to run copier machines
- the copier machines are not connected together
With a disquette or a magnetic card, a frauder can
- buy a new card valid say for 100 copies
- blindly copy the medium without understanding the crypto
- use the copies in each of 100 different copy machines
NB1: in fact, unless the copiers have some kind of permanent memory,
duplicates of the same card could be usable on the same machine)
NB2: this fraud scenario can be performed even if the frauder can
not obtain blank media, as long as he or she can read and write
the media.
With a Smart Card, the "mind of its own" in the Smart Card can be used
to cryptographicaly prove to the copier that the Smart Card is the real
thing, holds that much value, which can only get down; and this whith
high confidence, as long as the physical security mechanisms in the
Smart Card are not compromised.
Other good use of Smart Card is checking a user 4-digit PIN and
invalidating the card after 3 false presentation of PIN. The card
itself checks the PIN, counts errors, and invalidates itself.
Advantage is that offline terminals can be sure the user knows the PIN
of the card beeing used, while such terminals contain nothing that
could help a frauder recover the PIN from a card found without PIN,
beyond the 3/10000 probability of guessing the PIN right. The card
holder is thus well protected against missuse of her card in case of
loss.
As an aside, even if you consider it only as a medium, a Smart Card
is more convenient and robust than a disquette, and a media handler
capable of WRITING a Magnetic Card is more expensive, bulky, and
prone to wear than is a Smart Card reader. If you need to write to
the cards on the field, you may find that Smart Card technology
pays for itself immediately by requiring lower investment (unless
there are a lot of cards initialy), and/or on maintenance cost
(unless there is high turnover of cards). On the other hand if you
do not need to write to the card on the field and do not face a
serious risk of fraud, Magnetic Card is the likely winner.
Francois Grieu
------------------------------
Date: Wed, 06 Dec 2000 08:47:00 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Crossposted-To: alt.security
Subject: Re: About governments and my ex-relatives in Finland and the U.S.A. ...
[alt.2600 and comp.security reluctantly snipped - my news server doesn't
believe in them]
JustBrowsing wrote:
>
> Is this CypherText?
> We'd like to thank you for a perfect demonstration of subliminal
> obfuscation.
> Actually I'm kidding, but I cant believe this is a real message. Probably a
> test to
> see who's really awake in this news group :)
>
If so, the test is conducted at relatively frequent intervals.
It looks like great fun, actually. It's not the sort of thing one wants
to post under one's real name, but it might well be worth getting a Deja
account, specifically so that one can post this kind of crap
anonymously. Very cathartic, and you don't have to be all that
inventive, since a simple random text generator would seem to suffice.
I wonder whether [EMAIL PROTECTED] is taken yet?
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: What's better CAST in PGP or Blowfish 128bit?
Date: 6 Dec 2000 08:23:18 GMT
In <90jlus$2rpc$[EMAIL PROTECTED]> "Noname" <[EMAIL PROTECTED]> writes:
>I need strong algorithm and it can be slow in encrypt/decrypt. I need the
>best:o).
This makes no sense, sorry. Encryption is not about algorithms. There
are now many that are good enough.
>> > What is better? CAST in PGP or Blowfish 128bit.
Best for what? Cast is Canadian, so obviously it is the best. Blowfish
if free for all use, so obviously it is best. 3DES has probably been
studied longest without a break so obviously it is best. Rijndhal has
been approved by NIST so clearly it is best. .....
>> > Does anywhere exists freeware program with new and strong algorithm?
Sure. Any of those. Get for example Peter Gutman's libcrypt which gives
yu your choice of algorithms.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: ---- Are AES algorithms export restricted?
Date: 6 Dec 2000 08:27:26 GMT
In <90jucc$ik$[EMAIL PROTECTED]> Greggy <[EMAIL PROTECTED]> writes:
>It just seemed to me as I was reading another post here that none of
>the AES algorithms could possibly be export restricted from within the
>US since they were all published during the AES contest. Am I
>correct? Or did I miss something in my thinking here?
They are all export restricted. It is entirely legal to export printed
copies of algorithms. It is just not legal to export code without a
license (unless it is opensource code, in which case it does not need a
license, ..... read the law.)
------------------------------
From: Jorgen Hedlund <[EMAIL PROTECTED]>
Subject: Re: Revised cipher
Date: Wed, 06 Dec 2000 09:31:07 +0100
Reply-To: [EMAIL PROTECTED]
Benjamin Goldberg wrote:
>
Thanx for your response...
(and I know this isn't any programmers group, but the readers
might need this anyway.. =)
> Jorgen Hedlund wrote:
> >
> > >Benjamin Goldberg wrote:
> >
> > <snip alot>
> >
> > <snip some more>
<snip>
> Umm, oops? Hey, at least it's better than xyz's!
Censored the name, no need to pick on anyone publicly =)
> I'll add some space and comments.
>
> > Some guidelines to get better comments on your code
> > - please add some 'air' into the code. It's suffocating =)
> > - use understandable naming conventions on your variables
> > - and for G..'s sake, use braces whenever you open a block of code.
> >
> > ...and ofcourse, a little more comments _in_ the code would
> > be great..
>
> Ok, will do. Umm, where don't I use braces around blocks of code?
Use common sense =) Like these examples.
around if statements
if (abc)
{
...
}
else
{
...
}
loops of any kind
for (init; condition; uhm)
{
...
}
The general rule is to always use braces around code that might
or might not run, or might run more than once...
to simply enhance readability...
etc...
> > > void gb_init() {
> > > static int initialized = 0;
>
> Well, I'm sure you can guess what the above thing is for. It's so that
> the body of this function never is called more than once. Since this
> [and it's use] should be obvious, I won't mention it again.
doh! =)
> > > const int polys[8] = {
> > > 0xfdbf, 0xf7ef, 0xeff7, 0xdfef, 0xd7ff, 0xb7ff,
> > > 0xfff6, 0xfff5 };
>
> These are 8 order-16 primitive polynomials with coefficients in GF(2).
> Each one of them defines a finite field in GF(2**16). Since they are
> primitive, not just irreducible, 2**x is a generator in each of these
> fields. The linear step of the encryption is multiplication of the 8
> rows by 2**32, with each row being in one of these 8 fields.
GF?
And ** means power of, right? Like 2**2 equals 4? (I'm used to 2^2, but
that isn't really a good thing to use in the code since I believe that
means OR:ing or something.. =)
> > > uint8 pow[256], log[256];
>
> These are power and logarithm tables for the function 3**x in GF(2**8).
Ah, tables to enhance performance?
> > > int i, j, k;
> > > if( initialized ) return;
> > > for( i = 0; i < 8; ++i ) {
> > > int poly = polys[i], j;
> > > for( j = 0; j < 16; ++j )
> > > mask[15-j] |= ((poly>>j)&1) << i;
> > > }
>
> The above takes the 8 16-bit-polys and turns them sideways :)
You're AND:ing with 1, that will clear everything but the LSB, why?
> This allows the 8 encryption multiplications by 2**32 to be calculated
> in parallel.
*tilt*
> > > for( i = 0, j = 1; i < 256; ++i ) {
> > > log[pow[i] = j] = i;
> > > j ^= (j << 1) ^ ((j & 0x80) ? 0x1b : 0);
> > > }
>
> Hmm, that should be 0x11b, not 0x1b. Whoops!
=)
> Compute 3**x in GF(2^8). pow[x] = 3**x, and log[3**x] = x.
> 3**x is a generator function in this field.
> This is needed for the calculation below.
<snip>
> Yes, this is indeed very ugly. This loops creates the same sbox as
> Rijndael (and it's inverse). How is it doing this? Umm, err, I dunno.
> Maybe read the Rijndael paper? I got this stuff out of somebody else's
> AES implementation, and simplified it (it was even uglier before!).
It seems I need to study Rijndael, since I don't even know what a sbox
is. Any good papers around? Or perhaps even some source code that's
heavily commented? =)
> > > initialized = 1;
> > > }
> >
> > <snip rest of the code>
BR/jh
--
==========================================
J�rgen Hedlund, Software Engineer
Ericsson Software Technology, BGw
==========================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
