Cryptography-Digest Digest #326, Volume #13 Thu, 14 Dec 00 09:13:00 EST
Contents:
Re: Software PRNG.. (Francois Grieu)
Yet Another Challenge ( I hope ! ) (Kirk Whelan)
Re: Software PRNG.. (Jorgen Hedlund)
Re: Embedded Linux System Vs Smart Card ("Michael Schmidt")
Re: Sr. Cryptographer/mathematician (Rick Booth)
Re: On using larger substitutions (Mok-Kong Shen)
Re: On using larger substitutions (Mok-Kong Shen)
Re: Embedded Linux System Vs Smart Card (Tom St Denis)
Re: Custom Encryption Algorithm (Tom St Denis)
Re: On using larger substitutions (Tom St Denis)
Re: Software PRNG.. (Jorgen Hedlund)
Re: Sr. Cryptographer/mathematician ([EMAIL PROTECTED])
Re: Yet Another Challenge ( I hope ! ) ("Jeff Moser")
----------------------------------------------------------------------------
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: Software PRNG..
Date: Thu, 14 Dec 2000 10:20:20 +0100
[EMAIL PROTECTED] (Niklas Frykholm) wrote:
> The cool thing about Yarrow is that now we can say "go look at Yarrow"
> whenever someone asks about these things. It's like a FAQ. It saves
> bandwidth.
Problems with <http://www.counterpane.com/yarrow.html>
- the online paper does not contain figures, neither in the ps nor
in the pdf as far as I can tell; this makes it hard to grasp.
- quoting the website: "the source code implements an older version
of Yarrow, not the one specified in the paper."
François Grieu
------------------------------
From: Kirk Whelan <[EMAIL PROTECTED]>
Subject: Yet Another Challenge ( I hope ! )
Date: Thu, 14 Dec 2000 11:20:09 +0000
Hi everybody, as a result of watching this thread for a while,
and seeing the invites to see if things can be cracked.
I would like to ask for comments on a security algorithm that I
have been working on.
So people would like to see the plain text and the cyphertext,
OK
Here are a few instances of my name "Kirk" being encoded,
I have kept it short to ease the deciphering.
a9n09100p8dGdama8ck3
U500o3T6hR46H4R
m5z5d4L0oigXK0lgM0eh
BWvT6Jvo7ud
and a few instances of my phone number 01784436234
LVQ7bOa0jXpaus50Tvq6V36Cv5l57k53Pji
z4MY0h567x5Uv5DMxc55SBP7yKF04470gXkiXR9
D7caHRRa35GXa92BS19Yo21bpa3jf
Ok, a few clues, nothing new in innovation just application.
Fractionalisation in first and last stage.
Enigma wheels and primes that's it.
Oh I have done nothing to disguise frequency of letters at this stage.
3 random digits to produce the variations
A couple of clues as base number and two simple formulae where used.
Any takers.
Kirk Whelan
------------------------------
From: Jorgen Hedlund <[EMAIL PROTECTED]>
Subject: Re: Software PRNG..
Date: Thu, 14 Dec 2000 12:40:52 +0100
Reply-To: [EMAIL PROTECTED]
"John A. Malley" wrote:
>
> Jorgen Hedlund wrote:
> [snip]
>
> > Where could I catch on this kind of theory?
>
> Begin with introductory probability and statistics texts, such as
<snip>
Woa... Ok, thanks.. I'll get back here in a couple of years then ;)
I'll print it..
Once more, thanx..
BR/jh
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Embedded Linux System Vs Smart Card
Date: Thu, 14 Dec 2000 12:42:41 +0100
Hi,
I don't see any protected memory that is able to protect a private key
against reading it (with standard computing equipment) from the outside.
Michael
--
===================================================
Michael Schmidt
===================================================
Institute for Data Communications Systems
University of Siegen, Germany
www.nue.et-inf.uni-siegen.de
===================================================
The 'Thin Client Security Homepage':
www.nue.et-inf.uni-siegen.de/~schmidt/tcsecurity/
===================================================
http: www.nue.et-inf.uni-siegen.de/~schmidt
e-mail: [EMAIL PROTECTED]
phone: +49 271 740-2332 fax: +49 271 740-2536
mobile: +49 173 3789349
===================================================
### Siegen - The Arctic Rain Forest ###
===================================================
"Data" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:919cg7$1a5$[EMAIL PROTECTED]...
>
> Some people said that Embedded Linux System on prototyping board is as
> secure as smart card. What do you think? Is it really tamper-resistant as
> smart card?
>
> Example of Embedded Linux System:
> http://developer.axis.com/hardware/devboard/
>
>
>
> -Data
------------------------------
From: Rick Booth <[EMAIL PROTECTED]>
Subject: Re: Sr. Cryptographer/mathematician
Date: 14 Dec 2000 12:15:20 -0000
Tom St Denis <[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>,
> John Myre <[EMAIL PROTECTED]> wrote:
>> Tom St Denis wrote:
>> >
>> > In article <1ZrZ5.287$[EMAIL PROTECTED]>,
>> > "Matt Timmermans" <[EMAIL PROTECTED]> wrote:
>>>> Your rather gritty usenet manner is sometimes entertaining, Tom, but
>>>> there are many reasons to be more civil.
>>
>>> "You're rather..." hehehehe... Just trying to have some fun.
>> <snip>
>>
>> I'm not clear on something here. Do you seriously think
>> that Matt made a spelling error, which you gleefully get
>> to correct? Or, to be generous, perhaps you're attempting
>> some sort of pun? (To be clear: Matt's post is correct.)
>
> He implied a state of being "to be"/"is" in which case "your" is not
> correct. "You are better off..." is correct, or less formally "You're
> better off".
No. "You're rather juvenile on usenet" would be correct, but Matt's line
was correct. A usenet manner is a possession, and this one belongs to
you. "You are rather gritty usenet manner" is clearly nonsense.
> Nanananana!
Gritty is not the word I'd choose in this instance.
- rfb
--
[EMAIL PROTECTED] http://www.ma.umist.ac.uk/rb/
It is now quite lawful for a Catholic woman to avoid pregnancy by a
resort to mathematics, though she is still forbidden to resort to
physics and chemistry. -- H.L. Mencken
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On using larger substitutions
Date: Thu, 14 Dec 2000 13:13:14 +0100
Tom St Denis wrote:
>
> My point is that unless you intend to learn something (that you
> yourself don't know about) then why do it? Sure I know fire will burn
> me, but why must I go out and burn myself just to make sure?
>
> By all means if this idea is something new and you think there could be
> undiscovered merit, please share it with us. But as it stands I
> cryptanalyzed it and found it inferior to my design.
You seem to put up points that are not in the same direction.
Let me therefore answer these one for one separately.
HOW do you know that I knew the scheme before I posted the
article?? In fact I didn't. I recently thought a bit of how
the Playfair actually function and found that something
analogous but in my view more convenient to program and
probably better could be done. That's why I posted it, in
order to see whether the matter is o.k. and whether the
same has already been done before. The historical techniques
are very weak from today's standpoint but it doesn't mean
that they are for the waste bin. If I don't have any other
means of writing a secret message (without computer and
good algorithms, etc.), perhaps one of these old stuffs
could worth me quite a lot under certain circumstances!
So the answer to the first question is: I intended to
learn something and hence I did it. (There are on the
other hand some people who don't feel the need to learn
and imagine that they know very very much and, as shown
in matters that I recently happened to read somewhere,
blindly mock others of supposed errors, criticize even tiny
typos, only to show the shear ignorance of themselves.)
To the second question: Do you intend to mean I posted
something that 'everybody' knows? If not, please explain
what you really meant. If yes, please point out a
literature that contains that. I am not at all saying
that there is anything very valuable in what I posted
but only that I don't know such a reference.
The second to the last sentence of yours seems strange.
I did say in the original post about some (in my view)
small advantageous of the scheme in comparison to
Playfair. So I did let others 'share' that. If you
don't have a need to share that, because you are the
biggest crypto expert, that'a another matter. If you
think what I consider to be advantages isn't true,
you could argue and that's also another matter.
To the last sentence: If you have a design that you
found is better, this results only after I posted my
article, isn't it? If I didn't post, you wouldn't come
to this fact, would you? So what does the sentence
imply? Does it imply that I shouldn't post my article?
But then how could I know that you have a better
design? (I am not an adherent of parapsychology.) Now
let me in this connection come back once again to your
previous point of using MDS matrices. Could you write
offhand a program to deliver an arbitrary MDS matrix?
If yes, please tell me the essential techniques, for
I (always) like to learn something. Could you assume
that most other people can do the same? If one has
sufficient knowledge/resources/time etc. and is in
a good environment, one can certainly always get better
and even best things. But that doesn't mean inferior
stuffs are totally useless. To have aircrafts to quickly
go from New York to Los Angeles is fine. But sometimes
you would find that a bicycle can be very valuable to
you. Even though one could nowadays fairly confidently
count on the fact that AES will well satisfy the needs
of symmetric encryption for the comming decades, there
is no reason to stop discussing/studying in that
specific field. (And you yourself posted some of your
designs, didn't you? Or did you post only because you
are very sure that these are superior to AES?) For it
could not be excluded that by some chance certain useful
stuffs can develop through collective efforts. Remember
anyway that there are people like me who want to learn
and that it is entirely legitimate for them to do so in
this group, independent of the fact that you have the
air of knowing everying much much better than everybody
else and apparently constantly take pleasure in mocking
other's ignorance, incompetance and errors and what not.
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On using larger substitutions
Date: Thu, 14 Dec 2000 13:13:24 +0100
Simon Best wrote:
>
> Certainly your idea requires less processing than mine. After all, your
> cyclic shift can be implemented in hardware with just... wires!
>
> I guess you'd need at least two rounds to begin to get full diffusion?
Yes. The diffusion there is surely far from perfect. If
I am to use it (with a number of it in the manner of
polyalphabetical substitution), I'll follow it with a
transposition (of bytes of the message) and employ at
a number of such rounds. Of course, all this is old-
fashioned and can't compete at all with a good modern
block cipher but could be considered in extreme
situations where better stuffs are simply not available.
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Embedded Linux System Vs Smart Card
Date: Thu, 14 Dec 2000 13:05:40 GMT
In article <919cg7$1a5$[EMAIL PROTECTED]>,
Data <[EMAIL PROTECTED]> wrote:
>
> Some people said that Embedded Linux System on prototyping board is as
> secure as smart card. What do you think? Is it really tamper-
resistant as
> smart card?
>
> Example of Embedded Linux System:
> http://developer.axis.com/hardware/devboard/
Secure at doing what?
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Custom Encryption Algorithm
Date: Thu, 14 Dec 2000 13:11:23 GMT
In article <J6XZ5.48126$[EMAIL PROTECTED]>,
"Michael" <[EMAIL PROTECTED]> wrote:
> I have been interested in Cryptanalysis for a while now, and just
started
> reading this newsgroup a few weeks ago.
> By far, the biggest surprise I have found here is that you 'experts'
(only
> in quotes because I don't really know you) don't have a program that
you can
> cut and paste these EXTREMELY weak cipher texts into an spit out the
plane
> text.
> Not knowing any better, I thought you would.
> I ended up here due to MY quest for such a program.
Because if you knew anything about "real cryptography" you would
realize that such programs are hardly practical at all. Sure I could
write a program to break monoalphabetic messages with a known plaintext
language. However, real block ciphers are often very incompatible.
For example the analysis of RC5 is not applicable to that of Serpent.
> As I said in one of my first postings, I have written my own
(admittedly
> weak) algorithm.
> Reading this news group makes me less proud of my algorithm, but also
feel
> like my ciphertext is much much more secure than I though it was.
Well it isn't :-). Did you post your algorithm yet?
> Your standard answer to the people who post their cipher text is why
would I
> waste my time decoding it.
> Well, this place is all about Cryptanalysis. However, if I email a
friend
> using my algorithm and the email with the cipher text gets printed
out and
> left on my friend's desk at work, people as crypto savvy as you guys
won't
> be there, BUT the 'why should I waste my time' attitude WILL be there.
See the problem is how do you share a "key" to decrypt messages? You
will have to hand deliver the program to decode it. And if your cipher
is truly stateless it can be used only once to encode a message before
it's useless.
Real ciphers are known algorithms with secret keys. Sharing the keys
are a bit easier then a program since you can use a PK style algorithm
to distribute a short bit string.
Often ciphers where the construction of the cipher is key dependent are
weak. Such as FROG.
> On another subject, I am very disappointed no one replied to my
earlier
> posting where I describe a piece of hardware that I want to figure
out. I
> described the fact that I have the ability to do a Chosen-plaintext
attack,
> Adaptive-chosen-plaintext attack, Chosen-ciphertext attack, and
Chosen-key
> attack and I was looking for advice on how to proceed. Not a single
reply.
Well what algorithm does the device use? Doing black-box cryptanalysis
of a unknown algorithm is very difficult (given the algorithm is in
fact decent).
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: On using larger substitutions
Date: Thu, 14 Dec 2000 13:16:16 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
<snip>
> To the last sentence: If you have a design that you
> found is better, this results only after I posted my
> article, isn't it? If I didn't post, you wouldn't come
> to this fact, would you? So what does the sentence
> imply? Does it imply that I shouldn't post my article?
> But then how could I know that you have a better
> design? (I am not an adherent of parapsychology.) Now
> let me in this connection come back once again to your
> previous point of using MDS matrices. Could you write
> offhand a program to deliver an arbitrary MDS matrix?
> If yes, please tell me the essential techniques, for
> I (always) like to learn something. Could you assume
> that most other people can do the same? If one has
> sufficient knowledge/resources/time etc. and is in
> a good environment, one can certainly always get better
> and even best things. But that doesn't mean inferior
> stuffs are totally useless. To have aircrafts to quickly
> go from New York to Los Angeles is fine. But sometimes
> you would find that a bicycle can be very valuable to
> you. Even though one could nowadays fairly confidently
> count on the fact that AES will well satisfy the needs
> of symmetric encryption for the comming decades, there
> is no reason to stop discussing/studying in that
> specific field. (And you yourself posted some of your
> designs, didn't you? Or did you post only because you
> are very sure that these are superior to AES?) For it
> could not be excluded that by some chance certain useful
> stuffs can develop through collective efforts. Remember
> anyway that there are people like me who want to learn
> and that it is entirely legitimate for them to do so in
> this group, independent of the fact that you have the
> air of knowing everying much much better than everybody
> else and apparently constantly take pleasure in mocking
> other's ignorance, incompetance and errors and what not.
Creating MDS matrices is a matter of choosing a non-cyclic field such
as GF(2^w), a irreducible polynomial modulus and elements inside a
matrix such that no sub-matrix is singular. For a 4x4 such as in
Square/Rijndael/Twofish it is a matter of randomly making a matrix and
stepping through all possible sub-matrices (i.e cutting 0,1,2,3
rows/cols from the matrix). I haven't written a program todo this
before but I imagine I could over the x-mas holiday.
I never said posting inferior stuff is a waste of time. I said posting
stuff you know is inferior is a waste of time. Of which I tried to
inform you your design was weak. Listen to me or not. In the end you
will get some hotshot cryptographer shoot you down. It's better to
learn now then after you work on it.
I also never posted that my ciphers were the best. In fact I have a
warning statement on my website to the contrary. I like some of my
designs and I think they have a lot of merit (i.e the reason I posted
them) but that doesn't mean they are in fact better.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Jorgen Hedlund <[EMAIL PROTECTED]>
Subject: Re: Software PRNG..
Date: Thu, 14 Dec 2000 14:49:47 +0100
Reply-To: [EMAIL PROTECTED]
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Tom St Denis wrote:
> > Well, I'd rather like to know "how", than get the code from someone
> > else. I mean, ofcourse it's cool to use something free, but without
> > completely understand it, then it's kind of impossible to truly
> > trust it. Also, it would be difficult to know how secure my algorithm
> > is..
>
> I admire you. "I'd rather like to know "how"," the sign of a true
> scientist!!!
Well, how else could you improve yourself? Also, how could you come up
with something better than the existing stuff today? =)
> Well there are a lot of texts on it. I am not terribly well versed in
> the theory, just the implementations.
Same here, but I'm trying hard to get "well versed", and I've found out
that the guys/gals in this NG are most kindly sharing their experience.
I'm grateful for that.
> A LFSR is a Linear Feedback Shift Register and a LFG is a Lagged
> Fibonacii generator (a special form of LFSR). LFSR style math has been
> used in CRC generators and various PRNGs.
And these "algorithms" (?) are implementable in software? It sounds like
true hardware stuff. A computer can't possibly recreate everything that
specific hardware devices can do.
It seems also that if one should be able to create something truly
random, one needs to "connect" with the analogue world in some way.
The computers of today are, imho, too predictable. I have no proof
of my statements, but it's some kind of feeling that I have.
For instance when they (Sun? Sgi?) took a lavalamp and filmed it (?)
and then used the information to create some random series. (The lava
lamps are more or less random I've heard.) This is an example of using
the "real" world to create randomness.
Also I read a post here, that a simple "RG" could be accomplished by
sampling data from a microphone or similar. That is also a "connection"
with the analogue world (although it becomes digital).
The conclusion of this is that with today's computers, one needs to
(in best case) take some random occurrance in the analogue world and
use this to produce randomness in the digital world. Although with
today's methods there are not really a 1-to-1 connection between the
analogue world and the digital; the "data" has to be converted before
entering the computer itself (via I/O). One far fetched (?) idea would
to use the random analogue "data" to affect the hardware of the digital
world (not using A/D converters though). How this should be done, I've
no idea...
BR/jh - nearly a non-believer of digital randomness.. (d'oh!)
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Sr. Cryptographer/mathematician
Date: 14 Dec 2000 13:50:35 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> On Wed, 13 Dec 2000 15:47:57 -0700, John Myre <[EMAIL PROTECTED]>
> wrote, in part:
>>It is "known" in the sense that experience has shown it to
>>be true. But I know of no theoretical basis to believe it.
>>Matt Timmermans' ruminations on this topic are interesting.
> I guess the theoretical basis most people believe is applicable is
> simply the fact that the target CPU has to be provided with all the
> information needed to run the code.
But that argument doesn't really hold water. Having the information
doesn't mean you can extract anything useful from it. For example,
you have all the *information* you need to break RSA in the public
key. But it's computationally infeasible to extract anything useful
from it.
Likewise, it might be possible to have software that has all the
information needed to run/break it, but have it be computationally
infeasible to actually break the copy protection (or whatever your
goal is). I've seen some schemes for this, but I've never seen one
that looks really good. Most of the more promising ideas require
communication (hopefully not a lot!) with some sort of authentication
server.... I've never seen a stand-alone solution that was useful at
all.
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: "Jeff Moser" <[EMAIL PROTECTED]>
Subject: Re: Yet Another Challenge ( I hope ! )
Date: Thu, 14 Dec 2000 08:59:48 -0500
> Hi everybody, as a result of watching this thread for a while,
> and seeing the invites to see if things can be cracked.
If you'd read the FAQ, you'd notice that unless you publish your source code
and/or algorithm description with plaintext/ciphertext pairs, this request
is worthless and no one will guess it. Security by obscurity is bad.
Jeff
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
