Cryptography-Digest Digest #459, Volume #13 Fri, 12 Jan 01 08:13:01 EST
Contents:
Re: Linear analysis (Benjamin Goldberg)
Re: Enigma Emulator for Palm Pilot? (Rich W.)
Re: Need of very simple algorithms? (Shawn Willden)
Re: rc4 in javascript bug ([EMAIL PROTECTED])
Re: Need of very simple algorithms? (Paul Rubin)
Help.......Choice of Rijndael as the AES ("Haider Ali")
Problem with Lanaki Lession #1 ("Rob Marston")
Re: Help.......Choice of Rijndael as the AES ("Jakob Jonsson")
Re: Comparison of ECDLP vs. DLP ("Jakob Jonsson")
Re: NSA and Linux Security (David A Molnar)
Re: ---- Free public domain encryption is released from EAR. (Mok-Kong Shen)
Re: NSA and Linux Security (Mok-Kong Shen)
Re: Bluetooth security? ("kihdip")
HackSDMI challenge ("Julien Stern")
Re: Help.......Choice of Rijndael as the AES (Roman Meisl)
Novell Netware authentication (Chris Johnson)
Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle (Ed Augusts)
Re: Need of very simple algorithms? ("Lyalc")
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Linear analysis
Date: Fri, 12 Jan 2001 05:42:48 GMT
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> > Does anyone know of any program which automatically does analysis of
> > an sbox to find linear relationships?
>
> Sboxgen can be hacked at todo it. Provided the sbox is small enough.
>
> > Also, does anyone have any suggestions for a program to assist me in
> > doing linear analysis of a cipher (not just of the sbox) -- perhaps
> > a symbolic math package, (like maple or matlab or mathematica) might
> > help?
>
> Like differential analysis each cipher is different. Linear analysis
> has a style or technique if you will but it's not concrete. A good
> linear analysis of SAFER for example will not work in DES.
>
> > I don't have one, and unless I think it'll help, I'm not going to
> > get one (I'm a bit short on disk space).
> >
> > Lastly, has anyone already *done* linear analysis of the
> > Rijndael/AES sbox?
>
> Yup, it has a maximum WalshTransform output of -16/14 I believe (or
> -14/16) which means that p=16/256 and you need 1/(p^2) plaintexts or
> all of them to crack it. After the affine transform is added the WT
> output is -16/16.
I thought it was (2/p)^r, not 1/(p^2)? How do I go from knowing about
the Walsh Transform of a function, to knowing how many rounds are needed
to make the cipher secure against linear attacks?
> In other words if you used the sbox as an 8-bit cipher it would be
> immune to differential attacks after two rounds (given by
> (2/(4/256))^r > 256) and a single round for linear attacks.
Well, I'm using the 8x8 sbox as the F function of a 16 bit fiestel. I
think this means that I need
(2/DP_max)^r > 65536
to be secure against differential attacks. If DP_max is 4/256, this is:
(2/(4/256))^r > 65536
(2*(256/4))^r > 65536
(2*64)^r > 65536
128^r > 65536
and taking the log2 of both sides, this becomes:
r log2(128) > log2(65536)
Thus, using r > 16/7 should be sufficient to protect against
differential attacks.
But what do I need r to be to protect a 16 bit fiestel from LINEAR
attacks? That's what I need to know.
> Keep in mind that the algebraic degree (sans the affine transform) is
> low and can be manipulated with interpolation attacks (Knudsen has a
> paper on the subject).
Well, I'm considering using the AES sbox *with* the transform... or the
TC5 sbox. Is the WalshTransform the same as the algebraic degree?
And how does it (either the WT, or the algebraic degree) help me perform
(or help me prevent) a linear attack on the cipher?
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: Rich W. <[EMAIL PROTECTED]>
Subject: Re: Enigma Emulator for Palm Pilot?
Date: Fri, 12 Jan 2001 00:46:09 -0500
The voices in my head tell me that
In article <2jb*[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> Google search for "palm enigma", first result:
> http://www.geocities.com/SiliconValley/Screen/1565/PEnigma.htm
>
> It behaves slightly oddly on my Vx but I'm talking to the author about
> why that might be.
Man, I searched on google but must have used some inobvious key
words because I came up with nothing! :-)
Thanks! :-)
His download link isn't working at the moment but hopefully that will
change.
--
Rich...
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Thu, 11 Jan 2001 23:33:26 -0700
Robert Scott wrote:
> But the market dictates
> that the keyfobs that implement this technology have to cost under
> $1 and generally have severe RAM and ROM limitations. Can you
> implement AES is a Microchip 12C508?
I don't know about that particular microprocessor, but many low-end smart
card microprocessors cost well under $1, and they're capable of performing
AES operations.
Shawn.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: rc4 in javascript bug
Date: Fri, 12 Jan 2001 07:24:04 GMT
I need to escape and unescape in that order for html code only because
having the following characters : < > & could be interpreted as a tag
fragment or the start of an accentuated character. But now, I think
that I need to do this :
- escape(encrypt(escape(plain html)))
- unescape(decrypt(unescape(encrypted html)))
... but I'd rather try writing a java applet if it's really slow. Is
avoiding the evals in the swap function still making it a viable option
?
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: 11 Jan 2001 23:34:40 -0800
Shawn Willden <[EMAIL PROTECTED]> writes:
> I don't know about that particular microprocessor, but many low-end smart
> card microprocessors cost well under $1, and they're capable of performing
> AES operations.
$1 is a lot of money for a low end device. If my company wants to
ship 100 million smart cards, and AES needs a $1 processor but
Skipjack needs a 35 cent processor, I'm going to have an awful hard
time convincing the CEO to give up $65 million from the company's
bottom line in exchange for some abstract theoretical security
improvement.
------------------------------
Reply-To: "Haider Ali" <[EMAIL PROTECTED]>
From: "Haider Ali" <[EMAIL PROTECTED]>
Subject: Help.......Choice of Rijndael as the AES
Date: Fri, 12 Jan 2001 16:39:43 +0800
*** post for free via your newsreader at post.newsfeeds.com ***
Can anyone help in guiding me to publications/results of researches on
comparison of the five AES finalists in terms of security, performance,
strength of the algorithm etc......
I am working to see how the choice of Rijndael as the AES can be justified.
Or if others were better in certain regards........
Free online papers would be very much appreciated.....
Thanks
**** Post for FREE via your newsreader at post.newsfeeds.com ****
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*** Newsfeeds.com - The #1 Usenet Newsgroup Service on The Planet! ***
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
http://www.newsfeeds.com��� | http://www.newsfeeds.com
|
* Anonymous posting server! | * Totally Uncensored!
* SUPER Servers! | * Over 80,000 Newsgroups!
* BINARIES ONLY Servers! | * 16 seperate Newsgroup Servers!
* SPAM FILTERED Server! | * Instant access!
* ADULT ONLY Server! | * Multiple OC 3's and OC 12's!
* MP3 ONLY Server! | * 99% Article Completion!
* MULTIMEDIA ONLY Server! | * Months of Retention!
* 7 UNCENSORED Newsgroup Servers | * Lightning FAST downloads!
|
http://www.newsfeeds.com | http://www.newsfeeds.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
� **** Point your newsreader to post.newsfeeds.com ****
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------
From: "Rob Marston" <[EMAIL PROTECTED]>
Subject: Problem with Lanaki Lession #1
Date: Fri, 12 Jan 2001 08:12:25 -0000
I've been looking at the Lanaki Lesson #1 at
http://www.und.nodak.edu/org/crypto/crypto/lanaki.crypt.class/lessons/lesson
01.zip
and I'm having problems getting his Tally chart to work.
The first line of the "Next we develop a CT Letter Position Chart"
chart is given as
A 11 : / / ..... /// /
This seems to indicate that the number of words who's third
Character is an A is one.
Now when I look at A-2 I find that three words have their
third character set to A, these are...
1) XHAWF
2) TGAHPKD
3) XMAWOVFSARF
Now I understand that word (1) is only five letters long so
the A is probably treated as a middle letter and not a third
Letter! But this still leaves me with two other words where
Lanaki only scores one.
Can anybody tell me what I'm doing wrong?
Rob
------------------------------
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: Help.......Choice of Rijndael as the AES
Date: Fri, 12 Jan 2001 09:47:35 +0100
www.nist.gov/aes
http://www.ii.uib.no/~larsr/aes.html
"Haider Ali" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> *** post for free via your newsreader at post.newsfeeds.com ***
>
> Can anyone help in guiding me to publications/results of researches on
> comparison of the five AES finalists in terms of security, performance,
> strength of the algorithm etc......
>
> I am working to see how the choice of Rijndael as the AES can be
justified.
> Or if others were better in certain regards........
>
> Free online papers would be very much appreciated.....
>
> Thanks
------------------------------
From: "Jakob Jonsson" <[EMAIL PROTECTED]>
Subject: Re: Comparison of ECDLP vs. DLP
Date: Thu, 11 Jan 2001 10:13:05 +0100
> Now I would like to know what you mean by "weak". If you say that some
> people can argue that "1 exists" is a weak postulate, then I think you
> are in error.
Compare the statements "If G is a group, then property P holds" and "If G is
an abelian group, then property P holds". The second statement is weaker,
because the assumption on the group is stronger (or, put another way, if the
first statement is true, then the second statement is true as well). Theorem
B is weaker than (is a special case of) Theorem A if A implies B. I don't
argue against the Peano axioms...
It's another matter that my silly postings about how to interpret the random
oracle model in practice didn't make much (if any) sense. Thanks Roger,
David, David, and Dan for your comments.
Jakob
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: 12 Jan 2001 08:35:20 GMT
[EMAIL PROTECTED] wrote:
> granted, that if they *could* put in a backdoor without worrying about
> being found, they would be the people suspect to do so,
Just a note - if SHA-1 has some kind of secret backdoor which allows us to find
collisions easily, does this lead to key agreement? (i.e. do chameleon hashes
imply key agreement) (I have a sneaking suspicion that they imply oblivious
transfer)
(another thing - if DES has a trapdoor that allows easy decryption, then
that's public-key cryptography right there.)
So if the NSA has a way to do this, then they may have a way to do very, very
efficient key agreement and public-key encryption. At least for the encryption
side of things. Decryption we have no idea how fast it is or could be, of
course.
Would it be reasonable for them to implement such a capability if they had it
for this purpose? if so, where?
-David
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: ---- Free public domain encryption is released from EAR.
Date: Fri, 12 Jan 2001 10:22:42 +0100
Greggy wrote:
>
[snip]
> According to these two sections, it seems clear that if someone wishes
> to post their strong encryption software to the web, then all they need
> to do is make it publicly available and notify BXA of the download web
> page address at the time (or before) they actually post it.
>
> Now I called the BXA and asked about Q&A #26 (see
> http://www.bxa.doc.gov/Encryption/Oct2KQandAs.html). Specifically, I
> asked if posting is adequate for making the source publicly available
> or must I publish it some other way first to qualify it for posting on
> the internet. The person I talked to was very certain in her answer,
> that you can post it and that is adequate.
Could you compare the current document with the one before
the revision? If there is a change in this point, then your
conclusion should be correct.
BTW, does anyone know definitely about the same issue
with respect to the Wassenaar Arrangements?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Fri, 12 Jan 2001 10:22:36 +0100
"Douglas A. Gwyn" wrote:
>
> "Eternal vigilance is the price of liberty" applies to one's own
> government as well as to foreign ones, perhaps moreso since the
> native threat is subtler and more long-range. (How to boil a
> frog.) But accurate information is required if one is to keep a
> meaningful watch.
You are right in theory. On the other hand, how is one
in practice to get the needed accurate information? If your
telephone or mobile phone is taped, would you ever know it,
assuming that the workers involved are not too stupid?
(Stupidity does seem to happen sometimes, but then the
best you obtain is some clues, not proof!) It is noteworthy
in this connection that even a certain investigation of EU
into a world-wide interception project essentially failed
for political reasons (if I don't err).
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: Bluetooth security?
Date: Fri, 12 Jan 2001 10:57:17 +0100
I have been comparing the chapter 14 (Security) in the baseband spec. (1.0b
vs. 1.1)
As far as I see it, there are no changes, apart from a little re-write. No
changes on the technical part at all.
Am I right or have I missed something ???
Kim
"Ingmar Grahn" <[EMAIL PROTECTED]> wrote in message
news:93hgaa$b9u$[EMAIL PROTECTED]...
>
> > from what i hear there are some discussions about extending
> > security. but cannot go into detail here.
>
> You say there are some discussions about extending the Bluetooth security?
> Could you be a bit more specific about this? I just e-mailed Markus
> Jakobsson at Bell-labs (who's one of the authors of "Security Weaknesses
in
> Bluetooth") asking if he knew if any of the weaknesses found in the v1.0B
> standard of Bluetooth was to be corrected in v1.1. But he said that the
> flaws were still present in this version. Isn't this extended security
> you're talking about supposed to be released until the v2.0 standard? And
> anyway, what will this extended security consist of?
>
> /Ingmar Grahn
>
>
>
------------------------------
From: "Julien Stern" <[EMAIL PROTECTED]>
Subject: HackSDMI challenge
Date: Fri, 12 Jan 2001 10:19:48 GMT
Dear All,
We would like to announce the opening of a web site which presents our
first results on the HackSDMI challenge regarding audio watermarking
(see http://www.hacksdmi.org) and hopefully will eventually serve as a
discussion forum and pointer list on this topic.
We are two french students in computer science (respectively in cryptology
and signal processing) and we have successfully managed to defeat all
the watermarking technologies proposed in the HackSDMI challenge.
In particular, we were able to almost fully understand one of the technology,
and believe that we can "surgically" remove the mark, that is, essentially
recreate the original unmarked song from the marked version. This is a
rather important fact as our results can be stated without the need for
any audibility testing.
A web page detailling our results is located at
http://www.julienstern.org/sdmi/
It includes a first detailled technical report on one technology
which is intended for an academic research audience, as well as some
simpler explanations of what we understood of the SDMI framework.
Your comments are naturally very welcome.
Sincerely,
Julien Stern and Julien Boeuf
------------------------------
From: Roman Meisl <[EMAIL PROTECTED]>
Subject: Re: Help.......Choice of Rijndael as the AES
Date: Fri, 12 Jan 2001 11:19:51 +0100
Hello Ali!
> Can anyone help in guiding me to publications/results of researches on
> comparison of the five AES finalists in terms of security, performance,
> strength of the algorithm etc......
>
> I am working to see how the choice of Rijndael as the AES can be justified.
> Or if others were better in certain regards........
You might try the following links:
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
http://csrc.nist.gov/encryption/aes/
http://www.counterpane.com
(Bruce Schneier's page - stuff concerning twofish may be found)
http://www.ii.uib.no/~larsr/bc.html#BBS99
(quite similar link as you got before)
Hope this will help you
Bye
Roman
------------------------------
From: Chris Johnson <[EMAIL PROTECTED]>
Subject: Novell Netware authentication
Date: Fri, 12 Jan 2001 12:16:30 -0800
Does anybody have any information on the authentication protocol used to
log a user into a netware server ?
Novell's site has a lot of text about how good their security but don't
seem to actually state what algorithms are used.
Thanks,
Chris
------------------------------
From: Ed Augusts <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.sci.astro.eclipses,sci.geo.earthquakes
Subject: Re: Comets, Meteors, and Mitotic Spindles /Mars Life angle
Date: Fri, 12 Jan 2001 12:28:27 GMT
Scot Mc Pherson wrote:
>
> Part of the interest of finding things is finding them and not having them
> placed on a silver platter for you...How much better do you feel when you
> look at Jupiter through your backyard self made telescope? Does it compare
> to looking at a photo taken by the Hubble? I would prefer my own telescope
> and the work that goes along with it.
>
> I am sorry if I disappointed you by merely pointing the direction to look.
> Next time I will make sure I take all the fun out of it for you
>
> Scot Mc Pherson
Gee! You're right, of course! I'm sorry, but I couldn't 'read' this
motive of 'pointing out the direction and letting US find it' in your
original statement.
Please DON'T take all the fun out of it for us! No "silver platter" is
required... It was wrong of me to not see that you might have had an
interesting point of view about merely HINTING at the location of this
crater! Kind of like in a children's mystery story!
You STILL haven't told us where the crater is! Oh, OH! right! OK,
I'll go look for it now. ...More fun that way!
>
> Ed Augusts <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Scot Mc Pherson wrote:
> > >
> > > > After all, do you see a mars-sized crater on earth from the moon's
> > > > creation?
> > >
> > > Actually yes you do...Find a map or globe that displays underwater
> > > terrain...Then look at Australia again....Then come back here and say
> the
> > > above again....I know you won't =)) I believe the phrase you will come
> up
> > > with will be something like holy s***
> > >
> > > Scot Mc Pherson
> >
> > Instead of referring us to the map or globe, it would have been nice if
> > you had said, "there is a two thousand km diameter depression in the
> > shape of a crater located...." You are not giving information, you are
> > just teasing. See, I would have been very interested to know if this
> > underwater feature is in the middle of the Indian Ocean, or in the
> > Indonesian Archipelago, but I'm not going to go on a big search for the
> thing!
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Need of very simple algorithms?
Date: Fri, 12 Jan 2001 22:54:56 +1100
The cost may not all be attributed to any security improvement, but the
'comfort' of using a government ratfied choice of algorithm, which may even
become so widely used that anyone not using it could seen as less competent.
In other words, a market call, not a technical decision.
Lyal
Paul Rubin wrote in message <[EMAIL PROTECTED]>...
>Shawn Willden <[EMAIL PROTECTED]> writes:
>> I don't know about that particular microprocessor, but many low-end smart
>> card microprocessors cost well under $1, and they're capable of
performing
>> AES operations.
>
>$1 is a lot of money for a low end device. If my company wants to
>ship 100 million smart cards, and AES needs a $1 processor but
>Skipjack needs a 35 cent processor, I'm going to have an awful hard
>time convincing the CEO to give up $65 million from the company's
>bottom line in exchange for some abstract theoretical security
>improvement.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
