Cryptography-Digest Digest #469, Volume #13 Sun, 14 Jan 01 17:13:01 EST
Contents:
Re: Challenge/response with MD5 (Ivan Skytte =?iso-8859-1?Q?J=F8rgensen?=)
Re: Challenge/response with MD5 (Ivan Skytte =?iso-8859-1?Q?J=F8rgensen?=)
Re: Cavell Challenge #1 ("John A. Malley")
Re: SHA-1 of a streaming datastream (Tom St Denis)
Re: storing private keys (Tom St Denis)
Re: NSA and Linux Security (digiboy | marcus)
Re: Has anyone seen these men? (Bryan Mongeau)
Re: NSA and Linux Security (David Wagner)
Re: NSA and Linux Security (David Wagner)
Re: ---- Free public domain encryption is released from EAR. (Greggy)
Re: NSA and Linux Security (David Wagner)
Re: NSA and Linux Security (David Wagner)
multiple anagramming? (Benjamin Goldberg)
Hilbert polynomials ("�lisabeth Konstantinou")
Re: NSA and Linux Security (Mok-Kong Shen)
Re: Has anyone seen these men? ("Michael Scott")
Re: Has anyone seen these men? ("Michael Scott")
Re: Cavell Challenge #1 (Scott Contini)
----------------------------------------------------------------------------
From: Ivan Skytte =?iso-8859-1?Q?J=F8rgensen?=
<[EMAIL PROTECTED]>
Subject: Re: Challenge/response with MD5
Date: Sun, 14 Jan 2001 19:58:37 +0100
Roger Schlafly wrote:
> =
> Ivan Skytte J=F8rgensen wrote:
=2E..
> >
> > To elaborate:
> > receive challenge B1
> > generate random block B2
> > calculate MD5(shared_secret+B1+B2)
> > send MD5 + B2
> > (this is done by both ends)
> =
> I don't see why. Someone who intercepted a successful exchange
> would know B1, B2, and MD5.
Yes. But he would not be able do differential-style attacks. (Is there
such a thing as differential attacks on hashes?)
> The guessing might succeed if the secret is
> a short password.
Fortunately it is not.
------------------------------
From: Ivan Skytte =?iso-8859-1?Q?J=F8rgensen?=
<[EMAIL PROTECTED]>
Subject: Re: Challenge/response with MD5
Date: Sun, 14 Jan 2001 20:04:57 +0100
David Schwartz wrote:
>
> > Any opinions?
>
> How many bits is the shared secret and how is it generated?
Variable size. At least 865 bits and at most 2904 bits.
They are generated once collecting entrophy from a user pushing keys
(The actual prompt is "Think of your favorite powerpuff girl and then
type some random characters")
I am only considering the extended scheme with the random bitblock "B2".
I expect to use something like /dev/random under Linux to generate it.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Cavell Challenge #1
Date: Sun, 14 Jan 2001 11:13:44 -0800
The sci.crypt FAQ warns against posting ciphertext from new and unknown
algorithms with a challenge to crack the code. (See
http://www.faqs.org/faqs/cryptography-faq/part02/ )
And I agree this is not rec.puzzles.
But this thread offers something of value with respect to
cryptanalysis. Mr. Cavell gave some information about the nature of the
cipher algorithm ("can be solved with pen and paper and basic
techniques." ) Mr. Heathfield concluded the algorithm used is a
one-time pad and offered his solution.
The characteristics of the ciphertext did not fit expected
characteristics for ciphertext from a one-time pad. The ciphertext
didn't "look" like the output of a one-time pad to me since I saw too
many Rs in the message and no Os or Is (with respect to the other
characters appearing.) So I checked the frequency profile (number of
times a symbol in the alphabet occurs. ) It's not "fairly" uniform as
one would/should expect for a one-time pad. The peaks and troughs in the
frequency profile matched (in shape) the peaks and troughs for English
text. That indicates a simple monoalphabetic substitution cipher
algorithm.
I don't recall many posts talking about the characteristics or "imprint"
a cipher system leaves on the ciphertext. That's the first "chink in
the armor" exploited by cryptanalyists working to crack a fielded
system. Even when one knows the cipher algorithm one relies on
relationships between ciphertext and plaintext introduced by the
algorithm to crack it more efficiently than with brute-force search over
the keyspace.
This exercise in recognizing a monoalphabetic substitution cipher verses
a one-time pad is valuable in this light.
Transpositions and/or substitutions leave tale tell marks on the
ciphertext recognized with respect to limited knowledge of the plaintext
(maybe just the language used and the context of the message - why it
was send, probable subject matter.)
If curious about the kinds of "characteristics" a cipher leaves on the
ciphertext, check out William Friedmann's "Military Cryptanalysis"
series and the Callimahos & Friedmann "Military Cryptanalytics" series
at Aegean Park Press
http://www.aegeanparkpress.com/
Both provide systematic instruction in techniques to recognize and
exploit ciphertext characteristics. The series span simple substitution
ciphers to aperiodic substitution and transposition ciphers. And the
techniques carry over to today's ciphers.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: SHA-1 of a streaming datastream
Date: Sun, 14 Jan 2001 19:05:35 GMT
In article <93sotm$tor$[EMAIL PROTECTED]>,
"Jesper Stocholm" <[EMAIL PROTECTED]> wrote:
>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:93sn0h$krl$[EMAIL PROTECTED]...
> > In article <93shvu$o7b$[EMAIL PROTECTED]>,
> > "Jesper Stocholm" <[EMAIL PROTECTED]> wrote:
> > > How do I make a 160bit SHA-1 of a stream of data ? I need it for a Smart
> > > Card implementation of ECDSA, where I in rare cases need to be able to
> > > calculate the SHA-1 value inside the card - if no powerfull klient-PC is
> > > available to the user. The problem here is, that it is not always
> possible
> > > to store the entire amount of data inside the card ... so I was thinking
> > > about streaming the data thru the card and calculating the SHA-value as
> it
> > > passes thru.
> > >
> > > Can it be done ... and does it make sense to do it ?
> >
> > If you read the SHA-1 spec (like you probably didn't because you are
> probably
> > a lame ass coder wanting others todo work for you) you would find out that
> > SHA-1 compresses 512-bit blocks at a time. So yes, it's possible to hash
> a
> > message in smaller chunks then the entire thing at once.
> >
>
> hmmm ...
>
> If you look at my posting (like you probably didn't because you are probably
> just looking for someone to take something out on), I didn't ask for
> "downloadable code", "free sourcecode" etc ...
>
> I had looked at the specification at http://csrc.nist.gov/cryptval/shs.html,
> but I must have missed the part you refer to. I wanted a binary answer -
> yes/no - but you must have missed this in you eagerness to let out some
> steam.
>
> But all things being equal, you answered my question, so I will now continue
> with my work.
Sorry if I seemed mean, but alot of people (I mean alot) ask really stupid
questions like "where can I find source to" or "I can't figure out how to use
yahoo can you find this for me". It makes the forum pratically worthless.
The intent is to fend off dumb kids etc who don't want to at least try and
work on their own projects first. Asking for help is cool, asking for
handouts is not.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: storing private keys
Date: Sun, 14 Jan 2001 19:06:35 GMT
In article <[EMAIL PROTECTED]>,
"Lucas C. Ferreira" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> can anyone poit me to any information on secure storage of private keys on
> disk. I am building a server that will need to sign some messages and, if
> possible, should start automatically at boot time and retrieve its private
> key from secure storage. I am firstly seaking a software only solution but
> may consider solutions that involve special-purpose hardware if there is a
> significant increase in security and ease of use.
STUPID IDEA. You should have the user enter a password or physical dongle
(that they keep with them). Otherwise there is no security.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: digiboy | marcus <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Sun, 14 Jan 2001 19:12:00 GMT
In article <[EMAIL PROTECTED]>,
Rich W. <[EMAIL PROTECTED]> wrote:
> Yes, be naive and say it can never happen here. And don't think
> just because you think you're a good little citizen that they won't
> be knocking on your door at 3 am.
>
> Rich...
Yes, but you're being naive in thinking that a person can have sole
control over these systems regardless of the structures built into the
agencies. Do you believe the presidents/PMs have total control of
governmental actions? Rubbish.
Also, what you're saying is assuming you would know some nutter, in the
intelligence agencies, that had some massive vendetta against you.
Enough to bother to take the time to get the intel on you, twist it and
make a grab? Frankly I'm shaking at the prospects. *sheesh*
--
[ marcus ] [ http://www.cybergoth.cjb.net ]
[ ---- http://www.ninjakitten.net/digiboy ]
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Bryan Mongeau <[EMAIL PROTECTED]>
Subject: Re: Has anyone seen these men?
Date: Sun, 14 Jan 2001 19:31:01 GMT
Thanks, but it remains to be seen whether or not Miracl's
license coincides with the intentions of our project. I
am looking more for pure public domain libraries. Any
other suggestions?
--
<==================================>
Bryan Mongeau
Lead Developer, Director
eEvolved Real-Time Technologies Inc.
www.eevolved.com
<==================================>
"We can't solve problems by using the same kind of thinking we used when we
created them."-- Einstein
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and Linux Security
Date: 14 Jan 2001 20:44:32 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
digiboy | marcus wrote:
>The problem with this is that when you have to report on who you are
>investigating to a public/independent body you are instantly breaching
>security rendering the whole body/work useless.
That might be a problem in some cases, but I remain convinced
that we can do much, much better than what we have today.
Let me give some examples. Here are some credible allegations
that an oversight body could credibly refute without endangering
national security, yet noone has bothered to do so yet.
Allegation: US companies sometimes get the benefit of intelligence
(as a by-product of spying on our enemies) when they shouldn't.
Allegation: Despite a law which prohibits the NSA from intercepting
US communications, the NSA may have found a loophole: It may be
receiving information on US communications from its UKUSA partners,
who are not forbidden from intercepting US traffic (and it may
possibly return the favor for them in some cases).
Allegation: The NSA has asked companies to secretly weaken their
products, e.g., to give the NSA a back door. One example in this
category is the "Lew Giles" allegation; another is the allegation
that the NSA played a role in weakening the crypto in US cellphone
standards.
These are just a few examples. In these cases, the intelligence
community has not even been willing to explain their policy on whether
they think these actions would be allowed or forbidden. In one
prominent case, the NSA even refused to tell an oversight committee
in Congress (cleared for classified materials) their view on what
they consider allowed! This seems pretty hard to justify.
Are you suggesting that merely discussing policy is enough to endanger
national security? This claim was put forward in, e.g., the Clipper
debate, yet later was pretty thoroughly refuted by the NAS report.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and Linux Security
Date: 14 Jan 2001 20:47:20 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
digiboy | marcus wrote:
>The public might not appreciate
>hearing that the government are spying on foreign companies or even
>local/foreign subsidiaries (some people forget that just because it
>used to be homegrown 50 years ago doesn't mean it's still a native
>company today), but it may be more important to them than they want to
>believe.
That's ridiculous! That's called subversion of the rule of law.
In a democracy, on a public policy matter of this importance, either
you make your case to the people and convince them to remove the
restrictions on this sort of thing, or you obey the restrictions.
If this is truly what's happening in the intelligence community,
it would be one of the best arguments for radical reform that I could
imagine. I sincerely hope not.
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Re: ---- Free public domain encryption is released from EAR.
Date: Sun, 14 Jan 2001 20:39:21 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Greggy wrote:
> [snip]
> > According to these two sections, it seems clear that if someone
wishes
> > to post their strong encryption software to the web, then all they
need
> > to do is make it publicly available and notify BXA of the download
web
> > page address at the time (or before) they actually post it.
> >
> > Now I called the BXA and asked about Q&A #26 (see
> > http://www.bxa.doc.gov/Encryption/Oct2KQandAs.html). Specifically,
I
> > asked if posting is adequate for making the source publicly
available
> > or must I publish it some other way first to qualify it for posting
on
> > the internet. The person I talked to was very certain in her
answer,
> > that you can post it and that is adequate.
>
> Could you compare the current document with the one before
> the revision? If there is a change in this point, then your
> conclusion should be correct.
Where would I get a copy of the EAR before the changes?
> BTW, does anyone know definitely about the same issue
> with respect to the Wassenaar Arrangements?
I believe, and I think I said this before, that the latest changes I
described had to do more with the Bernstein case than anything else,
though BXA may point to changes in foreign markets in their attempts to
save face with respect to Dr Bernstein.
One must remember that the first amendment to the US Constitution
(which is what Bernstein relied upon) is superior to any treaty,
including the Wassenaar Arrangements. Therefore, if the EAR, which is
the set of rules for America to implement the Wassenaar Arrangements,
violates the first amendment, it must be modified to give place for the
first amendment. And like in the Bernstein case, only those who go to
court will have found in their favor that they have been harmed and a
remedy applied. Therefore, unless commercial enterprises do the same,
the courts have not ruled in their favor - yet. And no remedy exists
for them - yet.
Unfortunate for the other national leaders that wanted America to be as
draconian as they themselves are with their subjects, one of our
citizens decided not to "just get along", but to assert his
constitutionally potected right to free speech. Thank God for Dr
Bernstein!
And one more note, but this is just me speaking here. As I talked with
one person in the BXA office, one of her comments to me regarding this
change was a little odd - I sort of did not expect it. She mentioned
something to the effect that the government had to [in the sense that
it is doing so now] accept that the internet is a media pervasive in
society and must be treated more like printed materials. She did not
elude to the Bernstein case, but it is clear that this was the sort of
case that is bringing about the changes.
--
I prefer my fourth amendment rights over a dope free
society, even if the latter could actually be achieved.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and Linux Security
Date: 14 Jan 2001 21:00:16 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
digiboy | marcus wrote:
>> I've seen denials that say things like "the NSA is prohibited from
>> giving intelligence information to companies, and does not do so".
>> This is, apparently, supposed to reassure us.
>
>I'm trying to think what _could_ they do that wouldn't compromise
>security? I can't imagine an intel balance sheet.
At a minimum:
Publish a credible denial (none of this evasions nonsense).
Establish a clear policy that giving intelligence to US companies
is forbidden, even indirectly (e.g., through a White House agency),
even if only as a by-product of allowed interceptions (e.g., even
if those communications were targeted for some other reason, and then
only later discovered to also be of relevance to commercial intelligence).
Communicate this policy clearly to all NSA employees. Get buy-in
from the employee culture. Place it in employee manuals. Create
truly anonymous tip-lines for NSA employees to report violations.
Establish strict penalties and procedures for violators.
And so on.
All of the above can be performed -- and can be documented -- without
endangering national security. Assuming the allegation is wrong, that is!
In general, if there really is no funny business going on, it's not
that hard to establish a clear policy that "funny business is prohibited"
and make the case that this has been communicated to NSA employees, all
without endangering national security. This may not prevent violations,
but it's already a lot better than what we've got today.
In the meantime, as long as the intelligence community does not take
these easy steps, it is wide open to skepticism that maybe, just maybe,
its inaction is because the allegations are (at least partially) true...
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA and Linux Security
Date: 14 Jan 2001 21:06:25 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Rich W. wrote:
> Yes, be naive and say it can never happen here.
Actually, it already has happened here, to a limited extent.
SHAMROCK, MINARET, Watergate, and all that.
Read "The Puzzle Palace."
Read <http://www.wired.com/news/politics/0,1283,33026-2,00.html>.
Read <http://www.time.com/time/digital/daily/0,2822,12609,00.html>.
(Some of these are about the NSA, some about the FBI. The point is
the same. If you think this couldn't possibly ever happen, think again.)
Legal procedures may be different now, but the general
reason for concern remains much the same, as far as I can see.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: multiple anagramming?
Date: Sun, 14 Jan 2001 21:06:30 GMT
Does anyone know of any online document describing multiple anagramming?
I know that the technique was classified until a few years ago, but
surely there's something available by now.
--
Power interrupts. Uninterruptable power interrupts absolutely.
[Stolen from Vincent Seifert's web page]
------------------------------
From: "�lisabeth Konstantinou" <[EMAIL PROTECTED]>
Subject: Hilbert polynomials
Date: Sun, 14 Jan 2001 23:27:17 +0200
Hello,
Does anyone know an easy way to compute the Hilbert polynomials H in order
to create elliptic curves modulo p with discriminant D? Are there any source
codes available?
Thanks,
Betty
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NSA and Linux Security
Date: Sun, 14 Jan 2001 22:26:01 +0100
digiboy | marcus wrote:
>
> Rich W. <[EMAIL PROTECTED]> wrote:
>
> > Yes, be naive and say it can never happen here. And don't think
> > just because you think you're a good little citizen that they won't
> > be knocking on your door at 3 am.
>
> Yes, but you're being naive in thinking that a person can have sole
> control over these systems regardless of the structures built into the
> agencies. Do you believe the presidents/PMs have total control of
> governmental actions? Rubbish.
I suppose that the truth of your sentence, when applied
to any country, is conditioned on its status of democracy,
which, BTW, might vary with time, as history shows.
M. K. Shen
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Has anyone seen these men?
Date: Sun, 14 Jan 2001 21:35:31 GMT
"Bryan Mongeau" <[EMAIL PROTECTED]> wrote in message
news:V7n86.62623$[EMAIL PROTECTED]...
> Thanks, but it remains to be seen whether or not Miracl's
> license coincides with the intentions of our project. I
> am looking more for pure public domain libraries. Any
> other suggestions?
Yes, http://www.eskimo.com/~weidai/cryptlib.html
Mike Scott
> --
> <==================================>
> Bryan Mongeau
> Lead Developer, Director
> eEvolved Real-Time Technologies Inc.
> www.eevolved.com
> <==================================>
>
> "We can't solve problems by using the same kind of thinking we used when
we
> created them."-- Einstein
>
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Has anyone seen these men?
Date: Sun, 14 Jan 2001 21:41:30 GMT
"Bryan Mongeau" <[EMAIL PROTECTED]> wrote in message
news:V7n86.62623$[EMAIL PROTECTED]...
> Thanks, but it remains to be seen whether or not Miracl's
> license coincides with the intentions of our project. I
> am looking more for pure public domain libraries. Any
> other suggestions?
Yes, http://www.eskimo.com/~weidai/cryptlib.html
Mike Scott
> --
> <==================================>
> Bryan Mongeau
> Lead Developer, Director
> eEvolved Real-Time Technologies Inc.
> www.eevolved.com
> <==================================>
>
> "We can't solve problems by using the same kind of thinking we used when
we
> created them."-- Einstein
>
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Cavell Challenge #1
Date: 14 Jan 2001 21:57:23 GMT
In article <[EMAIL PROTECTED]>,
Richard Heathfield <[EMAIL PROTECTED]> wrote:
>out.
>
>It's a one-time pad. Here's the key:
>
>1C 1F 0E 1B 1E 10 16 00 15 07 05 01 15 08 1B 15
>1B 13 05 06 11 09 06 1E 08 1F 10 05 05 09 0D 11
>1E 03 07 06 04 0D 1C 12 1C 01 03 1E 17 16 05 10
>14 0B 13 0A 13 02 03 03 03 05 15 06 0A 08 02 00
>1C 0D 1B 07 00 03 0A 01 0F 1E 08 0D 0B 1B 1F 18
>18 10 1B 0F 08 06 1A 00 06 0E 1B 0B 1E 00 0C 19
>03 1F 11 00 1F 04 13 16 12 18 1E 12 0B 06 17 16
>1B 0E 06 02 16 0B 0F 05 1F 16 0F 02 16 0E 0F 01
>10 12 04 14 11 04 19 03 17 0C 08 06 10 09 09 05
>1C 07 0E 15 19 18 11 15 13 16 01 03 14 06 04 00
>00 16 0F 1F 1B 1C 11 13 03
>
>Thus, XORing each byte of the ciphertext (take ASCII value) with each
>byte of the key will reveal the plaintext.
>
>The plaintext is, therefore,
>
>1C ^ 'L'
>1F ^ 'Z'
>0E ^ 'A'
>
>etc.
>
>I won't insult your intelligence by spelling out the whole plaintext "in
>clear".
>
hahaha that's funny :-)
Scott
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
