Cryptography-Digest Digest #525, Volume #13 Mon, 22 Jan 01 19:13:01 EST
Contents:
Re: using AES finalists in series? (Terry Ritter)
Re: Why Microsoft's Product Activation Stinks ("Kristopher Johnson")
Re: using AES finalists in series? (Mok-Kong Shen)
Re: Some help please (Tom St Denis)
Re: Dynamic Transposition Revisited (long) (Mok-Kong Shen)
Re: using AES finalists in series? ("Joseph Ashwood")
Re: 32768-bit cryptography ("Joseph Ashwood")
Re: NSA and Linux Security ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: using AES finalists in series?
Date: Mon, 22 Jan 2001 22:05:46 GMT
On Mon, 22 Jan 2001 22:14:53 +0100, in
<[EMAIL PROTECTED]>, in sci.crypt Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>Terry Ritter wrote:
>>
>> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>>
>> >Terry Ritter wrote:
>> >>
>> >[snip]
>> >> I note that AES did not guarantee free encryption software so that all
>> >> society could use encryption; it instead removed the economic basis
>> >> for an industry of cipher *development*. It also failed to provide an
>> >> economic basis for cipher *evaluation*; the ad-hoc "please donate your
>> >> time" approach is just sad.
>> >[snip]
>> >
>> >I am confused. Isn't AES free for use by everyone in the
>> >world?
>>
>> AES the algorithm is free, and code is available. The vast,
>> overwhelming majority of users, however, cannot use that free code.
>> They will buy their crypto software, whether it be alone, part of an
>> OS, or even part of a turn-key hardware package.
>
>But if a private firm, say, Hitachi develops the same and
>wants licence for anybody to use it, in which aspects is
>the matter better?
The matter would be better for cryptography because money would be
going to a cryptographic development group. It would be accounted as
a success for the research investment, and thus would promote further
investment there and elsewhere. It would be paying for cryptographic
development as opposed to something else.
>> Imagining that the whole point of AES was to provide free cipher code
>> for the few user-programmers who could and would use it surely
>> distorts the whole idea of the project.
>
>So you mean AES is only for use by a minority and hence
>it is not worthwhile to initiate that project in the first
>place? The common people certainly wouldn't themselves do
>the implementation, just like barely any family is baking
>its own bread today. Sorry, I don't yet understand your
>point.
You obviously do not. I suggest you read it again.
>> >(Codes are available for download and there is no
>> >patent issue.) Certain governments could forbid use of
>> >encryption entirely, but that's a different issue.
>> >
>> >Whether anything (crypto or not) is good for development
>> >of economy in the society is in my view an issue really
>> >hard to gain unanimous opinions (it suffices to note
>> >how the different countries are different in economical
>> >structures) and I am certainly entirely incompetent to
>> >comment on that. However, to your last phrase, I don't yet
>> >see anything inherently wrong for anybody or any institution
>> >to say 'Please donate your time', as long as there are
>> >people ready (entirely on their free will) to donate their
>> >time, like there are people willing to donate their blood.
>> >In fact, I suppose many mathematicians who publish are
>> >idealists and donate their time for free in doing their
>> >researches for the advancement of science.
>>
>> I think there *is* something wrong with "please donate your xxxx,"
>> specifically because it *was* the government which did this. We have
>> an economy for a reason; the government *buys* the infrastructure
>> society wants, it does not need to beg.
>
>I see you want the government offer the winner of AES
>a few million dollars, so as to ensure that the algorithm
>is good. Is that your point?
Clearly not. I think every new cipher of worth should be patented,
with the success of the cipher leading to appropriate profit. Or not.
>Even if NIST offers, say,
>5 millions. It is conceivable that there comes some
>Mr. X, complaining that he couldn't participate because
>that price is much too low to cover his development cost.
So don't do that.
>Where should one draw a line of division? The fact that
>there were designers of good names responding to NIST's
>call shows that the price being offered, namely 0 dollars,
>was not too low in this case. Note also that other countries
>than the US, some very poor and also those not in friendly
>relation to US, are profited from getting something free.
Right. Everyone who uses a cipher as a resource -- and who thus gets
that resource for free -- does indeed profit more than they would
otherwise.
We could do the same thing with all software -- but we don't. Why
not? Presumably because we believe that the ownership of private
property -- including software -- operates to compensate those who
give us what we want to buy. AES did not do that.
>> The result was ciphers only from among those who wished to donate,
>> which reduced the field from among which a winner was chosen for all
>> society. Even worse was contributed time and analysis with little or
>> no overall coordination among the various contributors. The ad hoc
>> approach is just more likely to waste contributed time than to use it
>> effectively.
>>
>> This is a modern, technical society. Many people know how to build
>> complex things and make them work. The way to do this is not by
>> haphazard testing, but by a well-regulated, well-documented
>> comprehensive program of analysis. And while that would not catch
>> everything, it does tend to catch things that otherwise might "slip
>> through the cracks."
>
>In which way do you think that AES project has been
>conducted poorly, carelessly or whatever? I don't remember
>you have said that in the group before during the time
>AES contest was running.
NIST was responsible for AES, not me. When I was not allowed even to
compete my technology, I was out. I had no desire to analyze the AES
project or any of the ciphers involved, and did not.
But project development, per se, is not rocket science. Many people
understand how to build large complex things. We don't launch a
rocket by asking contractors to contribute their time testing whatever
about it they want to test. Allowing software guys to test whatever
they want without assuring full coverage and accountability is the
wrong way to build software. So why is that the right way to build a
secure cipher for all society?
>Do you perhaps think it would be
>more preferable to authorize, say, a certain Mr. Gates to
>do it?
I would not have selected Gates, but there should have been some
project manager, yes. Funds should have been made available to
support comprehensive analysis and testing under the control of a
central authority, with full published logs of all attempts,
approaches, and results. It is most important to be able to see what
has not been done. Some part of this could be done without funds,
based on moral authority alone, but I was out, and I have no idea
whether it was or not. My guess is not.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: "Kristopher Johnson" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Mon, 22 Jan 2001 22:48:17 GMT
I'm no Microsoft fan, but I have to admit that installing Windows 2000 was
the easiest thing I've ever done. Just put the CD in, turn on the machine,
let it install, reboot, and everything worked perfectly.
On the other hand, I've been configuring device drivers with Debian for
about 18 months. I've almost got it working...
-- Kris
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Linux is EASIER to install than windows.
>
> Boot up the install program...it installs ALL of your hardware drivers
> in one pass...AND about 1,500 applications.
>
> all that with ONE reboot.
>
> Doing the equivalent on Windows would take you over a month.
>
> G: Knackos...you're a retard.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: using AES finalists in series?
Date: Tue, 23 Jan 2001 00:22:08 +0100
Terry Ritter wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >>
> >> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
> >>
> >> >Terry Ritter wrote:
> >> >>
> >> >[snip]
> >> >> I note that AES did not guarantee free encryption software so that all
> >> >> society could use encryption; it instead removed the economic basis
> >> >> for an industry of cipher *development*. It also failed to provide an
> >> >> economic basis for cipher *evaluation*; the ad-hoc "please donate your
> >> >> time" approach is just sad.
> >> >[snip]
> >> >
> >> >I am confused. Isn't AES free for use by everyone in the
> >> >world?
> >>
> >> AES the algorithm is free, and code is available. The vast,
> >> overwhelming majority of users, however, cannot use that free code.
> >> They will buy their crypto software, whether it be alone, part of an
> >> OS, or even part of a turn-key hardware package.
> >
> >But if a private firm, say, Hitachi develops the same and
> >wants licence for anybody to use it, in which aspects is
> >the matter better?
>
> The matter would be better for cryptography because money would be
> going to a cryptographic development group. It would be accounted as
> a success for the research investment, and thus would promote further
> investment there and elsewhere. It would be paying for cryptographic
> development as opposed to something else.
For you (in case you win) and your employees, for sure.
But you would charge license fees, don't you? If I want
to use the algorithm, I would have to pay. For AES,
I don't have to pay. That's the difference. Certainly
all merchants want to sell at as high a price as possible
but the consumers want to buy at as low a price as
possible. So there are always different viewpoints. One
can't say the one is right and the other is wrong. In
other words the question of right/wrong is in such cases
senseless.
The designeers of the submissions were all doing developments
in the contest. Do you mean developments are better to be in
hands of industry than in universities? But then MARS, for
example, was from IBM.
>
> >> Imagining that the whole point of AES was to provide free cipher code
> >> for the few user-programmers who could and would use it surely
> >> distorts the whole idea of the project.
> >
> >So you mean AES is only for use by a minority and hence
> >it is not worthwhile to initiate that project in the first
> >place? The common people certainly wouldn't themselves do
> >the implementation, just like barely any family is baking
> >its own bread today. Sorry, I don't yet understand your
> >point.
>
> You obviously do not. I suggest you read it again.
I don't understand, because I simply don't see where is the
'distortion' (of what idea) that you claimed.
> >> >(Codes are available for download and there is no
> >> >patent issue.) Certain governments could forbid use of
> >> >encryption entirely, but that's a different issue.
> >> >
> >> >Whether anything (crypto or not) is good for development
> >> >of economy in the society is in my view an issue really
> >> >hard to gain unanimous opinions (it suffices to note
> >> >how the different countries are different in economical
> >> >structures) and I am certainly entirely incompetent to
> >> >comment on that. However, to your last phrase, I don't yet
> >> >see anything inherently wrong for anybody or any institution
> >> >to say 'Please donate your time', as long as there are
> >> >people ready (entirely on their free will) to donate their
> >> >time, like there are people willing to donate their blood.
> >> >In fact, I suppose many mathematicians who publish are
> >> >idealists and donate their time for free in doing their
> >> >researches for the advancement of science.
> >>
> >> I think there *is* something wrong with "please donate your xxxx,"
> >> specifically because it *was* the government which did this. We have
> >> an economy for a reason; the government *buys* the infrastructure
> >> society wants, it does not need to beg.
> >
> >I see you want the government offer the winner of AES
> >a few million dollars, so as to ensure that the algorithm
> >is good. Is that your point?
>
> Clearly not. I think every new cipher of worth should be patented,
> with the success of the cipher leading to appropriate profit. Or not.
This thinking might be 'natural' to a person making money out
of patents but is very odd to the common people, I believe.
By similar logic one could claim that every new mathematical
theorem of worth should be patented.
>
> >Even if NIST offers, say,
> >5 millions. It is conceivable that there comes some
> >Mr. X, complaining that he couldn't participate because
> >that price is much too low to cover his development cost.
>
> So don't do that.
In fact (very fortunately) they didn't do that.
>
> >Where should one draw a line of division? The fact that
> >there were designers of good names responding to NIST's
> >call shows that the price being offered, namely 0 dollars,
> >was not too low in this case. Note also that other countries
> >than the US, some very poor and also those not in friendly
> >relation to US, are profited from getting something free.
>
> Right. Everyone who uses a cipher as a resource -- and who thus gets
> that resource for free -- does indeed profit more than they would
> otherwise.
>
> We could do the same thing with all software -- but we don't. Why
> not? Presumably because we believe that the ownership of private
> property -- including software -- operates to compensate those who
> give us what we want to buy. AES did not do that.
Many people offer software for free. GNU software are free
and even I offer my (humble) software for free. Nobody
says you shouldn't charge for your software. But what's
wrong if others offer their software for free? (Simply
because you would earn less?) BTW, the absolute majority
of posters in this group present their ideas for free,
without any view on monetary matters, I believe. (Whether
these ideas are all good in your view or according to other
evaluations is another matter.)
>
> >> The result was ciphers only from among those who wished to donate,
> >> which reduced the field from among which a winner was chosen for all
> >> society. Even worse was contributed time and analysis with little or
> >> no overall coordination among the various contributors. The ad hoc
> >> approach is just more likely to waste contributed time than to use it
> >> effectively.
> >>
> >> This is a modern, technical society. Many people know how to build
> >> complex things and make them work. The way to do this is not by
> >> haphazard testing, but by a well-regulated, well-documented
> >> comprehensive program of analysis. And while that would not catch
> >> everything, it does tend to catch things that otherwise might "slip
> >> through the cracks."
> >
> >In which way do you think that AES project has been
> >conducted poorly, carelessly or whatever? I don't remember
> >you have said that in the group before during the time
> >AES contest was running.
>
> NIST was responsible for AES, not me. When I was not allowed even to
> compete my technology, I was out. I had no desire to analyze the AES
> project or any of the ciphers involved, and did not.
>
> But project development, per se, is not rocket science. Many people
> understand how to build large complex things. We don't launch a
> rocket by asking contractors to contribute their time testing whatever
> about it they want to test. Allowing software guys to test whatever
> they want without assuring full coverage and accountability is the
> wrong way to build software. So why is that the right way to build a
> secure cipher for all society?
In the modern society there is always competition. If you
are strong, you win, otherwise you are out. This is natural
isn't it? Should a government take every care that a certain
Mr. X's business is always good? (There would then be
millions and millions of such Mr. X to be taken care of.)
>
> >Do you perhaps think it would be
> >more preferable to authorize, say, a certain Mr. Gates to
> >do it?
>
> I would not have selected Gates, but there should have been some
> project manager, yes. Funds should have been made available to
> support comprehensive analysis and testing under the control of a
> central authority, with full published logs of all attempts,
> approaches, and results. It is most important to be able to see what
> has not been done. Some part of this could be done without funds,
> based on moral authority alone, but I was out, and I have no idea
> whether it was or not. My guess is not.
So you main point seems to be that NIST had to supply
to you an attractive fund so that you were in. Whether
hundereds of others (who also wanted to be in) were out
is entirely another matter. Do I understand you correctly?
Otherwise how would NIST manage to let all the others also
in, in order to avoid these all complaining as you do now?
M. K. Shen
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Some help please
Date: Mon, 22 Jan 2001 23:18:21 GMT
In article <94ia0o$ppo$[EMAIL PROTECTED]>,
"Todd Luther" <[EMAIL PROTECTED]> wrote:
> I received this following msg, I believe it is using some simple
> monoalphabetic cipher, but I am lacking time and expertise to decrypt
> it....anyone have any ideas and if so can you please send me a reply as soon
> as possible to [EMAIL PROTECTED]
>
> Thanks!
>
> zyvikvzrklodsm celcdsdedsyx
>
> Everything I come up with comes up with a bad code....the d is the most
> frequent used, but it doesnt make sense.
Do you even know what method to use? I won't do the code for you, but I can
help point things out.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Tue, 23 Jan 2001 00:37:02 +0100
Terry Ritter wrote:
>
> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
>
> >Terry Ritter wrote:
> >>
> >> Mok-Kong Shen<[EMAIL PROTECTED]> wrote:
> >>
> >> >Terry Ritter wrote:
> >> >>
> >> >[snip]
> >> >
> >> >> Dynamic Substitution is the idea of enciphering data through a keyed
> >> >> Simple Substitution table, and then changing the contents of that
> >> >> table. When a character is enciphered through a table, that
> >> >> particular table transformation may be exposed. We can prevent that
> >> >> by changing the just-used table entry to some entry in the table (even
> >> >> itself), selected at pseudo-random. We thus get a state-based,
> >> >> dynamic, combiner of data and RNG confusion, which is nonlinear and
> >> >> yet reversible. Dynamic Substitution is a stream cipher combiner.
> >> >
> >> >In a recent article ('Another poorman's cipher', 15th Jan)
> >> >I mentioned that the common way of employing a PRNG's
> >> >output as key to address a polyalphabetical substitution
> >> >table leads one to consider a fairly computing intensive,
> >> >though very simple to implement, special case where the
> >> >substitution table consists of one single column only and
> >> >that column is newly generated for each input charater
> >> >to be encrypted. Is you scheme virtually the same? (From
> >> >your description it seems that you keep a large but fixed
> >> >table.) Thanks.
> >>
> >> I believe that would be covered by my patent, yes.
> >
> >When was your patent issued? Could you tell? I am
> >anyway quite surprised that your patent seems to be about
> >of the same nature as Hitachi's rotation patent.
>
> While I suppose I should be heartened for my work to get any attention
> at all, this has been on my web pages for years, which just seems more
> sad than anything else. Here it is:
>
> http://www.io.com/~ritter/#DynSubTech
> http://www.io.com/~ritter/PATS/DYNSBPAT.HTM
> http://www.io.com/~ritter/PATS/DYNSBPAT.HTM#Claims
>
> "I claim as my invention:
>
> 1. A mechanism for combining a first data source and a second data
> source into result data, including:
>
> (a) substitution means for translating values from said first
> data source into said result data or substitute values, and
>
> (b) change means, at least responsive to some aspect of said
> second data source, for permuting or re-arranging a plurality of the
> translations or substitute values within said substitution means,
> potentially after every substitution operation."
>
> The "second data source" is usually the confusion stream.
I presume that you don't have an EU or German patent on
that. So I can continue to have that kind of substitution
in my cipher WEAK3-E.
BTW, honestly I never considered my dynamic update of tables
to be anything novel. It was not in the predecesor WEAK3
but added into WEAK3-E as one of the little bit add-ons to
complicate the job of the opponent. I listed as one of the
differences between the two versions the following:
(see http://home.t-online.de/home/mok-kong.shen/#paper12)
3. After processing a user-specified number of records,
all tables used in the algorithm will be refreshed,
i.e. generated anew using the compound PRNG. This
provides additional stuffs for the analyst to deal
with.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: using AES finalists in series?
Date: Mon, 22 Jan 2001 15:25:19 -0800
"John Myre" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> it's false economy to try to derive all of
> that key material from some "small" base (e.g. 128 bits),
> because there is no reason to trust the derivation that
> much?
It's a not as subtle problem as that. If you are given 128 bits of entropy,
you can manage only 128-bit security. This rule applies no matter how many
deterministic operations you perform to get different keys. When you chain
the AES finalists, you are attempting to get 5*128-bit security, at a
minimum. Because of that you will need at least 5*128 bits of entropy to get
that level of security.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: 32768-bit cryptography
Date: Mon, 22 Jan 2001 15:32:23 -0800
"lemaymd" <[EMAIL PROTECTED]> wrote in message
news:94i87e$d0e$[EMAIL PROTECTED]...
> How does this algorithm look? Eight identical rounds are performed on
> each byte and each key value is rotated to the left one position after
each
> round.
>
> C[I] =
>
(((((((((K1[I]^P[I])+K2[I])>>>K3[I])^K2[I])+K1[I])>>>K2[I])^K3[I])+K3[I])>>>
> K1[I])
>
> K1, K2 and K3 are key derived values and the symbols use the conventions
you
> listed in your post.
>
> In the rotation operations the 5 lsbits of the key values are used.
Simplifying, because this is written as a stream cipher, and because as was
noted Kx cycles every 4096, it is obviously a Vigenere cipher that happens
to be written rather obfuscated. The final rotation is cryptographically
useless, in fact every rotation is in a stream cipher recombination. That
leaves the discovery of two streams that are effectively added and XORd to
the plaintext stream. I give it 4 blocks before it's broken. Given
known-plaintext it won't last even that long.. Additionally if one wants to
just completely annihilate this the quick and dirty way, the space needed to
same the entire table for a given key is only 3^32*4096 bits, that's doable.
Joe
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: NSA and Linux Security
Date: Mon, 22 Jan 2001 23:46:48 GMT
In article <94e241$uk2$[EMAIL PROTECTED]>,
Greggy <[EMAIL PROTECTED]> wrote:
> > Even if the emergency declared in
> > 1933 has not been officially ended, is there any evidence that the
> > extraordinary powers thereby granted have, in fact, been used?
>
> Have you seen the gold fringe on an American flag in court rooms?
Just another example of the idiotic delusions spewing forth from Greggy.
Defendant Greenstreet's response to Plaintiff's motion for summary
judgment identifies this Court as an "Admiralty Court" without
further discussing his allegation. If his reference is to be
construed as a jurisdictional challenge, his motion is denied.
Others have attempted to persuade the judiciary that fringe on an
American flag denotes a court of admiralty. In light of the fact
that this Court has such a flag in its courtroom, the issue is
addressed. The concept behind the theory the proponent asserts is
that if a courtroom is adorned with a flag which happens to be
fringed around the edges, such decor indicates that the court
is one of admiralty jurisdiction exclusively. To think that
a fringed flag adorning the courtroom somehow limits this Court's
jurisdiction is frivolous. See Vella v. McCammon, 671 F.Supp. 1128,
1129 (S.D.Tex.1987) (describing petitioner's claim that court lacked
jurisdiction because flag was fringed as "without merit" and
"totally frivolous"). Unfortunately for Defendant Greenstreet, decor
is not a determinant for jurisdiction.
U.S. v. Greenstreet, 912 F.Supp. 224, N.D. Texas, jan. 18, 1996.
> Jol Silversmith - I wasn't there so I cannot say why no one
> protested within the Virginian legislature that day in 1819
> not to include the 13th amendment in their publications, or to
> require all 21 states to ratify the same. But I am absolutely
> certain I know more than they did back then what was really
> going on all around them. Boy, I'm good!
Greggy - I wasn't there and never cite any evidence so I cannot say why I
know that the inclusion of an unratified amendment in a compilation of
state law only could have been an attempt to ratify it, or why I know
that 19th century legislators were infallible, much less why I lie about
whether the authenticity of the "missing 13th amendment" was ever
questioned. But I am absolutely certain that I know more than anyone who
has actually researched the subject. Boy I'm good!
And Greggy, you still haven't said if you still such a kook as to believe
that the "missing 13th amendment"
"if it was truly ratified, then the Honorable William Jeferson
Clinton cannot be president, that every congressman and
senator (who also hold the title, the Honorable- see their
letter heads) are not allowed to hold office, and every judge
and lawyer cannot operate in the US."
--Greggy, 12/19/99
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
