Cryptography-Digest Digest #567, Volume #13 Sat, 27 Jan 01 07:13:00 EST
Contents:
Re: Weak DES keys/Weak Plaintexts (Benjamin Goldberg)
OOPS! (was Re: Help with algorithm needed) ("Michael Brown")
Re: Paranoia ("Michael Brown")
Re: 32768-bit cryptography, updated (Richard Heathfield)
Re: Dynamic Transposition Revisited (long) (Bryan Olson)
Re: no joke (Richard John Cavell)
Re: Mr Szopa's encryption (was Why Microsoft's Product Activation (Anthony Stephen
Szopa)
Re: Mr Szopa's encryption (was Why Microsoft's Product Activation (Anthony Stephen
Szopa)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Weak DES keys/Weak Plaintexts
Date: Sat, 27 Jan 2001 10:20:31 GMT
[EMAIL PROTECTED] wrote:
>
> I know that DES has some weak keys that make plaintext recovery easy.
>
> Q. Are there weak DES plaintext that make key recovery easier?
>
> Example: I control the plaintext, someone else does a single
> des_ecb_encrypt(), and I receive the cyphertext. Is there a
> particularly weak plaintext I could select to be encrypted to make the
> unknown key be recovered eaiser?
There are no weak plaintexts per se, but if you have a large number of
known or chosen plaintext/ciphertext pairs, you can do differential or
linear analysis, which can recover the key faster than brute force.
--
Most scientific innovations do not begin with "Eureka!" They begin with
"That's odd. I wonder why that happened?"
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: OOPS! (was Re: Help with algorithm needed)
Date: Sat, 27 Jan 2001 23:30:43 +1300
hint to wtshaw revised: remember reverse __Wallace__ tree adding scheme
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Paranoia
Date: Sat, 27 Jan 2001 23:32:21 +1300
Trust me, RSA is not secure (look in deja for my previous posts ~ 9 months
ago).
"Simon Jenkins" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have just read Stven Levy's book 'Crypto' and was again struck by the
> description of the meeting between Whitfield Diffie and James Ellis.
> Ellis' parting comment has him saying to Diffie, "You did more with it
> than we did."
>
> As an Englishman, this is an interesting phrase - it implies that GCHQ
> don't bother with RSA any more. If they were still using it, Ellis would
> have said, "You've done more with it than we have."
>
> Paranoia now sets in. If GCHQ aren't interested any more, it means they
> can break it. If they can break it, they've cracked fast factoring. My
> question is, what other uses would fast factoring have and would it be
> economically viable to keep the method secret rather than release it
> into the public domain?
>
------------------------------
Date: Sat, 27 Jan 2001 10:52:28 +0000
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: 32768-bit cryptography, updated
Matt Timmermans wrote:
>
> I remember hearing a great story about this sort of thing. It ended with
> something like "in these three envelopes, I have three attacks against your
> cipher. Pick one, read it, and come back when you've found the other two."
<grin> Perhaps these kinds of algorithms should be collected and put
into the FAQ, under a new section, "Elementary Cryptanalyis Exercises"?
My own algorithm probably qualifies for entry into such a section.
(sniff sniff)
>
> Does anybody remember the source? It should certainly be added to the FAQ.
I remember the quote but not the source. Sounds like something Bob S
would say, though.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: Dynamic Transposition Revisited (long)
Date: Sat, 27 Jan 2001 11:06:30 GMT
Matt Timmermans wrote:
> "Terry Ritter" wrote :
> > That's the part that is too cute for me: You can say you have
> > an OTP, so users think they have "mathematically proven"
> > security, and then, later, if we find out that the pad really
> > is predictable, you announce that the damage really was not
> > due to the OTP after all.
Ritter simply mis-states the result there.
> It's like saying you have Rijndael, but you left out the S-boxes.
>
> > We are discussing a security proof. If you want a security
> > proof, you need to prove the assumptions. If OTP assumes a
> > random pad, then you need to be able to prove that pad is
> > random. In reality, we cannot measure such a thing, and
> > probably cannot prove it.
>
> You don't need to prove it to anyone but your self, so you can
> base the proof on the way the key was generated, rather than
> the statistical properties of the key itself. Note -- the
> same thing is true with any cipher. If you use some black-box
> program to generate the key, you just have to trust that the
> key is unpredictable. If the key is predictable, brute-force
> attacks might suddenly become quite feasible. We have seen
> examples of this as well, but you don't use those examples to
> say that the cipher is insecure.
A good point. One of the advantages of a proof is that shows
what conditions we must meet. Low-entropy keys break every
cryptosystem there is, but this objection is most often applied
to the one-time pad. That's because the OTP theorem makes the
"given" of the proof explicit.
--Bryan
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Richard John Cavell <[EMAIL PROTECTED]>
Subject: Re: no joke
Date: Sat, 27 Jan 2001 22:40:27 +1100
On Sat, 27 Jan 2001, adam wrote:
How would you feel if someone paid you a visit? Stupid.
Anyone here live near Huntington Avenue, Richmond CA? Call his mom and
tell him to piss off for me.
=============================================================
Richard Cavell - [EMAIL PROTECTED]
Newsgroups - Please keep any discussion on the group, and copy your
replies to me via email. (Server problems). Sending me bulk email
guarantees a nasty response.
Judge Thomas Penfield Jackson on Bill Gates: "He has a Napoleonic concept
of himself and his company, an arrogance that derives from power"
=============================================================
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Mr Szopa's encryption (was Why Microsoft's Product Activation
Date: Sat, 27 Jan 2001 03:53:12 -0800
Alan Mackenzie wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote on Thu, 25 Jan 2001
> 23:49:47 -0800:
> > Taneli Huuskonen wrote:
>
> [ .... ]
>
> >> I claimed that the raw digit stream from your pseudorandom digit
> >> generator is predictable under certain conditions. I was prepared to
> >> back up my claim by predicting some digits, given a long enough sample
> >> of the output of the pseudorandom digit generator. I never got the
> >> challenge sample from you, though, so I presume you aren't contesting my
> >> claim per se, only its relevance to the strength of your encryption. I
> >> concede that you may be right, for all I know, but still, IMAO, you
> >> should address this issue on your Web site and explain your reasons for
> >> believing that the predictability of the pseudorandom digit stream
> >> doesn't weaken the encryption.
>
> >> Taneli Huuskonen
>
> [ .... ]
>
> > I already have answered your proposal over a few posts way back when.
>
> > There are certain agreed upon criteria upon which an encryption
> > scheme is to be attacked. Yours is completely different from this
> > and obviously unacceptable. This criteria is well known and is not
> > arbitrary. It is a logical set of criteria based upon real world
> > circumstance and situation.
>
> > Answer us this: where are you proposing getting the raw random digit
> > output from the random number generator to break someone's key?
>
> Well, for example, it may be possible to predict a standard prologue in
> an encrypted message, and derive some length of the encryption stream
> from it; or at least, considerably narrow the search space for the stream
> at that point. This in its turn might be sufficient to predict the
> encryption stream for the substantial part of the message.
>
> > The answer of why your suggestion doesn't weaken the encryption is
> > obvious on its face. You'll never get the raw random digit output
> > from the random digit generator. If you could, then you could
> > probably get the key, and the final OTPs as well. Why even bother
> > to attempt to break the encryption under these circumstances.
>
> Are you saying that if one has access to the raw random digits, one can
> work backwards and derive the key from them?
>
> > But let's just say somehow you did get the raw random digit output
> > from the random number generator and let's say you even got the
> > entire three MixFiles.
>
> > About 28% of the raw random digit triplets are going to be thrown out at
> > random. Then the remaining 72% or so of the triplets are going to
> > be divided to get a stream of random numbers from 0 - 255. Then these
> > several random number streams will be combined in numerous different
> > ways and finally once again when the final OTPs are generated.
>
> It is to be able to verify such assertions that people want access to the
> source code.
>
> > How are you going to get from the raw random digit output from the
> > random digit generator to the triplets that are kept to the random
> > number streams containing the numbers from 0 - 255 and then how are
> > you going to get to the final OTPs?
>
> Such a question can only be answered, if there is an answer, once the
> algorithm is known in complete detail.
>
> > If you are planning to break the encryption you cannot stop with the
> > raw random digit output or working backwards to the MixFiles. You
> > must continue forward to the final process and predetermine the final
> > OTP files.
>
> Again, it would be useful for this assertion to be checked (i.e.
> attacked) by a third party.
>
> > You haven't even come close.
>
> Is the security of this system dependant on the secrecy of the algorithm?
>
> > Your whole original premise is not thorough or logical. Ultimately,
> > it has no bearing on the breaking of OAP-L3.
>
> It would seem to me to have a substantial relevance to breaking the
> algorithm, or alternatively, to creating confidence in its security.
>
> --
> Alan Mackenzie (Munich, Germany)
> Email: [EMAIL PROTECTED]; to decode, wherever there is a repeated letter
> (like "aa"), remove one of them (leaving, say, "a").
All one need do is read the first three help files and you would have
all the information you need to answer all your questions.
This is why I posted the Help Files to begin with.
Give them a try.
You know the rules: one of them is that the attacker knows
everything about the algorithm.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Mr Szopa's encryption (was Why Microsoft's Product Activation
Date: Sat, 27 Jan 2001 03:58:04 -0800
Joseph Ashwood wrote:
>
> "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > There are certain agreed upon criteria upon which an encryption
> > scheme is to be attacked. Yours is completely different from this
> > and obviously unacceptable. This criteria is well known and is not
> > arbitrary. It is a logical set of criteria based upon real world
> > circumstance and situation.
>
> Actually you are right there are specific criteria upon which to attack a
> cipher. That criteria is amazingly simple, it is simply "Anything you can
> attack." Attempts to indicate that a person is cheating at attacking a
> cipher, is surely stupid, in this case it's something like Japan claiming
> the US cheated during WWII by using atomic weapons, it works therefore it
> justifies itself (although much like the use of atomic weaponry the decision
> is still much debated).
>
> > The answer of why your suggestion doesn't weaken the encryption is
>
> Umm, not quite. The statement that you have intimate knowledge of the entire
> state of a deterministic machine, dictates that you can compute the output,
> in this case it also means you can compute the input.
>
> [snip Szopa's continuing stupidity]
> Joe
You are mistaken.
If I give you the raw random digit output from the random number
generator, how is this your attack? I give you the raw random digits.
Where in a real life situation am I going to do this?
This is contrary to the standard rules for attacking an algorithm in
a test.
If you expect to acquire the raw random digits then please, tell us
how you are going to get them.
If you are somehow going to breach the security of my computer and
access the raw random digits this way then you are successfully
attacking the security of my computer, not my encryption software.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sat, 27 Jan 2001 04:00:15 -0800
Splaat23 wrote:
>
> An interesting question for you, Mr. Szopa, that is very relevant to
> this discussion is the following: Do you really believe that anti-
> piracy in Microsoft's or your manner can actually be successful?
>
> Because I don't, and if your "invention" doesn't work, then who really
> cares if Microsoft stole it from you or not.
>
> - Andrew
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> Just about nothing.
>
> Sent via Deja.com
> http://www.deja.com/
I will ask you what I have asked before: tell us, what is MS's goal
by implementing this anti-piracy feature?
Then I will answer your question.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sat, 27 Jan 2001 04:02:23 -0800
Splaat23 wrote:
>
> Someone needs to school you in the facts of piracy: people have been
> using "keys" for years. They are called "cd-keys", "serial numbers",
> etc. What they have never done is worked when they are not really
> protecting anything.
>
> In this case, what don't you get if your special, configuration-based
> key changes? You go down the wrong end of an "if" statement. That's it.
> Of course, it can be made more complex than that, but whatever MSFT can
> do can be reversed as well.
>
> I guess, in a way, this whole flame-war has been a result of you
> refusing to believe that your "invention", stolen my MSFT, cannot
> really work.
>
> - Andrew
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > Richard Heathfield wrote:
> > >
> > > Lord Running Clam wrote:
> > > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > >
> > > > On Fri, 26 Jan 2001, Richard Heathfield <[EMAIL PROTECTED]>
> wrote:
> > > > >Anthony Stephen Szopa wrote:
> > > > >>
> > > > >> Pointless program where to stop software piracy could increase
> > > > >> revenues by tens of billions of dollars each year? Pointless?
> > > > >
> > > > >Pretty much, yes. It's like trying to protect Pythagoras'
> Theorem.
> > > > >Counter-productive.
> > > >
> > > > Excuse me, but is this little piece from alt.security.pgp
> relevant to your
> > > > flamewar?
> > > >
> > > > http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=720256016&fmt=text
> > >
> > > Yes, indeed. I think it sums up one of the points nicely. If
> Microsoft
> > > want copy protection to actually work, they need to do it in
> hardware.
> > > That way, the cost of making a copy is likely to exceed the cost of
> > > buying one in the shops. Of course, I'm not convinced that anyone's
> > > going to buy any Microsoft hardware more complicated than a mouse,
> but
> > > that's for each user (or IT dept) to decide, of course.
> > >
> > > As for the flamewar, well, I'm not terribly interested in
> prolonging it.
> > > But 'twas mildly diverting while it lasted. :-)
> > >
> > > --
> > > Richard Heathfield
> > > "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
> > > C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> > > K&R answers, C books, etc: http://users.powernet.co.uk/eton
> >
> > You have proved you do not understand what MS is doing.
> >
> > Essentially MS is relying on hardware and software.
> >
> > They are ferreting out any and all data from your computer either
> > from software, firmware, or hardware that will uniquely identify
> > it.
> >
> > You don't have to buy or be sold any new hardware or software or
> > firmware.
> >
> > But if you do and change significantly your computers configuration,
> > which might also change the unique identification of your computer
> > then you would need a new password according to MS's anti-piracy
> > "innovation" and mine as well since MS's anti-piracy "innovation" is
> > at least partly based upon my anti-piracy invention.
> >
> > Take that, you!
> >
>
> Sent via Deja.com
> http://www.deja.com/
If it works and thwarts one potential software pirate then does
MS's anti-piracy feature work?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sat, 27 Jan 2001 04:04:27 -0800
Lord Running Clam wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 26 Jan 2001, Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
> >> Excuse me, but is this little piece from alt.security.pgp relevant to your
> >> flamewar?
> >>
> >> http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=720256016&fmt=text
>
> >Go ahead and run. Can't stand your own ground? Can't come up with
> >anything that your own mind can conceive?
>
> WTF is that supposed to mean?
>
> [WARNING: Please ensure that your flame-retardant garments are free
> from cuts and tears.]
>
> Did you read it? No. Obviously not.
>
> Because the only way you could've made yourself look more stupid,
> would have been if I was supporting your sorry case.
>
> If you don't like using the Deja archives, then you can look for the
> message on your news server. It was posted as Message-ID:
> <[EMAIL PROTECTED]>.
> I should know. I wrote it. Yesterday.
>
> You, and the other pair of idiots who found me with time to spare,
> and a sharp engineer's pencil, should all go into business together.
> I am confident it would take no time at all for the three of you to
> produce a tamperproof system, full of adverts; promoting its ease of
> use, security, and unannounced functional suspension features.
>
> The only problem is, Microsoft would sue you for copying Windows.
>
> LRC.
> - --
> The bigger the humbug, the better people will like it.
> ~ Phineas Taylor Barnum.
>
> -----BEGIN PGP SIGNATURE-----
> Version: N/A
>
> iQEVAwUBOnCv8oer+ijnZohVAQEGowf/Xs7r/eCJ517EI76pFkMjigDDhqaisYWe
> OQYz20iFrf0lZlKwVjlVmTuqjYHjkivebdsJMEcuLHPiqTIgDRIKkyCFWz7VUQL4
> mkVy5I/3QFUmRCDcJpyA2SFT7WqhXZwTayZXCilAoLcKIacoK2fABNOWqBmouaax
> 7JSEjGTYokXNoqmCOTRCCvyYlqaAZ6S/o04pWgbdTYkf1XVc9iDgoj1/J8AAQyQN
> 97/6lHpHNilnZPfeg0WD17H/iEHedJ5sW7AY6yYrmtqhAVu+bKT78rgO2SFCx+fr
> lYkj3q+hCwX5+p+CkFegsJwM80CyNIV30qlMiz+uzmNAOktBuncMtw==
> =qaSD
> -----END PGP SIGNATURE-----
I reserve the right to act stupid any time I please.
It keeps the infidels motivated.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
