Cryptography-Digest Digest #584, Volume #13 Mon, 29 Jan 01 04:13:00 EST
Contents:
Re: Windows encryption: API and file system (wtshaw)
Re: Why Microsoft's Product Activation Stinks (wtshaw)
Re: Generating RSA Keys (Glide)
Re: Primality Test (John Savard)
Re: Dynamic Transposition Revisited (long) (John Savard)
Re: 1x-2x-3x coding (was Re: OOPS! ) (wtshaw)
security of cd-rw erasure? (Paul Rubin)
"Some Pointed Questions Concerning Asymptotic Lower Bounds" (David A Molnar)
JUNIPER and BATON (Markku-Juhani Saarinen)
Re: RSA Source code ("Ryan Phillips")
Re: what was the problem with E2 ? ("kihdip")
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Modes of operation effort ("kihdip")
Re: Mr Szopa's encryption (was Why Microsoft's Product Activation (Anthony Stephen
Szopa)
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Primality Test (Bob Deblier)
Security of FirstClass Software ([EMAIL PROTECTED])
Security of Centrinity's FirstClass Product ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Windows encryption: API and file system
Date: Sun, 28 Jan 2001 23:02:35 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> Writing a temporary file is done out of a desire to be able to
> recover the data if the encryption process is interrupted by some
> fatal error.
How commonly do you face that?
>
> Even on today's big NT machines you can't rely on being able to store
> the whole of a disk file in physical memory at one time while you
> encrypt it.
>
Surely you have big files or wasteful programs/system. You did say
NT...well, that is surely one of your problems.
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sun, 28 Jan 2001 23:09:36 -0600
In article <[EMAIL PROTECTED]>, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
> So why did they not hire software engineers and pay them to develope
> a first rate OS to compete with MS's?
>
The high ground in system development is taken, and it's not with MS.
> I say the reason was fear. And look where it got them. As it
> turned out, they really had nothing to lose but they didn't even
> try.
I'd say that things are not settled yet.
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: [EMAIL PROTECTED] (Glide)
Subject: Re: Generating RSA Keys
Date: Mon, 29 Jan 2001 05:29:54 GMT
Would you share where you obtained a Big Number package for VB?
Thanks.
On Sat, 27 Jan 2001 22:17:44 GMT, "Adam Smith" <[EMAIL PROTECTED]>
wrote:
>Hello! This is sort of an extension from my quest for RSA implementation in
>VB, but on a different note than my last message. I got an excellent big
>number package for VB, and have implemented a signature scheme pretty well,
>or at least it works with the small numbers that I have.
>
>I need to know how to generate LARGE (512+ bit) RSA keypairs. I know the
>algorithm, but not really sure how I can computer D without brute forcing
>it...anyone know where I can get this stuff?
>
>Thanks!
>Adam Smith
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Primality Test
Date: Mon, 29 Jan 2001 05:39:13 GMT
On Sun, 28 Jan 2001 20:56:36 GMT, "Adam Smith" <[EMAIL PROTECTED]>
wrote, in part:
>Any tips on generating 512 bit prime numbers?
Are you making use of certain trivial optimizations, such as making
sure that you only generate numbers with one of the applicable values
modulo, say, 210? (210 = 2 * 3 * 5 * 7)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dynamic Transposition Revisited (long)
Date: Mon, 29 Jan 2001 05:36:22 GMT
On Sat, 27 Jan 2001 22:42:46 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
in part:
>On Sat, 27 Jan 2001 13:18:29 GMT, in
><[EMAIL PROTECTED]>, in sci.crypt
>[EMAIL PROTECTED] (John Savard) wrote:
>>Because, whether or
>>not that is his intention, it makes it sound as if he is worried about
>>the NSA having a cryptanalytic attack which enables them to predict
>>the roll of a die or the flip of a coin.
>If that's what it sounds like to you, then you aren't listening. In
>fact, it seems to me that there is a lot of not listening on purpose.
>The OTP issue is not security in practice but "proof of strength."
>Perhaps you can even bring yourself to recall that I have said that
>various techniques could be used to build pads which could be very
>strong in practice, but there could be no *proof* of that. Does that
>ring a bell, or shall I quote past messages in elaborate depth?
I am glad to hear that the negative impression I have had is mistaken.
But that impression is a natural one to come to, if one encounters
statements of the lack of provability of 'real-world' OTPs that are
sufficiently emphatic to give the impression that what is meant is
they aren't really any good. When reminding people of basic facts that
are usually ignored, despite being acknowledged, it is possible, and
it is important, not to sound as though one is being terribly
unorthodox: even Stephen Jay Gould has made this mistake once or
twice.
While I don't feel that Dynamic Transposition, although it is of merit
and interest, is actually successful in addressing the provability
issue - and nor is the Galois Field notion that I mentioned again in a
reply to a post by Benjamin Goldberg - and, in fact, I tend to feel
that the provability issue is fundamentally incapable of being
addressed by efforts in that direction - if the provability issue
inspires you to develop interesting ciphers, fine.
My concern is that you appear to me to be making claims that with
Dynamic Transposition you have in fact achieved some demonstrable
success with respect to the provability issue, and that these claims
do not appear to me to be convincing.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: 1x-2x-3x coding (was Re: OOPS! )
Date: Sun, 28 Jan 2001 23:13:58 -0600
In article <%KSc6.1876$[EMAIL PROTECTED]>, "Michael Brown"
<[EMAIL PROTECTED]> wrote:
> I take it you don't remember then :)
I guess not. I don't mind a word to jog my memory, or maybe it was one of
those posts that I missed.
--
Some people say what they think will impress you, but ultimately
do as they please. If their past shows this, don't expect a change.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.comp.periphs.cdr
Subject: security of cd-rw erasure?
Date: 28 Jan 2001 21:53:49 -0800
Anyone know if it's possible to recover any info from a cd-rw disc
after it's been reformatted? Is there some way to look at the actual
bits under a conventional microscope, or do you need infrared?
Yeah, this is OT for sci.crypt, but I figure some of the right people to
ask might be here.
Thanks.
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: "Some Pointed Questions Concerning Asymptotic Lower Bounds"
Date: 29 Jan 2001 06:09:08 GMT
Given the number of times skepticism about asymptotic bounds comes up on
sci.crypt, this issue of the "Computational Complexity Column" might be of
interest:
Some pointed questions concerning asymptotic lower bounds
by Eric Allender (with a report by Jack Lutz)
http://external.nj.nec.com/homepages/fortnow/beatcs/column62.ps
Note that Bellare and Rogaway's "exact security" can be seen as recovering
exact results from theorems previously stated asymptotically.
thanks,
-David
------------------------------
From: Markku-Juhani Saarinen <[EMAIL PROTECTED]>
Subject: JUNIPER and BATON
Date: Mon, 29 Jan 2001 06:39:53 +0000 (UTC)
Hi,
Does anyone have any details on the usage and origin of the
JUNIPER and BATON encryption algorithms ?
These just popped up (alongside CAST, KEA etc) while I was
examining a crypto library from a vendor traditionally associated
with the governments of the english-speaking world.
Cheers,
- mj
Markku-Juhani O. Saarinen <[EMAIL PROTECTED]> University of Jyv�skyl�, Finland
------------------------------
From: "Ryan Phillips" <[EMAIL PROTECTED]>
Subject: Re: RSA Source code
Date: Sun, 28 Jan 2001 23:08:10 -0800
Check out the Crypto++ public domain library. Real nice... www.cryptopp.com
-Ryan
"Adam Smith" <[EMAIL PROTECTED]> wrote in message
news:Cooc6.2631$[EMAIL PROTECTED]...
> I'm looking for RSA source code in C/C++/MFC...anyone know where I can
find
> it? I need at least 512 bits...DH/DSS would work also...
>
> any tips?
>
> Thanks!
> Adam Smith
>
>
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Re: what was the problem with E2 ?
Date: Mon, 29 Jan 2001 08:52:37 +0100
Susan Landau wrote an article concerning the AES effort.
(NOTICES OF THE AMS VOLUME 47, NUMBER 4 - APRIL 2000: Communications
Security for the Twenty-first Century: The Advanced Encryption Standard)
In this she points out that the five candidates were widely accepted, along
with some support for E2.
But: "...E2 was similar to Rijndael and Twofish but slower and was not
implementable on low-end smart cards - E2 uses too much RAM, and it lost
out..."
This seems like a valid reason for not including E2 among the finalists.
Kim
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sun, 28 Jan 2001 23:51:06 -0800
wtshaw wrote:
>
> In article <[EMAIL PROTECTED]>, Anthony Stephen Szopa
> <[EMAIL PROTECTED]> wrote:
>
> > So why did they not hire software engineers and pay them to develope
> > a first rate OS to compete with MS's?
> >
> The high ground in system development is taken, and it's not with MS.
>
> > I say the reason was fear. And look where it got them. As it
> > turned out, they really had nothing to lose but they didn't even
> > try.
>
> I'd say that things are not settled yet.
> --
> Some people say what they think will impress you, but ultimately
> do as they please. If their past shows this, don't expect a change.
I like your sense of humor.
Bill Gates is worth nearly a hundred billion dollars and you can say
things are not settled yet.
Ha ha ha.
------------------------------
From: "kihdip" <[EMAIL PROTECTED]>
Subject: Modes of operation effort
Date: Mon, 29 Jan 2001 08:58:50 +0100
As ECB, CFB, OFB and CBC modes were appended along with the DES standard,
NIST opens a new effort following the AES effort:
NIST has announced its plans for the Modes of Operation effort. Information
is available at http://www.nist.gov/modes.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Mr Szopa's encryption (was Why Microsoft's Product Activation
Date: Sun, 28 Jan 2001 23:55:20 -0800
Taneli Huuskonen wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In <[EMAIL PROTECTED]> Anthony Stephen Szopa
> <[EMAIL PROTECTED]> writes:
>
> [...]
>
> >Answer us this: where are you proposing getting the raw random digit
> >output from the random number generator to break someone's key?
>
> In three steps:
>
> 1. Assume the cryptanalyst has enough known plaintext. For instance,
> the encrypted file might be a backup archive of a hard disk containing
> mainly publicly readable files. This yields a large amount of known
> bytes in the pseudo-OTP.
>
> 2. Assume the cryptanalyst can guess _part_ of the key - the part
> that describes how the raw pseudorandom bytes are shuffled after they've
> been generated. This could well happen, if the user had originally
> planned to generate, say, 2000 bits' worth of random numbers by shaking
> beans out of a bottle, but gave up after only 1000 bits. This is
> against your recommendations, but you don't stress the point and you
> don't give any reasons.
>
> Now, the cryptanalyst can reconstruct large parts of the pseudorandom
> byte stream, but as you point out, this isn't enough.
>
> 3. I hinted at this, but didn't really make it explicit before. You
> don't actually need a large number of the pseudorandom digits to be able
> to predict some others. You just need to have a couple dozen digits,
> but they have to be from the right positions. Hence, guessing which
> position in the digit stream corresponds to a given position in the byte
> stream would be enough. Then, you'd usually know two digits for each
> byte and have a good idea of what the third one might be. Repeating
> this guess for several consecutive bytes in three or four different
> (and quite widely spaced) places may or may not be possible with
> today's computers, for all I know.
>
> I've no real information on the feasibility of Step 3; I'm not
> knowledgeable enough in cryptology even to estimate the amount of
> computing power required. However, if it can be done, then preventing
> the adversary from taking Step 2 is crucial. Moreover, if you can't
> _prove_ that Step 3 is impossible, then you should absolutely stress the
> importance of thoroughly shuffling the pseudorandom bytes after their
> generation, and explain why, in the documentation of your programme.
>
> Taneli Huuskonen
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.0i for non-commercial use
> Charset: noconv
>
> iQA/AwUBOnTjfl+t0CYLfLaVEQLacACeP2dcZJWyPBVXElMiPD7FevpV854AoPpS
> 9ju+3sTVDcD8uUmnz2KAy+oo
> =DwLy
> -----END PGP SIGNATURE-----
> --
> I don't | All messages will be PGP signed, | Fight for your right to
> speak for | encrypted mail preferred. Keys: | use sealed envelopes.
> the Uni. | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
The rules state that the cracker has enough plain text / cipher text
such that to have any more won't make any difference.
You have not or cannot support or justify your 2. assumption.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Mon, 29 Jan 2001 00:10:22 -0800
Bill Unruh wrote:
>
> In <[EMAIL PROTECTED]> Anthony Stephen Szopa <[EMAIL PROTECTED]>
>writes:
>
> >Their is a certain level at which MS's anti-piracy "innovation" will
> >be worth it. I think the break even will be if MS stops as little
> >as one or two percent of its OS piracy. And I think their scheme
> >will accomplish this and much more.
>
> Actually no. This is the typical response of bureaucrats-- if something
> bad happens, insitutute procedures to stop it from happening. Thus if
> pilfering of supplies from the storeroom occurs, hire someone to man the
> storeroom. While it may lower pilfering, the cost of the salary etc of
> the stores man is rarely counted in. Nor is the additional inefficiency
> to the organisation, as people are put to inconvenience.
>
> The industry likes to parade those unpaid for licenses as losses.
> Unfortunately at the boundary where they are operating as many people
> just barely are willing to pay as do not pay. thus these additional
> pains that this procedure drives the consumer to will tip many over into
> not bothering, as well as getting some of those who do not pay to pay.
>
> And get a bunch to say-- shit, lets look at this Linux thing.
> This is especially true since a lot of what they make money on these
> days are upgrades-- Win95->98->2000/me, Office 6->7->8->2000->??
> All it takes is for a few to say forget it to loose all they gain.
>
> >I think it is a no brainer that MS will do all it can to protect
> >its revenue and power and will forcefully attempt to thwart any
> >competition for another anti-piracy scheme even if it is obviously
> >better.
>
> ??? They make no money off the antipiracy scheme itself. I do not see
> how they can control the market for antipiracy schemes.
I think you are looking backwards and are not able to see where we
are and where we will be in the near future.
Processing speeds are going through the roof. Register and bus
widths are also expanding dramatically.
The demand and desire to utilize this bandwidth efficiently and to
its fullest potential is relentless.
If Whistler, compiled for 64 bit machines is a great product people
will want it badly. The same is true for other 64 bit compiled
major software applications.
If people want or need or must have bigger and better and there is
a premium placed on this technology in the form of associated
anti-piracy implementations then people will accept that.
MS and the Industry in general are in a great bargaining position.
If you don't want a 64 bit operating system then don't buy it and
run Windows 98 or ME on your Pentium IV computer. And when Pentium
V comes out at 128 bits keep on using your Windows 98 32 bit OS.
If the Industry sticks together on this people will cooperate. I
would just like to see software prices come down as a result.
Even the stockholders of these companies want to have this anti-
piracy feature implemented.
Obviously most pirates and jealous and fearful people don't because
it will give that much more control to BG and the Industry.
But I believe it will happen nevertheless.
------------------------------
From: Bob Deblier <[EMAIL PROTECTED]>
Subject: Re: Primality Test
Date: Mon, 29 Jan 2001 09:19:12 +0100
Tom St Denis wrote:
> Follow these steps, they're simple but can save trouble
>
> 1. Make sure you set the msb and lsb of the number to force it to be the
> right size and to force it odd (even numbers are not prime except for 2).
>
> 2. Try dividing by the first 1000 small primes. This rules out about 90%
> of all numbers you try.
>
> 3. Then perform 5 or more rounds of RM.
>
> After that you should be sure it's most likely prime. The second step is
> crucial since it filters out ALOT of numbers before you get to the long
> steps.
>
> Tom
Instead of using step 2, you can also do something a little smarter and
faster, which is take the product of the N first primes (greater than 2)
and compute the GCD of the that number and your prime candidate. If the GCD
is 1 the candidate passes on to step 3. Anything else means you discard it.
This way you avoid having to do long divisions and test a whole bunch of
small primes in one operation.
Bob Deblier
Virtual Unlimited
------------------------------
From: [EMAIL PROTECTED]
Subject: Security of FirstClass Software
Date: Mon, 29 Jan 2001 08:44:12 GMT
Hi
I have a message from Centrinity Ltd. (formerly
SoftArc) below:
========================
On 19 Apr 00, Aoife Kelly wrote:
> Because of the security issues we do not
discuss the encryption that is
> built into FCIS in detail however I can tell
you that the encryption type
> used is not block cipher but stream cipher and
that Centrinity uses a
> proprietary key stream generator, comparable in
strength to RSA's RC4
> Stream Cipher keystream.
>
> Regards
> Aoife Kelly,
> International Customer Support,
> Centrinity Ltd. (formerly SoftArc)
============================
I think this means it is like SSL as used by
https sites? FC used to have only 40bit keys due
to the US export restrictions etc. and these days
512 is no longer so good. 'We do not discuss'
sounds like snakeoil to me - Is there ANYONE out
there who can re-assure me (or warn me!)
I really appreciate your help in this
CJ
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Security of Centrinity's FirstClass Product
Date: Mon, 29 Jan 2001 08:49:57 GMT
Hi
Can someone please HELP ME
I have a message from Centrinity Ltd. (formerly SoftArc) below:
========================
On 19 Apr 00, Aoife Kelly wrote:
> Because of the security issues we do not discuss the encryption that
is
> built into FCIS in detail however I can tell you that the encryption
type
> used is not block cipher but stream cipher and that Centrinity uses a
> proprietary key stream generator, comparable in strength to RSA's RC4
> Stream Cipher keystream.
>
> Regards
> Aoife Kelly,
> International Customer Support,
> Centrinity Ltd. (formerly SoftArc)
============================
I think this means it is like SSL as used by https sites? FC used to
have only 40bit keys due to the US export restrictions etc. and these
days 512 is no longer so good. 'We do not discuss' sounds like snakeoil
to me......
Can anyone PLEASE RE-ASSURE ME or WARN me...
Thanks
GW
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
