Cryptography-Digest Digest #649, Volume #13 Wed, 7 Feb 01 11:13:00 EST
Contents:
Re: Mod function (Benjamin Goldberg)
Re: RSA prime selection. (Newbie question) ("StuartL")
Re: File encryption with Rijndael (Tom St Denis)
Re: OverWrite freeware completely removes unwanted files from hard drive (Tom St
Denis)
Re: efficient coin flipping (Benjamin Goldberg)
Re: Phillo's alg is faster than index calculus (Bob Silverman)
Re: Low-tech homemade crypto keycards (Tom St Denis)
Re: Need BigNum in JavaScript (Robert Scott)
Re: Low-tech homemade crypto keycards (Paul Rubin)
Re: Need BigNum in JavaScript (Paul Rubin)
Re: File encryption with Rijndael ("Marcin")
Re: Encrypting Predictable Files ([EMAIL PROTECTED])
Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH) (jungle)
Re: MQV implementation (DJohn37050)
Re: Low-tech homemade crypto keycards (Tom St Denis)
Re: RSA prime selection. (Newbie question) (DJohn37050)
Re: Bleichenbacher finds bug in DSA RNG (DJohn37050)
Re: Bleichenbacher finds bug in DSA RNG (DJohn37050)
Re: Bleichenbacher finds bug in DSA RNG ([EMAIL PROTECTED])
Re: Questions about Diffie-Hellman ([EMAIL PROTECTED])
Re: Low-tech homemade crypto keycards ("Paul Hodgkinson")
Re: File encryption with Rijndael (Jirka Klaue)
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Mod function
Date: Wed, 07 Feb 2001 12:22:43 GMT
Adam Smith wrote:
>
> Hello all. Since my last post a 512 bit RSA key was contributed to me
> (hehe) and now my app is working fine, except it takes about 13
> seconds to verify a signature which is way too long. A lot of the
> time is taken in the mod function. I'm looking for an efficient mod
> function that is good for crypto. Either in VB (preferred) or C/C++
> (with comments hopefully, I'm not extremely skilled in VB so it might
> be a little hard to port to VB).
As Tom Said, there are plenty of good packages for C. Gnu's MP, MPI are
two good ones. However, I would advise *against* simply porting them to
VB, as this would likely be much too slow. I would suggest creating [or
finding] a dll to use one of these libraries from VB. This way, you get
all the speed advantages of a C or assembler implementation, and the
comfort of programming in the language you are familiar with.
--
A solution in hand is worth two in the book.
Who cares about birds and bushes?
------------------------------
From: "StuartL" <[EMAIL PROTECTED]>
Subject: Re: RSA prime selection. (Newbie question)
Date: 7 Feb 2001 12:32:10 GMT
Thanks Spamless, that clears it up a lot.
I had a fair idea of how it worked but couldn't understand how they
generated such large prime numbers in a reasonable amount of time. I've
just found a really good webpage on primes and it explains lots of
algorithms for proving primality that I didn't know about. You see I
thought they had to divide by every other prime number up to the square
root, but now I know there are other ways.
http://www.utm.edu/research/primes/index.html
Anyway that's good, I understand a bit more about that stuff now. :)
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: File encryption with Rijndael
Date: Wed, 07 Feb 2001 12:33:11 GMT
In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>
>
> On Wed, 7 Feb 2001, Marcin wrote:
>
> > I have made available my tiny command line file encryption program based on
> > Rijndael with 256 bit keys. Its coded in Java and freely distributed with
> > source code at: http://www.optymalni.com/~marcin
> > Any comments please direct to [EMAIL PROTECTED]
> >
> > Marcin
> >
> You might be interested in my assembler version, code length only
> 440 bytes for 256-bit keys, http://www.afn.org/~afn21533/tinyrijn.zip
> which supports all 9 combinations of key and block sizes.
Not really since he wrote his in ***JAVA*** but pluging code is cool :-)
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker,alt.conspiracy
Subject: Re: OverWrite freeware completely removes unwanted files from hard drive
Date: Wed, 07 Feb 2001 12:34:32 GMT
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> Tor Rustad wrote:
> >
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > > Joseph Ashwood wrote:
> > >
> > > You are nuts.
> >
> > ???
> >
> > > "...those patterns can be stripped away..."
> > >
> > > How? With cleanser and lots of elbow grease. What are you talking
> > > about here? What utter BS.
> >
> > Next time you *try* to write such erase SW, as a *minimum* read DOD
> > 5220.22-M first.
> >
> > Of course you should *not* overwrite with *only* known patterns!
> >
> > I am not up to date with the state-of-the-art in recovering data, nor are
> > *you*, that information is classified.
> >
> > A well respected company in Norway, IBAS (www.ibas.com), does a pretty good
> > recovery job in many cases, but AFAIK they will have trouble with recovering
> > overwritten data. However, IBAS is *not* at military level on this, and
> > there might be better comercial companies around at this.
> >
> > Your SW was snake oil anyway.
> >
> > --
> > Tor <torust AT online DOT no>
>
> Using these 27 known and recommended patterns is certainly
> preferrable to a single overwrite of hex FF or 00.
>
> Ciphile Software's OverWrite program Version 1.0 is certainly well
> worth using for the purposes intended.
Hello,
I am a student in security and computer science. Could I see your source
code? I want to learn how this stuff all works!
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: efficient coin flipping
Date: Wed, 07 Feb 2001 12:49:55 GMT
[EMAIL PROTECTED] wrote:
>
> In article <[EMAIL PROTECTED]>,
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> > I use dice to determine my password.
>
> 26+10=36, very nice! All alphanumeric values. I hadn't seen that
> before. That implies your passwords have no capital letters or
> ampersands or such.
>
> If I wanted bits, I could ignore pairs of dice that hit the top 4 of
> the 36 states, giving me 5 bits per pair of dice thrown. The man on
> the street would probably consider that suspicious, though. 8-sided
> or 16-sided dice would also seem awfully peculiar.
How do you know Mok's not using diceware? Roll a die a 5 times to pick
a word from a list of 7776 words, and 10 words equals about 128 bits of
strength. Since the words are english, more or less, they are much
easier to remember than random letters.
The diceware passphrase homepage is at http://www.diceware.com/
As to the idea of non-six-sided dice (4, 8, 10, 12, 20), the might seem
peculiar by themselves, but if you put them in a box of AD&D stuff,
noone would think them odd. Of course, some people might consider you
odd for having an AD&D set, but you can't please everyone :)
--
A solution in hand is worth two in the book.
Who cares about birds and bushes?
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Phillo's alg is faster than index calculus
Date: Wed, 07 Feb 2001 12:35:57 GMT
In article <95q6s0$8d2$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
<snip>
Who was it that said "The education of fools is folly"??
I can see that I am wasting my time with you. I won't
bother trying to correct your nonsense in the future.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com
http://www.deja.com/
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Low-tech homemade crypto keycards
Date: Wed, 07 Feb 2001 12:36:40 GMT
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> Ray Dillinger <[EMAIL PROTECTED]> writes:
> > It's not a smart card by any means; in fact, it may be the
> > dumbest card ever proposed. But it stores a key nicely,
> > can be built by hand or with relatively simple tools out
> > of readily-available parts, and can't be read remotely or
> > surreptitiously (I think).
>
> The device sounds totally pointless.
>
> It's trivial to read the key out of the card with an ohmmeter.
> Just find which pairs of wires are connected to each other.
That's the point, but if you pull the wires out of the card bye bye key.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (Robert Scott)
Subject: Re: Need BigNum in JavaScript
Reply-To: [EMAIL PROTECTED]
Date: Wed, 07 Feb 2001 13:03:42 GMT
In response to my proposal to implement 1024-bit RSA with e=3 in
JavaScript, Paul Rubin wrote:
>Yes, that's about the only public key operation that would be
>practical in javascript. It's probably been coded, but if not, I'll
>get around to it someday.
>
>If you're trying to secure contents of a web page, you're probably
>a lot better off just setting up SSL on your server.
To use SSL I would need to pay Verisign several hundred dollars per
year to maintain a certificate. I'm just too cheap.
>Alternatively, use an applet.
>
>Is there some reason you don't want to use an applet?
I don't know. Right now my web design education extends only
to JavaScript. But now that I have looked into it a little
more, I see that Java 1.1 has a built-in implementation
of BigInteger. Thanks for the pointer.
Robert Scott
Ypsilanti, Michigan
(Respond through newsgroups, not by direct e-mail.)
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Low-tech homemade crypto keycards
Date: 07 Feb 2001 05:05:02 -0800
Tom St Denis <[EMAIL PROTECTED]> writes:
> > It's trivial to read the key out of the card with an ohmmeter.
> > Just find which pairs of wires are connected to each other.
>
> That's the point, but if you pull the wires out of the card bye bye key.
Why not just write the keys down on a piece of paper? It's trivial
to read them, but if you swallow the paper bye bye key.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Need BigNum in JavaScript
Date: 07 Feb 2001 05:15:41 -0800
[EMAIL PROTECTED] (Robert Scott) writes:
> >If you're trying to secure contents of a web page, you're probably
> >a lot better off just setting up SSL on your server.
>
> To use SSL I would need to pay Verisign several hundred dollars per
> year to maintain a certificate. I'm just too cheap.
No you don't. You can generate your own certificate for free. The
browser won't be able to authenticate it so it will pop a dialog
warning the user and asking if they want to continue. But if you do
some weird javascript encryption, you also won't have authentication.
If you don't want that warning dialog, you can get a certificate from
www.equifaxsecure.com for less than Verisign charges. I paid $45 for
mine but I think they went up to $79. www.globalsign.com will give
you an authenticated cert for free but only the more recent browsers
will recognize it. Older browsers will still pop that dialog.
> >Alternatively, use an applet.
> >
> >Is there some reason you don't want to use an applet?
>
> I don't know. Right now my web design education extends only
> to JavaScript. But now that I have looked into it a little
> more, I see that Java 1.1 has a built-in implementation
> of BigInteger. Thanks for the pointer.
More importantly, the browser java interpreter is orders of magnitude
faster than the javascript interpreter. Even the conventional encryption
layer of whatever you're doing will crawl in javascript.
------------------------------
From: "Marcin" <[EMAIL PROTECTED]>
Subject: Re: File encryption with Rijndael
Date: Wed, 07 Feb 2001 13:37:25 GMT
I actually had a look at the assembly code. My code serves a different
purpose:
1) Demonstration of a java implementation of the algorithm.
2) Demonstration of input /output streams which can be used in a transaction
protocol.
3) Streams support frame numbers and frame message digests so if you were to
send the encrypted file through the internet, no attack will go undetected.
Marcin
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> On Wed, 7 Feb 2001, Marcin wrote:
>
> > I have made available my tiny command line file encryption program based
on
> > Rijndael with 256 bit keys. Its coded in Java and freely distributed
with
> > source code at: http://www.optymalni.com/~marcin
> > Any comments please direct to [EMAIL PROTECTED]
> >
> > Marcin
> >
> You might be interested in my assembler version, code length only
> 440 bytes for 256-bit keys, http://www.afn.org/~afn21533/tinyrijn.zip
> which supports all 9 combinations of key and block sizes.
>
> =============
> My home page URL=http://www.afn.org/~afn21533/ Robert G. Durnal
> Hosting RIJNDAEL, the AES winner, in CFB block [EMAIL PROTECTED]
> chaining mode with key hashing. Executable is [EMAIL PROTECTED]
> only 440 bytes. Download as tinyrijn.zip
>
>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Encrypting Predictable Files
Date: Wed, 07 Feb 2001 13:28:47 GMT
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Joseph Ashwood wrote:
> >
> > "Bryan Olson" <[EMAIL PROTECTED]> wrote in message
> > news:95plt8$o9q$[EMAIL PROTECTED]...
> > > Paul Housley wrote:
> > > [...]
> > > > There are some parts of the files which are predictable.
> > > [...]
> > > > I am concerned that, by knowing what part of the file is
> > > > supposed to decrypt to, this may help people to find the
> > > > encryption key.
> > > >
> > > > Any advice, particularly concerning the RC4 algorithm?
> > >
> > > RC4 is designed to resist known-plaintext attacks, and so far
> > > no one has shown it doesn't.
> >
> > However it also suffers from plaintext substitution, that is to say
> > that if the plaintext is known it can be replaced with a different
> > more desirable plaintext, this may or may not be a problem depending
> > on the situation. Because of this I'd suggest using at a minimum an
> > AllOrNothingTransform. Realistically that'll be as expensive as
using
> > a block cipher that doesn't suffer from this problem.
> >
> > > It is _not_ designed to encrypt multiple messages with the
> > > same key. Always derive a new key RC4 key for each message.
> >
> > No argument at all, this is an absolute MUST.
> > Joe
>
> Suggesting an AONT seems a little bit silly as a way of strengthening
a
> cipher; not because it doesn't work, but because if it's a true AONT,
it
> provides such a HUGE increase in strength that almost anything you
care
> to follow it with becomes enough to be secure.
>
> If you're going to introduce AONT into your system, you need almost
> nothing else. Simply XORing your key with the AONT'd text is enough,
> even for a fairly short key (provided that key's long enough to avoid
> being brute forced).
>
A good "all or nothing transform" is scott16u or scott19u in either
one a single bit change anywhere in the input file creates totally
different ouput files. From front to back so the problem of many
plaintext messages that contain large protions of repeatable text
leaking information to an attacker goes away
Dave
Sent via Deja.com
http://www.deja.com/
------------------------------
Date: 7 Feb 2001 13:50:06 -0000
From: jungle <Use-Author-Address-Header@[127.1]>
Subject: Re: PGP 2.6.3ia-cb (now supports CAST5 and BLOWFISH)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
=====BEGIN PGP SIGNED MESSAGE=====
07 Feb 2001 in <[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote:
> I just added another cipher to PGP 2.6.3ia - Blowfish
> why? because it was easy :)
and you are calling it PGP ?
it is not PGP any more ...
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Wed Feb 7 13:50:04 2001 GMT
From: [EMAIL PROTECTED]
=====BEGIN PGP SIGNATURE=====
Version: 2.6.2
iQEVAwUBOoFSjU5NDhYLYPHNAQGVOwf9EASnw/N+zh8IDhFczBCRcU87Gx0og25w
LnNDRKLAlbnHP0ER8zbSgOpCsQ7Ew6ZBaXVXsOIbuzvgqrihDWRCj4u2M9KWaDIr
SuoNiAzBK+SSLI+wzwXki0tdEc0ZEhuhF/aWsFlOcSUQi9sWRWaDgwRs0Lenofwl
bQolNtk3KXDnACygbpvTOcaZZaXtxKDFgdwbI/Dy+OTfi0Evy8CQgQwQJIuQnJNR
uN+DmZfBwLkw0vbLZ+8JxlPzq437LJLbGyQQu7eHIA0q/87JW3Kstn3y/YzJBkW2
4InhSICCVW0JozjpeYzgqA9umjbYYwGGDJyb3r8Ute2kfBEzSLxYzw==
=TKf1
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 07 Feb 2001 13:54:52 GMT
Subject: Re: MQV implementation
Try asking Certicom, since they invented it.
Don Johnson
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Low-tech homemade crypto keycards
Date: Wed, 07 Feb 2001 13:59:53 GMT
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> Tom St Denis <[EMAIL PROTECTED]> writes:
> > > It's trivial to read the key out of the card with an ohmmeter.
> > > Just find which pairs of wires are connected to each other.
> >
> > That's the point, but if you pull the wires out of the card bye bye key.
>
> Why not just write the keys down on a piece of paper? It's trivial
> to read them, but if you swallow the paper bye bye key.
>
Or just use a MAG strip on a card (like a cerdit card) then just take a mag
over it.
Tom
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 07 Feb 2001 14:14:09 GMT
Subject: Re: RSA prime selection. (Newbie question)
You might also want to look into discrete logarithm (e.g., DSA or DH) or
elliptic curve (ECC, e.g., ECDSA or ECDH) methods. In this case the prime is
public info. See IEEE 1363 for descriptions of all 3 (RSA,DSA,ECDSA) methods.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 07 Feb 2001 14:15:08 GMT
Subject: Re: Bleichenbacher finds bug in DSA RNG
Yes and there are 3 straightforward solutions. These will be presented at the
ANSI X9F1 meeting next week.
Don Johnson
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 07 Feb 2001 14:16:34 GMT
Subject: Re: Bleichenbacher finds bug in DSA RNG
It is also interesting that the "chink" that the attack exploits found in DSA
as written up in FIPS 186 or X9.30 does NOT apply to ECDSA as written up in
X9.62.
Don Johnson
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Bleichenbacher finds bug in DSA RNG
Date: Wed, 07 Feb 2001 15:04:58 GMT
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> http://www.cnn.com/2001/TECH/internet/02/06/DSA.flaw.idg/index.html
>
from yhe URL
"The U.S. National Security Agency designed DSA and it is one of three
authentication algorithms approved for generating and verifying digital
signature under the Digital Signature Standard. Digital signatures
allow software at the end of an electronic transaction to confirm the
identity of the party initiating the transaction and to verify the
integrity of the information received."
What is the big surprise. Does any one really think the NSA
wants the public to have safe crypto. Who on earth would trust
any encryption software from the NSA to be bug free. Since there
job is to tap into all messages. You might as well by Swiss
encrypting machines so the NSA can read it directly.
http://caq.com/CAQ/caq63/caq63madsen.html
Take Care
David Scott
Sent via Deja.com
http://www.deja.com/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Questions about Diffie-Hellman
Date: Wed, 07 Feb 2001 15:12:52 GMT
> I.e. choose g = q**((p-1)/r) mod p, where q may be any number such
> that GCD(q,p) = 1, and r is a large prime such that r|(p-1).
Wrong, of course. All numbers 0 < q < p have GCD(q,p) = 1 since p is a
prime. The correct condition is that q > 1 is any power of any
generator of Zp*.
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Paul Hodgkinson" <[EMAIL PROTECTED]>
Subject: Re: Low-tech homemade crypto keycards
Date: Wed, 7 Feb 2001 15:23:54 -0000
"Paul Rubin" <[EMAIL PROTECTED]> wrote
> Ray Dillinger <[EMAIL PROTECTED]> writes:
> > It's not a smart card by any means; in fact, it may be the
> > dumbest card ever proposed. But it stores a key nicely,
> > can be built by hand or with relatively simple tools out
> > of readily-available parts, and can't be read remotely or
> > surreptitiously (I think).
>
> The device sounds totally pointless.
>
> It's trivial to read the key out of the card with an ohmmeter.
> Just find which pairs of wires are connected to each other.
What's the point of having a house key?
It's trivial to take it to a key-cutter and have a copy made.
Unless you don't have physical access to the key...
--
Paul Hodgkinson
Remove "takeout" to email me.
Personal website: http://paulhodgkinson.ipfox.com
------------------------------
From: Jirka Klaue <[EMAIL PROTECTED]>
Subject: Re: File encryption with Rijndael
Date: Wed, 07 Feb 2001 16:56:43 +0100
Marcin wrote:
[snip]
>
> 3) Streams support frame numbers and frame message digests so if
> you were to send the encrypted file through the internet,
> no attack will go undetected.
>
This isn't a serious statement, is it ? *NO* attack will go undetected ?
It's a sentence one expects in a booklet. Or do you mean (horrible) JAVA
supports quantum-cryptography in its streams ?
Jirka
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
