Cryptography-Digest Digest #681, Volume #13 Mon, 12 Feb 01 14:13:01 EST
Contents:
Re: Multiple-Key RSA cryptosystem ([EMAIL PROTECTED])
Re: Multiple-Key RSA cryptosystem ("Gilbert Brands")
Re: Fractal encryption? ("Douglas A. Gwyn")
Re: I encourage people to boycott and ban all Russian goods and ("Douglas A. Gwyn")
Re: Multiple-Key RSA cryptosystem (DJohn37050)
"Confidential" [Re: OverWrite freeware....] (Alan Mackenzie)
Re: UNIX Crypt for DOS (Donald Welsh)
Re: Password authentication with symmetric key exchange (Paul Crowley)
Re: Rnadom Numbers ("Douglas A. Gwyn")
is compression necessary when using gpg (GNU Privacy Guard)? (jtnews)
Re: I encourage people to boycott and ban all Russian goods and ("Trevor L.
Jackson, III")
Should I store a copy of gpg source code with my archive? (jtnews)
Re: Steganography with ASCII text files ("Tony T. Warnock")
Super strong crypto ("S. Welsh")
Re: is compression necessary when using gpg (GNU Privacy Guard)? (Mike Rosing)
Re: Should I store a copy of gpg source code with my archive? (Mike Rosing)
Re: Super strong crypto (Stephen Early)
Re: Super strong crypto (Mike Rosing)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Multiple-Key RSA cryptosystem
Date: Mon, 12 Feb 2001 16:00:05 GMT
In article <[EMAIL PROTECTED]>,
"Augusto Jun Devegili" <[EMAIL PROTECTED]> wrote:
> Could anyone possibly tell me where I can find this information?
>
> "DJohn37050" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Already done before.
> > Don Johnson
>
>
PGP system, allows for shared keys, both DH, and RSA
PGP versions up to and including 6.5.8, use RSA keys that do not allow
for corporate Additional Decryption Keys, but still allows for shared
keys.
PGP 7.0x does allow for newer RSA keys that allow for Additional
Decryption Keys {but are not compatible with RSA keys of previous PGP
editions }as well as for older style RSA keys.
both are available {free } form here: http://www.pgpi.org
n.b.
there are extensive manuals available in PDF form, for each PGP edition,
included with the download, that explains most of what you need to know.
hope this helps,
vedaal
Sent via Deja.com
http://www.deja.com/
------------------------------
From: "Gilbert Brands" <[EMAIL PROTECTED]>
Subject: Re: Multiple-Key RSA cryptosystem
Date: Mon, 12 Feb 2001 17:15:24 +0100
Have a look at IBM-security group pages.
They have developed some schemes for that.
--
Gilbert Brands
E-Mail : [EMAIL PROTECTED]
Work Page : www.ewetel.net/~gilbert.brands/
===========================
Manche meinen,
Lechts und Rinks könne man nicht velwechsern.
Werch ein Illtum !
Augusto Jun Devegili <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
> My purpose is a joint signature scheme.
>
> "Roger Schlafly" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > You have a system where 2 parties can collaborate to use their
> > secret into to produce a message that anyone can decrypt. Why?
> > Are you trying for a joint signature scheme? If you state what
> > you really want to accomplish, you might get some help.
>
>
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption?
Date: Mon, 12 Feb 2001 15:39:54 GMT
> Fractals are interesting precisely because they have lots of
> readily observable structure, but we want our cryptosystems to
> hide all structure of the plaintext
Fractals might be more useful in cryptanalysis, due to their
property of sampling at all scales.
------------------------------
Crossposted-To: comp.security,alt.security,alt.2600
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: I encourage people to boycott and ban all Russian goods and
Date: Mon, 12 Feb 2001 15:47:38 GMT
[EMAIL PROTECTED] wrote:
> It's terrible when driver drink but not only Russian diplomat commit a
> crime on territory of another country.
> How about USA consul in Vladivostok in Russia. He make young man
> physically handicapped when he driving. He use diplomatic immunity
> and don't been punished.
It is unfortunate that the concept of "diplomatic immunity",
meant to allow ambassadorial staff to perform legitimate
duties without interference from the local government,
has been interpreted to include immunity from prosecution
even for crimes that can be objectively identified as such.
Indeed, the premise of the movie "Lethal Weapon 2" was based
on this problem.
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 12 Feb 2001 16:29:24 GMT
Subject: Re: Multiple-Key RSA cryptosystem
IBM has some stuff on what they call proactive security. Other papars are also
aor
Don Johnson
------------------------------
From: Alan Mackenzie<[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker,alt.conspiracy
Subject: "Confidential" [Re: OverWrite freeware....]
Date: Mon, 12 Feb 2001 07:51:07 +0000
Hit1Hard <[EMAIL PROTECTED]> wrote on Sun, 11 Feb 2001 13:49:48 -0500:
> Anthony Stephen Szopa wrote:
>> The thread is about overwriting confidential data on a hard drive.
> Thats what I read.
>> It is a given that there is confidential data on the hard drive
>> that one desires to make unrecoverable.
> Confidential, is a degree of secrecy. That means no plain readable or
> recognisable files.
Confidential actually means "spoken, written, or given in confidence;
secret; private" (Collins English Dictionary). It alludes to a
speaker/writer _confiding_ in the listener/reader.
By extension, the word also refers to techniques and practices to keep
such information secret, as you state above.
> Hit1Hard
--
Alan Mackenzie (Munich, Germany)
Email: [EMAIL PROTECTED]; to decode, wherever there is a repeated letter
(like "aa"), remove one of them (leaving, say, "a").
------------------------------
From: [EMAIL PROTECTED] (Donald Welsh)
Subject: Re: UNIX Crypt for DOS
Date: Mon, 12 Feb 2001 17:02:11 GMT
On Fri, 9 Feb 2001 00:19:32 -0500, "Matthew J. Ricciardi"
<[EMAIL PROTECTED]> wrote:
>I am searching for a DOS port of the UNIX crypt command.
>I have the C source code from Schneier's Applied Cryptography but, despite
>several hours of tinkering, am unable to make it work properly under DOS.
>(I have successfully compiled and used the same source code under UNIX.)
>Admittedly, I am not an expert C programmer, so please excuse any obvious
>oversights on my part. Do you have any suggestions for how I might proceed?
Ah. If you're not an expert C programmer, you may not realize that Unix
and MS-DOS treat end-of-lines differently. (Unix ends a line with "\n",
but MS-DOS uses "\r\n".) Specifically, if your program works for the
first line of a text file but garbles the rest, you might try telling
the file-opening function to open the file in binary mode.
------------------------------
Subject: Re: Password authentication with symmetric key exchange
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Feb 2001 17:04:50 GMT
[EMAIL PROTECTED] writes:
> In article
> <[EMAIL PROTECTED]>,
> Paul Crowley <[EMAIL PROTECTED]> wrote:
> > He's already hyping this amazing new technology as the key product of
> > a new company, despite zero academic review,....
>
> Well, "zero academic review" isn't exactly true, since I myself have an
> academic background with studies in mathematics among other things.
>
> Steak is a proposed encryption algorithm we didn't come up with over
> night. It's more like the result of a couple of years of research. We
> actually published it to get review from others (cf a previos thread
> here on sci.crypt).
I'd argue that getting it published in the academic literature is a
key component of claiming academic review.
My own cipher, Mercy, was the result of years of thought on my part
with several designs posted to sci.crypt over time. No-one but me
ever found any problems that warranted further designs, and when it
was presented at FSE in New York I'd started to feel pretty confident
of its security.
It was broken by Scott Fluhrer *two weeks later*.
Moral: you won't attract cryptanalysis unless you either a) get a
paper published, or b) field a popular product. Method "b" is not
recommended.
Quoting your own academic background only reveals your
misconceptions; the qualifications you need are those as a
cryptanalyst, and that part of the "Research" section on your Web
pages is conspicuously absent. A search of CiteSeer shows no
cryptanalysis papers with you as author, or indeed any matches on your
name at all, but CiteSeer is pretty incomplete.
> And I would not say we are "hyping" our technology. We clearly state
> the purpose and status of our own algorithms and protocols. How would
> you get an open review of any technology without that?
You've updated the webpages to correct some of the problems, which is
a good thing. But it still appears that you see your proprietary
algorithms as your key Unique Selling Point, whereas in fact they are
a deterrent to using your products.
"Most of our products uses MediumCipher to encrypt streamed data.
MediumCipher is one of our own algorithms, designed to automatically
verify the authenticity of streamed formatted data."
> > and basic misconceptions
> > about the work of similar technologies (in private email, he expressed
> > the belief that EKE meant "used only symmetric technologies" and
> > therefore an EKE exchanged did not involve modular exponentiation).
>
> Yes, I admit that. I thought that you by "EKE" meant "encrypted key
> exchange protocol" generally. But what about the other basic
> misconceptions you were talking about? It is possible that we have made
> mistakes translating the pages to english.
Basically, you display very little familiarity with other attempts to
achieve the same job; these are the attempts to which yours will be
compared.
Your PCFB mode is one of *many* attempts to combine encryption and MAC
in a single chaining mode. However, since it appears to require at
least two block encryptions per block of plaintext, it offers no
advantages over CTR-mode + CBC-MAC or similar. (That's assuming
n/m >= 2; you don't make it clear on the PCFB page what n/m ratio is
considered acceptible.)
As it happens, there are many proposals that require only a little
over one block encryption per block of plaintext. However, Until the
recent proposals to the NIST "modes of operation" workshop, there was
not one such construction that hadn't been shown to have serious flaws
under cryptanalytic scrutiny; the interest in these new proposals is
because they are accompanied with proofs that lend confidence in their
security. It's clear that you haven't been following the AES process
since you had no familiarity with the work done at this workshop.
You describe a new block cipher, Steak, but your discussion of
security makes no mention of differential or linear cryptanalysis.
You try to design a password protocol, but you seem unfamiliar with
the basics of what protocols such as SRP try to achieve, such as
resistance to dictionary attack.
You assert that your system is fast, but you give no figures that
allow us to compare it to comparable systems.
> Hm, yes, SteakCipher should be listed under "Research", not "Products",
> as that was my original intention. I will point that out to our
> webmaster. There are other things about our homepage that comes
> directly from the draftboard and shouldn't be published. Thank's for
> your comment.
This is the thing that really disturbs me.
I've demonstrated, I think, that you're designing in a field that you
don't know very well, but I don't actually think that's a sin.
Designing your own cipher may not be educational (since you can't tell
if you've done well) but it can be fun. However, you've gone from
there to *employing a webmaster* to set up a company, spurred by what
you think are successes in cryptography!
"Our aim is to develop a series of encryption products based on our
own algorithm, developed by Henrick Hellstrom."
I think it's clear that no-one would be well advised to buy such
products as things stand. It's very hard to see why someone might
prefer it over a product based on Rijndael in CTR-mode using HMAC-SHA1
authentication, which will certainly be fast enough that its
performance will rarely be a concern.
> > Yet another flavour of snake oil goes on the market. *sigh*
>
> Err. There is nothing particularly snake-oily about our products. It
> would have been if we had held the cipher secret to avoid this kind of
> comments, and still published "security" software based on the cipher.
> I assure you that we don't release any software using our own protocols
> and algorithms as anything but alpha versions literally marked with
> warning signs, until enough people have made a serious attempt to crack
> it and failed!
Yes, what you've done is much closer to the Right Thing than the
common behaviour you describe. But ultimately, snake oil is any
medicine that looks just like the real thing but doesn't work. I sigh
because you probably will get buyers, simply because so few buyers
have the faintest idea how to distinguish good cryptography from bad.
I guess we can only hope that "AES" becomes a buzzword to the extent
that customers start demanding it of everything that does encryption.
Their software still won't be secure, but at least one pointless way
of making them insecure will have been eliminated.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Rnadom Numbers
Date: Mon, 12 Feb 2001 16:18:03 GMT
Rodrigo Nuno Bragança da Cunha wrote:
> You can prove a stream is "expressable" within an axiomatic system, ...
Every finite sequence is easily expressible in a single-axiom system.
None of this is of the slightest use in testing an actual sample from
a possibly random source.
------------------------------
Date: Mon, 12 Feb 2001 12:13:42 -0500
From: jtnews <[EMAIL PROTECTED]>
Subject: is compression necessary when using gpg (GNU Privacy Guard)?
Since gpg scrambles the bits to introduce more
entropy into the data stream, does it make sense
to compress large files beforehand?
Do you wind up saving any space in the end?
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Reply-To: don't
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and
Date: Mon, 12 Feb 2001 17:17:15 GMT
"Douglas A. Gwyn" wrote:
> [EMAIL PROTECTED] wrote:
> > It's terrible when driver drink but not only Russian diplomat commit a
> > crime on territory of another country.
> > How about USA consul in Vladivostok in Russia. He make young man
> > physically handicapped when he driving. He use diplomatic immunity
> > and don't been punished.
>
> It is unfortunate that the concept of "diplomatic immunity",
> meant to allow ambassadorial staff to perform legitimate
> duties without interference from the local government,
> has been interpreted to include immunity from prosecution
> even for crimes that can be objectively identified as such.
> Indeed, the premise of the movie "Lethal Weapon 2" was based
> on this problem.
NYC has a large problem with this because the NYPD has to deal with UN staff
who typically wave credentials and claim immunity, in response to which the
officers typically don't even try to cite the malefactors. But DI is only
immunity from detention -- they cannot be arrested. The rest of the
judicial process is still intact. And any civilized country disciplines its
staff in response to complaints from the host country.
A related sore point is the wide-spread abuse of sovereignty in re back
rents. A diplomatic post may rent a choice property and neglect to pay for
it. Evicting such a tenant requires the cooperation of the State
Department, which is rarely forthcoming.
------------------------------
Date: Mon, 12 Feb 2001 12:38:16 -0500
From: jtnews <[EMAIL PROTECTED]>
Subject: Should I store a copy of gpg source code with my archive?
I'm storing away some CD-RW disks with encrypted data
from gpg.
Do I also need to store a copy of the source code
to gpg with the CD-RW disk? Or is the encrypted
data format stable enough that I don't have to
worry about problems retrieving my data afterwards.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Mon, 12 Feb 2001 10:38:27 -0700
Reply-To: [EMAIL PROTECTED]
Kind a fancy "grill" method with HTML being a dynamic grill.
------------------------------
From: "S. Welsh" <[EMAIL PROTECTED]>
Subject: Super strong crypto
Date: Mon, 12 Feb 2001 17:52:30 GMT
Group,
thanks regarding my recent post entitled "fractal encryption?" -
the responses
were much appreciated.
If fractal codes are usuless, then what is the best available
algorithm currently
available? And is there a site which compares algorithms on the basis of
their difficulty
to break or key length? As before, any responses are appreciated!
Samual Welsh.
P.S. As my previous posting may have revealed I am new to the subject of
encryption,
and I am not a very accomplished mathematican or scientist for that matter.
I'm a
British army infantry second lieutennant, straight out of Sandhurst, and was
pointed
to this newsgroup by my CO and advised to read up on the subject of
encryption.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: is compression necessary when using gpg (GNU Privacy Guard)?
Date: Mon, 12 Feb 2001 12:41:31 -0600
jtnews wrote:
>
> Since gpg scrambles the bits to introduce more
> entropy into the data stream, does it make sense
> to compress large files beforehand?
It does not introduce more entropy, it scrambles blocks
to different blocks.
> Do you wind up saving any space in the end?
In the practical world, yes. If you compress you make the
attackers task a touch more difficult. But more importantly
after you convert the data from binary to ascii armored the
final result will be similar in size to what you started with.
If you didn't compress first, your shipped result could be
4/3 larger than what you started with.
If you just ftp binaries around, then it won't matter, but
you'll still save space since the compressed data is smaller.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Should I store a copy of gpg source code with my archive?
Date: Mon, 12 Feb 2001 12:43:13 -0600
jtnews wrote:
>
> I'm storing away some CD-RW disks with encrypted data
> from gpg.
>
> Do I also need to store a copy of the source code
> to gpg with the CD-RW disk? Or is the encrypted
> data format stable enough that I don't have to
> worry about problems retrieving my data afterwards.
SAVE IT!! Computer stuff changes too fast. People try
to be backwards compatible, but you never know what might
break when.
Patience, persistence, truth,
Dr. mike
------------------------------
From: Stephen Early <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: 12 Feb 2001 18:49:39 GMT
In article <ypVh6.769$[EMAIL PROTECTED]>,
S. Welsh <[EMAIL PROTECTED]> wrote:
>If fractal codes are usuless, then what is the best available
>algorithm currently available? And is there a site which compares
>algorithms on the basis of their difficulty to break or key length?
>As before, any responses are appreciated!
"Best" for what? There is no single algorithm or key length that is
good for every task.
>I'm a British army infantry second lieutennant, straight out of
>Sandhurst, and was pointed to this newsgroup by my CO and advised to
>read up on the subject of encryption.
You'll be better off with a book. Bruce Schneier's book "Applied
Cryptography", second edition (ISBN 0-471-11709-9) is highly thought
of[1]. You should be able to find it in a bookshop quite easily. For a
more classical look at cryptography and the role it has played in
history, try "The Code Book" by Simon Singh (ISBN 1-85702-879-1).
After reading a book, try the newsgroup again for more information. It
will be much more understandable, and you'll be able to decide for
yourself which posts are believable.
Steve Early
[1] By many people, although obviously not everybody in this group.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Mon, 12 Feb 2001 12:47:34 -0600
"S. Welsh" wrote:
>
> Group,
> thanks regarding my recent post entitled "fractal encryption?" -
> the responses
> were much appreciated.
> If fractal codes are usuless, then what is the best available
> algorithm currently
> available? And is there a site which compares algorithms on the basis of
> their difficulty
> to break or key length? As before, any responses are appreciated!
check out the 5 finalists to AES (http://csrc.nist.gov/encryption/aes/)
Reading some of the papers on that site will get you references to many
of the leading articles in the field of crypto. It should keep you busy
for a few weeks :-)
> P.S. As my previous posting may have revealed I am new to the subject of
> encryption,
> and I am not a very accomplished mathematican or scientist for that matter.
> I'm a
> British army infantry second lieutennant, straight out of Sandhurst, and was
> pointed
> to this newsgroup by my CO and advised to read up on the subject of
> encryption.
You'll be an expert in a no time :-)
Patience, persistence, truth,
Dr. mike
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
