Cryptography-Digest Digest #684, Volume #13 Tue, 13 Feb 01 12:13:00 EST
Contents:
Re: AES in PGPi? ("Sam Simpson")
Re: Rnadom Numbers (Mok-Kong Shen)
Re: Scramdisk, CDR and Win-NT ("Keith Wilkinson")
Re: AES in PGPi? (Tom McCune)
Re: AES in PGPi? (Nick Battle)
Re: Password authentication with symmetric key exchange ("Henrick Hellstr�m")
Re: What is kerebos? (John Savard)
Sky TV ("Julian Lewis")
Hardware RNG - Where can I order one? ("The Death")
Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it good?)
(Larry Kilgallen)
Re: What is kerebos? (JPeschel)
A different concept for email encryption ?? ("Ray")
Test and input wanted on new encoder. ("Frog2000")
asking for stream cipher resource ("Eric")
Re: Should I store a copy of gpg source code with my archive? (Sundial Services)
Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is (John Myre)
Re: The Kingdom of God (JCA)
Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it good?)
("Julian Morrison")
Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it good?)
("Julian Morrison")
PGP Public Key to MS PublicKeyBlob ("Philip Japikse")
----------------------------------------------------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: AES in PGPi?
Date: Tue, 13 Feb 2001 08:08:45 -0000
Matthew,
The PGP document is both misleading and incorrect. See my post to
comp.security.pgp.discuss highlighting this point just two days ago:
Sam Simpson <[EMAIL PROTECTED]> wrote in message
news:PuEh6.11497$[EMAIL PROTECTED]...
> From the PGP 7.03 help file under 'Preferred algorithm':
>
> "Twofish is a new 256-bit block cipher, symmetric algorithm created by
> Bruce Schneier. Twofish is one of five algorithms that the U.S. National
> Institute of Standards and Technology (NIST) is considering as a
replacement
> for the current Advanced Encryption Standard (AES)."
>
> Twofish was an AES candidate, but was rejected and Rijndael was chosen.
Can
> we have this fixed for the next version? ;)
PGP 7.0.3 implements both AES (AKA Rijndael!) and Twofish.
--
Regards,
Sam
http://www.scramdisk.clara.net/
(PS: I told you it was misleading Tom!)
Matthew J. Ricciardi <[EMAIL PROTECTED]> wrote in message
news:Ln5i6.508$[EMAIL PROTECTED]...
> Ordinarily, I also would have assumed that AES must be Rijndael. However,
I
> was confused by the accompanying help file which states, "Twofish is one
of
> five algorithms that the U.S. National Institute of Standards and
Technology
> (NIST) is considering as a replacement for the current Advanced Encryption
> Standard (AES)." I wasn't aware that there was a AES before Rijndael but
am
> concerned that this "former AES" (whatever it may be) is being incorrectly
> offered under the AES name. Perhaps they meant to indicate that it was
> being considered as a replacement for DES?
>
> Matt Ricciardi
> [EMAIL PROTECTED]
>
>
> "kihdip" <[EMAIL PROTECTED]> wrote in message
> news:96am8u$hbv$[EMAIL PROTECTED]...
> *The* AES algorithm can only be Rijndael, but to be sure you'll have to
> compare the sourcecode to the Rijndael paper.
> The other algorithms from the AES effort are usually known as candidates.
>
> If the algorithms Serpent, Twofish, RC6 and MARS are present aswell as
'AES'
> (and Rijndael is missing), then Rijndael is probably = AES.
>
> To be certain you should apply a few test vectors to verify the identity
of
> the algorithm.
>
> Kim
>
> "Matthew J. Ricciardi" <[EMAIL PROTECTED]> wrote in message
> news:VD4i6.507$[EMAIL PROTECTED]...
> > I recently downloaded the latest version of PGPi and found that it
> contained
> > an AES algorithm, along with the usual TripleDES, CAST, etc. Is this
> > Rijndael or some other AES? The online help provided no assistance in
the
> > matter and was clearly out of date since it described Twofish as one of
> the
> > 5 finalists still in the running for AES. Also, is one of the available
> > algorithms in PGPi generally preferred over the others?
> >
> > I intend to use the software primarily for encrypting ASCII text and
other
> > small files for transmission via electronic mail.
> >
> > Thanks,
> >
> > Matt Ricciardi
> > [EMAIL PROTECTED]
> >
> >
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Rnadom Numbers
Date: Tue, 13 Feb 2001 10:04:54 +0100
"Douglas A. Gwyn" wrote:
>
> Joseph Ashwood wrote:
> > ...
>
> That was interesting, perhaps helpful, but the simple fact is
> that one cannot determine the actual "information" (negentropy)
> in a stretch of data on an absolute basis, but only relative to
> some assumed state of knowledge (pre-existing store of information).
> For example, whatever "entropy" is assigned to a stretch of N bits
> is surely not doubled merely by repeating the N bits twice in a
> row. In cryptology particularly, very high-order correlations
> can be so important that any information estimate based on lower
> order correlations can be wildly inaccurate. (A la Kullback it
> would be terms in a divergent series.) My opinion is that this
> whole approach to measuring "randomness" is fundamentally unsound
> and that what is needed is to determine what support the available
> data gives to the hypothesis that the source is suitably random.
> It sounds like the same thing but works differently in practice.
I fully agree with you. If a certain entropy E1 is fed
into a black box that implements a deterministic algorithm
and that black box does not have other entropy input, then
the output entropy E2 cannot be greater than E1. There is,
if I understood some recent discussions in another thread
correctly, only the following that nevertheless could be of
a bit practical relevance: We 'postulate' (assume) that
for each bit sequence B there is a (in some practical
sense meaningful) measure of the lower bound C of
computing or analytical work (effort) that is needed to
detect and exploit the structures buried in B for purposes
of attacking the ciphers using B. Then, in case the black
box is sufficiently well designed, one can have, for an
input sequence B1 and an output sequence B2, the relation
C2 > C1, even though E2 <= E1 always holds. A plausible
('rough') explanation of this is that certain amount of
'computational' 'work' has been done by the black box in
transforming B1 to B2. (Thus the output sequence B2 is
sort of 'value added' with respect to the input sequence
B1 in the context of the applications concerned.)
Admittedly, the above is all my own 'interpretations' of
the said discussions. I should appreciate corrections,
if I have commited big blunders or have simply written
nonsenses in the above. Thanks in advance.
M. K. Shen
=======================
http://home.t-online.de/home/mok-kong.shen
------------------------------
Crossposted-To: alt.security.scramdisk
Subject: Re: Scramdisk, CDR and Win-NT
Reply-To: [EMAIL PROTECTED]
From: "Keith Wilkinson" <[EMAIL PROTECTED]>
Date: Tue, 13 Feb 2001 09:05:45 GMT
In article <[EMAIL PROTECTED]>, Jungle wrote:
> I'm not & never will use CD-R/W UDF as H/D substitution, the is no reliability &
>more important,
> the is no SPEED of access that could be comparable to my H/D speed,
>
> I did use & I'm using it as R/W off site storage,
> something in the middle between CD-R & useful semi back-up / depository
> [ in doing this, I DID NOT have any disastrous writes ]
> by saying this, I'm using it for writes of normal, average size files,
> I did not write file of SD container size, ~525 MB
>
If it works for you, fine. I wanted to use it as a super floppy not a HD replacement,
but I found
it unreliable. If it were reliable it would make no difference how big the file is,
including a
Scramdisk container. Like you, I try not to believe second-hand rumours but in this
case most of
what I had heard about packet writing software being unreliable I experienced myself.
Keith
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: AES in PGPi?
Date: Tue, 13 Feb 2001 11:41:29 GMT
In article <VD4i6.507$[EMAIL PROTECTED]>, "Matthew J. Ricciardi"
<[EMAIL PROTECTED]> wrote:
>I recently downloaded the latest version of PGPi and found that it contained
>an AES algorithm, along with the usual TripleDES, CAST, etc. Is this
>Rijndael or some other AES? The online help provided no assistance in the
<snip>
You did not download a PGPi version with AES. Although you downloaded from
PGPi, it is official PGP software, which now includes both Twofish and
Rijndael (AES) as symmetric algorithm options.
Tom McCune
My PGP Page & FAQ:
http://www.McCune.cc/PGP.htm
------------------------------
From: Nick Battle <[EMAIL PROTECTED]>
Subject: Re: AES in PGPi?
Date: Tue, 13 Feb 2001 12:43:21 +0000
Sam Simpson wrote:
> PGP 7.0.3 implements both AES (AKA Rijndael!) and Twofish.
The documentation explains that Rijndael has several different key
lengths that it can support (from 128 to 256), but it doesn't say what
key length PGP uses when you choose the AES algorithm. Does anyone know
what key length it uses?
Cheers,
-nick
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Password authentication with symmetric key exchange
Date: Tue, 13 Feb 2001 14:02:28 +0100
I could give you two good reasons:
Steak is less biased than SHA1. SHA1 fails the random excursions tests,
whereas Steak doesn't.
Furthermore, SHA1 works with a 160-bit vector and equal sized blocks and
output. The recommended vector of Steak is 8x32 = 256 bits, the block size
is 8 bits, and a hash value might be obtained simply by padding the plain
text with any predetermined string.
--
Henrick Hellstr�m
StreamSec HB
"Paul Crowley" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> I think it's clear that no-one would be well advised to buy such
> products as things stand. It's very hard to see why someone might
> prefer it over a product based on Rijndael in CTR-mode using HMAC-SHA1
> authentication, which will certainly be fast enough that its
> performance will rarely be a concern.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: What is kerebos?
Date: Tue, 13 Feb 2001 13:05:15 GMT
On 13 Feb 2001 03:31:00 GMT, [EMAIL PROTECTED] (JPeschel)
wrote, in part:
>Maybe you've had one too many Salty Dogs.
Now I'll have to listen to my Flatt and Scruggs record again...
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Julian Lewis" <[EMAIL PROTECTED]>
Subject: Sky TV
Date: Tue, 13 Feb 2001 14:06:18 +0100
Reply-To: "Julian Lewis" <[EMAIL PROTECTED]>
Well as you may already know
Sky TV analogue services are being
cut off, forcing us to move to digital.
People who live in other countries,
are being ripped off. We are not
allowed to watch our own TV for
some stupid reason, even though
we are willing to pay.
I was just wondering, if any one here
knows exactly how the digital encryption
works. Not that I would dream of doing
anything naughty ...
Questions
How is the card initialised.
How is the card bound to the digi-box.
What algorithm do they use.
Has the code already been broken.
------------------------------
From: "The Death" <[EMAIL PROTECTED]>
Subject: Hardware RNG - Where can I order one?
Date: Sat, 10 Feb 2001 22:54:29 +0200
Where can i buy a good hardware RNG that i can connect to my PC and use to
generate secure random bits?
------------------------------
From: [EMAIL PROTECTED] (Larry Kilgallen)
Subject: Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it
good?)
Date: 13 Feb 2001 08:49:16 -0500
In article <96abuq$qq3$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Ian Goldberg)
writes:
> I doubt many people took the time to actually look at this. It's in *Ada*
> after all. I happen to know Ada, so I did, and found (though you wouldn't
> have to actually know Ada to see this) a *really* subtle implementation
> bug.
Thanks for sharing your analysis.
One of the design goals of Ada is to be easy to read (taking priority
over easy to write). I am surprised others would have trouble reading
it (as distinguished from having trouble finding the defect you found).
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 13 Feb 2001 14:07:07 GMT
Subject: Re: What is kerebos?
[EMAIL PROTECTED] (John Savard) writes:
>On 13 Feb 2001 03:31:00 GMT, [EMAIL PROTECTED] (JPeschel)
>wrote, in part:
>
>>Maybe you've had one too many Salty Dogs.
>
>Now I'll have to listen to my Flatt and Scruggs record again...
>
And I'll listen to Procol Harum.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Ray" <[EMAIL PROTECTED]>
Subject: A different concept for email encryption ??
Date: Tue, 13 Feb 2001 15:08:51 +0100
Hi,
I would like to hear about sense or nonsense of the following concept for
encrpyting email while overcoming the public key infrastructure.
1. Everybody can create a (public) key based on the recipient's email
address.
An algorithm on the user's machine does it. The message is then encrypted
using that key.
That's the easy part. The advantage of it is, that I don't have to look for
the recipient's public key, I can generate it.
2. A little bit more complicated - but a once in a life time effort - is the
procedure on the recipients side.
In order to read/encrypt the message the recipient must create an
appropriate key.
This is a two step process.
He creates a portion of the key and seals this portion with a pin (which he
may change later on).
This portion is sent to a central server and the complete key is generated
and send by email to that address for which the key is valid.
This makes sure, that the receiver is the person who is authorized to get
the key.
This key must be unlocked by the personal pin and is used for decrypting the
message.
That's all.
Some two more features are wishful.
1. you can escpecially encrypt the message a second time with a special pin
that must be delivered
to the recipient on other ways like phone calls etc. Only with that pin the
message can be read.
2. the message expires. You, the sender, can set a period when the message
can never be opened again.
Please comment here or send your comments to [EMAIL PROTECTED]
Thanks
------------------------------
From: "Frog2000" <[EMAIL PROTECTED]>
Subject: Test and input wanted on new encoder.
Date: Tue, 13 Feb 2001 09:27:10 -0500
I'd appreciate any input, especially on the algorithm for this encoder.
Encoder is in executables and DLLs. The algorithm should give a good method
for testing.
--
http://welcome.to/speechsystemsfortheblind
------------------------------
From: "Eric" <[EMAIL PROTECTED]>
Subject: asking for stream cipher resource
Date: Tue, 13 Feb 2001 23:06:57 +0800
Could any one give me some web sites about stream cipher background,
publications etc. ?
------------------------------
Date: Tue, 13 Feb 2001 08:10:56 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Should I store a copy of gpg source code with my archive?
I don't want to open the black-cat bag of Politics here again, but the
entire world of internet commerce is based entirely on cryptography,
particularly in the form of SSL2. And when ultra-powerful computers are
available to the common man, it becomes a moot point whether those
computers will be used to encrypt sensitive information: they will.
Even for the mundane purposes of buying cookie-cutters on-line.
[You think I'm kidding, right? http://www.cookiecutters.com ... it
exists.] ;-)
>Joseph Ashwood wrote:
>
> "jtnews" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > how can the software become illegal?
> > isn't it too late once you let the cat
> > out of the bag?
>
> It could become illegal the same way drugs become illegal. Someone with the
> right power decides thath having them around is detrimental, so they make
> them illegal. Cryptography seems to be a fairly perpetual target because
> most people think it's useless unless you're military or performing illegal
> activities. As such it would not be wholly unpopular to outlaw cryptography,
> which would immiediately make gpg (and pgp) illegal.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is
Date: Tue, 13 Feb 2001 08:22:02 -0700
Larry Kilgallen wrote:
<snip>
> I am surprised others would have trouble reading it.
I don't think he meant it would be hard - I think he meant
that few would bother, because of their inclinations in
regards to other languages. Ada isn't, um, fashionable.
JM
------------------------------
From: JCA <[EMAIL PROTECTED]>
Crossposted-To: alt.security,comp.security,alt.2600
Subject: Re: The Kingdom of God
Date: Tue, 13 Feb 2001 07:28:23 -0800
Why not a quote from the Old Norse mythology? I mean, it's
far more fun, and just as irrelevant to the issues that concern
these newsgroups.
"Markku J. Saarelainen" wrote:
> 1. When he was on earth, Jesus taught his followers to pray for God's
> Kingdom. A kingdom is a government that is headed by a king. God's
> Kingdom is a special government. It is set up in heaven and will rule
> over this earth. It will sanctify, or make holy, God's name. It will
> cause God's will to be done on earth as it is done in heaven.-Matthew
> 6:9, 10.
>
> http://www.watchtower.org/library/rq/index.htm
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it
good?)
Date: Tue, 13 Feb 2001 16:23:23 +0000
"Ian Goldberg" <[EMAIL PROTECTED]> wrote:
> RC4 implementors: be *very* careful when you implement...
D'oh! Thanks for finding that.
Serves me right for being a smartass and using xor swap.
There's another bug too:
N := C.I mod K'Length
Should be
N := C.I mod C.K'Length
Otherwise it deliberately skips the IV! Ack :-(
------------------------------
From: "Julian Morrison" <[EMAIL PROTECTED]>
Subject: Re: Subtle RC4 implementation mistake (was: Arcfour in Ada, by me - is it
good?)
Date: Tue, 13 Feb 2001 16:25:29 +0000
"Larry Kilgallen" <[EMAIL PROTECTED]> wrote:
> One of the design goals of Ada is to be easy to read (taking priority
> over easy to write). I am surprised others would have trouble reading
> it (as distinguished from having trouble finding the defect you found).
It being horribly mangled by my newsreader auto-fill-paragraph thang
can't have helped :-/
------------------------------
From: "Philip Japikse" <[EMAIL PROTECTED]>
Subject: PGP Public Key to MS PublicKeyBlob
Date: Tue, 13 Feb 2001 11:29:57 -0500
I am trying to convert a PGP RSA Public Key to a Microsoft PublicKeyBlob to
use with the CryptoAPI functions.
Thanks!
--Phil
[EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
