Cryptography-Digest Digest #689, Volume #13 Thu, 15 Feb 01 00:13:00 EST
Contents:
Re: National Security Nightmare? (Mok-Kong Shen)
Re: SHA-1 (was Re: Password authentication ...) (John Naismith)
448 bits Hash algorithm (Marc Chapleau)
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: SHA-1 (was Re: Password authentication ...) ("Henrick Hellstr�m")
Re: What is an Inorder Algorithm? (Mok-Kong Shen)
Re: DES3 (was Re: Password authentication ...) ("Henrick Hellstr�m")
Re: Bleichenbacher finds bug in DSA RNG (Eric Smith)
Re: Factoring (and not the Philippino :) ("Michael Brown")
Re: National Security Nightmare? (JPeschel)
Re: Key Exchange ("Michael Brown")
Re: asking for stream cipher resource (Anthony Stephen Szopa)
Re: asking for stream cipher resource (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Wed, 14 Feb 2001 23:05:06 +0100
JPeschel wrote:
>
> http://cbsnews.com/now/story/0,1597,266857-412,00.shtml
CBS's title line 'the largest spy agency falls behind' is
partly a consequence of the success of big advancements in
chip technology for PCs and smaller computers. If computing
today were largely done with machines of the Cray type, the
positions of the mighty agencies would never have been
contended in this manner.
The success that such agencies 'yet' have is thanks to the
fact that the absolute majority of common people till now
never care to protect their privacy. If only 5% of the
population of the world always encrypt their communications
(of all types, i.e. texts, voices, sounds and images, even
with not so strong encryption algorithms or stegos), the
haystack would have been so immensely huge that it is
infeasible to find any needles anymore, I suppose.
NSA's director says that the terrorist bin Laden has at
his disposal the wealth of a $3 trillion-a-year
telecommunications industry. It seems to be plausible to
speculate that, in order to track him and the other
terrorists, a sum of a higher order of magnitude would be
necessary. This raises the more basic question of how
terrorism and major crimes is to be effectively fought
against within the framework of economical feasibility or
sanity in the long run, when in future the criminals employ
AES to secure their messages. Maybe it is really time for
politicians of the leading nations to seriously reflect
whether the accelerating difference between rich and poor
people shouldn't somehow be curbed in order to stop the
fundamental source that feeds war, hate, violence and crimes
of the world.
BTW, I happen to read in the recent issue of IEEE Computer
that the LA County in US is considering building a
16-server Linux-based cluster to break strong encryption.
I guess that either the people have never heard of 3-DES
and AES or these algorithms have in fact already been
broken without our knowledge.
M. K. Shen
------------------------------
From: John Naismith <[EMAIL PROTECTED]>
Subject: Re: SHA-1 (was Re: Password authentication ...)
Date: Wed, 14 Feb 2001 22:45:22 +0000
On Wed, 14 Feb 2001 21:08:02 +0000, David Hopwood
<[EMAIL PROTECTED]> wrote:
>Nothing in this message is intended to be legally binding. If I revoke a
>public key but refuse to specify why, it is because the private key has been
>seized under the Regulation of Investigatory Powers Act;
OT - sorry.
I would change this to say "it is possibly because the private
key....". I'm not trying to be pedantic here, but by stating
*absolutely* that this is the reason then you're falling foul of the
tip-off section of the Act, and are subject to the consequences.
It's also debatable whether by actually revoking a key you are
actually "tipping-off" people once the relevant order has been served.
I guess this one would have to be tested in court to be sure.
God we must be the laughing stock of the world :-(
--
John Naismith
[EMAIL PROTECTED]
------------------------------
From: Marc Chapleau <[EMAIL PROTECTED]>
Subject: 448 bits Hash algorithm
Date: Wed, 14 Feb 2001 18:14:07 -0500
Hi,
is there any 448 bits one-way hash algorithm around?
thanks in advance for your help.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Wed, 14 Feb 2001 23:36:59 GMT
Mok-Kong Shen wrote:
> CBS's title line 'the largest spy agency falls behind' is
> partly a consequence of the success of big advancements in
> chip technology for PCs and smaller computers. If computing
> today were largely done with machines of the Cray type, the
> positions of the mighty agencies would never have been
> contended in this manner.
While the spread of computing has made the job harder, at
the same time the advancement of computing technology can
make other parts of the job easier.
> The success that such agencies 'yet' have is thanks to the
> fact that the absolute majority of common people till now
> never care to protect their privacy.
I don't think so. The targets of such agencies are rarely
individuals, rather they're usually foreign nations. The
adversaries generally are quite concerned about information
security and use the best protection measures they know of
(subject to practical constraints).
> If only 5% of the
> population of the world always encrypt their communications
> (of all types, i.e. texts, voices, sounds and images, even
> with not so strong encryption algorithms or stegos), the
> haystack would have been so immensely huge that it is
> infeasible to find any needles anymore, I suppose.
No, it's not that hard to pick out most communications of
interest. They tend to use certain channels and have
unique characteristics.
It is true that widespread adoption of something like IPsec
would make the job more difficult, but there would still be
countermeasures.
> NSA's director says that the terrorist bin Laden has at
> his disposal the wealth of a $3 trillion-a-year
> telecommunications industry.
Lots of quotes like that are taken out of context. What
was meant is not that the entire telecom industry is
working to help bin Laden, but that what it develops as
part of its normal business can serve the ends of bin Laden
(as well as of ordinary customers), and with so much money
being invested in new telecom technology, keeping up with
it is difficult and expensive.
What he didn't say is that nearly all that development is
standards-oriented, so in fact there are far fewer distinct
technology threats than the dollar figure suggests.
> ... This raises the more basic question of how
> terrorism and major crimes is to be effectively fought
> against within the framework of economical feasibility or
> sanity in the long run, when in future the criminals employ
> AES to secure their messages.
That is easy: don't depend entirely on being able to read
their messages. We already use many other means of tracking
terrorist activity, and can probably develop even more.
> Maybe it is really time for politicians of the leading
> nations to seriously reflect whether the accelerating
> difference between rich and poor people shouldn't somehow
> be curbed in order to stop the fundamental source that
> feeds war, hate, violence and crimes of the world.
That's an entirely bogus social theory, but this isn't the
proper forum to discuss it.
> BTW, I happen to read in the recent issue of IEEE Computer
> that the LA County in US is considering building a
> 16-server Linux-based cluster to break strong encryption.
> I guess that either the people have never heard of 3-DES
> and AES or these algorithms have in fact already been
> broken without our knowledge.
? It is most unlikely tha LA County would be privy to such
a secret! I leafed through my copy of the latest issue of
IEE Computer and didn't notice anything like that; could you
please give a moe deailed refrenc?
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: SHA-1 (was Re: Password authentication ...)
Date: Thu, 15 Feb 2001 02:08:23 +0100
I am referring to the random excursions and random excursions variant tests
described in NIST Special Publication 800-22, applied on the SHA1 generator
implemented in the accompanying software.
I have two things to say about this:
Firstly, I'd be a fool if I completely ruled out the possibility that I made
some kind of implementation error. If I am wrong, I am sorry if I wasted
anyone's time and attention.
Secondly, using SHA1 as the core function of a PRNG is of course, in several
respects, not the same as using it to produce 160-bit output values for
authentication purposes. But if SHA1-G fails such a general purpose
randomness test, it does suggest that SHA1 is biased and that it just might
have some kind of exploitable weakness.
--
Henrick Hellstr�m
StreamSec HB
"David Hopwood" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
=====BEGIN PGP SIGNED MESSAGE=====
"Henrick Hellstr�m" wrote:
> I could give you two good reasons:
>
> Steak is less biased than SHA1. SHA1 fails the random excursions tests,
> whereas Steak doesn't.
I would be astonished if a valid, correctly applied, general-purpose [*]
randomness test was found to consistently fail SHA-1. Precisely which
test are you referring to?
[*] i.e. excluding tests contrived to depend on SHA-1 or to test for
the Merkle-Damg�rd construction.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see
www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOonM0TkCAxeYt5gVAQELVggAskhMsv5FxR3L8dWammMsWqUl739E+uUA
0Z7N2sP3ez3PwHjjqiftDx5kydVAYMn9+abieLciiO8ngLfxb+tPiKIXw+gnLZwK
g59BDsgEuNCYiwtQjMXaIp7dNUS18pQDIWzRJiTBUfgkFEf96K6Zdbyg14EVFcu4
nUyCC8wRVuZsOg/KIC4fRfRZu080nFDLJilCm+T18PPLtT9uz/FrH/VCEfQJMgzA
o5C55mnIN1YhJGLyHbMz3F8f8WKKjs6ezLG+vMKKeK0+ys78aHEceT19B72l9zdH
rmXxpjBCJNgNwwPugVkpXmrtWUmEozdb+0WA4S6EVX7WcMTWXurg4g==
=Eugt
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To:
comp.lang.c,alt.comp.lang.learn.c-c++,sci.math,comp.lang.c++,comp.lang.java.programmer,comp.programming
Subject: Re: What is an Inorder Algorithm?
Date: Wed, 14 Feb 2001 17:42:05 +0100
Dave Seaman wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
> >Riordan wrote:
>
> >[snip]
>
> >> Imagine the following tree-like structure
> >> A
> >> / \
> >> B C
>
> >> Then postorder would process in the order:
> >> B, C, A
> >> Pre-order would go:
> >> A, B, C
> >> & In-order would go:
> >> B, A, C
>
> >I am not quite sure of that. According to Knuth, vol. 1,
> >one will have:
>
> >Postorder: B, A, C.
> >Preorder: A, B, C.
> >Endorder: B, C, A.
>
> We are talking about binary trees here, not arbitrary trees and not
> forests. According to section 2.3.1 of the third edition, "Traversing
> Binary Trees", the algorithms are:
>
> Preorder traversal
> ------------------
> Visit the root
> Traverse the left subtree
> Traverse the right subtree
>
> Inorder traversal
> -----------------
> Traverse the left subtree
> Visit the root
> Traverse the right subtree
>
> Postorder traversal
> -------------------
> Traverse the left subtree
> Traverse the right subtree
> Visit the root.
>
> Therefore Riordan's explanation is correct according to Knuth.
Sorry, it seems to be a result of Knuth's mistake. In
his first edition (1968), on p.316 about traversing binary
trees, there stood the following text:
Postorder traversal
Traverse the left subtree
Visit the root
Traverse the right tree
He gave also an example that conformed to that.
M. K. Shen
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: DES3 (was Re: Password authentication ...)
Date: Thu, 15 Feb 2001 02:55:45 +0100
Another thing: I found that 3DES was too successful in the NIST SP 800-22
tests. An truly random sequence is expected to fail with a frequency equal
to the alpha value. 3DES-CBC had a success rate equal to or near 1 in
several tests.
The problem with this is that such "randomish" sequences may be detected,
given a sufficient amount of sample data. If I had 1 GB of cipher text I
could with a reasonably high probability tell if it had been encrypted using
AES-CBC, 3DES-CBC or hardware RNG OTP.
--
Henrick Hellstr�m
StreamSec HB
"David Hopwood" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
=====BEGIN PGP SIGNED MESSAGE=====
"Henrick Hellstr�m" wrote:
> I could give you two good reasons:
>
> Steak is less biased than SHA1. SHA1 fails the random excursions tests,
> whereas Steak doesn't.
I would be astonished if a valid, correctly applied, general-purpose [*]
randomness test was found to consistently fail SHA-1. Precisely which
test are you referring to?
[*] i.e. excluding tests contrived to depend on SHA-1 or to test for
the Merkle-Damg�rd construction.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see
www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOonM0TkCAxeYt5gVAQELVggAskhMsv5FxR3L8dWammMsWqUl739E+uUA
0Z7N2sP3ez3PwHjjqiftDx5kydVAYMn9+abieLciiO8ngLfxb+tPiKIXw+gnLZwK
g59BDsgEuNCYiwtQjMXaIp7dNUS18pQDIWzRJiTBUfgkFEf96K6Zdbyg14EVFcu4
nUyCC8wRVuZsOg/KIC4fRfRZu080nFDLJilCm+T18PPLtT9uz/FrH/VCEfQJMgzA
o5C55mnIN1YhJGLyHbMz3F8f8WKKjs6ezLG+vMKKeK0+ys78aHEceT19B72l9zdH
rmXxpjBCJNgNwwPugVkpXmrtWUmEozdb+0WA4S6EVX7WcMTWXurg4g==
=Eugt
=====END PGP SIGNATURE=====
------------------------------
From: Eric Smith <[EMAIL PROTECTED]>
Subject: Re: Bleichenbacher finds bug in DSA RNG
Date: 14 Feb 2001 19:21:12 -0800
[EMAIL PROTECTED] writes:
> What is the big surprise. Does any one really think the NSA
> wants the public to have safe crypto. Who on earth would trust
> any encryption software from the NSA to be bug free. Since there
> job is to tap into all messages. You might as well by Swiss
> encrypting machines so the NSA can read it directly.
OK, so there's been one problem found in DSA that reduces the effective
key size by less than one bit. If you can find another half dozen
similar problems in DSA, I might start to believe your claims that
the NSA deliberately sabotaged it.
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Factoring (and not the Philippino :)
Date: Thu, 15 Feb 2001 17:32:05 +1300
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Michael Brown wrote:
> [snip]
> > The only problem that I have at the moment is for solving for when the
> > 2 LSBs of the product are not both 1 (however, this should immediately
> > kill ~50% of current RSA keys I presume? That's an interesting
> > question - do 50% of prime numbers have a second least significant bit
> > of 1?). The algebraic approach works, and is fairly easy to see how to
> > implement (constant*a combination of a's and b's), but hard to
> > actually implement.
>
> Since all prime numbers >2 are odd, all prime numbers used by RSA will
> have the LSB set.
What I meant byt "the two LSBs of the product" are the two left most digits,
ie bits 0 and 1. Ditto for the "second least significant bit" - I meant bit
1 (in a zero based numbering system).
>
> --
> A solution in hand is worth two in the book.
Michael
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 15 Feb 2001 04:38:40 GMT
Subject: Re: National Security Nightmare?
Mok-Kong Shen [EMAIL PROTECTED] writes, in part:
>I happen to read in the recent issue of IEEE Computer
>that the LA County in US is considering building a
>16-server Linux-based cluster to break strong encryption.
>I guess that either the people have never heard of 3-DES
>and AES or these algorithms have in fact already been
>broken without our knowledge.
I haven't seen the IEEE article. But if law enforcement in LA
county is building a networked cracker with 16 servers
they are probably talking about cracking DES, or 40- and
56-bit RC4, by exhaustive search of the key space.
We might think only of AES and other ciphers whose key is
a similar length, for instance, the other AES candidates
as strong encryption. The long-time standard, however,
was 56-bits, for DES any way, and I think you could still
reasonably refer to DES as strong encryption: there isn't
a practical attack significantly better than brute-force.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Key Exchange
Date: Thu, 15 Feb 2001 17:48:49 +1300
"George" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I'm working on a project where I need to have a client and a server
> agree on a session key. What algorithm would be the MOST secure to use?
> (Keeping in mind there is ONLY Alice and Bob and NO Trent). If
> DiffieHelman were to be used, how often should Alice and Bob generate
> new session keys? Any help is greatly appreciated. Thanks.
Trent? Is this a MITM or another Eve?
>
> -George
> [EMAIL PROTECTED]
>
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: asking for stream cipher resource
Date: Wed, 14 Feb 2001 20:45:31 -0800
"Trevor L. Jackson, III" wrote:
>
> Anthony Stephen Szopa wrote:
>
> > Eric wrote:
> > >
> > > Could any one give me some web sites about stream cipher background,
> > > publications etc. ?
> >
> > http://www.ciphile.com
>
> Now that's just a little too raw. Many people have told you that your
> site is garbage. How dare you lead an innocent astray?
>
> Such colossal effrontery is unacceptable. Prepare to be flamed every time
> you show your keyboard in this newsgroup.
>
> Twit.
Prove your position or are you royalty who imposes edicts?
Prove your position with facts.
Or should we all just let you do all of our thinking for us?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: asking for stream cipher resource
Date: Wed, 14 Feb 2001 20:46:59 -0800
Paul Crowley wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> writes:
>
> > Eric wrote:
> > >
> > > Could any one give me some web sites about stream cipher background,
> > > publications etc. ?
> >
> >
> > http://www.ciphile.com
>
> Beware that crypto-knowledgable people consider this site garbage.
> --
> __
> \/ o\ [EMAIL PROTECTED]
> /\__/ http://www.cluefactory.org.uk/paul/
Why? Show us one fact that any of you has ever proven about OAP-L3 that
brings its theory into question?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
