Cryptography-Digest Digest #693, Volume #13 Thu, 15 Feb 01 16:13:01 EST
Contents:
Re: asking for stream cipher resource (Anthony Stephen Szopa)
Re: Need A3/A5/A8 Algorithm (David Wagner)
Re: asking for stream cipher resource (Anthony Stephen Szopa)
"RSA vs. One-time-pad" or "the perfect enryption" ("Sebastian Gottschalk")
COMP128 ("Sebastian Gottschalk")
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: Big Numbers in C/C++ ("Paulo J. Matos aka PDestroy")
Re: National Security Nightmare? (John Savard)
Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher (long)
(John Savard)
Ciphile Software: Why .EXE files so large (Anthony Stephen Szopa)
Re: National Security Nightmare? (Paul Rubin)
Re: COMP128 (David Wagner)
Re: What is kerebos? (Jerry Coffin)
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: asking for stream cipher resource
Date: Thu, 15 Feb 2001 11:31:30 -0800
"Douglas A. Gwyn" wrote:
>
> Anthony Stephen Szopa wrote:
> > Why? Show us one fact that any of you has ever proven about OAP-L3 that
> > brings its theory into question?
>
> When you first notified this group about OAP-L3 some time ago,
> several of us pointed out issues with its "theory" (more accurately,
> issues with its claims of security). I don't recall seeing any
> reasoned response to them, at least not to the one I raised.
Repost your best point and I will look at it again.
Thank you.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Need A3/A5/A8 Algorithm
Date: 15 Feb 2001 19:34:00 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Thomas Pornin wrote:
>According to ������ <[EMAIL PROTECTED]>:
>> I want to review A3/A5/A8 Algorithm.
>
>You will find many documents on http://www.scard.org/gsm/
>
>(wishful guess: for the site seems down right now)
See also <http://cryptome.org/cryptout.htm#GSM>.
The A5 algorithms is available there (maybe COMP128, too; I don't remember).
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: asking for stream cipher resource
Date: Thu, 15 Feb 2001 11:35:42 -0800
"Trevor L. Jackson, III" wrote:
>
> Anthony Stephen Szopa wrote:
>
> > "Trevor L. Jackson, III" wrote:
> > >
> > > Anthony Stephen Szopa wrote:
> > >
> > > > Eric wrote:
> > > > >
> > > > > Could any one give me some web sites about stream cipher background,
> > > > > publications etc. ?
> > > >
> > > > http://www.ciphile.com
> > >
> > > Now that's just a little too raw. Many people have told you that your
> > > site is garbage. How dare you lead an innocent astray?
> > >
> > > Such colossal effrontery is unacceptable. Prepare to be flamed every time
> > > you show your keyboard in this newsgroup.
> > >
> > > Twit.
> >
> > Prove your position or are you royalty who imposes edicts?
>
> My position is obvious by inspection, thus one makes the observation/conclusion
> as a single gestalt.
>
> >
> >
> > Prove your position with facts.
>
> Fact: you are a twit. The evidence of this fact exists throughout your posts to
> this newsgroup and your website.
>
> I had failed to conceive of a negative IQ until forced to recognize your
> demonstration of that possibility. The experience of recognizing your
> personification of that talent has been unpleasantly educational.
Wow. A gestalt, no less.
More like an hallucination.
You have pointed out that you are not prepared to support your
position with any observable facts.
------------------------------
From: "Sebastian Gottschalk" <[EMAIL PROTECTED]>
Subject: "RSA vs. One-time-pad" or "the perfect enryption"
Date: Thu, 15 Feb 2001 15:59:13 +0100
Dear folks,
I've thought about a problem which might be the only one cryptology is used
to answer to.
A little comparison:
RSA,DSS and many other crypto algorithm are based on trapdoor functions,
where the private key is the only trapdoor.
Based on the private/public key system there is actually a way of resolving
the private key out of the public key - the only problem is to take the
inverse factorization. This method is also used to be a trapdoor. Also there
several ways to do so: testing all numbers or at first reducing the numbers
you have to test by resolving some bits of the key using differtial
analysis.
And this is the main problem: the public key has a trapdoor to the private
key, too!
So I ask, why this has to be. Better said, I ask if there could be an
algorithm using RSA style methods
[ dec(enc(text)) = text = enc(dec(text)) ], using both keys to encrypt the
message but actually getting the message, without that trapdoor between the
keys.
And really, there is an answer. The algorithm isn't know, but this won't be
the case if both public and private key are the same. But now there wouldn't
be the public/private key system any longer.
So my final question is:
Does any REAL trapdoor function exist which could be USEABLE to the
key2(key1(text)) = text system?
Both RSA and DSS are not the answer, because the inverse factorization is a
trapdoor, still time consuming, but how long will it be??? Is there any real
unbreakable algorithm where both keys are not the same?
------------------------------
From: "Sebastian Gottschalk" <[EMAIL PROTECTED]>
Subject: COMP128
Date: Thu, 15 Feb 2001 16:18:51 +0100
Dear folks.
The COMP128 algorithm was published and analyzed recently. It is mainly used
for SIM lock cards by D2, Vodaphone and some other European mobile
companies.
Three days later Ian Goldberg and Dave Wagner from ISAAC Research, Berkeley
found out a weak point.
If some bytes of the tested keys are the same like the original key, the
result are also equal in some bytes.
By testing about 150.000 keys they were able to resolve 2 bytes of the
original key, thus gettig 16 bits.
Do it 8 times with another 2 bytes and you'll get the original 128 bit key.
Using an adapter and a card reader you are able to make the SIM card testing
6.25 keys per second, totally using about 8 hours to get this key named KI.
Using the PIN number (always know to the user) you're also able to extract
the IMSI number.
By having IMSI and KI and also some special hardware ("Session-Interface" /
"Inverse Reader", about 100$) you are able to emulate a SIM card on a fast
PC, thus phoning for free.
I'm not interested in hacking a SIM card, by I want to know how COMP128
works, how this differtial analyzis are done and how to implement it (please
no C/C++ if possible, a mathematical script or some Turbo Pascal code).
Thanx,
Seppi2001
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 15 Feb 2001 18:37:12 GMT
Mok-Kong Shen wrote:
> I don't know but I conjecture that the days where one
> intercepted messages to and from foreign embassies etc.
> as told in books like those of Kahn are definitely
> byegone. Since the channels are virtually infinite in
> number, one can very frequently switch these, rendering
> tracking very hard.
In practice, channels are readily identifiable. To the
extent that frequency hopping is used, consider that the
entire relevant spectrum can be captured in a recording
so you can play it back as often as required during the
analysis.
> ... So, similarly one can maintain a large
> number of parallel channels transmitting encrypted
> unimportant materials or even rubbish to divert the
> opponent's attention and exhaust his computing resources
> or at least decrease his speed of decryption which can
> be of value when messages are only of limited duration
> of significance.
Jamming has been employed as a countermeasure since before
WWII. History has shown that it just leads to the
development of counter-countermeasures. The battle becomes
more expensive for both sides without accomplishing much.
> I am not sure that it is easy to pick, once there is
> sufficient 'mass' of public use of encryption. If there is
> out of a certain geographical region daily one hundred
> tausend of encrypted e-mails and only one from a criminal,
> how is the agency going to search without looking at them
> all, excepting that it already has some informations as
> to who the suspected persons are?
IPsec generally leaves the routing addresses in clear,
so the scan can be narrowed down to just the subnets
containing the nodes under suspicion. Anyway, it is
already necessary to have sufficient information to
draw attention to a target; while all traffic on a link
might be captured, only a particularly promising subset
of it is analyzed.
> Thanks for the explanation. I was in fact stupified
> (in my wrong interpretation) by the richness of the top
> terrorist.
bin Laden is reportedly as rich as some nation-states,
but not to the tune of 3 trillion dollars per year.
It does point up the need to instill ethics as part of
education, because such rich organizations can otherwise
buy whatever technical expertise they need to conduct
their "business". If the human race is to have a decent
future, it will be only because a critical threshold of
intelligence and education in an individual is usually
enough to deter him from assisting evildoers.
> The boom of telecom industry is in my view
> a wavefront parallel to that of PC that precedes it.
Indeed, Sun Microsystems in some of its PR is now calling
attention to the equivalent of "Moore's law" for network
capacity as opposed to computational engines. This is
consistent with their slogan that "the computer *is* the
network". I don't quite agree with the slogan, but there
is certainly a dramatic growth in global network traffic.
> ... (I was the other day attending a podium discussion
> about a study of influence of cellphone antennas ...)
If you run across any *science* pertinent to that issue,
I'd like to hear about it. So far it seems to have been
generated out of nothing by the new Luddites.
> The loss of the ability to read [terrorist] secrets can
> have extremely high impacts, I suppose. ...
That presupposes that ability to read the secrets is the
natural order of things. Was crime so much worse before
the development of telephone wiretaps? Of course law
enforcement agencies don't like to lose capabilities that
they have come to depend on, but *change* is natural, and
they need to deal with it by being adaptable and innovative
themselves.
> L. Garber, Computer Forensics: High-Tech Law Enforcement.
> IEEE Computer, January 2001, p.22-27.
> The quote is on p. 26.
Thanks for the reference. I was looking in the Feb. issue..
------------------------------
From: "Paulo J. Matos aka PDestroy" <[EMAIL PROTECTED]>
Subject: Re: Big Numbers in C/C++
Date: Thu, 15 Feb 2001 17:46:59 -0000
I have made a huge search on the net some time ago and I found out MIRACL
to be the best IMHO. Search for MIRACL at google...
Best regards,
--
Paulo J. Matos aka PDestroy
http://www.pdestroy.net
ICQ UIN - 361853
--
The greatest happiness of life is the conviction that we are loved - loved
for ourselves, or rather, loved in spite of ourselves.
- Anonymous
"Edward Rustin" <[EMAIL PROTECTED]> wrote in message
news:Pine.SOL.4.21.0102141212200.21409-100000@tao...
> Hi,
>
> Does anyone know where I can find information about working with big (1024
> bit+) numbers under C or C++?
>
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: National Security Nightmare?
Date: Thu, 15 Feb 2001 19:52:29 GMT
On Thu, 15 Feb 2001 17:48:38 -0000, "Sam Simpson" <[EMAIL PROTECTED]>
wrote, in part:
>Ouch. If they can mount a passphrase on Scramdisk, then the same attack
>could be attempted on PGPdisk with approx. one fifth of the same resources
>in approximately the same timeframe.
This wasn't intended as a criticism of ScramDisk; since that program
generates a random key from mouse movements, but protects it with a
user pass phrase, trying different pass phrases is the obvious attack.
But whether it works or not depends on the user's choice of pass
phrase. But I fear that very few people will bother to select a pass
phrase with a full 128 bits of entropy, instead settling for something
easy to memorize and type.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher
(long)
Date: Thu, 15 Feb 2001 19:55:07 GMT
On Thu, 15 Feb 2001 07:26:00 -0800, "John A. Malley"
<[EMAIL PROTECTED]> wrote, in part:
>John Savard wrote:
>> Yes, sending balanced blocks with a pattern like
>>
>> 11110000, 11001100, 10101010
>>
>> lets one identify the permutation used for them. But security of the
>> permutation against that kind of attack was never claimed,
>
>The chosen plaintext enciphered with DT is of the form M | ~M which
>satisfied (AFAIK) the requirement for bit-balancing a block prior to
>application of the uniformly selected at random permutation to the
>block. There's a slight error in the patterns shown above - it would be
>these bit-balanced patterns that are enciphered by the same permutation:
>
>11110000, 11000011, 10100101
11110000
11001100
10101010
is not in error; encipher these three with the same permutation, and
you can tell what the permutation is (7, 6, 5, 4, 3, 2, 1, 0 in binary
notation are the combinations formed by each bit in the three
encipherments) - but the patterns you show would work equally well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Ciphile Software: Why .EXE files so large
Date: Thu, 15 Feb 2001 12:40:24 -0800
Ciphile Software: Why .EXE files so large
Until now all programs at Ciphile Software have been written and
compiled using Borland C++ Builder.
When the program is compiled, all necessary files required to run
the program in Windows are built into the .exe
Ciphile Software is now developing software using MS Visual Basic
6.0
Soon we will begin developing software using MS Visual C++ as well.
We have developed two simple test programs using Visual Basic 6.0.
The .exe files themselves are only 24KB.
One is compiled and deployed using the Package and Deploy Wizard
that also includes all necessary system files required to run the
.exe file in MS Windows such as several .DLLs.
Here they are:
VB6STKIT.DLL
COMCAT.DLL
STDOLE2.TLB
ASYCFILT.DLL
OLEPRO32.DLL
OLEAUT32.DLL
MSVBVM60.DLL
So the setup program for this full compressed install program is
about 1.46MB. The result of this installation is that all required
system files are included and the user's computer system files are
updated if necessary and the program is listed in the Start/Program
files menu and registry entries are made, etc. and the full
uninstall procedure is included. Just use the MS OS Add/Remove
program from the Control Panel to uninstall.
But if the user's computer already has the required updated Visual
Basic 6.0 system files, the 24KB file will run standing alone. So
all the user would then need to download is the 24KB .exe file to
run the program.
In this case no registry entries would be made and the program
would not appear in the Start/Programs menu and since the .exe
program is not actually installed, to get rid of it would only
require deleting the .exe file.
So in the near future, freeware OverWrite Version 1.1 will be
offered in two Visual Basic bundles: one with the full install
version for those who need the full collection of Visual Basic
6.0 system update files along with the .exe file, and the other
bundle with just the .exe file for those who have the necessary
Visual Basic 6.0 updated system files already installed on their
computer.
Please note again that once you have installed a Visual Basic 6.0
program from Ciphile Software using the full install with all
updated system files included you will not need to install another
Visual Basic 6.0 program using the full install version again. You
will only need to download the small .exe file and it will run using
the Visual Basic 6.0 updated system files already on your computer.
DETAILS OF OVERWRITE VERSION 1.1:
So in the near future Ciphile Software will be offering OverWrite
Version 1.1 freeware that will provide 27 preset overwrite patterns
and up to 8 user defined overwrite patterns, all of which can be
individually chosen and randomly chosen to overwrite your files.
You can utilize all 35 overwrite patterns or just one. And you can
randomly choose the order in which these patterns overwrite your
files.
You will also be given the choice to delete your file or not to so
you can overwrite the file as many times as you like.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: 15 Feb 2001 12:46:04 -0800
[EMAIL PROTECTED] (John Savard) writes:
> This wasn't intended as a criticism of ScramDisk; since that program
> generates a random key from mouse movements, but protects it with a
> user pass phrase, trying different pass phrases is the obvious attack.
> But whether it works or not depends on the user's choice of pass
> phrase. But I fear that very few people will bother to select a pass
> phrase with a full 128 bits of entropy, instead settling for something
> easy to memorize and type.
I've come to believe that 128 bit re-useable passphrases are a waste
of keystrokes and brain cells. Once you're over (say) 64 bits, it
becomes easier for the attacker to just bug your keyboard than to
brute force the passphrase. This is especially true if you're using
an algorithm that's not standard enough for the attacker to have built
dedicated cracking hardware for.
My current approach to passphrases is when I generate one, I write it
down on a piece of paper that I keep in my pocket. It is pretty safe
there from any conceivable computer attack, and I'm not likely to lose
it without noticing. I refer to the paper whenever I need to type in
the passphrase, which is typically several times a day. After a few
days I don't need the paper any more, so I can destroy the written
copy of the passphrase.
Here's a web page (javascript based) that I use for generating
passphrases: http://www.nightsong.com/crypto/dice.php.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: COMP128
Date: 15 Feb 2001 20:47:42 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
For more information on cryptanalysis of COMP128, please see
http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html
For the COMP128 algorithm, see, e.g.,
http://www.iol.ie/~kooltek/a3a8.txt
A websearch may turn up other information online. I hope this helps!
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Subject: Re: What is kerebos?
Date: Thu, 15 Feb 2001 14:06:17 -0700
In article <[EMAIL PROTECTED]>, bwooster1
@DELETEaol.com says...
> Ahh. I see. Hmmm... maybe they'll have a picture of me under
> 'jackass' ...lol.
>
> In any case, I think I'm correct on both counts. The mythical dog is
> spelled Cerebos, but the security product (algorithm? protocol?) is
> spelled Kerebos.
The security protocol is spelled Kerberos.
The dog's name is more open to argument. The name was almost
undoubtedly originally Greek, so the first letter was almost
certainly Chi. This is pronounced a bit like a hard "C" or a "K",
but with more breath to it, like the sound had a bit of "H" mixed in.
Trying to say that "C" is a better representation than "K" is a bit
ridiculous -- the most common representation of Chi in English is
probably "ch", but at least as English is currently used, "c", "ch"
and "k" are all about equally good (or bad) representations of the
original.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
