Cryptography-Digest Digest #695, Volume #13 Fri, 16 Feb 01 01:13:00 EST
Contents:
Re: Fast DES-crypt question (Matthew Kwan)
Re: Steak Stream Cipher (Thomas Wu)
Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher ("John A.
Malley")
Re: How to build SRP under Win32? (Thomas Wu)
Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher ("John A.
Malley")
Re: CipherText patent still pending ("Douglas A. Gwyn")
Re: National Security Nightmare? ("CMan")
Re: Ciphile Software: Why .EXE files so large ("Michael Brown")
Re: Big Numbers in C/C++ ("David Sowinski")
Re: National Security Nightmare? ("Douglas A. Gwyn")
Re: Factoring (and not the Philippino :) ("Michael Brown")
Re: Big Numbers in C/C++ ("David Sowinski")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Matthew Kwan)
Subject: Re: Fast DES-crypt question
Date: 16 Feb 2001 12:41:08 +1100
"Didier F." <[EMAIL PROTECTED]> writes:
>Hi everyone,
>Where can i get the latest - fastest version of crypt? I have some
>source code based upon Eric Young's method, but that's from 1993.
>So before i convert it to assembler, i would like to know if there is
>a newer version and where i can find it.
>Also if someone wrote assebler code for crypt on a x86 (586 would do)
>where can i get it?
>Thanks.
Depends what you need - linear speed or throughput. Parallel bitslice
gets the most encryptions per second, but it's slower if you just want
to do one encryption.
More details on bitslicing at http://www.darkside.com.au/bitslice,
which includes a link to John the Ripper, a password cracker with
optimised crypt code.
Can't help with regular crypt code, however.
mkwan
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Steak Stream Cipher
Date: 15 Feb 2001 18:59:24 -0800
[EMAIL PROTECTED] writes:
>
> > For secure FTP, why would you not use TLS (updated SSL)?
>
> I think there is demand for secure server solutions for non-commersial
> use without the requirement of expensive ceritificates. But maybe you
> know something about the full potential of TLS that I don't?
Don't want certificates? SRP FTP does strong password authentication
without certificates. It encrypts and integrity-protects session data
(both control and data channels) with your choice of 3DES/CAST/Blowfish
and MACs with your choice of MD5/SHA-1 using the exchanged SRP session
key. It resists active and passive network attacks, including brute-force
password attacks. Does your product solve something that isn't already
solved for free?
> Steak is an experiment and the FTP-solution we plan to design would be
> more like a demonstration of the results of this experiment. We're not
> done yet, and we don't know if we will be able to offer something a TLS
> solution would not. We'll see.
>
>
> Sent via Deja.com
> http://www.deja.com/
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher
Date: Thu, 15 Feb 2001 19:05:19 -0800
John Savard wrote:
>
[...]
>
> 11110000
> 11001100
> 10101010
>
> is not in error; encipher these three with the same permutation, and
> you can tell what the permutation is (7, 6, 5, 4, 3, 2, 1, 0 in binary
> notation are the combinations formed by each bit in the three
> encipherments) - but the patterns you show would work equally well.
>
OK, I misunderstood. I limited the plaintext blocks to be of the form M
| ~M. These strings are another set of chosen bit-balanced blocks that
could determine the permutation applied to each of them in a
chosen-plaintext attack.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: How to build SRP under Win32?
Date: 15 Feb 2001 19:03:42 -0800
Rob Yampolsky <[EMAIL PROTECTED]> writes:
> Has anybody out there been successful in building SRP under Win32?
> Preferably under VC++?
>
> I'm actually trying to build tinysrp (a subset of the whole srp
> distribution). Already buit a client and server on AIX using the srp
> stuff out of tinysrp, and now want to build the client under Windows,
> but don't think the traditional ./configure script will work there (even
> if I install all the Cygwin stuff?).
Try the "NTconfig.h" file in the "libsrp" directory - rename it as
"config.h" and try the build. These days I have a VC++ box, and will
try to include more seamless support for it in future versions of the
library.
> Anyway, it'd be really nice just to find a config.h file that makes it
> work.... Barring that, any help would be appreciated. I'm trying to
> link it just what I need statically.
>
> While I'm at it, I'm also planning to use the libdes stuff from OpenSSL
> in my Win32 client. There are instructions on building the whole
> OpenSSL shebang under VC++, but I'm lead to believe from the libdes
> documentation that that subset is pretty straightforward C code that
> should build just about anywhere. If you can stop me from spinning my
> wheels in advance, that'd be much appreciated too.
>
> Thanks,
> Rob Yampolsky
> [EMAIL PROTECTED]
>
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: A Chosen-Plaintext Attack on a simple Dynamic Transposition Cipher
Date: Thu, 15 Feb 2001 21:20:06 -0800
"John A. Malley" wrote:
>
The following typos/errors in the original post are corrected:
[snip]
>
> For 1 <= i <= N/2, Eve:
>
> ANDs C_i(n) with the (XOR of C_i(n) with C_0(n)) for all i to generate
> the ciphertext output expected for the permutation of plaintext with a
> "walking 1 bit" moving from the 1st bit position to the N/2 bit position
> in the N bit plaintext block.
>
> So the result is
>
> C_i(n) AND (C_i(n) XOR C_0(n)) = PI_n( [M_i(n) | ~M_i(n)] AND [ M_i(n) |
> M_i(n)] )
>
> Now M_i(n) AND M_i(n) = M_i(n), M_i(n) AND ~M_i(n) = 'Zero' (a string of
> N/2 0 bits.
>
> Therefore,
>
> C_i(n) AND (C_i(n) XOR C_0(n)) = PI_n( M_i(n) | 'Zero' ).
>
> This is what Eve dreamed of getting - only a single 1 bit occurs in the
> resulting string on the left hand side. Only a single 1 bit occurs in
> the right hand side. So Eve knows where the ith bit in the plaintext
> will transpose to in the ciphertext after permutation by PI_n().
The preceding paragraph should read as:
:: This is what Eve dreamed of getting - only a single 1 bit occurs in
the
:: resulting string on the left hand side. So Eve knows where the ith
bit in the plaintext
:: will transpose to in the ciphertext after permutation by PI_n().
> For N/2 <= i <= N, Eve:
The limits here should be
:: For N/2 < i <= N, Eve:
>
> ANDs the one's complement of C_i(n), ~C_i(n) , with the (XOR of C_i(n)
> with C_0(n)) for all i to generate the ciphertext output expected for
> the permutation of plaintext with a "walking 1 bit" moving from the N/2
> + 1 bit position to the Nth bit position in the N bit plaintext block.
>
> So the result is
>
> ~C_i(n) AND (C_i(n) XOR C_0(n)) = PI_n( [ ~M_i(n) | M_i(n)] AND [ M_i(n)
> | M_i(n)] ).
>
> Again, M_i(n) AND M_i(n) = M_i(n), M_i(n) AND ~M_i(n) = 'Zero' (a string
> of N/2 0 bits.
>
> Therefore,
>
> ~C_i(n) AND (C_i(n) XOR C_0(n)) = PI_n( 'Zero' | M_i(n) ).
>
> This is what Eve dreamed of getting - only a single 1 bit occurs in the
> resulting string on the left hand side. Only a single 1 bit occurs in
> the right hand side. So Eve knows where the ith bit in the plaintext
> will transpose to in the ciphertext after permutation by PI_n().
The preceding paragraph should read as:
:: This is what Eve dreamed of getting - only a single 1 bit occurs in
the
:: resulting string on the right hand side. So Eve knows where the ith
bit in the plaintext
:: will transpose to in the ciphertext after permutation by PI_n().
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: CipherText patent still pending
Date: Fri, 16 Feb 2001 05:36:23 GMT
Benjamin Goldberg wrote:
> Douglas A. Gwyn wrote:
> > I don't think that approach would help much. Consider that so far
> > as we know, P = NP but we haven't found any proof of it yet. Oops,
> > did all our ciphers just fall apart? No.
> Who is this "we" that "knows" that P = NP?
That isn't what I said. Try to understand what was said.
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Thu, 15 Feb 2001 22:56:38 -0700
Gees, you sure don't need a job to live in warm weather.
Just choose your boss very carefully if you do work. I did that...I'm self
employed. My boss is a peach!!
I'll hire anyone who can do ALL of the things listed below:
Break difficult ciphers,
Design Switching power supplies,
Solve electromagnetic emission problems,
Write Maxwell's equations in both integral and derivative form,
Write code in C, C++, Java, Visual Basic, Delphi, Perl,
Write a book on HIRF
Design radiation hardened integrated circuits,
Design precision analog circuits,
Design fail passive aircraft servos,
Design lightening protection circuits for aircraft.
Or, hire me...part time...it's getting boring around here with all those
broken ciphers laying around :))
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"JPeschel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] that would be me (JPeschel) wrote:
>
> >Nah, that's too much money and power to waste on cracking Quickbooks
> >and Excel. Law Enforcement can hire Kuslich, Thompson, or others
> >to do that!
>
> And now that I think about it some more: they could hire me; I could
> use a trip to somewhere without snow and with temperatures above
> -20 F.
>
> J
> __________________________________________
>
> Joe Peschel
> D.O.E. SysWorks
> http://members.aol.com/jpeschel/index.htm
> __________________________________________
>
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Fri, 16 Feb 2001 19:03:39 +1300
Prime example of a dumbass who doesn't know how to use software well.
There's this thing called packages in CPP Builder. Try them. You'll find
they work well. As for the other two things you are using, I have a simple
rebuttal for each: VB = slow, VCC = horrible (both compared to CPP Builder,
yes I've used all three).
Also, try to anything low-level in VB and all hell breaks loose.
I won't go into more detail as I'm sure it's be pointless.
Michael
PS: 1.4 is pretty huge for a simple Hello World program. Delphi does it
(including setup in < 800K)
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Ciphile Software: Why .EXE files so large
>
> Until now all programs at Ciphile Software have been written and
> compiled using Borland C++ Builder.
>
> When the program is compiled, all necessary files required to run
> the program in Windows are built into the .exe
>
> Ciphile Software is now developing software using MS Visual Basic
> 6.0
>
> Soon we will begin developing software using MS Visual C++ as well.
>
> We have developed two simple test programs using Visual Basic 6.0.
> The .exe files themselves are only 24KB.
>
> One is compiled and deployed using the Package and Deploy Wizard
> that also includes all necessary system files required to run the
> .exe file in MS Windows such as several .DLLs.
>
> Here they are:
>
> VB6STKIT.DLL
> COMCAT.DLL
> STDOLE2.TLB
> ASYCFILT.DLL
> OLEPRO32.DLL
> OLEAUT32.DLL
> MSVBVM60.DLL
>
> So the setup program for this full compressed install program is
> about 1.46MB. The result of this installation is that all required
> system files are included and the user's computer system files are
> updated if necessary and the program is listed in the Start/Program
> files menu and registry entries are made, etc. and the full
> uninstall procedure is included. Just use the MS OS Add/Remove
> program from the Control Panel to uninstall.
>
> But if the user's computer already has the required updated Visual
> Basic 6.0 system files, the 24KB file will run standing alone. So
> all the user would then need to download is the 24KB .exe file to
> run the program.
>
> In this case no registry entries would be made and the program
> would not appear in the Start/Programs menu and since the .exe
> program is not actually installed, to get rid of it would only
> require deleting the .exe file.
>
> So in the near future, freeware OverWrite Version 1.1 will be
> offered in two Visual Basic bundles: one with the full install
> version for those who need the full collection of Visual Basic
> 6.0 system update files along with the .exe file, and the other
> bundle with just the .exe file for those who have the necessary
> Visual Basic 6.0 updated system files already installed on their
> computer.
>
> Please note again that once you have installed a Visual Basic 6.0
> program from Ciphile Software using the full install with all
> updated system files included you will not need to install another
> Visual Basic 6.0 program using the full install version again. You
> will only need to download the small .exe file and it will run using
> the Visual Basic 6.0 updated system files already on your computer.
>
> DETAILS OF OVERWRITE VERSION 1.1:
>
> So in the near future Ciphile Software will be offering OverWrite
> Version 1.1 freeware that will provide 27 preset overwrite patterns
> and up to 8 user defined overwrite patterns, all of which can be
> individually chosen and randomly chosen to overwrite your files.
> You can utilize all 35 overwrite patterns or just one. And you can
> randomly choose the order in which these patterns overwrite your
> files.
>
> You will also be given the choice to delete your file or not to so
> you can overwrite the file as many times as you like.
------------------------------
Reply-To: "David Sowinski" <[EMAIL PROTECTED]>
From: "David Sowinski" <[EMAIL PROTECTED]>
Subject: Re: Big Numbers in C/C++
Date: Fri, 16 Feb 2001 00:01:48 -0600
I prefer GMP and believe that it is faster than MIRACL. I also believe that
Victor Shoup's number theory library (NTL www.shoup.net) and LiDIA
(Computation Number Theory package www.informatik.tu-darmstadt.de/TI/LiDIA/)
both use GMP.
Regards,
-dave
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 16 Feb 2001 06:03:47 GMT
Mok-Kong Shen wrote:
> If I don't err, spread sprectrum was originally designed
> with some intention of escaping from tracking. Your
> information indicates that they have failed in that.
To the extent that the signal can be received (and recorded)
well enough. This is another area of countermeasures and
counter-countermeasures.
> The problem is that, if one doesn't have any information
> to start, then it is really like finding needles in
> haystack.
At least for domestic communication within the US, without
probable cause, governmental agencies aren't supposed to be
examining the information at all.
> Without decryption of all encrypted mails,
> how is one to pick out the suspected nodes, if the
> absolute majority are innocent?
I assure you that decryption of all encrypted messages has
never been feasible, at least not in my lifetime. Does that
mean that signals intelligence budgets are wasted? No,
because there are other methods. It is true that a changing
environment calls for changes in technical approaches, as
has always been true. It might happen that someday the
challenges become so formidable that they cannot be met
with a reasonable expenditure of resources. More likely,
we just have to cut back on expectations, and accept that
*some* information can be obtained but that *much*
information will remain private. That wouldn't mean that
what information *was* obtainable might not repay the
expenditure.
> I am a pessimist in this respect. I am not sure how ethics
> (or religion, including the religion of the terrorist)
> could effect any essential change in that matter, bearing
> in mind terrorists are abnormal personalities much like
> the dictators.
I'm not so concerned about the fanatics as I am about the
experts who might provide technical services if the pay is
high enough.
One problem in instilling ethics is the undue respect we
give to religion. But that would take us off on a tangent.
> ... Definite results are difficult to arrive at, ...
But you see, if there is a significant risk of, say, increased
incidence of brain cancer from cell-phone transmitters, surely
it wouldn't be that hard to set up a controlled experiment (not
using human subjects). The careful experiments I know of, not
to say that I have been following all that closely, have found
no measurable effect at risk levels great enough to compete
with natural risks. If there are good experiments to the
contrary, it would be useful to find out about them.
> only that the availability of strong encryption renders
> [law enforcement's] job increasingly more difficult, if
> not hopeless in the long term.
We had effective law enforcement long before wiretaps.
So the job is not hopeless on account of not being able
to read communications. However, it might *appear* hopeless
to people who have gotten overly dependent on that capability.
It would be interesting to see statistics on the number of
wiretaps versus the number of criminal apprehensions.
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Factoring (and not the Philippino :)
Date: Fri, 16 Feb 2001 19:17:23 +1300
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Michael Brown wrote:
> >
> > "Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Michael Brown wrote:
> > > [snip]
> > > > The only problem that I have at the moment is for solving for when
> > > > the 2 LSBs of the product are not both 1 (however, this should
> > > > immediately kill ~50% of current RSA keys I presume? That's an
> > > > interesting question - do 50% of prime numbers have a second least
> > > > significant bit of 1?). The algebraic approach works, and is
> > > > fairly easy to see how to implement (constant*a combination of a's
> > > > and b's), but hard to actually implement.
> > >
> > > Since all prime numbers >2 are odd, all prime numbers used by RSA
> > > will have the LSB set.
> >
> > What I meant by "the two LSBs of the product" are the two left most
> > digits, ie bits 0 and 1. Ditto for the "second least significant bit"
> > - I meant bit 1 (in a zero based numbering system).
>
> "left most"? This is an utterly *absurd* adjective phrase, considering
> you haven't specified endianness.
I was regarding the numbers as a long string of binary digis with the LSB to
the left.
MSB -> 10110101100101 <- LSB
This should also help:
"2 LSBs" = 2 least significant bits
10110101100101
^^
"second least significant bit"
10110101100101
^
What I meant by the question was "are about 50% of large primes 3 mod 4?"
> Unless you were attempting to say that your algorithm only works for [or
> works best for] pq values whose factors are both 3 mod 4; ie, of each
> factor, the two LSBs are both 1.
>
Actually kinda the reverse. The algorithm works best in situations like this
(abandoning LSBs and LHBs :)
a = 1011
b = 1101
^
When the indicated bits are identical then it becomes a little bit more
complicated (see the website for details). It still works, but it's slower
(how much I cannot calculate).
Cheers,
Michael
------------------------------
Reply-To: "David Sowinski" <[EMAIL PROTECTED]>
From: "David Sowinski" <[EMAIL PROTECTED]>
Subject: Re: Big Numbers in C/C++
Date: Fri, 16 Feb 2001 00:09:04 -0600
> I prefer GMP and believe that it is faster than MIRACL. I also believe
that
> Victor Shoup's number theory library (NTL www.shoup.net) and LiDIA
> (Computation Number Theory package
www.informatik.tu-darmstadt.de/TI/LiDIA/)
> both use GMP.
I should have also mentioned that I have the C only package ported to Win32
(built with MSVC++ 6.0 SP 4 not CygWin gcc.) I am working on the MASM
assembler optimization. If you need it, let me know.
-dave
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
