Cryptography-Digest Digest #698, Volume #13 Fri, 16 Feb 01 14:13:01 EST
Contents:
My encryption system..... (Keill_Randor)
Re: Triple-DES MAC (Paul Schlyter)
Re: Triple-DES MAC (DJohn37050)
Re: Triple-DES MAC ("Christian Schwarz")
Re: Ciphile Software: Why .EXE files so large ("CMan")
Re: National Security Nightmare? ("CMan")
Re: Big Numbers in C/C++ (JCA)
Re: Super strong crypto (Steve Portly)
Re: Ciphile Software: Why .EXE files so large (phil hunt)
Re: "RSA vs. One-time-pad" or "the perfect enryption" ([EMAIL PROTECTED])
MD5 - VB and ASP code available free ("Phil Fresle")
Re: Digital signature w/o original document (Mike Rosing)
Re: /dev/random under Linux (Mike Rosing)
Re: My encryption system..... (Quisquater)
Reverse encoding question (Paul Starzetz)
Re: Reverse encoding question ("Henrick Hellstr�m")
----------------------------------------------------------------------------
From: Keill_Randor <[EMAIL PROTECTED]>
Subject: My encryption system.....
Date: Fri, 16 Feb 2001 13:28:28 +0000
It seems that you are all ignoring my challenge.. Oh well...
The encryption system I have, (in a response to other posts on this board),
IS different and a generation ahead of any other encryption system in the world
that I know of. Also, (in response to other posts), a one-pad cipher IS NOT
the best system possible. Mine is. To understand why that is the case, you
have to understand exactly what data encryption is about in the first place.
This seems to be the number one problem with everyone at the minute:
No-one understands the problem, so no wonder nobody, (apart from myself),
has actually solved it.
All data encryption is about is changing a peice of information into another, in
such a way as to allow you a) to get it back later, and b) stop any
'unauthorised' people finding out what it originally was. The ULTIMATE
solution, therefore, is to split a peice of information into two or more
EXISTING (innocuous) peices of information that CANNOT INDIVIDUALLY BE PROVEN
TO BE ENCRYPTED..................
My system at it's best can do this, (Though I have no doubt that it will be
very difficult).
The by-product of this, is being able to turn ANY peice of information into ANY
peice of information, which again, makes it uncrackable. (And completely screws
up a lot of laws I know about).
At it's best, (if splitting it into two or more existing peices isn't possible),
my system can do a:
Compound, non-repeating, multiple solution, multiple key, multiple algorithm,
mutiple dimension, multiple depth, variable size encrypt, with multiple phase
and multiple direction encoding, and (optional) Multiple variable ciphers....
Trust me, if I encrypted something with all of this attached, then NO-ONE would
ever crack OR solve it, without knowing EVERYTHING about it.
Still looking for a job..... (Any offers???). (I cannot drive though, and I am
currently broke...).
(P.S. If no-one else has what I have, does that make me King Cryppie???).
Darren Tomlyn
[EMAIL PROTECTED]
_______________________________________________
Submitted via WebNewsReader of http://www.interbulletin.com
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Triple-DES MAC
Date: 16 Feb 2001 14:28:53 +0100
In article <96iror$g7f$02$[EMAIL PROTECTED]>,
Christian Schwarz <[EMAIL PROTECTED]> wrote:
>> hello,
>> i've to calculate a MAC using Triple-DES algorithm for memory card
>
> sorry, i forgot to mention that the used Triple-DES algorithm is working in
> CBC mode.
Well, then it's even easier: just do a regular CBC encryption of your
plaintext, and discard all blocks except the last one, which becomes
your MAC.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 16 Feb 2001 15:37:25 GMT
Subject: Re: Triple-DES MAC
Truncate to leftmost 32 bits. Else there is a chaining text attack (not on the
key).
Don Johnson
------------------------------
From: "Christian Schwarz" <[EMAIL PROTECTED]>
Subject: Re: Triple-DES MAC
Date: Fri, 16 Feb 2001 16:47:04 +0100
first of all, thanks for your response. but i've some additional questions.
how long are DES encrypted blocks ? 64 bit ?
i guess there are a lot of sample implementations. let's say i encrypt same
data using same key with different implementations, is the output equal ? if
not, is there a reference implementation available which should be used ?
i've a DES library written by Eric Young. there's a "inner triple cbc" and
"outer triple cbc" mentioned. what's the difference. which one should i use
?
regards, Christian
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Fri, 16 Feb 2001 09:11:49 -0700
The following link seems to be more up to date:
http://www.cs.virginia.edu/~lcc-win32/
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"CMan" <[EMAIL PROTECTED]> wrote in message
news:4uaj6.85$[EMAIL PROTECTED]...
> Bloatware from Microsoft. We are so brain dead from using their crapware
we
> fail to see how easily it can be done.
>
> If you write code that restricts itself to using the built in C Runtime
> library, you can distribute software with tiny exe's. If you take the time
> to bend the Borland and Microsoft compiler IDE's to fit the problem, you
can
> do the same thing with these. This is not a severe restriction as all the
> rich and powerful OLE and COM stuff is easily used while the exe remains
> tiny because all the required dlls are available to anyone who makes even
a
> tiny effort to occasionally update his software.
>
> My personal choice is the free open source LCC-Win32 compiler and IDE by
> Jacob Navia. Once you take off the training wheels Microsoft has built
into
> its Windows programming tools, you can write powerful but tiny exe's quite
> easily.
>
> Take a look at our Q99crak, AXcrak software ( http://www.crak.com ).
These
> are a few tens of KB in size. Yet both of these programs grab the PC by
the
> short hairs and yank out functions that leave many professional software
> engineers amazed.
>
> Check it out and stop using all those expensive IDE's. Learn to write code
> using the raw Windows API. Use LCC-Win32
> http://www.geocities.com/SiliconValley/Heights/9069/index.html ...Thank
you
> Jacob!!
>
> JK
>
> --
> CRAK Software
> http://www.crak.com
> Password Recovery Software
> QuickBooks, Quicken, Access...More
> Spam bait (credit E. Needham):
> root@localhost
> postmaster@localhost
> admin@localhost
> abuse@localhost
> webmaster@localhost
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
>
>
>
>
> "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Ciphile Software: Why .EXE files so large
> >
> > Until now all programs at Ciphile Software have been written and
> > compiled using Borland C++ Builder.
> >
> > When the program is compiled, all necessary files required to run
> > the program in Windows are built into the .exe
> >
> > Ciphile Software is now developing software using MS Visual Basic
> > 6.0
> >
> > Soon we will begin developing software using MS Visual C++ as well.
> >
> > We have developed two simple test programs using Visual Basic 6.0.
> > The .exe files themselves are only 24KB.
> >
> > One is compiled and deployed using the Package and Deploy Wizard
> > that also includes all necessary system files required to run the
> > .exe file in MS Windows such as several .DLLs.
> >
> > Here they are:
> >
> > VB6STKIT.DLL
> > COMCAT.DLL
> > STDOLE2.TLB
> > ASYCFILT.DLL
> > OLEPRO32.DLL
> > OLEAUT32.DLL
> > MSVBVM60.DLL
> >
> > So the setup program for this full compressed install program is
> > about 1.46MB. The result of this installation is that all required
> > system files are included and the user's computer system files are
> > updated if necessary and the program is listed in the Start/Program
> > files menu and registry entries are made, etc. and the full
> > uninstall procedure is included. Just use the MS OS Add/Remove
> > program from the Control Panel to uninstall.
> >
> > But if the user's computer already has the required updated Visual
> > Basic 6.0 system files, the 24KB file will run standing alone. So
> > all the user would then need to download is the 24KB .exe file to
> > run the program.
> >
> > In this case no registry entries would be made and the program
> > would not appear in the Start/Programs menu and since the .exe
> > program is not actually installed, to get rid of it would only
> > require deleting the .exe file.
> >
> > So in the near future, freeware OverWrite Version 1.1 will be
> > offered in two Visual Basic bundles: one with the full install
> > version for those who need the full collection of Visual Basic
> > 6.0 system update files along with the .exe file, and the other
> > bundle with just the .exe file for those who have the necessary
> > Visual Basic 6.0 updated system files already installed on their
> > computer.
> >
> > Please note again that once you have installed a Visual Basic 6.0
> > program from Ciphile Software using the full install with all
> > updated system files included you will not need to install another
> > Visual Basic 6.0 program using the full install version again. You
> > will only need to download the small .exe file and it will run using
> > the Visual Basic 6.0 updated system files already on your computer.
> >
> > DETAILS OF OVERWRITE VERSION 1.1:
> >
> > So in the near future Ciphile Software will be offering OverWrite
> > Version 1.1 freeware that will provide 27 preset overwrite patterns
> > and up to 8 user defined overwrite patterns, all of which can be
> > individually chosen and randomly chosen to overwrite your files.
> > You can utilize all 35 overwrite patterns or just one. And you can
> > randomly choose the order in which these patterns overwrite your
> > files.
> >
> > You will also be given the choice to delete your file or not to so
> > you can overwrite the file as many times as you like.
>
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Subject: Re: National Security Nightmare?
Date: Fri, 16 Feb 2001 09:13:52 -0700
Piece of cake!!
I predict that the stock markets will fluctuate.
I absolutely guarantee it!!!!
JK
--
CRAK Software
http://www.crak.com
Password Recovery Software
QuickBooks, Quicken, Access...More
Spam bait (credit E. Needham):
root@localhost
postmaster@localhost
admin@localhost
abuse@localhost
webmaster@localhost
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> CMan wrote:
> >
>
> > I'll hire anyone who can do ALL of the things listed below:
> >
> > Break difficult ciphers,
> ..............
>
> Seems not to be a bright idea at all. Hire one who can do
> only ONE thing: accurately predict the stockmarket.
>
> M. K. Shen
>
------------------------------
From: JCA <[EMAIL PROTECTED]>
Subject: Re: Big Numbers in C/C++
Date: Fri, 16 Feb 2001 07:56:34 -0800
Paul Schlyter wrote:
> In article <[EMAIL PROTECTED]>,
> David Sowinski <[EMAIL PROTECTED]> wrote:
>
> > I prefer GMP and believe that it is faster than MIRACL.
>
> Did you use just the C low-level routines in MIRACL when evaulating
> the speed? MIRACL also has assembly language replacements for these
> for the most popular processors,
So does GMP.
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Fri, 16 Feb 2001 11:26:06 -0500
Nicol So wrote:
> "Douglas A. Gwyn" wrote:
> >
> > Here is a "straw man" block cipher design for you all to analyze:
> > The last PT block before the unicity distance is reached contains
> > a newly generated random key to replace the one currently in use.
> > It's a new form of "chaining" mode, if you wish.
>
> Interesting idea, but I see some practical difficulties. If the cipher
> is inside some general-purpose communication mechanism that makes no
> assumption about the traffic, how does it know when to switch to a new
> key?
>
Your system can only be as strong as the first key you use. An attacker
with an infinite amount of time could try all combinations of starting
keys until a coherent message appears. If your starting key is made up of
more elements than the sum of characters in the entire message then you
have a secure system since all possible messages might appear. Such a
large key size would be unwieldy and would require padding each message to
the agreed upon key size. In a practical key management system where you
wish to synch multiple users and retain keys to reread messages you would
probably be forced to use a shorter key. Finding the right tradeoff in
key length depends on knowing your adversaries capabilities.
------------------------------
From: [EMAIL PROTECTED] (phil hunt)
Crossposted-To: talk.politics.crypto
Subject: Re: Ciphile Software: Why .EXE files so large
Date: Fri, 16 Feb 2001 14:45:59 +0000
On Fri, 16 Feb 2001 00:26:31 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>Let's see.
>
>Compare the documentation of the three products, why don't you?
>
>And compare the number of books available for each product, why don't
>you?
>
>And give us some titles of some excellent Borland Builder books for the
>novice to learn the details of programming C++ with Borland Builder, why
>don't you?
>
>I say it is quite clear and undeniable that MS has better documentation,
>more book support and much much much better quality of books on their
>two products: VB and VC++.
>
>I have bought at least 5 expensive books on Borland Builder and they
>were worth at most only one tenth of their cost.
>
>I have a book on visual basic that is like shining light from above.
>
>I hope you feel better in your self aggrandizement.
Have you considered using Python?
It's designed for RAD programming like VB, but it is also platform
independent. It has very extensive documentation, both books and
online.
--
*****[ Phil Hunt ***** [EMAIL PROTECTED] ]*****
"An unforseen issue has arisen with your computer. Don't worry your
silly little head about what has gone wrong; here's a pretty animation
of a paperclip to look at instead." -- Windows2007 error message
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: 16 Feb 2001 16:47:25 GMT
John Savard <[EMAIL PROTECTED]> wrote:
> On 16 Feb 2001 00:41:25 GMT, [EMAIL PROTECTED] wrote, in part:
>>Actually, it's a little more than "doesn't seem to be a way around
>>it." There *isn't* a way around it. In particular, breaking a
>>public-key cipher can never be harder than solving an NP-complete
>>problem, no matter what. So, for instance, there can't be a public
>>key algorithm where breaking it would require double-exponential time.
>>And most definitely there can't be one where breaking is impossible
>>(like a one-time pad).
> This is a very important result. While it's the sort of thing I might
> suspect by gut instinct, I had no idea someone had published a proof
> of it. If so, it deserves to be more widely known.
I'm not sure if anyone has "published a proof" because it follows
pretty directly from the definition of the class NP (this falls in my
category of "obvious" statements that almost don't require a proof).
Define a decision problem that says "For this ciphertext and public
key, is the kth bit of the plaintext a 1?" This language is clearly
in the class NP: the "certificate" is the full plaintext and the
verifier does the following -- encrypts the plaintext (certificate)
with the public key, verifies that the result matches the given
ciphertext, and then checks to make sure the appropriate bit is a 1.
Thus the certificate can be verified in polynomial time if the
encryption can be done in polynomial time. Therefore being able to
decrypt the ciphertext bit-by-bit is in NP.
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: "Phil Fresle" <[EMAIL PROTECTED]>
Subject: MD5 - VB and ASP code available free
Date: Fri, 16 Feb 2001 17:30:11 -0000
Reply-To: "Phil Fresle" <[EMAIL PROTECTED]>
I have posted a zip file on my web site containing implementations of the
MD5 digest algorithm in a VB class for use in VB projects and also in an ASP
file using VBScript for use on web sites. It is free to download.
http://www.frez.co.uk
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Digital signature w/o original document
Date: Fri, 16 Feb 2001 12:12:57 -0600
David Sowinski wrote:
>
> I am interested in generating a digital signature that can later be verified
> without the original document. I recall coming across a homomorphic
> encryption/signature scheme awhile back, but cannot find much information on
> it now. Does anybody know if this is possible?
I must be missing something. If you don't have the original document, how
do you know what you are checking the signature of?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: /dev/random under Linux
Date: Fri, 16 Feb 2001 12:15:19 -0600
Matt J wrote:
>
> To add randomness into the kernel's PRNG system, you can simply write to
> /dev/random, ie cat randomdata > /dev/random
>
> The kernel source file linux/drivers/char/random.c has a nice description
> in the comments at the beginning.
Thanks!
Patience, persistence, truth,
Dr. mike
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: My encryption system.....
Date: Fri, 16 Feb 2001 20:06:57 +0100
First, try to correctly write "piece" then "snake oil".
------------------------------
From: Paul Starzetz <[EMAIL PROTECTED]>
Subject: Reverse encoding question
Date: Fri, 16 Feb 2001 19:53:02 +0100
Hi @ll,
given a cipher C and encrypted text X, what plaintext shall I use to
obtain X, _if_ the encryption key of the cipher C is known?
I have to solve this problem for either blowfish or 3des. I don't ask
for how to break des, notice that ;-)
Small example:
I have to produce 3des-cbc encrypted data having full controll over the
used encryption key, but after encryption the output has to be e.g.:
0xabdc0001 whatever .....
DATA[0-3] DATA[4...]
and I'm looking for the plaintext which would produce that. I only need
the first 4 bytes to match.
thx, hope somebody knows a solution for this.
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Reverse encoding question
Date: Fri, 16 Feb 2001 20:05:20 +0100
Maybe I misunderstand what you mean. Do you want the plain text P such that
E_k(P) = X, where E_k is the encryption function for cipher C (incl. it's
mode of operation) given key K?. If this is so, it's simple: P = D_k(X),
where D_k is the decryption function for cipher C (incl. it's mode of
operation) given key K.
--
Henrick Hellstr�m
StreamSec HB
"Paul Starzetz" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> Hi @ll,
>
>
> given a cipher C and encrypted text X, what plaintext shall I use to
> obtain X, _if_ the encryption key of the cipher C is known?
> I have to solve this problem for either blowfish or 3des. I don't ask
> for how to break des, notice that ;-)
>
> Small example:
>
> I have to produce 3des-cbc encrypted data having full controll over the
> used encryption key, but after encryption the output has to be e.g.:
>
> 0xabdc0001 whatever .....
>
> DATA[0-3] DATA[4...]
>
> and I'm looking for the plaintext which would produce that. I only need
> the first 4 bytes to match.
>
>
> thx, hope somebody knows a solution for this.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
