Cryptography-Digest Digest #737, Volume #13 Fri, 23 Feb 01 12:13:01 EST
Contents:
Comments on Rabin's proposal (Anonymous)
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and (Mok-Kong
Shen)
Re: Anonymous web surfing? (Thomas Demuth)
Re: What does tempest stand for. ("Jamie Ste Laurent")
Re: Looking for help build a open Trusted signature system ("Joseph Ashwood")
Re: Any alternatives to PGP? (those who know me have no need of my name)
Re: super-stong crypto, straw man phase 2 ("Henrick Hellstr�m")
Re: Any alternatives to PGP? ([EMAIL PROTECTED])
Re: New unbreakable code from Rabin? (Markus Kuhn)
Re: Looking for help build a open Trusted signature system (Darryl Wagoner - WA1GON)
Re: block ciphers ("Simon Johnson")
Secure Listserver?? ("Michael Scott")
Re: Any alternatives to PGP? (SCOTT19U.ZIP_GUY)
Powers of Complex Associative Functions (Jim Steuert)
Re: Rnadom Numbers (Bo D�mstedt)
IMPROVED GIFSHUFFLE (SCOTT19U.ZIP_GUY)
Re: Super strong crypto ("Douglas A. Gwyn")
----------------------------------------------------------------------------
Date: Fri, 23 Feb 2001 10:32:02 +0100
From: Anonymous <[EMAIL PROTECTED]>
Subject: Comments on Rabin's proposal
In my opinion the proposal is theoretically sound, but may not prove
to be foolproof in practice.
How will the generation of the string of random numbers be controlled
and checked ?.
In my opinion the generation of these random number strings could be
relatively easily fudged to appear random whilst not actually being
so........
Only my view....
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and
Date: Fri, 23 Feb 2001 10:59:03 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > Dumb questions: Employing a crypto-qualtiy generator,
> > (1) Why doesn't one use that directly to do encryption?
>
> Because it doesn't have an associated proof of security
> as the indirect scheme is claimed to have.
>
> > (2) Couldn't the public stream be simply 01010101....
> > instead of a random one?
>
> No, because the regularity could be folded into the
> location generator, which is presumably susceptible
> to cryptanalysis.
>
> What is claimed for the scheme is that the enemy would
> have to access more information than his storage capacity
> in order to mount any cryptanalytic attack. Therefore it
> is essential that the bits in the key stream be random.
My point was that, since a crypto-quality generator is
'by definition' infeasible to be cracked (in practice,
i.e. wrpt to opponent's resources), its direct use is just
as fine as indirectly via the proposed scheme (with its
additional 'proofs').
An argument of the scheme is, as you pointed out, that
the opponent doesn't have the very huge storage capacity.
But this is an argument of availability of 'practical'
resources. I don't see that it differs in 'nature' from
the infeasibility of brute-forcing, e.g. 128 bits of key,
or the infeasibility of obtaining 2^m (m suffciently
large) pairs of plaintexts and ciphertexts (assuming one
knows certain facts about the application environment
to exclude that for sure). On the other hand, it does
differ in my view in 'nature' from the argument for the
'perfect security' of the theoretical OTP (disregarding
the well-known problems of use of OTP).
On the whole, I surmise that it was the journalism of
the NY Times that has created a flare/claim of (absolute)
'unbreakability' of the scheme and has consequently
caused much unnecessary discussions/misinterpretations.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Thomas Demuth <[EMAIL PROTECTED]>
Subject: Re: Anonymous web surfing?
Date: Fri, 23 Feb 2001 11:12:03 +0100
Paul Rubin wrote:
> "Mario Contestabile" <[EMAIL PROTECTED]> writes:
> > > Safeweb's proxy is similar to Anonymizer.com but they did a really
> > > nice job. Give it a try: www.safeweb.com.
> >
> > Provided you trust safeweb, and it's html parsing ability to rewrite
> > urls...
Try http://www.rewebber.com/
It offers anonymity for the user and the possibility to publish web pages
anonymously.
TD
--
Dipl.-Inform. Thomas Demuth, Universit�t Hagen
http://www.thomas-demuth.de/, X.509/PGP: ebenda
------------------------------
From: "Jamie Ste Laurent" <[EMAIL PROTECTED]>
Subject: Re: What does tempest stand for.
Date: Fri, 23 Feb 2001 10:32:06 -0000
Question Number 63217421
What does T.E.M.P.E.S.T. stand for.
Answer
Technology for Electronically Monitoring PEST's
Score
1/10 (managed to find examination room)
Comments
<smack> <smack> <smack>
Jamie Ste Laurent <[EMAIL PROTECTED]> wrote in message
news:973nk4$npgf9$[EMAIL PROTECTED]...
> Technology for Electronically Monitoring PEST's
>
> Mark Healey <[EMAIL PROTECTED]> wrote in message
> news:dxKndd8YehcW-pn2-9NqEFsXxruy2@localhost...
> > I know that "tempest" is an acronym (really T.E.M.P.E.S.T.) but I
> > forgot what it stands for. Surprisingly this isn't in any of the
> > online sources I could find.
> >
> > Could someone please tell me.
> >
> > Mark Healey
> > marknews(the 'at' thing)healeyonline.com
>
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Looking for help build a open Trusted signature system
Date: Thu, 22 Feb 2001 14:40:08 -0800
I didn't receive the first message or I would have replied to it.
If I read correctly, what you are looking for is:
Software to generate and certify identities
Some method of allowing users to easily sign that they have interacted with
another user.
Sounds almost like what PGP (and gpg) does. The only complicating factor is
the certifying of identities by a central authority, but you can do this too
in PGP by having the entitiy sign the public keys. The result is:
At least one central authority that certifies keys as untampered (and
perhaps certifies the identity)
a massive interconnection of keys based on signatures (the web of trust
model)
The primary concerns with such a system are the lack of scalability, which
you have originally dealt with by having the central authority. This is very
doable. Because of the availability of a simple starting point I'd recommend
that you look to Gnu Privacy Guard first and change it from there (oh and
that one is GPLd).
Joe
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Any alternatives to PGP?
Date: Fri, 23 Feb 2001 11:32:42 -0000
<[EMAIL PROTECTED]> divulged:
>I've decided to leave PGP.
>
>What is a good alternative?
do you mean you don't want to use pgp or even openpgp based tools, or just
nai products? if the former then perhaps gnupg <url:http://www.gnupg.org>
is available for your platform.
--
okay, have a sig then
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: super-stong crypto, straw man phase 2
Date: Fri, 23 Feb 2001 12:56:33 +0100
Yes, and all I stated was that there was a limit to the extent your mode
would foil known-plain text attacks.
If a brute-force search is impossible in some respect, the security is
unlimited in that same respect. For instance, the brute-force attack I
outlined only works in a forward direction. It cannot be rewinded(*), so the
plain-text transmitted prior to the first block of known plain-text will
remain an absolute secret to this particular attacker, given his knowledge
and that he mounts a known plain-text attack, but regardless of the software
and hardware at his disposal.
(*) I.e. provided that the batches are large enough relatively the size of
the keys, so that the set K of keys the attacker will find epistemically
possible to have been used to encrypt the last unknown plain-text, is such
that there exists at least two different keys in K corresponding to
different and sufficiently plausible plain-text.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"Douglas A. Gwyn" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> "Henrick Hellstr�m" wrote:
> > ... brute-force attacks are theoretically possible:
>
> I didn't consider it necessary to stipulate that the key
> size would be chosen large enough to prevent brute-force
> search of the key space; we generally take that for granted.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Any alternatives to PGP?
Date: Fri, 23 Feb 2001 11:22:51 GMT
Alberto wrote:
> I've decided to leave PGP.
why?
> What is a good alternative?
GnuPG...
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <--PGP plugins for Netscape and MDaemon
^^^^^^^^^--^^^^^^^^^----GPG for Win32 (supports loadable modules & IDEA)
^-------PGP 2.6.3ia-multi (supports IDEA,CAST5,BLOWFISH,AES128,MD5,SHA1)
------------------------------
From: [EMAIL PROTECTED] (Markus Kuhn)
Subject: Re: New unbreakable code from Rabin?
Date: 23 Feb 2001 12:42:37 GMT
The technique described in
http://www.iht.com/articles/11245.htm
sounds at first glance a bit like a reinvention of
Cachin/Maurer, EUROCRYPT '97:
ftp://ftp.inf.ethz.ch/pub/publications/papers/ti/isc/wwwisc/CacMau97b.pdf
Just a quick note on the practicality of such schemes that rely on the
cost of recording the wide-area broadcast of a random bit sequence:
Economically available satellite broadcast bandwidth can be recorded
with economical means. A typical direct broadcast TV satellite (such as
the Astra digital series) has 20 transponders designed for 50 Mbit/s
each (at a target bit error rate of 10^-11 for 97% of the year). That
makes 1�Gbit/s per satellite. DVD-RW space should cost around 1�/GB
these days (double that for infrastructure cost such as drives, robots,
controller boards, racks, and technicians), such that we can record a
satellite at a cost of around 20 k� per day or 8 M� per year using
readily available off-the-shelf components. Operating the satellite is
highly likely to be more expensive than recording its output. Moore's
law applies to archive media, but not to communication channels and
especially not to ITU-R allocated geostationary broadcast positions and
frequency bands.
Add to that the risk of an attackers potential ability to jam both
communication partners with a chosen PRBS, and I must say that I too
don't see a business case for this protocol. But if it gets the broader
public interested in cryptography and information theory, there's
certainly nothing wrong with making a news item out of it.
Markus
--
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org, WWW: <http://www.cl.cam.ac.uk/~mgk25/>
------------------------------
From: [EMAIL PROTECTED] (Darryl Wagoner - WA1GON)
Subject: Re: Looking for help build a open Trusted signature system
Date: Fri, 23 Feb 2001 13:37:21 -0000
[EMAIL PROTECTED] (Joseph Ashwood) wrote in <eZa6tBSnAHA.281@cpmsnbbsa07>:
>Sounds almost like what PGP (and gpg) does. The only complicating factor
>is the certifying of identities by a central authority, but you can do
>this too in PGP by having the entitiy sign the public keys. The result
>is: At least one central authority that certifies keys as untampered
>(and perhaps certifies the identity)
>a massive interconnection of keys based on signatures (the web of trust
>model)
>
>The primary concerns with such a system are the lack of scalability,
>which you have originally dealt with by having the central authority.
>This is very doable. Because of the availability of a simple starting
>point I'd recommend that you look to Gnu Privacy Guard first and change
>it from there (oh and that one is GPLd).
Maybe I have missed something when I looked at gpg because is
an important end product of this project is a SDK that can be
used to sign the QSL. Currently the QSL takes the form of
paper cards, but it could just be a one liner which a sig on it
or other agreed upon format. IF gpg is a single program I
think as such it would be too restrictive to meet the design goals.
If there is a API then that would do most of the work. Since
GPG is GPLs instead of LGPLs there may also be some legal issues
if I used some of the functions within it.
I will take another close look at GPG as well as contacting the
author about creating a LGPL SDK for it if one doesn't exist.
Thanks Joe for the reminder about GPG, I think it might help
but I think I will still need help turning it into a usable API
for the Amateur Radio groups. The plan for the CA is that
anyone could set themself up as a CA, but the award sponsers would
have to approve them by using their PK for validate the cert.
Thanks for the help and advice
Darryl WA1GON
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: block ciphers
Date: Fri, 23 Feb 2001 14:47:56 -0800
Paul Pires <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> neXussT <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > ok..sounds resoanable...
> > i was just looking for a way to make it so that my enkryption could
> > not be dekrypted by looking for occurences of characters
> > such as:
> > slkfdj.;lkj.oiwejf.dflsj..lskjoei.
> > ^ ^ ^ ^^ ^
>
> Well, your instinct was right. A block cipher won't have that
> problem but there is a lot of learning ahead. How they work
> and how they fail is facinating and well worth the study.
>
> Paul
This isn't strictly true, once you have more cipher-text blocks then the
number of possible blocks, then it can be solved by counting frequencies.
Simon.
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Secure Listserver??
Date: Fri, 23 Feb 2001 15:17:55 GMT
Does anyone know of a PKI enabled Listserver program? I am aware of PGPdomo,
a PGP enhanced Majordomo, but is there anything else out there?
Mike Scott
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Any alternatives to PGP?
Date: 23 Feb 2001 15:19:27 GMT
[EMAIL PROTECTED] (Alberto) wrote in
<[EMAIL PROTECTED]>:
>I've decided to leave PGP.
>
>What is a good alternative?
>
>
>Thanks
If you need public key crypto. Meaning you want to exchange
messages with some one on the net that you can't give a key to
in person. It's not to hard to set up your on DH public key
scheme for sending a secret key.
If the crypto is just for your self or a freing where you can
change keys in person. Then you can use shomething like scott16u
or Matts BICOM or both.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Jim Steuert <[EMAIL PROTECTED]>
Subject: Powers of Complex Associative Functions
Date: Fri, 23 Feb 2001 10:58:45 -0500
With a simple c program, I have been able to create large numbers of
arbitrarily complex associative vector functions of various dimensions.
For example, the vector operator OP defined as:
c0 = a0*b0 + a3*b2 + a2*b3
c1 = a1*b3 + a1*b2 + a1*a0
c2 = a3*b3 + a2*b0 + a0*b2
c3 = a3*b0 + a2*b2 + a0*b3
and where * is associative, * is both left and right distributive over
+. Note
that only the + operator needs to be commutative.
The (*,+) can be pointwise arithmetic modulo a large prime, or can
recursively
in turn be a vector scheme as above.
Because of the associative natures of this, powers may be built up
in logarithmic time (as in x, x^2, x^4, x^8) and "OP-ified" (multiplied)
and
used in a Diffie-Hellman-like scheme.
I am aware that simple quaternion and matrix schemes have been
proposed,
but I am not aware of any more complex associative schemes.
More importantly, I am not aware of any attacks that generally apply to
arbitrary associative functions.
Does anyone know of any other schemes like this?
-Jim Steuert
------------------------------
From: [EMAIL PROTECTED] (Bo D�mstedt)
Subject: Re: Rnadom Numbers
Reply-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 16:45:05 GMT
Another good convenient test program, not mentioned
on page http://www.protego.se/statistictest_en.htm, is the
Crypt-X '98 package [1], that in stream-cipher mode can be
used to test a stream of random numbers. The Crypt-X '98
test input files up to 256 Megabytes.
Bo D�mstedt
Protego Information AB
Hardware Random Number Generators
http://www.protego.se
[1]
Crypt-X 98, Information Security Research Centre,
Centre in Statistical Science and Industrial Mathematics,
Queensland University of Technology.
http://www.isrc.qut.edu.au/cryptx/
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: IMPROVED GIFSHUFFLE
Date: 23 Feb 2001 16:42:06 GMT
Hola Amigos
I know many of your are interested in stegnography ( so bad spelling).
Any way a classic version of how to do it with Gif Palletes is called
GIFSHUFFLE. I have looked at the code and it is a nice first attempt
to do the job. But it has several short comings in that it does not
really do a full permutaion on the pallet and using the colors as
the sorting value is not the best either.
I hope others will look at the mods I have made so that it can hide
more information in most gifs than what the old program does. If others
would like to join me or test the changes so far please down load it
at the radiusent crypto site. Its under the directory /scott
I plan to fix more of the short coming in the old program as time
goes on. But the concept of hiding data in a GIF without changing the
picture viewed is a great concept. After we get this going I would
like to do it even better and more completely for PNG pallete type
of files. Anyone wishing to join or comments on my investagation
and study of this welcome.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Fri, 23 Feb 2001 16:20:36 GMT
David Wagner wrote:
> Yes, but my experience is that differential cryptanalysis is close to the
> best method of analysis known against many block ciphers. It is maybe
> the most powerful general cryptanalytic technique I know of. Therefore,
> my concern is that this bad case (where frequent key changes don't help)
> might occur very frequently, meaning that for many ciphers the proposal
> doesn't help much.
But I wasn't proposing waiting anywhere near that long before
changing keys. What I have in mind is something like this
example: Block length 512 bits, key length 128 bits, 64 new
key bits included per block (leaving 448 bits for plaintext).
These numbers rule out brute-force attacks and known-plaintext
attacks. I don't think so-called differential cryptanalysis
can even get a foothold.
> I am certainly very interested in your goal of working toward techniques
> to withstand the best possible cryptanalytic attacks, so please don't
> take this as a discouraging note. You seem to be driving at some general
> point that I would really like to understand.
I for one do not mind using 12.5% of the available bandwidth
to gain protection against *unknown* cryptanalytic threats.
> However, here's where I get confused: If robustness is the goal, wouldn't
> it be more reliable to just double the number of rounds, or triple the
> cipher, or something? This makes most known attacks exponentially less
> effective, so why isn't it a better way to get more bang for the buck?
No, there is no reason to think that such tweaks substantially
improve resistance to cryptanalysis (other than specific
publicly known methods). On the other hand, there is reason
to think that a continual infusion of new key entropy comparable
to that of the plaintext would seriously impair cryptanalysis.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
