Cryptography-Digest Digest #770, Volume #13 Thu, 1 Mar 01 11:13:00 EST
Contents:
Re: Rijndael decryption (Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?=)
Re: Question about MD5,CRC and SHA(1). (Paul Schlyter)
Re: Keystoke recorder (Hard)
Re: Keystoke recorder (Magnus Mischel)
Urgent DES Cipher source code !!!!! ("Latyr Jean-Luc FAYE")
Re: Urgent DES Cipher source code !!!!! ("Tom St Denis")
Re: Urgent DES Cipher source code !!!!! ("Latyr Jean-Luc FAYE")
Re: Urgent DES Cipher source code !!!!! ("Sam Simpson")
Re: Keystoke recorder (William Hugh Murray)
[Kryptyomic] symetric stream encryption. (yomgui)
Re: Keystoke recorder (William Hugh Murray)
Re: Urgent DES Cipher source code !!!!! ("Latyr Jean-Luc FAYE")
AES FIPS ("Brian Gladman")
Re: Rijndael decryption ("Brian Gladman")
Re: How to find a huge prime(1024 bit?) ("david Hopkins")
Re: Urgent DES Cipher source code !!!!! ("Sam Simpson")
Re: Question about MD5,CRC and SHA(1). (Doug Stell)
Re: Sad news, Dr. Claude Shannon died over the weekend. (William Stallings)
Re: how long can one Arcfour key be used?? ("Scott Fluhrer")
Re: Keystoke recorder (HiEv)
----------------------------------------------------------------------------
From: Panu =?iso-8859-1?Q?H=E4m=E4l=E4inen?= <[EMAIL PROTECTED]>
Subject: Re: Rijndael decryption
Date: Thu, 01 Mar 2001 12:18:01 +0200
ajd wrote:
> By doing some of the stages slightly differently, you can use the same
> expanded round keys for both encryption and decryption. This may be better
> in hardware (I presume you're talking FPGA here).
Yes, FPGA. Differently? Do you mean adding InvMixColumn between some of the
stored round keys and AddRoundKey in decryption?
> What is the structure of your final architechture? Would you really gain
> from doing the round keys on the fly?
Because of the limited area, I have made an iterative implementation with only
one round. As I started with encryption, I assumed that calculating the keys on
the fly is the best way when considering the area (storage for only one round
key is needed). Now, as I'm adding decryption, I'm about to change my mind.
Probably the best way is to calculate the round keys in advance. This way the
S-boxes in the iteration round can also be used in the key expansion. This
implies that instead of the four additional S-boxes (=4 x 256 x 8 bits) in key
expansion, only 10 x 128 bits of RAM is needed (for storing the keys). If the
encryption key is rarely changed, the calculation overhead is not essential. Do
you agree?
-- Panu
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Question about MD5,CRC and SHA(1).
Date: 1 Mar 2001 10:23:58 +0100
In article <[EMAIL PROTECTED]>,
Zeljko Vrba <[EMAIL PROTECTED]> wrote:
> Let f(x) be a message-digest function; MD5, CRC, SHA or SHA1.
> Do any of these functions have a fixed point; i.e. does there exist
> a value X such that f(X) == X? If there exists a fixed point, what
> is it? If it doesn't can you point me to some proof that it doesn't?
Yes, at least some of them have "fixed points". The CRC-32 of
FFFFFFFF for instance is FFFFFFFF (however the CRC-32 of 000000000
is not 00000000).
But in practice these "fixed points" matter little - why? Because in
all real-world situations X will be longer (often much longer) than
f(X) which means X and f(X) will be unequal.
And if X should be of the same length as, or perhaps even shorter
than, f(X), there's really no point in using these hash functions
since one can just as well use X itself instead, with padding if
necessary.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: [EMAIL PROTECTED] (Hard)
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 10:49:17 GMT
On Wed, 28 Feb 2001 17:29:41 GMT, Alberto <[EMAIL PROTECTED]> wrote:
>It's seems that the easiest way to access encrypted data is to gain
>access to the target computer and install such device.
>
>Have you ever seen one of them? How does it look like? How can you
>defend yourself against this kind of attack?
>
>Thanks.
>Alberto
>
I agree. The easiest way to access encrypted data is to do what you
suggest.
Most keystroke grabbers are software based. These work really well on
mainstream pc users. However...
A lot of the people you encounter in this group are fairly savvy and
paranoid enough to do thorough checks on their equipment that would
make all but the most advanced software attacks difficult.
But I read recently that the FBI broke in and replaced a keyboard on a
target pc with one that was bugged to transmit the keystrokes to a
clandestine receiver (presumably located off-premises).
If I remember correctly, their aim was to grab, in real time,
passwords used for encrypting data that they wanted, possibly
financial data.
They were successful in their attack.
I find this to be a particularly easy thing for them to do, and
possibly difficult to detect for the following reasons:
Any type of keyboard is easily obtained, and there are not that many
different ones to be found. So quickly getting one "just like yours"
is not going to be a problem. They work up the exploit on that unit
and are then ready to "enhance" yours.
They probably did not actually replace the keyboard, but rather opened
it up and replaced a section, or added a section that would transmit.
This section likely was centered around the keyboard matrix decoding
chip/section. At current state-of-the-art, the space they needed
must have been very small indeed. Power requierments, no problem.
Chance of being discovered, no problem.
I submit that most anyone who was being reasonably careful could open
and close your keyboard with nothing more than a small screw driver
and you would be hard-pressed to notice.
The same cannot be said for our software. I put myself in the group
that would *notice* most anything of that nature.
------------------------------
From: [EMAIL PROTECTED] (Magnus Mischel)
Subject: Re: Keystoke recorder
Date: 1 Mar 2001 11:53:47 GMT
[EMAIL PROTECTED] (nemo outis) wrote in
<G6ln6.4392$[EMAIL PROTECTED]>:
>To respond to only one of the many interesting points you raise, I daily
>do an MD5 hash of every executable and near-executable (dll, vxd, etc.)
>on my system and compare them to "known-good" values. (Also look for
>new or deleted ones!) Takes about 15 minutes on my 20-gig drive (just
>right for enjoying that first cup of coffee). The hash program and the
>known-good values are on a (securely stored) encrypted CD.
>
>This is a very effective method unless/until the OS and major programs
>have backdoors built into them. But that's what's meant by trust models
>and why known-good was in quotation marks :-)
>
>Regards,
If you are running Windows 2000, one could launch a trojan that will rename
its executable file to have a .txt extension, thus rendering your MD5 hash
system useless. When it is done (when Windows shuts down), the trojan could
rename itself back to .exe (or any other of the various executable
extensions), thus being ready to autostart along with Windows the next time
you boot.
--
Magnus Mischel
Mischel Internet Security
http://www.mischel.dhs.org
------------------------------
From: "Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]>
Subject: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 12:58:11 -0000
Hi everybody,
I am looking for a source code (in C/C++, VB, VHDL or Java) to implement the
DES Cipher.
The system should perform both encryption of 64bit blocks of plaintext and
decryption of 64 bit blocks of ciphertext.
The system should be modular in nature with separate module implementing the
various elements of the algorithm.
The operation of the system should be verified by using various plaintext
and keys.
The best would be in C/C++
Thanks in advance
--
Latyr Jean-Luc FAYE
Ing�nieur G�nie Logiciel
Master Eng in Telecommunications
http://faye.cjb.net
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 01 Mar 2001 13:10:43 GMT
"Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi everybody,
>
> I am looking for a source code (in C/C++, VB, VHDL or Java) to implement
the
> DES Cipher.
In C/VB/VHDL/Java? What the heck. What platform are you wokring for?
Besides why do you need des? It's horribly dated and inefficient.
Tom
------------------------------
From: "Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 13:16:56 -0000
I am working under a DOS/Windows environnement.
I am beginning in cryptography and I want to devellop a small application
for my own to be use between my girl and me as she is sharing his email box
with all his familly.
Latyr
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 13:28:02 -0000
If it's urgent, whu don't you pull your finger out and learn to using a
f*cking search engine..........
--
Regards,
Sam
http://www.scramdisk.clara.net/
Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hi everybody,
>
> I am looking for a source code (in C/C++, VB, VHDL or Java) to implement
the
> DES Cipher.
> The system should perform both encryption of 64bit blocks of plaintext and
> decryption of 64 bit blocks of ciphertext.
> The system should be modular in nature with separate module implementing
the
> various elements of the algorithm.
> The operation of the system should be verified by using various plaintext
> and keys.
>
> The best would be in C/C++
>
> Thanks in advance
>
> --
> Latyr Jean-Luc FAYE
> Ing�nieur G�nie Logiciel
> Master Eng in Telecommunications
> http://faye.cjb.net
>
>
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 13:26:20 GMT
Frank Gerlach wrote:
> nemo outis wrote:
> >
> > To respond to only one of the many interesting points you raise, I daily do an
> > MD5 hash of every executable and near-executable (dll, vxd, etc.) on my system
> > and compare them to "known-good" values. (Also look for new or deleted ones!)
> > Takes about 15 minutes on my 20-gig drive (just right for enjoying that first
> > cup of coffee). The hash program and the known-good values are on a (securely
> > stored) encrypted CD.
> >
> > This is a very effective method unless/until the OS and major programs have
> > backdoors built into them. But that's what's meant by trust models and why
> > known-good was in quotation marks :-)
> Ah, and whatabout this attack: Store malicious code in the mail folder
> of your Mail Client. Employ a buffer-overflow in the inbox reading code
> of the mail client. Initial intrusion was through a buffer overflow in
> the html parser.
> (The same approach works for and Operating System and it's swap file)
> Does your method protect against this ?
> I think you just put a big stick into the ground, and knowledgable
> people will find a way around it.
Only if you are a target of choice. The stick may be sufficient to get you off the
target of opportunity list, i.e., make your security sufficiently higher than that
of your neighbors that the attacker is unlikely to choose you at random from among
those around you.. If you are a target of choice, then using a computer is likely
to lower, rather than raise, the cost of attack. Getting your computer from the
target of choice list to the hardened target list it possible but involves some of
the very unattractive choices that I have already outlined.
In any case, we are on very soft ground here. We are trying to talk about
protective measures outside the context of an application and environment.
------------------------------
From: yomgui <[EMAIL PROTECTED]>
Subject: [Kryptyomic] symetric stream encryption.
Date: Thu, 01 Mar 2001 13:39:34 +0000
hello,
I've developped my own, quite simple, encryption method.
the source code is here http://bigfoot.com/~kryptyomic
under the GNU Lesser General Public License.
I describe here in few lines how it works.
could you tell me what you think of it.
I avoid the biggest mistakes, but you will probably
find out some weakness that I missed.
thanks
guillaume
/*----------------------------------------------------------------------
Kryptyomic, a library for symetric stream and file encryption.
Copyright (C) 2000 Guillaume Vareille
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
Author: Guillaume Vareille
2 Town Hall Approach
Stoke Newington
London N16 8QN
UK
mailto:[EMAIL PROTECTED]
http://bigfoot.com/~kryptyomic
======================================================================
*/
// Kryptyomic.txt (file version 1.0) part of Kryptyomic (version 1.0)
Kryptyomic is a library for symetric stream and file encryption.
each letter of a password up to (256*256 bytes) is used as an unsigned
byte
integer value to seed a pseudo-random serie, a simple combo from the
public
domain: the period of the combo exceeds 2^60
this combo can be replaced by any other pseudo random number generator.
each random series is seeded with the password plus a pseudo random
number
from the previous serie.
these series are used in random order to produce one new pseudo random
number,
and to determine the next series to use.
then we use the next series to produce one number, and so on.
the pseudo random series are used to generate an encryption grid
this grid allows the replacement of a two-byte value by its
corresponding
unique two-byte value in the grid.
a smaller grid of 256 bytes is used when single-byte encoding is
necessary.
the stream is considered as a succession of two-byte values.
the value is obtained from the stream: val0
we generate one two-byte pseudo random number: aTwoByteRandNumber
we xor the value and the pseudo random number: val1 = val0 XOR
aTwoByteRandNumber
we take the corresponding value in the grid: val2 = grid[val1]
we xor the value with the same pseudo random number: val3 = val2 XOR
aTwoByteRandNumber
we put the value in the output stream.
note: if we don't do the grid corresponding step, no encryption is
performed.
(ie. if val2 equals val1 then val3 equals val0).
to perform decryption we follow the same method but before running the
stream,
we just reverse the grids once (such as val1 = reversegrid[val2])
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 13:38:26 GMT
Paul Rubin wrote:
> Benjamin Goldberg <[EMAIL PROTECTED]> writes:
> > Along this line of questioning -- How good is the xterm "secure
> > keyboard" function at preventing software keystroke logging?
>
> The idea is the attacker gains access to the target computer.
> At that point they can change the X server to log keystrokes.
>
> Do you ever wonder if ALL pc hardware will soon have backdoors
> for law-enforcement access, if they don't already?
I am sure that we all worry about this to some extent. I do not worry
about it too much because: 1) while useful for surveillance of large
populations, they are not necessary for law enforcement; 2) there are
so many holes in any case that they are not necessary. If you are my
special target, you use a computer, and I am willing to spend sufficient
work, have a little access, do not care too much if am caught in the
act, have a little special knoweldge, and I have sufficient time before
you notice me, I will get you; and, 3) a secret known only to all the
law enforcement officers in the world, is not much of a secret.
Notice that random surveillance of large populations is illegal in the
US and has been known to bring down governments in others. However,
governments are arrogant and citizens very tolerant.
On the other hand, even paranoids may have real enemies.
------------------------------
From: "Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 14:46:28 -0000
I have tried that but I haven't found something revelant.
I apologies for botherring you with my request.
I thought that we were in a friendly and helpful environement
Latyr
"Sam Simpson" <[EMAIL PROTECTED]> a �crit dans le message news:
G5sn6.122$[EMAIL PROTECTED]
> If it's urgent, whu don't you pull your finger out and learn to using a
> f*cking search engine..........
>
> --
> Regards,
>
> Sam
> http://www.scramdisk.clara.net/
>
> Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hi everybody,
> >
> > I am looking for a source code (in C/C++, VB, VHDL or Java) to implement
> the
> > DES Cipher.
> > The system should perform both encryption of 64bit blocks of plaintext
and
> > decryption of 64 bit blocks of ciphertext.
> > The system should be modular in nature with separate module implementing
> the
> > various elements of the algorithm.
> > The operation of the system should be verified by using various
plaintext
> > and keys.
> >
> > The best would be in C/C++
> >
> > Thanks in advance
> >
> > --
> > Latyr Jean-Luc FAYE
> > Ing�nieur G�nie Logiciel
> > Master Eng in Telecommunications
> > http://faye.cjb.net
> >
> >
>
>
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: AES FIPS
Date: Wed, 28 Feb 2001 17:11:39 -0000
The AES draft FIPS is now available at:
http://csrc.nist.gov/encryption/aes/
for comment.
Brian Gladman
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Rijndael decryption
Date: Thu, 1 Mar 2001 10:57:35 -0000
"Panu H�m�l�inen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hello,
>
> A while ago I was asking how to implement the Rijndael S-box inverse by
using
> the encryption S-box in order to save some space. I got it now: a table
look up
> is used for the multiplicative inverse in GF(2^8) and this can be shared
between
> encryption and decryption. Some extra logic is only needed for the affine
> transformation and its inverse as the specification says (I'm talking
about a
> hardware implementation here).
>
> I found the affine mapping at byte level in Brian Gladman's code and my
> encryption is working ok now. However, I have problems with the inverse
affine
> (the shifts and xors). Does someone know how to do it?
The inverse transformation is simpler than the forward one. It is:
a[i] = 0x63 ^ b[(i + 2) % 8] ^ b[(i + 5) % 8] ^ b[(i + 7) % 8]
> In addition, the round key calculation in decryption troubles me. Right
now I'm
> calculating the encryption round keys "on the fly", which saves area and
also
> the overhead of calculating all the round keys in advance. I was thinking
of
> saving only the last encryption round key and use it to calculate the
decryption
> round keys. If decryption is always done after encryption (with the same
key),
> this also saves the key calculation overhead in decryption. However, if I
> understood it right, this requires extra logic for the inverse of the
encryption
> key calculation to enable rolling back to the previous encryption keys.
The round keys can be calculated 'on the fly' in the reverse direction by
keeping the last 4, 6 or 8 32-bit words from the encryption key schedule.
Lower blocks of 4, 6 or 8 32-bit words in this schedule can then be
calculated from these values because the transformation between any two such
blocks is invertible. This allows a very compact software implementation.
Brian Gladman
------------------------------
From: "david Hopkins" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: How to find a huge prime(1024 bit?)
Date: Thu, 01 Mar 2001 15:31:31 GMT
I am studying cryptography now. I am implementing RSA for academic purpose
only.
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Could you
> tell whether there are something novel/particular in your
> scheme, either in generation of the random numbers or in
> testing for primality etc.? Thanks.
>
> M. K. Shen
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 15:34:54 -0000
We are (usually), but a google search
http://www.google.com/search?q=DES+%22source+code%22+c+download+&hl=en&lr=&s
afe=off produces literally dozens of links to precisely what you've asked
for - there's nothing more annoying than laziness...
Try, for example: http://www.eskimo.com/~weidai/cryptlib.html
--
Regards,
Sam
http://www.scramdisk.clara.net/
Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I have tried that but I haven't found something revelant.
> I apologies for botherring you with my request.
> I thought that we were in a friendly and helpful environement
>
> Latyr
>
> "Sam Simpson" <[EMAIL PROTECTED]> a �crit dans le message news:
> G5sn6.122$[EMAIL PROTECTED]
> > If it's urgent, whu don't you pull your finger out and learn to using a
> > f*cking search engine..........
> >
> > --
> > Regards,
> >
> > Sam
> > http://www.scramdisk.clara.net/
> >
> > Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Hi everybody,
> > >
> > > I am looking for a source code (in C/C++, VB, VHDL or Java) to
implement
> > the
> > > DES Cipher.
> > > The system should perform both encryption of 64bit blocks of plaintext
> and
> > > decryption of 64 bit blocks of ciphertext.
> > > The system should be modular in nature with separate module
implementing
> > the
> > > various elements of the algorithm.
> > > The operation of the system should be verified by using various
> plaintext
> > > and keys.
> > >
> > > The best would be in C/C++
> > >
> > > Thanks in advance
> > >
> > > --
> > > Latyr Jean-Luc FAYE
> > > Ing�nieur G�nie Logiciel
> > > Master Eng in Telecommunications
> > > http://faye.cjb.net
> > >
> > >
> >
> >
>
>
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Question about MD5,CRC and SHA(1).
Date: Thu, 01 Mar 2001 15:25:45 GMT
On 1 Mar 2001 10:23:58 +0100, [EMAIL PROTECTED] (Paul Schlyter) wrote:
>Yes, at least some of them have "fixed points". The CRC-32 of
>FFFFFFFF for instance is FFFFFFFF (however the CRC-32 of 000000000
>is not 00000000).
The above may or may not be true, depending upon the initial value of
the CRC register and the value that is XORed with the final value.
These values have to be part of the specification of a CRC and the
author obviously has a particular specification in mind, probably the
AutoDIN II CRC used in such places as Ethernet.
In my work, I use a different specification of the CRC-32, where the
initial value is neither all zeros nor all ones and first statement
above is definitely not true. Yes, the specification does call it
"CRC-32" and the only thing it has in common with AutoDIN II is the
number of bits in the CRC.
BTW, a CRC with an initial value of zero will not detect leading zeros
in the message.
------------------------------
From: [EMAIL PROTECTED] (William Stallings)
Subject: Re: Sad news, Dr. Claude Shannon died over the weekend.
Date: Thu, 01 Mar 2001 10:39:40 -0500
In article <[EMAIL PROTECTED]>, "John A. Malley"
<[EMAIL PROTECTED]> wrote:
de E. Shannon was a pioneer in communications theory, computer
> science, cryptology, information theory and artificial intelligence.
> To me he is an Engineering Hero. His bio is on-line at AT&T Research
>
> http://www.research.att.com/~njas/doc/shannonbio.html
>
> Dr. Shannon's paper, "The Mathematical Theory of Communication", is
> perhaps one of the most important papers ever published in the 20th
> Century. And his follow-on paper, "Communications Theory of Secrecy
> Systems" ,is a must-read for all of us in this USENET group.
>
> Both papers are graciously provided on line, the "The Mathematical
> Theory of Communication" at
>
> http://cm.bell-labs.com/cm/ms/what/shannonday/paper.html
>
> and "Communications Theory of Secrecy Systems" at
>
> http://www3.edgenet.net/dcowley/docs.html
>
> His work is profound and eye-opening.
>
And don't forget his contribution to the application of Boolean algebra
to the study of digital circuits; this he managed to toss off as a
master's thesis.
Bill Stallings
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: how long can one Arcfour key be used??
Date: Thu, 1 Mar 2001 07:48:53 -0800
Paul Crowley <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Bryan Olson <[EMAIL PROTECTED]> writes:
> > Yes, see Paul Crowley's page at:
> > http://www.cluefactory.org.uk/paul/rc4/
>
> A much more detailed analysis of the bias in RC4 can be found in Scott
> R Fluhrer and David A McGrew, "Statistical Analysis of the Alleged RC4
> Keystream Generator", Fast Software Encryption Seventh International
> Workshop. I don't know if this paper is available online though -
> Scott?
Try: http://www.mindspring.com/~dmcgrew/rc4-03.pdf
--
poncho
------------------------------
From: HiEv <[EMAIL PROTECTED]>
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 15:57:50 GMT
Magnus Mischel wrote:
>
> If you are running Windows 2000, one could launch a trojan that will rename
> its executable file to have a .txt extension, thus rendering your MD5 hash
> system useless. When it is done (when Windows shuts down), the trojan could
> rename itself back to .exe (or any other of the various executable
> extensions), thus being ready to autostart along with Windows the next time
> you boot.
Assuming the computer doesn't crash. But that never happens on a
Windows computer. ;-)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
