Cryptography-Digest Digest #771, Volume #13 Thu, 1 Mar 01 15:13:00 EST
Contents:
Re: Urgent DES Cipher source code !!!!! (Richard Herring)
Re: Keystoke recorder (those who know me have no need of my name)
confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both algorithm and
keyagreement? ("david Hopkins")
Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA (William Hugh
Murray)
Re: Sad news, Dr. Claude Shannon died over the weekend. (Jim Haynes)
Re: Rijndael decryption ("Brian Gladman")
Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both algorithm
and keyagreement? ("david Hopkins")
Re: Keystoke recorder (nemo outis)
Re: HPRNG ("Simon Johnson")
Re: Urgent DES Cipher source code !!!!! ("Simon Johnson")
Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both algorithm
and keyagreement? (Richard Wash)
Re: philosophical question? ("Simon Johnson")
Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both algorithm
and keyagreement? ("david Hopkins")
Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both algorithm
and keyagreement? ("Carpe Diem")
Re: HPRNG ("Simon Johnson")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: Urgent DES Cipher source code !!!!!
Date: 1 Mar 2001 15:55:56 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]>, Latyr Jean-Luc FAYE ([EMAIL PROTECTED])
wrote:
> I am working under a DOS/Windows environnement.
> I am beginning in cryptography and I want to devellop a small application
> for my own to be use between my girl and me as she is sharing his email box
> with all his familly.
What's wrong with PGP or GPG? Why reinvent the wheel?
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 16:41:00 -0000
<97ld8b$o1c$[EMAIL PROTECTED]> divulged:
>[EMAIL PROTECTED] (nemo outis) wrote in
><G6ln6.4392$[EMAIL PROTECTED]>:
>
>>To respond to only one of the many interesting points you raise, I
>>daily do an MD5 hash of every executable and near-executable (dll, vxd,
>>etc.) on my system and compare them to "known-good" values. (Also look
>>for new or deleted ones!)
careful that your assumptions don't turn out to be far short of what your
"o/s" is happy to inflict on you.
>If you are running Windows 2000, one could launch a trojan that will
>rename its executable file to have a .txt extension,
this is hardly limited to windows 2000. all microsoft windows systems can
be set to pull this trick -- there are even built-in procedures to help.
i'd even go so far as to say that all o/s' can be convinced to do it.
it's almost as if you two haven't considered trojan and virus research --
more than 20 years of it. comparing file signatures is a fruitless and
misleading exercise when something that knows you may attempt such a thing
is running. and that's if the thing isn't completely masking it's
presence, on disk as well as in memory. that's not to say that scanning is
fruitless, just that doing it in an uncontrolled environment can be (read
will be for the more paranoid).
--
okay, have a sig then
------------------------------
From: "david Hopkins" <[EMAIL PROTECTED]>
Subject: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both
algorithm and keyagreement?
Date: Thu, 01 Mar 2001 17:16:58 GMT
I am confused:
Diffie-Hellman is key agreement,
how about RSA? Is RSA self both an algorithm and a keyagreement?
Thanks.
------------------------------
From: William Hugh Murray <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA
Date: Thu, 01 Mar 2001 17:32:12 GMT
david Hopkins wrote:
> I am confused:
> Diffie-Hellman is key agreement,
Diffie-Hellman is an algorithm whose primary application is key
agreement.
>
> how about RSA? Is RSA self both an algorithm and a keyagreement?
RSA is an algorithm whose primary application is key management, in
general. In SSL its application is to agree upon a key for an SSL
session. What RSA is used for in SSL could be done with DH.
> Thanks.
If that clears up your confusion, you are welcome.
------------------------------
Subject: Re: Sad news, Dr. Claude Shannon died over the weekend.
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Jim Haynes)
Date: Thu, 01 Mar 2001 17:50:40 GMT
In addition to Shannon and Newton, let's hear it for Maxwell.
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Rijndael decryption
Date: Thu, 1 Mar 2001 17:57:31 -0000
"Brian Gladman" <[EMAIL PROTECTED]> wrote in message
news:eXpn6.73$Ex.1294@wards...
> "Panu Hämäläinen" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hello,
> >
> > A while ago I was asking how to implement the Rijndael S-box inverse by
> using
> > the encryption S-box in order to save some space. I got it now: a table
> look up
> > is used for the multiplicative inverse in GF(2^8) and this can be shared
> between
> > encryption and decryption. Some extra logic is only needed for the
affine
> > transformation and its inverse as the specification says (I'm talking
> about a
> > hardware implementation here).
> >
> > I found the affine mapping at byte level in Brian Gladman's code and my
> > encryption is working ok now. However, I have problems with the inverse
> affine
> > (the shifts and xors). Does someone know how to do it?
>
> The inverse transformation is simpler than the forward one. It is:
>
> a[i] = 0x63 ^ b[(i + 2) % 8] ^ b[(i + 5) % 8] ^ b[(i + 7) % 8]
I am afraid that I got this wrong - the 0x63 is in the wrong place.
If b is the starting byte value then the steps are
b = b ^ 0x63;
b[i] = b[(i + 2) % 8] ^ b[(i + 5) % 8] ^ b[(i + 7) % 8]
where b[i] is bit i of the byte. In other words:
b = b ^ 0x63;
b = ((b >> 2)|(b << 6))^((b >> 5)|(b << 3))^((b >> 7)|(b << 1))
b = inverse(b)
Brian Gladman
------------------------------
From: "david Hopkins" <[EMAIL PROTECTED]>
Subject: Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both
algorithm and keyagreement?
Date: Thu, 01 Mar 2001 18:16:38 GMT
Thank you :-). I am new to crypto, I still not very clear in some points :-(
What is "key management" means?
Can I say that:
1) RSAEP (encryption primitive)/RSADP also perform the function of key
agreement,
2) In new version of PGP(5.0 + ? the version include DH/DSS)
RSASP1( signature primitive)/RSAVP1 perform the same function of DSS,
RSAEP/RSADP perform the same function of DH
3) how about ECC(elliptic curve cryptography ? Does it also perform as key
agreement? although
it is not called key agreement?
Thank you.
David
"William Hugh Murray" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> RSA is an algorithm whose primary application is key management, in
> general. In SSL its application is to agree upon a key for an SSL
> session. What RSA is used for in SSL could be done with DH.
------------------------------
From: [EMAIL PROTECTED] (nemo outis)
Subject: Re: Keystoke recorder
Date: Thu, 01 Mar 2001 18:29:19 GMT
First of all the trojan is by definition an executable. The .txt file will not
spontaneously rename itself. The principle is to look for new or modified
executables and some things (such as trojans and viruses) may be detected with
other means than the MD5 hash.
This (MD5 hash verification) is only one dimension of checking, part of the
"state" check. There are also "process" checks (sometimes just as simple as
filemon and regmon). And, besides software, there are hardware "state" and
"process" checks including such things as numbered security tape on openings
of all equipment (my favorite brand is Secure-TRAC) and on and on. Not trying
to write a textbook here, just give one example.
Regards,
In article <97ld8b$o1c$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Magnus Mischel)
wrote:
>[EMAIL PROTECTED] (nemo outis) wrote in
><G6ln6.4392$[EMAIL PROTECTED]>:
>
>>To respond to only one of the many interesting points you raise, I daily
>>do an MD5 hash of every executable and near-executable (dll, vxd, etc.)
>>on my system and compare them to "known-good" values. (Also look for
>>new or deleted ones!) Takes about 15 minutes on my 20-gig drive (just
>>right for enjoying that first cup of coffee). The hash program and the
>>known-good values are on a (securely stored) encrypted CD.
>>
>>This is a very effective method unless/until the OS and major programs
>>have backdoors built into them. But that's what's meant by trust models
>>and why known-good was in quotation marks :-)
>>
>>Regards,
>
>If you are running Windows 2000, one could launch a trojan that will rename
>its executable file to have a .txt extension, thus rendering your MD5 hash
>system useless. When it is done (when Windows shuts down), the trojan could
>rename itself back to .exe (or any other of the various executable
>extensions), thus being ready to autostart along with Windows the next time
>you boot.
>
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Thu, 1 Mar 2001 18:44:57 -0800
Benjamin Goldberg <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Here's an idea for a TRNG, which uses components which are used in
> > > Quantum Cryptography. Get a device which produces one photon at a
> > > time, send it through a polarizer. Follow this with a second
> > > polarizer at 45 degree angle from the first. Photons will go
> > > through the first 100% of the time, and through the second exactly
> > > 50% of the time. Measure photon/no photon as your bit of
> > > randomness. I call the system a Heisenburg Random Number Generator,
> > > or HRNG. Bits might be slightly biased, if the mirrors aren't
> > > exactly 45 degrees apart, but they should not be correlated in any
> > > way, shape, or form.
> >
> > Sounds very neat. Of course you could xor a few HRNG bits together to
> > smoothen out any bias.
>
> Or use your measurement of the bias to adjust your polarizers, or use an
> (adaptive?) arithmetic coder to eliminate/decrease the bias, or feed the
> data to Yarrow giving an entropy estimate of the stream based on how
> much bias there is, etc. Lots of ways to reduce bias.
>
> Also, the decorrelation method of discarding 00 and 11, and converting
> 01 and 10 to 0 and 1 should remove all bias. Too bad this cuts the
> bitrate by about 75% for unbiased data, slightly more for slightly
> biased data.
>
Sorry to be nit-picky, but it aint a pseudo random number generator, so the
name should be HRNG :)
Neat idea though.
> --
> The difference between theory and practice is that in theory, theory and
> practice are identical, but in practice, they are not.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Urgent DES Cipher source code !!!!!
Date: Thu, 1 Mar 2001 18:40:40 -0800
Latyr Jean-Luc FAYE <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am working under a DOS/Windows environnement.
> I am beginning in cryptography and I want to devellop a small application
> for my own to be use between my girl and me as she is sharing his email
box
> with all his familly.
> Latyr
>
>
>
>
It can be found easily using a search on google....
If your having trouble, e-mail me and i'll send you some source:
[EMAIL PROTECTED]
Simon.
------------------------------
From: Richard Wash <[EMAIL PROTECTED]>
Subject: Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both
algorithm and keyagreement?
Date: 01 Mar 2001 13:42:18 -0500
"david Hopkins" <[EMAIL PROTECTED]> writes:
> What is "key management" means?
>
> Can I say that:
> 1) RSAEP (encryption primitive)/RSADP also perform the function of key
> agreement,
> 2) In new version of PGP(5.0 + ? the version include DH/DSS)
> RSASP1( signature primitive)/RSAVP1 perform the same function of DSS,
> RSAEP/RSADP perform the same function of DH
> 3) how about ECC(elliptic curve cryptography ? Does it also perform as key
> agreement? although
> it is not called key agreement?
Basically, Diffie-Hellman is "key agreement" because both parties have
to be actively agreeing on a key. The two parties interact, and as a
result of their interaction they have a shared key that both of them
can use. This only works because of the interaction (though I think
there have at least been attempts to get this working without
interaction. I am not sure, I am still mostly a newbie).
This is different from RSA (and other public key systems) doing key
management. Key management is more useful in things like PGP. Key
management does not imply an interaction between the two parties. In
key management, one party selects a key, and encrypts it using a
public key cryptosystem. Then the other party can decrypt it and get
the key. Since it is a public key system, only the intended party
(and extremely skilled cryptanalysts) can get the key. This is useful
because there can be a time delay between send and receipt. I can
choose a key, encrypt it with a public key system, and later you can
decrypt the key and use it. It does not require interactions.
Since any public key system can be used for key management, RSA and
the various ECC methods can all be used.
DSS is based off of many of the same mathematical techniques as DH,
but is not technically the same thing.
HTH,
Rick Wash
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: philosophical question?
Date: Thu, 1 Mar 2001 19:04:32 -0800
Johannes H Andersen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Simon Johnson wrote:
> >
> > Dirk Van de moortel <[EMAIL PROTECTED]> wrote
in
> > message news:9g5n6.35596$[EMAIL PROTECTED]...
> > > "Peter Osborne" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > > Hi there!
> > > >
> > > > RANDOMNESS / RANDOM NUMBERS
> > > >
> > > > Maybe that point is not that simple at all, maybe it concerns too
> > > > many topics like statistics, math, cryptanalysis and even
religion...
> > > >
> > > > As I dealed with cryptography and HRNG circuits, I often ask myself:
> > > >
> > > > Is randomness a kind of information ?
> > > > Is it the highest density of information (that we are not able to
> > > > understand)?
> > > > Is it merely the opposite of information?
> > > >
> > > > Can there be a fundamental difference between pseudo-randomness and
> > > > real randomness (e.g. generated by radioactive decay or thermal
> > > > noise), especially under these aspects mentioned above?
> > >
> > > Not so philosophical: I think, if I remember well, that information
can be
> > > defined as something that provides an answer to a Yes-No question.
> > > I don't think randomness can do this.
> >
> > Randomness is the same as unpredictability. When unpredictability is at
its
> > maximum, information content is also at its maximum. To demonstrate
this,
> > think of compression. If i compressed this text, the information per
> > character in the compressed document would clearly be greater than if it
> > were not compressed. Yet on visual inspection of the compressed data, it
> > appears more random.
> >
> > Simon.
>
> Quite true. If the compressed data appear to have some structure, then
this
> structure can exploited to compressed the data even even more. At the
final
> stage, the compressed data appear completely random.
>
> However, the unpredictability of randomness looks like a paradox. E.g.
> pseudo-random numbers are entirely predictable. Also, If a truly randomly
> generated sequence is stored; next time it is used it is predictable?
>
Well, the paradox is resolved by understanding that the entropy
contained in a message is not absolute, but relative to who/what trys to
make sense of it. If I have encrypted a message then to me that encrypted
message contains no entropy because there is no 'supprise' to its contents;
i wrote it. If an attacker looks at my cipher-text, he will observe much a
greater entropy, since he/she has only a vague idea what the cipher-text is
about and can really only guess.
Some person on here declared (correct I believe) that the difference
between in entropy (relative to the attacker) between the plain-text and the
cipher-text is that of the number of bits the key contains (if the cipher is
perfectly secure).
Simon.
------------------------------
From: "david Hopkins" <[EMAIL PROTECTED]>
Subject: Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both
algorithm and keyagreement?
Date: Thu, 01 Mar 2001 19:17:38 GMT
I see. Thank you.
> Basically, Diffie-Hellman is "key agreement" because both parties have
> to be actively agreeing on a key.
I am studying PKCS #3: Diffie-Hellman Key-Agreement Standard from RSA.
Is: The integer secret key z satisfies
z = (y')x = (gx')x = (gx)x' = yx' mod p ,
Is z the key agreeed by the two parties?
So, with DH system, the key for further symmetric encyption(I mentioned it
as session key)
is not generated by any party, but by interaction of both party. Am I
Correct ?
For the giving two party, if they do not change g, p, x and x', the session
key(see above) seems
be constant.
Is it? Is there any secure flaw if it is so?
"Richard Wash" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Basically, Diffie-Hellman is "key agreement" because both parties have
> to be actively agreeing on a key. The two parties interact, and as a
> result of their interaction they have a shared key that both of them
> can use. This only works because of the interaction (though I think
> there have at least been attempts to get this working without
> interaction. I am not sure, I am still mostly a newbie).
>
> Since any public key system can be used for key management, RSA and
> the various ECC methods can all be used.
>
> DSS is based off of many of the same mathematical techniques as DH,
> but is not technically the same thing.
>
> HTH,
> Rick Wash
------------------------------
From: "Carpe Diem" <[EMAIL PROTECTED]>
Subject: Re: confused:Diffie-Hellman is key agreement, how about RSA? Is RSA both
algorithm and keyagreement?
Date: Thu, 1 Mar 2001 13:33:37 -0600
In "New Directions in Cryptography" Diffie and Hellman propose a way to
solve the key distribution problem. This is done with the exponentiation
method and the apparent difficulty to take discrete logs. This helps in Key
agreement.
RSA is a method based on a trap door one way function which allows you to
_encrypt_ the message. Now, in practice this method is also used generally
for key agreement.
Carpe Diem
"david Hopkins" <[EMAIL PROTECTED]> wrote in message
news:euvn6.6769$[EMAIL PROTECTED]...
> I am confused:
> Diffie-Hellman is key agreement,
> how about RSA? Is RSA self both an algorithm and a keyagreement?
>
> Thanks.
>
>
>
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Thu, 1 Mar 2001 19:43:59 -0800
Simon Johnson <[EMAIL PROTECTED]> wrote in message
news:97m53s$gon$[EMAIL PROTECTED]...
>
> Benjamin Goldberg <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Tom St Denis wrote:
> > >
> > > "Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > Here's an idea for a TRNG, which uses components which are used in
> > > > Quantum Cryptography. Get a device which produces one photon at a
> > > > time, send it through a polarizer. Follow this with a second
> > > > polarizer at 45 degree angle from the first. Photons will go
> > > > through the first 100% of the time, and through the second exactly
> > > > 50% of the time. Measure photon/no photon as your bit of
> > > > randomness. I call the system a Heisenburg Random Number Generator,
> > > > or HRNG. Bits might be slightly biased, if the mirrors aren't
> > > > exactly 45 degrees apart, but they should not be correlated in any
> > > > way, shape, or form.
> > >
> > > Sounds very neat. Of course you could xor a few HRNG bits together to
> > > smoothen out any bias.
> >
> > Or use your measurement of the bias to adjust your polarizers, or use an
> > (adaptive?) arithmetic coder to eliminate/decrease the bias, or feed the
> > data to Yarrow giving an entropy estimate of the stream based on how
> > much bias there is, etc. Lots of ways to reduce bias.
> >
> > Also, the decorrelation method of discarding 00 and 11, and converting
> > 01 and 10 to 0 and 1 should remove all bias. Too bad this cuts the
> > bitrate by about 75% for unbiased data, slightly more for slightly
> > biased data.
> >
> Sorry to be nit-picky, but it aint a pseudo random number generator, so
the
> name should be HRNG :)
ooops it is
Sorry :)
Simon.
> Neat idea though.
> > --
> > The difference between theory and practice is that in theory, theory and
> > practice are identical, but in practice, they are not.
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
