Cryptography-Digest Digest #785, Volume #13 Sat, 3 Mar 01 01:13:00 EST
Contents:
Re: Text of Applied Cryptography (John Savard)
Re: Question about double encryption (John Savard)
Re: HPRNG (John Savard)
Re: repeating codes (wtshaw)
Re: super-stong crypto, straw man phase 2 (wtshaw)
Re: super-stong crypto, straw man phase 2 (wtshaw)
Re: => FBI easily cracks encryption ...? (Frodo)
Re: HPRNG (Benjamin Goldberg)
Re: philosophical question? (George Greene)
Britanica.com & PKZip 2.5 (JPeschel)
Re: ARCFOUR and Latin Squares ("r.e.s.")
Re: HPRNG (Benjamin Goldberg)
Re: => FBI easily cracks encryption ...? (Frodo)
Re: Completly wiping HD ("Michael Brown")
Re: RSA Key Generation ("Michael Brown")
Re: => FBI easily cracks encryption ...? ("Michael Brown")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.anonymous.messages,alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography
Date: Sat, 03 Mar 2001 03:15:13 GMT
On Fri, 2 Mar 2001 18:43:52 -0500, "Ryan M. McConahy"
<[EMAIL PROTECTED]> wrote, in part:
>http://www.cacr.math.uwaterloo.ca/hac/
Wrong book. But you can buy a copy of the .PDF of Bruce Schneier's
book on the CD-ROM from Dr. Dobb's.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Question about double encryption
Date: Sat, 03 Mar 2001 03:11:58 GMT
On Fri, 02 Mar 2001 23:39:28 +0000, [EMAIL PROTECTED] wrote, in
part:
>Is it possible that the following scenario actually *weakens* the
>encryption strength :
>A TCP/IP link exists that uses Blowfish (128 bit). The link is used
>for multiple ports, one of which is ssh. The ssh link uses 3DES (in
>CFB mode I believe), so effectively you have a 3DES stream encrypted
>by Blowfish and then transmitted. The receiving machine decrypts the
>Blowfish algorithm and forwards on the ssh stream to another machine
>which decrypts the 3DES.
>Note that I am not concerned about the security at the receiving side
>- I'm primarily concerned about the implications at the transmitting
>side.
No. It can't weaken the encryption strength.
The only case where there is a _theoretical_ possibility that it might
is if the key used for the Blowfish encryption is in some way derived
from the same source as the key used for the 3DES encryption.
Otherwise, someone intercepting a 3DES stream could always encipher it
in Blowfish himself, using a key of his own choosing. (That's the
"mathematical proof".)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: HPRNG
Date: Sat, 03 Mar 2001 03:14:09 GMT
On Thu, 01 Mar 2001 02:06:32 GMT, Benjamin Goldberg
<[EMAIL PROTECTED]> wrote, in part:
>Photons will go through the first 100% of
>the time, and through the second exactly 50% of the time.
The trouble is that all polarizers have some degree of absorption, and
all detectors have some degree of inefficiency. There are other ways
to make sources of true quantum randomness.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: repeating codes
Date: Fri, 02 Mar 2001 21:19:18 -0600
In article <pdNn6.6083$[EMAIL PROTECTED]>, "Eric Mosley"
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I generate random codes like the following:
> H5R6-8UPG
> where each digit is 0-9, A-Z
>
> Now, if I start to generate these random codes today how many can I generate
> before there is a probability that I will hit one of the previously
> generated codes? And how do you work that out anyway?
>
> Any info would be great,
>
> Eric
It depends on the algorithm. Often you get a series of loops rather than
one loop. For a set of 36 characters and using the shorter H5R6 as the
seed and my choice of algorithm, I get:
H5R6P Z0YR2 1SW6W R55QZ DYSFE TAWA6 99JIL V46J2 DSOI8 J9TUV 5QS3Y LY4MM
5TBU1 78YBI 9CWUO BTL27 HQCRA 564IE DPZU5 RW2ZQ 14SU8 ZP5AR XI4RI PYCAQ
DP365 VCE3A TKG6G 3PPMV HEKFY 12G26 LLBU9 Z86BA HKOU4 BL1IZ PMKRE 9E8QQ
P1JIT N4EJU L0GIO J19AN DM032 P68UY H5VIP 3GAVM T8KI4 V5P23 XU83U 5E02M
H5R6 values = 240, from H5R6 to H5R6
Note that any four sequential characters in the string are still in the
same loop, but 36^4 is 1,679,616.
I'll try longer strings:
values = 5082, from H5R68 to H5R68
values = 6552, from H5R68U to H5R68U
values = 20000, from H5R68UP to INASO4A, Maxed-out allowed length
Base 36 is rather a poor one in the sequences I have explored.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: super-stong crypto, straw man phase 2
Date: Fri, 02 Mar 2001 21:18:57 -0600
In article <[EMAIL PROTECTED]>, see.signature wrote:
> wtshaw wrote:
> >
> > Ciphers can be separated into groups according to my scale founded on
> > Shannon's unicity concept. The groups are trivial, weak, marginally
> > strong, strong, and very strong. Trivial is up to 128 bits, while strong
> > is at least 92,593 bits of text.
>
> Care to explain the significance of the particular value 92593?
>
I prefer a neat math model here, 3^6 trits x (1.585 bits/trit) = 92,593 bits
rounding off to 100kb is close enough.
The threshold between strong and very strong is about 2.5 megabits.
The secret goal is to get the longest unicity distance with the most
efficient algorithm. The OTP is not very efficient, for example, as it
has an intollerable key burden.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: super-stong crypto, straw man phase 2
Date: Fri, 02 Mar 2001 21:19:10 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> I guess that means by your classifcation scott16u could easily
> be far more secure than any of the proposed AES ciphers that most
> users will be tricked into using. Since it is one of the few
> ciphers that takes Shannons's unicity concept seriously.
>
Strength is a many facited concept. To be fair, any known measures of
strength should be considered. I stand by the importance of the one I
have referenced. Let different ciphers fall in that continuum where they
may. Strength is not the only factor in cipher evaluation, just possibly
the most important.
--
Better to pardon hundreds of guilty people than execute one
that is innocent.
------------------------------
Date: 3 Mar 2001 04:06:48 -0000
From: [EMAIL PROTECTED] (Frodo)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <[EMAIL PROTECTED]>
Jim Taylor <[EMAIL PROTECTED]> wrote:
>
> Sometimes I wonder about these groups. Are you all drug
dealers or
> something? What would be so bad about the FBI or NSA, with
considerable
> effort and expense, being able to decrypt a PGP message?
Aren't they the
> good guys trying to protect _us_ against spies, terrorists and
organized
> crime?
Sometimes. Other times they're trying to slander people they
consider subversive, as J. Edgar Hoover did to Martin Luther
King and John Lennon.
--
But history reveals that time and again, the FBI, the military
and other law enforcement organizations have ignored the law and
spied on Americans illegally, without court authorization.
Government agencies have subjected hundreds of thousands of law-
abiding Americans to unjust surveillance, illegal wiretaps and
warrantless searches. Eleanor Roosevelt, Martin Luther King Jr.,
feminists, gay rights leaders and Catholic priests were spied
on. The FBI used secret files and hidden microphones to
blackmail the Kennedy brothers, sway the Supreme Court and
influence presidential elections.
--
http://www.geocities.com/CapitolHill/9564/goats.html#constitution
http://www.geocities.com/CapitolHill/9564/prvsntch.html
> If they had an encrypted message in their hands detailing a
plan to
> nuke your city, none of you would want them to be able to
decrypt it?
Under those specific circumstances, I think they should be
permitted to decrypt it.
But they can't. They don't have the capability.
> As long as the cost for decrypting a PGP message is too high
to go looking
> for petty crimes, so what if they could decode one if they
wanted to? They
> would never let the cat out of the bag that they had the
ability for even
> someone like Hanssen, so I think all your porno is safe.
> Don't get me wrong, I use and like PGP, but it's not the NSA
and FBI that I
> worry about. I simply want to keep some things private from co-
workers, ISP
> employees and the like, and there's no doubt that PGP works
very well for
> that.
In Germany the Nazis came first for the Communists; and I didn't
speak up because I wasn't a Communist.
Then they came for the Jews, and I didn't speak up because I
wasn't a Jew.
Then they came for the trade unionists, and I didn't speak up
because I wasn't a trade unionist.
Then they came for the Catholics, and I didn't speak up because
I was a Protestant.
Then they came for me, and by that time there was no one left to
speak for me.
Pastor Martin Niemoller
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Sat, 03 Mar 2001 05:15:53 GMT
Matt Timmermans wrote:
[snip]
> > --
> > The difference between theory and practice is that in theory, theory
> > and practice are identical, but in practice, they are not.
>
> nice. How long has that been your .sig?
Since 02/28/2001 2:43AM, according to the timestamp on the file :)
> ----------------
> Of course I know there's no life on Mars -- they all live inside!
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: George Greene <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: philosophical question?
Date: 02 Mar 2001 23:04:34 -0500
[EMAIL PROTECTED] (Joe H. Acker) writes:
: (2) wouldn't that mean, that it's wrong to say that it's inprobable that
: a TRNG will output 100000 subsequent 1's? I mean if each of the sign
: events occurs with a probability of 1/2 and is completely independent of
: previous outputs, why shouldn't 100000 subsequent 1's be as probable as
: the sequence a TRNG actually should and does output?
IT IS.
: Is the inprobability of such sequences an axiom or mere hypostasis in
: probability theory, or is it indeed wrong to claim that such sequences
: are inprobable?
Every fully-specified sequence is equiprobable.
The differences in probability come from different-sized
GROUPS of sequences.
There is, for example, only 1 sequence of all 1's or all 0's.
But there are many many sequences with equal numbers of 1s
and 0's. So the probability that the sequence will have matching
numbers of 1s and 0s is a lot higher than that it will be all
1s or all 0s. But every individual sequence has the same probability.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 03 Mar 2001 05:22:52 GMT
Subject: Britanica.com & PKZip 2.5
How did this 4 year-old review get into Britannica?
http://www.britannica.com/bcom/magazine/article/0,5744,249260,00.html
I sure wish someone would let me know about this stuff. Looks like
they got the name right two out of three times.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: "r.e.s." <[EMAIL PROTECTED]>
Subject: Re: ARCFOUR and Latin Squares
Date: Fri, 2 Mar 2001 21:23:39 -0800
"Benjamin Goldberg" wrote ...
| r.e.s. wrote:
| >
| > ARCFOUR uses mod-256 addition in several of its steps.
| > But for 8-bit arguments, (x+y) mod 256 is just one
| > of a large number of functions whose value-tables are
| > symmetric order-256 Latin Squares. (Another is XOR.)
Let me add here that what I have in mind concerns the
mod-256 additions that don't involve the counter variable.
If S(k)(k=0..255) is the state vector and i & j are the
indexing variables in ARCFOUR, and "+" denotes mod-256
addition, then I'm referring to lines of code that may
look something like
...
j = j + S(i)
...
output S(S(i) + S(j)) XOR P
...
being replaced by something like
...
j = L1(j, S(i))
...
output S( L2(S(i),S(j)) ) XOR P
...
where L1() & L2() are "symmetric Latin Square functions".
Examples of these are
L(x,y) = (x XOR y) + constant
L(x,y) = (x + y) + constant
L(x,y) = (x + y) XOR constant
and there are obviously many others definable in terms
of operarors commonly available in software.
| > So, consider the even-larger number of ARCFOUR-like
| > ciphers obtainable by replacing some or all of its
| > mod-256 additions by operations defined by other
| > symmetric order-256 Latin Squares. (Many of these,
| > like XOR, are computable via "built-in" functions,
| > but others would require some sort of table lookup,
| > I suppose. If table lookup were used, then we might
| > also consider generating a random symmetric Latin
| > Square for the purpose. Hmm... would that be hard?)
| >
| > All this would be apart from ARCFOUR's final-stage
| > XOR combiner, so invertibility of the Latin Square
| > is not an issue.
| >
| > Is it reasonable to explore this idea further for at
| > least some of the symmetric Latin Squares, e.g. XOR?
| > Or am I missing some flaw that would make it a waste
| > of effort?
|
| The flaw that you're missing is that doing such things
| results in a cipher that is only efficient in hardware,
| not in software. Also, they would have to be analysed,
| whereas RC4 already has been analysed.
Many of these "symmetric Latin Square functions" are not
necessarily inefficient to implement in software -- the
L(x,y) mentioned above, for example.
And *of course* these ciphers, like any new ones, need to
be analyzed. That's hardly a flaw, imo. The flaw would
occur if they were used without being properly studied!
--r.e.s.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Sat, 03 Mar 2001 05:31:41 GMT
Matt Timmermans wrote:
>
> "Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > And does someone who /doesn't/ believe in randomness call quantum
> > effects "messages from God?"
>
> Maybe. There are alternatives, though. All QM says about randomness
> is that the state of your universe at time t-1 does not completely
> determine the state of your universe at time t.
>
> Sometimes, for example, I don't believe in causality, which makes
> "randomness" a meaningless concept. (how Zen!)
I sorta understand the other things in this post, but not this. Not
believe in causality? What does that mean, and what does it imply?
> Sometimes I like to believe in two-way causality, i.e., the
> correlation of the photons is caused, in part, by comparing their
> polarizations at some point in the future. There may be enough future
> cause to let a simply chaotic process, rather than a non-deterministic
> one, fill in the information that quantum randomness seems to produce.
Hmm. Of course, you might want to consider that, from the point of view
of the photon, it's creation(emmision) and destruction(absorbtion) occur
simultaneously, due to relativity. Hmm. Perhaps you *are* considering
that, and from that got your two-way causality conclusion -- after all,
if you're a photon, then to you, birth, death, and everything in between
all all take place simultaneously, then you can't say that one thing
happened before another... so "later" things /could/ indeed "cause"
"earlier" things.
> It's also possible to believe in "indirect causality", such that
> information can disappear from the universe at time t-2 (down a black
> hole, for example), only to reappear at time t as a seemingly random
> event.
Huh?
> And, of course, that popular-though-profoundly-annoying many-worlds
> interpretation of QM destroys randomness as well.
Randomness, yes, but not unpredictableness. If many-worlds is true,
there is no way to determine which of them we are going to be in; and if
we are measuring some quantum phenomenon, and have recoded bot not
looked at the recording, there is no way to determine which one we are
in.
Umm. Does the probability wave collapse when the phenomena is recorded,
or when a human looks at it? If it's the later, not the former, are we
able to tell?
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
Date: 3 Mar 2001 05:50:48 -0000
From: [EMAIL PROTECTED] (Frodo)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] (Free-man) wrote:
>
> On Fri, 02 Mar 2001 21:26:28 GMT, Jim Taylor
<[EMAIL PROTECTED]>
> wrote:
>
> >Sometimes I wonder about these groups. Are you all drug
dealers or
> >something? What would be so bad about the FBI or NSA, with
considerable
> >effort and expense, being able to decrypt a PGP message?
Aren't they the
> >good guys trying to protect _us_ against spies, terrorists
and organized
> >crime?
>
> No. Most of what law enforcement does is a violation of
individual
> rights. Most of the laws that they enforce are unjust,
bullshit laws
> that criminalize honest trade and peaceful behavior. Many
cops are
> nothing but enforcement goons for the government mafias. They
> enforce monopolies on drugs, guns, gambling, etc. They
commit more
> crimes than the bad guys.
>
> Rich Eramian aka freeman at shore dot net
Well, they also protect us against nutcases wearing tinfoil
skullcaps.
But they don't need to crack encryption to do that.
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: Completly wiping HD
Date: Sat, 3 Mar 2001 18:52:57 +1300
"David Griffith" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I wish to completly wipe a 2gig harddisk. There is now no data i want to
> keep, however neither do i want anything to be recoverable.
> I thought a linux boot disk, root fs from a ramdisk , with a shell
> script doing this kind of thing
>
> dd if=/dev/random of=/dev/hda
> dd if=/dev/zero of=/dev/hda
>
>
> Is this enough to wipe it clean?
> Is /dev/urandom enough so as not to run out random data?
>
> Thanks in advance
>
>
A related question, would winding a whole heap of wires around the HDD then
plugging it (the wires) into an AC source for a few hours be adequate (an
not damage the hardware you want to keep)? Ie: putting the drive into the
center of an oscillating electromagnet.
Just a thought (not that I'm going to try it though),
Michael
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: RSA Key Generation
Date: Sat, 3 Mar 2001 19:01:53 +1300
You might be interested in my idea here, though:
http://odin.prohosting.com/~dakkor/rsa/
Michael
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 3 Mar 2001 19:03:57 +1300
"Tony L. Svanstrom" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Nemo psj <[EMAIL PROTECTED]> wrote:
>
> > Makes you want to use undisclosed algorithms made with home grown stream
> > ciphers doesnt it.. Because you know if it has a password box or a
source
> > code for it somewhere its security is basicly ZERO.
>
> Yeah, right, if you have the source code you can crack any code... and
> if you give it a password... wow... then it's so crackable... Some one
> needs to do his homework...
>
>
> /Tony
> PS I dunno, I think I must be too tired to understand what he's really
> saying...
I think he's saying "password logger" and "modified executable" :)
Michael
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
