Cryptography-Digest Digest #859, Volume #13 Sun, 11 Mar 01 03:13:01 EST
Contents:
Re: won't you tell me something about my encryption scheme ? ("Joseph Ashwood")
Re: One-time Pad really unbreakable? ("Douglas A. Gwyn")
Re: Text of Applied Cryptography .. do not feed the trolls (SCOTT19U.ZIP_GUY)
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
Re: Super strong crypto ("Douglas A. Gwyn")
Re: The Foolish Dozen or so in This News Group ("Douglas A. Gwyn")
Re: => FBI easily cracks encryption ...? ("Douglas A. Gwyn")
Re: => FBI easily cracks encryption ...? ("Douglas A. Gwyn")
Re: => FBI easily cracks encryption ...? ("Douglas A. Gwyn")
Re: Question ("Douglas A. Gwyn")
Re: Noninvertible encryption ("Paul Lutus")
Re: Really simple stream cipher ("Henrick Hellstr�m")
Re: Noninvertible encryption ("Douglas A. Gwyn")
Re: Why do people continue to reply to Szopa? (Eric Lee Green)
Re: Why do people continue to reply to Szopa? (Eric Lee Green)
----------------------------------------------------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: won't you tell me something about my encryption scheme ?
Date: Fri, 2 Mar 2001 12:25:19 -0800
[sent in both private mail and to newsgroup]
Perhaps you should read the FAQ at some point. If you have than this should
be a refresher course, if you haven't please read the FAQ for more details.
Your specification text is completely worthless. Your specification needs to
give details to the point where an independent person without access to your
source code or program code write code that will generate the exact same
values for any input set. Additionally the first thing that is looked for is
your own analysis of it, in particular attack methodologies that fail
against it, they require more blocks than is possible or they require more
than brute force effort. This is a very critical detail, this tells us that
there might actually be something of use. If you'd like to see how this is
done please feel free to take a look at the AES competition, it was a
wonderful example of this. For a wonderful example of proper writing of a
specification take a look at Whirlpool
(https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool
.zip) it is very well done. You'll find a complete lack of statements like
"used in random order" "pseudo random series" etc. You'll also find that it
is much more than a series of poorly written statements which have little to
no mathematical meaning.
We do not bother with source code. This is knowledge gleaned from having to
deal with vast numbers of individuals every year claiming to have invented a
new encryption algorithm, most of which are completely useless. From the
source code we have to build the algorithm, then we can analyze the
algorithm. Additionally many of us don't like to read obfuscated source code
(reference anything written by DS), and so we will only do it if you pay us
large quantities of money. Additionally there is the generally very large
issue of Endianness which is a continual pain in the side for source code.
Now if you'd like to avoid having to do analysis of your algorithm and still
have people look at it, the path is fairly easily pointed out. Break
everything in sight, break Rijndael, break Twofish, break Serpent, MARS,
RC6, IDEA, Khazad, MISTY1, Nimbus, CS-Cipher, Anubis, Camellia, Grand Cru,
Heirocrypt-3 Neokeon, Q, SC2000, SHACAL, NUSH, SAFER+, SAFER++, BMGL,
Leviathan, etc the list goes on. If you can successfully break even a small
number of these and publish, you can safely publish a cipher that people
will examine even if you don't. That path though is probably much longer
than the other of examining your own cipher.
Joe
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Sun, 11 Mar 2001 06:06:39 GMT
Dave Knapp wrote:
> ... The many-worlds hypothesis (it isn't a theory yet) is
> deterministic, but it is unable to predict the results of a single
> observation, since the worldline in which the observation will be
> made is unpredictable. Thus, the inherent randomness of quantum
> mechanics has just been pushed one layer back.
Yup. I think many-worlds was developed close enough to a theory
to allow us to evaluate it. Since it predicts the same observables
as conventional quantum theory, it need to offer some conceptual
advantage over the latter if we are to prefer it, but I don't know
of anyone who thinks a (nondenumerably) infinite ramification of
universes is a conceptual improvement.
Some day when I get the time I'd lik to explore another notion
that in effect balances Little's reverse-wave theory against the
usual forward-wave theory. Remember psi psi* ? psi is associated
with the forward wave and psi* with the reverse wave, a nice blend
of source and sink. With the right sort of formulation, this might
help us get a better mental picture of what is going on in q.m.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: 11 Mar 2001 05:56:34 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<diCq6.10191$[EMAIL PROTECTED]>:
>
>"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> [EMAIL PROTECTED] (Tom St Denis) wrote in
>> <CFAq6.9449$[EMAIL PROTECTED]>:
>>
>> >
>> >"Dan Beale" <[EMAIL PROTECTED]> wrote in
>> >message news:ZCAq6.1295$Q7.26476@stones...
>> >>
>> >> "Sundial Services" <[EMAIL PROTECTED]> wrote in message
>> >> news:[EMAIL PROTECTED]...
>> >> > Do not feed the trolls, Tom. They love to eat and make noise.
>> >> >
>> >> >
>> >> > Tom St Denis wrote:
>> >> > >
>> >> > > "Ryan M. McConahy" <[EMAIL PROTECTED]> wrote in message
>> >> > > news:3aa9594e$0$62146$[EMAIL PROTECTED]...
>> >> > > > I am _not_ a troll! If I can't find it from you, I'll find it
>> >> somewhere
>> >> > > > else.
>> >> > >
>> >> > > What? Applied Crypto is not free so why ask here?
>> >> > >
>> >> > > Tom
>> >> >
>> >>
>> >> people may not agree with giving away the (possibly pirated) text,
>> >> but how about the source code, which (last time I checked) was not
>> >> available to non-Americans.
>> >
>> >I dunno who wrote the code in the back of Applied crypto BUT IT
>> >SUCKS!. It's the most sloppiest poorly written code I have ever seen.
>> > My blind dog with only three legs (that we call "tripod") can write
>> >better code by randomly typing keys on the keyboard.
>>
>> I don't know but from your comments maybe its some code I wrote.
>> If it works it could be mine.
>
>Um have you even picked up a copy of applied crypto?
>
I am not sure. If its the one Mr BS wrote I picked it up
at Barnes and Noble. Read part on compression before encryption
didn't say much. Look at a few other chapters but did not buy.
I use to have an early copy of the CODE BREAKERS year ago.
But I also liked the Puzzle Palace. ANd have checked many out
or read at library.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 11 Mar 2001 05:58:04 GMT
[EMAIL PROTECTED] (Phil Zimmerman) wrote in
<[EMAIL PROTECTED]>:
>What encryption was Hansen using that it was so easily cracked?
>
>
Well Phil maybe it was PGP.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Sun, 11 Mar 2001 06:13:32 GMT
David Wagner wrote:
> What's lacking is not desire, but knowledge how to proceed.
Step one would be to develop a formal treatment of the propagation
of information through Boolean functions. The nice thing about
such functions is they are equivalent to questions. And we know
how to apply information to evaluating answers to questions, namely
though weight of evidence aka discrimination information. I would
feel much better about the state of the art if I could find
*any*thing along these lines in crypto textbooks..
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Date: Sun, 11 Mar 2001 06:17:17 GMT
Anthony Stephen Szopa wrote:
> I am not convinced this is so. The documentation says specifically
> "system-allocated" buffers are flushed.
I explained before how the *context* (not to mention an understanding
of how things are actually implemented) makes it clear that those
buffers are the ones dealt with explicitly by the stdio support
library, not the operating system's file allocation support.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sun, 11 Mar 2001 06:19:06 GMT
Mxsmanic wrote:
> The best algorithms available to the general public already provide
> better security than most governments are likely to require.
? How do we know this?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sun, 11 Mar 2001 06:31:10 GMT
Mxsmanic wrote:
> In all computer-based cryptosystems, cryptography has advanced much
> further than cryptanalysis. The more advanced computers become, the
> greater the gap between the cryptographer and the cryptanalyst, with
> all the advantage going to the cryptographer.
You're merely repeating what I already disputed. I'm sure that's
a popular *opinion*, but how do we *know* that it is so? The only
arguments I've heard so far have been based on an erroneous
assumption, that C/A has to proceed by brute-force key search
or else that the best possible attacks are certain horribly weak
ones that happen to have already been published.
> Recovering one bit of the key or one bit of the plaintext isn't very
> useful unless it can be extended to recovering the entire key or the
> entire plaintext, and moving from a merely interesting academic
> experiment to a practical method of consistently and rapidly cracking
> a cryptosystem is quite a huge step.
Most attacks do not recover just a single bit, but if they did,
quite often that new information could be constant-folded into
the problem to produce an easier new problem, and iterating will
eventually get all the bits.
> > The safe assumption, as opposed to the warm cozy
> > one, is that whatever algorithm you choose has
> > vulnerabilities you don't know about.
> Yes, but if you are already using the most secure system you can
> find, this doesn't have much practical impact on your operating
> methods.
Maybe you missed the discussion in the "super strong crypto" thread.
The problem is that people are *using today* block ciphers as though
they were unconditionally secure, with no extra margin of safety if
that assumption happens to be wrong. There *are* additional, easy
to afford, measures that could be applied to cover one's @$$. If one
starts out being suspicious of the security of "the most secure system
you can find", one is less likely to just accept it as is and more
likely to make it more secure. Attitudes matter.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sun, 11 Mar 2001 06:34:00 GMT
Mxsmanic wrote:
> Protocol failures have been responsible for virtually all compromise
> of cryptosystems throughout history, except for the earliest and most
> trivial cryptosystems. Cracking a cryptosystem through pure
> cryptanalysis alone is extraordinarily rare.
Um, no. Although quite often "special circumstances" do provide the
opening wedges into systems, without genuine cryptanalysis a lot of
them would not have been exploited to nearly the extent that ocurred.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Question
Date: Sun, 11 Mar 2001 06:44:22 GMT
Dragon wrote:
> Now that I have cleared that, I was wondering if someone can guide me
> to any decrypting program. I have this encrypted file which I need to
> decrypt. I know some of the exact contents of the file. It was
> encrypted with a program I no longer have. As a matter of fact, I
> don't even remember the program name any more. One thing I do
> remember is that I did not have to enter any password or keys to
> encrypt the file.
It would be a rather strange notion of encrypting if *some* key
weren't used, because otherwise anyone could execute the decryption
program to read the original file. If you didn't have to manually
provide the key then it must have been provided automatically,
perhaps using a PGP "key ring" or data on a floppy disk, etc.
Anyway, to address your situation directly, there is no such thing
as a general-purpose program capable of decrypting arbitrary
encrypted files. If you can't at least find the name of the program
used to do the encryption, which would enable you to ask the "hacker"
community, then your best bet would be to give whatever information
you have to a professional cryptanalyst and pay him to try to crack
it. Success would not be guaranteed (although perhaps payment could
be contingent on success).
------------------------------
From: "Paul Lutus" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Noninvertible encryption
Date: Sat, 10 Mar 2001 22:55:24 -0800
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I think compression with encryption following is a greatly over
> looked topic. Compression should help before encryption. But many
> compression methods actually add information to a file so that it
> can in theory make it weaker.
You mean the encryption becomes weaker? No. This would suggest that
compression partially decodes an encrypted file. The only purpose of
compression is to compress. It has no effect on the encryption.
And it is a matter of interpretation what "adds information to the file"
would mean. It certainly doesn't add message information. It will add an
unmistakable stamp of the compression method, but this is neutral WRT the
encryption's effectiveness.
--
Paul Lutus
www.arachnoid.com
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Really simple stream cipher
Date: Sun, 11 Mar 2001 08:50:19 +0100
"Thomas Wu" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> "Henrick Hellstr�m" <[EMAIL PROTECTED]> writes:
>
> > That's not entirely true. Any message authentication scheme have to have
the
> > application reject faulty data, namely the messages that fail the
> > authentication tests.
> >
> > Furthermore, many kinds of client/server system (pop, smtp, http, dns,
> > telnet, the ftp command channel, etc) have to check for faulty data
anyway,
> > because they are expecting a strictly formatted input.
>
> But code in application layers is often written without the assumption
> that the format check has security implications. Imagine an FTP daemon
> that rejects an unknown command by including the offending command name
> in the response; "FOO" results in "FOO: unknown command". Under these
> circumstances, it seems possible that an attacker could exploit this
> behavior under your model to get chosen ciphertext pairs and use it
> to leverage attacks that would not be possible with explicit MACs.
> A user-friendly feature at the application level suddenly turns into
> a security weakness when these abstraction barriers aren't respected.
You might be on to something, but I don't know what and I think I have
already solved it. Assume that:
1. Session keys are established using a DH derivate protocol.
2. An error propagating cipher is used.
3. The server supports asynchronous mode, so two different feedback vectors
are used depending on the direction of the communication.
4. Instead of MACs, each command is padded with blanks so that it is at
least 32 characters wide (or what ever, that's what I do).
5. The FTP server terminates the connection in case of illegal characters.
6. In case of formally legal but unknown commands, the server replies in the
way Thomas Wu describes.
7. The server's log file cannot be seized, presumably because it is not
saved at all.
If the other points don't, point 4 definitely does it. The probability that
a chosen cipher text would result in a formally valid but unknown command,
is equal to the probability that it would happen if a 128-bit sized block
cipher and MAC was used.
But please elaborate. If I have missed something, I surely want to know.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Noninvertible encryption
Date: Sun, 11 Mar 2001 07:58:34 GMT
Paul Lutus wrote:
> ... It will add an unmistakable stamp of the compression method,
> but this is neutral WRT the encryption's effectiveness.
What D.Scott is on about is that most compression methods produce
output that is highly patterned in its initial part. That implies
(partially) known plaintext is available, and that there is an
easy test for trial decryption. I think it is fair to say that
most of us don't think this is, relatively speaking, an important
weakness. However, the previous discussion about it did turn up
some interseting ideas about what was being called "bijective"
compression, i.e. such that any random string has a valid
decompression.
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: Why do people continue to reply to Szopa?
Reply-To: [EMAIL PROTECTED]
Date: 11 Mar 2001 01:47:46 -0600
On Sun, 11 Mar 2001 01:28:07 -0000, Dan Beale <[EMAIL PROTECTED]
fishfinger.uk.invalid> wrote:
>"Paul Crowley" <[EMAIL PROTECTED]> wrote in message
>> If you think he's a troll then don't feed him. If you think (as I do)
>> that he's sincerely clue-resistant, what's the point?
>
>sorry,
>you are right.
>he is quite clearly bonkers. I was just surprised to see him _still_
>here, still coming up with the same nonsense after he had spent _ages_ in
>my 'blocked senders list'.
I usually ignore Szopa, but I have a cold and can't venture far from
my chicken soup, so this is how I'm entertaining myself. Besides, it
has been educational. I've dug around in Windows preferences and
discovered things that I didn't know existed there, I've investigated
how Windows writes blocks to disks (all kinds), found out some interesting
things about how the Unix buffer cache works, etc. All in all, a very
productive use of down time forced by a cold.
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: Why do people continue to reply to Szopa?
Reply-To: [EMAIL PROTECTED]
Date: 11 Mar 2001 01:50:05 -0600
On Sun, 11 Mar 2001 01:28:07 -0000, Dan Beale <[EMAIL PROTECTED]
fishfinger.uk.invalid> wrote:
>"Paul Crowley" <[EMAIL PROTECTED]> wrote in message
>> If you think he's a troll then don't feed him. If you think (as I do)
>> that he's sincerely clue-resistant, what's the point?
>
>sorry,
>you are right.
>he is quite clearly bonkers. I was just surprised to see him _still_
>here, still coming up with the same nonsense after he had spent _ages_ in
>my 'blocked senders list'.
I usually ignore Szopa, but I have a cold and can't venture far from
my chicken soup, so this is how I'm entertaining myself. Besides, it
has been educational. I've dug around in Windows preferences and
discovered things that I didn't know existed there, I've investigated
how Windows writes blocks to disks (all kinds), found out some interesting
things about how the Unix buffer cache works, etc. All in all, a very
productive use of down time forced by a cold.
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
