Cryptography-Digest Digest #862, Volume #13 Sun, 11 Mar 01 14:13:01 EST
Contents:
Re: Noninvertible encryption (John R Ramsden)
Re: => FBI easily cracks encryption ...? (CR Lyttle)
Re: Dumb inquiry.... (John Savard)
Re: Dumb inquiry.... (Mok-Kong Shen)
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
Potential of machine translation techniques? (Mok-Kong Shen)
Re: boycott Russia.... ("Simon Johnson")
Re: Dumb inquiry.... ("Simon Johnson")
Re: boycott Russia.... ("Fedor V. Ignatov")
Re: A question about passphrases (Kent Briggs)
Re: A question about passphrases ("Scott Fluhrer")
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ....... (stanislav shalunov)
Re: OverWrite: best wipe software? ("Tom St Denis")
Re: Dumb inquiry.... ("Tom St Denis")
Re: boycott Russia.... ("Ren�")
Re: boycott Russia.... ("Rene")
RSA encryption on Windows -- C++ source code ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John R Ramsden)
Crossposted-To: sci.math
Subject: Re: Noninvertible encryption
Date: Sun, 11 Mar 2001 16:17:57 GMT
Amethyste <[EMAIL PROTECTED]> wrote:
>
> a non invertible transformation has some drawback like this
>
> "do you mean"
>
> becoming after adding (randomly) n e r i n g
>
> "done your meaning"
>
> and it is not the worse example I could find ...
It's true there are bad-case examples like this. But I suggest that
randomly added letters could be made far more obvious semantically
without compromising the overall randomness of the resulting text.
For a start it would generally be better to increase the length of
randomly added sequences, especially if these were embedded in words
to increase the average word length. (Remember, the distribution of
_spaces_ in the text may also help would-be decrypters.)
Making every randomly added sequence a separate word would greatly
simplify and "disambiguate" interpretation of the resulting text;
but it might introduce a chink in the armour from a cryptographic
standpoint, since spaces would always delimit random/non-random
boundaries. Also, it would probably be essential to embed random
strings in words in order to break-up commonly occurring letter
sequences within those words.
The program adding the extra random letters to words could include
checks that the result of padding a word would not be another valid
word, either as such or with any substring of the padding string
excised.
Also, before encrypting the padded text, the program could play
devil's advocate by running its own analysis on the text, for example
to ensure that the meaningful text had been diluted sufficiently for
the overall distribution of letter sequences to be adequately random.
> definitively a cryptosystem *must* be invertible
True. The only difference in this system is that the recipient is
required to complete the inversion, at a level of interpretation not
yet attainable by machines, the idea being to make the plaintext
syntax and, at a lower level (perhaps even more important), its
statistical characteristics much harder for those machines to
distinguish from a random string.
But I can see why the idea of an "open-ended" scheme like this may
worry and perhaps irritate mathematicians schooled in the formal
theory of algorithms ;-)
The key questions here are how much deviation from text "noise" is
required for a human recipient to be capable of picking out all the
signal, and is this threshold below what a machine, in the course
of a decryption attempt, would recognise as significant?
Cheers
===========================================================================
John R Ramsden ([EMAIL PROTECTED])
===========================================================================
The new is in the old concealed, the old is in the new revealed.
St Augustine.
===========================================================================
------------------------------
From: CR Lyttle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sun, 11 Mar 2001 16:36:20 GMT
Phil Zimmerman wrote:
>
> What encryption was Hansen using that it was so easily cracked?
It was probably not anything very sophisticated, I would think. After
all Hansen was keeping his id secret from the Russians and they do not
seem to have been in regular electronic contact. If Hansen was using
anything as complex as PGP then he probably used only one key pair that
the FBI got from his home. Exchanging new keys for each transmission
requires two physical contacts, which increases the chances of being
detected. Most of the battle is knowing something is happening. So
whatever he used, it was probably pretty simple and designed to keep out
casual snoopers.
--
Russ
<http://home.earthlink.net/~lyttlec>
Home of the Universal Automotive Test Set
Linux Open Source (GPL) Project
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dumb inquiry....
Date: Sun, 11 Mar 2001 16:38:11 GMT
On Sun, 11 Mar 2001 08:25:51 -0500, <[EMAIL PROTECTED]> wrote, in
part:
>If a PHT is (modular addition) x = 2a+b, y = a+b what if you use 2a+b,
>2b+a? Does it have an mathematical inverse? (I don't consider an S-box)
>What kind of statistics does it produce? Is it unwise for cryptography?
The PHT has an inverse, because it is constructed simply in two steps:
(a, b) -> (a, b+a) -> (a+(b+a), b+a)
so it's obvious that each step has an inverse, sort of for the same
reason that Feistel rounds are invertible.
There's nothing wrong with 2a+b, 2b+a, but the standard PHT is simply
easier to work with, and its inverse is simpler as well: it's just
(x,y) -> (x-y, y) -> (x-y, y-(x-y))
that is
(a+(b+a), b+a) -> (a+(b+a)-(b+a), b+a) -> (a, b+a-a)
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Sun, 11 Mar 2001 17:52:55 +0100
[EMAIL PROTECTED] wrote:
>
> If a PHT is (modular addition) x = 2a+b, y = a+b what if you use 2a+b,
> 2b+a? Does it have an mathematical inverse? (I don't consider an S-box)
> What kind of statistics does it produce? Is it unwise for cryptography?
Such (linear) transformations are invertible if the
determinant of the matrix is non-zero with respect to the
modulus. PHT (I have never been able to know where the name
comes from) is the discrete analog of Arnold's map. Lacking
knowledge, I can't answer your two last questions. A point
of note is that the matrix of PHT is not symmetrical,
while yours is.
M. K. Shen
==========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 11 Mar 2001 17:10:23 GMT
[EMAIL PROTECTED] (CR Lyttle) wrote in
<[EMAIL PROTECTED]>:
>Phil Zimmerman wrote:
>>
>> What encryption was Hansen using that it was so easily cracked?
>
>It was probably not anything very sophisticated, I would think. After
>all Hansen was keeping his id secret from the Russians and they do not
>seem to have been in regular electronic contact. If Hansen was using
>anything as complex as PGP then he probably used only one key pair that
>the FBI got from his home. Exchanging new keys for each transmission
>requires two physical contacts, which increases the chances of being
>detected. Most of the battle is knowing something is happening. So
>whatever he used, it was probably pretty simple and designed to keep out
>casual snoopers.
>
I can see for a first contact or even for a few months or even
a year simple encryption may have been used. But give me a break
he was an agent for MANY YEARS do you really think that he would
have used a very simple encryption method just to keep out casual
snoopers when he knew that if he was caught it meant death.
I think he used at least something that is as secure as PGP.
I am not saying he used PGP. Since he may have been in a position
to know that it may be weak. I am just saying he most likely used
something he considered very secure.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Potential of machine translation techniques?
Date: Sun, 11 Mar 2001 18:19:44 +0100
In WWII there had been success of employing very uncommon
natural languages or dialects for purposes of secret
communications, the most well-known being Navaho (see Kahn's
book The Codebreakers).
Now that machine translation of natural languages has reached
a fairly advanced state, wouldn't it be feasible to create an
appropriate generic class of artificial languages covering a
more or less limited universe of discourse and with grammars
that are not too difficult for achieving fidelity of results
such that, with a key, one can select which one of such
languages is to be used in a concrete situation?
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: Sun, 11 Mar 2001 18:02:23 -0800
Ren� <[EMAIL PROTECTED]> wrote in message
news:u4lq6.6209$[EMAIL PROTECTED]...
> _What_ Russian products? Do they actually _make_ something? Other than
that,
> that's fine with me. Not that I care too much for these pestering
Witnesses,
> but I can tolerate them. Russians on the other hand..I fucking hate
> them...come to think it, yes, Russia makes the famous AK's....which
suck...
>
Hrm, i wonder if you've ever talked/met a russian?
In fact, i wonder if you have met suffiently many of them to actually
justify your hate?
If AK's suck, then why did they become famous? Dyson hoovers are only famous
because they're 'good' :)
Simon.
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Sun, 11 Mar 2001 18:11:30 -0800
<[EMAIL PROTECTED]> wrote in message news:T2Lq6.5$[EMAIL PROTECTED]...
> If a PHT is (modular addition) x = 2a+b, y = a+b what if you use 2a+b,
> 2b+a? Does it have an mathematical inverse? (I don't consider an S-box)
> What kind of statistics does it produce? Is it unwise for cryptography?
>
On its own, this is insecure to both differential and linear cryptanalysis.
This stated, functions such as this rarely stand by themselves in ciphers
and in combination this function might work well with others.
Simon.
------------------------------
From: "Fedor V. Ignatov" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: Mon, 12 Mar 2001 00:09:44 +0600
Maybe we make boycott American? it's will be fun.
>
>Ren=E9 <[EMAIL PROTECTED]> wrote in message
>news:u4lq6.6209$[EMAIL PROTECTED]...
>> _What_ Russian products? Do they actually _make_ something? Other than
>that,
>> that's fine with me. Not that I care too much for these pestering
>Witnesses,
>> but I can tolerate them. Russians on the other hand..I fucking hate
>> them...come to think it, yes, Russia makes the famous AK's....which
>suck...
>>
------------------------------
From: Kent Briggs <[EMAIL PROTECTED]>
Subject: Re: A question about passphrases
Date: Sun, 11 Mar 2001 12:13:23 -0600
Crypto Neophyte wrote:
> Two of my programs, Tresor and PGP private for the MAC will tell me if I type
> in the wrong passphrase. How do the programs know if it is the wrong one
> without storing it on the disk? I mean if it is stored on the disk isn't that
> insecure?
> HKRIS
Typically, your passphrase is run through a one-way hashing function and just the
hash or a portion of the hash is saved with the file. When you enter your
passphrase for decryption, the hashing is repeated and compared with the
original.
--
Kent Briggs, [EMAIL PROTECTED]
Briggs Softworks, http://www.briggsoft.com
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: A question about passphrases
Date: Sun, 11 Mar 2001 10:17:37 -0800
Kent Briggs <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Crypto Neophyte wrote:
>
> > Two of my programs, Tresor and PGP private for the MAC will tell me if I
type
> > in the wrong passphrase. How do the programs know if it is the wrong one
> > without storing it on the disk? I mean if it is stored on the disk isn't
that
> > insecure?
> > HKRIS
>
> Typically, your passphrase is run through a one-way hashing function and
just the
> hash or a portion of the hash is saved with the file. When you enter your
> passphrase for decryption, the hashing is repeated and compared with the
> original.
That is, in fact, common, but that's not quite what PGP does. Instead, it
stores the private keys in encrypted form, with the passphrase as the key.
When you type in a passphrase, it uses that to decrypt the private keys. If
you type in an incorrect passphrase, the private keys cannot be decrypted
properly. PGP will realize this, and mention it to you.
This implies that someone who manages to get a copy of your files cannot get
access to your private keys unless he either breaks the encryption, or he
properly guesses the passphrase. The former is computationally infeasible,
and the second is also infeasible if you selected the passphrase properly.
--
poncho
------------------------------
From: stanislav shalunov <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and services, if
the Russian Federation is banning Jehovah's Witnesses .......
Date: 11 Mar 2001 13:28:55 -0500
In case you're not following the news, read this before you feed the
troll further:
http://dailynews.yahoo.com/htx/nm/20010223/wl/religion_russia_dc_1.html
> Friday February 23 11:00 AM ET
> Jehovah's Witnesses Win Moscow Test Case, Beat Ban
> MOSCOW (Reuters) - The Jehovah's Witnesses won a two-year courtroom
> battle on Friday when a judge refused to liquidate the group's Moscow
> communities in a case seen as a key test of Russia's attitude to
> religious freedom.
[...]
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
"You wake me up early in the morning to tell me I am right? Please
wait until I am wrong." -- John von Neumann, on being phoned at 10 a.m.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Sun, 11 Mar 2001 18:35:18 GMT
<[EMAIL PROTECTED]> wrote in message news:CWKq6.4$[EMAIL PROTECTED]...
>
> Tom St Denis wrote in message ...
> >
> -snip flame-
>
> What ever did you do w/your junky PeeBoo, Tom?
Cute.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Sun, 11 Mar 2001 18:37:11 GMT
<[EMAIL PROTECTED]> wrote in message news:T2Lq6.5$[EMAIL PROTECTED]...
> If a PHT is (modular addition) x = 2a+b, y = a+b what if you use 2a+b,
> 2b+a? Does it have an mathematical inverse? (I don't consider an S-box)
> What kind of statistics does it produce? Is it unwise for cryptography?
>
Well that forms a 2x2 matrix
[2 1]
[1 2]
Which has an inverse by doing "row1 - row2" to get
[1 -1]
[1 2]
Then "row2 - row1"
[1 -1]
[0 3]
Then "row1 + row2/3"
So if my math isn't wrong it's invertible.
Tom
------------------------------
From: "Ren�" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: Sun, 11 Mar 2001 11:50:47 -0700
"Simon Johnson" <[EMAIL PROTECTED]> wrote in message
news:98gebl$731$[EMAIL PROTECTED]...
> Hrm, i wonder if you've ever talked/met a russian?
Yes, I've met plenty of them, enough to last you a lifetime. Did I mention
that I grew up in Russian occupied East Germany? I experienced Russian
"culture" first hand. Also been to Russia in the mid-80's and had a close
look at the pithole they call a country.
> In fact, i wonder if you have met suffiently many of them to actually
> justify your hate?
Most certainly, yes.
> If AK's suck, then why did they become famous?
Well, McDonalds is well-know all over the world, too, but not for their fine
cuisine.
------------------------------
From: "Rene" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: Sun, 11 Mar 2001 11:55:27 -0700
"Fedor V. Ignatov" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Maybe we make boycott American? it's will be fun.
Yes, please do. What are you going to pay with otherwise? Deutschmark,
blackmailed from Germany, worldbank credits you guys will never pay back?
bah, go ahead, boycott everybody, and tell me if somebody will notice.
Dosvidanyia, tovarichsh.
------------------------------
From: [EMAIL PROTECTED]
Subject: RSA encryption on Windows -- C++ source code
Date: 11 Mar 2001 18:56:48 GMT
Hello.
I'm a little nervous about posting to this group because I don't want to
distract everyone from more in-depth and interesting discussions, but I feel
like I'm spinning my wheels looking for a solution to my problem and getting
more and more frustrated. Any help anyone could provide would be greatly
appreciated.
Background:
My senior project is a software delivery system that installs a binary from a
Windows NT server to various (unknown) Windows clients. We've decided we only
need to encrypt a small (<50B) string, everything else doesn't need to be
secure or is in unusable binary format. So we decided against SSL as
overkill. To encrypt this one string, we thought any public-key algorithm
would be our best bet, but chose RSA because it seems to be the most
available and well-documented.
So, what I've been trying to find is some C++ source code that fits the
following criteria:
- small: maybe < 20K, otherwise I'd love to use Wei Dai's Crypto++,
- working on > Windows 98
- free or very cheap
- legal internationally or modifiable to handle export regulations
- usable in a commercial product
and maybe if I'm lucky, also:
- easy-to-use
- well-documented
I'd like to be able to roll this source code into our existing Visual C++
project file (which uses MFC) to encrypt the string client-side and decrypt
it server-side.
Thank you for any help you can offer. I really appreciate it.
-Drani.
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
