Cryptography-Digest Digest #865, Volume #13 Sun, 11 Mar 01 17:13:00 EST
Contents:
recursive feistel design ("Tom St Denis")
Re: PKI and Non-repudiation practicalities ("Lyalc")
Re: Noninvertible encryption (SCOTT19U.ZIP_GUY)
Re: OverWrite: best wipe software? ("Doom the Mostly Harmless")
Re: [REQ] SHA-1 MD5 hashing software ("Doom the Mostly Harmless")
Re: [REQ] SHA-1 MD5 hashing software ("Tom St Denis")
Blowfish name ("Liam McGann")
Re: [REQ] SHA-1 MD5 hashing software ("Doom the Mostly Harmless")
Re: OverWrite: best wipe software? (Anthony Stephen Szopa)
Re: Really simple stream cipher (David Wagner)
Re: boycott Russia.... (Jim D)
Re: OverWrite: best wipe software? ("Tom St Denis")
Re: [REQ] SHA-1 MD5 hashing software ("Tom St Denis")
Re: PKI and Non-repudiation practicalities (Anne & Lynn Wheeler)
Re: Why do people continue to reply to Szopa? (Eric Lee Green)
----------------------------------------------------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: recursive feistel design
Date: Sun, 11 Mar 2001 20:37:03 GMT
I was wondering if anyone has tried to attack the TC5 cipher I design about
6 months ago. It's designed like Turtle (Matt Blaze) to use recursive
feistel networks as F functions. So basically at the top level there is a
128-bit feistel that uses a 64-bit feistel a the round function. The 64-bit
feistel uses the 32-bit feistel for the round function and so on downto the
16-bit feistel. The 16-bit feistel uses a 8x8 sbox as a round function.
The source is at http://tomstdenis.home.dhs.org/src/tc5.c and is easy to
follow I may write a short pseudo-code thingy if anyone is interested.
The cool thing about my cipher is that it's provably secure against std
linear/diff attacks (not guranteed against other attacks though)...
Tom
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: PKI and Non-repudiation practicalities
Date: Mon, 12 Mar 2001 07:37:48 +1100
those who know me have no need of my name wrote in message ...
><xMiq6.686$[EMAIL PROTECTED]> divulged:
>
>>Well, in somne cases, it makes for good customer retention.
>
>they seem to like keeping you on a leash. i don't see how they'd like
>you being in charge of your own secret. (to wit, most institutions
>will not allow you to select an alternative to your ssn or mother's
>maiden name as additional security verifiers.)
Well, you must with a certificate-based solution - the password you use to
control access/usage of the certificate - you DO use a password to control
use of your certificate, don't you?
And as a generalisation, your password is being verified on a machine of
unknown security or integrity.
>>What's the difference between the 2 environments we've been discussing?
>
>scale.
True, noone has managed to get personal PKI certificates scaled above a few
tens of thousands to my knowledge. A previous employer had more than 6
million PINs on issue, used on average 46 times/year in 1998.
>>About the same as most shared secret models and all CRL based models
>
>i'm not overly interested in the crl models.
>
>i don't see the same effort as most shared secret models. i suspect
>i'm missing something, so i need to think about it some more.
Please do. The challenge is not only the technology, but what the
technology is used for, and it's specific needs
>>That is always the revocation challenge, PKI, shared secret or whatever.
>>Commercially, I (non-lawyer that I am) think most companies would revoke
>>on the suspicion of compromise, to avoid their own negligence liability
>>for insisting something is safe for a relying party to act upon, when it
>>may not be.
>
>and that shows the other half of the revocation challenge -- a denial of
>service attack. and if there is but one secret that can be so revoked it
>can be even more devastating (when even a mistake happens).
>
>>Commercial implementation issues are outside the standard as with all
>>well crafted standards.
>
>i'm not sure i agree that what i described is an implementation issue, if
>the standard makes no allowances.
We are starting stray off-list topics, so perhaps we'd be better off taking
this off the list.
Lyal
>--
>okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: sci.math
Subject: Re: Noninvertible encryption
Date: 11 Mar 2001 21:02:13 GMT
[EMAIL PROTECTED] (Douglas A. Gwyn) wrote in <[EMAIL PROTECTED]>:
>"SCOTT19U.ZIP_GUY" wrote:
>> ... That it becomes trivally easy to test a key for a solution ...
>
>The crux of the matter is that, if you have a method of cryptanalysis
>that produces the right key, you don't need to test for a solution.
>And in any other case, what are you doing testing keys? There are too
>many of them for that to be a feasible mathod of attack.
>
Its not that you necessiarly have a key to test. The fact that
you can shows that the encrypted text carries with it all the information
to be decrypted. Some smart person at the NSA may have the neans to
recover it with out testing directly all the keys. The point is
one should never intentionally do something that makes the encryption
weaker. I think there may be fewer guys at the NSA that have the
correct smarts now that the cold war is susposedly over. So maybe
its not of much a concern any more.
There are other reasons for using a method that allows bad keys
to produce a valid file that could have been encrypted. Supose one
lives in the UK that formerly free country and the governement knows
you used program X to do the compressing and encryption. One would
like to be able to give a false key so they will be happy. If you
used poorer compression you may have to give the correct key if
you remmber it or go to jail.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: "Doom the Mostly Harmless" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Sun, 11 Mar 2001 21:20:12 GMT
> I think I have made Ciphile Software's OverWrite Security Utility
> Version 1.2 perhaps the best wipe utility available for Windows.
>
> Read below and you tell me. Now available for direct download at
> www.ciphile.com
Oh, wow! You were absolutely right. All of my concerns have been answered.
I was afraid that I was thinking of you unfairly, and that you might
actually have a clue but not know how to express yourself accurately. Now,
I'm pretty sure that you /are/ a poser.
But now, a weight has been lifted from my shoulders. I think I'll ignore
these threads in the future -- they were a good laugh, but it's getting
tedious.
Au revoir.
--
To air is human....
--Doom.
------------------------------
From: "Doom the Mostly Harmless" <[EMAIL PROTECTED]>
Subject: Re: [REQ] SHA-1 MD5 hashing software
Date: Sun, 11 Mar 2001 21:20:14 GMT
<snip>
> Oh boy trialware... hot digittiy. Who on earth would buy an
implementation
> of SHA?
Someone without your 3l33t k0d1ng sk1LLz? :-)
--
To air is human....
--Doom.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: [REQ] SHA-1 MD5 hashing software
Date: Sun, 11 Mar 2001 21:31:07 GMT
"Doom the Mostly Harmless" <[EMAIL PROTECTED]> wrote in message
news:h_Rq6.6063$[EMAIL PROTECTED]...
> <snip>
> > Oh boy trialware... hot digittiy. Who on earth would buy an
> implementation
> > of SHA?
>
> Someone without your 3l33t k0d1ng sk1LLz? :-)
What does "3l33t" spell?
Tom
------------------------------
From: "Liam McGann" <[EMAIL PROTECTED]>
Subject: Blowfish name
Date: Fri, 9 Mar 2001 03:04:18 -0000
Anyone know where Blowfish gots its name?
Thanks,
L.M.
------------------------------
From: "Doom the Mostly Harmless" <[EMAIL PROTECTED]>
Subject: Re: [REQ] SHA-1 MD5 hashing software
Date: Sun, 11 Mar 2001 21:40:30 GMT
> > Someone without your 3l33t k0d1ng sk1LLz? :-)
>
> What does "3l33t" spell?
>
> Tom
"elite" or, rather "eleet" -- I figured if I was going to tease you, I'd go
all out. :-)
--
To air is human....
--Doom.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Sun, 11 Mar 2001 13:44:25 -0800
"Trevor L. Jackson, III" wrote:
>
> Caveat lector.
>
> Lest innocents suffer, let the reader beware: The author of this software
> has struck out.
>
> Strike 1: He has not the slightest concept of the design and
> implementation of security software.
>
> Strike 2: He is impervious to all attempts to help him understand the
> issues.
>
> Strike 3: His products are unusable due to the unbelievably awkward
> methodology they require of the user.
>
> > <major snip>
> >
> >
> > Take as much care as you think you should."
> >
> > Let's see you get out of this box.
Tell us now why OverWrite will not work.
Not one of you has addressed the recommended procedures that I have
made regarding the dedicated hard drive partition that essentially
forces and guarantees the overwrites, or the major innovation I have
added to the OverWrite software: user determined suspension interval
of program execution between passes allowing the OS and hardware to
perform the overwrites.
Mr. Goldberg likes to say that just because the HD LED comes on that
this just means that the data is being placed in the HD cache and
that no write is taking place. Great theory. Then he or anyone
else can certainly explain why the HD heads can be heard and
felt to repeatedly reposition with each pass and from all outward
observable indications write to the hard drive. If the data was
just being loaded into the HD cache there would be no need to
repeatedly reposition the HD heads and grind out what one can only
reasonably conclude is a write between passes. There would just be a
silent non vibrating flash of the LED. Why isn't this the case? He
likes to point out theory to attempt to counter logical argument but
these are observable facts. Mr. G: Got a better theory?
Partitioning an existing partition of a hard drive is a minor
procedure with the appropriate software that is readily available.
If you are most serious about having the capability to overwrite
sensitive data on your hard drive with OverWrite you will take these
extra steps to do so.
Anyone interested in an overwrite program would consider what I have
said very carefully. People who have an interest to keep such
capability from others will attempt to detract from my OverWrite
software (any way they think they can.)
Address the issues as I have stated in this thread: will my
procedures regarding a dedicated hard drive partition guarantee an
overwrite and if not why?
I would like to add one more parameter to the use of the OverWrite
software: If you do follow my recommendations then you should
overwrite using a file that is larger than the cpu or hard drive
cache. If the data is merely being placed in the hard drive cache
as some of you may still insist even in light of what I have said
this will fill the cache and force these caches to flush and
therefore effect the write to the hard drive.
Address these issues with facts. Or have I sufficiently placed your
objections and arguments in such a small confining box that you are
all incapable of getting out of it so you resort to pathetic attacks
on my person and denigrate the software and avoid its recommendations?
Cat got your tongues?
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Really simple stream cipher
Date: 11 Mar 2001 21:44:51 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Yes. All of those other recommendations [avoid ECB mode, change session
keys, make sure stupid applications can't cause re-use of IV's, etc.] are
good ones. But so what? Good crypto layers already follow all this
advice. And there's no reason they can't follow one more guideline:
namely, make sure the app never gets to see decrypted data unless it
has been correctly MAC'ed. This is not hard to do.
I do suspect you may be viewing this the wrong way. You seem to be
arguing: "Some crypto engines expose apps to certain types of risks,
therefore it can't hurt to add yet another risk". This is asking for
trouble. Better is to say "Some crypto engines expose apps to certain
types of risks, therefore it would be prudent to eliminate as many risks
as we can, and to minimize the number of failure modes we can't avoid".
The existence of one pitfall does not justify adding still more pitfalls!
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: Sun, 11 Mar 2001 21:42:30 GMT
Reply-To: Jim D
On Sat, 10 Mar 2001 02:38:39 -0600, "WW" <[EMAIL PROTECTED]> wrote:
>Ren� <[EMAIL PROTECTED]> wrote in message
>news:u4lq6.6209$[EMAIL PROTECTED]...
>> _What_ Russian products? Do they actually _make_ something? Other than
>that,
>> that's fine with me. Not that I care too much for these pestering
>Witnesses,
>> but I can tolerate them. Russians on the other hand..I fucking hate
>> them...come to think it, yes, Russia makes the famous AK's....which
>suck...
>They also make pilotless MIR bombs..............
Let's hope they know how to use them effectively.
--
___________________________________
George Dubya Bushisms No 4:
'Welcome to Mrs Bush and my
fellow astronauts.'
Posted by Jim Dunnett
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Sun, 11 Mar 2001 21:48:41 GMT
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tell us now why OverWrite will not work.
Reply to my reply of your OP.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: [REQ] SHA-1 MD5 hashing software
Date: Sun, 11 Mar 2001 21:49:50 GMT
"Doom the Mostly Harmless" <[EMAIL PROTECTED]> wrote in message
news:ihSq6.113515$[EMAIL PROTECTED]...
> > > Someone without your 3l33t k0d1ng sk1LLz? :-)
> >
> > What does "3l33t" spell?
> >
> > Tom
>
>
> "elite" or, rather "eleet" -- I figured if I was going to tease you, I'd
go
> all out. :-)
I have a free sha256 implementation in C for anyone who is interested
http://tomstdenis.home.dhs.org/src/sha256.c
Tom
------------------------------
Subject: Re: PKI and Non-repudiation practicalities
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Sun, 11 Mar 2001 21:50:49 GMT
"Lyalc" <[EMAIL PROTECTED]> writes:
> Please do. The challenge is not only the technology, but what the
> technology is used for, and it's specific needs
as an aside, possibly to see the contrast between a shared-secret
infrastructure and a secret infrastructure in the case of
biometrics. biometrics can be used in either a shared secret scenerio
(the biometric metric is transmitted along with the transaction to the
relying party) or in a secret scenerio (the biometric metric is used
to activate something like a hardware token, but is not part of the
transaction, known by the infrastucture &/or relying party).
there is a bunch of stuff in x9.84 (Biometric Information Management
and Security) having to do with protecting a biometric shared secret
infrastructure. In a PIN-based shared-secret scenerio, when the PIN
value is compromised, invalidate the old PIN and issue a new one. A
problem in a biometric-based shared-secret scenerio, when a biometric
value is compromised, it is difficult to issue new fingers, eyeballs,
DNA, etc. at the current technology state-of-the-art.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: Why do people continue to reply to Szopa?
Reply-To: [EMAIL PROTECTED]
Date: 11 Mar 2001 15:53:27 -0600
On 11 Mar 2001 08:45:09 -0700, Vernon Schryver <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>,
>Eric Lee Green <[EMAIL PROTECTED]> wrote:
>>I usually ignore Szopa, but I have a cold and can't venture far from
>>my chicken soup, so this is how I'm entertaining myself. Besides, it
>>has been educational. I've dug around in Windows preferences and
>>discovered things that I didn't know existed there, I've investigated
>>how Windows writes blocks to disks (all kinds), found out some interesting
>>things about how the Unix buffer cache works, etc. All in all, a very
>>productive use of down time forced by a cold.
>
>Maybe so or maybe not. For example, unless one has access to more
>versions of flavors of UNIX box than is likely, one cannot find out
>"how the Unix buffer cache works," because there is no singular "Unix
>buffer cache." The variations in how UNIX systems manage their buffer
Well, let me put it this way: UNIX V7 buffer cache.
As well as going and investigating the Linux buffer cache/page
cache. And the BSD 4.3 one (I have the original "Demon Book" but had
not read it in many many years).
Very fascinating stuff. I knew buffer caches existed, but not much about
the actual algorithms used, and the challenges when dealing with
transactional filesystems (i.e., order *IS* important then, as vs. the
original Unix buffer cache, where the flusher started at the start and
ended at the end writing dirty blocks to disk).
>While it is nice to have clues about this or that mechanism, the most
>valuable clues are about what one does not know. The most important
>lesson to be learned from a kook is how easy it is for any of us to
>be loudly certain about things that aren't so.
Heheh. True enough. I don't do that as often as I did when I was
young, but people still call me on something from time to time. I look
to see if they're right, and if they are, I shut my yap in
embarrassment. Loudly insisting you're right and everybody else is
wrong at the top of your lungs is a sign of immaturity, especially if
somebody shows you where exactly you went wrong with book, chapter,
and verse reference. Alas, there are many, many immature people in
this world -- some of whom remain immature even past age 60.
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
