Cryptography-Digest Digest #867, Volume #13 Sun, 11 Mar 01 21:13:00 EST
Contents:
Re: Really simple stream cipher ("Henrick Hellstr�m")
Got my wish (Was: [REQ] SHA-1 MD5 hashing software) (Thomas Boschloo)
Re: Super strong crypto (David Wagner)
Re: Quantum Computing & Key Sizes ("Tom St Denis")
Re: Quantum Computing & Key Sizes (Bill Unruh)
Re: Quantum Computing & Key Sizes (Bill Unruh)
Re: Text of Applied Cryptography .. do not feed the trolls ("Ryan M. McConahy")
pgp262i-ns.zip cracking contest (Was: Attn: Chris Drake and Thomas (Thomas Boschloo)
Re: ideas of D.Chaum about digital cash and whether tax offices are (John
Christensen)
Re: Quantum Computing & Key Sizes (Tom McCune)
Re: A question about passphrases (Crypto Neophyte)
Digital enveloppe (br)
Re: Digital enveloppe ("Tom St Denis")
Re: Digital enveloppe (br)
Re: An extremely difficult (possibly original) cryptogram (John Savard)
Re: Really simple stream cipher (David Wagner)
----------------------------------------------------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Really simple stream cipher
Date: Mon, 12 Mar 2001 01:13:19 +0100
"David Wagner" <[EMAIL PROTECTED]> skrev i meddelandet
news:98gvd5$chs$[EMAIL PROTECTED]...
> Huh? Whether you use static vs. dynamic linking is orthogonal
> to what your crypto code does.
In a way it does depend. I would possibly mess up the lives of a lot of
people if I were to rewrite some commonly used dll file just to add my
favourite protocols, algorithms and modes of operation. But nothing prevents
me from adding such code to our own applications.
Anyway, we are not discussing the same thing. I am a security product
developer with an interest in cryptography. My major concern is whether or
own products are safe or not. It is at most a minor concern that we
sometimes use technologies any software developer could not be recommended
to use. Just we do it right ourselves and are able to convince others that
we do. And, unless I have misunderstood your line of argument, it might very
well be the case that we do it right.
> When I say "crypto engine", I'm
> referring to what your crypto code does (i.e., whether it uses
> a MAC or not, whether it uses CBC mode or CFB mode), no matter
> whether it's in a DLL or hard-coded into your application.
>
> If you're having troubles with spoofed DLL's, you may want to
> re-consider your choice of operating systems.
Well, a security product developer shouldn't keep any secrets anyway. He
leaves that to his customers. ;-)
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: Thomas Boschloo <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Got my wish (Was: [REQ] SHA-1 MD5 hashing software)
Date: Mon, 12 Mar 2001 01:09:05 +0100
=====BEGIN PGP SIGNED MESSAGE=====
Tom St Denis wrote:
>
> "nemo outis" <[EMAIL PROTECTED]> wrote in message
> news:MhQq6.52508$[EMAIL PROTECTED]...
> > Best I've found is Veracity at the eponymous:
> >
> > www.veracity.com
> >
> > Quoting from the site:
> >
> > "Veracity can calculate the SHA-0, SHA-1, MD2, MD4, MD5, HAVAL (four variants)
> > and Snefru (four variants) digest algorithms, and the CRC-16, CRC-32,
> > Fletcher, Internet, and Sum checksum algorithms."
> >
> > Also supports a wide range of platforms and OSs.
> >
> > Available as uncrippled trialware.
>
> Oh boy trialware... hot digittiy. Who on earth would buy an implementation
> of SHA?
Maybe you were kindly referring to <http://freeveracity.org/>?? <hint>
But I got my wish, <ftp://ftp.veracity.com/> is perfect for my needs.
They've got a MS-DOS version for 2.0.1 and a windows version for 3.1.0.
And they seem totally uncrippled, although the program is a bit overkill
for my modest needs.
But <hits-himself-on-head> I should first have gone to
<http://www.gnupg.org/download.html>. They have a windows version that
is fully capable of producing hashes. Here is some output of both to
demonstrate the easy with which they can be used.
And thanks ELG (you know who you are) for implicating I am a sucker.
Greetingz,
Thomas
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQB5AwUBOqwEmQEP2l8iXKAJAQGnEwMeNQiVQ0CAIs/dzuXiv8Cv6Q2y4j9SZuo6
n7SuRl50t5MzTz0hw2qBejiIiyIgLHtPtwC2gKnqI6I05af7Sxk7N92sY4NdD3xo
/MhUJRiV4RBZWdEDUGrpVf9ZSyzMvxZUtZRy2A==
=gHBq
=====END PGP SIGNATURE=====
==========
C:\My Download Files\y>gpg --version
gpg (GnuPG) 1.0.4-1
Copyright (C) 2000 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: c:/gnupg
Supported algorithms:
Cipher: 3DES, CAST5, BLOWFISH, RIJNDAEL, RIJNDAEL192, RIJNDAEL256,
TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
C:\My Download Files\y>gpg --print-md sha1 veracity.exe
veracity.exe: D9E1 0798 8C9D C79F 6755 129F E10B F02F DB08 BD75
C:\My Download Files\y>veracity attr gpg.exe
Veracity V2.0.1 (05-Jun-1999)
=============================
Copyright (c) Trustus Pty Ltd 1992-1999. All rights reserved.
This command currently only works for regular files.
If a requested attribute does not appear, it is unavailable.
N=Name, T=Type (F=File), K=Kind (B=Binary, T=Text, F=Unknown).
N = "gpg.exe".
T = "F".
B.crc16 = "3972".
B.crc32 = "566CAB1F".
B.len = "07C200".
B.md5 = "0A25400CD96DA3DA10C57B0E8A77208B".
B.sha1 = "170F33BB795CE1D8C0F77AD0EC61FA6B9E82DD70".
K = "B".
C:\My Download Files\y>
==========
(And this is a link I found by searching for 'link:veracity' on
altavista:
<http://www.securityportal.com/lasg/attack-detection/index.html#Tripwire>
But they are mostly (all??) linux/bsd/etc.)
--
Jessica "I'm not bad, I'm just drawn that way"
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Super strong crypto
Date: 12 Mar 2001 00:16:07 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Douglas A. Gwyn wrote:
>Step one would be to develop a formal treatment of the propagation
>of information through Boolean functions.
Could you elaborate? Do you mean an information-theoretic treatment,
i.e., calculation of the conditional entropy H(x | f(x)) and so forth?
Probably this is not what you meant, because it seems that this approach
becomes useless as soon as the redundancy in the plaintext exceeds the
length of the key. However, I'm uncertain what some other definition for
'propagation of information' might look like.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Quantum Computing & Key Sizes
Date: Mon, 12 Mar 2001 00:33:01 GMT
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:E9Uq6.17063$[EMAIL PROTECTED]...
> Calling everyone who asks a question that doesn't measure up to your
> intelect 'trollboy' is hardly constructive.
>
> PS: He's specifically asking about Quantum Computers, not conventional
'RAM
> limited' computing, maybe you should have considered this before idly
> flaming.
>
> And you wonder why people don't take you seriously?
Well space limitations do apply to QC too don't they?
Tom
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Computing & Key Sizes
Date: 12 Mar 2001 00:39:27 GMT
In <vJTq6.241159$[EMAIL PROTECTED]> Tom McCune
<[EMAIL PROTECTED]> writes:
]On page 361 of Secrets & Lies, Bruce Schneier states
]"Quantum computation techniques will render most public-key algorithms
]obsolete..., but will only force us to double the key lengths for symmetric
]ciphers, hash functions, and MACs."
Well, he does not know. Quantum computing changes factoring and discrete
logs into a polynomial time problem-- ie it takes about as long to break
the key as it does to multiply the factors together to get the modulus.
Ie, it makes the known public key (well RSA and I think DH) completely
useless.
However, in doing a database search Grover's algorithm only changes the
search from N to sqrt(N) where N is the size of the database
(2^(keylength)) which is the basis for his comment. HOwever it is
entirely possible that there is a QC algorithm which could turn any
given secret key algorithm into a polynomial time one as well.
]Does this suggest that the newer PGP symmetric algorithm options of 256
]Twofish and AES, would be sufficient (they are twice the key lengths of the
]128 bit symmetric algorithms used by PGP at the time of that writing)?
Since PGP uses the public key algorithms, quantum computers would make
PGP utterly useless.
]At least one of the papers submitted to NIST during the AES selection
]process suggested that brute force attacking these 256 bit algorithms would
]be equivalent to factoring a 15000 bit RSA key. So if these 256 bit
This assumes classical techniques for factoring, not QC techniques.
Under QC techniques, a 256 bit symmetric key would be the equivalent of
about a 10^100 bit RSA key.
]algorithms would withstand Quantum Computing, wouldn't that also suggest
]that a 15k RSA or DH key would also withstand that attack?
No.
]Using currently available official PGP public key sizes, would such Quantum
]Computing attacking have a significant time difference in factoring a 2048
]bit key, instead of a 4096 bit key?
Yeah. It would take about four times as long for 4096 bits. 4
milliseconds instead of one. (Well, that assumes that quantum computers
have an appreciable speedup in cycle time. With current best techiques,
it would be more like 40 days instead of 10 days since current
quantuntum computers run at about the Hz level, not GHz. And that on
only 7 bits, where something like 1 million are needed-- and current
Quantum Moore's law is about one bit improvement per year.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Computing & Key Sizes
Date: 12 Mar 2001 00:46:15 GMT
In <akUq6.241176$[EMAIL PROTECTED]> Tom McCune
<[EMAIL PROTECTED]> writes:
>I should have phrased that better. Would this be a matter of breaking a
>2048 bit key in an hour, and a 4096 bit key in 8 hours, or more like
>breaking a 2048 bit key in a week, and a 4096 bit key in 2 months?
Who knows. Quantum Computers do not exist. Their speed is thus not even
speculative. As I said, you need about a 1 million bit computer to
factor a 1000 bit number. But at present quantum computers are improving
at the rate of about 1 bit a year. Thus, the time scale is about 1
million years. At that time, the quantum computer could then factor that
number very fast. How fast? Whoknows. At present, the operation clock
speed is less than one Hz. At that rate with two levels of error
correction, it would take about 10^16 sec to factor a number.(Pure
guess).
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Sun, 11 Mar 2001 19:52:08 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Actually, I was not asking for noise. I merely wanted an address. I
knew that an electronic version was available. I am a teenager, and
do not have much money, and would prefer it in an electronic version.
Ryan M. McConahy
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
iQA/AwUBOqwdt6Fn8yalvjU2EQJNTACgttfTSRkV2/DUMxbD/9HzpXPb/cwAn1Z/
5wF0BlgKRXn8xQmKWUUhPW9o
=G533
=====END PGP SIGNATURE=====
------------------------------
From: Thomas Boschloo <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: pgp262i-ns.zip cracking contest (Was: Attn: Chris Drake and Thomas
Date: Mon, 12 Mar 2001 01:58:52 +0100
Reply-To: boschloo<@>multiweb<.>nl, group
=====BEGIN PGP SIGNED MESSAGE=====
Sam Simpson wrote:
>
> So if you both agree, Chris will crack:
> http://www.scramdisk.clara.net/pgp262i-ns.zip with corresponding .sig at:
> http://www.scramdisk.clara.net/pgp262i-ns.zip.sig
>
> Right?
Uhm, Not exactly what I wrote (about the signature), but that is just
fine. (btw, love the filenaming ;-)
There is just one thing I might disagree on, that is the person who is
going to crack the file ;-P I just don't think someone like Chris would
have the skills.
Just as a quick reminder, Message-ID: <[EMAIL PROTECTED]>
>
> To deomonstrate true superiority, you would need
> to both crack NetSafe, and build something that I cannot crack. For
> now, we'll settle with "cracking superiority", since I claim I cannot
> crack NetSafe.
Let the trials begin!
Regards,
Thomas
(BTW Do I have two weeks from now or till March 16th 2001 0:00 GMT?? I
can do both I think, but with the later the results might not be as
polished and well documented as with the first)
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQB5AwUBOqwROQEP2l8iXKAJAQHpZQMgsfPLUXrRDmpIihOh/WgDCMrhlz5xf/Ue
g52UsZVBcHVhtBFXuF4SEN6nbLWlVh0+Hlshe7yAmWb7tYb61K/P/NaY+r6cGjmB
hdsHOKuufdT3RXZKT/E52LTtc2Km2GoylOkoTw==
=QxYu
=====END PGP SIGNATURE=====
--
Jessica "I'm not bad, I'm just drawn that way"
------------------------------
From: John Christensen <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: talk.politics.crypto,alt.cypherpunks
Subject: Re: ideas of D.Chaum about digital cash and whether tax offices are
Date: Sun, 11 Mar 2001 21:19:47 -0500
Anonymous wrote:
>
> Sorry to step out of the line, but could you please give me
> some URL on
> freenet technology? My search did only turn up some
> providers. <g>
>
Try http://www.freenet.org
Now could you tell me how you use mail2news ?
Thanks.
>
> |I sure am confusing myself :-) Thanks for all the responces
> so far. I
> |think this is an important discussion, even if I don't get
> all the
> |topics right first time.
> Try an other newsserver: http://www.newzbot.com/
>
> Thomas - GPL for presidency
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: Quantum Computing & Key Sizes
Date: Mon, 12 Mar 2001 01:11:58 GMT
Thanks Bill - I greatly appreciate your responses. But not the
implications. :-)
Tom McCune
http://www.McCune.cc
Please use PGP for Privacy & Authenticity
------------------------------
From: Crypto Neophyte <[EMAIL PROTECTED]>
Subject: Re: A question about passphrases
Date: Mon, 12 Mar 2001 01:18:11 GMT
On Sun, 11 Mar 2001 12:17:37 -0600, Scott Fluhrer wrote
(in message <98gfta$guc$[EMAIL PROTECTED]>):
>
> Kent Briggs <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
>
Thank you for the information.
HKRIS
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Digital enveloppe
Date: Sun, 11 Mar 2001 20:21:44 -0400
I found a site using my idea but my idea doesn't need any Pin or
password.
http://www.digital-envelope.com/
Only the recipient can open the email.
Description of the system "digital enveloppe". I just quote it
Digital Envelope is a simple but efficient way to encrypt all your
emails so that nobody else than the
recipient of the mail is able to read what you sent.
The way it works:
You encrypt your message with the recipients email address as
key. You also can define how long the
message will be readable by specifying an expiration period.
If you have something really secret, you
may enter an extra PIN or pass phrase. You must inform the
recipient about this extra PIN, because
otherwise s/he cannot read it. Then send your message.
The recipient will get the encrypted message in the Inbox of
the mail client. In order to decrypt it, a
personal key must be requested here. The personal key is
protected by a customer chosen Pin or pass
phrase and is delivered by email to the email address
specified in the key. Then the gets activated and
the recipient can read your mail. So easy.
We provide you with all the small pieces of software you will
need for free, so visit our download pages.
Some cryptographic details:
The encryption uses a 128 symmetric encryption and in
addition a chameleon type algorithm that
changes its behavior during the encryption. We think, its
pretty secure. Still there are more secure
encryption schemes available, but this one will give you a
good level of privacy.
______________________________________
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Digital enveloppe
Date: Mon, 12 Mar 2001 01:33:03 GMT
"br" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> I found a site using my idea but my idea doesn't need any Pin or
> password.
> http://www.digital-envelope.com/
>
> Only the recipient can open the email.
>
> Description of the system "digital enveloppe". I just quote it
>
> Digital Envelope is a simple but efficient way to encrypt all your
> emails so that nobody else than the
> recipient of the mail is able to read what you sent.
>
> The way it works:
>
> You encrypt your message with the recipients email address as
> key. You also can define how long the
> message will be readable by specifying an expiration period.
> If you have something really secret, you
> may enter an extra PIN or pass phrase. You must inform the
> recipient about this extra PIN, because
> otherwise s/he cannot read it. Then send your message.
What's to stop me from just copying the msg thereby bypassing your "time
validation" stuff?
> The recipient will get the encrypted message in the Inbox of
> the mail client. In order to decrypt it, a
> personal key must be requested here. The personal key is
> protected by a customer chosen Pin or pass
> phrase and is delivered by email to the email address
> specified in the key. Then the gets activated and
> the recipient can read your mail. So easy.
>
> We provide you with all the small pieces of software you will
> need for free, so visit our download pages.
PGP is quite free and integratable...
> Some cryptographic details:
>
> The encryption uses a 128 symmetric encryption and in
> addition a chameleon type algorithm that
> changes its behavior during the encryption. We think, its
> pretty secure. Still there are more secure
> encryption schemes available, but this one will give you a
> good level of privacy.
Homebrew? It must be secure then!
Tom
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: Digital enveloppe
Date: Sun, 11 Mar 2001 20:36:07 -0400
I'm not talking about my system. My idea is secure as OTP.
So my idea is different.
Only the recipient can read the message whitout any knowlege or pin or
password. He has just to download my software.
My idea seems to be not clear.
Tom St Denis wrote:
>
> "br" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > I found a site using my idea but my idea doesn't need any Pin or
> > password.
> > http://www.digital-envelope.com/
> >
> > Only the recipient can open the email.
> >
> > Description of the system "digital enveloppe". I just quote it
> >
> > Digital Envelope is a simple but efficient way to encrypt all your
> > emails so that nobody else than the
> > recipient of the mail is able to read what you sent.
> >
> > The way it works:
> >
> > You encrypt your message with the recipients email address as
> > key. You also can define how long the
> > message will be readable by specifying an expiration period.
> > If you have something really secret, you
> > may enter an extra PIN or pass phrase. You must inform the
> > recipient about this extra PIN, because
> > otherwise s/he cannot read it. Then send your message.
>
> What's to stop me from just copying the msg thereby bypassing your "time
> validation" stuff?
>
> > The recipient will get the encrypted message in the Inbox of
> > the mail client. In order to decrypt it, a
> > personal key must be requested here. The personal key is
> > protected by a customer chosen Pin or pass
> > phrase and is delivered by email to the email address
> > specified in the key. Then the gets activated and
> > the recipient can read your mail. So easy.
> >
> > We provide you with all the small pieces of software you will
> > need for free, so visit our download pages.
>
> PGP is quite free and integratable...
>
> > Some cryptographic details:
> >
> > The encryption uses a 128 symmetric encryption and in
> > addition a chameleon type algorithm that
> > changes its behavior during the encryption. We think, its
> > pretty secure. Still there are more secure
> > encryption schemes available, but this one will give you a
> > good level of privacy.
>
> Homebrew? It must be secure then!
>
> Tom
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: rec.puzzles
Subject: Re: An extremely difficult (possibly original) cryptogram
Date: Mon, 12 Mar 2001 00:49:57 GMT
On Sun, 11 Mar 2001 20:29:30 GMT, [EMAIL PROTECTED] (daniel mcgrath)
wrote, in part:
>Tysoizbyjoxs, this may be the most complicated code anyone has ever
>done!
If there is really any chance of that, it is hardly worth the effort
to bother trying to solve it, since there are plenty of codes that are
unbreakable in practice.
>Can any of you work out the key?
>I do want to see some comment, even if you are totally lost, as no
>doubt quite a few of you are.
In general, postings of this type are frowned upon.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Really simple stream cipher
Date: 12 Mar 2001 02:04:47 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Henrick Hellstr�m wrote:
>Anyway, we are not discussing the same thing.
I thought we were discussing the merits of MAC's vs. error-propagating
modes? Whether you use DLL's or not, checking somewhere that all messages
are proper-authenticated seems to have inherent merits over not checking
anywhere. I have yet to hear a good argument for implicit authentication
(trusting the app to discard garbled messages) over explicit authentication.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
