Cryptography-Digest Digest #870, Volume #13 Mon, 12 Mar 01 02:13:00 EST
Contents:
Re: OverWrite: best wipe software? ("Trevor L. Jackson, III")
Re: Super strong crypto ("Bryan Olson")
Improvement of a simple cipher ("Alexis Machado")
Re: Noninvertible encryption ("Douglas A. Gwyn")
Re: Any news on the KFB mode? ("Bryan Olson")
RE: Anonymous web browsing (SCOTT19U.ZIP_GUY)
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
Re: Super strong crypto (SCOTT19U.ZIP_GUY)
Re: An extremely difficult (possibly original) cryptogram (SCOTT19U.ZIP_GUY)
Re: Text of Applied Cryptography .. do not feed the trolls (Frodo)
Re: => FBI easily cracks encryption ...? (Phil Schneier)
Re: Super strong crypto (Mok-Kong Shen)
Re: Anonymous web browsing ("Mxsmanic")
Re: Super strong crypto (Paul Crowley)
Re: Encryption software (Paul Crowley)
Re: Encryption software (Paul Crowley)
Re: Potential of machine translation techniques? (Mok-Kong Shen)
Re: Dumb inquiry.... (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 05:00:07 GMT
Anthony Stephen Szopa wrote:
> "Trevor L. Jackson, III" wrote:
> >
> > Caveat lector.
> >
> > Lest innocents suffer, let the reader beware: The author of this software
> > has struck out.
> >
> > Strike 1: He has not the slightest concept of the design and
> > implementation of security software.
> >
> > Strike 2: He is impervious to all attempts to help him understand the
> > issues.
> >
> > Strike 3: His products are unusable due to the unbelievably awkward
> > methodology they require of the user.
> >
> > > <major snip>
> > >
> > >
> > > Take as much care as you think you should."
> > >
> > > Let's see you get out of this box.
>
> Tell us now why OverWrite will not work.
Take the training at http://ftp.fedworld.gov/pub/irs-pdf/p3202.pdf and then
tell us how well your software works.
------------------------------
From: "nospam"@"nonsuch.org" ("Bryan Olson")
Subject: Re: Super strong crypto
Date: Mon, 12 Mar 2001 05:03:25 GMT
Douglas A. Gwyn wrote:
>Bryan Olson wrote:
>> But understand it's no small detail. Thousands have tried
>> to bridge that chasm, and so far all have failed.
>
> But in the meantime, we can try to beef up the methods we have
> by such methods as I was suggesting.
Well, yeah sure, or other methods. But this was supposed to
be about more than one's opinion on what things might help.
> In applications such as
> one I'm supporting at the moment, there are real-world
> constraints that force the security implementation to work too
> close to the edge, and efficient implementation is paramount
> (so the data encryption will be something like Rijndael with
> small parameters). Under such circumstances, anything that can
> be done to get in the way of the enemy cryptanalysts is welcome.
If you have some result showing Rijndael is flawed, or
showing your scheme is strong, that would be significant.
Hypothesizing Rijndael is weak and conjecturing that your
scheme would fix the weakness is not even in the direction
you stated this thread seemed to be about.
--Bryan
------------------------------
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Improvement of a simple cipher
Date: Mon, 12 Mar 2001 02:24:24 -0300
Last year I presented here a block cipher called Nimbus.
The encryption process iterates "r" rounds:
X := K[i] * g(X xor K[r+i]) (mod 2**s) (i = 0 .. r-1)
where
1) X and K[...] are s-bit integers
2) X is the block been encrypted
3) Vector K is derived from a t-bit master key
4) Elements K[i] are odd, allowing multiplicative inverse (mod 2**s)
5) g is a bit-reversal function (Ex: g(10110010) = 01001101)
My current implementation uses r = 5, s = 64 and t = 128.
The palindrome differential D = 2**(s-1) - 2 = 0111...1110 "propagates",
using xor difference, with probability 1/2 in each round and 1/2**r after
r rounds.
To reduce the probability of high Hamming weight differentials, I'm
proposing an additive subkey. The cipher becomes
X := K[i] * g(X xor K[r+i] + K[2r+i]) (mod 2**s) (i = 0 .. r-1)
Let
a) h(X) = X + A represent the round addition (xor operation have no
influence on differential propagation)
b) I(m,n) be a bit sequence extracted from an integer "I", starting on
bit m,
ending on bit n.
If n > m and D(m,n) contains only 1's, the probability of
h(X) xor h(X xor D) = D (equation E1)
will be zero unless
A(m,n) contains only 0's or only 1's (condition C1)
Once C1 is satisfied, A(0, m-1) determines E1 probability.
If subkeys are randomly generated, A satisfy C1 with probability p =
1/2**(n-m).
Now, is very unlikely (1/2**(s-3)) that the differential used to attack the
original cipher (D = 2**(s-1) - 2) could have a non-zero probability.
Suggestions, comments and attacks (of course :-)) are welcome.
---
Alexis
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: Re: Noninvertible encryption
Date: Mon, 12 Mar 2001 05:34:56 GMT
"SCOTT19U.ZIP_GUY" wrote:
> Who cares if its gibberish. You can say it was output from
> a random number generator. If you give a key that works I think
> its up to them to prove its false.
I think it would be very easy to convince almost anyone that you
didn't really go to all the trouble of encryption to secure gibberish.
------------------------------
From: "nospam"@"nonsuch.org" ("Bryan Olson")
Subject: Re: Any news on the KFB mode?
Date: Mon, 12 Mar 2001 05:33:57 GMT
Terry Ritter wrote:
>Volker Hetzer
>>If I remember correctly there was something about short cycles
>>or so. As soon as google has the articles in his earch engine
>>you can look up the original discussion there.
>
>I was there. I claimed that weak short cycles do exist in
>cryptographic "BB&S." There was much discussion, but in the end that
>was agreed.
"In the end"???? It was known from the beginning. How
could anyone understand the BBS generator without realizing
that some short cycles exist? The mere existence is no
problem; a theorem relates the chance of falling into a
short cycle to the difficulty of factoring.
>The idea that insecure selections do in fact exist in a
>"mathematically proven secure" construction was and is disturbing.
>There was much mathematical posturing about how such a thing could not
>happen, because if it did, that would amount to factoring N which had
>been mathematically proven to be impossible.
No, no, no. There was no proof that factoring the modulus
is impossible or even intractable. The proof shows that
_if_ factoring the modulus is intractable, then the problem
of predicting the generator output is intractable.
[...]
>The cryptographic "BB&S" argument is that short cycles are very, very
>rare. Thus, short cycles are not a security problem in practice for
>cryptographic "BB&S," because they are hardly ever, ever selected.
>And that is about all we should expect from asymptotic proof.
The mistake here is reasoning based on what one expects of
the proof or assumed the proof said, rather than what the
proof actually shows.
--Bryan
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: RE: Anonymous web browsing
Date: 12 Mar 2001 05:39:08 GMT
[EMAIL PROTECTED] (Phil Zimmerman) wrote in
<[EMAIL PROTECTED]>:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Does anyone use any of the anonymouse web browsing services such as
>Anonymizer or SafeWeb?
>
I have used both. However I would bet they are run by the
NSA or something simalar. SafeWeb does not work with
Moziila or even the latest netscape. Makes me wonder if
they have stock in Microsoft.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 12 Mar 2001 05:36:32 GMT
[EMAIL PROTECTED] (Phil Zimmerman) wrote in
<[EMAIL PROTECTED]>:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Exchanging keys does not involve any public contact what so ever. That
>is the beauty of the public-key encryption system. Had Hansen used a
>single key system, or a self-decrypting archive system, then Hansen
>would have had to transmit the "passphrase" to his Russian handlers,
>thereby exponentially compromising his ID.
>
>I don't know what encryption system he used. Now the NSA is years ahead
>of public cryptography, hence one of its former algorithms was a
>defeated candidate for AES. I don't know whether or not the NSA was
>involved in helping the FBI decrypt Hansen's data.
>
>BTW, I usually use 4096 length. Anyone have any comments on which
>algorithm they prefer? TwoFish, AES, CAST, IDEA, TripleDES???
>
Since you ask I prefer scott16u or scott19u. However
I always wondered why PGP doesn't use bijective compression
and why it allows wrong keys to be rejected early in the
decodeing process. Maybe you can tell me.
Or maybe they can fix it when they add the AES candidate
Rijndael.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Super strong crypto
Date: 12 Mar 2001 05:49:36 GMT
"nospam"@"nonsuch.org" ("Bryan Olson") wrote in <xMYq6.1$lW2.23@interramp>:
>Douglas A. Gwyn wrote:
>>Bryan Olson wrote:
>>> But understand it's no small detail. Thousands have tried
>>> to bridge that chasm, and so far all have failed.
>>
>> But in the meantime, we can try to beef up the methods we have
>> by such methods as I was suggesting.
>
>Well, yeah sure, or other methods. But this was supposed to
>be about more than one's opinion on what things might help.
>
>> In applications such as
>> one I'm supporting at the moment, there are real-world
>> constraints that force the security implementation to work too
>> close to the edge, and efficient implementation is paramount
>> (so the data encryption will be something like Rijndael with
>> small parameters). Under such circumstances, anything that can
>> be done to get in the way of the enemy cryptanalysts is welcome.
>
>If you have some result showing Rijndael is flawed, or
>showing your scheme is strong, that would be significant.
>Hypothesizing Rijndael is weak and conjecturing that your
>scheme would fix the weakness is not even in the direction
>you stated this thread seemed to be about.
>
It is weak in many senses of the word. Of course some will
depend on the modes that are blessed for it. However since
the key as used in AES will only be 256 bits. It will have
a very short Unity distance as compared to some ciphers
with keys of a MILLION BYTES or so.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: rec.puzzles
Subject: Re: An extremely difficult (possibly original) cryptogram
Date: 12 Mar 2001 05:44:50 GMT
[EMAIL PROTECTED] (daniel mcgrath) wrote in
<[EMAIL PROTECTED]>:
>Tysoizbyjoxs, this may be the most complicated code anyone has ever
>done!
>
cut...
>33105 24913 08041 25023 44575 19039 30097 06095 14807 59617
>62195 47241 19291 30203 16113 61061 92754 90951 48075 96176
>21954 71480 25960 53559 70609 51481 03228 27195 06
>Can any of you work out the key?
Not sure I want to but. I think is trival to map the
output of any good encryption program to a set of numbers
whats the point. And could you not have least made it write
full block the last one looks short.
>
>I do want to see some comment, even if you are totally lost, as no
>doubt quite a few of you are.
>
>--------------------------------------------------
>daniel g. mcgrath
>a subscriber to _word ways: the journal of recreational linguistics_
>http://www.wordways.com/
>
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Date: 12 Mar 2001 05:55:26 -0000
From: [EMAIL PROTECTED] (Frodo)
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <toXq6.16407$[EMAIL PROTECTED]>
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
>
> "Frodo" <[EMAIL PROTECTED]> wrote in
message
> news:[EMAIL PROTECTED]...
> > In article <IrWq6.16068$[EMAIL PROTECTED]>
> > "Tom St Denis" <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > "Ryan M. McConahy" <[EMAIL PROTECTED]>
wrote
> > in message
> > > news:3aac1d41$0$62147$[EMAIL PROTECTED]...
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Actually, I was not asking for noise. I merely wanted an
> > address. I
> > > > knew that an electronic version was available. I am a
> > teenager, and
> > > > do not have much money, and would prefer it in an
electronic
> > version.
> > >
> > > Big deal? I got a job when I was 15 and bought my own
copy.
> > It's called
> > > the "real world".
> >
> > Suit yourself.
> >
> > I got a copy from the posted URL.
> >
> > That's the real world, too.
>
> The url doesn't goto Applied Crypto. It goes to the US Field
Manual....
Applied Cryptography: Schneier
http://134.155.63.117/quantico/TE/appliedcrypto.zip
...and thanks for asking.
------------------------------
Subject: Re: => FBI easily cracks encryption ...?
From: Phil Schneier <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Date: Mon, 12 Mar 2001 06:13:06 GMT
7.0.3 freeware supports: TwoFish, CAST, IDEA, TripleDES, and AES-256
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Mon, 12 Mar 2001 07:32:46 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > I am afraid to define and qualtify 'propagation of
> > information' is a task that is practically imfeasible in
> > the rigorous sense (which a formal treatment requires),
> > otherwise one could as well also decide whether a given
> > bit source is perfectly random.
>
> I don't understand your reasoning at all.
Sorry, I had a typo: 'qualify' should read 'quantify'. Is
that clear to you now?
M. K. Shen
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Anonymous web browsing
Date: Mon, 12 Mar 2001 06:39:16 GMT
"Phil Zimmerman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Does anyone use any of the anonymouse web
> browsing services such as Anonymizer or SafeWeb?
I occasionally use Anonymizer for sites I consider potentially or
particularly suspicious or unknown. It's slow, but it does provide
extra protection.
------------------------------
Subject: Re: Super strong crypto
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Mar 2001 06:32:21 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> Let me put it this way: You don't need guardrails on mountain
> roads if nothing will go wrong, but highway engineers generally
> add them as a safety precaution *against a foreseeable class of
> contingencies*, even though it costs something to do so.
Yes, but of an infinite range of conceivable precautions against
possible flaws in our cryptographic primitives, how do we choose which
ones to actually use? We can't use them all, simply because there are
infinitely many. And it would be crazy to suggest we should implement
them on top of one another as fast as we can think of them. So we
must have some way of assessing which ones are worthwhile.
When you started this thread, you suggested we should aim to be able
to prove something good about them. This seems the right approach.
However as David Wagner has very convincingly demonstrated, your
proposal has so far resisted the slightest brush with any kind of
formalisation of assumptions or goals that might even be the first
step on the road to such a proof. And this is in contrast with other
proposals that have been raised, such as the GGM tree-based
encryption, which do have formal proofs of good properties.
Frankly, I don't think there's much point in continuing to defend what
you propose here until you've found time to do some of that
formalisation and you're at least able to be a little more precise
about what you're trying to say in the first place. At the moment,
your assertions are too weak even to be wrong.
If you don't think the kind of formalism I'm suggesting is the right
approach, please suggest an alternative strategy by which we can
assess the merit of your proposal.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
Temporary address (due to email problems): [EMAIL PROTECTED]
------------------------------
Subject: Re: Encryption software
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Mar 2001 06:32:21 GMT
Benjamin Goldberg <[EMAIL PROTECTED]> writes:
> Well, yeah. Noone is likely to do any better than the PGP system any
> time soon. They might, however, do better in terms of ciphers. The PGP
> system can, with little difficulty, be made to use whatever cipher you
> want. That's why noone intelligent says, X is better than pgp. They
> might say, Y is better than AES, and Z is better than RSA or ECC.
I agree in principle, but just to pick a nit: it might make sense to
say "S/MIME is worse than PGP" or "Pegwit is better than PGP", if
you're comparing standards. Or "GPG is better than PGP" if you're
comparing implementations of of a standard. You're right to say that
statements like "AES is better than PGP" are "not even wrong".
"SSL is better than PGP" is also "not even wrong", but "For this
purpose, SSL is better than PGP" or "In this regard, PGP is better
than SSL" might make sense.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
Temporary address (due to email problems): [EMAIL PROTECTED]
------------------------------
Subject: Re: Encryption software
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Mon, 12 Mar 2001 06:32:20 GMT
Runu Knips <[EMAIL PROTECTED]> writes:
> I doubt that pgpi is opensource according to its definition
> at http://www.opensource.org. GPG is, however. Unfortunately
> GPG is GPL, not LGPL, so it can't be a standard either.
GPG is not a standard, it is an implementation of the OpenPGP
standard. If you find the license too restrictive you may be
interested to know that there is a project afoot to build another
OpenPGP implementation using the OpenSSL codebase, which has a very
liberal license.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
Temporary address (due to email problems): [EMAIL PROTECTED]
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Potential of machine translation techniques?
Date: Mon, 12 Mar 2001 07:57:18 +0100
"Douglas A. Gwyn" wrote:
>
> Mok-Kong Shen wrote:
> > Now that machine translation of natural languages has reached
> > a fairly advanced state, wouldn't it be feasible to create an
> > appropriate generic class of artificial languages covering a
> > more or less limited universe of discourse and with grammars
> > that are not too difficult for achieving fidelity of results
> > such that, with a key, one can select which one of such
> > languages is to be used in a concrete situation?
>
> No, you'd be better off with a code system.
It is meant to be a parallel supplementary path. It
could help encryption. A new language implies also a
new vocabulary, hence it is (much) more than a code
system.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Mon, 12 Mar 2001 07:57:22 +0100
Mok-Kong Shen wrote:
>
> [EMAIL PROTECTED] wrote:
> >
> > If a PHT is (modular addition) x = 2a+b, y = a+b what if you use 2a+b,
> > 2b+a? Does it have an mathematical inverse? (I don't consider an S-box)
> > What kind of statistics does it produce? Is it unwise for cryptography?
>
> Such (linear) transformations are invertible if the
> determinant of the matrix is non-zero with respect to the
> modulus. PHT (I have never been able to know where the name
> comes from) is the discrete analog of Arnold's map. Lacking
> knowledge, I can't answer your two last questions. A point
> of note is that the matrix of PHT is not symmetrical,
> while yours is.
Sorry, 'non-zero' should read 'invertible'.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
