Cryptography-Digest Digest #875, Volume #13 Mon, 12 Mar 01 19:13:00 EST
Contents:
Test Vectors? (Benjamin Johnston)
Re: Text of Applied Cryptography .. do not feed the trolls ("Ryan M. McConahy")
Re: Text of Applied Cryptography ("Ryan M. McConahy")
Re: Noninvertible encryption ("Henrick Hellstr�m")
Re: Really simple stream cipher (David Wagner)
Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis")
RE: PGP (Phil Schneier)
Re: OverWrite: best wipe software? (Anthony Stephen Szopa)
Re: Text of Applied Cryptography .. do not feed the trolls (Sundial Services)
Re: OverWrite: best wipe software? ("Tom St Denis")
Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis")
Re: Digital enveloppe (Sundial Services)
Encrypt then HMAC or HMAC then Encrypt? (Bjorn Forsberg)
Re: Text of Applied Cryptography .. do not feed the trolls (Sundial Services)
Re: Test Vectors? (Doug Stell)
Re: Text of Applied Cryptography .. do not feed the trolls (Paul Rubin)
Re: Encrypt then HMAC or HMAC then Encrypt? (Paul Rubin)
Re: Completly wiping HD ("Joseph Ashwood")
Re: Quantum Computing & Key Sizes (Bill Unruh)
Re: Quantum Computing & Key Sizes (Bill Unruh)
Re: Quantum Computing & Key Sizes (Bill Unruh)
----------------------------------------------------------------------------
From: Benjamin Johnston <[EMAIL PROTECTED]>
Subject: Test Vectors?
Date: Tue, 13 Mar 2001 08:24:10 +1000
Hi, this is probably a frequently asked question, but I couldn't find it
in the FAQ....
Is there website where can I obtain "raw" test vectors for algorithms such
as RSA, SHA and Rijndael? (Preferably in hexadecimal)
("raw", as in, the basic output by the algorithm, and not a particular
implementation and file format)
Or maybe a small and simple program (for windows?) that does this kind of
thing.
(Also, while I'm here; does anybody have pointers to sites that comment on
squeezing the last bit of performance out of large-number-arithmetic
routines?)
Thanks a lot,
-Benjamin Johnston
[EMAIL PROTECTED]
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Mon, 12 Mar 2001 17:52:44 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Tom St Denis wrote in message ...
<snip>
>Right. Trust me the book is easier to read since you don't have the
>stupid ads and stuff around.
Actually, there aren't any ads, and it is quite convienient to have
in electronic format.
I believe you are the troll, if there is one at all. Applied Crypto
is out there, and you can't do anything to stop that. Anyone who's
into crypto and has the money will buy it. Having it electronic form
is useful for quotation reasons.
Ryan M. McConahy.
=====BEGIN PGP SIGNATURE=====
Version: 6.5.8ckt http://www.ipgpp.com/
iQA/AwUBOq1TO6Fn8yalvjU2EQJ4YACbBw0XdToO8bbdjwmPbU/MOqch6hYAoIq3
fuZsV540P2jbJzB30PRXajJH
=JZdc
=====END PGP SIGNATURE=====
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Subject: Re: Text of Applied Cryptography
Date: Mon, 12 Mar 2001 17:54:15 -0500
Yes, the HAC sounds good. I downloaded it, but haven't looked at it yet.
Ryan
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Noninvertible encryption
Date: Mon, 12 Mar 2001 23:56:01 +0100
"Douglas A. Gwyn" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> "Henrick Hellstr�m" wrote:
> > Why not? Maybe it was intended to be used as an OTP.
>
> It wouldn't seem reasonable to encrypt a OTP key.
If David Scott really was a KGB agent he would of course protect the key by
physical means and discard it if he even remotely suspected that it had been
compromised, yes? ;-)
Well then, why not claim that it was some test data from a cryptoanalytical
experiment?
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Really simple stream cipher
Date: 12 Mar 2001 22:59:52 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Henrick Hellstr�m wrote:
>You were more or less arguing that PCFB mode would be too complicated to use
>for most software developers.
No, I wasn't. My argument has nothing to do with complexity,
and it has nothing to do with specific modes. Instead, I'm talking
about explicit vs. implicit authentication.
My claim: The crypto layer should explicitly check all messages
to be sure they are properly authenticated.
The problem with error-propagating modes: The check is implicit,
and it is left up to the application. Both of these introduce
failure modes not present in my approach.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Mon, 12 Mar 2001 23:01:47 GMT
"Ryan M. McConahy" <[EMAIL PROTECTED]> wrote in message
news:3aad52bd$0$62139$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tom St Denis wrote in message ...
> <snip>
>
> >Right. Trust me the book is easier to read since you don't have the
> >stupid ads and stuff around.
>
> Actually, there aren't any ads, and it is quite convienient to have
> in electronic format.
>
> I believe you are the troll, if there is one at all. Applied Crypto
> is out there, and you can't do anything to stop that. Anyone who's
> into crypto and has the money will buy it. Having it electronic form
> is useful for quotation reasons.
I hope you never have to sell anything for a living. Cuz I will just pirate
it and laugh in your face.
Tom
------------------------------
Subject: RE: PGP
From: Phil Schneier <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Date: Mon, 12 Mar 2001 23:02:12 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Does anyone keep an unencrypted copy of a file in a very secure place and
use the PGP file on their regular computer? What happens to you if your pgp
file gets corrupted?
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Give me liberty or give me death!
iQA/AwUBOq1VX4MDo+bz8724EQLWqgCfZuXUyDpPaKLzE35OHQWkHYawNfQAn0H6
qzlbW0zbEUznmo6Nt9bpprUz
=NM/D
=====END PGP SIGNATURE=====
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 15:10:51 -0800
Benjamin Goldberg wrote:
>
> Anthony Stephen Szopa wrote:
> >
> > Tom St Denis wrote:
> > >
> > > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > Tell us now why OverWrite will not work.
> > >
> > > Reply to my reply of your OP.
> > >
> > > Tom
> >
> > Are you referring to your sarcastic ridiculing reply to my original
> > post.
> >
> > I don't think such deserves a response.
>
> I'm curious, who is this person named "I don't think" who deserves a
> response? Oh, I see. YOU don't think.
>
> hehehe
>
> --
> The difference between theory and practice is that in theory, theory and
> practice are identical, but in practice, they are not.
I see that you are at the end of your rope.
Thanks for your previous help. Bye.
------------------------------
Date: Mon, 12 Mar 2001 16:18:23 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
O'Reilley has experimented with electronic publishing; for example, they
published about eight different books on Perl in HTML format and put it
on just one CD-ROM. It worked tremendously.
It's pretty obvious that paper-in-a-bookstore is neither an efficient
way to sell technical material; nor an efficient way to consume it.
Paper books are expensive to produce and warehouse, and once purchased
they cannot be searched.
However, it's also pretty obvious that in the present public perception
"downloaded" equals "free." That's what has to change. I'm waiting for
something like DirecTV� to provide an effective solution -- something
like a "WWL = World Wide Library." (Oops, maybe I should trademark
that. Or, patent this e-mail. You saw it first here, folks.) ;-)
The day will soon come when [at least, technical] books, music, and
other intellectual property is routinely distributed by broadband. I'm
sure that cryptography will play an essential role. However, the
technology -and- the public perception is not in place yet.
Frankly, until the day does come when the assumption is no longer that
[person-X] referred to "stealing" AC when he referred to "downloading
the text of" AC ... we're not there yet.
>Ryan M. McConahy wrote:
> >Right. Trust me the book is easier to read since you don't have the
> >stupid ads and stuff around.
>
> Actually, there aren't any ads, and it is quite convienient to have
> in electronic format.
>
> I believe you are the troll, if there is one at all. Applied Crypto
> is out there, and you can't do anything to stop that. Anyone who's
> into crypto and has the money will buy it. Having it electronic form
> is useful for quotation reasons.
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: Mon, 12 Mar 2001 23:18:38 GMT
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Benjamin Goldberg wrote:
> >
> > Anthony Stephen Szopa wrote:
> > >
> > > Tom St Denis wrote:
> > > >
> > > > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > Tell us now why OverWrite will not work.
> > > >
> > > > Reply to my reply of your OP.
> > > >
> > > > Tom
> > >
> > > Are you referring to your sarcastic ridiculing reply to my original
> > > post.
> > >
> > > I don't think such deserves a response.
> >
> > I'm curious, who is this person named "I don't think" who deserves a
> > response? Oh, I see. YOU don't think.
> >
> > hehehe
> >
> > --
> > The difference between theory and practice is that in theory, theory and
> > practice are identical, but in practice, they are not.
>
>
> I see that you are at the end of your rope.
>
> Thanks for your previous help. Bye.
Too bad you didn't act on his help.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Mon, 12 Mar 2001 23:20:49 GMT
"Sundial Services" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> O'Reilley has experimented with electronic publishing; for example, they
> published about eight different books on Perl in HTML format and put it
> on just one CD-ROM. It worked tremendously.
>
> It's pretty obvious that paper-in-a-bookstore is neither an efficient
> way to sell technical material; nor an efficient way to consume it.
> Paper books are expensive to produce and warehouse, and once purchased
> they cannot be searched.
>
> However, it's also pretty obvious that in the present public perception
> "downloaded" equals "free." That's what has to change. I'm waiting for
> something like DirecTVT to provide an effective solution -- something
> like a "WWL = World Wide Library." (Oops, maybe I should trademark
> that. Or, patent this e-mail. You saw it first here, folks.) ;-)
>
> The day will soon come when [at least, technical] books, music, and
> other intellectual property is routinely distributed by broadband. I'm
> sure that cryptography will play an essential role. However, the
> technology -and- the public perception is not in place yet.
That's nonsense. I agree that searching computer based texts is easier but
that's why we have indexes and glossaries. (that's the whole point!!).
Real books are easier on the eyes and don't require clicking to read. I
hope that real books are never replaced with pdf wannabes.
Tom
------------------------------
Date: Mon, 12 Mar 2001 16:25:30 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Digital enveloppe
More specifically, "claiming that your system is equal to OTP"
immediately places the listener in a state of disbelief -- that you do
not really know what you are talking about. The moment that the "bozo
bit" is raised, you are fighting a losing battle.
Actually, the bozo-bit gets raised twice [in the original posting]
because the person says "he just has to download my software."
One of the strange assumptions of cryptography is that an algorithm can
be trusted only-if its full source-code and algorithm is =fully=
disclosed, and subjected to extensive peer-review, cryptanalysis, and
testing. There can be no "security by obscurity," no reliance upon
hiding the complete details of the encryption method being used.
Sure, you can patent the algorithm .. as RSA did, as Terry Ritter has
done .. but it is an unforgiveable sin to conceal it, or to compare it
in any way to one-time pads (in the sense of "as good as"), unless you
are fully equipped for one hades of a fight.
Simon Johnson wrote:
>Even attempting to claim the security of your
> system is equal to that of the OTP places you in a state of true,
> unforgivable sin.
>
------------------------------
From: Bjorn Forsberg <[EMAIL PROTECTED]>
Subject: Encrypt then HMAC or HMAC then Encrypt?
Date: Mon, 12 Mar 2001 18:28:40 -0500
I am storing an encrypted data packet. Typically small (less than 1K
FWIW). I am encrypting the data, then taking an HMAC of the encrypted
data plus other plain text data. The HMAC is appended to the plain text
data and cipher text data over which it operates on.
I know SSL takes an HMAC of data then encrypts everything including the
HMAC. I can't see anything really definitive that would say that one
method is better over the other?
Can someone please give me some good reasons to pick one way vs the
other?
Thank you.
Bjorn Forsberg
------------------------------
Date: Mon, 12 Mar 2001 16:33:39 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Tom St Denis wrote:
> That's nonsense. I agree that searching computer based texts is easier but
> that's why we have indexes and glossaries. (that's the whole point!!).
> Real books are easier on the eyes and don't require clicking to read. I
> hope that real books are never replaced with pdf wannabes.
Well ;-) ;-) I guess it depends upon whether it's the sort of book you'd
want to read in the privy. {Let's not pursue this line of reasoning
further, hmm? The cell-phone has already trashed the sanctity of that
place well enough. ;-) }
Ahem ...
Lots of books and manuals -do- benefit from being published in PDF
format, or otherwise. For example, our ChimneySweep� software product
has a 100+ page user manual which we publish [only!] in PDF format. If
we did not publish this document in electronic form, the price and the
shipping-cost of the product would be very-substantially higher, and
customers in Kiev, Hong Kong, Sydney and god-knows-where-else would have
great difficulty getting their hands on it. Whereas you can purchase the
product and retrieve it, manuals and all, very easily from any of those
places .. and over time, many people have.
So I don't seriously doubt that electronic publishing, of books and of
music, will become mainstream very quickly. In one sense it already
has: lots of times what you buy in a software store is a very colorful
box containing one CD-ROM and absolutely nothing more. But the
technology of doing this is not quite in place yet.
Ironically, "the piece that is not yet in place" is specifically "the
intellectual property control piece!" And equally unfortunate, Napster
has only served to demonstrate just how valuable that piece really is.
Music artists around the world -- and I personally know several of them
for whatever that might be worth -- are on the one hand delighted that
their works are getting distribution that record companies could never
give them .. and despairing that in the present status-quo they will not
see a dime. In time, and I think it will be "a very short" time, that
problem too will be remedied. By cryptography!
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: Test Vectors?
Date: Mon, 12 Mar 2001 23:26:20 GMT
On Tue, 13 Mar 2001 08:24:10 +1000, Benjamin Johnston
<[EMAIL PROTECTED]> wrote:
>
>Hi, this is probably a frequently asked question, but I couldn't find it
>in the FAQ....
>
>
>Is there website where can I obtain "raw" test vectors for algorithms such
>as RSA, SHA and Rijndael? (Preferably in hexadecimal)
SHA and Rijndael test vectors should reside in the algorithm
specification.
You should be able to find examples of RSA around or use the public
domain software to compute your own.
>(Also, while I'm here; does anybody have pointers to sites that comment on
>squeezing the last bit of performance out of large-number-arithmetic
>routines?)
For starters, look at Chapter 14, Efficient Implementation, in the
Handbook of Applied Crypography, which is available on-line at
http://www.cacr.math.uwaterloo.ca/hac.
Then take a look at some of the efficient implementations, such as
SSLeay, LIP, MIRACL, LiDIA, etc.. While these are not in the public
domain for use, it would be instructive to look at them.
Search the web for Mongomery multiplication, as there has been a lot
of work done in maximizing its efficiency.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: 12 Mar 2001 15:47:01 -0800
"Ryan M. McConahy" <[EMAIL PROTECTED]> writes:
> I believe you are the troll, if there is one at all. Applied Crypto
> is out there, and you can't do anything to stop that. Anyone who's
> into crypto and has the money will buy it. Having it electronic form
> is useful for quotation reasons.
In the long run, the business model of selling data is likely to fall
apart. For now though, it's alive and kicking.
Bruce tells me that the AC2 file out there is definitely unauthorized,
and this happens from time to time. His publisher will probably get
after the site to get the file taken down.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Encrypt then HMAC or HMAC then Encrypt?
Date: 12 Mar 2001 15:48:10 -0800
Bjorn Forsberg <[EMAIL PROTECTED]> writes:
> I am storing an encrypted data packet. Typically small (less than 1K
> FWIW). I am encrypting the data, then taking an HMAC of the encrypted
> data plus other plain text data. The HMAC is appended to the plain text
> data and cipher text data over which it operates on.
Just do HMAC over the plaintext. Make sure the MAC key is separate
from any encryption key you might be using.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Completly wiping HD
Date: Fri, 2 Mar 2001 14:55:25 -0800
This will probably seem like significant overkill. However decide who you
are protecting this from. Using your small script as a building block (as
such it is acually quite good, note changes). There are several levels:
Most people: 1 time
Determined hackers (ill-funded): 3 times
Determined wellfunded corporation: 14 times
Governement : 100 times
These are overkill values. An ill-funded hacker is unlikely to be able to
get past a single write of zeros. The deepest scan that has been done
publically wasn't even through 10 layers of overwrites. And while I have no
direct knowledge of what the US government is capable of I suspect that 100
times will be beyond even the deepest recovery they can manage. Of course
you should scale these up as the density of your drive decreases (a floppy
should be just incinerated, it would take thousands of wipes to get it
clean).
Joe
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Computing & Key Sizes
Date: 12 Mar 2001 23:56:20 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>[EMAIL PROTECTED] (Bill Unruh) writes:
>> Who knows. Quantum Computers do not exist. Their speed is thus not even
>> speculative. As I said, you need about a 1 million bit computer to
>> factor a 1000 bit number.
>Where did you get this figure? I am not a physicist, but according to
>http://xxx.lanl.gov/ps/quant-ph/9802065, the memory space needed is
>proportional to log N, i.e. proportional to the length of the modulus.
>So I would assume it would be on the order of thousands of qubits, not
>a million.
With error correction, overhead, etc. ( The algoritm itself needs of the
order of 2 ln_2(N) logical bits or more, and error correction adds at
of order of 10 times as many for each level of error correction.)
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Computing & Key Sizes
Date: 12 Mar 2001 23:58:59 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes:
>The bottom line is that to be conservative, quantum computers must be
>considered to make the RSA, DSS and DH keys used by PGP to be useless.
This is conservative in the same sense as "Our algorithm will probabaly
be broken sometime, thereofr it is useless." Quantum computers are still
a long way off. Once people have even some vague idea about how a QC
should be built, then it is time to worry.
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Quantum Computing & Key Sizes
Date: 13 Mar 2001 00:01:47 GMT
In <98jddg$jgi$[EMAIL PROTECTED]> "Simon Johnson"
<[EMAIL PROTECTED]> writes:
>To be honest, QC probably wouldn't make much of a difference to public-key
>cryptography. All that would happen is this size of the modulo would be
>increased.... computation time for signining documents etc... would be
>unchanged because the speed of computation would have also increased
>(obviously)
This is wrong. IF one had a QC, then factoring the number is about
equivalent to multiplying the factors together to get the number. Ie,
encryption and factoring are of the same order in speed-- if you can
encrypt it, the opponent can decrypt it just as fast. The encryption
technique would be useless.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
