Cryptography-Digest Digest #877, Volume #13 Mon, 12 Mar 01 22:13:01 EST
Contents:
Re: Really simple stream cipher ("Henrick Hellstr�m")
Re: PGP (John T. Kennedy)
Academic position: crypto (Magma Computer Algebra System)
Re: Really simple stream cipher (David Wagner)
Re: => FBI easily cracks encryption ...? ("Joseph Ashwood")
Re: Zero Knowledge Proof (David A Molnar)
GPS and cryptography (br)
Re: Zero Knowledge Proof (Bill Unruh)
Re: GPS and cryptography ("Tom St Denis")
Re: GPS and cryptography (br)
Re: Text of Applied Cryptography .. do not feed the trolls (Frodo)
Re: Text of Applied Cryptography .. do not feed the trolls (Frodo)
Re: GPS and cryptography (br)
Re: Text of Applied Cryptography .. do not feed the trolls ("Tom St Denis")
Re: GPS and cryptography (Ben Cantrick)
Re: Text of Applied Cryptography .. do not feed the trolls (Paul Rubin)
Re: GPS and cryptography (Frank M. Siegert)
----------------------------------------------------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Really simple stream cipher
Date: Tue, 13 Mar 2001 02:11:30 +0100
"David Wagner" <[EMAIL PROTECTED]> skrev i meddelandet
news:98jkd8$1ft$[EMAIL PROTECTED]...
> ... Instead, I'm talking
> about explicit vs. implicit authentication.
Is this what you are looking for?
"Explicit" PCFB mode decryption and authentication algorithm as it might be
implemented in a "crypto engine".
Input: Cipher text C, a stateful pcfb mode decryption function D, a format
specifier string F.
Output: Parsed plain text structure P, a value true or false.
1. T := D(C)
2. P := Parse(F,T)
2. If P is not empty, return(True), otherwise return(False).
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: John T. Kennedy <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: PGP
Date: Mon, 12 Mar 2001 20:13:42 -0500
Phil Schneier <[EMAIL PROTECTED]> ventured:
>Does anyone keep an unencrypted copy of a file in a very secure place and
>use the PGP file on their regular computer? What happens to you if your pgp
>file gets corrupted?
If your encrypted file gets corrupted and can't be repaired then won't
be able to decrypt it.
Keeping multiple copies of the file on different machines might be
safer than keeping an unencrypted copy.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.nbci.com/rational1/wild/
------------------------------
From: [EMAIL PROTECTED] (Magma Computer Algebra System)
Subject: Academic position: crypto
Date: 13 Mar 2001 01:18:16 GMT
Reply-To: [EMAIL PROTECTED]
Sesqui Lecturer in Cryptography
School of Mathematics and Statistics
UNIVERSITY OF SYDNEY
REF NO: A06/001265
The University has created a Sesqui Lecturership in Cryptography
within the School of Mathematics and Statistics to support a newly
established teaching program in cryptography and to strengthen
existing research in the area. The appointee will be expected to
play a major role in teaching undergraduate units in cryptography.
Essential: a PhD, demonstrated evidence of a strong research record
in cryptography or in a closely related area of number theory or
algebraic geometry, demonstrated ability to teach Pure Mathematics
at an undergraduate level, excellent written and verbal
communication skills, evidence of a commitment to excellence in
teaching and ability to work cooperatively with others.
Desirable: Preference will be given to applicants with a research
record that strengthens existing areas of cryptographic research in
the School: elliptic/hyperelliptic curve cryptography, applications
of number theory to cryptography (factorization, discrete
logarithms, etc), lattice-based cryptography, software tools for
cryptography, broadcast encryption and wireless security.
Remuneration Package: $60,809 - $72,186 p.a. (which includes a
base salary Lecturer Level B $51,385 - $61,020 p.a., leave loading
and up to 17% employer's contribution to superannuation)
For further information contact Professor J Robinson on (02) 9351
5773, fax (02) 9351 4534 or e-mail: [EMAIL PROTECTED]
Closing Date: 22/3/2001
Applications to:
The Personnel Officer,
College of Sciences and Technology, Carslaw
Building, (F07), The University of Sydney, NSW, 2006
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Really simple stream cipher
Date: 13 Mar 2001 01:31:49 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Henrick Hellstr�m wrote:
>1. I am not sure I understand what you mean by "implicit". Yes, the check
>might be intertwined with other processes the application would do anyway.
Here's what I mean by "implicit". If the ciphertext was inauthentic,
the crypto layer will pass up garbled plaintext, and hope that the app
will discard this when some sanity check fails (e.g., that some reserved
bits which should be zero aren't zero, or somesuch).
I don't believe, even for a second, that "implicit authentication" might
have a significant performance advantage over "explicit authentication".
The cost of a conditional branch is orders of magnitudes less than the
cost of decryption. Have you benchmarked the difference? I strongly
doubt that you'll be able to find any non-negligible performance difference
between the two approaches.
>2. As I already mentioned, your approach introduces failure modes (some
>extra "crypto engine" compatibility issues) not present in my approach.
I must've missed it this failure mode present in "explicit authentication"
that's not present in "implicit authentication". Would you mind repeating?
As for issues of getting the wrong DLL, the fault there lies with a broken
OS, not with the use of "explicit authentication". If the OS can't prevent
your code from being replaced with malicious bits, you've lost the game,
no matter what you do: whether you use implicit or explicit authentication,
the attacker can win. The only answer is to use an OS that prevents code
substitution. Fortunately, this is not rocket science.
>3. The failure modes are known and might ultimately be dealt with, at least
>by the application. Otherwise the underlying cipher (or hash or whatever
>kind of diffusion method is used) has some weakness that would be present in
>other modes as well.
Which would you rather rely on?
(a) hoping that every single application developer gets it right
(b) hoping that the single implementor of the crypto library gets it right
I think it's pretty obvious the smart money is on (b).
It's much easier to review crypto-library code to make sure the check is
there (you only have to look in one place) than it is to review app code
(you have to check every app). And the programmer of the crypto code is
more aware of the security issues than any app programmer is likely to be.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 2 Mar 2001 17:17:46 -0800
Crossposted-To: alt.security.pgp,talk.politics.crypto
"Jim Taylor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Sometimes I wonder about these groups. Are you all drug dealers or
> something?
Nope, just your average person who wants privacy from everyone. Someone who
deals with tradesecrets on occassion and want no opportunity for them to be
leaked. Etc. As a matter of fact the only illegal thing I've done in the
last several years was travel in excess of the speed limit and I'm a few
hundred dollars poorer to prove it.
> What would be so bad about the FBI or NSA, with considerable
> effort and expense, being able to decrypt a PGP message?
Perhaps you aren't too aware of the rather lax security around most things.
Simply take a look at the state of the pardons that Ex-President Clinton has
left for us to deal with. Do you really expect that a government that
pardons people based on their monetary situation (and this is far from the
first time that such a thing has occured) would be any less interested in
reading all my personal mail.
Consider PGP like you consider an envelope for your Postal Service, it's
there to keep nosey people from reading what you don't want them to read. We
consider the privacy of a piece of paper stuffed in a computer printed white
envelope to be absolute. So. What would be so bad about the FBI or NSA, with
considerable effort and expense, being able to read every letter you send to
a friend? I really don't want them to know what I'm saying to my significant
other, or my parents, or my brother, I don't want them to have the ability
to censor what I say to people that want to hear it. What would be so wrong
with them being able to examine what time you left home and got to work?
Nothing except that most of us would receieve 2 speeding tickets a day (one
to and one from work).
> Aren't they the
> good guys trying to protect _us_ against spies, terrorists and organized
> crime?
Yes they are, they have also realigned what they are supposed to be doing
with the ability to wiretap phone sex lines should they ever desire to.
> If they had an encrypted message in their hands detailing a plan to
> nuke your city, none of you would want them to be able to decrypt it?
I would flatly support the right of the person that encrypted it to encrypt
it, just as I support my right to encrypt whatever I want to encrypt. I do
not seperate the two, both are issues of privacy and avoiding the invasion
of such.
>
> As long as the cost for decrypting a PGP message is too high to go looking
> for petty crimes, so what if they could decode one if they wanted to?
How long would it remain too high? For the next 10 minutes while they got
the funding for a computer 10 times the size? Long enough for them to amass
2000 of those computers so that they can read everything? You clearly
underestimate Moore's law (which is more and more looking like a minimum).
>They
> would never let the cat out of the bag that they had the ability for even
> someone like Hanssen, so I think all your porno is safe.
Actually once they had the ability to decrypt a large portion of the traffic
I can fairly safely state that they very much would make it known.
>
> Don't get me wrong, I use and like PGP, but it's not the NSA and FBI that
I
> worry about. I simply want to keep some things private from co-workers,
ISP
> employees and the like, and there's no doubt that PGP works very well for
> that.
I do not worry about the NSA and FBI _as origincally commissioned_, I worry
about the FBI and NSA that has become what they are today. The NSA that has
been forced to stand before Congress and say "We promise not to use
Carnivore for exactly what we designed it for" the FBI that has been caught
saying "We promise not to issue 10 times the number of wiretaps we get
permission for, well we promise not to do it again." I am worried about
those entities, not the ones that were assigned the task of keeping us ahead
of the cryptographic race, or the one assigned to stopping terrorism. Those
perverted images of the FBI and the NSA are the reasons that I have learned
cryptanalysis, they are the reason that I never reveal all my knowledge
regardless of who it is, they are the reason I use PGP whenever possible,
they are the reason I do everything in my power to make me a very expensive
target, the more expensive the better.
Joe
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Zero Knowledge Proof
Date: 13 Mar 2001 01:52:10 GMT
Richard Wash <[EMAIL PROTECTED]> wrote:
> A good place to look for more information on Zero Knowledge Proofs is
> in the cryptography textbook
> Cryptography: Theory and Practice
> By Douglas Stinson
> I found this reference very useful for learning about ZKS.
Yes - and after you see that, you may want to check out Oded Goldreich's
chapter of his "fragments of a book." This is distinct from the book
mentioned earlier in the thread; that book only gives a brief sketch of what
ZKPs are. This chapter goes into (much) more detail.
http://www.wisdom.weizmann.ac.il/~oded/frag.html
There is also a book by Goldreich from Cambridge University Press due to
appear sometime in May 2001 with a chapter on ZKPs. With "everything you
always wanted to know about zero-knowledge proofs, but didn't know you could
ask"...
See also the web page on zero-knowledge proofs at
http://www.wisdom.weizmann.ac.il/~oded/zk.html
which has a lot of online papers.
there's a lot to learn about this topic. :-)
-David
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: GPS and cryptography
Date: Mon, 12 Mar 2001 21:02:29 -0400
What do you think about using Global Positionning System (GPS) as key to
encryption?
You can read a message only if your computer is a pre-defined area or
point in the earth.
I'm waiting for comments
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Zero Knowledge Proof
Date: 13 Mar 2001 02:06:08 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
writes:
> As far as crypto goes. I do know that the key exchanges that
>occur involve zero knowledge methods. Which may be different
>from what your calling zero knowledge proofs.
In general this is probably not true. Many exchanges actually convey
information from one side to the other, and are not zero knowledge. In a
zero knowledge proof, the only bit of information which is conveyed is
that the other side knows the relevant bit of information. It conveys
nothing whatsoever about what that information is. Thus the ideal logon
procedure would be to have a zero knowledge proof that the far side
knows the password but conveys no information about that password
whatsoever from either side to the other.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: GPS and cryptography
Date: Tue, 13 Mar 2001 02:10:12 GMT
"br" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> What do you think about using Global Positionning System (GPS) as key to
> encryption?
> You can read a message only if your computer is a pre-defined area or
> point in the earth.
> I'm waiting for comments
What if I fake my position?
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: GPS and cryptography
Date: Mon, 12 Mar 2001 21:11:52 -0400
It's impossible.
Tom St Denis wrote:
>
> "br" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > What do you think about using Global Positionning System (GPS) as key to
> > encryption?
> > You can read a message only if your computer is a pre-defined area or
> > point in the earth.
> > I'm waiting for comments
>
> What if I fake my position?
------------------------------
Date: 13 Mar 2001 02:13:52 -0000
From: [EMAIL PROTECTED] (Frodo)
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <lRcr6.22086$[EMAIL PROTECTED]>
"Tom St Denis" <[EMAIL PROTECTED]> wrote:
> > It's pretty obvious that paper-in-a-bookstore is neither an
efficient
> > way to sell technical material; nor an efficient way to
consume it.
> > Paper books are expensive to produce and warehouse, and once
purchased
> > they cannot be searched.
> That's nonsense.
So do whatever suits you.
That's certainly what I'm going to do.
> I agree that searching computer based texts is easier but
> that's why we have indexes and glossaries. (that's the whole
point!!).
I can take most of my library with me on a laptop; I have to go
home to read the dead tree version.
> Real books are easier on the eyes and don't require clicking
to read.
If you're going to read a book from cover to cover the first
time, I agree. Sales of paperbacks aren't going away anytime
soon.
After that, or for a reference book, I want an electronic
version. With updates.
> I hope that real books are never replaced with pdf wannabes.
Most of the cost of a dead-tree book involves printing and
distribution. Many of those books wind up being remaindered. I
suspect that most books will eventually be published
electronically to avoid those costs.
The reason it's not being done now is the fact that it's
impossible to prevent piracy.
I don't see that problem going away -- many new books are simply
being scanned by kids with time on their hands.
Literally thousands of classics are available at Project
Gutenberg (and yes, the publishers tried to stop that, even
though they didn't own the copyrights to those books, because it
would interfere with their sales).
In the case of copyrighted books that are out of print, I think
that's an excellent idea.
I have hardbacks of "The Puzzle Palace" and "The Codebreakers".
Anybody wanna scan and post those?
I'd download 'em in a heartbeat.
I'd even pay a modest sum for electronic copies (but not copy-
protected ones).
But they're not for sale.
------------------------------
Date: 13 Mar 2001 02:13:53 -0000
From: [EMAIL PROTECTED] (Frodo)
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <[EMAIL PROTECTED]>
Paul Rubin <[EMAIL PROTECTED]> wrote:
>
> "Ryan M. McConahy" <[EMAIL PROTECTED]>
writes:
> > I believe you are the troll, if there is one at all. Applied
Crypto
> > is out there, and you can't do anything to stop that. Anyone
who's
> > into crypto and has the money will buy it. Having it
electronic form
> > is useful for quotation reasons.
>
> In the long run, the business model of selling data is likely
to fall
> apart. For now though, it's alive and kicking.
>
> Bruce tells me that the AC2 file out there is definitely
unauthorized,
> and this happens from time to time.
Be nice if *he* said that, and not you. It sure looks like a
professional job, not a scan.
But this book is actually a good example of *why* some people
think piracy is justified - I spent big bucks on the first
edition, only to find out that a revision with lots of
corrections was out a year or so later.
I *could* get the corrections for free (he published those) and
cut and past (literally) my copy; but I downloaded this version
without hesitation.
> His publisher will probably get
> after the site to get the file taken down.
Once it's out there, it's too late.
Web sites can be taken down, but usenet and gnutella cannot.
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: GPS and cryptography
Date: Mon, 12 Mar 2001 21:16:22 -0400
More hard to find out : the position of receiver.
I send a message to alice with his exact position as key.
k= f(positionGPS)
You can imagine any complex fonction.
Tom St Denis wrote:
>
> "br" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > What do you think about using Global Positionning System (GPS) as key to
> > encryption?
> > You can read a message only if your computer is a pre-defined area or
> > point in the earth.
> > I'm waiting for comments
>
> What if I fake my position?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Tue, 13 Mar 2001 02:44:51 GMT
"Frodo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <lRcr6.22086$[EMAIL PROTECTED]>
> "Tom St Denis" <[EMAIL PROTECTED]> wrote:
>
> > > It's pretty obvious that paper-in-a-bookstore is neither an
> efficient
> > > way to sell technical material; nor an efficient way to
> consume it.
> > > Paper books are expensive to produce and warehouse, and once
> purchased
> > > they cannot be searched.
>
> > That's nonsense.
>
> So do whatever suits you.
> That's certainly what I'm going to do.
>
> > I agree that searching computer based texts is easier but
> > that's why we have indexes and glossaries. (that's the whole
> point!!).
>
> I can take most of my library with me on a laptop; I have to go
> home to read the dead tree version.
Don't give me that dead tree crap. most of it is recycled paper and computer
parts account for quite abit of commercial waste as well.
Tom
------------------------------
From: [EMAIL PROTECTED] (Ben Cantrick)
Subject: Re: GPS and cryptography
Date: 12 Mar 2001 19:54:16 -0700
In article <[EMAIL PROTECTED]>, br <[EMAIL PROTECTED]> wrote:
>What do you think about using Global Positionning System (GPS) as key to
>encryption?
Keyspace is too small. GPS isn't hideously exact. Even combining
lat, long and elevation you're not going to get a lot of bits to work
with. Brute-force sweeping of the key space looks like a very likely
possibility.
>You can read a message only if your computer is a pre-defined area or
>point in the earth.
>I'm waiting for comments
The question is, why would you want to do this? Unless you are a
very evil, monopolistic corporation hell-bent on preventing people
from executing your software except exactly where you can watch them
doing it? In short, there's no point. Go home and watch "Friends."
-Ben
--
Ben Cantrick ([EMAIL PROTECTED]) | Yes, the AnimEigo BGC dubs still suck.
BGC Nukem: http://www.dim.com/~mackys/bgcnukem.html
The Spamdogs: http://www.dim.com/~mackys/spamdogs
... bleakness ... desolation ... plastic forks ...
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: 12 Mar 2001 18:56:33 -0800
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> > I can take most of my library with me on a laptop; I have to go
> > home to read the dead tree version.
>
> Don't give me that dead tree crap. most of it is recycled paper and computer
> parts account for quite abit of commercial waste as well.
Huh? He's just saying a digital version is more portable. He's right
about that.
------------------------------
From: [EMAIL PROTECTED] (Frank M. Siegert)
Subject: Re: GPS and cryptography
Date: Tue, 13 Mar 2001 03:04:42 GMT
On Mon, 12 Mar 2001 21:16:22 -0400, br <[EMAIL PROTECTED]> wrote:
>More hard to find out : the position of receiver.
>I send a message to alice with his exact position as key.
>k= f(positionGPS)
>You can imagine any complex fonction.
So you just want to use the position of the receiver as a key. There
is no need for GPS then as the sender must know the receivers position
in advance, so it is the same as if Alice and Bob agree on a private
key (or for a moving receiver - a set of) before communication starts.
About your first message: Anyone can read any message as long as
he/she knows the receiver position (the key) and fake it. No 'complex
function' will change this.
You can however use the GPS signal as a source of entropy, but that's
a different matter.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
