Cryptography-Digest Digest #886, Volume #13 Tue, 13 Mar 01 18:13:01 EST
Contents:
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: GPS and cryptography (br)
Re: Crypto idea (br)
Re: OverWrite: best wipe software? (Dan Hargrove)
Re: Prime to use with SRP (Thomas Wu)
Re: Text of Applied Cryptography .. do not feed the trolls ("Ryan M. McConahy")
Re: One-time Pad really unbreakable? ("Tony T. Warnock")
Basic Cryptoanalysis (Daniel)
Re: Basic Cryptoanalysis ("Tom St Denis")
Re: Instruction based encryption (Matthew Skala)
Re: Basic Cryptoanalysis ("Amethyste")
Re: qrpff-New DVD decryption code ("Simon Johnson")
Re: GPS and cryptography (Steve Portly)
----------------------------------------------------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Tue, 13 Mar 2001 20:32:13 GMT
"Frank Gerlach" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Or maybe the NSA trys to do some FUDing about PGP.
I don't think the NSA really has anything to say about PGP. Unlike many
other agencies, they seem to know how to keep their mouths shut.
> If they had broken PGP, they would *never ever* reveal
> it to the public.
I agree.
> I guess they would not even tell the FBI, because
> the FBI is by no means as secretive as the NSA.
I definitely agree. The FBI is a band of blabbermouths compared to the
NSA.
> Check the nuclear spies and VENONA. They didn't
> make it public for a very long time, because even
> nuclear secrets are worth less than a successful
> exploit of a critical crypto system.
This same principle makes it relatively unnecessary to worry too much
about the NSA. Even if the NSA can break the encryption your using, it
certainly isn't likely to take advantage of that, since any attempt to
do so would reveal that they know how to break that encryption, and the
secrecy of the fact that they can break it is far more important to
national security than any secrets they might gain from you by breaking
it.
One of the paradoxes of breaking a really strong encryption system, if
you ever manage to do it, is that the fact that you've done so is such a
valuable secret that you may rarely, if ever, come across anything
encrypted with the system that is worth revealing (given that revealing
what you've read also discloses the secret of your having broken the
cryptosystem). This has been a problem for decades; it was a problem
with Enigma and Purple and many other systems.
And I dare say that the cracking of some cryptosystems (perhaps even
PGP--a lot of parties of interest to national security may be using it)
is such an important secret in itself that the NSA would never disclose
the fact of having cracked them to a (relative) information sieve like
the FBI.
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: GPS and cryptography
Date: Tue, 13 Mar 2001 15:30:17 -0400
Not all. Just digital signature using hashing function.
David Schwartz wrote:
>
> br wrote:
> >
> > The recipient own the GPS and is in position that allow him to read the
> > message.
> > It's very simple.
> > How could you know all technical features of my GPS?
> > The software include some data about technical features of the
> > recipient.
> > Whithout those data and the real position no one can read the message.
> > It's not hard to design the system.
> > Try to imagine that every computer is unique.
> > Try to find a relation between this unicity and the key to decipher the
> > message.
> > GPS is just a component of the system.
> > You can use the phone of the recipient as key (not the phone number).
> > Than means that every computer is described by stable technical
> > parameters.
> > So the computer X cand read only messages sent to it.
> > If you don't own the computer X with its hardware components, it's
> > impossible to read any message.
> > How to communicate all parameters?
> > Via network.
> > I have invented unbreakable system to communicate safely via network.
> > I'm going to publish it this groupnews.
> > I'm trying to write it in english. A french version is still not
> > complete.
> > I'm french speaking.
>
> If you have to send all the information about your computer over the
> network to allow people to encode messages to you, haven't you just
> given out the key to your message?
>
> Let me put it another way. Your computer's behavior is either
> predictable or unpredictable given the information you give the sender.
> If your computer is predictable based upon the information you give the
> sender, then an attacker can simulate your computer and break the
> message. If your computer's behavior cannot be predicted by the encoder
> based upon the data you sent, then how can he encode the message such
> that it doesn't decode to garbage?
>
> It's not clear how GPS is supposed to figure into this. If the person
> encoding the message doesn't know the technical details of your GPS, how
> can he use them to encode the message? If he does know them, then
> couldn't an attacker know them by the same means? If not, how is the
> "technical features of the recipient" different from just a random
> secret key?
>
> What would you would need (but don't even claim to have) is some
> mechanism to give out sufficient information to encode a message to a
> particular recipient but not enough information to decode that same
> message. If you had this, you would have reinvented public-key
> cryptography with a fixed key. Since we already have such schemes
> (several of them) with changeable keys, all you would accomplish would
> be to remove a feature from existing PK schemes.
>
> How about this, I make a box (call it a 'smartcard') that has a private
> RSA key stored securely inside it. The public key is printed on the back
> of the card. If I want you to be able to send me an encrypted message, I
> simply tell you the techical parameters of my smartcard (ie, the public
> key). You can now send me a message that only someone with my computer
> (err, smartcard) can decrypt.
>
> DS
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: Crypto idea
Date: Tue, 13 Mar 2001 15:42:48 -0400
I know what steganography is. I'm not hiding information.
Spelling mistakes and using symbolic characters are used to neutralize
the use of compuers by cryptanalysis.
Cryptanalysist today use computer to deciphers. My goal is to create
encryption based on human intelligence. Only human can distinguish that
in the output message, there is two categories of symbols.
if I use greek letters mixed with latin letters, recipient can
distinguish easily the difference. So he can understand that greek
letters means 1 or 0 and latin letters 0 or 1. Two choices to check and
it's okay.
Why not to found crypto on human judgement?
The goal of cryptography is to keep secret information. Only those
authorized could read messages.
"Trevor L. Jackson, III" wrote:
>
> br wrote:
>
> > Some ideas to discuss
> >
> > The computer is idiot. If it is not programmed for any pre-defined
> > task, it can't distinguish between uggly and beautiful lady, english
> > and foreign alphabets etc...
> > So if I use two categories of symbols, which one has a property
> > different than the other, the computer can't know that the message
> > include two types differents.
> > I'm going to give you some samples.
> > Let plain text in binary system : 001101
> > Suppose that I want to send a message whithout send a key to my
> > correspondant.
> > I send 249583. Every one understand that odd number is replaced by 1 and
> > even by 0.
> > It's very easy to guess.
> > If I use open letters like l,u,r,s ... and closed letters like o, p, b,
> > d, e. It's more difficult. It's impossible for cryptanalysts to find out
> > the output when I know that creating two categories is infinite domain.
> >
> > Cryptanalysis use dictionaries as way to find a solution. They suppose
> > that the clear message is wrote without spelling mistakes.
> > I can write a message like "I love you" as " Ay lov u" or "Ilovu"etc....
> > So how cryptanalists could know before my specific spelling of I love
> > you.
> >
> > Using spelling mistakes is a good strategy against attackers.
> > Using "symbolic characters" with two differents properties too.
> > So what if I use spelling mistakes combined with symbolic characters
> > before encryption.
> > 1.I convert "I love you" to " Ay lov u".
> > 2.Then Ay lov u to (It's just an example) 101101....11
> > 3. 101101... to +a-*c=...<>
> > 4. Everyone can guess that I used mathemathical symbols for 1 and
> > litteral symbols for 0.
> > (the receiver has to program using two types and inserting in table the
> > characters corresponding to one or zero and try to read twice to know
> > symbols (one) et symbols (zero).
> >
> > I'm aware that it's impossible to use this system for commercial
> > purposes. But for military or intelligence use, it's appropriate.
> >
> > I apologize for my english, I hope it was clear.
>
> You are mixing steganography (hiding messages) with cryptography (scrambling
> messages). The crypto has to be strong in case the stego fails.
------------------------------
From: [EMAIL PROTECTED] (Dan Hargrove)
Crossposted-To: alt.hacker
Subject: Re: OverWrite: best wipe software?
Date: 13 Mar 2001 20:47:20 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in <3AADDFE0.8702999F@t-
online.de>:
>
>
>Dan Hargrove wrote:
>>
>> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>>
>
>> >I conjecture that with a really effective program (i.e.
>> >one that the maintenance and repair people use and that
>> >can address all sectors of the disk) to overwrite a dozen
>> >or more times with differing bit patterns would render
>> >recovery beyond the capability of current technology. But,
>> >of course, physically destroying the hard drives certainly
>> >provides more confidence for the user and, as you pointed
>> >out, could well be afordable at current hardware prices.
>
>>
>> I would refer you to the following page.
>>
>> http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
>>
>> I hope this clarifies things for you.
>
>Thanks for giving this authoritative reference literature.
>It shows how difficult the problem of (surely) preventing
>recovery through rewriting (even with special techniques)
>is. Evidently, this kind of performance is not achievable
>with a simple-minded C program running as a normal user job.
This program performs the "Gutman overwrite" to all the freespace on your
hard disk, albeit, I think, with pseudo-random data instead of random data.
It's called Eraser, and it is freeware.
http://www.tolvanen.com/eraser/
Hope this helps;
Dan
------------------------------
From: Thomas Wu <[EMAIL PROTECTED]>
Subject: Re: Prime to use with SRP
Date: 13 Mar 2001 13:07:58 -0800
"Henrick Hellstr�m" <[EMAIL PROTECTED]> writes:
> The specification of SRP mentiones that the generator to be used should be a
> primitive root of Z(p). Otherwise a partition attack is possible on B =
> (g**b + v) mod p.
>
> I was wondering how this requirement complies with a selection of p such
> that p = 2q+1, where q is also a prime? Should such primes not be used in
The two requirements go together; p MUST be 2q+1, q prime, and g must be
a primitive root (g^q != 1 (mod p)). Both constraints must be observed.
> conjunction with SRP, should the generator g = 2 be used to comply with the
> specification (but possibly reveal quadratic residues in other messages
If g=2 is a primitive root, it's okay. It will reveal the lowest bit of
the client's secret "a", but that does not appear to affect the security
of the protocol.
> given that 2 is a primitive root), or would it in this case be fairly safe
> to use g = 4?
g=4 won't work, because it doesn't meet the primitive root condition.
> Would it really be possible to accumulate knowledge based on the observation
> that B is (or, in the other one half of the cases, is not) of order q,
Yes. An attacker could test password candidates to see if they turn "B"
into a possible order-q residue or not. This partitions the password
space into possible and impossible candidates. The only defense is to
use p and g that make all candidates "possible".
> provided that p is a 1024 bit integer? If so, how often would one have to
> change password (or at least salt) to prevent such an attack?
The partition happens each time authentication with a given password is
performed, so you'd need to change passwords fairly frequently. Note
that the attack requires only eavesdropping. My advice: Stick to the
constraints.
> --
> Henrick Hellstr�m [EMAIL PROTECTED]
> StreamSec HB http://www.streamsec.com
--
Tom Wu * finger -l [EMAIL PROTECTED] for PGP key *
E-mail: [EMAIL PROTECTED] "Those who would give up their freedoms in
Phone: (650) 723-1565 exchange for security deserve neither."
http://www-cs-students.stanford.edu/~tjw/ http://srp.stanford.edu/srp/
------------------------------
From: "Ryan M. McConahy" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Tue, 13 Mar 2001 16:11:12 -0500
SHUT UP!
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Tue, 13 Mar 2001 02:15:59 -0700
Reply-To: [EMAIL PROTECTED]
Of course one-time-pad really means
1.0000000000000000000000000000000000000000000000000000000000000000 not 1.01.
Protocol is rather important.
------------------------------
From: [EMAIL PROTECTED] (Daniel)
Subject: Basic Cryptoanalysis
Date: Tue, 13 Mar 2001 21:47:21 GMT
I've been searching for a pdf version of Basic Cryptoanalysis and
found the following link : http://www.umich.edu/~umich/fm-34-40-2/
It seems that a lot of links presented on this site are broken,
though.
I've tried to download this 8MB file, and it indeed is a bundle of pdf
files. Unfortunately, all these files are unreadable on my Windows
system (corrupted file format).
Question now is : where can I find a pdf-version which runs well on
Acrobat 4.x
All help greatly appreciated. Thanks. Daniel
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Basic Cryptoanalysis
Date: Tue, 13 Mar 2001 22:06:51 GMT
"Daniel" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> I've been searching for a pdf version of Basic Cryptoanalysis and
> found the following link : http://www.umich.edu/~umich/fm-34-40-2/
> It seems that a lot of links presented on this site are broken,
> though.
>
> I've tried to download this 8MB file, and it indeed is a bundle of pdf
> files. Unfortunately, all these files are unreadable on my Windows
> system (corrupted file format).
>
> Question now is : where can I find a pdf-version which runs well on
> Acrobat 4.x
>
> All help greatly appreciated. Thanks. Daniel
Alot of that stuff is dated and doesn't even apply to modern cryptanalysis I
would stick away if possible.
Tom
------------------------------
From: [EMAIL PROTECTED] (Matthew Skala)
Subject: Re: Instruction based encryption
Date: 13 Mar 2001 11:09:11 -0800
In article <EBlr6.915$[EMAIL PROTECTED]>,
Michael Brown <[EMAIL PROTECTED]> wrote:
>Instruction table
>x
>0 Xor with previous <n> plaintext bits
>1 Xor with previous <n> ciphertext bits
>2 Add previous <n> plaintext bits (under mod 256)
>3 Add previous <n> ciphertext bits (under mod 256)
>4 Subtract previous <n> plaintext bits (under mod 256)
>5 Subtract previous <n> ciphertext bits (under mod 256)
>6 Rotate left <n> bits
>7 Rotate right <n> bits
>
>The initial "previous plaintext" and "previous ciphertext" are both just
>repetitions of the key.
One problem with this scheme is that it will tend to be highly linear; no
matter what the key is, each ciphertext bit will tend to be
well-approximated by a linear combination of plaintext bits.
A second problem is that there are a lot of weak keys, and furthermore
those weak keys are not alwasy easy to describe. There are a *lot* of
fundamentally different 16-instruction "programs" that will result in
little or no difference between the plaintext and ciphertext; recognizing
some of them is tricky.
Your "mashing" procedure helps with the first problem because the linear
characteristics will tend to change pretty frequently; that may make them
harder to find. However, it makes the second problem worse because even
if you could detect weak keys (a difficult procedure since some of them
are so complicated) you would have to keep doing it after every "mash".
I'd also be worried about the mashing getting stuck in some kind of
pathological loop. For instance, if I'm understanding your scheme right,
a key of all zeroes and a plaintext of all zeroes will not only lead to a
ciphertext of all zeroes, but also produce a new key after mashing that's
still all zeroes. Furthermore, it's very easy to generate all zeroes even
with some other key when your plaintext is all zeroes. So if you have a
plaintext file that has a long stretch of all zeroes, I think it's quite
likely that your key would eventually get crunched into all zeroes. Then
the rest of that long stretch of zeroes will result in zeroes in the
ciphertext, and furthermore, whenever you start sending nonzero data, the
enemy will know exactly what state your cipher is in at that point, and be
able to decrypt the rest of your transmission as well.
Chosen- or known-plaintext attacks seem to be a problem as well; it seems
like if the enemy knows a reasonably long stretch of plaintext and the
corresponding ciphertext, then they're in a good position to guess or
control the state of the cipher, and that gives them all the rest of the
plaintext.
--
Matthew Skala
[EMAIL PROTECTED] :CVECAT DELENDA EST
http://www.islandnet.com/~mskala/
------------------------------
From: "Amethyste" <[EMAIL PROTECTED]>
Subject: Re: Basic Cryptoanalysis
Date: Tue, 13 Mar 2001 22:19:00 GMT
http://www.und.nodak.edu/org/crypto/crypto/resources.html
American Cryptogram Association.
(and it's not useless to study classical cryptology)
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: qrpff-New DVD decryption code
Date: Tue, 13 Mar 2001 22:42:18 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Nicol So wrote:
> > While specific implementations of copy protection may unnecessarily
> > interefere with legitimate use of consumer equipment and purchased
> > content, the concept of deploying *some* measures of copy protection
> > makes a lot of sense from the perspective of the content owners.
>
> My complaint is being treated in advance as having criminal intent
> and as a consequence getting reduced product quality. There are
> enough crappy products in this world already without *intentionally*
> making things more aggravating for the innocent purchaser.
>
> > On the other hand, small time piracy, when practiced by a large
> > number of individuals, can translate to a big loss for the content
> > owners. The most worrisome kind of hacks is the kind that is easily
> > duplicable with widely available consumer equipment and minimal skill.
>
> Yeah, we heard that first with tape recorders (wire recorders were
> before my time), reel-to-reel, then cassette, then DAT, now CD-R
> and DVD-R. The fact is, I buy lots of factory recorded content
> for my own use and don't duplicate it for friends, let alone to
> make a profit, nor do I encourage friends to make copies for me
> nor do I knowingly purchase pirate content. I was raised to
> understand the importance of ethical behavior. The problem is one
> of philosophic education of the general public, and the more that
> attention is focused on other secondary issues, the worse the
> problem will get. People need to appreciate that piracy is not
> romantic, it's disgusting.
Your American I think? If I was American, I'd think the same. However,
me being English I think that piracy is almost acceptable. Why would I think
such a crazy thing? Because, we pay far too much for something you (none UK
people) get alot cheaper.... In my opinion, piracy could be cut by as much
as 60-70% by just cutting the prices of products over here. I'd much rather
buy an original DVD for �15 then a copy for a �5.... its the fact that most
DVD's cost �30 a go that most people resort to copies.
Simon.
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: GPS and cryptography
Date: Tue, 13 Mar 2001 17:50:08 -0500
David Schwartz wrote:
> Steve Portly wrote:
>
> > Lets say you are using a satellite based cell phone system operating at 900
> > MHZ. You agree in advance to transmit and receive from a particular terrestrial
> > location at a certain time. The round trip signals from the satellite to the
> > earth and back can be calculated so as to give an exact distance for any senders
> > signal received. If this were a geosynchronous satellite the locus of possible
> > points on earth a given distance from the satellite would be described as a
> > circle. In the case of a LEO satellite that is moving in respect to the
> > location on earth it becomes possible to pinpoint the transmission and reception
> > point on earth.
>
> You seem to be suggesting that the same message would be handled by
> multiple satellites. If just one satellite is used, you can calculate
> the correct time to send the message from any location to fake the real
> time from the real location. If more satellites are used, you simply
> calculate the correct sending time for each satellite and aim a separate
> directional antenna at each satellite, sending separate copies of the
> message, one to each, at the time calculated to create the correct
> arrival time for the recipient.
>
> DS
In this case GPS is an extra layer of protection. I am suggesting that the time it
takes the signal to travel to and from the satellite could be used for authentication
purposes. Unless an adversary is closer to the satellite then the intended recipient
the speed of light is a limiting factor to the adversary. A good point to point
encryption system would include a tightly limited carrier frequency. Lag time would
change predictably as the relative position of the satellite to the recipient
changes. An executive traveling on a jet and using a cell phone link for their
laptop computer would be projected as a point traveling several hundred meters per
second in reference to the ground in pretty much a straight line. If the
communication lag time between parties were measured to the nanosecond, the lag time
for each segment of the communication could be tightly monitored and difficult to
spoof. Of course if this were a commercial jet and you were using a laptop computer
you had better have your back to a bulkhead and use the type of screen display that
cannot be read from the aisle.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
