Cryptography-Digest Digest #896, Volume #13 Wed, 14 Mar 01 12:13:01 EST
Contents:
Re: Text of Applied Cryptography .. do not feed the trolls ("Nathan Dietsch")
Re: Encrypt then HMAC or HMAC then Encrypt? (D. J. Bernstein)
Re: Cheap hardware to break RSA? ("Roberto Paron")
Re: Is this book interesting ("Nathan Dietsch")
Re: GPS and cryptography (those who know me have no need of my name)
Re: => FBI easily cracks encryption ...? (Joe H. Acker)
Re: qrpff-New DVD decryption code (Matthias Bruestle)
Re: [REQ] SHA-1 MD5 hashing software (those who know me have no need of my name)
Re: PGP "flaw" ("Mxsmanic")
Re: Encrypt then HMAC or HMAC then Encrypt? (Mark Currie)
Re: Anonymous web browsing (John M)
Re: GPS and cryptography (ObiTwo)
Re: Super strong crypto ("Douglas A. Gwyn")
Re: Super strong crypto ("Douglas A. Gwyn")
Re: qrpff-New DVD decryption code ("Douglas A. Gwyn")
Key Recovery System/Product ("Arnold Shore")
Re: boycott Russia.... (Neetzach)
Re: boycott Russia.... (Neetzach)
Re: Dumb inquiry....
Re: NTRU - any opinions ("Dr. Yongge Wang")
Re: Basic Cryptoanalysis
Re: Instruction based encryption
primes for Blum Blum Shub generator ("Dobs")
primes for BBS ("Dobs")
Re: qrpff-New DVD decryption code (Matthias Bruestle)
Re: (OT) Re: Text of Applied Cryptography .. do not feed the trolls (Richard Herring)
Re: Blowfish name
Re: Instruction based encryption ("Scott Fluhrer")
Re: Crypto idea (br)
----------------------------------------------------------------------------
From: "Nathan Dietsch" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
Date: Wed, 14 Mar 2001 20:21:49 +1100
I came here to learn abou crypto, but I think I will come back, just for the
flaming. Very comical indeed.
Nathan
"Ryan M. McConahy" <[EMAIL PROTECTED]> wrote in message
news:3aae8c70$0$62146$[EMAIL PROTECTED]...
> SHUT UP!
>
>
------------------------------
From: [EMAIL PROTECTED] (D. J. Bernstein)
Subject: Re: Encrypt then HMAC or HMAC then Encrypt?
Date: 14 Mar 2001 09:10:10 GMT
Secure protocols can be built either way. I recommend authenticating the
encrypted packets, so that a flood of forged packets chews up as little
CPU time as possible.
Note that HMAC is rather slow. See http://cr.yp.to/hash127.html for a
faster authenticator.
---Dan
------------------------------
From: "Roberto Paron" <[EMAIL PROTECTED]>
Subject: Re: Cheap hardware to break RSA?
Date: Wed, 14 Mar 2001 09:32:52 GMT
"Andor Bariska" <[EMAIL PROTECTED]> ha scritto nel messaggio
news:3aaf30cf$0$181$[EMAIL PROTECTED]...
>
> Sven Gohlke <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
> [EMAIL PROTECTED]
> ...
> >Why don�t You use analog computer to do this job?
>
> Do a search on TWINKLE.
>
> Regards,
> Andor
>
>
but in that case I would suggest to read also :
http://www.rsasecurity.com/rsalabs/bulletins/twinkle.html
Roberto
------------------------------
From: "Nathan Dietsch" <[EMAIL PROTECTED]>
Subject: Re: Is this book interesting
Date: Wed, 14 Mar 2001 20:39:39 +1100
I recently read cryptonomicon. It is a good book. It deals a bit with how
the allies broke Japanese and German signals. It is definitely light
reading.
Nathan
"Tim Tyler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Frank Gerlach <[EMAIL PROTECTED]> wrote:
> : dexMilano wrote:
>
> :> I'm looking for a light book on Histroy of cryptography.
> :> What about " The code book" from Simon Singh?
> :
> : Isn't that fiction (ie. not exact history) ? (haven't read it, so I am
> : not sure)
>
> Not fiction (though no history is exact).
>
> One of the more proular modern fiction books dealing with crypto is
> "Cryptonomican" - you may be thinking of that.
>
> I believe Mr Singh has another similar book - entitled "The Science of
> Secrecy" - which is more explicitly historical.
>
> The content is rather similar to "The Code Book".
> --
> __________ http://alife.co.uk/ http://mandala.co.uk/
> |im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: GPS and cryptography
Date: Wed, 14 Mar 2001 09:40:39 -0000
<[EMAIL PROTECTED]> divulged:
>this case, couldn't one use it as the source of pseudorandom bits for
>Rabin's latest "unbreakable" cryptographic scheme?
not enough volume.
>one
>would have to trust that the sequence is really pseudorandom, which as
>far as I understand cannot be demonstrated from the sequence alone.
given the source (or controllers, if you prefer) of the stream, i wouldn't.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Wed, 14 Mar 2001 11:03:09 +0100
Mxsmanic <[EMAIL PROTECTED]> wrote:
> I suspect, though, that neither the public keys nor the encryption keys
> would yield to brute-force attacks, if the bad guy had them both cranked
> up high enough, so the passphrase attack might be easiest. The FBI
> claimed that _something_ took a year, apparently; a short modulus could
> be factored in that time, and DES would never take that long to crack.
I don't think that the Hanssen case gives any positive or negative
evidence about NSA's cryptanalytic abilities. It seems obvious, there
was no need to decipher anything at all without the key. After Hanssen
became suspicious, they had to put him under surveillance to gather
further evidence of his crime. Sure they wouldn't rush into his
appartment, arrest him and try to decrypt all files on his harddisk.
That would be totally stupid.
Instead, it's pretty sure that they first gave him fake information and
kept him away from truly confidential material as best as possible
without making him suspicious. Then, they'd put him under complete
surveillance. But as Hanssen is a specialist, this probably had to be
done with extraordinary care. Still, to me it seems very reasonable to
assume that there was a way to tap into his phone, read anything he was
typing on his screen, bug his appartment, etc. When they arrested him,
there sure was no need to cryptanalyse anything because not only the
keys but also the plaintext must have been well-known to the
investigators already.
What I'm puzzled about: I've read that Hanssen was using dead letter
boxes. But I haven't read anything about who was the person(s) that
emptied these dead letter boxes. If these person(s) weren't arrested as
well, they must either have been diplomats (easy to check, they would
have been banned from the US), or otherwise the claim about the dead
letter boxes doesn't make sense. Maybe it was disinformation, but what
for?
Regards,
Erich
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: qrpff-New DVD decryption code
Date: Wed, 14 Mar 2001 09:45:42 GMT
Mahlzeit
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> John Savard wrote:
> > As for the illegal reproduction of copyrighted material: yes, it is
> > wrong. It's wrong because our society has decided to grant copyrights
> > in order to encourage literary and artistic activity;
> No, it is wrong because the producers of that material make it
> available to us under certain terms that they, *as* producers,
> have the right to establish, and if we take the material without
> honoring the terms, it is theft of (intellectual) property.
It is theft if the legal system thinks it is theft. I doubt that
the Romans had "theft of intellectual property". So if this is part
of the legal system, the producer has to stay with his term within
the bounds of the legal system. He cannot state things like "If you
want to watch this film, you have to give us your first born child".
With the whole content protection systems, it is no longer possible
for me to do things I'm allowed to do, including copying.
> Apparently what is needed is education about the concepts of
> production, ownership, and property.
It seams so.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
I'm going kill you just because I want to.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: [REQ] SHA-1 MD5 hashing software
Date: Wed, 14 Mar 2001 10:26:57 -0000
<[EMAIL PROTECTED]> divulged:
>Excellent! But the format of the signatures doesn't seem to be in hex
>format like most other programs I know use :-( I think it is not even
>Base-64, but of course you could change that with some parameter ;-b
does it really matter? the point is that the before and after signature
sets should match. still, yes, it is a base64 encoding, but with a
different alphabet -- tripwire was written before much consensus was
reached re pem (rfc989 et seq). note: the bytes are in "network" order.
see util.c.
rfc1421: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
tripwire:0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz:.
oh, and a caveat: i believe that tripwire implements sha rather than sha-1.
--
okay, have a sig then
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: PGP "flaw"
Date: Wed, 14 Mar 2001 11:54:33 GMT
"Brian D Jonas" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I guess I am still confused as to when the
> additional key is added.
The additional key is added when the user requests it. This is the ADK
feature of PGP, and is described in the documentation.
> WAS the key for law officials hardcoded and
> thus transparent to the end user?
There was no key for law-enforcement officials.
> Perhaps someone in touch with reality (being it
> that I am not) and with more understanding of PGP
> can explain what this "flaw" WAS....
The flaw was that someone could get a copy of your public key off a
public key server, add his own encryption key to it with the ADK
flag--which would have the effect of causing all messages encrypted to
you to also be encrypted for his key--and then replace the public key,
thereby giving him a copy of all your encrypted messages (assuming he
could intercept e-mail to you). The correction for this was to require
that the ADK keys be signed, so that they can't just be tacked on to any
existing public key.
------------------------------
Subject: Re: Encrypt then HMAC or HMAC then Encrypt?
From: [EMAIL PROTECTED] (Mark Currie)
Date: 14 Mar 2001 12:03:23 GMT
Not a bad point, but if you are worried about flooding, you will also have to
take care of replaying good packets.
Mark
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>Secure protocols can be built either way. I recommend authenticating the
>encrypted packets, so that a flood of forged packets chews up as little
>CPU time as possible.
>
>Note that HMAC is rather slow. See http://cr.yp.to/hash127.html for a
>faster authenticator.
>
>---Dan
------------------------------
From: John M <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: Anonymous web browsing
Date: Wed, 14 Mar 2001 23:09:22 +1100
"SCOTT19U.ZIP_GUY" wrote:
>
> [EMAIL PROTECTED] (Phil Zimmerman) wrote in
> <[EMAIL PROTECTED]>:
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Does anyone use any of the anonymouse web browsing services such as
> >Anonymizer or SafeWeb?
> >
>
> I have used both. However I would bet they are run by the
> NSA or something simalar. SafeWeb does not work with
> Moziila or even the latest netscape. Makes me wonder if
> they have stock in Microsoft.
>
Actually its the CIA not NSA.
>From http://cryptome.org/cia-safeboy.htm
"By NEIL KING JR.
Staff Reporter of THE WALL STREET JOURNAL
How's this for a curious pairing? Stephen Hsu and his partners at
SafeWeb Inc. launch a Web site (www.safeweb.com) offering the utmost in
Internet privacy -- and then hook up with the notoriously intrusive
Central Intelligence Agency."
------------------------------
From: ObiTwo <abuse@localhost>
Subject: Re: GPS and cryptography
Date: Wed, 14 Mar 2001 14:42:23 +0100
Reply-To: spam bait:
[EMAIL PROTECTED];root@localhost;abuse@localhost;[EMAIL PROTECTED];[EMAIL PROTECTED]
On Tue, 13 Mar 2001 09:59:57 -0800, David Schwartz
<[EMAIL PROTECTED]> wrote:
>
>
>Paul Schlyter wrote:
>
>> Then you're left with a key distribution problem: how can you make sure
>> the receiver uses exactly the same bitstream as you do?
>
> And how do you stop an interceptor from accessing that same bitstream?
>
> DS
1. Sender and receiver must agree on an exact time when both will
start recording the stream (how to exchange this information lies
outside Rabin's protocol, as far as I understand). Synchronisation of
the sender and receiver can be done via GPS as well, which also
provides time information. Redundant information in the encrypted
stream could be used to make sure that both parties are in fact using
the same portion of the stream, even if one of them should start
recording the stream at a slightly different time than the other. For
instance, the encrypted stream could contain a header or tail
containing a fixed pattern instead of encrypted data, to allow the
receiver to synchronise his/her key with that of the sender by a
trial-and-error procedure (which is feasible if we are dealing with a
mismatch of a few tens of bits, for instance). Of course, the recorded
stream should not be used right away, so that the time it was recorded
cannot be guessed from the time it was used.
2. You don't. As far as I understand, the protocol relies on the fact
that the stream is too large to store in its entirety (the start time
of recording must be unknown to the third party, of course), and/or
too large to test sequentially bit-by-bit in order to try all possible
keys it contains.
Both bit-stream and time can be recorded via a hand-held or
car-mounted GPS receiver connected to a PC, so the cost of the
equipment is relatively small, and its possession does not imply an
intention of using it as cryptographic equipment.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Wed, 14 Mar 2001 13:54:12 GMT
Bryan Olson wrote:
> You start with a system not proven to be secure against all
> possible cryptanalysis and end up with one in which you can
> have vaguely stated confidence.
It wasn't vaguely stated: certain whole classes of C/A, which
I identified and which the base function is *not* known to
preclude, are clearly made infeasible by the scheme.
> ... if you start with a modern cipher (Rijndael, Twofish,
> Sherpent, others) then we can already have confidence.
Really? On what grounds?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Wed, 14 Mar 2001 14:03:20 GMT
Bryan Olson wrote:
> And so far you've produced a more awkward system still
> sitting at that starting place.
It's hardly "awkward"; implementation is easy and fast,
without any impact on the user interface. And my actual
claims for what it accomplishes, as opposed to spurious
claims that some of you have assumed, have not been
refuted. Come on, show why entropy cannot be securely
added to the stream, or that the scheme adds little work
to an attack based on flush depth. That would be worth
hearing.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: qrpff-New DVD decryption code
Date: Wed, 14 Mar 2001 14:04:47 GMT
Matthias Bruestle wrote:
> It is theft if the legal system thinks it is theft.
Theft is a moral/ethical concept, logically prior to legality.
------------------------------
From: "Arnold Shore" <[EMAIL PROTECTED]>
Subject: Key Recovery System/Product
Date: Wed, 14 Mar 2001 09:38:14 -0500
Not science, but I'll appreciate being pointed towards any available product
suitable for use in a light/medium-duty environment.
The problem I'm trying to solve is with an application that publishes
user-specific information online, encrypted by that user's public key -- the
latter computed from the user's userID/Password hash as his private key.
This has worked out well - a trusted batch application encrypts using a
protected repository-stored public key.
Now I need to accommodate a requirement that a second party - suitably
authorized - needs occasional access.
Is there a feasible approach other than key recovery? Thanks, all.
Arnold Shore
Annapolis, MD USA
------------------------------
From: [EMAIL PROTECTED] (Neetzach)
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: 14 Mar 2001 14:01:10 GMT
Reply-To: [EMAIL PROTECTED]
Na Sat, 10 Mar 2001 00:54:08 -0700, Ren� <[EMAIL PROTECTED]> napisa:
>_What_ Russian products? Do they actually _make_ something? Other than that,
>that's fine with me. Not that I care too much for these pestering Witnesses,
>but I can tolerate them. Russians on the other hand..I fucking hate
>them...come to think it, yes, Russia makes the famous AK's....which suck...
AK-47 rules supreme, Chinese are those that suck. Actually, when when
I come to think of it, the best kala�njikovs are made in Yugoslavia and Egypt
(because Egypt has Yugoslavian license), second were Polish 'til they took
M-16.
--
Nemanja
------------------------------
From: [EMAIL PROTECTED] (Neetzach)
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: boycott Russia....
Date: 14 Mar 2001 14:01:12 GMT
Reply-To: [EMAIL PROTECTED]
Na Sun, 11 Mar 2001 11:50:47 -0700, Ren� <[EMAIL PROTECTED]> napisa:
>> If AK's suck, then why did they become famous?
>
>Well, McDonalds is well-know all over the world, too, but not for their fine
>cuisine.
well-known as junk food, yes
--
Nemanja
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Dumb inquiry....
Date: Wed, 14 Mar 2001 10:14:22 -0500
Mok-Kong Shen wrote in message <[EMAIL PROTECTED]>...
>
A point of note is that the matrix of PHT is not symmetrical,
>while yours is.
Hmm, I'll need to think on that. Thanks for pointing out the obvious. I
didn't consider that.
------------------------------
From: "Dr. Yongge Wang" <[EMAIL PROTECTED]>
Subject: Re: NTRU - any opinions
Date: 14 Mar 2001 16:10:12 GMT
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
:> Unfortunately, I cannot agree with that. NTRU signature scheme
:> presented in Crypto'00 was broken without any use of lattice
:> technique.
:> NTRU is not a lattice scheme. there might algebraic method to break
:> it.
: NTRU is a knapsack scheme. The all the old knapsack schemes were broken
Knapsack problem is NP-complete, can you show me that the problem
underlying the NTRU encryption and signature is NP-hard?
If you can prove it, then come to comment on my posting.
NTRU has some similarity to Knapsack. But absolutely it is
not that kind of problem. If you guys think about the NTRU
problem (reduce it to module 2) and then compare it to the
BCH or Goppa code (or even to general linear code), you will
see the difference.
: with lattices. NTRU cannot be broken with current lattice algorithms
: because the lattice is/would be much too big... a paraphrase of the
: title of Nguyen and Stern's paper would be: "we need either some better
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Basic Cryptoanalysis
Date: Wed, 14 Mar 2001 11:15:51 -0500
One of the best modern analysis papers for novices, in pdf, I have seen
on the Web is at:
http://fermat.ma.rhbnc.ac.uk/~fauzan/papers/report.pdf
....anyone in the group who has not read it, should.
Daniel wrote in message <[EMAIL PROTECTED]>...
>
>I've been searching for a pdf version of Basic Cryptoanalysis and
>found the following link : http://www.umich.edu/~umich/fm-34-40-2/
>It seems that a lot of links presented on this site are broken,
>though.
>
>I've tried to download this 8MB file, and it indeed is a bundle of pdf
>files. Unfortunately, all these files are unreadable on my Windows
>system (corrupted file format).
>
>Question now is : where can I find a pdf-version which runs well on
>Acrobat 4.x
>
>All help greatly appreciated. Thanks. Daniel
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Instruction based encryption
Date: Wed, 14 Mar 2001 11:22:33 -0500
Tom St Denis wrote in message ...
>
-snip-
>> The 128 byte key mashing is just a number I pulled out of the air, so
>quite
>> possibly is not enough or too often.
>
>byte key? or bit key? Having the user make 128-bytes of entropy would
be a
>pain.
>
I agree, so do you trust PGP's session-key generation on standard PC
hardware?
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: primes for Blum Blum Shub generator
Date: Wed, 14 Mar 2001 17:16:40 +0100
Hello,
I am trying to implement Blum Blum Shub generator. I need 2 large prime
numbers p and q. Where should I take this numbers from,( I gess each time
they generate one bit, they have to be changed) Is there any algorithm to
obtain such a large primes, which would be right for BBS generator.
Thanx, best regards
Michal
------------------------------
From: "Dobs" <[EMAIL PROTECTED]>
Subject: primes for BBS
Date: Wed, 14 Mar 2001 17:17:14 +0100
Hello,
I am trying to implement Blum Blum Shub generator. I need 2 large prime
numbers p and q. Where should I take this numbers from,( I gess each time
they generate one bit, they have to be changed) Is there any algorithm to
obtain such a large primes, which would be right for BBS generator.
Thanx, best regards
Michal
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: qrpff-New DVD decryption code
Date: Wed, 14 Mar 2001 14:54:34 GMT
Mahlzeit
Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> Matthias Bruestle wrote:
> > It is theft if the legal system thinks it is theft.
> Theft is a moral/ethical concept, logically prior to legality.
How do you define moral or ethics? If it is what most people do,
than copying of music is probably not theft. If a minority is
enough to define morale/ethics, which minority will that be?
Can I define what morale/ethics is?
And if you define theft my moral/ethics, you have also to see the
usage licenses of musics with moral and ethics in mind, which also
does not allow them to impose all limitations on us.
Is it according your moral/ethics, that copy protections do limit
the copying of recordings of your mothers wedding or your family
singing christmas songs? Is it according your moral/ethings, that
I'm not able to watch films I bought in my holidays? (And now we are
back to be on-topic. Nearly.)
Mahlzeit
endergone Zwiebeltuete
PS: And is it still theft, if the legal system gives me explicit the
right to do some copying and I do it?
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
Take the axe and kill them, kill them all!!
------------------------------
From: [EMAIL PROTECTED] (Richard Herring)
Subject: Re: (OT) Re: Text of Applied Cryptography .. do not feed the trolls
Date: 14 Mar 2001 16:38:23 GMT
Reply-To: [EMAIL PROTECTED]
In article <98ksd2$isp$[EMAIL PROTECTED]>, Henrick Hellstr�m
([EMAIL PROTECTED]) wrote:
> "Douglas A. Gwyn" <[EMAIL PROTECTED]> skrev i meddelandet
> news:[EMAIL PROTECTED]...
> > ... My point was that
> > it is not so simple as just thinking "book => dead tree".
> ... and if you don't buy enough books, a lot of people will be without jobs
> in the Amazons, on Borneo etc and possibly starve to death unless they burn
> down even more trees for agriculture.
I thought softwood pulp for making books came mainly from Sweden?
Special pleading? ;-)
--
Richard Herring | <[EMAIL PROTECTED]>
------------------------------
From: <[EMAIL PROTECTED]>
Subject: Re: Blowfish name
Date: Wed, 14 Mar 2001 11:41:54 -0500
My guess would be the way it 'puffs up' to discourage attacks. The Xors
and Adds are staged. i.e.: puffed up. But maybe I am reading too much
into it ;)
Liam McGann wrote in message ...
>Anyone know where Blowfish gots its name?
>
>Thanks,
>
>L.M.
>
>
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Instruction based encryption
Date: Wed, 14 Mar 2001 08:46:38 -0800
Michael Brown <[EMAIL PROTECTED]> wrote in message
news:q5Fr6.1312$[EMAIL PROTECTED]...
> "Matthew Skala" <[EMAIL PROTECTED]> wrote in message
> news:98lr8n$jmi$[EMAIL PROTECTED]...
> <SNIP>
> > One problem with this scheme is that it will tend to be highly linear;
no
> > matter what the key is, each ciphertext bit will tend to be
> > well-approximated by a linear combination of plaintext bits.
> How do you tell this? I actually tried to avoid linearness through
inclusion
> of rotation and use of the ciphertext. Subtraction and addition are highly
> (100%) linear though, so maybe should be replaced in the table.
Actually, the field of interest in cryptography is most often GF(2), and in
that field, subtraction and addition aren't precisely linear -- xor is.
However, subtraction and addition are, in some sense, nearly linear, in that
(apart from looking at the lsbits, which are perfectly linear) there are
many linear equations between bits that hold with high probability.
>
> > A second problem is that there are a lot of weak keys, and furthermore
> > those weak keys are not alwasy easy to describe. There are a *lot* of
> > fundamentally different 16-instruction "programs" that will result in
> > little or no difference between the plaintext and ciphertext;
recognizing
> > some of them is tricky.
> Weak keys are definately a problem. However, I think good design of the
> instruction table (the one that I posted is plain shocking for weak keys)
> detecting and avoiding weak keys should be relatively easy.
I suspect you'll find it harder than you may like. It may be instructive to
look at the AES Candiate FROG, which takes this essential idea -- using key
are instructions -- and still is vulnerable to weak keys.
--
poncho
------------------------------
From: br <[EMAIL PROTECTED]>
Subject: Re: Crypto idea
Date: Wed, 14 Mar 2001 12:04:35 -0400
Using the brute force, it's impossible for any cryptanalist to read
every output assuming the key x. But if you have the key it's then to
read any message. Btu the cryptanalysis can't imagine that the output is
"Ilov u " or Ay lovv u or etc...
How the cryptanalist could imagine before trying to attack my
cipher-text the way I had written I love you?
How the cryptanalist could imagine before trying to attack my
cipher-text the way I had create two types of characters that every
human can distinguish? There an infinite way to create 2 types.
Cryptanalisis is unarmed to attack my cipher.
Cipher based on spelling mistakes and two categories is unattackable.
"Trevor L. Jackson, III" wrote:
>
> br wrote:
>
> > I know what steganography is. I'm not hiding information.
> > Spelling mistakes and using symbolic characters are used to neutralize
> > the use of compuers by cryptanalysis.
> > Cryptanalysist today use computer to deciphers. My goal is to create
> > encryption based on human intelligence. Only human can distinguish that
> > in the output message, there is two categories of symbols.
> > if I use greek letters mixed with latin letters, recipient can
> > distinguish easily the difference. So he can understand that greek
> > letters means 1 or 0 and latin letters 0 or 1. Two choices to check and
> > it's okay.
> > Why not to found crypto on human judgement?
>
> Because the sender cannot assume that the receiver is the only human listening.
>
> Case #1 is a sender who invents a tricky encoding trusting the recipient to figure
> it out. But if the receiver can figure it out then so can the eavesdropper.
>
> Case #2 is a sender who pre-arranges a complicated set of tricks with the
> receiver. But if the receiver can apply the tricky decoding rules, then so can a
> computer. With enough traffic (ciphertext and/or plaintext ) an eavesdropper will
> quickly figure out the tricks, program a computer to follow them, and be able to
> read every message.
>
> >
> > The goal of cryptography is to keep secret information. Only those
> > authorized could read messages.
>
> No, anyone who was at least as intelligent as the intended receiver would be able
> to read messages.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
